2 BlueZ - Bluetooth protocol stack for Linux
4 Copyright (C) 2010 Nokia Corporation
5 Copyright (C) 2011-2012 Intel Corporation
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
25 /* Bluetooth HCI Management interface */
27 #include <linux/module.h>
28 #include <asm/unaligned.h>
30 #include <net/bluetooth/bluetooth.h>
31 #include <net/bluetooth/hci_core.h>
32 #include <net/bluetooth/l2cap.h>
33 #include <net/bluetooth/mgmt.h>
35 #ifdef CONFIG_TIZEN_WIP
36 #include <net/bluetooth/mgmt_tizen.h>
37 #include <net/bluetooth/sco.h>
39 #include "hci_request.h"
42 #define MGMT_VERSION 1
43 #define MGMT_REVISION 8
45 #ifdef CONFIG_TIZEN_WIP
47 #define U16_MAX ((u16)~0U)
51 static const u16 mgmt_commands[] = {
52 MGMT_OP_READ_INDEX_LIST,
55 MGMT_OP_SET_DISCOVERABLE,
56 MGMT_OP_SET_CONNECTABLE,
57 MGMT_OP_SET_FAST_CONNECTABLE,
59 MGMT_OP_SET_LINK_SECURITY,
63 MGMT_OP_SET_DEV_CLASS,
64 MGMT_OP_SET_LOCAL_NAME,
67 MGMT_OP_LOAD_LINK_KEYS,
68 MGMT_OP_LOAD_LONG_TERM_KEYS,
70 MGMT_OP_GET_CONNECTIONS,
71 MGMT_OP_PIN_CODE_REPLY,
72 MGMT_OP_PIN_CODE_NEG_REPLY,
73 MGMT_OP_SET_IO_CAPABILITY,
75 MGMT_OP_CANCEL_PAIR_DEVICE,
76 MGMT_OP_UNPAIR_DEVICE,
77 MGMT_OP_USER_CONFIRM_REPLY,
78 MGMT_OP_USER_CONFIRM_NEG_REPLY,
79 MGMT_OP_USER_PASSKEY_REPLY,
80 MGMT_OP_USER_PASSKEY_NEG_REPLY,
81 MGMT_OP_READ_LOCAL_OOB_DATA,
82 MGMT_OP_ADD_REMOTE_OOB_DATA,
83 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
84 MGMT_OP_START_DISCOVERY,
85 MGMT_OP_STOP_DISCOVERY,
88 MGMT_OP_UNBLOCK_DEVICE,
89 MGMT_OP_SET_DEVICE_ID,
90 MGMT_OP_SET_ADVERTISING,
92 MGMT_OP_SET_STATIC_ADDRESS,
93 MGMT_OP_SET_SCAN_PARAMS,
94 MGMT_OP_SET_SECURE_CONN,
95 MGMT_OP_SET_DEBUG_KEYS,
98 MGMT_OP_GET_CONN_INFO,
99 MGMT_OP_GET_CLOCK_INFO,
101 MGMT_OP_REMOVE_DEVICE,
102 MGMT_OP_LOAD_CONN_PARAM,
103 MGMT_OP_READ_UNCONF_INDEX_LIST,
104 MGMT_OP_READ_CONFIG_INFO,
105 MGMT_OP_SET_EXTERNAL_CONFIG,
106 MGMT_OP_SET_PUBLIC_ADDRESS,
107 MGMT_OP_START_SERVICE_DISCOVERY,
110 static const u16 mgmt_events[] = {
111 MGMT_EV_CONTROLLER_ERROR,
113 MGMT_EV_INDEX_REMOVED,
114 MGMT_EV_NEW_SETTINGS,
115 MGMT_EV_CLASS_OF_DEV_CHANGED,
116 MGMT_EV_LOCAL_NAME_CHANGED,
117 MGMT_EV_NEW_LINK_KEY,
118 MGMT_EV_NEW_LONG_TERM_KEY,
119 MGMT_EV_DEVICE_CONNECTED,
120 MGMT_EV_DEVICE_DISCONNECTED,
121 MGMT_EV_CONNECT_FAILED,
122 MGMT_EV_PIN_CODE_REQUEST,
123 MGMT_EV_USER_CONFIRM_REQUEST,
124 MGMT_EV_USER_PASSKEY_REQUEST,
126 MGMT_EV_DEVICE_FOUND,
128 MGMT_EV_DEVICE_BLOCKED,
129 MGMT_EV_DEVICE_UNBLOCKED,
130 MGMT_EV_DEVICE_UNPAIRED,
131 MGMT_EV_PASSKEY_NOTIFY,
134 MGMT_EV_DEVICE_ADDED,
135 MGMT_EV_DEVICE_REMOVED,
136 MGMT_EV_NEW_CONN_PARAM,
137 MGMT_EV_UNCONF_INDEX_ADDED,
138 MGMT_EV_UNCONF_INDEX_REMOVED,
139 MGMT_EV_NEW_CONFIG_OPTIONS,
142 #define CACHE_TIMEOUT msecs_to_jiffies(2 * 1000)
144 #define ZERO_KEY "\x00\x00\x00\x00\x00\x00\x00\x00" \
145 "\x00\x00\x00\x00\x00\x00\x00\x00"
148 struct list_head list;
155 int (*cmd_complete)(struct pending_cmd *cmd, u8 status);
158 /* HCI to MGMT error code conversion table */
159 static u8 mgmt_status_table[] = {
161 MGMT_STATUS_UNKNOWN_COMMAND, /* Unknown Command */
162 MGMT_STATUS_NOT_CONNECTED, /* No Connection */
163 MGMT_STATUS_FAILED, /* Hardware Failure */
164 MGMT_STATUS_CONNECT_FAILED, /* Page Timeout */
165 MGMT_STATUS_AUTH_FAILED, /* Authentication Failed */
166 MGMT_STATUS_AUTH_FAILED, /* PIN or Key Missing */
167 MGMT_STATUS_NO_RESOURCES, /* Memory Full */
168 MGMT_STATUS_TIMEOUT, /* Connection Timeout */
169 MGMT_STATUS_NO_RESOURCES, /* Max Number of Connections */
170 MGMT_STATUS_NO_RESOURCES, /* Max Number of SCO Connections */
171 MGMT_STATUS_ALREADY_CONNECTED, /* ACL Connection Exists */
172 MGMT_STATUS_BUSY, /* Command Disallowed */
173 MGMT_STATUS_NO_RESOURCES, /* Rejected Limited Resources */
174 MGMT_STATUS_REJECTED, /* Rejected Security */
175 MGMT_STATUS_REJECTED, /* Rejected Personal */
176 MGMT_STATUS_TIMEOUT, /* Host Timeout */
177 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Feature */
178 MGMT_STATUS_INVALID_PARAMS, /* Invalid Parameters */
179 MGMT_STATUS_DISCONNECTED, /* OE User Ended Connection */
180 MGMT_STATUS_NO_RESOURCES, /* OE Low Resources */
181 MGMT_STATUS_DISCONNECTED, /* OE Power Off */
182 MGMT_STATUS_DISCONNECTED, /* Connection Terminated */
183 MGMT_STATUS_BUSY, /* Repeated Attempts */
184 MGMT_STATUS_REJECTED, /* Pairing Not Allowed */
185 MGMT_STATUS_FAILED, /* Unknown LMP PDU */
186 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Remote Feature */
187 MGMT_STATUS_REJECTED, /* SCO Offset Rejected */
188 MGMT_STATUS_REJECTED, /* SCO Interval Rejected */
189 MGMT_STATUS_REJECTED, /* Air Mode Rejected */
190 MGMT_STATUS_INVALID_PARAMS, /* Invalid LMP Parameters */
191 MGMT_STATUS_FAILED, /* Unspecified Error */
192 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported LMP Parameter Value */
193 MGMT_STATUS_FAILED, /* Role Change Not Allowed */
194 MGMT_STATUS_TIMEOUT, /* LMP Response Timeout */
195 MGMT_STATUS_FAILED, /* LMP Error Transaction Collision */
196 MGMT_STATUS_FAILED, /* LMP PDU Not Allowed */
197 MGMT_STATUS_REJECTED, /* Encryption Mode Not Accepted */
198 MGMT_STATUS_FAILED, /* Unit Link Key Used */
199 MGMT_STATUS_NOT_SUPPORTED, /* QoS Not Supported */
200 MGMT_STATUS_TIMEOUT, /* Instant Passed */
201 MGMT_STATUS_NOT_SUPPORTED, /* Pairing Not Supported */
202 MGMT_STATUS_FAILED, /* Transaction Collision */
203 MGMT_STATUS_INVALID_PARAMS, /* Unacceptable Parameter */
204 MGMT_STATUS_REJECTED, /* QoS Rejected */
205 MGMT_STATUS_NOT_SUPPORTED, /* Classification Not Supported */
206 MGMT_STATUS_REJECTED, /* Insufficient Security */
207 MGMT_STATUS_INVALID_PARAMS, /* Parameter Out Of Range */
208 MGMT_STATUS_BUSY, /* Role Switch Pending */
209 MGMT_STATUS_FAILED, /* Slot Violation */
210 MGMT_STATUS_FAILED, /* Role Switch Failed */
211 MGMT_STATUS_INVALID_PARAMS, /* EIR Too Large */
212 MGMT_STATUS_NOT_SUPPORTED, /* Simple Pairing Not Supported */
213 MGMT_STATUS_BUSY, /* Host Busy Pairing */
214 MGMT_STATUS_REJECTED, /* Rejected, No Suitable Channel */
215 MGMT_STATUS_BUSY, /* Controller Busy */
216 MGMT_STATUS_INVALID_PARAMS, /* Unsuitable Connection Interval */
217 MGMT_STATUS_TIMEOUT, /* Directed Advertising Timeout */
218 MGMT_STATUS_AUTH_FAILED, /* Terminated Due to MIC Failure */
219 MGMT_STATUS_CONNECT_FAILED, /* Connection Establishment Failed */
220 MGMT_STATUS_CONNECT_FAILED, /* MAC Connection Failed */
223 static u8 mgmt_status(u8 hci_status)
225 if (hci_status < ARRAY_SIZE(mgmt_status_table))
226 return mgmt_status_table[hci_status];
228 return MGMT_STATUS_FAILED;
231 static int mgmt_event(u16 event, struct hci_dev *hdev, void *data, u16 data_len,
232 struct sock *skip_sk)
235 struct mgmt_hdr *hdr;
237 skb = alloc_skb(sizeof(*hdr) + data_len, GFP_KERNEL);
241 hdr = (void *) skb_put(skb, sizeof(*hdr));
242 hdr->opcode = cpu_to_le16(event);
244 hdr->index = cpu_to_le16(hdev->id);
246 hdr->index = cpu_to_le16(MGMT_INDEX_NONE);
247 hdr->len = cpu_to_le16(data_len);
250 memcpy(skb_put(skb, data_len), data, data_len);
253 __net_timestamp(skb);
255 hci_send_to_control(skb, skip_sk);
261 static int cmd_status(struct sock *sk, u16 index, u16 cmd, u8 status)
264 struct mgmt_hdr *hdr;
265 struct mgmt_ev_cmd_status *ev;
268 BT_DBG("sock %p, index %u, cmd %u, status %u", sk, index, cmd, status);
270 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev), GFP_KERNEL);
274 hdr = (void *) skb_put(skb, sizeof(*hdr));
276 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_STATUS);
277 hdr->index = cpu_to_le16(index);
278 hdr->len = cpu_to_le16(sizeof(*ev));
280 ev = (void *) skb_put(skb, sizeof(*ev));
282 ev->opcode = cpu_to_le16(cmd);
284 err = sock_queue_rcv_skb(sk, skb);
291 static int cmd_complete(struct sock *sk, u16 index, u16 cmd, u8 status,
292 void *rp, size_t rp_len)
295 struct mgmt_hdr *hdr;
296 struct mgmt_ev_cmd_complete *ev;
299 BT_DBG("sock %p", sk);
301 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev) + rp_len, GFP_KERNEL);
305 hdr = (void *) skb_put(skb, sizeof(*hdr));
307 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_COMPLETE);
308 hdr->index = cpu_to_le16(index);
309 hdr->len = cpu_to_le16(sizeof(*ev) + rp_len);
311 ev = (void *) skb_put(skb, sizeof(*ev) + rp_len);
312 ev->opcode = cpu_to_le16(cmd);
316 memcpy(ev->data, rp, rp_len);
318 err = sock_queue_rcv_skb(sk, skb);
325 #ifdef CONFIG_TIZEN_WIP
326 /* BEGIN TIZEN_Bluetooth :: check for le connection update params */
327 static inline int check_le_conn_update_param(u16 min, u16 max, u16 latency,
332 if (min > max || min < 6 || max > 3200)
335 if (to_multiplier < 10 || to_multiplier > 3200)
338 if (max >= to_multiplier * 8)
341 max_latency = (to_multiplier * 8 / max) - 1;
343 if (latency > 499 || latency > max_latency)
348 /* END TIZEN_Bluetooth */
351 static int read_version(struct sock *sk, struct hci_dev *hdev, void *data,
354 struct mgmt_rp_read_version rp;
356 BT_DBG("sock %p", sk);
358 rp.version = MGMT_VERSION;
359 rp.revision = cpu_to_le16(MGMT_REVISION);
361 return cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, 0, &rp,
365 static int read_commands(struct sock *sk, struct hci_dev *hdev, void *data,
368 struct mgmt_rp_read_commands *rp;
369 const u16 num_commands = ARRAY_SIZE(mgmt_commands);
370 const u16 num_events = ARRAY_SIZE(mgmt_events);
375 BT_DBG("sock %p", sk);
377 rp_size = sizeof(*rp) + ((num_commands + num_events) * sizeof(u16));
379 rp = kmalloc(rp_size, GFP_KERNEL);
383 rp->num_commands = cpu_to_le16(num_commands);
384 rp->num_events = cpu_to_le16(num_events);
386 for (i = 0, opcode = rp->opcodes; i < num_commands; i++, opcode++)
387 put_unaligned_le16(mgmt_commands[i], opcode);
389 for (i = 0; i < num_events; i++, opcode++)
390 put_unaligned_le16(mgmt_events[i], opcode);
392 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_COMMANDS, 0, rp,
399 static int read_index_list(struct sock *sk, struct hci_dev *hdev, void *data,
402 struct mgmt_rp_read_index_list *rp;
408 BT_DBG("sock %p", sk);
410 read_lock(&hci_dev_list_lock);
413 list_for_each_entry(d, &hci_dev_list, list) {
414 if (d->dev_type == HCI_BREDR &&
415 !test_bit(HCI_UNCONFIGURED, &d->dev_flags))
419 rp_len = sizeof(*rp) + (2 * count);
420 rp = kmalloc(rp_len, GFP_ATOMIC);
422 read_unlock(&hci_dev_list_lock);
427 list_for_each_entry(d, &hci_dev_list, list) {
428 if (test_bit(HCI_SETUP, &d->dev_flags) ||
429 test_bit(HCI_CONFIG, &d->dev_flags) ||
430 test_bit(HCI_USER_CHANNEL, &d->dev_flags))
433 /* Devices marked as raw-only are neither configured
434 * nor unconfigured controllers.
436 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks))
439 if (d->dev_type == HCI_BREDR &&
440 !test_bit(HCI_UNCONFIGURED, &d->dev_flags)) {
441 rp->index[count++] = cpu_to_le16(d->id);
442 BT_DBG("Added hci%u", d->id);
446 rp->num_controllers = cpu_to_le16(count);
447 rp_len = sizeof(*rp) + (2 * count);
449 read_unlock(&hci_dev_list_lock);
451 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST, 0, rp,
459 static int read_unconf_index_list(struct sock *sk, struct hci_dev *hdev,
460 void *data, u16 data_len)
462 struct mgmt_rp_read_unconf_index_list *rp;
468 BT_DBG("sock %p", sk);
470 read_lock(&hci_dev_list_lock);
473 list_for_each_entry(d, &hci_dev_list, list) {
474 if (d->dev_type == HCI_BREDR &&
475 test_bit(HCI_UNCONFIGURED, &d->dev_flags))
479 rp_len = sizeof(*rp) + (2 * count);
480 rp = kmalloc(rp_len, GFP_ATOMIC);
482 read_unlock(&hci_dev_list_lock);
487 list_for_each_entry(d, &hci_dev_list, list) {
488 if (test_bit(HCI_SETUP, &d->dev_flags) ||
489 test_bit(HCI_CONFIG, &d->dev_flags) ||
490 test_bit(HCI_USER_CHANNEL, &d->dev_flags))
493 /* Devices marked as raw-only are neither configured
494 * nor unconfigured controllers.
496 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks))
499 if (d->dev_type == HCI_BREDR &&
500 test_bit(HCI_UNCONFIGURED, &d->dev_flags)) {
501 rp->index[count++] = cpu_to_le16(d->id);
502 BT_DBG("Added hci%u", d->id);
506 rp->num_controllers = cpu_to_le16(count);
507 rp_len = sizeof(*rp) + (2 * count);
509 read_unlock(&hci_dev_list_lock);
511 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_UNCONF_INDEX_LIST,
519 static bool is_configured(struct hci_dev *hdev)
521 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) &&
522 !test_bit(HCI_EXT_CONFIGURED, &hdev->dev_flags))
525 if (test_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks) &&
526 !bacmp(&hdev->public_addr, BDADDR_ANY))
532 static __le32 get_missing_options(struct hci_dev *hdev)
536 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) &&
537 !test_bit(HCI_EXT_CONFIGURED, &hdev->dev_flags))
538 options |= MGMT_OPTION_EXTERNAL_CONFIG;
540 if (test_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks) &&
541 !bacmp(&hdev->public_addr, BDADDR_ANY))
542 options |= MGMT_OPTION_PUBLIC_ADDRESS;
544 return cpu_to_le32(options);
547 static int new_options(struct hci_dev *hdev, struct sock *skip)
549 __le32 options = get_missing_options(hdev);
551 return mgmt_event(MGMT_EV_NEW_CONFIG_OPTIONS, hdev, &options,
552 sizeof(options), skip);
555 static int send_options_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
557 __le32 options = get_missing_options(hdev);
559 return cmd_complete(sk, hdev->id, opcode, 0, &options,
563 static int read_config_info(struct sock *sk, struct hci_dev *hdev,
564 void *data, u16 data_len)
566 struct mgmt_rp_read_config_info rp;
569 BT_DBG("sock %p %s", sk, hdev->name);
573 memset(&rp, 0, sizeof(rp));
574 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
576 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks))
577 options |= MGMT_OPTION_EXTERNAL_CONFIG;
579 if (hdev->set_bdaddr)
580 options |= MGMT_OPTION_PUBLIC_ADDRESS;
582 rp.supported_options = cpu_to_le32(options);
583 rp.missing_options = get_missing_options(hdev);
585 hci_dev_unlock(hdev);
587 return cmd_complete(sk, hdev->id, MGMT_OP_READ_CONFIG_INFO, 0, &rp,
591 static u32 get_supported_settings(struct hci_dev *hdev)
595 settings |= MGMT_SETTING_POWERED;
596 settings |= MGMT_SETTING_BONDABLE;
597 /* Disable Debug keys implementation now */
598 #ifdef CONFIG_TIZEN_WIP
599 settings |= MGMT_SETTING_DEBUG_KEYS;
601 settings |= MGMT_SETTING_CONNECTABLE;
602 settings |= MGMT_SETTING_DISCOVERABLE;
604 if (lmp_bredr_capable(hdev)) {
605 if (hdev->hci_ver >= BLUETOOTH_VER_1_2)
606 settings |= MGMT_SETTING_FAST_CONNECTABLE;
607 settings |= MGMT_SETTING_BREDR;
608 settings |= MGMT_SETTING_LINK_SECURITY;
610 if (lmp_ssp_capable(hdev)) {
611 settings |= MGMT_SETTING_SSP;
612 settings |= MGMT_SETTING_HS;
615 /* Disable Secure connection implementation now */
616 #ifdef CONFIG_TIZEN_WIP
617 if (lmp_sc_capable(hdev) ||
618 test_bit(HCI_FORCE_BREDR_SMP, &hdev->dbg_flags))
619 settings |= MGMT_SETTING_SECURE_CONN;
623 if (lmp_le_capable(hdev)) {
624 settings |= MGMT_SETTING_LE;
625 settings |= MGMT_SETTING_ADVERTISING;
626 settings |= MGMT_SETTING_SECURE_CONN;
627 settings |= MGMT_SETTING_PRIVACY;
630 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) ||
632 settings |= MGMT_SETTING_CONFIGURATION;
637 static u32 get_current_settings(struct hci_dev *hdev)
641 if (hdev_is_powered(hdev))
642 settings |= MGMT_SETTING_POWERED;
644 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
645 settings |= MGMT_SETTING_CONNECTABLE;
647 if (test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags))
648 settings |= MGMT_SETTING_FAST_CONNECTABLE;
650 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
651 settings |= MGMT_SETTING_DISCOVERABLE;
653 if (test_bit(HCI_BONDABLE, &hdev->dev_flags))
654 settings |= MGMT_SETTING_BONDABLE;
656 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
657 settings |= MGMT_SETTING_BREDR;
659 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
660 settings |= MGMT_SETTING_LE;
662 if (test_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
663 settings |= MGMT_SETTING_LINK_SECURITY;
665 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
666 settings |= MGMT_SETTING_SSP;
668 if (test_bit(HCI_HS_ENABLED, &hdev->dev_flags))
669 settings |= MGMT_SETTING_HS;
671 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
672 settings |= MGMT_SETTING_ADVERTISING;
674 /* Disable Secure connection and debug keys implementation now */
675 #ifdef CONFIG_TIZEN_WIP
676 if (test_bit(HCI_SC_ENABLED, &hdev->dev_flags))
677 settings |= MGMT_SETTING_SECURE_CONN;
679 if (test_bit(HCI_KEEP_DEBUG_KEYS, &hdev->dev_flags))
680 settings |= MGMT_SETTING_DEBUG_KEYS;
683 if (test_bit(HCI_PRIVACY, &hdev->dev_flags))
684 settings |= MGMT_SETTING_PRIVACY;
689 #define PNP_INFO_SVCLASS_ID 0x1200
691 static u8 *create_uuid16_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
693 u8 *ptr = data, *uuids_start = NULL;
694 struct bt_uuid *uuid;
699 list_for_each_entry(uuid, &hdev->uuids, list) {
702 if (uuid->size != 16)
705 uuid16 = get_unaligned_le16(&uuid->uuid[12]);
709 if (uuid16 == PNP_INFO_SVCLASS_ID)
715 uuids_start[1] = EIR_UUID16_ALL;
719 /* Stop if not enough space to put next UUID */
720 if ((ptr - data) + sizeof(u16) > len) {
721 uuids_start[1] = EIR_UUID16_SOME;
725 *ptr++ = (uuid16 & 0x00ff);
726 *ptr++ = (uuid16 & 0xff00) >> 8;
727 uuids_start[0] += sizeof(uuid16);
733 static u8 *create_uuid32_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
735 u8 *ptr = data, *uuids_start = NULL;
736 struct bt_uuid *uuid;
741 list_for_each_entry(uuid, &hdev->uuids, list) {
742 if (uuid->size != 32)
748 uuids_start[1] = EIR_UUID32_ALL;
752 /* Stop if not enough space to put next UUID */
753 if ((ptr - data) + sizeof(u32) > len) {
754 uuids_start[1] = EIR_UUID32_SOME;
758 memcpy(ptr, &uuid->uuid[12], sizeof(u32));
760 uuids_start[0] += sizeof(u32);
766 static u8 *create_uuid128_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
768 u8 *ptr = data, *uuids_start = NULL;
769 struct bt_uuid *uuid;
774 list_for_each_entry(uuid, &hdev->uuids, list) {
775 if (uuid->size != 128)
781 uuids_start[1] = EIR_UUID128_ALL;
785 /* Stop if not enough space to put next UUID */
786 if ((ptr - data) + 16 > len) {
787 uuids_start[1] = EIR_UUID128_SOME;
791 memcpy(ptr, uuid->uuid, 16);
793 uuids_start[0] += 16;
799 static struct pending_cmd *mgmt_pending_find(u16 opcode, struct hci_dev *hdev)
801 struct pending_cmd *cmd;
803 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
804 if (cmd->opcode == opcode)
811 static struct pending_cmd *mgmt_pending_find_data(u16 opcode,
812 struct hci_dev *hdev,
815 struct pending_cmd *cmd;
817 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
818 if (cmd->user_data != data)
820 if (cmd->opcode == opcode)
827 static u8 create_scan_rsp_data(struct hci_dev *hdev, u8 *ptr)
832 name_len = strlen(hdev->dev_name);
834 size_t max_len = HCI_MAX_AD_LENGTH - ad_len - 2;
836 if (name_len > max_len) {
838 ptr[1] = EIR_NAME_SHORT;
840 ptr[1] = EIR_NAME_COMPLETE;
842 ptr[0] = name_len + 1;
844 memcpy(ptr + 2, hdev->dev_name, name_len);
846 ad_len += (name_len + 2);
847 ptr += (name_len + 2);
853 static void update_scan_rsp_data(struct hci_request *req)
855 struct hci_dev *hdev = req->hdev;
856 struct hci_cp_le_set_scan_rsp_data cp;
859 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
862 memset(&cp, 0, sizeof(cp));
864 len = create_scan_rsp_data(hdev, cp.data);
866 #ifdef CONFIG_TIZEN_WIP
867 /* Advertising scan response data is handled in bluez.
868 This value will be updated only when application request the update */
871 if (hdev->scan_rsp_data_len == len &&
872 memcmp(cp.data, hdev->scan_rsp_data, len) == 0)
875 memcpy(hdev->scan_rsp_data, cp.data, sizeof(cp.data));
876 hdev->scan_rsp_data_len = len;
880 hci_req_add(req, HCI_OP_LE_SET_SCAN_RSP_DATA, sizeof(cp), &cp);
884 static u8 get_adv_discov_flags(struct hci_dev *hdev)
886 struct pending_cmd *cmd;
888 /* If there's a pending mgmt command the flags will not yet have
889 * their final values, so check for this first.
891 cmd = mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev);
893 struct mgmt_mode *cp = cmd->param;
895 return LE_AD_GENERAL;
896 else if (cp->val == 0x02)
897 return LE_AD_LIMITED;
899 if (test_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags))
900 return LE_AD_LIMITED;
901 else if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
902 return LE_AD_GENERAL;
908 static u8 create_adv_data(struct hci_dev *hdev, u8 *ptr)
910 u8 ad_len = 0, flags = 0;
912 flags |= get_adv_discov_flags(hdev);
914 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
915 flags |= LE_AD_NO_BREDR;
918 BT_DBG("adv flags 0x%02x", flags);
928 if (hdev->adv_tx_power != HCI_TX_POWER_INVALID) {
930 ptr[1] = EIR_TX_POWER;
931 ptr[2] = (u8) hdev->adv_tx_power;
940 static void update_adv_data(struct hci_request *req)
942 struct hci_dev *hdev = req->hdev;
943 struct hci_cp_le_set_adv_data cp;
946 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
949 memset(&cp, 0, sizeof(cp));
951 len = create_adv_data(hdev, cp.data);
953 #ifdef CONFIG_TIZEN_WIP
954 /* Bluez will handle the advertising data, including the flag and tx power.
955 This value will be updated only when application request the update */
958 if (hdev->adv_data_len == len &&
959 memcmp(cp.data, hdev->adv_data, len) == 0)
962 memcpy(hdev->adv_data, cp.data, sizeof(cp.data));
963 hdev->adv_data_len = len;
967 hci_req_add(req, HCI_OP_LE_SET_ADV_DATA, sizeof(cp), &cp);
971 int mgmt_update_adv_data(struct hci_dev *hdev)
973 struct hci_request req;
975 hci_req_init(&req, hdev);
976 update_adv_data(&req);
978 return hci_req_run(&req, NULL);
981 static void create_eir(struct hci_dev *hdev, u8 *data)
986 name_len = strlen(hdev->dev_name);
992 ptr[1] = EIR_NAME_SHORT;
994 ptr[1] = EIR_NAME_COMPLETE;
996 /* EIR Data length */
997 ptr[0] = name_len + 1;
999 memcpy(ptr + 2, hdev->dev_name, name_len);
1001 ptr += (name_len + 2);
1004 if (hdev->inq_tx_power != HCI_TX_POWER_INVALID) {
1006 ptr[1] = EIR_TX_POWER;
1007 ptr[2] = (u8) hdev->inq_tx_power;
1012 if (hdev->devid_source > 0) {
1014 ptr[1] = EIR_DEVICE_ID;
1016 put_unaligned_le16(hdev->devid_source, ptr + 2);
1017 put_unaligned_le16(hdev->devid_vendor, ptr + 4);
1018 put_unaligned_le16(hdev->devid_product, ptr + 6);
1019 put_unaligned_le16(hdev->devid_version, ptr + 8);
1024 ptr = create_uuid16_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
1025 ptr = create_uuid32_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
1026 ptr = create_uuid128_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
1027 #ifdef CONFIG_TIZEN_WIP
1028 if (hdev->manufacturer_len > 0 &&
1029 ptr - data + hdev->manufacturer_len + 2 <= HCI_MAX_EIR_LENGTH) {
1030 ptr[0] = hdev->manufacturer_len + 1;
1031 ptr[1] = EIR_MANUFACTURER_DATA;
1032 memcpy(ptr + 2, hdev->manufacturer_data, hdev->manufacturer_len);
1033 ptr += hdev->manufacturer_len + 2;
1038 static void update_eir(struct hci_request *req)
1040 struct hci_dev *hdev = req->hdev;
1041 struct hci_cp_write_eir cp;
1043 if (!hdev_is_powered(hdev))
1046 if (!lmp_ext_inq_capable(hdev))
1049 if (!test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
1052 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
1055 memset(&cp, 0, sizeof(cp));
1057 create_eir(hdev, cp.data);
1059 if (memcmp(cp.data, hdev->eir, sizeof(cp.data)) == 0)
1062 memcpy(hdev->eir, cp.data, sizeof(cp.data));
1064 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
1067 static u8 get_service_classes(struct hci_dev *hdev)
1069 struct bt_uuid *uuid;
1072 list_for_each_entry(uuid, &hdev->uuids, list)
1073 val |= uuid->svc_hint;
1078 static void update_class(struct hci_request *req)
1080 struct hci_dev *hdev = req->hdev;
1083 BT_DBG("%s", hdev->name);
1085 if (!hdev_is_powered(hdev))
1088 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1091 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
1094 cod[0] = hdev->minor_class;
1095 cod[1] = hdev->major_class;
1096 cod[2] = get_service_classes(hdev);
1098 if (test_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags))
1101 if (memcmp(cod, hdev->dev_class, 3) == 0)
1104 hci_req_add(req, HCI_OP_WRITE_CLASS_OF_DEV, sizeof(cod), cod);
1107 #ifndef CONFIG_TIZEN_WIP
1108 static bool get_connectable(struct hci_dev *hdev)
1110 struct pending_cmd *cmd;
1112 /* If there's a pending mgmt command the flag will not yet have
1113 * it's final value, so check for this first.
1115 cmd = mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
1117 struct mgmt_mode *cp = cmd->param;
1121 return test_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1125 static void disable_advertising(struct hci_request *req)
1129 hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), &enable);
1132 static void enable_advertising(struct hci_request *req)
1134 struct hci_dev *hdev = req->hdev;
1135 struct hci_cp_le_set_adv_param cp;
1136 #ifndef CONFIG_TIZEN_WIP
1137 u8 own_addr_type, enable = 0x01;
1140 u8 own_addr_type = ADDR_LE_DEV_PUBLIC;
1144 if (hci_conn_num(hdev, LE_LINK) > 0)
1147 if (test_bit(HCI_LE_ADV, &hdev->dev_flags))
1148 disable_advertising(req);
1150 /* Clear the HCI_LE_ADV bit temporarily so that the
1151 * hci_update_random_address knows that it's safe to go ahead
1152 * and write a new random address. The flag will be set back on
1153 * as soon as the SET_ADV_ENABLE HCI command completes.
1155 clear_bit(HCI_LE_ADV, &hdev->dev_flags);
1157 #ifndef CONFIG_TIZEN_WIP
1158 connectable = get_connectable(hdev);
1160 /* Set require_privacy to true only when non-connectable
1161 * advertising is used. In that case it is fine to use a
1162 * non-resolvable private address.
1164 if (hci_update_random_address(req, !connectable, &own_addr_type) < 0)
1168 memset(&cp, 0, sizeof(cp));
1169 cp.min_interval = cpu_to_le16(hdev->le_adv_min_interval);
1170 cp.max_interval = cpu_to_le16(hdev->le_adv_max_interval);
1171 #ifdef CONFIG_TIZEN_WIP
1172 cp.filter_policy = hdev->adv_filter_policy;
1173 cp.type = hdev->adv_type;
1175 cp.type = connectable ? LE_ADV_IND : LE_ADV_NONCONN_IND;
1177 cp.own_address_type = own_addr_type;
1178 cp.channel_map = hdev->le_adv_channel_map;
1180 hci_req_add(req, HCI_OP_LE_SET_ADV_PARAM, sizeof(cp), &cp);
1182 hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), &enable);
1185 static void service_cache_off(struct work_struct *work)
1187 struct hci_dev *hdev = container_of(work, struct hci_dev,
1188 service_cache.work);
1189 struct hci_request req;
1191 if (!test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
1194 hci_req_init(&req, hdev);
1201 hci_dev_unlock(hdev);
1203 hci_req_run(&req, NULL);
1206 static void rpa_expired(struct work_struct *work)
1208 struct hci_dev *hdev = container_of(work, struct hci_dev,
1210 struct hci_request req;
1214 set_bit(HCI_RPA_EXPIRED, &hdev->dev_flags);
1216 if (!test_bit(HCI_ADVERTISING, &hdev->dev_flags))
1219 /* The generation of a new RPA and programming it into the
1220 * controller happens in the enable_advertising() function.
1222 hci_req_init(&req, hdev);
1223 enable_advertising(&req);
1224 hci_req_run(&req, NULL);
1227 static void mgmt_init_hdev(struct sock *sk, struct hci_dev *hdev)
1229 if (test_and_set_bit(HCI_MGMT, &hdev->dev_flags))
1232 INIT_DELAYED_WORK(&hdev->service_cache, service_cache_off);
1233 INIT_DELAYED_WORK(&hdev->rpa_expired, rpa_expired);
1235 /* Non-mgmt controlled devices get this bit set
1236 * implicitly so that pairing works for them, however
1237 * for mgmt we require user-space to explicitly enable
1240 clear_bit(HCI_BONDABLE, &hdev->dev_flags);
1243 static int read_controller_info(struct sock *sk, struct hci_dev *hdev,
1244 void *data, u16 data_len)
1246 struct mgmt_rp_read_info rp;
1248 BT_DBG("sock %p %s", sk, hdev->name);
1252 memset(&rp, 0, sizeof(rp));
1254 bacpy(&rp.bdaddr, &hdev->bdaddr);
1256 rp.version = hdev->hci_ver;
1257 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
1259 rp.supported_settings = cpu_to_le32(get_supported_settings(hdev));
1260 rp.current_settings = cpu_to_le32(get_current_settings(hdev));
1262 memcpy(rp.dev_class, hdev->dev_class, 3);
1264 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name));
1265 memcpy(rp.short_name, hdev->short_name, sizeof(hdev->short_name));
1267 hci_dev_unlock(hdev);
1269 return cmd_complete(sk, hdev->id, MGMT_OP_READ_INFO, 0, &rp,
1273 static void mgmt_pending_free(struct pending_cmd *cmd)
1280 static struct pending_cmd *mgmt_pending_add(struct sock *sk, u16 opcode,
1281 struct hci_dev *hdev, void *data,
1284 struct pending_cmd *cmd;
1286 cmd = kzalloc(sizeof(*cmd), GFP_KERNEL);
1290 cmd->opcode = opcode;
1291 cmd->index = hdev->id;
1293 cmd->param = kmemdup(data, len, GFP_KERNEL);
1299 cmd->param_len = len;
1304 list_add(&cmd->list, &hdev->mgmt_pending);
1309 static void mgmt_pending_foreach(u16 opcode, struct hci_dev *hdev,
1310 void (*cb)(struct pending_cmd *cmd,
1314 struct pending_cmd *cmd, *tmp;
1316 list_for_each_entry_safe(cmd, tmp, &hdev->mgmt_pending, list) {
1317 if (opcode > 0 && cmd->opcode != opcode)
1324 static void mgmt_pending_remove(struct pending_cmd *cmd)
1326 list_del(&cmd->list);
1327 mgmt_pending_free(cmd);
1330 static int send_settings_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
1332 __le32 settings = cpu_to_le32(get_current_settings(hdev));
1334 return cmd_complete(sk, hdev->id, opcode, 0, &settings,
1338 static void clean_up_hci_complete(struct hci_dev *hdev, u8 status, u16 opcode)
1340 BT_DBG("%s status 0x%02x", hdev->name, status);
1342 if (hci_conn_count(hdev) == 0) {
1343 cancel_delayed_work(&hdev->power_off);
1344 queue_work(hdev->req_workqueue, &hdev->power_off.work);
1348 static bool hci_stop_discovery(struct hci_request *req)
1350 struct hci_dev *hdev = req->hdev;
1351 struct hci_cp_remote_name_req_cancel cp;
1352 struct inquiry_entry *e;
1354 switch (hdev->discovery.state) {
1355 case DISCOVERY_FINDING:
1356 if (test_bit(HCI_INQUIRY, &hdev->flags)) {
1357 hci_req_add(req, HCI_OP_INQUIRY_CANCEL, 0, NULL);
1359 cancel_delayed_work(&hdev->le_scan_disable);
1360 hci_req_add_le_scan_disable(req);
1365 case DISCOVERY_RESOLVING:
1366 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY,
1371 bacpy(&cp.bdaddr, &e->data.bdaddr);
1372 hci_req_add(req, HCI_OP_REMOTE_NAME_REQ_CANCEL, sizeof(cp),
1378 /* Passive scanning */
1379 if (test_bit(HCI_LE_SCAN, &hdev->dev_flags)) {
1380 hci_req_add_le_scan_disable(req);
1390 static int clean_up_hci_state(struct hci_dev *hdev)
1392 struct hci_request req;
1393 struct hci_conn *conn;
1394 bool discov_stopped;
1397 hci_req_init(&req, hdev);
1399 if (test_bit(HCI_ISCAN, &hdev->flags) ||
1400 test_bit(HCI_PSCAN, &hdev->flags)) {
1402 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1405 if (test_bit(HCI_LE_ADV, &hdev->dev_flags))
1406 disable_advertising(&req);
1408 discov_stopped = hci_stop_discovery(&req);
1410 list_for_each_entry(conn, &hdev->conn_hash.list, list) {
1411 struct hci_cp_disconnect dc;
1412 struct hci_cp_reject_conn_req rej;
1414 switch (conn->state) {
1417 dc.handle = cpu_to_le16(conn->handle);
1418 dc.reason = 0x15; /* Terminated due to Power Off */
1419 hci_req_add(&req, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1422 if (conn->type == LE_LINK)
1423 hci_req_add(&req, HCI_OP_LE_CREATE_CONN_CANCEL,
1425 else if (conn->type == ACL_LINK)
1426 hci_req_add(&req, HCI_OP_CREATE_CONN_CANCEL,
1430 bacpy(&rej.bdaddr, &conn->dst);
1431 rej.reason = 0x15; /* Terminated due to Power Off */
1432 if (conn->type == ACL_LINK)
1433 hci_req_add(&req, HCI_OP_REJECT_CONN_REQ,
1435 else if (conn->type == SCO_LINK)
1436 hci_req_add(&req, HCI_OP_REJECT_SYNC_CONN_REQ,
1442 err = hci_req_run(&req, clean_up_hci_complete);
1443 if (!err && discov_stopped)
1444 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
1449 static int set_powered(struct sock *sk, struct hci_dev *hdev, void *data,
1452 struct mgmt_mode *cp = data;
1453 struct pending_cmd *cmd;
1456 BT_DBG("request for %s", hdev->name);
1458 if (cp->val != 0x00 && cp->val != 0x01)
1459 return cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
1460 MGMT_STATUS_INVALID_PARAMS);
1464 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev)) {
1465 err = cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
1470 if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->dev_flags)) {
1471 cancel_delayed_work(&hdev->power_off);
1474 mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev,
1476 err = mgmt_powered(hdev, 1);
1481 if (!!cp->val == hdev_is_powered(hdev)) {
1482 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
1486 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev, data, len);
1493 queue_work(hdev->req_workqueue, &hdev->power_on);
1496 /* Disconnect connections, stop scans, etc */
1497 err = clean_up_hci_state(hdev);
1499 queue_delayed_work(hdev->req_workqueue, &hdev->power_off,
1500 HCI_POWER_OFF_TIMEOUT);
1502 /* ENODATA means there were no HCI commands queued */
1503 if (err == -ENODATA) {
1504 cancel_delayed_work(&hdev->power_off);
1505 queue_work(hdev->req_workqueue, &hdev->power_off.work);
1511 hci_dev_unlock(hdev);
1515 static int new_settings(struct hci_dev *hdev, struct sock *skip)
1519 ev = cpu_to_le32(get_current_settings(hdev));
1521 return mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev), skip);
1524 int mgmt_new_settings(struct hci_dev *hdev)
1526 return new_settings(hdev, NULL);
1531 struct hci_dev *hdev;
1535 static void settings_rsp(struct pending_cmd *cmd, void *data)
1537 struct cmd_lookup *match = data;
1539 send_settings_rsp(cmd->sk, cmd->opcode, match->hdev);
1541 list_del(&cmd->list);
1543 if (match->sk == NULL) {
1544 match->sk = cmd->sk;
1545 sock_hold(match->sk);
1548 mgmt_pending_free(cmd);
1551 static void cmd_status_rsp(struct pending_cmd *cmd, void *data)
1555 cmd_status(cmd->sk, cmd->index, cmd->opcode, *status);
1556 mgmt_pending_remove(cmd);
1559 static void cmd_complete_rsp(struct pending_cmd *cmd, void *data)
1561 if (cmd->cmd_complete) {
1564 cmd->cmd_complete(cmd, *status);
1565 mgmt_pending_remove(cmd);
1570 cmd_status_rsp(cmd, data);
1573 static int generic_cmd_complete(struct pending_cmd *cmd, u8 status)
1575 return cmd_complete(cmd->sk, cmd->index, cmd->opcode, status,
1576 cmd->param, cmd->param_len);
1579 static int addr_cmd_complete(struct pending_cmd *cmd, u8 status)
1581 return cmd_complete(cmd->sk, cmd->index, cmd->opcode, status, cmd->param,
1582 sizeof(struct mgmt_addr_info));
1585 static u8 mgmt_bredr_support(struct hci_dev *hdev)
1587 if (!lmp_bredr_capable(hdev))
1588 return MGMT_STATUS_NOT_SUPPORTED;
1589 else if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1590 return MGMT_STATUS_REJECTED;
1592 return MGMT_STATUS_SUCCESS;
1595 static u8 mgmt_le_support(struct hci_dev *hdev)
1597 if (!lmp_le_capable(hdev))
1598 return MGMT_STATUS_NOT_SUPPORTED;
1599 else if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
1600 return MGMT_STATUS_REJECTED;
1602 return MGMT_STATUS_SUCCESS;
1605 static void set_discoverable_complete(struct hci_dev *hdev, u8 status,
1608 struct pending_cmd *cmd;
1609 struct mgmt_mode *cp;
1610 struct hci_request req;
1613 BT_DBG("status 0x%02x", status);
1617 cmd = mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev);
1622 u8 mgmt_err = mgmt_status(status);
1623 cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
1624 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1630 changed = !test_and_set_bit(HCI_DISCOVERABLE,
1633 if (hdev->discov_timeout > 0) {
1634 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
1635 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
1639 changed = test_and_clear_bit(HCI_DISCOVERABLE,
1643 send_settings_rsp(cmd->sk, MGMT_OP_SET_DISCOVERABLE, hdev);
1646 new_settings(hdev, cmd->sk);
1648 /* When the discoverable mode gets changed, make sure
1649 * that class of device has the limited discoverable
1650 * bit correctly set. Also update page scan based on whitelist
1653 hci_req_init(&req, hdev);
1654 __hci_update_page_scan(&req);
1656 hci_req_run(&req, NULL);
1659 mgmt_pending_remove(cmd);
1662 hci_dev_unlock(hdev);
1665 static int set_discoverable(struct sock *sk, struct hci_dev *hdev, void *data,
1668 struct mgmt_cp_set_discoverable *cp = data;
1669 struct pending_cmd *cmd;
1670 struct hci_request req;
1675 BT_DBG("request for %s", hdev->name);
1677 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags) &&
1678 !test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1679 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1680 MGMT_STATUS_REJECTED);
1682 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
1683 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1684 MGMT_STATUS_INVALID_PARAMS);
1686 timeout = __le16_to_cpu(cp->timeout);
1688 /* Disabling discoverable requires that no timeout is set,
1689 * and enabling limited discoverable requires a timeout.
1691 if ((cp->val == 0x00 && timeout > 0) ||
1692 (cp->val == 0x02 && timeout == 0))
1693 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1694 MGMT_STATUS_INVALID_PARAMS);
1698 if (!hdev_is_powered(hdev) && timeout > 0) {
1699 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1700 MGMT_STATUS_NOT_POWERED);
1704 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
1705 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
1706 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1711 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags)) {
1712 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1713 MGMT_STATUS_REJECTED);
1717 if (!hdev_is_powered(hdev)) {
1718 bool changed = false;
1720 /* Setting limited discoverable when powered off is
1721 * not a valid operation since it requires a timeout
1722 * and so no need to check HCI_LIMITED_DISCOVERABLE.
1724 if (!!cp->val != test_bit(HCI_DISCOVERABLE, &hdev->dev_flags)) {
1725 change_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
1729 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
1734 err = new_settings(hdev, sk);
1739 /* If the current mode is the same, then just update the timeout
1740 * value with the new value. And if only the timeout gets updated,
1741 * then no need for any HCI transactions.
1743 if (!!cp->val == test_bit(HCI_DISCOVERABLE, &hdev->dev_flags) &&
1744 (cp->val == 0x02) == test_bit(HCI_LIMITED_DISCOVERABLE,
1745 &hdev->dev_flags)) {
1746 cancel_delayed_work(&hdev->discov_off);
1747 hdev->discov_timeout = timeout;
1749 if (cp->val && hdev->discov_timeout > 0) {
1750 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
1751 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
1755 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
1759 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, hdev, data, len);
1765 /* Cancel any potential discoverable timeout that might be
1766 * still active and store new timeout value. The arming of
1767 * the timeout happens in the complete handler.
1769 cancel_delayed_work(&hdev->discov_off);
1770 hdev->discov_timeout = timeout;
1772 /* Limited discoverable mode */
1773 if (cp->val == 0x02)
1774 set_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1776 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1778 hci_req_init(&req, hdev);
1780 /* The procedure for LE-only controllers is much simpler - just
1781 * update the advertising data.
1783 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1789 struct hci_cp_write_current_iac_lap hci_cp;
1791 if (cp->val == 0x02) {
1792 /* Limited discoverable mode */
1793 hci_cp.num_iac = min_t(u8, hdev->num_iac, 2);
1794 hci_cp.iac_lap[0] = 0x00; /* LIAC */
1795 hci_cp.iac_lap[1] = 0x8b;
1796 hci_cp.iac_lap[2] = 0x9e;
1797 hci_cp.iac_lap[3] = 0x33; /* GIAC */
1798 hci_cp.iac_lap[4] = 0x8b;
1799 hci_cp.iac_lap[5] = 0x9e;
1801 /* General discoverable mode */
1803 hci_cp.iac_lap[0] = 0x33; /* GIAC */
1804 hci_cp.iac_lap[1] = 0x8b;
1805 hci_cp.iac_lap[2] = 0x9e;
1808 hci_req_add(&req, HCI_OP_WRITE_CURRENT_IAC_LAP,
1809 (hci_cp.num_iac * 3) + 1, &hci_cp);
1811 scan |= SCAN_INQUIRY;
1813 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1816 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, sizeof(scan), &scan);
1819 update_adv_data(&req);
1821 err = hci_req_run(&req, set_discoverable_complete);
1823 mgmt_pending_remove(cmd);
1826 hci_dev_unlock(hdev);
1830 static void write_fast_connectable(struct hci_request *req, bool enable)
1832 struct hci_dev *hdev = req->hdev;
1833 #ifndef CONFIG_TIZEN_WIP
1834 struct hci_cp_write_page_scan_activity acp;
1838 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1841 if (hdev->hci_ver < BLUETOOTH_VER_1_2)
1844 #ifdef CONFIG_TIZEN_WIP
1846 type = PAGE_SCAN_TYPE_INTERLACED;
1848 type = PAGE_SCAN_TYPE_STANDARD;
1852 type = PAGE_SCAN_TYPE_INTERLACED;
1854 /* 160 msec page scan interval */
1855 acp.interval = cpu_to_le16(0x0100);
1857 type = PAGE_SCAN_TYPE_STANDARD; /* default */
1859 /* default 1.28 sec page scan */
1860 acp.interval = cpu_to_le16(0x0800);
1863 acp.window = cpu_to_le16(0x0012);
1865 if (__cpu_to_le16(hdev->page_scan_interval) != acp.interval ||
1866 __cpu_to_le16(hdev->page_scan_window) != acp.window)
1867 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY,
1871 if (hdev->page_scan_type != type)
1872 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_TYPE, 1, &type);
1875 static void set_connectable_complete(struct hci_dev *hdev, u8 status,
1878 struct pending_cmd *cmd;
1879 struct mgmt_mode *cp;
1880 bool conn_changed, discov_changed;
1882 BT_DBG("status 0x%02x", status);
1886 cmd = mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
1891 u8 mgmt_err = mgmt_status(status);
1892 cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
1898 conn_changed = !test_and_set_bit(HCI_CONNECTABLE,
1900 discov_changed = false;
1902 conn_changed = test_and_clear_bit(HCI_CONNECTABLE,
1904 discov_changed = test_and_clear_bit(HCI_DISCOVERABLE,
1908 send_settings_rsp(cmd->sk, MGMT_OP_SET_CONNECTABLE, hdev);
1910 if (conn_changed || discov_changed) {
1911 new_settings(hdev, cmd->sk);
1912 hci_update_page_scan(hdev);
1914 mgmt_update_adv_data(hdev);
1915 hci_update_background_scan(hdev);
1919 mgmt_pending_remove(cmd);
1922 hci_dev_unlock(hdev);
1925 static int set_connectable_update_settings(struct hci_dev *hdev,
1926 struct sock *sk, u8 val)
1928 bool changed = false;
1931 if (!!val != test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
1935 set_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1937 clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1938 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
1941 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
1946 hci_update_page_scan(hdev);
1947 hci_update_background_scan(hdev);
1948 return new_settings(hdev, sk);
1954 static int set_connectable(struct sock *sk, struct hci_dev *hdev, void *data,
1957 struct mgmt_mode *cp = data;
1958 struct pending_cmd *cmd;
1959 struct hci_request req;
1963 BT_DBG("request for %s", hdev->name);
1965 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags) &&
1966 !test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1967 return cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1968 MGMT_STATUS_REJECTED);
1970 if (cp->val != 0x00 && cp->val != 0x01)
1971 return cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1972 MGMT_STATUS_INVALID_PARAMS);
1976 if (!hdev_is_powered(hdev)) {
1977 err = set_connectable_update_settings(hdev, sk, cp->val);
1981 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
1982 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
1983 err = cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1988 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, hdev, data, len);
1994 hci_req_init(&req, hdev);
1996 /* If BR/EDR is not enabled and we disable advertising as a
1997 * by-product of disabling connectable, we need to update the
1998 * advertising flags.
2000 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
2002 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
2003 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
2005 update_adv_data(&req);
2006 } else if (cp->val != test_bit(HCI_PSCAN, &hdev->flags)) {
2010 /* If we don't have any whitelist entries just
2011 * disable all scanning. If there are entries
2012 * and we had both page and inquiry scanning
2013 * enabled then fall back to only page scanning.
2014 * Otherwise no changes are needed.
2016 if (list_empty(&hdev->whitelist))
2017 scan = SCAN_DISABLED;
2018 else if (test_bit(HCI_ISCAN, &hdev->flags))
2021 goto no_scan_update;
2023 if (test_bit(HCI_ISCAN, &hdev->flags) &&
2024 hdev->discov_timeout > 0)
2025 cancel_delayed_work(&hdev->discov_off);
2028 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
2032 /* If we're going from non-connectable to connectable or
2033 * vice-versa when fast connectable is enabled ensure that fast
2034 * connectable gets disabled. write_fast_connectable won't do
2035 * anything if the page scan parameters are already what they
2038 if (cp->val || test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags))
2039 write_fast_connectable(&req, false);
2041 /* Update the advertising parameters if necessary */
2042 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
2043 enable_advertising(&req);
2045 err = hci_req_run(&req, set_connectable_complete);
2047 mgmt_pending_remove(cmd);
2048 if (err == -ENODATA)
2049 err = set_connectable_update_settings(hdev, sk,
2055 hci_dev_unlock(hdev);
2059 static int set_bondable(struct sock *sk, struct hci_dev *hdev, void *data,
2062 struct mgmt_mode *cp = data;
2066 BT_DBG("request for %s", hdev->name);
2068 if (cp->val != 0x00 && cp->val != 0x01)
2069 return cmd_status(sk, hdev->id, MGMT_OP_SET_BONDABLE,
2070 MGMT_STATUS_INVALID_PARAMS);
2075 changed = !test_and_set_bit(HCI_BONDABLE, &hdev->dev_flags);
2077 changed = test_and_clear_bit(HCI_BONDABLE, &hdev->dev_flags);
2079 err = send_settings_rsp(sk, MGMT_OP_SET_BONDABLE, hdev);
2084 err = new_settings(hdev, sk);
2087 hci_dev_unlock(hdev);
2091 static int set_link_security(struct sock *sk, struct hci_dev *hdev, void *data,
2094 struct mgmt_mode *cp = data;
2095 struct pending_cmd *cmd;
2099 BT_DBG("request for %s", hdev->name);
2101 status = mgmt_bredr_support(hdev);
2103 return cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
2106 if (cp->val != 0x00 && cp->val != 0x01)
2107 return cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
2108 MGMT_STATUS_INVALID_PARAMS);
2112 if (!hdev_is_powered(hdev)) {
2113 bool changed = false;
2115 if (!!cp->val != test_bit(HCI_LINK_SECURITY,
2116 &hdev->dev_flags)) {
2117 change_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
2121 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
2126 err = new_settings(hdev, sk);
2131 if (mgmt_pending_find(MGMT_OP_SET_LINK_SECURITY, hdev)) {
2132 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
2139 if (test_bit(HCI_AUTH, &hdev->flags) == val) {
2140 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
2144 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LINK_SECURITY, hdev, data, len);
2150 err = hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(val), &val);
2152 mgmt_pending_remove(cmd);
2157 hci_dev_unlock(hdev);
2161 static int set_ssp(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
2163 struct mgmt_mode *cp = data;
2164 struct pending_cmd *cmd;
2168 BT_DBG("request for %s", hdev->name);
2170 status = mgmt_bredr_support(hdev);
2172 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP, status);
2174 if (!lmp_ssp_capable(hdev))
2175 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
2176 MGMT_STATUS_NOT_SUPPORTED);
2178 if (cp->val != 0x00 && cp->val != 0x01)
2179 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
2180 MGMT_STATUS_INVALID_PARAMS);
2184 if (!hdev_is_powered(hdev)) {
2188 changed = !test_and_set_bit(HCI_SSP_ENABLED,
2191 changed = test_and_clear_bit(HCI_SSP_ENABLED,
2194 changed = test_and_clear_bit(HCI_HS_ENABLED,
2197 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
2200 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
2205 err = new_settings(hdev, sk);
2210 if (mgmt_pending_find(MGMT_OP_SET_SSP, hdev) ||
2211 mgmt_pending_find(MGMT_OP_SET_HS, hdev)) {
2212 err = cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
2217 if (!!cp->val == test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
2218 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
2222 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SSP, hdev, data, len);
2228 if (!cp->val && test_bit(HCI_USE_DEBUG_KEYS, &hdev->dev_flags))
2229 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_DEBUG_MODE,
2230 sizeof(cp->val), &cp->val);
2232 err = hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, 1, &cp->val);
2234 mgmt_pending_remove(cmd);
2239 hci_dev_unlock(hdev);
2243 static int set_hs(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
2245 struct mgmt_mode *cp = data;
2250 BT_DBG("request for %s", hdev->name);
2252 status = mgmt_bredr_support(hdev);
2254 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS, status);
2256 if (!lmp_ssp_capable(hdev))
2257 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2258 MGMT_STATUS_NOT_SUPPORTED);
2260 if (!test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
2261 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2262 MGMT_STATUS_REJECTED);
2264 if (cp->val != 0x00 && cp->val != 0x01)
2265 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2266 MGMT_STATUS_INVALID_PARAMS);
2271 changed = !test_and_set_bit(HCI_HS_ENABLED, &hdev->dev_flags);
2273 if (hdev_is_powered(hdev)) {
2274 err = cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2275 MGMT_STATUS_REJECTED);
2279 changed = test_and_clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
2282 err = send_settings_rsp(sk, MGMT_OP_SET_HS, hdev);
2287 err = new_settings(hdev, sk);
2290 hci_dev_unlock(hdev);
2294 static void le_enable_complete(struct hci_dev *hdev, u8 status, u16 opcode)
2296 struct cmd_lookup match = { NULL, hdev };
2298 #ifdef CONFIG_TIZEN_WIP
2303 u8 mgmt_err = mgmt_status(status);
2305 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, cmd_status_rsp,
2307 #ifdef CONFIG_TIZEN_WIP
2314 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, settings_rsp, &match);
2316 new_settings(hdev, match.sk);
2321 /* Make sure the controller has a good default for
2322 * advertising data. Restrict the update to when LE
2323 * has actually been enabled. During power on, the
2324 * update in powered_update_hci will take care of it.
2326 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
2327 struct hci_request req;
2329 #ifndef CONFIG_TIZEN_WIP
2333 hci_req_init(&req, hdev);
2334 update_adv_data(&req);
2335 update_scan_rsp_data(&req);
2336 __hci_update_background_scan(&req);
2337 hci_req_run(&req, NULL);
2339 hci_update_background_scan(hdev);
2340 #ifdef CONFIG_TIZEN_WIP
2342 hci_dev_unlock(hdev);
2346 static int set_le(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
2348 struct mgmt_mode *cp = data;
2349 struct hci_cp_write_le_host_supported hci_cp;
2350 struct pending_cmd *cmd;
2351 struct hci_request req;
2355 BT_DBG("request for %s", hdev->name);
2357 if (!lmp_le_capable(hdev))
2358 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2359 MGMT_STATUS_NOT_SUPPORTED);
2361 if (cp->val != 0x00 && cp->val != 0x01)
2362 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2363 MGMT_STATUS_INVALID_PARAMS);
2365 /* LE-only devices do not allow toggling LE on/off */
2366 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
2367 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2368 MGMT_STATUS_REJECTED);
2373 enabled = lmp_host_le_capable(hdev);
2375 if (!hdev_is_powered(hdev) || val == enabled) {
2376 bool changed = false;
2378 if (val != test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
2379 change_bit(HCI_LE_ENABLED, &hdev->dev_flags);
2383 if (!val && test_bit(HCI_ADVERTISING, &hdev->dev_flags)) {
2384 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
2388 err = send_settings_rsp(sk, MGMT_OP_SET_LE, hdev);
2393 err = new_settings(hdev, sk);
2398 if (mgmt_pending_find(MGMT_OP_SET_LE, hdev) ||
2399 mgmt_pending_find(MGMT_OP_SET_ADVERTISING, hdev)) {
2400 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2405 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LE, hdev, data, len);
2411 hci_req_init(&req, hdev);
2413 memset(&hci_cp, 0, sizeof(hci_cp));
2417 hci_cp.simul = 0x00;
2419 if (test_bit(HCI_LE_ADV, &hdev->dev_flags))
2420 disable_advertising(&req);
2423 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(hci_cp),
2426 err = hci_req_run(&req, le_enable_complete);
2428 mgmt_pending_remove(cmd);
2431 hci_dev_unlock(hdev);
2435 /* This is a helper function to test for pending mgmt commands that can
2436 * cause CoD or EIR HCI commands. We can only allow one such pending
2437 * mgmt command at a time since otherwise we cannot easily track what
2438 * the current values are, will be, and based on that calculate if a new
2439 * HCI command needs to be sent and if yes with what value.
2441 static bool pending_eir_or_class(struct hci_dev *hdev)
2443 struct pending_cmd *cmd;
2445 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
2446 switch (cmd->opcode) {
2447 case MGMT_OP_ADD_UUID:
2448 case MGMT_OP_REMOVE_UUID:
2449 case MGMT_OP_SET_DEV_CLASS:
2450 case MGMT_OP_SET_POWERED:
2458 static const u8 bluetooth_base_uuid[] = {
2459 0xfb, 0x34, 0x9b, 0x5f, 0x80, 0x00, 0x00, 0x80,
2460 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2463 static u8 get_uuid_size(const u8 *uuid)
2467 if (memcmp(uuid, bluetooth_base_uuid, 12))
2470 val = get_unaligned_le32(&uuid[12]);
2477 static void mgmt_class_complete(struct hci_dev *hdev, u16 mgmt_op, u8 status)
2479 struct pending_cmd *cmd;
2483 cmd = mgmt_pending_find(mgmt_op, hdev);
2487 cmd_complete(cmd->sk, cmd->index, cmd->opcode, mgmt_status(status),
2488 hdev->dev_class, 3);
2490 mgmt_pending_remove(cmd);
2493 hci_dev_unlock(hdev);
2496 static void add_uuid_complete(struct hci_dev *hdev, u8 status, u16 opcode)
2498 BT_DBG("status 0x%02x", status);
2500 mgmt_class_complete(hdev, MGMT_OP_ADD_UUID, status);
2503 static int add_uuid(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
2505 struct mgmt_cp_add_uuid *cp = data;
2506 struct pending_cmd *cmd;
2507 struct hci_request req;
2508 struct bt_uuid *uuid;
2511 BT_DBG("request for %s", hdev->name);
2515 if (pending_eir_or_class(hdev)) {
2516 err = cmd_status(sk, hdev->id, MGMT_OP_ADD_UUID,
2521 uuid = kmalloc(sizeof(*uuid), GFP_KERNEL);
2527 memcpy(uuid->uuid, cp->uuid, 16);
2528 uuid->svc_hint = cp->svc_hint;
2529 uuid->size = get_uuid_size(cp->uuid);
2531 list_add_tail(&uuid->list, &hdev->uuids);
2533 hci_req_init(&req, hdev);
2538 err = hci_req_run(&req, add_uuid_complete);
2540 if (err != -ENODATA)
2543 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_UUID, 0,
2544 hdev->dev_class, 3);
2548 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_UUID, hdev, data, len);
2557 hci_dev_unlock(hdev);
2561 static bool enable_service_cache(struct hci_dev *hdev)
2563 if (!hdev_is_powered(hdev))
2566 if (!test_and_set_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
2567 queue_delayed_work(hdev->workqueue, &hdev->service_cache,
2575 static void remove_uuid_complete(struct hci_dev *hdev, u8 status, u16 opcode)
2577 BT_DBG("status 0x%02x", status);
2579 mgmt_class_complete(hdev, MGMT_OP_REMOVE_UUID, status);
2582 static int remove_uuid(struct sock *sk, struct hci_dev *hdev, void *data,
2585 struct mgmt_cp_remove_uuid *cp = data;
2586 struct pending_cmd *cmd;
2587 struct bt_uuid *match, *tmp;
2588 u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
2589 struct hci_request req;
2592 BT_DBG("request for %s", hdev->name);
2596 if (pending_eir_or_class(hdev)) {
2597 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
2602 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) {
2603 hci_uuids_clear(hdev);
2605 if (enable_service_cache(hdev)) {
2606 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID,
2607 0, hdev->dev_class, 3);
2616 list_for_each_entry_safe(match, tmp, &hdev->uuids, list) {
2617 if (memcmp(match->uuid, cp->uuid, 16) != 0)
2620 list_del(&match->list);
2626 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
2627 MGMT_STATUS_INVALID_PARAMS);
2632 hci_req_init(&req, hdev);
2637 err = hci_req_run(&req, remove_uuid_complete);
2639 if (err != -ENODATA)
2642 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID, 0,
2643 hdev->dev_class, 3);
2647 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_UUID, hdev, data, len);
2656 hci_dev_unlock(hdev);
2660 static void set_class_complete(struct hci_dev *hdev, u8 status, u16 opcode)
2662 BT_DBG("status 0x%02x", status);
2664 mgmt_class_complete(hdev, MGMT_OP_SET_DEV_CLASS, status);
2667 static int set_dev_class(struct sock *sk, struct hci_dev *hdev, void *data,
2670 struct mgmt_cp_set_dev_class *cp = data;
2671 struct pending_cmd *cmd;
2672 struct hci_request req;
2675 BT_DBG("request for %s", hdev->name);
2677 if (!lmp_bredr_capable(hdev))
2678 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2679 MGMT_STATUS_NOT_SUPPORTED);
2683 if (pending_eir_or_class(hdev)) {
2684 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2689 if ((cp->minor & 0x03) != 0 || (cp->major & 0xe0) != 0) {
2690 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2691 MGMT_STATUS_INVALID_PARAMS);
2695 hdev->major_class = cp->major;
2696 hdev->minor_class = cp->minor;
2698 if (!hdev_is_powered(hdev)) {
2699 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
2700 hdev->dev_class, 3);
2704 hci_req_init(&req, hdev);
2706 if (test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
2707 hci_dev_unlock(hdev);
2708 cancel_delayed_work_sync(&hdev->service_cache);
2715 err = hci_req_run(&req, set_class_complete);
2717 if (err != -ENODATA)
2720 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
2721 hdev->dev_class, 3);
2725 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DEV_CLASS, hdev, data, len);
2734 hci_dev_unlock(hdev);
2738 static int load_link_keys(struct sock *sk, struct hci_dev *hdev, void *data,
2741 struct mgmt_cp_load_link_keys *cp = data;
2742 const u16 max_key_count = ((U16_MAX - sizeof(*cp)) /
2743 sizeof(struct mgmt_link_key_info));
2744 u16 key_count, expected_len;
2748 BT_DBG("request for %s", hdev->name);
2750 if (!lmp_bredr_capable(hdev))
2751 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2752 MGMT_STATUS_NOT_SUPPORTED);
2754 key_count = __le16_to_cpu(cp->key_count);
2755 if (key_count > max_key_count) {
2756 BT_ERR("load_link_keys: too big key_count value %u",
2758 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2759 MGMT_STATUS_INVALID_PARAMS);
2762 expected_len = sizeof(*cp) + key_count *
2763 sizeof(struct mgmt_link_key_info);
2764 if (expected_len != len) {
2765 BT_ERR("load_link_keys: expected %u bytes, got %u bytes",
2767 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2768 MGMT_STATUS_INVALID_PARAMS);
2771 if (cp->debug_keys != 0x00 && cp->debug_keys != 0x01)
2772 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2773 MGMT_STATUS_INVALID_PARAMS);
2775 BT_DBG("%s debug_keys %u key_count %u", hdev->name, cp->debug_keys,
2778 for (i = 0; i < key_count; i++) {
2779 struct mgmt_link_key_info *key = &cp->keys[i];
2781 if (key->addr.type != BDADDR_BREDR || key->type > 0x08)
2782 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2783 MGMT_STATUS_INVALID_PARAMS);
2788 hci_link_keys_clear(hdev);
2791 changed = !test_and_set_bit(HCI_KEEP_DEBUG_KEYS,
2794 changed = test_and_clear_bit(HCI_KEEP_DEBUG_KEYS,
2798 new_settings(hdev, NULL);
2800 for (i = 0; i < key_count; i++) {
2801 struct mgmt_link_key_info *key = &cp->keys[i];
2803 /* Always ignore debug keys and require a new pairing if
2804 * the user wants to use them.
2806 if (key->type == HCI_LK_DEBUG_COMBINATION)
2809 hci_add_link_key(hdev, NULL, &key->addr.bdaddr, key->val,
2810 key->type, key->pin_len, NULL);
2813 cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 0, NULL, 0);
2815 hci_dev_unlock(hdev);
2820 static int device_unpaired(struct hci_dev *hdev, bdaddr_t *bdaddr,
2821 u8 addr_type, struct sock *skip_sk)
2823 struct mgmt_ev_device_unpaired ev;
2825 bacpy(&ev.addr.bdaddr, bdaddr);
2826 ev.addr.type = addr_type;
2828 return mgmt_event(MGMT_EV_DEVICE_UNPAIRED, hdev, &ev, sizeof(ev),
2832 static int unpair_device(struct sock *sk, struct hci_dev *hdev, void *data,
2835 struct mgmt_cp_unpair_device *cp = data;
2836 struct mgmt_rp_unpair_device rp;
2837 struct hci_cp_disconnect dc;
2838 struct pending_cmd *cmd;
2839 struct hci_conn *conn;
2842 memset(&rp, 0, sizeof(rp));
2843 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2844 rp.addr.type = cp->addr.type;
2846 if (!bdaddr_type_is_valid(cp->addr.type))
2847 return cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2848 MGMT_STATUS_INVALID_PARAMS,
2851 if (cp->disconnect != 0x00 && cp->disconnect != 0x01)
2852 return cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2853 MGMT_STATUS_INVALID_PARAMS,
2858 if (!hdev_is_powered(hdev)) {
2859 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2860 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
2864 if (cp->addr.type == BDADDR_BREDR) {
2865 /* If disconnection is requested, then look up the
2866 * connection. If the remote device is connected, it
2867 * will be later used to terminate the link.
2869 * Setting it to NULL explicitly will cause no
2870 * termination of the link.
2873 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
2878 err = hci_remove_link_key(hdev, &cp->addr.bdaddr);
2882 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK,
2885 /* Defer clearing up the connection parameters
2886 * until closing to give a chance of keeping
2887 * them if a repairing happens.
2889 set_bit(HCI_CONN_PARAM_REMOVAL_PEND, &conn->flags);
2891 /* If disconnection is not requested, then
2892 * clear the connection variable so that the
2893 * link is not terminated.
2895 if (!cp->disconnect)
2899 if (cp->addr.type == BDADDR_LE_PUBLIC)
2900 addr_type = ADDR_LE_DEV_PUBLIC;
2902 addr_type = ADDR_LE_DEV_RANDOM;
2904 hci_remove_irk(hdev, &cp->addr.bdaddr, addr_type);
2906 err = hci_remove_ltk(hdev, &cp->addr.bdaddr, addr_type);
2910 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2911 MGMT_STATUS_NOT_PAIRED, &rp, sizeof(rp));
2915 /* If the connection variable is set, then termination of the
2916 * link is requested.
2919 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 0,
2921 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, sk);
2925 cmd = mgmt_pending_add(sk, MGMT_OP_UNPAIR_DEVICE, hdev, cp,
2932 cmd->cmd_complete = addr_cmd_complete;
2934 dc.handle = cpu_to_le16(conn->handle);
2935 dc.reason = 0x13; /* Remote User Terminated Connection */
2936 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
2938 mgmt_pending_remove(cmd);
2941 hci_dev_unlock(hdev);
2945 static int disconnect(struct sock *sk, struct hci_dev *hdev, void *data,
2948 struct mgmt_cp_disconnect *cp = data;
2949 struct mgmt_rp_disconnect rp;
2950 struct pending_cmd *cmd;
2951 struct hci_conn *conn;
2956 memset(&rp, 0, sizeof(rp));
2957 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2958 rp.addr.type = cp->addr.type;
2960 if (!bdaddr_type_is_valid(cp->addr.type))
2961 return cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2962 MGMT_STATUS_INVALID_PARAMS,
2967 if (!test_bit(HCI_UP, &hdev->flags)) {
2968 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2969 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
2973 if (mgmt_pending_find(MGMT_OP_DISCONNECT, hdev)) {
2974 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2975 MGMT_STATUS_BUSY, &rp, sizeof(rp));
2979 if (cp->addr.type == BDADDR_BREDR)
2980 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
2983 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
2985 if (!conn || conn->state == BT_OPEN || conn->state == BT_CLOSED) {
2986 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2987 MGMT_STATUS_NOT_CONNECTED, &rp, sizeof(rp));
2991 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, hdev, data, len);
2997 cmd->cmd_complete = generic_cmd_complete;
2999 err = hci_disconnect(conn, HCI_ERROR_REMOTE_USER_TERM);
3001 mgmt_pending_remove(cmd);
3004 hci_dev_unlock(hdev);
3008 static u8 link_to_bdaddr(u8 link_type, u8 addr_type)
3010 switch (link_type) {
3012 switch (addr_type) {
3013 case ADDR_LE_DEV_PUBLIC:
3014 return BDADDR_LE_PUBLIC;
3017 /* Fallback to LE Random address type */
3018 return BDADDR_LE_RANDOM;
3022 /* Fallback to BR/EDR type */
3023 return BDADDR_BREDR;
3027 static int get_connections(struct sock *sk, struct hci_dev *hdev, void *data,
3030 struct mgmt_rp_get_connections *rp;
3040 if (!hdev_is_powered(hdev)) {
3041 err = cmd_status(sk, hdev->id, MGMT_OP_GET_CONNECTIONS,
3042 MGMT_STATUS_NOT_POWERED);
3047 list_for_each_entry(c, &hdev->conn_hash.list, list) {
3048 if (test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
3052 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
3053 rp = kmalloc(rp_len, GFP_KERNEL);
3060 list_for_each_entry(c, &hdev->conn_hash.list, list) {
3061 if (!test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
3063 bacpy(&rp->addr[i].bdaddr, &c->dst);
3064 rp->addr[i].type = link_to_bdaddr(c->type, c->dst_type);
3065 if (c->type == SCO_LINK || c->type == ESCO_LINK)
3070 rp->conn_count = cpu_to_le16(i);
3072 /* Recalculate length in case of filtered SCO connections, etc */
3073 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
3075 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONNECTIONS, 0, rp,
3081 hci_dev_unlock(hdev);
3085 static int send_pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
3086 struct mgmt_cp_pin_code_neg_reply *cp)
3088 struct pending_cmd *cmd;
3091 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, hdev, cp,
3096 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
3097 sizeof(cp->addr.bdaddr), &cp->addr.bdaddr);
3099 mgmt_pending_remove(cmd);
3104 static int pin_code_reply(struct sock *sk, struct hci_dev *hdev, void *data,
3107 struct hci_conn *conn;
3108 struct mgmt_cp_pin_code_reply *cp = data;
3109 struct hci_cp_pin_code_reply reply;
3110 struct pending_cmd *cmd;
3117 if (!hdev_is_powered(hdev)) {
3118 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
3119 MGMT_STATUS_NOT_POWERED);
3123 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr);
3125 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
3126 MGMT_STATUS_NOT_CONNECTED);
3130 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) {
3131 struct mgmt_cp_pin_code_neg_reply ncp;
3133 memcpy(&ncp.addr, &cp->addr, sizeof(ncp.addr));
3135 BT_ERR("PIN code is not 16 bytes long");
3137 err = send_pin_code_neg_reply(sk, hdev, &ncp);
3139 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
3140 MGMT_STATUS_INVALID_PARAMS);
3145 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, hdev, data, len);
3151 cmd->cmd_complete = addr_cmd_complete;
3153 bacpy(&reply.bdaddr, &cp->addr.bdaddr);
3154 reply.pin_len = cp->pin_len;
3155 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code));
3157 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply);
3159 mgmt_pending_remove(cmd);
3162 hci_dev_unlock(hdev);
3166 static int set_io_capability(struct sock *sk, struct hci_dev *hdev, void *data,
3169 struct mgmt_cp_set_io_capability *cp = data;
3173 if (cp->io_capability > SMP_IO_KEYBOARD_DISPLAY)
3174 return cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY,
3175 MGMT_STATUS_INVALID_PARAMS, NULL, 0);
3179 hdev->io_capability = cp->io_capability;
3181 BT_DBG("%s IO capability set to 0x%02x", hdev->name,
3182 hdev->io_capability);
3184 hci_dev_unlock(hdev);
3186 return cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY, 0, NULL,
3190 static struct pending_cmd *find_pairing(struct hci_conn *conn)
3192 struct hci_dev *hdev = conn->hdev;
3193 struct pending_cmd *cmd;
3195 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
3196 if (cmd->opcode != MGMT_OP_PAIR_DEVICE)
3199 if (cmd->user_data != conn)
3208 static int pairing_complete(struct pending_cmd *cmd, u8 status)
3210 struct mgmt_rp_pair_device rp;
3211 struct hci_conn *conn = cmd->user_data;
3214 bacpy(&rp.addr.bdaddr, &conn->dst);
3215 rp.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
3217 err = cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE, status,
3220 /* So we don't get further callbacks for this connection */
3221 conn->connect_cfm_cb = NULL;
3222 conn->security_cfm_cb = NULL;
3223 conn->disconn_cfm_cb = NULL;
3225 hci_conn_drop(conn);
3227 /* The device is paired so there is no need to remove
3228 * its connection parameters anymore.
3230 clear_bit(HCI_CONN_PARAM_REMOVAL_PEND, &conn->flags);
3237 void mgmt_smp_complete(struct hci_conn *conn, bool complete)
3239 u8 status = complete ? MGMT_STATUS_SUCCESS : MGMT_STATUS_FAILED;
3240 struct pending_cmd *cmd;
3242 cmd = find_pairing(conn);
3244 cmd->cmd_complete(cmd, status);
3245 mgmt_pending_remove(cmd);
3249 static void pairing_complete_cb(struct hci_conn *conn, u8 status)
3251 struct pending_cmd *cmd;
3253 BT_DBG("status %u", status);
3255 cmd = find_pairing(conn);
3257 BT_DBG("Unable to find a pending command");
3261 cmd->cmd_complete(cmd, mgmt_status(status));
3262 mgmt_pending_remove(cmd);
3265 static void le_pairing_complete_cb(struct hci_conn *conn, u8 status)
3267 struct pending_cmd *cmd;
3269 BT_DBG("status %u", status);
3274 cmd = find_pairing(conn);
3276 BT_DBG("Unable to find a pending command");
3280 cmd->cmd_complete(cmd, mgmt_status(status));
3281 mgmt_pending_remove(cmd);
3284 static int pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
3287 struct mgmt_cp_pair_device *cp = data;
3288 struct mgmt_rp_pair_device rp;
3289 struct pending_cmd *cmd;
3290 u8 sec_level, auth_type;
3291 struct hci_conn *conn;
3296 memset(&rp, 0, sizeof(rp));
3297 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
3298 rp.addr.type = cp->addr.type;
3300 if (!bdaddr_type_is_valid(cp->addr.type))
3301 return cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3302 MGMT_STATUS_INVALID_PARAMS,
3305 if (cp->io_cap > SMP_IO_KEYBOARD_DISPLAY)
3306 return cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3307 MGMT_STATUS_INVALID_PARAMS,
3312 if (!hdev_is_powered(hdev)) {
3313 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3314 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
3318 sec_level = BT_SECURITY_MEDIUM;
3319 auth_type = HCI_AT_DEDICATED_BONDING;
3321 if (cp->addr.type == BDADDR_BREDR) {
3322 conn = hci_connect_acl(hdev, &cp->addr.bdaddr, sec_level,
3327 /* Convert from L2CAP channel address type to HCI address type
3329 if (cp->addr.type == BDADDR_LE_PUBLIC)
3330 addr_type = ADDR_LE_DEV_PUBLIC;
3332 addr_type = ADDR_LE_DEV_RANDOM;
3334 /* When pairing a new device, it is expected to remember
3335 * this device for future connections. Adding the connection
3336 * parameter information ahead of time allows tracking
3337 * of the slave preferred values and will speed up any
3338 * further connection establishment.
3340 * If connection parameters already exist, then they
3341 * will be kept and this function does nothing.
3343 hci_conn_params_add(hdev, &cp->addr.bdaddr, addr_type);
3345 conn = hci_connect_le(hdev, &cp->addr.bdaddr, addr_type,
3346 sec_level, HCI_LE_CONN_TIMEOUT,
3353 if (PTR_ERR(conn) == -EBUSY)
3354 status = MGMT_STATUS_BUSY;
3356 status = MGMT_STATUS_CONNECT_FAILED;
3358 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3364 if (conn->connect_cfm_cb) {
3365 hci_conn_drop(conn);
3366 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3367 MGMT_STATUS_BUSY, &rp, sizeof(rp));
3371 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len);
3374 hci_conn_drop(conn);
3378 cmd->cmd_complete = pairing_complete;
3380 /* For LE, just connecting isn't a proof that the pairing finished */
3381 if (cp->addr.type == BDADDR_BREDR) {
3382 conn->connect_cfm_cb = pairing_complete_cb;
3383 conn->security_cfm_cb = pairing_complete_cb;
3384 conn->disconn_cfm_cb = pairing_complete_cb;
3386 conn->connect_cfm_cb = le_pairing_complete_cb;
3387 conn->security_cfm_cb = le_pairing_complete_cb;
3388 conn->disconn_cfm_cb = le_pairing_complete_cb;
3391 conn->io_capability = cp->io_cap;
3392 cmd->user_data = hci_conn_get(conn);
3394 if ((conn->state == BT_CONNECTED || conn->state == BT_CONFIG) &&
3395 hci_conn_security(conn, sec_level, auth_type, true)) {
3396 cmd->cmd_complete(cmd, 0);
3397 mgmt_pending_remove(cmd);
3403 hci_dev_unlock(hdev);
3407 static int cancel_pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
3410 struct mgmt_addr_info *addr = data;
3411 struct pending_cmd *cmd;
3412 struct hci_conn *conn;
3419 if (!hdev_is_powered(hdev)) {
3420 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
3421 MGMT_STATUS_NOT_POWERED);
3425 cmd = mgmt_pending_find(MGMT_OP_PAIR_DEVICE, hdev);
3427 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
3428 MGMT_STATUS_INVALID_PARAMS);
3432 conn = cmd->user_data;
3434 if (bacmp(&addr->bdaddr, &conn->dst) != 0) {
3435 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
3436 MGMT_STATUS_INVALID_PARAMS);
3440 cmd->cmd_complete(cmd, MGMT_STATUS_CANCELLED);
3441 mgmt_pending_remove(cmd);
3443 err = cmd_complete(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE, 0,
3444 addr, sizeof(*addr));
3446 hci_dev_unlock(hdev);
3450 static int user_pairing_resp(struct sock *sk, struct hci_dev *hdev,
3451 struct mgmt_addr_info *addr, u16 mgmt_op,
3452 u16 hci_op, __le32 passkey)
3454 struct pending_cmd *cmd;
3455 struct hci_conn *conn;
3460 if (!hdev_is_powered(hdev)) {
3461 err = cmd_complete(sk, hdev->id, mgmt_op,
3462 MGMT_STATUS_NOT_POWERED, addr,
3467 if (addr->type == BDADDR_BREDR)
3468 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &addr->bdaddr);
3470 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &addr->bdaddr);
3473 err = cmd_complete(sk, hdev->id, mgmt_op,
3474 MGMT_STATUS_NOT_CONNECTED, addr,
3479 if (addr->type == BDADDR_LE_PUBLIC || addr->type == BDADDR_LE_RANDOM) {
3480 err = smp_user_confirm_reply(conn, mgmt_op, passkey);
3482 err = cmd_complete(sk, hdev->id, mgmt_op,
3483 MGMT_STATUS_SUCCESS, addr,
3486 err = cmd_complete(sk, hdev->id, mgmt_op,
3487 MGMT_STATUS_FAILED, addr,
3493 cmd = mgmt_pending_add(sk, mgmt_op, hdev, addr, sizeof(*addr));
3499 cmd->cmd_complete = addr_cmd_complete;
3501 /* Continue with pairing via HCI */
3502 if (hci_op == HCI_OP_USER_PASSKEY_REPLY) {
3503 struct hci_cp_user_passkey_reply cp;
3505 bacpy(&cp.bdaddr, &addr->bdaddr);
3506 cp.passkey = passkey;
3507 err = hci_send_cmd(hdev, hci_op, sizeof(cp), &cp);
3509 err = hci_send_cmd(hdev, hci_op, sizeof(addr->bdaddr),
3513 mgmt_pending_remove(cmd);
3516 hci_dev_unlock(hdev);
3520 static int pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
3521 void *data, u16 len)
3523 struct mgmt_cp_pin_code_neg_reply *cp = data;
3527 return user_pairing_resp(sk, hdev, &cp->addr,
3528 MGMT_OP_PIN_CODE_NEG_REPLY,
3529 HCI_OP_PIN_CODE_NEG_REPLY, 0);
3532 static int user_confirm_reply(struct sock *sk, struct hci_dev *hdev, void *data,
3535 struct mgmt_cp_user_confirm_reply *cp = data;
3539 if (len != sizeof(*cp))
3540 return cmd_status(sk, hdev->id, MGMT_OP_USER_CONFIRM_REPLY,
3541 MGMT_STATUS_INVALID_PARAMS);
3543 return user_pairing_resp(sk, hdev, &cp->addr,
3544 MGMT_OP_USER_CONFIRM_REPLY,
3545 HCI_OP_USER_CONFIRM_REPLY, 0);
3548 static int user_confirm_neg_reply(struct sock *sk, struct hci_dev *hdev,
3549 void *data, u16 len)
3551 struct mgmt_cp_user_confirm_neg_reply *cp = data;
3555 return user_pairing_resp(sk, hdev, &cp->addr,
3556 MGMT_OP_USER_CONFIRM_NEG_REPLY,
3557 HCI_OP_USER_CONFIRM_NEG_REPLY, 0);
3560 static int user_passkey_reply(struct sock *sk, struct hci_dev *hdev, void *data,
3563 struct mgmt_cp_user_passkey_reply *cp = data;
3567 return user_pairing_resp(sk, hdev, &cp->addr,
3568 MGMT_OP_USER_PASSKEY_REPLY,
3569 HCI_OP_USER_PASSKEY_REPLY, cp->passkey);
3572 static int user_passkey_neg_reply(struct sock *sk, struct hci_dev *hdev,
3573 void *data, u16 len)
3575 struct mgmt_cp_user_passkey_neg_reply *cp = data;
3579 return user_pairing_resp(sk, hdev, &cp->addr,
3580 MGMT_OP_USER_PASSKEY_NEG_REPLY,
3581 HCI_OP_USER_PASSKEY_NEG_REPLY, 0);
3584 static void update_name(struct hci_request *req)
3586 struct hci_dev *hdev = req->hdev;
3587 struct hci_cp_write_local_name cp;
3589 memcpy(cp.name, hdev->dev_name, sizeof(cp.name));
3591 hci_req_add(req, HCI_OP_WRITE_LOCAL_NAME, sizeof(cp), &cp);
3594 static void set_name_complete(struct hci_dev *hdev, u8 status, u16 opcode)
3596 struct mgmt_cp_set_local_name *cp;
3597 struct pending_cmd *cmd;
3599 BT_DBG("status 0x%02x", status);
3603 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
3610 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME,
3611 mgmt_status(status));
3613 cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3616 mgmt_pending_remove(cmd);
3619 hci_dev_unlock(hdev);
3622 static int set_local_name(struct sock *sk, struct hci_dev *hdev, void *data,
3625 struct mgmt_cp_set_local_name *cp = data;
3626 struct pending_cmd *cmd;
3627 struct hci_request req;
3634 /* If the old values are the same as the new ones just return a
3635 * direct command complete event.
3637 if (!memcmp(hdev->dev_name, cp->name, sizeof(hdev->dev_name)) &&
3638 !memcmp(hdev->short_name, cp->short_name,
3639 sizeof(hdev->short_name))) {
3640 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3645 memcpy(hdev->short_name, cp->short_name, sizeof(hdev->short_name));
3647 if (!hdev_is_powered(hdev)) {
3648 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
3650 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3655 err = mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, data, len,
3661 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, hdev, data, len);
3667 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
3669 hci_req_init(&req, hdev);
3671 if (lmp_bredr_capable(hdev)) {
3676 /* The name is stored in the scan response data and so
3677 * no need to udpate the advertising data here.
3679 if (lmp_le_capable(hdev))
3680 update_scan_rsp_data(&req);
3682 err = hci_req_run(&req, set_name_complete);
3684 mgmt_pending_remove(cmd);
3687 hci_dev_unlock(hdev);
3691 static int read_local_oob_data(struct sock *sk, struct hci_dev *hdev,
3692 void *data, u16 data_len)
3694 struct pending_cmd *cmd;
3697 BT_DBG("%s", hdev->name);
3701 if (!hdev_is_powered(hdev)) {
3702 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3703 MGMT_STATUS_NOT_POWERED);
3707 if (!lmp_ssp_capable(hdev)) {
3708 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3709 MGMT_STATUS_NOT_SUPPORTED);
3713 if (mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev)) {
3714 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3719 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_DATA, hdev, NULL, 0);
3725 if (bredr_sc_enabled(hdev))
3726 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_EXT_DATA,
3729 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
3732 mgmt_pending_remove(cmd);
3735 hci_dev_unlock(hdev);
3739 static int add_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
3740 void *data, u16 len)
3742 struct mgmt_addr_info *addr = data;
3745 BT_DBG("%s ", hdev->name);
3747 if (!bdaddr_type_is_valid(addr->type))
3748 return cmd_complete(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA,
3749 MGMT_STATUS_INVALID_PARAMS, addr,
3754 if (len == MGMT_ADD_REMOTE_OOB_DATA_SIZE) {
3755 struct mgmt_cp_add_remote_oob_data *cp = data;
3758 if (cp->addr.type != BDADDR_BREDR) {
3759 err = cmd_complete(sk, hdev->id,
3760 MGMT_OP_ADD_REMOTE_OOB_DATA,
3761 MGMT_STATUS_INVALID_PARAMS,
3762 &cp->addr, sizeof(cp->addr));
3766 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr,
3767 cp->addr.type, cp->hash,
3768 cp->rand, NULL, NULL);
3770 status = MGMT_STATUS_FAILED;
3772 status = MGMT_STATUS_SUCCESS;
3774 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA,
3775 status, &cp->addr, sizeof(cp->addr));
3776 } else if (len == MGMT_ADD_REMOTE_OOB_EXT_DATA_SIZE) {
3777 struct mgmt_cp_add_remote_oob_ext_data *cp = data;
3778 u8 *rand192, *hash192;
3781 if (bdaddr_type_is_le(cp->addr.type)) {
3782 /* Enforce zero-valued 192-bit parameters as
3783 * long as legacy SMP OOB isn't implemented.
3785 if (memcmp(cp->rand192, ZERO_KEY, 16) ||
3786 memcmp(cp->hash192, ZERO_KEY, 16)) {
3787 err = cmd_complete(sk, hdev->id,
3788 MGMT_OP_ADD_REMOTE_OOB_DATA,
3789 MGMT_STATUS_INVALID_PARAMS,
3790 addr, sizeof(*addr));
3797 rand192 = cp->rand192;
3798 hash192 = cp->hash192;
3801 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr,
3802 cp->addr.type, hash192, rand192,
3803 cp->hash256, cp->rand256);
3805 status = MGMT_STATUS_FAILED;
3807 status = MGMT_STATUS_SUCCESS;
3809 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA,
3810 status, &cp->addr, sizeof(cp->addr));
3812 BT_ERR("add_remote_oob_data: invalid length of %u bytes", len);
3813 err = cmd_status(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA,
3814 MGMT_STATUS_INVALID_PARAMS);
3818 hci_dev_unlock(hdev);
3822 static int remove_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
3823 void *data, u16 len)
3825 struct mgmt_cp_remove_remote_oob_data *cp = data;
3829 BT_DBG("%s", hdev->name);
3831 if (cp->addr.type != BDADDR_BREDR)
3832 return cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
3833 MGMT_STATUS_INVALID_PARAMS,
3834 &cp->addr, sizeof(cp->addr));
3838 if (!bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
3839 hci_remote_oob_data_clear(hdev);
3840 status = MGMT_STATUS_SUCCESS;
3844 err = hci_remove_remote_oob_data(hdev, &cp->addr.bdaddr, cp->addr.type);
3846 status = MGMT_STATUS_INVALID_PARAMS;
3848 status = MGMT_STATUS_SUCCESS;
3851 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
3852 status, &cp->addr, sizeof(cp->addr));
3854 hci_dev_unlock(hdev);
3858 static bool trigger_discovery(struct hci_request *req, u8 *status)
3860 struct hci_dev *hdev = req->hdev;
3861 struct hci_cp_le_set_scan_param param_cp;
3862 struct hci_cp_le_set_scan_enable enable_cp;
3863 struct hci_cp_inquiry inq_cp;
3864 /* General inquiry access code (GIAC) */
3865 u8 lap[3] = { 0x33, 0x8b, 0x9e };
3869 switch (hdev->discovery.type) {
3870 case DISCOV_TYPE_BREDR:
3871 *status = mgmt_bredr_support(hdev);
3875 if (test_bit(HCI_INQUIRY, &hdev->flags)) {
3876 *status = MGMT_STATUS_BUSY;
3880 hci_inquiry_cache_flush(hdev);
3882 memset(&inq_cp, 0, sizeof(inq_cp));
3883 memcpy(&inq_cp.lap, lap, sizeof(inq_cp.lap));
3884 inq_cp.length = DISCOV_BREDR_INQUIRY_LEN;
3885 hci_req_add(req, HCI_OP_INQUIRY, sizeof(inq_cp), &inq_cp);
3888 case DISCOV_TYPE_LE:
3889 case DISCOV_TYPE_INTERLEAVED:
3890 *status = mgmt_le_support(hdev);
3894 if (hdev->discovery.type == DISCOV_TYPE_INTERLEAVED &&
3895 !test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
3896 *status = MGMT_STATUS_NOT_SUPPORTED;
3900 if (test_bit(HCI_LE_ADV, &hdev->dev_flags)) {
3901 /* Don't let discovery abort an outgoing
3902 * connection attempt that's using directed
3905 if (hci_conn_hash_lookup_state(hdev, LE_LINK,
3907 *status = MGMT_STATUS_REJECTED;
3911 disable_advertising(req);
3914 /* If controller is scanning, it means the background scanning
3915 * is running. Thus, we should temporarily stop it in order to
3916 * set the discovery scanning parameters.
3918 if (test_bit(HCI_LE_SCAN, &hdev->dev_flags))
3919 hci_req_add_le_scan_disable(req);
3921 memset(¶m_cp, 0, sizeof(param_cp));
3923 /* All active scans will be done with either a resolvable
3924 * private address (when privacy feature has been enabled)
3925 * or non-resolvable private address.
3927 err = hci_update_random_address(req, true, &own_addr_type);
3929 *status = MGMT_STATUS_FAILED;
3933 param_cp.type = LE_SCAN_ACTIVE;
3934 param_cp.interval = cpu_to_le16(DISCOV_LE_SCAN_INT);
3935 param_cp.window = cpu_to_le16(DISCOV_LE_SCAN_WIN);
3936 param_cp.own_address_type = own_addr_type;
3937 hci_req_add(req, HCI_OP_LE_SET_SCAN_PARAM, sizeof(param_cp),
3940 memset(&enable_cp, 0, sizeof(enable_cp));
3941 enable_cp.enable = LE_SCAN_ENABLE;
3942 enable_cp.filter_dup = LE_SCAN_FILTER_DUP_ENABLE;
3943 hci_req_add(req, HCI_OP_LE_SET_SCAN_ENABLE, sizeof(enable_cp),
3948 *status = MGMT_STATUS_INVALID_PARAMS;
3955 static void start_discovery_complete(struct hci_dev *hdev, u8 status,
3958 struct pending_cmd *cmd;
3959 unsigned long timeout;
3961 BT_DBG("status %d", status);
3965 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
3967 cmd = mgmt_pending_find(MGMT_OP_START_SERVICE_DISCOVERY, hdev);
3970 cmd->cmd_complete(cmd, mgmt_status(status));
3971 mgmt_pending_remove(cmd);
3975 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3979 hci_discovery_set_state(hdev, DISCOVERY_FINDING);
3981 switch (hdev->discovery.type) {
3982 case DISCOV_TYPE_LE:
3983 timeout = msecs_to_jiffies(DISCOV_LE_TIMEOUT);
3985 case DISCOV_TYPE_INTERLEAVED:
3986 timeout = msecs_to_jiffies(hdev->discov_interleaved_timeout);
3988 case DISCOV_TYPE_BREDR:
3992 BT_ERR("Invalid discovery type %d", hdev->discovery.type);
3998 queue_delayed_work(hdev->workqueue,
3999 &hdev->le_scan_disable, timeout);
4002 hci_dev_unlock(hdev);
4005 static int start_discovery(struct sock *sk, struct hci_dev *hdev,
4006 void *data, u16 len)
4008 struct mgmt_cp_start_discovery *cp = data;
4009 struct pending_cmd *cmd;
4010 struct hci_request req;
4014 BT_DBG("%s", hdev->name);
4018 if (!hdev_is_powered(hdev)) {
4019 err = cmd_complete(sk, hdev->id, MGMT_OP_START_DISCOVERY,
4020 MGMT_STATUS_NOT_POWERED,
4021 &cp->type, sizeof(cp->type));
4025 if (hdev->discovery.state != DISCOVERY_STOPPED ||
4026 test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags)) {
4027 err = cmd_complete(sk, hdev->id, MGMT_OP_START_DISCOVERY,
4028 MGMT_STATUS_BUSY, &cp->type,
4033 cmd = mgmt_pending_add(sk, MGMT_OP_START_DISCOVERY, hdev, data, len);
4039 cmd->cmd_complete = generic_cmd_complete;
4041 /* Clear the discovery filter first to free any previously
4042 * allocated memory for the UUID list.
4044 hci_discovery_filter_clear(hdev);
4046 hdev->discovery.type = cp->type;
4047 hdev->discovery.report_invalid_rssi = false;
4049 hci_req_init(&req, hdev);
4051 if (!trigger_discovery(&req, &status)) {
4052 err = cmd_complete(sk, hdev->id, MGMT_OP_START_DISCOVERY,
4053 status, &cp->type, sizeof(cp->type));
4054 mgmt_pending_remove(cmd);
4058 err = hci_req_run(&req, start_discovery_complete);
4060 mgmt_pending_remove(cmd);
4064 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
4067 hci_dev_unlock(hdev);
4071 static int service_discovery_cmd_complete(struct pending_cmd *cmd, u8 status)
4073 return cmd_complete(cmd->sk, cmd->index, cmd->opcode, status,
4077 static int start_service_discovery(struct sock *sk, struct hci_dev *hdev,
4078 void *data, u16 len)
4080 struct mgmt_cp_start_service_discovery *cp = data;
4081 struct pending_cmd *cmd;
4082 struct hci_request req;
4083 const u16 max_uuid_count = ((U16_MAX - sizeof(*cp)) / 16);
4084 u16 uuid_count, expected_len;
4088 BT_DBG("%s", hdev->name);
4092 if (!hdev_is_powered(hdev)) {
4093 err = cmd_complete(sk, hdev->id,
4094 MGMT_OP_START_SERVICE_DISCOVERY,
4095 MGMT_STATUS_NOT_POWERED,
4096 &cp->type, sizeof(cp->type));
4100 if (hdev->discovery.state != DISCOVERY_STOPPED ||
4101 test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags)) {
4102 err = cmd_complete(sk, hdev->id,
4103 MGMT_OP_START_SERVICE_DISCOVERY,
4104 MGMT_STATUS_BUSY, &cp->type,
4109 uuid_count = __le16_to_cpu(cp->uuid_count);
4110 if (uuid_count > max_uuid_count) {
4111 BT_ERR("service_discovery: too big uuid_count value %u",
4113 err = cmd_complete(sk, hdev->id,
4114 MGMT_OP_START_SERVICE_DISCOVERY,
4115 MGMT_STATUS_INVALID_PARAMS, &cp->type,
4120 expected_len = sizeof(*cp) + uuid_count * 16;
4121 if (expected_len != len) {
4122 BT_ERR("service_discovery: expected %u bytes, got %u bytes",
4124 err = cmd_complete(sk, hdev->id,
4125 MGMT_OP_START_SERVICE_DISCOVERY,
4126 MGMT_STATUS_INVALID_PARAMS, &cp->type,
4131 cmd = mgmt_pending_add(sk, MGMT_OP_START_SERVICE_DISCOVERY,
4138 cmd->cmd_complete = service_discovery_cmd_complete;
4140 /* Clear the discovery filter first to free any previously
4141 * allocated memory for the UUID list.
4143 hci_discovery_filter_clear(hdev);
4145 hdev->discovery.type = cp->type;
4146 hdev->discovery.rssi = cp->rssi;
4147 hdev->discovery.uuid_count = uuid_count;
4149 if (uuid_count > 0) {
4150 hdev->discovery.uuids = kmemdup(cp->uuids, uuid_count * 16,
4152 if (!hdev->discovery.uuids) {
4153 err = cmd_complete(sk, hdev->id,
4154 MGMT_OP_START_SERVICE_DISCOVERY,
4156 &cp->type, sizeof(cp->type));
4157 mgmt_pending_remove(cmd);
4162 hci_req_init(&req, hdev);
4164 if (!trigger_discovery(&req, &status)) {
4165 err = cmd_complete(sk, hdev->id,
4166 MGMT_OP_START_SERVICE_DISCOVERY,
4167 status, &cp->type, sizeof(cp->type));
4168 mgmt_pending_remove(cmd);
4172 err = hci_req_run(&req, start_discovery_complete);
4174 mgmt_pending_remove(cmd);
4178 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
4181 hci_dev_unlock(hdev);
4185 static void stop_discovery_complete(struct hci_dev *hdev, u8 status, u16 opcode)
4187 struct pending_cmd *cmd;
4189 BT_DBG("status %d", status);
4193 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
4195 cmd->cmd_complete(cmd, mgmt_status(status));
4196 mgmt_pending_remove(cmd);
4200 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
4202 hci_dev_unlock(hdev);
4205 static int stop_discovery(struct sock *sk, struct hci_dev *hdev, void *data,
4208 struct mgmt_cp_stop_discovery *mgmt_cp = data;
4209 struct pending_cmd *cmd;
4210 struct hci_request req;
4213 BT_DBG("%s", hdev->name);
4217 if (!hci_discovery_active(hdev)) {
4218 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
4219 MGMT_STATUS_REJECTED, &mgmt_cp->type,
4220 sizeof(mgmt_cp->type));
4224 if (hdev->discovery.type != mgmt_cp->type) {
4225 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
4226 MGMT_STATUS_INVALID_PARAMS, &mgmt_cp->type,
4227 sizeof(mgmt_cp->type));
4231 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, hdev, data, len);
4237 cmd->cmd_complete = generic_cmd_complete;
4239 hci_req_init(&req, hdev);
4241 hci_stop_discovery(&req);
4243 err = hci_req_run(&req, stop_discovery_complete);
4245 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
4249 mgmt_pending_remove(cmd);
4251 /* If no HCI commands were sent we're done */
4252 if (err == -ENODATA) {
4253 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY, 0,
4254 &mgmt_cp->type, sizeof(mgmt_cp->type));
4255 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
4259 hci_dev_unlock(hdev);
4263 static int confirm_name(struct sock *sk, struct hci_dev *hdev, void *data,
4266 struct mgmt_cp_confirm_name *cp = data;
4267 struct inquiry_entry *e;
4270 BT_DBG("%s", hdev->name);
4274 if (!hci_discovery_active(hdev)) {
4275 err = cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
4276 MGMT_STATUS_FAILED, &cp->addr,
4281 e = hci_inquiry_cache_lookup_unknown(hdev, &cp->addr.bdaddr);
4283 err = cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
4284 MGMT_STATUS_INVALID_PARAMS, &cp->addr,
4289 if (cp->name_known) {
4290 e->name_state = NAME_KNOWN;
4293 e->name_state = NAME_NEEDED;
4294 hci_inquiry_cache_update_resolve(hdev, e);
4297 err = cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME, 0, &cp->addr,
4301 hci_dev_unlock(hdev);
4305 static int block_device(struct sock *sk, struct hci_dev *hdev, void *data,
4308 struct mgmt_cp_block_device *cp = data;
4312 BT_DBG("%s", hdev->name);
4314 if (!bdaddr_type_is_valid(cp->addr.type))
4315 return cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE,
4316 MGMT_STATUS_INVALID_PARAMS,
4317 &cp->addr, sizeof(cp->addr));
4321 err = hci_bdaddr_list_add(&hdev->blacklist, &cp->addr.bdaddr,
4324 status = MGMT_STATUS_FAILED;
4328 mgmt_event(MGMT_EV_DEVICE_BLOCKED, hdev, &cp->addr, sizeof(cp->addr),
4330 status = MGMT_STATUS_SUCCESS;
4333 err = cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE, status,
4334 &cp->addr, sizeof(cp->addr));
4336 hci_dev_unlock(hdev);
4341 static int unblock_device(struct sock *sk, struct hci_dev *hdev, void *data,
4344 struct mgmt_cp_unblock_device *cp = data;
4348 BT_DBG("%s", hdev->name);
4350 if (!bdaddr_type_is_valid(cp->addr.type))
4351 return cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE,
4352 MGMT_STATUS_INVALID_PARAMS,
4353 &cp->addr, sizeof(cp->addr));
4357 err = hci_bdaddr_list_del(&hdev->blacklist, &cp->addr.bdaddr,
4360 status = MGMT_STATUS_INVALID_PARAMS;
4364 mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, hdev, &cp->addr, sizeof(cp->addr),
4366 status = MGMT_STATUS_SUCCESS;
4369 err = cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE, status,
4370 &cp->addr, sizeof(cp->addr));
4372 hci_dev_unlock(hdev);
4377 static int set_device_id(struct sock *sk, struct hci_dev *hdev, void *data,
4380 struct mgmt_cp_set_device_id *cp = data;
4381 struct hci_request req;
4385 BT_DBG("%s", hdev->name);
4387 source = __le16_to_cpu(cp->source);
4389 if (source > 0x0002)
4390 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEVICE_ID,
4391 MGMT_STATUS_INVALID_PARAMS);
4395 hdev->devid_source = source;
4396 hdev->devid_vendor = __le16_to_cpu(cp->vendor);
4397 hdev->devid_product = __le16_to_cpu(cp->product);
4398 hdev->devid_version = __le16_to_cpu(cp->version);
4400 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEVICE_ID, 0, NULL, 0);
4402 hci_req_init(&req, hdev);
4404 hci_req_run(&req, NULL);
4406 hci_dev_unlock(hdev);
4411 static void set_advertising_complete(struct hci_dev *hdev, u8 status,
4414 struct cmd_lookup match = { NULL, hdev };
4419 u8 mgmt_err = mgmt_status(status);
4421 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev,
4422 cmd_status_rsp, &mgmt_err);
4426 if (test_bit(HCI_LE_ADV, &hdev->dev_flags))
4427 set_bit(HCI_ADVERTISING, &hdev->dev_flags);
4429 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
4431 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev, settings_rsp,
4434 new_settings(hdev, match.sk);
4440 hci_dev_unlock(hdev);
4443 static int set_advertising(struct sock *sk, struct hci_dev *hdev, void *data,
4446 struct mgmt_mode *cp = data;
4447 struct pending_cmd *cmd;
4448 struct hci_request req;
4449 u8 val, enabled, status;
4452 BT_DBG("request for %s", hdev->name);
4454 status = mgmt_le_support(hdev);
4456 return cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
4459 if (cp->val != 0x00 && cp->val != 0x01)
4460 return cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
4461 MGMT_STATUS_INVALID_PARAMS);
4466 enabled = test_bit(HCI_ADVERTISING, &hdev->dev_flags);
4468 /* The following conditions are ones which mean that we should
4469 * not do any HCI communication but directly send a mgmt
4470 * response to user space (after toggling the flag if
4473 if (!hdev_is_powered(hdev) || val == enabled ||
4474 hci_conn_num(hdev, LE_LINK) > 0 ||
4475 (test_bit(HCI_LE_SCAN, &hdev->dev_flags) &&
4476 hdev->le_scan_type == LE_SCAN_ACTIVE)) {
4477 bool changed = false;
4479 if (val != test_bit(HCI_ADVERTISING, &hdev->dev_flags)) {
4480 change_bit(HCI_ADVERTISING, &hdev->dev_flags);
4484 err = send_settings_rsp(sk, MGMT_OP_SET_ADVERTISING, hdev);
4489 err = new_settings(hdev, sk);
4494 if (mgmt_pending_find(MGMT_OP_SET_ADVERTISING, hdev) ||
4495 mgmt_pending_find(MGMT_OP_SET_LE, hdev)) {
4496 err = cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
4501 cmd = mgmt_pending_add(sk, MGMT_OP_SET_ADVERTISING, hdev, data, len);
4507 hci_req_init(&req, hdev);
4510 enable_advertising(&req);
4512 disable_advertising(&req);
4514 err = hci_req_run(&req, set_advertising_complete);
4516 mgmt_pending_remove(cmd);
4519 hci_dev_unlock(hdev);
4523 static int set_static_address(struct sock *sk, struct hci_dev *hdev,
4524 void *data, u16 len)
4526 struct mgmt_cp_set_static_address *cp = data;
4529 BT_DBG("%s", hdev->name);
4531 if (!lmp_le_capable(hdev))
4532 return cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
4533 MGMT_STATUS_NOT_SUPPORTED);
4535 if (hdev_is_powered(hdev))
4536 return cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
4537 MGMT_STATUS_REJECTED);
4539 if (bacmp(&cp->bdaddr, BDADDR_ANY)) {
4540 if (!bacmp(&cp->bdaddr, BDADDR_NONE))
4541 return cmd_status(sk, hdev->id,
4542 MGMT_OP_SET_STATIC_ADDRESS,
4543 MGMT_STATUS_INVALID_PARAMS);
4545 /* Two most significant bits shall be set */
4546 if ((cp->bdaddr.b[5] & 0xc0) != 0xc0)
4547 return cmd_status(sk, hdev->id,
4548 MGMT_OP_SET_STATIC_ADDRESS,
4549 MGMT_STATUS_INVALID_PARAMS);
4554 bacpy(&hdev->static_addr, &cp->bdaddr);
4556 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS, 0, NULL, 0);
4558 hci_dev_unlock(hdev);
4563 static int set_scan_params(struct sock *sk, struct hci_dev *hdev,
4564 void *data, u16 len)
4566 struct mgmt_cp_set_scan_params *cp = data;
4567 __u16 interval, window;
4570 BT_DBG("%s", hdev->name);
4572 if (!lmp_le_capable(hdev))
4573 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4574 MGMT_STATUS_NOT_SUPPORTED);
4576 interval = __le16_to_cpu(cp->interval);
4578 if (interval < 0x0004 || interval > 0x4000)
4579 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4580 MGMT_STATUS_INVALID_PARAMS);
4582 window = __le16_to_cpu(cp->window);
4584 if (window < 0x0004 || window > 0x4000)
4585 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4586 MGMT_STATUS_INVALID_PARAMS);
4588 if (window > interval)
4589 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4590 MGMT_STATUS_INVALID_PARAMS);
4594 hdev->le_scan_interval = interval;
4595 hdev->le_scan_window = window;
4597 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS, 0, NULL, 0);
4599 /* If background scan is running, restart it so new parameters are
4602 if (test_bit(HCI_LE_SCAN, &hdev->dev_flags) &&
4603 hdev->discovery.state == DISCOVERY_STOPPED) {
4604 struct hci_request req;
4606 hci_req_init(&req, hdev);
4608 hci_req_add_le_scan_disable(&req);
4609 hci_req_add_le_passive_scan(&req);
4611 hci_req_run(&req, NULL);
4614 hci_dev_unlock(hdev);
4619 #ifdef CONFIG_TIZEN_WIP
4620 static int le_set_scan_params(struct sock *sk, struct hci_dev *hdev,
4621 void *data, u16 len)
4623 struct mgmt_cp_le_set_scan_params *cp = data;
4624 __u16 interval, window;
4627 BT_DBG("%s", hdev->name);
4629 if (!lmp_le_capable(hdev))
4630 return cmd_status(sk, hdev->id, MGMT_OP_LE_SET_SCAN_PARAMS,
4631 MGMT_STATUS_NOT_SUPPORTED);
4633 interval = __le16_to_cpu(cp->interval);
4635 if (interval < 0x0004 || interval > 0x4000)
4636 return cmd_status(sk, hdev->id, MGMT_OP_LE_SET_SCAN_PARAMS,
4637 MGMT_STATUS_INVALID_PARAMS);
4639 window = __le16_to_cpu(cp->window);
4641 if (window < 0x0004 || window > 0x4000)
4642 return cmd_status(sk, hdev->id, MGMT_OP_LE_SET_SCAN_PARAMS,
4643 MGMT_STATUS_INVALID_PARAMS);
4645 if (window > interval)
4646 return cmd_status(sk, hdev->id, MGMT_OP_LE_SET_SCAN_PARAMS,
4647 MGMT_STATUS_INVALID_PARAMS);
4651 hdev->le_scan_type = cp->type;
4652 hdev->le_scan_interval = interval;
4653 hdev->le_scan_window = window;
4655 err = cmd_complete(sk, hdev->id, MGMT_OP_LE_SET_SCAN_PARAMS, 0, NULL, 0);
4657 /* If background scan is running, restart it so new parameters are
4660 if (test_bit(HCI_LE_SCAN, &hdev->dev_flags) &&
4661 hdev->discovery.state == DISCOVERY_STOPPED) {
4662 struct hci_request req;
4664 hci_req_init(&req, hdev);
4666 hci_req_add_le_scan_disable(&req);
4667 hci_req_add_le_passive_scan(&req);
4669 hci_req_run(&req, NULL);
4672 hci_dev_unlock(hdev);
4678 #ifdef CONFIG_TIZEN_WIP /* Adv White List feature */
4679 static void add_white_list_complete(struct hci_dev *hdev, u8 status, u16 opcode)
4681 struct mgmt_cp_add_dev_white_list *cp;
4682 struct pending_cmd *cmd;
4684 BT_DBG("status 0x%02x", status);
4688 cmd = mgmt_pending_find(MGMT_OP_ADD_DEV_WHITE_LIST, hdev);
4695 cmd_status(cmd->sk, hdev->id, MGMT_OP_ADD_DEV_WHITE_LIST,
4696 mgmt_status(status));
4698 cmd_complete(cmd->sk, hdev->id, MGMT_OP_ADD_DEV_WHITE_LIST, 0,
4701 mgmt_pending_remove(cmd);
4704 hci_dev_unlock(hdev);
4707 static int add_white_list(struct sock *sk, struct hci_dev *hdev,
4708 void *data, u16 len)
4710 struct pending_cmd *cmd;
4711 struct mgmt_cp_add_dev_white_list *cp = data;
4712 struct hci_request req;
4715 BT_DBG("%s", hdev->name);
4717 if (!lmp_le_capable(hdev))
4718 return cmd_status(sk, hdev->id, MGMT_OP_ADD_DEV_WHITE_LIST,
4719 MGMT_STATUS_NOT_SUPPORTED);
4721 if (!hdev_is_powered(hdev))
4722 return cmd_status(sk, hdev->id, MGMT_OP_ADD_DEV_WHITE_LIST,
4723 MGMT_STATUS_REJECTED);
4727 if (mgmt_pending_find(MGMT_OP_ADD_DEV_WHITE_LIST, hdev)) {
4728 err = cmd_status(sk, hdev->id, MGMT_OP_ADD_DEV_WHITE_LIST,
4733 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_DEV_WHITE_LIST, hdev, data, len);
4739 hci_req_init(&req, hdev);
4741 hci_req_add(&req, HCI_OP_LE_ADD_DEV_WHITE_LIST, sizeof(*cp), cp);
4743 err = hci_req_run(&req, add_white_list_complete);
4745 mgmt_pending_remove(cmd);
4750 hci_dev_unlock(hdev);
4755 static void remove_from_white_list_complete(struct hci_dev *hdev, u8 status, u16 opcode)
4757 struct mgmt_cp_remove_dev_from_white_list *cp;
4758 struct pending_cmd *cmd;
4760 BT_DBG("status 0x%02x", status);
4764 cmd = mgmt_pending_find(MGMT_OP_REMOVE_DEV_FROM_WHITE_LIST, hdev);
4771 cmd_status(cmd->sk, hdev->id, MGMT_OP_REMOVE_DEV_FROM_WHITE_LIST,
4772 mgmt_status(status));
4774 cmd_complete(cmd->sk, hdev->id, MGMT_OP_REMOVE_DEV_FROM_WHITE_LIST, 0,
4777 mgmt_pending_remove(cmd);
4780 hci_dev_unlock(hdev);
4783 static int remove_from_white_list(struct sock *sk, struct hci_dev *hdev,
4784 void *data, u16 len)
4786 struct pending_cmd *cmd;
4787 struct mgmt_cp_remove_dev_from_white_list *cp = data;
4788 struct hci_request req;
4791 BT_DBG("%s", hdev->name);
4793 if (!lmp_le_capable(hdev))
4794 return cmd_status(sk, hdev->id, MGMT_OP_REMOVE_DEV_FROM_WHITE_LIST,
4795 MGMT_STATUS_NOT_SUPPORTED);
4797 if (!hdev_is_powered(hdev))
4798 return cmd_status(sk, hdev->id, MGMT_OP_REMOVE_DEV_FROM_WHITE_LIST,
4799 MGMT_STATUS_REJECTED);
4803 if (mgmt_pending_find(MGMT_OP_REMOVE_DEV_FROM_WHITE_LIST, hdev)) {
4804 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_DEV_FROM_WHITE_LIST,
4809 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_DEV_FROM_WHITE_LIST, hdev, data, len);
4815 hci_req_init(&req, hdev);
4817 hci_req_add(&req, HCI_OP_LE_REMOVE_FROM_DEV_WHITE_LIST, sizeof(*cp), cp);
4819 err = hci_req_run(&req, remove_from_white_list_complete);
4821 mgmt_pending_remove(cmd);
4826 hci_dev_unlock(hdev);
4831 static void clear_white_list_complete(struct hci_dev *hdev, u8 status, u16 opcode)
4833 struct pending_cmd *cmd;
4835 BT_DBG("status 0x%02x", status);
4839 cmd = mgmt_pending_find(MGMT_OP_CLEAR_DEV_WHITE_LIST, hdev);
4844 cmd_status(cmd->sk, hdev->id, MGMT_OP_CLEAR_DEV_WHITE_LIST,
4845 mgmt_status(status));
4847 cmd_complete(cmd->sk, hdev->id, MGMT_OP_CLEAR_DEV_WHITE_LIST, 0,
4850 mgmt_pending_remove(cmd);
4853 hci_dev_unlock(hdev);
4856 static int clear_white_list(struct sock *sk, struct hci_dev *hdev,
4857 void *data, u16 len)
4859 struct pending_cmd *cmd;
4860 struct hci_request req;
4863 BT_DBG("%s", hdev->name);
4865 if (!lmp_le_capable(hdev))
4866 return cmd_status(sk, hdev->id, MGMT_OP_CLEAR_DEV_WHITE_LIST,
4867 MGMT_STATUS_NOT_SUPPORTED);
4869 if (!hdev_is_powered(hdev))
4870 return cmd_status(sk, hdev->id, MGMT_OP_CLEAR_DEV_WHITE_LIST,
4871 MGMT_STATUS_REJECTED);
4875 if (mgmt_pending_find(MGMT_OP_CLEAR_DEV_WHITE_LIST, hdev)) {
4876 err = cmd_status(sk, hdev->id, MGMT_OP_CLEAR_DEV_WHITE_LIST,
4881 cmd = mgmt_pending_add(sk, MGMT_OP_CLEAR_DEV_WHITE_LIST, hdev, NULL, 0);
4887 hci_req_init(&req, hdev);
4889 hci_req_add(&req, HCI_OP_LE_CLEAR_DEV_WHITE_LIST, 0, NULL);
4891 err = hci_req_run(&req, clear_white_list_complete);
4893 mgmt_pending_remove(cmd);
4898 hci_dev_unlock(hdev);
4903 static int mgmt_start_le_discovery_failed(struct hci_dev *hdev, u8 status)
4905 struct pending_cmd *cmd;
4909 hci_le_discovery_set_state(hdev, DISCOVERY_STOPPED);
4911 cmd = mgmt_pending_find(MGMT_OP_START_LE_DISCOVERY, hdev);
4915 type = hdev->le_discovery.type;
4917 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
4918 &type, sizeof(type));
4919 mgmt_pending_remove(cmd);
4924 static void start_le_discovery_complete(struct hci_dev *hdev, u8 status, u16 opcode)
4926 unsigned long timeout = 0;
4928 BT_DBG("status %d", status);
4932 mgmt_start_le_discovery_failed(hdev, status);
4933 hci_dev_unlock(hdev);
4938 hci_le_discovery_set_state(hdev, DISCOVERY_FINDING);
4939 hci_dev_unlock(hdev);
4941 switch (hdev->le_discovery.type) {
4942 case DISCOV_TYPE_LE:
4943 /* BEGIN TIZEN_Bluetooth :: Keep going on LE Scan */
4945 timeout = msecs_to_jiffies(DISCOV_LE_TIMEOUT);
4947 /* END TIZEN_Bluetooth */
4951 BT_ERR("Invalid discovery type %d", hdev->le_discovery.type);
4957 queue_delayed_work(hdev->workqueue, &hdev->le_scan_disable, timeout);
4960 static int start_le_discovery(struct sock *sk, struct hci_dev *hdev,
4961 void *data, u16 len)
4963 struct mgmt_cp_start_le_discovery *cp = data;
4964 struct pending_cmd *cmd;
4965 struct hci_cp_le_set_scan_param param_cp;
4966 struct hci_cp_le_set_scan_enable enable_cp;
4967 struct hci_request req;
4968 u8 status, own_addr_type;
4971 BT_DBG("%s", hdev->name);
4975 if (!hdev_is_powered(hdev)) {
4976 err = cmd_status(sk, hdev->id, MGMT_OP_START_LE_DISCOVERY,
4977 MGMT_STATUS_NOT_POWERED);
4981 if (hdev->le_discovery.state != DISCOVERY_STOPPED) {
4982 err = cmd_status(sk, hdev->id, MGMT_OP_START_LE_DISCOVERY,
4987 cmd = mgmt_pending_add(sk, MGMT_OP_START_LE_DISCOVERY, hdev, NULL, 0);
4993 hdev->le_discovery.type = cp->type;
4995 hci_req_init(&req, hdev);
4997 switch (hdev->le_discovery.type) {
4998 case DISCOV_TYPE_LE:
4999 status = mgmt_le_support(hdev);
5001 err = cmd_status(sk, hdev->id, MGMT_OP_START_LE_DISCOVERY,
5003 mgmt_pending_remove(cmd);
5007 /* If controller is scanning, it means the background scanning
5008 * is running. Thus, we should temporarily stop it in order to
5009 * set the discovery scanning parameters.
5011 if (test_bit(HCI_LE_SCAN, &hdev->dev_flags))
5012 hci_req_add_le_scan_disable(&req);
5014 memset(¶m_cp, 0, sizeof(param_cp));
5016 /* All active scans will be done with either a resolvable
5017 * private address (when privacy feature has been enabled)
5018 * or unresolvable private address.
5020 err = hci_update_random_address(&req, true, &own_addr_type);
5022 err = cmd_status(sk, hdev->id, MGMT_OP_START_LE_DISCOVERY,
5023 MGMT_STATUS_FAILED);
5024 mgmt_pending_remove(cmd);
5028 param_cp.type = hdev->le_scan_type;
5029 param_cp.interval = cpu_to_le16(hdev->le_scan_interval);
5030 param_cp.window = cpu_to_le16(hdev->le_scan_window);
5031 param_cp.own_address_type = own_addr_type;
5032 hci_req_add(&req, HCI_OP_LE_SET_SCAN_PARAM, sizeof(param_cp),
5035 memset(&enable_cp, 0, sizeof(enable_cp));
5036 enable_cp.enable = LE_SCAN_ENABLE;
5037 enable_cp.filter_dup = LE_SCAN_FILTER_DUP_DISABLE;
5039 hci_req_add(&req, HCI_OP_LE_SET_SCAN_ENABLE, sizeof(enable_cp),
5044 err = cmd_status(sk, hdev->id, MGMT_OP_START_LE_DISCOVERY,
5045 MGMT_STATUS_INVALID_PARAMS);
5046 mgmt_pending_remove(cmd);
5050 err = hci_req_run(&req, start_le_discovery_complete);
5052 mgmt_pending_remove(cmd);
5054 hci_le_discovery_set_state(hdev, DISCOVERY_STARTING);
5057 hci_dev_unlock(hdev);
5061 static int mgmt_stop_le_discovery_failed(struct hci_dev *hdev, u8 status)
5063 struct pending_cmd *cmd;
5066 cmd = mgmt_pending_find(MGMT_OP_STOP_LE_DISCOVERY, hdev);
5070 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
5071 &hdev->le_discovery.type, sizeof(hdev->le_discovery.type));
5072 mgmt_pending_remove(cmd);
5077 static void stop_le_discovery_complete(struct hci_dev *hdev, u8 status, u16 opcode)
5079 BT_DBG("status %d", status);
5084 mgmt_stop_le_discovery_failed(hdev, status);
5088 hci_le_discovery_set_state(hdev, DISCOVERY_STOPPED);
5091 hci_dev_unlock(hdev);
5094 static int stop_le_discovery(struct sock *sk, struct hci_dev *hdev, void *data,
5097 struct mgmt_cp_stop_le_discovery *mgmt_cp = data;
5098 struct pending_cmd *cmd;
5099 struct hci_request req;
5102 BT_DBG("%s", hdev->name);
5106 if (!hci_le_discovery_active(hdev)) {
5107 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_LE_DISCOVERY,
5108 MGMT_STATUS_REJECTED, &mgmt_cp->type,
5109 sizeof(mgmt_cp->type));
5113 if (hdev->le_discovery.type != mgmt_cp->type) {
5114 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_LE_DISCOVERY,
5115 MGMT_STATUS_INVALID_PARAMS, &mgmt_cp->type,
5116 sizeof(mgmt_cp->type));
5120 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_LE_DISCOVERY, hdev, NULL, 0);
5126 hci_req_init(&req, hdev);
5128 switch (hdev->le_discovery.state) {
5129 case DISCOVERY_FINDING:
5130 cancel_delayed_work(&hdev->le_scan_disable);
5131 hci_req_add_le_scan_disable(&req);
5135 BT_DBG("unknown le discovery state %u", hdev->le_discovery.state);
5137 mgmt_pending_remove(cmd);
5138 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_LE_DISCOVERY,
5139 MGMT_STATUS_FAILED, &mgmt_cp->type,
5140 sizeof(mgmt_cp->type));
5144 err = hci_req_run(&req, stop_le_discovery_complete);
5146 mgmt_pending_remove(cmd);
5148 hci_le_discovery_set_state(hdev, DISCOVERY_STOPPING);
5151 hci_dev_unlock(hdev);
5155 /* BEGIN TIZEN_Bluetooth :: LE auto connect */
5156 static int disable_le_auto_connect(struct sock *sk, struct hci_dev *hdev,
5157 void *data, u16 len)
5161 BT_DBG("%s", hdev->name);
5165 err = hci_send_cmd(hdev, HCI_OP_LE_CREATE_CONN_CANCEL, 0, NULL);
5167 BT_ERR("HCI_OP_LE_CREATE_CONN_CANCEL is failed");
5170 hci_dev_unlock(hdev);
5174 /* END TIZEN_Bluetooth */
5176 /* BEGIN TIZEN_Bluetooth :: LE connection Update */
5177 static int le_conn_update(struct sock *sk, struct hci_dev *hdev, void *data,
5180 struct mgmt_cp_le_conn_update *cp = data;
5182 struct hci_conn *conn;
5183 u16 min, max, latency, supervision_timeout;
5186 if (!hdev_is_powered(hdev))
5187 return cmd_status(sk, hdev->id, MGMT_OP_LE_CONN_UPDATE,
5188 MGMT_STATUS_NOT_POWERED);
5190 min = __le16_to_cpu(cp->conn_interval_min);
5191 max = __le16_to_cpu(cp->conn_interval_max);
5192 latency = __le16_to_cpu(cp->conn_latency);
5193 supervision_timeout = __le16_to_cpu(cp->supervision_timeout);
5195 BT_DBG("min 0x%4.4x max 0x%4.4x latency: 0x%4.4x supervision_timeout: 0x%4.4x",
5196 min, max, latency, supervision_timeout);
5198 err = check_le_conn_update_param(min, max, latency, supervision_timeout);
5201 err = cmd_status(sk, hdev->id, MGMT_OP_LE_CONN_UPDATE,
5202 MGMT_STATUS_INVALID_PARAMS);
5208 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->bdaddr);
5211 cmd_status(sk, hdev->id, MGMT_OP_LE_CONN_UPDATE,
5212 MGMT_STATUS_NOT_CONNECTED);
5216 hci_le_conn_update(conn, min, max, latency, supervision_timeout);
5218 err = cmd_complete(sk, hdev->id, MGMT_OP_LE_CONN_UPDATE, 0,
5221 hci_dev_unlock(hdev);
5224 /* END TIZEN_Bluetooth */
5227 static void fast_connectable_complete(struct hci_dev *hdev, u8 status, u16 opcode)
5229 struct pending_cmd *cmd;
5231 BT_DBG("status 0x%02x", status);
5235 cmd = mgmt_pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev);
5240 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
5241 mgmt_status(status));
5243 struct mgmt_mode *cp = cmd->param;
5246 set_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
5248 clear_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
5250 send_settings_rsp(cmd->sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev);
5251 new_settings(hdev, cmd->sk);
5254 mgmt_pending_remove(cmd);
5257 hci_dev_unlock(hdev);
5260 static int set_fast_connectable(struct sock *sk, struct hci_dev *hdev,
5261 void *data, u16 len)
5263 struct mgmt_mode *cp = data;
5264 struct pending_cmd *cmd;
5265 struct hci_request req;
5268 BT_DBG("%s", hdev->name);
5270 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags) ||
5271 hdev->hci_ver < BLUETOOTH_VER_1_2)
5272 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
5273 MGMT_STATUS_NOT_SUPPORTED);
5275 if (cp->val != 0x00 && cp->val != 0x01)
5276 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
5277 MGMT_STATUS_INVALID_PARAMS);
5279 if (!hdev_is_powered(hdev))
5280 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
5281 MGMT_STATUS_NOT_POWERED);
5283 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
5284 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
5285 MGMT_STATUS_REJECTED);
5289 if (mgmt_pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev)) {
5290 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
5295 if (!!cp->val == test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags)) {
5296 err = send_settings_rsp(sk, MGMT_OP_SET_FAST_CONNECTABLE,
5301 cmd = mgmt_pending_add(sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev,
5308 hci_req_init(&req, hdev);
5310 write_fast_connectable(&req, cp->val);
5312 err = hci_req_run(&req, fast_connectable_complete);
5314 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
5315 MGMT_STATUS_FAILED);
5316 mgmt_pending_remove(cmd);
5320 hci_dev_unlock(hdev);
5325 static void set_bredr_complete(struct hci_dev *hdev, u8 status, u16 opcode)
5327 struct pending_cmd *cmd;
5329 BT_DBG("status 0x%02x", status);
5333 cmd = mgmt_pending_find(MGMT_OP_SET_BREDR, hdev);
5338 u8 mgmt_err = mgmt_status(status);
5340 /* We need to restore the flag if related HCI commands
5343 clear_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
5345 cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
5347 send_settings_rsp(cmd->sk, MGMT_OP_SET_BREDR, hdev);
5348 new_settings(hdev, cmd->sk);
5351 mgmt_pending_remove(cmd);
5354 hci_dev_unlock(hdev);
5357 static int set_bredr(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
5359 struct mgmt_mode *cp = data;
5360 struct pending_cmd *cmd;
5361 struct hci_request req;
5364 BT_DBG("request for %s", hdev->name);
5366 if (!lmp_bredr_capable(hdev) || !lmp_le_capable(hdev))
5367 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
5368 MGMT_STATUS_NOT_SUPPORTED);
5370 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
5371 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
5372 MGMT_STATUS_REJECTED);
5374 if (cp->val != 0x00 && cp->val != 0x01)
5375 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
5376 MGMT_STATUS_INVALID_PARAMS);
5380 if (cp->val == test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
5381 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
5385 if (!hdev_is_powered(hdev)) {
5387 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
5388 clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
5389 clear_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
5390 clear_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
5391 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
5394 change_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
5396 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
5400 err = new_settings(hdev, sk);
5404 /* Reject disabling when powered on */
5406 err = cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
5407 MGMT_STATUS_REJECTED);
5410 /* When configuring a dual-mode controller to operate
5411 * with LE only and using a static address, then switching
5412 * BR/EDR back on is not allowed.
5414 * Dual-mode controllers shall operate with the public
5415 * address as its identity address for BR/EDR and LE. So
5416 * reject the attempt to create an invalid configuration.
5418 * The same restrictions applies when secure connections
5419 * has been enabled. For BR/EDR this is a controller feature
5420 * while for LE it is a host stack feature. This means that
5421 * switching BR/EDR back on when secure connections has been
5422 * enabled is not a supported transaction.
5424 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags) &&
5425 (bacmp(&hdev->static_addr, BDADDR_ANY) ||
5426 test_bit(HCI_SC_ENABLED, &hdev->dev_flags))) {
5427 err = cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
5428 MGMT_STATUS_REJECTED);
5433 if (mgmt_pending_find(MGMT_OP_SET_BREDR, hdev)) {
5434 err = cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
5439 cmd = mgmt_pending_add(sk, MGMT_OP_SET_BREDR, hdev, data, len);
5445 /* We need to flip the bit already here so that update_adv_data
5446 * generates the correct flags.
5448 set_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
5450 hci_req_init(&req, hdev);
5452 write_fast_connectable(&req, false);
5453 __hci_update_page_scan(&req);
5455 /* Since only the advertising data flags will change, there
5456 * is no need to update the scan response data.
5458 update_adv_data(&req);
5460 err = hci_req_run(&req, set_bredr_complete);
5462 mgmt_pending_remove(cmd);
5465 hci_dev_unlock(hdev);
5469 static void sc_enable_complete(struct hci_dev *hdev, u8 status, u16 opcode)
5471 struct pending_cmd *cmd;
5472 struct mgmt_mode *cp;
5474 BT_DBG("%s status %u", hdev->name, status);
5478 cmd = mgmt_pending_find(MGMT_OP_SET_SECURE_CONN, hdev);
5483 cmd_status(cmd->sk, cmd->index, cmd->opcode,
5484 mgmt_status(status));
5492 clear_bit(HCI_SC_ENABLED, &hdev->dev_flags);
5493 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
5496 set_bit(HCI_SC_ENABLED, &hdev->dev_flags);
5497 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
5500 set_bit(HCI_SC_ENABLED, &hdev->dev_flags);
5501 set_bit(HCI_SC_ONLY, &hdev->dev_flags);
5505 send_settings_rsp(cmd->sk, MGMT_OP_SET_SECURE_CONN, hdev);
5506 new_settings(hdev, cmd->sk);
5509 mgmt_pending_remove(cmd);
5511 hci_dev_unlock(hdev);
5514 static int set_secure_conn(struct sock *sk, struct hci_dev *hdev,
5515 void *data, u16 len)
5517 struct mgmt_mode *cp = data;
5518 struct pending_cmd *cmd;
5519 struct hci_request req;
5523 BT_DBG("request for %s", hdev->name);
5525 if (!lmp_sc_capable(hdev) &&
5526 !test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
5527 return cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
5528 MGMT_STATUS_NOT_SUPPORTED);
5530 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags) &&
5531 !test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
5532 return cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
5533 MGMT_STATUS_REJECTED);
5535 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
5536 return cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
5537 MGMT_STATUS_INVALID_PARAMS);
5541 if (!hdev_is_powered(hdev) || !lmp_sc_capable(hdev) ||
5542 !test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
5546 changed = !test_and_set_bit(HCI_SC_ENABLED,
5548 if (cp->val == 0x02)
5549 set_bit(HCI_SC_ONLY, &hdev->dev_flags);
5551 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
5553 changed = test_and_clear_bit(HCI_SC_ENABLED,
5555 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
5558 err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev);
5563 err = new_settings(hdev, sk);
5568 if (mgmt_pending_find(MGMT_OP_SET_SECURE_CONN, hdev)) {
5569 err = cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
5576 if (val == test_bit(HCI_SC_ENABLED, &hdev->dev_flags) &&
5577 (cp->val == 0x02) == test_bit(HCI_SC_ONLY, &hdev->dev_flags)) {
5578 err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev);
5582 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SECURE_CONN, hdev, data, len);
5588 hci_req_init(&req, hdev);
5589 hci_req_add(&req, HCI_OP_WRITE_SC_SUPPORT, 1, &val);
5590 err = hci_req_run(&req, sc_enable_complete);
5592 mgmt_pending_remove(cmd);
5597 hci_dev_unlock(hdev);
5601 static int set_debug_keys(struct sock *sk, struct hci_dev *hdev,
5602 void *data, u16 len)
5604 struct mgmt_mode *cp = data;
5605 bool changed, use_changed;
5608 BT_DBG("request for %s", hdev->name);
5610 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
5611 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEBUG_KEYS,
5612 MGMT_STATUS_INVALID_PARAMS);
5617 changed = !test_and_set_bit(HCI_KEEP_DEBUG_KEYS,
5620 changed = test_and_clear_bit(HCI_KEEP_DEBUG_KEYS,
5623 if (cp->val == 0x02)
5624 use_changed = !test_and_set_bit(HCI_USE_DEBUG_KEYS,
5627 use_changed = test_and_clear_bit(HCI_USE_DEBUG_KEYS,
5630 if (hdev_is_powered(hdev) && use_changed &&
5631 test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
5632 u8 mode = (cp->val == 0x02) ? 0x01 : 0x00;
5633 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_DEBUG_MODE,
5634 sizeof(mode), &mode);
5637 err = send_settings_rsp(sk, MGMT_OP_SET_DEBUG_KEYS, hdev);
5642 err = new_settings(hdev, sk);
5645 hci_dev_unlock(hdev);
5649 static int set_privacy(struct sock *sk, struct hci_dev *hdev, void *cp_data,
5652 struct mgmt_cp_set_privacy *cp = cp_data;
5656 BT_DBG("request for %s", hdev->name);
5658 if (!lmp_le_capable(hdev))
5659 return cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
5660 MGMT_STATUS_NOT_SUPPORTED);
5662 if (cp->privacy != 0x00 && cp->privacy != 0x01)
5663 return cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
5664 MGMT_STATUS_INVALID_PARAMS);
5666 /* Not sure why below condition is required; commenting for now,
5667 * since set privacy command is always rejected if this condition is enabled.
5669 #ifndef CONFIG_TIZEN_WIP
5670 if (hdev_is_powered(hdev))
5671 return cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
5672 MGMT_STATUS_REJECTED);
5677 /* If user space supports this command it is also expected to
5678 * handle IRKs. Therefore, set the HCI_RPA_RESOLVING flag.
5680 set_bit(HCI_RPA_RESOLVING, &hdev->dev_flags);
5683 changed = !test_and_set_bit(HCI_PRIVACY, &hdev->dev_flags);
5684 memcpy(hdev->irk, cp->irk, sizeof(hdev->irk));
5685 set_bit(HCI_RPA_EXPIRED, &hdev->dev_flags);
5687 changed = test_and_clear_bit(HCI_PRIVACY, &hdev->dev_flags);
5688 memset(hdev->irk, 0, sizeof(hdev->irk));
5689 clear_bit(HCI_RPA_EXPIRED, &hdev->dev_flags);
5692 err = send_settings_rsp(sk, MGMT_OP_SET_PRIVACY, hdev);
5697 err = new_settings(hdev, sk);
5700 hci_dev_unlock(hdev);
5704 static bool irk_is_valid(struct mgmt_irk_info *irk)
5706 switch (irk->addr.type) {
5707 case BDADDR_LE_PUBLIC:
5710 case BDADDR_LE_RANDOM:
5711 /* Two most significant bits shall be set */
5712 if ((irk->addr.bdaddr.b[5] & 0xc0) != 0xc0)
5720 static int load_irks(struct sock *sk, struct hci_dev *hdev, void *cp_data,
5723 struct mgmt_cp_load_irks *cp = cp_data;
5724 const u16 max_irk_count = ((U16_MAX - sizeof(*cp)) /
5725 sizeof(struct mgmt_irk_info));
5726 u16 irk_count, expected_len;
5729 BT_DBG("request for %s", hdev->name);
5731 if (!lmp_le_capable(hdev))
5732 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
5733 MGMT_STATUS_NOT_SUPPORTED);
5735 irk_count = __le16_to_cpu(cp->irk_count);
5736 if (irk_count > max_irk_count) {
5737 BT_ERR("load_irks: too big irk_count value %u", irk_count);
5738 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
5739 MGMT_STATUS_INVALID_PARAMS);
5742 expected_len = sizeof(*cp) + irk_count * sizeof(struct mgmt_irk_info);
5743 if (expected_len != len) {
5744 BT_ERR("load_irks: expected %u bytes, got %u bytes",
5746 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
5747 MGMT_STATUS_INVALID_PARAMS);
5750 BT_DBG("%s irk_count %u", hdev->name, irk_count);
5752 for (i = 0; i < irk_count; i++) {
5753 struct mgmt_irk_info *key = &cp->irks[i];
5755 if (!irk_is_valid(key))
5756 return cmd_status(sk, hdev->id,
5758 MGMT_STATUS_INVALID_PARAMS);
5763 hci_smp_irks_clear(hdev);
5765 for (i = 0; i < irk_count; i++) {
5766 struct mgmt_irk_info *irk = &cp->irks[i];
5769 if (irk->addr.type == BDADDR_LE_PUBLIC)
5770 addr_type = ADDR_LE_DEV_PUBLIC;
5772 addr_type = ADDR_LE_DEV_RANDOM;
5774 hci_add_irk(hdev, &irk->addr.bdaddr, addr_type, irk->val,
5778 set_bit(HCI_RPA_RESOLVING, &hdev->dev_flags);
5780 err = cmd_complete(sk, hdev->id, MGMT_OP_LOAD_IRKS, 0, NULL, 0);
5782 hci_dev_unlock(hdev);
5787 #ifdef CONFIG_TIZEN_WIP
5788 static int set_advertising_params(struct sock *sk, struct hci_dev *hdev,
5789 void *data, u16 len)
5791 struct mgmt_cp_set_advertising_params *cp = data;
5796 BT_DBG("%s", hdev->name);
5798 if (!lmp_le_capable(hdev))
5799 return cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING_PARAMS,
5800 MGMT_STATUS_NOT_SUPPORTED);
5802 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
5803 return cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING_PARAMS,
5806 min_interval = __le16_to_cpu(cp->interval_min);
5807 max_interval = __le16_to_cpu(cp->interval_max);
5809 if (min_interval > max_interval ||
5810 min_interval < 0x0020 || max_interval > 0x4000)
5811 return cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING_PARAMS,
5812 MGMT_STATUS_INVALID_PARAMS);
5816 hdev->le_adv_min_interval = min_interval;
5817 hdev->le_adv_max_interval = max_interval;
5818 hdev->adv_filter_policy = cp->filter_policy;
5819 hdev->adv_type = cp->type;
5821 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_ADVERTISING_PARAMS, 0, NULL, 0);
5823 hci_dev_unlock(hdev);
5828 static void set_advertising_data_complete(struct hci_dev *hdev, u8 status, u16 opcode)
5830 struct mgmt_cp_set_advertising_data *cp;
5831 struct pending_cmd *cmd;
5833 BT_DBG("status 0x%02x", status);
5837 cmd = mgmt_pending_find(MGMT_OP_SET_ADVERTISING_DATA, hdev);
5844 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_ADVERTISING_DATA,
5845 mgmt_status(status));
5847 cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_ADVERTISING_DATA, 0,
5850 mgmt_pending_remove(cmd);
5853 hci_dev_unlock(hdev);
5856 static int set_advertising_data(struct sock *sk, struct hci_dev *hdev,
5857 void *data, u16 len)
5859 struct pending_cmd *cmd;
5860 struct hci_request req;
5861 struct mgmt_cp_set_advertising_data *cp = data;
5862 struct hci_cp_le_set_adv_data adv;
5865 BT_DBG("%s", hdev->name);
5867 if (!lmp_le_capable(hdev)) {
5868 return cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING_DATA,
5869 MGMT_STATUS_NOT_SUPPORTED);
5874 if (mgmt_pending_find(MGMT_OP_SET_ADVERTISING_DATA, hdev)) {
5875 err = cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING_DATA,
5880 cmd = mgmt_pending_add(sk, MGMT_OP_SET_ADVERTISING_DATA,
5887 if (len > HCI_MAX_AD_LENGTH) {
5888 err = cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING_DATA,
5889 MGMT_STATUS_INVALID_PARAMS);
5893 hci_req_init(&req, hdev);
5895 memset(&adv, 0, sizeof(adv));
5896 memcpy(adv.data, cp->data, len);
5899 hci_req_add(&req, HCI_OP_LE_SET_ADV_DATA, sizeof(adv), &adv);
5901 err = hci_req_run(&req, set_advertising_data_complete);
5903 mgmt_pending_remove(cmd);
5907 hci_dev_unlock(hdev);
5912 static void set_scan_rsp_data_complete(struct hci_dev *hdev, u8 status, u16 opcode)
5914 struct mgmt_cp_set_scan_rsp_data *cp;
5915 struct pending_cmd *cmd;
5917 BT_DBG("status 0x%02x", status);
5921 cmd = mgmt_pending_find(MGMT_OP_SET_SCAN_RSP_DATA, hdev);
5928 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_SCAN_RSP_DATA,
5929 mgmt_status(status));
5931 cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_SCAN_RSP_DATA, 0,
5934 mgmt_pending_remove(cmd);
5937 hci_dev_unlock(hdev);
5940 static int set_scan_rsp_data(struct sock *sk, struct hci_dev *hdev, void *data,
5943 struct pending_cmd *cmd;
5944 struct hci_request req;
5945 struct mgmt_cp_set_scan_rsp_data *cp = data;
5946 struct hci_cp_le_set_scan_rsp_data rsp;
5949 BT_DBG("%s", hdev->name);
5951 if (!lmp_le_capable(hdev))
5952 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_RSP_DATA,
5953 MGMT_STATUS_NOT_SUPPORTED);
5957 if (mgmt_pending_find(MGMT_OP_SET_SCAN_RSP_DATA, hdev)) {
5958 err = cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_RSP_DATA,
5963 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SCAN_RSP_DATA, hdev, data, len);
5968 if (len > HCI_MAX_AD_LENGTH) {
5969 err = cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_RSP_DATA,
5970 MGMT_STATUS_INVALID_PARAMS);
5974 hci_req_init(&req, hdev);
5976 memset(&rsp, 0, sizeof(rsp));
5977 memcpy(rsp.data, cp->data, len);
5980 hci_req_add(&req, HCI_OP_LE_SET_SCAN_RSP_DATA, sizeof(rsp), &rsp);
5982 err = hci_req_run(&req, set_scan_rsp_data_complete);
5984 mgmt_pending_remove(cmd);
5988 hci_dev_unlock(hdev);
5993 static void set_manufacturer_data_complete(struct hci_dev *hdev, u8 status, u16 opcode)
5995 struct mgmt_cp_set_manufacturer_data *cp;
5996 struct pending_cmd *cmd;
5998 BT_DBG("status 0x%02x", status);
6002 cmd = mgmt_pending_find(MGMT_OP_SET_MANUFACTURER_DATA, hdev);
6009 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_MANUFACTURER_DATA,
6010 mgmt_status(status));
6012 cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_MANUFACTURER_DATA, 0,
6015 mgmt_pending_remove(cmd);
6018 hci_dev_unlock(hdev);
6021 static int set_manufacturer_data(struct sock *sk, struct hci_dev *hdev,
6022 void *data, u16 len)
6024 struct pending_cmd *cmd;
6025 struct hci_request req;
6026 struct mgmt_cp_set_manufacturer_data *cp = data;
6027 u8 old_data[HCI_MAX_EIR_LENGTH] = {0, };
6032 BT_DBG("%s", hdev->name);
6034 if (!lmp_bredr_capable(hdev)) {
6035 return cmd_status(sk, hdev->id, MGMT_OP_SET_MANUFACTURER_DATA,
6036 MGMT_STATUS_NOT_SUPPORTED);
6039 if (cp->data[0] == 0 ||
6040 cp->data[0] - 1 > sizeof(hdev->manufacturer_data)) {
6041 return cmd_status(sk, hdev->id, MGMT_OP_SET_MANUFACTURER_DATA,
6042 MGMT_STATUS_INVALID_PARAMS);
6045 if (cp->data[1] != 0xFF) {
6046 return cmd_status(sk, hdev->id, MGMT_OP_SET_MANUFACTURER_DATA,
6047 MGMT_STATUS_NOT_SUPPORTED);
6052 if (mgmt_pending_find(MGMT_OP_SET_MANUFACTURER_DATA, hdev)) {
6053 err = cmd_status(sk, hdev->id, MGMT_OP_SET_MANUFACTURER_DATA,
6058 cmd = mgmt_pending_add(sk, MGMT_OP_SET_MANUFACTURER_DATA, hdev, data, len);
6064 hci_req_init(&req, hdev);
6066 /* if new data is same as previous data then return command complete event*/
6067 if (hdev->manufacturer_len == cp->data[0] - 1 &&
6068 !memcmp(hdev->manufacturer_data, cp->data + 2, cp->data[0] - 1)) {
6069 mgmt_pending_remove(cmd);
6070 cmd_complete(sk, hdev->id, MGMT_OP_SET_MANUFACTURER_DATA, 0,
6072 hci_dev_unlock(hdev);
6076 old_len = hdev->manufacturer_len;
6078 memcpy(old_data, hdev->manufacturer_data, old_len);
6081 hdev->manufacturer_len = cp->data[0] - 1;
6082 if (hdev->manufacturer_len > 0) {
6083 memcpy(hdev->manufacturer_data, cp->data + 2, hdev->manufacturer_len);
6088 err = hci_req_run(&req, set_manufacturer_data_complete);
6090 mgmt_pending_remove(cmd);
6095 hci_dev_unlock(hdev);
6100 memset(hdev->manufacturer_data, 0x00, sizeof(hdev->manufacturer_data));
6101 hdev->manufacturer_len = old_len;
6102 if (hdev->manufacturer_len > 0) {
6103 memcpy(hdev->manufacturer_data, old_data,
6104 hdev->manufacturer_len);
6106 hci_dev_unlock(hdev);
6110 #ifdef CONFIG_TIZEN_WIP
6111 static int set_voice_setting(struct sock *sk, struct hci_dev *hdev,
6112 void *data, u16 len)
6114 struct mgmt_cp_set_voice_setting *cp = data;
6115 struct hci_conn *conn;
6116 struct hci_conn *sco_conn;
6120 BT_DBG("%s", hdev->name);
6122 if (!lmp_bredr_capable(hdev)) {
6123 return cmd_status(sk, hdev->id, MGMT_OP_SET_VOICE_SETTING,
6124 MGMT_STATUS_NOT_SUPPORTED);
6129 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
6131 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_VOICE_SETTING, 0,
6136 conn->voice_setting = cp->voice_setting;
6137 conn->sco_role = cp->sco_role;
6139 sco_conn = hci_conn_hash_lookup_sco(hdev);
6140 if (sco_conn && bacmp(&sco_conn->dst, &cp->bdaddr) != 0) {
6141 BT_ERR("There is other SCO connection.");
6145 if (conn->sco_role == MGMT_SCO_ROLE_HANDSFREE) {
6146 if (conn->voice_setting == 0x0063)
6147 sco_connect_set_wbc(hdev);
6149 sco_connect_set_nbc(hdev);
6151 if (conn->voice_setting == 0x0063)
6152 sco_connect_set_gw_wbc(hdev);
6154 sco_connect_set_gw_nbc(hdev);
6158 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_VOICE_SETTING, 0,
6162 hci_dev_unlock(hdev);
6167 static int get_adv_tx_power(struct sock *sk, struct hci_dev *hdev,
6168 void *data, u16 len)
6170 struct mgmt_rp_get_adv_tx_power *rp;
6174 BT_DBG("%s", hdev->name);
6178 rp_len = sizeof(*rp);
6179 rp = kmalloc(rp_len, GFP_KERNEL);
6185 rp->adv_tx_power= hdev->adv_tx_power;
6187 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_ADV_TX_POWER, 0, rp,
6193 hci_dev_unlock(hdev);
6198 /* BEGIN TIZEN_Bluetooth :: Apply RSSI changes */
6199 static void set_rssi_threshold_complete(struct hci_dev *hdev, u8 status, u16 opcode)
6201 BT_DBG("status 0x%02x", status);
6204 static void set_rssi_disable_complete(struct hci_dev *hdev, u8 status, u16 opcode)
6206 BT_DBG("status 0x%02x", status);
6209 int mgmt_set_rssi_threshold(struct sock *sk, struct hci_dev *hdev,
6210 void *data, u16 len)
6213 struct hci_cp_set_rssi_threshold th = { 0, };
6214 struct mgmt_cp_set_enable_rssi *cp = data;
6215 struct hci_conn *conn;
6216 struct pending_cmd *cmd;
6217 struct hci_request req;
6222 cmd = mgmt_pending_find(MGMT_OP_SET_RSSI_ENABLE, hdev);
6224 err = cmd_status(sk, hdev->id, MGMT_OP_SET_RSSI_ENABLE,
6225 MGMT_STATUS_FAILED);
6229 if (!lmp_le_capable(hdev)) {
6230 mgmt_pending_remove(cmd);
6231 return cmd_status(sk, hdev->id, MGMT_OP_SET_RSSI_ENABLE,
6232 MGMT_STATUS_NOT_SUPPORTED);
6235 if (!hdev_is_powered(hdev)) {
6236 BT_DBG("%s", hdev->name);
6237 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_RSSI_ENABLE,
6238 MGMT_STATUS_NOT_POWERED, data, len);
6239 mgmt_pending_remove(cmd);
6243 if (cp->link_type == 0x01)
6244 dest_type = LE_LINK;
6246 dest_type = ACL_LINK;
6248 /* Get LE/ACL link handle info*/
6249 conn = hci_conn_hash_lookup_ba(hdev,
6250 dest_type, &cp->bdaddr);
6253 err = cmd_complete(sk, hdev->id,
6254 MGMT_OP_SET_RSSI_ENABLE, 1, NULL, 0);
6255 mgmt_pending_remove(cmd);
6259 hci_req_init(&req, hdev);
6261 th.hci_le_ext_opcode = 0x0B;
6263 th.conn_handle = conn->handle;
6264 th.alert_mask = 0x07;
6265 th.low_th = cp->low_th;
6266 th.in_range_th = cp->in_range_th;
6267 th.high_th = cp->high_th;
6269 hci_req_add(&req, HCI_OP_ENABLE_RSSI, sizeof(th), &th);
6270 err = hci_req_run(&req, set_rssi_threshold_complete);
6273 mgmt_pending_remove(cmd);
6274 BT_ERR("Error in requesting hci_req_run");
6279 hci_dev_unlock(hdev);
6283 void mgmt_rssi_enable_success(struct sock *sk, struct hci_dev *hdev,
6284 void *data, struct hci_cc_rsp_enable_rssi *rp, int success)
6286 struct mgmt_cc_rsp_enable_rssi mgmt_rp = { 0, };
6287 struct mgmt_cp_set_enable_rssi *cp = data;
6288 struct pending_cmd *cmd;
6290 if (cp == NULL || rp == NULL)
6293 mgmt_rp.status = rp->status;
6294 mgmt_rp.le_ext_opcode = rp->le_ext_opcode;
6295 mgmt_rp.bt_address = cp->bdaddr;
6296 mgmt_rp.link_type = cp->link_type;
6298 cmd_complete(sk, hdev->id, MGMT_OP_SET_RSSI_ENABLE, MGMT_STATUS_SUCCESS,
6299 &mgmt_rp, sizeof(struct mgmt_cc_rsp_enable_rssi));
6301 mgmt_event(MGMT_EV_RSSI_ENABLED, hdev, &mgmt_rp,
6302 sizeof(struct mgmt_cc_rsp_enable_rssi), NULL);
6304 hci_conn_rssi_unset_all(hdev, mgmt_rp.link_type);
6305 hci_conn_rssi_state_set(hdev, mgmt_rp.link_type,
6306 &mgmt_rp.bt_address, true);
6310 cmd = mgmt_pending_find(MGMT_OP_SET_RSSI_ENABLE, hdev);
6312 mgmt_pending_remove(cmd);
6314 hci_dev_unlock(hdev);
6317 void mgmt_rssi_disable_success(struct sock *sk, struct hci_dev *hdev,
6318 void *data, struct hci_cc_rsp_enable_rssi *rp, int success)
6320 struct mgmt_cc_rp_disable_rssi mgmt_rp = { 0, };
6321 struct mgmt_cp_disable_rssi *cp = data;
6322 struct pending_cmd *cmd;
6324 if (cp == NULL || rp == NULL)
6327 mgmt_rp.status = rp->status;
6328 mgmt_rp.le_ext_opcode = rp->le_ext_opcode;
6329 mgmt_rp.bt_address = cp->bdaddr;
6330 mgmt_rp.link_type = cp->link_type;
6332 cmd_complete(sk, hdev->id, MGMT_OP_SET_RSSI_DISABLE, MGMT_STATUS_SUCCESS,
6333 &mgmt_rp, sizeof(struct mgmt_cc_rsp_enable_rssi));
6335 mgmt_event(MGMT_EV_RSSI_DISABLED, hdev, &mgmt_rp,
6336 sizeof(struct mgmt_cc_rsp_enable_rssi), NULL);
6338 hci_conn_rssi_state_set(hdev, mgmt_rp.link_type,
6339 &mgmt_rp.bt_address, false);
6344 cmd = mgmt_pending_find(MGMT_OP_SET_RSSI_DISABLE, hdev);
6346 mgmt_pending_remove(cmd);
6348 hci_dev_unlock(hdev);
6351 static int mgmt_set_disable_rssi(struct sock *sk, struct hci_dev *hdev,
6352 void *data, u16 len)
6354 struct pending_cmd *cmd;
6355 struct hci_request req;
6356 struct hci_cp_set_enable_rssi cp_en = { 0, };
6359 BT_DBG("Set Disable RSSI.");
6361 cp_en.hci_le_ext_opcode = 0x01;
6362 cp_en.le_enable_cs_Features = 0x00;
6363 cp_en.data[0] = 0x00;
6364 cp_en.data[1] = 0x00;
6365 cp_en.data[2] = 0x00;
6369 cmd = mgmt_pending_find(MGMT_OP_SET_RSSI_DISABLE, hdev);
6371 err = cmd_status(sk, hdev->id, MGMT_OP_SET_RSSI_DISABLE,
6372 MGMT_STATUS_FAILED);
6376 if (!lmp_le_capable(hdev)) {
6377 mgmt_pending_remove(cmd);
6378 return cmd_status(sk, hdev->id, MGMT_OP_SET_RSSI_DISABLE,
6379 MGMT_STATUS_NOT_SUPPORTED);
6382 if (!hdev_is_powered(hdev)) {
6383 BT_DBG("%s", hdev->name);
6384 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_RSSI_DISABLE,
6385 MGMT_STATUS_NOT_POWERED, data, len);
6386 mgmt_pending_remove(cmd);
6390 hci_req_init(&req, hdev);
6392 BT_DBG("Enable Len: %d [%2.2X %2.2X %2.2X %2.2X %2.2X]",
6393 sizeof(struct hci_cp_set_enable_rssi),
6394 cp_en.hci_le_ext_opcode, cp_en.le_enable_cs_Features,
6395 cp_en.data[0], cp_en.data[1], cp_en.data[2]);
6397 hci_req_add(&req, HCI_OP_ENABLE_RSSI, sizeof(cp_en), &cp_en);
6398 err = hci_req_run(&req, set_rssi_disable_complete);
6401 mgmt_pending_remove(cmd);
6402 BT_ERR("Error in requesting hci_req_run");
6407 hci_dev_unlock(hdev);
6413 void mgmt_enable_rssi_cc(struct hci_dev *hdev, void *response, u8 status)
6415 struct hci_cc_rsp_enable_rssi *rp = response;
6416 struct pending_cmd *cmd_enable = NULL;
6417 struct pending_cmd *cmd_disable = NULL;
6418 struct mgmt_cp_set_enable_rssi *cp_en;
6419 struct mgmt_cp_disable_rssi *cp_dis;
6422 cmd_enable = mgmt_pending_find(MGMT_OP_SET_RSSI_ENABLE, hdev);
6423 cmd_disable = mgmt_pending_find(MGMT_OP_SET_RSSI_DISABLE, hdev);
6424 hci_dev_unlock(hdev);
6427 BT_DBG("Enable Request");
6430 BT_DBG("Disable Request");
6433 cp_en = cmd_enable->param;
6438 switch (rp->le_ext_opcode) {
6440 BT_DBG("RSSI enabled.. Setting Threshold...");
6441 mgmt_set_rssi_threshold(cmd_enable->sk, hdev,
6442 cp_en, sizeof(*cp_en));
6446 BT_DBG("Sending RSSI enable success");
6447 mgmt_rssi_enable_success(cmd_enable->sk, hdev,
6448 cp_en, rp, rp->status);
6452 } else if (cmd_disable) {
6453 cp_dis = cmd_disable->param;
6458 switch (rp->le_ext_opcode) {
6460 BT_DBG("Sending RSSI disable success");
6461 mgmt_rssi_disable_success(cmd_disable->sk, hdev,
6462 cp_dis, rp, rp->status);
6466 /* Only unset RSSI Threshold values for the Link if
6467 RSSI is monitored for other BREDR or LE Links*/
6468 if (hci_conn_hash_lookup_rssi_count(hdev) > 1) {
6469 BT_DBG("Unset Threshold. Other links being monitored");
6470 mgmt_rssi_disable_success(cmd_disable->sk, hdev,
6471 cp_dis, rp, rp->status);
6473 BT_DBG("Unset Threshold. Disabling...");
6474 mgmt_set_disable_rssi(cmd_disable->sk, hdev,
6475 cp_dis, sizeof(*cp_dis));
6482 static void set_rssi_enable_complete(struct hci_dev *hdev, u8 status, u16 opcode)
6484 BT_DBG("status 0x%02x", status);
6487 static int set_enable_rssi(struct sock *sk, struct hci_dev *hdev,
6488 void *data, u16 len)
6490 struct pending_cmd *cmd;
6491 struct hci_request req;
6492 struct mgmt_cp_set_enable_rssi *cp = data;
6493 struct hci_cp_set_enable_rssi cp_en = { 0, };
6495 BT_DBG("Set Enable RSSI.");
6497 cp_en.hci_le_ext_opcode = 0x01;
6498 cp_en.le_enable_cs_Features = 0x04;
6499 cp_en.data[0] = 0x00;
6500 cp_en.data[1] = 0x00;
6501 cp_en.data[2] = 0x00;
6503 if (!lmp_le_capable(hdev))
6504 return cmd_status(sk, hdev->id, MGMT_OP_SET_RSSI_ENABLE,
6505 MGMT_STATUS_NOT_SUPPORTED);
6508 if (!hdev_is_powered(hdev)) {
6509 BT_DBG("%s", hdev->name);
6510 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_RSSI_ENABLE, 0,
6516 if (mgmt_pending_find(MGMT_OP_SET_RSSI_ENABLE, hdev)) {
6517 BT_DBG("%s", hdev->name);
6518 err = cmd_status(sk, hdev->id, MGMT_OP_SET_RSSI_ENABLE,
6523 cmd = mgmt_pending_add(sk, MGMT_OP_SET_RSSI_ENABLE, hdev, cp, sizeof(*cp));
6525 BT_DBG("%s", hdev->name);
6530 /* If RSSI is already enabled directly set Threshold values*/
6531 if (hci_conn_hash_lookup_rssi_count(hdev) > 0) {
6532 hci_dev_unlock(hdev);
6533 BT_DBG("RSSI Enabled. Directly set Threshold");
6534 err = mgmt_set_rssi_threshold(sk, hdev, cp, sizeof(*cp));
6538 hci_req_init(&req, hdev);
6540 BT_DBG("Enable Len: %d [%2.2X %2.2X %2.2X %2.2X %2.2X]",
6541 sizeof(struct hci_cp_set_enable_rssi),
6542 cp_en.hci_le_ext_opcode, cp_en.le_enable_cs_Features,
6543 cp_en.data[0], cp_en.data[1], cp_en.data[2]);
6545 hci_req_add(&req, HCI_OP_ENABLE_RSSI, sizeof(cp_en), &cp_en);
6546 err = hci_req_run(&req, set_rssi_enable_complete);
6549 mgmt_pending_remove(cmd);
6550 BT_ERR("Error in requesting hci_req_run");
6555 hci_dev_unlock(hdev);
6560 static void get_raw_rssi_complete(struct hci_dev *hdev, u8 status, u16 opcode)
6562 struct pending_cmd *cmd;
6564 BT_DBG("status 0x%02x", status);
6568 cmd = mgmt_pending_find(MGMT_OP_GET_RAW_RSSI, hdev);
6572 cmd_complete(cmd->sk, hdev->id, MGMT_OP_GET_RAW_RSSI, MGMT_STATUS_SUCCESS,
6575 mgmt_pending_remove(cmd);
6578 hci_dev_unlock(hdev);
6581 static int get_raw_rssi(struct sock *sk, struct hci_dev *hdev, void *data,
6584 struct pending_cmd *cmd;
6585 struct hci_request req;
6586 struct mgmt_cp_get_raw_rssi *cp = data;
6587 struct hci_cp_get_raw_rssi hci_cp;
6589 struct hci_conn *conn;
6593 BT_DBG("Get Raw RSSI.");
6594 if (!lmp_le_capable(hdev))
6595 return cmd_status(sk, hdev->id, MGMT_OP_GET_RAW_RSSI,
6596 MGMT_STATUS_NOT_SUPPORTED);
6600 if (cp->link_type == 0x01) {
6601 dest_type = LE_LINK;
6603 dest_type = ACL_LINK;
6606 /* Get LE/BREDR link handle info*/
6607 conn = hci_conn_hash_lookup_ba(hdev,
6608 dest_type, &cp->bt_address);
6610 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_RAW_RSSI, 1,
6614 hci_cp.conn_handle = conn->handle;
6616 if (!hdev_is_powered(hdev)) {
6617 BT_DBG("%s", hdev->name);
6618 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_RAW_RSSI, 0,
6624 if (mgmt_pending_find(MGMT_OP_GET_RAW_RSSI, hdev)) {
6625 BT_DBG("%s", hdev->name);
6626 err = cmd_status(sk, hdev->id, MGMT_OP_GET_RAW_RSSI,
6631 cmd = mgmt_pending_add(sk, MGMT_OP_GET_RAW_RSSI, hdev, data, len);
6633 BT_DBG("%s", hdev->name);
6638 hci_req_init(&req, hdev);
6640 BT_DBG("Connection Handle [%d]", hci_cp.conn_handle);
6641 hci_req_add(&req, HCI_OP_GET_RAW_RSSI, sizeof(hci_cp), &hci_cp);
6642 err = hci_req_run(&req, get_raw_rssi_complete);
6645 mgmt_pending_remove(cmd);
6646 BT_ERR("Error in requesting hci_req_run");
6650 hci_dev_unlock(hdev);
6655 void mgmt_raw_rssi_response(struct hci_dev *hdev,
6656 struct hci_cc_rp_get_raw_rssi *rp, int success)
6658 struct mgmt_cc_rp_get_raw_rssi mgmt_rp = { 0, };
6659 struct hci_conn *conn;
6661 mgmt_rp.status = rp->status;
6662 mgmt_rp.rssi_dbm = rp->rssi_dbm;
6664 conn = hci_conn_hash_lookup_handle(hdev, rp->conn_handle);
6668 bacpy(&mgmt_rp.bt_address, &conn->dst);
6669 if (conn->type == LE_LINK) {
6670 mgmt_rp.link_type = 0x01;
6672 mgmt_rp.link_type = 0x00;
6675 mgmt_event(MGMT_EV_RAW_RSSI, hdev, &mgmt_rp,
6676 sizeof(struct mgmt_cc_rp_get_raw_rssi), NULL);
6679 static void set_disable_threshold_complete(struct hci_dev *hdev,
6680 u8 status, u16 opcode)
6682 BT_DBG("status 0x%02x", status);
6685 /** Removes monitoring for a link*/
6686 static int set_disable_threshold(struct sock *sk, struct hci_dev *hdev,
6687 void *data, u16 len)
6690 struct hci_cp_set_rssi_threshold th = { 0, };
6691 struct mgmt_cp_disable_rssi *cp = data;
6692 struct hci_conn *conn;
6693 struct pending_cmd *cmd;
6694 struct hci_request req;
6696 BT_DBG("Set Disable RSSI.");
6698 if (!lmp_le_capable(hdev)) {
6699 return cmd_status(sk, hdev->id, MGMT_OP_SET_RSSI_DISABLE,
6700 MGMT_STATUS_NOT_SUPPORTED);
6705 /* Get LE/ACL link handle info*/
6706 if (cp->link_type == 0x01)
6707 dest_type = LE_LINK;
6709 dest_type = ACL_LINK;
6711 conn = hci_conn_hash_lookup_ba(hdev,
6712 dest_type, &cp->bdaddr);
6714 err = cmd_complete(sk, hdev->id,
6715 MGMT_OP_SET_RSSI_DISABLE, 1, NULL, 0);
6719 th.hci_le_ext_opcode = 0x0B;
6721 th.conn_handle = conn->handle;
6722 th.alert_mask = 0x00;
6724 th.in_range_th = 0x00;
6727 if (!hdev_is_powered(hdev)) {
6728 BT_DBG("%s", hdev->name);
6729 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_RSSI_DISABLE, 0,
6734 if (mgmt_pending_find(MGMT_OP_SET_RSSI_DISABLE, hdev)) {
6735 BT_DBG("%s", hdev->name);
6736 err = cmd_status(sk, hdev->id, MGMT_OP_SET_RSSI_DISABLE,
6741 cmd = mgmt_pending_add(sk, MGMT_OP_SET_RSSI_DISABLE, hdev, cp, sizeof(*cp));
6743 BT_DBG("%s", hdev->name);
6748 hci_req_init(&req, hdev);
6750 hci_req_add(&req, HCI_OP_ENABLE_RSSI, sizeof(th), &th);
6751 err = hci_req_run(&req, set_disable_threshold_complete);
6753 mgmt_pending_remove(cmd);
6754 BT_ERR("Error in requesting hci_req_run");
6759 hci_dev_unlock(hdev);
6764 void mgmt_rssi_alert_evt(struct hci_dev *hdev, struct sk_buff *skb)
6766 struct hci_ev_vendor_specific_rssi_alert *ev = (void *) skb->data;
6767 struct mgmt_ev_vendor_specific_rssi_alert mgmt_ev;
6768 struct hci_conn *conn;
6770 BT_DBG("RSSI alert [%2.2X %2.2X %2.2X]",
6771 ev->conn_handle, ev->alert_type, ev->rssi_dbm);
6773 conn = hci_conn_hash_lookup_handle(hdev, ev->conn_handle);
6776 BT_ERR("RSSI alert Error: Device not found for handle");
6779 bacpy(&mgmt_ev.bdaddr, &conn->dst);
6781 if (conn->type == LE_LINK)
6782 mgmt_ev.link_type = 0x01;
6784 mgmt_ev.link_type = 0x00;
6786 mgmt_ev.alert_type = ev->alert_type;
6787 mgmt_ev.rssi_dbm = ev->rssi_dbm;
6789 mgmt_event(MGMT_EV_RSSI_ALERT, hdev, &mgmt_ev,
6790 sizeof(struct mgmt_ev_vendor_specific_rssi_alert), NULL);
6793 void mgmt_multi_adv_state_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
6795 struct hci_ev_vendor_specific_multi_adv_state *ev = (void *) skb->data;
6796 struct mgmt_ev_vendor_specific_multi_adv_state_changed mgmt_ev;
6798 BT_DBG("Multi adv state changed [%2.2X %2.2X %2.2X]",
6799 ev->adv_instance, ev->state_change_reason, ev->connection_handle);
6801 mgmt_ev.adv_instance = ev->adv_instance;
6802 mgmt_ev.state_change_reason = ev->state_change_reason;
6803 mgmt_ev.connection_handle = ev->connection_handle;
6805 mgmt_event(MGMT_EV_MULTI_ADV_STATE_CHANGED, hdev, &mgmt_ev,
6806 sizeof(struct mgmt_ev_vendor_specific_multi_adv_state_changed), NULL);
6809 static int enable_bt_6lowpan(struct sock *sk, struct hci_dev *hdev,
6810 void *data, u16 len)
6813 struct mgmt_cp_enable_6lowpan *cp = data;
6815 BT_DBG("%s", hdev->name);
6819 if (!hdev_is_powered(hdev)) {
6820 err = cmd_status(sk, hdev->id, MGMT_OP_ENABLE_6LOWPAN,
6821 MGMT_STATUS_NOT_POWERED);
6825 if (!lmp_le_capable(hdev)) {
6826 err = cmd_status(sk, hdev->id, MGMT_OP_ENABLE_6LOWPAN,
6827 MGMT_STATUS_NOT_SUPPORTED);
6831 if (cp->enable_6lowpan)
6832 bt_6lowpan_enable();
6834 bt_6lowpan_disable();
6836 err = cmd_complete(sk, hdev->id, MGMT_OP_ENABLE_6LOWPAN,
6837 MGMT_STATUS_SUCCESS, NULL, 0);
6839 hci_dev_unlock(hdev);
6843 static int connect_bt_6lowpan(struct sock *sk, struct hci_dev *hdev,
6844 void *data, u16 len)
6846 struct mgmt_cp_connect_6lowpan *cp = data;
6847 __u8 addr_type = ADDR_LE_DEV_PUBLIC;
6850 BT_DBG("%s", hdev->name);
6854 if (!lmp_le_capable(hdev)) {
6855 err = cmd_status(sk, hdev->id, MGMT_OP_CONNECT_6LOWPAN,
6856 MGMT_STATUS_NOT_SUPPORTED);
6860 if (!hdev_is_powered(hdev)) {
6861 err = cmd_status(sk, hdev->id, MGMT_OP_CONNECT_6LOWPAN,
6862 MGMT_STATUS_REJECTED);
6866 if (bdaddr_type_is_le(cp->addr.type)) {
6867 if (cp->addr.type == BDADDR_LE_PUBLIC)
6868 addr_type = ADDR_LE_DEV_PUBLIC;
6870 addr_type = ADDR_LE_DEV_RANDOM;
6872 err = cmd_complete(sk, hdev->id, MGMT_OP_CONNECT_6LOWPAN,
6873 MGMT_STATUS_INVALID_PARAMS, NULL, 0);
6877 hci_dev_unlock(hdev);
6879 /* 6lowpan Connect */
6880 err = _bt_6lowpan_connect(&cp->addr.bdaddr, cp->addr.type);
6885 err = cmd_complete(sk, hdev->id, MGMT_OP_CONNECT_6LOWPAN,
6886 MGMT_STATUS_REJECTED, NULL, 0);
6891 err = cmd_complete(sk, hdev->id, MGMT_OP_CONNECT_6LOWPAN, 0,
6894 hci_dev_unlock(hdev);
6898 static int disconnect_bt_6lowpan(struct sock *sk, struct hci_dev *hdev,
6899 void *data, u16 len)
6901 struct mgmt_cp_disconnect_6lowpan *cp = data;
6902 struct hci_conn *conn = NULL;
6903 __u8 addr_type = ADDR_LE_DEV_PUBLIC;
6906 BT_DBG("%s", hdev->name);
6910 if (!lmp_le_capable(hdev)) {
6911 err = cmd_status(sk, hdev->id, MGMT_OP_DISCONNECT_6LOWPAN,
6912 MGMT_STATUS_NOT_SUPPORTED);
6916 if (!hdev_is_powered(hdev)) {
6917 err = cmd_status(sk, hdev->id, MGMT_OP_DISCONNECT_6LOWPAN,
6918 MGMT_STATUS_REJECTED);
6922 if (bdaddr_type_is_le(cp->addr.type)) {
6923 if (cp->addr.type == BDADDR_LE_PUBLIC)
6924 addr_type = ADDR_LE_DEV_PUBLIC;
6926 addr_type = ADDR_LE_DEV_RANDOM;
6928 err = cmd_complete(sk, hdev->id,
6929 MGMT_OP_DISCONNECT_6LOWPAN,
6930 MGMT_STATUS_INVALID_PARAMS, NULL, 0);
6934 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
6936 err = cmd_complete(sk, hdev->id,
6937 MGMT_OP_DISCONNECT_6LOWPAN,
6938 MGMT_STATUS_NOT_CONNECTED, NULL, 0);
6942 if (conn->dst_type != addr_type) {
6943 err = cmd_complete(sk, hdev->id,
6944 MGMT_OP_DISCONNECT_6LOWPAN,
6945 MGMT_STATUS_INVALID_PARAMS, NULL, 0);
6949 if (conn->state != BT_CONNECTED) {
6950 err = cmd_complete(sk, hdev->id,
6951 MGMT_OP_DISCONNECT_6LOWPAN,
6952 MGMT_STATUS_NOT_CONNECTED, NULL, 0);
6956 /* 6lowpan Disconnect */
6957 err = _bt_6lowpan_disconnect(conn->l2cap_data, cp->addr.type);
6959 err = cmd_complete(sk, hdev->id,
6960 MGMT_OP_DISCONNECT_6LOWPAN,
6961 MGMT_STATUS_REJECTED, NULL, 0);
6965 err = cmd_complete(sk, hdev->id, MGMT_OP_CONNECT_6LOWPAN, 0,
6969 hci_dev_unlock(hdev);
6973 void mgmt_6lowpan_conn_changed(struct hci_dev *hdev, char if_name[16],
6974 bdaddr_t *bdaddr, u8 addr_type, bool connected)
6977 struct mgmt_ev_6lowpan_conn_state_changed *ev = (void *)buf;
6980 memset(buf, 0, sizeof(buf));
6981 bacpy(&ev->addr.bdaddr, bdaddr);
6982 ev->addr.type = addr_type;
6983 ev->connected = connected;
6984 memcpy(ev->ifname, (__u8 *)if_name, 16);
6986 ev_size = sizeof(*ev);
6988 mgmt_event(MGMT_EV_6LOWPAN_CONN_STATE_CHANGED, hdev, ev, ev_size, NULL);
6991 void mgmt_le_read_maximum_data_length_complete(struct hci_dev *hdev, u8 status)
6993 struct pending_cmd *cmd;
6994 struct mgmt_rp_le_read_maximum_data_length rp;
6996 BT_DBG("%s status %u", hdev->name, status);
6998 cmd = mgmt_pending_find(MGMT_OP_LE_READ_MAXIMUM_DATA_LENGTH, hdev);
7003 cmd_status(cmd->sk, hdev->id,
7004 MGMT_OP_LE_READ_MAXIMUM_DATA_LENGTH,
7005 mgmt_status(status));
7007 memset(&rp, 0, sizeof(rp));
7009 rp.max_tx_octets = cpu_to_le16(hdev->le_max_tx_len);
7010 rp.max_tx_time = cpu_to_le16(hdev->le_max_tx_time);
7011 rp.max_rx_octets = cpu_to_le16(hdev->le_max_rx_len);
7012 rp.max_rx_time = cpu_to_le16(hdev->le_max_rx_time);
7014 cmd_complete(cmd->sk, hdev->id,
7015 MGMT_OP_LE_READ_MAXIMUM_DATA_LENGTH, 0,
7018 mgmt_pending_remove(cmd);
7021 static int read_maximum_le_data_length(struct sock *sk,
7022 struct hci_dev *hdev, void *data, u16 len)
7024 struct pending_cmd *cmd;
7027 BT_DBG("read_maximum_le_data_length %s", hdev->name);
7031 if (!hdev_is_powered(hdev)) {
7032 err = cmd_status(sk, hdev->id,
7033 MGMT_OP_LE_READ_MAXIMUM_DATA_LENGTH,
7034 MGMT_STATUS_NOT_POWERED);
7038 if (!lmp_le_capable(hdev)) {
7039 err = cmd_status(sk, hdev->id,
7040 MGMT_OP_LE_READ_MAXIMUM_DATA_LENGTH,
7041 MGMT_STATUS_NOT_SUPPORTED);
7045 if (mgmt_pending_find(MGMT_OP_LE_READ_MAXIMUM_DATA_LENGTH, hdev)) {
7046 err = cmd_status(sk, hdev->id,
7047 MGMT_OP_LE_READ_MAXIMUM_DATA_LENGTH,
7052 cmd = mgmt_pending_add(sk, MGMT_OP_LE_READ_MAXIMUM_DATA_LENGTH,
7059 err = hci_send_cmd(hdev, HCI_OP_LE_READ_MAX_DATA_LEN, 0, NULL);
7061 mgmt_pending_remove(cmd);
7064 hci_dev_unlock(hdev);
7068 void mgmt_le_write_host_suggested_data_length_complete(struct hci_dev *hdev,
7071 struct pending_cmd *cmd;
7073 BT_DBG("status 0x%02x", status);
7077 cmd = mgmt_pending_find(MGMT_OP_LE_WRITE_HOST_SUGGESTED_DATA_LENGTH, hdev);
7079 BT_ERR("cmd not found in the pending list");
7084 cmd_status(cmd->sk, hdev->id,
7085 MGMT_OP_LE_WRITE_HOST_SUGGESTED_DATA_LENGTH,
7086 mgmt_status(status));
7088 cmd_complete(cmd->sk, hdev->id,
7089 MGMT_OP_LE_WRITE_HOST_SUGGESTED_DATA_LENGTH,
7092 mgmt_pending_remove(cmd);
7095 hci_dev_unlock(hdev);
7098 static int write_host_suggested_le_data_length(struct sock *sk,
7099 struct hci_dev *hdev, void *data, u16 len)
7101 struct pending_cmd *cmd;
7102 struct mgmt_cp_le_write_host_suggested_data_length *cp = data;
7103 struct hci_cp_le_write_def_data_len hci_data;
7106 BT_DBG("Write host suggested data length request for %s", hdev->name);
7110 if (!hdev_is_powered(hdev)) {
7111 err = cmd_status(sk, hdev->id,
7112 MGMT_OP_LE_WRITE_HOST_SUGGESTED_DATA_LENGTH,
7113 MGMT_STATUS_NOT_POWERED);
7117 if (!lmp_le_capable(hdev)) {
7118 err = cmd_status(sk, hdev->id,
7119 MGMT_OP_LE_WRITE_HOST_SUGGESTED_DATA_LENGTH,
7120 MGMT_STATUS_NOT_SUPPORTED);
7124 if (mgmt_pending_find(MGMT_OP_LE_WRITE_HOST_SUGGESTED_DATA_LENGTH, hdev)) {
7125 err = cmd_status(sk, hdev->id,
7126 MGMT_OP_LE_WRITE_HOST_SUGGESTED_DATA_LENGTH,
7131 cmd = mgmt_pending_add(sk, MGMT_OP_LE_WRITE_HOST_SUGGESTED_DATA_LENGTH,
7138 hci_data.tx_len = cp->def_tx_octets;
7139 hci_data.tx_time = cp->def_tx_time;
7141 err = hci_send_cmd(hdev, HCI_OP_LE_WRITE_DEF_DATA_LEN,
7142 sizeof(hci_data), &hci_data);
7144 mgmt_pending_remove(cmd);
7147 hci_dev_unlock(hdev);
7151 /* END TIZEN_Bluetooth */
7154 static bool ltk_is_valid(struct mgmt_ltk_info *key)
7156 if (key->master != 0x00 && key->master != 0x01)
7159 switch (key->addr.type) {
7160 case BDADDR_LE_PUBLIC:
7163 case BDADDR_LE_RANDOM:
7164 /* Two most significant bits shall be set */
7165 if ((key->addr.bdaddr.b[5] & 0xc0) != 0xc0)
7173 static int load_long_term_keys(struct sock *sk, struct hci_dev *hdev,
7174 void *cp_data, u16 len)
7176 struct mgmt_cp_load_long_term_keys *cp = cp_data;
7177 const u16 max_key_count = ((U16_MAX - sizeof(*cp)) /
7178 sizeof(struct mgmt_ltk_info));
7179 u16 key_count, expected_len;
7182 BT_DBG("request for %s", hdev->name);
7184 if (!lmp_le_capable(hdev))
7185 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
7186 MGMT_STATUS_NOT_SUPPORTED);
7188 key_count = __le16_to_cpu(cp->key_count);
7189 if (key_count > max_key_count) {
7190 BT_ERR("load_ltks: too big key_count value %u", key_count);
7191 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
7192 MGMT_STATUS_INVALID_PARAMS);
7195 expected_len = sizeof(*cp) + key_count *
7196 sizeof(struct mgmt_ltk_info);
7197 if (expected_len != len) {
7198 BT_ERR("load_keys: expected %u bytes, got %u bytes",
7200 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
7201 MGMT_STATUS_INVALID_PARAMS);
7204 BT_DBG("%s key_count %u", hdev->name, key_count);
7206 for (i = 0; i < key_count; i++) {
7207 struct mgmt_ltk_info *key = &cp->keys[i];
7209 if (!ltk_is_valid(key))
7210 return cmd_status(sk, hdev->id,
7211 MGMT_OP_LOAD_LONG_TERM_KEYS,
7212 MGMT_STATUS_INVALID_PARAMS);
7217 hci_smp_ltks_clear(hdev);
7219 for (i = 0; i < key_count; i++) {
7220 struct mgmt_ltk_info *key = &cp->keys[i];
7221 u8 type, addr_type, authenticated;
7223 if (key->addr.type == BDADDR_LE_PUBLIC)
7224 addr_type = ADDR_LE_DEV_PUBLIC;
7226 addr_type = ADDR_LE_DEV_RANDOM;
7228 switch (key->type) {
7229 case MGMT_LTK_UNAUTHENTICATED:
7230 authenticated = 0x00;
7231 type = key->master ? SMP_LTK : SMP_LTK_SLAVE;
7233 case MGMT_LTK_AUTHENTICATED:
7234 authenticated = 0x01;
7235 type = key->master ? SMP_LTK : SMP_LTK_SLAVE;
7237 case MGMT_LTK_P256_UNAUTH:
7238 authenticated = 0x00;
7239 type = SMP_LTK_P256;
7241 case MGMT_LTK_P256_AUTH:
7242 authenticated = 0x01;
7243 type = SMP_LTK_P256;
7245 case MGMT_LTK_P256_DEBUG:
7246 authenticated = 0x00;
7247 type = SMP_LTK_P256_DEBUG;
7252 hci_add_ltk(hdev, &key->addr.bdaddr, addr_type, type,
7253 authenticated, key->val, key->enc_size, key->ediv,
7257 err = cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS, 0,
7260 hci_dev_unlock(hdev);
7265 static int conn_info_cmd_complete(struct pending_cmd *cmd, u8 status)
7267 struct hci_conn *conn = cmd->user_data;
7268 struct mgmt_rp_get_conn_info rp;
7271 memcpy(&rp.addr, cmd->param, sizeof(rp.addr));
7273 if (status == MGMT_STATUS_SUCCESS) {
7274 rp.rssi = conn->rssi;
7275 rp.tx_power = conn->tx_power;
7276 rp.max_tx_power = conn->max_tx_power;
7278 rp.rssi = HCI_RSSI_INVALID;
7279 rp.tx_power = HCI_TX_POWER_INVALID;
7280 rp.max_tx_power = HCI_TX_POWER_INVALID;
7283 err = cmd_complete(cmd->sk, cmd->index, MGMT_OP_GET_CONN_INFO, status,
7286 hci_conn_drop(conn);
7292 static void conn_info_refresh_complete(struct hci_dev *hdev, u8 hci_status,
7295 struct hci_cp_read_rssi *cp;
7296 struct pending_cmd *cmd;
7297 struct hci_conn *conn;
7301 BT_DBG("status 0x%02x", hci_status);
7305 /* Commands sent in request are either Read RSSI or Read Transmit Power
7306 * Level so we check which one was last sent to retrieve connection
7307 * handle. Both commands have handle as first parameter so it's safe to
7308 * cast data on the same command struct.
7310 * First command sent is always Read RSSI and we fail only if it fails.
7311 * In other case we simply override error to indicate success as we
7312 * already remembered if TX power value is actually valid.
7314 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_RSSI);
7316 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_TX_POWER);
7317 status = MGMT_STATUS_SUCCESS;
7319 status = mgmt_status(hci_status);
7323 BT_ERR("invalid sent_cmd in conn_info response");
7327 handle = __le16_to_cpu(cp->handle);
7328 conn = hci_conn_hash_lookup_handle(hdev, handle);
7330 BT_ERR("unknown handle (%d) in conn_info response", handle);
7334 cmd = mgmt_pending_find_data(MGMT_OP_GET_CONN_INFO, hdev, conn);
7338 cmd->cmd_complete(cmd, status);
7339 mgmt_pending_remove(cmd);
7342 hci_dev_unlock(hdev);
7346 #ifdef CONFIG_TIZEN_WIP
7347 /* defination of "prandom_u32_max" is imported from latest kernel,
7348 * so if the kernel is migrated to latest, below defination should be removed
7352 * prandom_u32_max - returns a pseudo-random number in interval [0, ep_ro)
7353 * @ep_ro: right open interval endpoint
7355 * Returns a pseudo-random number that is in interval [0, ep_ro). Note
7356 * that the result depends on PRNG being well distributed in [0, ~0U]
7357 * u32 space. Here we use maximally equidistributed combined Tausworthe
7358 * generator, that is, prandom_u32(). This is useful when requesting a
7359 * random index of an array containing ep_ro elements, for example.
7361 * Returns: pseudo-random number in interval [0, ep_ro)
7363 static inline u32 prandom_u32_max(u32 ep_ro)
7365 return (u32)(((u64) prandom_u32() * ep_ro) >> 32);
7369 static int get_conn_info(struct sock *sk, struct hci_dev *hdev, void *data,
7372 struct mgmt_cp_get_conn_info *cp = data;
7373 struct mgmt_rp_get_conn_info rp;
7374 struct hci_conn *conn;
7375 unsigned long conn_info_age;
7378 BT_DBG("%s", hdev->name);
7380 memset(&rp, 0, sizeof(rp));
7381 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
7382 rp.addr.type = cp->addr.type;
7384 if (!bdaddr_type_is_valid(cp->addr.type))
7385 return cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
7386 MGMT_STATUS_INVALID_PARAMS,
7391 if (!hdev_is_powered(hdev)) {
7392 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
7393 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
7397 if (cp->addr.type == BDADDR_BREDR)
7398 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
7401 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
7403 if (!conn || conn->state != BT_CONNECTED) {
7404 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
7405 MGMT_STATUS_NOT_CONNECTED, &rp, sizeof(rp));
7409 if (mgmt_pending_find_data(MGMT_OP_GET_CONN_INFO, hdev, conn)) {
7410 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
7411 MGMT_STATUS_BUSY, &rp, sizeof(rp));
7415 /* To avoid client trying to guess when to poll again for information we
7416 * calculate conn info age as random value between min/max set in hdev.
7418 conn_info_age = hdev->conn_info_min_age +
7419 prandom_u32_max(hdev->conn_info_max_age -
7420 hdev->conn_info_min_age);
7422 /* Query controller to refresh cached values if they are too old or were
7425 if (time_after(jiffies, conn->conn_info_timestamp +
7426 msecs_to_jiffies(conn_info_age)) ||
7427 !conn->conn_info_timestamp) {
7428 struct hci_request req;
7429 struct hci_cp_read_tx_power req_txp_cp;
7430 struct hci_cp_read_rssi req_rssi_cp;
7431 struct pending_cmd *cmd;
7433 hci_req_init(&req, hdev);
7434 req_rssi_cp.handle = cpu_to_le16(conn->handle);
7435 hci_req_add(&req, HCI_OP_READ_RSSI, sizeof(req_rssi_cp),
7438 /* For LE links TX power does not change thus we don't need to
7439 * query for it once value is known.
7441 if (!bdaddr_type_is_le(cp->addr.type) ||
7442 conn->tx_power == HCI_TX_POWER_INVALID) {
7443 req_txp_cp.handle = cpu_to_le16(conn->handle);
7444 req_txp_cp.type = 0x00;
7445 hci_req_add(&req, HCI_OP_READ_TX_POWER,
7446 sizeof(req_txp_cp), &req_txp_cp);
7449 /* Max TX power needs to be read only once per connection */
7450 if (conn->max_tx_power == HCI_TX_POWER_INVALID) {
7451 req_txp_cp.handle = cpu_to_le16(conn->handle);
7452 req_txp_cp.type = 0x01;
7453 hci_req_add(&req, HCI_OP_READ_TX_POWER,
7454 sizeof(req_txp_cp), &req_txp_cp);
7457 err = hci_req_run(&req, conn_info_refresh_complete);
7461 cmd = mgmt_pending_add(sk, MGMT_OP_GET_CONN_INFO, hdev,
7468 hci_conn_hold(conn);
7469 cmd->user_data = hci_conn_get(conn);
7470 cmd->cmd_complete = conn_info_cmd_complete;
7472 conn->conn_info_timestamp = jiffies;
7474 /* Cache is valid, just reply with values cached in hci_conn */
7475 rp.rssi = conn->rssi;
7476 rp.tx_power = conn->tx_power;
7477 rp.max_tx_power = conn->max_tx_power;
7479 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
7480 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
7484 hci_dev_unlock(hdev);
7488 static int clock_info_cmd_complete(struct pending_cmd *cmd, u8 status)
7490 struct hci_conn *conn = cmd->user_data;
7491 struct mgmt_rp_get_clock_info rp;
7492 struct hci_dev *hdev;
7495 memset(&rp, 0, sizeof(rp));
7496 memcpy(&rp.addr, &cmd->param, sizeof(rp.addr));
7501 hdev = hci_dev_get(cmd->index);
7503 rp.local_clock = cpu_to_le32(hdev->clock);
7508 rp.piconet_clock = cpu_to_le32(conn->clock);
7509 rp.accuracy = cpu_to_le16(conn->clock_accuracy);
7513 err = cmd_complete(cmd->sk, cmd->index, cmd->opcode, status, &rp,
7517 hci_conn_drop(conn);
7524 static void get_clock_info_complete(struct hci_dev *hdev, u8 status, u16 opcode)
7526 struct hci_cp_read_clock *hci_cp;
7527 struct pending_cmd *cmd;
7528 struct hci_conn *conn;
7530 BT_DBG("%s status %u", hdev->name, status);
7534 hci_cp = hci_sent_cmd_data(hdev, HCI_OP_READ_CLOCK);
7538 if (hci_cp->which) {
7539 u16 handle = __le16_to_cpu(hci_cp->handle);
7540 conn = hci_conn_hash_lookup_handle(hdev, handle);
7545 cmd = mgmt_pending_find_data(MGMT_OP_GET_CLOCK_INFO, hdev, conn);
7549 cmd->cmd_complete(cmd, mgmt_status(status));
7550 mgmt_pending_remove(cmd);
7553 hci_dev_unlock(hdev);
7556 static int get_clock_info(struct sock *sk, struct hci_dev *hdev, void *data,
7559 struct mgmt_cp_get_clock_info *cp = data;
7560 struct mgmt_rp_get_clock_info rp;
7561 struct hci_cp_read_clock hci_cp;
7562 struct pending_cmd *cmd;
7563 struct hci_request req;
7564 struct hci_conn *conn;
7567 BT_DBG("%s", hdev->name);
7569 memset(&rp, 0, sizeof(rp));
7570 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
7571 rp.addr.type = cp->addr.type;
7573 if (cp->addr.type != BDADDR_BREDR)
7574 return cmd_complete(sk, hdev->id, MGMT_OP_GET_CLOCK_INFO,
7575 MGMT_STATUS_INVALID_PARAMS,
7580 if (!hdev_is_powered(hdev)) {
7581 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CLOCK_INFO,
7582 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
7586 if (bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
7587 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
7589 if (!conn || conn->state != BT_CONNECTED) {
7590 err = cmd_complete(sk, hdev->id,
7591 MGMT_OP_GET_CLOCK_INFO,
7592 MGMT_STATUS_NOT_CONNECTED,
7600 cmd = mgmt_pending_add(sk, MGMT_OP_GET_CLOCK_INFO, hdev, data, len);
7606 cmd->cmd_complete = clock_info_cmd_complete;
7608 hci_req_init(&req, hdev);
7610 memset(&hci_cp, 0, sizeof(hci_cp));
7611 hci_req_add(&req, HCI_OP_READ_CLOCK, sizeof(hci_cp), &hci_cp);
7614 hci_conn_hold(conn);
7615 cmd->user_data = hci_conn_get(conn);
7617 hci_cp.handle = cpu_to_le16(conn->handle);
7618 hci_cp.which = 0x01; /* Piconet clock */
7619 hci_req_add(&req, HCI_OP_READ_CLOCK, sizeof(hci_cp), &hci_cp);
7622 err = hci_req_run(&req, get_clock_info_complete);
7624 mgmt_pending_remove(cmd);
7627 hci_dev_unlock(hdev);
7631 static bool is_connected(struct hci_dev *hdev, bdaddr_t *addr, u8 type)
7633 struct hci_conn *conn;
7635 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, addr);
7639 if (conn->dst_type != type)
7642 if (conn->state != BT_CONNECTED)
7648 /* This function requires the caller holds hdev->lock */
7649 static int hci_conn_params_set(struct hci_request *req, bdaddr_t *addr,
7650 u8 addr_type, u8 auto_connect)
7652 struct hci_dev *hdev = req->hdev;
7653 struct hci_conn_params *params;
7655 params = hci_conn_params_add(hdev, addr, addr_type);
7659 if (params->auto_connect == auto_connect)
7662 list_del_init(¶ms->action);
7664 switch (auto_connect) {
7665 case HCI_AUTO_CONN_DISABLED:
7666 case HCI_AUTO_CONN_LINK_LOSS:
7667 __hci_update_background_scan(req);
7669 case HCI_AUTO_CONN_REPORT:
7670 list_add(¶ms->action, &hdev->pend_le_reports);
7671 __hci_update_background_scan(req);
7673 case HCI_AUTO_CONN_DIRECT:
7674 case HCI_AUTO_CONN_ALWAYS:
7675 if (!is_connected(hdev, addr, addr_type)) {
7676 list_add(¶ms->action, &hdev->pend_le_conns);
7677 __hci_update_background_scan(req);
7682 params->auto_connect = auto_connect;
7684 BT_DBG("addr %pMR (type %u) auto_connect %u", addr, addr_type,
7690 static void device_added(struct sock *sk, struct hci_dev *hdev,
7691 bdaddr_t *bdaddr, u8 type, u8 action)
7693 struct mgmt_ev_device_added ev;
7695 bacpy(&ev.addr.bdaddr, bdaddr);
7696 ev.addr.type = type;
7699 mgmt_event(MGMT_EV_DEVICE_ADDED, hdev, &ev, sizeof(ev), sk);
7702 static void add_device_complete(struct hci_dev *hdev, u8 status, u16 opcode)
7704 struct pending_cmd *cmd;
7706 BT_DBG("status 0x%02x", status);
7710 cmd = mgmt_pending_find(MGMT_OP_ADD_DEVICE, hdev);
7714 cmd->cmd_complete(cmd, mgmt_status(status));
7715 mgmt_pending_remove(cmd);
7718 hci_dev_unlock(hdev);
7721 static int add_device(struct sock *sk, struct hci_dev *hdev,
7722 void *data, u16 len)
7724 struct mgmt_cp_add_device *cp = data;
7725 struct pending_cmd *cmd;
7726 struct hci_request req;
7727 u8 auto_conn, addr_type;
7730 BT_DBG("%s", hdev->name);
7732 if (!bdaddr_type_is_valid(cp->addr.type) ||
7733 !bacmp(&cp->addr.bdaddr, BDADDR_ANY))
7734 return cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
7735 MGMT_STATUS_INVALID_PARAMS,
7736 &cp->addr, sizeof(cp->addr));
7738 if (cp->action != 0x00 && cp->action != 0x01 && cp->action != 0x02)
7739 return cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
7740 MGMT_STATUS_INVALID_PARAMS,
7741 &cp->addr, sizeof(cp->addr));
7743 hci_req_init(&req, hdev);
7747 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_DEVICE, hdev, data, len);
7753 cmd->cmd_complete = addr_cmd_complete;
7755 if (cp->addr.type == BDADDR_BREDR) {
7756 /* Only incoming connections action is supported for now */
7757 if (cp->action != 0x01) {
7758 err = cmd->cmd_complete(cmd,
7759 MGMT_STATUS_INVALID_PARAMS);
7760 mgmt_pending_remove(cmd);
7764 err = hci_bdaddr_list_add(&hdev->whitelist, &cp->addr.bdaddr,
7769 __hci_update_page_scan(&req);
7774 if (cp->addr.type == BDADDR_LE_PUBLIC)
7775 addr_type = ADDR_LE_DEV_PUBLIC;
7777 addr_type = ADDR_LE_DEV_RANDOM;
7779 if (cp->action == 0x02)
7780 auto_conn = HCI_AUTO_CONN_ALWAYS;
7781 else if (cp->action == 0x01)
7782 auto_conn = HCI_AUTO_CONN_DIRECT;
7784 auto_conn = HCI_AUTO_CONN_REPORT;
7786 /* If the connection parameters don't exist for this device,
7787 * they will be created and configured with defaults.
7789 if (hci_conn_params_set(&req, &cp->addr.bdaddr, addr_type,
7791 err = cmd->cmd_complete(cmd, MGMT_STATUS_FAILED);
7792 mgmt_pending_remove(cmd);
7797 device_added(sk, hdev, &cp->addr.bdaddr, cp->addr.type, cp->action);
7799 err = hci_req_run(&req, add_device_complete);
7801 /* ENODATA means no HCI commands were needed (e.g. if
7802 * the adapter is powered off).
7804 if (err == -ENODATA)
7805 err = cmd->cmd_complete(cmd, MGMT_STATUS_SUCCESS);
7806 mgmt_pending_remove(cmd);
7810 hci_dev_unlock(hdev);
7814 static void device_removed(struct sock *sk, struct hci_dev *hdev,
7815 bdaddr_t *bdaddr, u8 type)
7817 struct mgmt_ev_device_removed ev;
7819 bacpy(&ev.addr.bdaddr, bdaddr);
7820 ev.addr.type = type;
7822 mgmt_event(MGMT_EV_DEVICE_REMOVED, hdev, &ev, sizeof(ev), sk);
7825 static void remove_device_complete(struct hci_dev *hdev, u8 status, u16 opcode)
7827 struct pending_cmd *cmd;
7829 BT_DBG("status 0x%02x", status);
7833 cmd = mgmt_pending_find(MGMT_OP_REMOVE_DEVICE, hdev);
7837 cmd->cmd_complete(cmd, mgmt_status(status));
7838 mgmt_pending_remove(cmd);
7841 hci_dev_unlock(hdev);
7844 static int remove_device(struct sock *sk, struct hci_dev *hdev,
7845 void *data, u16 len)
7847 struct mgmt_cp_remove_device *cp = data;
7848 struct pending_cmd *cmd;
7849 struct hci_request req;
7852 BT_DBG("%s", hdev->name);
7854 hci_req_init(&req, hdev);
7858 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_DEVICE, hdev, data, len);
7864 cmd->cmd_complete = addr_cmd_complete;
7866 if (bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
7867 struct hci_conn_params *params;
7870 if (!bdaddr_type_is_valid(cp->addr.type)) {
7871 err = cmd->cmd_complete(cmd,
7872 MGMT_STATUS_INVALID_PARAMS);
7873 mgmt_pending_remove(cmd);
7877 if (cp->addr.type == BDADDR_BREDR) {
7878 err = hci_bdaddr_list_del(&hdev->whitelist,
7882 err = cmd->cmd_complete(cmd,
7883 MGMT_STATUS_INVALID_PARAMS);
7884 mgmt_pending_remove(cmd);
7888 __hci_update_page_scan(&req);
7890 device_removed(sk, hdev, &cp->addr.bdaddr,
7895 if (cp->addr.type == BDADDR_LE_PUBLIC)
7896 addr_type = ADDR_LE_DEV_PUBLIC;
7898 addr_type = ADDR_LE_DEV_RANDOM;
7900 params = hci_conn_params_lookup(hdev, &cp->addr.bdaddr,
7903 err = cmd->cmd_complete(cmd,
7904 MGMT_STATUS_INVALID_PARAMS);
7905 mgmt_pending_remove(cmd);
7909 if (params->auto_connect == HCI_AUTO_CONN_DISABLED) {
7910 err = cmd->cmd_complete(cmd,
7911 MGMT_STATUS_INVALID_PARAMS);
7912 mgmt_pending_remove(cmd);
7916 list_del(¶ms->action);
7917 list_del(¶ms->list);
7919 __hci_update_background_scan(&req);
7921 device_removed(sk, hdev, &cp->addr.bdaddr, cp->addr.type);
7923 struct hci_conn_params *p, *tmp;
7924 struct bdaddr_list *b, *btmp;
7926 if (cp->addr.type) {
7927 err = cmd->cmd_complete(cmd,
7928 MGMT_STATUS_INVALID_PARAMS);
7929 mgmt_pending_remove(cmd);
7933 list_for_each_entry_safe(b, btmp, &hdev->whitelist, list) {
7934 device_removed(sk, hdev, &b->bdaddr, b->bdaddr_type);
7939 __hci_update_page_scan(&req);
7941 list_for_each_entry_safe(p, tmp, &hdev->le_conn_params, list) {
7942 if (p->auto_connect == HCI_AUTO_CONN_DISABLED)
7944 device_removed(sk, hdev, &p->addr, p->addr_type);
7945 list_del(&p->action);
7950 BT_DBG("All LE connection parameters were removed");
7952 __hci_update_background_scan(&req);
7956 err = hci_req_run(&req, remove_device_complete);
7958 /* ENODATA means no HCI commands were needed (e.g. if
7959 * the adapter is powered off).
7961 if (err == -ENODATA)
7962 err = cmd->cmd_complete(cmd, MGMT_STATUS_SUCCESS);
7963 mgmt_pending_remove(cmd);
7967 hci_dev_unlock(hdev);
7971 static int load_conn_param(struct sock *sk, struct hci_dev *hdev, void *data,
7974 struct mgmt_cp_load_conn_param *cp = data;
7975 const u16 max_param_count = ((U16_MAX - sizeof(*cp)) /
7976 sizeof(struct mgmt_conn_param));
7977 u16 param_count, expected_len;
7980 if (!lmp_le_capable(hdev))
7981 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
7982 MGMT_STATUS_NOT_SUPPORTED);
7984 param_count = __le16_to_cpu(cp->param_count);
7985 if (param_count > max_param_count) {
7986 BT_ERR("load_conn_param: too big param_count value %u",
7988 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
7989 MGMT_STATUS_INVALID_PARAMS);
7992 expected_len = sizeof(*cp) + param_count *
7993 sizeof(struct mgmt_conn_param);
7994 if (expected_len != len) {
7995 BT_ERR("load_conn_param: expected %u bytes, got %u bytes",
7997 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
7998 MGMT_STATUS_INVALID_PARAMS);
8001 BT_DBG("%s param_count %u", hdev->name, param_count);
8005 hci_conn_params_clear_disabled(hdev);
8007 for (i = 0; i < param_count; i++) {
8008 struct mgmt_conn_param *param = &cp->params[i];
8009 struct hci_conn_params *hci_param;
8010 u16 min, max, latency, timeout;
8013 BT_DBG("Adding %pMR (type %u)", ¶m->addr.bdaddr,
8016 if (param->addr.type == BDADDR_LE_PUBLIC) {
8017 addr_type = ADDR_LE_DEV_PUBLIC;
8018 } else if (param->addr.type == BDADDR_LE_RANDOM) {
8019 addr_type = ADDR_LE_DEV_RANDOM;
8021 BT_ERR("Ignoring invalid connection parameters");
8025 min = le16_to_cpu(param->min_interval);
8026 max = le16_to_cpu(param->max_interval);
8027 latency = le16_to_cpu(param->latency);
8028 timeout = le16_to_cpu(param->timeout);
8030 BT_DBG("min 0x%04x max 0x%04x latency 0x%04x timeout 0x%04x",
8031 min, max, latency, timeout);
8033 if (hci_check_conn_params(min, max, latency, timeout) < 0) {
8034 BT_ERR("Ignoring invalid connection parameters");
8038 hci_param = hci_conn_params_add(hdev, ¶m->addr.bdaddr,
8041 BT_ERR("Failed to add connection parameters");
8045 hci_param->conn_min_interval = min;
8046 hci_param->conn_max_interval = max;
8047 hci_param->conn_latency = latency;
8048 hci_param->supervision_timeout = timeout;
8051 hci_dev_unlock(hdev);
8053 return cmd_complete(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM, 0, NULL, 0);
8056 static int set_external_config(struct sock *sk, struct hci_dev *hdev,
8057 void *data, u16 len)
8059 struct mgmt_cp_set_external_config *cp = data;
8063 BT_DBG("%s", hdev->name);
8065 if (hdev_is_powered(hdev))
8066 return cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
8067 MGMT_STATUS_REJECTED);
8069 if (cp->config != 0x00 && cp->config != 0x01)
8070 return cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
8071 MGMT_STATUS_INVALID_PARAMS);
8073 if (!test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks))
8074 return cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
8075 MGMT_STATUS_NOT_SUPPORTED);
8080 changed = !test_and_set_bit(HCI_EXT_CONFIGURED,
8083 changed = test_and_clear_bit(HCI_EXT_CONFIGURED,
8086 err = send_options_rsp(sk, MGMT_OP_SET_EXTERNAL_CONFIG, hdev);
8093 err = new_options(hdev, sk);
8095 if (test_bit(HCI_UNCONFIGURED, &hdev->dev_flags) == is_configured(hdev)) {
8096 mgmt_index_removed(hdev);
8098 if (test_and_change_bit(HCI_UNCONFIGURED, &hdev->dev_flags)) {
8099 set_bit(HCI_CONFIG, &hdev->dev_flags);
8100 set_bit(HCI_AUTO_OFF, &hdev->dev_flags);
8102 queue_work(hdev->req_workqueue, &hdev->power_on);
8104 set_bit(HCI_RAW, &hdev->flags);
8105 mgmt_index_added(hdev);
8110 hci_dev_unlock(hdev);
8114 static int set_public_address(struct sock *sk, struct hci_dev *hdev,
8115 void *data, u16 len)
8117 struct mgmt_cp_set_public_address *cp = data;
8121 BT_DBG("%s", hdev->name);
8123 if (hdev_is_powered(hdev))
8124 return cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
8125 MGMT_STATUS_REJECTED);
8127 if (!bacmp(&cp->bdaddr, BDADDR_ANY))
8128 return cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
8129 MGMT_STATUS_INVALID_PARAMS);
8131 if (!hdev->set_bdaddr)
8132 return cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
8133 MGMT_STATUS_NOT_SUPPORTED);
8137 changed = !!bacmp(&hdev->public_addr, &cp->bdaddr);
8138 bacpy(&hdev->public_addr, &cp->bdaddr);
8140 err = send_options_rsp(sk, MGMT_OP_SET_PUBLIC_ADDRESS, hdev);
8147 if (test_bit(HCI_UNCONFIGURED, &hdev->dev_flags))
8148 err = new_options(hdev, sk);
8150 if (is_configured(hdev)) {
8151 mgmt_index_removed(hdev);
8153 clear_bit(HCI_UNCONFIGURED, &hdev->dev_flags);
8155 set_bit(HCI_CONFIG, &hdev->dev_flags);
8156 set_bit(HCI_AUTO_OFF, &hdev->dev_flags);
8158 queue_work(hdev->req_workqueue, &hdev->power_on);
8162 hci_dev_unlock(hdev);
8166 static const struct mgmt_handler {
8167 int (*func) (struct sock *sk, struct hci_dev *hdev, void *data,
8171 } mgmt_handlers[] = {
8172 { NULL }, /* 0x0000 (no command) */
8173 { read_version, false, MGMT_READ_VERSION_SIZE },
8174 { read_commands, false, MGMT_READ_COMMANDS_SIZE },
8175 { read_index_list, false, MGMT_READ_INDEX_LIST_SIZE },
8176 { read_controller_info, false, MGMT_READ_INFO_SIZE },
8177 { set_powered, false, MGMT_SETTING_SIZE },
8178 { set_discoverable, false, MGMT_SET_DISCOVERABLE_SIZE },
8179 { set_connectable, false, MGMT_SETTING_SIZE },
8180 { set_fast_connectable, false, MGMT_SETTING_SIZE },
8181 { set_bondable, false, MGMT_SETTING_SIZE },
8182 { set_link_security, false, MGMT_SETTING_SIZE },
8183 { set_ssp, false, MGMT_SETTING_SIZE },
8184 { set_hs, false, MGMT_SETTING_SIZE },
8185 { set_le, false, MGMT_SETTING_SIZE },
8186 { set_dev_class, false, MGMT_SET_DEV_CLASS_SIZE },
8187 { set_local_name, false, MGMT_SET_LOCAL_NAME_SIZE },
8188 { add_uuid, false, MGMT_ADD_UUID_SIZE },
8189 { remove_uuid, false, MGMT_REMOVE_UUID_SIZE },
8190 { load_link_keys, true, MGMT_LOAD_LINK_KEYS_SIZE },
8191 { load_long_term_keys, true, MGMT_LOAD_LONG_TERM_KEYS_SIZE },
8192 { disconnect, false, MGMT_DISCONNECT_SIZE },
8193 { get_connections, false, MGMT_GET_CONNECTIONS_SIZE },
8194 { pin_code_reply, false, MGMT_PIN_CODE_REPLY_SIZE },
8195 { pin_code_neg_reply, false, MGMT_PIN_CODE_NEG_REPLY_SIZE },
8196 { set_io_capability, false, MGMT_SET_IO_CAPABILITY_SIZE },
8197 { pair_device, false, MGMT_PAIR_DEVICE_SIZE },
8198 { cancel_pair_device, false, MGMT_CANCEL_PAIR_DEVICE_SIZE },
8199 { unpair_device, false, MGMT_UNPAIR_DEVICE_SIZE },
8200 { user_confirm_reply, false, MGMT_USER_CONFIRM_REPLY_SIZE },
8201 { user_confirm_neg_reply, false, MGMT_USER_CONFIRM_NEG_REPLY_SIZE },
8202 { user_passkey_reply, false, MGMT_USER_PASSKEY_REPLY_SIZE },
8203 { user_passkey_neg_reply, false, MGMT_USER_PASSKEY_NEG_REPLY_SIZE },
8204 { read_local_oob_data, false, MGMT_READ_LOCAL_OOB_DATA_SIZE },
8205 { add_remote_oob_data, true, MGMT_ADD_REMOTE_OOB_DATA_SIZE },
8206 { remove_remote_oob_data, false, MGMT_REMOVE_REMOTE_OOB_DATA_SIZE },
8207 { start_discovery, false, MGMT_START_DISCOVERY_SIZE },
8208 { stop_discovery, false, MGMT_STOP_DISCOVERY_SIZE },
8209 { confirm_name, false, MGMT_CONFIRM_NAME_SIZE },
8210 { block_device, false, MGMT_BLOCK_DEVICE_SIZE },
8211 { unblock_device, false, MGMT_UNBLOCK_DEVICE_SIZE },
8212 { set_device_id, false, MGMT_SET_DEVICE_ID_SIZE },
8213 { set_advertising, false, MGMT_SETTING_SIZE },
8214 { set_bredr, false, MGMT_SETTING_SIZE },
8215 { set_static_address, false, MGMT_SET_STATIC_ADDRESS_SIZE },
8216 { set_scan_params, false, MGMT_SET_SCAN_PARAMS_SIZE },
8217 { set_secure_conn, false, MGMT_SETTING_SIZE },
8218 { set_debug_keys, false, MGMT_SETTING_SIZE },
8219 { set_privacy, false, MGMT_SET_PRIVACY_SIZE },
8220 { load_irks, true, MGMT_LOAD_IRKS_SIZE },
8221 { get_conn_info, false, MGMT_GET_CONN_INFO_SIZE },
8222 { get_clock_info, false, MGMT_GET_CLOCK_INFO_SIZE },
8223 { add_device, false, MGMT_ADD_DEVICE_SIZE },
8224 { remove_device, false, MGMT_REMOVE_DEVICE_SIZE },
8225 { load_conn_param, true, MGMT_LOAD_CONN_PARAM_SIZE },
8226 { read_unconf_index_list, false, MGMT_READ_UNCONF_INDEX_LIST_SIZE },
8227 { read_config_info, false, MGMT_READ_CONFIG_INFO_SIZE },
8228 { set_external_config, false, MGMT_SET_EXTERNAL_CONFIG_SIZE },
8229 { set_public_address, false, MGMT_SET_PUBLIC_ADDRESS_SIZE },
8230 { start_service_discovery,true, MGMT_START_SERVICE_DISCOVERY_SIZE },
8233 #ifdef CONFIG_TIZEN_WIP
8234 static const struct mgmt_handler tizen_mgmt_handlers[] = {
8235 { NULL }, /* 0x0000 (no command) */
8236 { set_advertising_params, false, MGMT_SET_ADVERTISING_PARAMS_SIZE },
8237 { set_advertising_data, true, MGMT_SET_ADV_MIN_APP_DATA_SIZE },
8238 { set_scan_rsp_data, true, MGMT_SET_SCAN_RSP_MIN_APP_DATA_SIZE },
8239 { add_white_list, false, MGMT_ADD_DEV_WHITE_LIST_SIZE },
8240 { remove_from_white_list, false, MGMT_REMOVE_DEV_FROM_WHITE_LIST_SIZE },
8241 { clear_white_list, false, MGMT_OP_CLEAR_DEV_WHITE_LIST_SIZE },
8242 { set_enable_rssi, false, MGMT_SET_RSSI_ENABLE_SIZE },
8243 { get_raw_rssi, false, MGMT_GET_RAW_RSSI_SIZE },
8244 { set_disable_threshold, false, MGMT_SET_RSSI_DISABLE_SIZE },
8245 { start_le_discovery, false, MGMT_START_LE_DISCOVERY_SIZE },
8246 { stop_le_discovery, false, MGMT_STOP_LE_DISCOVERY_SIZE },
8247 { disable_le_auto_connect, false, MGMT_DISABLE_LE_AUTO_CONNECT_SIZE },
8248 { le_conn_update, false, MGMT_LE_CONN_UPDATE_SIZE},
8249 { set_manufacturer_data, false, MGMT_SET_MANUFACTURER_DATA_SIZE},
8250 { le_set_scan_params, false, MGMT_LE_SET_SCAN_PARAMS_SIZE },
8251 { set_voice_setting, false, MGMT_SET_VOICE_SETTING_SIZE},
8252 { get_adv_tx_power, false, MGMT_GET_ADV_TX_POWER_SIZE},
8253 { enable_bt_6lowpan, false, MGMT_ENABLE_BT_6LOWPAN_SIZE },
8254 { disconnect_bt_6lowpan, false, MGMT_DISCONNECT_6LOWPAN_SIZE },
8255 { read_maximum_le_data_length, false, MGMT_LE_READ_MAXIMUM_DATA_LENGTH_SIZE },
8256 { write_host_suggested_le_data_length, false,
8257 MGMT_LE_WRITE_HOST_SUGGESTED_DATA_LENGTH_SIZE },
8261 int mgmt_control(struct sock *sk, struct msghdr *msg, size_t msglen)
8265 struct mgmt_hdr *hdr;
8266 u16 opcode, index, len;
8267 struct hci_dev *hdev = NULL;
8268 const struct mgmt_handler *handler;
8271 BT_DBG("got %zu bytes", msglen);
8273 if (msglen < sizeof(*hdr))
8276 buf = kmalloc(msglen, GFP_KERNEL);
8280 #ifdef CONFIG_TIZEN_WIP
8281 if (memcpy_fromiovec(buf, msg->msg_iov, msglen)) {
8283 if (memcpy_from_msg(buf, msg, msglen)) {
8290 opcode = __le16_to_cpu(hdr->opcode);
8291 index = __le16_to_cpu(hdr->index);
8292 len = __le16_to_cpu(hdr->len);
8294 if (len != msglen - sizeof(*hdr)) {
8299 if (index != MGMT_INDEX_NONE) {
8300 hdev = hci_dev_get(index);
8302 err = cmd_status(sk, index, opcode,
8303 MGMT_STATUS_INVALID_INDEX);
8307 if (test_bit(HCI_SETUP, &hdev->dev_flags) ||
8308 test_bit(HCI_CONFIG, &hdev->dev_flags) ||
8309 test_bit(HCI_USER_CHANNEL, &hdev->dev_flags)) {
8310 err = cmd_status(sk, index, opcode,
8311 MGMT_STATUS_INVALID_INDEX);
8315 if (test_bit(HCI_UNCONFIGURED, &hdev->dev_flags) &&
8316 opcode != MGMT_OP_READ_CONFIG_INFO &&
8317 opcode != MGMT_OP_SET_EXTERNAL_CONFIG &&
8318 opcode != MGMT_OP_SET_PUBLIC_ADDRESS) {
8319 err = cmd_status(sk, index, opcode,
8320 MGMT_STATUS_INVALID_INDEX);
8325 if (opcode >= ARRAY_SIZE(mgmt_handlers) ||
8326 mgmt_handlers[opcode].func == NULL) {
8327 #ifdef CONFIG_TIZEN_WIP
8328 u16 tizen_opcode = opcode - TIZEN_OP_CODE_BASE;
8330 if (tizen_opcode > 0 &&
8331 tizen_opcode < ARRAY_SIZE(tizen_mgmt_handlers) &&
8332 tizen_mgmt_handlers[tizen_opcode].func) {
8334 handler = &tizen_mgmt_handlers[tizen_opcode];
8338 BT_DBG("Unknown op %u", opcode);
8339 err = cmd_status(sk, index, opcode,
8340 MGMT_STATUS_UNKNOWN_COMMAND);
8344 if (hdev && (opcode <= MGMT_OP_READ_INDEX_LIST ||
8345 opcode == MGMT_OP_READ_UNCONF_INDEX_LIST)) {
8346 err = cmd_status(sk, index, opcode,
8347 MGMT_STATUS_INVALID_INDEX);
8351 if (!hdev && (opcode > MGMT_OP_READ_INDEX_LIST &&
8352 opcode != MGMT_OP_READ_UNCONF_INDEX_LIST)) {
8353 err = cmd_status(sk, index, opcode,
8354 MGMT_STATUS_INVALID_INDEX);
8358 handler = &mgmt_handlers[opcode];
8360 #ifdef CONFIG_TIZEN_WIP
8363 if ((handler->var_len && len < handler->data_len) ||
8364 (!handler->var_len && len != handler->data_len)) {
8365 err = cmd_status(sk, index, opcode,
8366 MGMT_STATUS_INVALID_PARAMS);
8371 mgmt_init_hdev(sk, hdev);
8373 cp = buf + sizeof(*hdr);
8375 err = handler->func(sk, hdev, cp, len);
8389 void mgmt_index_added(struct hci_dev *hdev)
8391 if (hdev->dev_type != HCI_BREDR)
8394 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
8397 if (test_bit(HCI_UNCONFIGURED, &hdev->dev_flags))
8398 mgmt_event(MGMT_EV_UNCONF_INDEX_ADDED, hdev, NULL, 0, NULL);
8400 mgmt_event(MGMT_EV_INDEX_ADDED, hdev, NULL, 0, NULL);
8403 void mgmt_index_removed(struct hci_dev *hdev)
8405 u8 status = MGMT_STATUS_INVALID_INDEX;
8407 if (hdev->dev_type != HCI_BREDR)
8410 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
8413 mgmt_pending_foreach(0, hdev, cmd_complete_rsp, &status);
8415 if (test_bit(HCI_UNCONFIGURED, &hdev->dev_flags))
8416 mgmt_event(MGMT_EV_UNCONF_INDEX_REMOVED, hdev, NULL, 0, NULL);
8418 mgmt_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0, NULL);
8421 /* This function requires the caller holds hdev->lock */
8422 static void restart_le_actions(struct hci_request *req)
8424 struct hci_dev *hdev = req->hdev;
8425 struct hci_conn_params *p;
8427 list_for_each_entry(p, &hdev->le_conn_params, list) {
8428 /* Needed for AUTO_OFF case where might not "really"
8429 * have been powered off.
8431 list_del_init(&p->action);
8433 switch (p->auto_connect) {
8434 case HCI_AUTO_CONN_DIRECT:
8435 case HCI_AUTO_CONN_ALWAYS:
8436 list_add(&p->action, &hdev->pend_le_conns);
8438 case HCI_AUTO_CONN_REPORT:
8439 list_add(&p->action, &hdev->pend_le_reports);
8446 __hci_update_background_scan(req);
8449 static void powered_complete(struct hci_dev *hdev, u8 status, u16 opcode)
8451 struct cmd_lookup match = { NULL, hdev };
8453 BT_DBG("status 0x%02x", status);
8456 /* Register the available SMP channels (BR/EDR and LE) only
8457 * when successfully powering on the controller. This late
8458 * registration is required so that LE SMP can clearly
8459 * decide if the public address or static address is used.
8466 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
8468 new_settings(hdev, match.sk);
8470 hci_dev_unlock(hdev);
8476 static int powered_update_hci(struct hci_dev *hdev)
8478 struct hci_request req;
8481 hci_req_init(&req, hdev);
8483 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags) &&
8484 !lmp_host_ssp_capable(hdev)) {
8487 hci_req_add(&req, HCI_OP_WRITE_SSP_MODE, sizeof(mode), &mode);
8489 if (bredr_sc_enabled(hdev) && !lmp_host_sc_capable(hdev)) {
8492 hci_req_add(&req, HCI_OP_WRITE_SC_SUPPORT,
8493 sizeof(support), &support);
8497 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags) &&
8498 lmp_bredr_capable(hdev)) {
8499 struct hci_cp_write_le_host_supported cp;
8504 /* Check first if we already have the right
8505 * host state (host features set)
8507 if (cp.le != lmp_host_le_capable(hdev) ||
8508 cp.simul != lmp_host_le_br_capable(hdev))
8509 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED,
8513 if (lmp_le_capable(hdev)) {
8514 /* Make sure the controller has a good default for
8515 * advertising data. This also applies to the case
8516 * where BR/EDR was toggled during the AUTO_OFF phase.
8518 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
8519 update_adv_data(&req);
8520 update_scan_rsp_data(&req);
8523 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
8524 enable_advertising(&req);
8526 restart_le_actions(&req);
8529 link_sec = test_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
8530 if (link_sec != test_bit(HCI_AUTH, &hdev->flags))
8531 hci_req_add(&req, HCI_OP_WRITE_AUTH_ENABLE,
8532 sizeof(link_sec), &link_sec);
8534 if (lmp_bredr_capable(hdev)) {
8535 write_fast_connectable(&req, false);
8536 __hci_update_page_scan(&req);
8542 return hci_req_run(&req, powered_complete);
8545 int mgmt_powered(struct hci_dev *hdev, u8 powered)
8547 struct cmd_lookup match = { NULL, hdev };
8548 u8 status, zero_cod[] = { 0, 0, 0 };
8551 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
8555 if (powered_update_hci(hdev) == 0)
8558 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp,
8563 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
8565 /* If the power off is because of hdev unregistration let
8566 * use the appropriate INVALID_INDEX status. Otherwise use
8567 * NOT_POWERED. We cover both scenarios here since later in
8568 * mgmt_index_removed() any hci_conn callbacks will have already
8569 * been triggered, potentially causing misleading DISCONNECTED
8572 if (test_bit(HCI_UNREGISTER, &hdev->dev_flags))
8573 status = MGMT_STATUS_INVALID_INDEX;
8575 status = MGMT_STATUS_NOT_POWERED;
8577 mgmt_pending_foreach(0, hdev, cmd_complete_rsp, &status);
8579 if (memcmp(hdev->dev_class, zero_cod, sizeof(zero_cod)) != 0)
8580 mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev,
8581 zero_cod, sizeof(zero_cod), NULL);
8584 err = new_settings(hdev, match.sk);
8592 void mgmt_set_powered_failed(struct hci_dev *hdev, int err)
8594 struct pending_cmd *cmd;
8597 cmd = mgmt_pending_find(MGMT_OP_SET_POWERED, hdev);
8601 if (err == -ERFKILL)
8602 status = MGMT_STATUS_RFKILLED;
8604 status = MGMT_STATUS_FAILED;
8606 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_POWERED, status);
8608 mgmt_pending_remove(cmd);
8611 void mgmt_discoverable_timeout(struct hci_dev *hdev)
8613 struct hci_request req;
8617 /* When discoverable timeout triggers, then just make sure
8618 * the limited discoverable flag is cleared. Even in the case
8619 * of a timeout triggered from general discoverable, it is
8620 * safe to unconditionally clear the flag.
8622 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
8623 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
8625 hci_req_init(&req, hdev);
8626 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
8627 u8 scan = SCAN_PAGE;
8628 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE,
8629 sizeof(scan), &scan);
8632 update_adv_data(&req);
8633 hci_req_run(&req, NULL);
8635 hdev->discov_timeout = 0;
8637 new_settings(hdev, NULL);
8639 hci_dev_unlock(hdev);
8642 void mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key,
8645 struct mgmt_ev_new_link_key ev;
8647 memset(&ev, 0, sizeof(ev));
8649 ev.store_hint = persistent;
8650 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
8651 ev.key.addr.type = BDADDR_BREDR;
8652 ev.key.type = key->type;
8653 memcpy(ev.key.val, key->val, HCI_LINK_KEY_SIZE);
8654 ev.key.pin_len = key->pin_len;
8656 mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL);
8659 static u8 mgmt_ltk_type(struct smp_ltk *ltk)
8661 switch (ltk->type) {
8664 if (ltk->authenticated)
8665 return MGMT_LTK_AUTHENTICATED;
8666 return MGMT_LTK_UNAUTHENTICATED;
8668 if (ltk->authenticated)
8669 return MGMT_LTK_P256_AUTH;
8670 return MGMT_LTK_P256_UNAUTH;
8671 case SMP_LTK_P256_DEBUG:
8672 return MGMT_LTK_P256_DEBUG;
8675 return MGMT_LTK_UNAUTHENTICATED;
8678 void mgmt_new_ltk(struct hci_dev *hdev, struct smp_ltk *key, bool persistent)
8680 struct mgmt_ev_new_long_term_key ev;
8682 memset(&ev, 0, sizeof(ev));
8684 /* Devices using resolvable or non-resolvable random addresses
8685 * without providing an indentity resolving key don't require
8686 * to store long term keys. Their addresses will change the
8689 * Only when a remote device provides an identity address
8690 * make sure the long term key is stored. If the remote
8691 * identity is known, the long term keys are internally
8692 * mapped to the identity address. So allow static random
8693 * and public addresses here.
8695 if (key->bdaddr_type == ADDR_LE_DEV_RANDOM &&
8696 (key->bdaddr.b[5] & 0xc0) != 0xc0)
8697 ev.store_hint = 0x00;
8699 ev.store_hint = persistent;
8701 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
8702 ev.key.addr.type = link_to_bdaddr(LE_LINK, key->bdaddr_type);
8703 ev.key.type = mgmt_ltk_type(key);
8704 ev.key.enc_size = key->enc_size;
8705 ev.key.ediv = key->ediv;
8706 ev.key.rand = key->rand;
8708 if (key->type == SMP_LTK)
8711 memcpy(ev.key.val, key->val, sizeof(key->val));
8713 mgmt_event(MGMT_EV_NEW_LONG_TERM_KEY, hdev, &ev, sizeof(ev), NULL);
8716 void mgmt_new_irk(struct hci_dev *hdev, struct smp_irk *irk)
8718 struct mgmt_ev_new_irk ev;
8720 memset(&ev, 0, sizeof(ev));
8722 /* For identity resolving keys from devices that are already
8723 * using a public address or static random address, do not
8724 * ask for storing this key. The identity resolving key really
8725 * is only mandatory for devices using resovlable random
8728 * Storing all identity resolving keys has the downside that
8729 * they will be also loaded on next boot of they system. More
8730 * identity resolving keys, means more time during scanning is
8731 * needed to actually resolve these addresses.
8733 if (bacmp(&irk->rpa, BDADDR_ANY))
8734 ev.store_hint = 0x01;
8736 ev.store_hint = 0x00;
8738 bacpy(&ev.rpa, &irk->rpa);
8739 bacpy(&ev.irk.addr.bdaddr, &irk->bdaddr);
8740 ev.irk.addr.type = link_to_bdaddr(LE_LINK, irk->addr_type);
8741 memcpy(ev.irk.val, irk->val, sizeof(irk->val));
8743 mgmt_event(MGMT_EV_NEW_IRK, hdev, &ev, sizeof(ev), NULL);
8746 void mgmt_new_csrk(struct hci_dev *hdev, struct smp_csrk *csrk,
8749 struct mgmt_ev_new_csrk ev;
8751 memset(&ev, 0, sizeof(ev));
8753 /* Devices using resolvable or non-resolvable random addresses
8754 * without providing an indentity resolving key don't require
8755 * to store signature resolving keys. Their addresses will change
8756 * the next time around.
8758 * Only when a remote device provides an identity address
8759 * make sure the signature resolving key is stored. So allow
8760 * static random and public addresses here.
8762 if (csrk->bdaddr_type == ADDR_LE_DEV_RANDOM &&
8763 (csrk->bdaddr.b[5] & 0xc0) != 0xc0)
8764 ev.store_hint = 0x00;
8766 ev.store_hint = persistent;
8768 bacpy(&ev.key.addr.bdaddr, &csrk->bdaddr);
8769 ev.key.addr.type = link_to_bdaddr(LE_LINK, csrk->bdaddr_type);
8770 ev.key.master = csrk->master;
8771 memcpy(ev.key.val, csrk->val, sizeof(csrk->val));
8773 mgmt_event(MGMT_EV_NEW_CSRK, hdev, &ev, sizeof(ev), NULL);
8776 void mgmt_new_conn_param(struct hci_dev *hdev, bdaddr_t *bdaddr,
8777 u8 bdaddr_type, u8 store_hint, u16 min_interval,
8778 u16 max_interval, u16 latency, u16 timeout)
8780 struct mgmt_ev_new_conn_param ev;
8782 if (!hci_is_identity_address(bdaddr, bdaddr_type))
8785 memset(&ev, 0, sizeof(ev));
8786 bacpy(&ev.addr.bdaddr, bdaddr);
8787 ev.addr.type = link_to_bdaddr(LE_LINK, bdaddr_type);
8788 ev.store_hint = store_hint;
8789 ev.min_interval = cpu_to_le16(min_interval);
8790 ev.max_interval = cpu_to_le16(max_interval);
8791 ev.latency = cpu_to_le16(latency);
8792 ev.timeout = cpu_to_le16(timeout);
8794 mgmt_event(MGMT_EV_NEW_CONN_PARAM, hdev, &ev, sizeof(ev), NULL);
8797 static inline u16 eir_append_data(u8 *eir, u16 eir_len, u8 type, u8 *data,
8800 eir[eir_len++] = sizeof(type) + data_len;
8801 eir[eir_len++] = type;
8802 memcpy(&eir[eir_len], data, data_len);
8803 eir_len += data_len;
8808 void mgmt_device_connected(struct hci_dev *hdev, struct hci_conn *conn,
8809 u32 flags, u8 *name, u8 name_len)
8812 struct mgmt_ev_device_connected *ev = (void *) buf;
8815 bacpy(&ev->addr.bdaddr, &conn->dst);
8816 ev->addr.type = link_to_bdaddr(conn->type, conn->dst_type);
8818 ev->flags = __cpu_to_le32(flags);
8820 /* We must ensure that the EIR Data fields are ordered and
8821 * unique. Keep it simple for now and avoid the problem by not
8822 * adding any BR/EDR data to the LE adv.
8824 if (conn->le_adv_data_len > 0) {
8825 memcpy(&ev->eir[eir_len],
8826 conn->le_adv_data, conn->le_adv_data_len);
8827 eir_len = conn->le_adv_data_len;
8830 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE,
8833 if (memcmp(conn->dev_class, "\0\0\0", 3) != 0)
8834 eir_len = eir_append_data(ev->eir, eir_len,
8836 conn->dev_class, 3);
8839 ev->eir_len = cpu_to_le16(eir_len);
8841 mgmt_event(MGMT_EV_DEVICE_CONNECTED, hdev, buf,
8842 sizeof(*ev) + eir_len, NULL);
8845 #ifdef CONFIG_TIZEN_WIP
8846 /* BEGIN TIZEN_Bluetooth :: name update changes */
8847 int mgmt_device_name_update(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 *name,
8851 struct mgmt_ev_device_name_update *ev = (void *) buf;
8857 bacpy(&ev->addr.bdaddr, bdaddr);
8858 ev->addr.type = BDADDR_BREDR;
8860 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE, name,
8863 ev->eir_len = cpu_to_le16(eir_len);
8865 return mgmt_event(MGMT_EV_DEVICE_NAME_UPDATE, hdev, buf,
8866 sizeof(*ev) + eir_len, NULL);
8868 /* END TIZEN_Bluetooth :: name update changes */
8871 static void disconnect_rsp(struct pending_cmd *cmd, void *data)
8873 struct sock **sk = data;
8875 cmd->cmd_complete(cmd, 0);
8880 mgmt_pending_remove(cmd);
8883 static void unpair_device_rsp(struct pending_cmd *cmd, void *data)
8885 struct hci_dev *hdev = data;
8886 struct mgmt_cp_unpair_device *cp = cmd->param;
8888 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, cmd->sk);
8890 cmd->cmd_complete(cmd, 0);
8891 mgmt_pending_remove(cmd);
8894 bool mgmt_powering_down(struct hci_dev *hdev)
8896 struct pending_cmd *cmd;
8897 struct mgmt_mode *cp;
8899 cmd = mgmt_pending_find(MGMT_OP_SET_POWERED, hdev);
8910 void mgmt_device_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr,
8911 u8 link_type, u8 addr_type, u8 reason,
8912 bool mgmt_connected)
8914 struct mgmt_ev_device_disconnected ev;
8915 struct sock *sk = NULL;
8917 /* The connection is still in hci_conn_hash so test for 1
8918 * instead of 0 to know if this is the last one.
8920 if (mgmt_powering_down(hdev) && hci_conn_count(hdev) == 1) {
8921 cancel_delayed_work(&hdev->power_off);
8922 queue_work(hdev->req_workqueue, &hdev->power_off.work);
8925 if (!mgmt_connected)
8928 if (link_type != ACL_LINK && link_type != LE_LINK)
8931 mgmt_pending_foreach(MGMT_OP_DISCONNECT, hdev, disconnect_rsp, &sk);
8933 bacpy(&ev.addr.bdaddr, bdaddr);
8934 ev.addr.type = link_to_bdaddr(link_type, addr_type);
8937 mgmt_event(MGMT_EV_DEVICE_DISCONNECTED, hdev, &ev, sizeof(ev), sk);
8942 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
8946 void mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr,
8947 u8 link_type, u8 addr_type, u8 status)
8949 u8 bdaddr_type = link_to_bdaddr(link_type, addr_type);
8950 struct mgmt_cp_disconnect *cp;
8951 struct pending_cmd *cmd;
8953 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
8956 cmd = mgmt_pending_find(MGMT_OP_DISCONNECT, hdev);
8962 if (bacmp(bdaddr, &cp->addr.bdaddr))
8965 if (cp->addr.type != bdaddr_type)
8968 cmd->cmd_complete(cmd, mgmt_status(status));
8969 mgmt_pending_remove(cmd);
8972 void mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
8973 u8 addr_type, u8 status)
8975 struct mgmt_ev_connect_failed ev;
8977 /* The connection is still in hci_conn_hash so test for 1
8978 * instead of 0 to know if this is the last one.
8980 if (mgmt_powering_down(hdev) && hci_conn_count(hdev) == 1) {
8981 cancel_delayed_work(&hdev->power_off);
8982 queue_work(hdev->req_workqueue, &hdev->power_off.work);
8985 bacpy(&ev.addr.bdaddr, bdaddr);
8986 ev.addr.type = link_to_bdaddr(link_type, addr_type);
8987 ev.status = mgmt_status(status);
8989 mgmt_event(MGMT_EV_CONNECT_FAILED, hdev, &ev, sizeof(ev), NULL);
8991 #ifdef CONFIG_TIZEN_WIP
8992 void mgmt_hardware_error(struct hci_dev *hdev, u8 err_code)
8994 struct mgmt_ev_hardware_error ev;
8996 ev.error_code = err_code;
8997 mgmt_event(MGMT_EV_HARDWARE_ERROR, hdev, &ev, sizeof(ev), NULL);
9000 void mgmt_tx_timeout_error(struct hci_dev *hdev)
9002 mgmt_event(MGMT_EV_TX_TIMEOUT_ERROR, hdev, NULL, 0, NULL);
9006 void mgmt_pin_code_request(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 secure)
9008 struct mgmt_ev_pin_code_request ev;
9010 bacpy(&ev.addr.bdaddr, bdaddr);
9011 ev.addr.type = BDADDR_BREDR;
9014 mgmt_event(MGMT_EV_PIN_CODE_REQUEST, hdev, &ev, sizeof(ev), NULL);
9017 void mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
9020 struct pending_cmd *cmd;
9022 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_REPLY, hdev);
9026 cmd->cmd_complete(cmd, mgmt_status(status));
9027 mgmt_pending_remove(cmd);
9030 void mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
9033 struct pending_cmd *cmd;
9035 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, hdev);
9039 cmd->cmd_complete(cmd, mgmt_status(status));
9040 mgmt_pending_remove(cmd);
9043 int mgmt_user_confirm_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
9044 u8 link_type, u8 addr_type, u32 value,
9047 struct mgmt_ev_user_confirm_request ev;
9049 BT_DBG("%s", hdev->name);
9051 bacpy(&ev.addr.bdaddr, bdaddr);
9052 ev.addr.type = link_to_bdaddr(link_type, addr_type);
9053 ev.confirm_hint = confirm_hint;
9054 ev.value = cpu_to_le32(value);
9056 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, hdev, &ev, sizeof(ev),
9060 int mgmt_user_passkey_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
9061 u8 link_type, u8 addr_type)
9063 struct mgmt_ev_user_passkey_request ev;
9065 BT_DBG("%s", hdev->name);
9067 bacpy(&ev.addr.bdaddr, bdaddr);
9068 ev.addr.type = link_to_bdaddr(link_type, addr_type);
9070 return mgmt_event(MGMT_EV_USER_PASSKEY_REQUEST, hdev, &ev, sizeof(ev),
9074 static int user_pairing_resp_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
9075 u8 link_type, u8 addr_type, u8 status,
9078 struct pending_cmd *cmd;
9080 cmd = mgmt_pending_find(opcode, hdev);
9084 cmd->cmd_complete(cmd, mgmt_status(status));
9085 mgmt_pending_remove(cmd);
9090 int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
9091 u8 link_type, u8 addr_type, u8 status)
9093 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
9094 status, MGMT_OP_USER_CONFIRM_REPLY);
9097 int mgmt_user_confirm_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
9098 u8 link_type, u8 addr_type, u8 status)
9100 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
9102 MGMT_OP_USER_CONFIRM_NEG_REPLY);
9105 int mgmt_user_passkey_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
9106 u8 link_type, u8 addr_type, u8 status)
9108 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
9109 status, MGMT_OP_USER_PASSKEY_REPLY);
9112 int mgmt_user_passkey_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
9113 u8 link_type, u8 addr_type, u8 status)
9115 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
9117 MGMT_OP_USER_PASSKEY_NEG_REPLY);
9120 int mgmt_user_passkey_notify(struct hci_dev *hdev, bdaddr_t *bdaddr,
9121 u8 link_type, u8 addr_type, u32 passkey,
9124 struct mgmt_ev_passkey_notify ev;
9126 BT_DBG("%s", hdev->name);
9128 bacpy(&ev.addr.bdaddr, bdaddr);
9129 ev.addr.type = link_to_bdaddr(link_type, addr_type);
9130 ev.passkey = __cpu_to_le32(passkey);
9131 ev.entered = entered;
9133 return mgmt_event(MGMT_EV_PASSKEY_NOTIFY, hdev, &ev, sizeof(ev), NULL);
9136 void mgmt_auth_failed(struct hci_conn *conn, u8 hci_status)
9138 struct mgmt_ev_auth_failed ev;
9139 struct pending_cmd *cmd;
9140 u8 status = mgmt_status(hci_status);
9142 bacpy(&ev.addr.bdaddr, &conn->dst);
9143 ev.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
9146 cmd = find_pairing(conn);
9148 mgmt_event(MGMT_EV_AUTH_FAILED, conn->hdev, &ev, sizeof(ev),
9149 cmd ? cmd->sk : NULL);
9152 cmd->cmd_complete(cmd, status);
9153 mgmt_pending_remove(cmd);
9157 void mgmt_auth_enable_complete(struct hci_dev *hdev, u8 status)
9159 struct cmd_lookup match = { NULL, hdev };
9163 u8 mgmt_err = mgmt_status(status);
9164 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev,
9165 cmd_status_rsp, &mgmt_err);
9169 if (test_bit(HCI_AUTH, &hdev->flags))
9170 changed = !test_and_set_bit(HCI_LINK_SECURITY,
9173 changed = test_and_clear_bit(HCI_LINK_SECURITY,
9176 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev, settings_rsp,
9180 new_settings(hdev, match.sk);
9186 static void clear_eir(struct hci_request *req)
9188 struct hci_dev *hdev = req->hdev;
9189 struct hci_cp_write_eir cp;
9191 if (!lmp_ext_inq_capable(hdev))
9194 memset(hdev->eir, 0, sizeof(hdev->eir));
9196 memset(&cp, 0, sizeof(cp));
9198 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
9201 void mgmt_ssp_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
9203 struct cmd_lookup match = { NULL, hdev };
9204 struct hci_request req;
9205 bool changed = false;
9208 u8 mgmt_err = mgmt_status(status);
9210 if (enable && test_and_clear_bit(HCI_SSP_ENABLED,
9211 &hdev->dev_flags)) {
9212 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
9213 new_settings(hdev, NULL);
9216 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, cmd_status_rsp,
9222 changed = !test_and_set_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
9224 changed = test_and_clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
9226 changed = test_and_clear_bit(HCI_HS_ENABLED,
9229 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
9232 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, settings_rsp, &match);
9235 new_settings(hdev, match.sk);
9240 hci_req_init(&req, hdev);
9242 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
9243 if (test_bit(HCI_USE_DEBUG_KEYS, &hdev->dev_flags))
9244 hci_req_add(&req, HCI_OP_WRITE_SSP_DEBUG_MODE,
9245 sizeof(enable), &enable);
9251 hci_req_run(&req, NULL);
9254 static void sk_lookup(struct pending_cmd *cmd, void *data)
9256 struct cmd_lookup *match = data;
9258 if (match->sk == NULL) {
9259 match->sk = cmd->sk;
9260 sock_hold(match->sk);
9264 void mgmt_set_class_of_dev_complete(struct hci_dev *hdev, u8 *dev_class,
9267 struct cmd_lookup match = { NULL, hdev, mgmt_status(status) };
9269 mgmt_pending_foreach(MGMT_OP_SET_DEV_CLASS, hdev, sk_lookup, &match);
9270 mgmt_pending_foreach(MGMT_OP_ADD_UUID, hdev, sk_lookup, &match);
9271 mgmt_pending_foreach(MGMT_OP_REMOVE_UUID, hdev, sk_lookup, &match);
9274 mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev, dev_class, 3,
9281 void mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status)
9283 struct mgmt_cp_set_local_name ev;
9284 struct pending_cmd *cmd;
9289 memset(&ev, 0, sizeof(ev));
9290 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
9291 memcpy(ev.short_name, hdev->short_name, HCI_MAX_SHORT_NAME_LENGTH);
9293 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
9295 memcpy(hdev->dev_name, name, sizeof(hdev->dev_name));
9297 /* If this is a HCI command related to powering on the
9298 * HCI dev don't send any mgmt signals.
9300 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev))
9304 mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, &ev, sizeof(ev),
9305 cmd ? cmd->sk : NULL);
9308 void mgmt_read_local_oob_data_complete(struct hci_dev *hdev, u8 *hash192,
9309 u8 *rand192, u8 *hash256, u8 *rand256,
9312 struct pending_cmd *cmd;
9314 BT_DBG("%s status %u", hdev->name, status);
9316 cmd = mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev);
9321 cmd_status(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
9322 mgmt_status(status));
9324 if (bredr_sc_enabled(hdev) && hash256 && rand256) {
9325 struct mgmt_rp_read_local_oob_ext_data rp;
9327 memcpy(rp.hash192, hash192, sizeof(rp.hash192));
9328 memcpy(rp.rand192, rand192, sizeof(rp.rand192));
9330 memcpy(rp.hash256, hash256, sizeof(rp.hash256));
9331 memcpy(rp.rand256, rand256, sizeof(rp.rand256));
9333 cmd_complete(cmd->sk, hdev->id,
9334 MGMT_OP_READ_LOCAL_OOB_DATA, 0,
9337 struct mgmt_rp_read_local_oob_data rp;
9339 memcpy(rp.hash, hash192, sizeof(rp.hash));
9340 memcpy(rp.rand, rand192, sizeof(rp.rand));
9342 cmd_complete(cmd->sk, hdev->id,
9343 MGMT_OP_READ_LOCAL_OOB_DATA, 0,
9348 mgmt_pending_remove(cmd);
9351 static inline bool has_uuid(u8 *uuid, u16 uuid_count, u8 (*uuids)[16])
9355 for (i = 0; i < uuid_count; i++) {
9356 if (!memcmp(uuid, uuids[i], 16))
9363 static bool eir_has_uuids(u8 *eir, u16 eir_len, u16 uuid_count, u8 (*uuids)[16])
9367 while (parsed < eir_len) {
9368 u8 field_len = eir[0];
9375 if (eir_len - parsed < field_len + 1)
9379 case EIR_UUID16_ALL:
9380 case EIR_UUID16_SOME:
9381 for (i = 0; i + 3 <= field_len; i += 2) {
9382 memcpy(uuid, bluetooth_base_uuid, 16);
9383 uuid[13] = eir[i + 3];
9384 uuid[12] = eir[i + 2];
9385 if (has_uuid(uuid, uuid_count, uuids))
9389 case EIR_UUID32_ALL:
9390 case EIR_UUID32_SOME:
9391 for (i = 0; i + 5 <= field_len; i += 4) {
9392 memcpy(uuid, bluetooth_base_uuid, 16);
9393 uuid[15] = eir[i + 5];
9394 uuid[14] = eir[i + 4];
9395 uuid[13] = eir[i + 3];
9396 uuid[12] = eir[i + 2];
9397 if (has_uuid(uuid, uuid_count, uuids))
9401 case EIR_UUID128_ALL:
9402 case EIR_UUID128_SOME:
9403 for (i = 0; i + 17 <= field_len; i += 16) {
9404 memcpy(uuid, eir + i + 2, 16);
9405 if (has_uuid(uuid, uuid_count, uuids))
9411 parsed += field_len + 1;
9412 eir += field_len + 1;
9418 void mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
9419 u8 addr_type, u8 *dev_class, s8 rssi, u32 flags,
9420 u8 *eir, u16 eir_len, u8 *scan_rsp, u8 scan_rsp_len)
9423 struct mgmt_ev_device_found *ev = (void *) buf;
9427 /* Don't send events for a non-kernel initiated discovery. With
9428 * LE one exception is if we have pend_le_reports > 0 in which
9429 * case we're doing passive scanning and want these events.
9431 if (!hci_discovery_active(hdev)) {
9432 if (link_type == ACL_LINK)
9434 if (link_type == LE_LINK && list_empty(&hdev->pend_le_reports))
9438 /* When using service discovery with a RSSI threshold, then check
9439 * if such a RSSI threshold is specified. If a RSSI threshold has
9440 * been specified, then all results with a RSSI smaller than the
9441 * RSSI threshold will be dropped.
9443 * For BR/EDR devices (pre 1.2) providing no RSSI during inquiry,
9444 * the results are also dropped.
9446 if (hdev->discovery.rssi != HCI_RSSI_INVALID &&
9447 (rssi < hdev->discovery.rssi || rssi == HCI_RSSI_INVALID))
9450 /* Make sure that the buffer is big enough. The 5 extra bytes
9451 * are for the potential CoD field.
9453 if (sizeof(*ev) + eir_len + scan_rsp_len + 5 > sizeof(buf))
9456 memset(buf, 0, sizeof(buf));
9458 /* In case of device discovery with BR/EDR devices (pre 1.2), the
9459 * RSSI value was reported as 0 when not available. This behavior
9460 * is kept when using device discovery. This is required for full
9461 * backwards compatibility with the API.
9463 * However when using service discovery, the value 127 will be
9464 * returned when the RSSI is not available.
9466 if (rssi == HCI_RSSI_INVALID && !hdev->discovery.report_invalid_rssi &&
9467 link_type == ACL_LINK)
9470 bacpy(&ev->addr.bdaddr, bdaddr);
9471 ev->addr.type = link_to_bdaddr(link_type, addr_type);
9473 ev->flags = cpu_to_le32(flags);
9476 /* When using service discovery and a list of UUID is
9477 * provided, results with no matching UUID should be
9478 * dropped. In case there is a match the result is
9479 * kept and checking possible scan response data
9482 if (hdev->discovery.uuid_count > 0)
9483 match = eir_has_uuids(eir, eir_len,
9484 hdev->discovery.uuid_count,
9485 hdev->discovery.uuids);
9489 if (!match && !scan_rsp_len)
9492 /* Copy EIR or advertising data into event */
9493 memcpy(ev->eir, eir, eir_len);
9495 /* When using service discovery and a list of UUID is
9496 * provided, results with empty EIR or advertising data
9497 * should be dropped since they do not match any UUID.
9499 if (hdev->discovery.uuid_count > 0 && !scan_rsp_len)
9505 if (dev_class && !eir_has_data_type(ev->eir, eir_len, EIR_CLASS_OF_DEV))
9506 eir_len = eir_append_data(ev->eir, eir_len, EIR_CLASS_OF_DEV,
9509 if (scan_rsp_len > 0) {
9510 /* When using service discovery and a list of UUID is
9511 * provided, results with no matching UUID should be
9512 * dropped if there is no previous match from the
9515 if (hdev->discovery.uuid_count > 0) {
9516 if (!match && !eir_has_uuids(scan_rsp, scan_rsp_len,
9517 hdev->discovery.uuid_count,
9518 hdev->discovery.uuids))
9522 /* Append scan response data to event */
9523 memcpy(ev->eir + eir_len, scan_rsp, scan_rsp_len);
9525 /* When using service discovery and a list of UUID is
9526 * provided, results with empty scan response and no
9527 * previous matched advertising data should be dropped.
9529 if (hdev->discovery.uuid_count > 0 && !match)
9533 ev->eir_len = cpu_to_le16(eir_len + scan_rsp_len);
9534 ev_size = sizeof(*ev) + eir_len + scan_rsp_len;
9536 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, ev_size, NULL);
9539 #ifdef CONFIG_TIZEN_WIP /* TIZEN_Bluetooth :: Pass adv type */
9540 void mgmt_le_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
9541 u8 addr_type, u8 *dev_class, s8 rssi, u32 flags,
9542 u8 *eir, u16 eir_len, u8 *scan_rsp, u8 scan_rsp_len, u8 adv_type)
9545 struct mgmt_ev_le_device_found *ev = (void *) buf;
9548 if (!hci_discovery_active(hdev) && !hci_le_discovery_active(hdev))
9551 /* Make sure that the buffer is big enough. The 5 extra bytes
9552 * are for the potential CoD field.
9554 if (sizeof(*ev) + eir_len + scan_rsp_len + 5 > sizeof(buf))
9557 memset(buf, 0, sizeof(buf));
9559 bacpy(&ev->addr.bdaddr, bdaddr);
9560 ev->addr.type = link_to_bdaddr(link_type, addr_type);
9562 ev->flags = cpu_to_le32(flags);
9563 ev->adv_type = adv_type;
9566 memcpy(ev->eir, eir, eir_len);
9568 if (dev_class && !eir_has_data_type(ev->eir, eir_len, EIR_CLASS_OF_DEV))
9569 eir_len = eir_append_data(ev->eir, eir_len, EIR_CLASS_OF_DEV,
9572 if (scan_rsp_len > 0)
9573 memcpy(ev->eir + eir_len, scan_rsp, scan_rsp_len);
9575 ev->eir_len = cpu_to_le16(eir_len + scan_rsp_len);
9576 ev_size = sizeof(*ev) + eir_len + scan_rsp_len;
9578 mgmt_event(MGMT_EV_LE_DEVICE_FOUND, hdev, ev, ev_size, NULL);
9582 void mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
9583 u8 addr_type, s8 rssi, u8 *name, u8 name_len)
9585 struct mgmt_ev_device_found *ev;
9586 char buf[sizeof(*ev) + HCI_MAX_NAME_LENGTH + 2];
9589 ev = (struct mgmt_ev_device_found *) buf;
9591 memset(buf, 0, sizeof(buf));
9593 bacpy(&ev->addr.bdaddr, bdaddr);
9594 ev->addr.type = link_to_bdaddr(link_type, addr_type);
9597 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE, name,
9600 ev->eir_len = cpu_to_le16(eir_len);
9602 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, sizeof(*ev) + eir_len, NULL);
9605 void mgmt_discovering(struct hci_dev *hdev, u8 discovering)
9607 struct mgmt_ev_discovering ev;
9609 BT_DBG("%s discovering %u", hdev->name, discovering);
9611 memset(&ev, 0, sizeof(ev));
9612 ev.type = hdev->discovery.type;
9613 ev.discovering = discovering;
9615 mgmt_event(MGMT_EV_DISCOVERING, hdev, &ev, sizeof(ev), NULL);
9618 #ifdef CONFIG_TIZEN_WIP
9619 /* BEGIN TIZEN_Bluetooth :: Seperate LE discovery */
9620 void mgmt_le_discovering(struct hci_dev *hdev, u8 discovering)
9622 struct mgmt_ev_discovering ev;
9623 struct pending_cmd *cmd;
9625 BT_DBG("%s le discovering %u", hdev->name, discovering);
9628 cmd = mgmt_pending_find(MGMT_OP_START_LE_DISCOVERY, hdev);
9630 cmd = mgmt_pending_find(MGMT_OP_STOP_LE_DISCOVERY, hdev);
9633 u8 type = hdev->le_discovery.type;
9635 cmd_complete(cmd->sk, hdev->id, cmd->opcode, 0, &type,
9637 mgmt_pending_remove(cmd);
9640 memset(&ev, 0, sizeof(ev));
9641 ev.type = hdev->le_discovery.type;
9642 ev.discovering = discovering;
9644 mgmt_event(MGMT_EV_DISCOVERING, hdev, &ev, sizeof(ev), NULL);
9646 /* END TIZEN_Bluetooth */
9649 static void adv_enable_complete(struct hci_dev *hdev, u8 status, u16 opcode)
9651 BT_DBG("%s status %u", hdev->name, status);
9654 void mgmt_reenable_advertising(struct hci_dev *hdev)
9656 struct hci_request req;
9658 if (!test_bit(HCI_ADVERTISING, &hdev->dev_flags))
9661 hci_req_init(&req, hdev);
9662 enable_advertising(&req);
9663 hci_req_run(&req, adv_enable_complete);