2 BlueZ - Bluetooth protocol stack for Linux
4 Copyright (C) 2010 Nokia Corporation
5 Copyright (C) 2011-2012 Intel Corporation
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
25 /* Bluetooth HCI Management interface */
27 #include <linux/module.h>
28 #include <asm/unaligned.h>
30 #include <net/bluetooth/bluetooth.h>
31 #include <net/bluetooth/hci_core.h>
32 #include <net/bluetooth/l2cap.h>
33 #include <net/bluetooth/mgmt.h>
35 #ifdef CONFIG_TIZEN_WIP
36 #include <net/bluetooth/mgmt_tizen.h>
37 #include <net/bluetooth/sco.h>
39 #include "hci_request.h"
42 #define MGMT_VERSION 1
43 #define MGMT_REVISION 8
45 #ifdef CONFIG_TIZEN_WIP
47 #define U16_MAX ((u16)~0U)
51 static const u16 mgmt_commands[] = {
52 MGMT_OP_READ_INDEX_LIST,
55 MGMT_OP_SET_DISCOVERABLE,
56 MGMT_OP_SET_CONNECTABLE,
57 MGMT_OP_SET_FAST_CONNECTABLE,
59 MGMT_OP_SET_LINK_SECURITY,
63 MGMT_OP_SET_DEV_CLASS,
64 MGMT_OP_SET_LOCAL_NAME,
67 MGMT_OP_LOAD_LINK_KEYS,
68 MGMT_OP_LOAD_LONG_TERM_KEYS,
70 MGMT_OP_GET_CONNECTIONS,
71 MGMT_OP_PIN_CODE_REPLY,
72 MGMT_OP_PIN_CODE_NEG_REPLY,
73 MGMT_OP_SET_IO_CAPABILITY,
75 MGMT_OP_CANCEL_PAIR_DEVICE,
76 MGMT_OP_UNPAIR_DEVICE,
77 MGMT_OP_USER_CONFIRM_REPLY,
78 MGMT_OP_USER_CONFIRM_NEG_REPLY,
79 MGMT_OP_USER_PASSKEY_REPLY,
80 MGMT_OP_USER_PASSKEY_NEG_REPLY,
81 MGMT_OP_READ_LOCAL_OOB_DATA,
82 MGMT_OP_ADD_REMOTE_OOB_DATA,
83 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
84 MGMT_OP_START_DISCOVERY,
85 MGMT_OP_STOP_DISCOVERY,
88 MGMT_OP_UNBLOCK_DEVICE,
89 MGMT_OP_SET_DEVICE_ID,
90 MGMT_OP_SET_ADVERTISING,
92 MGMT_OP_SET_STATIC_ADDRESS,
93 MGMT_OP_SET_SCAN_PARAMS,
94 MGMT_OP_SET_SECURE_CONN,
95 MGMT_OP_SET_DEBUG_KEYS,
98 MGMT_OP_GET_CONN_INFO,
99 MGMT_OP_GET_CLOCK_INFO,
101 MGMT_OP_REMOVE_DEVICE,
102 MGMT_OP_LOAD_CONN_PARAM,
103 MGMT_OP_READ_UNCONF_INDEX_LIST,
104 MGMT_OP_READ_CONFIG_INFO,
105 MGMT_OP_SET_EXTERNAL_CONFIG,
106 MGMT_OP_SET_PUBLIC_ADDRESS,
107 MGMT_OP_START_SERVICE_DISCOVERY,
110 static const u16 mgmt_events[] = {
111 MGMT_EV_CONTROLLER_ERROR,
113 MGMT_EV_INDEX_REMOVED,
114 MGMT_EV_NEW_SETTINGS,
115 MGMT_EV_CLASS_OF_DEV_CHANGED,
116 MGMT_EV_LOCAL_NAME_CHANGED,
117 MGMT_EV_NEW_LINK_KEY,
118 MGMT_EV_NEW_LONG_TERM_KEY,
119 MGMT_EV_DEVICE_CONNECTED,
120 MGMT_EV_DEVICE_DISCONNECTED,
121 MGMT_EV_CONNECT_FAILED,
122 MGMT_EV_PIN_CODE_REQUEST,
123 MGMT_EV_USER_CONFIRM_REQUEST,
124 MGMT_EV_USER_PASSKEY_REQUEST,
126 MGMT_EV_DEVICE_FOUND,
128 MGMT_EV_DEVICE_BLOCKED,
129 MGMT_EV_DEVICE_UNBLOCKED,
130 MGMT_EV_DEVICE_UNPAIRED,
131 MGMT_EV_PASSKEY_NOTIFY,
134 MGMT_EV_DEVICE_ADDED,
135 MGMT_EV_DEVICE_REMOVED,
136 MGMT_EV_NEW_CONN_PARAM,
137 MGMT_EV_UNCONF_INDEX_ADDED,
138 MGMT_EV_UNCONF_INDEX_REMOVED,
139 MGMT_EV_NEW_CONFIG_OPTIONS,
142 #define CACHE_TIMEOUT msecs_to_jiffies(2 * 1000)
144 #define ZERO_KEY "\x00\x00\x00\x00\x00\x00\x00\x00" \
145 "\x00\x00\x00\x00\x00\x00\x00\x00"
148 struct list_head list;
155 int (*cmd_complete)(struct pending_cmd *cmd, u8 status);
158 /* HCI to MGMT error code conversion table */
159 static u8 mgmt_status_table[] = {
161 MGMT_STATUS_UNKNOWN_COMMAND, /* Unknown Command */
162 MGMT_STATUS_NOT_CONNECTED, /* No Connection */
163 MGMT_STATUS_FAILED, /* Hardware Failure */
164 MGMT_STATUS_CONNECT_FAILED, /* Page Timeout */
165 MGMT_STATUS_AUTH_FAILED, /* Authentication Failed */
166 MGMT_STATUS_AUTH_FAILED, /* PIN or Key Missing */
167 MGMT_STATUS_NO_RESOURCES, /* Memory Full */
168 MGMT_STATUS_TIMEOUT, /* Connection Timeout */
169 MGMT_STATUS_NO_RESOURCES, /* Max Number of Connections */
170 MGMT_STATUS_NO_RESOURCES, /* Max Number of SCO Connections */
171 MGMT_STATUS_ALREADY_CONNECTED, /* ACL Connection Exists */
172 MGMT_STATUS_BUSY, /* Command Disallowed */
173 MGMT_STATUS_NO_RESOURCES, /* Rejected Limited Resources */
174 MGMT_STATUS_REJECTED, /* Rejected Security */
175 MGMT_STATUS_REJECTED, /* Rejected Personal */
176 MGMT_STATUS_TIMEOUT, /* Host Timeout */
177 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Feature */
178 MGMT_STATUS_INVALID_PARAMS, /* Invalid Parameters */
179 MGMT_STATUS_DISCONNECTED, /* OE User Ended Connection */
180 MGMT_STATUS_NO_RESOURCES, /* OE Low Resources */
181 MGMT_STATUS_DISCONNECTED, /* OE Power Off */
182 MGMT_STATUS_DISCONNECTED, /* Connection Terminated */
183 MGMT_STATUS_BUSY, /* Repeated Attempts */
184 MGMT_STATUS_REJECTED, /* Pairing Not Allowed */
185 MGMT_STATUS_FAILED, /* Unknown LMP PDU */
186 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Remote Feature */
187 MGMT_STATUS_REJECTED, /* SCO Offset Rejected */
188 MGMT_STATUS_REJECTED, /* SCO Interval Rejected */
189 MGMT_STATUS_REJECTED, /* Air Mode Rejected */
190 MGMT_STATUS_INVALID_PARAMS, /* Invalid LMP Parameters */
191 MGMT_STATUS_FAILED, /* Unspecified Error */
192 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported LMP Parameter Value */
193 MGMT_STATUS_FAILED, /* Role Change Not Allowed */
194 MGMT_STATUS_TIMEOUT, /* LMP Response Timeout */
195 MGMT_STATUS_FAILED, /* LMP Error Transaction Collision */
196 MGMT_STATUS_FAILED, /* LMP PDU Not Allowed */
197 MGMT_STATUS_REJECTED, /* Encryption Mode Not Accepted */
198 MGMT_STATUS_FAILED, /* Unit Link Key Used */
199 MGMT_STATUS_NOT_SUPPORTED, /* QoS Not Supported */
200 MGMT_STATUS_TIMEOUT, /* Instant Passed */
201 MGMT_STATUS_NOT_SUPPORTED, /* Pairing Not Supported */
202 MGMT_STATUS_FAILED, /* Transaction Collision */
203 MGMT_STATUS_INVALID_PARAMS, /* Unacceptable Parameter */
204 MGMT_STATUS_REJECTED, /* QoS Rejected */
205 MGMT_STATUS_NOT_SUPPORTED, /* Classification Not Supported */
206 MGMT_STATUS_REJECTED, /* Insufficient Security */
207 MGMT_STATUS_INVALID_PARAMS, /* Parameter Out Of Range */
208 MGMT_STATUS_BUSY, /* Role Switch Pending */
209 MGMT_STATUS_FAILED, /* Slot Violation */
210 MGMT_STATUS_FAILED, /* Role Switch Failed */
211 MGMT_STATUS_INVALID_PARAMS, /* EIR Too Large */
212 MGMT_STATUS_NOT_SUPPORTED, /* Simple Pairing Not Supported */
213 MGMT_STATUS_BUSY, /* Host Busy Pairing */
214 MGMT_STATUS_REJECTED, /* Rejected, No Suitable Channel */
215 MGMT_STATUS_BUSY, /* Controller Busy */
216 MGMT_STATUS_INVALID_PARAMS, /* Unsuitable Connection Interval */
217 MGMT_STATUS_TIMEOUT, /* Directed Advertising Timeout */
218 MGMT_STATUS_AUTH_FAILED, /* Terminated Due to MIC Failure */
219 MGMT_STATUS_CONNECT_FAILED, /* Connection Establishment Failed */
220 MGMT_STATUS_CONNECT_FAILED, /* MAC Connection Failed */
223 static u8 mgmt_status(u8 hci_status)
225 if (hci_status < ARRAY_SIZE(mgmt_status_table))
226 return mgmt_status_table[hci_status];
228 return MGMT_STATUS_FAILED;
231 static int mgmt_event(u16 event, struct hci_dev *hdev, void *data, u16 data_len,
232 struct sock *skip_sk)
235 struct mgmt_hdr *hdr;
237 skb = alloc_skb(sizeof(*hdr) + data_len, GFP_KERNEL);
241 hdr = (void *) skb_put(skb, sizeof(*hdr));
242 hdr->opcode = cpu_to_le16(event);
244 hdr->index = cpu_to_le16(hdev->id);
246 hdr->index = cpu_to_le16(MGMT_INDEX_NONE);
247 hdr->len = cpu_to_le16(data_len);
250 memcpy(skb_put(skb, data_len), data, data_len);
253 __net_timestamp(skb);
255 hci_send_to_control(skb, skip_sk);
261 static int cmd_status(struct sock *sk, u16 index, u16 cmd, u8 status)
264 struct mgmt_hdr *hdr;
265 struct mgmt_ev_cmd_status *ev;
268 BT_DBG("sock %p, index %u, cmd %u, status %u", sk, index, cmd, status);
270 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev), GFP_KERNEL);
274 hdr = (void *) skb_put(skb, sizeof(*hdr));
276 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_STATUS);
277 hdr->index = cpu_to_le16(index);
278 hdr->len = cpu_to_le16(sizeof(*ev));
280 ev = (void *) skb_put(skb, sizeof(*ev));
282 ev->opcode = cpu_to_le16(cmd);
284 err = sock_queue_rcv_skb(sk, skb);
291 static int cmd_complete(struct sock *sk, u16 index, u16 cmd, u8 status,
292 void *rp, size_t rp_len)
295 struct mgmt_hdr *hdr;
296 struct mgmt_ev_cmd_complete *ev;
299 BT_DBG("sock %p", sk);
301 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev) + rp_len, GFP_KERNEL);
305 hdr = (void *) skb_put(skb, sizeof(*hdr));
307 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_COMPLETE);
308 hdr->index = cpu_to_le16(index);
309 hdr->len = cpu_to_le16(sizeof(*ev) + rp_len);
311 ev = (void *) skb_put(skb, sizeof(*ev) + rp_len);
312 ev->opcode = cpu_to_le16(cmd);
316 memcpy(ev->data, rp, rp_len);
318 err = sock_queue_rcv_skb(sk, skb);
325 #ifdef CONFIG_TIZEN_WIP
326 /* BEGIN TIZEN_Bluetooth :: check for le connection update params */
327 static inline int check_le_conn_update_param(u16 min, u16 max, u16 latency,
332 if (min > max || min < 6 || max > 3200)
335 if (to_multiplier < 10 || to_multiplier > 3200)
338 if (max >= to_multiplier * 8)
341 max_latency = (to_multiplier * 8 / max) - 1;
343 if (latency > 499 || latency > max_latency)
348 /* END TIZEN_Bluetooth */
351 static int read_version(struct sock *sk, struct hci_dev *hdev, void *data,
354 struct mgmt_rp_read_version rp;
356 BT_DBG("sock %p", sk);
358 rp.version = MGMT_VERSION;
359 rp.revision = cpu_to_le16(MGMT_REVISION);
361 return cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, 0, &rp,
365 static int read_commands(struct sock *sk, struct hci_dev *hdev, void *data,
368 struct mgmt_rp_read_commands *rp;
369 const u16 num_commands = ARRAY_SIZE(mgmt_commands);
370 const u16 num_events = ARRAY_SIZE(mgmt_events);
375 BT_DBG("sock %p", sk);
377 rp_size = sizeof(*rp) + ((num_commands + num_events) * sizeof(u16));
379 rp = kmalloc(rp_size, GFP_KERNEL);
383 rp->num_commands = cpu_to_le16(num_commands);
384 rp->num_events = cpu_to_le16(num_events);
386 for (i = 0, opcode = rp->opcodes; i < num_commands; i++, opcode++)
387 put_unaligned_le16(mgmt_commands[i], opcode);
389 for (i = 0; i < num_events; i++, opcode++)
390 put_unaligned_le16(mgmt_events[i], opcode);
392 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_COMMANDS, 0, rp,
399 static int read_index_list(struct sock *sk, struct hci_dev *hdev, void *data,
402 struct mgmt_rp_read_index_list *rp;
408 BT_DBG("sock %p", sk);
410 read_lock(&hci_dev_list_lock);
413 list_for_each_entry(d, &hci_dev_list, list) {
414 if (d->dev_type == HCI_BREDR &&
415 !test_bit(HCI_UNCONFIGURED, &d->dev_flags))
419 rp_len = sizeof(*rp) + (2 * count);
420 rp = kmalloc(rp_len, GFP_ATOMIC);
422 read_unlock(&hci_dev_list_lock);
427 list_for_each_entry(d, &hci_dev_list, list) {
428 if (test_bit(HCI_SETUP, &d->dev_flags) ||
429 test_bit(HCI_CONFIG, &d->dev_flags) ||
430 test_bit(HCI_USER_CHANNEL, &d->dev_flags))
433 /* Devices marked as raw-only are neither configured
434 * nor unconfigured controllers.
436 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks))
439 if (d->dev_type == HCI_BREDR &&
440 !test_bit(HCI_UNCONFIGURED, &d->dev_flags)) {
441 rp->index[count++] = cpu_to_le16(d->id);
442 BT_DBG("Added hci%u", d->id);
446 rp->num_controllers = cpu_to_le16(count);
447 rp_len = sizeof(*rp) + (2 * count);
449 read_unlock(&hci_dev_list_lock);
451 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST, 0, rp,
459 static int read_unconf_index_list(struct sock *sk, struct hci_dev *hdev,
460 void *data, u16 data_len)
462 struct mgmt_rp_read_unconf_index_list *rp;
468 BT_DBG("sock %p", sk);
470 read_lock(&hci_dev_list_lock);
473 list_for_each_entry(d, &hci_dev_list, list) {
474 if (d->dev_type == HCI_BREDR &&
475 test_bit(HCI_UNCONFIGURED, &d->dev_flags))
479 rp_len = sizeof(*rp) + (2 * count);
480 rp = kmalloc(rp_len, GFP_ATOMIC);
482 read_unlock(&hci_dev_list_lock);
487 list_for_each_entry(d, &hci_dev_list, list) {
488 if (test_bit(HCI_SETUP, &d->dev_flags) ||
489 test_bit(HCI_CONFIG, &d->dev_flags) ||
490 test_bit(HCI_USER_CHANNEL, &d->dev_flags))
493 /* Devices marked as raw-only are neither configured
494 * nor unconfigured controllers.
496 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks))
499 if (d->dev_type == HCI_BREDR &&
500 test_bit(HCI_UNCONFIGURED, &d->dev_flags)) {
501 rp->index[count++] = cpu_to_le16(d->id);
502 BT_DBG("Added hci%u", d->id);
506 rp->num_controllers = cpu_to_le16(count);
507 rp_len = sizeof(*rp) + (2 * count);
509 read_unlock(&hci_dev_list_lock);
511 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_UNCONF_INDEX_LIST,
519 static bool is_configured(struct hci_dev *hdev)
521 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) &&
522 !test_bit(HCI_EXT_CONFIGURED, &hdev->dev_flags))
525 if (test_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks) &&
526 !bacmp(&hdev->public_addr, BDADDR_ANY))
532 static __le32 get_missing_options(struct hci_dev *hdev)
536 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) &&
537 !test_bit(HCI_EXT_CONFIGURED, &hdev->dev_flags))
538 options |= MGMT_OPTION_EXTERNAL_CONFIG;
540 if (test_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks) &&
541 !bacmp(&hdev->public_addr, BDADDR_ANY))
542 options |= MGMT_OPTION_PUBLIC_ADDRESS;
544 return cpu_to_le32(options);
547 static int new_options(struct hci_dev *hdev, struct sock *skip)
549 __le32 options = get_missing_options(hdev);
551 return mgmt_event(MGMT_EV_NEW_CONFIG_OPTIONS, hdev, &options,
552 sizeof(options), skip);
555 static int send_options_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
557 __le32 options = get_missing_options(hdev);
559 return cmd_complete(sk, hdev->id, opcode, 0, &options,
563 static int read_config_info(struct sock *sk, struct hci_dev *hdev,
564 void *data, u16 data_len)
566 struct mgmt_rp_read_config_info rp;
569 BT_DBG("sock %p %s", sk, hdev->name);
573 memset(&rp, 0, sizeof(rp));
574 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
576 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks))
577 options |= MGMT_OPTION_EXTERNAL_CONFIG;
579 if (hdev->set_bdaddr)
580 options |= MGMT_OPTION_PUBLIC_ADDRESS;
582 rp.supported_options = cpu_to_le32(options);
583 rp.missing_options = get_missing_options(hdev);
585 hci_dev_unlock(hdev);
587 return cmd_complete(sk, hdev->id, MGMT_OP_READ_CONFIG_INFO, 0, &rp,
591 static u32 get_supported_settings(struct hci_dev *hdev)
595 settings |= MGMT_SETTING_POWERED;
596 settings |= MGMT_SETTING_BONDABLE;
597 /* Disable Debug keys implementation now */
598 #ifdef CONFIG_TIZEN_WIP
599 settings |= MGMT_SETTING_DEBUG_KEYS;
601 settings |= MGMT_SETTING_CONNECTABLE;
602 settings |= MGMT_SETTING_DISCOVERABLE;
604 if (lmp_bredr_capable(hdev)) {
605 if (hdev->hci_ver >= BLUETOOTH_VER_1_2)
606 settings |= MGMT_SETTING_FAST_CONNECTABLE;
607 settings |= MGMT_SETTING_BREDR;
608 settings |= MGMT_SETTING_LINK_SECURITY;
610 if (lmp_ssp_capable(hdev)) {
611 settings |= MGMT_SETTING_SSP;
612 settings |= MGMT_SETTING_HS;
615 /* Disable Secure connection implementation now */
616 #ifdef CONFIG_TIZEN_WIP
617 if (lmp_sc_capable(hdev) ||
618 test_bit(HCI_FORCE_BREDR_SMP, &hdev->dbg_flags))
619 settings |= MGMT_SETTING_SECURE_CONN;
623 if (lmp_le_capable(hdev)) {
624 settings |= MGMT_SETTING_LE;
625 settings |= MGMT_SETTING_ADVERTISING;
626 settings |= MGMT_SETTING_SECURE_CONN;
627 settings |= MGMT_SETTING_PRIVACY;
630 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) ||
632 settings |= MGMT_SETTING_CONFIGURATION;
637 static u32 get_current_settings(struct hci_dev *hdev)
641 if (hdev_is_powered(hdev))
642 settings |= MGMT_SETTING_POWERED;
644 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
645 settings |= MGMT_SETTING_CONNECTABLE;
647 if (test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags))
648 settings |= MGMT_SETTING_FAST_CONNECTABLE;
650 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
651 settings |= MGMT_SETTING_DISCOVERABLE;
653 if (test_bit(HCI_BONDABLE, &hdev->dev_flags))
654 settings |= MGMT_SETTING_BONDABLE;
656 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
657 settings |= MGMT_SETTING_BREDR;
659 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
660 settings |= MGMT_SETTING_LE;
662 if (test_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
663 settings |= MGMT_SETTING_LINK_SECURITY;
665 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
666 settings |= MGMT_SETTING_SSP;
668 if (test_bit(HCI_HS_ENABLED, &hdev->dev_flags))
669 settings |= MGMT_SETTING_HS;
671 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
672 settings |= MGMT_SETTING_ADVERTISING;
674 /* Disable Secure connection and debug keys implementation now */
675 #ifdef CONFIG_TIZEN_WIP
676 if (test_bit(HCI_SC_ENABLED, &hdev->dev_flags))
677 settings |= MGMT_SETTING_SECURE_CONN;
679 if (test_bit(HCI_KEEP_DEBUG_KEYS, &hdev->dev_flags))
680 settings |= MGMT_SETTING_DEBUG_KEYS;
683 if (test_bit(HCI_PRIVACY, &hdev->dev_flags))
684 settings |= MGMT_SETTING_PRIVACY;
689 #define PNP_INFO_SVCLASS_ID 0x1200
691 static u8 *create_uuid16_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
693 u8 *ptr = data, *uuids_start = NULL;
694 struct bt_uuid *uuid;
699 list_for_each_entry(uuid, &hdev->uuids, list) {
702 if (uuid->size != 16)
705 uuid16 = get_unaligned_le16(&uuid->uuid[12]);
709 if (uuid16 == PNP_INFO_SVCLASS_ID)
715 uuids_start[1] = EIR_UUID16_ALL;
719 /* Stop if not enough space to put next UUID */
720 if ((ptr - data) + sizeof(u16) > len) {
721 uuids_start[1] = EIR_UUID16_SOME;
725 *ptr++ = (uuid16 & 0x00ff);
726 *ptr++ = (uuid16 & 0xff00) >> 8;
727 uuids_start[0] += sizeof(uuid16);
733 static u8 *create_uuid32_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
735 u8 *ptr = data, *uuids_start = NULL;
736 struct bt_uuid *uuid;
741 list_for_each_entry(uuid, &hdev->uuids, list) {
742 if (uuid->size != 32)
748 uuids_start[1] = EIR_UUID32_ALL;
752 /* Stop if not enough space to put next UUID */
753 if ((ptr - data) + sizeof(u32) > len) {
754 uuids_start[1] = EIR_UUID32_SOME;
758 memcpy(ptr, &uuid->uuid[12], sizeof(u32));
760 uuids_start[0] += sizeof(u32);
766 static u8 *create_uuid128_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
768 u8 *ptr = data, *uuids_start = NULL;
769 struct bt_uuid *uuid;
774 list_for_each_entry(uuid, &hdev->uuids, list) {
775 if (uuid->size != 128)
781 uuids_start[1] = EIR_UUID128_ALL;
785 /* Stop if not enough space to put next UUID */
786 if ((ptr - data) + 16 > len) {
787 uuids_start[1] = EIR_UUID128_SOME;
791 memcpy(ptr, uuid->uuid, 16);
793 uuids_start[0] += 16;
799 static struct pending_cmd *mgmt_pending_find(u16 opcode, struct hci_dev *hdev)
801 struct pending_cmd *cmd;
803 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
804 if (cmd->opcode == opcode)
811 static struct pending_cmd *mgmt_pending_find_data(u16 opcode,
812 struct hci_dev *hdev,
815 struct pending_cmd *cmd;
817 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
818 if (cmd->user_data != data)
820 if (cmd->opcode == opcode)
827 static u8 create_scan_rsp_data(struct hci_dev *hdev, u8 *ptr)
832 name_len = strlen(hdev->dev_name);
834 size_t max_len = HCI_MAX_AD_LENGTH - ad_len - 2;
836 if (name_len > max_len) {
838 ptr[1] = EIR_NAME_SHORT;
840 ptr[1] = EIR_NAME_COMPLETE;
842 ptr[0] = name_len + 1;
844 memcpy(ptr + 2, hdev->dev_name, name_len);
846 ad_len += (name_len + 2);
847 ptr += (name_len + 2);
853 static void update_scan_rsp_data(struct hci_request *req)
855 struct hci_dev *hdev = req->hdev;
856 struct hci_cp_le_set_scan_rsp_data cp;
859 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
862 memset(&cp, 0, sizeof(cp));
864 len = create_scan_rsp_data(hdev, cp.data);
866 #ifdef CONFIG_TIZEN_WIP
867 /* Advertising scan response data is handled in bluez.
868 This value will be updated only when application request the update */
871 if (hdev->scan_rsp_data_len == len &&
872 memcmp(cp.data, hdev->scan_rsp_data, len) == 0)
875 memcpy(hdev->scan_rsp_data, cp.data, sizeof(cp.data));
876 hdev->scan_rsp_data_len = len;
880 hci_req_add(req, HCI_OP_LE_SET_SCAN_RSP_DATA, sizeof(cp), &cp);
884 static u8 get_adv_discov_flags(struct hci_dev *hdev)
886 struct pending_cmd *cmd;
888 /* If there's a pending mgmt command the flags will not yet have
889 * their final values, so check for this first.
891 cmd = mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev);
893 struct mgmt_mode *cp = cmd->param;
895 return LE_AD_GENERAL;
896 else if (cp->val == 0x02)
897 return LE_AD_LIMITED;
899 if (test_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags))
900 return LE_AD_LIMITED;
901 else if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
902 return LE_AD_GENERAL;
908 static u8 create_adv_data(struct hci_dev *hdev, u8 *ptr)
910 u8 ad_len = 0, flags = 0;
912 flags |= get_adv_discov_flags(hdev);
914 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
915 flags |= LE_AD_NO_BREDR;
918 BT_DBG("adv flags 0x%02x", flags);
928 if (hdev->adv_tx_power != HCI_TX_POWER_INVALID) {
930 ptr[1] = EIR_TX_POWER;
931 ptr[2] = (u8) hdev->adv_tx_power;
940 static void update_adv_data(struct hci_request *req)
942 struct hci_dev *hdev = req->hdev;
943 struct hci_cp_le_set_adv_data cp;
946 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
949 memset(&cp, 0, sizeof(cp));
951 len = create_adv_data(hdev, cp.data);
953 #ifdef CONFIG_TIZEN_WIP
954 /* Bluez will handle the advertising data, including the flag and tx power.
955 This value will be updated only when application request the update */
958 if (hdev->adv_data_len == len &&
959 memcmp(cp.data, hdev->adv_data, len) == 0)
962 memcpy(hdev->adv_data, cp.data, sizeof(cp.data));
963 hdev->adv_data_len = len;
967 hci_req_add(req, HCI_OP_LE_SET_ADV_DATA, sizeof(cp), &cp);
971 int mgmt_update_adv_data(struct hci_dev *hdev)
973 struct hci_request req;
975 hci_req_init(&req, hdev);
976 update_adv_data(&req);
978 return hci_req_run(&req, NULL);
981 static void create_eir(struct hci_dev *hdev, u8 *data)
986 name_len = strlen(hdev->dev_name);
992 ptr[1] = EIR_NAME_SHORT;
994 ptr[1] = EIR_NAME_COMPLETE;
996 /* EIR Data length */
997 ptr[0] = name_len + 1;
999 memcpy(ptr + 2, hdev->dev_name, name_len);
1001 ptr += (name_len + 2);
1004 if (hdev->inq_tx_power != HCI_TX_POWER_INVALID) {
1006 ptr[1] = EIR_TX_POWER;
1007 ptr[2] = (u8) hdev->inq_tx_power;
1012 if (hdev->devid_source > 0) {
1014 ptr[1] = EIR_DEVICE_ID;
1016 put_unaligned_le16(hdev->devid_source, ptr + 2);
1017 put_unaligned_le16(hdev->devid_vendor, ptr + 4);
1018 put_unaligned_le16(hdev->devid_product, ptr + 6);
1019 put_unaligned_le16(hdev->devid_version, ptr + 8);
1024 ptr = create_uuid16_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
1025 ptr = create_uuid32_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
1026 ptr = create_uuid128_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
1027 #ifdef CONFIG_TIZEN_WIP
1028 if (hdev->manufacturer_len > 0 &&
1029 ptr - data + hdev->manufacturer_len + 2 <= HCI_MAX_EIR_LENGTH) {
1030 ptr[0] = hdev->manufacturer_len + 1;
1031 ptr[1] = EIR_MANUFACTURER_DATA;
1032 memcpy(ptr + 2, hdev->manufacturer_data, hdev->manufacturer_len);
1033 ptr += hdev->manufacturer_len + 2;
1038 static void update_eir(struct hci_request *req)
1040 struct hci_dev *hdev = req->hdev;
1041 struct hci_cp_write_eir cp;
1043 if (!hdev_is_powered(hdev))
1046 if (!lmp_ext_inq_capable(hdev))
1049 if (!test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
1052 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
1055 memset(&cp, 0, sizeof(cp));
1057 create_eir(hdev, cp.data);
1059 if (memcmp(cp.data, hdev->eir, sizeof(cp.data)) == 0)
1062 memcpy(hdev->eir, cp.data, sizeof(cp.data));
1064 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
1067 static u8 get_service_classes(struct hci_dev *hdev)
1069 struct bt_uuid *uuid;
1072 list_for_each_entry(uuid, &hdev->uuids, list)
1073 val |= uuid->svc_hint;
1078 static void update_class(struct hci_request *req)
1080 struct hci_dev *hdev = req->hdev;
1083 BT_DBG("%s", hdev->name);
1085 if (!hdev_is_powered(hdev))
1088 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1091 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
1094 cod[0] = hdev->minor_class;
1095 cod[1] = hdev->major_class;
1096 cod[2] = get_service_classes(hdev);
1098 if (test_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags))
1101 if (memcmp(cod, hdev->dev_class, 3) == 0)
1104 hci_req_add(req, HCI_OP_WRITE_CLASS_OF_DEV, sizeof(cod), cod);
1107 static bool get_connectable(struct hci_dev *hdev)
1109 struct pending_cmd *cmd;
1111 /* If there's a pending mgmt command the flag will not yet have
1112 * it's final value, so check for this first.
1114 cmd = mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
1116 struct mgmt_mode *cp = cmd->param;
1120 return test_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1123 static void disable_advertising(struct hci_request *req)
1127 hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), &enable);
1130 static void enable_advertising(struct hci_request *req)
1132 struct hci_dev *hdev = req->hdev;
1133 struct hci_cp_le_set_adv_param cp;
1134 u8 own_addr_type, enable = 0x01;
1137 if (hci_conn_num(hdev, LE_LINK) > 0)
1140 if (test_bit(HCI_LE_ADV, &hdev->dev_flags))
1141 disable_advertising(req);
1143 /* Clear the HCI_LE_ADV bit temporarily so that the
1144 * hci_update_random_address knows that it's safe to go ahead
1145 * and write a new random address. The flag will be set back on
1146 * as soon as the SET_ADV_ENABLE HCI command completes.
1148 clear_bit(HCI_LE_ADV, &hdev->dev_flags);
1150 connectable = get_connectable(hdev);
1152 /* Set require_privacy to true only when non-connectable
1153 * advertising is used. In that case it is fine to use a
1154 * non-resolvable private address.
1156 if (hci_update_random_address(req, !connectable, &own_addr_type) < 0)
1159 memset(&cp, 0, sizeof(cp));
1160 cp.min_interval = cpu_to_le16(hdev->le_adv_min_interval);
1161 cp.max_interval = cpu_to_le16(hdev->le_adv_max_interval);
1162 #ifdef CONFIG_TIZEN_WIP
1163 cp.filter_policy = hdev->adv_filter_policy;
1164 if (hdev->adv_type != LE_ADV_SCAN_IND)
1165 cp.type = connectable ? LE_ADV_IND : LE_ADV_NONCONN_IND;
1167 cp.type = hdev->adv_type;
1169 cp.type = connectable ? LE_ADV_IND : LE_ADV_NONCONN_IND;
1171 cp.own_address_type = own_addr_type;
1172 cp.channel_map = hdev->le_adv_channel_map;
1174 hci_req_add(req, HCI_OP_LE_SET_ADV_PARAM, sizeof(cp), &cp);
1176 hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), &enable);
1179 static void service_cache_off(struct work_struct *work)
1181 struct hci_dev *hdev = container_of(work, struct hci_dev,
1182 service_cache.work);
1183 struct hci_request req;
1185 if (!test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
1188 hci_req_init(&req, hdev);
1195 hci_dev_unlock(hdev);
1197 hci_req_run(&req, NULL);
1200 static void rpa_expired(struct work_struct *work)
1202 struct hci_dev *hdev = container_of(work, struct hci_dev,
1204 struct hci_request req;
1208 set_bit(HCI_RPA_EXPIRED, &hdev->dev_flags);
1210 if (!test_bit(HCI_ADVERTISING, &hdev->dev_flags))
1213 /* The generation of a new RPA and programming it into the
1214 * controller happens in the enable_advertising() function.
1216 hci_req_init(&req, hdev);
1217 enable_advertising(&req);
1218 hci_req_run(&req, NULL);
1221 static void mgmt_init_hdev(struct sock *sk, struct hci_dev *hdev)
1223 if (test_and_set_bit(HCI_MGMT, &hdev->dev_flags))
1226 INIT_DELAYED_WORK(&hdev->service_cache, service_cache_off);
1227 INIT_DELAYED_WORK(&hdev->rpa_expired, rpa_expired);
1229 /* Non-mgmt controlled devices get this bit set
1230 * implicitly so that pairing works for them, however
1231 * for mgmt we require user-space to explicitly enable
1234 clear_bit(HCI_BONDABLE, &hdev->dev_flags);
1237 static int read_controller_info(struct sock *sk, struct hci_dev *hdev,
1238 void *data, u16 data_len)
1240 struct mgmt_rp_read_info rp;
1242 BT_DBG("sock %p %s", sk, hdev->name);
1246 memset(&rp, 0, sizeof(rp));
1248 bacpy(&rp.bdaddr, &hdev->bdaddr);
1250 rp.version = hdev->hci_ver;
1251 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
1253 rp.supported_settings = cpu_to_le32(get_supported_settings(hdev));
1254 rp.current_settings = cpu_to_le32(get_current_settings(hdev));
1256 memcpy(rp.dev_class, hdev->dev_class, 3);
1258 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name));
1259 memcpy(rp.short_name, hdev->short_name, sizeof(hdev->short_name));
1261 hci_dev_unlock(hdev);
1263 return cmd_complete(sk, hdev->id, MGMT_OP_READ_INFO, 0, &rp,
1267 static void mgmt_pending_free(struct pending_cmd *cmd)
1274 static struct pending_cmd *mgmt_pending_add(struct sock *sk, u16 opcode,
1275 struct hci_dev *hdev, void *data,
1278 struct pending_cmd *cmd;
1280 cmd = kzalloc(sizeof(*cmd), GFP_KERNEL);
1284 cmd->opcode = opcode;
1285 cmd->index = hdev->id;
1287 cmd->param = kmemdup(data, len, GFP_KERNEL);
1293 cmd->param_len = len;
1298 list_add(&cmd->list, &hdev->mgmt_pending);
1303 static void mgmt_pending_foreach(u16 opcode, struct hci_dev *hdev,
1304 void (*cb)(struct pending_cmd *cmd,
1308 struct pending_cmd *cmd, *tmp;
1310 list_for_each_entry_safe(cmd, tmp, &hdev->mgmt_pending, list) {
1311 if (opcode > 0 && cmd->opcode != opcode)
1318 static void mgmt_pending_remove(struct pending_cmd *cmd)
1320 list_del(&cmd->list);
1321 mgmt_pending_free(cmd);
1324 static int send_settings_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
1326 __le32 settings = cpu_to_le32(get_current_settings(hdev));
1328 return cmd_complete(sk, hdev->id, opcode, 0, &settings,
1332 static void clean_up_hci_complete(struct hci_dev *hdev, u8 status, u16 opcode)
1334 BT_DBG("%s status 0x%02x", hdev->name, status);
1336 if (hci_conn_count(hdev) == 0) {
1337 cancel_delayed_work(&hdev->power_off);
1338 queue_work(hdev->req_workqueue, &hdev->power_off.work);
1342 static bool hci_stop_discovery(struct hci_request *req)
1344 struct hci_dev *hdev = req->hdev;
1345 struct hci_cp_remote_name_req_cancel cp;
1346 struct inquiry_entry *e;
1348 switch (hdev->discovery.state) {
1349 case DISCOVERY_FINDING:
1350 if (test_bit(HCI_INQUIRY, &hdev->flags)) {
1351 hci_req_add(req, HCI_OP_INQUIRY_CANCEL, 0, NULL);
1353 cancel_delayed_work(&hdev->le_scan_disable);
1354 hci_req_add_le_scan_disable(req);
1359 case DISCOVERY_RESOLVING:
1360 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY,
1365 bacpy(&cp.bdaddr, &e->data.bdaddr);
1366 hci_req_add(req, HCI_OP_REMOTE_NAME_REQ_CANCEL, sizeof(cp),
1372 /* Passive scanning */
1373 if (test_bit(HCI_LE_SCAN, &hdev->dev_flags)) {
1374 hci_req_add_le_scan_disable(req);
1384 static int clean_up_hci_state(struct hci_dev *hdev)
1386 struct hci_request req;
1387 struct hci_conn *conn;
1388 bool discov_stopped;
1391 hci_req_init(&req, hdev);
1393 if (test_bit(HCI_ISCAN, &hdev->flags) ||
1394 test_bit(HCI_PSCAN, &hdev->flags)) {
1396 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1399 if (test_bit(HCI_LE_ADV, &hdev->dev_flags))
1400 disable_advertising(&req);
1402 discov_stopped = hci_stop_discovery(&req);
1404 list_for_each_entry(conn, &hdev->conn_hash.list, list) {
1405 struct hci_cp_disconnect dc;
1406 struct hci_cp_reject_conn_req rej;
1408 switch (conn->state) {
1411 dc.handle = cpu_to_le16(conn->handle);
1412 dc.reason = 0x15; /* Terminated due to Power Off */
1413 hci_req_add(&req, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1416 if (conn->type == LE_LINK)
1417 hci_req_add(&req, HCI_OP_LE_CREATE_CONN_CANCEL,
1419 else if (conn->type == ACL_LINK)
1420 hci_req_add(&req, HCI_OP_CREATE_CONN_CANCEL,
1424 bacpy(&rej.bdaddr, &conn->dst);
1425 rej.reason = 0x15; /* Terminated due to Power Off */
1426 if (conn->type == ACL_LINK)
1427 hci_req_add(&req, HCI_OP_REJECT_CONN_REQ,
1429 else if (conn->type == SCO_LINK)
1430 hci_req_add(&req, HCI_OP_REJECT_SYNC_CONN_REQ,
1436 err = hci_req_run(&req, clean_up_hci_complete);
1437 if (!err && discov_stopped)
1438 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
1443 static int set_powered(struct sock *sk, struct hci_dev *hdev, void *data,
1446 struct mgmt_mode *cp = data;
1447 struct pending_cmd *cmd;
1450 BT_DBG("request for %s", hdev->name);
1452 if (cp->val != 0x00 && cp->val != 0x01)
1453 return cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
1454 MGMT_STATUS_INVALID_PARAMS);
1458 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev)) {
1459 err = cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
1464 if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->dev_flags)) {
1465 cancel_delayed_work(&hdev->power_off);
1468 mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev,
1470 err = mgmt_powered(hdev, 1);
1475 if (!!cp->val == hdev_is_powered(hdev)) {
1476 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
1480 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev, data, len);
1487 queue_work(hdev->req_workqueue, &hdev->power_on);
1490 /* Disconnect connections, stop scans, etc */
1491 err = clean_up_hci_state(hdev);
1493 queue_delayed_work(hdev->req_workqueue, &hdev->power_off,
1494 HCI_POWER_OFF_TIMEOUT);
1496 /* ENODATA means there were no HCI commands queued */
1497 if (err == -ENODATA) {
1498 cancel_delayed_work(&hdev->power_off);
1499 queue_work(hdev->req_workqueue, &hdev->power_off.work);
1505 hci_dev_unlock(hdev);
1509 static int new_settings(struct hci_dev *hdev, struct sock *skip)
1513 ev = cpu_to_le32(get_current_settings(hdev));
1515 return mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev), skip);
1518 int mgmt_new_settings(struct hci_dev *hdev)
1520 return new_settings(hdev, NULL);
1525 struct hci_dev *hdev;
1529 static void settings_rsp(struct pending_cmd *cmd, void *data)
1531 struct cmd_lookup *match = data;
1533 send_settings_rsp(cmd->sk, cmd->opcode, match->hdev);
1535 list_del(&cmd->list);
1537 if (match->sk == NULL) {
1538 match->sk = cmd->sk;
1539 sock_hold(match->sk);
1542 mgmt_pending_free(cmd);
1545 static void cmd_status_rsp(struct pending_cmd *cmd, void *data)
1549 cmd_status(cmd->sk, cmd->index, cmd->opcode, *status);
1550 mgmt_pending_remove(cmd);
1553 static void cmd_complete_rsp(struct pending_cmd *cmd, void *data)
1555 if (cmd->cmd_complete) {
1558 cmd->cmd_complete(cmd, *status);
1559 mgmt_pending_remove(cmd);
1564 cmd_status_rsp(cmd, data);
1567 static int generic_cmd_complete(struct pending_cmd *cmd, u8 status)
1569 return cmd_complete(cmd->sk, cmd->index, cmd->opcode, status,
1570 cmd->param, cmd->param_len);
1573 static int addr_cmd_complete(struct pending_cmd *cmd, u8 status)
1575 return cmd_complete(cmd->sk, cmd->index, cmd->opcode, status, cmd->param,
1576 sizeof(struct mgmt_addr_info));
1579 static u8 mgmt_bredr_support(struct hci_dev *hdev)
1581 if (!lmp_bredr_capable(hdev))
1582 return MGMT_STATUS_NOT_SUPPORTED;
1583 else if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1584 return MGMT_STATUS_REJECTED;
1586 return MGMT_STATUS_SUCCESS;
1589 static u8 mgmt_le_support(struct hci_dev *hdev)
1591 if (!lmp_le_capable(hdev))
1592 return MGMT_STATUS_NOT_SUPPORTED;
1593 else if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
1594 return MGMT_STATUS_REJECTED;
1596 return MGMT_STATUS_SUCCESS;
1599 static void set_discoverable_complete(struct hci_dev *hdev, u8 status,
1602 struct pending_cmd *cmd;
1603 struct mgmt_mode *cp;
1604 struct hci_request req;
1607 BT_DBG("status 0x%02x", status);
1611 cmd = mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev);
1616 u8 mgmt_err = mgmt_status(status);
1617 cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
1618 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1624 changed = !test_and_set_bit(HCI_DISCOVERABLE,
1627 if (hdev->discov_timeout > 0) {
1628 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
1629 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
1633 changed = test_and_clear_bit(HCI_DISCOVERABLE,
1637 send_settings_rsp(cmd->sk, MGMT_OP_SET_DISCOVERABLE, hdev);
1640 new_settings(hdev, cmd->sk);
1642 /* When the discoverable mode gets changed, make sure
1643 * that class of device has the limited discoverable
1644 * bit correctly set. Also update page scan based on whitelist
1647 hci_req_init(&req, hdev);
1648 __hci_update_page_scan(&req);
1650 hci_req_run(&req, NULL);
1653 mgmt_pending_remove(cmd);
1656 hci_dev_unlock(hdev);
1659 static int set_discoverable(struct sock *sk, struct hci_dev *hdev, void *data,
1662 struct mgmt_cp_set_discoverable *cp = data;
1663 struct pending_cmd *cmd;
1664 struct hci_request req;
1669 BT_DBG("request for %s", hdev->name);
1671 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags) &&
1672 !test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1673 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1674 MGMT_STATUS_REJECTED);
1676 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
1677 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1678 MGMT_STATUS_INVALID_PARAMS);
1680 timeout = __le16_to_cpu(cp->timeout);
1682 /* Disabling discoverable requires that no timeout is set,
1683 * and enabling limited discoverable requires a timeout.
1685 if ((cp->val == 0x00 && timeout > 0) ||
1686 (cp->val == 0x02 && timeout == 0))
1687 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1688 MGMT_STATUS_INVALID_PARAMS);
1692 if (!hdev_is_powered(hdev) && timeout > 0) {
1693 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1694 MGMT_STATUS_NOT_POWERED);
1698 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
1699 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
1700 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1705 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags)) {
1706 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1707 MGMT_STATUS_REJECTED);
1711 if (!hdev_is_powered(hdev)) {
1712 bool changed = false;
1714 /* Setting limited discoverable when powered off is
1715 * not a valid operation since it requires a timeout
1716 * and so no need to check HCI_LIMITED_DISCOVERABLE.
1718 if (!!cp->val != test_bit(HCI_DISCOVERABLE, &hdev->dev_flags)) {
1719 change_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
1723 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
1728 err = new_settings(hdev, sk);
1733 /* If the current mode is the same, then just update the timeout
1734 * value with the new value. And if only the timeout gets updated,
1735 * then no need for any HCI transactions.
1737 if (!!cp->val == test_bit(HCI_DISCOVERABLE, &hdev->dev_flags) &&
1738 (cp->val == 0x02) == test_bit(HCI_LIMITED_DISCOVERABLE,
1739 &hdev->dev_flags)) {
1740 cancel_delayed_work(&hdev->discov_off);
1741 hdev->discov_timeout = timeout;
1743 if (cp->val && hdev->discov_timeout > 0) {
1744 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
1745 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
1749 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
1753 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, hdev, data, len);
1759 /* Cancel any potential discoverable timeout that might be
1760 * still active and store new timeout value. The arming of
1761 * the timeout happens in the complete handler.
1763 cancel_delayed_work(&hdev->discov_off);
1764 hdev->discov_timeout = timeout;
1766 /* Limited discoverable mode */
1767 if (cp->val == 0x02)
1768 set_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1770 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1772 hci_req_init(&req, hdev);
1774 /* The procedure for LE-only controllers is much simpler - just
1775 * update the advertising data.
1777 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1783 struct hci_cp_write_current_iac_lap hci_cp;
1785 if (cp->val == 0x02) {
1786 /* Limited discoverable mode */
1787 hci_cp.num_iac = min_t(u8, hdev->num_iac, 2);
1788 hci_cp.iac_lap[0] = 0x00; /* LIAC */
1789 hci_cp.iac_lap[1] = 0x8b;
1790 hci_cp.iac_lap[2] = 0x9e;
1791 hci_cp.iac_lap[3] = 0x33; /* GIAC */
1792 hci_cp.iac_lap[4] = 0x8b;
1793 hci_cp.iac_lap[5] = 0x9e;
1795 /* General discoverable mode */
1797 hci_cp.iac_lap[0] = 0x33; /* GIAC */
1798 hci_cp.iac_lap[1] = 0x8b;
1799 hci_cp.iac_lap[2] = 0x9e;
1802 hci_req_add(&req, HCI_OP_WRITE_CURRENT_IAC_LAP,
1803 (hci_cp.num_iac * 3) + 1, &hci_cp);
1805 scan |= SCAN_INQUIRY;
1807 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1810 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, sizeof(scan), &scan);
1813 update_adv_data(&req);
1815 err = hci_req_run(&req, set_discoverable_complete);
1817 mgmt_pending_remove(cmd);
1820 hci_dev_unlock(hdev);
1824 static void write_fast_connectable(struct hci_request *req, bool enable)
1826 struct hci_dev *hdev = req->hdev;
1827 #ifndef CONFIG_TIZEN_WIP
1828 struct hci_cp_write_page_scan_activity acp;
1832 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1835 if (hdev->hci_ver < BLUETOOTH_VER_1_2)
1838 #ifdef CONFIG_TIZEN_WIP
1840 type = PAGE_SCAN_TYPE_INTERLACED;
1842 type = PAGE_SCAN_TYPE_STANDARD;
1846 type = PAGE_SCAN_TYPE_INTERLACED;
1848 /* 160 msec page scan interval */
1849 acp.interval = cpu_to_le16(0x0100);
1851 type = PAGE_SCAN_TYPE_STANDARD; /* default */
1853 /* default 1.28 sec page scan */
1854 acp.interval = cpu_to_le16(0x0800);
1857 acp.window = cpu_to_le16(0x0012);
1859 if (__cpu_to_le16(hdev->page_scan_interval) != acp.interval ||
1860 __cpu_to_le16(hdev->page_scan_window) != acp.window)
1861 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY,
1865 if (hdev->page_scan_type != type)
1866 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_TYPE, 1, &type);
1869 static void set_connectable_complete(struct hci_dev *hdev, u8 status,
1872 struct pending_cmd *cmd;
1873 struct mgmt_mode *cp;
1874 bool conn_changed, discov_changed;
1876 BT_DBG("status 0x%02x", status);
1880 cmd = mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
1885 u8 mgmt_err = mgmt_status(status);
1886 cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
1892 conn_changed = !test_and_set_bit(HCI_CONNECTABLE,
1894 discov_changed = false;
1896 conn_changed = test_and_clear_bit(HCI_CONNECTABLE,
1898 discov_changed = test_and_clear_bit(HCI_DISCOVERABLE,
1902 send_settings_rsp(cmd->sk, MGMT_OP_SET_CONNECTABLE, hdev);
1904 if (conn_changed || discov_changed) {
1905 new_settings(hdev, cmd->sk);
1906 hci_update_page_scan(hdev);
1908 mgmt_update_adv_data(hdev);
1909 hci_update_background_scan(hdev);
1913 mgmt_pending_remove(cmd);
1916 hci_dev_unlock(hdev);
1919 static int set_connectable_update_settings(struct hci_dev *hdev,
1920 struct sock *sk, u8 val)
1922 bool changed = false;
1925 if (!!val != test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
1929 set_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1931 clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1932 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
1935 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
1940 hci_update_page_scan(hdev);
1941 hci_update_background_scan(hdev);
1942 return new_settings(hdev, sk);
1948 static int set_connectable(struct sock *sk, struct hci_dev *hdev, void *data,
1951 struct mgmt_mode *cp = data;
1952 struct pending_cmd *cmd;
1953 struct hci_request req;
1957 BT_DBG("request for %s", hdev->name);
1959 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags) &&
1960 !test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1961 return cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1962 MGMT_STATUS_REJECTED);
1964 if (cp->val != 0x00 && cp->val != 0x01)
1965 return cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1966 MGMT_STATUS_INVALID_PARAMS);
1970 if (!hdev_is_powered(hdev)) {
1971 err = set_connectable_update_settings(hdev, sk, cp->val);
1975 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
1976 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
1977 err = cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1982 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, hdev, data, len);
1988 hci_req_init(&req, hdev);
1990 /* If BR/EDR is not enabled and we disable advertising as a
1991 * by-product of disabling connectable, we need to update the
1992 * advertising flags.
1994 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
1996 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1997 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
1999 update_adv_data(&req);
2000 } else if (cp->val != test_bit(HCI_PSCAN, &hdev->flags)) {
2004 /* If we don't have any whitelist entries just
2005 * disable all scanning. If there are entries
2006 * and we had both page and inquiry scanning
2007 * enabled then fall back to only page scanning.
2008 * Otherwise no changes are needed.
2010 if (list_empty(&hdev->whitelist))
2011 scan = SCAN_DISABLED;
2012 else if (test_bit(HCI_ISCAN, &hdev->flags))
2015 goto no_scan_update;
2017 if (test_bit(HCI_ISCAN, &hdev->flags) &&
2018 hdev->discov_timeout > 0)
2019 cancel_delayed_work(&hdev->discov_off);
2022 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
2026 #ifdef CONFIG_TIZEN_WIP
2027 if (cp->val || test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags))
2028 write_fast_connectable(&req, true);
2030 /* If we're going from non-connectable to connectable or
2031 * vice-versa when fast connectable is enabled ensure that fast
2032 * connectable gets disabled. write_fast_connectable won't do
2033 * anything if the page scan parameters are already what they
2036 if (cp->val || test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags))
2037 write_fast_connectable(&req, false);
2040 /* Update the advertising parameters if necessary */
2041 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
2042 enable_advertising(&req);
2044 err = hci_req_run(&req, set_connectable_complete);
2046 mgmt_pending_remove(cmd);
2047 if (err == -ENODATA)
2048 err = set_connectable_update_settings(hdev, sk,
2054 hci_dev_unlock(hdev);
2058 static int set_bondable(struct sock *sk, struct hci_dev *hdev, void *data,
2061 struct mgmt_mode *cp = data;
2065 BT_DBG("request for %s", hdev->name);
2067 if (cp->val != 0x00 && cp->val != 0x01)
2068 return cmd_status(sk, hdev->id, MGMT_OP_SET_BONDABLE,
2069 MGMT_STATUS_INVALID_PARAMS);
2074 changed = !test_and_set_bit(HCI_BONDABLE, &hdev->dev_flags);
2076 changed = test_and_clear_bit(HCI_BONDABLE, &hdev->dev_flags);
2078 err = send_settings_rsp(sk, MGMT_OP_SET_BONDABLE, hdev);
2083 err = new_settings(hdev, sk);
2086 hci_dev_unlock(hdev);
2090 static int set_link_security(struct sock *sk, struct hci_dev *hdev, void *data,
2093 struct mgmt_mode *cp = data;
2094 struct pending_cmd *cmd;
2098 BT_DBG("request for %s", hdev->name);
2100 status = mgmt_bredr_support(hdev);
2102 return cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
2105 if (cp->val != 0x00 && cp->val != 0x01)
2106 return cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
2107 MGMT_STATUS_INVALID_PARAMS);
2111 if (!hdev_is_powered(hdev)) {
2112 bool changed = false;
2114 if (!!cp->val != test_bit(HCI_LINK_SECURITY,
2115 &hdev->dev_flags)) {
2116 change_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
2120 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
2125 err = new_settings(hdev, sk);
2130 if (mgmt_pending_find(MGMT_OP_SET_LINK_SECURITY, hdev)) {
2131 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
2138 if (test_bit(HCI_AUTH, &hdev->flags) == val) {
2139 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
2143 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LINK_SECURITY, hdev, data, len);
2149 err = hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(val), &val);
2151 mgmt_pending_remove(cmd);
2156 hci_dev_unlock(hdev);
2160 static int set_ssp(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
2162 struct mgmt_mode *cp = data;
2163 struct pending_cmd *cmd;
2167 BT_DBG("request for %s", hdev->name);
2169 status = mgmt_bredr_support(hdev);
2171 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP, status);
2173 if (!lmp_ssp_capable(hdev))
2174 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
2175 MGMT_STATUS_NOT_SUPPORTED);
2177 if (cp->val != 0x00 && cp->val != 0x01)
2178 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
2179 MGMT_STATUS_INVALID_PARAMS);
2183 if (!hdev_is_powered(hdev)) {
2187 changed = !test_and_set_bit(HCI_SSP_ENABLED,
2190 changed = test_and_clear_bit(HCI_SSP_ENABLED,
2193 changed = test_and_clear_bit(HCI_HS_ENABLED,
2196 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
2199 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
2204 err = new_settings(hdev, sk);
2209 if (mgmt_pending_find(MGMT_OP_SET_SSP, hdev) ||
2210 mgmt_pending_find(MGMT_OP_SET_HS, hdev)) {
2211 err = cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
2216 if (!!cp->val == test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
2217 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
2221 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SSP, hdev, data, len);
2227 if (!cp->val && test_bit(HCI_USE_DEBUG_KEYS, &hdev->dev_flags))
2228 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_DEBUG_MODE,
2229 sizeof(cp->val), &cp->val);
2231 err = hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, 1, &cp->val);
2233 mgmt_pending_remove(cmd);
2238 hci_dev_unlock(hdev);
2242 static int set_hs(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
2244 struct mgmt_mode *cp = data;
2249 BT_DBG("request for %s", hdev->name);
2251 status = mgmt_bredr_support(hdev);
2253 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS, status);
2255 if (!lmp_ssp_capable(hdev))
2256 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2257 MGMT_STATUS_NOT_SUPPORTED);
2259 if (!test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
2260 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2261 MGMT_STATUS_REJECTED);
2263 if (cp->val != 0x00 && cp->val != 0x01)
2264 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2265 MGMT_STATUS_INVALID_PARAMS);
2270 changed = !test_and_set_bit(HCI_HS_ENABLED, &hdev->dev_flags);
2272 if (hdev_is_powered(hdev)) {
2273 err = cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2274 MGMT_STATUS_REJECTED);
2278 changed = test_and_clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
2281 err = send_settings_rsp(sk, MGMT_OP_SET_HS, hdev);
2286 err = new_settings(hdev, sk);
2289 hci_dev_unlock(hdev);
2293 static void le_enable_complete(struct hci_dev *hdev, u8 status, u16 opcode)
2295 struct cmd_lookup match = { NULL, hdev };
2297 #ifdef CONFIG_TIZEN_WIP
2302 u8 mgmt_err = mgmt_status(status);
2304 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, cmd_status_rsp,
2306 #ifdef CONFIG_TIZEN_WIP
2313 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, settings_rsp, &match);
2315 new_settings(hdev, match.sk);
2320 /* Make sure the controller has a good default for
2321 * advertising data. Restrict the update to when LE
2322 * has actually been enabled. During power on, the
2323 * update in powered_update_hci will take care of it.
2325 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
2326 struct hci_request req;
2328 #ifndef CONFIG_TIZEN_WIP
2332 hci_req_init(&req, hdev);
2333 update_adv_data(&req);
2334 update_scan_rsp_data(&req);
2335 __hci_update_background_scan(&req);
2336 hci_req_run(&req, NULL);
2338 hci_update_background_scan(hdev);
2339 #ifdef CONFIG_TIZEN_WIP
2341 hci_dev_unlock(hdev);
2345 static int set_le(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
2347 struct mgmt_mode *cp = data;
2348 struct hci_cp_write_le_host_supported hci_cp;
2349 struct pending_cmd *cmd;
2350 struct hci_request req;
2354 BT_DBG("request for %s", hdev->name);
2356 if (!lmp_le_capable(hdev))
2357 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2358 MGMT_STATUS_NOT_SUPPORTED);
2360 if (cp->val != 0x00 && cp->val != 0x01)
2361 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2362 MGMT_STATUS_INVALID_PARAMS);
2364 /* LE-only devices do not allow toggling LE on/off */
2365 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
2366 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2367 MGMT_STATUS_REJECTED);
2372 enabled = lmp_host_le_capable(hdev);
2374 if (!hdev_is_powered(hdev) || val == enabled) {
2375 bool changed = false;
2377 if (val != test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
2378 change_bit(HCI_LE_ENABLED, &hdev->dev_flags);
2382 if (!val && test_bit(HCI_ADVERTISING, &hdev->dev_flags)) {
2383 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
2387 err = send_settings_rsp(sk, MGMT_OP_SET_LE, hdev);
2392 err = new_settings(hdev, sk);
2397 if (mgmt_pending_find(MGMT_OP_SET_LE, hdev) ||
2398 mgmt_pending_find(MGMT_OP_SET_ADVERTISING, hdev)) {
2399 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2404 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LE, hdev, data, len);
2410 hci_req_init(&req, hdev);
2412 memset(&hci_cp, 0, sizeof(hci_cp));
2416 hci_cp.simul = 0x00;
2418 if (test_bit(HCI_LE_ADV, &hdev->dev_flags))
2419 disable_advertising(&req);
2422 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(hci_cp),
2425 err = hci_req_run(&req, le_enable_complete);
2427 mgmt_pending_remove(cmd);
2430 hci_dev_unlock(hdev);
2434 /* This is a helper function to test for pending mgmt commands that can
2435 * cause CoD or EIR HCI commands. We can only allow one such pending
2436 * mgmt command at a time since otherwise we cannot easily track what
2437 * the current values are, will be, and based on that calculate if a new
2438 * HCI command needs to be sent and if yes with what value.
2440 static bool pending_eir_or_class(struct hci_dev *hdev)
2442 struct pending_cmd *cmd;
2444 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
2445 switch (cmd->opcode) {
2446 case MGMT_OP_ADD_UUID:
2447 case MGMT_OP_REMOVE_UUID:
2448 case MGMT_OP_SET_DEV_CLASS:
2449 case MGMT_OP_SET_POWERED:
2457 static const u8 bluetooth_base_uuid[] = {
2458 0xfb, 0x34, 0x9b, 0x5f, 0x80, 0x00, 0x00, 0x80,
2459 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2462 static u8 get_uuid_size(const u8 *uuid)
2466 if (memcmp(uuid, bluetooth_base_uuid, 12))
2469 val = get_unaligned_le32(&uuid[12]);
2476 static void mgmt_class_complete(struct hci_dev *hdev, u16 mgmt_op, u8 status)
2478 struct pending_cmd *cmd;
2482 cmd = mgmt_pending_find(mgmt_op, hdev);
2486 cmd_complete(cmd->sk, cmd->index, cmd->opcode, mgmt_status(status),
2487 hdev->dev_class, 3);
2489 mgmt_pending_remove(cmd);
2492 hci_dev_unlock(hdev);
2495 static void add_uuid_complete(struct hci_dev *hdev, u8 status, u16 opcode)
2497 BT_DBG("status 0x%02x", status);
2499 mgmt_class_complete(hdev, MGMT_OP_ADD_UUID, status);
2502 static int add_uuid(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
2504 struct mgmt_cp_add_uuid *cp = data;
2505 struct pending_cmd *cmd;
2506 struct hci_request req;
2507 struct bt_uuid *uuid;
2510 BT_DBG("request for %s", hdev->name);
2514 if (pending_eir_or_class(hdev)) {
2515 err = cmd_status(sk, hdev->id, MGMT_OP_ADD_UUID,
2520 uuid = kmalloc(sizeof(*uuid), GFP_KERNEL);
2526 memcpy(uuid->uuid, cp->uuid, 16);
2527 uuid->svc_hint = cp->svc_hint;
2528 uuid->size = get_uuid_size(cp->uuid);
2530 list_add_tail(&uuid->list, &hdev->uuids);
2532 hci_req_init(&req, hdev);
2537 err = hci_req_run(&req, add_uuid_complete);
2539 if (err != -ENODATA)
2542 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_UUID, 0,
2543 hdev->dev_class, 3);
2547 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_UUID, hdev, data, len);
2556 hci_dev_unlock(hdev);
2560 static bool enable_service_cache(struct hci_dev *hdev)
2562 if (!hdev_is_powered(hdev))
2565 if (!test_and_set_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
2566 queue_delayed_work(hdev->workqueue, &hdev->service_cache,
2574 static void remove_uuid_complete(struct hci_dev *hdev, u8 status, u16 opcode)
2576 BT_DBG("status 0x%02x", status);
2578 mgmt_class_complete(hdev, MGMT_OP_REMOVE_UUID, status);
2581 static int remove_uuid(struct sock *sk, struct hci_dev *hdev, void *data,
2584 struct mgmt_cp_remove_uuid *cp = data;
2585 struct pending_cmd *cmd;
2586 struct bt_uuid *match, *tmp;
2587 u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
2588 struct hci_request req;
2591 BT_DBG("request for %s", hdev->name);
2595 if (pending_eir_or_class(hdev)) {
2596 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
2601 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) {
2602 hci_uuids_clear(hdev);
2604 if (enable_service_cache(hdev)) {
2605 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID,
2606 0, hdev->dev_class, 3);
2615 list_for_each_entry_safe(match, tmp, &hdev->uuids, list) {
2616 if (memcmp(match->uuid, cp->uuid, 16) != 0)
2619 list_del(&match->list);
2625 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
2626 MGMT_STATUS_INVALID_PARAMS);
2631 hci_req_init(&req, hdev);
2636 err = hci_req_run(&req, remove_uuid_complete);
2638 if (err != -ENODATA)
2641 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID, 0,
2642 hdev->dev_class, 3);
2646 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_UUID, hdev, data, len);
2655 hci_dev_unlock(hdev);
2659 static void set_class_complete(struct hci_dev *hdev, u8 status, u16 opcode)
2661 BT_DBG("status 0x%02x", status);
2663 mgmt_class_complete(hdev, MGMT_OP_SET_DEV_CLASS, status);
2666 static int set_dev_class(struct sock *sk, struct hci_dev *hdev, void *data,
2669 struct mgmt_cp_set_dev_class *cp = data;
2670 struct pending_cmd *cmd;
2671 struct hci_request req;
2674 BT_DBG("request for %s", hdev->name);
2676 if (!lmp_bredr_capable(hdev))
2677 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2678 MGMT_STATUS_NOT_SUPPORTED);
2682 if (pending_eir_or_class(hdev)) {
2683 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2688 if ((cp->minor & 0x03) != 0 || (cp->major & 0xe0) != 0) {
2689 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2690 MGMT_STATUS_INVALID_PARAMS);
2694 hdev->major_class = cp->major;
2695 hdev->minor_class = cp->minor;
2697 if (!hdev_is_powered(hdev)) {
2698 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
2699 hdev->dev_class, 3);
2703 hci_req_init(&req, hdev);
2705 if (test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
2706 hci_dev_unlock(hdev);
2707 cancel_delayed_work_sync(&hdev->service_cache);
2714 err = hci_req_run(&req, set_class_complete);
2716 if (err != -ENODATA)
2719 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
2720 hdev->dev_class, 3);
2724 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DEV_CLASS, hdev, data, len);
2733 hci_dev_unlock(hdev);
2737 static int load_link_keys(struct sock *sk, struct hci_dev *hdev, void *data,
2740 struct mgmt_cp_load_link_keys *cp = data;
2741 const u16 max_key_count = ((U16_MAX - sizeof(*cp)) /
2742 sizeof(struct mgmt_link_key_info));
2743 u16 key_count, expected_len;
2747 BT_DBG("request for %s", hdev->name);
2749 if (!lmp_bredr_capable(hdev))
2750 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2751 MGMT_STATUS_NOT_SUPPORTED);
2753 key_count = __le16_to_cpu(cp->key_count);
2754 if (key_count > max_key_count) {
2755 BT_ERR("load_link_keys: too big key_count value %u",
2757 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2758 MGMT_STATUS_INVALID_PARAMS);
2761 expected_len = sizeof(*cp) + key_count *
2762 sizeof(struct mgmt_link_key_info);
2763 if (expected_len != len) {
2764 BT_ERR("load_link_keys: expected %u bytes, got %u bytes",
2766 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2767 MGMT_STATUS_INVALID_PARAMS);
2770 if (cp->debug_keys != 0x00 && cp->debug_keys != 0x01)
2771 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2772 MGMT_STATUS_INVALID_PARAMS);
2774 BT_DBG("%s debug_keys %u key_count %u", hdev->name, cp->debug_keys,
2777 for (i = 0; i < key_count; i++) {
2778 struct mgmt_link_key_info *key = &cp->keys[i];
2780 if (key->addr.type != BDADDR_BREDR || key->type > 0x08)
2781 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2782 MGMT_STATUS_INVALID_PARAMS);
2787 hci_link_keys_clear(hdev);
2790 changed = !test_and_set_bit(HCI_KEEP_DEBUG_KEYS,
2793 changed = test_and_clear_bit(HCI_KEEP_DEBUG_KEYS,
2797 new_settings(hdev, NULL);
2799 for (i = 0; i < key_count; i++) {
2800 struct mgmt_link_key_info *key = &cp->keys[i];
2802 /* Always ignore debug keys and require a new pairing if
2803 * the user wants to use them.
2805 if (key->type == HCI_LK_DEBUG_COMBINATION)
2808 hci_add_link_key(hdev, NULL, &key->addr.bdaddr, key->val,
2809 key->type, key->pin_len, NULL);
2812 cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 0, NULL, 0);
2814 hci_dev_unlock(hdev);
2819 static int device_unpaired(struct hci_dev *hdev, bdaddr_t *bdaddr,
2820 u8 addr_type, struct sock *skip_sk)
2822 struct mgmt_ev_device_unpaired ev;
2824 bacpy(&ev.addr.bdaddr, bdaddr);
2825 ev.addr.type = addr_type;
2827 return mgmt_event(MGMT_EV_DEVICE_UNPAIRED, hdev, &ev, sizeof(ev),
2831 static int unpair_device(struct sock *sk, struct hci_dev *hdev, void *data,
2834 struct mgmt_cp_unpair_device *cp = data;
2835 struct mgmt_rp_unpair_device rp;
2836 struct hci_cp_disconnect dc;
2837 struct pending_cmd *cmd;
2838 struct hci_conn *conn;
2841 memset(&rp, 0, sizeof(rp));
2842 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2843 rp.addr.type = cp->addr.type;
2845 if (!bdaddr_type_is_valid(cp->addr.type))
2846 return cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2847 MGMT_STATUS_INVALID_PARAMS,
2850 if (cp->disconnect != 0x00 && cp->disconnect != 0x01)
2851 return cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2852 MGMT_STATUS_INVALID_PARAMS,
2857 if (!hdev_is_powered(hdev)) {
2858 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2859 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
2863 if (cp->addr.type == BDADDR_BREDR) {
2864 /* If disconnection is requested, then look up the
2865 * connection. If the remote device is connected, it
2866 * will be later used to terminate the link.
2868 * Setting it to NULL explicitly will cause no
2869 * termination of the link.
2872 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
2877 err = hci_remove_link_key(hdev, &cp->addr.bdaddr);
2881 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK,
2884 /* Defer clearing up the connection parameters
2885 * until closing to give a chance of keeping
2886 * them if a repairing happens.
2888 set_bit(HCI_CONN_PARAM_REMOVAL_PEND, &conn->flags);
2890 /* If disconnection is not requested, then
2891 * clear the connection variable so that the
2892 * link is not terminated.
2894 if (!cp->disconnect)
2898 if (cp->addr.type == BDADDR_LE_PUBLIC)
2899 addr_type = ADDR_LE_DEV_PUBLIC;
2901 addr_type = ADDR_LE_DEV_RANDOM;
2903 hci_remove_irk(hdev, &cp->addr.bdaddr, addr_type);
2905 err = hci_remove_ltk(hdev, &cp->addr.bdaddr, addr_type);
2909 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2910 MGMT_STATUS_NOT_PAIRED, &rp, sizeof(rp));
2914 /* If the connection variable is set, then termination of the
2915 * link is requested.
2918 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 0,
2920 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, sk);
2924 cmd = mgmt_pending_add(sk, MGMT_OP_UNPAIR_DEVICE, hdev, cp,
2931 cmd->cmd_complete = addr_cmd_complete;
2933 dc.handle = cpu_to_le16(conn->handle);
2934 dc.reason = 0x13; /* Remote User Terminated Connection */
2935 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
2937 mgmt_pending_remove(cmd);
2940 hci_dev_unlock(hdev);
2944 static int disconnect(struct sock *sk, struct hci_dev *hdev, void *data,
2947 struct mgmt_cp_disconnect *cp = data;
2948 struct mgmt_rp_disconnect rp;
2949 struct pending_cmd *cmd;
2950 struct hci_conn *conn;
2955 memset(&rp, 0, sizeof(rp));
2956 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2957 rp.addr.type = cp->addr.type;
2959 if (!bdaddr_type_is_valid(cp->addr.type))
2960 return cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2961 MGMT_STATUS_INVALID_PARAMS,
2966 if (!test_bit(HCI_UP, &hdev->flags)) {
2967 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2968 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
2972 if (mgmt_pending_find(MGMT_OP_DISCONNECT, hdev)) {
2973 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2974 MGMT_STATUS_BUSY, &rp, sizeof(rp));
2978 if (cp->addr.type == BDADDR_BREDR)
2979 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
2982 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
2984 if (!conn || conn->state == BT_OPEN || conn->state == BT_CLOSED) {
2985 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2986 MGMT_STATUS_NOT_CONNECTED, &rp, sizeof(rp));
2990 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, hdev, data, len);
2996 cmd->cmd_complete = generic_cmd_complete;
2998 err = hci_disconnect(conn, HCI_ERROR_REMOTE_USER_TERM);
3000 mgmt_pending_remove(cmd);
3003 hci_dev_unlock(hdev);
3007 static u8 link_to_bdaddr(u8 link_type, u8 addr_type)
3009 switch (link_type) {
3011 switch (addr_type) {
3012 case ADDR_LE_DEV_PUBLIC:
3013 return BDADDR_LE_PUBLIC;
3016 /* Fallback to LE Random address type */
3017 return BDADDR_LE_RANDOM;
3021 /* Fallback to BR/EDR type */
3022 return BDADDR_BREDR;
3026 static int get_connections(struct sock *sk, struct hci_dev *hdev, void *data,
3029 struct mgmt_rp_get_connections *rp;
3039 if (!hdev_is_powered(hdev)) {
3040 err = cmd_status(sk, hdev->id, MGMT_OP_GET_CONNECTIONS,
3041 MGMT_STATUS_NOT_POWERED);
3046 list_for_each_entry(c, &hdev->conn_hash.list, list) {
3047 if (test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
3051 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
3052 rp = kmalloc(rp_len, GFP_KERNEL);
3059 list_for_each_entry(c, &hdev->conn_hash.list, list) {
3060 if (!test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
3062 bacpy(&rp->addr[i].bdaddr, &c->dst);
3063 rp->addr[i].type = link_to_bdaddr(c->type, c->dst_type);
3064 if (c->type == SCO_LINK || c->type == ESCO_LINK)
3069 rp->conn_count = cpu_to_le16(i);
3071 /* Recalculate length in case of filtered SCO connections, etc */
3072 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
3074 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONNECTIONS, 0, rp,
3080 hci_dev_unlock(hdev);
3084 static int send_pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
3085 struct mgmt_cp_pin_code_neg_reply *cp)
3087 struct pending_cmd *cmd;
3090 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, hdev, cp,
3095 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
3096 sizeof(cp->addr.bdaddr), &cp->addr.bdaddr);
3098 mgmt_pending_remove(cmd);
3103 static int pin_code_reply(struct sock *sk, struct hci_dev *hdev, void *data,
3106 struct hci_conn *conn;
3107 struct mgmt_cp_pin_code_reply *cp = data;
3108 struct hci_cp_pin_code_reply reply;
3109 struct pending_cmd *cmd;
3116 if (!hdev_is_powered(hdev)) {
3117 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
3118 MGMT_STATUS_NOT_POWERED);
3122 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr);
3124 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
3125 MGMT_STATUS_NOT_CONNECTED);
3129 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) {
3130 struct mgmt_cp_pin_code_neg_reply ncp;
3132 memcpy(&ncp.addr, &cp->addr, sizeof(ncp.addr));
3134 BT_ERR("PIN code is not 16 bytes long");
3136 err = send_pin_code_neg_reply(sk, hdev, &ncp);
3138 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
3139 MGMT_STATUS_INVALID_PARAMS);
3144 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, hdev, data, len);
3150 cmd->cmd_complete = addr_cmd_complete;
3152 bacpy(&reply.bdaddr, &cp->addr.bdaddr);
3153 reply.pin_len = cp->pin_len;
3154 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code));
3156 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply);
3158 mgmt_pending_remove(cmd);
3161 hci_dev_unlock(hdev);
3165 static int set_io_capability(struct sock *sk, struct hci_dev *hdev, void *data,
3168 struct mgmt_cp_set_io_capability *cp = data;
3172 if (cp->io_capability > SMP_IO_KEYBOARD_DISPLAY)
3173 return cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY,
3174 MGMT_STATUS_INVALID_PARAMS, NULL, 0);
3178 hdev->io_capability = cp->io_capability;
3180 BT_DBG("%s IO capability set to 0x%02x", hdev->name,
3181 hdev->io_capability);
3183 hci_dev_unlock(hdev);
3185 return cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY, 0, NULL,
3189 static struct pending_cmd *find_pairing(struct hci_conn *conn)
3191 struct hci_dev *hdev = conn->hdev;
3192 struct pending_cmd *cmd;
3194 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
3195 if (cmd->opcode != MGMT_OP_PAIR_DEVICE)
3198 if (cmd->user_data != conn)
3207 static int pairing_complete(struct pending_cmd *cmd, u8 status)
3209 struct mgmt_rp_pair_device rp;
3210 struct hci_conn *conn = cmd->user_data;
3213 bacpy(&rp.addr.bdaddr, &conn->dst);
3214 rp.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
3216 err = cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE, status,
3219 /* So we don't get further callbacks for this connection */
3220 conn->connect_cfm_cb = NULL;
3221 conn->security_cfm_cb = NULL;
3222 conn->disconn_cfm_cb = NULL;
3224 hci_conn_drop(conn);
3226 /* The device is paired so there is no need to remove
3227 * its connection parameters anymore.
3229 clear_bit(HCI_CONN_PARAM_REMOVAL_PEND, &conn->flags);
3236 void mgmt_smp_complete(struct hci_conn *conn, bool complete)
3238 u8 status = complete ? MGMT_STATUS_SUCCESS : MGMT_STATUS_FAILED;
3239 struct pending_cmd *cmd;
3241 cmd = find_pairing(conn);
3243 cmd->cmd_complete(cmd, status);
3244 mgmt_pending_remove(cmd);
3248 static void pairing_complete_cb(struct hci_conn *conn, u8 status)
3250 struct pending_cmd *cmd;
3252 BT_DBG("status %u", status);
3254 cmd = find_pairing(conn);
3256 BT_DBG("Unable to find a pending command");
3260 cmd->cmd_complete(cmd, mgmt_status(status));
3261 mgmt_pending_remove(cmd);
3264 static void le_pairing_complete_cb(struct hci_conn *conn, u8 status)
3266 struct pending_cmd *cmd;
3268 BT_DBG("status %u", status);
3273 cmd = find_pairing(conn);
3275 BT_DBG("Unable to find a pending command");
3279 cmd->cmd_complete(cmd, mgmt_status(status));
3280 mgmt_pending_remove(cmd);
3283 static int pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
3286 struct mgmt_cp_pair_device *cp = data;
3287 struct mgmt_rp_pair_device rp;
3288 struct pending_cmd *cmd;
3289 u8 sec_level, auth_type;
3290 struct hci_conn *conn;
3295 memset(&rp, 0, sizeof(rp));
3296 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
3297 rp.addr.type = cp->addr.type;
3299 if (!bdaddr_type_is_valid(cp->addr.type))
3300 return cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3301 MGMT_STATUS_INVALID_PARAMS,
3304 if (cp->io_cap > SMP_IO_KEYBOARD_DISPLAY)
3305 return cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3306 MGMT_STATUS_INVALID_PARAMS,
3311 if (!hdev_is_powered(hdev)) {
3312 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3313 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
3317 sec_level = BT_SECURITY_MEDIUM;
3318 auth_type = HCI_AT_DEDICATED_BONDING;
3320 if (cp->addr.type == BDADDR_BREDR) {
3321 conn = hci_connect_acl(hdev, &cp->addr.bdaddr, sec_level,
3326 /* Convert from L2CAP channel address type to HCI address type
3328 if (cp->addr.type == BDADDR_LE_PUBLIC)
3329 addr_type = ADDR_LE_DEV_PUBLIC;
3331 addr_type = ADDR_LE_DEV_RANDOM;
3333 /* When pairing a new device, it is expected to remember
3334 * this device for future connections. Adding the connection
3335 * parameter information ahead of time allows tracking
3336 * of the slave preferred values and will speed up any
3337 * further connection establishment.
3339 * If connection parameters already exist, then they
3340 * will be kept and this function does nothing.
3342 hci_conn_params_add(hdev, &cp->addr.bdaddr, addr_type);
3344 conn = hci_connect_le(hdev, &cp->addr.bdaddr, addr_type,
3345 sec_level, HCI_LE_CONN_TIMEOUT,
3352 if (PTR_ERR(conn) == -EBUSY)
3353 status = MGMT_STATUS_BUSY;
3355 status = MGMT_STATUS_CONNECT_FAILED;
3357 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3363 if (conn->connect_cfm_cb) {
3364 hci_conn_drop(conn);
3365 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3366 MGMT_STATUS_BUSY, &rp, sizeof(rp));
3370 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len);
3373 hci_conn_drop(conn);
3377 cmd->cmd_complete = pairing_complete;
3379 /* For LE, just connecting isn't a proof that the pairing finished */
3380 if (cp->addr.type == BDADDR_BREDR) {
3381 conn->connect_cfm_cb = pairing_complete_cb;
3382 conn->security_cfm_cb = pairing_complete_cb;
3383 conn->disconn_cfm_cb = pairing_complete_cb;
3385 conn->connect_cfm_cb = le_pairing_complete_cb;
3386 conn->security_cfm_cb = le_pairing_complete_cb;
3387 conn->disconn_cfm_cb = le_pairing_complete_cb;
3390 conn->io_capability = cp->io_cap;
3391 cmd->user_data = hci_conn_get(conn);
3393 if ((conn->state == BT_CONNECTED || conn->state == BT_CONFIG) &&
3394 hci_conn_security(conn, sec_level, auth_type, true)) {
3395 cmd->cmd_complete(cmd, 0);
3396 mgmt_pending_remove(cmd);
3402 hci_dev_unlock(hdev);
3406 static int cancel_pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
3409 struct mgmt_addr_info *addr = data;
3410 struct pending_cmd *cmd;
3411 struct hci_conn *conn;
3418 if (!hdev_is_powered(hdev)) {
3419 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
3420 MGMT_STATUS_NOT_POWERED);
3424 cmd = mgmt_pending_find(MGMT_OP_PAIR_DEVICE, hdev);
3426 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
3427 MGMT_STATUS_INVALID_PARAMS);
3431 conn = cmd->user_data;
3433 if (bacmp(&addr->bdaddr, &conn->dst) != 0) {
3434 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
3435 MGMT_STATUS_INVALID_PARAMS);
3439 cmd->cmd_complete(cmd, MGMT_STATUS_CANCELLED);
3440 mgmt_pending_remove(cmd);
3442 err = cmd_complete(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE, 0,
3443 addr, sizeof(*addr));
3445 hci_dev_unlock(hdev);
3449 static int user_pairing_resp(struct sock *sk, struct hci_dev *hdev,
3450 struct mgmt_addr_info *addr, u16 mgmt_op,
3451 u16 hci_op, __le32 passkey)
3453 struct pending_cmd *cmd;
3454 struct hci_conn *conn;
3459 if (!hdev_is_powered(hdev)) {
3460 err = cmd_complete(sk, hdev->id, mgmt_op,
3461 MGMT_STATUS_NOT_POWERED, addr,
3466 if (addr->type == BDADDR_BREDR)
3467 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &addr->bdaddr);
3469 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &addr->bdaddr);
3472 err = cmd_complete(sk, hdev->id, mgmt_op,
3473 MGMT_STATUS_NOT_CONNECTED, addr,
3478 if (addr->type == BDADDR_LE_PUBLIC || addr->type == BDADDR_LE_RANDOM) {
3479 err = smp_user_confirm_reply(conn, mgmt_op, passkey);
3481 err = cmd_complete(sk, hdev->id, mgmt_op,
3482 MGMT_STATUS_SUCCESS, addr,
3485 err = cmd_complete(sk, hdev->id, mgmt_op,
3486 MGMT_STATUS_FAILED, addr,
3492 cmd = mgmt_pending_add(sk, mgmt_op, hdev, addr, sizeof(*addr));
3498 cmd->cmd_complete = addr_cmd_complete;
3500 /* Continue with pairing via HCI */
3501 if (hci_op == HCI_OP_USER_PASSKEY_REPLY) {
3502 struct hci_cp_user_passkey_reply cp;
3504 bacpy(&cp.bdaddr, &addr->bdaddr);
3505 cp.passkey = passkey;
3506 err = hci_send_cmd(hdev, hci_op, sizeof(cp), &cp);
3508 err = hci_send_cmd(hdev, hci_op, sizeof(addr->bdaddr),
3512 mgmt_pending_remove(cmd);
3515 hci_dev_unlock(hdev);
3519 static int pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
3520 void *data, u16 len)
3522 struct mgmt_cp_pin_code_neg_reply *cp = data;
3526 return user_pairing_resp(sk, hdev, &cp->addr,
3527 MGMT_OP_PIN_CODE_NEG_REPLY,
3528 HCI_OP_PIN_CODE_NEG_REPLY, 0);
3531 static int user_confirm_reply(struct sock *sk, struct hci_dev *hdev, void *data,
3534 struct mgmt_cp_user_confirm_reply *cp = data;
3538 if (len != sizeof(*cp))
3539 return cmd_status(sk, hdev->id, MGMT_OP_USER_CONFIRM_REPLY,
3540 MGMT_STATUS_INVALID_PARAMS);
3542 return user_pairing_resp(sk, hdev, &cp->addr,
3543 MGMT_OP_USER_CONFIRM_REPLY,
3544 HCI_OP_USER_CONFIRM_REPLY, 0);
3547 static int user_confirm_neg_reply(struct sock *sk, struct hci_dev *hdev,
3548 void *data, u16 len)
3550 struct mgmt_cp_user_confirm_neg_reply *cp = data;
3554 return user_pairing_resp(sk, hdev, &cp->addr,
3555 MGMT_OP_USER_CONFIRM_NEG_REPLY,
3556 HCI_OP_USER_CONFIRM_NEG_REPLY, 0);
3559 static int user_passkey_reply(struct sock *sk, struct hci_dev *hdev, void *data,
3562 struct mgmt_cp_user_passkey_reply *cp = data;
3566 return user_pairing_resp(sk, hdev, &cp->addr,
3567 MGMT_OP_USER_PASSKEY_REPLY,
3568 HCI_OP_USER_PASSKEY_REPLY, cp->passkey);
3571 static int user_passkey_neg_reply(struct sock *sk, struct hci_dev *hdev,
3572 void *data, u16 len)
3574 struct mgmt_cp_user_passkey_neg_reply *cp = data;
3578 return user_pairing_resp(sk, hdev, &cp->addr,
3579 MGMT_OP_USER_PASSKEY_NEG_REPLY,
3580 HCI_OP_USER_PASSKEY_NEG_REPLY, 0);
3583 static void update_name(struct hci_request *req)
3585 struct hci_dev *hdev = req->hdev;
3586 struct hci_cp_write_local_name cp;
3588 memcpy(cp.name, hdev->dev_name, sizeof(cp.name));
3590 hci_req_add(req, HCI_OP_WRITE_LOCAL_NAME, sizeof(cp), &cp);
3593 static void set_name_complete(struct hci_dev *hdev, u8 status, u16 opcode)
3595 struct mgmt_cp_set_local_name *cp;
3596 struct pending_cmd *cmd;
3598 BT_DBG("status 0x%02x", status);
3602 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
3609 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME,
3610 mgmt_status(status));
3612 cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3615 mgmt_pending_remove(cmd);
3618 hci_dev_unlock(hdev);
3621 static int set_local_name(struct sock *sk, struct hci_dev *hdev, void *data,
3624 struct mgmt_cp_set_local_name *cp = data;
3625 struct pending_cmd *cmd;
3626 struct hci_request req;
3633 /* If the old values are the same as the new ones just return a
3634 * direct command complete event.
3636 if (!memcmp(hdev->dev_name, cp->name, sizeof(hdev->dev_name)) &&
3637 !memcmp(hdev->short_name, cp->short_name,
3638 sizeof(hdev->short_name))) {
3639 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3644 memcpy(hdev->short_name, cp->short_name, sizeof(hdev->short_name));
3646 if (!hdev_is_powered(hdev)) {
3647 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
3649 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3654 err = mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, data, len,
3660 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, hdev, data, len);
3666 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
3668 hci_req_init(&req, hdev);
3670 if (lmp_bredr_capable(hdev)) {
3675 /* The name is stored in the scan response data and so
3676 * no need to udpate the advertising data here.
3678 if (lmp_le_capable(hdev))
3679 update_scan_rsp_data(&req);
3681 err = hci_req_run(&req, set_name_complete);
3683 mgmt_pending_remove(cmd);
3686 hci_dev_unlock(hdev);
3690 static int read_local_oob_data(struct sock *sk, struct hci_dev *hdev,
3691 void *data, u16 data_len)
3693 struct pending_cmd *cmd;
3696 BT_DBG("%s", hdev->name);
3700 if (!hdev_is_powered(hdev)) {
3701 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3702 MGMT_STATUS_NOT_POWERED);
3706 if (!lmp_ssp_capable(hdev)) {
3707 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3708 MGMT_STATUS_NOT_SUPPORTED);
3712 if (mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev)) {
3713 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3718 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_DATA, hdev, NULL, 0);
3724 if (bredr_sc_enabled(hdev))
3725 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_EXT_DATA,
3728 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
3731 mgmt_pending_remove(cmd);
3734 hci_dev_unlock(hdev);
3738 static int add_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
3739 void *data, u16 len)
3741 struct mgmt_addr_info *addr = data;
3744 BT_DBG("%s ", hdev->name);
3746 if (!bdaddr_type_is_valid(addr->type))
3747 return cmd_complete(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA,
3748 MGMT_STATUS_INVALID_PARAMS, addr,
3753 if (len == MGMT_ADD_REMOTE_OOB_DATA_SIZE) {
3754 struct mgmt_cp_add_remote_oob_data *cp = data;
3757 if (cp->addr.type != BDADDR_BREDR) {
3758 err = cmd_complete(sk, hdev->id,
3759 MGMT_OP_ADD_REMOTE_OOB_DATA,
3760 MGMT_STATUS_INVALID_PARAMS,
3761 &cp->addr, sizeof(cp->addr));
3765 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr,
3766 cp->addr.type, cp->hash,
3767 cp->rand, NULL, NULL);
3769 status = MGMT_STATUS_FAILED;
3771 status = MGMT_STATUS_SUCCESS;
3773 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA,
3774 status, &cp->addr, sizeof(cp->addr));
3775 } else if (len == MGMT_ADD_REMOTE_OOB_EXT_DATA_SIZE) {
3776 struct mgmt_cp_add_remote_oob_ext_data *cp = data;
3777 u8 *rand192, *hash192;
3780 if (bdaddr_type_is_le(cp->addr.type)) {
3781 /* Enforce zero-valued 192-bit parameters as
3782 * long as legacy SMP OOB isn't implemented.
3784 if (memcmp(cp->rand192, ZERO_KEY, 16) ||
3785 memcmp(cp->hash192, ZERO_KEY, 16)) {
3786 err = cmd_complete(sk, hdev->id,
3787 MGMT_OP_ADD_REMOTE_OOB_DATA,
3788 MGMT_STATUS_INVALID_PARAMS,
3789 addr, sizeof(*addr));
3796 rand192 = cp->rand192;
3797 hash192 = cp->hash192;
3800 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr,
3801 cp->addr.type, hash192, rand192,
3802 cp->hash256, cp->rand256);
3804 status = MGMT_STATUS_FAILED;
3806 status = MGMT_STATUS_SUCCESS;
3808 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA,
3809 status, &cp->addr, sizeof(cp->addr));
3811 BT_ERR("add_remote_oob_data: invalid length of %u bytes", len);
3812 err = cmd_status(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA,
3813 MGMT_STATUS_INVALID_PARAMS);
3817 hci_dev_unlock(hdev);
3821 static int remove_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
3822 void *data, u16 len)
3824 struct mgmt_cp_remove_remote_oob_data *cp = data;
3828 BT_DBG("%s", hdev->name);
3830 if (cp->addr.type != BDADDR_BREDR)
3831 return cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
3832 MGMT_STATUS_INVALID_PARAMS,
3833 &cp->addr, sizeof(cp->addr));
3837 if (!bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
3838 hci_remote_oob_data_clear(hdev);
3839 status = MGMT_STATUS_SUCCESS;
3843 err = hci_remove_remote_oob_data(hdev, &cp->addr.bdaddr, cp->addr.type);
3845 status = MGMT_STATUS_INVALID_PARAMS;
3847 status = MGMT_STATUS_SUCCESS;
3850 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
3851 status, &cp->addr, sizeof(cp->addr));
3853 hci_dev_unlock(hdev);
3857 static bool trigger_discovery(struct hci_request *req, u8 *status)
3859 struct hci_dev *hdev = req->hdev;
3860 struct hci_cp_le_set_scan_param param_cp;
3861 struct hci_cp_le_set_scan_enable enable_cp;
3862 struct hci_cp_inquiry inq_cp;
3863 /* General inquiry access code (GIAC) */
3864 u8 lap[3] = { 0x33, 0x8b, 0x9e };
3868 switch (hdev->discovery.type) {
3869 case DISCOV_TYPE_BREDR:
3870 *status = mgmt_bredr_support(hdev);
3874 if (test_bit(HCI_INQUIRY, &hdev->flags)) {
3875 *status = MGMT_STATUS_BUSY;
3879 hci_inquiry_cache_flush(hdev);
3881 memset(&inq_cp, 0, sizeof(inq_cp));
3882 memcpy(&inq_cp.lap, lap, sizeof(inq_cp.lap));
3883 inq_cp.length = DISCOV_BREDR_INQUIRY_LEN;
3884 hci_req_add(req, HCI_OP_INQUIRY, sizeof(inq_cp), &inq_cp);
3887 case DISCOV_TYPE_LE:
3888 case DISCOV_TYPE_INTERLEAVED:
3889 *status = mgmt_le_support(hdev);
3893 if (hdev->discovery.type == DISCOV_TYPE_INTERLEAVED &&
3894 !test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
3895 *status = MGMT_STATUS_NOT_SUPPORTED;
3899 if (test_bit(HCI_LE_ADV, &hdev->dev_flags)) {
3900 /* Don't let discovery abort an outgoing
3901 * connection attempt that's using directed
3904 if (hci_conn_hash_lookup_state(hdev, LE_LINK,
3906 *status = MGMT_STATUS_REJECTED;
3910 disable_advertising(req);
3913 /* If controller is scanning, it means the background scanning
3914 * is running. Thus, we should temporarily stop it in order to
3915 * set the discovery scanning parameters.
3917 if (test_bit(HCI_LE_SCAN, &hdev->dev_flags))
3918 hci_req_add_le_scan_disable(req);
3920 memset(¶m_cp, 0, sizeof(param_cp));
3922 /* All active scans will be done with either a resolvable
3923 * private address (when privacy feature has been enabled)
3924 * or non-resolvable private address.
3926 err = hci_update_random_address(req, true, &own_addr_type);
3928 *status = MGMT_STATUS_FAILED;
3932 param_cp.type = LE_SCAN_ACTIVE;
3933 param_cp.interval = cpu_to_le16(DISCOV_LE_SCAN_INT);
3934 param_cp.window = cpu_to_le16(DISCOV_LE_SCAN_WIN);
3935 param_cp.own_address_type = own_addr_type;
3936 hci_req_add(req, HCI_OP_LE_SET_SCAN_PARAM, sizeof(param_cp),
3939 memset(&enable_cp, 0, sizeof(enable_cp));
3940 enable_cp.enable = LE_SCAN_ENABLE;
3941 enable_cp.filter_dup = LE_SCAN_FILTER_DUP_ENABLE;
3942 hci_req_add(req, HCI_OP_LE_SET_SCAN_ENABLE, sizeof(enable_cp),
3947 *status = MGMT_STATUS_INVALID_PARAMS;
3954 static void start_discovery_complete(struct hci_dev *hdev, u8 status,
3957 struct pending_cmd *cmd;
3958 unsigned long timeout;
3960 BT_DBG("status %d", status);
3964 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
3966 cmd = mgmt_pending_find(MGMT_OP_START_SERVICE_DISCOVERY, hdev);
3969 cmd->cmd_complete(cmd, mgmt_status(status));
3970 mgmt_pending_remove(cmd);
3974 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3978 hci_discovery_set_state(hdev, DISCOVERY_FINDING);
3980 switch (hdev->discovery.type) {
3981 case DISCOV_TYPE_LE:
3982 timeout = msecs_to_jiffies(DISCOV_LE_TIMEOUT);
3984 case DISCOV_TYPE_INTERLEAVED:
3985 timeout = msecs_to_jiffies(hdev->discov_interleaved_timeout);
3987 case DISCOV_TYPE_BREDR:
3991 BT_ERR("Invalid discovery type %d", hdev->discovery.type);
3997 queue_delayed_work(hdev->workqueue,
3998 &hdev->le_scan_disable, timeout);
4001 hci_dev_unlock(hdev);
4004 static int start_discovery(struct sock *sk, struct hci_dev *hdev,
4005 void *data, u16 len)
4007 struct mgmt_cp_start_discovery *cp = data;
4008 struct pending_cmd *cmd;
4009 struct hci_request req;
4013 BT_DBG("%s", hdev->name);
4017 if (!hdev_is_powered(hdev)) {
4018 err = cmd_complete(sk, hdev->id, MGMT_OP_START_DISCOVERY,
4019 MGMT_STATUS_NOT_POWERED,
4020 &cp->type, sizeof(cp->type));
4024 if (hdev->discovery.state != DISCOVERY_STOPPED ||
4025 test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags)) {
4026 err = cmd_complete(sk, hdev->id, MGMT_OP_START_DISCOVERY,
4027 MGMT_STATUS_BUSY, &cp->type,
4032 cmd = mgmt_pending_add(sk, MGMT_OP_START_DISCOVERY, hdev, data, len);
4038 cmd->cmd_complete = generic_cmd_complete;
4040 /* Clear the discovery filter first to free any previously
4041 * allocated memory for the UUID list.
4043 hci_discovery_filter_clear(hdev);
4045 hdev->discovery.type = cp->type;
4046 hdev->discovery.report_invalid_rssi = false;
4048 hci_req_init(&req, hdev);
4050 if (!trigger_discovery(&req, &status)) {
4051 err = cmd_complete(sk, hdev->id, MGMT_OP_START_DISCOVERY,
4052 status, &cp->type, sizeof(cp->type));
4053 mgmt_pending_remove(cmd);
4057 err = hci_req_run(&req, start_discovery_complete);
4059 mgmt_pending_remove(cmd);
4063 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
4066 hci_dev_unlock(hdev);
4070 static int service_discovery_cmd_complete(struct pending_cmd *cmd, u8 status)
4072 return cmd_complete(cmd->sk, cmd->index, cmd->opcode, status,
4076 static int start_service_discovery(struct sock *sk, struct hci_dev *hdev,
4077 void *data, u16 len)
4079 struct mgmt_cp_start_service_discovery *cp = data;
4080 struct pending_cmd *cmd;
4081 struct hci_request req;
4082 const u16 max_uuid_count = ((U16_MAX - sizeof(*cp)) / 16);
4083 u16 uuid_count, expected_len;
4087 BT_DBG("%s", hdev->name);
4091 if (!hdev_is_powered(hdev)) {
4092 err = cmd_complete(sk, hdev->id,
4093 MGMT_OP_START_SERVICE_DISCOVERY,
4094 MGMT_STATUS_NOT_POWERED,
4095 &cp->type, sizeof(cp->type));
4099 if (hdev->discovery.state != DISCOVERY_STOPPED ||
4100 test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags)) {
4101 err = cmd_complete(sk, hdev->id,
4102 MGMT_OP_START_SERVICE_DISCOVERY,
4103 MGMT_STATUS_BUSY, &cp->type,
4108 uuid_count = __le16_to_cpu(cp->uuid_count);
4109 if (uuid_count > max_uuid_count) {
4110 BT_ERR("service_discovery: too big uuid_count value %u",
4112 err = cmd_complete(sk, hdev->id,
4113 MGMT_OP_START_SERVICE_DISCOVERY,
4114 MGMT_STATUS_INVALID_PARAMS, &cp->type,
4119 expected_len = sizeof(*cp) + uuid_count * 16;
4120 if (expected_len != len) {
4121 BT_ERR("service_discovery: expected %u bytes, got %u bytes",
4123 err = cmd_complete(sk, hdev->id,
4124 MGMT_OP_START_SERVICE_DISCOVERY,
4125 MGMT_STATUS_INVALID_PARAMS, &cp->type,
4130 cmd = mgmt_pending_add(sk, MGMT_OP_START_SERVICE_DISCOVERY,
4137 cmd->cmd_complete = service_discovery_cmd_complete;
4139 /* Clear the discovery filter first to free any previously
4140 * allocated memory for the UUID list.
4142 hci_discovery_filter_clear(hdev);
4144 hdev->discovery.type = cp->type;
4145 hdev->discovery.rssi = cp->rssi;
4146 hdev->discovery.uuid_count = uuid_count;
4148 if (uuid_count > 0) {
4149 hdev->discovery.uuids = kmemdup(cp->uuids, uuid_count * 16,
4151 if (!hdev->discovery.uuids) {
4152 err = cmd_complete(sk, hdev->id,
4153 MGMT_OP_START_SERVICE_DISCOVERY,
4155 &cp->type, sizeof(cp->type));
4156 mgmt_pending_remove(cmd);
4161 hci_req_init(&req, hdev);
4163 if (!trigger_discovery(&req, &status)) {
4164 err = cmd_complete(sk, hdev->id,
4165 MGMT_OP_START_SERVICE_DISCOVERY,
4166 status, &cp->type, sizeof(cp->type));
4167 mgmt_pending_remove(cmd);
4171 err = hci_req_run(&req, start_discovery_complete);
4173 mgmt_pending_remove(cmd);
4177 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
4180 hci_dev_unlock(hdev);
4184 static void stop_discovery_complete(struct hci_dev *hdev, u8 status, u16 opcode)
4186 struct pending_cmd *cmd;
4188 BT_DBG("status %d", status);
4192 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
4194 cmd->cmd_complete(cmd, mgmt_status(status));
4195 mgmt_pending_remove(cmd);
4199 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
4201 hci_dev_unlock(hdev);
4204 static int stop_discovery(struct sock *sk, struct hci_dev *hdev, void *data,
4207 struct mgmt_cp_stop_discovery *mgmt_cp = data;
4208 struct pending_cmd *cmd;
4209 struct hci_request req;
4212 BT_DBG("%s", hdev->name);
4216 if (!hci_discovery_active(hdev)) {
4217 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
4218 MGMT_STATUS_REJECTED, &mgmt_cp->type,
4219 sizeof(mgmt_cp->type));
4223 if (hdev->discovery.type != mgmt_cp->type) {
4224 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
4225 MGMT_STATUS_INVALID_PARAMS, &mgmt_cp->type,
4226 sizeof(mgmt_cp->type));
4230 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, hdev, data, len);
4236 cmd->cmd_complete = generic_cmd_complete;
4238 hci_req_init(&req, hdev);
4240 hci_stop_discovery(&req);
4242 err = hci_req_run(&req, stop_discovery_complete);
4244 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
4248 mgmt_pending_remove(cmd);
4250 /* If no HCI commands were sent we're done */
4251 if (err == -ENODATA) {
4252 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY, 0,
4253 &mgmt_cp->type, sizeof(mgmt_cp->type));
4254 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
4258 hci_dev_unlock(hdev);
4262 static int confirm_name(struct sock *sk, struct hci_dev *hdev, void *data,
4265 struct mgmt_cp_confirm_name *cp = data;
4266 struct inquiry_entry *e;
4269 BT_DBG("%s", hdev->name);
4273 if (!hci_discovery_active(hdev)) {
4274 err = cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
4275 MGMT_STATUS_FAILED, &cp->addr,
4280 e = hci_inquiry_cache_lookup_unknown(hdev, &cp->addr.bdaddr);
4282 err = cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
4283 MGMT_STATUS_INVALID_PARAMS, &cp->addr,
4288 if (cp->name_known) {
4289 e->name_state = NAME_KNOWN;
4292 e->name_state = NAME_NEEDED;
4293 hci_inquiry_cache_update_resolve(hdev, e);
4296 err = cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME, 0, &cp->addr,
4300 hci_dev_unlock(hdev);
4304 static int block_device(struct sock *sk, struct hci_dev *hdev, void *data,
4307 struct mgmt_cp_block_device *cp = data;
4311 BT_DBG("%s", hdev->name);
4313 if (!bdaddr_type_is_valid(cp->addr.type))
4314 return cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE,
4315 MGMT_STATUS_INVALID_PARAMS,
4316 &cp->addr, sizeof(cp->addr));
4320 err = hci_bdaddr_list_add(&hdev->blacklist, &cp->addr.bdaddr,
4323 status = MGMT_STATUS_FAILED;
4327 mgmt_event(MGMT_EV_DEVICE_BLOCKED, hdev, &cp->addr, sizeof(cp->addr),
4329 status = MGMT_STATUS_SUCCESS;
4332 err = cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE, status,
4333 &cp->addr, sizeof(cp->addr));
4335 hci_dev_unlock(hdev);
4340 static int unblock_device(struct sock *sk, struct hci_dev *hdev, void *data,
4343 struct mgmt_cp_unblock_device *cp = data;
4347 BT_DBG("%s", hdev->name);
4349 if (!bdaddr_type_is_valid(cp->addr.type))
4350 return cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE,
4351 MGMT_STATUS_INVALID_PARAMS,
4352 &cp->addr, sizeof(cp->addr));
4356 err = hci_bdaddr_list_del(&hdev->blacklist, &cp->addr.bdaddr,
4359 status = MGMT_STATUS_INVALID_PARAMS;
4363 mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, hdev, &cp->addr, sizeof(cp->addr),
4365 status = MGMT_STATUS_SUCCESS;
4368 err = cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE, status,
4369 &cp->addr, sizeof(cp->addr));
4371 hci_dev_unlock(hdev);
4376 static int set_device_id(struct sock *sk, struct hci_dev *hdev, void *data,
4379 struct mgmt_cp_set_device_id *cp = data;
4380 struct hci_request req;
4384 BT_DBG("%s", hdev->name);
4386 source = __le16_to_cpu(cp->source);
4388 if (source > 0x0002)
4389 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEVICE_ID,
4390 MGMT_STATUS_INVALID_PARAMS);
4394 hdev->devid_source = source;
4395 hdev->devid_vendor = __le16_to_cpu(cp->vendor);
4396 hdev->devid_product = __le16_to_cpu(cp->product);
4397 hdev->devid_version = __le16_to_cpu(cp->version);
4399 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEVICE_ID, 0, NULL, 0);
4401 hci_req_init(&req, hdev);
4403 hci_req_run(&req, NULL);
4405 hci_dev_unlock(hdev);
4410 static void set_advertising_complete(struct hci_dev *hdev, u8 status,
4413 struct cmd_lookup match = { NULL, hdev };
4418 u8 mgmt_err = mgmt_status(status);
4420 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev,
4421 cmd_status_rsp, &mgmt_err);
4425 if (test_bit(HCI_LE_ADV, &hdev->dev_flags))
4426 set_bit(HCI_ADVERTISING, &hdev->dev_flags);
4428 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
4430 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev, settings_rsp,
4433 new_settings(hdev, match.sk);
4439 hci_dev_unlock(hdev);
4442 static int set_advertising(struct sock *sk, struct hci_dev *hdev, void *data,
4445 struct mgmt_mode *cp = data;
4446 struct pending_cmd *cmd;
4447 struct hci_request req;
4448 u8 val, enabled, status;
4451 BT_DBG("request for %s", hdev->name);
4453 status = mgmt_le_support(hdev);
4455 return cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
4458 if (cp->val != 0x00 && cp->val != 0x01)
4459 return cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
4460 MGMT_STATUS_INVALID_PARAMS);
4465 enabled = test_bit(HCI_ADVERTISING, &hdev->dev_flags);
4467 /* The following conditions are ones which mean that we should
4468 * not do any HCI communication but directly send a mgmt
4469 * response to user space (after toggling the flag if
4472 if (!hdev_is_powered(hdev) || val == enabled ||
4473 hci_conn_num(hdev, LE_LINK) > 0 ||
4474 (test_bit(HCI_LE_SCAN, &hdev->dev_flags) &&
4475 hdev->le_scan_type == LE_SCAN_ACTIVE)) {
4476 bool changed = false;
4478 if (val != test_bit(HCI_ADVERTISING, &hdev->dev_flags)) {
4479 change_bit(HCI_ADVERTISING, &hdev->dev_flags);
4483 err = send_settings_rsp(sk, MGMT_OP_SET_ADVERTISING, hdev);
4488 err = new_settings(hdev, sk);
4493 if (mgmt_pending_find(MGMT_OP_SET_ADVERTISING, hdev) ||
4494 mgmt_pending_find(MGMT_OP_SET_LE, hdev)) {
4495 err = cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
4500 cmd = mgmt_pending_add(sk, MGMT_OP_SET_ADVERTISING, hdev, data, len);
4506 hci_req_init(&req, hdev);
4509 enable_advertising(&req);
4511 disable_advertising(&req);
4513 err = hci_req_run(&req, set_advertising_complete);
4515 mgmt_pending_remove(cmd);
4518 hci_dev_unlock(hdev);
4522 static int set_static_address(struct sock *sk, struct hci_dev *hdev,
4523 void *data, u16 len)
4525 struct mgmt_cp_set_static_address *cp = data;
4528 BT_DBG("%s", hdev->name);
4530 if (!lmp_le_capable(hdev))
4531 return cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
4532 MGMT_STATUS_NOT_SUPPORTED);
4534 if (hdev_is_powered(hdev))
4535 return cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
4536 MGMT_STATUS_REJECTED);
4538 if (bacmp(&cp->bdaddr, BDADDR_ANY)) {
4539 if (!bacmp(&cp->bdaddr, BDADDR_NONE))
4540 return cmd_status(sk, hdev->id,
4541 MGMT_OP_SET_STATIC_ADDRESS,
4542 MGMT_STATUS_INVALID_PARAMS);
4544 /* Two most significant bits shall be set */
4545 if ((cp->bdaddr.b[5] & 0xc0) != 0xc0)
4546 return cmd_status(sk, hdev->id,
4547 MGMT_OP_SET_STATIC_ADDRESS,
4548 MGMT_STATUS_INVALID_PARAMS);
4553 bacpy(&hdev->static_addr, &cp->bdaddr);
4555 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS, 0, NULL, 0);
4557 hci_dev_unlock(hdev);
4562 static int set_scan_params(struct sock *sk, struct hci_dev *hdev,
4563 void *data, u16 len)
4565 struct mgmt_cp_set_scan_params *cp = data;
4566 __u16 interval, window;
4569 BT_DBG("%s", hdev->name);
4571 if (!lmp_le_capable(hdev))
4572 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4573 MGMT_STATUS_NOT_SUPPORTED);
4575 interval = __le16_to_cpu(cp->interval);
4577 if (interval < 0x0004 || interval > 0x4000)
4578 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4579 MGMT_STATUS_INVALID_PARAMS);
4581 window = __le16_to_cpu(cp->window);
4583 if (window < 0x0004 || window > 0x4000)
4584 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4585 MGMT_STATUS_INVALID_PARAMS);
4587 if (window > interval)
4588 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4589 MGMT_STATUS_INVALID_PARAMS);
4593 hdev->le_scan_interval = interval;
4594 hdev->le_scan_window = window;
4596 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS, 0, NULL, 0);
4598 /* If background scan is running, restart it so new parameters are
4601 if (test_bit(HCI_LE_SCAN, &hdev->dev_flags) &&
4602 hdev->discovery.state == DISCOVERY_STOPPED) {
4603 struct hci_request req;
4605 hci_req_init(&req, hdev);
4607 hci_req_add_le_scan_disable(&req);
4608 hci_req_add_le_passive_scan(&req);
4610 hci_req_run(&req, NULL);
4613 hci_dev_unlock(hdev);
4618 #ifdef CONFIG_TIZEN_WIP
4619 static int le_set_scan_params(struct sock *sk, struct hci_dev *hdev,
4620 void *data, u16 len)
4622 struct mgmt_cp_le_set_scan_params *cp = data;
4623 __u16 interval, window;
4626 BT_DBG("%s", hdev->name);
4628 if (!lmp_le_capable(hdev))
4629 return cmd_status(sk, hdev->id, MGMT_OP_LE_SET_SCAN_PARAMS,
4630 MGMT_STATUS_NOT_SUPPORTED);
4632 interval = __le16_to_cpu(cp->interval);
4634 if (interval < 0x0004 || interval > 0x4000)
4635 return cmd_status(sk, hdev->id, MGMT_OP_LE_SET_SCAN_PARAMS,
4636 MGMT_STATUS_INVALID_PARAMS);
4638 window = __le16_to_cpu(cp->window);
4640 if (window < 0x0004 || window > 0x4000)
4641 return cmd_status(sk, hdev->id, MGMT_OP_LE_SET_SCAN_PARAMS,
4642 MGMT_STATUS_INVALID_PARAMS);
4644 if (window > interval)
4645 return cmd_status(sk, hdev->id, MGMT_OP_LE_SET_SCAN_PARAMS,
4646 MGMT_STATUS_INVALID_PARAMS);
4650 hdev->le_scan_type = cp->type;
4651 hdev->le_scan_interval = interval;
4652 hdev->le_scan_window = window;
4654 err = cmd_complete(sk, hdev->id, MGMT_OP_LE_SET_SCAN_PARAMS, 0, NULL, 0);
4656 /* If background scan is running, restart it so new parameters are
4659 if (test_bit(HCI_LE_SCAN, &hdev->dev_flags) &&
4660 hdev->discovery.state == DISCOVERY_STOPPED) {
4661 struct hci_request req;
4663 hci_req_init(&req, hdev);
4665 hci_req_add_le_scan_disable(&req);
4666 hci_req_add_le_passive_scan(&req);
4668 hci_req_run(&req, NULL);
4671 hci_dev_unlock(hdev);
4677 #ifdef CONFIG_TIZEN_WIP /* Adv White List feature */
4678 static void add_white_list_complete(struct hci_dev *hdev, u8 status, u16 opcode)
4680 struct mgmt_cp_add_dev_white_list *cp;
4681 struct pending_cmd *cmd;
4683 BT_DBG("status 0x%02x", status);
4687 cmd = mgmt_pending_find(MGMT_OP_ADD_DEV_WHITE_LIST, hdev);
4694 cmd_status(cmd->sk, hdev->id, MGMT_OP_ADD_DEV_WHITE_LIST,
4695 mgmt_status(status));
4697 cmd_complete(cmd->sk, hdev->id, MGMT_OP_ADD_DEV_WHITE_LIST, 0,
4700 mgmt_pending_remove(cmd);
4703 hci_dev_unlock(hdev);
4706 static int add_white_list(struct sock *sk, struct hci_dev *hdev,
4707 void *data, u16 len)
4709 struct pending_cmd *cmd;
4710 struct mgmt_cp_add_dev_white_list *cp = data;
4711 struct hci_request req;
4714 BT_DBG("%s", hdev->name);
4716 if (!lmp_le_capable(hdev))
4717 return cmd_status(sk, hdev->id, MGMT_OP_ADD_DEV_WHITE_LIST,
4718 MGMT_STATUS_NOT_SUPPORTED);
4720 if (!hdev_is_powered(hdev))
4721 return cmd_status(sk, hdev->id, MGMT_OP_ADD_DEV_WHITE_LIST,
4722 MGMT_STATUS_REJECTED);
4726 if (mgmt_pending_find(MGMT_OP_ADD_DEV_WHITE_LIST, hdev)) {
4727 err = cmd_status(sk, hdev->id, MGMT_OP_ADD_DEV_WHITE_LIST,
4732 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_DEV_WHITE_LIST, hdev, data, len);
4738 hci_req_init(&req, hdev);
4740 hci_req_add(&req, HCI_OP_LE_ADD_DEV_WHITE_LIST, sizeof(*cp), cp);
4742 err = hci_req_run(&req, add_white_list_complete);
4744 mgmt_pending_remove(cmd);
4749 hci_dev_unlock(hdev);
4754 static void remove_from_white_list_complete(struct hci_dev *hdev, u8 status, u16 opcode)
4756 struct mgmt_cp_remove_dev_from_white_list *cp;
4757 struct pending_cmd *cmd;
4759 BT_DBG("status 0x%02x", status);
4763 cmd = mgmt_pending_find(MGMT_OP_REMOVE_DEV_FROM_WHITE_LIST, hdev);
4770 cmd_status(cmd->sk, hdev->id, MGMT_OP_REMOVE_DEV_FROM_WHITE_LIST,
4771 mgmt_status(status));
4773 cmd_complete(cmd->sk, hdev->id, MGMT_OP_REMOVE_DEV_FROM_WHITE_LIST, 0,
4776 mgmt_pending_remove(cmd);
4779 hci_dev_unlock(hdev);
4782 static int remove_from_white_list(struct sock *sk, struct hci_dev *hdev,
4783 void *data, u16 len)
4785 struct pending_cmd *cmd;
4786 struct mgmt_cp_remove_dev_from_white_list *cp = data;
4787 struct hci_request req;
4790 BT_DBG("%s", hdev->name);
4792 if (!lmp_le_capable(hdev))
4793 return cmd_status(sk, hdev->id, MGMT_OP_REMOVE_DEV_FROM_WHITE_LIST,
4794 MGMT_STATUS_NOT_SUPPORTED);
4796 if (!hdev_is_powered(hdev))
4797 return cmd_status(sk, hdev->id, MGMT_OP_REMOVE_DEV_FROM_WHITE_LIST,
4798 MGMT_STATUS_REJECTED);
4802 if (mgmt_pending_find(MGMT_OP_REMOVE_DEV_FROM_WHITE_LIST, hdev)) {
4803 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_DEV_FROM_WHITE_LIST,
4808 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_DEV_FROM_WHITE_LIST, hdev, data, len);
4814 hci_req_init(&req, hdev);
4816 hci_req_add(&req, HCI_OP_LE_REMOVE_FROM_DEV_WHITE_LIST, sizeof(*cp), cp);
4818 err = hci_req_run(&req, remove_from_white_list_complete);
4820 mgmt_pending_remove(cmd);
4825 hci_dev_unlock(hdev);
4830 static void clear_white_list_complete(struct hci_dev *hdev, u8 status, u16 opcode)
4832 struct pending_cmd *cmd;
4834 BT_DBG("status 0x%02x", status);
4838 cmd = mgmt_pending_find(MGMT_OP_CLEAR_DEV_WHITE_LIST, hdev);
4843 cmd_status(cmd->sk, hdev->id, MGMT_OP_CLEAR_DEV_WHITE_LIST,
4844 mgmt_status(status));
4846 cmd_complete(cmd->sk, hdev->id, MGMT_OP_CLEAR_DEV_WHITE_LIST, 0,
4849 mgmt_pending_remove(cmd);
4852 hci_dev_unlock(hdev);
4855 static int clear_white_list(struct sock *sk, struct hci_dev *hdev,
4856 void *data, u16 len)
4858 struct pending_cmd *cmd;
4859 struct hci_request req;
4862 BT_DBG("%s", hdev->name);
4864 if (!lmp_le_capable(hdev))
4865 return cmd_status(sk, hdev->id, MGMT_OP_CLEAR_DEV_WHITE_LIST,
4866 MGMT_STATUS_NOT_SUPPORTED);
4868 if (!hdev_is_powered(hdev))
4869 return cmd_status(sk, hdev->id, MGMT_OP_CLEAR_DEV_WHITE_LIST,
4870 MGMT_STATUS_REJECTED);
4874 if (mgmt_pending_find(MGMT_OP_CLEAR_DEV_WHITE_LIST, hdev)) {
4875 err = cmd_status(sk, hdev->id, MGMT_OP_CLEAR_DEV_WHITE_LIST,
4880 cmd = mgmt_pending_add(sk, MGMT_OP_CLEAR_DEV_WHITE_LIST, hdev, NULL, 0);
4886 hci_req_init(&req, hdev);
4888 hci_req_add(&req, HCI_OP_LE_CLEAR_DEV_WHITE_LIST, 0, NULL);
4890 err = hci_req_run(&req, clear_white_list_complete);
4892 mgmt_pending_remove(cmd);
4897 hci_dev_unlock(hdev);
4902 static int mgmt_start_le_discovery_failed(struct hci_dev *hdev, u8 status)
4904 struct pending_cmd *cmd;
4908 hci_le_discovery_set_state(hdev, DISCOVERY_STOPPED);
4910 cmd = mgmt_pending_find(MGMT_OP_START_LE_DISCOVERY, hdev);
4914 type = hdev->le_discovery.type;
4916 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
4917 &type, sizeof(type));
4918 mgmt_pending_remove(cmd);
4923 static void start_le_discovery_complete(struct hci_dev *hdev, u8 status, u16 opcode)
4925 unsigned long timeout = 0;
4927 BT_DBG("status %d", status);
4931 mgmt_start_le_discovery_failed(hdev, status);
4932 hci_dev_unlock(hdev);
4937 hci_le_discovery_set_state(hdev, DISCOVERY_FINDING);
4938 hci_dev_unlock(hdev);
4940 switch (hdev->le_discovery.type) {
4941 case DISCOV_TYPE_LE:
4942 /* BEGIN TIZEN_Bluetooth :: Keep going on LE Scan */
4944 timeout = msecs_to_jiffies(DISCOV_LE_TIMEOUT);
4946 /* END TIZEN_Bluetooth */
4950 BT_ERR("Invalid discovery type %d", hdev->le_discovery.type);
4956 queue_delayed_work(hdev->workqueue, &hdev->le_scan_disable, timeout);
4959 static int start_le_discovery(struct sock *sk, struct hci_dev *hdev,
4960 void *data, u16 len)
4962 struct mgmt_cp_start_le_discovery *cp = data;
4963 struct pending_cmd *cmd;
4964 struct hci_cp_le_set_scan_param param_cp;
4965 struct hci_cp_le_set_scan_enable enable_cp;
4966 struct hci_request req;
4967 u8 status, own_addr_type;
4970 BT_DBG("%s", hdev->name);
4974 if (!hdev_is_powered(hdev)) {
4975 err = cmd_status(sk, hdev->id, MGMT_OP_START_LE_DISCOVERY,
4976 MGMT_STATUS_NOT_POWERED);
4980 if (hdev->le_discovery.state != DISCOVERY_STOPPED) {
4981 err = cmd_status(sk, hdev->id, MGMT_OP_START_LE_DISCOVERY,
4986 cmd = mgmt_pending_add(sk, MGMT_OP_START_LE_DISCOVERY, hdev, NULL, 0);
4992 hdev->le_discovery.type = cp->type;
4994 hci_req_init(&req, hdev);
4996 switch (hdev->le_discovery.type) {
4997 case DISCOV_TYPE_LE:
4998 status = mgmt_le_support(hdev);
5000 err = cmd_status(sk, hdev->id, MGMT_OP_START_LE_DISCOVERY,
5002 mgmt_pending_remove(cmd);
5006 /* If controller is scanning, it means the background scanning
5007 * is running. Thus, we should temporarily stop it in order to
5008 * set the discovery scanning parameters.
5010 if (test_bit(HCI_LE_SCAN, &hdev->dev_flags))
5011 hci_req_add_le_scan_disable(&req);
5013 memset(¶m_cp, 0, sizeof(param_cp));
5015 /* All active scans will be done with either a resolvable
5016 * private address (when privacy feature has been enabled)
5017 * or unresolvable private address.
5019 err = hci_update_random_address(&req, true, &own_addr_type);
5021 err = cmd_status(sk, hdev->id, MGMT_OP_START_LE_DISCOVERY,
5022 MGMT_STATUS_FAILED);
5023 mgmt_pending_remove(cmd);
5027 param_cp.type = hdev->le_scan_type;
5028 param_cp.interval = cpu_to_le16(hdev->le_scan_interval);
5029 param_cp.window = cpu_to_le16(hdev->le_scan_window);
5030 param_cp.own_address_type = own_addr_type;
5031 hci_req_add(&req, HCI_OP_LE_SET_SCAN_PARAM, sizeof(param_cp),
5034 memset(&enable_cp, 0, sizeof(enable_cp));
5035 enable_cp.enable = LE_SCAN_ENABLE;
5036 enable_cp.filter_dup = LE_SCAN_FILTER_DUP_DISABLE;
5038 hci_req_add(&req, HCI_OP_LE_SET_SCAN_ENABLE, sizeof(enable_cp),
5043 err = cmd_status(sk, hdev->id, MGMT_OP_START_LE_DISCOVERY,
5044 MGMT_STATUS_INVALID_PARAMS);
5045 mgmt_pending_remove(cmd);
5049 err = hci_req_run(&req, start_le_discovery_complete);
5051 mgmt_pending_remove(cmd);
5053 hci_le_discovery_set_state(hdev, DISCOVERY_STARTING);
5056 hci_dev_unlock(hdev);
5060 static int mgmt_stop_le_discovery_failed(struct hci_dev *hdev, u8 status)
5062 struct pending_cmd *cmd;
5065 cmd = mgmt_pending_find(MGMT_OP_STOP_LE_DISCOVERY, hdev);
5069 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
5070 &hdev->le_discovery.type, sizeof(hdev->le_discovery.type));
5071 mgmt_pending_remove(cmd);
5076 static void stop_le_discovery_complete(struct hci_dev *hdev, u8 status, u16 opcode)
5078 BT_DBG("status %d", status);
5083 mgmt_stop_le_discovery_failed(hdev, status);
5087 hci_le_discovery_set_state(hdev, DISCOVERY_STOPPED);
5090 hci_dev_unlock(hdev);
5093 static int stop_le_discovery(struct sock *sk, struct hci_dev *hdev, void *data,
5096 struct mgmt_cp_stop_le_discovery *mgmt_cp = data;
5097 struct pending_cmd *cmd;
5098 struct hci_request req;
5101 BT_DBG("%s", hdev->name);
5105 if (!hci_le_discovery_active(hdev)) {
5106 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_LE_DISCOVERY,
5107 MGMT_STATUS_REJECTED, &mgmt_cp->type,
5108 sizeof(mgmt_cp->type));
5112 if (hdev->le_discovery.type != mgmt_cp->type) {
5113 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_LE_DISCOVERY,
5114 MGMT_STATUS_INVALID_PARAMS, &mgmt_cp->type,
5115 sizeof(mgmt_cp->type));
5119 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_LE_DISCOVERY, hdev, NULL, 0);
5125 hci_req_init(&req, hdev);
5127 switch (hdev->le_discovery.state) {
5128 case DISCOVERY_FINDING:
5129 cancel_delayed_work(&hdev->le_scan_disable);
5130 hci_req_add_le_scan_disable(&req);
5134 BT_DBG("unknown le discovery state %u", hdev->le_discovery.state);
5136 mgmt_pending_remove(cmd);
5137 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_LE_DISCOVERY,
5138 MGMT_STATUS_FAILED, &mgmt_cp->type,
5139 sizeof(mgmt_cp->type));
5143 err = hci_req_run(&req, stop_le_discovery_complete);
5145 mgmt_pending_remove(cmd);
5147 hci_le_discovery_set_state(hdev, DISCOVERY_STOPPING);
5150 hci_dev_unlock(hdev);
5154 /* BEGIN TIZEN_Bluetooth :: LE auto connect */
5155 static int disable_le_auto_connect(struct sock *sk, struct hci_dev *hdev,
5156 void *data, u16 len)
5160 BT_DBG("%s", hdev->name);
5164 err = hci_send_cmd(hdev, HCI_OP_LE_CREATE_CONN_CANCEL, 0, NULL);
5166 BT_ERR("HCI_OP_LE_CREATE_CONN_CANCEL is failed");
5169 hci_dev_unlock(hdev);
5173 /* END TIZEN_Bluetooth */
5175 /* BEGIN TIZEN_Bluetooth :: LE connection Update */
5176 static int le_conn_update(struct sock *sk, struct hci_dev *hdev, void *data,
5179 struct mgmt_cp_le_conn_update *cp = data;
5181 struct hci_conn *conn;
5182 u16 min, max, latency, supervision_timeout;
5185 if (!hdev_is_powered(hdev))
5186 return cmd_status(sk, hdev->id, MGMT_OP_LE_CONN_UPDATE,
5187 MGMT_STATUS_NOT_POWERED);
5189 min = __le16_to_cpu(cp->conn_interval_min);
5190 max = __le16_to_cpu(cp->conn_interval_max);
5191 latency = __le16_to_cpu(cp->conn_latency);
5192 supervision_timeout = __le16_to_cpu(cp->supervision_timeout);
5194 BT_DBG("min 0x%4.4x max 0x%4.4x latency: 0x%4.4x supervision_timeout: 0x%4.4x",
5195 min, max, latency, supervision_timeout);
5197 err = check_le_conn_update_param(min, max, latency, supervision_timeout);
5200 err = cmd_status(sk, hdev->id, MGMT_OP_LE_CONN_UPDATE,
5201 MGMT_STATUS_INVALID_PARAMS);
5207 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->bdaddr);
5210 cmd_status(sk, hdev->id, MGMT_OP_LE_CONN_UPDATE,
5211 MGMT_STATUS_NOT_CONNECTED);
5215 hci_le_conn_update(conn, min, max, latency, supervision_timeout);
5217 err = cmd_complete(sk, hdev->id, MGMT_OP_LE_CONN_UPDATE, 0,
5220 hci_dev_unlock(hdev);
5223 /* END TIZEN_Bluetooth */
5226 static void fast_connectable_complete(struct hci_dev *hdev, u8 status, u16 opcode)
5228 struct pending_cmd *cmd;
5230 BT_DBG("status 0x%02x", status);
5234 cmd = mgmt_pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev);
5239 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
5240 mgmt_status(status));
5242 struct mgmt_mode *cp = cmd->param;
5245 set_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
5247 clear_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
5249 send_settings_rsp(cmd->sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev);
5250 new_settings(hdev, cmd->sk);
5253 mgmt_pending_remove(cmd);
5256 hci_dev_unlock(hdev);
5259 static int set_fast_connectable(struct sock *sk, struct hci_dev *hdev,
5260 void *data, u16 len)
5262 struct mgmt_mode *cp = data;
5263 struct pending_cmd *cmd;
5264 struct hci_request req;
5267 BT_DBG("%s", hdev->name);
5269 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags) ||
5270 hdev->hci_ver < BLUETOOTH_VER_1_2)
5271 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
5272 MGMT_STATUS_NOT_SUPPORTED);
5274 if (cp->val != 0x00 && cp->val != 0x01)
5275 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
5276 MGMT_STATUS_INVALID_PARAMS);
5278 if (!hdev_is_powered(hdev))
5279 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
5280 MGMT_STATUS_NOT_POWERED);
5282 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
5283 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
5284 MGMT_STATUS_REJECTED);
5288 if (mgmt_pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev)) {
5289 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
5294 if (!!cp->val == test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags)) {
5295 err = send_settings_rsp(sk, MGMT_OP_SET_FAST_CONNECTABLE,
5300 cmd = mgmt_pending_add(sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev,
5307 hci_req_init(&req, hdev);
5309 write_fast_connectable(&req, cp->val);
5311 err = hci_req_run(&req, fast_connectable_complete);
5313 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
5314 MGMT_STATUS_FAILED);
5315 mgmt_pending_remove(cmd);
5319 hci_dev_unlock(hdev);
5324 static void set_bredr_complete(struct hci_dev *hdev, u8 status, u16 opcode)
5326 struct pending_cmd *cmd;
5328 BT_DBG("status 0x%02x", status);
5332 cmd = mgmt_pending_find(MGMT_OP_SET_BREDR, hdev);
5337 u8 mgmt_err = mgmt_status(status);
5339 /* We need to restore the flag if related HCI commands
5342 clear_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
5344 cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
5346 send_settings_rsp(cmd->sk, MGMT_OP_SET_BREDR, hdev);
5347 new_settings(hdev, cmd->sk);
5350 mgmt_pending_remove(cmd);
5353 hci_dev_unlock(hdev);
5356 static int set_bredr(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
5358 struct mgmt_mode *cp = data;
5359 struct pending_cmd *cmd;
5360 struct hci_request req;
5363 BT_DBG("request for %s", hdev->name);
5365 if (!lmp_bredr_capable(hdev) || !lmp_le_capable(hdev))
5366 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
5367 MGMT_STATUS_NOT_SUPPORTED);
5369 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
5370 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
5371 MGMT_STATUS_REJECTED);
5373 if (cp->val != 0x00 && cp->val != 0x01)
5374 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
5375 MGMT_STATUS_INVALID_PARAMS);
5379 if (cp->val == test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
5380 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
5384 if (!hdev_is_powered(hdev)) {
5386 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
5387 clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
5388 clear_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
5389 clear_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
5390 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
5393 change_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
5395 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
5399 err = new_settings(hdev, sk);
5403 /* Reject disabling when powered on */
5405 err = cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
5406 MGMT_STATUS_REJECTED);
5409 /* When configuring a dual-mode controller to operate
5410 * with LE only and using a static address, then switching
5411 * BR/EDR back on is not allowed.
5413 * Dual-mode controllers shall operate with the public
5414 * address as its identity address for BR/EDR and LE. So
5415 * reject the attempt to create an invalid configuration.
5417 * The same restrictions applies when secure connections
5418 * has been enabled. For BR/EDR this is a controller feature
5419 * while for LE it is a host stack feature. This means that
5420 * switching BR/EDR back on when secure connections has been
5421 * enabled is not a supported transaction.
5423 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags) &&
5424 (bacmp(&hdev->static_addr, BDADDR_ANY) ||
5425 test_bit(HCI_SC_ENABLED, &hdev->dev_flags))) {
5426 err = cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
5427 MGMT_STATUS_REJECTED);
5432 if (mgmt_pending_find(MGMT_OP_SET_BREDR, hdev)) {
5433 err = cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
5438 cmd = mgmt_pending_add(sk, MGMT_OP_SET_BREDR, hdev, data, len);
5444 /* We need to flip the bit already here so that update_adv_data
5445 * generates the correct flags.
5447 set_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
5449 hci_req_init(&req, hdev);
5451 write_fast_connectable(&req, false);
5452 __hci_update_page_scan(&req);
5454 /* Since only the advertising data flags will change, there
5455 * is no need to update the scan response data.
5457 update_adv_data(&req);
5459 err = hci_req_run(&req, set_bredr_complete);
5461 mgmt_pending_remove(cmd);
5464 hci_dev_unlock(hdev);
5468 static void sc_enable_complete(struct hci_dev *hdev, u8 status, u16 opcode)
5470 struct pending_cmd *cmd;
5471 struct mgmt_mode *cp;
5473 BT_DBG("%s status %u", hdev->name, status);
5477 cmd = mgmt_pending_find(MGMT_OP_SET_SECURE_CONN, hdev);
5482 cmd_status(cmd->sk, cmd->index, cmd->opcode,
5483 mgmt_status(status));
5491 clear_bit(HCI_SC_ENABLED, &hdev->dev_flags);
5492 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
5495 set_bit(HCI_SC_ENABLED, &hdev->dev_flags);
5496 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
5499 set_bit(HCI_SC_ENABLED, &hdev->dev_flags);
5500 set_bit(HCI_SC_ONLY, &hdev->dev_flags);
5504 send_settings_rsp(cmd->sk, MGMT_OP_SET_SECURE_CONN, hdev);
5505 new_settings(hdev, cmd->sk);
5508 mgmt_pending_remove(cmd);
5510 hci_dev_unlock(hdev);
5513 static int set_secure_conn(struct sock *sk, struct hci_dev *hdev,
5514 void *data, u16 len)
5516 struct mgmt_mode *cp = data;
5517 struct pending_cmd *cmd;
5518 struct hci_request req;
5522 BT_DBG("request for %s", hdev->name);
5524 if (!lmp_sc_capable(hdev) &&
5525 !test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
5526 return cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
5527 MGMT_STATUS_NOT_SUPPORTED);
5529 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags) &&
5530 !test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
5531 return cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
5532 MGMT_STATUS_REJECTED);
5534 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
5535 return cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
5536 MGMT_STATUS_INVALID_PARAMS);
5540 if (!hdev_is_powered(hdev) || !lmp_sc_capable(hdev) ||
5541 !test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
5545 changed = !test_and_set_bit(HCI_SC_ENABLED,
5547 if (cp->val == 0x02)
5548 set_bit(HCI_SC_ONLY, &hdev->dev_flags);
5550 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
5552 changed = test_and_clear_bit(HCI_SC_ENABLED,
5554 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
5557 err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev);
5562 err = new_settings(hdev, sk);
5567 if (mgmt_pending_find(MGMT_OP_SET_SECURE_CONN, hdev)) {
5568 err = cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
5575 if (val == test_bit(HCI_SC_ENABLED, &hdev->dev_flags) &&
5576 (cp->val == 0x02) == test_bit(HCI_SC_ONLY, &hdev->dev_flags)) {
5577 err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev);
5581 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SECURE_CONN, hdev, data, len);
5587 hci_req_init(&req, hdev);
5588 hci_req_add(&req, HCI_OP_WRITE_SC_SUPPORT, 1, &val);
5589 err = hci_req_run(&req, sc_enable_complete);
5591 mgmt_pending_remove(cmd);
5596 hci_dev_unlock(hdev);
5600 static int set_debug_keys(struct sock *sk, struct hci_dev *hdev,
5601 void *data, u16 len)
5603 struct mgmt_mode *cp = data;
5604 bool changed, use_changed;
5607 BT_DBG("request for %s", hdev->name);
5609 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
5610 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEBUG_KEYS,
5611 MGMT_STATUS_INVALID_PARAMS);
5616 changed = !test_and_set_bit(HCI_KEEP_DEBUG_KEYS,
5619 changed = test_and_clear_bit(HCI_KEEP_DEBUG_KEYS,
5622 if (cp->val == 0x02)
5623 use_changed = !test_and_set_bit(HCI_USE_DEBUG_KEYS,
5626 use_changed = test_and_clear_bit(HCI_USE_DEBUG_KEYS,
5629 if (hdev_is_powered(hdev) && use_changed &&
5630 test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
5631 u8 mode = (cp->val == 0x02) ? 0x01 : 0x00;
5632 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_DEBUG_MODE,
5633 sizeof(mode), &mode);
5636 err = send_settings_rsp(sk, MGMT_OP_SET_DEBUG_KEYS, hdev);
5641 err = new_settings(hdev, sk);
5644 hci_dev_unlock(hdev);
5648 static int set_privacy(struct sock *sk, struct hci_dev *hdev, void *cp_data,
5651 struct mgmt_cp_set_privacy *cp = cp_data;
5655 BT_DBG("request for %s", hdev->name);
5657 if (!lmp_le_capable(hdev))
5658 return cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
5659 MGMT_STATUS_NOT_SUPPORTED);
5661 if (cp->privacy != 0x00 && cp->privacy != 0x01)
5662 return cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
5663 MGMT_STATUS_INVALID_PARAMS);
5665 /* Not sure why below condition is required; commenting for now,
5666 * since set privacy command is always rejected if this condition is enabled.
5668 #ifndef CONFIG_TIZEN_WIP
5669 if (hdev_is_powered(hdev))
5670 return cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
5671 MGMT_STATUS_REJECTED);
5676 /* If user space supports this command it is also expected to
5677 * handle IRKs. Therefore, set the HCI_RPA_RESOLVING flag.
5679 set_bit(HCI_RPA_RESOLVING, &hdev->dev_flags);
5682 changed = !test_and_set_bit(HCI_PRIVACY, &hdev->dev_flags);
5683 memcpy(hdev->irk, cp->irk, sizeof(hdev->irk));
5684 set_bit(HCI_RPA_EXPIRED, &hdev->dev_flags);
5686 changed = test_and_clear_bit(HCI_PRIVACY, &hdev->dev_flags);
5687 memset(hdev->irk, 0, sizeof(hdev->irk));
5688 clear_bit(HCI_RPA_EXPIRED, &hdev->dev_flags);
5691 err = send_settings_rsp(sk, MGMT_OP_SET_PRIVACY, hdev);
5696 err = new_settings(hdev, sk);
5699 hci_dev_unlock(hdev);
5703 static bool irk_is_valid(struct mgmt_irk_info *irk)
5705 switch (irk->addr.type) {
5706 case BDADDR_LE_PUBLIC:
5709 case BDADDR_LE_RANDOM:
5710 /* Two most significant bits shall be set */
5711 if ((irk->addr.bdaddr.b[5] & 0xc0) != 0xc0)
5719 static int load_irks(struct sock *sk, struct hci_dev *hdev, void *cp_data,
5722 struct mgmt_cp_load_irks *cp = cp_data;
5723 const u16 max_irk_count = ((U16_MAX - sizeof(*cp)) /
5724 sizeof(struct mgmt_irk_info));
5725 u16 irk_count, expected_len;
5728 BT_DBG("request for %s", hdev->name);
5730 if (!lmp_le_capable(hdev))
5731 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
5732 MGMT_STATUS_NOT_SUPPORTED);
5734 irk_count = __le16_to_cpu(cp->irk_count);
5735 if (irk_count > max_irk_count) {
5736 BT_ERR("load_irks: too big irk_count value %u", irk_count);
5737 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
5738 MGMT_STATUS_INVALID_PARAMS);
5741 expected_len = sizeof(*cp) + irk_count * sizeof(struct mgmt_irk_info);
5742 if (expected_len != len) {
5743 BT_ERR("load_irks: expected %u bytes, got %u bytes",
5745 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
5746 MGMT_STATUS_INVALID_PARAMS);
5749 BT_DBG("%s irk_count %u", hdev->name, irk_count);
5751 for (i = 0; i < irk_count; i++) {
5752 struct mgmt_irk_info *key = &cp->irks[i];
5754 if (!irk_is_valid(key))
5755 return cmd_status(sk, hdev->id,
5757 MGMT_STATUS_INVALID_PARAMS);
5762 hci_smp_irks_clear(hdev);
5764 for (i = 0; i < irk_count; i++) {
5765 struct mgmt_irk_info *irk = &cp->irks[i];
5768 if (irk->addr.type == BDADDR_LE_PUBLIC)
5769 addr_type = ADDR_LE_DEV_PUBLIC;
5771 addr_type = ADDR_LE_DEV_RANDOM;
5773 hci_add_irk(hdev, &irk->addr.bdaddr, addr_type, irk->val,
5777 set_bit(HCI_RPA_RESOLVING, &hdev->dev_flags);
5779 err = cmd_complete(sk, hdev->id, MGMT_OP_LOAD_IRKS, 0, NULL, 0);
5781 hci_dev_unlock(hdev);
5786 #ifdef CONFIG_TIZEN_WIP
5787 static int set_advertising_params(struct sock *sk, struct hci_dev *hdev,
5788 void *data, u16 len)
5790 struct mgmt_cp_set_advertising_params *cp = data;
5795 BT_DBG("%s", hdev->name);
5797 if (!lmp_le_capable(hdev))
5798 return cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING_PARAMS,
5799 MGMT_STATUS_NOT_SUPPORTED);
5801 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
5802 return cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING_PARAMS,
5805 min_interval = __le16_to_cpu(cp->interval_min);
5806 max_interval = __le16_to_cpu(cp->interval_max);
5808 if (min_interval > max_interval ||
5809 min_interval < 0x0020 || max_interval > 0x4000)
5810 return cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING_PARAMS,
5811 MGMT_STATUS_INVALID_PARAMS);
5815 hdev->le_adv_min_interval = min_interval;
5816 hdev->le_adv_max_interval = max_interval;
5817 hdev->adv_filter_policy = cp->filter_policy;
5818 hdev->adv_type = cp->type;
5820 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_ADVERTISING_PARAMS, 0, NULL, 0);
5822 hci_dev_unlock(hdev);
5827 static void set_advertising_data_complete(struct hci_dev *hdev, u8 status, u16 opcode)
5829 struct mgmt_cp_set_advertising_data *cp;
5830 struct pending_cmd *cmd;
5832 BT_DBG("status 0x%02x", status);
5836 cmd = mgmt_pending_find(MGMT_OP_SET_ADVERTISING_DATA, hdev);
5843 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_ADVERTISING_DATA,
5844 mgmt_status(status));
5846 cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_ADVERTISING_DATA, 0,
5849 mgmt_pending_remove(cmd);
5852 hci_dev_unlock(hdev);
5855 static int set_advertising_data(struct sock *sk, struct hci_dev *hdev,
5856 void *data, u16 len)
5858 struct pending_cmd *cmd;
5859 struct hci_request req;
5860 struct mgmt_cp_set_advertising_data *cp = data;
5861 struct hci_cp_le_set_adv_data adv;
5864 BT_DBG("%s", hdev->name);
5866 if (!lmp_le_capable(hdev)) {
5867 return cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING_DATA,
5868 MGMT_STATUS_NOT_SUPPORTED);
5873 if (mgmt_pending_find(MGMT_OP_SET_ADVERTISING_DATA, hdev)) {
5874 err = cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING_DATA,
5879 cmd = mgmt_pending_add(sk, MGMT_OP_SET_ADVERTISING_DATA,
5886 if (len > HCI_MAX_AD_LENGTH) {
5887 err = cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING_DATA,
5888 MGMT_STATUS_INVALID_PARAMS);
5892 hci_req_init(&req, hdev);
5894 memset(&adv, 0, sizeof(adv));
5895 memcpy(adv.data, cp->data, len);
5898 hci_req_add(&req, HCI_OP_LE_SET_ADV_DATA, sizeof(adv), &adv);
5900 err = hci_req_run(&req, set_advertising_data_complete);
5902 mgmt_pending_remove(cmd);
5906 hci_dev_unlock(hdev);
5911 static void set_scan_rsp_data_complete(struct hci_dev *hdev, u8 status, u16 opcode)
5913 struct mgmt_cp_set_scan_rsp_data *cp;
5914 struct pending_cmd *cmd;
5916 BT_DBG("status 0x%02x", status);
5920 cmd = mgmt_pending_find(MGMT_OP_SET_SCAN_RSP_DATA, hdev);
5927 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_SCAN_RSP_DATA,
5928 mgmt_status(status));
5930 cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_SCAN_RSP_DATA, 0,
5933 mgmt_pending_remove(cmd);
5936 hci_dev_unlock(hdev);
5939 static int set_scan_rsp_data(struct sock *sk, struct hci_dev *hdev, void *data,
5942 struct pending_cmd *cmd;
5943 struct hci_request req;
5944 struct mgmt_cp_set_scan_rsp_data *cp = data;
5945 struct hci_cp_le_set_scan_rsp_data rsp;
5948 BT_DBG("%s", hdev->name);
5950 if (!lmp_le_capable(hdev))
5951 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_RSP_DATA,
5952 MGMT_STATUS_NOT_SUPPORTED);
5956 if (mgmt_pending_find(MGMT_OP_SET_SCAN_RSP_DATA, hdev)) {
5957 err = cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_RSP_DATA,
5962 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SCAN_RSP_DATA, hdev, data, len);
5967 if (len > HCI_MAX_AD_LENGTH) {
5968 err = cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_RSP_DATA,
5969 MGMT_STATUS_INVALID_PARAMS);
5973 hci_req_init(&req, hdev);
5975 memset(&rsp, 0, sizeof(rsp));
5976 memcpy(rsp.data, cp->data, len);
5979 hci_req_add(&req, HCI_OP_LE_SET_SCAN_RSP_DATA, sizeof(rsp), &rsp);
5981 err = hci_req_run(&req, set_scan_rsp_data_complete);
5983 mgmt_pending_remove(cmd);
5987 hci_dev_unlock(hdev);
5992 static void set_manufacturer_data_complete(struct hci_dev *hdev, u8 status, u16 opcode)
5994 struct mgmt_cp_set_manufacturer_data *cp;
5995 struct pending_cmd *cmd;
5997 BT_DBG("status 0x%02x", status);
6001 cmd = mgmt_pending_find(MGMT_OP_SET_MANUFACTURER_DATA, hdev);
6008 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_MANUFACTURER_DATA,
6009 mgmt_status(status));
6011 cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_MANUFACTURER_DATA, 0,
6014 mgmt_pending_remove(cmd);
6017 hci_dev_unlock(hdev);
6020 static int set_manufacturer_data(struct sock *sk, struct hci_dev *hdev,
6021 void *data, u16 len)
6023 struct pending_cmd *cmd;
6024 struct hci_request req;
6025 struct mgmt_cp_set_manufacturer_data *cp = data;
6026 u8 old_data[HCI_MAX_EIR_LENGTH] = {0, };
6031 BT_DBG("%s", hdev->name);
6033 if (!lmp_bredr_capable(hdev)) {
6034 return cmd_status(sk, hdev->id, MGMT_OP_SET_MANUFACTURER_DATA,
6035 MGMT_STATUS_NOT_SUPPORTED);
6038 if (cp->data[0] == 0 ||
6039 cp->data[0] - 1 > sizeof(hdev->manufacturer_data)) {
6040 return cmd_status(sk, hdev->id, MGMT_OP_SET_MANUFACTURER_DATA,
6041 MGMT_STATUS_INVALID_PARAMS);
6044 if (cp->data[1] != 0xFF) {
6045 return cmd_status(sk, hdev->id, MGMT_OP_SET_MANUFACTURER_DATA,
6046 MGMT_STATUS_NOT_SUPPORTED);
6051 if (mgmt_pending_find(MGMT_OP_SET_MANUFACTURER_DATA, hdev)) {
6052 err = cmd_status(sk, hdev->id, MGMT_OP_SET_MANUFACTURER_DATA,
6057 cmd = mgmt_pending_add(sk, MGMT_OP_SET_MANUFACTURER_DATA, hdev, data, len);
6063 hci_req_init(&req, hdev);
6065 /* if new data is same as previous data then return command complete event*/
6066 if (hdev->manufacturer_len == cp->data[0] - 1 &&
6067 !memcmp(hdev->manufacturer_data, cp->data + 2, cp->data[0] - 1)) {
6068 mgmt_pending_remove(cmd);
6069 cmd_complete(sk, hdev->id, MGMT_OP_SET_MANUFACTURER_DATA, 0,
6071 hci_dev_unlock(hdev);
6075 old_len = hdev->manufacturer_len;
6077 memcpy(old_data, hdev->manufacturer_data, old_len);
6080 hdev->manufacturer_len = cp->data[0] - 1;
6081 if (hdev->manufacturer_len > 0) {
6082 memcpy(hdev->manufacturer_data, cp->data + 2, hdev->manufacturer_len);
6087 err = hci_req_run(&req, set_manufacturer_data_complete);
6089 mgmt_pending_remove(cmd);
6094 hci_dev_unlock(hdev);
6099 memset(hdev->manufacturer_data, 0x00, sizeof(hdev->manufacturer_data));
6100 hdev->manufacturer_len = old_len;
6101 if (hdev->manufacturer_len > 0) {
6102 memcpy(hdev->manufacturer_data, old_data,
6103 hdev->manufacturer_len);
6105 hci_dev_unlock(hdev);
6109 #ifdef CONFIG_TIZEN_WIP
6110 static int set_voice_setting(struct sock *sk, struct hci_dev *hdev,
6111 void *data, u16 len)
6113 struct mgmt_cp_set_voice_setting *cp = data;
6114 struct hci_conn *conn;
6115 struct hci_conn *sco_conn;
6119 BT_DBG("%s", hdev->name);
6121 if (!lmp_bredr_capable(hdev)) {
6122 return cmd_status(sk, hdev->id, MGMT_OP_SET_VOICE_SETTING,
6123 MGMT_STATUS_NOT_SUPPORTED);
6128 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
6130 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_VOICE_SETTING, 0,
6135 conn->voice_setting = cp->voice_setting;
6136 conn->sco_role = cp->sco_role;
6138 sco_conn = hci_conn_hash_lookup_sco(hdev);
6139 if (sco_conn && bacmp(&sco_conn->dst, &cp->bdaddr) != 0) {
6140 BT_ERR("There is other SCO connection.");
6144 if (conn->sco_role == MGMT_SCO_ROLE_HANDSFREE) {
6145 if (conn->voice_setting == 0x0063)
6146 sco_connect_set_wbc(hdev);
6148 sco_connect_set_nbc(hdev);
6150 if (conn->voice_setting == 0x0063)
6151 sco_connect_set_gw_wbc(hdev);
6153 sco_connect_set_gw_nbc(hdev);
6157 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_VOICE_SETTING, 0,
6161 hci_dev_unlock(hdev);
6166 static int get_adv_tx_power(struct sock *sk, struct hci_dev *hdev,
6167 void *data, u16 len)
6169 struct mgmt_rp_get_adv_tx_power *rp;
6173 BT_DBG("%s", hdev->name);
6177 rp_len = sizeof(*rp);
6178 rp = kmalloc(rp_len, GFP_KERNEL);
6184 rp->adv_tx_power= hdev->adv_tx_power;
6186 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_ADV_TX_POWER, 0, rp,
6192 hci_dev_unlock(hdev);
6197 /* BEGIN TIZEN_Bluetooth :: Apply RSSI changes */
6198 static void set_rssi_threshold_complete(struct hci_dev *hdev, u8 status, u16 opcode)
6200 BT_DBG("status 0x%02x", status);
6203 static void set_rssi_disable_complete(struct hci_dev *hdev, u8 status, u16 opcode)
6205 BT_DBG("status 0x%02x", status);
6208 int mgmt_set_rssi_threshold(struct sock *sk, struct hci_dev *hdev,
6209 void *data, u16 len)
6212 struct hci_cp_set_rssi_threshold th = { 0, };
6213 struct mgmt_cp_set_enable_rssi *cp = data;
6214 struct hci_conn *conn;
6215 struct pending_cmd *cmd;
6216 struct hci_request req;
6221 cmd = mgmt_pending_find(MGMT_OP_SET_RSSI_ENABLE, hdev);
6223 err = cmd_status(sk, hdev->id, MGMT_OP_SET_RSSI_ENABLE,
6224 MGMT_STATUS_FAILED);
6228 if (!lmp_le_capable(hdev)) {
6229 mgmt_pending_remove(cmd);
6230 return cmd_status(sk, hdev->id, MGMT_OP_SET_RSSI_ENABLE,
6231 MGMT_STATUS_NOT_SUPPORTED);
6234 if (!hdev_is_powered(hdev)) {
6235 BT_DBG("%s", hdev->name);
6236 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_RSSI_ENABLE,
6237 MGMT_STATUS_NOT_POWERED, data, len);
6238 mgmt_pending_remove(cmd);
6242 if (cp->link_type == 0x01)
6243 dest_type = LE_LINK;
6245 dest_type = ACL_LINK;
6247 /* Get LE/ACL link handle info*/
6248 conn = hci_conn_hash_lookup_ba(hdev,
6249 dest_type, &cp->bdaddr);
6252 err = cmd_complete(sk, hdev->id,
6253 MGMT_OP_SET_RSSI_ENABLE, 1, NULL, 0);
6254 mgmt_pending_remove(cmd);
6258 hci_req_init(&req, hdev);
6260 th.hci_le_ext_opcode = 0x0B;
6262 th.conn_handle = conn->handle;
6263 th.alert_mask = 0x07;
6264 th.low_th = cp->low_th;
6265 th.in_range_th = cp->in_range_th;
6266 th.high_th = cp->high_th;
6268 hci_req_add(&req, HCI_OP_ENABLE_RSSI, sizeof(th), &th);
6269 err = hci_req_run(&req, set_rssi_threshold_complete);
6272 mgmt_pending_remove(cmd);
6273 BT_ERR("Error in requesting hci_req_run");
6278 hci_dev_unlock(hdev);
6282 void mgmt_rssi_enable_success(struct sock *sk, struct hci_dev *hdev,
6283 void *data, struct hci_cc_rsp_enable_rssi *rp, int success)
6285 struct mgmt_cc_rsp_enable_rssi mgmt_rp = { 0, };
6286 struct mgmt_cp_set_enable_rssi *cp = data;
6287 struct pending_cmd *cmd;
6289 if (cp == NULL || rp == NULL)
6292 mgmt_rp.status = rp->status;
6293 mgmt_rp.le_ext_opcode = rp->le_ext_opcode;
6294 mgmt_rp.bt_address = cp->bdaddr;
6295 mgmt_rp.link_type = cp->link_type;
6297 cmd_complete(sk, hdev->id, MGMT_OP_SET_RSSI_ENABLE, MGMT_STATUS_SUCCESS,
6298 &mgmt_rp, sizeof(struct mgmt_cc_rsp_enable_rssi));
6300 mgmt_event(MGMT_EV_RSSI_ENABLED, hdev, &mgmt_rp,
6301 sizeof(struct mgmt_cc_rsp_enable_rssi), NULL);
6303 hci_conn_rssi_unset_all(hdev, mgmt_rp.link_type);
6304 hci_conn_rssi_state_set(hdev, mgmt_rp.link_type,
6305 &mgmt_rp.bt_address, true);
6309 cmd = mgmt_pending_find(MGMT_OP_SET_RSSI_ENABLE, hdev);
6311 mgmt_pending_remove(cmd);
6313 hci_dev_unlock(hdev);
6316 void mgmt_rssi_disable_success(struct sock *sk, struct hci_dev *hdev,
6317 void *data, struct hci_cc_rsp_enable_rssi *rp, int success)
6319 struct mgmt_cc_rp_disable_rssi mgmt_rp = { 0, };
6320 struct mgmt_cp_disable_rssi *cp = data;
6321 struct pending_cmd *cmd;
6323 if (cp == NULL || rp == NULL)
6326 mgmt_rp.status = rp->status;
6327 mgmt_rp.le_ext_opcode = rp->le_ext_opcode;
6328 mgmt_rp.bt_address = cp->bdaddr;
6329 mgmt_rp.link_type = cp->link_type;
6331 cmd_complete(sk, hdev->id, MGMT_OP_SET_RSSI_DISABLE, MGMT_STATUS_SUCCESS,
6332 &mgmt_rp, sizeof(struct mgmt_cc_rsp_enable_rssi));
6334 mgmt_event(MGMT_EV_RSSI_DISABLED, hdev, &mgmt_rp,
6335 sizeof(struct mgmt_cc_rsp_enable_rssi), NULL);
6337 hci_conn_rssi_state_set(hdev, mgmt_rp.link_type,
6338 &mgmt_rp.bt_address, false);
6343 cmd = mgmt_pending_find(MGMT_OP_SET_RSSI_DISABLE, hdev);
6345 mgmt_pending_remove(cmd);
6347 hci_dev_unlock(hdev);
6350 static int mgmt_set_disable_rssi(struct sock *sk, struct hci_dev *hdev,
6351 void *data, u16 len)
6353 struct pending_cmd *cmd;
6354 struct hci_request req;
6355 struct hci_cp_set_enable_rssi cp_en = { 0, };
6358 BT_DBG("Set Disable RSSI.");
6360 cp_en.hci_le_ext_opcode = 0x01;
6361 cp_en.le_enable_cs_Features = 0x00;
6362 cp_en.data[0] = 0x00;
6363 cp_en.data[1] = 0x00;
6364 cp_en.data[2] = 0x00;
6368 cmd = mgmt_pending_find(MGMT_OP_SET_RSSI_DISABLE, hdev);
6370 err = cmd_status(sk, hdev->id, MGMT_OP_SET_RSSI_DISABLE,
6371 MGMT_STATUS_FAILED);
6375 if (!lmp_le_capable(hdev)) {
6376 mgmt_pending_remove(cmd);
6377 return cmd_status(sk, hdev->id, MGMT_OP_SET_RSSI_DISABLE,
6378 MGMT_STATUS_NOT_SUPPORTED);
6381 if (!hdev_is_powered(hdev)) {
6382 BT_DBG("%s", hdev->name);
6383 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_RSSI_DISABLE,
6384 MGMT_STATUS_NOT_POWERED, data, len);
6385 mgmt_pending_remove(cmd);
6389 hci_req_init(&req, hdev);
6391 BT_DBG("Enable Len: %d [%2.2X %2.2X %2.2X %2.2X %2.2X]",
6392 sizeof(struct hci_cp_set_enable_rssi),
6393 cp_en.hci_le_ext_opcode, cp_en.le_enable_cs_Features,
6394 cp_en.data[0], cp_en.data[1], cp_en.data[2]);
6396 hci_req_add(&req, HCI_OP_ENABLE_RSSI, sizeof(cp_en), &cp_en);
6397 err = hci_req_run(&req, set_rssi_disable_complete);
6400 mgmt_pending_remove(cmd);
6401 BT_ERR("Error in requesting hci_req_run");
6406 hci_dev_unlock(hdev);
6412 void mgmt_enable_rssi_cc(struct hci_dev *hdev, void *response, u8 status)
6414 struct hci_cc_rsp_enable_rssi *rp = response;
6415 struct pending_cmd *cmd_enable = NULL;
6416 struct pending_cmd *cmd_disable = NULL;
6417 struct mgmt_cp_set_enable_rssi *cp_en;
6418 struct mgmt_cp_disable_rssi *cp_dis;
6421 cmd_enable = mgmt_pending_find(MGMT_OP_SET_RSSI_ENABLE, hdev);
6422 cmd_disable = mgmt_pending_find(MGMT_OP_SET_RSSI_DISABLE, hdev);
6423 hci_dev_unlock(hdev);
6426 BT_DBG("Enable Request");
6429 BT_DBG("Disable Request");
6432 cp_en = cmd_enable->param;
6437 switch (rp->le_ext_opcode) {
6439 BT_DBG("RSSI enabled.. Setting Threshold...");
6440 mgmt_set_rssi_threshold(cmd_enable->sk, hdev,
6441 cp_en, sizeof(*cp_en));
6445 BT_DBG("Sending RSSI enable success");
6446 mgmt_rssi_enable_success(cmd_enable->sk, hdev,
6447 cp_en, rp, rp->status);
6451 } else if (cmd_disable) {
6452 cp_dis = cmd_disable->param;
6457 switch (rp->le_ext_opcode) {
6459 BT_DBG("Sending RSSI disable success");
6460 mgmt_rssi_disable_success(cmd_disable->sk, hdev,
6461 cp_dis, rp, rp->status);
6465 /* Only unset RSSI Threshold values for the Link if
6466 RSSI is monitored for other BREDR or LE Links*/
6467 if (hci_conn_hash_lookup_rssi_count(hdev) > 1) {
6468 BT_DBG("Unset Threshold. Other links being monitored");
6469 mgmt_rssi_disable_success(cmd_disable->sk, hdev,
6470 cp_dis, rp, rp->status);
6472 BT_DBG("Unset Threshold. Disabling...");
6473 mgmt_set_disable_rssi(cmd_disable->sk, hdev,
6474 cp_dis, sizeof(*cp_dis));
6481 static void set_rssi_enable_complete(struct hci_dev *hdev, u8 status, u16 opcode)
6483 BT_DBG("status 0x%02x", status);
6486 static int set_enable_rssi(struct sock *sk, struct hci_dev *hdev,
6487 void *data, u16 len)
6489 struct pending_cmd *cmd;
6490 struct hci_request req;
6491 struct mgmt_cp_set_enable_rssi *cp = data;
6492 struct hci_cp_set_enable_rssi cp_en = { 0, };
6494 BT_DBG("Set Enable RSSI.");
6496 cp_en.hci_le_ext_opcode = 0x01;
6497 cp_en.le_enable_cs_Features = 0x04;
6498 cp_en.data[0] = 0x00;
6499 cp_en.data[1] = 0x00;
6500 cp_en.data[2] = 0x00;
6502 if (!lmp_le_capable(hdev))
6503 return cmd_status(sk, hdev->id, MGMT_OP_SET_RSSI_ENABLE,
6504 MGMT_STATUS_NOT_SUPPORTED);
6507 if (!hdev_is_powered(hdev)) {
6508 BT_DBG("%s", hdev->name);
6509 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_RSSI_ENABLE, 0,
6515 if (mgmt_pending_find(MGMT_OP_SET_RSSI_ENABLE, hdev)) {
6516 BT_DBG("%s", hdev->name);
6517 err = cmd_status(sk, hdev->id, MGMT_OP_SET_RSSI_ENABLE,
6522 cmd = mgmt_pending_add(sk, MGMT_OP_SET_RSSI_ENABLE, hdev, cp, sizeof(*cp));
6524 BT_DBG("%s", hdev->name);
6529 /* If RSSI is already enabled directly set Threshold values*/
6530 if (hci_conn_hash_lookup_rssi_count(hdev) > 0) {
6531 hci_dev_unlock(hdev);
6532 BT_DBG("RSSI Enabled. Directly set Threshold");
6533 err = mgmt_set_rssi_threshold(sk, hdev, cp, sizeof(*cp));
6537 hci_req_init(&req, hdev);
6539 BT_DBG("Enable Len: %d [%2.2X %2.2X %2.2X %2.2X %2.2X]",
6540 sizeof(struct hci_cp_set_enable_rssi),
6541 cp_en.hci_le_ext_opcode, cp_en.le_enable_cs_Features,
6542 cp_en.data[0], cp_en.data[1], cp_en.data[2]);
6544 hci_req_add(&req, HCI_OP_ENABLE_RSSI, sizeof(cp_en), &cp_en);
6545 err = hci_req_run(&req, set_rssi_enable_complete);
6548 mgmt_pending_remove(cmd);
6549 BT_ERR("Error in requesting hci_req_run");
6554 hci_dev_unlock(hdev);
6559 static void get_raw_rssi_complete(struct hci_dev *hdev, u8 status, u16 opcode)
6561 struct pending_cmd *cmd;
6563 BT_DBG("status 0x%02x", status);
6567 cmd = mgmt_pending_find(MGMT_OP_GET_RAW_RSSI, hdev);
6571 cmd_complete(cmd->sk, hdev->id, MGMT_OP_GET_RAW_RSSI, MGMT_STATUS_SUCCESS,
6574 mgmt_pending_remove(cmd);
6577 hci_dev_unlock(hdev);
6580 static int get_raw_rssi(struct sock *sk, struct hci_dev *hdev, void *data,
6583 struct pending_cmd *cmd;
6584 struct hci_request req;
6585 struct mgmt_cp_get_raw_rssi *cp = data;
6586 struct hci_cp_get_raw_rssi hci_cp;
6588 struct hci_conn *conn;
6592 BT_DBG("Get Raw RSSI.");
6593 if (!lmp_le_capable(hdev))
6594 return cmd_status(sk, hdev->id, MGMT_OP_GET_RAW_RSSI,
6595 MGMT_STATUS_NOT_SUPPORTED);
6599 if (cp->link_type == 0x01) {
6600 dest_type = LE_LINK;
6602 dest_type = ACL_LINK;
6605 /* Get LE/BREDR link handle info*/
6606 conn = hci_conn_hash_lookup_ba(hdev,
6607 dest_type, &cp->bt_address);
6609 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_RAW_RSSI, 1,
6613 hci_cp.conn_handle = conn->handle;
6615 if (!hdev_is_powered(hdev)) {
6616 BT_DBG("%s", hdev->name);
6617 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_RAW_RSSI, 0,
6623 if (mgmt_pending_find(MGMT_OP_GET_RAW_RSSI, hdev)) {
6624 BT_DBG("%s", hdev->name);
6625 err = cmd_status(sk, hdev->id, MGMT_OP_GET_RAW_RSSI,
6630 cmd = mgmt_pending_add(sk, MGMT_OP_GET_RAW_RSSI, hdev, data, len);
6632 BT_DBG("%s", hdev->name);
6637 hci_req_init(&req, hdev);
6639 BT_DBG("Connection Handle [%d]", hci_cp.conn_handle);
6640 hci_req_add(&req, HCI_OP_GET_RAW_RSSI, sizeof(hci_cp), &hci_cp);
6641 err = hci_req_run(&req, get_raw_rssi_complete);
6644 mgmt_pending_remove(cmd);
6645 BT_ERR("Error in requesting hci_req_run");
6649 hci_dev_unlock(hdev);
6654 void mgmt_raw_rssi_response(struct hci_dev *hdev,
6655 struct hci_cc_rp_get_raw_rssi *rp, int success)
6657 struct mgmt_cc_rp_get_raw_rssi mgmt_rp = { 0, };
6658 struct hci_conn *conn;
6660 mgmt_rp.status = rp->status;
6661 mgmt_rp.rssi_dbm = rp->rssi_dbm;
6663 conn = hci_conn_hash_lookup_handle(hdev, rp->conn_handle);
6667 bacpy(&mgmt_rp.bt_address, &conn->dst);
6668 if (conn->type == LE_LINK) {
6669 mgmt_rp.link_type = 0x01;
6671 mgmt_rp.link_type = 0x00;
6674 mgmt_event(MGMT_EV_RAW_RSSI, hdev, &mgmt_rp,
6675 sizeof(struct mgmt_cc_rp_get_raw_rssi), NULL);
6678 static void set_disable_threshold_complete(struct hci_dev *hdev,
6679 u8 status, u16 opcode)
6681 BT_DBG("status 0x%02x", status);
6684 /** Removes monitoring for a link*/
6685 static int set_disable_threshold(struct sock *sk, struct hci_dev *hdev,
6686 void *data, u16 len)
6689 struct hci_cp_set_rssi_threshold th = { 0, };
6690 struct mgmt_cp_disable_rssi *cp = data;
6691 struct hci_conn *conn;
6692 struct pending_cmd *cmd;
6693 struct hci_request req;
6695 BT_DBG("Set Disable RSSI.");
6697 if (!lmp_le_capable(hdev)) {
6698 return cmd_status(sk, hdev->id, MGMT_OP_SET_RSSI_DISABLE,
6699 MGMT_STATUS_NOT_SUPPORTED);
6704 /* Get LE/ACL link handle info*/
6705 if (cp->link_type == 0x01)
6706 dest_type = LE_LINK;
6708 dest_type = ACL_LINK;
6710 conn = hci_conn_hash_lookup_ba(hdev,
6711 dest_type, &cp->bdaddr);
6713 err = cmd_complete(sk, hdev->id,
6714 MGMT_OP_SET_RSSI_DISABLE, 1, NULL, 0);
6718 th.hci_le_ext_opcode = 0x0B;
6720 th.conn_handle = conn->handle;
6721 th.alert_mask = 0x00;
6723 th.in_range_th = 0x00;
6726 if (!hdev_is_powered(hdev)) {
6727 BT_DBG("%s", hdev->name);
6728 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_RSSI_DISABLE, 0,
6733 if (mgmt_pending_find(MGMT_OP_SET_RSSI_DISABLE, hdev)) {
6734 BT_DBG("%s", hdev->name);
6735 err = cmd_status(sk, hdev->id, MGMT_OP_SET_RSSI_DISABLE,
6740 cmd = mgmt_pending_add(sk, MGMT_OP_SET_RSSI_DISABLE, hdev, cp, sizeof(*cp));
6742 BT_DBG("%s", hdev->name);
6747 hci_req_init(&req, hdev);
6749 hci_req_add(&req, HCI_OP_ENABLE_RSSI, sizeof(th), &th);
6750 err = hci_req_run(&req, set_disable_threshold_complete);
6752 mgmt_pending_remove(cmd);
6753 BT_ERR("Error in requesting hci_req_run");
6758 hci_dev_unlock(hdev);
6763 void mgmt_rssi_alert_evt(struct hci_dev *hdev, struct sk_buff *skb)
6765 struct hci_ev_vendor_specific_rssi_alert *ev = (void *) skb->data;
6766 struct mgmt_ev_vendor_specific_rssi_alert mgmt_ev;
6767 struct hci_conn *conn;
6769 BT_DBG("RSSI alert [%2.2X %2.2X %2.2X]",
6770 ev->conn_handle, ev->alert_type, ev->rssi_dbm);
6772 conn = hci_conn_hash_lookup_handle(hdev, ev->conn_handle);
6775 BT_ERR("RSSI alert Error: Device not found for handle");
6778 bacpy(&mgmt_ev.bdaddr, &conn->dst);
6780 if (conn->type == LE_LINK)
6781 mgmt_ev.link_type = 0x01;
6783 mgmt_ev.link_type = 0x00;
6785 mgmt_ev.alert_type = ev->alert_type;
6786 mgmt_ev.rssi_dbm = ev->rssi_dbm;
6788 mgmt_event(MGMT_EV_RSSI_ALERT, hdev, &mgmt_ev,
6789 sizeof(struct mgmt_ev_vendor_specific_rssi_alert), NULL);
6792 void mgmt_multi_adv_state_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
6794 struct hci_ev_vendor_specific_multi_adv_state *ev = (void *) skb->data;
6795 struct mgmt_ev_vendor_specific_multi_adv_state_changed mgmt_ev;
6797 BT_DBG("Multi adv state changed [%2.2X %2.2X %2.2X]",
6798 ev->adv_instance, ev->state_change_reason, ev->connection_handle);
6800 mgmt_ev.adv_instance = ev->adv_instance;
6801 mgmt_ev.state_change_reason = ev->state_change_reason;
6802 mgmt_ev.connection_handle = ev->connection_handle;
6804 mgmt_event(MGMT_EV_MULTI_ADV_STATE_CHANGED, hdev, &mgmt_ev,
6805 sizeof(struct mgmt_ev_vendor_specific_multi_adv_state_changed), NULL);
6807 /* END TIZEN_Bluetooth */
6810 static bool ltk_is_valid(struct mgmt_ltk_info *key)
6812 if (key->master != 0x00 && key->master != 0x01)
6815 switch (key->addr.type) {
6816 case BDADDR_LE_PUBLIC:
6819 case BDADDR_LE_RANDOM:
6820 /* Two most significant bits shall be set */
6821 if ((key->addr.bdaddr.b[5] & 0xc0) != 0xc0)
6829 static int load_long_term_keys(struct sock *sk, struct hci_dev *hdev,
6830 void *cp_data, u16 len)
6832 struct mgmt_cp_load_long_term_keys *cp = cp_data;
6833 const u16 max_key_count = ((U16_MAX - sizeof(*cp)) /
6834 sizeof(struct mgmt_ltk_info));
6835 u16 key_count, expected_len;
6838 BT_DBG("request for %s", hdev->name);
6840 if (!lmp_le_capable(hdev))
6841 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
6842 MGMT_STATUS_NOT_SUPPORTED);
6844 key_count = __le16_to_cpu(cp->key_count);
6845 if (key_count > max_key_count) {
6846 BT_ERR("load_ltks: too big key_count value %u", key_count);
6847 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
6848 MGMT_STATUS_INVALID_PARAMS);
6851 expected_len = sizeof(*cp) + key_count *
6852 sizeof(struct mgmt_ltk_info);
6853 if (expected_len != len) {
6854 BT_ERR("load_keys: expected %u bytes, got %u bytes",
6856 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
6857 MGMT_STATUS_INVALID_PARAMS);
6860 BT_DBG("%s key_count %u", hdev->name, key_count);
6862 for (i = 0; i < key_count; i++) {
6863 struct mgmt_ltk_info *key = &cp->keys[i];
6865 if (!ltk_is_valid(key))
6866 return cmd_status(sk, hdev->id,
6867 MGMT_OP_LOAD_LONG_TERM_KEYS,
6868 MGMT_STATUS_INVALID_PARAMS);
6873 hci_smp_ltks_clear(hdev);
6875 for (i = 0; i < key_count; i++) {
6876 struct mgmt_ltk_info *key = &cp->keys[i];
6877 u8 type, addr_type, authenticated;
6879 if (key->addr.type == BDADDR_LE_PUBLIC)
6880 addr_type = ADDR_LE_DEV_PUBLIC;
6882 addr_type = ADDR_LE_DEV_RANDOM;
6884 switch (key->type) {
6885 case MGMT_LTK_UNAUTHENTICATED:
6886 authenticated = 0x00;
6887 type = key->master ? SMP_LTK : SMP_LTK_SLAVE;
6889 case MGMT_LTK_AUTHENTICATED:
6890 authenticated = 0x01;
6891 type = key->master ? SMP_LTK : SMP_LTK_SLAVE;
6893 case MGMT_LTK_P256_UNAUTH:
6894 authenticated = 0x00;
6895 type = SMP_LTK_P256;
6897 case MGMT_LTK_P256_AUTH:
6898 authenticated = 0x01;
6899 type = SMP_LTK_P256;
6901 case MGMT_LTK_P256_DEBUG:
6902 authenticated = 0x00;
6903 type = SMP_LTK_P256_DEBUG;
6908 hci_add_ltk(hdev, &key->addr.bdaddr, addr_type, type,
6909 authenticated, key->val, key->enc_size, key->ediv,
6913 err = cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS, 0,
6916 hci_dev_unlock(hdev);
6921 static int conn_info_cmd_complete(struct pending_cmd *cmd, u8 status)
6923 struct hci_conn *conn = cmd->user_data;
6924 struct mgmt_rp_get_conn_info rp;
6927 memcpy(&rp.addr, cmd->param, sizeof(rp.addr));
6929 if (status == MGMT_STATUS_SUCCESS) {
6930 rp.rssi = conn->rssi;
6931 rp.tx_power = conn->tx_power;
6932 rp.max_tx_power = conn->max_tx_power;
6934 rp.rssi = HCI_RSSI_INVALID;
6935 rp.tx_power = HCI_TX_POWER_INVALID;
6936 rp.max_tx_power = HCI_TX_POWER_INVALID;
6939 err = cmd_complete(cmd->sk, cmd->index, MGMT_OP_GET_CONN_INFO, status,
6942 hci_conn_drop(conn);
6948 static void conn_info_refresh_complete(struct hci_dev *hdev, u8 hci_status,
6951 struct hci_cp_read_rssi *cp;
6952 struct pending_cmd *cmd;
6953 struct hci_conn *conn;
6957 BT_DBG("status 0x%02x", hci_status);
6961 /* Commands sent in request are either Read RSSI or Read Transmit Power
6962 * Level so we check which one was last sent to retrieve connection
6963 * handle. Both commands have handle as first parameter so it's safe to
6964 * cast data on the same command struct.
6966 * First command sent is always Read RSSI and we fail only if it fails.
6967 * In other case we simply override error to indicate success as we
6968 * already remembered if TX power value is actually valid.
6970 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_RSSI);
6972 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_TX_POWER);
6973 status = MGMT_STATUS_SUCCESS;
6975 status = mgmt_status(hci_status);
6979 BT_ERR("invalid sent_cmd in conn_info response");
6983 handle = __le16_to_cpu(cp->handle);
6984 conn = hci_conn_hash_lookup_handle(hdev, handle);
6986 BT_ERR("unknown handle (%d) in conn_info response", handle);
6990 cmd = mgmt_pending_find_data(MGMT_OP_GET_CONN_INFO, hdev, conn);
6994 cmd->cmd_complete(cmd, status);
6995 mgmt_pending_remove(cmd);
6998 hci_dev_unlock(hdev);
7002 #ifdef CONFIG_TIZEN_WIP
7003 /* defination of "prandom_u32_max" is imported from latest kernel,
7004 * so if the kernel is migrated to latest, below defination should be removed
7008 * prandom_u32_max - returns a pseudo-random number in interval [0, ep_ro)
7009 * @ep_ro: right open interval endpoint
7011 * Returns a pseudo-random number that is in interval [0, ep_ro). Note
7012 * that the result depends on PRNG being well distributed in [0, ~0U]
7013 * u32 space. Here we use maximally equidistributed combined Tausworthe
7014 * generator, that is, prandom_u32(). This is useful when requesting a
7015 * random index of an array containing ep_ro elements, for example.
7017 * Returns: pseudo-random number in interval [0, ep_ro)
7019 static inline u32 prandom_u32_max(u32 ep_ro)
7021 #ifdef CONFIG_TIZEN_WIP
7022 return (u32)(((u64) random32() * ep_ro) >> 32);
7024 return (u32)(((u64) prandom_u32() * ep_ro) >> 32);
7029 static int get_conn_info(struct sock *sk, struct hci_dev *hdev, void *data,
7032 struct mgmt_cp_get_conn_info *cp = data;
7033 struct mgmt_rp_get_conn_info rp;
7034 struct hci_conn *conn;
7035 unsigned long conn_info_age;
7038 BT_DBG("%s", hdev->name);
7040 memset(&rp, 0, sizeof(rp));
7041 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
7042 rp.addr.type = cp->addr.type;
7044 if (!bdaddr_type_is_valid(cp->addr.type))
7045 return cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
7046 MGMT_STATUS_INVALID_PARAMS,
7051 if (!hdev_is_powered(hdev)) {
7052 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
7053 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
7057 if (cp->addr.type == BDADDR_BREDR)
7058 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
7061 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
7063 if (!conn || conn->state != BT_CONNECTED) {
7064 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
7065 MGMT_STATUS_NOT_CONNECTED, &rp, sizeof(rp));
7069 if (mgmt_pending_find_data(MGMT_OP_GET_CONN_INFO, hdev, conn)) {
7070 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
7071 MGMT_STATUS_BUSY, &rp, sizeof(rp));
7075 /* To avoid client trying to guess when to poll again for information we
7076 * calculate conn info age as random value between min/max set in hdev.
7078 conn_info_age = hdev->conn_info_min_age +
7079 prandom_u32_max(hdev->conn_info_max_age -
7080 hdev->conn_info_min_age);
7082 /* Query controller to refresh cached values if they are too old or were
7085 if (time_after(jiffies, conn->conn_info_timestamp +
7086 msecs_to_jiffies(conn_info_age)) ||
7087 !conn->conn_info_timestamp) {
7088 struct hci_request req;
7089 struct hci_cp_read_tx_power req_txp_cp;
7090 struct hci_cp_read_rssi req_rssi_cp;
7091 struct pending_cmd *cmd;
7093 hci_req_init(&req, hdev);
7094 req_rssi_cp.handle = cpu_to_le16(conn->handle);
7095 hci_req_add(&req, HCI_OP_READ_RSSI, sizeof(req_rssi_cp),
7098 /* For LE links TX power does not change thus we don't need to
7099 * query for it once value is known.
7101 if (!bdaddr_type_is_le(cp->addr.type) ||
7102 conn->tx_power == HCI_TX_POWER_INVALID) {
7103 req_txp_cp.handle = cpu_to_le16(conn->handle);
7104 req_txp_cp.type = 0x00;
7105 hci_req_add(&req, HCI_OP_READ_TX_POWER,
7106 sizeof(req_txp_cp), &req_txp_cp);
7109 /* Max TX power needs to be read only once per connection */
7110 if (conn->max_tx_power == HCI_TX_POWER_INVALID) {
7111 req_txp_cp.handle = cpu_to_le16(conn->handle);
7112 req_txp_cp.type = 0x01;
7113 hci_req_add(&req, HCI_OP_READ_TX_POWER,
7114 sizeof(req_txp_cp), &req_txp_cp);
7117 err = hci_req_run(&req, conn_info_refresh_complete);
7121 cmd = mgmt_pending_add(sk, MGMT_OP_GET_CONN_INFO, hdev,
7128 hci_conn_hold(conn);
7129 cmd->user_data = hci_conn_get(conn);
7130 cmd->cmd_complete = conn_info_cmd_complete;
7132 conn->conn_info_timestamp = jiffies;
7134 /* Cache is valid, just reply with values cached in hci_conn */
7135 rp.rssi = conn->rssi;
7136 rp.tx_power = conn->tx_power;
7137 rp.max_tx_power = conn->max_tx_power;
7139 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
7140 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
7144 hci_dev_unlock(hdev);
7148 static int clock_info_cmd_complete(struct pending_cmd *cmd, u8 status)
7150 struct hci_conn *conn = cmd->user_data;
7151 struct mgmt_rp_get_clock_info rp;
7152 struct hci_dev *hdev;
7155 memset(&rp, 0, sizeof(rp));
7156 memcpy(&rp.addr, &cmd->param, sizeof(rp.addr));
7161 hdev = hci_dev_get(cmd->index);
7163 rp.local_clock = cpu_to_le32(hdev->clock);
7168 rp.piconet_clock = cpu_to_le32(conn->clock);
7169 rp.accuracy = cpu_to_le16(conn->clock_accuracy);
7173 err = cmd_complete(cmd->sk, cmd->index, cmd->opcode, status, &rp,
7177 hci_conn_drop(conn);
7184 static void get_clock_info_complete(struct hci_dev *hdev, u8 status, u16 opcode)
7186 struct hci_cp_read_clock *hci_cp;
7187 struct pending_cmd *cmd;
7188 struct hci_conn *conn;
7190 BT_DBG("%s status %u", hdev->name, status);
7194 hci_cp = hci_sent_cmd_data(hdev, HCI_OP_READ_CLOCK);
7198 if (hci_cp->which) {
7199 u16 handle = __le16_to_cpu(hci_cp->handle);
7200 conn = hci_conn_hash_lookup_handle(hdev, handle);
7205 cmd = mgmt_pending_find_data(MGMT_OP_GET_CLOCK_INFO, hdev, conn);
7209 cmd->cmd_complete(cmd, mgmt_status(status));
7210 mgmt_pending_remove(cmd);
7213 hci_dev_unlock(hdev);
7216 static int get_clock_info(struct sock *sk, struct hci_dev *hdev, void *data,
7219 struct mgmt_cp_get_clock_info *cp = data;
7220 struct mgmt_rp_get_clock_info rp;
7221 struct hci_cp_read_clock hci_cp;
7222 struct pending_cmd *cmd;
7223 struct hci_request req;
7224 struct hci_conn *conn;
7227 BT_DBG("%s", hdev->name);
7229 memset(&rp, 0, sizeof(rp));
7230 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
7231 rp.addr.type = cp->addr.type;
7233 if (cp->addr.type != BDADDR_BREDR)
7234 return cmd_complete(sk, hdev->id, MGMT_OP_GET_CLOCK_INFO,
7235 MGMT_STATUS_INVALID_PARAMS,
7240 if (!hdev_is_powered(hdev)) {
7241 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CLOCK_INFO,
7242 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
7246 if (bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
7247 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
7249 if (!conn || conn->state != BT_CONNECTED) {
7250 err = cmd_complete(sk, hdev->id,
7251 MGMT_OP_GET_CLOCK_INFO,
7252 MGMT_STATUS_NOT_CONNECTED,
7260 cmd = mgmt_pending_add(sk, MGMT_OP_GET_CLOCK_INFO, hdev, data, len);
7266 cmd->cmd_complete = clock_info_cmd_complete;
7268 hci_req_init(&req, hdev);
7270 memset(&hci_cp, 0, sizeof(hci_cp));
7271 hci_req_add(&req, HCI_OP_READ_CLOCK, sizeof(hci_cp), &hci_cp);
7274 hci_conn_hold(conn);
7275 cmd->user_data = hci_conn_get(conn);
7277 hci_cp.handle = cpu_to_le16(conn->handle);
7278 hci_cp.which = 0x01; /* Piconet clock */
7279 hci_req_add(&req, HCI_OP_READ_CLOCK, sizeof(hci_cp), &hci_cp);
7282 err = hci_req_run(&req, get_clock_info_complete);
7284 mgmt_pending_remove(cmd);
7287 hci_dev_unlock(hdev);
7291 static bool is_connected(struct hci_dev *hdev, bdaddr_t *addr, u8 type)
7293 struct hci_conn *conn;
7295 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, addr);
7299 if (conn->dst_type != type)
7302 if (conn->state != BT_CONNECTED)
7308 /* This function requires the caller holds hdev->lock */
7309 static int hci_conn_params_set(struct hci_request *req, bdaddr_t *addr,
7310 u8 addr_type, u8 auto_connect)
7312 struct hci_dev *hdev = req->hdev;
7313 struct hci_conn_params *params;
7315 params = hci_conn_params_add(hdev, addr, addr_type);
7319 if (params->auto_connect == auto_connect)
7322 list_del_init(¶ms->action);
7324 switch (auto_connect) {
7325 case HCI_AUTO_CONN_DISABLED:
7326 case HCI_AUTO_CONN_LINK_LOSS:
7327 __hci_update_background_scan(req);
7329 case HCI_AUTO_CONN_REPORT:
7330 list_add(¶ms->action, &hdev->pend_le_reports);
7331 __hci_update_background_scan(req);
7333 case HCI_AUTO_CONN_DIRECT:
7334 case HCI_AUTO_CONN_ALWAYS:
7335 if (!is_connected(hdev, addr, addr_type)) {
7336 list_add(¶ms->action, &hdev->pend_le_conns);
7337 __hci_update_background_scan(req);
7342 params->auto_connect = auto_connect;
7344 BT_DBG("addr %pMR (type %u) auto_connect %u", addr, addr_type,
7350 static void device_added(struct sock *sk, struct hci_dev *hdev,
7351 bdaddr_t *bdaddr, u8 type, u8 action)
7353 struct mgmt_ev_device_added ev;
7355 bacpy(&ev.addr.bdaddr, bdaddr);
7356 ev.addr.type = type;
7359 mgmt_event(MGMT_EV_DEVICE_ADDED, hdev, &ev, sizeof(ev), sk);
7362 static void add_device_complete(struct hci_dev *hdev, u8 status, u16 opcode)
7364 struct pending_cmd *cmd;
7366 BT_DBG("status 0x%02x", status);
7370 cmd = mgmt_pending_find(MGMT_OP_ADD_DEVICE, hdev);
7374 cmd->cmd_complete(cmd, mgmt_status(status));
7375 mgmt_pending_remove(cmd);
7378 hci_dev_unlock(hdev);
7381 static int add_device(struct sock *sk, struct hci_dev *hdev,
7382 void *data, u16 len)
7384 struct mgmt_cp_add_device *cp = data;
7385 struct pending_cmd *cmd;
7386 struct hci_request req;
7387 u8 auto_conn, addr_type;
7390 BT_DBG("%s", hdev->name);
7392 if (!bdaddr_type_is_valid(cp->addr.type) ||
7393 !bacmp(&cp->addr.bdaddr, BDADDR_ANY))
7394 return cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
7395 MGMT_STATUS_INVALID_PARAMS,
7396 &cp->addr, sizeof(cp->addr));
7398 if (cp->action != 0x00 && cp->action != 0x01 && cp->action != 0x02)
7399 return cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
7400 MGMT_STATUS_INVALID_PARAMS,
7401 &cp->addr, sizeof(cp->addr));
7403 hci_req_init(&req, hdev);
7407 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_DEVICE, hdev, data, len);
7413 cmd->cmd_complete = addr_cmd_complete;
7415 if (cp->addr.type == BDADDR_BREDR) {
7416 /* Only incoming connections action is supported for now */
7417 if (cp->action != 0x01) {
7418 err = cmd->cmd_complete(cmd,
7419 MGMT_STATUS_INVALID_PARAMS);
7420 mgmt_pending_remove(cmd);
7424 err = hci_bdaddr_list_add(&hdev->whitelist, &cp->addr.bdaddr,
7429 __hci_update_page_scan(&req);
7434 if (cp->addr.type == BDADDR_LE_PUBLIC)
7435 addr_type = ADDR_LE_DEV_PUBLIC;
7437 addr_type = ADDR_LE_DEV_RANDOM;
7439 if (cp->action == 0x02)
7440 auto_conn = HCI_AUTO_CONN_ALWAYS;
7441 else if (cp->action == 0x01)
7442 auto_conn = HCI_AUTO_CONN_DIRECT;
7444 auto_conn = HCI_AUTO_CONN_REPORT;
7446 /* If the connection parameters don't exist for this device,
7447 * they will be created and configured with defaults.
7449 if (hci_conn_params_set(&req, &cp->addr.bdaddr, addr_type,
7451 err = cmd->cmd_complete(cmd, MGMT_STATUS_FAILED);
7452 mgmt_pending_remove(cmd);
7457 device_added(sk, hdev, &cp->addr.bdaddr, cp->addr.type, cp->action);
7459 err = hci_req_run(&req, add_device_complete);
7461 /* ENODATA means no HCI commands were needed (e.g. if
7462 * the adapter is powered off).
7464 if (err == -ENODATA)
7465 err = cmd->cmd_complete(cmd, MGMT_STATUS_SUCCESS);
7466 mgmt_pending_remove(cmd);
7470 hci_dev_unlock(hdev);
7474 static void device_removed(struct sock *sk, struct hci_dev *hdev,
7475 bdaddr_t *bdaddr, u8 type)
7477 struct mgmt_ev_device_removed ev;
7479 bacpy(&ev.addr.bdaddr, bdaddr);
7480 ev.addr.type = type;
7482 mgmt_event(MGMT_EV_DEVICE_REMOVED, hdev, &ev, sizeof(ev), sk);
7485 static void remove_device_complete(struct hci_dev *hdev, u8 status, u16 opcode)
7487 struct pending_cmd *cmd;
7489 BT_DBG("status 0x%02x", status);
7493 cmd = mgmt_pending_find(MGMT_OP_REMOVE_DEVICE, hdev);
7497 cmd->cmd_complete(cmd, mgmt_status(status));
7498 mgmt_pending_remove(cmd);
7501 hci_dev_unlock(hdev);
7504 static int remove_device(struct sock *sk, struct hci_dev *hdev,
7505 void *data, u16 len)
7507 struct mgmt_cp_remove_device *cp = data;
7508 struct pending_cmd *cmd;
7509 struct hci_request req;
7512 BT_DBG("%s", hdev->name);
7514 hci_req_init(&req, hdev);
7518 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_DEVICE, hdev, data, len);
7524 cmd->cmd_complete = addr_cmd_complete;
7526 if (bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
7527 struct hci_conn_params *params;
7530 if (!bdaddr_type_is_valid(cp->addr.type)) {
7531 err = cmd->cmd_complete(cmd,
7532 MGMT_STATUS_INVALID_PARAMS);
7533 mgmt_pending_remove(cmd);
7537 if (cp->addr.type == BDADDR_BREDR) {
7538 err = hci_bdaddr_list_del(&hdev->whitelist,
7542 err = cmd->cmd_complete(cmd,
7543 MGMT_STATUS_INVALID_PARAMS);
7544 mgmt_pending_remove(cmd);
7548 __hci_update_page_scan(&req);
7550 device_removed(sk, hdev, &cp->addr.bdaddr,
7555 if (cp->addr.type == BDADDR_LE_PUBLIC)
7556 addr_type = ADDR_LE_DEV_PUBLIC;
7558 addr_type = ADDR_LE_DEV_RANDOM;
7560 params = hci_conn_params_lookup(hdev, &cp->addr.bdaddr,
7563 err = cmd->cmd_complete(cmd,
7564 MGMT_STATUS_INVALID_PARAMS);
7565 mgmt_pending_remove(cmd);
7569 if (params->auto_connect == HCI_AUTO_CONN_DISABLED) {
7570 err = cmd->cmd_complete(cmd,
7571 MGMT_STATUS_INVALID_PARAMS);
7572 mgmt_pending_remove(cmd);
7576 list_del(¶ms->action);
7577 list_del(¶ms->list);
7579 __hci_update_background_scan(&req);
7581 device_removed(sk, hdev, &cp->addr.bdaddr, cp->addr.type);
7583 struct hci_conn_params *p, *tmp;
7584 struct bdaddr_list *b, *btmp;
7586 if (cp->addr.type) {
7587 err = cmd->cmd_complete(cmd,
7588 MGMT_STATUS_INVALID_PARAMS);
7589 mgmt_pending_remove(cmd);
7593 list_for_each_entry_safe(b, btmp, &hdev->whitelist, list) {
7594 device_removed(sk, hdev, &b->bdaddr, b->bdaddr_type);
7599 __hci_update_page_scan(&req);
7601 list_for_each_entry_safe(p, tmp, &hdev->le_conn_params, list) {
7602 if (p->auto_connect == HCI_AUTO_CONN_DISABLED)
7604 device_removed(sk, hdev, &p->addr, p->addr_type);
7605 list_del(&p->action);
7610 BT_DBG("All LE connection parameters were removed");
7612 __hci_update_background_scan(&req);
7616 err = hci_req_run(&req, remove_device_complete);
7618 /* ENODATA means no HCI commands were needed (e.g. if
7619 * the adapter is powered off).
7621 if (err == -ENODATA)
7622 err = cmd->cmd_complete(cmd, MGMT_STATUS_SUCCESS);
7623 mgmt_pending_remove(cmd);
7627 hci_dev_unlock(hdev);
7631 static int load_conn_param(struct sock *sk, struct hci_dev *hdev, void *data,
7634 struct mgmt_cp_load_conn_param *cp = data;
7635 const u16 max_param_count = ((U16_MAX - sizeof(*cp)) /
7636 sizeof(struct mgmt_conn_param));
7637 u16 param_count, expected_len;
7640 if (!lmp_le_capable(hdev))
7641 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
7642 MGMT_STATUS_NOT_SUPPORTED);
7644 param_count = __le16_to_cpu(cp->param_count);
7645 if (param_count > max_param_count) {
7646 BT_ERR("load_conn_param: too big param_count value %u",
7648 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
7649 MGMT_STATUS_INVALID_PARAMS);
7652 expected_len = sizeof(*cp) + param_count *
7653 sizeof(struct mgmt_conn_param);
7654 if (expected_len != len) {
7655 BT_ERR("load_conn_param: expected %u bytes, got %u bytes",
7657 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
7658 MGMT_STATUS_INVALID_PARAMS);
7661 BT_DBG("%s param_count %u", hdev->name, param_count);
7665 hci_conn_params_clear_disabled(hdev);
7667 for (i = 0; i < param_count; i++) {
7668 struct mgmt_conn_param *param = &cp->params[i];
7669 struct hci_conn_params *hci_param;
7670 u16 min, max, latency, timeout;
7673 BT_DBG("Adding %pMR (type %u)", ¶m->addr.bdaddr,
7676 if (param->addr.type == BDADDR_LE_PUBLIC) {
7677 addr_type = ADDR_LE_DEV_PUBLIC;
7678 } else if (param->addr.type == BDADDR_LE_RANDOM) {
7679 addr_type = ADDR_LE_DEV_RANDOM;
7681 BT_ERR("Ignoring invalid connection parameters");
7685 min = le16_to_cpu(param->min_interval);
7686 max = le16_to_cpu(param->max_interval);
7687 latency = le16_to_cpu(param->latency);
7688 timeout = le16_to_cpu(param->timeout);
7690 BT_DBG("min 0x%04x max 0x%04x latency 0x%04x timeout 0x%04x",
7691 min, max, latency, timeout);
7693 if (hci_check_conn_params(min, max, latency, timeout) < 0) {
7694 BT_ERR("Ignoring invalid connection parameters");
7698 hci_param = hci_conn_params_add(hdev, ¶m->addr.bdaddr,
7701 BT_ERR("Failed to add connection parameters");
7705 hci_param->conn_min_interval = min;
7706 hci_param->conn_max_interval = max;
7707 hci_param->conn_latency = latency;
7708 hci_param->supervision_timeout = timeout;
7711 hci_dev_unlock(hdev);
7713 return cmd_complete(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM, 0, NULL, 0);
7716 static int set_external_config(struct sock *sk, struct hci_dev *hdev,
7717 void *data, u16 len)
7719 struct mgmt_cp_set_external_config *cp = data;
7723 BT_DBG("%s", hdev->name);
7725 if (hdev_is_powered(hdev))
7726 return cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
7727 MGMT_STATUS_REJECTED);
7729 if (cp->config != 0x00 && cp->config != 0x01)
7730 return cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
7731 MGMT_STATUS_INVALID_PARAMS);
7733 if (!test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks))
7734 return cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
7735 MGMT_STATUS_NOT_SUPPORTED);
7740 changed = !test_and_set_bit(HCI_EXT_CONFIGURED,
7743 changed = test_and_clear_bit(HCI_EXT_CONFIGURED,
7746 err = send_options_rsp(sk, MGMT_OP_SET_EXTERNAL_CONFIG, hdev);
7753 err = new_options(hdev, sk);
7755 if (test_bit(HCI_UNCONFIGURED, &hdev->dev_flags) == is_configured(hdev)) {
7756 mgmt_index_removed(hdev);
7758 if (test_and_change_bit(HCI_UNCONFIGURED, &hdev->dev_flags)) {
7759 set_bit(HCI_CONFIG, &hdev->dev_flags);
7760 set_bit(HCI_AUTO_OFF, &hdev->dev_flags);
7762 queue_work(hdev->req_workqueue, &hdev->power_on);
7764 set_bit(HCI_RAW, &hdev->flags);
7765 mgmt_index_added(hdev);
7770 hci_dev_unlock(hdev);
7774 static int set_public_address(struct sock *sk, struct hci_dev *hdev,
7775 void *data, u16 len)
7777 struct mgmt_cp_set_public_address *cp = data;
7781 BT_DBG("%s", hdev->name);
7783 if (hdev_is_powered(hdev))
7784 return cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
7785 MGMT_STATUS_REJECTED);
7787 if (!bacmp(&cp->bdaddr, BDADDR_ANY))
7788 return cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
7789 MGMT_STATUS_INVALID_PARAMS);
7791 if (!hdev->set_bdaddr)
7792 return cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
7793 MGMT_STATUS_NOT_SUPPORTED);
7797 changed = !!bacmp(&hdev->public_addr, &cp->bdaddr);
7798 bacpy(&hdev->public_addr, &cp->bdaddr);
7800 err = send_options_rsp(sk, MGMT_OP_SET_PUBLIC_ADDRESS, hdev);
7807 if (test_bit(HCI_UNCONFIGURED, &hdev->dev_flags))
7808 err = new_options(hdev, sk);
7810 if (is_configured(hdev)) {
7811 mgmt_index_removed(hdev);
7813 clear_bit(HCI_UNCONFIGURED, &hdev->dev_flags);
7815 set_bit(HCI_CONFIG, &hdev->dev_flags);
7816 set_bit(HCI_AUTO_OFF, &hdev->dev_flags);
7818 queue_work(hdev->req_workqueue, &hdev->power_on);
7822 hci_dev_unlock(hdev);
7826 static const struct mgmt_handler {
7827 int (*func) (struct sock *sk, struct hci_dev *hdev, void *data,
7831 } mgmt_handlers[] = {
7832 { NULL }, /* 0x0000 (no command) */
7833 { read_version, false, MGMT_READ_VERSION_SIZE },
7834 { read_commands, false, MGMT_READ_COMMANDS_SIZE },
7835 { read_index_list, false, MGMT_READ_INDEX_LIST_SIZE },
7836 { read_controller_info, false, MGMT_READ_INFO_SIZE },
7837 { set_powered, false, MGMT_SETTING_SIZE },
7838 { set_discoverable, false, MGMT_SET_DISCOVERABLE_SIZE },
7839 { set_connectable, false, MGMT_SETTING_SIZE },
7840 { set_fast_connectable, false, MGMT_SETTING_SIZE },
7841 { set_bondable, false, MGMT_SETTING_SIZE },
7842 { set_link_security, false, MGMT_SETTING_SIZE },
7843 { set_ssp, false, MGMT_SETTING_SIZE },
7844 { set_hs, false, MGMT_SETTING_SIZE },
7845 { set_le, false, MGMT_SETTING_SIZE },
7846 { set_dev_class, false, MGMT_SET_DEV_CLASS_SIZE },
7847 { set_local_name, false, MGMT_SET_LOCAL_NAME_SIZE },
7848 { add_uuid, false, MGMT_ADD_UUID_SIZE },
7849 { remove_uuid, false, MGMT_REMOVE_UUID_SIZE },
7850 { load_link_keys, true, MGMT_LOAD_LINK_KEYS_SIZE },
7851 { load_long_term_keys, true, MGMT_LOAD_LONG_TERM_KEYS_SIZE },
7852 { disconnect, false, MGMT_DISCONNECT_SIZE },
7853 { get_connections, false, MGMT_GET_CONNECTIONS_SIZE },
7854 { pin_code_reply, false, MGMT_PIN_CODE_REPLY_SIZE },
7855 { pin_code_neg_reply, false, MGMT_PIN_CODE_NEG_REPLY_SIZE },
7856 { set_io_capability, false, MGMT_SET_IO_CAPABILITY_SIZE },
7857 { pair_device, false, MGMT_PAIR_DEVICE_SIZE },
7858 { cancel_pair_device, false, MGMT_CANCEL_PAIR_DEVICE_SIZE },
7859 { unpair_device, false, MGMT_UNPAIR_DEVICE_SIZE },
7860 { user_confirm_reply, false, MGMT_USER_CONFIRM_REPLY_SIZE },
7861 { user_confirm_neg_reply, false, MGMT_USER_CONFIRM_NEG_REPLY_SIZE },
7862 { user_passkey_reply, false, MGMT_USER_PASSKEY_REPLY_SIZE },
7863 { user_passkey_neg_reply, false, MGMT_USER_PASSKEY_NEG_REPLY_SIZE },
7864 { read_local_oob_data, false, MGMT_READ_LOCAL_OOB_DATA_SIZE },
7865 { add_remote_oob_data, true, MGMT_ADD_REMOTE_OOB_DATA_SIZE },
7866 { remove_remote_oob_data, false, MGMT_REMOVE_REMOTE_OOB_DATA_SIZE },
7867 { start_discovery, false, MGMT_START_DISCOVERY_SIZE },
7868 { stop_discovery, false, MGMT_STOP_DISCOVERY_SIZE },
7869 { confirm_name, false, MGMT_CONFIRM_NAME_SIZE },
7870 { block_device, false, MGMT_BLOCK_DEVICE_SIZE },
7871 { unblock_device, false, MGMT_UNBLOCK_DEVICE_SIZE },
7872 { set_device_id, false, MGMT_SET_DEVICE_ID_SIZE },
7873 { set_advertising, false, MGMT_SETTING_SIZE },
7874 { set_bredr, false, MGMT_SETTING_SIZE },
7875 { set_static_address, false, MGMT_SET_STATIC_ADDRESS_SIZE },
7876 { set_scan_params, false, MGMT_SET_SCAN_PARAMS_SIZE },
7877 { set_secure_conn, false, MGMT_SETTING_SIZE },
7878 { set_debug_keys, false, MGMT_SETTING_SIZE },
7879 { set_privacy, false, MGMT_SET_PRIVACY_SIZE },
7880 { load_irks, true, MGMT_LOAD_IRKS_SIZE },
7881 { get_conn_info, false, MGMT_GET_CONN_INFO_SIZE },
7882 { get_clock_info, false, MGMT_GET_CLOCK_INFO_SIZE },
7883 { add_device, false, MGMT_ADD_DEVICE_SIZE },
7884 { remove_device, false, MGMT_REMOVE_DEVICE_SIZE },
7885 { load_conn_param, true, MGMT_LOAD_CONN_PARAM_SIZE },
7886 { read_unconf_index_list, false, MGMT_READ_UNCONF_INDEX_LIST_SIZE },
7887 { read_config_info, false, MGMT_READ_CONFIG_INFO_SIZE },
7888 { set_external_config, false, MGMT_SET_EXTERNAL_CONFIG_SIZE },
7889 { set_public_address, false, MGMT_SET_PUBLIC_ADDRESS_SIZE },
7890 { start_service_discovery,true, MGMT_START_SERVICE_DISCOVERY_SIZE },
7893 #ifdef CONFIG_TIZEN_WIP
7894 static const struct mgmt_handler tizen_mgmt_handlers[] = {
7895 { NULL }, /* 0x0000 (no command) */
7896 { set_advertising_params, false, MGMT_SET_ADVERTISING_PARAMS_SIZE },
7897 { set_advertising_data, true, MGMT_SET_ADV_MIN_APP_DATA_SIZE },
7898 { set_scan_rsp_data, true, MGMT_SET_SCAN_RSP_MIN_APP_DATA_SIZE },
7899 { add_white_list, false, MGMT_ADD_DEV_WHITE_LIST_SIZE },
7900 { remove_from_white_list, false, MGMT_REMOVE_DEV_FROM_WHITE_LIST_SIZE },
7901 { clear_white_list, false, MGMT_OP_CLEAR_DEV_WHITE_LIST_SIZE },
7902 { set_enable_rssi, false, MGMT_SET_RSSI_ENABLE_SIZE },
7903 { get_raw_rssi, false, MGMT_GET_RAW_RSSI_SIZE },
7904 { set_disable_threshold, false, MGMT_SET_RSSI_DISABLE_SIZE },
7905 { start_le_discovery, false, MGMT_START_LE_DISCOVERY_SIZE },
7906 { stop_le_discovery, false, MGMT_STOP_LE_DISCOVERY_SIZE },
7907 { disable_le_auto_connect, false, MGMT_DISABLE_LE_AUTO_CONNECT_SIZE },
7908 { le_conn_update, false, MGMT_LE_CONN_UPDATE_SIZE},
7909 { set_manufacturer_data, false, MGMT_SET_MANUFACTURER_DATA_SIZE},
7910 { le_set_scan_params, false, MGMT_LE_SET_SCAN_PARAMS_SIZE },
7911 { set_voice_setting, false, MGMT_SET_VOICE_SETTING_SIZE},
7912 { get_adv_tx_power, false, MGMT_GET_ADV_TX_POWER_SIZE}
7916 int mgmt_control(struct sock *sk, struct msghdr *msg, size_t msglen)
7920 struct mgmt_hdr *hdr;
7921 u16 opcode, index, len;
7922 struct hci_dev *hdev = NULL;
7923 const struct mgmt_handler *handler;
7926 BT_DBG("got %zu bytes", msglen);
7928 if (msglen < sizeof(*hdr))
7931 buf = kmalloc(msglen, GFP_KERNEL);
7935 #ifdef CONFIG_TIZEN_WIP
7936 if (memcpy_fromiovec(buf, msg->msg_iov, msglen)) {
7938 if (memcpy_from_msg(buf, msg, msglen)) {
7945 opcode = __le16_to_cpu(hdr->opcode);
7946 index = __le16_to_cpu(hdr->index);
7947 len = __le16_to_cpu(hdr->len);
7949 if (len != msglen - sizeof(*hdr)) {
7954 if (index != MGMT_INDEX_NONE) {
7955 hdev = hci_dev_get(index);
7957 err = cmd_status(sk, index, opcode,
7958 MGMT_STATUS_INVALID_INDEX);
7962 if (test_bit(HCI_SETUP, &hdev->dev_flags) ||
7963 test_bit(HCI_CONFIG, &hdev->dev_flags) ||
7964 test_bit(HCI_USER_CHANNEL, &hdev->dev_flags)) {
7965 err = cmd_status(sk, index, opcode,
7966 MGMT_STATUS_INVALID_INDEX);
7970 if (test_bit(HCI_UNCONFIGURED, &hdev->dev_flags) &&
7971 opcode != MGMT_OP_READ_CONFIG_INFO &&
7972 opcode != MGMT_OP_SET_EXTERNAL_CONFIG &&
7973 opcode != MGMT_OP_SET_PUBLIC_ADDRESS) {
7974 err = cmd_status(sk, index, opcode,
7975 MGMT_STATUS_INVALID_INDEX);
7980 if (opcode >= ARRAY_SIZE(mgmt_handlers) ||
7981 mgmt_handlers[opcode].func == NULL) {
7982 #ifdef CONFIG_TIZEN_WIP
7983 u16 tizen_opcode = opcode - TIZEN_OP_CODE_BASE;
7985 if (tizen_opcode > 0 &&
7986 tizen_opcode < ARRAY_SIZE(tizen_mgmt_handlers) &&
7987 tizen_mgmt_handlers[tizen_opcode].func) {
7989 handler = &tizen_mgmt_handlers[tizen_opcode];
7993 BT_DBG("Unknown op %u", opcode);
7994 err = cmd_status(sk, index, opcode,
7995 MGMT_STATUS_UNKNOWN_COMMAND);
7999 if (hdev && (opcode <= MGMT_OP_READ_INDEX_LIST ||
8000 opcode == MGMT_OP_READ_UNCONF_INDEX_LIST)) {
8001 err = cmd_status(sk, index, opcode,
8002 MGMT_STATUS_INVALID_INDEX);
8006 if (!hdev && (opcode > MGMT_OP_READ_INDEX_LIST &&
8007 opcode != MGMT_OP_READ_UNCONF_INDEX_LIST)) {
8008 err = cmd_status(sk, index, opcode,
8009 MGMT_STATUS_INVALID_INDEX);
8013 handler = &mgmt_handlers[opcode];
8015 #ifdef CONFIG_TIZEN_WIP
8018 if ((handler->var_len && len < handler->data_len) ||
8019 (!handler->var_len && len != handler->data_len)) {
8020 err = cmd_status(sk, index, opcode,
8021 MGMT_STATUS_INVALID_PARAMS);
8026 mgmt_init_hdev(sk, hdev);
8028 cp = buf + sizeof(*hdr);
8030 err = handler->func(sk, hdev, cp, len);
8044 void mgmt_index_added(struct hci_dev *hdev)
8046 if (hdev->dev_type != HCI_BREDR)
8049 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
8052 if (test_bit(HCI_UNCONFIGURED, &hdev->dev_flags))
8053 mgmt_event(MGMT_EV_UNCONF_INDEX_ADDED, hdev, NULL, 0, NULL);
8055 mgmt_event(MGMT_EV_INDEX_ADDED, hdev, NULL, 0, NULL);
8058 void mgmt_index_removed(struct hci_dev *hdev)
8060 u8 status = MGMT_STATUS_INVALID_INDEX;
8062 if (hdev->dev_type != HCI_BREDR)
8065 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
8068 mgmt_pending_foreach(0, hdev, cmd_complete_rsp, &status);
8070 if (test_bit(HCI_UNCONFIGURED, &hdev->dev_flags))
8071 mgmt_event(MGMT_EV_UNCONF_INDEX_REMOVED, hdev, NULL, 0, NULL);
8073 mgmt_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0, NULL);
8076 /* This function requires the caller holds hdev->lock */
8077 static void restart_le_actions(struct hci_request *req)
8079 struct hci_dev *hdev = req->hdev;
8080 struct hci_conn_params *p;
8082 list_for_each_entry(p, &hdev->le_conn_params, list) {
8083 /* Needed for AUTO_OFF case where might not "really"
8084 * have been powered off.
8086 list_del_init(&p->action);
8088 switch (p->auto_connect) {
8089 case HCI_AUTO_CONN_DIRECT:
8090 case HCI_AUTO_CONN_ALWAYS:
8091 list_add(&p->action, &hdev->pend_le_conns);
8093 case HCI_AUTO_CONN_REPORT:
8094 list_add(&p->action, &hdev->pend_le_reports);
8101 __hci_update_background_scan(req);
8104 static void powered_complete(struct hci_dev *hdev, u8 status, u16 opcode)
8106 struct cmd_lookup match = { NULL, hdev };
8108 BT_DBG("status 0x%02x", status);
8111 /* Register the available SMP channels (BR/EDR and LE) only
8112 * when successfully powering on the controller. This late
8113 * registration is required so that LE SMP can clearly
8114 * decide if the public address or static address is used.
8121 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
8123 new_settings(hdev, match.sk);
8125 hci_dev_unlock(hdev);
8131 static int powered_update_hci(struct hci_dev *hdev)
8133 struct hci_request req;
8136 hci_req_init(&req, hdev);
8138 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags) &&
8139 !lmp_host_ssp_capable(hdev)) {
8142 hci_req_add(&req, HCI_OP_WRITE_SSP_MODE, sizeof(mode), &mode);
8144 if (bredr_sc_enabled(hdev) && !lmp_host_sc_capable(hdev)) {
8147 hci_req_add(&req, HCI_OP_WRITE_SC_SUPPORT,
8148 sizeof(support), &support);
8152 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags) &&
8153 lmp_bredr_capable(hdev)) {
8154 struct hci_cp_write_le_host_supported cp;
8159 /* Check first if we already have the right
8160 * host state (host features set)
8162 if (cp.le != lmp_host_le_capable(hdev) ||
8163 cp.simul != lmp_host_le_br_capable(hdev))
8164 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED,
8168 if (lmp_le_capable(hdev)) {
8169 /* Make sure the controller has a good default for
8170 * advertising data. This also applies to the case
8171 * where BR/EDR was toggled during the AUTO_OFF phase.
8173 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
8174 update_adv_data(&req);
8175 update_scan_rsp_data(&req);
8178 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
8179 enable_advertising(&req);
8181 restart_le_actions(&req);
8184 link_sec = test_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
8185 if (link_sec != test_bit(HCI_AUTH, &hdev->flags))
8186 hci_req_add(&req, HCI_OP_WRITE_AUTH_ENABLE,
8187 sizeof(link_sec), &link_sec);
8189 if (lmp_bredr_capable(hdev)) {
8190 write_fast_connectable(&req, false);
8191 __hci_update_page_scan(&req);
8197 return hci_req_run(&req, powered_complete);
8200 int mgmt_powered(struct hci_dev *hdev, u8 powered)
8202 struct cmd_lookup match = { NULL, hdev };
8203 u8 status, zero_cod[] = { 0, 0, 0 };
8206 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
8210 if (powered_update_hci(hdev) == 0)
8213 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp,
8218 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
8220 /* If the power off is because of hdev unregistration let
8221 * use the appropriate INVALID_INDEX status. Otherwise use
8222 * NOT_POWERED. We cover both scenarios here since later in
8223 * mgmt_index_removed() any hci_conn callbacks will have already
8224 * been triggered, potentially causing misleading DISCONNECTED
8227 if (test_bit(HCI_UNREGISTER, &hdev->dev_flags))
8228 status = MGMT_STATUS_INVALID_INDEX;
8230 status = MGMT_STATUS_NOT_POWERED;
8232 mgmt_pending_foreach(0, hdev, cmd_complete_rsp, &status);
8234 if (memcmp(hdev->dev_class, zero_cod, sizeof(zero_cod)) != 0)
8235 mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev,
8236 zero_cod, sizeof(zero_cod), NULL);
8239 err = new_settings(hdev, match.sk);
8247 void mgmt_set_powered_failed(struct hci_dev *hdev, int err)
8249 struct pending_cmd *cmd;
8252 cmd = mgmt_pending_find(MGMT_OP_SET_POWERED, hdev);
8256 if (err == -ERFKILL)
8257 status = MGMT_STATUS_RFKILLED;
8259 status = MGMT_STATUS_FAILED;
8261 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_POWERED, status);
8263 mgmt_pending_remove(cmd);
8266 void mgmt_discoverable_timeout(struct hci_dev *hdev)
8268 struct hci_request req;
8272 /* When discoverable timeout triggers, then just make sure
8273 * the limited discoverable flag is cleared. Even in the case
8274 * of a timeout triggered from general discoverable, it is
8275 * safe to unconditionally clear the flag.
8277 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
8278 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
8280 hci_req_init(&req, hdev);
8281 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
8282 u8 scan = SCAN_PAGE;
8283 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE,
8284 sizeof(scan), &scan);
8287 update_adv_data(&req);
8288 hci_req_run(&req, NULL);
8290 hdev->discov_timeout = 0;
8292 new_settings(hdev, NULL);
8294 hci_dev_unlock(hdev);
8297 void mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key,
8300 struct mgmt_ev_new_link_key ev;
8302 memset(&ev, 0, sizeof(ev));
8304 ev.store_hint = persistent;
8305 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
8306 ev.key.addr.type = BDADDR_BREDR;
8307 ev.key.type = key->type;
8308 memcpy(ev.key.val, key->val, HCI_LINK_KEY_SIZE);
8309 ev.key.pin_len = key->pin_len;
8311 mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL);
8314 static u8 mgmt_ltk_type(struct smp_ltk *ltk)
8316 switch (ltk->type) {
8319 if (ltk->authenticated)
8320 return MGMT_LTK_AUTHENTICATED;
8321 return MGMT_LTK_UNAUTHENTICATED;
8323 if (ltk->authenticated)
8324 return MGMT_LTK_P256_AUTH;
8325 return MGMT_LTK_P256_UNAUTH;
8326 case SMP_LTK_P256_DEBUG:
8327 return MGMT_LTK_P256_DEBUG;
8330 return MGMT_LTK_UNAUTHENTICATED;
8333 void mgmt_new_ltk(struct hci_dev *hdev, struct smp_ltk *key, bool persistent)
8335 struct mgmt_ev_new_long_term_key ev;
8337 memset(&ev, 0, sizeof(ev));
8339 /* Devices using resolvable or non-resolvable random addresses
8340 * without providing an indentity resolving key don't require
8341 * to store long term keys. Their addresses will change the
8344 * Only when a remote device provides an identity address
8345 * make sure the long term key is stored. If the remote
8346 * identity is known, the long term keys are internally
8347 * mapped to the identity address. So allow static random
8348 * and public addresses here.
8350 if (key->bdaddr_type == ADDR_LE_DEV_RANDOM &&
8351 (key->bdaddr.b[5] & 0xc0) != 0xc0)
8352 ev.store_hint = 0x00;
8354 ev.store_hint = persistent;
8356 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
8357 ev.key.addr.type = link_to_bdaddr(LE_LINK, key->bdaddr_type);
8358 ev.key.type = mgmt_ltk_type(key);
8359 ev.key.enc_size = key->enc_size;
8360 ev.key.ediv = key->ediv;
8361 ev.key.rand = key->rand;
8363 if (key->type == SMP_LTK)
8366 memcpy(ev.key.val, key->val, sizeof(key->val));
8368 mgmt_event(MGMT_EV_NEW_LONG_TERM_KEY, hdev, &ev, sizeof(ev), NULL);
8371 void mgmt_new_irk(struct hci_dev *hdev, struct smp_irk *irk)
8373 struct mgmt_ev_new_irk ev;
8375 memset(&ev, 0, sizeof(ev));
8377 /* For identity resolving keys from devices that are already
8378 * using a public address or static random address, do not
8379 * ask for storing this key. The identity resolving key really
8380 * is only mandatory for devices using resovlable random
8383 * Storing all identity resolving keys has the downside that
8384 * they will be also loaded on next boot of they system. More
8385 * identity resolving keys, means more time during scanning is
8386 * needed to actually resolve these addresses.
8388 if (bacmp(&irk->rpa, BDADDR_ANY))
8389 ev.store_hint = 0x01;
8391 ev.store_hint = 0x00;
8393 bacpy(&ev.rpa, &irk->rpa);
8394 bacpy(&ev.irk.addr.bdaddr, &irk->bdaddr);
8395 ev.irk.addr.type = link_to_bdaddr(LE_LINK, irk->addr_type);
8396 memcpy(ev.irk.val, irk->val, sizeof(irk->val));
8398 mgmt_event(MGMT_EV_NEW_IRK, hdev, &ev, sizeof(ev), NULL);
8401 void mgmt_new_csrk(struct hci_dev *hdev, struct smp_csrk *csrk,
8404 struct mgmt_ev_new_csrk ev;
8406 memset(&ev, 0, sizeof(ev));
8408 /* Devices using resolvable or non-resolvable random addresses
8409 * without providing an indentity resolving key don't require
8410 * to store signature resolving keys. Their addresses will change
8411 * the next time around.
8413 * Only when a remote device provides an identity address
8414 * make sure the signature resolving key is stored. So allow
8415 * static random and public addresses here.
8417 if (csrk->bdaddr_type == ADDR_LE_DEV_RANDOM &&
8418 (csrk->bdaddr.b[5] & 0xc0) != 0xc0)
8419 ev.store_hint = 0x00;
8421 ev.store_hint = persistent;
8423 bacpy(&ev.key.addr.bdaddr, &csrk->bdaddr);
8424 ev.key.addr.type = link_to_bdaddr(LE_LINK, csrk->bdaddr_type);
8425 ev.key.master = csrk->master;
8426 memcpy(ev.key.val, csrk->val, sizeof(csrk->val));
8428 mgmt_event(MGMT_EV_NEW_CSRK, hdev, &ev, sizeof(ev), NULL);
8431 void mgmt_new_conn_param(struct hci_dev *hdev, bdaddr_t *bdaddr,
8432 u8 bdaddr_type, u8 store_hint, u16 min_interval,
8433 u16 max_interval, u16 latency, u16 timeout)
8435 struct mgmt_ev_new_conn_param ev;
8437 if (!hci_is_identity_address(bdaddr, bdaddr_type))
8440 memset(&ev, 0, sizeof(ev));
8441 bacpy(&ev.addr.bdaddr, bdaddr);
8442 ev.addr.type = link_to_bdaddr(LE_LINK, bdaddr_type);
8443 ev.store_hint = store_hint;
8444 ev.min_interval = cpu_to_le16(min_interval);
8445 ev.max_interval = cpu_to_le16(max_interval);
8446 ev.latency = cpu_to_le16(latency);
8447 ev.timeout = cpu_to_le16(timeout);
8449 mgmt_event(MGMT_EV_NEW_CONN_PARAM, hdev, &ev, sizeof(ev), NULL);
8452 static inline u16 eir_append_data(u8 *eir, u16 eir_len, u8 type, u8 *data,
8455 eir[eir_len++] = sizeof(type) + data_len;
8456 eir[eir_len++] = type;
8457 memcpy(&eir[eir_len], data, data_len);
8458 eir_len += data_len;
8463 void mgmt_device_connected(struct hci_dev *hdev, struct hci_conn *conn,
8464 u32 flags, u8 *name, u8 name_len)
8467 struct mgmt_ev_device_connected *ev = (void *) buf;
8470 bacpy(&ev->addr.bdaddr, &conn->dst);
8471 ev->addr.type = link_to_bdaddr(conn->type, conn->dst_type);
8473 ev->flags = __cpu_to_le32(flags);
8475 /* We must ensure that the EIR Data fields are ordered and
8476 * unique. Keep it simple for now and avoid the problem by not
8477 * adding any BR/EDR data to the LE adv.
8479 if (conn->le_adv_data_len > 0) {
8480 memcpy(&ev->eir[eir_len],
8481 conn->le_adv_data, conn->le_adv_data_len);
8482 eir_len = conn->le_adv_data_len;
8485 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE,
8488 if (memcmp(conn->dev_class, "\0\0\0", 3) != 0)
8489 eir_len = eir_append_data(ev->eir, eir_len,
8491 conn->dev_class, 3);
8494 ev->eir_len = cpu_to_le16(eir_len);
8496 mgmt_event(MGMT_EV_DEVICE_CONNECTED, hdev, buf,
8497 sizeof(*ev) + eir_len, NULL);
8500 #ifdef CONFIG_TIZEN_WIP
8501 /* BEGIN TIZEN_Bluetooth :: name update changes */
8502 int mgmt_device_name_update(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 *name,
8506 struct mgmt_ev_device_name_update *ev = (void *) buf;
8512 bacpy(&ev->addr.bdaddr, bdaddr);
8513 ev->addr.type = BDADDR_BREDR;
8515 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE, name,
8518 ev->eir_len = cpu_to_le16(eir_len);
8520 return mgmt_event(MGMT_EV_DEVICE_NAME_UPDATE, hdev, buf,
8521 sizeof(*ev) + eir_len, NULL);
8523 /* END TIZEN_Bluetooth :: name update changes */
8526 static void disconnect_rsp(struct pending_cmd *cmd, void *data)
8528 struct sock **sk = data;
8530 cmd->cmd_complete(cmd, 0);
8535 mgmt_pending_remove(cmd);
8538 static void unpair_device_rsp(struct pending_cmd *cmd, void *data)
8540 struct hci_dev *hdev = data;
8541 struct mgmt_cp_unpair_device *cp = cmd->param;
8543 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, cmd->sk);
8545 cmd->cmd_complete(cmd, 0);
8546 mgmt_pending_remove(cmd);
8549 bool mgmt_powering_down(struct hci_dev *hdev)
8551 struct pending_cmd *cmd;
8552 struct mgmt_mode *cp;
8554 cmd = mgmt_pending_find(MGMT_OP_SET_POWERED, hdev);
8565 void mgmt_device_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr,
8566 u8 link_type, u8 addr_type, u8 reason,
8567 bool mgmt_connected)
8569 struct mgmt_ev_device_disconnected ev;
8570 struct sock *sk = NULL;
8572 /* The connection is still in hci_conn_hash so test for 1
8573 * instead of 0 to know if this is the last one.
8575 if (mgmt_powering_down(hdev) && hci_conn_count(hdev) == 1) {
8576 cancel_delayed_work(&hdev->power_off);
8577 queue_work(hdev->req_workqueue, &hdev->power_off.work);
8580 if (!mgmt_connected)
8583 if (link_type != ACL_LINK && link_type != LE_LINK)
8586 mgmt_pending_foreach(MGMT_OP_DISCONNECT, hdev, disconnect_rsp, &sk);
8588 bacpy(&ev.addr.bdaddr, bdaddr);
8589 ev.addr.type = link_to_bdaddr(link_type, addr_type);
8592 mgmt_event(MGMT_EV_DEVICE_DISCONNECTED, hdev, &ev, sizeof(ev), sk);
8597 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
8601 void mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr,
8602 u8 link_type, u8 addr_type, u8 status)
8604 u8 bdaddr_type = link_to_bdaddr(link_type, addr_type);
8605 struct mgmt_cp_disconnect *cp;
8606 struct pending_cmd *cmd;
8608 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
8611 cmd = mgmt_pending_find(MGMT_OP_DISCONNECT, hdev);
8617 if (bacmp(bdaddr, &cp->addr.bdaddr))
8620 if (cp->addr.type != bdaddr_type)
8623 cmd->cmd_complete(cmd, mgmt_status(status));
8624 mgmt_pending_remove(cmd);
8627 void mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
8628 u8 addr_type, u8 status)
8630 struct mgmt_ev_connect_failed ev;
8632 /* The connection is still in hci_conn_hash so test for 1
8633 * instead of 0 to know if this is the last one.
8635 if (mgmt_powering_down(hdev) && hci_conn_count(hdev) == 1) {
8636 cancel_delayed_work(&hdev->power_off);
8637 queue_work(hdev->req_workqueue, &hdev->power_off.work);
8640 bacpy(&ev.addr.bdaddr, bdaddr);
8641 ev.addr.type = link_to_bdaddr(link_type, addr_type);
8642 ev.status = mgmt_status(status);
8644 mgmt_event(MGMT_EV_CONNECT_FAILED, hdev, &ev, sizeof(ev), NULL);
8646 #ifdef CONFIG_TIZEN_WIP
8647 void mgmt_hardware_error(struct hci_dev *hdev, u8 err_code)
8649 struct mgmt_ev_hardware_error ev;
8651 ev.error_code = err_code;
8652 mgmt_event(MGMT_EV_HARDWARE_ERROR, hdev, &ev, sizeof(ev), NULL);
8655 void mgmt_tx_timeout_error(struct hci_dev *hdev)
8657 mgmt_event(MGMT_EV_TX_TIMEOUT_ERROR, hdev, NULL, 0, NULL);
8661 void mgmt_pin_code_request(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 secure)
8663 struct mgmt_ev_pin_code_request ev;
8665 bacpy(&ev.addr.bdaddr, bdaddr);
8666 ev.addr.type = BDADDR_BREDR;
8669 mgmt_event(MGMT_EV_PIN_CODE_REQUEST, hdev, &ev, sizeof(ev), NULL);
8672 void mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
8675 struct pending_cmd *cmd;
8677 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_REPLY, hdev);
8681 cmd->cmd_complete(cmd, mgmt_status(status));
8682 mgmt_pending_remove(cmd);
8685 void mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
8688 struct pending_cmd *cmd;
8690 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, hdev);
8694 cmd->cmd_complete(cmd, mgmt_status(status));
8695 mgmt_pending_remove(cmd);
8698 int mgmt_user_confirm_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
8699 u8 link_type, u8 addr_type, u32 value,
8702 struct mgmt_ev_user_confirm_request ev;
8704 BT_DBG("%s", hdev->name);
8706 bacpy(&ev.addr.bdaddr, bdaddr);
8707 ev.addr.type = link_to_bdaddr(link_type, addr_type);
8708 ev.confirm_hint = confirm_hint;
8709 ev.value = cpu_to_le32(value);
8711 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, hdev, &ev, sizeof(ev),
8715 int mgmt_user_passkey_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
8716 u8 link_type, u8 addr_type)
8718 struct mgmt_ev_user_passkey_request ev;
8720 BT_DBG("%s", hdev->name);
8722 bacpy(&ev.addr.bdaddr, bdaddr);
8723 ev.addr.type = link_to_bdaddr(link_type, addr_type);
8725 return mgmt_event(MGMT_EV_USER_PASSKEY_REQUEST, hdev, &ev, sizeof(ev),
8729 static int user_pairing_resp_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
8730 u8 link_type, u8 addr_type, u8 status,
8733 struct pending_cmd *cmd;
8735 cmd = mgmt_pending_find(opcode, hdev);
8739 cmd->cmd_complete(cmd, mgmt_status(status));
8740 mgmt_pending_remove(cmd);
8745 int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
8746 u8 link_type, u8 addr_type, u8 status)
8748 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
8749 status, MGMT_OP_USER_CONFIRM_REPLY);
8752 int mgmt_user_confirm_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
8753 u8 link_type, u8 addr_type, u8 status)
8755 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
8757 MGMT_OP_USER_CONFIRM_NEG_REPLY);
8760 int mgmt_user_passkey_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
8761 u8 link_type, u8 addr_type, u8 status)
8763 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
8764 status, MGMT_OP_USER_PASSKEY_REPLY);
8767 int mgmt_user_passkey_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
8768 u8 link_type, u8 addr_type, u8 status)
8770 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
8772 MGMT_OP_USER_PASSKEY_NEG_REPLY);
8775 int mgmt_user_passkey_notify(struct hci_dev *hdev, bdaddr_t *bdaddr,
8776 u8 link_type, u8 addr_type, u32 passkey,
8779 struct mgmt_ev_passkey_notify ev;
8781 BT_DBG("%s", hdev->name);
8783 bacpy(&ev.addr.bdaddr, bdaddr);
8784 ev.addr.type = link_to_bdaddr(link_type, addr_type);
8785 ev.passkey = __cpu_to_le32(passkey);
8786 ev.entered = entered;
8788 return mgmt_event(MGMT_EV_PASSKEY_NOTIFY, hdev, &ev, sizeof(ev), NULL);
8791 void mgmt_auth_failed(struct hci_conn *conn, u8 hci_status)
8793 struct mgmt_ev_auth_failed ev;
8794 struct pending_cmd *cmd;
8795 u8 status = mgmt_status(hci_status);
8797 bacpy(&ev.addr.bdaddr, &conn->dst);
8798 ev.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
8801 cmd = find_pairing(conn);
8803 mgmt_event(MGMT_EV_AUTH_FAILED, conn->hdev, &ev, sizeof(ev),
8804 cmd ? cmd->sk : NULL);
8807 cmd->cmd_complete(cmd, status);
8808 mgmt_pending_remove(cmd);
8812 void mgmt_auth_enable_complete(struct hci_dev *hdev, u8 status)
8814 struct cmd_lookup match = { NULL, hdev };
8818 u8 mgmt_err = mgmt_status(status);
8819 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev,
8820 cmd_status_rsp, &mgmt_err);
8824 if (test_bit(HCI_AUTH, &hdev->flags))
8825 changed = !test_and_set_bit(HCI_LINK_SECURITY,
8828 changed = test_and_clear_bit(HCI_LINK_SECURITY,
8831 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev, settings_rsp,
8835 new_settings(hdev, match.sk);
8841 static void clear_eir(struct hci_request *req)
8843 struct hci_dev *hdev = req->hdev;
8844 struct hci_cp_write_eir cp;
8846 if (!lmp_ext_inq_capable(hdev))
8849 memset(hdev->eir, 0, sizeof(hdev->eir));
8851 memset(&cp, 0, sizeof(cp));
8853 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
8856 void mgmt_ssp_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
8858 struct cmd_lookup match = { NULL, hdev };
8859 struct hci_request req;
8860 bool changed = false;
8863 u8 mgmt_err = mgmt_status(status);
8865 if (enable && test_and_clear_bit(HCI_SSP_ENABLED,
8866 &hdev->dev_flags)) {
8867 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
8868 new_settings(hdev, NULL);
8871 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, cmd_status_rsp,
8877 changed = !test_and_set_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
8879 changed = test_and_clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
8881 changed = test_and_clear_bit(HCI_HS_ENABLED,
8884 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
8887 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, settings_rsp, &match);
8890 new_settings(hdev, match.sk);
8895 hci_req_init(&req, hdev);
8897 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
8898 if (test_bit(HCI_USE_DEBUG_KEYS, &hdev->dev_flags))
8899 hci_req_add(&req, HCI_OP_WRITE_SSP_DEBUG_MODE,
8900 sizeof(enable), &enable);
8906 hci_req_run(&req, NULL);
8909 static void sk_lookup(struct pending_cmd *cmd, void *data)
8911 struct cmd_lookup *match = data;
8913 if (match->sk == NULL) {
8914 match->sk = cmd->sk;
8915 sock_hold(match->sk);
8919 void mgmt_set_class_of_dev_complete(struct hci_dev *hdev, u8 *dev_class,
8922 struct cmd_lookup match = { NULL, hdev, mgmt_status(status) };
8924 mgmt_pending_foreach(MGMT_OP_SET_DEV_CLASS, hdev, sk_lookup, &match);
8925 mgmt_pending_foreach(MGMT_OP_ADD_UUID, hdev, sk_lookup, &match);
8926 mgmt_pending_foreach(MGMT_OP_REMOVE_UUID, hdev, sk_lookup, &match);
8929 mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev, dev_class, 3,
8936 void mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status)
8938 struct mgmt_cp_set_local_name ev;
8939 struct pending_cmd *cmd;
8944 memset(&ev, 0, sizeof(ev));
8945 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
8946 memcpy(ev.short_name, hdev->short_name, HCI_MAX_SHORT_NAME_LENGTH);
8948 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
8950 memcpy(hdev->dev_name, name, sizeof(hdev->dev_name));
8952 /* If this is a HCI command related to powering on the
8953 * HCI dev don't send any mgmt signals.
8955 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev))
8959 mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, &ev, sizeof(ev),
8960 cmd ? cmd->sk : NULL);
8963 void mgmt_read_local_oob_data_complete(struct hci_dev *hdev, u8 *hash192,
8964 u8 *rand192, u8 *hash256, u8 *rand256,
8967 struct pending_cmd *cmd;
8969 BT_DBG("%s status %u", hdev->name, status);
8971 cmd = mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev);
8976 cmd_status(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
8977 mgmt_status(status));
8979 if (bredr_sc_enabled(hdev) && hash256 && rand256) {
8980 struct mgmt_rp_read_local_oob_ext_data rp;
8982 memcpy(rp.hash192, hash192, sizeof(rp.hash192));
8983 memcpy(rp.rand192, rand192, sizeof(rp.rand192));
8985 memcpy(rp.hash256, hash256, sizeof(rp.hash256));
8986 memcpy(rp.rand256, rand256, sizeof(rp.rand256));
8988 cmd_complete(cmd->sk, hdev->id,
8989 MGMT_OP_READ_LOCAL_OOB_DATA, 0,
8992 struct mgmt_rp_read_local_oob_data rp;
8994 memcpy(rp.hash, hash192, sizeof(rp.hash));
8995 memcpy(rp.rand, rand192, sizeof(rp.rand));
8997 cmd_complete(cmd->sk, hdev->id,
8998 MGMT_OP_READ_LOCAL_OOB_DATA, 0,
9003 mgmt_pending_remove(cmd);
9006 static inline bool has_uuid(u8 *uuid, u16 uuid_count, u8 (*uuids)[16])
9010 for (i = 0; i < uuid_count; i++) {
9011 if (!memcmp(uuid, uuids[i], 16))
9018 static bool eir_has_uuids(u8 *eir, u16 eir_len, u16 uuid_count, u8 (*uuids)[16])
9022 while (parsed < eir_len) {
9023 u8 field_len = eir[0];
9030 if (eir_len - parsed < field_len + 1)
9034 case EIR_UUID16_ALL:
9035 case EIR_UUID16_SOME:
9036 for (i = 0; i + 3 <= field_len; i += 2) {
9037 memcpy(uuid, bluetooth_base_uuid, 16);
9038 uuid[13] = eir[i + 3];
9039 uuid[12] = eir[i + 2];
9040 if (has_uuid(uuid, uuid_count, uuids))
9044 case EIR_UUID32_ALL:
9045 case EIR_UUID32_SOME:
9046 for (i = 0; i + 5 <= field_len; i += 4) {
9047 memcpy(uuid, bluetooth_base_uuid, 16);
9048 uuid[15] = eir[i + 5];
9049 uuid[14] = eir[i + 4];
9050 uuid[13] = eir[i + 3];
9051 uuid[12] = eir[i + 2];
9052 if (has_uuid(uuid, uuid_count, uuids))
9056 case EIR_UUID128_ALL:
9057 case EIR_UUID128_SOME:
9058 for (i = 0; i + 17 <= field_len; i += 16) {
9059 memcpy(uuid, eir + i + 2, 16);
9060 if (has_uuid(uuid, uuid_count, uuids))
9066 parsed += field_len + 1;
9067 eir += field_len + 1;
9073 void mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
9074 u8 addr_type, u8 *dev_class, s8 rssi, u32 flags,
9075 u8 *eir, u16 eir_len, u8 *scan_rsp, u8 scan_rsp_len)
9078 struct mgmt_ev_device_found *ev = (void *) buf;
9082 /* Don't send events for a non-kernel initiated discovery. With
9083 * LE one exception is if we have pend_le_reports > 0 in which
9084 * case we're doing passive scanning and want these events.
9086 if (!hci_discovery_active(hdev)) {
9087 if (link_type == ACL_LINK)
9089 if (link_type == LE_LINK && list_empty(&hdev->pend_le_reports))
9093 /* When using service discovery with a RSSI threshold, then check
9094 * if such a RSSI threshold is specified. If a RSSI threshold has
9095 * been specified, then all results with a RSSI smaller than the
9096 * RSSI threshold will be dropped.
9098 * For BR/EDR devices (pre 1.2) providing no RSSI during inquiry,
9099 * the results are also dropped.
9101 if (hdev->discovery.rssi != HCI_RSSI_INVALID &&
9102 (rssi < hdev->discovery.rssi || rssi == HCI_RSSI_INVALID))
9105 /* Make sure that the buffer is big enough. The 5 extra bytes
9106 * are for the potential CoD field.
9108 if (sizeof(*ev) + eir_len + scan_rsp_len + 5 > sizeof(buf))
9111 memset(buf, 0, sizeof(buf));
9113 /* In case of device discovery with BR/EDR devices (pre 1.2), the
9114 * RSSI value was reported as 0 when not available. This behavior
9115 * is kept when using device discovery. This is required for full
9116 * backwards compatibility with the API.
9118 * However when using service discovery, the value 127 will be
9119 * returned when the RSSI is not available.
9121 if (rssi == HCI_RSSI_INVALID && !hdev->discovery.report_invalid_rssi &&
9122 link_type == ACL_LINK)
9125 bacpy(&ev->addr.bdaddr, bdaddr);
9126 ev->addr.type = link_to_bdaddr(link_type, addr_type);
9128 ev->flags = cpu_to_le32(flags);
9131 /* When using service discovery and a list of UUID is
9132 * provided, results with no matching UUID should be
9133 * dropped. In case there is a match the result is
9134 * kept and checking possible scan response data
9137 if (hdev->discovery.uuid_count > 0)
9138 match = eir_has_uuids(eir, eir_len,
9139 hdev->discovery.uuid_count,
9140 hdev->discovery.uuids);
9144 if (!match && !scan_rsp_len)
9147 /* Copy EIR or advertising data into event */
9148 memcpy(ev->eir, eir, eir_len);
9150 /* When using service discovery and a list of UUID is
9151 * provided, results with empty EIR or advertising data
9152 * should be dropped since they do not match any UUID.
9154 if (hdev->discovery.uuid_count > 0 && !scan_rsp_len)
9160 if (dev_class && !eir_has_data_type(ev->eir, eir_len, EIR_CLASS_OF_DEV))
9161 eir_len = eir_append_data(ev->eir, eir_len, EIR_CLASS_OF_DEV,
9164 if (scan_rsp_len > 0) {
9165 /* When using service discovery and a list of UUID is
9166 * provided, results with no matching UUID should be
9167 * dropped if there is no previous match from the
9170 if (hdev->discovery.uuid_count > 0) {
9171 if (!match && !eir_has_uuids(scan_rsp, scan_rsp_len,
9172 hdev->discovery.uuid_count,
9173 hdev->discovery.uuids))
9177 /* Append scan response data to event */
9178 memcpy(ev->eir + eir_len, scan_rsp, scan_rsp_len);
9180 /* When using service discovery and a list of UUID is
9181 * provided, results with empty scan response and no
9182 * previous matched advertising data should be dropped.
9184 if (hdev->discovery.uuid_count > 0 && !match)
9188 ev->eir_len = cpu_to_le16(eir_len + scan_rsp_len);
9189 ev_size = sizeof(*ev) + eir_len + scan_rsp_len;
9191 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, ev_size, NULL);
9194 #ifdef CONFIG_TIZEN_WIP /* TIZEN_Bluetooth :: Pass adv type */
9195 void mgmt_le_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
9196 u8 addr_type, u8 *dev_class, s8 rssi, u32 flags,
9197 u8 *eir, u16 eir_len, u8 *scan_rsp, u8 scan_rsp_len, u8 adv_type)
9200 struct mgmt_ev_le_device_found *ev = (void *) buf;
9203 if (!hci_discovery_active(hdev) && !hci_le_discovery_active(hdev))
9206 /* Make sure that the buffer is big enough. The 5 extra bytes
9207 * are for the potential CoD field.
9209 if (sizeof(*ev) + eir_len + scan_rsp_len + 5 > sizeof(buf))
9212 memset(buf, 0, sizeof(buf));
9214 bacpy(&ev->addr.bdaddr, bdaddr);
9215 ev->addr.type = link_to_bdaddr(link_type, addr_type);
9217 ev->flags = cpu_to_le32(flags);
9218 ev->adv_type = adv_type;
9221 memcpy(ev->eir, eir, eir_len);
9223 if (dev_class && !eir_has_data_type(ev->eir, eir_len, EIR_CLASS_OF_DEV))
9224 eir_len = eir_append_data(ev->eir, eir_len, EIR_CLASS_OF_DEV,
9227 if (scan_rsp_len > 0)
9228 memcpy(ev->eir + eir_len, scan_rsp, scan_rsp_len);
9230 ev->eir_len = cpu_to_le16(eir_len + scan_rsp_len);
9231 ev_size = sizeof(*ev) + eir_len + scan_rsp_len;
9233 mgmt_event(MGMT_EV_LE_DEVICE_FOUND, hdev, ev, ev_size, NULL);
9237 void mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
9238 u8 addr_type, s8 rssi, u8 *name, u8 name_len)
9240 struct mgmt_ev_device_found *ev;
9241 char buf[sizeof(*ev) + HCI_MAX_NAME_LENGTH + 2];
9244 ev = (struct mgmt_ev_device_found *) buf;
9246 memset(buf, 0, sizeof(buf));
9248 bacpy(&ev->addr.bdaddr, bdaddr);
9249 ev->addr.type = link_to_bdaddr(link_type, addr_type);
9252 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE, name,
9255 ev->eir_len = cpu_to_le16(eir_len);
9257 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, sizeof(*ev) + eir_len, NULL);
9260 void mgmt_discovering(struct hci_dev *hdev, u8 discovering)
9262 struct mgmt_ev_discovering ev;
9264 BT_DBG("%s discovering %u", hdev->name, discovering);
9266 memset(&ev, 0, sizeof(ev));
9267 ev.type = hdev->discovery.type;
9268 ev.discovering = discovering;
9270 mgmt_event(MGMT_EV_DISCOVERING, hdev, &ev, sizeof(ev), NULL);
9273 #ifdef CONFIG_TIZEN_WIP
9274 /* BEGIN TIZEN_Bluetooth :: Seperate LE discovery */
9275 void mgmt_le_discovering(struct hci_dev *hdev, u8 discovering)
9277 struct mgmt_ev_discovering ev;
9278 struct pending_cmd *cmd;
9280 BT_DBG("%s le discovering %u", hdev->name, discovering);
9283 cmd = mgmt_pending_find(MGMT_OP_START_LE_DISCOVERY, hdev);
9285 cmd = mgmt_pending_find(MGMT_OP_STOP_LE_DISCOVERY, hdev);
9288 u8 type = hdev->le_discovery.type;
9290 cmd_complete(cmd->sk, hdev->id, cmd->opcode, 0, &type,
9292 mgmt_pending_remove(cmd);
9295 memset(&ev, 0, sizeof(ev));
9296 ev.type = hdev->le_discovery.type;
9297 ev.discovering = discovering;
9299 mgmt_event(MGMT_EV_DISCOVERING, hdev, &ev, sizeof(ev), NULL);
9301 /* END TIZEN_Bluetooth */
9304 static void adv_enable_complete(struct hci_dev *hdev, u8 status, u16 opcode)
9306 BT_DBG("%s status %u", hdev->name, status);
9309 void mgmt_reenable_advertising(struct hci_dev *hdev)
9311 struct hci_request req;
9313 if (!test_bit(HCI_ADVERTISING, &hdev->dev_flags))
9316 hci_req_init(&req, hdev);
9317 enable_advertising(&req);
9318 hci_req_run(&req, adv_enable_complete);