Pileus Git - ~andy/linux/blob - net/bluetooth/mgmt.c

   1 /*
   2    BlueZ - Bluetooth protocol stack for Linux
   3    Copyright (C) 2010  Nokia Corporation
   4
   5    This program is free software; you can redistribute it and/or modify
   6    it under the terms of the GNU General Public License version 2 as
   7    published by the Free Software Foundation;
   8
   9    THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
  10    OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
  11    FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
  12    IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
  13    CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
  14    WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
  15    ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
  16    OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  17
  18    ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
  19    COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
  20    SOFTWARE IS DISCLAIMED.
  21 */
  22
  23 /* Bluetooth HCI Management interface */
  24
  25 #include <linux/kernel.h>
  26 #include <linux/uaccess.h>
  27 #include <asm/unaligned.h>
  28
  29 #include <net/bluetooth/bluetooth.h>
  30 #include <net/bluetooth/hci_core.h>
  31 #include <net/bluetooth/mgmt.h>
  32
  33 #define MGMT_VERSION    0
  34 #define MGMT_REVISION   1
  35
  36 #define INQUIRY_LEN_BREDR 0x08 /* TGAP(100) */
  37
  38 struct pending_cmd {
  39         struct list_head list;
  40         u16 opcode;
  41         int index;
  42         void *param;
  43         struct sock *sk;
  44         void *user_data;
  45 };
  46
  47 /* HCI to MGMT error code conversion table */
  48 static u8 mgmt_status_table[] = {
  49         MGMT_STATUS_SUCCESS,
  50         MGMT_STATUS_UNKNOWN_COMMAND,    /* Unknown Command */
  51         MGMT_STATUS_NOT_CONNECTED,      /* No Connection */
  52         MGMT_STATUS_FAILED,             /* Hardware Failure */
  53         MGMT_STATUS_CONNECT_FAILED,     /* Page Timeout */
  54         MGMT_STATUS_AUTH_FAILED,        /* Authentication Failed */
  55         MGMT_STATUS_NOT_PAIRED,         /* PIN or Key Missing */
  56         MGMT_STATUS_NO_RESOURCES,       /* Memory Full */
  57         MGMT_STATUS_TIMEOUT,            /* Connection Timeout */
  58         MGMT_STATUS_NO_RESOURCES,       /* Max Number of Connections */
  59         MGMT_STATUS_NO_RESOURCES,       /* Max Number of SCO Connections */
  60         MGMT_STATUS_ALREADY_CONNECTED,  /* ACL Connection Exists */
  61         MGMT_STATUS_BUSY,               /* Command Disallowed */
  62         MGMT_STATUS_NO_RESOURCES,       /* Rejected Limited Resources */
  63         MGMT_STATUS_REJECTED,           /* Rejected Security */
  64         MGMT_STATUS_REJECTED,           /* Rejected Personal */
  65         MGMT_STATUS_TIMEOUT,            /* Host Timeout */
  66         MGMT_STATUS_NOT_SUPPORTED,      /* Unsupported Feature */
  67         MGMT_STATUS_INVALID_PARAMS,     /* Invalid Parameters */
  68         MGMT_STATUS_DISCONNECTED,       /* OE User Ended Connection */
  69         MGMT_STATUS_NO_RESOURCES,       /* OE Low Resources */
  70         MGMT_STATUS_DISCONNECTED,       /* OE Power Off */
  71         MGMT_STATUS_DISCONNECTED,       /* Connection Terminated */
  72         MGMT_STATUS_BUSY,               /* Repeated Attempts */
  73         MGMT_STATUS_REJECTED,           /* Pairing Not Allowed */
  74         MGMT_STATUS_FAILED,             /* Unknown LMP PDU */
  75         MGMT_STATUS_NOT_SUPPORTED,      /* Unsupported Remote Feature */
  76         MGMT_STATUS_REJECTED,           /* SCO Offset Rejected */
  77         MGMT_STATUS_REJECTED,           /* SCO Interval Rejected */
  78         MGMT_STATUS_REJECTED,           /* Air Mode Rejected */
  79         MGMT_STATUS_INVALID_PARAMS,     /* Invalid LMP Parameters */
  80         MGMT_STATUS_FAILED,             /* Unspecified Error */
  81         MGMT_STATUS_NOT_SUPPORTED,      /* Unsupported LMP Parameter Value */
  82         MGMT_STATUS_FAILED,             /* Role Change Not Allowed */
  83         MGMT_STATUS_TIMEOUT,            /* LMP Response Timeout */
  84         MGMT_STATUS_FAILED,             /* LMP Error Transaction Collision */
  85         MGMT_STATUS_FAILED,             /* LMP PDU Not Allowed */
  86         MGMT_STATUS_REJECTED,           /* Encryption Mode Not Accepted */
  87         MGMT_STATUS_FAILED,             /* Unit Link Key Used */
  88         MGMT_STATUS_NOT_SUPPORTED,      /* QoS Not Supported */
  89         MGMT_STATUS_TIMEOUT,            /* Instant Passed */
  90         MGMT_STATUS_NOT_SUPPORTED,      /* Pairing Not Supported */
  91         MGMT_STATUS_FAILED,             /* Transaction Collision */
  92         MGMT_STATUS_INVALID_PARAMS,     /* Unacceptable Parameter */
  93         MGMT_STATUS_REJECTED,           /* QoS Rejected */
  94         MGMT_STATUS_NOT_SUPPORTED,      /* Classification Not Supported */
  95         MGMT_STATUS_REJECTED,           /* Insufficient Security */
  96         MGMT_STATUS_INVALID_PARAMS,     /* Parameter Out Of Range */
  97         MGMT_STATUS_BUSY,               /* Role Switch Pending */
  98         MGMT_STATUS_FAILED,             /* Slot Violation */
  99         MGMT_STATUS_FAILED,             /* Role Switch Failed */
 100         MGMT_STATUS_INVALID_PARAMS,     /* EIR Too Large */
 101         MGMT_STATUS_NOT_SUPPORTED,      /* Simple Pairing Not Supported */
 102         MGMT_STATUS_BUSY,               /* Host Busy Pairing */
 103         MGMT_STATUS_REJECTED,           /* Rejected, No Suitable Channel */
 104         MGMT_STATUS_BUSY,               /* Controller Busy */
 105         MGMT_STATUS_INVALID_PARAMS,     /* Unsuitable Connection Interval */
 106         MGMT_STATUS_TIMEOUT,            /* Directed Advertising Timeout */
 107         MGMT_STATUS_AUTH_FAILED,        /* Terminated Due to MIC Failure */
 108         MGMT_STATUS_CONNECT_FAILED,     /* Connection Establishment Failed */
 109         MGMT_STATUS_CONNECT_FAILED,     /* MAC Connection Failed */
 110 };
 111
 112 static u8 mgmt_status(u8 hci_status)
 113 {
 114         if (hci_status < ARRAY_SIZE(mgmt_status_table))
 115                 return mgmt_status_table[hci_status];
 116
 117         return MGMT_STATUS_FAILED;
 118 }
 119
 120 static int cmd_status(struct sock *sk, u16 index, u16 cmd, u8 status)
 121 {
 122         struct sk_buff *skb;
 123         struct mgmt_hdr *hdr;
 124         struct mgmt_ev_cmd_status *ev;
 125         int err;
 126
 127         BT_DBG("sock %p, index %u, cmd %u, status %u", sk, index, cmd, status);
 128
 129         skb = alloc_skb(sizeof(*hdr) + sizeof(*ev), GFP_ATOMIC);
 130         if (!skb)
 131                 return -ENOMEM;
 132
 133         hdr = (void *) skb_put(skb, sizeof(*hdr));
 134
 135         hdr->opcode = cpu_to_le16(MGMT_EV_CMD_STATUS);
 136         hdr->index = cpu_to_le16(index);
 137         hdr->len = cpu_to_le16(sizeof(*ev));
 138
 139         ev = (void *) skb_put(skb, sizeof(*ev));
 140         ev->status = status;
 141         put_unaligned_le16(cmd, &ev->opcode);
 142
 143         err = sock_queue_rcv_skb(sk, skb);
 144         if (err < 0)
 145                 kfree_skb(skb);
 146
 147         return err;
 148 }
 149
 150 static int cmd_complete(struct sock *sk, u16 index, u16 cmd, void *rp,
 151                                                                 size_t rp_len)
 152 {
 153         struct sk_buff *skb;
 154         struct mgmt_hdr *hdr;
 155         struct mgmt_ev_cmd_complete *ev;
 156         int err;
 157
 158         BT_DBG("sock %p", sk);
 159
 160         skb = alloc_skb(sizeof(*hdr) + sizeof(*ev) + rp_len, GFP_ATOMIC);
 161         if (!skb)
 162                 return -ENOMEM;
 163
 164         hdr = (void *) skb_put(skb, sizeof(*hdr));
 165
 166         hdr->opcode = cpu_to_le16(MGMT_EV_CMD_COMPLETE);
 167         hdr->index = cpu_to_le16(index);
 168         hdr->len = cpu_to_le16(sizeof(*ev) + rp_len);
 169
 170         ev = (void *) skb_put(skb, sizeof(*ev) + rp_len);
 171         put_unaligned_le16(cmd, &ev->opcode);
 172
 173         if (rp)
 174                 memcpy(ev->data, rp, rp_len);
 175
 176         err = sock_queue_rcv_skb(sk, skb);
 177         if (err < 0)
 178                 kfree_skb(skb);
 179
 180         return err;;
 181 }
 182
 183 static int read_version(struct sock *sk)
 184 {
 185         struct mgmt_rp_read_version rp;
 186
 187         BT_DBG("sock %p", sk);
 188
 189         rp.version = MGMT_VERSION;
 190         put_unaligned_le16(MGMT_REVISION, &rp.revision);
 191
 192         return cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, &rp,
 193                                                                 sizeof(rp));
 194 }
 195
 196 static int read_index_list(struct sock *sk)
 197 {
 198         struct mgmt_rp_read_index_list *rp;
 199         struct list_head *p;
 200         struct hci_dev *d;
 201         size_t rp_len;
 202         u16 count;
 203         int i, err;
 204
 205         BT_DBG("sock %p", sk);
 206
 207         read_lock(&hci_dev_list_lock);
 208
 209         count = 0;
 210         list_for_each(p, &hci_dev_list) {
 211                 count++;
 212         }
 213
 214         rp_len = sizeof(*rp) + (2 * count);
 215         rp = kmalloc(rp_len, GFP_ATOMIC);
 216         if (!rp) {
 217                 read_unlock(&hci_dev_list_lock);
 218                 return -ENOMEM;
 219         }
 220
 221         put_unaligned_le16(count, &rp->num_controllers);
 222
 223         i = 0;
 224         list_for_each_entry(d, &hci_dev_list, list) {
 225                 if (test_and_clear_bit(HCI_AUTO_OFF, &d->flags))
 226                         cancel_delayed_work(&d->power_off);
 227
 228                 if (test_bit(HCI_SETUP, &d->flags))
 229                         continue;
 230
 231                 put_unaligned_le16(d->id, &rp->index[i++]);
 232                 BT_DBG("Added hci%u", d->id);
 233         }
 234
 235         read_unlock(&hci_dev_list_lock);
 236
 237         err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST, rp,
 238                                                                         rp_len);
 239
 240         kfree(rp);
 241
 242         return err;
 243 }
 244
 245 static int read_controller_info(struct sock *sk, u16 index)
 246 {
 247         struct mgmt_rp_read_info rp;
 248         struct hci_dev *hdev;
 249
 250         BT_DBG("sock %p hci%u", sk, index);
 251
 252         hdev = hci_dev_get(index);
 253         if (!hdev)
 254                 return cmd_status(sk, index, MGMT_OP_READ_INFO,
 255                                                 MGMT_STATUS_INVALID_PARAMS);
 256
 257         if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->flags))
 258                 cancel_delayed_work_sync(&hdev->power_off);
 259
 260         hci_dev_lock_bh(hdev);
 261
 262         set_bit(HCI_MGMT, &hdev->flags);
 263
 264         memset(&rp, 0, sizeof(rp));
 265
 266         rp.type = hdev->dev_type;
 267
 268         rp.powered = test_bit(HCI_UP, &hdev->flags);
 269         rp.connectable = test_bit(HCI_PSCAN, &hdev->flags);
 270         rp.discoverable = test_bit(HCI_ISCAN, &hdev->flags);
 271         rp.pairable = test_bit(HCI_PSCAN, &hdev->flags);
 272
 273         if (test_bit(HCI_AUTH, &hdev->flags))
 274                 rp.sec_mode = 3;
 275         else if (hdev->ssp_mode > 0)
 276                 rp.sec_mode = 4;
 277         else
 278                 rp.sec_mode = 2;
 279
 280         bacpy(&rp.bdaddr, &hdev->bdaddr);
 281         memcpy(rp.features, hdev->features, 8);
 282         memcpy(rp.dev_class, hdev->dev_class, 3);
 283         put_unaligned_le16(hdev->manufacturer, &rp.manufacturer);
 284         rp.hci_ver = hdev->hci_ver;
 285         put_unaligned_le16(hdev->hci_rev, &rp.hci_rev);
 286
 287         memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name));
 288
 289         hci_dev_unlock_bh(hdev);
 290         hci_dev_put(hdev);
 291
 292         return cmd_complete(sk, index, MGMT_OP_READ_INFO, &rp, sizeof(rp));
 293 }
 294
 295 static void mgmt_pending_free(struct pending_cmd *cmd)
 296 {
 297         sock_put(cmd->sk);
 298         kfree(cmd->param);
 299         kfree(cmd);
 300 }
 301
 302 static struct pending_cmd *mgmt_pending_add(struct sock *sk, u16 opcode,
 303                                                         struct hci_dev *hdev,
 304                                                         void *data, u16 len)
 305 {
 306         struct pending_cmd *cmd;
 307
 308         cmd = kmalloc(sizeof(*cmd), GFP_ATOMIC);
 309         if (!cmd)
 310                 return NULL;
 311
 312         cmd->opcode = opcode;
 313         cmd->index = hdev->id;
 314
 315         cmd->param = kmalloc(len, GFP_ATOMIC);
 316         if (!cmd->param) {
 317                 kfree(cmd);
 318                 return NULL;
 319         }
 320
 321         if (data)
 322                 memcpy(cmd->param, data, len);
 323
 324         cmd->sk = sk;
 325         sock_hold(sk);
 326
 327         list_add(&cmd->list, &hdev->mgmt_pending);
 328
 329         return cmd;
 330 }
 331
 332 static void mgmt_pending_foreach(u16 opcode, struct hci_dev *hdev,
 333                                 void (*cb)(struct pending_cmd *cmd, void *data),
 334                                 void *data)
 335 {
 336         struct list_head *p, *n;
 337
 338         list_for_each_safe(p, n, &hdev->mgmt_pending) {
 339                 struct pending_cmd *cmd;
 340
 341                 cmd = list_entry(p, struct pending_cmd, list);
 342
 343                 if (opcode > 0 && cmd->opcode != opcode)
 344                         continue;
 345
 346                 cb(cmd, data);
 347         }
 348 }
 349
 350 static struct pending_cmd *mgmt_pending_find(u16 opcode, struct hci_dev *hdev)
 351 {
 352         struct pending_cmd *cmd;
 353
 354         list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
 355                 if (cmd->opcode == opcode)
 356                         return cmd;
 357         }
 358
 359         return NULL;
 360 }
 361
 362 static void mgmt_pending_remove(struct pending_cmd *cmd)
 363 {
 364         list_del(&cmd->list);
 365         mgmt_pending_free(cmd);
 366 }
 367
 368 static int send_mode_rsp(struct sock *sk, u16 opcode, u16 index, u8 val)
 369 {
 370         struct mgmt_mode rp;
 371
 372         rp.val = val;
 373
 374         return cmd_complete(sk, index, opcode, &rp, sizeof(rp));
 375 }
 376
 377 static int set_powered(struct sock *sk, u16 index, unsigned char *data, u16 len)
 378 {
 379         struct mgmt_mode *cp;
 380         struct hci_dev *hdev;
 381         struct pending_cmd *cmd;
 382         int err, up;
 383
 384         cp = (void *) data;
 385
 386         BT_DBG("request for hci%u", index);
 387
 388         if (len != sizeof(*cp))
 389                 return cmd_status(sk, index, MGMT_OP_SET_POWERED,
 390                                                 MGMT_STATUS_INVALID_PARAMS);
 391
 392         hdev = hci_dev_get(index);
 393         if (!hdev)
 394                 return cmd_status(sk, index, MGMT_OP_SET_POWERED,
 395                                                 MGMT_STATUS_INVALID_PARAMS);
 396
 397         hci_dev_lock_bh(hdev);
 398
 399         up = test_bit(HCI_UP, &hdev->flags);
 400         if ((cp->val && up) || (!cp->val && !up)) {
 401                 err = send_mode_rsp(sk, index, MGMT_OP_SET_POWERED, cp->val);
 402                 goto failed;
 403         }
 404
 405         if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev)) {
 406                 err = cmd_status(sk, index, MGMT_OP_SET_POWERED,
 407                                                         MGMT_STATUS_BUSY);
 408                 goto failed;
 409         }
 410
 411         cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev, data, len);
 412         if (!cmd) {
 413                 err = -ENOMEM;
 414                 goto failed;
 415         }
 416
 417         if (cp->val)
 418                 queue_work(hdev->workqueue, &hdev->power_on);
 419         else
 420                 queue_work(hdev->workqueue, &hdev->power_off.work);
 421
 422         err = 0;
 423
 424 failed:
 425         hci_dev_unlock_bh(hdev);
 426         hci_dev_put(hdev);
 427         return err;
 428 }
 429
 430 static int set_discoverable(struct sock *sk, u16 index, unsigned char *data,
 431                                                                         u16 len)
 432 {
 433         struct mgmt_cp_set_discoverable *cp;
 434         struct hci_dev *hdev;
 435         struct pending_cmd *cmd;
 436         u8 scan;
 437         int err;
 438
 439         cp = (void *) data;
 440
 441         BT_DBG("request for hci%u", index);
 442
 443         if (len != sizeof(*cp))
 444                 return cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE,
 445                                                 MGMT_STATUS_INVALID_PARAMS);
 446
 447         hdev = hci_dev_get(index);
 448         if (!hdev)
 449                 return cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE,
 450                                                 MGMT_STATUS_INVALID_PARAMS);
 451
 452         hci_dev_lock_bh(hdev);
 453
 454         if (!test_bit(HCI_UP, &hdev->flags)) {
 455                 err = cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE,
 456                                                 MGMT_STATUS_NOT_POWERED);
 457                 goto failed;
 458         }
 459
 460         if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
 461                         mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
 462                 err = cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE,
 463                                                         MGMT_STATUS_BUSY);
 464                 goto failed;
 465         }
 466
 467         if (cp->val == test_bit(HCI_ISCAN, &hdev->flags) &&
 468                                         test_bit(HCI_PSCAN, &hdev->flags)) {
 469                 err = send_mode_rsp(sk, index, MGMT_OP_SET_DISCOVERABLE,
 470                                                                 cp->val);
 471                 goto failed;
 472         }
 473
 474         cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, hdev, data, len);
 475         if (!cmd) {
 476                 err = -ENOMEM;
 477                 goto failed;
 478         }
 479
 480         scan = SCAN_PAGE;
 481
 482         if (cp->val)
 483                 scan |= SCAN_INQUIRY;
 484         else
 485                 cancel_delayed_work(&hdev->discov_off);
 486
 487         err = hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
 488         if (err < 0)
 489                 mgmt_pending_remove(cmd);
 490
 491         if (cp->val)
 492                 hdev->discov_timeout = get_unaligned_le16(&cp->timeout);
 493
 494 failed:
 495         hci_dev_unlock_bh(hdev);
 496         hci_dev_put(hdev);
 497
 498         return err;
 499 }
 500
 501 static int set_connectable(struct sock *sk, u16 index, unsigned char *data,
 502                                                                         u16 len)
 503 {
 504         struct mgmt_mode *cp;
 505         struct hci_dev *hdev;
 506         struct pending_cmd *cmd;
 507         u8 scan;
 508         int err;
 509
 510         cp = (void *) data;
 511
 512         BT_DBG("request for hci%u", index);
 513
 514         if (len != sizeof(*cp))
 515                 return cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE,
 516                                                 MGMT_STATUS_INVALID_PARAMS);
 517
 518         hdev = hci_dev_get(index);
 519         if (!hdev)
 520                 return cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE,
 521                                                 MGMT_STATUS_INVALID_PARAMS);
 522
 523         hci_dev_lock_bh(hdev);
 524
 525         if (!test_bit(HCI_UP, &hdev->flags)) {
 526                 err = cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE,
 527                                                 MGMT_STATUS_NOT_POWERED);
 528                 goto failed;
 529         }
 530
 531         if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
 532                         mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
 533                 err = cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE,
 534                                                         MGMT_STATUS_BUSY);
 535                 goto failed;
 536         }
 537
 538         if (cp->val == test_bit(HCI_PSCAN, &hdev->flags)) {
 539                 err = send_mode_rsp(sk, index, MGMT_OP_SET_CONNECTABLE,
 540                                                                 cp->val);
 541                 goto failed;
 542         }
 543
 544         cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, hdev, data, len);
 545         if (!cmd) {
 546                 err = -ENOMEM;
 547                 goto failed;
 548         }
 549
 550         if (cp->val)
 551                 scan = SCAN_PAGE;
 552         else
 553                 scan = 0;
 554
 555         err = hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
 556         if (err < 0)
 557                 mgmt_pending_remove(cmd);
 558
 559 failed:
 560         hci_dev_unlock_bh(hdev);
 561         hci_dev_put(hdev);
 562
 563         return err;
 564 }
 565
 566 static int mgmt_event(u16 event, struct hci_dev *hdev, void *data,
 567                                         u16 data_len, struct sock *skip_sk)
 568 {
 569         struct sk_buff *skb;
 570         struct mgmt_hdr *hdr;
 571
 572         skb = alloc_skb(sizeof(*hdr) + data_len, GFP_ATOMIC);
 573         if (!skb)
 574                 return -ENOMEM;
 575
 576         bt_cb(skb)->channel = HCI_CHANNEL_CONTROL;
 577
 578         hdr = (void *) skb_put(skb, sizeof(*hdr));
 579         hdr->opcode = cpu_to_le16(event);
 580         if (hdev)
 581                 hdr->index = cpu_to_le16(hdev->id);
 582         else
 583                 hdr->index = cpu_to_le16(MGMT_INDEX_NONE);
 584         hdr->len = cpu_to_le16(data_len);
 585
 586         if (data)
 587                 memcpy(skb_put(skb, data_len), data, data_len);
 588
 589         hci_send_to_sock(NULL, skb, skip_sk);
 590         kfree_skb(skb);
 591
 592         return 0;
 593 }
 594
 595 static int set_pairable(struct sock *sk, u16 index, unsigned char *data,
 596                                                                         u16 len)
 597 {
 598         struct mgmt_mode *cp, ev;
 599         struct hci_dev *hdev;
 600         int err;
 601
 602         cp = (void *) data;
 603
 604         BT_DBG("request for hci%u", index);
 605
 606         if (len != sizeof(*cp))
 607                 return cmd_status(sk, index, MGMT_OP_SET_PAIRABLE,
 608                                                 MGMT_STATUS_INVALID_PARAMS);
 609
 610         hdev = hci_dev_get(index);
 611         if (!hdev)
 612                 return cmd_status(sk, index, MGMT_OP_SET_PAIRABLE,
 613                                                 MGMT_STATUS_INVALID_PARAMS);
 614
 615         hci_dev_lock_bh(hdev);
 616
 617         if (cp->val)
 618                 set_bit(HCI_PAIRABLE, &hdev->flags);
 619         else
 620                 clear_bit(HCI_PAIRABLE, &hdev->flags);
 621
 622         err = send_mode_rsp(sk, MGMT_OP_SET_PAIRABLE, index, cp->val);
 623         if (err < 0)
 624                 goto failed;
 625
 626         ev.val = cp->val;
 627
 628         err = mgmt_event(MGMT_EV_PAIRABLE, hdev, &ev, sizeof(ev), sk);
 629
 630 failed:
 631         hci_dev_unlock_bh(hdev);
 632         hci_dev_put(hdev);
 633
 634         return err;
 635 }
 636
 637 #define EIR_FLAGS               0x01 /* flags */
 638 #define EIR_UUID16_SOME         0x02 /* 16-bit UUID, more available */
 639 #define EIR_UUID16_ALL          0x03 /* 16-bit UUID, all listed */
 640 #define EIR_UUID32_SOME         0x04 /* 32-bit UUID, more available */
 641 #define EIR_UUID32_ALL          0x05 /* 32-bit UUID, all listed */
 642 #define EIR_UUID128_SOME        0x06 /* 128-bit UUID, more available */
 643 #define EIR_UUID128_ALL         0x07 /* 128-bit UUID, all listed */
 644 #define EIR_NAME_SHORT          0x08 /* shortened local name */
 645 #define EIR_NAME_COMPLETE       0x09 /* complete local name */
 646 #define EIR_TX_POWER            0x0A /* transmit power level */
 647 #define EIR_DEVICE_ID           0x10 /* device ID */
 648
 649 #define PNP_INFO_SVCLASS_ID             0x1200
 650
 651 static u8 bluetooth_base_uuid[] = {
 652                         0xFB, 0x34, 0x9B, 0x5F, 0x80, 0x00, 0x00, 0x80,
 653                         0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
 654 };
 655
 656 static u16 get_uuid16(u8 *uuid128)
 657 {
 658         u32 val;
 659         int i;
 660
 661         for (i = 0; i < 12; i++) {
 662                 if (bluetooth_base_uuid[i] != uuid128[i])
 663                         return 0;
 664         }
 665
 666         memcpy(&val, &uuid128[12], 4);
 667
 668         val = le32_to_cpu(val);
 669         if (val > 0xffff)
 670                 return 0;
 671
 672         return (u16) val;
 673 }
 674
 675 static void create_eir(struct hci_dev *hdev, u8 *data)
 676 {
 677         u8 *ptr = data;
 678         u16 eir_len = 0;
 679         u16 uuid16_list[HCI_MAX_EIR_LENGTH / sizeof(u16)];
 680         int i, truncated = 0;
 681         struct bt_uuid *uuid;
 682         size_t name_len;
 683
 684         name_len = strlen(hdev->dev_name);
 685
 686         if (name_len > 0) {
 687                 /* EIR Data type */
 688                 if (name_len > 48) {
 689                         name_len = 48;
 690                         ptr[1] = EIR_NAME_SHORT;
 691                 } else
 692                         ptr[1] = EIR_NAME_COMPLETE;
 693
 694                 /* EIR Data length */
 695                 ptr[0] = name_len + 1;
 696
 697                 memcpy(ptr + 2, hdev->dev_name, name_len);
 698
 699                 eir_len += (name_len + 2);
 700                 ptr += (name_len + 2);
 701         }
 702
 703         memset(uuid16_list, 0, sizeof(uuid16_list));
 704
 705         /* Group all UUID16 types */
 706         list_for_each_entry(uuid, &hdev->uuids, list) {
 707                 u16 uuid16;
 708
 709                 uuid16 = get_uuid16(uuid->uuid);
 710                 if (uuid16 == 0)
 711                         return;
 712
 713                 if (uuid16 < 0x1100)
 714                         continue;
 715
 716                 if (uuid16 == PNP_INFO_SVCLASS_ID)
 717                         continue;
 718
 719                 /* Stop if not enough space to put next UUID */
 720                 if (eir_len + 2 + sizeof(u16) > HCI_MAX_EIR_LENGTH) {
 721                         truncated = 1;
 722                         break;
 723                 }
 724
 725                 /* Check for duplicates */
 726                 for (i = 0; uuid16_list[i] != 0; i++)
 727                         if (uuid16_list[i] == uuid16)
 728                                 break;
 729
 730                 if (uuid16_list[i] == 0) {
 731                         uuid16_list[i] = uuid16;
 732                         eir_len += sizeof(u16);
 733                 }
 734         }
 735
 736         if (uuid16_list[0] != 0) {
 737                 u8 *length = ptr;
 738
 739                 /* EIR Data type */
 740                 ptr[1] = truncated ? EIR_UUID16_SOME : EIR_UUID16_ALL;
 741
 742                 ptr += 2;
 743                 eir_len += 2;
 744
 745                 for (i = 0; uuid16_list[i] != 0; i++) {
 746                         *ptr++ = (uuid16_list[i] & 0x00ff);
 747                         *ptr++ = (uuid16_list[i] & 0xff00) >> 8;
 748                 }
 749
 750                 /* EIR Data length */
 751                 *length = (i * sizeof(u16)) + 1;
 752         }
 753 }
 754
 755 static int update_eir(struct hci_dev *hdev)
 756 {
 757         struct hci_cp_write_eir cp;
 758
 759         if (!(hdev->features[6] & LMP_EXT_INQ))
 760                 return 0;
 761
 762         if (hdev->ssp_mode == 0)
 763                 return 0;
 764
 765         if (test_bit(HCI_SERVICE_CACHE, &hdev->flags))
 766                 return 0;
 767
 768         memset(&cp, 0, sizeof(cp));
 769
 770         create_eir(hdev, cp.data);
 771
 772         if (memcmp(cp.data, hdev->eir, sizeof(cp.data)) == 0)
 773                 return 0;
 774
 775         memcpy(hdev->eir, cp.data, sizeof(cp.data));
 776
 777         return hci_send_cmd(hdev, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
 778 }
 779
 780 static u8 get_service_classes(struct hci_dev *hdev)
 781 {
 782         struct bt_uuid *uuid;
 783         u8 val = 0;
 784
 785         list_for_each_entry(uuid, &hdev->uuids, list)
 786                 val |= uuid->svc_hint;
 787
 788         return val;
 789 }
 790
 791 static int update_class(struct hci_dev *hdev)
 792 {
 793         u8 cod[3];
 794
 795         BT_DBG("%s", hdev->name);
 796
 797         if (test_bit(HCI_SERVICE_CACHE, &hdev->flags))
 798                 return 0;
 799
 800         cod[0] = hdev->minor_class;
 801         cod[1] = hdev->major_class;
 802         cod[2] = get_service_classes(hdev);
 803
 804         if (memcmp(cod, hdev->dev_class, 3) == 0)
 805                 return 0;
 806
 807         return hci_send_cmd(hdev, HCI_OP_WRITE_CLASS_OF_DEV, sizeof(cod), cod);
 808 }
 809
 810 static int add_uuid(struct sock *sk, u16 index, unsigned char *data, u16 len)
 811 {
 812         struct mgmt_cp_add_uuid *cp;
 813         struct hci_dev *hdev;
 814         struct bt_uuid *uuid;
 815         int err;
 816
 817         cp = (void *) data;
 818
 819         BT_DBG("request for hci%u", index);
 820
 821         if (len != sizeof(*cp))
 822                 return cmd_status(sk, index, MGMT_OP_ADD_UUID,
 823                                                 MGMT_STATUS_INVALID_PARAMS);
 824
 825         hdev = hci_dev_get(index);
 826         if (!hdev)
 827                 return cmd_status(sk, index, MGMT_OP_ADD_UUID,
 828                                                 MGMT_STATUS_INVALID_PARAMS);
 829
 830         hci_dev_lock_bh(hdev);
 831
 832         uuid = kmalloc(sizeof(*uuid), GFP_ATOMIC);
 833         if (!uuid) {
 834                 err = -ENOMEM;
 835                 goto failed;
 836         }
 837
 838         memcpy(uuid->uuid, cp->uuid, 16);
 839         uuid->svc_hint = cp->svc_hint;
 840
 841         list_add(&uuid->list, &hdev->uuids);
 842
 843         err = update_class(hdev);
 844         if (err < 0)
 845                 goto failed;
 846
 847         err = update_eir(hdev);
 848         if (err < 0)
 849                 goto failed;
 850
 851         err = cmd_complete(sk, index, MGMT_OP_ADD_UUID, NULL, 0);
 852
 853 failed:
 854         hci_dev_unlock_bh(hdev);
 855         hci_dev_put(hdev);
 856
 857         return err;
 858 }
 859
 860 static int remove_uuid(struct sock *sk, u16 index, unsigned char *data, u16 len)
 861 {
 862         struct list_head *p, *n;
 863         struct mgmt_cp_remove_uuid *cp;
 864         struct hci_dev *hdev;
 865         u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
 866         int err, found;
 867
 868         cp = (void *) data;
 869
 870         BT_DBG("request for hci%u", index);
 871
 872         if (len != sizeof(*cp))
 873                 return cmd_status(sk, index, MGMT_OP_REMOVE_UUID,
 874                                                 MGMT_STATUS_INVALID_PARAMS);
 875
 876         hdev = hci_dev_get(index);
 877         if (!hdev)
 878                 return cmd_status(sk, index, MGMT_OP_REMOVE_UUID,
 879                                                 MGMT_STATUS_INVALID_PARAMS);
 880
 881         hci_dev_lock_bh(hdev);
 882
 883         if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) {
 884                 err = hci_uuids_clear(hdev);
 885                 goto unlock;
 886         }
 887
 888         found = 0;
 889
 890         list_for_each_safe(p, n, &hdev->uuids) {
 891                 struct bt_uuid *match = list_entry(p, struct bt_uuid, list);
 892
 893                 if (memcmp(match->uuid, cp->uuid, 16) != 0)
 894                         continue;
 895
 896                 list_del(&match->list);
 897                 found++;
 898         }
 899
 900         if (found == 0) {
 901                 err = cmd_status(sk, index, MGMT_OP_REMOVE_UUID,
 902                                                 MGMT_STATUS_INVALID_PARAMS);
 903                 goto unlock;
 904         }
 905
 906         err = update_class(hdev);
 907         if (err < 0)
 908                 goto unlock;
 909
 910         err = update_eir(hdev);
 911         if (err < 0)
 912                 goto unlock;
 913
 914         err = cmd_complete(sk, index, MGMT_OP_REMOVE_UUID, NULL, 0);
 915
 916 unlock:
 917         hci_dev_unlock_bh(hdev);
 918         hci_dev_put(hdev);
 919
 920         return err;
 921 }
 922
 923 static int set_dev_class(struct sock *sk, u16 index, unsigned char *data,
 924                                                                         u16 len)
 925 {
 926         struct hci_dev *hdev;
 927         struct mgmt_cp_set_dev_class *cp;
 928         int err;
 929
 930         cp = (void *) data;
 931
 932         BT_DBG("request for hci%u", index);
 933
 934         if (len != sizeof(*cp))
 935                 return cmd_status(sk, index, MGMT_OP_SET_DEV_CLASS,
 936                                                 MGMT_STATUS_INVALID_PARAMS);
 937
 938         hdev = hci_dev_get(index);
 939         if (!hdev)
 940                 return cmd_status(sk, index, MGMT_OP_SET_DEV_CLASS,
 941                                                 MGMT_STATUS_INVALID_PARAMS);
 942
 943         hci_dev_lock_bh(hdev);
 944
 945         hdev->major_class = cp->major;
 946         hdev->minor_class = cp->minor;
 947
 948         err = update_class(hdev);
 949
 950         if (err == 0)
 951                 err = cmd_complete(sk, index, MGMT_OP_SET_DEV_CLASS, NULL, 0);
 952
 953         hci_dev_unlock_bh(hdev);
 954         hci_dev_put(hdev);
 955
 956         return err;
 957 }
 958
 959 static int set_service_cache(struct sock *sk, u16 index,  unsigned char *data,
 960                                                                         u16 len)
 961 {
 962         struct hci_dev *hdev;
 963         struct mgmt_cp_set_service_cache *cp;
 964         int err;
 965
 966         cp = (void *) data;
 967
 968         if (len != sizeof(*cp))
 969                 return cmd_status(sk, index, MGMT_OP_SET_SERVICE_CACHE,
 970                                                 MGMT_STATUS_INVALID_PARAMS);
 971
 972         hdev = hci_dev_get(index);
 973         if (!hdev)
 974                 return cmd_status(sk, index, MGMT_OP_SET_SERVICE_CACHE,
 975                                                 MGMT_STATUS_INVALID_PARAMS);
 976
 977         hci_dev_lock_bh(hdev);
 978
 979         BT_DBG("hci%u enable %d", index, cp->enable);
 980
 981         if (cp->enable) {
 982                 set_bit(HCI_SERVICE_CACHE, &hdev->flags);
 983                 err = 0;
 984         } else {
 985                 clear_bit(HCI_SERVICE_CACHE, &hdev->flags);
 986                 err = update_class(hdev);
 987                 if (err == 0)
 988                         err = update_eir(hdev);
 989         }
 990
 991         if (err == 0)
 992                 err = cmd_complete(sk, index, MGMT_OP_SET_SERVICE_CACHE, NULL,
 993                                                                         0);
 994         else
 995                 cmd_status(sk, index, MGMT_OP_SET_SERVICE_CACHE, -err);
 996
 997
 998         hci_dev_unlock_bh(hdev);
 999         hci_dev_put(hdev);
1000
1001         return err;
1002 }
1003
1004 static int load_link_keys(struct sock *sk, u16 index, unsigned char *data,
1005                                                                 u16 len)
1006 {
1007         struct hci_dev *hdev;
1008         struct mgmt_cp_load_link_keys *cp;
1009         u16 key_count, expected_len;
1010         int i;
1011
1012         cp = (void *) data;
1013
1014         if (len < sizeof(*cp))
1015                 return cmd_status(sk, index, MGMT_OP_LOAD_LINK_KEYS,
1016                                                 MGMT_STATUS_INVALID_PARAMS);
1017
1018         key_count = get_unaligned_le16(&cp->key_count);
1019
1020         expected_len = sizeof(*cp) + key_count *
1021                                         sizeof(struct mgmt_link_key_info);
1022         if (expected_len != len) {
1023                 BT_ERR("load_link_keys: expected %u bytes, got %u bytes",
1024                                                         len, expected_len);
1025                 return cmd_status(sk, index, MGMT_OP_LOAD_LINK_KEYS,
1026                                                 MGMT_STATUS_INVALID_PARAMS);
1027         }
1028
1029         hdev = hci_dev_get(index);
1030         if (!hdev)
1031                 return cmd_status(sk, index, MGMT_OP_LOAD_LINK_KEYS,
1032                                                 MGMT_STATUS_INVALID_PARAMS);
1033
1034         BT_DBG("hci%u debug_keys %u key_count %u", index, cp->debug_keys,
1035                                                                 key_count);
1036
1037         hci_dev_lock_bh(hdev);
1038
1039         hci_link_keys_clear(hdev);
1040
1041         set_bit(HCI_LINK_KEYS, &hdev->flags);
1042
1043         if (cp->debug_keys)
1044                 set_bit(HCI_DEBUG_KEYS, &hdev->flags);
1045         else
1046                 clear_bit(HCI_DEBUG_KEYS, &hdev->flags);
1047
1048         for (i = 0; i < key_count; i++) {
1049                 struct mgmt_link_key_info *key = &cp->keys[i];
1050
1051                 hci_add_link_key(hdev, NULL, 0, &key->bdaddr, key->val, key->type,
1052                                                                 key->pin_len);
1053         }
1054
1055         hci_dev_unlock_bh(hdev);
1056         hci_dev_put(hdev);
1057
1058         return 0;
1059 }
1060
1061 static int remove_keys(struct sock *sk, u16 index, unsigned char *data,
1062                                                                 u16 len)
1063 {
1064         struct hci_dev *hdev;
1065         struct mgmt_cp_remove_keys *cp;
1066         struct mgmt_rp_remove_keys rp;
1067         struct hci_cp_disconnect dc;
1068         struct pending_cmd *cmd;
1069         struct hci_conn *conn;
1070         int err;
1071
1072         cp = (void *) data;
1073
1074         if (len != sizeof(*cp))
1075                 return cmd_status(sk, index, MGMT_OP_REMOVE_KEYS,
1076                                                 MGMT_STATUS_INVALID_PARAMS);
1077
1078         hdev = hci_dev_get(index);
1079         if (!hdev)
1080                 return cmd_status(sk, index, MGMT_OP_REMOVE_KEYS,
1081                                                 MGMT_STATUS_INVALID_PARAMS);
1082
1083         hci_dev_lock_bh(hdev);
1084
1085         memset(&rp, 0, sizeof(rp));
1086         bacpy(&rp.bdaddr, &cp->bdaddr);
1087         rp.status = MGMT_STATUS_FAILED;
1088
1089         err = hci_remove_link_key(hdev, &cp->bdaddr);
1090         if (err < 0) {
1091                 rp.status = MGMT_STATUS_NOT_PAIRED;
1092                 goto unlock;
1093         }
1094
1095         if (!test_bit(HCI_UP, &hdev->flags) || !cp->disconnect) {
1096                 err = cmd_complete(sk, index, MGMT_OP_REMOVE_KEYS, &rp,
1097                                                                 sizeof(rp));
1098                 goto unlock;
1099         }
1100
1101         conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1102         if (!conn) {
1103                 err = cmd_complete(sk, index, MGMT_OP_REMOVE_KEYS, &rp,
1104                                                                 sizeof(rp));
1105                 goto unlock;
1106         }
1107
1108         cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_KEYS, hdev, cp, sizeof(*cp));
1109         if (!cmd) {
1110                 err = -ENOMEM;
1111                 goto unlock;
1112         }
1113
1114         put_unaligned_le16(conn->handle, &dc.handle);
1115         dc.reason = 0x13; /* Remote User Terminated Connection */
1116         err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1117         if (err < 0)
1118                 mgmt_pending_remove(cmd);
1119
1120 unlock:
1121         if (err < 0)
1122                 err = cmd_complete(sk, index, MGMT_OP_REMOVE_KEYS, &rp,
1123                                                                 sizeof(rp));
1124         hci_dev_unlock_bh(hdev);
1125         hci_dev_put(hdev);
1126
1127         return err;
1128 }
1129
1130 static int disconnect(struct sock *sk, u16 index, unsigned char *data, u16 len)
1131 {
1132         struct hci_dev *hdev;
1133         struct mgmt_cp_disconnect *cp;
1134         struct hci_cp_disconnect dc;
1135         struct pending_cmd *cmd;
1136         struct hci_conn *conn;
1137         int err;
1138
1139         BT_DBG("");
1140
1141         cp = (void *) data;
1142
1143         if (len != sizeof(*cp))
1144                 return cmd_status(sk, index, MGMT_OP_DISCONNECT,
1145                                                 MGMT_STATUS_INVALID_PARAMS);
1146
1147         hdev = hci_dev_get(index);
1148         if (!hdev)
1149                 return cmd_status(sk, index, MGMT_OP_DISCONNECT,
1150                                                 MGMT_STATUS_INVALID_PARAMS);
1151
1152         hci_dev_lock_bh(hdev);
1153
1154         if (!test_bit(HCI_UP, &hdev->flags)) {
1155                 err = cmd_status(sk, index, MGMT_OP_DISCONNECT,
1156                                                 MGMT_STATUS_NOT_POWERED);
1157                 goto failed;
1158         }
1159
1160         if (mgmt_pending_find(MGMT_OP_DISCONNECT, hdev)) {
1161                 err = cmd_status(sk, index, MGMT_OP_DISCONNECT,
1162                                                         MGMT_STATUS_BUSY);
1163                 goto failed;
1164         }
1165
1166         conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1167         if (!conn)
1168                 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->bdaddr);
1169
1170         if (!conn) {
1171                 err = cmd_status(sk, index, MGMT_OP_DISCONNECT,
1172                                                 MGMT_STATUS_NOT_CONNECTED);
1173                 goto failed;
1174         }
1175
1176         cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, hdev, data, len);
1177         if (!cmd) {
1178                 err = -ENOMEM;
1179                 goto failed;
1180         }
1181
1182         put_unaligned_le16(conn->handle, &dc.handle);
1183         dc.reason = 0x13; /* Remote User Terminated Connection */
1184
1185         err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1186         if (err < 0)
1187                 mgmt_pending_remove(cmd);
1188
1189 failed:
1190         hci_dev_unlock_bh(hdev);
1191         hci_dev_put(hdev);
1192
1193         return err;
1194 }
1195
1196 static u8 link_to_mgmt(u8 link_type, u8 addr_type)
1197 {
1198         switch (link_type) {
1199         case LE_LINK:
1200                 switch (addr_type) {
1201                 case ADDR_LE_DEV_PUBLIC:
1202                         return MGMT_ADDR_LE_PUBLIC;
1203                 case ADDR_LE_DEV_RANDOM:
1204                         return MGMT_ADDR_LE_RANDOM;
1205                 default:
1206                         return MGMT_ADDR_INVALID;
1207                 }
1208         case ACL_LINK:
1209                 return MGMT_ADDR_BREDR;
1210         default:
1211                 return MGMT_ADDR_INVALID;
1212         }
1213 }
1214
1215 static int get_connections(struct sock *sk, u16 index)
1216 {
1217         struct mgmt_rp_get_connections *rp;
1218         struct hci_dev *hdev;
1219         struct hci_conn *c;
1220         struct list_head *p;
1221         size_t rp_len;
1222         u16 count;
1223         int i, err;
1224
1225         BT_DBG("");
1226
1227         hdev = hci_dev_get(index);
1228         if (!hdev)
1229                 return cmd_status(sk, index, MGMT_OP_GET_CONNECTIONS,
1230                                                 MGMT_STATUS_INVALID_PARAMS);
1231
1232         hci_dev_lock_bh(hdev);
1233
1234         count = 0;
1235         list_for_each(p, &hdev->conn_hash.list) {
1236                 count++;
1237         }
1238
1239         rp_len = sizeof(*rp) + (count * sizeof(struct mgmt_addr_info));
1240         rp = kmalloc(rp_len, GFP_ATOMIC);
1241         if (!rp) {
1242                 err = -ENOMEM;
1243                 goto unlock;
1244         }
1245
1246         put_unaligned_le16(count, &rp->conn_count);
1247
1248         i = 0;
1249         list_for_each_entry(c, &hdev->conn_hash.list, list) {
1250                 bacpy(&rp->addr[i].bdaddr, &c->dst);
1251                 rp->addr[i].type = link_to_mgmt(c->type, c->dst_type);
1252                 if (rp->addr[i].type == MGMT_ADDR_INVALID)
1253                         continue;
1254                 i++;
1255         }
1256
1257         /* Recalculate length in case of filtered SCO connections, etc */
1258         rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
1259
1260         err = cmd_complete(sk, index, MGMT_OP_GET_CONNECTIONS, rp, rp_len);
1261
1262 unlock:
1263         kfree(rp);
1264         hci_dev_unlock_bh(hdev);
1265         hci_dev_put(hdev);
1266         return err;
1267 }
1268
1269 static int send_pin_code_neg_reply(struct sock *sk, u16 index,
1270                 struct hci_dev *hdev, struct mgmt_cp_pin_code_neg_reply *cp)
1271 {
1272         struct pending_cmd *cmd;
1273         int err;
1274
1275         cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, hdev, cp,
1276                                                                 sizeof(*cp));
1277         if (!cmd)
1278                 return -ENOMEM;
1279
1280         err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY, sizeof(cp->bdaddr),
1281                                                                 &cp->bdaddr);
1282         if (err < 0)
1283                 mgmt_pending_remove(cmd);
1284
1285         return err;
1286 }
1287
1288 static int pin_code_reply(struct sock *sk, u16 index, unsigned char *data,
1289                                                                         u16 len)
1290 {
1291         struct hci_dev *hdev;
1292         struct hci_conn *conn;
1293         struct mgmt_cp_pin_code_reply *cp;
1294         struct mgmt_cp_pin_code_neg_reply ncp;
1295         struct hci_cp_pin_code_reply reply;
1296         struct pending_cmd *cmd;
1297         int err;
1298
1299         BT_DBG("");
1300
1301         cp = (void *) data;
1302
1303         if (len != sizeof(*cp))
1304                 return cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY,
1305                                                 MGMT_STATUS_INVALID_PARAMS);
1306
1307         hdev = hci_dev_get(index);
1308         if (!hdev)
1309                 return cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY,
1310                                                 MGMT_STATUS_INVALID_PARAMS);
1311
1312         hci_dev_lock_bh(hdev);
1313
1314         if (!test_bit(HCI_UP, &hdev->flags)) {
1315                 err = cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY,
1316                                                 MGMT_STATUS_NOT_POWERED);
1317                 goto failed;
1318         }
1319
1320         conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1321         if (!conn) {
1322                 err = cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY,
1323                                                 MGMT_STATUS_NOT_CONNECTED);
1324                 goto failed;
1325         }
1326
1327         if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) {
1328                 bacpy(&ncp.bdaddr, &cp->bdaddr);
1329
1330                 BT_ERR("PIN code is not 16 bytes long");
1331
1332                 err = send_pin_code_neg_reply(sk, index, hdev, &ncp);
1333                 if (err >= 0)
1334                         err = cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY,
1335                                                 MGMT_STATUS_INVALID_PARAMS);
1336
1337                 goto failed;
1338         }
1339
1340         cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, hdev, data, len);
1341         if (!cmd) {
1342                 err = -ENOMEM;
1343                 goto failed;
1344         }
1345
1346         bacpy(&reply.bdaddr, &cp->bdaddr);
1347         reply.pin_len = cp->pin_len;
1348         memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code));
1349
1350         err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply);
1351         if (err < 0)
1352                 mgmt_pending_remove(cmd);
1353
1354 failed:
1355         hci_dev_unlock_bh(hdev);
1356         hci_dev_put(hdev);
1357
1358         return err;
1359 }
1360
1361 static int pin_code_neg_reply(struct sock *sk, u16 index, unsigned char *data,
1362                                                                         u16 len)
1363 {
1364         struct hci_dev *hdev;
1365         struct mgmt_cp_pin_code_neg_reply *cp;
1366         int err;
1367
1368         BT_DBG("");
1369
1370         cp = (void *) data;
1371
1372         if (len != sizeof(*cp))
1373                 return cmd_status(sk, index, MGMT_OP_PIN_CODE_NEG_REPLY,
1374                                                 MGMT_STATUS_INVALID_PARAMS);
1375
1376         hdev = hci_dev_get(index);
1377         if (!hdev)
1378                 return cmd_status(sk, index, MGMT_OP_PIN_CODE_NEG_REPLY,
1379                                                 MGMT_STATUS_INVALID_PARAMS);
1380
1381         hci_dev_lock_bh(hdev);
1382
1383         if (!test_bit(HCI_UP, &hdev->flags)) {
1384                 err = cmd_status(sk, index, MGMT_OP_PIN_CODE_NEG_REPLY,
1385                                                 MGMT_STATUS_NOT_POWERED);
1386                 goto failed;
1387         }
1388
1389         err = send_pin_code_neg_reply(sk, index, hdev, cp);
1390
1391 failed:
1392         hci_dev_unlock_bh(hdev);
1393         hci_dev_put(hdev);
1394
1395         return err;
1396 }
1397
1398 static int set_io_capability(struct sock *sk, u16 index, unsigned char *data,
1399                                                                         u16 len)
1400 {
1401         struct hci_dev *hdev;
1402         struct mgmt_cp_set_io_capability *cp;
1403
1404         BT_DBG("");
1405
1406         cp = (void *) data;
1407
1408         if (len != sizeof(*cp))
1409                 return cmd_status(sk, index, MGMT_OP_SET_IO_CAPABILITY,
1410                                                 MGMT_STATUS_INVALID_PARAMS);
1411
1412         hdev = hci_dev_get(index);
1413         if (!hdev)
1414                 return cmd_status(sk, index, MGMT_OP_SET_IO_CAPABILITY,
1415                                                 MGMT_STATUS_INVALID_PARAMS);
1416
1417         hci_dev_lock_bh(hdev);
1418
1419         hdev->io_capability = cp->io_capability;
1420
1421         BT_DBG("%s IO capability set to 0x%02x", hdev->name,
1422                                                         hdev->io_capability);
1423
1424         hci_dev_unlock_bh(hdev);
1425         hci_dev_put(hdev);
1426
1427         return cmd_complete(sk, index, MGMT_OP_SET_IO_CAPABILITY, NULL, 0);
1428 }
1429
1430 static inline struct pending_cmd *find_pairing(struct hci_conn *conn)
1431 {
1432         struct hci_dev *hdev = conn->hdev;
1433         struct pending_cmd *cmd;
1434
1435         list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
1436                 if (cmd->opcode != MGMT_OP_PAIR_DEVICE)
1437                         continue;
1438
1439                 if (cmd->user_data != conn)
1440                         continue;
1441
1442                 return cmd;
1443         }
1444
1445         return NULL;
1446 }
1447
1448 static void pairing_complete(struct pending_cmd *cmd, u8 status)
1449 {
1450         struct mgmt_rp_pair_device rp;
1451         struct hci_conn *conn = cmd->user_data;
1452
1453         bacpy(&rp.addr.bdaddr, &conn->dst);
1454         rp.addr.type = link_to_mgmt(conn->type, conn->dst_type);
1455         rp.status = status;
1456
1457         cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE, &rp, sizeof(rp));
1458
1459         /* So we don't get further callbacks for this connection */
1460         conn->connect_cfm_cb = NULL;
1461         conn->security_cfm_cb = NULL;
1462         conn->disconn_cfm_cb = NULL;
1463
1464         hci_conn_put(conn);
1465
1466         mgmt_pending_remove(cmd);
1467 }
1468
1469 static void pairing_complete_cb(struct hci_conn *conn, u8 status)
1470 {
1471         struct pending_cmd *cmd;
1472
1473         BT_DBG("status %u", status);
1474
1475         cmd = find_pairing(conn);
1476         if (!cmd)
1477                 BT_DBG("Unable to find a pending command");
1478         else
1479                 pairing_complete(cmd, status);
1480 }
1481
1482 static int pair_device(struct sock *sk, u16 index, unsigned char *data, u16 len)
1483 {
1484         struct hci_dev *hdev;
1485         struct mgmt_cp_pair_device *cp;
1486         struct mgmt_rp_pair_device rp;
1487         struct pending_cmd *cmd;
1488         u8 sec_level, auth_type;
1489         struct hci_conn *conn;
1490         int err;
1491
1492         BT_DBG("");
1493
1494         cp = (void *) data;
1495
1496         if (len != sizeof(*cp))
1497                 return cmd_status(sk, index, MGMT_OP_PAIR_DEVICE,
1498                                                 MGMT_STATUS_INVALID_PARAMS);
1499
1500         hdev = hci_dev_get(index);
1501         if (!hdev)
1502                 return cmd_status(sk, index, MGMT_OP_PAIR_DEVICE,
1503                                                 MGMT_STATUS_INVALID_PARAMS);
1504
1505         hci_dev_lock_bh(hdev);
1506
1507         sec_level = BT_SECURITY_MEDIUM;
1508         if (cp->io_cap == 0x03)
1509                 auth_type = HCI_AT_DEDICATED_BONDING;
1510         else
1511                 auth_type = HCI_AT_DEDICATED_BONDING_MITM;
1512
1513         if (cp->addr.type == MGMT_ADDR_BREDR)
1514                 conn = hci_connect(hdev, ACL_LINK, &cp->addr.bdaddr, sec_level,
1515                                                                 auth_type);
1516         else
1517                 conn = hci_connect(hdev, LE_LINK, &cp->addr.bdaddr, sec_level,
1518                                                                 auth_type);
1519
1520         memset(&rp, 0, sizeof(rp));
1521         bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
1522         rp.addr.type = cp->addr.type;
1523
1524         if (IS_ERR(conn)) {
1525                 rp.status = -PTR_ERR(conn);
1526                 err = cmd_complete(sk, index, MGMT_OP_PAIR_DEVICE,
1527                                                         &rp, sizeof(rp));
1528                 goto unlock;
1529         }
1530
1531         if (conn->connect_cfm_cb) {
1532                 hci_conn_put(conn);
1533                 rp.status = EBUSY;
1534                 err = cmd_complete(sk, index, MGMT_OP_PAIR_DEVICE,
1535                                                         &rp, sizeof(rp));
1536                 goto unlock;
1537         }
1538
1539         cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len);
1540         if (!cmd) {
1541                 err = -ENOMEM;
1542                 hci_conn_put(conn);
1543                 goto unlock;
1544         }
1545
1546         /* For LE, just connecting isn't a proof that the pairing finished */
1547         if (cp->addr.type == MGMT_ADDR_BREDR)
1548                 conn->connect_cfm_cb = pairing_complete_cb;
1549
1550         conn->security_cfm_cb = pairing_complete_cb;
1551         conn->disconn_cfm_cb = pairing_complete_cb;
1552         conn->io_capability = cp->io_cap;
1553         cmd->user_data = conn;
1554
1555         if (conn->state == BT_CONNECTED &&
1556                                 hci_conn_security(conn, sec_level, auth_type))
1557                 pairing_complete(cmd, 0);
1558
1559         err = 0;
1560
1561 unlock:
1562         hci_dev_unlock_bh(hdev);
1563         hci_dev_put(hdev);
1564
1565         return err;
1566 }
1567
1568 static int user_confirm_reply(struct sock *sk, u16 index, unsigned char *data,
1569                                                         u16 len, int success)
1570 {
1571         struct mgmt_cp_user_confirm_reply *cp = (void *) data;
1572         u16 mgmt_op, hci_op;
1573         struct pending_cmd *cmd;
1574         struct hci_dev *hdev;
1575         int err;
1576
1577         BT_DBG("");
1578
1579         if (success) {
1580                 mgmt_op = MGMT_OP_USER_CONFIRM_REPLY;
1581                 hci_op = HCI_OP_USER_CONFIRM_REPLY;
1582         } else {
1583                 mgmt_op = MGMT_OP_USER_CONFIRM_NEG_REPLY;
1584                 hci_op = HCI_OP_USER_CONFIRM_NEG_REPLY;
1585         }
1586
1587         if (len != sizeof(*cp))
1588                 return cmd_status(sk, index, mgmt_op,
1589                                                 MGMT_STATUS_INVALID_PARAMS);
1590
1591         hdev = hci_dev_get(index);
1592         if (!hdev)
1593                 return cmd_status(sk, index, mgmt_op,
1594                                                 MGMT_STATUS_INVALID_PARAMS);
1595
1596         hci_dev_lock_bh(hdev);
1597
1598         if (!test_bit(HCI_UP, &hdev->flags)) {
1599                 err = cmd_status(sk, index, mgmt_op, ENETDOWN);
1600                 goto failed;
1601         }
1602
1603         cmd = mgmt_pending_add(sk, mgmt_op, hdev, data, len);
1604         if (!cmd) {
1605                 err = -ENOMEM;
1606                 goto failed;
1607         }
1608
1609         err = hci_send_cmd(hdev, hci_op, sizeof(cp->bdaddr), &cp->bdaddr);
1610         if (err < 0)
1611                 mgmt_pending_remove(cmd);
1612
1613 failed:
1614         hci_dev_unlock_bh(hdev);
1615         hci_dev_put(hdev);
1616
1617         return err;
1618 }
1619
1620 static int set_local_name(struct sock *sk, u16 index, unsigned char *data,
1621                                                                 u16 len)
1622 {
1623         struct mgmt_cp_set_local_name *mgmt_cp = (void *) data;
1624         struct hci_cp_write_local_name hci_cp;
1625         struct hci_dev *hdev;
1626         struct pending_cmd *cmd;
1627         int err;
1628
1629         BT_DBG("");
1630
1631         if (len != sizeof(*mgmt_cp))
1632                 return cmd_status(sk, index, MGMT_OP_SET_LOCAL_NAME,
1633                                                 MGMT_STATUS_INVALID_PARAMS);
1634
1635         hdev = hci_dev_get(index);
1636         if (!hdev)
1637                 return cmd_status(sk, index, MGMT_OP_SET_LOCAL_NAME,
1638                                                 MGMT_STATUS_INVALID_PARAMS);
1639
1640         hci_dev_lock_bh(hdev);
1641
1642         cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, hdev, data, len);
1643         if (!cmd) {
1644                 err = -ENOMEM;
1645                 goto failed;
1646         }
1647
1648         memcpy(hci_cp.name, mgmt_cp->name, sizeof(hci_cp.name));
1649         err = hci_send_cmd(hdev, HCI_OP_WRITE_LOCAL_NAME, sizeof(hci_cp),
1650                                                                 &hci_cp);
1651         if (err < 0)
1652                 mgmt_pending_remove(cmd);
1653
1654 failed:
1655         hci_dev_unlock_bh(hdev);
1656         hci_dev_put(hdev);
1657
1658         return err;
1659 }
1660
1661 static int read_local_oob_data(struct sock *sk, u16 index)
1662 {
1663         struct hci_dev *hdev;
1664         struct pending_cmd *cmd;
1665         int err;
1666
1667         BT_DBG("hci%u", index);
1668
1669         hdev = hci_dev_get(index);
1670         if (!hdev)
1671                 return cmd_status(sk, index, MGMT_OP_READ_LOCAL_OOB_DATA,
1672                                                 MGMT_STATUS_INVALID_PARAMS);
1673
1674         hci_dev_lock_bh(hdev);
1675
1676         if (!test_bit(HCI_UP, &hdev->flags)) {
1677                 err = cmd_status(sk, index, MGMT_OP_READ_LOCAL_OOB_DATA,
1678                                                 MGMT_STATUS_NOT_POWERED);
1679                 goto unlock;
1680         }
1681
1682         if (!(hdev->features[6] & LMP_SIMPLE_PAIR)) {
1683                 err = cmd_status(sk, index, MGMT_OP_READ_LOCAL_OOB_DATA,
1684                                                 MGMT_STATUS_NOT_SUPPORTED);
1685                 goto unlock;
1686         }
1687
1688         if (mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev)) {
1689                 err = cmd_status(sk, index, MGMT_OP_READ_LOCAL_OOB_DATA,
1690                                                         MGMT_STATUS_BUSY);
1691                 goto unlock;
1692         }
1693
1694         cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_DATA, hdev, NULL, 0);
1695         if (!cmd) {
1696                 err = -ENOMEM;
1697                 goto unlock;
1698         }
1699
1700         err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
1701         if (err < 0)
1702                 mgmt_pending_remove(cmd);
1703
1704 unlock:
1705         hci_dev_unlock_bh(hdev);
1706         hci_dev_put(hdev);
1707
1708         return err;
1709 }
1710
1711 static int add_remote_oob_data(struct sock *sk, u16 index, unsigned char *data,
1712                                                                         u16 len)
1713 {
1714         struct hci_dev *hdev;
1715         struct mgmt_cp_add_remote_oob_data *cp = (void *) data;
1716         int err;
1717
1718         BT_DBG("hci%u ", index);
1719
1720         if (len != sizeof(*cp))
1721                 return cmd_status(sk, index, MGMT_OP_ADD_REMOTE_OOB_DATA,
1722                                                 MGMT_STATUS_INVALID_PARAMS);
1723
1724         hdev = hci_dev_get(index);
1725         if (!hdev)
1726                 return cmd_status(sk, index, MGMT_OP_ADD_REMOTE_OOB_DATA,
1727                                                 MGMT_STATUS_INVALID_PARAMS);
1728
1729         hci_dev_lock_bh(hdev);
1730
1731         err = hci_add_remote_oob_data(hdev, &cp->bdaddr, cp->hash,
1732                                                                 cp->randomizer);
1733         if (err < 0)
1734                 err = cmd_status(sk, index, MGMT_OP_ADD_REMOTE_OOB_DATA,
1735                                                         MGMT_STATUS_FAILED);
1736         else
1737                 err = cmd_complete(sk, index, MGMT_OP_ADD_REMOTE_OOB_DATA, NULL,
1738                                                                         0);
1739
1740         hci_dev_unlock_bh(hdev);
1741         hci_dev_put(hdev);
1742
1743         return err;
1744 }
1745
1746 static int remove_remote_oob_data(struct sock *sk, u16 index,
1747                                                 unsigned char *data, u16 len)
1748 {
1749         struct hci_dev *hdev;
1750         struct mgmt_cp_remove_remote_oob_data *cp = (void *) data;
1751         int err;
1752
1753         BT_DBG("hci%u ", index);
1754
1755         if (len != sizeof(*cp))
1756                 return cmd_status(sk, index, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
1757                                                 MGMT_STATUS_INVALID_PARAMS);
1758
1759         hdev = hci_dev_get(index);
1760         if (!hdev)
1761                 return cmd_status(sk, index, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
1762                                                 MGMT_STATUS_INVALID_PARAMS);
1763
1764         hci_dev_lock_bh(hdev);
1765
1766         err = hci_remove_remote_oob_data(hdev, &cp->bdaddr);
1767         if (err < 0)
1768                 err = cmd_status(sk, index, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
1769                                                 MGMT_STATUS_INVALID_PARAMS);
1770         else
1771                 err = cmd_complete(sk, index, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
1772                                                                 NULL, 0);
1773
1774         hci_dev_unlock_bh(hdev);
1775         hci_dev_put(hdev);
1776
1777         return err;
1778 }
1779
1780 static int start_discovery(struct sock *sk, u16 index)
1781 {
1782         struct pending_cmd *cmd;
1783         struct hci_dev *hdev;
1784         int err;
1785
1786         BT_DBG("hci%u", index);
1787
1788         hdev = hci_dev_get(index);
1789         if (!hdev)
1790                 return cmd_status(sk, index, MGMT_OP_START_DISCOVERY,
1791                                                 MGMT_STATUS_INVALID_PARAMS);
1792
1793         hci_dev_lock_bh(hdev);
1794
1795         if (!test_bit(HCI_UP, &hdev->flags)) {
1796                 err = cmd_status(sk, index, MGMT_OP_START_DISCOVERY,
1797                                                 MGMT_STATUS_NOT_POWERED);
1798                 goto failed;
1799         }
1800
1801         cmd = mgmt_pending_add(sk, MGMT_OP_START_DISCOVERY, hdev, NULL, 0);
1802         if (!cmd) {
1803                 err = -ENOMEM;
1804                 goto failed;
1805         }
1806
1807         err = hci_do_inquiry(hdev, INQUIRY_LEN_BREDR);
1808         if (err < 0)
1809                 mgmt_pending_remove(cmd);
1810
1811 failed:
1812         hci_dev_unlock_bh(hdev);
1813         hci_dev_put(hdev);
1814
1815         return err;
1816 }
1817
1818 static int stop_discovery(struct sock *sk, u16 index)
1819 {
1820         struct hci_dev *hdev;
1821         struct pending_cmd *cmd;
1822         int err;
1823
1824         BT_DBG("hci%u", index);
1825
1826         hdev = hci_dev_get(index);
1827         if (!hdev)
1828                 return cmd_status(sk, index, MGMT_OP_STOP_DISCOVERY,
1829                                                 MGMT_STATUS_INVALID_PARAMS);
1830
1831         hci_dev_lock_bh(hdev);
1832
1833         cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, hdev, NULL, 0);
1834         if (!cmd) {
1835                 err = -ENOMEM;
1836                 goto failed;
1837         }
1838
1839         err = hci_cancel_inquiry(hdev);
1840         if (err < 0)
1841                 mgmt_pending_remove(cmd);
1842
1843 failed:
1844         hci_dev_unlock_bh(hdev);
1845         hci_dev_put(hdev);
1846
1847         return err;
1848 }
1849
1850 static int block_device(struct sock *sk, u16 index, unsigned char *data,
1851                                                                 u16 len)
1852 {
1853         struct hci_dev *hdev;
1854         struct mgmt_cp_block_device *cp = (void *) data;
1855         int err;
1856
1857         BT_DBG("hci%u", index);
1858
1859         if (len != sizeof(*cp))
1860                 return cmd_status(sk, index, MGMT_OP_BLOCK_DEVICE,
1861                                                 MGMT_STATUS_INVALID_PARAMS);
1862
1863         hdev = hci_dev_get(index);
1864         if (!hdev)
1865                 return cmd_status(sk, index, MGMT_OP_BLOCK_DEVICE,
1866                                                 MGMT_STATUS_INVALID_PARAMS);
1867
1868         hci_dev_lock_bh(hdev);
1869
1870         err = hci_blacklist_add(hdev, &cp->bdaddr);
1871         if (err < 0)
1872                 err = cmd_status(sk, index, MGMT_OP_BLOCK_DEVICE,
1873                                                         MGMT_STATUS_FAILED);
1874         else
1875                 err = cmd_complete(sk, index, MGMT_OP_BLOCK_DEVICE,
1876                                                         NULL, 0);
1877
1878         hci_dev_unlock_bh(hdev);
1879         hci_dev_put(hdev);
1880
1881         return err;
1882 }
1883
1884 static int unblock_device(struct sock *sk, u16 index, unsigned char *data,
1885                                                                 u16 len)
1886 {
1887         struct hci_dev *hdev;
1888         struct mgmt_cp_unblock_device *cp = (void *) data;
1889         int err;
1890
1891         BT_DBG("hci%u", index);
1892
1893         if (len != sizeof(*cp))
1894                 return cmd_status(sk, index, MGMT_OP_UNBLOCK_DEVICE,
1895                                                 MGMT_STATUS_INVALID_PARAMS);
1896
1897         hdev = hci_dev_get(index);
1898         if (!hdev)
1899                 return cmd_status(sk, index, MGMT_OP_UNBLOCK_DEVICE,
1900                                                 MGMT_STATUS_INVALID_PARAMS);
1901
1902         hci_dev_lock_bh(hdev);
1903
1904         err = hci_blacklist_del(hdev, &cp->bdaddr);
1905
1906         if (err < 0)
1907                 err = cmd_status(sk, index, MGMT_OP_UNBLOCK_DEVICE,
1908                                                 MGMT_STATUS_INVALID_PARAMS);
1909         else
1910                 err = cmd_complete(sk, index, MGMT_OP_UNBLOCK_DEVICE,
1911                                                                 NULL, 0);
1912
1913         hci_dev_unlock_bh(hdev);
1914         hci_dev_put(hdev);
1915
1916         return err;
1917 }
1918
1919 static int set_fast_connectable(struct sock *sk, u16 index,
1920                                         unsigned char *data, u16 len)
1921 {
1922         struct hci_dev *hdev;
1923         struct mgmt_cp_set_fast_connectable *cp = (void *) data;
1924         struct hci_cp_write_page_scan_activity acp;
1925         u8 type;
1926         int err;
1927
1928         BT_DBG("hci%u", index);
1929
1930         if (len != sizeof(*cp))
1931                 return cmd_status(sk, index, MGMT_OP_SET_FAST_CONNECTABLE,
1932                                                 MGMT_STATUS_INVALID_PARAMS);
1933
1934         hdev = hci_dev_get(index);
1935         if (!hdev)
1936                 return cmd_status(sk, index, MGMT_OP_SET_FAST_CONNECTABLE,
1937                                                 MGMT_STATUS_INVALID_PARAMS);
1938
1939         hci_dev_lock(hdev);
1940
1941         if (cp->enable) {
1942                 type = PAGE_SCAN_TYPE_INTERLACED;
1943                 acp.interval = 0x0024;  /* 22.5 msec page scan interval */
1944         } else {
1945                 type = PAGE_SCAN_TYPE_STANDARD; /* default */
1946                 acp.interval = 0x0800;  /* default 1.28 sec page scan */
1947         }
1948
1949         acp.window = 0x0012;    /* default 11.25 msec page scan window */
1950
1951         err = hci_send_cmd(hdev, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY,
1952                                                 sizeof(acp), &acp);
1953         if (err < 0) {
1954                 err = cmd_status(sk, index, MGMT_OP_SET_FAST_CONNECTABLE,
1955                                                         MGMT_STATUS_FAILED);
1956                 goto done;
1957         }
1958
1959         err = hci_send_cmd(hdev, HCI_OP_WRITE_PAGE_SCAN_TYPE, 1, &type);
1960         if (err < 0) {
1961                 err = cmd_status(sk, index, MGMT_OP_SET_FAST_CONNECTABLE,
1962                                                         MGMT_STATUS_FAILED);
1963                 goto done;
1964         }
1965
1966         err = cmd_complete(sk, index, MGMT_OP_SET_FAST_CONNECTABLE,
1967                                                         NULL, 0);
1968 done:
1969         hci_dev_unlock(hdev);
1970         hci_dev_put(hdev);
1971
1972         return err;
1973 }
1974
1975 int mgmt_control(struct sock *sk, struct msghdr *msg, size_t msglen)
1976 {
1977         unsigned char *buf;
1978         struct mgmt_hdr *hdr;
1979         u16 opcode, index, len;
1980         int err;
1981
1982         BT_DBG("got %zu bytes", msglen);
1983
1984         if (msglen < sizeof(*hdr))
1985                 return -EINVAL;
1986
1987         buf = kmalloc(msglen, GFP_KERNEL);
1988         if (!buf)
1989                 return -ENOMEM;
1990
1991         if (memcpy_fromiovec(buf, msg->msg_iov, msglen)) {
1992                 err = -EFAULT;
1993                 goto done;
1994         }
1995
1996         hdr = (struct mgmt_hdr *) buf;
1997         opcode = get_unaligned_le16(&hdr->opcode);
1998         index = get_unaligned_le16(&hdr->index);
1999         len = get_unaligned_le16(&hdr->len);
2000
2001         if (len != msglen - sizeof(*hdr)) {
2002                 err = -EINVAL;
2003                 goto done;
2004         }
2005
2006         switch (opcode) {
2007         case MGMT_OP_READ_VERSION:
2008                 err = read_version(sk);
2009                 break;
2010         case MGMT_OP_READ_INDEX_LIST:
2011                 err = read_index_list(sk);
2012                 break;
2013         case MGMT_OP_READ_INFO:
2014                 err = read_controller_info(sk, index);
2015                 break;
2016         case MGMT_OP_SET_POWERED:
2017                 err = set_powered(sk, index, buf + sizeof(*hdr), len);
2018                 break;
2019         case MGMT_OP_SET_DISCOVERABLE:
2020                 err = set_discoverable(sk, index, buf + sizeof(*hdr), len);
2021                 break;
2022         case MGMT_OP_SET_CONNECTABLE:
2023                 err = set_connectable(sk, index, buf + sizeof(*hdr), len);
2024                 break;
2025         case MGMT_OP_SET_PAIRABLE:
2026                 err = set_pairable(sk, index, buf + sizeof(*hdr), len);
2027                 break;
2028         case MGMT_OP_ADD_UUID:
2029                 err = add_uuid(sk, index, buf + sizeof(*hdr), len);
2030                 break;
2031         case MGMT_OP_REMOVE_UUID:
2032                 err = remove_uuid(sk, index, buf + sizeof(*hdr), len);
2033                 break;
2034         case MGMT_OP_SET_DEV_CLASS:
2035                 err = set_dev_class(sk, index, buf + sizeof(*hdr), len);
2036                 break;
2037         case MGMT_OP_SET_SERVICE_CACHE:
2038                 err = set_service_cache(sk, index, buf + sizeof(*hdr), len);
2039                 break;
2040         case MGMT_OP_LOAD_LINK_KEYS:
2041                 err = load_link_keys(sk, index, buf + sizeof(*hdr), len);
2042                 break;
2043         case MGMT_OP_REMOVE_KEYS:
2044                 err = remove_keys(sk, index, buf + sizeof(*hdr), len);
2045                 break;
2046         case MGMT_OP_DISCONNECT:
2047                 err = disconnect(sk, index, buf + sizeof(*hdr), len);
2048                 break;
2049         case MGMT_OP_GET_CONNECTIONS:
2050                 err = get_connections(sk, index);
2051                 break;
2052         case MGMT_OP_PIN_CODE_REPLY:
2053                 err = pin_code_reply(sk, index, buf + sizeof(*hdr), len);
2054                 break;
2055         case MGMT_OP_PIN_CODE_NEG_REPLY:
2056                 err = pin_code_neg_reply(sk, index, buf + sizeof(*hdr), len);
2057                 break;
2058         case MGMT_OP_SET_IO_CAPABILITY:
2059                 err = set_io_capability(sk, index, buf + sizeof(*hdr), len);
2060                 break;
2061         case MGMT_OP_PAIR_DEVICE:
2062                 err = pair_device(sk, index, buf + sizeof(*hdr), len);
2063                 break;
2064         case MGMT_OP_USER_CONFIRM_REPLY:
2065                 err = user_confirm_reply(sk, index, buf + sizeof(*hdr), len, 1);
2066                 break;
2067         case MGMT_OP_USER_CONFIRM_NEG_REPLY:
2068                 err = user_confirm_reply(sk, index, buf + sizeof(*hdr), len, 0);
2069                 break;
2070         case MGMT_OP_SET_LOCAL_NAME:
2071                 err = set_local_name(sk, index, buf + sizeof(*hdr), len);
2072                 break;
2073         case MGMT_OP_READ_LOCAL_OOB_DATA:
2074                 err = read_local_oob_data(sk, index);
2075                 break;
2076         case MGMT_OP_ADD_REMOTE_OOB_DATA:
2077                 err = add_remote_oob_data(sk, index, buf + sizeof(*hdr), len);
2078                 break;
2079         case MGMT_OP_REMOVE_REMOTE_OOB_DATA:
2080                 err = remove_remote_oob_data(sk, index, buf + sizeof(*hdr),
2081                                                                         len);
2082                 break;
2083         case MGMT_OP_START_DISCOVERY:
2084                 err = start_discovery(sk, index);
2085                 break;
2086         case MGMT_OP_STOP_DISCOVERY:
2087                 err = stop_discovery(sk, index);
2088                 break;
2089         case MGMT_OP_BLOCK_DEVICE:
2090                 err = block_device(sk, index, buf + sizeof(*hdr), len);
2091                 break;
2092         case MGMT_OP_UNBLOCK_DEVICE:
2093                 err = unblock_device(sk, index, buf + sizeof(*hdr), len);
2094                 break;
2095         case MGMT_OP_SET_FAST_CONNECTABLE:
2096                 err = set_fast_connectable(sk, index, buf + sizeof(*hdr),
2097                                                                 len);
2098                 break;
2099         default:
2100                 BT_DBG("Unknown op %u", opcode);
2101                 err = cmd_status(sk, index, opcode,
2102                                                 MGMT_STATUS_UNKNOWN_COMMAND);
2103                 break;
2104         }
2105
2106         if (err < 0)
2107                 goto done;
2108
2109         err = msglen;
2110
2111 done:
2112         kfree(buf);
2113         return err;
2114 }
2115
2116 static void cmd_status_rsp(struct pending_cmd *cmd, void *data)
2117 {
2118         u8 *status = data;
2119
2120         cmd_status(cmd->sk, cmd->index, cmd->opcode, *status);
2121         mgmt_pending_remove(cmd);
2122 }
2123
2124 int mgmt_index_added(struct hci_dev *hdev)
2125 {
2126         return mgmt_event(MGMT_EV_INDEX_ADDED, hdev, NULL, 0, NULL);
2127 }
2128
2129 int mgmt_index_removed(struct hci_dev *hdev)
2130 {
2131         u8 status = ENODEV;
2132
2133         mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status);
2134
2135         return mgmt_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0, NULL);
2136 }
2137
2138 struct cmd_lookup {
2139         u8 val;
2140         struct sock *sk;
2141 };
2142
2143 static void mode_rsp(struct pending_cmd *cmd, void *data)
2144 {
2145         struct mgmt_mode *cp = cmd->param;
2146         struct cmd_lookup *match = data;
2147
2148         if (cp->val != match->val)
2149                 return;
2150
2151         send_mode_rsp(cmd->sk, cmd->opcode, cmd->index, cp->val);
2152
2153         list_del(&cmd->list);
2154
2155         if (match->sk == NULL) {
2156                 match->sk = cmd->sk;
2157                 sock_hold(match->sk);
2158         }
2159
2160         mgmt_pending_free(cmd);
2161 }
2162
2163 int mgmt_powered(struct hci_dev *hdev, u8 powered)
2164 {
2165         struct mgmt_mode ev;
2166         struct cmd_lookup match = { powered, NULL };
2167         int ret;
2168
2169         mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, mode_rsp, &match);
2170
2171         if (!powered) {
2172                 u8 status = ENETDOWN;
2173                 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status);
2174         }
2175
2176         ev.val = powered;
2177
2178         ret = mgmt_event(MGMT_EV_POWERED, hdev, &ev, sizeof(ev), match.sk);
2179
2180         if (match.sk)
2181                 sock_put(match.sk);
2182
2183         return ret;
2184 }
2185
2186 int mgmt_discoverable(struct hci_dev *hdev, u8 discoverable)
2187 {
2188         struct mgmt_mode ev;
2189         struct cmd_lookup match = { discoverable, NULL };
2190         int ret;
2191
2192         mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev, mode_rsp, &match);
2193
2194         ev.val = discoverable;
2195
2196         ret = mgmt_event(MGMT_EV_DISCOVERABLE, hdev, &ev, sizeof(ev),
2197                                                                 match.sk);
2198
2199         if (match.sk)
2200                 sock_put(match.sk);
2201
2202         return ret;
2203 }
2204
2205 int mgmt_connectable(struct hci_dev *hdev, u8 connectable)
2206 {
2207         struct mgmt_mode ev;
2208         struct cmd_lookup match = { connectable, NULL };
2209         int ret;
2210
2211         mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, hdev, mode_rsp, &match);
2212
2213         ev.val = connectable;
2214
2215         ret = mgmt_event(MGMT_EV_CONNECTABLE, hdev, &ev, sizeof(ev), match.sk);
2216
2217         if (match.sk)
2218                 sock_put(match.sk);
2219
2220         return ret;
2221 }
2222
2223 int mgmt_write_scan_failed(struct hci_dev *hdev, u8 scan, u8 status)
2224 {
2225         u8 mgmt_err = mgmt_status(status);
2226
2227         if (scan & SCAN_PAGE)
2228                 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, hdev,
2229                                                 cmd_status_rsp, &mgmt_err);
2230
2231         if (scan & SCAN_INQUIRY)
2232                 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev,
2233                                                 cmd_status_rsp, &mgmt_err);
2234
2235         return 0;
2236 }
2237
2238 int mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key,
2239                                                                 u8 persistent)
2240 {
2241         struct mgmt_ev_new_link_key ev;
2242
2243         memset(&ev, 0, sizeof(ev));
2244
2245         ev.store_hint = persistent;
2246         bacpy(&ev.key.bdaddr, &key->bdaddr);
2247         ev.key.type = key->type;
2248         memcpy(ev.key.val, key->val, 16);
2249         ev.key.pin_len = key->pin_len;
2250
2251         return mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL);
2252 }
2253
2254 int mgmt_connected(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
2255                                                                 u8 addr_type)
2256 {
2257         struct mgmt_addr_info ev;
2258
2259         bacpy(&ev.bdaddr, bdaddr);
2260         ev.type = link_to_mgmt(link_type, addr_type);
2261
2262         return mgmt_event(MGMT_EV_CONNECTED, hdev, &ev, sizeof(ev), NULL);
2263 }
2264
2265 static void disconnect_rsp(struct pending_cmd *cmd, void *data)
2266 {
2267         struct mgmt_cp_disconnect *cp = cmd->param;
2268         struct sock **sk = data;
2269         struct mgmt_rp_disconnect rp;
2270
2271         bacpy(&rp.bdaddr, &cp->bdaddr);
2272         rp.status = 0;
2273
2274         cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT, &rp, sizeof(rp));
2275
2276         *sk = cmd->sk;
2277         sock_hold(*sk);
2278
2279         mgmt_pending_remove(cmd);
2280 }
2281
2282 static void remove_keys_rsp(struct pending_cmd *cmd, void *data)
2283 {
2284         u8 *status = data;
2285         struct mgmt_cp_remove_keys *cp = cmd->param;
2286         struct mgmt_rp_remove_keys rp;
2287
2288         memset(&rp, 0, sizeof(rp));
2289         bacpy(&rp.bdaddr, &cp->bdaddr);
2290         if (status != NULL)
2291                 rp.status = *status;
2292
2293         cmd_complete(cmd->sk, cmd->index, MGMT_OP_REMOVE_KEYS, &rp,
2294                                                                 sizeof(rp));
2295
2296         mgmt_pending_remove(cmd);
2297 }
2298
2299 int mgmt_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
2300                                                                 u8 addr_type)
2301 {
2302         struct mgmt_addr_info ev;
2303         struct sock *sk = NULL;
2304         int err;
2305
2306         mgmt_pending_foreach(MGMT_OP_DISCONNECT, hdev, disconnect_rsp, &sk);
2307
2308         bacpy(&ev.bdaddr, bdaddr);
2309         ev.type = link_to_mgmt(link_type, addr_type);
2310
2311         err = mgmt_event(MGMT_EV_DISCONNECTED, hdev, &ev, sizeof(ev), sk);
2312
2313         if (sk)
2314                 sock_put(sk);
2315
2316         mgmt_pending_foreach(MGMT_OP_REMOVE_KEYS, hdev, remove_keys_rsp, NULL);
2317
2318         return err;
2319 }
2320
2321 int mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 status)
2322 {
2323         struct pending_cmd *cmd;
2324         u8 mgmt_err = mgmt_status(status);
2325         int err;
2326
2327         cmd = mgmt_pending_find(MGMT_OP_DISCONNECT, hdev);
2328         if (!cmd)
2329                 return -ENOENT;
2330
2331         if (bdaddr) {
2332                 struct mgmt_rp_disconnect rp;
2333
2334                 bacpy(&rp.bdaddr, bdaddr);
2335                 rp.status = status;
2336
2337                 err = cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT,
2338                                                         &rp, sizeof(rp));
2339         } else
2340                 err = cmd_status(cmd->sk, hdev->id, MGMT_OP_DISCONNECT,
2341                                                                 mgmt_err);
2342
2343         mgmt_pending_remove(cmd);
2344
2345         return err;
2346 }
2347
2348 int mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
2349                                                 u8 addr_type, u8 status)
2350 {
2351         struct mgmt_ev_connect_failed ev;
2352
2353         bacpy(&ev.addr.bdaddr, bdaddr);
2354         ev.addr.type = link_to_mgmt(link_type, addr_type);
2355         ev.status = mgmt_status(status);
2356
2357         return mgmt_event(MGMT_EV_CONNECT_FAILED, hdev, &ev, sizeof(ev), NULL);
2358 }
2359
2360 int mgmt_pin_code_request(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 secure)
2361 {
2362         struct mgmt_ev_pin_code_request ev;
2363
2364         bacpy(&ev.bdaddr, bdaddr);
2365         ev.secure = secure;
2366
2367         return mgmt_event(MGMT_EV_PIN_CODE_REQUEST, hdev, &ev, sizeof(ev),
2368                                                                         NULL);
2369 }
2370
2371 int mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
2372                                                                 u8 status)
2373 {
2374         struct pending_cmd *cmd;
2375         struct mgmt_rp_pin_code_reply rp;
2376         int err;
2377
2378         cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_REPLY, hdev);
2379         if (!cmd)
2380                 return -ENOENT;
2381
2382         bacpy(&rp.bdaddr, bdaddr);
2383         rp.status = mgmt_status(status);
2384
2385         err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_REPLY, &rp,
2386                                                                 sizeof(rp));
2387
2388         mgmt_pending_remove(cmd);
2389
2390         return err;
2391 }
2392
2393 int mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
2394                                                                 u8 status)
2395 {
2396         struct pending_cmd *cmd;
2397         struct mgmt_rp_pin_code_reply rp;
2398         int err;
2399
2400         cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, hdev);
2401         if (!cmd)
2402                 return -ENOENT;
2403
2404         bacpy(&rp.bdaddr, bdaddr);
2405         rp.status = mgmt_status(status);
2406
2407         err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_NEG_REPLY, &rp,
2408                                                                 sizeof(rp));
2409
2410         mgmt_pending_remove(cmd);
2411
2412         return err;
2413 }
2414
2415 int mgmt_user_confirm_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
2416                                                 __le32 value, u8 confirm_hint)
2417 {
2418         struct mgmt_ev_user_confirm_request ev;
2419
2420         BT_DBG("%s", hdev->name);
2421
2422         bacpy(&ev.bdaddr, bdaddr);
2423         ev.confirm_hint = confirm_hint;
2424         put_unaligned_le32(value, &ev.value);
2425
2426         return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, hdev, &ev, sizeof(ev),
2427                                                                         NULL);
2428 }
2429
2430 static int confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
2431                                                         u8 status, u8 opcode)
2432 {
2433         struct pending_cmd *cmd;
2434         struct mgmt_rp_user_confirm_reply rp;
2435         int err;
2436
2437         cmd = mgmt_pending_find(opcode, hdev);
2438         if (!cmd)
2439                 return -ENOENT;
2440
2441         bacpy(&rp.bdaddr, bdaddr);
2442         rp.status = mgmt_status(status);
2443         err = cmd_complete(cmd->sk, hdev->id, opcode, &rp, sizeof(rp));
2444
2445         mgmt_pending_remove(cmd);
2446
2447         return err;
2448 }
2449
2450 int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
2451                                                                 u8 status)
2452 {
2453         return confirm_reply_complete(hdev, bdaddr, mgmt_status(status),
2454                                                 MGMT_OP_USER_CONFIRM_REPLY);
2455 }
2456
2457 int mgmt_user_confirm_neg_reply_complete(struct hci_dev *hdev,
2458                                                 bdaddr_t *bdaddr, u8 status)
2459 {
2460         return confirm_reply_complete(hdev, bdaddr, mgmt_status(status),
2461                                         MGMT_OP_USER_CONFIRM_NEG_REPLY);
2462 }
2463
2464 int mgmt_auth_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 status)
2465 {
2466         struct mgmt_ev_auth_failed ev;
2467
2468         bacpy(&ev.bdaddr, bdaddr);
2469         ev.status = mgmt_status(status);
2470
2471         return mgmt_event(MGMT_EV_AUTH_FAILED, hdev, &ev, sizeof(ev), NULL);
2472 }
2473
2474 int mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status)
2475 {
2476         struct pending_cmd *cmd;
2477         struct mgmt_cp_set_local_name ev;
2478         int err;
2479
2480         memset(&ev, 0, sizeof(ev));
2481         memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
2482
2483         cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
2484         if (!cmd)
2485                 goto send_event;
2486
2487         if (status) {
2488                 err = cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME,
2489                                                         mgmt_status(status));
2490                 goto failed;
2491         }
2492
2493         update_eir(hdev);
2494
2495         err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, &ev,
2496                                                                 sizeof(ev));
2497         if (err < 0)
2498                 goto failed;
2499
2500 send_event:
2501         err = mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, &ev, sizeof(ev),
2502                                                         cmd ? cmd->sk : NULL);
2503
2504 failed:
2505         if (cmd)
2506                 mgmt_pending_remove(cmd);
2507         return err;
2508 }
2509
2510 int mgmt_read_local_oob_data_reply_complete(struct hci_dev *hdev, u8 *hash,
2511                                                 u8 *randomizer, u8 status)
2512 {
2513         struct pending_cmd *cmd;
2514         int err;
2515
2516         BT_DBG("%s status %u", hdev->name, status);
2517
2518         cmd = mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev);
2519         if (!cmd)
2520                 return -ENOENT;
2521
2522         if (status) {
2523                 err = cmd_status(cmd->sk, hdev->id,
2524                                                 MGMT_OP_READ_LOCAL_OOB_DATA,
2525                                                 mgmt_status(status));
2526         } else {
2527                 struct mgmt_rp_read_local_oob_data rp;
2528
2529                 memcpy(rp.hash, hash, sizeof(rp.hash));
2530                 memcpy(rp.randomizer, randomizer, sizeof(rp.randomizer));
2531
2532                 err = cmd_complete(cmd->sk, hdev->id,
2533                                                 MGMT_OP_READ_LOCAL_OOB_DATA,
2534                                                 &rp, sizeof(rp));
2535         }
2536
2537         mgmt_pending_remove(cmd);
2538
2539         return err;
2540 }
2541
2542 int mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
2543                                 u8 addr_type, u8 *dev_class, s8 rssi, u8 *eir)
2544 {
2545         struct mgmt_ev_device_found ev;
2546
2547         memset(&ev, 0, sizeof(ev));
2548
2549         bacpy(&ev.addr.bdaddr, bdaddr);
2550         ev.addr.type = link_to_mgmt(link_type, addr_type);
2551         ev.rssi = rssi;
2552
2553         if (eir)
2554                 memcpy(ev.eir, eir, sizeof(ev.eir));
2555
2556         if (dev_class)
2557                 memcpy(ev.dev_class, dev_class, sizeof(ev.dev_class));
2558
2559         return mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, &ev, sizeof(ev), NULL);
2560 }
2561
2562 int mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 *name)
2563 {
2564         struct mgmt_ev_remote_name ev;
2565
2566         memset(&ev, 0, sizeof(ev));
2567
2568         bacpy(&ev.bdaddr, bdaddr);
2569         memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
2570
2571         return mgmt_event(MGMT_EV_REMOTE_NAME, hdev, &ev, sizeof(ev), NULL);
2572 }
2573
2574 int mgmt_start_discovery_failed(struct hci_dev *hdev, u8 status)
2575 {
2576         struct pending_cmd *cmd;
2577         int err;
2578
2579         cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
2580         if (!cmd)
2581                 return -ENOENT;
2582
2583         err = cmd_status(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status));
2584         mgmt_pending_remove(cmd);
2585
2586         return err;
2587 }
2588
2589 int mgmt_stop_discovery_failed(struct hci_dev *hdev, u8 status)
2590 {
2591         struct pending_cmd *cmd;
2592         int err;
2593
2594         cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
2595         if (!cmd)
2596                 return -ENOENT;
2597
2598         err = cmd_status(cmd->sk, hdev->id, cmd->opcode, status);
2599         mgmt_pending_remove(cmd);
2600
2601         return err;
2602 }
2603
2604 int mgmt_discovering(struct hci_dev *hdev, u8 discovering)
2605 {
2606         struct pending_cmd *cmd;
2607
2608         if (discovering)
2609                 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
2610         else
2611                 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
2612
2613         if (cmd != NULL) {
2614                 cmd_complete(cmd->sk, hdev->id, cmd->opcode, NULL, 0);
2615                 mgmt_pending_remove(cmd);
2616         }
2617
2618         return mgmt_event(MGMT_EV_DISCOVERING, hdev, &discovering,
2619                                                 sizeof(discovering), NULL);
2620 }
2621
2622 int mgmt_device_blocked(struct hci_dev *hdev, bdaddr_t *bdaddr)
2623 {
2624         struct pending_cmd *cmd;
2625         struct mgmt_ev_device_blocked ev;
2626
2627         cmd = mgmt_pending_find(MGMT_OP_BLOCK_DEVICE, hdev);
2628
2629         bacpy(&ev.bdaddr, bdaddr);
2630
2631         return mgmt_event(MGMT_EV_DEVICE_BLOCKED, hdev, &ev, sizeof(ev),
2632                                                         cmd ? cmd->sk : NULL);
2633 }
2634
2635 int mgmt_device_unblocked(struct hci_dev *hdev, bdaddr_t *bdaddr)
2636 {
2637         struct pending_cmd *cmd;
2638         struct mgmt_ev_device_unblocked ev;
2639
2640         cmd = mgmt_pending_find(MGMT_OP_UNBLOCK_DEVICE, hdev);
2641
2642         bacpy(&ev.bdaddr, bdaddr);
2643
2644         return mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, hdev, &ev, sizeof(ev),
2645                                                         cmd ? cmd->sk : NULL);
2646 }