54154235b4a7492858ae49222c01fce3ce26032a
[linux-2.6.git] / net / bluetooth / mgmt.c
1 /*
2    BlueZ - Bluetooth protocol stack for Linux
3    Copyright (C) 2010  Nokia Corporation
4
5    This program is free software; you can redistribute it and/or modify
6    it under the terms of the GNU General Public License version 2 as
7    published by the Free Software Foundation;
8
9    THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
10    OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
11    FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
12    IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
13    CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
14    WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15    ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
16    OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17
18    ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
19    COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
20    SOFTWARE IS DISCLAIMED.
21 */
22
23 /* Bluetooth HCI Management interface */
24
25 #include <linux/uaccess.h>
26 #include <asm/unaligned.h>
27
28 #include <net/bluetooth/bluetooth.h>
29 #include <net/bluetooth/hci_core.h>
30 #include <net/bluetooth/mgmt.h>
31
32 #define MGMT_VERSION    0
33 #define MGMT_REVISION   1
34
35 struct pending_cmd {
36         struct list_head list;
37         __u16 opcode;
38         int index;
39         void *param;
40         struct sock *sk;
41         void *user_data;
42 };
43
44 static LIST_HEAD(cmd_list);
45
46 static int cmd_status(struct sock *sk, u16 index, u16 cmd, u8 status)
47 {
48         struct sk_buff *skb;
49         struct mgmt_hdr *hdr;
50         struct mgmt_ev_cmd_status *ev;
51
52         BT_DBG("sock %p, index %u, cmd %u, status %u", sk, index, cmd, status);
53
54         skb = alloc_skb(sizeof(*hdr) + sizeof(*ev), GFP_ATOMIC);
55         if (!skb)
56                 return -ENOMEM;
57
58         hdr = (void *) skb_put(skb, sizeof(*hdr));
59
60         hdr->opcode = cpu_to_le16(MGMT_EV_CMD_STATUS);
61         hdr->index = cpu_to_le16(index);
62         hdr->len = cpu_to_le16(sizeof(*ev));
63
64         ev = (void *) skb_put(skb, sizeof(*ev));
65         ev->status = status;
66         put_unaligned_le16(cmd, &ev->opcode);
67
68         if (sock_queue_rcv_skb(sk, skb) < 0)
69                 kfree_skb(skb);
70
71         return 0;
72 }
73
74 static int cmd_complete(struct sock *sk, u16 index, u16 cmd, void *rp,
75                                                                 size_t rp_len)
76 {
77         struct sk_buff *skb;
78         struct mgmt_hdr *hdr;
79         struct mgmt_ev_cmd_complete *ev;
80
81         BT_DBG("sock %p", sk);
82
83         skb = alloc_skb(sizeof(*hdr) + sizeof(*ev) + rp_len, GFP_ATOMIC);
84         if (!skb)
85                 return -ENOMEM;
86
87         hdr = (void *) skb_put(skb, sizeof(*hdr));
88
89         hdr->opcode = cpu_to_le16(MGMT_EV_CMD_COMPLETE);
90         hdr->index = cpu_to_le16(index);
91         hdr->len = cpu_to_le16(sizeof(*ev) + rp_len);
92
93         ev = (void *) skb_put(skb, sizeof(*ev) + rp_len);
94         put_unaligned_le16(cmd, &ev->opcode);
95
96         if (rp)
97                 memcpy(ev->data, rp, rp_len);
98
99         if (sock_queue_rcv_skb(sk, skb) < 0)
100                 kfree_skb(skb);
101
102         return 0;
103 }
104
105 static int read_version(struct sock *sk)
106 {
107         struct mgmt_rp_read_version rp;
108
109         BT_DBG("sock %p", sk);
110
111         rp.version = MGMT_VERSION;
112         put_unaligned_le16(MGMT_REVISION, &rp.revision);
113
114         return cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, &rp,
115                                                                 sizeof(rp));
116 }
117
118 static int read_index_list(struct sock *sk)
119 {
120         struct mgmt_rp_read_index_list *rp;
121         struct list_head *p;
122         size_t rp_len;
123         u16 count;
124         int i, err;
125
126         BT_DBG("sock %p", sk);
127
128         read_lock(&hci_dev_list_lock);
129
130         count = 0;
131         list_for_each(p, &hci_dev_list) {
132                 count++;
133         }
134
135         rp_len = sizeof(*rp) + (2 * count);
136         rp = kmalloc(rp_len, GFP_ATOMIC);
137         if (!rp) {
138                 read_unlock(&hci_dev_list_lock);
139                 return -ENOMEM;
140         }
141
142         put_unaligned_le16(count, &rp->num_controllers);
143
144         i = 0;
145         list_for_each(p, &hci_dev_list) {
146                 struct hci_dev *d = list_entry(p, struct hci_dev, list);
147
148                 hci_del_off_timer(d);
149
150                 set_bit(HCI_MGMT, &d->flags);
151
152                 if (test_bit(HCI_SETUP, &d->flags))
153                         continue;
154
155                 put_unaligned_le16(d->id, &rp->index[i++]);
156                 BT_DBG("Added hci%u", d->id);
157         }
158
159         read_unlock(&hci_dev_list_lock);
160
161         err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST, rp,
162                                                                         rp_len);
163
164         kfree(rp);
165
166         return err;
167 }
168
169 static int read_controller_info(struct sock *sk, u16 index)
170 {
171         struct mgmt_rp_read_info rp;
172         struct hci_dev *hdev;
173
174         BT_DBG("sock %p hci%u", sk, index);
175
176         hdev = hci_dev_get(index);
177         if (!hdev)
178                 return cmd_status(sk, index, MGMT_OP_READ_INFO, ENODEV);
179
180         hci_del_off_timer(hdev);
181
182         hci_dev_lock(hdev);
183
184         set_bit(HCI_MGMT, &hdev->flags);
185
186         memset(&rp, 0, sizeof(rp));
187
188         rp.type = hdev->dev_type;
189
190         rp.powered = test_bit(HCI_UP, &hdev->flags);
191         rp.connectable = test_bit(HCI_PSCAN, &hdev->flags);
192         rp.discoverable = test_bit(HCI_ISCAN, &hdev->flags);
193         rp.pairable = test_bit(HCI_PSCAN, &hdev->flags);
194
195         if (test_bit(HCI_AUTH, &hdev->flags))
196                 rp.sec_mode = 3;
197         else if (hdev->ssp_mode > 0)
198                 rp.sec_mode = 4;
199         else
200                 rp.sec_mode = 2;
201
202         bacpy(&rp.bdaddr, &hdev->bdaddr);
203         memcpy(rp.features, hdev->features, 8);
204         memcpy(rp.dev_class, hdev->dev_class, 3);
205         put_unaligned_le16(hdev->manufacturer, &rp.manufacturer);
206         rp.hci_ver = hdev->hci_ver;
207         put_unaligned_le16(hdev->hci_rev, &rp.hci_rev);
208
209         memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name));
210
211         hci_dev_unlock(hdev);
212         hci_dev_put(hdev);
213
214         return cmd_complete(sk, index, MGMT_OP_READ_INFO, &rp, sizeof(rp));
215 }
216
217 static void mgmt_pending_free(struct pending_cmd *cmd)
218 {
219         sock_put(cmd->sk);
220         kfree(cmd->param);
221         kfree(cmd);
222 }
223
224 static struct pending_cmd *mgmt_pending_add(struct sock *sk, u16 opcode,
225                                                 u16 index, void *data, u16 len)
226 {
227         struct pending_cmd *cmd;
228
229         cmd = kmalloc(sizeof(*cmd), GFP_ATOMIC);
230         if (!cmd)
231                 return NULL;
232
233         cmd->opcode = opcode;
234         cmd->index = index;
235
236         cmd->param = kmalloc(len, GFP_ATOMIC);
237         if (!cmd->param) {
238                 kfree(cmd);
239                 return NULL;
240         }
241
242         if (data)
243                 memcpy(cmd->param, data, len);
244
245         cmd->sk = sk;
246         sock_hold(sk);
247
248         list_add(&cmd->list, &cmd_list);
249
250         return cmd;
251 }
252
253 static void mgmt_pending_foreach(u16 opcode, int index,
254                                 void (*cb)(struct pending_cmd *cmd, void *data),
255                                 void *data)
256 {
257         struct list_head *p, *n;
258
259         list_for_each_safe(p, n, &cmd_list) {
260                 struct pending_cmd *cmd;
261
262                 cmd = list_entry(p, struct pending_cmd, list);
263
264                 if (cmd->opcode != opcode)
265                         continue;
266
267                 if (index >= 0 && cmd->index != index)
268                         continue;
269
270                 cb(cmd, data);
271         }
272 }
273
274 static struct pending_cmd *mgmt_pending_find(u16 opcode, int index)
275 {
276         struct list_head *p;
277
278         list_for_each(p, &cmd_list) {
279                 struct pending_cmd *cmd;
280
281                 cmd = list_entry(p, struct pending_cmd, list);
282
283                 if (cmd->opcode != opcode)
284                         continue;
285
286                 if (index >= 0 && cmd->index != index)
287                         continue;
288
289                 return cmd;
290         }
291
292         return NULL;
293 }
294
295 static void mgmt_pending_remove(struct pending_cmd *cmd)
296 {
297         list_del(&cmd->list);
298         mgmt_pending_free(cmd);
299 }
300
301 static int set_powered(struct sock *sk, u16 index, unsigned char *data, u16 len)
302 {
303         struct mgmt_mode *cp;
304         struct hci_dev *hdev;
305         struct pending_cmd *cmd;
306         int err, up;
307
308         cp = (void *) data;
309
310         BT_DBG("request for hci%u", index);
311
312         if (len != sizeof(*cp))
313                 return cmd_status(sk, index, MGMT_OP_SET_POWERED, EINVAL);
314
315         hdev = hci_dev_get(index);
316         if (!hdev)
317                 return cmd_status(sk, index, MGMT_OP_SET_POWERED, ENODEV);
318
319         hci_dev_lock(hdev);
320
321         up = test_bit(HCI_UP, &hdev->flags);
322         if ((cp->val && up) || (!cp->val && !up)) {
323                 err = cmd_status(sk, index, MGMT_OP_SET_POWERED, EALREADY);
324                 goto failed;
325         }
326
327         if (mgmt_pending_find(MGMT_OP_SET_POWERED, index)) {
328                 err = cmd_status(sk, index, MGMT_OP_SET_POWERED, EBUSY);
329                 goto failed;
330         }
331
332         cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, index, data, len);
333         if (!cmd) {
334                 err = -ENOMEM;
335                 goto failed;
336         }
337
338         if (cp->val)
339                 queue_work(hdev->workqueue, &hdev->power_on);
340         else
341                 queue_work(hdev->workqueue, &hdev->power_off);
342
343         err = 0;
344
345 failed:
346         hci_dev_unlock(hdev);
347         hci_dev_put(hdev);
348         return err;
349 }
350
351 static int set_discoverable(struct sock *sk, u16 index, unsigned char *data,
352                                                                         u16 len)
353 {
354         struct mgmt_mode *cp;
355         struct hci_dev *hdev;
356         struct pending_cmd *cmd;
357         u8 scan;
358         int err;
359
360         cp = (void *) data;
361
362         BT_DBG("request for hci%u", index);
363
364         if (len != sizeof(*cp))
365                 return cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE, EINVAL);
366
367         hdev = hci_dev_get(index);
368         if (!hdev)
369                 return cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE, ENODEV);
370
371         hci_dev_lock(hdev);
372
373         if (!test_bit(HCI_UP, &hdev->flags)) {
374                 err = cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE, ENETDOWN);
375                 goto failed;
376         }
377
378         if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, index) ||
379                         mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, index)) {
380                 err = cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE, EBUSY);
381                 goto failed;
382         }
383
384         if (cp->val == test_bit(HCI_ISCAN, &hdev->flags) &&
385                                         test_bit(HCI_PSCAN, &hdev->flags)) {
386                 err = cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE, EALREADY);
387                 goto failed;
388         }
389
390         cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, index, data, len);
391         if (!cmd) {
392                 err = -ENOMEM;
393                 goto failed;
394         }
395
396         scan = SCAN_PAGE;
397
398         if (cp->val)
399                 scan |= SCAN_INQUIRY;
400
401         err = hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
402         if (err < 0)
403                 mgmt_pending_remove(cmd);
404
405 failed:
406         hci_dev_unlock(hdev);
407         hci_dev_put(hdev);
408
409         return err;
410 }
411
412 static int set_connectable(struct sock *sk, u16 index, unsigned char *data,
413                                                                         u16 len)
414 {
415         struct mgmt_mode *cp;
416         struct hci_dev *hdev;
417         struct pending_cmd *cmd;
418         u8 scan;
419         int err;
420
421         cp = (void *) data;
422
423         BT_DBG("request for hci%u", index);
424
425         if (len != sizeof(*cp))
426                 return cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE, EINVAL);
427
428         hdev = hci_dev_get(index);
429         if (!hdev)
430                 return cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE, ENODEV);
431
432         hci_dev_lock(hdev);
433
434         if (!test_bit(HCI_UP, &hdev->flags)) {
435                 err = cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE, ENETDOWN);
436                 goto failed;
437         }
438
439         if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, index) ||
440                         mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, index)) {
441                 err = cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE, EBUSY);
442                 goto failed;
443         }
444
445         if (cp->val == test_bit(HCI_PSCAN, &hdev->flags)) {
446                 err = cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE, EALREADY);
447                 goto failed;
448         }
449
450         cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, index, data, len);
451         if (!cmd) {
452                 err = -ENOMEM;
453                 goto failed;
454         }
455
456         if (cp->val)
457                 scan = SCAN_PAGE;
458         else
459                 scan = 0;
460
461         err = hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
462         if (err < 0)
463                 mgmt_pending_remove(cmd);
464
465 failed:
466         hci_dev_unlock(hdev);
467         hci_dev_put(hdev);
468
469         return err;
470 }
471
472 static int mgmt_event(u16 event, u16 index, void *data, u16 data_len,
473                                                         struct sock *skip_sk)
474 {
475         struct sk_buff *skb;
476         struct mgmt_hdr *hdr;
477
478         skb = alloc_skb(sizeof(*hdr) + data_len, GFP_ATOMIC);
479         if (!skb)
480                 return -ENOMEM;
481
482         bt_cb(skb)->channel = HCI_CHANNEL_CONTROL;
483
484         hdr = (void *) skb_put(skb, sizeof(*hdr));
485         hdr->opcode = cpu_to_le16(event);
486         hdr->index = cpu_to_le16(index);
487         hdr->len = cpu_to_le16(data_len);
488
489         if (data)
490                 memcpy(skb_put(skb, data_len), data, data_len);
491
492         hci_send_to_sock(NULL, skb, skip_sk);
493         kfree_skb(skb);
494
495         return 0;
496 }
497
498 static int send_mode_rsp(struct sock *sk, u16 opcode, u16 index, u8 val)
499 {
500         struct mgmt_mode rp;
501
502         rp.val = val;
503
504         return cmd_complete(sk, index, opcode, &rp, sizeof(rp));
505 }
506
507 static int set_pairable(struct sock *sk, u16 index, unsigned char *data,
508                                                                         u16 len)
509 {
510         struct mgmt_mode *cp, ev;
511         struct hci_dev *hdev;
512         int err;
513
514         cp = (void *) data;
515
516         BT_DBG("request for hci%u", index);
517
518         if (len != sizeof(*cp))
519                 return cmd_status(sk, index, MGMT_OP_SET_PAIRABLE, EINVAL);
520
521         hdev = hci_dev_get(index);
522         if (!hdev)
523                 return cmd_status(sk, index, MGMT_OP_SET_PAIRABLE, ENODEV);
524
525         hci_dev_lock(hdev);
526
527         if (cp->val)
528                 set_bit(HCI_PAIRABLE, &hdev->flags);
529         else
530                 clear_bit(HCI_PAIRABLE, &hdev->flags);
531
532         err = send_mode_rsp(sk, MGMT_OP_SET_PAIRABLE, index, cp->val);
533         if (err < 0)
534                 goto failed;
535
536         ev.val = cp->val;
537
538         err = mgmt_event(MGMT_EV_PAIRABLE, index, &ev, sizeof(ev), sk);
539
540 failed:
541         hci_dev_unlock(hdev);
542         hci_dev_put(hdev);
543
544         return err;
545 }
546
547 #define EIR_FLAGS               0x01 /* flags */
548 #define EIR_UUID16_SOME         0x02 /* 16-bit UUID, more available */
549 #define EIR_UUID16_ALL          0x03 /* 16-bit UUID, all listed */
550 #define EIR_UUID32_SOME         0x04 /* 32-bit UUID, more available */
551 #define EIR_UUID32_ALL          0x05 /* 32-bit UUID, all listed */
552 #define EIR_UUID128_SOME        0x06 /* 128-bit UUID, more available */
553 #define EIR_UUID128_ALL         0x07 /* 128-bit UUID, all listed */
554 #define EIR_NAME_SHORT          0x08 /* shortened local name */
555 #define EIR_NAME_COMPLETE       0x09 /* complete local name */
556 #define EIR_TX_POWER            0x0A /* transmit power level */
557 #define EIR_DEVICE_ID           0x10 /* device ID */
558
559 #define PNP_INFO_SVCLASS_ID             0x1200
560
561 static u8 bluetooth_base_uuid[] = {
562                         0xFB, 0x34, 0x9B, 0x5F, 0x80, 0x00, 0x00, 0x80,
563                         0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
564 };
565
566 static u16 get_uuid16(u8 *uuid128)
567 {
568         u32 val;
569         int i;
570
571         for (i = 0; i < 12; i++) {
572                 if (bluetooth_base_uuid[i] != uuid128[i])
573                         return 0;
574         }
575
576         memcpy(&val, &uuid128[12], 4);
577
578         val = le32_to_cpu(val);
579         if (val > 0xffff)
580                 return 0;
581
582         return (u16) val;
583 }
584
585 static void create_eir(struct hci_dev *hdev, u8 *data)
586 {
587         u8 *ptr = data;
588         u16 eir_len = 0;
589         u16 uuid16_list[HCI_MAX_EIR_LENGTH / sizeof(u16)];
590         int i, truncated = 0;
591         struct list_head *p;
592         size_t name_len;
593
594         name_len = strlen(hdev->dev_name);
595
596         if (name_len > 0) {
597                 /* EIR Data type */
598                 if (name_len > 48) {
599                         name_len = 48;
600                         ptr[1] = EIR_NAME_SHORT;
601                 } else
602                         ptr[1] = EIR_NAME_COMPLETE;
603
604                 /* EIR Data length */
605                 ptr[0] = name_len + 1;
606
607                 memcpy(ptr + 2, hdev->dev_name, name_len);
608
609                 eir_len += (name_len + 2);
610                 ptr += (name_len + 2);
611         }
612
613         memset(uuid16_list, 0, sizeof(uuid16_list));
614
615         /* Group all UUID16 types */
616         list_for_each(p, &hdev->uuids) {
617                 struct bt_uuid *uuid = list_entry(p, struct bt_uuid, list);
618                 u16 uuid16;
619
620                 uuid16 = get_uuid16(uuid->uuid);
621                 if (uuid16 == 0)
622                         return;
623
624                 if (uuid16 < 0x1100)
625                         continue;
626
627                 if (uuid16 == PNP_INFO_SVCLASS_ID)
628                         continue;
629
630                 /* Stop if not enough space to put next UUID */
631                 if (eir_len + 2 + sizeof(u16) > HCI_MAX_EIR_LENGTH) {
632                         truncated = 1;
633                         break;
634                 }
635
636                 /* Check for duplicates */
637                 for (i = 0; uuid16_list[i] != 0; i++)
638                         if (uuid16_list[i] == uuid16)
639                                 break;
640
641                 if (uuid16_list[i] == 0) {
642                         uuid16_list[i] = uuid16;
643                         eir_len += sizeof(u16);
644                 }
645         }
646
647         if (uuid16_list[0] != 0) {
648                 u8 *length = ptr;
649
650                 /* EIR Data type */
651                 ptr[1] = truncated ? EIR_UUID16_SOME : EIR_UUID16_ALL;
652
653                 ptr += 2;
654                 eir_len += 2;
655
656                 for (i = 0; uuid16_list[i] != 0; i++) {
657                         *ptr++ = (uuid16_list[i] & 0x00ff);
658                         *ptr++ = (uuid16_list[i] & 0xff00) >> 8;
659                 }
660
661                 /* EIR Data length */
662                 *length = (i * sizeof(u16)) + 1;
663         }
664 }
665
666 static int update_eir(struct hci_dev *hdev)
667 {
668         struct hci_cp_write_eir cp;
669
670         if (!(hdev->features[6] & LMP_EXT_INQ))
671                 return 0;
672
673         if (hdev->ssp_mode == 0)
674                 return 0;
675
676         if (test_bit(HCI_SERVICE_CACHE, &hdev->flags))
677                 return 0;
678
679         memset(&cp, 0, sizeof(cp));
680
681         create_eir(hdev, cp.data);
682
683         if (memcmp(cp.data, hdev->eir, sizeof(cp.data)) == 0)
684                 return 0;
685
686         memcpy(hdev->eir, cp.data, sizeof(cp.data));
687
688         return hci_send_cmd(hdev, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
689 }
690
691 static u8 get_service_classes(struct hci_dev *hdev)
692 {
693         struct list_head *p;
694         u8 val = 0;
695
696         list_for_each(p, &hdev->uuids) {
697                 struct bt_uuid *uuid = list_entry(p, struct bt_uuid, list);
698
699                 val |= uuid->svc_hint;
700         }
701
702         return val;
703 }
704
705 static int update_class(struct hci_dev *hdev)
706 {
707         u8 cod[3];
708
709         BT_DBG("%s", hdev->name);
710
711         if (test_bit(HCI_SERVICE_CACHE, &hdev->flags))
712                 return 0;
713
714         cod[0] = hdev->minor_class;
715         cod[1] = hdev->major_class;
716         cod[2] = get_service_classes(hdev);
717
718         if (memcmp(cod, hdev->dev_class, 3) == 0)
719                 return 0;
720
721         return hci_send_cmd(hdev, HCI_OP_WRITE_CLASS_OF_DEV, sizeof(cod), cod);
722 }
723
724 static int add_uuid(struct sock *sk, u16 index, unsigned char *data, u16 len)
725 {
726         struct mgmt_cp_add_uuid *cp;
727         struct hci_dev *hdev;
728         struct bt_uuid *uuid;
729         int err;
730
731         cp = (void *) data;
732
733         BT_DBG("request for hci%u", index);
734
735         if (len != sizeof(*cp))
736                 return cmd_status(sk, index, MGMT_OP_ADD_UUID, EINVAL);
737
738         hdev = hci_dev_get(index);
739         if (!hdev)
740                 return cmd_status(sk, index, MGMT_OP_ADD_UUID, ENODEV);
741
742         hci_dev_lock(hdev);
743
744         uuid = kmalloc(sizeof(*uuid), GFP_ATOMIC);
745         if (!uuid) {
746                 err = -ENOMEM;
747                 goto failed;
748         }
749
750         memcpy(uuid->uuid, cp->uuid, 16);
751         uuid->svc_hint = cp->svc_hint;
752
753         list_add(&uuid->list, &hdev->uuids);
754
755         err = update_class(hdev);
756         if (err < 0)
757                 goto failed;
758
759         err = update_eir(hdev);
760         if (err < 0)
761                 goto failed;
762
763         err = cmd_complete(sk, index, MGMT_OP_ADD_UUID, NULL, 0);
764
765 failed:
766         hci_dev_unlock(hdev);
767         hci_dev_put(hdev);
768
769         return err;
770 }
771
772 static int remove_uuid(struct sock *sk, u16 index, unsigned char *data, u16 len)
773 {
774         struct list_head *p, *n;
775         struct mgmt_cp_remove_uuid *cp;
776         struct hci_dev *hdev;
777         u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
778         int err, found;
779
780         cp = (void *) data;
781
782         BT_DBG("request for hci%u", index);
783
784         if (len != sizeof(*cp))
785                 return cmd_status(sk, index, MGMT_OP_REMOVE_UUID, EINVAL);
786
787         hdev = hci_dev_get(index);
788         if (!hdev)
789                 return cmd_status(sk, index, MGMT_OP_REMOVE_UUID, ENODEV);
790
791         hci_dev_lock(hdev);
792
793         if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) {
794                 err = hci_uuids_clear(hdev);
795                 goto unlock;
796         }
797
798         found = 0;
799
800         list_for_each_safe(p, n, &hdev->uuids) {
801                 struct bt_uuid *match = list_entry(p, struct bt_uuid, list);
802
803                 if (memcmp(match->uuid, cp->uuid, 16) != 0)
804                         continue;
805
806                 list_del(&match->list);
807                 found++;
808         }
809
810         if (found == 0) {
811                 err = cmd_status(sk, index, MGMT_OP_REMOVE_UUID, ENOENT);
812                 goto unlock;
813         }
814
815         err = update_class(hdev);
816         if (err < 0)
817                 goto unlock;
818
819         err = update_eir(hdev);
820         if (err < 0)
821                 goto unlock;
822
823         err = cmd_complete(sk, index, MGMT_OP_REMOVE_UUID, NULL, 0);
824
825 unlock:
826         hci_dev_unlock(hdev);
827         hci_dev_put(hdev);
828
829         return err;
830 }
831
832 static int set_dev_class(struct sock *sk, u16 index, unsigned char *data,
833                                                                         u16 len)
834 {
835         struct hci_dev *hdev;
836         struct mgmt_cp_set_dev_class *cp;
837         int err;
838
839         cp = (void *) data;
840
841         BT_DBG("request for hci%u", index);
842
843         if (len != sizeof(*cp))
844                 return cmd_status(sk, index, MGMT_OP_SET_DEV_CLASS, EINVAL);
845
846         hdev = hci_dev_get(index);
847         if (!hdev)
848                 return cmd_status(sk, index, MGMT_OP_SET_DEV_CLASS, ENODEV);
849
850         hci_dev_lock(hdev);
851
852         hdev->major_class = cp->major;
853         hdev->minor_class = cp->minor;
854
855         err = update_class(hdev);
856
857         if (err == 0)
858                 err = cmd_complete(sk, index, MGMT_OP_SET_DEV_CLASS, NULL, 0);
859
860         hci_dev_unlock(hdev);
861         hci_dev_put(hdev);
862
863         return err;
864 }
865
866 static int set_service_cache(struct sock *sk, u16 index,  unsigned char *data,
867                                                                         u16 len)
868 {
869         struct hci_dev *hdev;
870         struct mgmt_cp_set_service_cache *cp;
871         int err;
872
873         cp = (void *) data;
874
875         if (len != sizeof(*cp))
876                 return cmd_status(sk, index, MGMT_OP_SET_SERVICE_CACHE, EINVAL);
877
878         hdev = hci_dev_get(index);
879         if (!hdev)
880                 return cmd_status(sk, index, MGMT_OP_SET_SERVICE_CACHE, ENODEV);
881
882         hci_dev_lock(hdev);
883
884         BT_DBG("hci%u enable %d", index, cp->enable);
885
886         if (cp->enable) {
887                 set_bit(HCI_SERVICE_CACHE, &hdev->flags);
888                 err = 0;
889         } else {
890                 clear_bit(HCI_SERVICE_CACHE, &hdev->flags);
891                 err = update_class(hdev);
892                 if (err == 0)
893                         err = update_eir(hdev);
894         }
895
896         if (err == 0)
897                 err = cmd_complete(sk, index, MGMT_OP_SET_SERVICE_CACHE, NULL,
898                                                                         0);
899
900         hci_dev_unlock(hdev);
901         hci_dev_put(hdev);
902
903         return err;
904 }
905
906 static int load_keys(struct sock *sk, u16 index, unsigned char *data, u16 len)
907 {
908         struct hci_dev *hdev;
909         struct mgmt_cp_load_keys *cp;
910         u16 key_count, expected_len;
911         int i;
912
913         cp = (void *) data;
914
915         if (len < sizeof(*cp))
916                 return -EINVAL;
917
918         key_count = get_unaligned_le16(&cp->key_count);
919
920         expected_len = sizeof(*cp) + key_count * sizeof(struct mgmt_key_info);
921         if (expected_len != len) {
922                 BT_ERR("load_keys: expected %u bytes, got %u bytes",
923                                                         len, expected_len);
924                 return -EINVAL;
925         }
926
927         hdev = hci_dev_get(index);
928         if (!hdev)
929                 return cmd_status(sk, index, MGMT_OP_LOAD_KEYS, ENODEV);
930
931         BT_DBG("hci%u debug_keys %u key_count %u", index, cp->debug_keys,
932                                                                 key_count);
933
934         hci_dev_lock(hdev);
935
936         hci_link_keys_clear(hdev);
937
938         set_bit(HCI_LINK_KEYS, &hdev->flags);
939
940         if (cp->debug_keys)
941                 set_bit(HCI_DEBUG_KEYS, &hdev->flags);
942         else
943                 clear_bit(HCI_DEBUG_KEYS, &hdev->flags);
944
945         for (i = 0; i < key_count; i++) {
946                 struct mgmt_key_info *key = &cp->keys[i];
947
948                 hci_add_link_key(hdev, NULL, 0, &key->bdaddr, key->val, key->type,
949                                                                 key->pin_len);
950         }
951
952         hci_dev_unlock(hdev);
953         hci_dev_put(hdev);
954
955         return 0;
956 }
957
958 static int remove_key(struct sock *sk, u16 index, unsigned char *data, u16 len)
959 {
960         struct hci_dev *hdev;
961         struct mgmt_cp_remove_key *cp;
962         struct hci_conn *conn;
963         int err;
964
965         cp = (void *) data;
966
967         if (len != sizeof(*cp))
968                 return cmd_status(sk, index, MGMT_OP_REMOVE_KEY, EINVAL);
969
970         hdev = hci_dev_get(index);
971         if (!hdev)
972                 return cmd_status(sk, index, MGMT_OP_REMOVE_KEY, ENODEV);
973
974         hci_dev_lock(hdev);
975
976         err = hci_remove_link_key(hdev, &cp->bdaddr);
977         if (err < 0) {
978                 err = cmd_status(sk, index, MGMT_OP_REMOVE_KEY, -err);
979                 goto unlock;
980         }
981
982         err = 0;
983
984         if (!test_bit(HCI_UP, &hdev->flags) || !cp->disconnect)
985                 goto unlock;
986
987         conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
988         if (conn) {
989                 struct hci_cp_disconnect dc;
990
991                 put_unaligned_le16(conn->handle, &dc.handle);
992                 dc.reason = 0x13; /* Remote User Terminated Connection */
993                 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, 0, NULL);
994         }
995
996 unlock:
997         hci_dev_unlock(hdev);
998         hci_dev_put(hdev);
999
1000         return err;
1001 }
1002
1003 static int disconnect(struct sock *sk, u16 index, unsigned char *data, u16 len)
1004 {
1005         struct hci_dev *hdev;
1006         struct mgmt_cp_disconnect *cp;
1007         struct hci_cp_disconnect dc;
1008         struct pending_cmd *cmd;
1009         struct hci_conn *conn;
1010         int err;
1011
1012         BT_DBG("");
1013
1014         cp = (void *) data;
1015
1016         if (len != sizeof(*cp))
1017                 return cmd_status(sk, index, MGMT_OP_DISCONNECT, EINVAL);
1018
1019         hdev = hci_dev_get(index);
1020         if (!hdev)
1021                 return cmd_status(sk, index, MGMT_OP_DISCONNECT, ENODEV);
1022
1023         hci_dev_lock(hdev);
1024
1025         if (!test_bit(HCI_UP, &hdev->flags)) {
1026                 err = cmd_status(sk, index, MGMT_OP_DISCONNECT, ENETDOWN);
1027                 goto failed;
1028         }
1029
1030         if (mgmt_pending_find(MGMT_OP_DISCONNECT, index)) {
1031                 err = cmd_status(sk, index, MGMT_OP_DISCONNECT, EBUSY);
1032                 goto failed;
1033         }
1034
1035         conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1036         if (!conn)
1037                 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->bdaddr);
1038
1039         if (!conn) {
1040                 err = cmd_status(sk, index, MGMT_OP_DISCONNECT, ENOTCONN);
1041                 goto failed;
1042         }
1043
1044         cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, index, data, len);
1045         if (!cmd) {
1046                 err = -ENOMEM;
1047                 goto failed;
1048         }
1049
1050         put_unaligned_le16(conn->handle, &dc.handle);
1051         dc.reason = 0x13; /* Remote User Terminated Connection */
1052
1053         err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1054         if (err < 0)
1055                 mgmt_pending_remove(cmd);
1056
1057 failed:
1058         hci_dev_unlock(hdev);
1059         hci_dev_put(hdev);
1060
1061         return err;
1062 }
1063
1064 static int get_connections(struct sock *sk, u16 index)
1065 {
1066         struct mgmt_rp_get_connections *rp;
1067         struct hci_dev *hdev;
1068         struct list_head *p;
1069         size_t rp_len;
1070         u16 count;
1071         int i, err;
1072
1073         BT_DBG("");
1074
1075         hdev = hci_dev_get(index);
1076         if (!hdev)
1077                 return cmd_status(sk, index, MGMT_OP_GET_CONNECTIONS, ENODEV);
1078
1079         hci_dev_lock(hdev);
1080
1081         count = 0;
1082         list_for_each(p, &hdev->conn_hash.list) {
1083                 count++;
1084         }
1085
1086         rp_len = sizeof(*rp) + (count * sizeof(bdaddr_t));
1087         rp = kmalloc(rp_len, GFP_ATOMIC);
1088         if (!rp) {
1089                 err = -ENOMEM;
1090                 goto unlock;
1091         }
1092
1093         put_unaligned_le16(count, &rp->conn_count);
1094
1095         i = 0;
1096         list_for_each(p, &hdev->conn_hash.list) {
1097                 struct hci_conn *c = list_entry(p, struct hci_conn, list);
1098
1099                 bacpy(&rp->conn[i++], &c->dst);
1100         }
1101
1102         err = cmd_complete(sk, index, MGMT_OP_GET_CONNECTIONS, rp, rp_len);
1103
1104 unlock:
1105         kfree(rp);
1106         hci_dev_unlock(hdev);
1107         hci_dev_put(hdev);
1108         return err;
1109 }
1110
1111 static int pin_code_reply(struct sock *sk, u16 index, unsigned char *data,
1112                                                                         u16 len)
1113 {
1114         struct hci_dev *hdev;
1115         struct mgmt_cp_pin_code_reply *cp;
1116         struct hci_cp_pin_code_reply reply;
1117         struct pending_cmd *cmd;
1118         int err;
1119
1120         BT_DBG("");
1121
1122         cp = (void *) data;
1123
1124         if (len != sizeof(*cp))
1125                 return cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY, EINVAL);
1126
1127         hdev = hci_dev_get(index);
1128         if (!hdev)
1129                 return cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY, ENODEV);
1130
1131         hci_dev_lock(hdev);
1132
1133         if (!test_bit(HCI_UP, &hdev->flags)) {
1134                 err = cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY, ENETDOWN);
1135                 goto failed;
1136         }
1137
1138         cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, index, data, len);
1139         if (!cmd) {
1140                 err = -ENOMEM;
1141                 goto failed;
1142         }
1143
1144         bacpy(&reply.bdaddr, &cp->bdaddr);
1145         reply.pin_len = cp->pin_len;
1146         memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code));
1147
1148         err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply);
1149         if (err < 0)
1150                 mgmt_pending_remove(cmd);
1151
1152 failed:
1153         hci_dev_unlock(hdev);
1154         hci_dev_put(hdev);
1155
1156         return err;
1157 }
1158
1159 static int pin_code_neg_reply(struct sock *sk, u16 index, unsigned char *data,
1160                                                                         u16 len)
1161 {
1162         struct hci_dev *hdev;
1163         struct mgmt_cp_pin_code_neg_reply *cp;
1164         struct pending_cmd *cmd;
1165         int err;
1166
1167         BT_DBG("");
1168
1169         cp = (void *) data;
1170
1171         if (len != sizeof(*cp))
1172                 return cmd_status(sk, index, MGMT_OP_PIN_CODE_NEG_REPLY,
1173                                                                         EINVAL);
1174
1175         hdev = hci_dev_get(index);
1176         if (!hdev)
1177                 return cmd_status(sk, index, MGMT_OP_PIN_CODE_NEG_REPLY,
1178                                                                         ENODEV);
1179
1180         hci_dev_lock(hdev);
1181
1182         if (!test_bit(HCI_UP, &hdev->flags)) {
1183                 err = cmd_status(sk, index, MGMT_OP_PIN_CODE_NEG_REPLY,
1184                                                                 ENETDOWN);
1185                 goto failed;
1186         }
1187
1188         cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, index,
1189                                                                 data, len);
1190         if (!cmd) {
1191                 err = -ENOMEM;
1192                 goto failed;
1193         }
1194
1195         err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY, sizeof(cp->bdaddr),
1196                                                                 &cp->bdaddr);
1197         if (err < 0)
1198                 mgmt_pending_remove(cmd);
1199
1200 failed:
1201         hci_dev_unlock(hdev);
1202         hci_dev_put(hdev);
1203
1204         return err;
1205 }
1206
1207 static int set_io_capability(struct sock *sk, u16 index, unsigned char *data,
1208                                                                         u16 len)
1209 {
1210         struct hci_dev *hdev;
1211         struct mgmt_cp_set_io_capability *cp;
1212
1213         BT_DBG("");
1214
1215         cp = (void *) data;
1216
1217         if (len != sizeof(*cp))
1218                 return cmd_status(sk, index, MGMT_OP_SET_IO_CAPABILITY, EINVAL);
1219
1220         hdev = hci_dev_get(index);
1221         if (!hdev)
1222                 return cmd_status(sk, index, MGMT_OP_SET_IO_CAPABILITY, ENODEV);
1223
1224         hci_dev_lock(hdev);
1225
1226         hdev->io_capability = cp->io_capability;
1227
1228         BT_DBG("%s IO capability set to 0x%02x", hdev->name,
1229                                                         hdev->io_capability);
1230
1231         hci_dev_unlock(hdev);
1232         hci_dev_put(hdev);
1233
1234         return cmd_complete(sk, index, MGMT_OP_SET_IO_CAPABILITY, NULL, 0);
1235 }
1236
1237 static inline struct pending_cmd *find_pairing(struct hci_conn *conn)
1238 {
1239         struct hci_dev *hdev = conn->hdev;
1240         struct list_head *p;
1241
1242         list_for_each(p, &cmd_list) {
1243                 struct pending_cmd *cmd;
1244
1245                 cmd = list_entry(p, struct pending_cmd, list);
1246
1247                 if (cmd->opcode != MGMT_OP_PAIR_DEVICE)
1248                         continue;
1249
1250                 if (cmd->index != hdev->id)
1251                         continue;
1252
1253                 if (cmd->user_data != conn)
1254                         continue;
1255
1256                 return cmd;
1257         }
1258
1259         return NULL;
1260 }
1261
1262 static void pairing_complete(struct pending_cmd *cmd, u8 status)
1263 {
1264         struct mgmt_rp_pair_device rp;
1265         struct hci_conn *conn = cmd->user_data;
1266
1267         bacpy(&rp.bdaddr, &conn->dst);
1268         rp.status = status;
1269
1270         cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE, &rp, sizeof(rp));
1271
1272         /* So we don't get further callbacks for this connection */
1273         conn->connect_cfm_cb = NULL;
1274         conn->security_cfm_cb = NULL;
1275         conn->disconn_cfm_cb = NULL;
1276
1277         hci_conn_put(conn);
1278
1279         mgmt_pending_remove(cmd);
1280 }
1281
1282 static void pairing_complete_cb(struct hci_conn *conn, u8 status)
1283 {
1284         struct pending_cmd *cmd;
1285
1286         BT_DBG("status %u", status);
1287
1288         cmd = find_pairing(conn);
1289         if (!cmd) {
1290                 BT_DBG("Unable to find a pending command");
1291                 return;
1292         }
1293
1294         pairing_complete(cmd, status);
1295 }
1296
1297 static int pair_device(struct sock *sk, u16 index, unsigned char *data, u16 len)
1298 {
1299         struct hci_dev *hdev;
1300         struct mgmt_cp_pair_device *cp;
1301         struct pending_cmd *cmd;
1302         u8 sec_level, auth_type;
1303         struct hci_conn *conn;
1304         int err;
1305
1306         BT_DBG("");
1307
1308         cp = (void *) data;
1309
1310         if (len != sizeof(*cp))
1311                 return cmd_status(sk, index, MGMT_OP_PAIR_DEVICE, EINVAL);
1312
1313         hdev = hci_dev_get(index);
1314         if (!hdev)
1315                 return cmd_status(sk, index, MGMT_OP_PAIR_DEVICE, ENODEV);
1316
1317         hci_dev_lock(hdev);
1318
1319         if (cp->io_cap == 0x03) {
1320                 sec_level = BT_SECURITY_MEDIUM;
1321                 auth_type = HCI_AT_DEDICATED_BONDING;
1322         } else {
1323                 sec_level = BT_SECURITY_HIGH;
1324                 auth_type = HCI_AT_DEDICATED_BONDING_MITM;
1325         }
1326
1327         conn = hci_connect(hdev, ACL_LINK, &cp->bdaddr, sec_level, auth_type);
1328         if (IS_ERR(conn)) {
1329                 err = PTR_ERR(conn);
1330                 goto unlock;
1331         }
1332
1333         if (conn->connect_cfm_cb) {
1334                 hci_conn_put(conn);
1335                 err = cmd_status(sk, index, MGMT_OP_PAIR_DEVICE, EBUSY);
1336                 goto unlock;
1337         }
1338
1339         cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, index, data, len);
1340         if (!cmd) {
1341                 err = -ENOMEM;
1342                 hci_conn_put(conn);
1343                 goto unlock;
1344         }
1345
1346         conn->connect_cfm_cb = pairing_complete_cb;
1347         conn->security_cfm_cb = pairing_complete_cb;
1348         conn->disconn_cfm_cb = pairing_complete_cb;
1349         conn->io_capability = cp->io_cap;
1350         cmd->user_data = conn;
1351
1352         if (conn->state == BT_CONNECTED &&
1353                                 hci_conn_security(conn, sec_level, auth_type))
1354                 pairing_complete(cmd, 0);
1355
1356         err = 0;
1357
1358 unlock:
1359         hci_dev_unlock(hdev);
1360         hci_dev_put(hdev);
1361
1362         return err;
1363 }
1364
1365 static int user_confirm_reply(struct sock *sk, u16 index, unsigned char *data,
1366                                                         u16 len, int success)
1367 {
1368         struct mgmt_cp_user_confirm_reply *cp = (void *) data;
1369         u16 mgmt_op, hci_op;
1370         struct pending_cmd *cmd;
1371         struct hci_dev *hdev;
1372         int err;
1373
1374         BT_DBG("");
1375
1376         if (success) {
1377                 mgmt_op = MGMT_OP_USER_CONFIRM_REPLY;
1378                 hci_op = HCI_OP_USER_CONFIRM_REPLY;
1379         } else {
1380                 mgmt_op = MGMT_OP_USER_CONFIRM_NEG_REPLY;
1381                 hci_op = HCI_OP_USER_CONFIRM_NEG_REPLY;
1382         }
1383
1384         if (len != sizeof(*cp))
1385                 return cmd_status(sk, index, mgmt_op, EINVAL);
1386
1387         hdev = hci_dev_get(index);
1388         if (!hdev)
1389                 return cmd_status(sk, index, mgmt_op, ENODEV);
1390
1391         hci_dev_lock(hdev);
1392
1393         if (!test_bit(HCI_UP, &hdev->flags)) {
1394                 err = cmd_status(sk, index, mgmt_op, ENETDOWN);
1395                 goto failed;
1396         }
1397
1398         cmd = mgmt_pending_add(sk, mgmt_op, index, data, len);
1399         if (!cmd) {
1400                 err = -ENOMEM;
1401                 goto failed;
1402         }
1403
1404         err = hci_send_cmd(hdev, hci_op, sizeof(cp->bdaddr), &cp->bdaddr);
1405         if (err < 0)
1406                 mgmt_pending_remove(cmd);
1407
1408 failed:
1409         hci_dev_unlock(hdev);
1410         hci_dev_put(hdev);
1411
1412         return err;
1413 }
1414
1415 static int set_local_name(struct sock *sk, u16 index, unsigned char *data,
1416                                                                 u16 len)
1417 {
1418         struct mgmt_cp_set_local_name *mgmt_cp = (void *) data;
1419         struct hci_cp_write_local_name hci_cp;
1420         struct hci_dev *hdev;
1421         struct pending_cmd *cmd;
1422         int err;
1423
1424         BT_DBG("");
1425
1426         if (len != sizeof(*mgmt_cp))
1427                 return cmd_status(sk, index, MGMT_OP_SET_LOCAL_NAME, EINVAL);
1428
1429         hdev = hci_dev_get(index);
1430         if (!hdev)
1431                 return cmd_status(sk, index, MGMT_OP_SET_LOCAL_NAME, ENODEV);
1432
1433         hci_dev_lock(hdev);
1434
1435         cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, index, data, len);
1436         if (!cmd) {
1437                 err = -ENOMEM;
1438                 goto failed;
1439         }
1440
1441         memcpy(hci_cp.name, mgmt_cp->name, sizeof(hci_cp.name));
1442         err = hci_send_cmd(hdev, HCI_OP_WRITE_LOCAL_NAME, sizeof(hci_cp),
1443                                                                 &hci_cp);
1444         if (err < 0)
1445                 mgmt_pending_remove(cmd);
1446
1447 failed:
1448         hci_dev_unlock(hdev);
1449         hci_dev_put(hdev);
1450
1451         return err;
1452 }
1453
1454 static int read_local_oob_data(struct sock *sk, u16 index)
1455 {
1456         struct hci_dev *hdev;
1457         struct pending_cmd *cmd;
1458         int err;
1459
1460         BT_DBG("hci%u", index);
1461
1462         hdev = hci_dev_get(index);
1463         if (!hdev)
1464                 return cmd_status(sk, index, MGMT_OP_READ_LOCAL_OOB_DATA,
1465                                                                         ENODEV);
1466
1467         hci_dev_lock(hdev);
1468
1469         if (!test_bit(HCI_UP, &hdev->flags)) {
1470                 err = cmd_status(sk, index, MGMT_OP_READ_LOCAL_OOB_DATA,
1471                                                                 ENETDOWN);
1472                 goto unlock;
1473         }
1474
1475         if (!(hdev->features[6] & LMP_SIMPLE_PAIR)) {
1476                 err = cmd_status(sk, index, MGMT_OP_READ_LOCAL_OOB_DATA,
1477                                                                 EOPNOTSUPP);
1478                 goto unlock;
1479         }
1480
1481         if (mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, index)) {
1482                 err = cmd_status(sk, index, MGMT_OP_READ_LOCAL_OOB_DATA, EBUSY);
1483                 goto unlock;
1484         }
1485
1486         cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_DATA, index, NULL, 0);
1487         if (!cmd) {
1488                 err = -ENOMEM;
1489                 goto unlock;
1490         }
1491
1492         err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
1493         if (err < 0)
1494                 mgmt_pending_remove(cmd);
1495
1496 unlock:
1497         hci_dev_unlock(hdev);
1498         hci_dev_put(hdev);
1499
1500         return err;
1501 }
1502
1503 static int add_remote_oob_data(struct sock *sk, u16 index, unsigned char *data,
1504                                                                         u16 len)
1505 {
1506         struct hci_dev *hdev;
1507         struct mgmt_cp_add_remote_oob_data *cp = (void *) data;
1508         int err;
1509
1510         BT_DBG("hci%u ", index);
1511
1512         if (len != sizeof(*cp))
1513                 return cmd_status(sk, index, MGMT_OP_ADD_REMOTE_OOB_DATA,
1514                                                                         EINVAL);
1515
1516         hdev = hci_dev_get(index);
1517         if (!hdev)
1518                 return cmd_status(sk, index, MGMT_OP_ADD_REMOTE_OOB_DATA,
1519                                                                         ENODEV);
1520
1521         hci_dev_lock(hdev);
1522
1523         err = hci_add_remote_oob_data(hdev, &cp->bdaddr, cp->hash,
1524                                                                 cp->randomizer);
1525         if (err < 0)
1526                 err = cmd_status(sk, index, MGMT_OP_ADD_REMOTE_OOB_DATA, -err);
1527         else
1528                 err = cmd_complete(sk, index, MGMT_OP_ADD_REMOTE_OOB_DATA, NULL,
1529                                                                         0);
1530
1531         hci_dev_unlock(hdev);
1532         hci_dev_put(hdev);
1533
1534         return err;
1535 }
1536
1537 static int remove_remote_oob_data(struct sock *sk, u16 index,
1538                                                 unsigned char *data, u16 len)
1539 {
1540         struct hci_dev *hdev;
1541         struct mgmt_cp_remove_remote_oob_data *cp = (void *) data;
1542         int err;
1543
1544         BT_DBG("hci%u ", index);
1545
1546         if (len != sizeof(*cp))
1547                 return cmd_status(sk, index, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
1548                                                                         EINVAL);
1549
1550         hdev = hci_dev_get(index);
1551         if (!hdev)
1552                 return cmd_status(sk, index, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
1553                                                                         ENODEV);
1554
1555         hci_dev_lock(hdev);
1556
1557         err = hci_remove_remote_oob_data(hdev, &cp->bdaddr);
1558         if (err < 0)
1559                 err = cmd_status(sk, index, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
1560                                                                         -err);
1561         else
1562                 err = cmd_complete(sk, index, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
1563                                                                 NULL, 0);
1564
1565         hci_dev_unlock(hdev);
1566         hci_dev_put(hdev);
1567
1568         return err;
1569 }
1570
1571 static int start_discovery(struct sock *sk, u16 index)
1572 {
1573         u8 lap[3] = { 0x33, 0x8b, 0x9e };
1574         struct hci_cp_inquiry cp;
1575         struct pending_cmd *cmd;
1576         struct hci_dev *hdev;
1577         int err;
1578
1579         BT_DBG("hci%u", index);
1580
1581         hdev = hci_dev_get(index);
1582         if (!hdev)
1583                 return cmd_status(sk, index, MGMT_OP_START_DISCOVERY, ENODEV);
1584
1585         hci_dev_lock_bh(hdev);
1586
1587         cmd = mgmt_pending_add(sk, MGMT_OP_START_DISCOVERY, index, NULL, 0);
1588         if (!cmd) {
1589                 err = -ENOMEM;
1590                 goto failed;
1591         }
1592
1593         memset(&cp, 0, sizeof(cp));
1594         memcpy(&cp.lap, lap, 3);
1595         cp.length  = 0x08;
1596         cp.num_rsp = 0x00;
1597
1598         err = hci_send_cmd(hdev, HCI_OP_INQUIRY, sizeof(cp), &cp);
1599         if (err < 0)
1600                 mgmt_pending_remove(cmd);
1601
1602 failed:
1603         hci_dev_unlock_bh(hdev);
1604         hci_dev_put(hdev);
1605
1606         return err;
1607 }
1608
1609 static int stop_discovery(struct sock *sk, u16 index)
1610 {
1611         struct hci_dev *hdev;
1612         struct pending_cmd *cmd;
1613         int err;
1614
1615         BT_DBG("hci%u", index);
1616
1617         hdev = hci_dev_get(index);
1618         if (!hdev)
1619                 return cmd_status(sk, index, MGMT_OP_STOP_DISCOVERY, ENODEV);
1620
1621         hci_dev_lock_bh(hdev);
1622
1623         cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, index, NULL, 0);
1624         if (!cmd) {
1625                 err = -ENOMEM;
1626                 goto failed;
1627         }
1628
1629         err = hci_send_cmd(hdev, HCI_OP_INQUIRY_CANCEL, 0, NULL);
1630         if (err < 0)
1631                 mgmt_pending_remove(cmd);
1632
1633 failed:
1634         hci_dev_unlock_bh(hdev);
1635         hci_dev_put(hdev);
1636
1637         return err;
1638 }
1639
1640 int mgmt_control(struct sock *sk, struct msghdr *msg, size_t msglen)
1641 {
1642         unsigned char *buf;
1643         struct mgmt_hdr *hdr;
1644         u16 opcode, index, len;
1645         int err;
1646
1647         BT_DBG("got %zu bytes", msglen);
1648
1649         if (msglen < sizeof(*hdr))
1650                 return -EINVAL;
1651
1652         buf = kmalloc(msglen, GFP_KERNEL);
1653         if (!buf)
1654                 return -ENOMEM;
1655
1656         if (memcpy_fromiovec(buf, msg->msg_iov, msglen)) {
1657                 err = -EFAULT;
1658                 goto done;
1659         }
1660
1661         hdr = (struct mgmt_hdr *) buf;
1662         opcode = get_unaligned_le16(&hdr->opcode);
1663         index = get_unaligned_le16(&hdr->index);
1664         len = get_unaligned_le16(&hdr->len);
1665
1666         if (len != msglen - sizeof(*hdr)) {
1667                 err = -EINVAL;
1668                 goto done;
1669         }
1670
1671         switch (opcode) {
1672         case MGMT_OP_READ_VERSION:
1673                 err = read_version(sk);
1674                 break;
1675         case MGMT_OP_READ_INDEX_LIST:
1676                 err = read_index_list(sk);
1677                 break;
1678         case MGMT_OP_READ_INFO:
1679                 err = read_controller_info(sk, index);
1680                 break;
1681         case MGMT_OP_SET_POWERED:
1682                 err = set_powered(sk, index, buf + sizeof(*hdr), len);
1683                 break;
1684         case MGMT_OP_SET_DISCOVERABLE:
1685                 err = set_discoverable(sk, index, buf + sizeof(*hdr), len);
1686                 break;
1687         case MGMT_OP_SET_CONNECTABLE:
1688                 err = set_connectable(sk, index, buf + sizeof(*hdr), len);
1689                 break;
1690         case MGMT_OP_SET_PAIRABLE:
1691                 err = set_pairable(sk, index, buf + sizeof(*hdr), len);
1692                 break;
1693         case MGMT_OP_ADD_UUID:
1694                 err = add_uuid(sk, index, buf + sizeof(*hdr), len);
1695                 break;
1696         case MGMT_OP_REMOVE_UUID:
1697                 err = remove_uuid(sk, index, buf + sizeof(*hdr), len);
1698                 break;
1699         case MGMT_OP_SET_DEV_CLASS:
1700                 err = set_dev_class(sk, index, buf + sizeof(*hdr), len);
1701                 break;
1702         case MGMT_OP_SET_SERVICE_CACHE:
1703                 err = set_service_cache(sk, index, buf + sizeof(*hdr), len);
1704                 break;
1705         case MGMT_OP_LOAD_KEYS:
1706                 err = load_keys(sk, index, buf + sizeof(*hdr), len);
1707                 break;
1708         case MGMT_OP_REMOVE_KEY:
1709                 err = remove_key(sk, index, buf + sizeof(*hdr), len);
1710                 break;
1711         case MGMT_OP_DISCONNECT:
1712                 err = disconnect(sk, index, buf + sizeof(*hdr), len);
1713                 break;
1714         case MGMT_OP_GET_CONNECTIONS:
1715                 err = get_connections(sk, index);
1716                 break;
1717         case MGMT_OP_PIN_CODE_REPLY:
1718                 err = pin_code_reply(sk, index, buf + sizeof(*hdr), len);
1719                 break;
1720         case MGMT_OP_PIN_CODE_NEG_REPLY:
1721                 err = pin_code_neg_reply(sk, index, buf + sizeof(*hdr), len);
1722                 break;
1723         case MGMT_OP_SET_IO_CAPABILITY:
1724                 err = set_io_capability(sk, index, buf + sizeof(*hdr), len);
1725                 break;
1726         case MGMT_OP_PAIR_DEVICE:
1727                 err = pair_device(sk, index, buf + sizeof(*hdr), len);
1728                 break;
1729         case MGMT_OP_USER_CONFIRM_REPLY:
1730                 err = user_confirm_reply(sk, index, buf + sizeof(*hdr), len, 1);
1731                 break;
1732         case MGMT_OP_USER_CONFIRM_NEG_REPLY:
1733                 err = user_confirm_reply(sk, index, buf + sizeof(*hdr), len, 0);
1734                 break;
1735         case MGMT_OP_SET_LOCAL_NAME:
1736                 err = set_local_name(sk, index, buf + sizeof(*hdr), len);
1737                 break;
1738         case MGMT_OP_READ_LOCAL_OOB_DATA:
1739                 err = read_local_oob_data(sk, index);
1740                 break;
1741         case MGMT_OP_ADD_REMOTE_OOB_DATA:
1742                 err = add_remote_oob_data(sk, index, buf + sizeof(*hdr), len);
1743                 break;
1744         case MGMT_OP_REMOVE_REMOTE_OOB_DATA:
1745                 err = remove_remote_oob_data(sk, index, buf + sizeof(*hdr),
1746                                                                         len);
1747                 break;
1748         case MGMT_OP_START_DISCOVERY:
1749                 err = start_discovery(sk, index);
1750                 break;
1751         case MGMT_OP_STOP_DISCOVERY:
1752                 err = stop_discovery(sk, index);
1753                 break;
1754         default:
1755                 BT_DBG("Unknown op %u", opcode);
1756                 err = cmd_status(sk, index, opcode, 0x01);
1757                 break;
1758         }
1759
1760         if (err < 0)
1761                 goto done;
1762
1763         err = msglen;
1764
1765 done:
1766         kfree(buf);
1767         return err;
1768 }
1769
1770 int mgmt_index_added(u16 index)
1771 {
1772         return mgmt_event(MGMT_EV_INDEX_ADDED, index, NULL, 0, NULL);
1773 }
1774
1775 int mgmt_index_removed(u16 index)
1776 {
1777         return mgmt_event(MGMT_EV_INDEX_REMOVED, index, NULL, 0, NULL);
1778 }
1779
1780 struct cmd_lookup {
1781         u8 val;
1782         struct sock *sk;
1783 };
1784
1785 static void mode_rsp(struct pending_cmd *cmd, void *data)
1786 {
1787         struct mgmt_mode *cp = cmd->param;
1788         struct cmd_lookup *match = data;
1789
1790         if (cp->val != match->val)
1791                 return;
1792
1793         send_mode_rsp(cmd->sk, cmd->opcode, cmd->index, cp->val);
1794
1795         list_del(&cmd->list);
1796
1797         if (match->sk == NULL) {
1798                 match->sk = cmd->sk;
1799                 sock_hold(match->sk);
1800         }
1801
1802         mgmt_pending_free(cmd);
1803 }
1804
1805 int mgmt_powered(u16 index, u8 powered)
1806 {
1807         struct mgmt_mode ev;
1808         struct cmd_lookup match = { powered, NULL };
1809         int ret;
1810
1811         mgmt_pending_foreach(MGMT_OP_SET_POWERED, index, mode_rsp, &match);
1812
1813         ev.val = powered;
1814
1815         ret = mgmt_event(MGMT_EV_POWERED, index, &ev, sizeof(ev), match.sk);
1816
1817         if (match.sk)
1818                 sock_put(match.sk);
1819
1820         return ret;
1821 }
1822
1823 int mgmt_discoverable(u16 index, u8 discoverable)
1824 {
1825         struct mgmt_mode ev;
1826         struct cmd_lookup match = { discoverable, NULL };
1827         int ret;
1828
1829         mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, index, mode_rsp, &match);
1830
1831         ev.val = discoverable;
1832
1833         ret = mgmt_event(MGMT_EV_DISCOVERABLE, index, &ev, sizeof(ev),
1834                                                                 match.sk);
1835
1836         if (match.sk)
1837                 sock_put(match.sk);
1838
1839         return ret;
1840 }
1841
1842 int mgmt_connectable(u16 index, u8 connectable)
1843 {
1844         struct mgmt_mode ev;
1845         struct cmd_lookup match = { connectable, NULL };
1846         int ret;
1847
1848         mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, index, mode_rsp, &match);
1849
1850         ev.val = connectable;
1851
1852         ret = mgmt_event(MGMT_EV_CONNECTABLE, index, &ev, sizeof(ev), match.sk);
1853
1854         if (match.sk)
1855                 sock_put(match.sk);
1856
1857         return ret;
1858 }
1859
1860 int mgmt_new_key(u16 index, struct link_key *key, u8 persistent)
1861 {
1862         struct mgmt_ev_new_key ev;
1863
1864         memset(&ev, 0, sizeof(ev));
1865
1866         ev.store_hint = persistent;
1867         bacpy(&ev.key.bdaddr, &key->bdaddr);
1868         ev.key.type = key->type;
1869         memcpy(ev.key.val, key->val, 16);
1870         ev.key.pin_len = key->pin_len;
1871
1872         return mgmt_event(MGMT_EV_NEW_KEY, index, &ev, sizeof(ev), NULL);
1873 }
1874
1875 int mgmt_connected(u16 index, bdaddr_t *bdaddr)
1876 {
1877         struct mgmt_ev_connected ev;
1878
1879         bacpy(&ev.bdaddr, bdaddr);
1880
1881         return mgmt_event(MGMT_EV_CONNECTED, index, &ev, sizeof(ev), NULL);
1882 }
1883
1884 static void disconnect_rsp(struct pending_cmd *cmd, void *data)
1885 {
1886         struct mgmt_cp_disconnect *cp = cmd->param;
1887         struct sock **sk = data;
1888         struct mgmt_rp_disconnect rp;
1889
1890         bacpy(&rp.bdaddr, &cp->bdaddr);
1891
1892         cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT, &rp, sizeof(rp));
1893
1894         *sk = cmd->sk;
1895         sock_hold(*sk);
1896
1897         mgmt_pending_remove(cmd);
1898 }
1899
1900 int mgmt_disconnected(u16 index, bdaddr_t *bdaddr)
1901 {
1902         struct mgmt_ev_disconnected ev;
1903         struct sock *sk = NULL;
1904         int err;
1905
1906         mgmt_pending_foreach(MGMT_OP_DISCONNECT, index, disconnect_rsp, &sk);
1907
1908         bacpy(&ev.bdaddr, bdaddr);
1909
1910         err = mgmt_event(MGMT_EV_DISCONNECTED, index, &ev, sizeof(ev), sk);
1911
1912         if (sk)
1913                 sock_put(sk);
1914
1915         return err;
1916 }
1917
1918 int mgmt_disconnect_failed(u16 index)
1919 {
1920         struct pending_cmd *cmd;
1921         int err;
1922
1923         cmd = mgmt_pending_find(MGMT_OP_DISCONNECT, index);
1924         if (!cmd)
1925                 return -ENOENT;
1926
1927         err = cmd_status(cmd->sk, index, MGMT_OP_DISCONNECT, EIO);
1928
1929         mgmt_pending_remove(cmd);
1930
1931         return err;
1932 }
1933
1934 int mgmt_connect_failed(u16 index, bdaddr_t *bdaddr, u8 status)
1935 {
1936         struct mgmt_ev_connect_failed ev;
1937
1938         bacpy(&ev.bdaddr, bdaddr);
1939         ev.status = status;
1940
1941         return mgmt_event(MGMT_EV_CONNECT_FAILED, index, &ev, sizeof(ev), NULL);
1942 }
1943
1944 int mgmt_pin_code_request(u16 index, bdaddr_t *bdaddr, u8 secure)
1945 {
1946         struct mgmt_ev_pin_code_request ev;
1947
1948         bacpy(&ev.bdaddr, bdaddr);
1949         ev.secure = secure;
1950
1951         return mgmt_event(MGMT_EV_PIN_CODE_REQUEST, index, &ev, sizeof(ev),
1952                                                                         NULL);
1953 }
1954
1955 int mgmt_pin_code_reply_complete(u16 index, bdaddr_t *bdaddr, u8 status)
1956 {
1957         struct pending_cmd *cmd;
1958         struct mgmt_rp_pin_code_reply rp;
1959         int err;
1960
1961         cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_REPLY, index);
1962         if (!cmd)
1963                 return -ENOENT;
1964
1965         bacpy(&rp.bdaddr, bdaddr);
1966         rp.status = status;
1967
1968         err = cmd_complete(cmd->sk, index, MGMT_OP_PIN_CODE_REPLY, &rp,
1969                                                                 sizeof(rp));
1970
1971         mgmt_pending_remove(cmd);
1972
1973         return err;
1974 }
1975
1976 int mgmt_pin_code_neg_reply_complete(u16 index, bdaddr_t *bdaddr, u8 status)
1977 {
1978         struct pending_cmd *cmd;
1979         struct mgmt_rp_pin_code_reply rp;
1980         int err;
1981
1982         cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, index);
1983         if (!cmd)
1984                 return -ENOENT;
1985
1986         bacpy(&rp.bdaddr, bdaddr);
1987         rp.status = status;
1988
1989         err = cmd_complete(cmd->sk, index, MGMT_OP_PIN_CODE_NEG_REPLY, &rp,
1990                                                                 sizeof(rp));
1991
1992         mgmt_pending_remove(cmd);
1993
1994         return err;
1995 }
1996
1997 int mgmt_user_confirm_request(u16 index, bdaddr_t *bdaddr, __le32 value,
1998                                                         u8 confirm_hint)
1999 {
2000         struct mgmt_ev_user_confirm_request ev;
2001
2002         BT_DBG("hci%u", index);
2003
2004         bacpy(&ev.bdaddr, bdaddr);
2005         ev.confirm_hint = confirm_hint;
2006         put_unaligned_le32(value, &ev.value);
2007
2008         return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, index, &ev, sizeof(ev),
2009                                                                         NULL);
2010 }
2011
2012 static int confirm_reply_complete(u16 index, bdaddr_t *bdaddr, u8 status,
2013                                                                 u8 opcode)
2014 {
2015         struct pending_cmd *cmd;
2016         struct mgmt_rp_user_confirm_reply rp;
2017         int err;
2018
2019         cmd = mgmt_pending_find(opcode, index);
2020         if (!cmd)
2021                 return -ENOENT;
2022
2023         bacpy(&rp.bdaddr, bdaddr);
2024         rp.status = status;
2025         err = cmd_complete(cmd->sk, index, opcode, &rp, sizeof(rp));
2026
2027         mgmt_pending_remove(cmd);
2028
2029         return err;
2030 }
2031
2032 int mgmt_user_confirm_reply_complete(u16 index, bdaddr_t *bdaddr, u8 status)
2033 {
2034         return confirm_reply_complete(index, bdaddr, status,
2035                                                 MGMT_OP_USER_CONFIRM_REPLY);
2036 }
2037
2038 int mgmt_user_confirm_neg_reply_complete(u16 index, bdaddr_t *bdaddr, u8 status)
2039 {
2040         return confirm_reply_complete(index, bdaddr, status,
2041                                         MGMT_OP_USER_CONFIRM_NEG_REPLY);
2042 }
2043
2044 int mgmt_auth_failed(u16 index, bdaddr_t *bdaddr, u8 status)
2045 {
2046         struct mgmt_ev_auth_failed ev;
2047
2048         bacpy(&ev.bdaddr, bdaddr);
2049         ev.status = status;
2050
2051         return mgmt_event(MGMT_EV_AUTH_FAILED, index, &ev, sizeof(ev), NULL);
2052 }
2053
2054 int mgmt_set_local_name_complete(u16 index, u8 *name, u8 status)
2055 {
2056         struct pending_cmd *cmd;
2057         struct hci_dev *hdev;
2058         struct mgmt_cp_set_local_name ev;
2059         int err;
2060
2061         memset(&ev, 0, sizeof(ev));
2062         memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
2063
2064         cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, index);
2065         if (!cmd)
2066                 goto send_event;
2067
2068         if (status) {
2069                 err = cmd_status(cmd->sk, index, MGMT_OP_SET_LOCAL_NAME, EIO);
2070                 goto failed;
2071         }
2072
2073         hdev = hci_dev_get(index);
2074         if (hdev) {
2075                 hci_dev_lock_bh(hdev);
2076                 update_eir(hdev);
2077                 hci_dev_unlock_bh(hdev);
2078                 hci_dev_put(hdev);
2079         }
2080
2081         err = cmd_complete(cmd->sk, index, MGMT_OP_SET_LOCAL_NAME, &ev,
2082                                                                 sizeof(ev));
2083         if (err < 0)
2084                 goto failed;
2085
2086 send_event:
2087         err = mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, index, &ev, sizeof(ev),
2088                                                         cmd ? cmd->sk : NULL);
2089
2090 failed:
2091         if (cmd)
2092                 mgmt_pending_remove(cmd);
2093         return err;
2094 }
2095
2096 int mgmt_read_local_oob_data_reply_complete(u16 index, u8 *hash, u8 *randomizer,
2097                                                                 u8 status)
2098 {
2099         struct pending_cmd *cmd;
2100         int err;
2101
2102         BT_DBG("hci%u status %u", index, status);
2103
2104         cmd = mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, index);
2105         if (!cmd)
2106                 return -ENOENT;
2107
2108         if (status) {
2109                 err = cmd_status(cmd->sk, index, MGMT_OP_READ_LOCAL_OOB_DATA,
2110                                                                         EIO);
2111         } else {
2112                 struct mgmt_rp_read_local_oob_data rp;
2113
2114                 memcpy(rp.hash, hash, sizeof(rp.hash));
2115                 memcpy(rp.randomizer, randomizer, sizeof(rp.randomizer));
2116
2117                 err = cmd_complete(cmd->sk, index, MGMT_OP_READ_LOCAL_OOB_DATA,
2118                                                         &rp, sizeof(rp));
2119         }
2120
2121         mgmt_pending_remove(cmd);
2122
2123         return err;
2124 }
2125
2126 int mgmt_device_found(u16 index, bdaddr_t *bdaddr, u8 *dev_class, s8 rssi,
2127                                                                 u8 *eir)
2128 {
2129         struct mgmt_ev_device_found ev;
2130
2131         memset(&ev, 0, sizeof(ev));
2132
2133         bacpy(&ev.bdaddr, bdaddr);
2134         memcpy(ev.dev_class, dev_class, sizeof(ev.dev_class));
2135         ev.rssi = rssi;
2136
2137         if (eir)
2138                 memcpy(ev.eir, eir, sizeof(ev.eir));
2139
2140         return mgmt_event(MGMT_EV_DEVICE_FOUND, index, &ev, sizeof(ev), NULL);
2141 }
2142
2143 int mgmt_remote_name(u16 index, bdaddr_t *bdaddr, u8 *name)
2144 {
2145         struct mgmt_ev_remote_name ev;
2146
2147         memset(&ev, 0, sizeof(ev));
2148
2149         bacpy(&ev.bdaddr, bdaddr);
2150         memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
2151
2152         return mgmt_event(MGMT_EV_REMOTE_NAME, index, &ev, sizeof(ev), NULL);
2153 }
2154
2155 int mgmt_discovering(u16 index, u8 discovering)
2156 {
2157         return mgmt_event(MGMT_EV_DISCOVERING, index, &discovering,
2158                                                 sizeof(discovering), NULL);
2159 }