2 BlueZ - Bluetooth protocol stack for Linux
4 Copyright (C) 2010 Nokia Corporation
5 Copyright (C) 2011-2012 Intel Corporation
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
25 /* Bluetooth HCI Management interface */
27 #include <linux/module.h>
28 #include <asm/unaligned.h>
30 #include <net/bluetooth/bluetooth.h>
31 #include <net/bluetooth/hci_core.h>
32 #include <net/bluetooth/l2cap.h>
33 #include <net/bluetooth/mgmt.h>
35 #ifdef CONFIG_TIZEN_WIP
36 #include <net/bluetooth/mgmt_tizen.h>
37 #include <net/bluetooth/sco.h>
39 #include "hci_request.h"
42 #define MGMT_VERSION 1
43 #define MGMT_REVISION 8
45 #ifdef CONFIG_TIZEN_WIP
47 #define U16_MAX ((u16)~0U)
51 static const u16 mgmt_commands[] = {
52 MGMT_OP_READ_INDEX_LIST,
55 MGMT_OP_SET_DISCOVERABLE,
56 MGMT_OP_SET_CONNECTABLE,
57 MGMT_OP_SET_FAST_CONNECTABLE,
59 MGMT_OP_SET_LINK_SECURITY,
63 MGMT_OP_SET_DEV_CLASS,
64 MGMT_OP_SET_LOCAL_NAME,
67 MGMT_OP_LOAD_LINK_KEYS,
68 MGMT_OP_LOAD_LONG_TERM_KEYS,
70 MGMT_OP_GET_CONNECTIONS,
71 MGMT_OP_PIN_CODE_REPLY,
72 MGMT_OP_PIN_CODE_NEG_REPLY,
73 MGMT_OP_SET_IO_CAPABILITY,
75 MGMT_OP_CANCEL_PAIR_DEVICE,
76 MGMT_OP_UNPAIR_DEVICE,
77 MGMT_OP_USER_CONFIRM_REPLY,
78 MGMT_OP_USER_CONFIRM_NEG_REPLY,
79 MGMT_OP_USER_PASSKEY_REPLY,
80 MGMT_OP_USER_PASSKEY_NEG_REPLY,
81 MGMT_OP_READ_LOCAL_OOB_DATA,
82 MGMT_OP_ADD_REMOTE_OOB_DATA,
83 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
84 MGMT_OP_START_DISCOVERY,
85 MGMT_OP_STOP_DISCOVERY,
88 MGMT_OP_UNBLOCK_DEVICE,
89 MGMT_OP_SET_DEVICE_ID,
90 MGMT_OP_SET_ADVERTISING,
92 MGMT_OP_SET_STATIC_ADDRESS,
93 MGMT_OP_SET_SCAN_PARAMS,
94 MGMT_OP_SET_SECURE_CONN,
95 MGMT_OP_SET_DEBUG_KEYS,
98 MGMT_OP_GET_CONN_INFO,
99 MGMT_OP_GET_CLOCK_INFO,
101 MGMT_OP_REMOVE_DEVICE,
102 MGMT_OP_LOAD_CONN_PARAM,
103 MGMT_OP_READ_UNCONF_INDEX_LIST,
104 MGMT_OP_READ_CONFIG_INFO,
105 MGMT_OP_SET_EXTERNAL_CONFIG,
106 MGMT_OP_SET_PUBLIC_ADDRESS,
107 MGMT_OP_START_SERVICE_DISCOVERY,
110 static const u16 mgmt_events[] = {
111 MGMT_EV_CONTROLLER_ERROR,
113 MGMT_EV_INDEX_REMOVED,
114 MGMT_EV_NEW_SETTINGS,
115 MGMT_EV_CLASS_OF_DEV_CHANGED,
116 MGMT_EV_LOCAL_NAME_CHANGED,
117 MGMT_EV_NEW_LINK_KEY,
118 MGMT_EV_NEW_LONG_TERM_KEY,
119 MGMT_EV_DEVICE_CONNECTED,
120 MGMT_EV_DEVICE_DISCONNECTED,
121 MGMT_EV_CONNECT_FAILED,
122 MGMT_EV_PIN_CODE_REQUEST,
123 MGMT_EV_USER_CONFIRM_REQUEST,
124 MGMT_EV_USER_PASSKEY_REQUEST,
126 MGMT_EV_DEVICE_FOUND,
128 MGMT_EV_DEVICE_BLOCKED,
129 MGMT_EV_DEVICE_UNBLOCKED,
130 MGMT_EV_DEVICE_UNPAIRED,
131 MGMT_EV_PASSKEY_NOTIFY,
134 MGMT_EV_DEVICE_ADDED,
135 MGMT_EV_DEVICE_REMOVED,
136 MGMT_EV_NEW_CONN_PARAM,
137 MGMT_EV_UNCONF_INDEX_ADDED,
138 MGMT_EV_UNCONF_INDEX_REMOVED,
139 MGMT_EV_NEW_CONFIG_OPTIONS,
142 #define CACHE_TIMEOUT msecs_to_jiffies(2 * 1000)
144 #define ZERO_KEY "\x00\x00\x00\x00\x00\x00\x00\x00" \
145 "\x00\x00\x00\x00\x00\x00\x00\x00"
148 struct list_head list;
155 int (*cmd_complete)(struct pending_cmd *cmd, u8 status);
158 /* HCI to MGMT error code conversion table */
159 static u8 mgmt_status_table[] = {
161 MGMT_STATUS_UNKNOWN_COMMAND, /* Unknown Command */
162 MGMT_STATUS_NOT_CONNECTED, /* No Connection */
163 MGMT_STATUS_FAILED, /* Hardware Failure */
164 MGMT_STATUS_CONNECT_FAILED, /* Page Timeout */
165 MGMT_STATUS_AUTH_FAILED, /* Authentication Failed */
166 MGMT_STATUS_AUTH_FAILED, /* PIN or Key Missing */
167 MGMT_STATUS_NO_RESOURCES, /* Memory Full */
168 MGMT_STATUS_TIMEOUT, /* Connection Timeout */
169 MGMT_STATUS_NO_RESOURCES, /* Max Number of Connections */
170 MGMT_STATUS_NO_RESOURCES, /* Max Number of SCO Connections */
171 MGMT_STATUS_ALREADY_CONNECTED, /* ACL Connection Exists */
172 MGMT_STATUS_BUSY, /* Command Disallowed */
173 MGMT_STATUS_NO_RESOURCES, /* Rejected Limited Resources */
174 MGMT_STATUS_REJECTED, /* Rejected Security */
175 MGMT_STATUS_REJECTED, /* Rejected Personal */
176 MGMT_STATUS_TIMEOUT, /* Host Timeout */
177 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Feature */
178 MGMT_STATUS_INVALID_PARAMS, /* Invalid Parameters */
179 MGMT_STATUS_DISCONNECTED, /* OE User Ended Connection */
180 MGMT_STATUS_NO_RESOURCES, /* OE Low Resources */
181 MGMT_STATUS_DISCONNECTED, /* OE Power Off */
182 MGMT_STATUS_DISCONNECTED, /* Connection Terminated */
183 MGMT_STATUS_BUSY, /* Repeated Attempts */
184 MGMT_STATUS_REJECTED, /* Pairing Not Allowed */
185 MGMT_STATUS_FAILED, /* Unknown LMP PDU */
186 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Remote Feature */
187 MGMT_STATUS_REJECTED, /* SCO Offset Rejected */
188 MGMT_STATUS_REJECTED, /* SCO Interval Rejected */
189 MGMT_STATUS_REJECTED, /* Air Mode Rejected */
190 MGMT_STATUS_INVALID_PARAMS, /* Invalid LMP Parameters */
191 MGMT_STATUS_FAILED, /* Unspecified Error */
192 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported LMP Parameter Value */
193 MGMT_STATUS_FAILED, /* Role Change Not Allowed */
194 MGMT_STATUS_TIMEOUT, /* LMP Response Timeout */
195 MGMT_STATUS_FAILED, /* LMP Error Transaction Collision */
196 MGMT_STATUS_FAILED, /* LMP PDU Not Allowed */
197 MGMT_STATUS_REJECTED, /* Encryption Mode Not Accepted */
198 MGMT_STATUS_FAILED, /* Unit Link Key Used */
199 MGMT_STATUS_NOT_SUPPORTED, /* QoS Not Supported */
200 MGMT_STATUS_TIMEOUT, /* Instant Passed */
201 MGMT_STATUS_NOT_SUPPORTED, /* Pairing Not Supported */
202 MGMT_STATUS_FAILED, /* Transaction Collision */
203 MGMT_STATUS_INVALID_PARAMS, /* Unacceptable Parameter */
204 MGMT_STATUS_REJECTED, /* QoS Rejected */
205 MGMT_STATUS_NOT_SUPPORTED, /* Classification Not Supported */
206 MGMT_STATUS_REJECTED, /* Insufficient Security */
207 MGMT_STATUS_INVALID_PARAMS, /* Parameter Out Of Range */
208 MGMT_STATUS_BUSY, /* Role Switch Pending */
209 MGMT_STATUS_FAILED, /* Slot Violation */
210 MGMT_STATUS_FAILED, /* Role Switch Failed */
211 MGMT_STATUS_INVALID_PARAMS, /* EIR Too Large */
212 MGMT_STATUS_NOT_SUPPORTED, /* Simple Pairing Not Supported */
213 MGMT_STATUS_BUSY, /* Host Busy Pairing */
214 MGMT_STATUS_REJECTED, /* Rejected, No Suitable Channel */
215 MGMT_STATUS_BUSY, /* Controller Busy */
216 MGMT_STATUS_INVALID_PARAMS, /* Unsuitable Connection Interval */
217 MGMT_STATUS_TIMEOUT, /* Directed Advertising Timeout */
218 MGMT_STATUS_AUTH_FAILED, /* Terminated Due to MIC Failure */
219 MGMT_STATUS_CONNECT_FAILED, /* Connection Establishment Failed */
220 MGMT_STATUS_CONNECT_FAILED, /* MAC Connection Failed */
223 static u8 mgmt_status(u8 hci_status)
225 if (hci_status < ARRAY_SIZE(mgmt_status_table))
226 return mgmt_status_table[hci_status];
228 return MGMT_STATUS_FAILED;
231 static int mgmt_event(u16 event, struct hci_dev *hdev, void *data, u16 data_len,
232 struct sock *skip_sk)
235 struct mgmt_hdr *hdr;
237 skb = alloc_skb(sizeof(*hdr) + data_len, GFP_KERNEL);
241 hdr = (void *) skb_put(skb, sizeof(*hdr));
242 hdr->opcode = cpu_to_le16(event);
244 hdr->index = cpu_to_le16(hdev->id);
246 hdr->index = cpu_to_le16(MGMT_INDEX_NONE);
247 hdr->len = cpu_to_le16(data_len);
250 memcpy(skb_put(skb, data_len), data, data_len);
253 __net_timestamp(skb);
255 hci_send_to_control(skb, skip_sk);
261 static int cmd_status(struct sock *sk, u16 index, u16 cmd, u8 status)
264 struct mgmt_hdr *hdr;
265 struct mgmt_ev_cmd_status *ev;
268 BT_DBG("sock %p, index %u, cmd %u, status %u", sk, index, cmd, status);
270 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev), GFP_KERNEL);
274 hdr = (void *) skb_put(skb, sizeof(*hdr));
276 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_STATUS);
277 hdr->index = cpu_to_le16(index);
278 hdr->len = cpu_to_le16(sizeof(*ev));
280 ev = (void *) skb_put(skb, sizeof(*ev));
282 ev->opcode = cpu_to_le16(cmd);
284 err = sock_queue_rcv_skb(sk, skb);
291 static int cmd_complete(struct sock *sk, u16 index, u16 cmd, u8 status,
292 void *rp, size_t rp_len)
295 struct mgmt_hdr *hdr;
296 struct mgmt_ev_cmd_complete *ev;
299 BT_DBG("sock %p", sk);
301 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev) + rp_len, GFP_KERNEL);
305 hdr = (void *) skb_put(skb, sizeof(*hdr));
307 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_COMPLETE);
308 hdr->index = cpu_to_le16(index);
309 hdr->len = cpu_to_le16(sizeof(*ev) + rp_len);
311 ev = (void *) skb_put(skb, sizeof(*ev) + rp_len);
312 ev->opcode = cpu_to_le16(cmd);
316 memcpy(ev->data, rp, rp_len);
318 err = sock_queue_rcv_skb(sk, skb);
325 #ifdef CONFIG_TIZEN_WIP
326 /* BEGIN TIZEN_Bluetooth :: check for le connection update params */
327 static inline int check_le_conn_update_param(u16 min, u16 max, u16 latency,
332 if (min > max || min < 6 || max > 3200)
335 if (to_multiplier < 10 || to_multiplier > 3200)
338 if (max >= to_multiplier * 8)
341 max_latency = (to_multiplier * 8 / max) - 1;
343 if (latency > 499 || latency > max_latency)
348 /* END TIZEN_Bluetooth */
351 static int read_version(struct sock *sk, struct hci_dev *hdev, void *data,
354 struct mgmt_rp_read_version rp;
356 BT_DBG("sock %p", sk);
358 rp.version = MGMT_VERSION;
359 rp.revision = cpu_to_le16(MGMT_REVISION);
361 return cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, 0, &rp,
365 static int read_commands(struct sock *sk, struct hci_dev *hdev, void *data,
368 struct mgmt_rp_read_commands *rp;
369 const u16 num_commands = ARRAY_SIZE(mgmt_commands);
370 const u16 num_events = ARRAY_SIZE(mgmt_events);
375 BT_DBG("sock %p", sk);
377 rp_size = sizeof(*rp) + ((num_commands + num_events) * sizeof(u16));
379 rp = kmalloc(rp_size, GFP_KERNEL);
383 rp->num_commands = cpu_to_le16(num_commands);
384 rp->num_events = cpu_to_le16(num_events);
386 for (i = 0, opcode = rp->opcodes; i < num_commands; i++, opcode++)
387 put_unaligned_le16(mgmt_commands[i], opcode);
389 for (i = 0; i < num_events; i++, opcode++)
390 put_unaligned_le16(mgmt_events[i], opcode);
392 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_COMMANDS, 0, rp,
399 static int read_index_list(struct sock *sk, struct hci_dev *hdev, void *data,
402 struct mgmt_rp_read_index_list *rp;
408 BT_DBG("sock %p", sk);
410 read_lock(&hci_dev_list_lock);
413 list_for_each_entry(d, &hci_dev_list, list) {
414 if (d->dev_type == HCI_BREDR &&
415 !test_bit(HCI_UNCONFIGURED, &d->dev_flags))
419 rp_len = sizeof(*rp) + (2 * count);
420 rp = kmalloc(rp_len, GFP_ATOMIC);
422 read_unlock(&hci_dev_list_lock);
427 list_for_each_entry(d, &hci_dev_list, list) {
428 if (test_bit(HCI_SETUP, &d->dev_flags) ||
429 test_bit(HCI_CONFIG, &d->dev_flags) ||
430 test_bit(HCI_USER_CHANNEL, &d->dev_flags))
433 /* Devices marked as raw-only are neither configured
434 * nor unconfigured controllers.
436 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks))
439 if (d->dev_type == HCI_BREDR &&
440 !test_bit(HCI_UNCONFIGURED, &d->dev_flags)) {
441 rp->index[count++] = cpu_to_le16(d->id);
442 BT_DBG("Added hci%u", d->id);
446 rp->num_controllers = cpu_to_le16(count);
447 rp_len = sizeof(*rp) + (2 * count);
449 read_unlock(&hci_dev_list_lock);
451 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST, 0, rp,
459 static int read_unconf_index_list(struct sock *sk, struct hci_dev *hdev,
460 void *data, u16 data_len)
462 struct mgmt_rp_read_unconf_index_list *rp;
468 BT_DBG("sock %p", sk);
470 read_lock(&hci_dev_list_lock);
473 list_for_each_entry(d, &hci_dev_list, list) {
474 if (d->dev_type == HCI_BREDR &&
475 test_bit(HCI_UNCONFIGURED, &d->dev_flags))
479 rp_len = sizeof(*rp) + (2 * count);
480 rp = kmalloc(rp_len, GFP_ATOMIC);
482 read_unlock(&hci_dev_list_lock);
487 list_for_each_entry(d, &hci_dev_list, list) {
488 if (test_bit(HCI_SETUP, &d->dev_flags) ||
489 test_bit(HCI_CONFIG, &d->dev_flags) ||
490 test_bit(HCI_USER_CHANNEL, &d->dev_flags))
493 /* Devices marked as raw-only are neither configured
494 * nor unconfigured controllers.
496 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks))
499 if (d->dev_type == HCI_BREDR &&
500 test_bit(HCI_UNCONFIGURED, &d->dev_flags)) {
501 rp->index[count++] = cpu_to_le16(d->id);
502 BT_DBG("Added hci%u", d->id);
506 rp->num_controllers = cpu_to_le16(count);
507 rp_len = sizeof(*rp) + (2 * count);
509 read_unlock(&hci_dev_list_lock);
511 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_UNCONF_INDEX_LIST,
519 static bool is_configured(struct hci_dev *hdev)
521 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) &&
522 !test_bit(HCI_EXT_CONFIGURED, &hdev->dev_flags))
525 if (test_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks) &&
526 !bacmp(&hdev->public_addr, BDADDR_ANY))
532 static __le32 get_missing_options(struct hci_dev *hdev)
536 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) &&
537 !test_bit(HCI_EXT_CONFIGURED, &hdev->dev_flags))
538 options |= MGMT_OPTION_EXTERNAL_CONFIG;
540 if (test_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks) &&
541 !bacmp(&hdev->public_addr, BDADDR_ANY))
542 options |= MGMT_OPTION_PUBLIC_ADDRESS;
544 return cpu_to_le32(options);
547 static int new_options(struct hci_dev *hdev, struct sock *skip)
549 __le32 options = get_missing_options(hdev);
551 return mgmt_event(MGMT_EV_NEW_CONFIG_OPTIONS, hdev, &options,
552 sizeof(options), skip);
555 static int send_options_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
557 __le32 options = get_missing_options(hdev);
559 return cmd_complete(sk, hdev->id, opcode, 0, &options,
563 static int read_config_info(struct sock *sk, struct hci_dev *hdev,
564 void *data, u16 data_len)
566 struct mgmt_rp_read_config_info rp;
569 BT_DBG("sock %p %s", sk, hdev->name);
573 memset(&rp, 0, sizeof(rp));
574 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
576 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks))
577 options |= MGMT_OPTION_EXTERNAL_CONFIG;
579 if (hdev->set_bdaddr)
580 options |= MGMT_OPTION_PUBLIC_ADDRESS;
582 rp.supported_options = cpu_to_le32(options);
583 rp.missing_options = get_missing_options(hdev);
585 hci_dev_unlock(hdev);
587 return cmd_complete(sk, hdev->id, MGMT_OP_READ_CONFIG_INFO, 0, &rp,
591 static u32 get_supported_settings(struct hci_dev *hdev)
595 settings |= MGMT_SETTING_POWERED;
596 settings |= MGMT_SETTING_BONDABLE;
597 /* Disable Debug keys implementation now */
598 #ifdef CONFIG_TIZEN_WIP
599 settings |= MGMT_SETTING_DEBUG_KEYS;
601 settings |= MGMT_SETTING_CONNECTABLE;
602 settings |= MGMT_SETTING_DISCOVERABLE;
604 if (lmp_bredr_capable(hdev)) {
605 if (hdev->hci_ver >= BLUETOOTH_VER_1_2)
606 settings |= MGMT_SETTING_FAST_CONNECTABLE;
607 settings |= MGMT_SETTING_BREDR;
608 settings |= MGMT_SETTING_LINK_SECURITY;
610 if (lmp_ssp_capable(hdev)) {
611 settings |= MGMT_SETTING_SSP;
612 settings |= MGMT_SETTING_HS;
615 /* Disable Secure connection implementation now */
616 #ifdef CONFIG_TIZEN_WIP
617 if (lmp_sc_capable(hdev) ||
618 test_bit(HCI_FORCE_BREDR_SMP, &hdev->dbg_flags))
619 settings |= MGMT_SETTING_SECURE_CONN;
623 if (lmp_le_capable(hdev)) {
624 settings |= MGMT_SETTING_LE;
625 settings |= MGMT_SETTING_ADVERTISING;
626 settings |= MGMT_SETTING_SECURE_CONN;
627 settings |= MGMT_SETTING_PRIVACY;
630 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) ||
632 settings |= MGMT_SETTING_CONFIGURATION;
637 static u32 get_current_settings(struct hci_dev *hdev)
641 if (hdev_is_powered(hdev))
642 settings |= MGMT_SETTING_POWERED;
644 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
645 settings |= MGMT_SETTING_CONNECTABLE;
647 if (test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags))
648 settings |= MGMT_SETTING_FAST_CONNECTABLE;
650 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
651 settings |= MGMT_SETTING_DISCOVERABLE;
653 if (test_bit(HCI_BONDABLE, &hdev->dev_flags))
654 settings |= MGMT_SETTING_BONDABLE;
656 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
657 settings |= MGMT_SETTING_BREDR;
659 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
660 settings |= MGMT_SETTING_LE;
662 if (test_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
663 settings |= MGMT_SETTING_LINK_SECURITY;
665 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
666 settings |= MGMT_SETTING_SSP;
668 if (test_bit(HCI_HS_ENABLED, &hdev->dev_flags))
669 settings |= MGMT_SETTING_HS;
671 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
672 settings |= MGMT_SETTING_ADVERTISING;
674 /* Disable Secure connection and debug keys implementation now */
675 #ifdef CONFIG_TIZEN_WIP
676 if (test_bit(HCI_SC_ENABLED, &hdev->dev_flags))
677 settings |= MGMT_SETTING_SECURE_CONN;
679 if (test_bit(HCI_KEEP_DEBUG_KEYS, &hdev->dev_flags))
680 settings |= MGMT_SETTING_DEBUG_KEYS;
683 if (test_bit(HCI_PRIVACY, &hdev->dev_flags))
684 settings |= MGMT_SETTING_PRIVACY;
689 #define PNP_INFO_SVCLASS_ID 0x1200
691 static u8 *create_uuid16_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
693 u8 *ptr = data, *uuids_start = NULL;
694 struct bt_uuid *uuid;
699 list_for_each_entry(uuid, &hdev->uuids, list) {
702 if (uuid->size != 16)
705 uuid16 = get_unaligned_le16(&uuid->uuid[12]);
709 if (uuid16 == PNP_INFO_SVCLASS_ID)
715 uuids_start[1] = EIR_UUID16_ALL;
719 /* Stop if not enough space to put next UUID */
720 if ((ptr - data) + sizeof(u16) > len) {
721 uuids_start[1] = EIR_UUID16_SOME;
725 *ptr++ = (uuid16 & 0x00ff);
726 *ptr++ = (uuid16 & 0xff00) >> 8;
727 uuids_start[0] += sizeof(uuid16);
733 static u8 *create_uuid32_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
735 u8 *ptr = data, *uuids_start = NULL;
736 struct bt_uuid *uuid;
741 list_for_each_entry(uuid, &hdev->uuids, list) {
742 if (uuid->size != 32)
748 uuids_start[1] = EIR_UUID32_ALL;
752 /* Stop if not enough space to put next UUID */
753 if ((ptr - data) + sizeof(u32) > len) {
754 uuids_start[1] = EIR_UUID32_SOME;
758 memcpy(ptr, &uuid->uuid[12], sizeof(u32));
760 uuids_start[0] += sizeof(u32);
766 static u8 *create_uuid128_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
768 u8 *ptr = data, *uuids_start = NULL;
769 struct bt_uuid *uuid;
774 list_for_each_entry(uuid, &hdev->uuids, list) {
775 if (uuid->size != 128)
781 uuids_start[1] = EIR_UUID128_ALL;
785 /* Stop if not enough space to put next UUID */
786 if ((ptr - data) + 16 > len) {
787 uuids_start[1] = EIR_UUID128_SOME;
791 memcpy(ptr, uuid->uuid, 16);
793 uuids_start[0] += 16;
799 static struct pending_cmd *mgmt_pending_find(u16 opcode, struct hci_dev *hdev)
801 struct pending_cmd *cmd;
803 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
804 if (cmd->opcode == opcode)
811 static struct pending_cmd *mgmt_pending_find_data(u16 opcode,
812 struct hci_dev *hdev,
815 struct pending_cmd *cmd;
817 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
818 if (cmd->user_data != data)
820 if (cmd->opcode == opcode)
827 static u8 create_scan_rsp_data(struct hci_dev *hdev, u8 *ptr)
832 name_len = strlen(hdev->dev_name);
834 size_t max_len = HCI_MAX_AD_LENGTH - ad_len - 2;
836 if (name_len > max_len) {
838 ptr[1] = EIR_NAME_SHORT;
840 ptr[1] = EIR_NAME_COMPLETE;
842 ptr[0] = name_len + 1;
844 memcpy(ptr + 2, hdev->dev_name, name_len);
846 ad_len += (name_len + 2);
847 ptr += (name_len + 2);
853 static void update_scan_rsp_data(struct hci_request *req)
855 struct hci_dev *hdev = req->hdev;
856 struct hci_cp_le_set_scan_rsp_data cp;
859 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
862 memset(&cp, 0, sizeof(cp));
864 len = create_scan_rsp_data(hdev, cp.data);
866 #ifdef CONFIG_TIZEN_WIP
867 /* Advertising scan response data is handled in bluez.
868 This value will be updated only when application request the update */
871 if (hdev->scan_rsp_data_len == len &&
872 memcmp(cp.data, hdev->scan_rsp_data, len) == 0)
875 memcpy(hdev->scan_rsp_data, cp.data, sizeof(cp.data));
876 hdev->scan_rsp_data_len = len;
880 hci_req_add(req, HCI_OP_LE_SET_SCAN_RSP_DATA, sizeof(cp), &cp);
884 static u8 get_adv_discov_flags(struct hci_dev *hdev)
886 struct pending_cmd *cmd;
888 /* If there's a pending mgmt command the flags will not yet have
889 * their final values, so check for this first.
891 cmd = mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev);
893 struct mgmt_mode *cp = cmd->param;
895 return LE_AD_GENERAL;
896 else if (cp->val == 0x02)
897 return LE_AD_LIMITED;
899 if (test_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags))
900 return LE_AD_LIMITED;
901 else if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
902 return LE_AD_GENERAL;
908 static u8 create_adv_data(struct hci_dev *hdev, u8 *ptr)
910 u8 ad_len = 0, flags = 0;
912 flags |= get_adv_discov_flags(hdev);
914 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
915 flags |= LE_AD_NO_BREDR;
918 BT_DBG("adv flags 0x%02x", flags);
928 if (hdev->adv_tx_power != HCI_TX_POWER_INVALID) {
930 ptr[1] = EIR_TX_POWER;
931 ptr[2] = (u8) hdev->adv_tx_power;
940 static void update_adv_data(struct hci_request *req)
942 struct hci_dev *hdev = req->hdev;
943 struct hci_cp_le_set_adv_data cp;
946 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
949 memset(&cp, 0, sizeof(cp));
951 len = create_adv_data(hdev, cp.data);
953 #ifdef CONFIG_TIZEN_WIP
954 /* Bluez will handle the advertising data, including the flag and tx power.
955 This value will be updated only when application request the update */
958 if (hdev->adv_data_len == len &&
959 memcmp(cp.data, hdev->adv_data, len) == 0)
962 memcpy(hdev->adv_data, cp.data, sizeof(cp.data));
963 hdev->adv_data_len = len;
967 hci_req_add(req, HCI_OP_LE_SET_ADV_DATA, sizeof(cp), &cp);
971 int mgmt_update_adv_data(struct hci_dev *hdev)
973 struct hci_request req;
975 hci_req_init(&req, hdev);
976 update_adv_data(&req);
978 return hci_req_run(&req, NULL);
981 static void create_eir(struct hci_dev *hdev, u8 *data)
986 name_len = strlen(hdev->dev_name);
992 ptr[1] = EIR_NAME_SHORT;
994 ptr[1] = EIR_NAME_COMPLETE;
996 /* EIR Data length */
997 ptr[0] = name_len + 1;
999 memcpy(ptr + 2, hdev->dev_name, name_len);
1001 ptr += (name_len + 2);
1004 if (hdev->inq_tx_power != HCI_TX_POWER_INVALID) {
1006 ptr[1] = EIR_TX_POWER;
1007 ptr[2] = (u8) hdev->inq_tx_power;
1012 if (hdev->devid_source > 0) {
1014 ptr[1] = EIR_DEVICE_ID;
1016 put_unaligned_le16(hdev->devid_source, ptr + 2);
1017 put_unaligned_le16(hdev->devid_vendor, ptr + 4);
1018 put_unaligned_le16(hdev->devid_product, ptr + 6);
1019 put_unaligned_le16(hdev->devid_version, ptr + 8);
1024 ptr = create_uuid16_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
1025 ptr = create_uuid32_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
1026 ptr = create_uuid128_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
1027 #ifdef CONFIG_TIZEN_WIP
1028 if (hdev->manufacturer_len > 0 &&
1029 ptr - data + hdev->manufacturer_len + 2 <= HCI_MAX_EIR_LENGTH) {
1030 ptr[0] = hdev->manufacturer_len + 1;
1031 ptr[1] = EIR_MANUFACTURER_DATA;
1032 memcpy(ptr + 2, hdev->manufacturer_data, hdev->manufacturer_len);
1033 ptr += hdev->manufacturer_len + 2;
1038 static void update_eir(struct hci_request *req)
1040 struct hci_dev *hdev = req->hdev;
1041 struct hci_cp_write_eir cp;
1043 if (!hdev_is_powered(hdev))
1046 if (!lmp_ext_inq_capable(hdev))
1049 if (!test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
1052 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
1055 memset(&cp, 0, sizeof(cp));
1057 create_eir(hdev, cp.data);
1059 if (memcmp(cp.data, hdev->eir, sizeof(cp.data)) == 0)
1062 memcpy(hdev->eir, cp.data, sizeof(cp.data));
1064 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
1067 static u8 get_service_classes(struct hci_dev *hdev)
1069 struct bt_uuid *uuid;
1072 list_for_each_entry(uuid, &hdev->uuids, list)
1073 val |= uuid->svc_hint;
1078 static void update_class(struct hci_request *req)
1080 struct hci_dev *hdev = req->hdev;
1083 BT_DBG("%s", hdev->name);
1085 if (!hdev_is_powered(hdev))
1088 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1091 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
1094 cod[0] = hdev->minor_class;
1095 cod[1] = hdev->major_class;
1096 cod[2] = get_service_classes(hdev);
1098 if (test_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags))
1101 if (memcmp(cod, hdev->dev_class, 3) == 0)
1104 hci_req_add(req, HCI_OP_WRITE_CLASS_OF_DEV, sizeof(cod), cod);
1107 #ifndef CONFIG_TIZEN_WIP
1108 static bool get_connectable(struct hci_dev *hdev)
1110 struct pending_cmd *cmd;
1112 /* If there's a pending mgmt command the flag will not yet have
1113 * it's final value, so check for this first.
1115 cmd = mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
1117 struct mgmt_mode *cp = cmd->param;
1121 return test_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1125 static void disable_advertising(struct hci_request *req)
1129 hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), &enable);
1132 static void enable_advertising(struct hci_request *req)
1134 struct hci_dev *hdev = req->hdev;
1135 struct hci_cp_le_set_adv_param cp;
1136 #ifndef CONFIG_TIZEN_WIP
1137 u8 own_addr_type, enable = 0x01;
1140 u8 own_addr_type = ADDR_LE_DEV_PUBLIC;
1144 if (hci_conn_num(hdev, LE_LINK) > 0)
1147 if (test_bit(HCI_LE_ADV, &hdev->dev_flags))
1148 disable_advertising(req);
1150 /* Clear the HCI_LE_ADV bit temporarily so that the
1151 * hci_update_random_address knows that it's safe to go ahead
1152 * and write a new random address. The flag will be set back on
1153 * as soon as the SET_ADV_ENABLE HCI command completes.
1155 clear_bit(HCI_LE_ADV, &hdev->dev_flags);
1157 #ifndef CONFIG_TIZEN_WIP
1158 connectable = get_connectable(hdev);
1160 /* Set require_privacy to true only when non-connectable
1161 * advertising is used. In that case it is fine to use a
1162 * non-resolvable private address.
1164 if (hci_update_random_address(req, !connectable, &own_addr_type) < 0)
1168 memset(&cp, 0, sizeof(cp));
1169 cp.min_interval = cpu_to_le16(hdev->le_adv_min_interval);
1170 cp.max_interval = cpu_to_le16(hdev->le_adv_max_interval);
1171 #ifdef CONFIG_TIZEN_WIP
1172 cp.filter_policy = hdev->adv_filter_policy;
1173 cp.type = hdev->adv_type;
1175 cp.type = connectable ? LE_ADV_IND : LE_ADV_NONCONN_IND;
1177 cp.own_address_type = own_addr_type;
1178 cp.channel_map = hdev->le_adv_channel_map;
1180 hci_req_add(req, HCI_OP_LE_SET_ADV_PARAM, sizeof(cp), &cp);
1182 hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), &enable);
1185 static void service_cache_off(struct work_struct *work)
1187 struct hci_dev *hdev = container_of(work, struct hci_dev,
1188 service_cache.work);
1189 struct hci_request req;
1191 if (!test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
1194 hci_req_init(&req, hdev);
1201 hci_dev_unlock(hdev);
1203 hci_req_run(&req, NULL);
1206 static void rpa_expired(struct work_struct *work)
1208 struct hci_dev *hdev = container_of(work, struct hci_dev,
1210 struct hci_request req;
1214 set_bit(HCI_RPA_EXPIRED, &hdev->dev_flags);
1216 if (!test_bit(HCI_ADVERTISING, &hdev->dev_flags))
1219 /* The generation of a new RPA and programming it into the
1220 * controller happens in the enable_advertising() function.
1222 hci_req_init(&req, hdev);
1223 enable_advertising(&req);
1224 hci_req_run(&req, NULL);
1227 static void mgmt_init_hdev(struct sock *sk, struct hci_dev *hdev)
1229 if (test_and_set_bit(HCI_MGMT, &hdev->dev_flags))
1232 INIT_DELAYED_WORK(&hdev->service_cache, service_cache_off);
1233 INIT_DELAYED_WORK(&hdev->rpa_expired, rpa_expired);
1235 /* Non-mgmt controlled devices get this bit set
1236 * implicitly so that pairing works for them, however
1237 * for mgmt we require user-space to explicitly enable
1240 clear_bit(HCI_BONDABLE, &hdev->dev_flags);
1243 static int read_controller_info(struct sock *sk, struct hci_dev *hdev,
1244 void *data, u16 data_len)
1246 struct mgmt_rp_read_info rp;
1248 BT_DBG("sock %p %s", sk, hdev->name);
1252 memset(&rp, 0, sizeof(rp));
1254 bacpy(&rp.bdaddr, &hdev->bdaddr);
1256 rp.version = hdev->hci_ver;
1257 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
1259 rp.supported_settings = cpu_to_le32(get_supported_settings(hdev));
1260 rp.current_settings = cpu_to_le32(get_current_settings(hdev));
1262 memcpy(rp.dev_class, hdev->dev_class, 3);
1264 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name));
1265 memcpy(rp.short_name, hdev->short_name, sizeof(hdev->short_name));
1267 hci_dev_unlock(hdev);
1269 return cmd_complete(sk, hdev->id, MGMT_OP_READ_INFO, 0, &rp,
1273 static void mgmt_pending_free(struct pending_cmd *cmd)
1280 static struct pending_cmd *mgmt_pending_add(struct sock *sk, u16 opcode,
1281 struct hci_dev *hdev, void *data,
1284 struct pending_cmd *cmd;
1286 cmd = kzalloc(sizeof(*cmd), GFP_KERNEL);
1290 cmd->opcode = opcode;
1291 cmd->index = hdev->id;
1293 cmd->param = kmemdup(data, len, GFP_KERNEL);
1299 cmd->param_len = len;
1304 list_add(&cmd->list, &hdev->mgmt_pending);
1309 static void mgmt_pending_foreach(u16 opcode, struct hci_dev *hdev,
1310 void (*cb)(struct pending_cmd *cmd,
1314 struct pending_cmd *cmd, *tmp;
1316 list_for_each_entry_safe(cmd, tmp, &hdev->mgmt_pending, list) {
1317 if (opcode > 0 && cmd->opcode != opcode)
1324 static void mgmt_pending_remove(struct pending_cmd *cmd)
1326 list_del(&cmd->list);
1327 mgmt_pending_free(cmd);
1330 static int send_settings_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
1332 __le32 settings = cpu_to_le32(get_current_settings(hdev));
1334 return cmd_complete(sk, hdev->id, opcode, 0, &settings,
1338 static void clean_up_hci_complete(struct hci_dev *hdev, u8 status, u16 opcode)
1340 BT_DBG("%s status 0x%02x", hdev->name, status);
1342 if (hci_conn_count(hdev) == 0) {
1343 cancel_delayed_work(&hdev->power_off);
1344 queue_work(hdev->req_workqueue, &hdev->power_off.work);
1348 static bool hci_stop_discovery(struct hci_request *req)
1350 struct hci_dev *hdev = req->hdev;
1351 struct hci_cp_remote_name_req_cancel cp;
1352 struct inquiry_entry *e;
1354 switch (hdev->discovery.state) {
1355 case DISCOVERY_FINDING:
1356 if (test_bit(HCI_INQUIRY, &hdev->flags)) {
1357 hci_req_add(req, HCI_OP_INQUIRY_CANCEL, 0, NULL);
1359 cancel_delayed_work(&hdev->le_scan_disable);
1360 hci_req_add_le_scan_disable(req);
1365 case DISCOVERY_RESOLVING:
1366 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY,
1371 bacpy(&cp.bdaddr, &e->data.bdaddr);
1372 hci_req_add(req, HCI_OP_REMOTE_NAME_REQ_CANCEL, sizeof(cp),
1378 /* Passive scanning */
1379 if (test_bit(HCI_LE_SCAN, &hdev->dev_flags)) {
1380 hci_req_add_le_scan_disable(req);
1390 static int clean_up_hci_state(struct hci_dev *hdev)
1392 struct hci_request req;
1393 struct hci_conn *conn;
1394 bool discov_stopped;
1397 hci_req_init(&req, hdev);
1399 if (test_bit(HCI_ISCAN, &hdev->flags) ||
1400 test_bit(HCI_PSCAN, &hdev->flags)) {
1402 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1405 if (test_bit(HCI_LE_ADV, &hdev->dev_flags))
1406 disable_advertising(&req);
1408 discov_stopped = hci_stop_discovery(&req);
1410 list_for_each_entry(conn, &hdev->conn_hash.list, list) {
1411 struct hci_cp_disconnect dc;
1412 struct hci_cp_reject_conn_req rej;
1414 switch (conn->state) {
1417 dc.handle = cpu_to_le16(conn->handle);
1418 dc.reason = 0x15; /* Terminated due to Power Off */
1419 hci_req_add(&req, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1422 if (conn->type == LE_LINK)
1423 hci_req_add(&req, HCI_OP_LE_CREATE_CONN_CANCEL,
1425 else if (conn->type == ACL_LINK)
1426 hci_req_add(&req, HCI_OP_CREATE_CONN_CANCEL,
1430 bacpy(&rej.bdaddr, &conn->dst);
1431 rej.reason = 0x15; /* Terminated due to Power Off */
1432 if (conn->type == ACL_LINK)
1433 hci_req_add(&req, HCI_OP_REJECT_CONN_REQ,
1435 else if (conn->type == SCO_LINK)
1436 hci_req_add(&req, HCI_OP_REJECT_SYNC_CONN_REQ,
1442 err = hci_req_run(&req, clean_up_hci_complete);
1443 if (!err && discov_stopped)
1444 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
1449 static int set_powered(struct sock *sk, struct hci_dev *hdev, void *data,
1452 struct mgmt_mode *cp = data;
1453 struct pending_cmd *cmd;
1456 BT_DBG("request for %s", hdev->name);
1458 if (cp->val != 0x00 && cp->val != 0x01)
1459 return cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
1460 MGMT_STATUS_INVALID_PARAMS);
1464 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev)) {
1465 err = cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
1470 if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->dev_flags)) {
1471 cancel_delayed_work(&hdev->power_off);
1474 mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev,
1476 err = mgmt_powered(hdev, 1);
1481 if (!!cp->val == hdev_is_powered(hdev)) {
1482 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
1486 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev, data, len);
1493 queue_work(hdev->req_workqueue, &hdev->power_on);
1496 /* Disconnect connections, stop scans, etc */
1497 err = clean_up_hci_state(hdev);
1499 queue_delayed_work(hdev->req_workqueue, &hdev->power_off,
1500 HCI_POWER_OFF_TIMEOUT);
1502 /* ENODATA means there were no HCI commands queued */
1503 if (err == -ENODATA) {
1504 cancel_delayed_work(&hdev->power_off);
1505 queue_work(hdev->req_workqueue, &hdev->power_off.work);
1511 hci_dev_unlock(hdev);
1515 static int new_settings(struct hci_dev *hdev, struct sock *skip)
1519 ev = cpu_to_le32(get_current_settings(hdev));
1521 return mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev), skip);
1524 int mgmt_new_settings(struct hci_dev *hdev)
1526 return new_settings(hdev, NULL);
1531 struct hci_dev *hdev;
1535 static void settings_rsp(struct pending_cmd *cmd, void *data)
1537 struct cmd_lookup *match = data;
1539 send_settings_rsp(cmd->sk, cmd->opcode, match->hdev);
1541 list_del(&cmd->list);
1543 if (match->sk == NULL) {
1544 match->sk = cmd->sk;
1545 sock_hold(match->sk);
1548 mgmt_pending_free(cmd);
1551 static void cmd_status_rsp(struct pending_cmd *cmd, void *data)
1555 cmd_status(cmd->sk, cmd->index, cmd->opcode, *status);
1556 mgmt_pending_remove(cmd);
1559 static void cmd_complete_rsp(struct pending_cmd *cmd, void *data)
1561 if (cmd->cmd_complete) {
1564 cmd->cmd_complete(cmd, *status);
1565 mgmt_pending_remove(cmd);
1570 cmd_status_rsp(cmd, data);
1573 static int generic_cmd_complete(struct pending_cmd *cmd, u8 status)
1575 return cmd_complete(cmd->sk, cmd->index, cmd->opcode, status,
1576 cmd->param, cmd->param_len);
1579 static int addr_cmd_complete(struct pending_cmd *cmd, u8 status)
1581 return cmd_complete(cmd->sk, cmd->index, cmd->opcode, status, cmd->param,
1582 sizeof(struct mgmt_addr_info));
1585 static u8 mgmt_bredr_support(struct hci_dev *hdev)
1587 if (!lmp_bredr_capable(hdev))
1588 return MGMT_STATUS_NOT_SUPPORTED;
1589 else if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1590 return MGMT_STATUS_REJECTED;
1592 return MGMT_STATUS_SUCCESS;
1595 static u8 mgmt_le_support(struct hci_dev *hdev)
1597 if (!lmp_le_capable(hdev))
1598 return MGMT_STATUS_NOT_SUPPORTED;
1599 else if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
1600 return MGMT_STATUS_REJECTED;
1602 return MGMT_STATUS_SUCCESS;
1605 static void set_discoverable_complete(struct hci_dev *hdev, u8 status,
1608 struct pending_cmd *cmd;
1609 struct mgmt_mode *cp;
1610 struct hci_request req;
1613 BT_DBG("status 0x%02x", status);
1617 cmd = mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev);
1622 u8 mgmt_err = mgmt_status(status);
1623 cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
1624 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1630 changed = !test_and_set_bit(HCI_DISCOVERABLE,
1633 if (hdev->discov_timeout > 0) {
1634 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
1635 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
1639 changed = test_and_clear_bit(HCI_DISCOVERABLE,
1643 send_settings_rsp(cmd->sk, MGMT_OP_SET_DISCOVERABLE, hdev);
1646 new_settings(hdev, cmd->sk);
1648 /* When the discoverable mode gets changed, make sure
1649 * that class of device has the limited discoverable
1650 * bit correctly set. Also update page scan based on whitelist
1653 hci_req_init(&req, hdev);
1654 __hci_update_page_scan(&req);
1656 hci_req_run(&req, NULL);
1659 mgmt_pending_remove(cmd);
1662 hci_dev_unlock(hdev);
1665 static int set_discoverable(struct sock *sk, struct hci_dev *hdev, void *data,
1668 struct mgmt_cp_set_discoverable *cp = data;
1669 struct pending_cmd *cmd;
1670 struct hci_request req;
1675 BT_DBG("request for %s", hdev->name);
1677 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags) &&
1678 !test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1679 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1680 MGMT_STATUS_REJECTED);
1682 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
1683 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1684 MGMT_STATUS_INVALID_PARAMS);
1686 timeout = __le16_to_cpu(cp->timeout);
1688 /* Disabling discoverable requires that no timeout is set,
1689 * and enabling limited discoverable requires a timeout.
1691 if ((cp->val == 0x00 && timeout > 0) ||
1692 (cp->val == 0x02 && timeout == 0))
1693 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1694 MGMT_STATUS_INVALID_PARAMS);
1698 if (!hdev_is_powered(hdev) && timeout > 0) {
1699 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1700 MGMT_STATUS_NOT_POWERED);
1704 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
1705 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
1706 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1711 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags)) {
1712 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1713 MGMT_STATUS_REJECTED);
1717 if (!hdev_is_powered(hdev)) {
1718 bool changed = false;
1720 /* Setting limited discoverable when powered off is
1721 * not a valid operation since it requires a timeout
1722 * and so no need to check HCI_LIMITED_DISCOVERABLE.
1724 if (!!cp->val != test_bit(HCI_DISCOVERABLE, &hdev->dev_flags)) {
1725 change_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
1729 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
1734 err = new_settings(hdev, sk);
1739 /* If the current mode is the same, then just update the timeout
1740 * value with the new value. And if only the timeout gets updated,
1741 * then no need for any HCI transactions.
1743 if (!!cp->val == test_bit(HCI_DISCOVERABLE, &hdev->dev_flags) &&
1744 (cp->val == 0x02) == test_bit(HCI_LIMITED_DISCOVERABLE,
1745 &hdev->dev_flags)) {
1746 cancel_delayed_work(&hdev->discov_off);
1747 hdev->discov_timeout = timeout;
1749 if (cp->val && hdev->discov_timeout > 0) {
1750 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
1751 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
1755 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
1759 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, hdev, data, len);
1765 /* Cancel any potential discoverable timeout that might be
1766 * still active and store new timeout value. The arming of
1767 * the timeout happens in the complete handler.
1769 cancel_delayed_work(&hdev->discov_off);
1770 hdev->discov_timeout = timeout;
1772 /* Limited discoverable mode */
1773 if (cp->val == 0x02)
1774 set_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1776 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1778 hci_req_init(&req, hdev);
1780 /* The procedure for LE-only controllers is much simpler - just
1781 * update the advertising data.
1783 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1789 struct hci_cp_write_current_iac_lap hci_cp;
1791 if (cp->val == 0x02) {
1792 /* Limited discoverable mode */
1793 hci_cp.num_iac = min_t(u8, hdev->num_iac, 2);
1794 hci_cp.iac_lap[0] = 0x00; /* LIAC */
1795 hci_cp.iac_lap[1] = 0x8b;
1796 hci_cp.iac_lap[2] = 0x9e;
1797 hci_cp.iac_lap[3] = 0x33; /* GIAC */
1798 hci_cp.iac_lap[4] = 0x8b;
1799 hci_cp.iac_lap[5] = 0x9e;
1801 /* General discoverable mode */
1803 hci_cp.iac_lap[0] = 0x33; /* GIAC */
1804 hci_cp.iac_lap[1] = 0x8b;
1805 hci_cp.iac_lap[2] = 0x9e;
1808 hci_req_add(&req, HCI_OP_WRITE_CURRENT_IAC_LAP,
1809 (hci_cp.num_iac * 3) + 1, &hci_cp);
1811 scan |= SCAN_INQUIRY;
1813 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1816 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, sizeof(scan), &scan);
1819 update_adv_data(&req);
1821 err = hci_req_run(&req, set_discoverable_complete);
1823 mgmt_pending_remove(cmd);
1826 hci_dev_unlock(hdev);
1830 static void write_fast_connectable(struct hci_request *req, bool enable)
1832 struct hci_dev *hdev = req->hdev;
1833 #ifndef CONFIG_TIZEN_WIP
1834 struct hci_cp_write_page_scan_activity acp;
1838 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1841 if (hdev->hci_ver < BLUETOOTH_VER_1_2)
1844 #ifdef CONFIG_TIZEN_WIP
1846 type = PAGE_SCAN_TYPE_INTERLACED;
1848 type = PAGE_SCAN_TYPE_STANDARD;
1852 type = PAGE_SCAN_TYPE_INTERLACED;
1854 /* 160 msec page scan interval */
1855 acp.interval = cpu_to_le16(0x0100);
1857 type = PAGE_SCAN_TYPE_STANDARD; /* default */
1859 /* default 1.28 sec page scan */
1860 acp.interval = cpu_to_le16(0x0800);
1863 acp.window = cpu_to_le16(0x0012);
1865 if (__cpu_to_le16(hdev->page_scan_interval) != acp.interval ||
1866 __cpu_to_le16(hdev->page_scan_window) != acp.window)
1867 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY,
1871 if (hdev->page_scan_type != type)
1872 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_TYPE, 1, &type);
1875 static void set_connectable_complete(struct hci_dev *hdev, u8 status,
1878 struct pending_cmd *cmd;
1879 struct mgmt_mode *cp;
1880 bool conn_changed, discov_changed;
1882 BT_DBG("status 0x%02x", status);
1886 cmd = mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
1891 u8 mgmt_err = mgmt_status(status);
1892 cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
1898 conn_changed = !test_and_set_bit(HCI_CONNECTABLE,
1900 discov_changed = false;
1902 conn_changed = test_and_clear_bit(HCI_CONNECTABLE,
1904 discov_changed = test_and_clear_bit(HCI_DISCOVERABLE,
1908 send_settings_rsp(cmd->sk, MGMT_OP_SET_CONNECTABLE, hdev);
1910 if (conn_changed || discov_changed) {
1911 new_settings(hdev, cmd->sk);
1912 hci_update_page_scan(hdev);
1914 mgmt_update_adv_data(hdev);
1915 hci_update_background_scan(hdev);
1919 mgmt_pending_remove(cmd);
1922 hci_dev_unlock(hdev);
1925 static int set_connectable_update_settings(struct hci_dev *hdev,
1926 struct sock *sk, u8 val)
1928 bool changed = false;
1931 if (!!val != test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
1935 set_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1937 clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1938 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
1941 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
1946 hci_update_page_scan(hdev);
1947 hci_update_background_scan(hdev);
1948 return new_settings(hdev, sk);
1954 static int set_connectable(struct sock *sk, struct hci_dev *hdev, void *data,
1957 struct mgmt_mode *cp = data;
1958 struct pending_cmd *cmd;
1959 struct hci_request req;
1963 BT_DBG("request for %s", hdev->name);
1965 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags) &&
1966 !test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1967 return cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1968 MGMT_STATUS_REJECTED);
1970 if (cp->val != 0x00 && cp->val != 0x01)
1971 return cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1972 MGMT_STATUS_INVALID_PARAMS);
1976 if (!hdev_is_powered(hdev)) {
1977 err = set_connectable_update_settings(hdev, sk, cp->val);
1981 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
1982 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
1983 err = cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1988 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, hdev, data, len);
1994 hci_req_init(&req, hdev);
1996 /* If BR/EDR is not enabled and we disable advertising as a
1997 * by-product of disabling connectable, we need to update the
1998 * advertising flags.
2000 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
2002 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
2003 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
2005 update_adv_data(&req);
2006 } else if (cp->val != test_bit(HCI_PSCAN, &hdev->flags)) {
2010 /* If we don't have any whitelist entries just
2011 * disable all scanning. If there are entries
2012 * and we had both page and inquiry scanning
2013 * enabled then fall back to only page scanning.
2014 * Otherwise no changes are needed.
2016 if (list_empty(&hdev->whitelist))
2017 scan = SCAN_DISABLED;
2018 else if (test_bit(HCI_ISCAN, &hdev->flags))
2021 goto no_scan_update;
2023 if (test_bit(HCI_ISCAN, &hdev->flags) &&
2024 hdev->discov_timeout > 0)
2025 cancel_delayed_work(&hdev->discov_off);
2028 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
2032 /* If we're going from non-connectable to connectable or
2033 * vice-versa when fast connectable is enabled ensure that fast
2034 * connectable gets disabled. write_fast_connectable won't do
2035 * anything if the page scan parameters are already what they
2038 if (cp->val || test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags))
2039 write_fast_connectable(&req, false);
2041 /* Update the advertising parameters if necessary */
2042 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
2043 enable_advertising(&req);
2045 err = hci_req_run(&req, set_connectable_complete);
2047 mgmt_pending_remove(cmd);
2048 if (err == -ENODATA)
2049 err = set_connectable_update_settings(hdev, sk,
2055 hci_dev_unlock(hdev);
2059 static int set_bondable(struct sock *sk, struct hci_dev *hdev, void *data,
2062 struct mgmt_mode *cp = data;
2066 BT_DBG("request for %s", hdev->name);
2068 if (cp->val != 0x00 && cp->val != 0x01)
2069 return cmd_status(sk, hdev->id, MGMT_OP_SET_BONDABLE,
2070 MGMT_STATUS_INVALID_PARAMS);
2075 changed = !test_and_set_bit(HCI_BONDABLE, &hdev->dev_flags);
2077 changed = test_and_clear_bit(HCI_BONDABLE, &hdev->dev_flags);
2079 err = send_settings_rsp(sk, MGMT_OP_SET_BONDABLE, hdev);
2084 err = new_settings(hdev, sk);
2087 hci_dev_unlock(hdev);
2091 static int set_link_security(struct sock *sk, struct hci_dev *hdev, void *data,
2094 struct mgmt_mode *cp = data;
2095 struct pending_cmd *cmd;
2099 BT_DBG("request for %s", hdev->name);
2101 status = mgmt_bredr_support(hdev);
2103 return cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
2106 if (cp->val != 0x00 && cp->val != 0x01)
2107 return cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
2108 MGMT_STATUS_INVALID_PARAMS);
2112 if (!hdev_is_powered(hdev)) {
2113 bool changed = false;
2115 if (!!cp->val != test_bit(HCI_LINK_SECURITY,
2116 &hdev->dev_flags)) {
2117 change_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
2121 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
2126 err = new_settings(hdev, sk);
2131 if (mgmt_pending_find(MGMT_OP_SET_LINK_SECURITY, hdev)) {
2132 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
2139 if (test_bit(HCI_AUTH, &hdev->flags) == val) {
2140 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
2144 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LINK_SECURITY, hdev, data, len);
2150 err = hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(val), &val);
2152 mgmt_pending_remove(cmd);
2157 hci_dev_unlock(hdev);
2161 static int set_ssp(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
2163 struct mgmt_mode *cp = data;
2164 struct pending_cmd *cmd;
2168 BT_DBG("request for %s", hdev->name);
2170 status = mgmt_bredr_support(hdev);
2172 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP, status);
2174 if (!lmp_ssp_capable(hdev))
2175 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
2176 MGMT_STATUS_NOT_SUPPORTED);
2178 if (cp->val != 0x00 && cp->val != 0x01)
2179 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
2180 MGMT_STATUS_INVALID_PARAMS);
2184 if (!hdev_is_powered(hdev)) {
2188 changed = !test_and_set_bit(HCI_SSP_ENABLED,
2191 changed = test_and_clear_bit(HCI_SSP_ENABLED,
2194 changed = test_and_clear_bit(HCI_HS_ENABLED,
2197 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
2200 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
2205 err = new_settings(hdev, sk);
2210 if (mgmt_pending_find(MGMT_OP_SET_SSP, hdev) ||
2211 mgmt_pending_find(MGMT_OP_SET_HS, hdev)) {
2212 err = cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
2217 if (!!cp->val == test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
2218 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
2222 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SSP, hdev, data, len);
2228 if (!cp->val && test_bit(HCI_USE_DEBUG_KEYS, &hdev->dev_flags))
2229 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_DEBUG_MODE,
2230 sizeof(cp->val), &cp->val);
2232 err = hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, 1, &cp->val);
2234 mgmt_pending_remove(cmd);
2239 hci_dev_unlock(hdev);
2243 static int set_hs(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
2245 struct mgmt_mode *cp = data;
2250 BT_DBG("request for %s", hdev->name);
2252 status = mgmt_bredr_support(hdev);
2254 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS, status);
2256 if (!lmp_ssp_capable(hdev))
2257 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2258 MGMT_STATUS_NOT_SUPPORTED);
2260 if (!test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
2261 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2262 MGMT_STATUS_REJECTED);
2264 if (cp->val != 0x00 && cp->val != 0x01)
2265 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2266 MGMT_STATUS_INVALID_PARAMS);
2271 changed = !test_and_set_bit(HCI_HS_ENABLED, &hdev->dev_flags);
2273 if (hdev_is_powered(hdev)) {
2274 err = cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2275 MGMT_STATUS_REJECTED);
2279 changed = test_and_clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
2282 err = send_settings_rsp(sk, MGMT_OP_SET_HS, hdev);
2287 err = new_settings(hdev, sk);
2290 hci_dev_unlock(hdev);
2294 static void le_enable_complete(struct hci_dev *hdev, u8 status, u16 opcode)
2296 struct cmd_lookup match = { NULL, hdev };
2298 #ifdef CONFIG_TIZEN_WIP
2303 u8 mgmt_err = mgmt_status(status);
2305 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, cmd_status_rsp,
2307 #ifdef CONFIG_TIZEN_WIP
2314 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, settings_rsp, &match);
2316 new_settings(hdev, match.sk);
2321 /* Make sure the controller has a good default for
2322 * advertising data. Restrict the update to when LE
2323 * has actually been enabled. During power on, the
2324 * update in powered_update_hci will take care of it.
2326 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
2327 struct hci_request req;
2329 #ifndef CONFIG_TIZEN_WIP
2333 hci_req_init(&req, hdev);
2334 update_adv_data(&req);
2335 update_scan_rsp_data(&req);
2336 __hci_update_background_scan(&req);
2337 hci_req_run(&req, NULL);
2339 hci_update_background_scan(hdev);
2340 #ifdef CONFIG_TIZEN_WIP
2342 hci_dev_unlock(hdev);
2346 static int set_le(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
2348 struct mgmt_mode *cp = data;
2349 struct hci_cp_write_le_host_supported hci_cp;
2350 struct pending_cmd *cmd;
2351 struct hci_request req;
2355 BT_DBG("request for %s", hdev->name);
2357 if (!lmp_le_capable(hdev))
2358 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2359 MGMT_STATUS_NOT_SUPPORTED);
2361 if (cp->val != 0x00 && cp->val != 0x01)
2362 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2363 MGMT_STATUS_INVALID_PARAMS);
2365 /* LE-only devices do not allow toggling LE on/off */
2366 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
2367 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2368 MGMT_STATUS_REJECTED);
2373 enabled = lmp_host_le_capable(hdev);
2375 if (!hdev_is_powered(hdev) || val == enabled) {
2376 bool changed = false;
2378 if (val != test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
2379 change_bit(HCI_LE_ENABLED, &hdev->dev_flags);
2383 if (!val && test_bit(HCI_ADVERTISING, &hdev->dev_flags)) {
2384 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
2388 err = send_settings_rsp(sk, MGMT_OP_SET_LE, hdev);
2393 err = new_settings(hdev, sk);
2398 if (mgmt_pending_find(MGMT_OP_SET_LE, hdev) ||
2399 mgmt_pending_find(MGMT_OP_SET_ADVERTISING, hdev)) {
2400 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2405 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LE, hdev, data, len);
2411 hci_req_init(&req, hdev);
2413 memset(&hci_cp, 0, sizeof(hci_cp));
2417 hci_cp.simul = 0x00;
2419 if (test_bit(HCI_LE_ADV, &hdev->dev_flags))
2420 disable_advertising(&req);
2423 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(hci_cp),
2426 err = hci_req_run(&req, le_enable_complete);
2428 mgmt_pending_remove(cmd);
2431 hci_dev_unlock(hdev);
2435 /* This is a helper function to test for pending mgmt commands that can
2436 * cause CoD or EIR HCI commands. We can only allow one such pending
2437 * mgmt command at a time since otherwise we cannot easily track what
2438 * the current values are, will be, and based on that calculate if a new
2439 * HCI command needs to be sent and if yes with what value.
2441 static bool pending_eir_or_class(struct hci_dev *hdev)
2443 struct pending_cmd *cmd;
2445 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
2446 switch (cmd->opcode) {
2447 case MGMT_OP_ADD_UUID:
2448 case MGMT_OP_REMOVE_UUID:
2449 case MGMT_OP_SET_DEV_CLASS:
2450 case MGMT_OP_SET_POWERED:
2458 static const u8 bluetooth_base_uuid[] = {
2459 0xfb, 0x34, 0x9b, 0x5f, 0x80, 0x00, 0x00, 0x80,
2460 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2463 static u8 get_uuid_size(const u8 *uuid)
2467 if (memcmp(uuid, bluetooth_base_uuid, 12))
2470 val = get_unaligned_le32(&uuid[12]);
2477 static void mgmt_class_complete(struct hci_dev *hdev, u16 mgmt_op, u8 status)
2479 struct pending_cmd *cmd;
2483 cmd = mgmt_pending_find(mgmt_op, hdev);
2487 cmd_complete(cmd->sk, cmd->index, cmd->opcode, mgmt_status(status),
2488 hdev->dev_class, 3);
2490 mgmt_pending_remove(cmd);
2493 hci_dev_unlock(hdev);
2496 static void add_uuid_complete(struct hci_dev *hdev, u8 status, u16 opcode)
2498 BT_DBG("status 0x%02x", status);
2500 mgmt_class_complete(hdev, MGMT_OP_ADD_UUID, status);
2503 static int add_uuid(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
2505 struct mgmt_cp_add_uuid *cp = data;
2506 struct pending_cmd *cmd;
2507 struct hci_request req;
2508 struct bt_uuid *uuid;
2511 BT_DBG("request for %s", hdev->name);
2515 if (pending_eir_or_class(hdev)) {
2516 err = cmd_status(sk, hdev->id, MGMT_OP_ADD_UUID,
2521 uuid = kmalloc(sizeof(*uuid), GFP_KERNEL);
2527 memcpy(uuid->uuid, cp->uuid, 16);
2528 uuid->svc_hint = cp->svc_hint;
2529 uuid->size = get_uuid_size(cp->uuid);
2531 list_add_tail(&uuid->list, &hdev->uuids);
2533 hci_req_init(&req, hdev);
2538 err = hci_req_run(&req, add_uuid_complete);
2540 if (err != -ENODATA)
2543 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_UUID, 0,
2544 hdev->dev_class, 3);
2548 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_UUID, hdev, data, len);
2557 hci_dev_unlock(hdev);
2561 static bool enable_service_cache(struct hci_dev *hdev)
2563 if (!hdev_is_powered(hdev))
2566 if (!test_and_set_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
2567 queue_delayed_work(hdev->workqueue, &hdev->service_cache,
2575 static void remove_uuid_complete(struct hci_dev *hdev, u8 status, u16 opcode)
2577 BT_DBG("status 0x%02x", status);
2579 mgmt_class_complete(hdev, MGMT_OP_REMOVE_UUID, status);
2582 static int remove_uuid(struct sock *sk, struct hci_dev *hdev, void *data,
2585 struct mgmt_cp_remove_uuid *cp = data;
2586 struct pending_cmd *cmd;
2587 struct bt_uuid *match, *tmp;
2588 u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
2589 struct hci_request req;
2592 BT_DBG("request for %s", hdev->name);
2596 if (pending_eir_or_class(hdev)) {
2597 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
2602 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) {
2603 hci_uuids_clear(hdev);
2605 if (enable_service_cache(hdev)) {
2606 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID,
2607 0, hdev->dev_class, 3);
2616 list_for_each_entry_safe(match, tmp, &hdev->uuids, list) {
2617 if (memcmp(match->uuid, cp->uuid, 16) != 0)
2620 list_del(&match->list);
2626 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
2627 MGMT_STATUS_INVALID_PARAMS);
2632 hci_req_init(&req, hdev);
2637 err = hci_req_run(&req, remove_uuid_complete);
2639 if (err != -ENODATA)
2642 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID, 0,
2643 hdev->dev_class, 3);
2647 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_UUID, hdev, data, len);
2656 hci_dev_unlock(hdev);
2660 static void set_class_complete(struct hci_dev *hdev, u8 status, u16 opcode)
2662 BT_DBG("status 0x%02x", status);
2664 mgmt_class_complete(hdev, MGMT_OP_SET_DEV_CLASS, status);
2667 static int set_dev_class(struct sock *sk, struct hci_dev *hdev, void *data,
2670 struct mgmt_cp_set_dev_class *cp = data;
2671 struct pending_cmd *cmd;
2672 struct hci_request req;
2675 BT_DBG("request for %s", hdev->name);
2677 if (!lmp_bredr_capable(hdev))
2678 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2679 MGMT_STATUS_NOT_SUPPORTED);
2683 if (pending_eir_or_class(hdev)) {
2684 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2689 if ((cp->minor & 0x03) != 0 || (cp->major & 0xe0) != 0) {
2690 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2691 MGMT_STATUS_INVALID_PARAMS);
2695 hdev->major_class = cp->major;
2696 hdev->minor_class = cp->minor;
2698 if (!hdev_is_powered(hdev)) {
2699 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
2700 hdev->dev_class, 3);
2704 hci_req_init(&req, hdev);
2706 if (test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
2707 hci_dev_unlock(hdev);
2708 cancel_delayed_work_sync(&hdev->service_cache);
2715 err = hci_req_run(&req, set_class_complete);
2717 if (err != -ENODATA)
2720 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
2721 hdev->dev_class, 3);
2725 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DEV_CLASS, hdev, data, len);
2734 hci_dev_unlock(hdev);
2738 static int load_link_keys(struct sock *sk, struct hci_dev *hdev, void *data,
2741 struct mgmt_cp_load_link_keys *cp = data;
2742 const u16 max_key_count = ((U16_MAX - sizeof(*cp)) /
2743 sizeof(struct mgmt_link_key_info));
2744 u16 key_count, expected_len;
2748 BT_DBG("request for %s", hdev->name);
2750 if (!lmp_bredr_capable(hdev))
2751 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2752 MGMT_STATUS_NOT_SUPPORTED);
2754 key_count = __le16_to_cpu(cp->key_count);
2755 if (key_count > max_key_count) {
2756 BT_ERR("load_link_keys: too big key_count value %u",
2758 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2759 MGMT_STATUS_INVALID_PARAMS);
2762 expected_len = sizeof(*cp) + key_count *
2763 sizeof(struct mgmt_link_key_info);
2764 if (expected_len != len) {
2765 BT_ERR("load_link_keys: expected %u bytes, got %u bytes",
2767 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2768 MGMT_STATUS_INVALID_PARAMS);
2771 if (cp->debug_keys != 0x00 && cp->debug_keys != 0x01)
2772 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2773 MGMT_STATUS_INVALID_PARAMS);
2775 BT_DBG("%s debug_keys %u key_count %u", hdev->name, cp->debug_keys,
2778 for (i = 0; i < key_count; i++) {
2779 struct mgmt_link_key_info *key = &cp->keys[i];
2781 if (key->addr.type != BDADDR_BREDR || key->type > 0x08)
2782 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2783 MGMT_STATUS_INVALID_PARAMS);
2788 hci_link_keys_clear(hdev);
2791 changed = !test_and_set_bit(HCI_KEEP_DEBUG_KEYS,
2794 changed = test_and_clear_bit(HCI_KEEP_DEBUG_KEYS,
2798 new_settings(hdev, NULL);
2800 for (i = 0; i < key_count; i++) {
2801 struct mgmt_link_key_info *key = &cp->keys[i];
2803 /* Always ignore debug keys and require a new pairing if
2804 * the user wants to use them.
2806 if (key->type == HCI_LK_DEBUG_COMBINATION)
2809 hci_add_link_key(hdev, NULL, &key->addr.bdaddr, key->val,
2810 key->type, key->pin_len, NULL);
2813 cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 0, NULL, 0);
2815 hci_dev_unlock(hdev);
2820 static int device_unpaired(struct hci_dev *hdev, bdaddr_t *bdaddr,
2821 u8 addr_type, struct sock *skip_sk)
2823 struct mgmt_ev_device_unpaired ev;
2825 bacpy(&ev.addr.bdaddr, bdaddr);
2826 ev.addr.type = addr_type;
2828 return mgmt_event(MGMT_EV_DEVICE_UNPAIRED, hdev, &ev, sizeof(ev),
2832 static int unpair_device(struct sock *sk, struct hci_dev *hdev, void *data,
2835 struct mgmt_cp_unpair_device *cp = data;
2836 struct mgmt_rp_unpair_device rp;
2837 struct hci_cp_disconnect dc;
2838 struct pending_cmd *cmd;
2839 struct hci_conn *conn;
2842 memset(&rp, 0, sizeof(rp));
2843 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2844 rp.addr.type = cp->addr.type;
2846 if (!bdaddr_type_is_valid(cp->addr.type))
2847 return cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2848 MGMT_STATUS_INVALID_PARAMS,
2851 if (cp->disconnect != 0x00 && cp->disconnect != 0x01)
2852 return cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2853 MGMT_STATUS_INVALID_PARAMS,
2858 if (!hdev_is_powered(hdev)) {
2859 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2860 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
2864 if (cp->addr.type == BDADDR_BREDR) {
2865 /* If disconnection is requested, then look up the
2866 * connection. If the remote device is connected, it
2867 * will be later used to terminate the link.
2869 * Setting it to NULL explicitly will cause no
2870 * termination of the link.
2873 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
2878 err = hci_remove_link_key(hdev, &cp->addr.bdaddr);
2882 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK,
2885 /* Defer clearing up the connection parameters
2886 * until closing to give a chance of keeping
2887 * them if a repairing happens.
2889 set_bit(HCI_CONN_PARAM_REMOVAL_PEND, &conn->flags);
2891 /* If disconnection is not requested, then
2892 * clear the connection variable so that the
2893 * link is not terminated.
2895 if (!cp->disconnect)
2899 if (cp->addr.type == BDADDR_LE_PUBLIC)
2900 addr_type = ADDR_LE_DEV_PUBLIC;
2902 addr_type = ADDR_LE_DEV_RANDOM;
2904 hci_remove_irk(hdev, &cp->addr.bdaddr, addr_type);
2906 err = hci_remove_ltk(hdev, &cp->addr.bdaddr, addr_type);
2910 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2911 MGMT_STATUS_NOT_PAIRED, &rp, sizeof(rp));
2915 /* If the connection variable is set, then termination of the
2916 * link is requested.
2919 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 0,
2921 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, sk);
2925 cmd = mgmt_pending_add(sk, MGMT_OP_UNPAIR_DEVICE, hdev, cp,
2932 cmd->cmd_complete = addr_cmd_complete;
2934 dc.handle = cpu_to_le16(conn->handle);
2935 dc.reason = 0x13; /* Remote User Terminated Connection */
2936 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
2938 mgmt_pending_remove(cmd);
2941 hci_dev_unlock(hdev);
2945 static int disconnect(struct sock *sk, struct hci_dev *hdev, void *data,
2948 struct mgmt_cp_disconnect *cp = data;
2949 struct mgmt_rp_disconnect rp;
2950 struct pending_cmd *cmd;
2951 struct hci_conn *conn;
2956 memset(&rp, 0, sizeof(rp));
2957 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2958 rp.addr.type = cp->addr.type;
2960 if (!bdaddr_type_is_valid(cp->addr.type))
2961 return cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2962 MGMT_STATUS_INVALID_PARAMS,
2967 if (!test_bit(HCI_UP, &hdev->flags)) {
2968 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2969 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
2973 if (mgmt_pending_find(MGMT_OP_DISCONNECT, hdev)) {
2974 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2975 MGMT_STATUS_BUSY, &rp, sizeof(rp));
2979 if (cp->addr.type == BDADDR_BREDR)
2980 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
2983 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
2985 if (!conn || conn->state == BT_OPEN || conn->state == BT_CLOSED) {
2986 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2987 MGMT_STATUS_NOT_CONNECTED, &rp, sizeof(rp));
2991 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, hdev, data, len);
2997 cmd->cmd_complete = generic_cmd_complete;
2999 err = hci_disconnect(conn, HCI_ERROR_REMOTE_USER_TERM);
3001 mgmt_pending_remove(cmd);
3004 hci_dev_unlock(hdev);
3008 static u8 link_to_bdaddr(u8 link_type, u8 addr_type)
3010 switch (link_type) {
3012 switch (addr_type) {
3013 case ADDR_LE_DEV_PUBLIC:
3014 return BDADDR_LE_PUBLIC;
3017 /* Fallback to LE Random address type */
3018 return BDADDR_LE_RANDOM;
3022 /* Fallback to BR/EDR type */
3023 return BDADDR_BREDR;
3027 static int get_connections(struct sock *sk, struct hci_dev *hdev, void *data,
3030 struct mgmt_rp_get_connections *rp;
3040 if (!hdev_is_powered(hdev)) {
3041 err = cmd_status(sk, hdev->id, MGMT_OP_GET_CONNECTIONS,
3042 MGMT_STATUS_NOT_POWERED);
3047 list_for_each_entry(c, &hdev->conn_hash.list, list) {
3048 if (test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
3052 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
3053 rp = kmalloc(rp_len, GFP_KERNEL);
3060 list_for_each_entry(c, &hdev->conn_hash.list, list) {
3061 if (!test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
3063 bacpy(&rp->addr[i].bdaddr, &c->dst);
3064 rp->addr[i].type = link_to_bdaddr(c->type, c->dst_type);
3065 if (c->type == SCO_LINK || c->type == ESCO_LINK)
3070 rp->conn_count = cpu_to_le16(i);
3072 /* Recalculate length in case of filtered SCO connections, etc */
3073 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
3075 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONNECTIONS, 0, rp,
3081 hci_dev_unlock(hdev);
3085 static int send_pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
3086 struct mgmt_cp_pin_code_neg_reply *cp)
3088 struct pending_cmd *cmd;
3091 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, hdev, cp,
3096 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
3097 sizeof(cp->addr.bdaddr), &cp->addr.bdaddr);
3099 mgmt_pending_remove(cmd);
3104 static int pin_code_reply(struct sock *sk, struct hci_dev *hdev, void *data,
3107 struct hci_conn *conn;
3108 struct mgmt_cp_pin_code_reply *cp = data;
3109 struct hci_cp_pin_code_reply reply;
3110 struct pending_cmd *cmd;
3117 if (!hdev_is_powered(hdev)) {
3118 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
3119 MGMT_STATUS_NOT_POWERED);
3123 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr);
3125 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
3126 MGMT_STATUS_NOT_CONNECTED);
3130 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) {
3131 struct mgmt_cp_pin_code_neg_reply ncp;
3133 memcpy(&ncp.addr, &cp->addr, sizeof(ncp.addr));
3135 BT_ERR("PIN code is not 16 bytes long");
3137 err = send_pin_code_neg_reply(sk, hdev, &ncp);
3139 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
3140 MGMT_STATUS_INVALID_PARAMS);
3145 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, hdev, data, len);
3151 cmd->cmd_complete = addr_cmd_complete;
3153 bacpy(&reply.bdaddr, &cp->addr.bdaddr);
3154 reply.pin_len = cp->pin_len;
3155 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code));
3157 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply);
3159 mgmt_pending_remove(cmd);
3162 hci_dev_unlock(hdev);
3166 static int set_io_capability(struct sock *sk, struct hci_dev *hdev, void *data,
3169 struct mgmt_cp_set_io_capability *cp = data;
3173 if (cp->io_capability > SMP_IO_KEYBOARD_DISPLAY)
3174 return cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY,
3175 MGMT_STATUS_INVALID_PARAMS, NULL, 0);
3179 hdev->io_capability = cp->io_capability;
3181 BT_DBG("%s IO capability set to 0x%02x", hdev->name,
3182 hdev->io_capability);
3184 hci_dev_unlock(hdev);
3186 return cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY, 0, NULL,
3190 static struct pending_cmd *find_pairing(struct hci_conn *conn)
3192 struct hci_dev *hdev = conn->hdev;
3193 struct pending_cmd *cmd;
3195 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
3196 if (cmd->opcode != MGMT_OP_PAIR_DEVICE)
3199 if (cmd->user_data != conn)
3208 static int pairing_complete(struct pending_cmd *cmd, u8 status)
3210 struct mgmt_rp_pair_device rp;
3211 struct hci_conn *conn = cmd->user_data;
3214 bacpy(&rp.addr.bdaddr, &conn->dst);
3215 rp.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
3217 err = cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE, status,
3220 /* So we don't get further callbacks for this connection */
3221 conn->connect_cfm_cb = NULL;
3222 conn->security_cfm_cb = NULL;
3223 conn->disconn_cfm_cb = NULL;
3225 hci_conn_drop(conn);
3227 /* The device is paired so there is no need to remove
3228 * its connection parameters anymore.
3230 clear_bit(HCI_CONN_PARAM_REMOVAL_PEND, &conn->flags);
3237 void mgmt_smp_complete(struct hci_conn *conn, bool complete)
3239 u8 status = complete ? MGMT_STATUS_SUCCESS : MGMT_STATUS_FAILED;
3240 struct pending_cmd *cmd;
3242 cmd = find_pairing(conn);
3244 cmd->cmd_complete(cmd, status);
3245 mgmt_pending_remove(cmd);
3249 static void pairing_complete_cb(struct hci_conn *conn, u8 status)
3251 struct pending_cmd *cmd;
3253 BT_DBG("status %u", status);
3255 cmd = find_pairing(conn);
3257 BT_DBG("Unable to find a pending command");
3261 cmd->cmd_complete(cmd, mgmt_status(status));
3262 mgmt_pending_remove(cmd);
3265 static void le_pairing_complete_cb(struct hci_conn *conn, u8 status)
3267 struct pending_cmd *cmd;
3269 BT_DBG("status %u", status);
3274 cmd = find_pairing(conn);
3276 BT_DBG("Unable to find a pending command");
3280 cmd->cmd_complete(cmd, mgmt_status(status));
3281 mgmt_pending_remove(cmd);
3284 static int pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
3287 struct mgmt_cp_pair_device *cp = data;
3288 struct mgmt_rp_pair_device rp;
3289 struct pending_cmd *cmd;
3290 u8 sec_level, auth_type;
3291 struct hci_conn *conn;
3296 memset(&rp, 0, sizeof(rp));
3297 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
3298 rp.addr.type = cp->addr.type;
3300 if (!bdaddr_type_is_valid(cp->addr.type))
3301 return cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3302 MGMT_STATUS_INVALID_PARAMS,
3305 if (cp->io_cap > SMP_IO_KEYBOARD_DISPLAY)
3306 return cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3307 MGMT_STATUS_INVALID_PARAMS,
3312 if (!hdev_is_powered(hdev)) {
3313 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3314 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
3318 sec_level = BT_SECURITY_MEDIUM;
3319 auth_type = HCI_AT_DEDICATED_BONDING;
3321 if (cp->addr.type == BDADDR_BREDR) {
3322 conn = hci_connect_acl(hdev, &cp->addr.bdaddr, sec_level,
3327 /* Convert from L2CAP channel address type to HCI address type
3329 if (cp->addr.type == BDADDR_LE_PUBLIC)
3330 addr_type = ADDR_LE_DEV_PUBLIC;
3332 addr_type = ADDR_LE_DEV_RANDOM;
3334 /* When pairing a new device, it is expected to remember
3335 * this device for future connections. Adding the connection
3336 * parameter information ahead of time allows tracking
3337 * of the slave preferred values and will speed up any
3338 * further connection establishment.
3340 * If connection parameters already exist, then they
3341 * will be kept and this function does nothing.
3343 hci_conn_params_add(hdev, &cp->addr.bdaddr, addr_type);
3345 conn = hci_connect_le(hdev, &cp->addr.bdaddr, addr_type,
3346 sec_level, HCI_LE_CONN_TIMEOUT,
3353 if (PTR_ERR(conn) == -EBUSY)
3354 status = MGMT_STATUS_BUSY;
3356 status = MGMT_STATUS_CONNECT_FAILED;
3358 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3364 if (conn->connect_cfm_cb) {
3365 hci_conn_drop(conn);
3366 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3367 MGMT_STATUS_BUSY, &rp, sizeof(rp));
3371 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len);
3374 hci_conn_drop(conn);
3378 cmd->cmd_complete = pairing_complete;
3380 /* For LE, just connecting isn't a proof that the pairing finished */
3381 if (cp->addr.type == BDADDR_BREDR) {
3382 conn->connect_cfm_cb = pairing_complete_cb;
3383 conn->security_cfm_cb = pairing_complete_cb;
3384 conn->disconn_cfm_cb = pairing_complete_cb;
3386 conn->connect_cfm_cb = le_pairing_complete_cb;
3387 conn->security_cfm_cb = le_pairing_complete_cb;
3388 conn->disconn_cfm_cb = le_pairing_complete_cb;
3391 conn->io_capability = cp->io_cap;
3392 cmd->user_data = hci_conn_get(conn);
3394 if ((conn->state == BT_CONNECTED || conn->state == BT_CONFIG) &&
3395 hci_conn_security(conn, sec_level, auth_type, true)) {
3396 cmd->cmd_complete(cmd, 0);
3397 mgmt_pending_remove(cmd);
3403 hci_dev_unlock(hdev);
3407 static int cancel_pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
3410 struct mgmt_addr_info *addr = data;
3411 struct pending_cmd *cmd;
3412 struct hci_conn *conn;
3419 if (!hdev_is_powered(hdev)) {
3420 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
3421 MGMT_STATUS_NOT_POWERED);
3425 cmd = mgmt_pending_find(MGMT_OP_PAIR_DEVICE, hdev);
3427 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
3428 MGMT_STATUS_INVALID_PARAMS);
3432 conn = cmd->user_data;
3434 if (bacmp(&addr->bdaddr, &conn->dst) != 0) {
3435 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
3436 MGMT_STATUS_INVALID_PARAMS);
3440 cmd->cmd_complete(cmd, MGMT_STATUS_CANCELLED);
3441 mgmt_pending_remove(cmd);
3443 err = cmd_complete(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE, 0,
3444 addr, sizeof(*addr));
3446 hci_dev_unlock(hdev);
3450 static int user_pairing_resp(struct sock *sk, struct hci_dev *hdev,
3451 struct mgmt_addr_info *addr, u16 mgmt_op,
3452 u16 hci_op, __le32 passkey)
3454 struct pending_cmd *cmd;
3455 struct hci_conn *conn;
3460 if (!hdev_is_powered(hdev)) {
3461 err = cmd_complete(sk, hdev->id, mgmt_op,
3462 MGMT_STATUS_NOT_POWERED, addr,
3467 if (addr->type == BDADDR_BREDR)
3468 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &addr->bdaddr);
3470 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &addr->bdaddr);
3473 err = cmd_complete(sk, hdev->id, mgmt_op,
3474 MGMT_STATUS_NOT_CONNECTED, addr,
3479 if (addr->type == BDADDR_LE_PUBLIC || addr->type == BDADDR_LE_RANDOM) {
3480 err = smp_user_confirm_reply(conn, mgmt_op, passkey);
3482 err = cmd_complete(sk, hdev->id, mgmt_op,
3483 MGMT_STATUS_SUCCESS, addr,
3486 err = cmd_complete(sk, hdev->id, mgmt_op,
3487 MGMT_STATUS_FAILED, addr,
3493 cmd = mgmt_pending_add(sk, mgmt_op, hdev, addr, sizeof(*addr));
3499 cmd->cmd_complete = addr_cmd_complete;
3501 /* Continue with pairing via HCI */
3502 if (hci_op == HCI_OP_USER_PASSKEY_REPLY) {
3503 struct hci_cp_user_passkey_reply cp;
3505 bacpy(&cp.bdaddr, &addr->bdaddr);
3506 cp.passkey = passkey;
3507 err = hci_send_cmd(hdev, hci_op, sizeof(cp), &cp);
3509 err = hci_send_cmd(hdev, hci_op, sizeof(addr->bdaddr),
3513 mgmt_pending_remove(cmd);
3516 hci_dev_unlock(hdev);
3520 static int pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
3521 void *data, u16 len)
3523 struct mgmt_cp_pin_code_neg_reply *cp = data;
3527 return user_pairing_resp(sk, hdev, &cp->addr,
3528 MGMT_OP_PIN_CODE_NEG_REPLY,
3529 HCI_OP_PIN_CODE_NEG_REPLY, 0);
3532 static int user_confirm_reply(struct sock *sk, struct hci_dev *hdev, void *data,
3535 struct mgmt_cp_user_confirm_reply *cp = data;
3539 if (len != sizeof(*cp))
3540 return cmd_status(sk, hdev->id, MGMT_OP_USER_CONFIRM_REPLY,
3541 MGMT_STATUS_INVALID_PARAMS);
3543 return user_pairing_resp(sk, hdev, &cp->addr,
3544 MGMT_OP_USER_CONFIRM_REPLY,
3545 HCI_OP_USER_CONFIRM_REPLY, 0);
3548 static int user_confirm_neg_reply(struct sock *sk, struct hci_dev *hdev,
3549 void *data, u16 len)
3551 struct mgmt_cp_user_confirm_neg_reply *cp = data;
3555 return user_pairing_resp(sk, hdev, &cp->addr,
3556 MGMT_OP_USER_CONFIRM_NEG_REPLY,
3557 HCI_OP_USER_CONFIRM_NEG_REPLY, 0);
3560 static int user_passkey_reply(struct sock *sk, struct hci_dev *hdev, void *data,
3563 struct mgmt_cp_user_passkey_reply *cp = data;
3567 return user_pairing_resp(sk, hdev, &cp->addr,
3568 MGMT_OP_USER_PASSKEY_REPLY,
3569 HCI_OP_USER_PASSKEY_REPLY, cp->passkey);
3572 static int user_passkey_neg_reply(struct sock *sk, struct hci_dev *hdev,
3573 void *data, u16 len)
3575 struct mgmt_cp_user_passkey_neg_reply *cp = data;
3579 return user_pairing_resp(sk, hdev, &cp->addr,
3580 MGMT_OP_USER_PASSKEY_NEG_REPLY,
3581 HCI_OP_USER_PASSKEY_NEG_REPLY, 0);
3584 static void update_name(struct hci_request *req)
3586 struct hci_dev *hdev = req->hdev;
3587 struct hci_cp_write_local_name cp;
3589 memcpy(cp.name, hdev->dev_name, sizeof(cp.name));
3591 hci_req_add(req, HCI_OP_WRITE_LOCAL_NAME, sizeof(cp), &cp);
3594 static void set_name_complete(struct hci_dev *hdev, u8 status, u16 opcode)
3596 struct mgmt_cp_set_local_name *cp;
3597 struct pending_cmd *cmd;
3599 BT_DBG("status 0x%02x", status);
3603 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
3610 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME,
3611 mgmt_status(status));
3613 cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3616 mgmt_pending_remove(cmd);
3619 hci_dev_unlock(hdev);
3622 static int set_local_name(struct sock *sk, struct hci_dev *hdev, void *data,
3625 struct mgmt_cp_set_local_name *cp = data;
3626 struct pending_cmd *cmd;
3627 struct hci_request req;
3634 /* If the old values are the same as the new ones just return a
3635 * direct command complete event.
3637 if (!memcmp(hdev->dev_name, cp->name, sizeof(hdev->dev_name)) &&
3638 !memcmp(hdev->short_name, cp->short_name,
3639 sizeof(hdev->short_name))) {
3640 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3645 memcpy(hdev->short_name, cp->short_name, sizeof(hdev->short_name));
3647 if (!hdev_is_powered(hdev)) {
3648 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
3650 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3655 err = mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, data, len,
3661 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, hdev, data, len);
3667 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
3669 hci_req_init(&req, hdev);
3671 if (lmp_bredr_capable(hdev)) {
3676 /* The name is stored in the scan response data and so
3677 * no need to udpate the advertising data here.
3679 if (lmp_le_capable(hdev))
3680 update_scan_rsp_data(&req);
3682 err = hci_req_run(&req, set_name_complete);
3684 mgmt_pending_remove(cmd);
3687 hci_dev_unlock(hdev);
3691 static int read_local_oob_data(struct sock *sk, struct hci_dev *hdev,
3692 void *data, u16 data_len)
3694 struct pending_cmd *cmd;
3697 BT_DBG("%s", hdev->name);
3701 if (!hdev_is_powered(hdev)) {
3702 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3703 MGMT_STATUS_NOT_POWERED);
3707 if (!lmp_ssp_capable(hdev)) {
3708 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3709 MGMT_STATUS_NOT_SUPPORTED);
3713 if (mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev)) {
3714 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3719 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_DATA, hdev, NULL, 0);
3725 if (bredr_sc_enabled(hdev))
3726 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_EXT_DATA,
3729 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
3732 mgmt_pending_remove(cmd);
3735 hci_dev_unlock(hdev);
3739 static int add_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
3740 void *data, u16 len)
3742 struct mgmt_addr_info *addr = data;
3745 BT_DBG("%s ", hdev->name);
3747 if (!bdaddr_type_is_valid(addr->type))
3748 return cmd_complete(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA,
3749 MGMT_STATUS_INVALID_PARAMS, addr,
3754 if (len == MGMT_ADD_REMOTE_OOB_DATA_SIZE) {
3755 struct mgmt_cp_add_remote_oob_data *cp = data;
3758 if (cp->addr.type != BDADDR_BREDR) {
3759 err = cmd_complete(sk, hdev->id,
3760 MGMT_OP_ADD_REMOTE_OOB_DATA,
3761 MGMT_STATUS_INVALID_PARAMS,
3762 &cp->addr, sizeof(cp->addr));
3766 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr,
3767 cp->addr.type, cp->hash,
3768 cp->rand, NULL, NULL);
3770 status = MGMT_STATUS_FAILED;
3772 status = MGMT_STATUS_SUCCESS;
3774 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA,
3775 status, &cp->addr, sizeof(cp->addr));
3776 } else if (len == MGMT_ADD_REMOTE_OOB_EXT_DATA_SIZE) {
3777 struct mgmt_cp_add_remote_oob_ext_data *cp = data;
3778 u8 *rand192, *hash192;
3781 if (bdaddr_type_is_le(cp->addr.type)) {
3782 /* Enforce zero-valued 192-bit parameters as
3783 * long as legacy SMP OOB isn't implemented.
3785 if (memcmp(cp->rand192, ZERO_KEY, 16) ||
3786 memcmp(cp->hash192, ZERO_KEY, 16)) {
3787 err = cmd_complete(sk, hdev->id,
3788 MGMT_OP_ADD_REMOTE_OOB_DATA,
3789 MGMT_STATUS_INVALID_PARAMS,
3790 addr, sizeof(*addr));
3797 rand192 = cp->rand192;
3798 hash192 = cp->hash192;
3801 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr,
3802 cp->addr.type, hash192, rand192,
3803 cp->hash256, cp->rand256);
3805 status = MGMT_STATUS_FAILED;
3807 status = MGMT_STATUS_SUCCESS;
3809 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA,
3810 status, &cp->addr, sizeof(cp->addr));
3812 BT_ERR("add_remote_oob_data: invalid length of %u bytes", len);
3813 err = cmd_status(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA,
3814 MGMT_STATUS_INVALID_PARAMS);
3818 hci_dev_unlock(hdev);
3822 static int remove_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
3823 void *data, u16 len)
3825 struct mgmt_cp_remove_remote_oob_data *cp = data;
3829 BT_DBG("%s", hdev->name);
3831 if (cp->addr.type != BDADDR_BREDR)
3832 return cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
3833 MGMT_STATUS_INVALID_PARAMS,
3834 &cp->addr, sizeof(cp->addr));
3838 if (!bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
3839 hci_remote_oob_data_clear(hdev);
3840 status = MGMT_STATUS_SUCCESS;
3844 err = hci_remove_remote_oob_data(hdev, &cp->addr.bdaddr, cp->addr.type);
3846 status = MGMT_STATUS_INVALID_PARAMS;
3848 status = MGMT_STATUS_SUCCESS;
3851 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
3852 status, &cp->addr, sizeof(cp->addr));
3854 hci_dev_unlock(hdev);
3858 static bool trigger_discovery(struct hci_request *req, u8 *status)
3860 struct hci_dev *hdev = req->hdev;
3861 struct hci_cp_le_set_scan_param param_cp;
3862 struct hci_cp_le_set_scan_enable enable_cp;
3863 struct hci_cp_inquiry inq_cp;
3864 /* General inquiry access code (GIAC) */
3865 u8 lap[3] = { 0x33, 0x8b, 0x9e };
3869 switch (hdev->discovery.type) {
3870 case DISCOV_TYPE_BREDR:
3871 *status = mgmt_bredr_support(hdev);
3875 if (test_bit(HCI_INQUIRY, &hdev->flags)) {
3876 *status = MGMT_STATUS_BUSY;
3880 hci_inquiry_cache_flush(hdev);
3882 memset(&inq_cp, 0, sizeof(inq_cp));
3883 memcpy(&inq_cp.lap, lap, sizeof(inq_cp.lap));
3884 inq_cp.length = DISCOV_BREDR_INQUIRY_LEN;
3885 hci_req_add(req, HCI_OP_INQUIRY, sizeof(inq_cp), &inq_cp);
3888 case DISCOV_TYPE_LE:
3889 case DISCOV_TYPE_INTERLEAVED:
3890 *status = mgmt_le_support(hdev);
3894 if (hdev->discovery.type == DISCOV_TYPE_INTERLEAVED &&
3895 !test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
3896 *status = MGMT_STATUS_NOT_SUPPORTED;
3900 if (test_bit(HCI_LE_ADV, &hdev->dev_flags)) {
3901 /* Don't let discovery abort an outgoing
3902 * connection attempt that's using directed
3905 if (hci_conn_hash_lookup_state(hdev, LE_LINK,
3907 *status = MGMT_STATUS_REJECTED;
3911 disable_advertising(req);
3914 /* If controller is scanning, it means the background scanning
3915 * is running. Thus, we should temporarily stop it in order to
3916 * set the discovery scanning parameters.
3918 if (test_bit(HCI_LE_SCAN, &hdev->dev_flags))
3919 hci_req_add_le_scan_disable(req);
3921 memset(¶m_cp, 0, sizeof(param_cp));
3923 /* All active scans will be done with either a resolvable
3924 * private address (when privacy feature has been enabled)
3925 * or non-resolvable private address.
3927 err = hci_update_random_address(req, true, &own_addr_type);
3929 *status = MGMT_STATUS_FAILED;
3933 param_cp.type = LE_SCAN_ACTIVE;
3934 param_cp.interval = cpu_to_le16(DISCOV_LE_SCAN_INT);
3935 param_cp.window = cpu_to_le16(DISCOV_LE_SCAN_WIN);
3936 param_cp.own_address_type = own_addr_type;
3937 hci_req_add(req, HCI_OP_LE_SET_SCAN_PARAM, sizeof(param_cp),
3940 memset(&enable_cp, 0, sizeof(enable_cp));
3941 enable_cp.enable = LE_SCAN_ENABLE;
3942 enable_cp.filter_dup = LE_SCAN_FILTER_DUP_ENABLE;
3943 hci_req_add(req, HCI_OP_LE_SET_SCAN_ENABLE, sizeof(enable_cp),
3948 *status = MGMT_STATUS_INVALID_PARAMS;
3955 static void start_discovery_complete(struct hci_dev *hdev, u8 status,
3958 struct pending_cmd *cmd;
3959 unsigned long timeout;
3961 BT_DBG("status %d", status);
3965 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
3967 cmd = mgmt_pending_find(MGMT_OP_START_SERVICE_DISCOVERY, hdev);
3970 cmd->cmd_complete(cmd, mgmt_status(status));
3971 mgmt_pending_remove(cmd);
3975 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3979 hci_discovery_set_state(hdev, DISCOVERY_FINDING);
3981 switch (hdev->discovery.type) {
3982 case DISCOV_TYPE_LE:
3983 timeout = msecs_to_jiffies(DISCOV_LE_TIMEOUT);
3985 case DISCOV_TYPE_INTERLEAVED:
3986 timeout = msecs_to_jiffies(hdev->discov_interleaved_timeout);
3988 case DISCOV_TYPE_BREDR:
3992 BT_ERR("Invalid discovery type %d", hdev->discovery.type);
3998 queue_delayed_work(hdev->workqueue,
3999 &hdev->le_scan_disable, timeout);
4002 hci_dev_unlock(hdev);
4005 static int start_discovery(struct sock *sk, struct hci_dev *hdev,
4006 void *data, u16 len)
4008 struct mgmt_cp_start_discovery *cp = data;
4009 struct pending_cmd *cmd;
4010 struct hci_request req;
4014 BT_DBG("%s", hdev->name);
4018 if (!hdev_is_powered(hdev)) {
4019 err = cmd_complete(sk, hdev->id, MGMT_OP_START_DISCOVERY,
4020 MGMT_STATUS_NOT_POWERED,
4021 &cp->type, sizeof(cp->type));
4025 if (hdev->discovery.state != DISCOVERY_STOPPED ||
4026 test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags)) {
4027 err = cmd_complete(sk, hdev->id, MGMT_OP_START_DISCOVERY,
4028 MGMT_STATUS_BUSY, &cp->type,
4033 cmd = mgmt_pending_add(sk, MGMT_OP_START_DISCOVERY, hdev, data, len);
4039 cmd->cmd_complete = generic_cmd_complete;
4041 /* Clear the discovery filter first to free any previously
4042 * allocated memory for the UUID list.
4044 hci_discovery_filter_clear(hdev);
4046 hdev->discovery.type = cp->type;
4047 hdev->discovery.report_invalid_rssi = false;
4049 hci_req_init(&req, hdev);
4051 if (!trigger_discovery(&req, &status)) {
4052 err = cmd_complete(sk, hdev->id, MGMT_OP_START_DISCOVERY,
4053 status, &cp->type, sizeof(cp->type));
4054 mgmt_pending_remove(cmd);
4058 err = hci_req_run(&req, start_discovery_complete);
4060 mgmt_pending_remove(cmd);
4064 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
4067 hci_dev_unlock(hdev);
4071 static int service_discovery_cmd_complete(struct pending_cmd *cmd, u8 status)
4073 return cmd_complete(cmd->sk, cmd->index, cmd->opcode, status,
4077 static int start_service_discovery(struct sock *sk, struct hci_dev *hdev,
4078 void *data, u16 len)
4080 struct mgmt_cp_start_service_discovery *cp = data;
4081 struct pending_cmd *cmd;
4082 struct hci_request req;
4083 const u16 max_uuid_count = ((U16_MAX - sizeof(*cp)) / 16);
4084 u16 uuid_count, expected_len;
4088 BT_DBG("%s", hdev->name);
4092 if (!hdev_is_powered(hdev)) {
4093 err = cmd_complete(sk, hdev->id,
4094 MGMT_OP_START_SERVICE_DISCOVERY,
4095 MGMT_STATUS_NOT_POWERED,
4096 &cp->type, sizeof(cp->type));
4100 if (hdev->discovery.state != DISCOVERY_STOPPED ||
4101 test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags)) {
4102 err = cmd_complete(sk, hdev->id,
4103 MGMT_OP_START_SERVICE_DISCOVERY,
4104 MGMT_STATUS_BUSY, &cp->type,
4109 uuid_count = __le16_to_cpu(cp->uuid_count);
4110 if (uuid_count > max_uuid_count) {
4111 BT_ERR("service_discovery: too big uuid_count value %u",
4113 err = cmd_complete(sk, hdev->id,
4114 MGMT_OP_START_SERVICE_DISCOVERY,
4115 MGMT_STATUS_INVALID_PARAMS, &cp->type,
4120 expected_len = sizeof(*cp) + uuid_count * 16;
4121 if (expected_len != len) {
4122 BT_ERR("service_discovery: expected %u bytes, got %u bytes",
4124 err = cmd_complete(sk, hdev->id,
4125 MGMT_OP_START_SERVICE_DISCOVERY,
4126 MGMT_STATUS_INVALID_PARAMS, &cp->type,
4131 cmd = mgmt_pending_add(sk, MGMT_OP_START_SERVICE_DISCOVERY,
4138 cmd->cmd_complete = service_discovery_cmd_complete;
4140 /* Clear the discovery filter first to free any previously
4141 * allocated memory for the UUID list.
4143 hci_discovery_filter_clear(hdev);
4145 hdev->discovery.type = cp->type;
4146 hdev->discovery.rssi = cp->rssi;
4147 hdev->discovery.uuid_count = uuid_count;
4149 if (uuid_count > 0) {
4150 hdev->discovery.uuids = kmemdup(cp->uuids, uuid_count * 16,
4152 if (!hdev->discovery.uuids) {
4153 err = cmd_complete(sk, hdev->id,
4154 MGMT_OP_START_SERVICE_DISCOVERY,
4156 &cp->type, sizeof(cp->type));
4157 mgmt_pending_remove(cmd);
4162 hci_req_init(&req, hdev);
4164 if (!trigger_discovery(&req, &status)) {
4165 err = cmd_complete(sk, hdev->id,
4166 MGMT_OP_START_SERVICE_DISCOVERY,
4167 status, &cp->type, sizeof(cp->type));
4168 mgmt_pending_remove(cmd);
4172 err = hci_req_run(&req, start_discovery_complete);
4174 mgmt_pending_remove(cmd);
4178 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
4181 hci_dev_unlock(hdev);
4185 static void stop_discovery_complete(struct hci_dev *hdev, u8 status, u16 opcode)
4187 struct pending_cmd *cmd;
4189 BT_DBG("status %d", status);
4193 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
4195 cmd->cmd_complete(cmd, mgmt_status(status));
4196 mgmt_pending_remove(cmd);
4200 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
4202 hci_dev_unlock(hdev);
4205 static int stop_discovery(struct sock *sk, struct hci_dev *hdev, void *data,
4208 struct mgmt_cp_stop_discovery *mgmt_cp = data;
4209 struct pending_cmd *cmd;
4210 struct hci_request req;
4213 BT_DBG("%s", hdev->name);
4217 if (!hci_discovery_active(hdev)) {
4218 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
4219 MGMT_STATUS_REJECTED, &mgmt_cp->type,
4220 sizeof(mgmt_cp->type));
4224 if (hdev->discovery.type != mgmt_cp->type) {
4225 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
4226 MGMT_STATUS_INVALID_PARAMS, &mgmt_cp->type,
4227 sizeof(mgmt_cp->type));
4231 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, hdev, data, len);
4237 cmd->cmd_complete = generic_cmd_complete;
4239 hci_req_init(&req, hdev);
4241 hci_stop_discovery(&req);
4243 err = hci_req_run(&req, stop_discovery_complete);
4245 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
4249 mgmt_pending_remove(cmd);
4251 /* If no HCI commands were sent we're done */
4252 if (err == -ENODATA) {
4253 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY, 0,
4254 &mgmt_cp->type, sizeof(mgmt_cp->type));
4255 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
4259 hci_dev_unlock(hdev);
4263 static int confirm_name(struct sock *sk, struct hci_dev *hdev, void *data,
4266 struct mgmt_cp_confirm_name *cp = data;
4267 struct inquiry_entry *e;
4270 BT_DBG("%s", hdev->name);
4274 if (!hci_discovery_active(hdev)) {
4275 err = cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
4276 MGMT_STATUS_FAILED, &cp->addr,
4281 e = hci_inquiry_cache_lookup_unknown(hdev, &cp->addr.bdaddr);
4283 err = cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
4284 MGMT_STATUS_INVALID_PARAMS, &cp->addr,
4289 if (cp->name_known) {
4290 e->name_state = NAME_KNOWN;
4293 e->name_state = NAME_NEEDED;
4294 hci_inquiry_cache_update_resolve(hdev, e);
4297 err = cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME, 0, &cp->addr,
4301 hci_dev_unlock(hdev);
4305 static int block_device(struct sock *sk, struct hci_dev *hdev, void *data,
4308 struct mgmt_cp_block_device *cp = data;
4312 BT_DBG("%s", hdev->name);
4314 if (!bdaddr_type_is_valid(cp->addr.type))
4315 return cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE,
4316 MGMT_STATUS_INVALID_PARAMS,
4317 &cp->addr, sizeof(cp->addr));
4321 err = hci_bdaddr_list_add(&hdev->blacklist, &cp->addr.bdaddr,
4324 status = MGMT_STATUS_FAILED;
4328 mgmt_event(MGMT_EV_DEVICE_BLOCKED, hdev, &cp->addr, sizeof(cp->addr),
4330 status = MGMT_STATUS_SUCCESS;
4333 err = cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE, status,
4334 &cp->addr, sizeof(cp->addr));
4336 hci_dev_unlock(hdev);
4341 static int unblock_device(struct sock *sk, struct hci_dev *hdev, void *data,
4344 struct mgmt_cp_unblock_device *cp = data;
4348 BT_DBG("%s", hdev->name);
4350 if (!bdaddr_type_is_valid(cp->addr.type))
4351 return cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE,
4352 MGMT_STATUS_INVALID_PARAMS,
4353 &cp->addr, sizeof(cp->addr));
4357 err = hci_bdaddr_list_del(&hdev->blacklist, &cp->addr.bdaddr,
4360 status = MGMT_STATUS_INVALID_PARAMS;
4364 mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, hdev, &cp->addr, sizeof(cp->addr),
4366 status = MGMT_STATUS_SUCCESS;
4369 err = cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE, status,
4370 &cp->addr, sizeof(cp->addr));
4372 hci_dev_unlock(hdev);
4377 static int set_device_id(struct sock *sk, struct hci_dev *hdev, void *data,
4380 struct mgmt_cp_set_device_id *cp = data;
4381 struct hci_request req;
4385 BT_DBG("%s", hdev->name);
4387 source = __le16_to_cpu(cp->source);
4389 if (source > 0x0002)
4390 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEVICE_ID,
4391 MGMT_STATUS_INVALID_PARAMS);
4395 hdev->devid_source = source;
4396 hdev->devid_vendor = __le16_to_cpu(cp->vendor);
4397 hdev->devid_product = __le16_to_cpu(cp->product);
4398 hdev->devid_version = __le16_to_cpu(cp->version);
4400 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEVICE_ID, 0, NULL, 0);
4402 hci_req_init(&req, hdev);
4404 hci_req_run(&req, NULL);
4406 hci_dev_unlock(hdev);
4411 static void set_advertising_complete(struct hci_dev *hdev, u8 status,
4414 struct cmd_lookup match = { NULL, hdev };
4419 u8 mgmt_err = mgmt_status(status);
4421 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev,
4422 cmd_status_rsp, &mgmt_err);
4426 if (test_bit(HCI_LE_ADV, &hdev->dev_flags))
4427 set_bit(HCI_ADVERTISING, &hdev->dev_flags);
4429 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
4431 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev, settings_rsp,
4434 new_settings(hdev, match.sk);
4440 hci_dev_unlock(hdev);
4443 static int set_advertising(struct sock *sk, struct hci_dev *hdev, void *data,
4446 struct mgmt_mode *cp = data;
4447 struct pending_cmd *cmd;
4448 struct hci_request req;
4449 u8 val, enabled, status;
4452 BT_DBG("request for %s", hdev->name);
4454 status = mgmt_le_support(hdev);
4456 return cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
4459 if (cp->val != 0x00 && cp->val != 0x01)
4460 return cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
4461 MGMT_STATUS_INVALID_PARAMS);
4466 enabled = test_bit(HCI_ADVERTISING, &hdev->dev_flags);
4468 /* The following conditions are ones which mean that we should
4469 * not do any HCI communication but directly send a mgmt
4470 * response to user space (after toggling the flag if
4473 if (!hdev_is_powered(hdev) || val == enabled ||
4474 hci_conn_num(hdev, LE_LINK) > 0 ||
4475 (test_bit(HCI_LE_SCAN, &hdev->dev_flags) &&
4476 hdev->le_scan_type == LE_SCAN_ACTIVE)) {
4477 bool changed = false;
4479 if (val != test_bit(HCI_ADVERTISING, &hdev->dev_flags)) {
4480 change_bit(HCI_ADVERTISING, &hdev->dev_flags);
4484 err = send_settings_rsp(sk, MGMT_OP_SET_ADVERTISING, hdev);
4489 err = new_settings(hdev, sk);
4494 if (mgmt_pending_find(MGMT_OP_SET_ADVERTISING, hdev) ||
4495 mgmt_pending_find(MGMT_OP_SET_LE, hdev)) {
4496 err = cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
4501 cmd = mgmt_pending_add(sk, MGMT_OP_SET_ADVERTISING, hdev, data, len);
4507 hci_req_init(&req, hdev);
4510 enable_advertising(&req);
4512 disable_advertising(&req);
4514 err = hci_req_run(&req, set_advertising_complete);
4516 mgmt_pending_remove(cmd);
4519 hci_dev_unlock(hdev);
4523 static int set_static_address(struct sock *sk, struct hci_dev *hdev,
4524 void *data, u16 len)
4526 struct mgmt_cp_set_static_address *cp = data;
4529 BT_DBG("%s", hdev->name);
4531 if (!lmp_le_capable(hdev))
4532 return cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
4533 MGMT_STATUS_NOT_SUPPORTED);
4535 if (hdev_is_powered(hdev))
4536 return cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
4537 MGMT_STATUS_REJECTED);
4539 if (bacmp(&cp->bdaddr, BDADDR_ANY)) {
4540 if (!bacmp(&cp->bdaddr, BDADDR_NONE))
4541 return cmd_status(sk, hdev->id,
4542 MGMT_OP_SET_STATIC_ADDRESS,
4543 MGMT_STATUS_INVALID_PARAMS);
4545 /* Two most significant bits shall be set */
4546 if ((cp->bdaddr.b[5] & 0xc0) != 0xc0)
4547 return cmd_status(sk, hdev->id,
4548 MGMT_OP_SET_STATIC_ADDRESS,
4549 MGMT_STATUS_INVALID_PARAMS);
4554 bacpy(&hdev->static_addr, &cp->bdaddr);
4556 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS, 0, NULL, 0);
4558 hci_dev_unlock(hdev);
4563 static int set_scan_params(struct sock *sk, struct hci_dev *hdev,
4564 void *data, u16 len)
4566 struct mgmt_cp_set_scan_params *cp = data;
4567 __u16 interval, window;
4570 BT_DBG("%s", hdev->name);
4572 if (!lmp_le_capable(hdev))
4573 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4574 MGMT_STATUS_NOT_SUPPORTED);
4576 interval = __le16_to_cpu(cp->interval);
4578 if (interval < 0x0004 || interval > 0x4000)
4579 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4580 MGMT_STATUS_INVALID_PARAMS);
4582 window = __le16_to_cpu(cp->window);
4584 if (window < 0x0004 || window > 0x4000)
4585 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4586 MGMT_STATUS_INVALID_PARAMS);
4588 if (window > interval)
4589 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4590 MGMT_STATUS_INVALID_PARAMS);
4594 hdev->le_scan_interval = interval;
4595 hdev->le_scan_window = window;
4597 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS, 0, NULL, 0);
4599 /* If background scan is running, restart it so new parameters are
4602 if (test_bit(HCI_LE_SCAN, &hdev->dev_flags) &&
4603 hdev->discovery.state == DISCOVERY_STOPPED) {
4604 struct hci_request req;
4606 hci_req_init(&req, hdev);
4608 hci_req_add_le_scan_disable(&req);
4609 hci_req_add_le_passive_scan(&req);
4611 hci_req_run(&req, NULL);
4614 hci_dev_unlock(hdev);
4619 #ifdef CONFIG_TIZEN_WIP
4620 static int le_set_scan_params(struct sock *sk, struct hci_dev *hdev,
4621 void *data, u16 len)
4623 struct mgmt_cp_le_set_scan_params *cp = data;
4624 __u16 interval, window;
4627 BT_DBG("%s", hdev->name);
4629 if (!lmp_le_capable(hdev))
4630 return cmd_status(sk, hdev->id, MGMT_OP_LE_SET_SCAN_PARAMS,
4631 MGMT_STATUS_NOT_SUPPORTED);
4633 interval = __le16_to_cpu(cp->interval);
4635 if (interval < 0x0004 || interval > 0x4000)
4636 return cmd_status(sk, hdev->id, MGMT_OP_LE_SET_SCAN_PARAMS,
4637 MGMT_STATUS_INVALID_PARAMS);
4639 window = __le16_to_cpu(cp->window);
4641 if (window < 0x0004 || window > 0x4000)
4642 return cmd_status(sk, hdev->id, MGMT_OP_LE_SET_SCAN_PARAMS,
4643 MGMT_STATUS_INVALID_PARAMS);
4645 if (window > interval)
4646 return cmd_status(sk, hdev->id, MGMT_OP_LE_SET_SCAN_PARAMS,
4647 MGMT_STATUS_INVALID_PARAMS);
4651 hdev->le_scan_type = cp->type;
4652 hdev->le_scan_interval = interval;
4653 hdev->le_scan_window = window;
4655 err = cmd_complete(sk, hdev->id, MGMT_OP_LE_SET_SCAN_PARAMS, 0, NULL, 0);
4657 /* If background scan is running, restart it so new parameters are
4660 if (test_bit(HCI_LE_SCAN, &hdev->dev_flags) &&
4661 hdev->discovery.state == DISCOVERY_STOPPED) {
4662 struct hci_request req;
4664 hci_req_init(&req, hdev);
4666 hci_req_add_le_scan_disable(&req);
4667 hci_req_add_le_passive_scan(&req);
4669 hci_req_run(&req, NULL);
4672 hci_dev_unlock(hdev);
4678 #ifdef CONFIG_TIZEN_WIP /* Adv White List feature */
4679 static void add_white_list_complete(struct hci_dev *hdev, u8 status, u16 opcode)
4681 struct mgmt_cp_add_dev_white_list *cp;
4682 struct pending_cmd *cmd;
4684 BT_DBG("status 0x%02x", status);
4688 cmd = mgmt_pending_find(MGMT_OP_ADD_DEV_WHITE_LIST, hdev);
4695 cmd_status(cmd->sk, hdev->id, MGMT_OP_ADD_DEV_WHITE_LIST,
4696 mgmt_status(status));
4698 cmd_complete(cmd->sk, hdev->id, MGMT_OP_ADD_DEV_WHITE_LIST, 0,
4701 mgmt_pending_remove(cmd);
4704 hci_dev_unlock(hdev);
4707 static int add_white_list(struct sock *sk, struct hci_dev *hdev,
4708 void *data, u16 len)
4710 struct pending_cmd *cmd;
4711 struct mgmt_cp_add_dev_white_list *cp = data;
4712 struct hci_request req;
4715 BT_DBG("%s", hdev->name);
4717 if (!lmp_le_capable(hdev))
4718 return cmd_status(sk, hdev->id, MGMT_OP_ADD_DEV_WHITE_LIST,
4719 MGMT_STATUS_NOT_SUPPORTED);
4721 if (!hdev_is_powered(hdev))
4722 return cmd_status(sk, hdev->id, MGMT_OP_ADD_DEV_WHITE_LIST,
4723 MGMT_STATUS_REJECTED);
4727 if (mgmt_pending_find(MGMT_OP_ADD_DEV_WHITE_LIST, hdev)) {
4728 err = cmd_status(sk, hdev->id, MGMT_OP_ADD_DEV_WHITE_LIST,
4733 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_DEV_WHITE_LIST, hdev, data, len);
4739 hci_req_init(&req, hdev);
4741 hci_req_add(&req, HCI_OP_LE_ADD_DEV_WHITE_LIST, sizeof(*cp), cp);
4743 err = hci_req_run(&req, add_white_list_complete);
4745 mgmt_pending_remove(cmd);
4750 hci_dev_unlock(hdev);
4755 static void remove_from_white_list_complete(struct hci_dev *hdev, u8 status, u16 opcode)
4757 struct mgmt_cp_remove_dev_from_white_list *cp;
4758 struct pending_cmd *cmd;
4760 BT_DBG("status 0x%02x", status);
4764 cmd = mgmt_pending_find(MGMT_OP_REMOVE_DEV_FROM_WHITE_LIST, hdev);
4771 cmd_status(cmd->sk, hdev->id, MGMT_OP_REMOVE_DEV_FROM_WHITE_LIST,
4772 mgmt_status(status));
4774 cmd_complete(cmd->sk, hdev->id, MGMT_OP_REMOVE_DEV_FROM_WHITE_LIST, 0,
4777 mgmt_pending_remove(cmd);
4780 hci_dev_unlock(hdev);
4783 static int remove_from_white_list(struct sock *sk, struct hci_dev *hdev,
4784 void *data, u16 len)
4786 struct pending_cmd *cmd;
4787 struct mgmt_cp_remove_dev_from_white_list *cp = data;
4788 struct hci_request req;
4791 BT_DBG("%s", hdev->name);
4793 if (!lmp_le_capable(hdev))
4794 return cmd_status(sk, hdev->id, MGMT_OP_REMOVE_DEV_FROM_WHITE_LIST,
4795 MGMT_STATUS_NOT_SUPPORTED);
4797 if (!hdev_is_powered(hdev))
4798 return cmd_status(sk, hdev->id, MGMT_OP_REMOVE_DEV_FROM_WHITE_LIST,
4799 MGMT_STATUS_REJECTED);
4803 if (mgmt_pending_find(MGMT_OP_REMOVE_DEV_FROM_WHITE_LIST, hdev)) {
4804 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_DEV_FROM_WHITE_LIST,
4809 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_DEV_FROM_WHITE_LIST, hdev, data, len);
4815 hci_req_init(&req, hdev);
4817 hci_req_add(&req, HCI_OP_LE_REMOVE_FROM_DEV_WHITE_LIST, sizeof(*cp), cp);
4819 err = hci_req_run(&req, remove_from_white_list_complete);
4821 mgmt_pending_remove(cmd);
4826 hci_dev_unlock(hdev);
4831 static void clear_white_list_complete(struct hci_dev *hdev, u8 status, u16 opcode)
4833 struct pending_cmd *cmd;
4835 BT_DBG("status 0x%02x", status);
4839 cmd = mgmt_pending_find(MGMT_OP_CLEAR_DEV_WHITE_LIST, hdev);
4844 cmd_status(cmd->sk, hdev->id, MGMT_OP_CLEAR_DEV_WHITE_LIST,
4845 mgmt_status(status));
4847 cmd_complete(cmd->sk, hdev->id, MGMT_OP_CLEAR_DEV_WHITE_LIST, 0,
4850 mgmt_pending_remove(cmd);
4853 hci_dev_unlock(hdev);
4856 static int clear_white_list(struct sock *sk, struct hci_dev *hdev,
4857 void *data, u16 len)
4859 struct pending_cmd *cmd;
4860 struct hci_request req;
4863 BT_DBG("%s", hdev->name);
4865 if (!lmp_le_capable(hdev))
4866 return cmd_status(sk, hdev->id, MGMT_OP_CLEAR_DEV_WHITE_LIST,
4867 MGMT_STATUS_NOT_SUPPORTED);
4869 if (!hdev_is_powered(hdev))
4870 return cmd_status(sk, hdev->id, MGMT_OP_CLEAR_DEV_WHITE_LIST,
4871 MGMT_STATUS_REJECTED);
4875 if (mgmt_pending_find(MGMT_OP_CLEAR_DEV_WHITE_LIST, hdev)) {
4876 err = cmd_status(sk, hdev->id, MGMT_OP_CLEAR_DEV_WHITE_LIST,
4881 cmd = mgmt_pending_add(sk, MGMT_OP_CLEAR_DEV_WHITE_LIST, hdev, NULL, 0);
4887 hci_req_init(&req, hdev);
4889 hci_req_add(&req, HCI_OP_LE_CLEAR_DEV_WHITE_LIST, 0, NULL);
4891 err = hci_req_run(&req, clear_white_list_complete);
4893 mgmt_pending_remove(cmd);
4898 hci_dev_unlock(hdev);
4903 static int mgmt_start_le_discovery_failed(struct hci_dev *hdev, u8 status)
4905 struct pending_cmd *cmd;
4909 hci_le_discovery_set_state(hdev, DISCOVERY_STOPPED);
4911 cmd = mgmt_pending_find(MGMT_OP_START_LE_DISCOVERY, hdev);
4915 type = hdev->le_discovery.type;
4917 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
4918 &type, sizeof(type));
4919 mgmt_pending_remove(cmd);
4924 static void start_le_discovery_complete(struct hci_dev *hdev, u8 status, u16 opcode)
4926 unsigned long timeout = 0;
4928 BT_DBG("status %d", status);
4932 mgmt_start_le_discovery_failed(hdev, status);
4933 hci_dev_unlock(hdev);
4938 hci_le_discovery_set_state(hdev, DISCOVERY_FINDING);
4939 hci_dev_unlock(hdev);
4941 switch (hdev->le_discovery.type) {
4942 case DISCOV_TYPE_LE:
4943 /* BEGIN TIZEN_Bluetooth :: Keep going on LE Scan */
4945 timeout = msecs_to_jiffies(DISCOV_LE_TIMEOUT);
4947 /* END TIZEN_Bluetooth */
4951 BT_ERR("Invalid discovery type %d", hdev->le_discovery.type);
4957 queue_delayed_work(hdev->workqueue, &hdev->le_scan_disable, timeout);
4960 static int start_le_discovery(struct sock *sk, struct hci_dev *hdev,
4961 void *data, u16 len)
4963 struct mgmt_cp_start_le_discovery *cp = data;
4964 struct pending_cmd *cmd;
4965 struct hci_cp_le_set_scan_param param_cp;
4966 struct hci_cp_le_set_scan_enable enable_cp;
4967 struct hci_request req;
4968 u8 status, own_addr_type;
4971 BT_DBG("%s", hdev->name);
4975 if (!hdev_is_powered(hdev)) {
4976 err = cmd_status(sk, hdev->id, MGMT_OP_START_LE_DISCOVERY,
4977 MGMT_STATUS_NOT_POWERED);
4981 if (hdev->le_discovery.state != DISCOVERY_STOPPED) {
4982 err = cmd_status(sk, hdev->id, MGMT_OP_START_LE_DISCOVERY,
4987 cmd = mgmt_pending_add(sk, MGMT_OP_START_LE_DISCOVERY, hdev, NULL, 0);
4993 hdev->le_discovery.type = cp->type;
4995 hci_req_init(&req, hdev);
4997 switch (hdev->le_discovery.type) {
4998 case DISCOV_TYPE_LE:
4999 status = mgmt_le_support(hdev);
5001 err = cmd_status(sk, hdev->id, MGMT_OP_START_LE_DISCOVERY,
5003 mgmt_pending_remove(cmd);
5007 /* If controller is scanning, it means the background scanning
5008 * is running. Thus, we should temporarily stop it in order to
5009 * set the discovery scanning parameters.
5011 if (test_bit(HCI_LE_SCAN, &hdev->dev_flags))
5012 hci_req_add_le_scan_disable(&req);
5014 memset(¶m_cp, 0, sizeof(param_cp));
5016 /* All active scans will be done with either a resolvable
5017 * private address (when privacy feature has been enabled)
5018 * or unresolvable private address.
5020 err = hci_update_random_address(&req, true, &own_addr_type);
5022 err = cmd_status(sk, hdev->id, MGMT_OP_START_LE_DISCOVERY,
5023 MGMT_STATUS_FAILED);
5024 mgmt_pending_remove(cmd);
5028 param_cp.type = hdev->le_scan_type;
5029 param_cp.interval = cpu_to_le16(hdev->le_scan_interval);
5030 param_cp.window = cpu_to_le16(hdev->le_scan_window);
5031 param_cp.own_address_type = own_addr_type;
5032 hci_req_add(&req, HCI_OP_LE_SET_SCAN_PARAM, sizeof(param_cp),
5035 memset(&enable_cp, 0, sizeof(enable_cp));
5036 enable_cp.enable = LE_SCAN_ENABLE;
5037 enable_cp.filter_dup = LE_SCAN_FILTER_DUP_DISABLE;
5039 hci_req_add(&req, HCI_OP_LE_SET_SCAN_ENABLE, sizeof(enable_cp),
5044 err = cmd_status(sk, hdev->id, MGMT_OP_START_LE_DISCOVERY,
5045 MGMT_STATUS_INVALID_PARAMS);
5046 mgmt_pending_remove(cmd);
5050 err = hci_req_run(&req, start_le_discovery_complete);
5052 mgmt_pending_remove(cmd);
5054 hci_le_discovery_set_state(hdev, DISCOVERY_STARTING);
5057 hci_dev_unlock(hdev);
5061 static int mgmt_stop_le_discovery_failed(struct hci_dev *hdev, u8 status)
5063 struct pending_cmd *cmd;
5066 cmd = mgmt_pending_find(MGMT_OP_STOP_LE_DISCOVERY, hdev);
5070 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
5071 &hdev->le_discovery.type, sizeof(hdev->le_discovery.type));
5072 mgmt_pending_remove(cmd);
5077 static void stop_le_discovery_complete(struct hci_dev *hdev, u8 status, u16 opcode)
5079 BT_DBG("status %d", status);
5084 mgmt_stop_le_discovery_failed(hdev, status);
5088 hci_le_discovery_set_state(hdev, DISCOVERY_STOPPED);
5091 hci_dev_unlock(hdev);
5094 static int stop_le_discovery(struct sock *sk, struct hci_dev *hdev, void *data,
5097 struct mgmt_cp_stop_le_discovery *mgmt_cp = data;
5098 struct pending_cmd *cmd;
5099 struct hci_request req;
5102 BT_DBG("%s", hdev->name);
5106 if (!hci_le_discovery_active(hdev)) {
5107 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_LE_DISCOVERY,
5108 MGMT_STATUS_REJECTED, &mgmt_cp->type,
5109 sizeof(mgmt_cp->type));
5113 if (hdev->le_discovery.type != mgmt_cp->type) {
5114 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_LE_DISCOVERY,
5115 MGMT_STATUS_INVALID_PARAMS, &mgmt_cp->type,
5116 sizeof(mgmt_cp->type));
5120 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_LE_DISCOVERY, hdev, NULL, 0);
5126 hci_req_init(&req, hdev);
5128 switch (hdev->le_discovery.state) {
5129 case DISCOVERY_FINDING:
5130 cancel_delayed_work(&hdev->le_scan_disable);
5131 hci_req_add_le_scan_disable(&req);
5135 BT_DBG("unknown le discovery state %u", hdev->le_discovery.state);
5137 mgmt_pending_remove(cmd);
5138 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_LE_DISCOVERY,
5139 MGMT_STATUS_FAILED, &mgmt_cp->type,
5140 sizeof(mgmt_cp->type));
5144 err = hci_req_run(&req, stop_le_discovery_complete);
5146 mgmt_pending_remove(cmd);
5148 hci_le_discovery_set_state(hdev, DISCOVERY_STOPPING);
5151 hci_dev_unlock(hdev);
5155 /* BEGIN TIZEN_Bluetooth :: LE auto connect */
5156 static int disable_le_auto_connect(struct sock *sk, struct hci_dev *hdev,
5157 void *data, u16 len)
5161 BT_DBG("%s", hdev->name);
5165 err = hci_send_cmd(hdev, HCI_OP_LE_CREATE_CONN_CANCEL, 0, NULL);
5167 BT_ERR("HCI_OP_LE_CREATE_CONN_CANCEL is failed");
5170 hci_dev_unlock(hdev);
5174 /* END TIZEN_Bluetooth */
5176 /* BEGIN TIZEN_Bluetooth :: LE connection Update */
5177 static int le_conn_update(struct sock *sk, struct hci_dev *hdev, void *data,
5180 struct mgmt_cp_le_conn_update *cp = data;
5182 struct hci_conn *conn;
5183 u16 min, max, latency, supervision_timeout;
5186 if (!hdev_is_powered(hdev))
5187 return cmd_status(sk, hdev->id, MGMT_OP_LE_CONN_UPDATE,
5188 MGMT_STATUS_NOT_POWERED);
5190 min = __le16_to_cpu(cp->conn_interval_min);
5191 max = __le16_to_cpu(cp->conn_interval_max);
5192 latency = __le16_to_cpu(cp->conn_latency);
5193 supervision_timeout = __le16_to_cpu(cp->supervision_timeout);
5195 BT_DBG("min 0x%4.4x max 0x%4.4x latency: 0x%4.4x supervision_timeout: 0x%4.4x",
5196 min, max, latency, supervision_timeout);
5198 err = check_le_conn_update_param(min, max, latency, supervision_timeout);
5201 err = cmd_status(sk, hdev->id, MGMT_OP_LE_CONN_UPDATE,
5202 MGMT_STATUS_INVALID_PARAMS);
5208 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->bdaddr);
5211 cmd_status(sk, hdev->id, MGMT_OP_LE_CONN_UPDATE,
5212 MGMT_STATUS_NOT_CONNECTED);
5216 hci_le_conn_update(conn, min, max, latency, supervision_timeout);
5218 err = cmd_complete(sk, hdev->id, MGMT_OP_LE_CONN_UPDATE, 0,
5221 hci_dev_unlock(hdev);
5224 /* END TIZEN_Bluetooth */
5227 static void fast_connectable_complete(struct hci_dev *hdev, u8 status, u16 opcode)
5229 struct pending_cmd *cmd;
5231 BT_DBG("status 0x%02x", status);
5235 cmd = mgmt_pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev);
5240 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
5241 mgmt_status(status));
5243 struct mgmt_mode *cp = cmd->param;
5246 set_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
5248 clear_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
5250 send_settings_rsp(cmd->sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev);
5251 new_settings(hdev, cmd->sk);
5254 mgmt_pending_remove(cmd);
5257 hci_dev_unlock(hdev);
5260 static int set_fast_connectable(struct sock *sk, struct hci_dev *hdev,
5261 void *data, u16 len)
5263 struct mgmt_mode *cp = data;
5264 struct pending_cmd *cmd;
5265 struct hci_request req;
5268 BT_DBG("%s", hdev->name);
5270 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags) ||
5271 hdev->hci_ver < BLUETOOTH_VER_1_2)
5272 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
5273 MGMT_STATUS_NOT_SUPPORTED);
5275 if (cp->val != 0x00 && cp->val != 0x01)
5276 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
5277 MGMT_STATUS_INVALID_PARAMS);
5279 if (!hdev_is_powered(hdev))
5280 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
5281 MGMT_STATUS_NOT_POWERED);
5283 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
5284 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
5285 MGMT_STATUS_REJECTED);
5289 if (mgmt_pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev)) {
5290 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
5295 if (!!cp->val == test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags)) {
5296 err = send_settings_rsp(sk, MGMT_OP_SET_FAST_CONNECTABLE,
5301 cmd = mgmt_pending_add(sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev,
5308 hci_req_init(&req, hdev);
5310 write_fast_connectable(&req, cp->val);
5312 err = hci_req_run(&req, fast_connectable_complete);
5314 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
5315 MGMT_STATUS_FAILED);
5316 mgmt_pending_remove(cmd);
5320 hci_dev_unlock(hdev);
5325 static void set_bredr_complete(struct hci_dev *hdev, u8 status, u16 opcode)
5327 struct pending_cmd *cmd;
5329 BT_DBG("status 0x%02x", status);
5333 cmd = mgmt_pending_find(MGMT_OP_SET_BREDR, hdev);
5338 u8 mgmt_err = mgmt_status(status);
5340 /* We need to restore the flag if related HCI commands
5343 clear_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
5345 cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
5347 send_settings_rsp(cmd->sk, MGMT_OP_SET_BREDR, hdev);
5348 new_settings(hdev, cmd->sk);
5351 mgmt_pending_remove(cmd);
5354 hci_dev_unlock(hdev);
5357 static int set_bredr(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
5359 struct mgmt_mode *cp = data;
5360 struct pending_cmd *cmd;
5361 struct hci_request req;
5364 BT_DBG("request for %s", hdev->name);
5366 if (!lmp_bredr_capable(hdev) || !lmp_le_capable(hdev))
5367 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
5368 MGMT_STATUS_NOT_SUPPORTED);
5370 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
5371 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
5372 MGMT_STATUS_REJECTED);
5374 if (cp->val != 0x00 && cp->val != 0x01)
5375 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
5376 MGMT_STATUS_INVALID_PARAMS);
5380 if (cp->val == test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
5381 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
5385 if (!hdev_is_powered(hdev)) {
5387 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
5388 clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
5389 clear_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
5390 clear_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
5391 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
5394 change_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
5396 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
5400 err = new_settings(hdev, sk);
5404 /* Reject disabling when powered on */
5406 err = cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
5407 MGMT_STATUS_REJECTED);
5410 /* When configuring a dual-mode controller to operate
5411 * with LE only and using a static address, then switching
5412 * BR/EDR back on is not allowed.
5414 * Dual-mode controllers shall operate with the public
5415 * address as its identity address for BR/EDR and LE. So
5416 * reject the attempt to create an invalid configuration.
5418 * The same restrictions applies when secure connections
5419 * has been enabled. For BR/EDR this is a controller feature
5420 * while for LE it is a host stack feature. This means that
5421 * switching BR/EDR back on when secure connections has been
5422 * enabled is not a supported transaction.
5424 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags) &&
5425 (bacmp(&hdev->static_addr, BDADDR_ANY) ||
5426 test_bit(HCI_SC_ENABLED, &hdev->dev_flags))) {
5427 err = cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
5428 MGMT_STATUS_REJECTED);
5433 if (mgmt_pending_find(MGMT_OP_SET_BREDR, hdev)) {
5434 err = cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
5439 cmd = mgmt_pending_add(sk, MGMT_OP_SET_BREDR, hdev, data, len);
5445 /* We need to flip the bit already here so that update_adv_data
5446 * generates the correct flags.
5448 set_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
5450 hci_req_init(&req, hdev);
5452 write_fast_connectable(&req, false);
5453 __hci_update_page_scan(&req);
5455 /* Since only the advertising data flags will change, there
5456 * is no need to update the scan response data.
5458 update_adv_data(&req);
5460 err = hci_req_run(&req, set_bredr_complete);
5462 mgmt_pending_remove(cmd);
5465 hci_dev_unlock(hdev);
5469 static void sc_enable_complete(struct hci_dev *hdev, u8 status, u16 opcode)
5471 struct pending_cmd *cmd;
5472 struct mgmt_mode *cp;
5474 BT_DBG("%s status %u", hdev->name, status);
5478 cmd = mgmt_pending_find(MGMT_OP_SET_SECURE_CONN, hdev);
5483 cmd_status(cmd->sk, cmd->index, cmd->opcode,
5484 mgmt_status(status));
5492 clear_bit(HCI_SC_ENABLED, &hdev->dev_flags);
5493 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
5496 set_bit(HCI_SC_ENABLED, &hdev->dev_flags);
5497 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
5500 set_bit(HCI_SC_ENABLED, &hdev->dev_flags);
5501 set_bit(HCI_SC_ONLY, &hdev->dev_flags);
5505 send_settings_rsp(cmd->sk, MGMT_OP_SET_SECURE_CONN, hdev);
5506 new_settings(hdev, cmd->sk);
5509 mgmt_pending_remove(cmd);
5511 hci_dev_unlock(hdev);
5514 static int set_secure_conn(struct sock *sk, struct hci_dev *hdev,
5515 void *data, u16 len)
5517 struct mgmt_mode *cp = data;
5518 struct pending_cmd *cmd;
5519 struct hci_request req;
5523 BT_DBG("request for %s", hdev->name);
5525 if (!lmp_sc_capable(hdev) &&
5526 !test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
5527 return cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
5528 MGMT_STATUS_NOT_SUPPORTED);
5530 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags) &&
5531 !test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
5532 return cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
5533 MGMT_STATUS_REJECTED);
5535 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
5536 return cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
5537 MGMT_STATUS_INVALID_PARAMS);
5541 if (!hdev_is_powered(hdev) || !lmp_sc_capable(hdev) ||
5542 !test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
5546 changed = !test_and_set_bit(HCI_SC_ENABLED,
5548 if (cp->val == 0x02)
5549 set_bit(HCI_SC_ONLY, &hdev->dev_flags);
5551 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
5553 changed = test_and_clear_bit(HCI_SC_ENABLED,
5555 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
5558 err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev);
5563 err = new_settings(hdev, sk);
5568 if (mgmt_pending_find(MGMT_OP_SET_SECURE_CONN, hdev)) {
5569 err = cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
5576 if (val == test_bit(HCI_SC_ENABLED, &hdev->dev_flags) &&
5577 (cp->val == 0x02) == test_bit(HCI_SC_ONLY, &hdev->dev_flags)) {
5578 err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev);
5582 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SECURE_CONN, hdev, data, len);
5588 hci_req_init(&req, hdev);
5589 hci_req_add(&req, HCI_OP_WRITE_SC_SUPPORT, 1, &val);
5590 err = hci_req_run(&req, sc_enable_complete);
5592 mgmt_pending_remove(cmd);
5597 hci_dev_unlock(hdev);
5601 static int set_debug_keys(struct sock *sk, struct hci_dev *hdev,
5602 void *data, u16 len)
5604 struct mgmt_mode *cp = data;
5605 bool changed, use_changed;
5608 BT_DBG("request for %s", hdev->name);
5610 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
5611 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEBUG_KEYS,
5612 MGMT_STATUS_INVALID_PARAMS);
5617 changed = !test_and_set_bit(HCI_KEEP_DEBUG_KEYS,
5620 changed = test_and_clear_bit(HCI_KEEP_DEBUG_KEYS,
5623 if (cp->val == 0x02)
5624 use_changed = !test_and_set_bit(HCI_USE_DEBUG_KEYS,
5627 use_changed = test_and_clear_bit(HCI_USE_DEBUG_KEYS,
5630 if (hdev_is_powered(hdev) && use_changed &&
5631 test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
5632 u8 mode = (cp->val == 0x02) ? 0x01 : 0x00;
5633 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_DEBUG_MODE,
5634 sizeof(mode), &mode);
5637 err = send_settings_rsp(sk, MGMT_OP_SET_DEBUG_KEYS, hdev);
5642 err = new_settings(hdev, sk);
5645 hci_dev_unlock(hdev);
5649 static int set_privacy(struct sock *sk, struct hci_dev *hdev, void *cp_data,
5652 struct mgmt_cp_set_privacy *cp = cp_data;
5656 BT_DBG("request for %s", hdev->name);
5658 if (!lmp_le_capable(hdev))
5659 return cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
5660 MGMT_STATUS_NOT_SUPPORTED);
5662 if (cp->privacy != 0x00 && cp->privacy != 0x01)
5663 return cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
5664 MGMT_STATUS_INVALID_PARAMS);
5666 /* Not sure why below condition is required; commenting for now,
5667 * since set privacy command is always rejected if this condition is enabled.
5669 #ifndef CONFIG_TIZEN_WIP
5670 if (hdev_is_powered(hdev))
5671 return cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
5672 MGMT_STATUS_REJECTED);
5677 /* If user space supports this command it is also expected to
5678 * handle IRKs. Therefore, set the HCI_RPA_RESOLVING flag.
5680 set_bit(HCI_RPA_RESOLVING, &hdev->dev_flags);
5683 changed = !test_and_set_bit(HCI_PRIVACY, &hdev->dev_flags);
5684 memcpy(hdev->irk, cp->irk, sizeof(hdev->irk));
5685 set_bit(HCI_RPA_EXPIRED, &hdev->dev_flags);
5687 changed = test_and_clear_bit(HCI_PRIVACY, &hdev->dev_flags);
5688 memset(hdev->irk, 0, sizeof(hdev->irk));
5689 clear_bit(HCI_RPA_EXPIRED, &hdev->dev_flags);
5692 err = send_settings_rsp(sk, MGMT_OP_SET_PRIVACY, hdev);
5697 err = new_settings(hdev, sk);
5700 hci_dev_unlock(hdev);
5704 static bool irk_is_valid(struct mgmt_irk_info *irk)
5706 switch (irk->addr.type) {
5707 case BDADDR_LE_PUBLIC:
5710 case BDADDR_LE_RANDOM:
5711 /* Two most significant bits shall be set */
5712 if ((irk->addr.bdaddr.b[5] & 0xc0) != 0xc0)
5720 static int load_irks(struct sock *sk, struct hci_dev *hdev, void *cp_data,
5723 struct mgmt_cp_load_irks *cp = cp_data;
5724 const u16 max_irk_count = ((U16_MAX - sizeof(*cp)) /
5725 sizeof(struct mgmt_irk_info));
5726 u16 irk_count, expected_len;
5729 BT_DBG("request for %s", hdev->name);
5731 if (!lmp_le_capable(hdev))
5732 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
5733 MGMT_STATUS_NOT_SUPPORTED);
5735 irk_count = __le16_to_cpu(cp->irk_count);
5736 if (irk_count > max_irk_count) {
5737 BT_ERR("load_irks: too big irk_count value %u", irk_count);
5738 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
5739 MGMT_STATUS_INVALID_PARAMS);
5742 expected_len = sizeof(*cp) + irk_count * sizeof(struct mgmt_irk_info);
5743 if (expected_len != len) {
5744 BT_ERR("load_irks: expected %u bytes, got %u bytes",
5746 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
5747 MGMT_STATUS_INVALID_PARAMS);
5750 BT_DBG("%s irk_count %u", hdev->name, irk_count);
5752 for (i = 0; i < irk_count; i++) {
5753 struct mgmt_irk_info *key = &cp->irks[i];
5755 if (!irk_is_valid(key))
5756 return cmd_status(sk, hdev->id,
5758 MGMT_STATUS_INVALID_PARAMS);
5763 hci_smp_irks_clear(hdev);
5765 for (i = 0; i < irk_count; i++) {
5766 struct mgmt_irk_info *irk = &cp->irks[i];
5769 if (irk->addr.type == BDADDR_LE_PUBLIC)
5770 addr_type = ADDR_LE_DEV_PUBLIC;
5772 addr_type = ADDR_LE_DEV_RANDOM;
5774 hci_add_irk(hdev, &irk->addr.bdaddr, addr_type, irk->val,
5778 set_bit(HCI_RPA_RESOLVING, &hdev->dev_flags);
5780 err = cmd_complete(sk, hdev->id, MGMT_OP_LOAD_IRKS, 0, NULL, 0);
5782 hci_dev_unlock(hdev);
5787 #ifdef CONFIG_TIZEN_WIP
5788 static int set_advertising_params(struct sock *sk, struct hci_dev *hdev,
5789 void *data, u16 len)
5791 struct mgmt_cp_set_advertising_params *cp = data;
5796 BT_DBG("%s", hdev->name);
5798 if (!lmp_le_capable(hdev))
5799 return cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING_PARAMS,
5800 MGMT_STATUS_NOT_SUPPORTED);
5802 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
5803 return cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING_PARAMS,
5806 min_interval = __le16_to_cpu(cp->interval_min);
5807 max_interval = __le16_to_cpu(cp->interval_max);
5809 if (min_interval > max_interval ||
5810 min_interval < 0x0020 || max_interval > 0x4000)
5811 return cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING_PARAMS,
5812 MGMT_STATUS_INVALID_PARAMS);
5816 hdev->le_adv_min_interval = min_interval;
5817 hdev->le_adv_max_interval = max_interval;
5818 hdev->adv_filter_policy = cp->filter_policy;
5819 hdev->adv_type = cp->type;
5821 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_ADVERTISING_PARAMS, 0, NULL, 0);
5823 hci_dev_unlock(hdev);
5828 static void set_advertising_data_complete(struct hci_dev *hdev, u8 status, u16 opcode)
5830 struct mgmt_cp_set_advertising_data *cp;
5831 struct pending_cmd *cmd;
5833 BT_DBG("status 0x%02x", status);
5837 cmd = mgmt_pending_find(MGMT_OP_SET_ADVERTISING_DATA, hdev);
5844 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_ADVERTISING_DATA,
5845 mgmt_status(status));
5847 cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_ADVERTISING_DATA, 0,
5850 mgmt_pending_remove(cmd);
5853 hci_dev_unlock(hdev);
5856 static int set_advertising_data(struct sock *sk, struct hci_dev *hdev,
5857 void *data, u16 len)
5859 struct pending_cmd *cmd;
5860 struct hci_request req;
5861 struct mgmt_cp_set_advertising_data *cp = data;
5862 struct hci_cp_le_set_adv_data adv;
5865 BT_DBG("%s", hdev->name);
5867 if (!lmp_le_capable(hdev)) {
5868 return cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING_DATA,
5869 MGMT_STATUS_NOT_SUPPORTED);
5874 if (mgmt_pending_find(MGMT_OP_SET_ADVERTISING_DATA, hdev)) {
5875 err = cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING_DATA,
5880 cmd = mgmt_pending_add(sk, MGMT_OP_SET_ADVERTISING_DATA,
5887 if (len > HCI_MAX_AD_LENGTH) {
5888 err = cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING_DATA,
5889 MGMT_STATUS_INVALID_PARAMS);
5893 hci_req_init(&req, hdev);
5895 memset(&adv, 0, sizeof(adv));
5896 memcpy(adv.data, cp->data, len);
5899 hci_req_add(&req, HCI_OP_LE_SET_ADV_DATA, sizeof(adv), &adv);
5901 err = hci_req_run(&req, set_advertising_data_complete);
5903 mgmt_pending_remove(cmd);
5907 hci_dev_unlock(hdev);
5912 static void set_scan_rsp_data_complete(struct hci_dev *hdev, u8 status, u16 opcode)
5914 struct mgmt_cp_set_scan_rsp_data *cp;
5915 struct pending_cmd *cmd;
5917 BT_DBG("status 0x%02x", status);
5921 cmd = mgmt_pending_find(MGMT_OP_SET_SCAN_RSP_DATA, hdev);
5928 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_SCAN_RSP_DATA,
5929 mgmt_status(status));
5931 cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_SCAN_RSP_DATA, 0,
5934 mgmt_pending_remove(cmd);
5937 hci_dev_unlock(hdev);
5940 static int set_scan_rsp_data(struct sock *sk, struct hci_dev *hdev, void *data,
5943 struct pending_cmd *cmd;
5944 struct hci_request req;
5945 struct mgmt_cp_set_scan_rsp_data *cp = data;
5946 struct hci_cp_le_set_scan_rsp_data rsp;
5949 BT_DBG("%s", hdev->name);
5951 if (!lmp_le_capable(hdev))
5952 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_RSP_DATA,
5953 MGMT_STATUS_NOT_SUPPORTED);
5957 if (mgmt_pending_find(MGMT_OP_SET_SCAN_RSP_DATA, hdev)) {
5958 err = cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_RSP_DATA,
5963 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SCAN_RSP_DATA, hdev, data, len);
5968 if (len > HCI_MAX_AD_LENGTH) {
5969 err = cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_RSP_DATA,
5970 MGMT_STATUS_INVALID_PARAMS);
5974 hci_req_init(&req, hdev);
5976 memset(&rsp, 0, sizeof(rsp));
5977 memcpy(rsp.data, cp->data, len);
5980 hci_req_add(&req, HCI_OP_LE_SET_SCAN_RSP_DATA, sizeof(rsp), &rsp);
5982 err = hci_req_run(&req, set_scan_rsp_data_complete);
5984 mgmt_pending_remove(cmd);
5988 hci_dev_unlock(hdev);
5993 static void set_manufacturer_data_complete(struct hci_dev *hdev, u8 status, u16 opcode)
5995 struct mgmt_cp_set_manufacturer_data *cp;
5996 struct pending_cmd *cmd;
5998 BT_DBG("status 0x%02x", status);
6002 cmd = mgmt_pending_find(MGMT_OP_SET_MANUFACTURER_DATA, hdev);
6009 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_MANUFACTURER_DATA,
6010 mgmt_status(status));
6012 cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_MANUFACTURER_DATA, 0,
6015 mgmt_pending_remove(cmd);
6018 hci_dev_unlock(hdev);
6021 static int set_manufacturer_data(struct sock *sk, struct hci_dev *hdev,
6022 void *data, u16 len)
6024 struct pending_cmd *cmd;
6025 struct hci_request req;
6026 struct mgmt_cp_set_manufacturer_data *cp = data;
6027 u8 old_data[HCI_MAX_EIR_LENGTH] = {0, };
6032 BT_DBG("%s", hdev->name);
6034 if (!lmp_bredr_capable(hdev)) {
6035 return cmd_status(sk, hdev->id, MGMT_OP_SET_MANUFACTURER_DATA,
6036 MGMT_STATUS_NOT_SUPPORTED);
6039 if (cp->data[0] == 0 ||
6040 cp->data[0] - 1 > sizeof(hdev->manufacturer_data)) {
6041 return cmd_status(sk, hdev->id, MGMT_OP_SET_MANUFACTURER_DATA,
6042 MGMT_STATUS_INVALID_PARAMS);
6045 if (cp->data[1] != 0xFF) {
6046 return cmd_status(sk, hdev->id, MGMT_OP_SET_MANUFACTURER_DATA,
6047 MGMT_STATUS_NOT_SUPPORTED);
6052 if (mgmt_pending_find(MGMT_OP_SET_MANUFACTURER_DATA, hdev)) {
6053 err = cmd_status(sk, hdev->id, MGMT_OP_SET_MANUFACTURER_DATA,
6058 cmd = mgmt_pending_add(sk, MGMT_OP_SET_MANUFACTURER_DATA, hdev, data, len);
6064 hci_req_init(&req, hdev);
6066 /* if new data is same as previous data then return command complete event*/
6067 if (hdev->manufacturer_len == cp->data[0] - 1 &&
6068 !memcmp(hdev->manufacturer_data, cp->data + 2, cp->data[0] - 1)) {
6069 mgmt_pending_remove(cmd);
6070 cmd_complete(sk, hdev->id, MGMT_OP_SET_MANUFACTURER_DATA, 0,
6072 hci_dev_unlock(hdev);
6076 old_len = hdev->manufacturer_len;
6078 memcpy(old_data, hdev->manufacturer_data, old_len);
6081 hdev->manufacturer_len = cp->data[0] - 1;
6082 if (hdev->manufacturer_len > 0) {
6083 memcpy(hdev->manufacturer_data, cp->data + 2, hdev->manufacturer_len);
6088 err = hci_req_run(&req, set_manufacturer_data_complete);
6090 mgmt_pending_remove(cmd);
6095 hci_dev_unlock(hdev);
6100 memset(hdev->manufacturer_data, 0x00, sizeof(hdev->manufacturer_data));
6101 hdev->manufacturer_len = old_len;
6102 if (hdev->manufacturer_len > 0) {
6103 memcpy(hdev->manufacturer_data, old_data,
6104 hdev->manufacturer_len);
6106 hci_dev_unlock(hdev);
6110 #ifdef CONFIG_TIZEN_WIP
6111 static int set_voice_setting(struct sock *sk, struct hci_dev *hdev,
6112 void *data, u16 len)
6114 struct mgmt_cp_set_voice_setting *cp = data;
6115 struct hci_conn *conn;
6116 struct hci_conn *sco_conn;
6120 BT_DBG("%s", hdev->name);
6122 if (!lmp_bredr_capable(hdev)) {
6123 return cmd_status(sk, hdev->id, MGMT_OP_SET_VOICE_SETTING,
6124 MGMT_STATUS_NOT_SUPPORTED);
6129 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
6131 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_VOICE_SETTING, 0,
6136 conn->voice_setting = cp->voice_setting;
6137 conn->sco_role = cp->sco_role;
6139 sco_conn = hci_conn_hash_lookup_sco(hdev);
6140 if (sco_conn && bacmp(&sco_conn->dst, &cp->bdaddr) != 0) {
6141 BT_ERR("There is other SCO connection.");
6145 if (conn->sco_role == MGMT_SCO_ROLE_HANDSFREE) {
6146 if (conn->voice_setting == 0x0063)
6147 sco_connect_set_wbc(hdev);
6149 sco_connect_set_nbc(hdev);
6151 if (conn->voice_setting == 0x0063)
6152 sco_connect_set_gw_wbc(hdev);
6154 sco_connect_set_gw_nbc(hdev);
6158 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_VOICE_SETTING, 0,
6162 hci_dev_unlock(hdev);
6167 static int get_adv_tx_power(struct sock *sk, struct hci_dev *hdev,
6168 void *data, u16 len)
6170 struct mgmt_rp_get_adv_tx_power *rp;
6174 BT_DBG("%s", hdev->name);
6178 rp_len = sizeof(*rp);
6179 rp = kmalloc(rp_len, GFP_KERNEL);
6185 rp->adv_tx_power= hdev->adv_tx_power;
6187 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_ADV_TX_POWER, 0, rp,
6193 hci_dev_unlock(hdev);
6198 /* BEGIN TIZEN_Bluetooth :: Apply RSSI changes */
6199 static void set_rssi_threshold_complete(struct hci_dev *hdev, u8 status, u16 opcode)
6201 BT_DBG("status 0x%02x", status);
6204 static void set_rssi_disable_complete(struct hci_dev *hdev, u8 status, u16 opcode)
6206 BT_DBG("status 0x%02x", status);
6209 int mgmt_set_rssi_threshold(struct sock *sk, struct hci_dev *hdev,
6210 void *data, u16 len)
6213 struct hci_cp_set_rssi_threshold th = { 0, };
6214 struct mgmt_cp_set_enable_rssi *cp = data;
6215 struct hci_conn *conn;
6216 struct pending_cmd *cmd;
6217 struct hci_request req;
6222 cmd = mgmt_pending_find(MGMT_OP_SET_RSSI_ENABLE, hdev);
6224 err = cmd_status(sk, hdev->id, MGMT_OP_SET_RSSI_ENABLE,
6225 MGMT_STATUS_FAILED);
6229 if (!lmp_le_capable(hdev)) {
6230 mgmt_pending_remove(cmd);
6231 return cmd_status(sk, hdev->id, MGMT_OP_SET_RSSI_ENABLE,
6232 MGMT_STATUS_NOT_SUPPORTED);
6235 if (!hdev_is_powered(hdev)) {
6236 BT_DBG("%s", hdev->name);
6237 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_RSSI_ENABLE,
6238 MGMT_STATUS_NOT_POWERED, data, len);
6239 mgmt_pending_remove(cmd);
6243 if (cp->link_type == 0x01)
6244 dest_type = LE_LINK;
6246 dest_type = ACL_LINK;
6248 /* Get LE/ACL link handle info*/
6249 conn = hci_conn_hash_lookup_ba(hdev,
6250 dest_type, &cp->bdaddr);
6253 err = cmd_complete(sk, hdev->id,
6254 MGMT_OP_SET_RSSI_ENABLE, 1, NULL, 0);
6255 mgmt_pending_remove(cmd);
6259 hci_req_init(&req, hdev);
6261 th.hci_le_ext_opcode = 0x0B;
6263 th.conn_handle = conn->handle;
6264 th.alert_mask = 0x07;
6265 th.low_th = cp->low_th;
6266 th.in_range_th = cp->in_range_th;
6267 th.high_th = cp->high_th;
6269 hci_req_add(&req, HCI_OP_ENABLE_RSSI, sizeof(th), &th);
6270 err = hci_req_run(&req, set_rssi_threshold_complete);
6273 mgmt_pending_remove(cmd);
6274 BT_ERR("Error in requesting hci_req_run");
6279 hci_dev_unlock(hdev);
6283 void mgmt_rssi_enable_success(struct sock *sk, struct hci_dev *hdev,
6284 void *data, struct hci_cc_rsp_enable_rssi *rp, int success)
6286 struct mgmt_cc_rsp_enable_rssi mgmt_rp = { 0, };
6287 struct mgmt_cp_set_enable_rssi *cp = data;
6288 struct pending_cmd *cmd;
6290 if (cp == NULL || rp == NULL)
6293 mgmt_rp.status = rp->status;
6294 mgmt_rp.le_ext_opcode = rp->le_ext_opcode;
6295 mgmt_rp.bt_address = cp->bdaddr;
6296 mgmt_rp.link_type = cp->link_type;
6298 cmd_complete(sk, hdev->id, MGMT_OP_SET_RSSI_ENABLE, MGMT_STATUS_SUCCESS,
6299 &mgmt_rp, sizeof(struct mgmt_cc_rsp_enable_rssi));
6301 mgmt_event(MGMT_EV_RSSI_ENABLED, hdev, &mgmt_rp,
6302 sizeof(struct mgmt_cc_rsp_enable_rssi), NULL);
6304 hci_conn_rssi_unset_all(hdev, mgmt_rp.link_type);
6305 hci_conn_rssi_state_set(hdev, mgmt_rp.link_type,
6306 &mgmt_rp.bt_address, true);
6310 cmd = mgmt_pending_find(MGMT_OP_SET_RSSI_ENABLE, hdev);
6312 mgmt_pending_remove(cmd);
6314 hci_dev_unlock(hdev);
6317 void mgmt_rssi_disable_success(struct sock *sk, struct hci_dev *hdev,
6318 void *data, struct hci_cc_rsp_enable_rssi *rp, int success)
6320 struct mgmt_cc_rp_disable_rssi mgmt_rp = { 0, };
6321 struct mgmt_cp_disable_rssi *cp = data;
6322 struct pending_cmd *cmd;
6324 if (cp == NULL || rp == NULL)
6327 mgmt_rp.status = rp->status;
6328 mgmt_rp.le_ext_opcode = rp->le_ext_opcode;
6329 mgmt_rp.bt_address = cp->bdaddr;
6330 mgmt_rp.link_type = cp->link_type;
6332 cmd_complete(sk, hdev->id, MGMT_OP_SET_RSSI_DISABLE, MGMT_STATUS_SUCCESS,
6333 &mgmt_rp, sizeof(struct mgmt_cc_rsp_enable_rssi));
6335 mgmt_event(MGMT_EV_RSSI_DISABLED, hdev, &mgmt_rp,
6336 sizeof(struct mgmt_cc_rsp_enable_rssi), NULL);
6338 hci_conn_rssi_state_set(hdev, mgmt_rp.link_type,
6339 &mgmt_rp.bt_address, false);
6344 cmd = mgmt_pending_find(MGMT_OP_SET_RSSI_DISABLE, hdev);
6346 mgmt_pending_remove(cmd);
6348 hci_dev_unlock(hdev);
6351 static int mgmt_set_disable_rssi(struct sock *sk, struct hci_dev *hdev,
6352 void *data, u16 len)
6354 struct pending_cmd *cmd;
6355 struct hci_request req;
6356 struct hci_cp_set_enable_rssi cp_en = { 0, };
6359 BT_DBG("Set Disable RSSI.");
6361 cp_en.hci_le_ext_opcode = 0x01;
6362 cp_en.le_enable_cs_Features = 0x00;
6363 cp_en.data[0] = 0x00;
6364 cp_en.data[1] = 0x00;
6365 cp_en.data[2] = 0x00;
6369 cmd = mgmt_pending_find(MGMT_OP_SET_RSSI_DISABLE, hdev);
6371 err = cmd_status(sk, hdev->id, MGMT_OP_SET_RSSI_DISABLE,
6372 MGMT_STATUS_FAILED);
6376 if (!lmp_le_capable(hdev)) {
6377 mgmt_pending_remove(cmd);
6378 return cmd_status(sk, hdev->id, MGMT_OP_SET_RSSI_DISABLE,
6379 MGMT_STATUS_NOT_SUPPORTED);
6382 if (!hdev_is_powered(hdev)) {
6383 BT_DBG("%s", hdev->name);
6384 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_RSSI_DISABLE,
6385 MGMT_STATUS_NOT_POWERED, data, len);
6386 mgmt_pending_remove(cmd);
6390 hci_req_init(&req, hdev);
6392 BT_DBG("Enable Len: %d [%2.2X %2.2X %2.2X %2.2X %2.2X]",
6393 sizeof(struct hci_cp_set_enable_rssi),
6394 cp_en.hci_le_ext_opcode, cp_en.le_enable_cs_Features,
6395 cp_en.data[0], cp_en.data[1], cp_en.data[2]);
6397 hci_req_add(&req, HCI_OP_ENABLE_RSSI, sizeof(cp_en), &cp_en);
6398 err = hci_req_run(&req, set_rssi_disable_complete);
6401 mgmt_pending_remove(cmd);
6402 BT_ERR("Error in requesting hci_req_run");
6407 hci_dev_unlock(hdev);
6413 void mgmt_enable_rssi_cc(struct hci_dev *hdev, void *response, u8 status)
6415 struct hci_cc_rsp_enable_rssi *rp = response;
6416 struct pending_cmd *cmd_enable = NULL;
6417 struct pending_cmd *cmd_disable = NULL;
6418 struct mgmt_cp_set_enable_rssi *cp_en;
6419 struct mgmt_cp_disable_rssi *cp_dis;
6422 cmd_enable = mgmt_pending_find(MGMT_OP_SET_RSSI_ENABLE, hdev);
6423 cmd_disable = mgmt_pending_find(MGMT_OP_SET_RSSI_DISABLE, hdev);
6424 hci_dev_unlock(hdev);
6427 BT_DBG("Enable Request");
6430 BT_DBG("Disable Request");
6433 cp_en = cmd_enable->param;
6438 switch (rp->le_ext_opcode) {
6440 BT_DBG("RSSI enabled.. Setting Threshold...");
6441 mgmt_set_rssi_threshold(cmd_enable->sk, hdev,
6442 cp_en, sizeof(*cp_en));
6446 BT_DBG("Sending RSSI enable success");
6447 mgmt_rssi_enable_success(cmd_enable->sk, hdev,
6448 cp_en, rp, rp->status);
6452 } else if (cmd_disable) {
6453 cp_dis = cmd_disable->param;
6458 switch (rp->le_ext_opcode) {
6460 BT_DBG("Sending RSSI disable success");
6461 mgmt_rssi_disable_success(cmd_disable->sk, hdev,
6462 cp_dis, rp, rp->status);
6466 /* Only unset RSSI Threshold values for the Link if
6467 RSSI is monitored for other BREDR or LE Links*/
6468 if (hci_conn_hash_lookup_rssi_count(hdev) > 1) {
6469 BT_DBG("Unset Threshold. Other links being monitored");
6470 mgmt_rssi_disable_success(cmd_disable->sk, hdev,
6471 cp_dis, rp, rp->status);
6473 BT_DBG("Unset Threshold. Disabling...");
6474 mgmt_set_disable_rssi(cmd_disable->sk, hdev,
6475 cp_dis, sizeof(*cp_dis));
6482 static void set_rssi_enable_complete(struct hci_dev *hdev, u8 status, u16 opcode)
6484 BT_DBG("status 0x%02x", status);
6487 static int set_enable_rssi(struct sock *sk, struct hci_dev *hdev,
6488 void *data, u16 len)
6490 struct pending_cmd *cmd;
6491 struct hci_request req;
6492 struct mgmt_cp_set_enable_rssi *cp = data;
6493 struct hci_cp_set_enable_rssi cp_en = { 0, };
6495 BT_DBG("Set Enable RSSI.");
6497 cp_en.hci_le_ext_opcode = 0x01;
6498 cp_en.le_enable_cs_Features = 0x04;
6499 cp_en.data[0] = 0x00;
6500 cp_en.data[1] = 0x00;
6501 cp_en.data[2] = 0x00;
6503 if (!lmp_le_capable(hdev))
6504 return cmd_status(sk, hdev->id, MGMT_OP_SET_RSSI_ENABLE,
6505 MGMT_STATUS_NOT_SUPPORTED);
6508 if (!hdev_is_powered(hdev)) {
6509 BT_DBG("%s", hdev->name);
6510 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_RSSI_ENABLE, 0,
6516 if (mgmt_pending_find(MGMT_OP_SET_RSSI_ENABLE, hdev)) {
6517 BT_DBG("%s", hdev->name);
6518 err = cmd_status(sk, hdev->id, MGMT_OP_SET_RSSI_ENABLE,
6523 cmd = mgmt_pending_add(sk, MGMT_OP_SET_RSSI_ENABLE, hdev, cp, sizeof(*cp));
6525 BT_DBG("%s", hdev->name);
6530 /* If RSSI is already enabled directly set Threshold values*/
6531 if (hci_conn_hash_lookup_rssi_count(hdev) > 0) {
6532 hci_dev_unlock(hdev);
6533 BT_DBG("RSSI Enabled. Directly set Threshold");
6534 err = mgmt_set_rssi_threshold(sk, hdev, cp, sizeof(*cp));
6538 hci_req_init(&req, hdev);
6540 BT_DBG("Enable Len: %d [%2.2X %2.2X %2.2X %2.2X %2.2X]",
6541 sizeof(struct hci_cp_set_enable_rssi),
6542 cp_en.hci_le_ext_opcode, cp_en.le_enable_cs_Features,
6543 cp_en.data[0], cp_en.data[1], cp_en.data[2]);
6545 hci_req_add(&req, HCI_OP_ENABLE_RSSI, sizeof(cp_en), &cp_en);
6546 err = hci_req_run(&req, set_rssi_enable_complete);
6549 mgmt_pending_remove(cmd);
6550 BT_ERR("Error in requesting hci_req_run");
6555 hci_dev_unlock(hdev);
6560 static void get_raw_rssi_complete(struct hci_dev *hdev, u8 status, u16 opcode)
6562 struct pending_cmd *cmd;
6564 BT_DBG("status 0x%02x", status);
6568 cmd = mgmt_pending_find(MGMT_OP_GET_RAW_RSSI, hdev);
6572 cmd_complete(cmd->sk, hdev->id, MGMT_OP_GET_RAW_RSSI, MGMT_STATUS_SUCCESS,
6575 mgmt_pending_remove(cmd);
6578 hci_dev_unlock(hdev);
6581 static int get_raw_rssi(struct sock *sk, struct hci_dev *hdev, void *data,
6584 struct pending_cmd *cmd;
6585 struct hci_request req;
6586 struct mgmt_cp_get_raw_rssi *cp = data;
6587 struct hci_cp_get_raw_rssi hci_cp;
6589 struct hci_conn *conn;
6593 BT_DBG("Get Raw RSSI.");
6594 if (!lmp_le_capable(hdev))
6595 return cmd_status(sk, hdev->id, MGMT_OP_GET_RAW_RSSI,
6596 MGMT_STATUS_NOT_SUPPORTED);
6600 if (cp->link_type == 0x01) {
6601 dest_type = LE_LINK;
6603 dest_type = ACL_LINK;
6606 /* Get LE/BREDR link handle info*/
6607 conn = hci_conn_hash_lookup_ba(hdev,
6608 dest_type, &cp->bt_address);
6610 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_RAW_RSSI, 1,
6614 hci_cp.conn_handle = conn->handle;
6616 if (!hdev_is_powered(hdev)) {
6617 BT_DBG("%s", hdev->name);
6618 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_RAW_RSSI, 0,
6624 if (mgmt_pending_find(MGMT_OP_GET_RAW_RSSI, hdev)) {
6625 BT_DBG("%s", hdev->name);
6626 err = cmd_status(sk, hdev->id, MGMT_OP_GET_RAW_RSSI,
6631 cmd = mgmt_pending_add(sk, MGMT_OP_GET_RAW_RSSI, hdev, data, len);
6633 BT_DBG("%s", hdev->name);
6638 hci_req_init(&req, hdev);
6640 BT_DBG("Connection Handle [%d]", hci_cp.conn_handle);
6641 hci_req_add(&req, HCI_OP_GET_RAW_RSSI, sizeof(hci_cp), &hci_cp);
6642 err = hci_req_run(&req, get_raw_rssi_complete);
6645 mgmt_pending_remove(cmd);
6646 BT_ERR("Error in requesting hci_req_run");
6650 hci_dev_unlock(hdev);
6655 void mgmt_raw_rssi_response(struct hci_dev *hdev,
6656 struct hci_cc_rp_get_raw_rssi *rp, int success)
6658 struct mgmt_cc_rp_get_raw_rssi mgmt_rp = { 0, };
6659 struct hci_conn *conn;
6661 mgmt_rp.status = rp->status;
6662 mgmt_rp.rssi_dbm = rp->rssi_dbm;
6664 conn = hci_conn_hash_lookup_handle(hdev, rp->conn_handle);
6668 bacpy(&mgmt_rp.bt_address, &conn->dst);
6669 if (conn->type == LE_LINK) {
6670 mgmt_rp.link_type = 0x01;
6672 mgmt_rp.link_type = 0x00;
6675 mgmt_event(MGMT_EV_RAW_RSSI, hdev, &mgmt_rp,
6676 sizeof(struct mgmt_cc_rp_get_raw_rssi), NULL);
6679 static void set_disable_threshold_complete(struct hci_dev *hdev,
6680 u8 status, u16 opcode)
6682 BT_DBG("status 0x%02x", status);
6685 /** Removes monitoring for a link*/
6686 static int set_disable_threshold(struct sock *sk, struct hci_dev *hdev,
6687 void *data, u16 len)
6690 struct hci_cp_set_rssi_threshold th = { 0, };
6691 struct mgmt_cp_disable_rssi *cp = data;
6692 struct hci_conn *conn;
6693 struct pending_cmd *cmd;
6694 struct hci_request req;
6696 BT_DBG("Set Disable RSSI.");
6698 if (!lmp_le_capable(hdev)) {
6699 return cmd_status(sk, hdev->id, MGMT_OP_SET_RSSI_DISABLE,
6700 MGMT_STATUS_NOT_SUPPORTED);
6705 /* Get LE/ACL link handle info*/
6706 if (cp->link_type == 0x01)
6707 dest_type = LE_LINK;
6709 dest_type = ACL_LINK;
6711 conn = hci_conn_hash_lookup_ba(hdev,
6712 dest_type, &cp->bdaddr);
6714 err = cmd_complete(sk, hdev->id,
6715 MGMT_OP_SET_RSSI_DISABLE, 1, NULL, 0);
6719 th.hci_le_ext_opcode = 0x0B;
6721 th.conn_handle = conn->handle;
6722 th.alert_mask = 0x00;
6724 th.in_range_th = 0x00;
6727 if (!hdev_is_powered(hdev)) {
6728 BT_DBG("%s", hdev->name);
6729 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_RSSI_DISABLE, 0,
6734 if (mgmt_pending_find(MGMT_OP_SET_RSSI_DISABLE, hdev)) {
6735 BT_DBG("%s", hdev->name);
6736 err = cmd_status(sk, hdev->id, MGMT_OP_SET_RSSI_DISABLE,
6741 cmd = mgmt_pending_add(sk, MGMT_OP_SET_RSSI_DISABLE, hdev, cp, sizeof(*cp));
6743 BT_DBG("%s", hdev->name);
6748 hci_req_init(&req, hdev);
6750 hci_req_add(&req, HCI_OP_ENABLE_RSSI, sizeof(th), &th);
6751 err = hci_req_run(&req, set_disable_threshold_complete);
6753 mgmt_pending_remove(cmd);
6754 BT_ERR("Error in requesting hci_req_run");
6759 hci_dev_unlock(hdev);
6764 void mgmt_rssi_alert_evt(struct hci_dev *hdev, struct sk_buff *skb)
6766 struct hci_ev_vendor_specific_rssi_alert *ev = (void *) skb->data;
6767 struct mgmt_ev_vendor_specific_rssi_alert mgmt_ev;
6768 struct hci_conn *conn;
6770 BT_DBG("RSSI alert [%2.2X %2.2X %2.2X]",
6771 ev->conn_handle, ev->alert_type, ev->rssi_dbm);
6773 conn = hci_conn_hash_lookup_handle(hdev, ev->conn_handle);
6776 BT_ERR("RSSI alert Error: Device not found for handle");
6779 bacpy(&mgmt_ev.bdaddr, &conn->dst);
6781 if (conn->type == LE_LINK)
6782 mgmt_ev.link_type = 0x01;
6784 mgmt_ev.link_type = 0x00;
6786 mgmt_ev.alert_type = ev->alert_type;
6787 mgmt_ev.rssi_dbm = ev->rssi_dbm;
6789 mgmt_event(MGMT_EV_RSSI_ALERT, hdev, &mgmt_ev,
6790 sizeof(struct mgmt_ev_vendor_specific_rssi_alert), NULL);
6793 void mgmt_multi_adv_state_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
6795 struct hci_ev_vendor_specific_multi_adv_state *ev = (void *) skb->data;
6796 struct mgmt_ev_vendor_specific_multi_adv_state_changed mgmt_ev;
6798 BT_DBG("Multi adv state changed [%2.2X %2.2X %2.2X]",
6799 ev->adv_instance, ev->state_change_reason, ev->connection_handle);
6801 mgmt_ev.adv_instance = ev->adv_instance;
6802 mgmt_ev.state_change_reason = ev->state_change_reason;
6803 mgmt_ev.connection_handle = ev->connection_handle;
6805 mgmt_event(MGMT_EV_MULTI_ADV_STATE_CHANGED, hdev, &mgmt_ev,
6806 sizeof(struct mgmt_ev_vendor_specific_multi_adv_state_changed), NULL);
6809 static int enable_bt_6lowpan(struct sock *sk, struct hci_dev *hdev,
6810 void *data, u16 len)
6813 struct mgmt_cp_enable_6lowpan *cp = data;
6815 BT_DBG("%s", hdev->name);
6819 if (!hdev_is_powered(hdev)) {
6820 err = cmd_status(sk, hdev->id, MGMT_OP_ENABLE_6LOWPAN,
6821 MGMT_STATUS_NOT_POWERED);
6825 if (!lmp_le_capable(hdev)) {
6826 err = cmd_status(sk, hdev->id, MGMT_OP_ENABLE_6LOWPAN,
6827 MGMT_STATUS_NOT_SUPPORTED);
6831 if (cp->enable_6lowpan)
6832 bt_6lowpan_enable();
6834 bt_6lowpan_disable();
6836 err = cmd_complete(sk, hdev->id, MGMT_OP_ENABLE_6LOWPAN,
6837 MGMT_STATUS_SUCCESS, NULL, 0);
6839 hci_dev_unlock(hdev);
6843 /* END TIZEN_Bluetooth */
6846 static bool ltk_is_valid(struct mgmt_ltk_info *key)
6848 if (key->master != 0x00 && key->master != 0x01)
6851 switch (key->addr.type) {
6852 case BDADDR_LE_PUBLIC:
6855 case BDADDR_LE_RANDOM:
6856 /* Two most significant bits shall be set */
6857 if ((key->addr.bdaddr.b[5] & 0xc0) != 0xc0)
6865 static int load_long_term_keys(struct sock *sk, struct hci_dev *hdev,
6866 void *cp_data, u16 len)
6868 struct mgmt_cp_load_long_term_keys *cp = cp_data;
6869 const u16 max_key_count = ((U16_MAX - sizeof(*cp)) /
6870 sizeof(struct mgmt_ltk_info));
6871 u16 key_count, expected_len;
6874 BT_DBG("request for %s", hdev->name);
6876 if (!lmp_le_capable(hdev))
6877 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
6878 MGMT_STATUS_NOT_SUPPORTED);
6880 key_count = __le16_to_cpu(cp->key_count);
6881 if (key_count > max_key_count) {
6882 BT_ERR("load_ltks: too big key_count value %u", key_count);
6883 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
6884 MGMT_STATUS_INVALID_PARAMS);
6887 expected_len = sizeof(*cp) + key_count *
6888 sizeof(struct mgmt_ltk_info);
6889 if (expected_len != len) {
6890 BT_ERR("load_keys: expected %u bytes, got %u bytes",
6892 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
6893 MGMT_STATUS_INVALID_PARAMS);
6896 BT_DBG("%s key_count %u", hdev->name, key_count);
6898 for (i = 0; i < key_count; i++) {
6899 struct mgmt_ltk_info *key = &cp->keys[i];
6901 if (!ltk_is_valid(key))
6902 return cmd_status(sk, hdev->id,
6903 MGMT_OP_LOAD_LONG_TERM_KEYS,
6904 MGMT_STATUS_INVALID_PARAMS);
6909 hci_smp_ltks_clear(hdev);
6911 for (i = 0; i < key_count; i++) {
6912 struct mgmt_ltk_info *key = &cp->keys[i];
6913 u8 type, addr_type, authenticated;
6915 if (key->addr.type == BDADDR_LE_PUBLIC)
6916 addr_type = ADDR_LE_DEV_PUBLIC;
6918 addr_type = ADDR_LE_DEV_RANDOM;
6920 switch (key->type) {
6921 case MGMT_LTK_UNAUTHENTICATED:
6922 authenticated = 0x00;
6923 type = key->master ? SMP_LTK : SMP_LTK_SLAVE;
6925 case MGMT_LTK_AUTHENTICATED:
6926 authenticated = 0x01;
6927 type = key->master ? SMP_LTK : SMP_LTK_SLAVE;
6929 case MGMT_LTK_P256_UNAUTH:
6930 authenticated = 0x00;
6931 type = SMP_LTK_P256;
6933 case MGMT_LTK_P256_AUTH:
6934 authenticated = 0x01;
6935 type = SMP_LTK_P256;
6937 case MGMT_LTK_P256_DEBUG:
6938 authenticated = 0x00;
6939 type = SMP_LTK_P256_DEBUG;
6944 hci_add_ltk(hdev, &key->addr.bdaddr, addr_type, type,
6945 authenticated, key->val, key->enc_size, key->ediv,
6949 err = cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS, 0,
6952 hci_dev_unlock(hdev);
6957 static int conn_info_cmd_complete(struct pending_cmd *cmd, u8 status)
6959 struct hci_conn *conn = cmd->user_data;
6960 struct mgmt_rp_get_conn_info rp;
6963 memcpy(&rp.addr, cmd->param, sizeof(rp.addr));
6965 if (status == MGMT_STATUS_SUCCESS) {
6966 rp.rssi = conn->rssi;
6967 rp.tx_power = conn->tx_power;
6968 rp.max_tx_power = conn->max_tx_power;
6970 rp.rssi = HCI_RSSI_INVALID;
6971 rp.tx_power = HCI_TX_POWER_INVALID;
6972 rp.max_tx_power = HCI_TX_POWER_INVALID;
6975 err = cmd_complete(cmd->sk, cmd->index, MGMT_OP_GET_CONN_INFO, status,
6978 hci_conn_drop(conn);
6984 static void conn_info_refresh_complete(struct hci_dev *hdev, u8 hci_status,
6987 struct hci_cp_read_rssi *cp;
6988 struct pending_cmd *cmd;
6989 struct hci_conn *conn;
6993 BT_DBG("status 0x%02x", hci_status);
6997 /* Commands sent in request are either Read RSSI or Read Transmit Power
6998 * Level so we check which one was last sent to retrieve connection
6999 * handle. Both commands have handle as first parameter so it's safe to
7000 * cast data on the same command struct.
7002 * First command sent is always Read RSSI and we fail only if it fails.
7003 * In other case we simply override error to indicate success as we
7004 * already remembered if TX power value is actually valid.
7006 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_RSSI);
7008 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_TX_POWER);
7009 status = MGMT_STATUS_SUCCESS;
7011 status = mgmt_status(hci_status);
7015 BT_ERR("invalid sent_cmd in conn_info response");
7019 handle = __le16_to_cpu(cp->handle);
7020 conn = hci_conn_hash_lookup_handle(hdev, handle);
7022 BT_ERR("unknown handle (%d) in conn_info response", handle);
7026 cmd = mgmt_pending_find_data(MGMT_OP_GET_CONN_INFO, hdev, conn);
7030 cmd->cmd_complete(cmd, status);
7031 mgmt_pending_remove(cmd);
7034 hci_dev_unlock(hdev);
7038 #ifdef CONFIG_TIZEN_WIP
7039 /* defination of "prandom_u32_max" is imported from latest kernel,
7040 * so if the kernel is migrated to latest, below defination should be removed
7044 * prandom_u32_max - returns a pseudo-random number in interval [0, ep_ro)
7045 * @ep_ro: right open interval endpoint
7047 * Returns a pseudo-random number that is in interval [0, ep_ro). Note
7048 * that the result depends on PRNG being well distributed in [0, ~0U]
7049 * u32 space. Here we use maximally equidistributed combined Tausworthe
7050 * generator, that is, prandom_u32(). This is useful when requesting a
7051 * random index of an array containing ep_ro elements, for example.
7053 * Returns: pseudo-random number in interval [0, ep_ro)
7055 static inline u32 prandom_u32_max(u32 ep_ro)
7057 return (u32)(((u64) prandom_u32() * ep_ro) >> 32);
7061 static int get_conn_info(struct sock *sk, struct hci_dev *hdev, void *data,
7064 struct mgmt_cp_get_conn_info *cp = data;
7065 struct mgmt_rp_get_conn_info rp;
7066 struct hci_conn *conn;
7067 unsigned long conn_info_age;
7070 BT_DBG("%s", hdev->name);
7072 memset(&rp, 0, sizeof(rp));
7073 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
7074 rp.addr.type = cp->addr.type;
7076 if (!bdaddr_type_is_valid(cp->addr.type))
7077 return cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
7078 MGMT_STATUS_INVALID_PARAMS,
7083 if (!hdev_is_powered(hdev)) {
7084 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
7085 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
7089 if (cp->addr.type == BDADDR_BREDR)
7090 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
7093 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
7095 if (!conn || conn->state != BT_CONNECTED) {
7096 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
7097 MGMT_STATUS_NOT_CONNECTED, &rp, sizeof(rp));
7101 if (mgmt_pending_find_data(MGMT_OP_GET_CONN_INFO, hdev, conn)) {
7102 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
7103 MGMT_STATUS_BUSY, &rp, sizeof(rp));
7107 /* To avoid client trying to guess when to poll again for information we
7108 * calculate conn info age as random value between min/max set in hdev.
7110 conn_info_age = hdev->conn_info_min_age +
7111 prandom_u32_max(hdev->conn_info_max_age -
7112 hdev->conn_info_min_age);
7114 /* Query controller to refresh cached values if they are too old or were
7117 if (time_after(jiffies, conn->conn_info_timestamp +
7118 msecs_to_jiffies(conn_info_age)) ||
7119 !conn->conn_info_timestamp) {
7120 struct hci_request req;
7121 struct hci_cp_read_tx_power req_txp_cp;
7122 struct hci_cp_read_rssi req_rssi_cp;
7123 struct pending_cmd *cmd;
7125 hci_req_init(&req, hdev);
7126 req_rssi_cp.handle = cpu_to_le16(conn->handle);
7127 hci_req_add(&req, HCI_OP_READ_RSSI, sizeof(req_rssi_cp),
7130 /* For LE links TX power does not change thus we don't need to
7131 * query for it once value is known.
7133 if (!bdaddr_type_is_le(cp->addr.type) ||
7134 conn->tx_power == HCI_TX_POWER_INVALID) {
7135 req_txp_cp.handle = cpu_to_le16(conn->handle);
7136 req_txp_cp.type = 0x00;
7137 hci_req_add(&req, HCI_OP_READ_TX_POWER,
7138 sizeof(req_txp_cp), &req_txp_cp);
7141 /* Max TX power needs to be read only once per connection */
7142 if (conn->max_tx_power == HCI_TX_POWER_INVALID) {
7143 req_txp_cp.handle = cpu_to_le16(conn->handle);
7144 req_txp_cp.type = 0x01;
7145 hci_req_add(&req, HCI_OP_READ_TX_POWER,
7146 sizeof(req_txp_cp), &req_txp_cp);
7149 err = hci_req_run(&req, conn_info_refresh_complete);
7153 cmd = mgmt_pending_add(sk, MGMT_OP_GET_CONN_INFO, hdev,
7160 hci_conn_hold(conn);
7161 cmd->user_data = hci_conn_get(conn);
7162 cmd->cmd_complete = conn_info_cmd_complete;
7164 conn->conn_info_timestamp = jiffies;
7166 /* Cache is valid, just reply with values cached in hci_conn */
7167 rp.rssi = conn->rssi;
7168 rp.tx_power = conn->tx_power;
7169 rp.max_tx_power = conn->max_tx_power;
7171 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
7172 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
7176 hci_dev_unlock(hdev);
7180 static int clock_info_cmd_complete(struct pending_cmd *cmd, u8 status)
7182 struct hci_conn *conn = cmd->user_data;
7183 struct mgmt_rp_get_clock_info rp;
7184 struct hci_dev *hdev;
7187 memset(&rp, 0, sizeof(rp));
7188 memcpy(&rp.addr, &cmd->param, sizeof(rp.addr));
7193 hdev = hci_dev_get(cmd->index);
7195 rp.local_clock = cpu_to_le32(hdev->clock);
7200 rp.piconet_clock = cpu_to_le32(conn->clock);
7201 rp.accuracy = cpu_to_le16(conn->clock_accuracy);
7205 err = cmd_complete(cmd->sk, cmd->index, cmd->opcode, status, &rp,
7209 hci_conn_drop(conn);
7216 static void get_clock_info_complete(struct hci_dev *hdev, u8 status, u16 opcode)
7218 struct hci_cp_read_clock *hci_cp;
7219 struct pending_cmd *cmd;
7220 struct hci_conn *conn;
7222 BT_DBG("%s status %u", hdev->name, status);
7226 hci_cp = hci_sent_cmd_data(hdev, HCI_OP_READ_CLOCK);
7230 if (hci_cp->which) {
7231 u16 handle = __le16_to_cpu(hci_cp->handle);
7232 conn = hci_conn_hash_lookup_handle(hdev, handle);
7237 cmd = mgmt_pending_find_data(MGMT_OP_GET_CLOCK_INFO, hdev, conn);
7241 cmd->cmd_complete(cmd, mgmt_status(status));
7242 mgmt_pending_remove(cmd);
7245 hci_dev_unlock(hdev);
7248 static int get_clock_info(struct sock *sk, struct hci_dev *hdev, void *data,
7251 struct mgmt_cp_get_clock_info *cp = data;
7252 struct mgmt_rp_get_clock_info rp;
7253 struct hci_cp_read_clock hci_cp;
7254 struct pending_cmd *cmd;
7255 struct hci_request req;
7256 struct hci_conn *conn;
7259 BT_DBG("%s", hdev->name);
7261 memset(&rp, 0, sizeof(rp));
7262 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
7263 rp.addr.type = cp->addr.type;
7265 if (cp->addr.type != BDADDR_BREDR)
7266 return cmd_complete(sk, hdev->id, MGMT_OP_GET_CLOCK_INFO,
7267 MGMT_STATUS_INVALID_PARAMS,
7272 if (!hdev_is_powered(hdev)) {
7273 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CLOCK_INFO,
7274 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
7278 if (bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
7279 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
7281 if (!conn || conn->state != BT_CONNECTED) {
7282 err = cmd_complete(sk, hdev->id,
7283 MGMT_OP_GET_CLOCK_INFO,
7284 MGMT_STATUS_NOT_CONNECTED,
7292 cmd = mgmt_pending_add(sk, MGMT_OP_GET_CLOCK_INFO, hdev, data, len);
7298 cmd->cmd_complete = clock_info_cmd_complete;
7300 hci_req_init(&req, hdev);
7302 memset(&hci_cp, 0, sizeof(hci_cp));
7303 hci_req_add(&req, HCI_OP_READ_CLOCK, sizeof(hci_cp), &hci_cp);
7306 hci_conn_hold(conn);
7307 cmd->user_data = hci_conn_get(conn);
7309 hci_cp.handle = cpu_to_le16(conn->handle);
7310 hci_cp.which = 0x01; /* Piconet clock */
7311 hci_req_add(&req, HCI_OP_READ_CLOCK, sizeof(hci_cp), &hci_cp);
7314 err = hci_req_run(&req, get_clock_info_complete);
7316 mgmt_pending_remove(cmd);
7319 hci_dev_unlock(hdev);
7323 static bool is_connected(struct hci_dev *hdev, bdaddr_t *addr, u8 type)
7325 struct hci_conn *conn;
7327 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, addr);
7331 if (conn->dst_type != type)
7334 if (conn->state != BT_CONNECTED)
7340 /* This function requires the caller holds hdev->lock */
7341 static int hci_conn_params_set(struct hci_request *req, bdaddr_t *addr,
7342 u8 addr_type, u8 auto_connect)
7344 struct hci_dev *hdev = req->hdev;
7345 struct hci_conn_params *params;
7347 params = hci_conn_params_add(hdev, addr, addr_type);
7351 if (params->auto_connect == auto_connect)
7354 list_del_init(¶ms->action);
7356 switch (auto_connect) {
7357 case HCI_AUTO_CONN_DISABLED:
7358 case HCI_AUTO_CONN_LINK_LOSS:
7359 __hci_update_background_scan(req);
7361 case HCI_AUTO_CONN_REPORT:
7362 list_add(¶ms->action, &hdev->pend_le_reports);
7363 __hci_update_background_scan(req);
7365 case HCI_AUTO_CONN_DIRECT:
7366 case HCI_AUTO_CONN_ALWAYS:
7367 if (!is_connected(hdev, addr, addr_type)) {
7368 list_add(¶ms->action, &hdev->pend_le_conns);
7369 __hci_update_background_scan(req);
7374 params->auto_connect = auto_connect;
7376 BT_DBG("addr %pMR (type %u) auto_connect %u", addr, addr_type,
7382 static void device_added(struct sock *sk, struct hci_dev *hdev,
7383 bdaddr_t *bdaddr, u8 type, u8 action)
7385 struct mgmt_ev_device_added ev;
7387 bacpy(&ev.addr.bdaddr, bdaddr);
7388 ev.addr.type = type;
7391 mgmt_event(MGMT_EV_DEVICE_ADDED, hdev, &ev, sizeof(ev), sk);
7394 static void add_device_complete(struct hci_dev *hdev, u8 status, u16 opcode)
7396 struct pending_cmd *cmd;
7398 BT_DBG("status 0x%02x", status);
7402 cmd = mgmt_pending_find(MGMT_OP_ADD_DEVICE, hdev);
7406 cmd->cmd_complete(cmd, mgmt_status(status));
7407 mgmt_pending_remove(cmd);
7410 hci_dev_unlock(hdev);
7413 static int add_device(struct sock *sk, struct hci_dev *hdev,
7414 void *data, u16 len)
7416 struct mgmt_cp_add_device *cp = data;
7417 struct pending_cmd *cmd;
7418 struct hci_request req;
7419 u8 auto_conn, addr_type;
7422 BT_DBG("%s", hdev->name);
7424 if (!bdaddr_type_is_valid(cp->addr.type) ||
7425 !bacmp(&cp->addr.bdaddr, BDADDR_ANY))
7426 return cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
7427 MGMT_STATUS_INVALID_PARAMS,
7428 &cp->addr, sizeof(cp->addr));
7430 if (cp->action != 0x00 && cp->action != 0x01 && cp->action != 0x02)
7431 return cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
7432 MGMT_STATUS_INVALID_PARAMS,
7433 &cp->addr, sizeof(cp->addr));
7435 hci_req_init(&req, hdev);
7439 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_DEVICE, hdev, data, len);
7445 cmd->cmd_complete = addr_cmd_complete;
7447 if (cp->addr.type == BDADDR_BREDR) {
7448 /* Only incoming connections action is supported for now */
7449 if (cp->action != 0x01) {
7450 err = cmd->cmd_complete(cmd,
7451 MGMT_STATUS_INVALID_PARAMS);
7452 mgmt_pending_remove(cmd);
7456 err = hci_bdaddr_list_add(&hdev->whitelist, &cp->addr.bdaddr,
7461 __hci_update_page_scan(&req);
7466 if (cp->addr.type == BDADDR_LE_PUBLIC)
7467 addr_type = ADDR_LE_DEV_PUBLIC;
7469 addr_type = ADDR_LE_DEV_RANDOM;
7471 if (cp->action == 0x02)
7472 auto_conn = HCI_AUTO_CONN_ALWAYS;
7473 else if (cp->action == 0x01)
7474 auto_conn = HCI_AUTO_CONN_DIRECT;
7476 auto_conn = HCI_AUTO_CONN_REPORT;
7478 /* If the connection parameters don't exist for this device,
7479 * they will be created and configured with defaults.
7481 if (hci_conn_params_set(&req, &cp->addr.bdaddr, addr_type,
7483 err = cmd->cmd_complete(cmd, MGMT_STATUS_FAILED);
7484 mgmt_pending_remove(cmd);
7489 device_added(sk, hdev, &cp->addr.bdaddr, cp->addr.type, cp->action);
7491 err = hci_req_run(&req, add_device_complete);
7493 /* ENODATA means no HCI commands were needed (e.g. if
7494 * the adapter is powered off).
7496 if (err == -ENODATA)
7497 err = cmd->cmd_complete(cmd, MGMT_STATUS_SUCCESS);
7498 mgmt_pending_remove(cmd);
7502 hci_dev_unlock(hdev);
7506 static void device_removed(struct sock *sk, struct hci_dev *hdev,
7507 bdaddr_t *bdaddr, u8 type)
7509 struct mgmt_ev_device_removed ev;
7511 bacpy(&ev.addr.bdaddr, bdaddr);
7512 ev.addr.type = type;
7514 mgmt_event(MGMT_EV_DEVICE_REMOVED, hdev, &ev, sizeof(ev), sk);
7517 static void remove_device_complete(struct hci_dev *hdev, u8 status, u16 opcode)
7519 struct pending_cmd *cmd;
7521 BT_DBG("status 0x%02x", status);
7525 cmd = mgmt_pending_find(MGMT_OP_REMOVE_DEVICE, hdev);
7529 cmd->cmd_complete(cmd, mgmt_status(status));
7530 mgmt_pending_remove(cmd);
7533 hci_dev_unlock(hdev);
7536 static int remove_device(struct sock *sk, struct hci_dev *hdev,
7537 void *data, u16 len)
7539 struct mgmt_cp_remove_device *cp = data;
7540 struct pending_cmd *cmd;
7541 struct hci_request req;
7544 BT_DBG("%s", hdev->name);
7546 hci_req_init(&req, hdev);
7550 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_DEVICE, hdev, data, len);
7556 cmd->cmd_complete = addr_cmd_complete;
7558 if (bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
7559 struct hci_conn_params *params;
7562 if (!bdaddr_type_is_valid(cp->addr.type)) {
7563 err = cmd->cmd_complete(cmd,
7564 MGMT_STATUS_INVALID_PARAMS);
7565 mgmt_pending_remove(cmd);
7569 if (cp->addr.type == BDADDR_BREDR) {
7570 err = hci_bdaddr_list_del(&hdev->whitelist,
7574 err = cmd->cmd_complete(cmd,
7575 MGMT_STATUS_INVALID_PARAMS);
7576 mgmt_pending_remove(cmd);
7580 __hci_update_page_scan(&req);
7582 device_removed(sk, hdev, &cp->addr.bdaddr,
7587 if (cp->addr.type == BDADDR_LE_PUBLIC)
7588 addr_type = ADDR_LE_DEV_PUBLIC;
7590 addr_type = ADDR_LE_DEV_RANDOM;
7592 params = hci_conn_params_lookup(hdev, &cp->addr.bdaddr,
7595 err = cmd->cmd_complete(cmd,
7596 MGMT_STATUS_INVALID_PARAMS);
7597 mgmt_pending_remove(cmd);
7601 if (params->auto_connect == HCI_AUTO_CONN_DISABLED) {
7602 err = cmd->cmd_complete(cmd,
7603 MGMT_STATUS_INVALID_PARAMS);
7604 mgmt_pending_remove(cmd);
7608 list_del(¶ms->action);
7609 list_del(¶ms->list);
7611 __hci_update_background_scan(&req);
7613 device_removed(sk, hdev, &cp->addr.bdaddr, cp->addr.type);
7615 struct hci_conn_params *p, *tmp;
7616 struct bdaddr_list *b, *btmp;
7618 if (cp->addr.type) {
7619 err = cmd->cmd_complete(cmd,
7620 MGMT_STATUS_INVALID_PARAMS);
7621 mgmt_pending_remove(cmd);
7625 list_for_each_entry_safe(b, btmp, &hdev->whitelist, list) {
7626 device_removed(sk, hdev, &b->bdaddr, b->bdaddr_type);
7631 __hci_update_page_scan(&req);
7633 list_for_each_entry_safe(p, tmp, &hdev->le_conn_params, list) {
7634 if (p->auto_connect == HCI_AUTO_CONN_DISABLED)
7636 device_removed(sk, hdev, &p->addr, p->addr_type);
7637 list_del(&p->action);
7642 BT_DBG("All LE connection parameters were removed");
7644 __hci_update_background_scan(&req);
7648 err = hci_req_run(&req, remove_device_complete);
7650 /* ENODATA means no HCI commands were needed (e.g. if
7651 * the adapter is powered off).
7653 if (err == -ENODATA)
7654 err = cmd->cmd_complete(cmd, MGMT_STATUS_SUCCESS);
7655 mgmt_pending_remove(cmd);
7659 hci_dev_unlock(hdev);
7663 static int load_conn_param(struct sock *sk, struct hci_dev *hdev, void *data,
7666 struct mgmt_cp_load_conn_param *cp = data;
7667 const u16 max_param_count = ((U16_MAX - sizeof(*cp)) /
7668 sizeof(struct mgmt_conn_param));
7669 u16 param_count, expected_len;
7672 if (!lmp_le_capable(hdev))
7673 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
7674 MGMT_STATUS_NOT_SUPPORTED);
7676 param_count = __le16_to_cpu(cp->param_count);
7677 if (param_count > max_param_count) {
7678 BT_ERR("load_conn_param: too big param_count value %u",
7680 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
7681 MGMT_STATUS_INVALID_PARAMS);
7684 expected_len = sizeof(*cp) + param_count *
7685 sizeof(struct mgmt_conn_param);
7686 if (expected_len != len) {
7687 BT_ERR("load_conn_param: expected %u bytes, got %u bytes",
7689 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
7690 MGMT_STATUS_INVALID_PARAMS);
7693 BT_DBG("%s param_count %u", hdev->name, param_count);
7697 hci_conn_params_clear_disabled(hdev);
7699 for (i = 0; i < param_count; i++) {
7700 struct mgmt_conn_param *param = &cp->params[i];
7701 struct hci_conn_params *hci_param;
7702 u16 min, max, latency, timeout;
7705 BT_DBG("Adding %pMR (type %u)", ¶m->addr.bdaddr,
7708 if (param->addr.type == BDADDR_LE_PUBLIC) {
7709 addr_type = ADDR_LE_DEV_PUBLIC;
7710 } else if (param->addr.type == BDADDR_LE_RANDOM) {
7711 addr_type = ADDR_LE_DEV_RANDOM;
7713 BT_ERR("Ignoring invalid connection parameters");
7717 min = le16_to_cpu(param->min_interval);
7718 max = le16_to_cpu(param->max_interval);
7719 latency = le16_to_cpu(param->latency);
7720 timeout = le16_to_cpu(param->timeout);
7722 BT_DBG("min 0x%04x max 0x%04x latency 0x%04x timeout 0x%04x",
7723 min, max, latency, timeout);
7725 if (hci_check_conn_params(min, max, latency, timeout) < 0) {
7726 BT_ERR("Ignoring invalid connection parameters");
7730 hci_param = hci_conn_params_add(hdev, ¶m->addr.bdaddr,
7733 BT_ERR("Failed to add connection parameters");
7737 hci_param->conn_min_interval = min;
7738 hci_param->conn_max_interval = max;
7739 hci_param->conn_latency = latency;
7740 hci_param->supervision_timeout = timeout;
7743 hci_dev_unlock(hdev);
7745 return cmd_complete(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM, 0, NULL, 0);
7748 static int set_external_config(struct sock *sk, struct hci_dev *hdev,
7749 void *data, u16 len)
7751 struct mgmt_cp_set_external_config *cp = data;
7755 BT_DBG("%s", hdev->name);
7757 if (hdev_is_powered(hdev))
7758 return cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
7759 MGMT_STATUS_REJECTED);
7761 if (cp->config != 0x00 && cp->config != 0x01)
7762 return cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
7763 MGMT_STATUS_INVALID_PARAMS);
7765 if (!test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks))
7766 return cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
7767 MGMT_STATUS_NOT_SUPPORTED);
7772 changed = !test_and_set_bit(HCI_EXT_CONFIGURED,
7775 changed = test_and_clear_bit(HCI_EXT_CONFIGURED,
7778 err = send_options_rsp(sk, MGMT_OP_SET_EXTERNAL_CONFIG, hdev);
7785 err = new_options(hdev, sk);
7787 if (test_bit(HCI_UNCONFIGURED, &hdev->dev_flags) == is_configured(hdev)) {
7788 mgmt_index_removed(hdev);
7790 if (test_and_change_bit(HCI_UNCONFIGURED, &hdev->dev_flags)) {
7791 set_bit(HCI_CONFIG, &hdev->dev_flags);
7792 set_bit(HCI_AUTO_OFF, &hdev->dev_flags);
7794 queue_work(hdev->req_workqueue, &hdev->power_on);
7796 set_bit(HCI_RAW, &hdev->flags);
7797 mgmt_index_added(hdev);
7802 hci_dev_unlock(hdev);
7806 static int set_public_address(struct sock *sk, struct hci_dev *hdev,
7807 void *data, u16 len)
7809 struct mgmt_cp_set_public_address *cp = data;
7813 BT_DBG("%s", hdev->name);
7815 if (hdev_is_powered(hdev))
7816 return cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
7817 MGMT_STATUS_REJECTED);
7819 if (!bacmp(&cp->bdaddr, BDADDR_ANY))
7820 return cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
7821 MGMT_STATUS_INVALID_PARAMS);
7823 if (!hdev->set_bdaddr)
7824 return cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
7825 MGMT_STATUS_NOT_SUPPORTED);
7829 changed = !!bacmp(&hdev->public_addr, &cp->bdaddr);
7830 bacpy(&hdev->public_addr, &cp->bdaddr);
7832 err = send_options_rsp(sk, MGMT_OP_SET_PUBLIC_ADDRESS, hdev);
7839 if (test_bit(HCI_UNCONFIGURED, &hdev->dev_flags))
7840 err = new_options(hdev, sk);
7842 if (is_configured(hdev)) {
7843 mgmt_index_removed(hdev);
7845 clear_bit(HCI_UNCONFIGURED, &hdev->dev_flags);
7847 set_bit(HCI_CONFIG, &hdev->dev_flags);
7848 set_bit(HCI_AUTO_OFF, &hdev->dev_flags);
7850 queue_work(hdev->req_workqueue, &hdev->power_on);
7854 hci_dev_unlock(hdev);
7858 static const struct mgmt_handler {
7859 int (*func) (struct sock *sk, struct hci_dev *hdev, void *data,
7863 } mgmt_handlers[] = {
7864 { NULL }, /* 0x0000 (no command) */
7865 { read_version, false, MGMT_READ_VERSION_SIZE },
7866 { read_commands, false, MGMT_READ_COMMANDS_SIZE },
7867 { read_index_list, false, MGMT_READ_INDEX_LIST_SIZE },
7868 { read_controller_info, false, MGMT_READ_INFO_SIZE },
7869 { set_powered, false, MGMT_SETTING_SIZE },
7870 { set_discoverable, false, MGMT_SET_DISCOVERABLE_SIZE },
7871 { set_connectable, false, MGMT_SETTING_SIZE },
7872 { set_fast_connectable, false, MGMT_SETTING_SIZE },
7873 { set_bondable, false, MGMT_SETTING_SIZE },
7874 { set_link_security, false, MGMT_SETTING_SIZE },
7875 { set_ssp, false, MGMT_SETTING_SIZE },
7876 { set_hs, false, MGMT_SETTING_SIZE },
7877 { set_le, false, MGMT_SETTING_SIZE },
7878 { set_dev_class, false, MGMT_SET_DEV_CLASS_SIZE },
7879 { set_local_name, false, MGMT_SET_LOCAL_NAME_SIZE },
7880 { add_uuid, false, MGMT_ADD_UUID_SIZE },
7881 { remove_uuid, false, MGMT_REMOVE_UUID_SIZE },
7882 { load_link_keys, true, MGMT_LOAD_LINK_KEYS_SIZE },
7883 { load_long_term_keys, true, MGMT_LOAD_LONG_TERM_KEYS_SIZE },
7884 { disconnect, false, MGMT_DISCONNECT_SIZE },
7885 { get_connections, false, MGMT_GET_CONNECTIONS_SIZE },
7886 { pin_code_reply, false, MGMT_PIN_CODE_REPLY_SIZE },
7887 { pin_code_neg_reply, false, MGMT_PIN_CODE_NEG_REPLY_SIZE },
7888 { set_io_capability, false, MGMT_SET_IO_CAPABILITY_SIZE },
7889 { pair_device, false, MGMT_PAIR_DEVICE_SIZE },
7890 { cancel_pair_device, false, MGMT_CANCEL_PAIR_DEVICE_SIZE },
7891 { unpair_device, false, MGMT_UNPAIR_DEVICE_SIZE },
7892 { user_confirm_reply, false, MGMT_USER_CONFIRM_REPLY_SIZE },
7893 { user_confirm_neg_reply, false, MGMT_USER_CONFIRM_NEG_REPLY_SIZE },
7894 { user_passkey_reply, false, MGMT_USER_PASSKEY_REPLY_SIZE },
7895 { user_passkey_neg_reply, false, MGMT_USER_PASSKEY_NEG_REPLY_SIZE },
7896 { read_local_oob_data, false, MGMT_READ_LOCAL_OOB_DATA_SIZE },
7897 { add_remote_oob_data, true, MGMT_ADD_REMOTE_OOB_DATA_SIZE },
7898 { remove_remote_oob_data, false, MGMT_REMOVE_REMOTE_OOB_DATA_SIZE },
7899 { start_discovery, false, MGMT_START_DISCOVERY_SIZE },
7900 { stop_discovery, false, MGMT_STOP_DISCOVERY_SIZE },
7901 { confirm_name, false, MGMT_CONFIRM_NAME_SIZE },
7902 { block_device, false, MGMT_BLOCK_DEVICE_SIZE },
7903 { unblock_device, false, MGMT_UNBLOCK_DEVICE_SIZE },
7904 { set_device_id, false, MGMT_SET_DEVICE_ID_SIZE },
7905 { set_advertising, false, MGMT_SETTING_SIZE },
7906 { set_bredr, false, MGMT_SETTING_SIZE },
7907 { set_static_address, false, MGMT_SET_STATIC_ADDRESS_SIZE },
7908 { set_scan_params, false, MGMT_SET_SCAN_PARAMS_SIZE },
7909 { set_secure_conn, false, MGMT_SETTING_SIZE },
7910 { set_debug_keys, false, MGMT_SETTING_SIZE },
7911 { set_privacy, false, MGMT_SET_PRIVACY_SIZE },
7912 { load_irks, true, MGMT_LOAD_IRKS_SIZE },
7913 { get_conn_info, false, MGMT_GET_CONN_INFO_SIZE },
7914 { get_clock_info, false, MGMT_GET_CLOCK_INFO_SIZE },
7915 { add_device, false, MGMT_ADD_DEVICE_SIZE },
7916 { remove_device, false, MGMT_REMOVE_DEVICE_SIZE },
7917 { load_conn_param, true, MGMT_LOAD_CONN_PARAM_SIZE },
7918 { read_unconf_index_list, false, MGMT_READ_UNCONF_INDEX_LIST_SIZE },
7919 { read_config_info, false, MGMT_READ_CONFIG_INFO_SIZE },
7920 { set_external_config, false, MGMT_SET_EXTERNAL_CONFIG_SIZE },
7921 { set_public_address, false, MGMT_SET_PUBLIC_ADDRESS_SIZE },
7922 { start_service_discovery,true, MGMT_START_SERVICE_DISCOVERY_SIZE },
7925 #ifdef CONFIG_TIZEN_WIP
7926 static const struct mgmt_handler tizen_mgmt_handlers[] = {
7927 { NULL }, /* 0x0000 (no command) */
7928 { set_advertising_params, false, MGMT_SET_ADVERTISING_PARAMS_SIZE },
7929 { set_advertising_data, true, MGMT_SET_ADV_MIN_APP_DATA_SIZE },
7930 { set_scan_rsp_data, true, MGMT_SET_SCAN_RSP_MIN_APP_DATA_SIZE },
7931 { add_white_list, false, MGMT_ADD_DEV_WHITE_LIST_SIZE },
7932 { remove_from_white_list, false, MGMT_REMOVE_DEV_FROM_WHITE_LIST_SIZE },
7933 { clear_white_list, false, MGMT_OP_CLEAR_DEV_WHITE_LIST_SIZE },
7934 { set_enable_rssi, false, MGMT_SET_RSSI_ENABLE_SIZE },
7935 { get_raw_rssi, false, MGMT_GET_RAW_RSSI_SIZE },
7936 { set_disable_threshold, false, MGMT_SET_RSSI_DISABLE_SIZE },
7937 { start_le_discovery, false, MGMT_START_LE_DISCOVERY_SIZE },
7938 { stop_le_discovery, false, MGMT_STOP_LE_DISCOVERY_SIZE },
7939 { disable_le_auto_connect, false, MGMT_DISABLE_LE_AUTO_CONNECT_SIZE },
7940 { le_conn_update, false, MGMT_LE_CONN_UPDATE_SIZE},
7941 { set_manufacturer_data, false, MGMT_SET_MANUFACTURER_DATA_SIZE},
7942 { le_set_scan_params, false, MGMT_LE_SET_SCAN_PARAMS_SIZE },
7943 { set_voice_setting, false, MGMT_SET_VOICE_SETTING_SIZE},
7944 { get_adv_tx_power, false, MGMT_GET_ADV_TX_POWER_SIZE},
7945 { enable_bt_6lowpan, false, MGMT_ENABLE_BT_6LOWPAN_SIZE },
7949 int mgmt_control(struct sock *sk, struct msghdr *msg, size_t msglen)
7953 struct mgmt_hdr *hdr;
7954 u16 opcode, index, len;
7955 struct hci_dev *hdev = NULL;
7956 const struct mgmt_handler *handler;
7959 BT_DBG("got %zu bytes", msglen);
7961 if (msglen < sizeof(*hdr))
7964 buf = kmalloc(msglen, GFP_KERNEL);
7968 #ifdef CONFIG_TIZEN_WIP
7969 if (memcpy_fromiovec(buf, msg->msg_iov, msglen)) {
7971 if (memcpy_from_msg(buf, msg, msglen)) {
7978 opcode = __le16_to_cpu(hdr->opcode);
7979 index = __le16_to_cpu(hdr->index);
7980 len = __le16_to_cpu(hdr->len);
7982 if (len != msglen - sizeof(*hdr)) {
7987 if (index != MGMT_INDEX_NONE) {
7988 hdev = hci_dev_get(index);
7990 err = cmd_status(sk, index, opcode,
7991 MGMT_STATUS_INVALID_INDEX);
7995 if (test_bit(HCI_SETUP, &hdev->dev_flags) ||
7996 test_bit(HCI_CONFIG, &hdev->dev_flags) ||
7997 test_bit(HCI_USER_CHANNEL, &hdev->dev_flags)) {
7998 err = cmd_status(sk, index, opcode,
7999 MGMT_STATUS_INVALID_INDEX);
8003 if (test_bit(HCI_UNCONFIGURED, &hdev->dev_flags) &&
8004 opcode != MGMT_OP_READ_CONFIG_INFO &&
8005 opcode != MGMT_OP_SET_EXTERNAL_CONFIG &&
8006 opcode != MGMT_OP_SET_PUBLIC_ADDRESS) {
8007 err = cmd_status(sk, index, opcode,
8008 MGMT_STATUS_INVALID_INDEX);
8013 if (opcode >= ARRAY_SIZE(mgmt_handlers) ||
8014 mgmt_handlers[opcode].func == NULL) {
8015 #ifdef CONFIG_TIZEN_WIP
8016 u16 tizen_opcode = opcode - TIZEN_OP_CODE_BASE;
8018 if (tizen_opcode > 0 &&
8019 tizen_opcode < ARRAY_SIZE(tizen_mgmt_handlers) &&
8020 tizen_mgmt_handlers[tizen_opcode].func) {
8022 handler = &tizen_mgmt_handlers[tizen_opcode];
8026 BT_DBG("Unknown op %u", opcode);
8027 err = cmd_status(sk, index, opcode,
8028 MGMT_STATUS_UNKNOWN_COMMAND);
8032 if (hdev && (opcode <= MGMT_OP_READ_INDEX_LIST ||
8033 opcode == MGMT_OP_READ_UNCONF_INDEX_LIST)) {
8034 err = cmd_status(sk, index, opcode,
8035 MGMT_STATUS_INVALID_INDEX);
8039 if (!hdev && (opcode > MGMT_OP_READ_INDEX_LIST &&
8040 opcode != MGMT_OP_READ_UNCONF_INDEX_LIST)) {
8041 err = cmd_status(sk, index, opcode,
8042 MGMT_STATUS_INVALID_INDEX);
8046 handler = &mgmt_handlers[opcode];
8048 #ifdef CONFIG_TIZEN_WIP
8051 if ((handler->var_len && len < handler->data_len) ||
8052 (!handler->var_len && len != handler->data_len)) {
8053 err = cmd_status(sk, index, opcode,
8054 MGMT_STATUS_INVALID_PARAMS);
8059 mgmt_init_hdev(sk, hdev);
8061 cp = buf + sizeof(*hdr);
8063 err = handler->func(sk, hdev, cp, len);
8077 void mgmt_index_added(struct hci_dev *hdev)
8079 if (hdev->dev_type != HCI_BREDR)
8082 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
8085 if (test_bit(HCI_UNCONFIGURED, &hdev->dev_flags))
8086 mgmt_event(MGMT_EV_UNCONF_INDEX_ADDED, hdev, NULL, 0, NULL);
8088 mgmt_event(MGMT_EV_INDEX_ADDED, hdev, NULL, 0, NULL);
8091 void mgmt_index_removed(struct hci_dev *hdev)
8093 u8 status = MGMT_STATUS_INVALID_INDEX;
8095 if (hdev->dev_type != HCI_BREDR)
8098 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
8101 mgmt_pending_foreach(0, hdev, cmd_complete_rsp, &status);
8103 if (test_bit(HCI_UNCONFIGURED, &hdev->dev_flags))
8104 mgmt_event(MGMT_EV_UNCONF_INDEX_REMOVED, hdev, NULL, 0, NULL);
8106 mgmt_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0, NULL);
8109 /* This function requires the caller holds hdev->lock */
8110 static void restart_le_actions(struct hci_request *req)
8112 struct hci_dev *hdev = req->hdev;
8113 struct hci_conn_params *p;
8115 list_for_each_entry(p, &hdev->le_conn_params, list) {
8116 /* Needed for AUTO_OFF case where might not "really"
8117 * have been powered off.
8119 list_del_init(&p->action);
8121 switch (p->auto_connect) {
8122 case HCI_AUTO_CONN_DIRECT:
8123 case HCI_AUTO_CONN_ALWAYS:
8124 list_add(&p->action, &hdev->pend_le_conns);
8126 case HCI_AUTO_CONN_REPORT:
8127 list_add(&p->action, &hdev->pend_le_reports);
8134 __hci_update_background_scan(req);
8137 static void powered_complete(struct hci_dev *hdev, u8 status, u16 opcode)
8139 struct cmd_lookup match = { NULL, hdev };
8141 BT_DBG("status 0x%02x", status);
8144 /* Register the available SMP channels (BR/EDR and LE) only
8145 * when successfully powering on the controller. This late
8146 * registration is required so that LE SMP can clearly
8147 * decide if the public address or static address is used.
8154 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
8156 new_settings(hdev, match.sk);
8158 hci_dev_unlock(hdev);
8164 static int powered_update_hci(struct hci_dev *hdev)
8166 struct hci_request req;
8169 hci_req_init(&req, hdev);
8171 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags) &&
8172 !lmp_host_ssp_capable(hdev)) {
8175 hci_req_add(&req, HCI_OP_WRITE_SSP_MODE, sizeof(mode), &mode);
8177 if (bredr_sc_enabled(hdev) && !lmp_host_sc_capable(hdev)) {
8180 hci_req_add(&req, HCI_OP_WRITE_SC_SUPPORT,
8181 sizeof(support), &support);
8185 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags) &&
8186 lmp_bredr_capable(hdev)) {
8187 struct hci_cp_write_le_host_supported cp;
8192 /* Check first if we already have the right
8193 * host state (host features set)
8195 if (cp.le != lmp_host_le_capable(hdev) ||
8196 cp.simul != lmp_host_le_br_capable(hdev))
8197 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED,
8201 if (lmp_le_capable(hdev)) {
8202 /* Make sure the controller has a good default for
8203 * advertising data. This also applies to the case
8204 * where BR/EDR was toggled during the AUTO_OFF phase.
8206 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
8207 update_adv_data(&req);
8208 update_scan_rsp_data(&req);
8211 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
8212 enable_advertising(&req);
8214 restart_le_actions(&req);
8217 link_sec = test_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
8218 if (link_sec != test_bit(HCI_AUTH, &hdev->flags))
8219 hci_req_add(&req, HCI_OP_WRITE_AUTH_ENABLE,
8220 sizeof(link_sec), &link_sec);
8222 if (lmp_bredr_capable(hdev)) {
8223 write_fast_connectable(&req, false);
8224 __hci_update_page_scan(&req);
8230 return hci_req_run(&req, powered_complete);
8233 int mgmt_powered(struct hci_dev *hdev, u8 powered)
8235 struct cmd_lookup match = { NULL, hdev };
8236 u8 status, zero_cod[] = { 0, 0, 0 };
8239 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
8243 if (powered_update_hci(hdev) == 0)
8246 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp,
8251 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
8253 /* If the power off is because of hdev unregistration let
8254 * use the appropriate INVALID_INDEX status. Otherwise use
8255 * NOT_POWERED. We cover both scenarios here since later in
8256 * mgmt_index_removed() any hci_conn callbacks will have already
8257 * been triggered, potentially causing misleading DISCONNECTED
8260 if (test_bit(HCI_UNREGISTER, &hdev->dev_flags))
8261 status = MGMT_STATUS_INVALID_INDEX;
8263 status = MGMT_STATUS_NOT_POWERED;
8265 mgmt_pending_foreach(0, hdev, cmd_complete_rsp, &status);
8267 if (memcmp(hdev->dev_class, zero_cod, sizeof(zero_cod)) != 0)
8268 mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev,
8269 zero_cod, sizeof(zero_cod), NULL);
8272 err = new_settings(hdev, match.sk);
8280 void mgmt_set_powered_failed(struct hci_dev *hdev, int err)
8282 struct pending_cmd *cmd;
8285 cmd = mgmt_pending_find(MGMT_OP_SET_POWERED, hdev);
8289 if (err == -ERFKILL)
8290 status = MGMT_STATUS_RFKILLED;
8292 status = MGMT_STATUS_FAILED;
8294 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_POWERED, status);
8296 mgmt_pending_remove(cmd);
8299 void mgmt_discoverable_timeout(struct hci_dev *hdev)
8301 struct hci_request req;
8305 /* When discoverable timeout triggers, then just make sure
8306 * the limited discoverable flag is cleared. Even in the case
8307 * of a timeout triggered from general discoverable, it is
8308 * safe to unconditionally clear the flag.
8310 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
8311 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
8313 hci_req_init(&req, hdev);
8314 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
8315 u8 scan = SCAN_PAGE;
8316 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE,
8317 sizeof(scan), &scan);
8320 update_adv_data(&req);
8321 hci_req_run(&req, NULL);
8323 hdev->discov_timeout = 0;
8325 new_settings(hdev, NULL);
8327 hci_dev_unlock(hdev);
8330 void mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key,
8333 struct mgmt_ev_new_link_key ev;
8335 memset(&ev, 0, sizeof(ev));
8337 ev.store_hint = persistent;
8338 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
8339 ev.key.addr.type = BDADDR_BREDR;
8340 ev.key.type = key->type;
8341 memcpy(ev.key.val, key->val, HCI_LINK_KEY_SIZE);
8342 ev.key.pin_len = key->pin_len;
8344 mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL);
8347 static u8 mgmt_ltk_type(struct smp_ltk *ltk)
8349 switch (ltk->type) {
8352 if (ltk->authenticated)
8353 return MGMT_LTK_AUTHENTICATED;
8354 return MGMT_LTK_UNAUTHENTICATED;
8356 if (ltk->authenticated)
8357 return MGMT_LTK_P256_AUTH;
8358 return MGMT_LTK_P256_UNAUTH;
8359 case SMP_LTK_P256_DEBUG:
8360 return MGMT_LTK_P256_DEBUG;
8363 return MGMT_LTK_UNAUTHENTICATED;
8366 void mgmt_new_ltk(struct hci_dev *hdev, struct smp_ltk *key, bool persistent)
8368 struct mgmt_ev_new_long_term_key ev;
8370 memset(&ev, 0, sizeof(ev));
8372 /* Devices using resolvable or non-resolvable random addresses
8373 * without providing an indentity resolving key don't require
8374 * to store long term keys. Their addresses will change the
8377 * Only when a remote device provides an identity address
8378 * make sure the long term key is stored. If the remote
8379 * identity is known, the long term keys are internally
8380 * mapped to the identity address. So allow static random
8381 * and public addresses here.
8383 if (key->bdaddr_type == ADDR_LE_DEV_RANDOM &&
8384 (key->bdaddr.b[5] & 0xc0) != 0xc0)
8385 ev.store_hint = 0x00;
8387 ev.store_hint = persistent;
8389 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
8390 ev.key.addr.type = link_to_bdaddr(LE_LINK, key->bdaddr_type);
8391 ev.key.type = mgmt_ltk_type(key);
8392 ev.key.enc_size = key->enc_size;
8393 ev.key.ediv = key->ediv;
8394 ev.key.rand = key->rand;
8396 if (key->type == SMP_LTK)
8399 memcpy(ev.key.val, key->val, sizeof(key->val));
8401 mgmt_event(MGMT_EV_NEW_LONG_TERM_KEY, hdev, &ev, sizeof(ev), NULL);
8404 void mgmt_new_irk(struct hci_dev *hdev, struct smp_irk *irk)
8406 struct mgmt_ev_new_irk ev;
8408 memset(&ev, 0, sizeof(ev));
8410 /* For identity resolving keys from devices that are already
8411 * using a public address or static random address, do not
8412 * ask for storing this key. The identity resolving key really
8413 * is only mandatory for devices using resovlable random
8416 * Storing all identity resolving keys has the downside that
8417 * they will be also loaded on next boot of they system. More
8418 * identity resolving keys, means more time during scanning is
8419 * needed to actually resolve these addresses.
8421 if (bacmp(&irk->rpa, BDADDR_ANY))
8422 ev.store_hint = 0x01;
8424 ev.store_hint = 0x00;
8426 bacpy(&ev.rpa, &irk->rpa);
8427 bacpy(&ev.irk.addr.bdaddr, &irk->bdaddr);
8428 ev.irk.addr.type = link_to_bdaddr(LE_LINK, irk->addr_type);
8429 memcpy(ev.irk.val, irk->val, sizeof(irk->val));
8431 mgmt_event(MGMT_EV_NEW_IRK, hdev, &ev, sizeof(ev), NULL);
8434 void mgmt_new_csrk(struct hci_dev *hdev, struct smp_csrk *csrk,
8437 struct mgmt_ev_new_csrk ev;
8439 memset(&ev, 0, sizeof(ev));
8441 /* Devices using resolvable or non-resolvable random addresses
8442 * without providing an indentity resolving key don't require
8443 * to store signature resolving keys. Their addresses will change
8444 * the next time around.
8446 * Only when a remote device provides an identity address
8447 * make sure the signature resolving key is stored. So allow
8448 * static random and public addresses here.
8450 if (csrk->bdaddr_type == ADDR_LE_DEV_RANDOM &&
8451 (csrk->bdaddr.b[5] & 0xc0) != 0xc0)
8452 ev.store_hint = 0x00;
8454 ev.store_hint = persistent;
8456 bacpy(&ev.key.addr.bdaddr, &csrk->bdaddr);
8457 ev.key.addr.type = link_to_bdaddr(LE_LINK, csrk->bdaddr_type);
8458 ev.key.master = csrk->master;
8459 memcpy(ev.key.val, csrk->val, sizeof(csrk->val));
8461 mgmt_event(MGMT_EV_NEW_CSRK, hdev, &ev, sizeof(ev), NULL);
8464 void mgmt_new_conn_param(struct hci_dev *hdev, bdaddr_t *bdaddr,
8465 u8 bdaddr_type, u8 store_hint, u16 min_interval,
8466 u16 max_interval, u16 latency, u16 timeout)
8468 struct mgmt_ev_new_conn_param ev;
8470 if (!hci_is_identity_address(bdaddr, bdaddr_type))
8473 memset(&ev, 0, sizeof(ev));
8474 bacpy(&ev.addr.bdaddr, bdaddr);
8475 ev.addr.type = link_to_bdaddr(LE_LINK, bdaddr_type);
8476 ev.store_hint = store_hint;
8477 ev.min_interval = cpu_to_le16(min_interval);
8478 ev.max_interval = cpu_to_le16(max_interval);
8479 ev.latency = cpu_to_le16(latency);
8480 ev.timeout = cpu_to_le16(timeout);
8482 mgmt_event(MGMT_EV_NEW_CONN_PARAM, hdev, &ev, sizeof(ev), NULL);
8485 static inline u16 eir_append_data(u8 *eir, u16 eir_len, u8 type, u8 *data,
8488 eir[eir_len++] = sizeof(type) + data_len;
8489 eir[eir_len++] = type;
8490 memcpy(&eir[eir_len], data, data_len);
8491 eir_len += data_len;
8496 void mgmt_device_connected(struct hci_dev *hdev, struct hci_conn *conn,
8497 u32 flags, u8 *name, u8 name_len)
8500 struct mgmt_ev_device_connected *ev = (void *) buf;
8503 bacpy(&ev->addr.bdaddr, &conn->dst);
8504 ev->addr.type = link_to_bdaddr(conn->type, conn->dst_type);
8506 ev->flags = __cpu_to_le32(flags);
8508 /* We must ensure that the EIR Data fields are ordered and
8509 * unique. Keep it simple for now and avoid the problem by not
8510 * adding any BR/EDR data to the LE adv.
8512 if (conn->le_adv_data_len > 0) {
8513 memcpy(&ev->eir[eir_len],
8514 conn->le_adv_data, conn->le_adv_data_len);
8515 eir_len = conn->le_adv_data_len;
8518 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE,
8521 if (memcmp(conn->dev_class, "\0\0\0", 3) != 0)
8522 eir_len = eir_append_data(ev->eir, eir_len,
8524 conn->dev_class, 3);
8527 ev->eir_len = cpu_to_le16(eir_len);
8529 mgmt_event(MGMT_EV_DEVICE_CONNECTED, hdev, buf,
8530 sizeof(*ev) + eir_len, NULL);
8533 #ifdef CONFIG_TIZEN_WIP
8534 /* BEGIN TIZEN_Bluetooth :: name update changes */
8535 int mgmt_device_name_update(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 *name,
8539 struct mgmt_ev_device_name_update *ev = (void *) buf;
8545 bacpy(&ev->addr.bdaddr, bdaddr);
8546 ev->addr.type = BDADDR_BREDR;
8548 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE, name,
8551 ev->eir_len = cpu_to_le16(eir_len);
8553 return mgmt_event(MGMT_EV_DEVICE_NAME_UPDATE, hdev, buf,
8554 sizeof(*ev) + eir_len, NULL);
8556 /* END TIZEN_Bluetooth :: name update changes */
8559 static void disconnect_rsp(struct pending_cmd *cmd, void *data)
8561 struct sock **sk = data;
8563 cmd->cmd_complete(cmd, 0);
8568 mgmt_pending_remove(cmd);
8571 static void unpair_device_rsp(struct pending_cmd *cmd, void *data)
8573 struct hci_dev *hdev = data;
8574 struct mgmt_cp_unpair_device *cp = cmd->param;
8576 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, cmd->sk);
8578 cmd->cmd_complete(cmd, 0);
8579 mgmt_pending_remove(cmd);
8582 bool mgmt_powering_down(struct hci_dev *hdev)
8584 struct pending_cmd *cmd;
8585 struct mgmt_mode *cp;
8587 cmd = mgmt_pending_find(MGMT_OP_SET_POWERED, hdev);
8598 void mgmt_device_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr,
8599 u8 link_type, u8 addr_type, u8 reason,
8600 bool mgmt_connected)
8602 struct mgmt_ev_device_disconnected ev;
8603 struct sock *sk = NULL;
8605 /* The connection is still in hci_conn_hash so test for 1
8606 * instead of 0 to know if this is the last one.
8608 if (mgmt_powering_down(hdev) && hci_conn_count(hdev) == 1) {
8609 cancel_delayed_work(&hdev->power_off);
8610 queue_work(hdev->req_workqueue, &hdev->power_off.work);
8613 if (!mgmt_connected)
8616 if (link_type != ACL_LINK && link_type != LE_LINK)
8619 mgmt_pending_foreach(MGMT_OP_DISCONNECT, hdev, disconnect_rsp, &sk);
8621 bacpy(&ev.addr.bdaddr, bdaddr);
8622 ev.addr.type = link_to_bdaddr(link_type, addr_type);
8625 mgmt_event(MGMT_EV_DEVICE_DISCONNECTED, hdev, &ev, sizeof(ev), sk);
8630 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
8634 void mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr,
8635 u8 link_type, u8 addr_type, u8 status)
8637 u8 bdaddr_type = link_to_bdaddr(link_type, addr_type);
8638 struct mgmt_cp_disconnect *cp;
8639 struct pending_cmd *cmd;
8641 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
8644 cmd = mgmt_pending_find(MGMT_OP_DISCONNECT, hdev);
8650 if (bacmp(bdaddr, &cp->addr.bdaddr))
8653 if (cp->addr.type != bdaddr_type)
8656 cmd->cmd_complete(cmd, mgmt_status(status));
8657 mgmt_pending_remove(cmd);
8660 void mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
8661 u8 addr_type, u8 status)
8663 struct mgmt_ev_connect_failed ev;
8665 /* The connection is still in hci_conn_hash so test for 1
8666 * instead of 0 to know if this is the last one.
8668 if (mgmt_powering_down(hdev) && hci_conn_count(hdev) == 1) {
8669 cancel_delayed_work(&hdev->power_off);
8670 queue_work(hdev->req_workqueue, &hdev->power_off.work);
8673 bacpy(&ev.addr.bdaddr, bdaddr);
8674 ev.addr.type = link_to_bdaddr(link_type, addr_type);
8675 ev.status = mgmt_status(status);
8677 mgmt_event(MGMT_EV_CONNECT_FAILED, hdev, &ev, sizeof(ev), NULL);
8679 #ifdef CONFIG_TIZEN_WIP
8680 void mgmt_hardware_error(struct hci_dev *hdev, u8 err_code)
8682 struct mgmt_ev_hardware_error ev;
8684 ev.error_code = err_code;
8685 mgmt_event(MGMT_EV_HARDWARE_ERROR, hdev, &ev, sizeof(ev), NULL);
8688 void mgmt_tx_timeout_error(struct hci_dev *hdev)
8690 mgmt_event(MGMT_EV_TX_TIMEOUT_ERROR, hdev, NULL, 0, NULL);
8694 void mgmt_pin_code_request(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 secure)
8696 struct mgmt_ev_pin_code_request ev;
8698 bacpy(&ev.addr.bdaddr, bdaddr);
8699 ev.addr.type = BDADDR_BREDR;
8702 mgmt_event(MGMT_EV_PIN_CODE_REQUEST, hdev, &ev, sizeof(ev), NULL);
8705 void mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
8708 struct pending_cmd *cmd;
8710 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_REPLY, hdev);
8714 cmd->cmd_complete(cmd, mgmt_status(status));
8715 mgmt_pending_remove(cmd);
8718 void mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
8721 struct pending_cmd *cmd;
8723 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, hdev);
8727 cmd->cmd_complete(cmd, mgmt_status(status));
8728 mgmt_pending_remove(cmd);
8731 int mgmt_user_confirm_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
8732 u8 link_type, u8 addr_type, u32 value,
8735 struct mgmt_ev_user_confirm_request ev;
8737 BT_DBG("%s", hdev->name);
8739 bacpy(&ev.addr.bdaddr, bdaddr);
8740 ev.addr.type = link_to_bdaddr(link_type, addr_type);
8741 ev.confirm_hint = confirm_hint;
8742 ev.value = cpu_to_le32(value);
8744 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, hdev, &ev, sizeof(ev),
8748 int mgmt_user_passkey_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
8749 u8 link_type, u8 addr_type)
8751 struct mgmt_ev_user_passkey_request ev;
8753 BT_DBG("%s", hdev->name);
8755 bacpy(&ev.addr.bdaddr, bdaddr);
8756 ev.addr.type = link_to_bdaddr(link_type, addr_type);
8758 return mgmt_event(MGMT_EV_USER_PASSKEY_REQUEST, hdev, &ev, sizeof(ev),
8762 static int user_pairing_resp_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
8763 u8 link_type, u8 addr_type, u8 status,
8766 struct pending_cmd *cmd;
8768 cmd = mgmt_pending_find(opcode, hdev);
8772 cmd->cmd_complete(cmd, mgmt_status(status));
8773 mgmt_pending_remove(cmd);
8778 int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
8779 u8 link_type, u8 addr_type, u8 status)
8781 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
8782 status, MGMT_OP_USER_CONFIRM_REPLY);
8785 int mgmt_user_confirm_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
8786 u8 link_type, u8 addr_type, u8 status)
8788 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
8790 MGMT_OP_USER_CONFIRM_NEG_REPLY);
8793 int mgmt_user_passkey_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
8794 u8 link_type, u8 addr_type, u8 status)
8796 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
8797 status, MGMT_OP_USER_PASSKEY_REPLY);
8800 int mgmt_user_passkey_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
8801 u8 link_type, u8 addr_type, u8 status)
8803 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
8805 MGMT_OP_USER_PASSKEY_NEG_REPLY);
8808 int mgmt_user_passkey_notify(struct hci_dev *hdev, bdaddr_t *bdaddr,
8809 u8 link_type, u8 addr_type, u32 passkey,
8812 struct mgmt_ev_passkey_notify ev;
8814 BT_DBG("%s", hdev->name);
8816 bacpy(&ev.addr.bdaddr, bdaddr);
8817 ev.addr.type = link_to_bdaddr(link_type, addr_type);
8818 ev.passkey = __cpu_to_le32(passkey);
8819 ev.entered = entered;
8821 return mgmt_event(MGMT_EV_PASSKEY_NOTIFY, hdev, &ev, sizeof(ev), NULL);
8824 void mgmt_auth_failed(struct hci_conn *conn, u8 hci_status)
8826 struct mgmt_ev_auth_failed ev;
8827 struct pending_cmd *cmd;
8828 u8 status = mgmt_status(hci_status);
8830 bacpy(&ev.addr.bdaddr, &conn->dst);
8831 ev.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
8834 cmd = find_pairing(conn);
8836 mgmt_event(MGMT_EV_AUTH_FAILED, conn->hdev, &ev, sizeof(ev),
8837 cmd ? cmd->sk : NULL);
8840 cmd->cmd_complete(cmd, status);
8841 mgmt_pending_remove(cmd);
8845 void mgmt_auth_enable_complete(struct hci_dev *hdev, u8 status)
8847 struct cmd_lookup match = { NULL, hdev };
8851 u8 mgmt_err = mgmt_status(status);
8852 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev,
8853 cmd_status_rsp, &mgmt_err);
8857 if (test_bit(HCI_AUTH, &hdev->flags))
8858 changed = !test_and_set_bit(HCI_LINK_SECURITY,
8861 changed = test_and_clear_bit(HCI_LINK_SECURITY,
8864 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev, settings_rsp,
8868 new_settings(hdev, match.sk);
8874 static void clear_eir(struct hci_request *req)
8876 struct hci_dev *hdev = req->hdev;
8877 struct hci_cp_write_eir cp;
8879 if (!lmp_ext_inq_capable(hdev))
8882 memset(hdev->eir, 0, sizeof(hdev->eir));
8884 memset(&cp, 0, sizeof(cp));
8886 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
8889 void mgmt_ssp_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
8891 struct cmd_lookup match = { NULL, hdev };
8892 struct hci_request req;
8893 bool changed = false;
8896 u8 mgmt_err = mgmt_status(status);
8898 if (enable && test_and_clear_bit(HCI_SSP_ENABLED,
8899 &hdev->dev_flags)) {
8900 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
8901 new_settings(hdev, NULL);
8904 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, cmd_status_rsp,
8910 changed = !test_and_set_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
8912 changed = test_and_clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
8914 changed = test_and_clear_bit(HCI_HS_ENABLED,
8917 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
8920 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, settings_rsp, &match);
8923 new_settings(hdev, match.sk);
8928 hci_req_init(&req, hdev);
8930 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
8931 if (test_bit(HCI_USE_DEBUG_KEYS, &hdev->dev_flags))
8932 hci_req_add(&req, HCI_OP_WRITE_SSP_DEBUG_MODE,
8933 sizeof(enable), &enable);
8939 hci_req_run(&req, NULL);
8942 static void sk_lookup(struct pending_cmd *cmd, void *data)
8944 struct cmd_lookup *match = data;
8946 if (match->sk == NULL) {
8947 match->sk = cmd->sk;
8948 sock_hold(match->sk);
8952 void mgmt_set_class_of_dev_complete(struct hci_dev *hdev, u8 *dev_class,
8955 struct cmd_lookup match = { NULL, hdev, mgmt_status(status) };
8957 mgmt_pending_foreach(MGMT_OP_SET_DEV_CLASS, hdev, sk_lookup, &match);
8958 mgmt_pending_foreach(MGMT_OP_ADD_UUID, hdev, sk_lookup, &match);
8959 mgmt_pending_foreach(MGMT_OP_REMOVE_UUID, hdev, sk_lookup, &match);
8962 mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev, dev_class, 3,
8969 void mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status)
8971 struct mgmt_cp_set_local_name ev;
8972 struct pending_cmd *cmd;
8977 memset(&ev, 0, sizeof(ev));
8978 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
8979 memcpy(ev.short_name, hdev->short_name, HCI_MAX_SHORT_NAME_LENGTH);
8981 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
8983 memcpy(hdev->dev_name, name, sizeof(hdev->dev_name));
8985 /* If this is a HCI command related to powering on the
8986 * HCI dev don't send any mgmt signals.
8988 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev))
8992 mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, &ev, sizeof(ev),
8993 cmd ? cmd->sk : NULL);
8996 void mgmt_read_local_oob_data_complete(struct hci_dev *hdev, u8 *hash192,
8997 u8 *rand192, u8 *hash256, u8 *rand256,
9000 struct pending_cmd *cmd;
9002 BT_DBG("%s status %u", hdev->name, status);
9004 cmd = mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev);
9009 cmd_status(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
9010 mgmt_status(status));
9012 if (bredr_sc_enabled(hdev) && hash256 && rand256) {
9013 struct mgmt_rp_read_local_oob_ext_data rp;
9015 memcpy(rp.hash192, hash192, sizeof(rp.hash192));
9016 memcpy(rp.rand192, rand192, sizeof(rp.rand192));
9018 memcpy(rp.hash256, hash256, sizeof(rp.hash256));
9019 memcpy(rp.rand256, rand256, sizeof(rp.rand256));
9021 cmd_complete(cmd->sk, hdev->id,
9022 MGMT_OP_READ_LOCAL_OOB_DATA, 0,
9025 struct mgmt_rp_read_local_oob_data rp;
9027 memcpy(rp.hash, hash192, sizeof(rp.hash));
9028 memcpy(rp.rand, rand192, sizeof(rp.rand));
9030 cmd_complete(cmd->sk, hdev->id,
9031 MGMT_OP_READ_LOCAL_OOB_DATA, 0,
9036 mgmt_pending_remove(cmd);
9039 static inline bool has_uuid(u8 *uuid, u16 uuid_count, u8 (*uuids)[16])
9043 for (i = 0; i < uuid_count; i++) {
9044 if (!memcmp(uuid, uuids[i], 16))
9051 static bool eir_has_uuids(u8 *eir, u16 eir_len, u16 uuid_count, u8 (*uuids)[16])
9055 while (parsed < eir_len) {
9056 u8 field_len = eir[0];
9063 if (eir_len - parsed < field_len + 1)
9067 case EIR_UUID16_ALL:
9068 case EIR_UUID16_SOME:
9069 for (i = 0; i + 3 <= field_len; i += 2) {
9070 memcpy(uuid, bluetooth_base_uuid, 16);
9071 uuid[13] = eir[i + 3];
9072 uuid[12] = eir[i + 2];
9073 if (has_uuid(uuid, uuid_count, uuids))
9077 case EIR_UUID32_ALL:
9078 case EIR_UUID32_SOME:
9079 for (i = 0; i + 5 <= field_len; i += 4) {
9080 memcpy(uuid, bluetooth_base_uuid, 16);
9081 uuid[15] = eir[i + 5];
9082 uuid[14] = eir[i + 4];
9083 uuid[13] = eir[i + 3];
9084 uuid[12] = eir[i + 2];
9085 if (has_uuid(uuid, uuid_count, uuids))
9089 case EIR_UUID128_ALL:
9090 case EIR_UUID128_SOME:
9091 for (i = 0; i + 17 <= field_len; i += 16) {
9092 memcpy(uuid, eir + i + 2, 16);
9093 if (has_uuid(uuid, uuid_count, uuids))
9099 parsed += field_len + 1;
9100 eir += field_len + 1;
9106 void mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
9107 u8 addr_type, u8 *dev_class, s8 rssi, u32 flags,
9108 u8 *eir, u16 eir_len, u8 *scan_rsp, u8 scan_rsp_len)
9111 struct mgmt_ev_device_found *ev = (void *) buf;
9115 /* Don't send events for a non-kernel initiated discovery. With
9116 * LE one exception is if we have pend_le_reports > 0 in which
9117 * case we're doing passive scanning and want these events.
9119 if (!hci_discovery_active(hdev)) {
9120 if (link_type == ACL_LINK)
9122 if (link_type == LE_LINK && list_empty(&hdev->pend_le_reports))
9126 /* When using service discovery with a RSSI threshold, then check
9127 * if such a RSSI threshold is specified. If a RSSI threshold has
9128 * been specified, then all results with a RSSI smaller than the
9129 * RSSI threshold will be dropped.
9131 * For BR/EDR devices (pre 1.2) providing no RSSI during inquiry,
9132 * the results are also dropped.
9134 if (hdev->discovery.rssi != HCI_RSSI_INVALID &&
9135 (rssi < hdev->discovery.rssi || rssi == HCI_RSSI_INVALID))
9138 /* Make sure that the buffer is big enough. The 5 extra bytes
9139 * are for the potential CoD field.
9141 if (sizeof(*ev) + eir_len + scan_rsp_len + 5 > sizeof(buf))
9144 memset(buf, 0, sizeof(buf));
9146 /* In case of device discovery with BR/EDR devices (pre 1.2), the
9147 * RSSI value was reported as 0 when not available. This behavior
9148 * is kept when using device discovery. This is required for full
9149 * backwards compatibility with the API.
9151 * However when using service discovery, the value 127 will be
9152 * returned when the RSSI is not available.
9154 if (rssi == HCI_RSSI_INVALID && !hdev->discovery.report_invalid_rssi &&
9155 link_type == ACL_LINK)
9158 bacpy(&ev->addr.bdaddr, bdaddr);
9159 ev->addr.type = link_to_bdaddr(link_type, addr_type);
9161 ev->flags = cpu_to_le32(flags);
9164 /* When using service discovery and a list of UUID is
9165 * provided, results with no matching UUID should be
9166 * dropped. In case there is a match the result is
9167 * kept and checking possible scan response data
9170 if (hdev->discovery.uuid_count > 0)
9171 match = eir_has_uuids(eir, eir_len,
9172 hdev->discovery.uuid_count,
9173 hdev->discovery.uuids);
9177 if (!match && !scan_rsp_len)
9180 /* Copy EIR or advertising data into event */
9181 memcpy(ev->eir, eir, eir_len);
9183 /* When using service discovery and a list of UUID is
9184 * provided, results with empty EIR or advertising data
9185 * should be dropped since they do not match any UUID.
9187 if (hdev->discovery.uuid_count > 0 && !scan_rsp_len)
9193 if (dev_class && !eir_has_data_type(ev->eir, eir_len, EIR_CLASS_OF_DEV))
9194 eir_len = eir_append_data(ev->eir, eir_len, EIR_CLASS_OF_DEV,
9197 if (scan_rsp_len > 0) {
9198 /* When using service discovery and a list of UUID is
9199 * provided, results with no matching UUID should be
9200 * dropped if there is no previous match from the
9203 if (hdev->discovery.uuid_count > 0) {
9204 if (!match && !eir_has_uuids(scan_rsp, scan_rsp_len,
9205 hdev->discovery.uuid_count,
9206 hdev->discovery.uuids))
9210 /* Append scan response data to event */
9211 memcpy(ev->eir + eir_len, scan_rsp, scan_rsp_len);
9213 /* When using service discovery and a list of UUID is
9214 * provided, results with empty scan response and no
9215 * previous matched advertising data should be dropped.
9217 if (hdev->discovery.uuid_count > 0 && !match)
9221 ev->eir_len = cpu_to_le16(eir_len + scan_rsp_len);
9222 ev_size = sizeof(*ev) + eir_len + scan_rsp_len;
9224 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, ev_size, NULL);
9227 #ifdef CONFIG_TIZEN_WIP /* TIZEN_Bluetooth :: Pass adv type */
9228 void mgmt_le_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
9229 u8 addr_type, u8 *dev_class, s8 rssi, u32 flags,
9230 u8 *eir, u16 eir_len, u8 *scan_rsp, u8 scan_rsp_len, u8 adv_type)
9233 struct mgmt_ev_le_device_found *ev = (void *) buf;
9236 if (!hci_discovery_active(hdev) && !hci_le_discovery_active(hdev))
9239 /* Make sure that the buffer is big enough. The 5 extra bytes
9240 * are for the potential CoD field.
9242 if (sizeof(*ev) + eir_len + scan_rsp_len + 5 > sizeof(buf))
9245 memset(buf, 0, sizeof(buf));
9247 bacpy(&ev->addr.bdaddr, bdaddr);
9248 ev->addr.type = link_to_bdaddr(link_type, addr_type);
9250 ev->flags = cpu_to_le32(flags);
9251 ev->adv_type = adv_type;
9254 memcpy(ev->eir, eir, eir_len);
9256 if (dev_class && !eir_has_data_type(ev->eir, eir_len, EIR_CLASS_OF_DEV))
9257 eir_len = eir_append_data(ev->eir, eir_len, EIR_CLASS_OF_DEV,
9260 if (scan_rsp_len > 0)
9261 memcpy(ev->eir + eir_len, scan_rsp, scan_rsp_len);
9263 ev->eir_len = cpu_to_le16(eir_len + scan_rsp_len);
9264 ev_size = sizeof(*ev) + eir_len + scan_rsp_len;
9266 mgmt_event(MGMT_EV_LE_DEVICE_FOUND, hdev, ev, ev_size, NULL);
9270 void mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
9271 u8 addr_type, s8 rssi, u8 *name, u8 name_len)
9273 struct mgmt_ev_device_found *ev;
9274 char buf[sizeof(*ev) + HCI_MAX_NAME_LENGTH + 2];
9277 ev = (struct mgmt_ev_device_found *) buf;
9279 memset(buf, 0, sizeof(buf));
9281 bacpy(&ev->addr.bdaddr, bdaddr);
9282 ev->addr.type = link_to_bdaddr(link_type, addr_type);
9285 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE, name,
9288 ev->eir_len = cpu_to_le16(eir_len);
9290 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, sizeof(*ev) + eir_len, NULL);
9293 void mgmt_discovering(struct hci_dev *hdev, u8 discovering)
9295 struct mgmt_ev_discovering ev;
9297 BT_DBG("%s discovering %u", hdev->name, discovering);
9299 memset(&ev, 0, sizeof(ev));
9300 ev.type = hdev->discovery.type;
9301 ev.discovering = discovering;
9303 mgmt_event(MGMT_EV_DISCOVERING, hdev, &ev, sizeof(ev), NULL);
9306 #ifdef CONFIG_TIZEN_WIP
9307 /* BEGIN TIZEN_Bluetooth :: Seperate LE discovery */
9308 void mgmt_le_discovering(struct hci_dev *hdev, u8 discovering)
9310 struct mgmt_ev_discovering ev;
9311 struct pending_cmd *cmd;
9313 BT_DBG("%s le discovering %u", hdev->name, discovering);
9316 cmd = mgmt_pending_find(MGMT_OP_START_LE_DISCOVERY, hdev);
9318 cmd = mgmt_pending_find(MGMT_OP_STOP_LE_DISCOVERY, hdev);
9321 u8 type = hdev->le_discovery.type;
9323 cmd_complete(cmd->sk, hdev->id, cmd->opcode, 0, &type,
9325 mgmt_pending_remove(cmd);
9328 memset(&ev, 0, sizeof(ev));
9329 ev.type = hdev->le_discovery.type;
9330 ev.discovering = discovering;
9332 mgmt_event(MGMT_EV_DISCOVERING, hdev, &ev, sizeof(ev), NULL);
9334 /* END TIZEN_Bluetooth */
9337 static void adv_enable_complete(struct hci_dev *hdev, u8 status, u16 opcode)
9339 BT_DBG("%s status %u", hdev->name, status);
9342 void mgmt_reenable_advertising(struct hci_dev *hdev)
9344 struct hci_request req;
9346 if (!test_bit(HCI_ADVERTISING, &hdev->dev_flags))
9349 hci_req_init(&req, hdev);
9350 enable_advertising(&req);
9351 hci_req_run(&req, adv_enable_complete);