Bluetooth: mgmt: Add missing hci_dev locking to set_le()
[linux-2.6.git] / net / bluetooth / mgmt.c
1 /*
2    BlueZ - Bluetooth protocol stack for Linux
3
4    Copyright (C) 2010  Nokia Corporation
5    Copyright (C) 2011-2012 Intel Corporation
6
7    This program is free software; you can redistribute it and/or modify
8    it under the terms of the GNU General Public License version 2 as
9    published by the Free Software Foundation;
10
11    THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12    OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13    FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14    IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15    CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16    WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17    ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18    OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
20    ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21    COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22    SOFTWARE IS DISCLAIMED.
23 */
24
25 /* Bluetooth HCI Management interface */
26
27 #include <linux/kernel.h>
28 #include <linux/uaccess.h>
29 #include <linux/module.h>
30 #include <asm/unaligned.h>
31
32 #include <net/bluetooth/bluetooth.h>
33 #include <net/bluetooth/hci_core.h>
34 #include <net/bluetooth/mgmt.h>
35 #include <net/bluetooth/smp.h>
36
37 bool enable_hs;
38 bool enable_le;
39
40 #define MGMT_VERSION    1
41 #define MGMT_REVISION   0
42
43 static const u16 mgmt_commands[] = {
44         MGMT_OP_READ_INDEX_LIST,
45         MGMT_OP_READ_INFO,
46         MGMT_OP_SET_POWERED,
47         MGMT_OP_SET_DISCOVERABLE,
48         MGMT_OP_SET_CONNECTABLE,
49         MGMT_OP_SET_FAST_CONNECTABLE,
50         MGMT_OP_SET_PAIRABLE,
51         MGMT_OP_SET_LINK_SECURITY,
52         MGMT_OP_SET_SSP,
53         MGMT_OP_SET_HS,
54         MGMT_OP_SET_LE,
55         MGMT_OP_SET_DEV_CLASS,
56         MGMT_OP_SET_LOCAL_NAME,
57         MGMT_OP_ADD_UUID,
58         MGMT_OP_REMOVE_UUID,
59         MGMT_OP_LOAD_LINK_KEYS,
60         MGMT_OP_LOAD_LONG_TERM_KEYS,
61         MGMT_OP_DISCONNECT,
62         MGMT_OP_GET_CONNECTIONS,
63         MGMT_OP_PIN_CODE_REPLY,
64         MGMT_OP_PIN_CODE_NEG_REPLY,
65         MGMT_OP_SET_IO_CAPABILITY,
66         MGMT_OP_PAIR_DEVICE,
67         MGMT_OP_CANCEL_PAIR_DEVICE,
68         MGMT_OP_UNPAIR_DEVICE,
69         MGMT_OP_USER_CONFIRM_REPLY,
70         MGMT_OP_USER_CONFIRM_NEG_REPLY,
71         MGMT_OP_USER_PASSKEY_REPLY,
72         MGMT_OP_USER_PASSKEY_NEG_REPLY,
73         MGMT_OP_READ_LOCAL_OOB_DATA,
74         MGMT_OP_ADD_REMOTE_OOB_DATA,
75         MGMT_OP_REMOVE_REMOTE_OOB_DATA,
76         MGMT_OP_START_DISCOVERY,
77         MGMT_OP_STOP_DISCOVERY,
78         MGMT_OP_CONFIRM_NAME,
79         MGMT_OP_BLOCK_DEVICE,
80         MGMT_OP_UNBLOCK_DEVICE,
81 };
82
83 static const u16 mgmt_events[] = {
84         MGMT_EV_CONTROLLER_ERROR,
85         MGMT_EV_INDEX_ADDED,
86         MGMT_EV_INDEX_REMOVED,
87         MGMT_EV_NEW_SETTINGS,
88         MGMT_EV_CLASS_OF_DEV_CHANGED,
89         MGMT_EV_LOCAL_NAME_CHANGED,
90         MGMT_EV_NEW_LINK_KEY,
91         MGMT_EV_NEW_LONG_TERM_KEY,
92         MGMT_EV_DEVICE_CONNECTED,
93         MGMT_EV_DEVICE_DISCONNECTED,
94         MGMT_EV_CONNECT_FAILED,
95         MGMT_EV_PIN_CODE_REQUEST,
96         MGMT_EV_USER_CONFIRM_REQUEST,
97         MGMT_EV_USER_PASSKEY_REQUEST,
98         MGMT_EV_AUTH_FAILED,
99         MGMT_EV_DEVICE_FOUND,
100         MGMT_EV_DISCOVERING,
101         MGMT_EV_DEVICE_BLOCKED,
102         MGMT_EV_DEVICE_UNBLOCKED,
103         MGMT_EV_DEVICE_UNPAIRED,
104 };
105
106 /*
107  * These LE scan and inquiry parameters were chosen according to LE General
108  * Discovery Procedure specification.
109  */
110 #define LE_SCAN_TYPE                    0x01
111 #define LE_SCAN_WIN                     0x12
112 #define LE_SCAN_INT                     0x12
113 #define LE_SCAN_TIMEOUT_LE_ONLY         10240   /* TGAP(gen_disc_scan_min) */
114 #define LE_SCAN_TIMEOUT_BREDR_LE        5120    /* TGAP(100)/2 */
115
116 #define INQUIRY_LEN_BREDR               0x08    /* TGAP(100) */
117 #define INQUIRY_LEN_BREDR_LE            0x04    /* TGAP(100)/2 */
118
119 #define SERVICE_CACHE_TIMEOUT (5 * 1000)
120
121 #define hdev_is_powered(hdev) (test_bit(HCI_UP, &hdev->flags) && \
122                                 !test_bit(HCI_AUTO_OFF, &hdev->dev_flags))
123
124 struct pending_cmd {
125         struct list_head list;
126         u16 opcode;
127         int index;
128         void *param;
129         struct sock *sk;
130         void *user_data;
131 };
132
133 /* HCI to MGMT error code conversion table */
134 static u8 mgmt_status_table[] = {
135         MGMT_STATUS_SUCCESS,
136         MGMT_STATUS_UNKNOWN_COMMAND,    /* Unknown Command */
137         MGMT_STATUS_NOT_CONNECTED,      /* No Connection */
138         MGMT_STATUS_FAILED,             /* Hardware Failure */
139         MGMT_STATUS_CONNECT_FAILED,     /* Page Timeout */
140         MGMT_STATUS_AUTH_FAILED,        /* Authentication Failed */
141         MGMT_STATUS_NOT_PAIRED,         /* PIN or Key Missing */
142         MGMT_STATUS_NO_RESOURCES,       /* Memory Full */
143         MGMT_STATUS_TIMEOUT,            /* Connection Timeout */
144         MGMT_STATUS_NO_RESOURCES,       /* Max Number of Connections */
145         MGMT_STATUS_NO_RESOURCES,       /* Max Number of SCO Connections */
146         MGMT_STATUS_ALREADY_CONNECTED,  /* ACL Connection Exists */
147         MGMT_STATUS_BUSY,               /* Command Disallowed */
148         MGMT_STATUS_NO_RESOURCES,       /* Rejected Limited Resources */
149         MGMT_STATUS_REJECTED,           /* Rejected Security */
150         MGMT_STATUS_REJECTED,           /* Rejected Personal */
151         MGMT_STATUS_TIMEOUT,            /* Host Timeout */
152         MGMT_STATUS_NOT_SUPPORTED,      /* Unsupported Feature */
153         MGMT_STATUS_INVALID_PARAMS,     /* Invalid Parameters */
154         MGMT_STATUS_DISCONNECTED,       /* OE User Ended Connection */
155         MGMT_STATUS_NO_RESOURCES,       /* OE Low Resources */
156         MGMT_STATUS_DISCONNECTED,       /* OE Power Off */
157         MGMT_STATUS_DISCONNECTED,       /* Connection Terminated */
158         MGMT_STATUS_BUSY,               /* Repeated Attempts */
159         MGMT_STATUS_REJECTED,           /* Pairing Not Allowed */
160         MGMT_STATUS_FAILED,             /* Unknown LMP PDU */
161         MGMT_STATUS_NOT_SUPPORTED,      /* Unsupported Remote Feature */
162         MGMT_STATUS_REJECTED,           /* SCO Offset Rejected */
163         MGMT_STATUS_REJECTED,           /* SCO Interval Rejected */
164         MGMT_STATUS_REJECTED,           /* Air Mode Rejected */
165         MGMT_STATUS_INVALID_PARAMS,     /* Invalid LMP Parameters */
166         MGMT_STATUS_FAILED,             /* Unspecified Error */
167         MGMT_STATUS_NOT_SUPPORTED,      /* Unsupported LMP Parameter Value */
168         MGMT_STATUS_FAILED,             /* Role Change Not Allowed */
169         MGMT_STATUS_TIMEOUT,            /* LMP Response Timeout */
170         MGMT_STATUS_FAILED,             /* LMP Error Transaction Collision */
171         MGMT_STATUS_FAILED,             /* LMP PDU Not Allowed */
172         MGMT_STATUS_REJECTED,           /* Encryption Mode Not Accepted */
173         MGMT_STATUS_FAILED,             /* Unit Link Key Used */
174         MGMT_STATUS_NOT_SUPPORTED,      /* QoS Not Supported */
175         MGMT_STATUS_TIMEOUT,            /* Instant Passed */
176         MGMT_STATUS_NOT_SUPPORTED,      /* Pairing Not Supported */
177         MGMT_STATUS_FAILED,             /* Transaction Collision */
178         MGMT_STATUS_INVALID_PARAMS,     /* Unacceptable Parameter */
179         MGMT_STATUS_REJECTED,           /* QoS Rejected */
180         MGMT_STATUS_NOT_SUPPORTED,      /* Classification Not Supported */
181         MGMT_STATUS_REJECTED,           /* Insufficient Security */
182         MGMT_STATUS_INVALID_PARAMS,     /* Parameter Out Of Range */
183         MGMT_STATUS_BUSY,               /* Role Switch Pending */
184         MGMT_STATUS_FAILED,             /* Slot Violation */
185         MGMT_STATUS_FAILED,             /* Role Switch Failed */
186         MGMT_STATUS_INVALID_PARAMS,     /* EIR Too Large */
187         MGMT_STATUS_NOT_SUPPORTED,      /* Simple Pairing Not Supported */
188         MGMT_STATUS_BUSY,               /* Host Busy Pairing */
189         MGMT_STATUS_REJECTED,           /* Rejected, No Suitable Channel */
190         MGMT_STATUS_BUSY,               /* Controller Busy */
191         MGMT_STATUS_INVALID_PARAMS,     /* Unsuitable Connection Interval */
192         MGMT_STATUS_TIMEOUT,            /* Directed Advertising Timeout */
193         MGMT_STATUS_AUTH_FAILED,        /* Terminated Due to MIC Failure */
194         MGMT_STATUS_CONNECT_FAILED,     /* Connection Establishment Failed */
195         MGMT_STATUS_CONNECT_FAILED,     /* MAC Connection Failed */
196 };
197
198 static u8 mgmt_status(u8 hci_status)
199 {
200         if (hci_status < ARRAY_SIZE(mgmt_status_table))
201                 return mgmt_status_table[hci_status];
202
203         return MGMT_STATUS_FAILED;
204 }
205
206 static int cmd_status(struct sock *sk, u16 index, u16 cmd, u8 status)
207 {
208         struct sk_buff *skb;
209         struct mgmt_hdr *hdr;
210         struct mgmt_ev_cmd_status *ev;
211         int err;
212
213         BT_DBG("sock %p, index %u, cmd %u, status %u", sk, index, cmd, status);
214
215         skb = alloc_skb(sizeof(*hdr) + sizeof(*ev), GFP_ATOMIC);
216         if (!skb)
217                 return -ENOMEM;
218
219         hdr = (void *) skb_put(skb, sizeof(*hdr));
220
221         hdr->opcode = cpu_to_le16(MGMT_EV_CMD_STATUS);
222         hdr->index = cpu_to_le16(index);
223         hdr->len = cpu_to_le16(sizeof(*ev));
224
225         ev = (void *) skb_put(skb, sizeof(*ev));
226         ev->status = status;
227         put_unaligned_le16(cmd, &ev->opcode);
228
229         err = sock_queue_rcv_skb(sk, skb);
230         if (err < 0)
231                 kfree_skb(skb);
232
233         return err;
234 }
235
236 static int cmd_complete(struct sock *sk, u16 index, u16 cmd, u8 status,
237                                                 void *rp, size_t rp_len)
238 {
239         struct sk_buff *skb;
240         struct mgmt_hdr *hdr;
241         struct mgmt_ev_cmd_complete *ev;
242         int err;
243
244         BT_DBG("sock %p", sk);
245
246         skb = alloc_skb(sizeof(*hdr) + sizeof(*ev) + rp_len, GFP_ATOMIC);
247         if (!skb)
248                 return -ENOMEM;
249
250         hdr = (void *) skb_put(skb, sizeof(*hdr));
251
252         hdr->opcode = cpu_to_le16(MGMT_EV_CMD_COMPLETE);
253         hdr->index = cpu_to_le16(index);
254         hdr->len = cpu_to_le16(sizeof(*ev) + rp_len);
255
256         ev = (void *) skb_put(skb, sizeof(*ev) + rp_len);
257         put_unaligned_le16(cmd, &ev->opcode);
258         ev->status = status;
259
260         if (rp)
261                 memcpy(ev->data, rp, rp_len);
262
263         err = sock_queue_rcv_skb(sk, skb);
264         if (err < 0)
265                 kfree_skb(skb);
266
267         return err;
268 }
269
270 static int read_version(struct sock *sk)
271 {
272         struct mgmt_rp_read_version rp;
273
274         BT_DBG("sock %p", sk);
275
276         rp.version = MGMT_VERSION;
277         put_unaligned_le16(MGMT_REVISION, &rp.revision);
278
279         return cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, 0, &rp,
280                                                                 sizeof(rp));
281 }
282
283 static int read_commands(struct sock *sk)
284 {
285         struct mgmt_rp_read_commands *rp;
286         u16 num_commands = ARRAY_SIZE(mgmt_commands);
287         u16 num_events = ARRAY_SIZE(mgmt_events);
288         u16 *opcode;
289         size_t rp_size;
290         int i, err;
291
292         BT_DBG("sock %p", sk);
293
294         rp_size = sizeof(*rp) + ((num_commands + num_events) * sizeof(u16));
295
296         rp = kmalloc(rp_size, GFP_KERNEL);
297         if (!rp)
298                 return -ENOMEM;
299
300         put_unaligned_le16(num_commands, &rp->num_commands);
301         put_unaligned_le16(num_events, &rp->num_events);
302
303         for (i = 0, opcode = rp->opcodes; i < num_commands; i++, opcode++)
304                 put_unaligned_le16(mgmt_commands[i], opcode);
305
306         for (i = 0; i < num_events; i++, opcode++)
307                 put_unaligned_le16(mgmt_events[i], opcode);
308
309         err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_COMMANDS, 0, rp,
310                                                                 rp_size);
311         kfree(rp);
312
313         return err;
314 }
315
316 static int read_index_list(struct sock *sk)
317 {
318         struct mgmt_rp_read_index_list *rp;
319         struct list_head *p;
320         struct hci_dev *d;
321         size_t rp_len;
322         u16 count;
323         int i, err;
324
325         BT_DBG("sock %p", sk);
326
327         read_lock(&hci_dev_list_lock);
328
329         count = 0;
330         list_for_each(p, &hci_dev_list) {
331                 count++;
332         }
333
334         rp_len = sizeof(*rp) + (2 * count);
335         rp = kmalloc(rp_len, GFP_ATOMIC);
336         if (!rp) {
337                 read_unlock(&hci_dev_list_lock);
338                 return -ENOMEM;
339         }
340
341         put_unaligned_le16(count, &rp->num_controllers);
342
343         i = 0;
344         list_for_each_entry(d, &hci_dev_list, list) {
345                 if (test_bit(HCI_SETUP, &d->dev_flags))
346                         continue;
347
348                 put_unaligned_le16(d->id, &rp->index[i++]);
349                 BT_DBG("Added hci%u", d->id);
350         }
351
352         read_unlock(&hci_dev_list_lock);
353
354         err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST, 0, rp,
355                                                                         rp_len);
356
357         kfree(rp);
358
359         return err;
360 }
361
362 static u32 get_supported_settings(struct hci_dev *hdev)
363 {
364         u32 settings = 0;
365
366         settings |= MGMT_SETTING_POWERED;
367         settings |= MGMT_SETTING_CONNECTABLE;
368         settings |= MGMT_SETTING_FAST_CONNECTABLE;
369         settings |= MGMT_SETTING_DISCOVERABLE;
370         settings |= MGMT_SETTING_PAIRABLE;
371
372         if (hdev->features[6] & LMP_SIMPLE_PAIR)
373                 settings |= MGMT_SETTING_SSP;
374
375         if (!(hdev->features[4] & LMP_NO_BREDR)) {
376                 settings |= MGMT_SETTING_BREDR;
377                 settings |= MGMT_SETTING_LINK_SECURITY;
378         }
379
380         if (enable_hs)
381                 settings |= MGMT_SETTING_HS;
382
383         if (enable_le) {
384                 if (hdev->features[4] & LMP_LE)
385                         settings |= MGMT_SETTING_LE;
386         }
387
388         return settings;
389 }
390
391 static u32 get_current_settings(struct hci_dev *hdev)
392 {
393         u32 settings = 0;
394
395         if (hdev_is_powered(hdev))
396                 settings |= MGMT_SETTING_POWERED;
397
398         if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
399                 settings |= MGMT_SETTING_CONNECTABLE;
400
401         if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
402                 settings |= MGMT_SETTING_DISCOVERABLE;
403
404         if (test_bit(HCI_PAIRABLE, &hdev->dev_flags))
405                 settings |= MGMT_SETTING_PAIRABLE;
406
407         if (!(hdev->features[4] & LMP_NO_BREDR))
408                 settings |= MGMT_SETTING_BREDR;
409
410         if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
411                 settings |= MGMT_SETTING_LE;
412
413         if (test_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
414                 settings |= MGMT_SETTING_LINK_SECURITY;
415
416         if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
417                 settings |= MGMT_SETTING_SSP;
418
419         if (test_bit(HCI_HS_ENABLED, &hdev->dev_flags))
420                 settings |= MGMT_SETTING_HS;
421
422         return settings;
423 }
424
425 #define PNP_INFO_SVCLASS_ID             0x1200
426
427 static u8 bluetooth_base_uuid[] = {
428                         0xFB, 0x34, 0x9B, 0x5F, 0x80, 0x00, 0x00, 0x80,
429                         0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
430 };
431
432 static u16 get_uuid16(u8 *uuid128)
433 {
434         u32 val;
435         int i;
436
437         for (i = 0; i < 12; i++) {
438                 if (bluetooth_base_uuid[i] != uuid128[i])
439                         return 0;
440         }
441
442         memcpy(&val, &uuid128[12], 4);
443
444         val = le32_to_cpu(val);
445         if (val > 0xffff)
446                 return 0;
447
448         return (u16) val;
449 }
450
451 static void create_eir(struct hci_dev *hdev, u8 *data)
452 {
453         u8 *ptr = data;
454         u16 eir_len = 0;
455         u16 uuid16_list[HCI_MAX_EIR_LENGTH / sizeof(u16)];
456         int i, truncated = 0;
457         struct bt_uuid *uuid;
458         size_t name_len;
459
460         name_len = strlen(hdev->dev_name);
461
462         if (name_len > 0) {
463                 /* EIR Data type */
464                 if (name_len > 48) {
465                         name_len = 48;
466                         ptr[1] = EIR_NAME_SHORT;
467                 } else
468                         ptr[1] = EIR_NAME_COMPLETE;
469
470                 /* EIR Data length */
471                 ptr[0] = name_len + 1;
472
473                 memcpy(ptr + 2, hdev->dev_name, name_len);
474
475                 eir_len += (name_len + 2);
476                 ptr += (name_len + 2);
477         }
478
479         memset(uuid16_list, 0, sizeof(uuid16_list));
480
481         /* Group all UUID16 types */
482         list_for_each_entry(uuid, &hdev->uuids, list) {
483                 u16 uuid16;
484
485                 uuid16 = get_uuid16(uuid->uuid);
486                 if (uuid16 == 0)
487                         return;
488
489                 if (uuid16 < 0x1100)
490                         continue;
491
492                 if (uuid16 == PNP_INFO_SVCLASS_ID)
493                         continue;
494
495                 /* Stop if not enough space to put next UUID */
496                 if (eir_len + 2 + sizeof(u16) > HCI_MAX_EIR_LENGTH) {
497                         truncated = 1;
498                         break;
499                 }
500
501                 /* Check for duplicates */
502                 for (i = 0; uuid16_list[i] != 0; i++)
503                         if (uuid16_list[i] == uuid16)
504                                 break;
505
506                 if (uuid16_list[i] == 0) {
507                         uuid16_list[i] = uuid16;
508                         eir_len += sizeof(u16);
509                 }
510         }
511
512         if (uuid16_list[0] != 0) {
513                 u8 *length = ptr;
514
515                 /* EIR Data type */
516                 ptr[1] = truncated ? EIR_UUID16_SOME : EIR_UUID16_ALL;
517
518                 ptr += 2;
519                 eir_len += 2;
520
521                 for (i = 0; uuid16_list[i] != 0; i++) {
522                         *ptr++ = (uuid16_list[i] & 0x00ff);
523                         *ptr++ = (uuid16_list[i] & 0xff00) >> 8;
524                 }
525
526                 /* EIR Data length */
527                 *length = (i * sizeof(u16)) + 1;
528         }
529 }
530
531 static int update_eir(struct hci_dev *hdev)
532 {
533         struct hci_cp_write_eir cp;
534
535         if (!hdev_is_powered(hdev))
536                 return 0;
537
538         if (!(hdev->features[6] & LMP_EXT_INQ))
539                 return 0;
540
541         if (!test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
542                 return 0;
543
544         if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
545                 return 0;
546
547         memset(&cp, 0, sizeof(cp));
548
549         create_eir(hdev, cp.data);
550
551         if (memcmp(cp.data, hdev->eir, sizeof(cp.data)) == 0)
552                 return 0;
553
554         memcpy(hdev->eir, cp.data, sizeof(cp.data));
555
556         return hci_send_cmd(hdev, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
557 }
558
559 static u8 get_service_classes(struct hci_dev *hdev)
560 {
561         struct bt_uuid *uuid;
562         u8 val = 0;
563
564         list_for_each_entry(uuid, &hdev->uuids, list)
565                 val |= uuid->svc_hint;
566
567         return val;
568 }
569
570 static int update_class(struct hci_dev *hdev)
571 {
572         u8 cod[3];
573         int err;
574
575         BT_DBG("%s", hdev->name);
576
577         if (!hdev_is_powered(hdev))
578                 return 0;
579
580         if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
581                 return 0;
582
583         cod[0] = hdev->minor_class;
584         cod[1] = hdev->major_class;
585         cod[2] = get_service_classes(hdev);
586
587         if (memcmp(cod, hdev->dev_class, 3) == 0)
588                 return 0;
589
590         err = hci_send_cmd(hdev, HCI_OP_WRITE_CLASS_OF_DEV, sizeof(cod), cod);
591         if (err == 0)
592                 set_bit(HCI_PENDING_CLASS, &hdev->dev_flags);
593
594         return err;
595 }
596
597 static void service_cache_off(struct work_struct *work)
598 {
599         struct hci_dev *hdev = container_of(work, struct hci_dev,
600                                                         service_cache.work);
601
602         if (!test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
603                 return;
604
605         hci_dev_lock(hdev);
606
607         update_eir(hdev);
608         update_class(hdev);
609
610         hci_dev_unlock(hdev);
611 }
612
613 static void mgmt_init_hdev(struct hci_dev *hdev)
614 {
615         if (!test_and_set_bit(HCI_MGMT, &hdev->dev_flags)) {
616                 INIT_DELAYED_WORK(&hdev->service_cache, service_cache_off);
617
618                 /* Non-mgmt controlled devices get this bit set
619                  * implicitly so that pairing works for them, however
620                  * for mgmt we require user-space to explicitly enable
621                  * it
622                  */
623                 clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
624         }
625 }
626
627 static int read_controller_info(struct sock *sk, u16 index)
628 {
629         struct mgmt_rp_read_info rp;
630         struct hci_dev *hdev;
631
632         BT_DBG("sock %p hci%u", sk, index);
633
634         hdev = hci_dev_get(index);
635         if (!hdev)
636                 return cmd_status(sk, index, MGMT_OP_READ_INFO,
637                                                 MGMT_STATUS_INVALID_PARAMS);
638
639         hci_dev_lock(hdev);
640
641         if (test_and_clear_bit(HCI_PI_MGMT_INIT, &hci_pi(sk)->flags))
642                 mgmt_init_hdev(hdev);
643
644         memset(&rp, 0, sizeof(rp));
645
646         bacpy(&rp.bdaddr, &hdev->bdaddr);
647
648         rp.version = hdev->hci_ver;
649
650         put_unaligned_le16(hdev->manufacturer, &rp.manufacturer);
651
652         rp.supported_settings = cpu_to_le32(get_supported_settings(hdev));
653         rp.current_settings = cpu_to_le32(get_current_settings(hdev));
654
655         memcpy(rp.dev_class, hdev->dev_class, 3);
656
657         memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name));
658         memcpy(rp.short_name, hdev->short_name, sizeof(hdev->short_name));
659
660         hci_dev_unlock(hdev);
661         hci_dev_put(hdev);
662
663         return cmd_complete(sk, index, MGMT_OP_READ_INFO, 0, &rp, sizeof(rp));
664 }
665
666 static void mgmt_pending_free(struct pending_cmd *cmd)
667 {
668         sock_put(cmd->sk);
669         kfree(cmd->param);
670         kfree(cmd);
671 }
672
673 static struct pending_cmd *mgmt_pending_add(struct sock *sk, u16 opcode,
674                                                         struct hci_dev *hdev,
675                                                         void *data, u16 len)
676 {
677         struct pending_cmd *cmd;
678
679         cmd = kmalloc(sizeof(*cmd), GFP_ATOMIC);
680         if (!cmd)
681                 return NULL;
682
683         cmd->opcode = opcode;
684         cmd->index = hdev->id;
685
686         cmd->param = kmalloc(len, GFP_ATOMIC);
687         if (!cmd->param) {
688                 kfree(cmd);
689                 return NULL;
690         }
691
692         if (data)
693                 memcpy(cmd->param, data, len);
694
695         cmd->sk = sk;
696         sock_hold(sk);
697
698         list_add(&cmd->list, &hdev->mgmt_pending);
699
700         return cmd;
701 }
702
703 static void mgmt_pending_foreach(u16 opcode, struct hci_dev *hdev,
704                                 void (*cb)(struct pending_cmd *cmd, void *data),
705                                 void *data)
706 {
707         struct list_head *p, *n;
708
709         list_for_each_safe(p, n, &hdev->mgmt_pending) {
710                 struct pending_cmd *cmd;
711
712                 cmd = list_entry(p, struct pending_cmd, list);
713
714                 if (opcode > 0 && cmd->opcode != opcode)
715                         continue;
716
717                 cb(cmd, data);
718         }
719 }
720
721 static struct pending_cmd *mgmt_pending_find(u16 opcode, struct hci_dev *hdev)
722 {
723         struct pending_cmd *cmd;
724
725         list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
726                 if (cmd->opcode == opcode)
727                         return cmd;
728         }
729
730         return NULL;
731 }
732
733 static void mgmt_pending_remove(struct pending_cmd *cmd)
734 {
735         list_del(&cmd->list);
736         mgmt_pending_free(cmd);
737 }
738
739 static int send_settings_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
740 {
741         __le32 settings = cpu_to_le32(get_current_settings(hdev));
742
743         return cmd_complete(sk, hdev->id, opcode, 0, &settings,
744                                                         sizeof(settings));
745 }
746
747 static int set_powered(struct sock *sk, u16 index, void *data, u16 len)
748 {
749         struct mgmt_mode *cp = data;
750         struct hci_dev *hdev;
751         struct pending_cmd *cmd;
752         int err;
753
754         BT_DBG("request for hci%u", index);
755
756         if (len != sizeof(*cp))
757                 return cmd_status(sk, index, MGMT_OP_SET_POWERED,
758                                                 MGMT_STATUS_INVALID_PARAMS);
759
760         hdev = hci_dev_get(index);
761         if (!hdev)
762                 return cmd_status(sk, index, MGMT_OP_SET_POWERED,
763                                                 MGMT_STATUS_INVALID_PARAMS);
764
765         hci_dev_lock(hdev);
766
767         if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->dev_flags)) {
768                 cancel_delayed_work(&hdev->power_off);
769
770                 if (cp->val) {
771                         err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
772                         mgmt_powered(hdev, 1);
773                         goto failed;
774                 }
775         }
776
777         if (!!cp->val == hdev_is_powered(hdev)) {
778                 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
779                 goto failed;
780         }
781
782         if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev)) {
783                 err = cmd_status(sk, index, MGMT_OP_SET_POWERED,
784                                                         MGMT_STATUS_BUSY);
785                 goto failed;
786         }
787
788         cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev, data, len);
789         if (!cmd) {
790                 err = -ENOMEM;
791                 goto failed;
792         }
793
794         if (cp->val)
795                 schedule_work(&hdev->power_on);
796         else
797                 schedule_work(&hdev->power_off.work);
798
799         err = 0;
800
801 failed:
802         hci_dev_unlock(hdev);
803         hci_dev_put(hdev);
804         return err;
805 }
806
807 static int mgmt_event(u16 event, struct hci_dev *hdev, void *data,
808                                         u16 data_len, struct sock *skip_sk)
809 {
810         struct sk_buff *skb;
811         struct mgmt_hdr *hdr;
812
813         skb = alloc_skb(sizeof(*hdr) + data_len, GFP_ATOMIC);
814         if (!skb)
815                 return -ENOMEM;
816
817         hdr = (void *) skb_put(skb, sizeof(*hdr));
818         hdr->opcode = cpu_to_le16(event);
819         if (hdev)
820                 hdr->index = cpu_to_le16(hdev->id);
821         else
822                 hdr->index = cpu_to_le16(MGMT_INDEX_NONE);
823         hdr->len = cpu_to_le16(data_len);
824
825         if (data)
826                 memcpy(skb_put(skb, data_len), data, data_len);
827
828         /* Time stamp */
829         __net_timestamp(skb);
830
831         hci_send_to_control(skb, skip_sk);
832         kfree_skb(skb);
833
834         return 0;
835 }
836
837 static int new_settings(struct hci_dev *hdev, struct sock *skip)
838 {
839         __le32 ev;
840
841         ev = cpu_to_le32(get_current_settings(hdev));
842
843         return mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev), skip);
844 }
845
846 static int set_discoverable(struct sock *sk, u16 index, void *data, u16 len)
847 {
848         struct mgmt_cp_set_discoverable *cp = data;
849         struct hci_dev *hdev;
850         struct pending_cmd *cmd;
851         u16 timeout;
852         u8 scan;
853         int err;
854
855         BT_DBG("request for hci%u", index);
856
857         if (len != sizeof(*cp))
858                 return cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE,
859                                                 MGMT_STATUS_INVALID_PARAMS);
860
861         timeout = get_unaligned_le16(&cp->timeout);
862         if (!cp->val && timeout > 0)
863                 return cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE,
864                                                 MGMT_STATUS_INVALID_PARAMS);
865
866         hdev = hci_dev_get(index);
867         if (!hdev)
868                 return cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE,
869                                                 MGMT_STATUS_INVALID_PARAMS);
870
871         hci_dev_lock(hdev);
872
873         if (!hdev_is_powered(hdev) && timeout > 0) {
874                 err = cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE,
875                                                 MGMT_STATUS_NOT_POWERED);
876                 goto failed;
877         }
878
879         if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
880                         mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
881                 err = cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE,
882                                                         MGMT_STATUS_BUSY);
883                 goto failed;
884         }
885
886         if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags)) {
887                 err = cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE,
888                                                         MGMT_STATUS_REJECTED);
889                 goto failed;
890         }
891
892         if (!hdev_is_powered(hdev)) {
893                 bool changed = false;
894
895                 if (!!cp->val != test_bit(HCI_DISCOVERABLE, &hdev->dev_flags)) {
896                         change_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
897                         changed = true;
898                 }
899
900                 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
901                 if (err < 0)
902                         goto failed;
903
904                 if (changed)
905                         err = new_settings(hdev, sk);
906
907                 goto failed;
908         }
909
910         if (!!cp->val == test_bit(HCI_DISCOVERABLE, &hdev->dev_flags)) {
911                 if (hdev->discov_timeout > 0) {
912                         cancel_delayed_work(&hdev->discov_off);
913                         hdev->discov_timeout = 0;
914                 }
915
916                 if (cp->val && timeout > 0) {
917                         hdev->discov_timeout = timeout;
918                         queue_delayed_work(hdev->workqueue, &hdev->discov_off,
919                                 msecs_to_jiffies(hdev->discov_timeout * 1000));
920                 }
921
922                 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
923                 goto failed;
924         }
925
926         cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, hdev, data, len);
927         if (!cmd) {
928                 err = -ENOMEM;
929                 goto failed;
930         }
931
932         scan = SCAN_PAGE;
933
934         if (cp->val)
935                 scan |= SCAN_INQUIRY;
936         else
937                 cancel_delayed_work(&hdev->discov_off);
938
939         err = hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
940         if (err < 0)
941                 mgmt_pending_remove(cmd);
942
943         if (cp->val)
944                 hdev->discov_timeout = timeout;
945
946 failed:
947         hci_dev_unlock(hdev);
948         hci_dev_put(hdev);
949
950         return err;
951 }
952
953 static int set_connectable(struct sock *sk, u16 index, void *data, u16 len)
954 {
955         struct mgmt_mode *cp = data;
956         struct hci_dev *hdev;
957         struct pending_cmd *cmd;
958         u8 scan;
959         int err;
960
961         BT_DBG("request for hci%u", index);
962
963         if (len != sizeof(*cp))
964                 return cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE,
965                                                 MGMT_STATUS_INVALID_PARAMS);
966
967         hdev = hci_dev_get(index);
968         if (!hdev)
969                 return cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE,
970                                                 MGMT_STATUS_INVALID_PARAMS);
971
972         hci_dev_lock(hdev);
973
974         if (!hdev_is_powered(hdev)) {
975                 bool changed = false;
976
977                 if (!!cp->val != test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
978                         changed = true;
979
980                 if (cp->val) {
981                         set_bit(HCI_CONNECTABLE, &hdev->dev_flags);
982                 } else {
983                         clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
984                         clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
985                 }
986
987                 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
988                 if (err < 0)
989                         goto failed;
990
991                 if (changed)
992                         err = new_settings(hdev, sk);
993
994                 goto failed;
995         }
996
997         if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
998                         mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
999                 err = cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE,
1000                                                         MGMT_STATUS_BUSY);
1001                 goto failed;
1002         }
1003
1004         if (!!cp->val == test_bit(HCI_PSCAN, &hdev->flags)) {
1005                 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
1006                 goto failed;
1007         }
1008
1009         cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, hdev, data, len);
1010         if (!cmd) {
1011                 err = -ENOMEM;
1012                 goto failed;
1013         }
1014
1015         if (cp->val) {
1016                 scan = SCAN_PAGE;
1017         } else {
1018                 scan = 0;
1019
1020                 if (test_bit(HCI_ISCAN, &hdev->flags) &&
1021                                                 hdev->discov_timeout > 0)
1022                         cancel_delayed_work(&hdev->discov_off);
1023         }
1024
1025         err = hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1026         if (err < 0)
1027                 mgmt_pending_remove(cmd);
1028
1029 failed:
1030         hci_dev_unlock(hdev);
1031         hci_dev_put(hdev);
1032
1033         return err;
1034 }
1035
1036 static int set_pairable(struct sock *sk, u16 index, void *data, u16 len)
1037 {
1038         struct mgmt_mode *cp = data;
1039         struct hci_dev *hdev;
1040         int err;
1041
1042         BT_DBG("request for hci%u", index);
1043
1044         if (len != sizeof(*cp))
1045                 return cmd_status(sk, index, MGMT_OP_SET_PAIRABLE,
1046                                                 MGMT_STATUS_INVALID_PARAMS);
1047
1048         hdev = hci_dev_get(index);
1049         if (!hdev)
1050                 return cmd_status(sk, index, MGMT_OP_SET_PAIRABLE,
1051                                                 MGMT_STATUS_INVALID_PARAMS);
1052
1053         hci_dev_lock(hdev);
1054
1055         if (cp->val)
1056                 set_bit(HCI_PAIRABLE, &hdev->dev_flags);
1057         else
1058                 clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
1059
1060         err = send_settings_rsp(sk, MGMT_OP_SET_PAIRABLE, hdev);
1061         if (err < 0)
1062                 goto failed;
1063
1064         err = new_settings(hdev, sk);
1065
1066 failed:
1067         hci_dev_unlock(hdev);
1068         hci_dev_put(hdev);
1069
1070         return err;
1071 }
1072
1073 static int set_link_security(struct sock *sk, u16 index, void *data, u16 len)
1074 {
1075         struct mgmt_mode *cp = data;
1076         struct pending_cmd *cmd;
1077         struct hci_dev *hdev;
1078         u8 val;
1079         int err;
1080
1081         BT_DBG("request for hci%u", index);
1082
1083         if (len != sizeof(*cp))
1084                 return cmd_status(sk, index, MGMT_OP_SET_LINK_SECURITY,
1085                                                 MGMT_STATUS_INVALID_PARAMS);
1086
1087         hdev = hci_dev_get(index);
1088         if (!hdev)
1089                 return cmd_status(sk, index, MGMT_OP_SET_LINK_SECURITY,
1090                                                 MGMT_STATUS_INVALID_PARAMS);
1091
1092         hci_dev_lock(hdev);
1093
1094         if (!hdev_is_powered(hdev)) {
1095                 bool changed = false;
1096
1097                 if (!!cp->val != test_bit(HCI_LINK_SECURITY,
1098                                                         &hdev->dev_flags)) {
1099                         change_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
1100                         changed = true;
1101                 }
1102
1103                 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1104                 if (err < 0)
1105                         goto failed;
1106
1107                 if (changed)
1108                         err = new_settings(hdev, sk);
1109
1110                 goto failed;
1111         }
1112
1113         if (mgmt_pending_find(MGMT_OP_SET_LINK_SECURITY, hdev)) {
1114                 err = cmd_status(sk, index, MGMT_OP_SET_LINK_SECURITY,
1115                                                         MGMT_STATUS_BUSY);
1116                 goto failed;
1117         }
1118
1119         val = !!cp->val;
1120
1121         if (test_bit(HCI_AUTH, &hdev->flags) == val) {
1122                 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1123                 goto failed;
1124         }
1125
1126         cmd = mgmt_pending_add(sk, MGMT_OP_SET_LINK_SECURITY, hdev, data, len);
1127         if (!cmd) {
1128                 err = -ENOMEM;
1129                 goto failed;
1130         }
1131
1132         err = hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(val), &val);
1133         if (err < 0) {
1134                 mgmt_pending_remove(cmd);
1135                 goto failed;
1136         }
1137
1138 failed:
1139         hci_dev_unlock(hdev);
1140         hci_dev_put(hdev);
1141
1142         return err;
1143 }
1144
1145 static int set_ssp(struct sock *sk, u16 index, void *data, u16 len)
1146 {
1147         struct mgmt_mode *cp = data;
1148         struct pending_cmd *cmd;
1149         struct hci_dev *hdev;
1150         u8 val;
1151         int err;
1152
1153         BT_DBG("request for hci%u", index);
1154
1155         if (len != sizeof(*cp))
1156                 return cmd_status(sk, index, MGMT_OP_SET_SSP,
1157                                                 MGMT_STATUS_INVALID_PARAMS);
1158
1159         hdev = hci_dev_get(index);
1160         if (!hdev)
1161                 return cmd_status(sk, index, MGMT_OP_SET_SSP,
1162                                                 MGMT_STATUS_INVALID_PARAMS);
1163
1164         hci_dev_lock(hdev);
1165
1166         if (!(hdev->features[6] & LMP_SIMPLE_PAIR)) {
1167                 err = cmd_status(sk, index, MGMT_OP_SET_SSP,
1168                                                 MGMT_STATUS_NOT_SUPPORTED);
1169                 goto failed;
1170         }
1171
1172         val = !!cp->val;
1173
1174         if (!hdev_is_powered(hdev)) {
1175                 bool changed = false;
1176
1177                 if (val != test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
1178                         change_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
1179                         changed = true;
1180                 }
1181
1182                 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1183                 if (err < 0)
1184                         goto failed;
1185
1186                 if (changed)
1187                         err = new_settings(hdev, sk);
1188
1189                 goto failed;
1190         }
1191
1192         if (mgmt_pending_find(MGMT_OP_SET_SSP, hdev)) {
1193                 err = cmd_status(sk, index, MGMT_OP_SET_SSP, MGMT_STATUS_BUSY);
1194                 goto failed;
1195         }
1196
1197         if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags) == val) {
1198                 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1199                 goto failed;
1200         }
1201
1202         cmd = mgmt_pending_add(sk, MGMT_OP_SET_SSP, hdev, data, len);
1203         if (!cmd) {
1204                 err = -ENOMEM;
1205                 goto failed;
1206         }
1207
1208         err = hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, sizeof(val), &val);
1209         if (err < 0) {
1210                 mgmt_pending_remove(cmd);
1211                 goto failed;
1212         }
1213
1214 failed:
1215         hci_dev_unlock(hdev);
1216         hci_dev_put(hdev);
1217
1218         return err;
1219 }
1220
1221 static int set_hs(struct sock *sk, u16 index, void *data, u16 len)
1222 {
1223         struct mgmt_mode *cp = data;
1224         struct hci_dev *hdev;
1225         int err;
1226
1227         BT_DBG("request for hci%u", index);
1228
1229         if (len != sizeof(*cp))
1230                 return cmd_status(sk, index, MGMT_OP_SET_HS,
1231                                                 MGMT_STATUS_INVALID_PARAMS);
1232
1233         hdev = hci_dev_get(index);
1234         if (!hdev)
1235                 return cmd_status(sk, index, MGMT_OP_SET_HS,
1236                                                 MGMT_STATUS_INVALID_PARAMS);
1237
1238         if (!enable_hs) {
1239                 err = cmd_status(sk, index, MGMT_OP_SET_HS,
1240                                         MGMT_STATUS_NOT_SUPPORTED);
1241                 goto failed;
1242         }
1243
1244         if (cp->val)
1245                 set_bit(HCI_HS_ENABLED, &hdev->dev_flags);
1246         else
1247                 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
1248
1249         err = send_settings_rsp(sk, MGMT_OP_SET_HS, hdev);
1250
1251 failed:
1252         hci_dev_put(hdev);
1253         return err;
1254 }
1255
1256 static int set_le(struct sock *sk, u16 index, void *data, u16 len)
1257 {
1258         struct mgmt_mode *cp = data;
1259         struct hci_cp_write_le_host_supported hci_cp;
1260         struct pending_cmd *cmd;
1261         struct hci_dev *hdev;
1262         int err;
1263         u8 val, enabled;
1264
1265         BT_DBG("request for hci%u", index);
1266
1267         if (len != sizeof(*cp))
1268                 return cmd_status(sk, index, MGMT_OP_SET_LE,
1269                                                 MGMT_STATUS_INVALID_PARAMS);
1270
1271         hdev = hci_dev_get(index);
1272         if (!hdev)
1273                 return cmd_status(sk, index, MGMT_OP_SET_LE,
1274                                                 MGMT_STATUS_INVALID_PARAMS);
1275
1276         hci_dev_lock(hdev);
1277
1278         if (!enable_le || !(hdev->features[4] & LMP_LE)) {
1279                 err = cmd_status(sk, index, MGMT_OP_SET_LE,
1280                                                 MGMT_STATUS_NOT_SUPPORTED);
1281                 goto unlock;
1282         }
1283
1284         val = !!cp->val;
1285         enabled = !!(hdev->host_features[0] & LMP_HOST_LE);
1286
1287         if (!hdev_is_powered(hdev) || val == enabled) {
1288                 bool changed = false;
1289
1290                 if (val != test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
1291                         change_bit(HCI_LE_ENABLED, &hdev->dev_flags);
1292                         changed = true;
1293                 }
1294
1295                 err = send_settings_rsp(sk, MGMT_OP_SET_LE, hdev);
1296                 if (err < 0)
1297                         goto unlock;
1298
1299                 if (changed)
1300                         err = new_settings(hdev, sk);
1301
1302                 goto unlock;
1303         }
1304
1305         if (mgmt_pending_find(MGMT_OP_SET_LE, hdev)) {
1306                 err = cmd_status(sk, index, MGMT_OP_SET_LE, MGMT_STATUS_BUSY);
1307                 goto unlock;
1308         }
1309
1310         cmd = mgmt_pending_add(sk, MGMT_OP_SET_LE, hdev, data, len);
1311         if (!cmd) {
1312                 err = -ENOMEM;
1313                 goto unlock;
1314         }
1315
1316         memset(&hci_cp, 0, sizeof(hci_cp));
1317
1318         if (val) {
1319                 hci_cp.le = val;
1320                 hci_cp.simul = !!(hdev->features[6] & LMP_SIMUL_LE_BR);
1321         }
1322
1323         err = hci_send_cmd(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED,
1324                                                 sizeof(hci_cp), &hci_cp);
1325         if (err < 0) {
1326                 mgmt_pending_remove(cmd);
1327                 goto unlock;
1328         }
1329
1330 unlock:
1331         hci_dev_unlock(hdev);
1332         hci_dev_put(hdev);
1333         return err;
1334 }
1335
1336 static int add_uuid(struct sock *sk, u16 index, void *data, u16 len)
1337 {
1338         struct mgmt_cp_add_uuid *cp = data;
1339         struct pending_cmd *cmd;
1340         struct hci_dev *hdev;
1341         struct bt_uuid *uuid;
1342         int err;
1343
1344         BT_DBG("request for hci%u", index);
1345
1346         if (len != sizeof(*cp))
1347                 return cmd_status(sk, index, MGMT_OP_ADD_UUID,
1348                                                 MGMT_STATUS_INVALID_PARAMS);
1349
1350         hdev = hci_dev_get(index);
1351         if (!hdev)
1352                 return cmd_status(sk, index, MGMT_OP_ADD_UUID,
1353                                                 MGMT_STATUS_INVALID_PARAMS);
1354
1355         hci_dev_lock(hdev);
1356
1357         if (test_bit(HCI_PENDING_CLASS, &hdev->dev_flags)) {
1358                 err = cmd_status(sk, index, MGMT_OP_ADD_UUID,
1359                                                         MGMT_STATUS_BUSY);
1360                 goto failed;
1361         }
1362
1363         uuid = kmalloc(sizeof(*uuid), GFP_ATOMIC);
1364         if (!uuid) {
1365                 err = -ENOMEM;
1366                 goto failed;
1367         }
1368
1369         memcpy(uuid->uuid, cp->uuid, 16);
1370         uuid->svc_hint = cp->svc_hint;
1371
1372         list_add(&uuid->list, &hdev->uuids);
1373
1374         err = update_class(hdev);
1375         if (err < 0)
1376                 goto failed;
1377
1378         err = update_eir(hdev);
1379         if (err < 0)
1380                 goto failed;
1381
1382         if (!test_bit(HCI_PENDING_CLASS, &hdev->dev_flags)) {
1383                 err = cmd_complete(sk, index, MGMT_OP_ADD_UUID, 0,
1384                                                         hdev->dev_class, 3);
1385                 goto failed;
1386         }
1387
1388         cmd = mgmt_pending_add(sk, MGMT_OP_ADD_UUID, hdev, data, len);
1389         if (!cmd) {
1390                 err = -ENOMEM;
1391                 goto failed;
1392         }
1393
1394 failed:
1395         hci_dev_unlock(hdev);
1396         hci_dev_put(hdev);
1397
1398         return err;
1399 }
1400
1401 static bool enable_service_cache(struct hci_dev *hdev)
1402 {
1403         if (!hdev_is_powered(hdev))
1404                 return false;
1405
1406         if (!test_and_set_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
1407                 schedule_delayed_work(&hdev->service_cache,
1408                                 msecs_to_jiffies(SERVICE_CACHE_TIMEOUT));
1409                 return true;
1410         }
1411
1412         return false;
1413 }
1414
1415 static int remove_uuid(struct sock *sk, u16 index, void *data, u16 len)
1416 {
1417         struct mgmt_cp_remove_uuid *cp = data;
1418         struct pending_cmd *cmd;
1419         struct list_head *p, *n;
1420         struct hci_dev *hdev;
1421         u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
1422         int err, found;
1423
1424         BT_DBG("request for hci%u", index);
1425
1426         if (len != sizeof(*cp))
1427                 return cmd_status(sk, index, MGMT_OP_REMOVE_UUID,
1428                                                 MGMT_STATUS_INVALID_PARAMS);
1429
1430         hdev = hci_dev_get(index);
1431         if (!hdev)
1432                 return cmd_status(sk, index, MGMT_OP_REMOVE_UUID,
1433                                                 MGMT_STATUS_INVALID_PARAMS);
1434
1435         hci_dev_lock(hdev);
1436
1437         if (test_bit(HCI_PENDING_CLASS, &hdev->dev_flags)) {
1438                 err = cmd_status(sk, index, MGMT_OP_REMOVE_UUID,
1439                                                         MGMT_STATUS_BUSY);
1440                 goto unlock;
1441         }
1442
1443         if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) {
1444                 err = hci_uuids_clear(hdev);
1445
1446                 if (enable_service_cache(hdev)) {
1447                         err = cmd_complete(sk, index, MGMT_OP_REMOVE_UUID, 0,
1448                                                         hdev->dev_class, 3);
1449                         goto unlock;
1450                 }
1451
1452                 goto update_class;
1453         }
1454
1455         found = 0;
1456
1457         list_for_each_safe(p, n, &hdev->uuids) {
1458                 struct bt_uuid *match = list_entry(p, struct bt_uuid, list);
1459
1460                 if (memcmp(match->uuid, cp->uuid, 16) != 0)
1461                         continue;
1462
1463                 list_del(&match->list);
1464                 found++;
1465         }
1466
1467         if (found == 0) {
1468                 err = cmd_status(sk, index, MGMT_OP_REMOVE_UUID,
1469                                                 MGMT_STATUS_INVALID_PARAMS);
1470                 goto unlock;
1471         }
1472
1473 update_class:
1474         err = update_class(hdev);
1475         if (err < 0)
1476                 goto unlock;
1477
1478         err = update_eir(hdev);
1479         if (err < 0)
1480                 goto unlock;
1481
1482         if (!test_bit(HCI_PENDING_CLASS, &hdev->dev_flags)) {
1483                 err = cmd_complete(sk, index, MGMT_OP_REMOVE_UUID, 0,
1484                                                         hdev->dev_class, 3);
1485                 goto unlock;
1486         }
1487
1488         cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_UUID, hdev, data, len);
1489         if (!cmd) {
1490                 err = -ENOMEM;
1491                 goto unlock;
1492         }
1493
1494 unlock:
1495         hci_dev_unlock(hdev);
1496         hci_dev_put(hdev);
1497
1498         return err;
1499 }
1500
1501 static int set_dev_class(struct sock *sk, u16 index, void *data, u16 len)
1502 {
1503         struct hci_dev *hdev;
1504         struct mgmt_cp_set_dev_class *cp = data;
1505         struct pending_cmd *cmd;
1506         int err;
1507
1508         BT_DBG("request for hci%u", index);
1509
1510         if (len != sizeof(*cp))
1511                 return cmd_status(sk, index, MGMT_OP_SET_DEV_CLASS,
1512                                                 MGMT_STATUS_INVALID_PARAMS);
1513
1514         hdev = hci_dev_get(index);
1515         if (!hdev)
1516                 return cmd_status(sk, index, MGMT_OP_SET_DEV_CLASS,
1517                                                 MGMT_STATUS_INVALID_PARAMS);
1518
1519         hci_dev_lock(hdev);
1520
1521         if (test_bit(HCI_PENDING_CLASS, &hdev->dev_flags)) {
1522                 err = cmd_status(sk, index, MGMT_OP_SET_DEV_CLASS,
1523                                                         MGMT_STATUS_BUSY);
1524                 goto unlock;
1525         }
1526
1527         hdev->major_class = cp->major;
1528         hdev->minor_class = cp->minor;
1529
1530         if (!hdev_is_powered(hdev)) {
1531                 err = cmd_complete(sk, index, MGMT_OP_SET_DEV_CLASS, 0,
1532                                                         hdev->dev_class, 3);
1533                 goto unlock;
1534         }
1535
1536         if (test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
1537                 hci_dev_unlock(hdev);
1538                 cancel_delayed_work_sync(&hdev->service_cache);
1539                 hci_dev_lock(hdev);
1540                 update_eir(hdev);
1541         }
1542
1543         err = update_class(hdev);
1544         if (err < 0)
1545                 goto unlock;
1546
1547         if (!test_bit(HCI_PENDING_CLASS, &hdev->dev_flags)) {
1548                 err = cmd_complete(sk, index, MGMT_OP_SET_DEV_CLASS, 0,
1549                                                         hdev->dev_class, 3);
1550                 goto unlock;
1551         }
1552
1553         cmd = mgmt_pending_add(sk, MGMT_OP_SET_DEV_CLASS, hdev, data, len);
1554         if (!cmd) {
1555                 err = -ENOMEM;
1556                 goto unlock;
1557         }
1558
1559 unlock:
1560         hci_dev_unlock(hdev);
1561         hci_dev_put(hdev);
1562
1563         return err;
1564 }
1565
1566 static int load_link_keys(struct sock *sk, u16 index, void *data, u16 len)
1567 {
1568         struct hci_dev *hdev;
1569         struct mgmt_cp_load_link_keys *cp = data;
1570         u16 key_count, expected_len;
1571         int i;
1572
1573         if (len < sizeof(*cp))
1574                 return cmd_status(sk, index, MGMT_OP_LOAD_LINK_KEYS,
1575                                                 MGMT_STATUS_INVALID_PARAMS);
1576
1577         key_count = get_unaligned_le16(&cp->key_count);
1578
1579         expected_len = sizeof(*cp) + key_count *
1580                                         sizeof(struct mgmt_link_key_info);
1581         if (expected_len != len) {
1582                 BT_ERR("load_link_keys: expected %u bytes, got %u bytes",
1583                                                         len, expected_len);
1584                 return cmd_status(sk, index, MGMT_OP_LOAD_LINK_KEYS,
1585                                                 MGMT_STATUS_INVALID_PARAMS);
1586         }
1587
1588         hdev = hci_dev_get(index);
1589         if (!hdev)
1590                 return cmd_status(sk, index, MGMT_OP_LOAD_LINK_KEYS,
1591                                                 MGMT_STATUS_INVALID_PARAMS);
1592
1593         BT_DBG("hci%u debug_keys %u key_count %u", index, cp->debug_keys,
1594                                                                 key_count);
1595
1596         hci_dev_lock(hdev);
1597
1598         hci_link_keys_clear(hdev);
1599
1600         set_bit(HCI_LINK_KEYS, &hdev->dev_flags);
1601
1602         if (cp->debug_keys)
1603                 set_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
1604         else
1605                 clear_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
1606
1607         for (i = 0; i < key_count; i++) {
1608                 struct mgmt_link_key_info *key = &cp->keys[i];
1609
1610                 hci_add_link_key(hdev, NULL, 0, &key->addr.bdaddr, key->val,
1611                                                 key->type, key->pin_len);
1612         }
1613
1614         cmd_complete(sk, index, MGMT_OP_LOAD_LINK_KEYS, 0, NULL, 0);
1615
1616         hci_dev_unlock(hdev);
1617         hci_dev_put(hdev);
1618
1619         return 0;
1620 }
1621
1622 static int device_unpaired(struct hci_dev *hdev, bdaddr_t *bdaddr,
1623                                         u8 addr_type, struct sock *skip_sk)
1624 {
1625         struct mgmt_ev_device_unpaired ev;
1626
1627         bacpy(&ev.addr.bdaddr, bdaddr);
1628         ev.addr.type = addr_type;
1629
1630         return mgmt_event(MGMT_EV_DEVICE_UNPAIRED, hdev, &ev, sizeof(ev),
1631                                                                 skip_sk);
1632 }
1633
1634 static int unpair_device(struct sock *sk, u16 index, void *data, u16 len)
1635 {
1636         struct hci_dev *hdev;
1637         struct mgmt_cp_unpair_device *cp = data;
1638         struct mgmt_rp_unpair_device rp;
1639         struct hci_cp_disconnect dc;
1640         struct pending_cmd *cmd;
1641         struct hci_conn *conn;
1642         int err;
1643
1644         if (len != sizeof(*cp))
1645                 return cmd_status(sk, index, MGMT_OP_UNPAIR_DEVICE,
1646                                                 MGMT_STATUS_INVALID_PARAMS);
1647
1648         hdev = hci_dev_get(index);
1649         if (!hdev)
1650                 return cmd_status(sk, index, MGMT_OP_UNPAIR_DEVICE,
1651                                                 MGMT_STATUS_INVALID_PARAMS);
1652
1653         hci_dev_lock(hdev);
1654
1655         memset(&rp, 0, sizeof(rp));
1656         bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
1657         rp.addr.type = cp->addr.type;
1658
1659         if (!hdev_is_powered(hdev)) {
1660                 err = cmd_complete(sk, index, MGMT_OP_UNPAIR_DEVICE,
1661                                                 MGMT_STATUS_NOT_POWERED,
1662                                                 &rp, sizeof(rp));
1663                 goto unlock;
1664         }
1665
1666         if (cp->addr.type == MGMT_ADDR_BREDR)
1667                 err = hci_remove_link_key(hdev, &cp->addr.bdaddr);
1668         else
1669                 err = hci_remove_ltk(hdev, &cp->addr.bdaddr);
1670
1671         if (err < 0) {
1672                 err = cmd_complete(sk, index, MGMT_OP_UNPAIR_DEVICE,
1673                                                 MGMT_STATUS_NOT_PAIRED,
1674                                                 &rp, sizeof(rp));
1675                 goto unlock;
1676         }
1677
1678         if (cp->disconnect) {
1679                 if (cp->addr.type == MGMT_ADDR_BREDR)
1680                         conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
1681                                                         &cp->addr.bdaddr);
1682                 else
1683                         conn = hci_conn_hash_lookup_ba(hdev, LE_LINK,
1684                                                         &cp->addr.bdaddr);
1685         } else {
1686                 conn = NULL;
1687         }
1688
1689         if (!conn) {
1690                 err = cmd_complete(sk, index, MGMT_OP_UNPAIR_DEVICE, 0,
1691                                                         &rp, sizeof(rp));
1692                 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, sk);
1693                 goto unlock;
1694         }
1695
1696         cmd = mgmt_pending_add(sk, MGMT_OP_UNPAIR_DEVICE, hdev, cp,
1697                                                                 sizeof(*cp));
1698         if (!cmd) {
1699                 err = -ENOMEM;
1700                 goto unlock;
1701         }
1702
1703         put_unaligned_le16(conn->handle, &dc.handle);
1704         dc.reason = 0x13; /* Remote User Terminated Connection */
1705         err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1706         if (err < 0)
1707                 mgmt_pending_remove(cmd);
1708
1709 unlock:
1710         hci_dev_unlock(hdev);
1711         hci_dev_put(hdev);
1712
1713         return err;
1714 }
1715
1716 static int disconnect(struct sock *sk, u16 index, void *data, u16 len)
1717 {
1718         struct hci_dev *hdev;
1719         struct mgmt_cp_disconnect *cp = data;
1720         struct hci_cp_disconnect dc;
1721         struct pending_cmd *cmd;
1722         struct hci_conn *conn;
1723         int err;
1724
1725         BT_DBG("");
1726
1727         if (len != sizeof(*cp))
1728                 return cmd_status(sk, index, MGMT_OP_DISCONNECT,
1729                                                 MGMT_STATUS_INVALID_PARAMS);
1730
1731         hdev = hci_dev_get(index);
1732         if (!hdev)
1733                 return cmd_status(sk, index, MGMT_OP_DISCONNECT,
1734                                                 MGMT_STATUS_INVALID_PARAMS);
1735
1736         hci_dev_lock(hdev);
1737
1738         if (!test_bit(HCI_UP, &hdev->flags)) {
1739                 err = cmd_status(sk, index, MGMT_OP_DISCONNECT,
1740                                                 MGMT_STATUS_NOT_POWERED);
1741                 goto failed;
1742         }
1743
1744         if (mgmt_pending_find(MGMT_OP_DISCONNECT, hdev)) {
1745                 err = cmd_status(sk, index, MGMT_OP_DISCONNECT,
1746                                                         MGMT_STATUS_BUSY);
1747                 goto failed;
1748         }
1749
1750         if (cp->addr.type == MGMT_ADDR_BREDR)
1751                 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr);
1752         else
1753                 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
1754
1755         if (!conn) {
1756                 err = cmd_status(sk, index, MGMT_OP_DISCONNECT,
1757                                                 MGMT_STATUS_NOT_CONNECTED);
1758                 goto failed;
1759         }
1760
1761         cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, hdev, data, len);
1762         if (!cmd) {
1763                 err = -ENOMEM;
1764                 goto failed;
1765         }
1766
1767         put_unaligned_le16(conn->handle, &dc.handle);
1768         dc.reason = 0x13; /* Remote User Terminated Connection */
1769
1770         err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1771         if (err < 0)
1772                 mgmt_pending_remove(cmd);
1773
1774 failed:
1775         hci_dev_unlock(hdev);
1776         hci_dev_put(hdev);
1777
1778         return err;
1779 }
1780
1781 static u8 link_to_mgmt(u8 link_type, u8 addr_type)
1782 {
1783         switch (link_type) {
1784         case LE_LINK:
1785                 switch (addr_type) {
1786                 case ADDR_LE_DEV_PUBLIC:
1787                         return MGMT_ADDR_LE_PUBLIC;
1788                 case ADDR_LE_DEV_RANDOM:
1789                         return MGMT_ADDR_LE_RANDOM;
1790                 default:
1791                         return MGMT_ADDR_INVALID;
1792                 }
1793         case ACL_LINK:
1794                 return MGMT_ADDR_BREDR;
1795         default:
1796                 return MGMT_ADDR_INVALID;
1797         }
1798 }
1799
1800 static int get_connections(struct sock *sk, u16 index)
1801 {
1802         struct mgmt_rp_get_connections *rp;
1803         struct hci_dev *hdev;
1804         struct hci_conn *c;
1805         size_t rp_len;
1806         int err;
1807         u16 i;
1808
1809         BT_DBG("");
1810
1811         hdev = hci_dev_get(index);
1812         if (!hdev)
1813                 return cmd_status(sk, index, MGMT_OP_GET_CONNECTIONS,
1814                                                 MGMT_STATUS_INVALID_PARAMS);
1815
1816         hci_dev_lock(hdev);
1817
1818         if (!hdev_is_powered(hdev)) {
1819                 err = cmd_status(sk, index, MGMT_OP_GET_CONNECTIONS,
1820                                                 MGMT_STATUS_NOT_POWERED);
1821                 goto unlock;
1822         }
1823
1824         i = 0;
1825         list_for_each_entry(c, &hdev->conn_hash.list, list) {
1826                 if (test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
1827                         i++;
1828         }
1829
1830         rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
1831         rp = kmalloc(rp_len, GFP_ATOMIC);
1832         if (!rp) {
1833                 err = -ENOMEM;
1834                 goto unlock;
1835         }
1836
1837         i = 0;
1838         list_for_each_entry(c, &hdev->conn_hash.list, list) {
1839                 if (!test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
1840                         continue;
1841                 bacpy(&rp->addr[i].bdaddr, &c->dst);
1842                 rp->addr[i].type = link_to_mgmt(c->type, c->dst_type);
1843                 if (rp->addr[i].type == MGMT_ADDR_INVALID)
1844                         continue;
1845                 i++;
1846         }
1847
1848         put_unaligned_le16(i, &rp->conn_count);
1849
1850         /* Recalculate length in case of filtered SCO connections, etc */
1851         rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
1852
1853         err = cmd_complete(sk, index, MGMT_OP_GET_CONNECTIONS, 0, rp, rp_len);
1854
1855         kfree(rp);
1856
1857 unlock:
1858         hci_dev_unlock(hdev);
1859         hci_dev_put(hdev);
1860         return err;
1861 }
1862
1863 static int send_pin_code_neg_reply(struct sock *sk, u16 index,
1864                 struct hci_dev *hdev, struct mgmt_cp_pin_code_neg_reply *cp)
1865 {
1866         struct pending_cmd *cmd;
1867         int err;
1868
1869         cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, hdev, cp,
1870                                                                 sizeof(*cp));
1871         if (!cmd)
1872                 return -ENOMEM;
1873
1874         err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
1875                                 sizeof(cp->addr.bdaddr), &cp->addr.bdaddr);
1876         if (err < 0)
1877                 mgmt_pending_remove(cmd);
1878
1879         return err;
1880 }
1881
1882 static int pin_code_reply(struct sock *sk, u16 index, void *data, u16 len)
1883 {
1884         struct hci_dev *hdev;
1885         struct hci_conn *conn;
1886         struct mgmt_cp_pin_code_reply *cp = data;
1887         struct hci_cp_pin_code_reply reply;
1888         struct pending_cmd *cmd;
1889         int err;
1890
1891         BT_DBG("");
1892
1893         if (len != sizeof(*cp))
1894                 return cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY,
1895                                                 MGMT_STATUS_INVALID_PARAMS);
1896
1897         hdev = hci_dev_get(index);
1898         if (!hdev)
1899                 return cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY,
1900                                                 MGMT_STATUS_INVALID_PARAMS);
1901
1902         hci_dev_lock(hdev);
1903
1904         if (!hdev_is_powered(hdev)) {
1905                 err = cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY,
1906                                                 MGMT_STATUS_NOT_POWERED);
1907                 goto failed;
1908         }
1909
1910         conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr);
1911         if (!conn) {
1912                 err = cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY,
1913                                                 MGMT_STATUS_NOT_CONNECTED);
1914                 goto failed;
1915         }
1916
1917         if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) {
1918                 struct mgmt_cp_pin_code_neg_reply ncp;
1919
1920                 memcpy(&ncp.addr, &cp->addr, sizeof(ncp.addr));
1921
1922                 BT_ERR("PIN code is not 16 bytes long");
1923
1924                 err = send_pin_code_neg_reply(sk, index, hdev, &ncp);
1925                 if (err >= 0)
1926                         err = cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY,
1927                                                 MGMT_STATUS_INVALID_PARAMS);
1928
1929                 goto failed;
1930         }
1931
1932         cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, hdev, data, len);
1933         if (!cmd) {
1934                 err = -ENOMEM;
1935                 goto failed;
1936         }
1937
1938         bacpy(&reply.bdaddr, &cp->addr.bdaddr);
1939         reply.pin_len = cp->pin_len;
1940         memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code));
1941
1942         err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply);
1943         if (err < 0)
1944                 mgmt_pending_remove(cmd);
1945
1946 failed:
1947         hci_dev_unlock(hdev);
1948         hci_dev_put(hdev);
1949
1950         return err;
1951 }
1952
1953 static int pin_code_neg_reply(struct sock *sk, u16 index, void *data, u16 len)
1954 {
1955         struct hci_dev *hdev;
1956         struct mgmt_cp_pin_code_neg_reply *cp = data;
1957         int err;
1958
1959         BT_DBG("");
1960
1961         if (len != sizeof(*cp))
1962                 return cmd_status(sk, index, MGMT_OP_PIN_CODE_NEG_REPLY,
1963                                                 MGMT_STATUS_INVALID_PARAMS);
1964
1965         hdev = hci_dev_get(index);
1966         if (!hdev)
1967                 return cmd_status(sk, index, MGMT_OP_PIN_CODE_NEG_REPLY,
1968                                                 MGMT_STATUS_INVALID_PARAMS);
1969
1970         hci_dev_lock(hdev);
1971
1972         if (!hdev_is_powered(hdev)) {
1973                 err = cmd_status(sk, index, MGMT_OP_PIN_CODE_NEG_REPLY,
1974                                                 MGMT_STATUS_NOT_POWERED);
1975                 goto failed;
1976         }
1977
1978         err = send_pin_code_neg_reply(sk, index, hdev, cp);
1979
1980 failed:
1981         hci_dev_unlock(hdev);
1982         hci_dev_put(hdev);
1983
1984         return err;
1985 }
1986
1987 static int set_io_capability(struct sock *sk, u16 index, void *data, u16 len)
1988 {
1989         struct hci_dev *hdev;
1990         struct mgmt_cp_set_io_capability *cp = data;
1991
1992         BT_DBG("");
1993
1994         if (len != sizeof(*cp))
1995                 return cmd_status(sk, index, MGMT_OP_SET_IO_CAPABILITY,
1996                                                 MGMT_STATUS_INVALID_PARAMS);
1997
1998         hdev = hci_dev_get(index);
1999         if (!hdev)
2000                 return cmd_status(sk, index, MGMT_OP_SET_IO_CAPABILITY,
2001                                                 MGMT_STATUS_INVALID_PARAMS);
2002
2003         hci_dev_lock(hdev);
2004
2005         hdev->io_capability = cp->io_capability;
2006
2007         BT_DBG("%s IO capability set to 0x%02x", hdev->name,
2008                                                         hdev->io_capability);
2009
2010         hci_dev_unlock(hdev);
2011         hci_dev_put(hdev);
2012
2013         return cmd_complete(sk, index, MGMT_OP_SET_IO_CAPABILITY, 0, NULL, 0);
2014 }
2015
2016 static inline struct pending_cmd *find_pairing(struct hci_conn *conn)
2017 {
2018         struct hci_dev *hdev = conn->hdev;
2019         struct pending_cmd *cmd;
2020
2021         list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
2022                 if (cmd->opcode != MGMT_OP_PAIR_DEVICE)
2023                         continue;
2024
2025                 if (cmd->user_data != conn)
2026                         continue;
2027
2028                 return cmd;
2029         }
2030
2031         return NULL;
2032 }
2033
2034 static void pairing_complete(struct pending_cmd *cmd, u8 status)
2035 {
2036         struct mgmt_rp_pair_device rp;
2037         struct hci_conn *conn = cmd->user_data;
2038
2039         bacpy(&rp.addr.bdaddr, &conn->dst);
2040         rp.addr.type = link_to_mgmt(conn->type, conn->dst_type);
2041
2042         cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE, status,
2043                                                         &rp, sizeof(rp));
2044
2045         /* So we don't get further callbacks for this connection */
2046         conn->connect_cfm_cb = NULL;
2047         conn->security_cfm_cb = NULL;
2048         conn->disconn_cfm_cb = NULL;
2049
2050         hci_conn_put(conn);
2051
2052         mgmt_pending_remove(cmd);
2053 }
2054
2055 static void pairing_complete_cb(struct hci_conn *conn, u8 status)
2056 {
2057         struct pending_cmd *cmd;
2058
2059         BT_DBG("status %u", status);
2060
2061         cmd = find_pairing(conn);
2062         if (!cmd)
2063                 BT_DBG("Unable to find a pending command");
2064         else
2065                 pairing_complete(cmd, mgmt_status(status));
2066 }
2067
2068 static int pair_device(struct sock *sk, u16 index, void *data, u16 len)
2069 {
2070         struct hci_dev *hdev;
2071         struct mgmt_cp_pair_device *cp = data;
2072         struct mgmt_rp_pair_device rp;
2073         struct pending_cmd *cmd;
2074         u8 sec_level, auth_type;
2075         struct hci_conn *conn;
2076         int err;
2077
2078         BT_DBG("");
2079
2080         if (len != sizeof(*cp))
2081                 return cmd_status(sk, index, MGMT_OP_PAIR_DEVICE,
2082                                                 MGMT_STATUS_INVALID_PARAMS);
2083
2084         hdev = hci_dev_get(index);
2085         if (!hdev)
2086                 return cmd_status(sk, index, MGMT_OP_PAIR_DEVICE,
2087                                                 MGMT_STATUS_INVALID_PARAMS);
2088
2089         hci_dev_lock(hdev);
2090
2091         if (!hdev_is_powered(hdev)) {
2092                 err = cmd_status(sk, index, MGMT_OP_PAIR_DEVICE,
2093                                                 MGMT_STATUS_NOT_POWERED);
2094                 goto unlock;
2095         }
2096
2097         sec_level = BT_SECURITY_MEDIUM;
2098         if (cp->io_cap == 0x03)
2099                 auth_type = HCI_AT_DEDICATED_BONDING;
2100         else
2101                 auth_type = HCI_AT_DEDICATED_BONDING_MITM;
2102
2103         if (cp->addr.type == MGMT_ADDR_BREDR)
2104                 conn = hci_connect(hdev, ACL_LINK, &cp->addr.bdaddr, sec_level,
2105                                                                 auth_type);
2106         else
2107                 conn = hci_connect(hdev, LE_LINK, &cp->addr.bdaddr, sec_level,
2108                                                                 auth_type);
2109
2110         memset(&rp, 0, sizeof(rp));
2111         bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2112         rp.addr.type = cp->addr.type;
2113
2114         if (IS_ERR(conn)) {
2115                 err = cmd_complete(sk, index, MGMT_OP_PAIR_DEVICE,
2116                                                 MGMT_STATUS_CONNECT_FAILED,
2117                                                 &rp, sizeof(rp));
2118                 goto unlock;
2119         }
2120
2121         if (conn->connect_cfm_cb) {
2122                 hci_conn_put(conn);
2123                 err = cmd_complete(sk, index, MGMT_OP_PAIR_DEVICE,
2124                                         MGMT_STATUS_BUSY, &rp, sizeof(rp));
2125                 goto unlock;
2126         }
2127
2128         cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len);
2129         if (!cmd) {
2130                 err = -ENOMEM;
2131                 hci_conn_put(conn);
2132                 goto unlock;
2133         }
2134
2135         /* For LE, just connecting isn't a proof that the pairing finished */
2136         if (cp->addr.type == MGMT_ADDR_BREDR)
2137                 conn->connect_cfm_cb = pairing_complete_cb;
2138
2139         conn->security_cfm_cb = pairing_complete_cb;
2140         conn->disconn_cfm_cb = pairing_complete_cb;
2141         conn->io_capability = cp->io_cap;
2142         cmd->user_data = conn;
2143
2144         if (conn->state == BT_CONNECTED &&
2145                                 hci_conn_security(conn, sec_level, auth_type))
2146                 pairing_complete(cmd, 0);
2147
2148         err = 0;
2149
2150 unlock:
2151         hci_dev_unlock(hdev);
2152         hci_dev_put(hdev);
2153
2154         return err;
2155 }
2156
2157 static int cancel_pair_device(struct sock *sk, u16 index,
2158                                                 unsigned char *data, u16 len)
2159 {
2160         struct mgmt_addr_info *addr = (void *) data;
2161         struct hci_dev *hdev;
2162         struct pending_cmd *cmd;
2163         struct hci_conn *conn;
2164         int err;
2165
2166         BT_DBG("");
2167
2168         if (len != sizeof(*addr))
2169                 return cmd_status(sk, index, MGMT_OP_CANCEL_PAIR_DEVICE,
2170                                                 MGMT_STATUS_INVALID_PARAMS);
2171
2172         hdev = hci_dev_get(index);
2173         if (!hdev)
2174                 return cmd_status(sk, index, MGMT_OP_CANCEL_PAIR_DEVICE,
2175                                                 MGMT_STATUS_INVALID_PARAMS);
2176
2177         hci_dev_lock(hdev);
2178
2179         if (!hdev_is_powered(hdev)) {
2180                 err = cmd_status(sk, index, MGMT_OP_CANCEL_PAIR_DEVICE,
2181                                                 MGMT_STATUS_NOT_POWERED);
2182                 goto unlock;
2183         }
2184
2185         cmd = mgmt_pending_find(MGMT_OP_PAIR_DEVICE, hdev);
2186         if (!cmd) {
2187                 err = cmd_status(sk, index, MGMT_OP_CANCEL_PAIR_DEVICE,
2188                                                 MGMT_STATUS_INVALID_PARAMS);
2189                 goto unlock;
2190         }
2191
2192         conn = cmd->user_data;
2193
2194         if (bacmp(&addr->bdaddr, &conn->dst) != 0) {
2195                 err = cmd_status(sk, index, MGMT_OP_CANCEL_PAIR_DEVICE,
2196                                                 MGMT_STATUS_INVALID_PARAMS);
2197                 goto unlock;
2198         }
2199
2200         pairing_complete(cmd, MGMT_STATUS_CANCELLED);
2201
2202         err = cmd_complete(sk, index, MGMT_OP_CANCEL_PAIR_DEVICE, 0, addr,
2203                                                                 sizeof(*addr));
2204 unlock:
2205         hci_dev_unlock(hdev);
2206         hci_dev_put(hdev);
2207
2208         return err;
2209 }
2210
2211 static int user_pairing_resp(struct sock *sk, u16 index, bdaddr_t *bdaddr,
2212                                         u8 type, u16 mgmt_op, u16 hci_op,
2213                                         __le32 passkey)
2214 {
2215         struct pending_cmd *cmd;
2216         struct hci_dev *hdev;
2217         struct hci_conn *conn;
2218         int err;
2219
2220         hdev = hci_dev_get(index);
2221         if (!hdev)
2222                 return cmd_status(sk, index, mgmt_op,
2223                                                 MGMT_STATUS_INVALID_PARAMS);
2224
2225         hci_dev_lock(hdev);
2226
2227         if (!hdev_is_powered(hdev)) {
2228                 err = cmd_status(sk, index, mgmt_op, MGMT_STATUS_NOT_POWERED);
2229                 goto done;
2230         }
2231
2232         if (type == MGMT_ADDR_BREDR)
2233                 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, bdaddr);
2234         else
2235                 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, bdaddr);
2236
2237         if (!conn) {
2238                 err = cmd_status(sk, index, mgmt_op,
2239                                                 MGMT_STATUS_NOT_CONNECTED);
2240                 goto done;
2241         }
2242
2243         if (type == MGMT_ADDR_LE_PUBLIC || type == MGMT_ADDR_LE_RANDOM) {
2244                 /* Continue with pairing via SMP */
2245                 err = smp_user_confirm_reply(conn, mgmt_op, passkey);
2246
2247                 if (!err)
2248                         err = cmd_status(sk, index, mgmt_op,
2249                                                         MGMT_STATUS_SUCCESS);
2250                 else
2251                         err = cmd_status(sk, index, mgmt_op,
2252                                                         MGMT_STATUS_FAILED);
2253
2254                 goto done;
2255         }
2256
2257         cmd = mgmt_pending_add(sk, mgmt_op, hdev, bdaddr, sizeof(*bdaddr));
2258         if (!cmd) {
2259                 err = -ENOMEM;
2260                 goto done;
2261         }
2262
2263         /* Continue with pairing via HCI */
2264         if (hci_op == HCI_OP_USER_PASSKEY_REPLY) {
2265                 struct hci_cp_user_passkey_reply cp;
2266
2267                 bacpy(&cp.bdaddr, bdaddr);
2268                 cp.passkey = passkey;
2269                 err = hci_send_cmd(hdev, hci_op, sizeof(cp), &cp);
2270         } else
2271                 err = hci_send_cmd(hdev, hci_op, sizeof(*bdaddr), bdaddr);
2272
2273         if (err < 0)
2274                 mgmt_pending_remove(cmd);
2275
2276 done:
2277         hci_dev_unlock(hdev);
2278         hci_dev_put(hdev);
2279
2280         return err;
2281 }
2282
2283 static int user_confirm_reply(struct sock *sk, u16 index, void *data, u16 len)
2284 {
2285         struct mgmt_cp_user_confirm_reply *cp = data;
2286
2287         BT_DBG("");
2288
2289         if (len != sizeof(*cp))
2290                 return cmd_status(sk, index, MGMT_OP_USER_CONFIRM_REPLY,
2291                                                 MGMT_STATUS_INVALID_PARAMS);
2292
2293         return user_pairing_resp(sk, index, &cp->addr.bdaddr, cp->addr.type,
2294                                                 MGMT_OP_USER_CONFIRM_REPLY,
2295                                                 HCI_OP_USER_CONFIRM_REPLY, 0);
2296 }
2297
2298 static int user_confirm_neg_reply(struct sock *sk, u16 index, void *data,
2299                                                                         u16 len)
2300 {
2301         struct mgmt_cp_user_confirm_neg_reply *cp = data;
2302
2303         BT_DBG("");
2304
2305         if (len != sizeof(*cp))
2306                 return cmd_status(sk, index, MGMT_OP_USER_CONFIRM_NEG_REPLY,
2307                                                 MGMT_STATUS_INVALID_PARAMS);
2308
2309         return user_pairing_resp(sk, index, &cp->addr.bdaddr, cp->addr.type,
2310                                         MGMT_OP_USER_CONFIRM_NEG_REPLY,
2311                                         HCI_OP_USER_CONFIRM_NEG_REPLY, 0);
2312 }
2313
2314 static int user_passkey_reply(struct sock *sk, u16 index, void *data, u16 len)
2315 {
2316         struct mgmt_cp_user_passkey_reply *cp = data;
2317
2318         BT_DBG("");
2319
2320         if (len != sizeof(*cp))
2321                 return cmd_status(sk, index, MGMT_OP_USER_PASSKEY_REPLY,
2322                                                                         EINVAL);
2323
2324         return user_pairing_resp(sk, index, &cp->addr.bdaddr, cp->addr.type,
2325                                                 MGMT_OP_USER_PASSKEY_REPLY,
2326                                                 HCI_OP_USER_PASSKEY_REPLY,
2327                                                 cp->passkey);
2328 }
2329
2330 static int user_passkey_neg_reply(struct sock *sk, u16 index, void *data,
2331                                                                         u16 len)
2332 {
2333         struct mgmt_cp_user_passkey_neg_reply *cp = data;
2334
2335         BT_DBG("");
2336
2337         if (len != sizeof(*cp))
2338                 return cmd_status(sk, index, MGMT_OP_USER_PASSKEY_NEG_REPLY,
2339                                                                         EINVAL);
2340
2341         return user_pairing_resp(sk, index, &cp->addr.bdaddr, cp->addr.type,
2342                                         MGMT_OP_USER_PASSKEY_NEG_REPLY,
2343                                         HCI_OP_USER_PASSKEY_NEG_REPLY, 0);
2344 }
2345
2346 static int set_local_name(struct sock *sk, u16 index, void *data,
2347                                                                 u16 len)
2348 {
2349         struct mgmt_cp_set_local_name *mgmt_cp = data;
2350         struct hci_cp_write_local_name hci_cp;
2351         struct hci_dev *hdev;
2352         struct pending_cmd *cmd;
2353         int err;
2354
2355         BT_DBG("");
2356
2357         if (len != sizeof(*mgmt_cp))
2358                 return cmd_status(sk, index, MGMT_OP_SET_LOCAL_NAME,
2359                                                 MGMT_STATUS_INVALID_PARAMS);
2360
2361         hdev = hci_dev_get(index);
2362         if (!hdev)
2363                 return cmd_status(sk, index, MGMT_OP_SET_LOCAL_NAME,
2364                                                 MGMT_STATUS_INVALID_PARAMS);
2365
2366         hci_dev_lock(hdev);
2367
2368         memcpy(hdev->short_name, mgmt_cp->short_name,
2369                                                 sizeof(hdev->short_name));
2370
2371         if (!hdev_is_powered(hdev)) {
2372                 memcpy(hdev->dev_name, mgmt_cp->name, sizeof(hdev->dev_name));
2373
2374                 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
2375                                                                 data, len);
2376                 if (err < 0)
2377                         goto failed;
2378
2379                 err = mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, data, len,
2380                                                                         sk);
2381
2382                 goto failed;
2383         }
2384
2385         cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, hdev, data, len);
2386         if (!cmd) {
2387                 err = -ENOMEM;
2388                 goto failed;
2389         }
2390
2391         memcpy(hci_cp.name, mgmt_cp->name, sizeof(hci_cp.name));
2392         err = hci_send_cmd(hdev, HCI_OP_WRITE_LOCAL_NAME, sizeof(hci_cp),
2393                                                                 &hci_cp);
2394         if (err < 0)
2395                 mgmt_pending_remove(cmd);
2396
2397 failed:
2398         hci_dev_unlock(hdev);
2399         hci_dev_put(hdev);
2400
2401         return err;
2402 }
2403
2404 static int read_local_oob_data(struct sock *sk, u16 index)
2405 {
2406         struct hci_dev *hdev;
2407         struct pending_cmd *cmd;
2408         int err;
2409
2410         BT_DBG("hci%u", index);
2411
2412         hdev = hci_dev_get(index);
2413         if (!hdev)
2414                 return cmd_status(sk, index, MGMT_OP_READ_LOCAL_OOB_DATA,
2415                                                 MGMT_STATUS_INVALID_PARAMS);
2416
2417         hci_dev_lock(hdev);
2418
2419         if (!hdev_is_powered(hdev)) {
2420                 err = cmd_status(sk, index, MGMT_OP_READ_LOCAL_OOB_DATA,
2421                                                 MGMT_STATUS_NOT_POWERED);
2422                 goto unlock;
2423         }
2424
2425         if (!(hdev->features[6] & LMP_SIMPLE_PAIR)) {
2426                 err = cmd_status(sk, index, MGMT_OP_READ_LOCAL_OOB_DATA,
2427                                                 MGMT_STATUS_NOT_SUPPORTED);
2428                 goto unlock;
2429         }
2430
2431         if (mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev)) {
2432                 err = cmd_status(sk, index, MGMT_OP_READ_LOCAL_OOB_DATA,
2433                                                         MGMT_STATUS_BUSY);
2434                 goto unlock;
2435         }
2436
2437         cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_DATA, hdev, NULL, 0);
2438         if (!cmd) {
2439                 err = -ENOMEM;
2440                 goto unlock;
2441         }
2442
2443         err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
2444         if (err < 0)
2445                 mgmt_pending_remove(cmd);
2446
2447 unlock:
2448         hci_dev_unlock(hdev);
2449         hci_dev_put(hdev);
2450
2451         return err;
2452 }
2453
2454 static int add_remote_oob_data(struct sock *sk, u16 index, void *data,
2455                                                                 u16 len)
2456 {
2457         struct hci_dev *hdev;
2458         struct mgmt_cp_add_remote_oob_data *cp = data;
2459         u8 status;
2460         int err;
2461
2462         BT_DBG("hci%u ", index);
2463
2464         if (len != sizeof(*cp))
2465                 return cmd_status(sk, index, MGMT_OP_ADD_REMOTE_OOB_DATA,
2466                                                 MGMT_STATUS_INVALID_PARAMS);
2467
2468         hdev = hci_dev_get(index);
2469         if (!hdev)
2470                 return cmd_complete(sk, index, MGMT_OP_ADD_REMOTE_OOB_DATA,
2471                                                 MGMT_STATUS_INVALID_PARAMS,
2472                                                 &cp->addr, sizeof(cp->addr));
2473
2474         hci_dev_lock(hdev);
2475
2476         if (!hdev_is_powered(hdev)) {
2477                 err = cmd_complete(sk, index, MGMT_OP_ADD_REMOTE_OOB_DATA,
2478                                                 MGMT_STATUS_NOT_POWERED,
2479                                                 &cp->addr, sizeof(cp->addr));
2480                 goto unlock;
2481         }
2482
2483         err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr, cp->hash,
2484                                                                 cp->randomizer);
2485         if (err < 0)
2486                 status = MGMT_STATUS_FAILED;
2487         else
2488                 status = 0;
2489
2490         err = cmd_complete(sk, index, MGMT_OP_ADD_REMOTE_OOB_DATA, status,
2491                                                 &cp->addr, sizeof(cp->addr));
2492
2493 unlock:
2494         hci_dev_unlock(hdev);
2495         hci_dev_put(hdev);
2496
2497         return err;
2498 }
2499
2500 static int remove_remote_oob_data(struct sock *sk, u16 index,
2501                                                 void *data, u16 len)
2502 {
2503         struct hci_dev *hdev;
2504         struct mgmt_cp_remove_remote_oob_data *cp = data;
2505         u8 status;
2506         int err;
2507
2508         BT_DBG("hci%u ", index);
2509
2510         if (len != sizeof(*cp))
2511                 return cmd_status(sk, index, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
2512                                                 MGMT_STATUS_INVALID_PARAMS);
2513
2514         hdev = hci_dev_get(index);
2515         if (!hdev)
2516                 return cmd_complete(sk, index, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
2517                                                 MGMT_STATUS_INVALID_PARAMS,
2518                                                 &cp->addr, sizeof(cp->addr));
2519
2520         hci_dev_lock(hdev);
2521
2522         if (!hdev_is_powered(hdev)) {
2523                 err = cmd_complete(sk, index, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
2524                                                 MGMT_STATUS_NOT_POWERED,
2525                                                 &cp->addr, sizeof(cp->addr));
2526                 goto unlock;
2527         }
2528
2529         err = hci_remove_remote_oob_data(hdev, &cp->addr.bdaddr);
2530         if (err < 0)
2531                 status = MGMT_STATUS_INVALID_PARAMS;
2532         else
2533                 status = 0;
2534
2535         err = cmd_complete(sk, index, MGMT_OP_REMOVE_REMOTE_OOB_DATA, status,
2536                                                 &cp->addr, sizeof(cp->addr));
2537
2538 unlock:
2539         hci_dev_unlock(hdev);
2540         hci_dev_put(hdev);
2541
2542         return err;
2543 }
2544
2545 int mgmt_interleaved_discovery(struct hci_dev *hdev)
2546 {
2547         int err;
2548
2549         BT_DBG("%s", hdev->name);
2550
2551         hci_dev_lock(hdev);
2552
2553         err = hci_do_inquiry(hdev, INQUIRY_LEN_BREDR_LE);
2554         if (err < 0)
2555                 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
2556
2557         hci_dev_unlock(hdev);
2558
2559         return err;
2560 }
2561
2562 static int start_discovery(struct sock *sk, u16 index,
2563                                                 void *data, u16 len)
2564 {
2565         struct mgmt_cp_start_discovery *cp = data;
2566         struct pending_cmd *cmd;
2567         struct hci_dev *hdev;
2568         int err;
2569
2570         BT_DBG("hci%u", index);
2571
2572         if (len != sizeof(*cp))
2573                 return cmd_status(sk, index, MGMT_OP_START_DISCOVERY,
2574                                                 MGMT_STATUS_INVALID_PARAMS);
2575
2576         hdev = hci_dev_get(index);
2577         if (!hdev)
2578                 return cmd_status(sk, index, MGMT_OP_START_DISCOVERY,
2579                                                 MGMT_STATUS_INVALID_PARAMS);
2580
2581         hci_dev_lock(hdev);
2582
2583         if (!hdev_is_powered(hdev)) {
2584                 err = cmd_status(sk, index, MGMT_OP_START_DISCOVERY,
2585                                                 MGMT_STATUS_NOT_POWERED);
2586                 goto failed;
2587         }
2588
2589         if (hdev->discovery.state != DISCOVERY_STOPPED) {
2590                 err = cmd_status(sk, index, MGMT_OP_START_DISCOVERY,
2591                                                 MGMT_STATUS_BUSY);
2592                 goto failed;
2593         }
2594
2595         cmd = mgmt_pending_add(sk, MGMT_OP_START_DISCOVERY, hdev, NULL, 0);
2596         if (!cmd) {
2597                 err = -ENOMEM;
2598                 goto failed;
2599         }
2600
2601         hdev->discovery.type = cp->type;
2602
2603         switch (hdev->discovery.type) {
2604         case DISCOV_TYPE_BREDR:
2605                 err = hci_do_inquiry(hdev, INQUIRY_LEN_BREDR);
2606                 break;
2607
2608         case DISCOV_TYPE_LE:
2609                 err = hci_le_scan(hdev, LE_SCAN_TYPE, LE_SCAN_INT,
2610                                         LE_SCAN_WIN, LE_SCAN_TIMEOUT_LE_ONLY);
2611                 break;
2612
2613         case DISCOV_TYPE_INTERLEAVED:
2614                 if (lmp_host_le_capable(hdev) && lmp_bredr_capable(hdev))
2615                         err = hci_le_scan(hdev, LE_SCAN_TYPE, LE_SCAN_INT,
2616                                         LE_SCAN_WIN, LE_SCAN_TIMEOUT_BREDR_LE);
2617                 else
2618                         err = -ENOTSUPP;
2619                 break;
2620
2621         default:
2622                 err = -EINVAL;
2623         }
2624
2625         if (err < 0)
2626                 mgmt_pending_remove(cmd);
2627         else
2628                 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
2629
2630 failed:
2631         hci_dev_unlock(hdev);
2632         hci_dev_put(hdev);
2633
2634         return err;
2635 }
2636
2637 static int stop_discovery(struct sock *sk, u16 index, void *data, u16 len)
2638 {
2639         struct mgmt_cp_stop_discovery *mgmt_cp = data;
2640         struct hci_dev *hdev;
2641         struct pending_cmd *cmd;
2642         struct hci_cp_remote_name_req_cancel cp;
2643         struct inquiry_entry *e;
2644         int err;
2645
2646         BT_DBG("hci%u", index);
2647
2648         if (len != sizeof(*mgmt_cp))
2649                 return cmd_status(sk, index, MGMT_OP_STOP_DISCOVERY,
2650                                                 MGMT_STATUS_INVALID_PARAMS);
2651
2652         hdev = hci_dev_get(index);
2653         if (!hdev)
2654                 return cmd_status(sk, index, MGMT_OP_STOP_DISCOVERY,
2655                                                 MGMT_STATUS_INVALID_PARAMS);
2656
2657         hci_dev_lock(hdev);
2658
2659         if (!hci_discovery_active(hdev)) {
2660                 err = cmd_complete(sk, index, MGMT_OP_STOP_DISCOVERY,
2661                                         MGMT_STATUS_REJECTED,
2662                                         &mgmt_cp->type, sizeof(mgmt_cp->type));
2663                 goto unlock;
2664         }
2665
2666         if (hdev->discovery.type != mgmt_cp->type) {
2667                 err = cmd_complete(sk, index, MGMT_OP_STOP_DISCOVERY,
2668                                         MGMT_STATUS_INVALID_PARAMS,
2669                                         &mgmt_cp->type, sizeof(mgmt_cp->type));
2670                 goto unlock;
2671         }
2672
2673         cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, hdev, NULL, 0);
2674         if (!cmd) {
2675                 err = -ENOMEM;
2676                 goto unlock;
2677         }
2678
2679         if (hdev->discovery.state == DISCOVERY_FINDING) {
2680                 err = hci_cancel_inquiry(hdev);
2681                 if (err < 0)
2682                         mgmt_pending_remove(cmd);
2683                 else
2684                         hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
2685                 goto unlock;
2686         }
2687
2688         e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_PENDING);
2689         if (!e) {
2690                 mgmt_pending_remove(cmd);
2691                 err = cmd_complete(sk, index, MGMT_OP_STOP_DISCOVERY, 0,
2692                                         &mgmt_cp->type, sizeof(mgmt_cp->type));
2693                 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
2694                 goto unlock;
2695         }
2696
2697         bacpy(&cp.bdaddr, &e->data.bdaddr);
2698         err = hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ_CANCEL,
2699                                                         sizeof(cp), &cp);
2700         if (err < 0)
2701                 mgmt_pending_remove(cmd);
2702         else
2703                 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
2704
2705 unlock:
2706         hci_dev_unlock(hdev);
2707         hci_dev_put(hdev);
2708
2709         return err;
2710 }
2711
2712 static int confirm_name(struct sock *sk, u16 index, void *data, u16 len)
2713 {
2714         struct mgmt_cp_confirm_name *cp = data;
2715         struct inquiry_entry *e;
2716         struct hci_dev *hdev;
2717         int err;
2718
2719         BT_DBG("hci%u", index);
2720
2721         if (len != sizeof(*cp))
2722                 return cmd_status(sk, index, MGMT_OP_CONFIRM_NAME,
2723                                 MGMT_STATUS_INVALID_PARAMS);
2724
2725         hdev = hci_dev_get(index);
2726         if (!hdev)
2727                 return cmd_status(sk, index, MGMT_OP_CONFIRM_NAME,
2728                                 MGMT_STATUS_INVALID_PARAMS);
2729
2730         hci_dev_lock(hdev);
2731
2732         if (!hci_discovery_active(hdev)) {
2733                 err = cmd_status(sk, index, MGMT_OP_CONFIRM_NAME,
2734                                                         MGMT_STATUS_FAILED);
2735                 goto failed;
2736         }
2737
2738         e = hci_inquiry_cache_lookup_unknown(hdev, &cp->addr.bdaddr);
2739         if (!e) {
2740                 err = cmd_status(sk, index, MGMT_OP_CONFIRM_NAME,
2741                                 MGMT_STATUS_INVALID_PARAMS);
2742                 goto failed;
2743         }
2744
2745         if (cp->name_known) {
2746                 e->name_state = NAME_KNOWN;
2747                 list_del(&e->list);
2748         } else {
2749                 e->name_state = NAME_NEEDED;
2750                 hci_inquiry_cache_update_resolve(hdev, e);
2751         }
2752
2753         err = 0;
2754
2755 failed:
2756         hci_dev_unlock(hdev);
2757
2758         return err;
2759 }
2760
2761 static int block_device(struct sock *sk, u16 index, void *data, u16 len)
2762 {
2763         struct hci_dev *hdev;
2764         struct mgmt_cp_block_device *cp = data;
2765         u8 status;
2766         int err;
2767
2768         BT_DBG("hci%u", index);
2769
2770         if (len != sizeof(*cp))
2771                 return cmd_status(sk, index, MGMT_OP_BLOCK_DEVICE,
2772                                                 MGMT_STATUS_INVALID_PARAMS);
2773
2774         hdev = hci_dev_get(index);
2775         if (!hdev)
2776                 return cmd_complete(sk, index, MGMT_OP_BLOCK_DEVICE,
2777                                                 MGMT_STATUS_INVALID_PARAMS,
2778                                                 &cp->addr, sizeof(cp->addr));
2779
2780         hci_dev_lock(hdev);
2781
2782         err = hci_blacklist_add(hdev, &cp->addr.bdaddr, cp->addr.type);
2783         if (err < 0)
2784                 status = MGMT_STATUS_FAILED;
2785         else
2786                 status = 0;
2787
2788         err = cmd_complete(sk, index, MGMT_OP_BLOCK_DEVICE, status,
2789                                                 &cp->addr, sizeof(cp->addr));
2790
2791         hci_dev_unlock(hdev);
2792         hci_dev_put(hdev);
2793
2794         return err;
2795 }
2796
2797 static int unblock_device(struct sock *sk, u16 index, void *data, u16 len)
2798 {
2799         struct hci_dev *hdev;
2800         struct mgmt_cp_unblock_device *cp = data;
2801         u8 status;
2802         int err;
2803
2804         BT_DBG("hci%u", index);
2805
2806         if (len != sizeof(*cp))
2807                 return cmd_status(sk, index, MGMT_OP_UNBLOCK_DEVICE,
2808                                                 MGMT_STATUS_INVALID_PARAMS);
2809
2810         hdev = hci_dev_get(index);
2811         if (!hdev)
2812                 return cmd_complete(sk, index, MGMT_OP_UNBLOCK_DEVICE,
2813                                                 MGMT_STATUS_INVALID_PARAMS,
2814                                                 &cp->addr, sizeof(cp->addr));
2815
2816         hci_dev_lock(hdev);
2817
2818         err = hci_blacklist_del(hdev, &cp->addr.bdaddr, cp->addr.type);
2819         if (err < 0)
2820                 status = MGMT_STATUS_INVALID_PARAMS;
2821         else
2822                 status = 0;
2823
2824         err = cmd_complete(sk, index, MGMT_OP_UNBLOCK_DEVICE, status,
2825                                                 &cp->addr, sizeof(cp->addr));
2826
2827         hci_dev_unlock(hdev);
2828         hci_dev_put(hdev);
2829
2830         return err;
2831 }
2832
2833 static int set_fast_connectable(struct sock *sk, u16 index,
2834                                         void *data, u16 len)
2835 {
2836         struct hci_dev *hdev;
2837         struct mgmt_mode *cp = data;
2838         struct hci_cp_write_page_scan_activity acp;
2839         u8 type;
2840         int err;
2841
2842         BT_DBG("hci%u", index);
2843
2844         if (len != sizeof(*cp))
2845                 return cmd_status(sk, index, MGMT_OP_SET_FAST_CONNECTABLE,
2846                                                 MGMT_STATUS_INVALID_PARAMS);
2847
2848         hdev = hci_dev_get(index);
2849         if (!hdev)
2850                 return cmd_status(sk, index, MGMT_OP_SET_FAST_CONNECTABLE,
2851                                                 MGMT_STATUS_INVALID_PARAMS);
2852         if (!hdev_is_powered(hdev))
2853                 return cmd_status(sk, index, MGMT_OP_SET_FAST_CONNECTABLE,
2854                                                 MGMT_STATUS_NOT_POWERED);
2855
2856         if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
2857                 return cmd_status(sk, index, MGMT_OP_SET_FAST_CONNECTABLE,
2858                                                         MGMT_STATUS_REJECTED);
2859
2860         hci_dev_lock(hdev);
2861
2862         if (cp->val) {
2863                 type = PAGE_SCAN_TYPE_INTERLACED;
2864                 acp.interval = 0x0024;  /* 22.5 msec page scan interval */
2865         } else {
2866                 type = PAGE_SCAN_TYPE_STANDARD; /* default */
2867                 acp.interval = 0x0800;  /* default 1.28 sec page scan */
2868         }
2869
2870         acp.window = 0x0012;    /* default 11.25 msec page scan window */
2871
2872         err = hci_send_cmd(hdev, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY,
2873                                                 sizeof(acp), &acp);
2874         if (err < 0) {
2875                 err = cmd_status(sk, index, MGMT_OP_SET_FAST_CONNECTABLE,
2876                                                         MGMT_STATUS_FAILED);
2877                 goto done;
2878         }
2879
2880         err = hci_send_cmd(hdev, HCI_OP_WRITE_PAGE_SCAN_TYPE, 1, &type);
2881         if (err < 0) {
2882                 err = cmd_status(sk, index, MGMT_OP_SET_FAST_CONNECTABLE,
2883                                                         MGMT_STATUS_FAILED);
2884                 goto done;
2885         }
2886
2887         err = cmd_complete(sk, index, MGMT_OP_SET_FAST_CONNECTABLE, 0,
2888                                                                 NULL, 0);
2889 done:
2890         hci_dev_unlock(hdev);
2891         hci_dev_put(hdev);
2892
2893         return err;
2894 }
2895
2896 static int load_long_term_keys(struct sock *sk, u16 index,
2897                                         void *cp_data, u16 len)
2898 {
2899         struct hci_dev *hdev;
2900         struct mgmt_cp_load_long_term_keys *cp = cp_data;
2901         u16 key_count, expected_len;
2902         int i;
2903
2904         if (len < sizeof(*cp))
2905                 return cmd_status(sk, index, MGMT_OP_LOAD_LONG_TERM_KEYS,
2906                                                                 EINVAL);
2907
2908         key_count = get_unaligned_le16(&cp->key_count);
2909
2910         expected_len = sizeof(*cp) + key_count *
2911                                         sizeof(struct mgmt_ltk_info);
2912         if (expected_len != len) {
2913                 BT_ERR("load_keys: expected %u bytes, got %u bytes",
2914                                                         len, expected_len);
2915                 return cmd_status(sk, index, MGMT_OP_LOAD_LONG_TERM_KEYS,
2916                                                                 EINVAL);
2917         }
2918
2919         hdev = hci_dev_get(index);
2920         if (!hdev)
2921                 return cmd_status(sk, index, MGMT_OP_LOAD_LONG_TERM_KEYS,
2922                                                                 ENODEV);
2923
2924         BT_DBG("hci%u key_count %u", index, key_count);
2925
2926         hci_dev_lock(hdev);
2927
2928         hci_smp_ltks_clear(hdev);
2929
2930         for (i = 0; i < key_count; i++) {
2931                 struct mgmt_ltk_info *key = &cp->keys[i];
2932                 u8 type;
2933
2934                 if (key->master)
2935                         type = HCI_SMP_LTK;
2936                 else
2937                         type = HCI_SMP_LTK_SLAVE;
2938
2939                 hci_add_ltk(hdev, &key->addr.bdaddr, key->addr.type,
2940                                         type, 0, key->authenticated, key->val,
2941                                         key->enc_size, key->ediv, key->rand);
2942         }
2943
2944         hci_dev_unlock(hdev);
2945         hci_dev_put(hdev);
2946
2947         return 0;
2948 }
2949
2950 int mgmt_control(struct sock *sk, struct msghdr *msg, size_t msglen)
2951 {
2952         void *buf;
2953         u8 *cp;
2954         struct mgmt_hdr *hdr;
2955         u16 opcode, index, len;
2956         int err;
2957
2958         BT_DBG("got %zu bytes", msglen);
2959
2960         if (msglen < sizeof(*hdr))
2961                 return -EINVAL;
2962
2963         buf = kmalloc(msglen, GFP_KERNEL);
2964         if (!buf)
2965                 return -ENOMEM;
2966
2967         if (memcpy_fromiovec(buf, msg->msg_iov, msglen)) {
2968                 err = -EFAULT;
2969                 goto done;
2970         }
2971
2972         hdr = buf;
2973         opcode = get_unaligned_le16(&hdr->opcode);
2974         index = get_unaligned_le16(&hdr->index);
2975         len = get_unaligned_le16(&hdr->len);
2976
2977         if (len != msglen - sizeof(*hdr)) {
2978                 err = -EINVAL;
2979                 goto done;
2980         }
2981
2982         cp = buf + sizeof(*hdr);
2983
2984         switch (opcode) {
2985         case MGMT_OP_READ_VERSION:
2986                 err = read_version(sk);
2987                 break;
2988         case MGMT_OP_READ_COMMANDS:
2989                 err = read_commands(sk);
2990                 break;
2991         case MGMT_OP_READ_INDEX_LIST:
2992                 err = read_index_list(sk);
2993                 break;
2994         case MGMT_OP_READ_INFO:
2995                 err = read_controller_info(sk, index);
2996                 break;
2997         case MGMT_OP_SET_POWERED:
2998                 err = set_powered(sk, index, cp, len);
2999                 break;
3000         case MGMT_OP_SET_DISCOVERABLE:
3001                 err = set_discoverable(sk, index, cp, len);
3002                 break;
3003         case MGMT_OP_SET_CONNECTABLE:
3004                 err = set_connectable(sk, index, cp, len);
3005                 break;
3006         case MGMT_OP_SET_FAST_CONNECTABLE:
3007                 err = set_fast_connectable(sk, index, cp, len);
3008                 break;
3009         case MGMT_OP_SET_PAIRABLE:
3010                 err = set_pairable(sk, index, cp, len);
3011                 break;
3012         case MGMT_OP_SET_LINK_SECURITY:
3013                 err = set_link_security(sk, index, cp, len);
3014                 break;
3015         case MGMT_OP_SET_SSP:
3016                 err = set_ssp(sk, index, cp, len);
3017                 break;
3018         case MGMT_OP_SET_HS:
3019                 err = set_hs(sk, index, cp, len);
3020                 break;
3021         case MGMT_OP_SET_LE:
3022                 err = set_le(sk, index, cp, len);
3023                 break;
3024         case MGMT_OP_ADD_UUID:
3025                 err = add_uuid(sk, index, cp, len);
3026                 break;
3027         case MGMT_OP_REMOVE_UUID:
3028                 err = remove_uuid(sk, index, cp, len);
3029                 break;
3030         case MGMT_OP_SET_DEV_CLASS:
3031                 err = set_dev_class(sk, index, cp, len);
3032                 break;
3033         case MGMT_OP_LOAD_LINK_KEYS:
3034                 err = load_link_keys(sk, index, cp, len);
3035                 break;
3036         case MGMT_OP_DISCONNECT:
3037                 err = disconnect(sk, index, cp, len);
3038                 break;
3039         case MGMT_OP_GET_CONNECTIONS:
3040                 err = get_connections(sk, index);
3041                 break;
3042         case MGMT_OP_PIN_CODE_REPLY:
3043                 err = pin_code_reply(sk, index, cp, len);
3044                 break;
3045         case MGMT_OP_PIN_CODE_NEG_REPLY:
3046                 err = pin_code_neg_reply(sk, index, cp, len);
3047                 break;
3048         case MGMT_OP_SET_IO_CAPABILITY:
3049                 err = set_io_capability(sk, index, cp, len);
3050                 break;
3051         case MGMT_OP_PAIR_DEVICE:
3052                 err = pair_device(sk, index, cp, len);
3053                 break;
3054         case MGMT_OP_CANCEL_PAIR_DEVICE:
3055                 err = cancel_pair_device(sk, index, buf + sizeof(*hdr), len);
3056                 break;
3057         case MGMT_OP_UNPAIR_DEVICE:
3058                 err = unpair_device(sk, index, cp, len);
3059                 break;
3060         case MGMT_OP_USER_CONFIRM_REPLY:
3061                 err = user_confirm_reply(sk, index, cp, len);
3062                 break;
3063         case MGMT_OP_USER_CONFIRM_NEG_REPLY:
3064                 err = user_confirm_neg_reply(sk, index, cp, len);
3065                 break;
3066         case MGMT_OP_USER_PASSKEY_REPLY:
3067                 err = user_passkey_reply(sk, index, cp, len);
3068                 break;
3069         case MGMT_OP_USER_PASSKEY_NEG_REPLY:
3070                 err = user_passkey_neg_reply(sk, index, cp, len);
3071                 break;
3072         case MGMT_OP_SET_LOCAL_NAME:
3073                 err = set_local_name(sk, index, cp, len);
3074                 break;
3075         case MGMT_OP_READ_LOCAL_OOB_DATA:
3076                 err = read_local_oob_data(sk, index);
3077                 break;
3078         case MGMT_OP_ADD_REMOTE_OOB_DATA:
3079                 err = add_remote_oob_data(sk, index, cp, len);
3080                 break;
3081         case MGMT_OP_REMOVE_REMOTE_OOB_DATA:
3082                 err = remove_remote_oob_data(sk, index, cp, len);
3083                 break;
3084         case MGMT_OP_START_DISCOVERY:
3085                 err = start_discovery(sk, index, cp, len);
3086                 break;
3087         case MGMT_OP_STOP_DISCOVERY:
3088                 err = stop_discovery(sk, index, cp, len);
3089                 break;
3090         case MGMT_OP_CONFIRM_NAME:
3091                 err = confirm_name(sk, index, cp, len);
3092                 break;
3093         case MGMT_OP_BLOCK_DEVICE:
3094                 err = block_device(sk, index, cp, len);
3095                 break;
3096         case MGMT_OP_UNBLOCK_DEVICE:
3097                 err = unblock_device(sk, index, cp, len);
3098                 break;
3099         case MGMT_OP_LOAD_LONG_TERM_KEYS:
3100                 err = load_long_term_keys(sk, index, cp, len);
3101                 break;
3102         default:
3103                 BT_DBG("Unknown op %u", opcode);
3104                 err = cmd_status(sk, index, opcode,
3105                                                 MGMT_STATUS_UNKNOWN_COMMAND);
3106                 break;
3107         }
3108
3109         if (err < 0)
3110                 goto done;
3111
3112         err = msglen;
3113
3114 done:
3115         kfree(buf);
3116         return err;
3117 }
3118
3119 static void cmd_status_rsp(struct pending_cmd *cmd, void *data)
3120 {
3121         u8 *status = data;
3122
3123         cmd_status(cmd->sk, cmd->index, cmd->opcode, *status);
3124         mgmt_pending_remove(cmd);
3125 }
3126
3127 int mgmt_index_added(struct hci_dev *hdev)
3128 {
3129         return mgmt_event(MGMT_EV_INDEX_ADDED, hdev, NULL, 0, NULL);
3130 }
3131
3132 int mgmt_index_removed(struct hci_dev *hdev)
3133 {
3134         u8 status = ENODEV;
3135
3136         mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status);
3137
3138         return mgmt_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0, NULL);
3139 }
3140
3141 struct cmd_lookup {
3142         struct sock *sk;
3143         struct hci_dev *hdev;
3144         u8 mgmt_status;
3145 };
3146
3147 static void settings_rsp(struct pending_cmd *cmd, void *data)
3148 {
3149         struct cmd_lookup *match = data;
3150
3151         send_settings_rsp(cmd->sk, cmd->opcode, match->hdev);
3152
3153         list_del(&cmd->list);
3154
3155         if (match->sk == NULL) {
3156                 match->sk = cmd->sk;
3157                 sock_hold(match->sk);
3158         }
3159
3160         mgmt_pending_free(cmd);
3161 }
3162
3163 int mgmt_powered(struct hci_dev *hdev, u8 powered)
3164 {
3165         struct cmd_lookup match = { NULL, hdev };
3166         int err;
3167
3168         if (!test_bit(HCI_MGMT, &hdev->dev_flags))
3169                 return 0;
3170
3171         mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
3172
3173         if (powered) {
3174                 u8 scan = 0;
3175
3176                 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
3177                         scan |= SCAN_PAGE;
3178                 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
3179                         scan |= SCAN_INQUIRY;
3180
3181                 if (scan)
3182                         hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
3183
3184                 update_class(hdev);
3185                 update_eir(hdev);
3186         } else {
3187                 u8 status = ENETDOWN;
3188                 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status);
3189         }
3190
3191         err = new_settings(hdev, match.sk);
3192
3193         if (match.sk)
3194                 sock_put(match.sk);
3195
3196         return err;
3197 }
3198
3199 int mgmt_discoverable(struct hci_dev *hdev, u8 discoverable)
3200 {
3201         struct cmd_lookup match = { NULL, hdev };
3202         bool changed = false;
3203         int err = 0;
3204
3205         if (discoverable) {
3206                 if (!test_and_set_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
3207                         changed = true;
3208         } else {
3209                 if (test_and_clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
3210                         changed = true;
3211         }
3212
3213         mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev, settings_rsp,
3214                                                                 &match);
3215
3216         if (changed)
3217                 err = new_settings(hdev, match.sk);
3218
3219         if (match.sk)
3220                 sock_put(match.sk);
3221
3222         return err;
3223 }
3224
3225 int mgmt_connectable(struct hci_dev *hdev, u8 connectable)
3226 {
3227         struct cmd_lookup match = { NULL, hdev };
3228         bool changed = false;
3229         int err = 0;
3230
3231         if (connectable) {
3232                 if (!test_and_set_bit(HCI_CONNECTABLE, &hdev->dev_flags))
3233                         changed = true;
3234         } else {
3235                 if (test_and_clear_bit(HCI_CONNECTABLE, &hdev->dev_flags))
3236                         changed = true;
3237         }
3238
3239         mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, hdev, settings_rsp,
3240                                                                 &match);
3241
3242         if (changed)
3243                 err = new_settings(hdev, match.sk);
3244
3245         if (match.sk)
3246                 sock_put(match.sk);
3247
3248         return err;
3249 }
3250
3251 int mgmt_write_scan_failed(struct hci_dev *hdev, u8 scan, u8 status)
3252 {
3253         u8 mgmt_err = mgmt_status(status);
3254
3255         if (scan & SCAN_PAGE)
3256                 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, hdev,
3257                                                 cmd_status_rsp, &mgmt_err);
3258
3259         if (scan & SCAN_INQUIRY)
3260                 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev,
3261                                                 cmd_status_rsp, &mgmt_err);
3262
3263         return 0;
3264 }
3265
3266 int mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key,
3267                                                                 u8 persistent)
3268 {
3269         struct mgmt_ev_new_link_key ev;
3270
3271         memset(&ev, 0, sizeof(ev));
3272
3273         ev.store_hint = persistent;
3274         bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
3275         ev.key.addr.type = MGMT_ADDR_BREDR;
3276         ev.key.type = key->type;
3277         memcpy(ev.key.val, key->val, 16);
3278         ev.key.pin_len = key->pin_len;
3279
3280         return mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL);
3281 }
3282
3283 int mgmt_new_ltk(struct hci_dev *hdev, struct smp_ltk *key, u8 persistent)
3284 {
3285         struct mgmt_ev_new_long_term_key ev;
3286
3287         memset(&ev, 0, sizeof(ev));
3288
3289         ev.store_hint = persistent;
3290         bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
3291         ev.key.addr.type = key->bdaddr_type;
3292         ev.key.authenticated = key->authenticated;
3293         ev.key.enc_size = key->enc_size;
3294         ev.key.ediv = key->ediv;
3295
3296         if (key->type == HCI_SMP_LTK)
3297                 ev.key.master = 1;
3298
3299         memcpy(ev.key.rand, key->rand, sizeof(key->rand));
3300         memcpy(ev.key.val, key->val, sizeof(key->val));
3301
3302         return mgmt_event(MGMT_EV_NEW_LONG_TERM_KEY, hdev,
3303                                                 &ev, sizeof(ev), NULL);
3304 }
3305
3306 int mgmt_device_connected(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
3307                                         u8 addr_type, u32 flags, u8 *name,
3308                                         u8 name_len, u8 *dev_class)
3309 {
3310         char buf[512];
3311         struct mgmt_ev_device_connected *ev = (void *) buf;
3312         u16 eir_len = 0;
3313
3314         bacpy(&ev->addr.bdaddr, bdaddr);
3315         ev->addr.type = link_to_mgmt(link_type, addr_type);
3316
3317         ev->flags = __cpu_to_le32(flags);
3318
3319         if (name_len > 0)
3320                 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE,
3321                                                                 name, name_len);
3322
3323         if (dev_class && memcmp(dev_class, "\0\0\0", 3) != 0)
3324                 eir_len = eir_append_data(&ev->eir[eir_len], eir_len,
3325                                         EIR_CLASS_OF_DEV, dev_class, 3);
3326
3327         put_unaligned_le16(eir_len, &ev->eir_len);
3328
3329         return mgmt_event(MGMT_EV_DEVICE_CONNECTED, hdev, buf,
3330                                                 sizeof(*ev) + eir_len, NULL);
3331 }
3332
3333 static void disconnect_rsp(struct pending_cmd *cmd, void *data)
3334 {
3335         struct mgmt_cp_disconnect *cp = cmd->param;
3336         struct sock **sk = data;
3337         struct mgmt_rp_disconnect rp;
3338
3339         bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
3340         rp.addr.type = cp->addr.type;
3341
3342         cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT, 0, &rp,
3343                                                                 sizeof(rp));
3344
3345         *sk = cmd->sk;
3346         sock_hold(*sk);
3347
3348         mgmt_pending_remove(cmd);
3349 }
3350
3351 static void unpair_device_rsp(struct pending_cmd *cmd, void *data)
3352 {
3353         struct hci_dev *hdev = data;
3354         struct mgmt_cp_unpair_device *cp = cmd->param;
3355         struct mgmt_rp_unpair_device rp;
3356
3357         memset(&rp, 0, sizeof(rp));
3358         bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
3359         rp.addr.type = cp->addr.type;
3360
3361         device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, cmd->sk);
3362
3363         cmd_complete(cmd->sk, cmd->index, cmd->opcode, 0, &rp, sizeof(rp));
3364
3365         mgmt_pending_remove(cmd);
3366 }
3367
3368 int mgmt_device_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr,
3369                                                 u8 link_type, u8 addr_type)
3370 {
3371         struct mgmt_addr_info ev;
3372         struct sock *sk = NULL;
3373         int err;
3374
3375         mgmt_pending_foreach(MGMT_OP_DISCONNECT, hdev, disconnect_rsp, &sk);
3376
3377         bacpy(&ev.bdaddr, bdaddr);
3378         ev.type = link_to_mgmt(link_type, addr_type);
3379
3380         err = mgmt_event(MGMT_EV_DEVICE_DISCONNECTED, hdev, &ev, sizeof(ev),
3381                                                                         sk);
3382
3383         if (sk)
3384                 sock_put(sk);
3385
3386         mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
3387                                                                         hdev);
3388
3389         return err;
3390 }
3391
3392 int mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr,
3393                                         u8 link_type, u8 addr_type, u8 status)
3394 {
3395         struct mgmt_rp_disconnect rp;
3396         struct pending_cmd *cmd;
3397         int err;
3398
3399         cmd = mgmt_pending_find(MGMT_OP_DISCONNECT, hdev);
3400         if (!cmd)
3401                 return -ENOENT;
3402
3403         bacpy(&rp.addr.bdaddr, bdaddr);
3404         rp.addr.type = link_to_mgmt(link_type, addr_type);
3405
3406         err = cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT,
3407                                         mgmt_status(status), &rp, sizeof(rp));
3408
3409         mgmt_pending_remove(cmd);
3410
3411         mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
3412                                                                         hdev);
3413         return err;
3414 }
3415
3416 int mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
3417                                                 u8 addr_type, u8 status)
3418 {
3419         struct mgmt_ev_connect_failed ev;
3420
3421         bacpy(&ev.addr.bdaddr, bdaddr);
3422         ev.addr.type = link_to_mgmt(link_type, addr_type);
3423         ev.status = mgmt_status(status);
3424
3425         return mgmt_event(MGMT_EV_CONNECT_FAILED, hdev, &ev, sizeof(ev), NULL);
3426 }
3427
3428 int mgmt_pin_code_request(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 secure)
3429 {
3430         struct mgmt_ev_pin_code_request ev;
3431
3432         bacpy(&ev.addr.bdaddr, bdaddr);
3433         ev.addr.type = MGMT_ADDR_BREDR;
3434         ev.secure = secure;
3435
3436         return mgmt_event(MGMT_EV_PIN_CODE_REQUEST, hdev, &ev, sizeof(ev),
3437                                                                         NULL);
3438 }
3439
3440 int mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
3441                                                                 u8 status)
3442 {
3443         struct pending_cmd *cmd;
3444         struct mgmt_rp_pin_code_reply rp;
3445         int err;
3446
3447         cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_REPLY, hdev);
3448         if (!cmd)
3449                 return -ENOENT;
3450
3451         bacpy(&rp.addr.bdaddr, bdaddr);
3452         rp.addr.type = MGMT_ADDR_BREDR;
3453
3454         err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
3455                                         mgmt_status(status), &rp, sizeof(rp));
3456
3457         mgmt_pending_remove(cmd);
3458
3459         return err;
3460 }
3461
3462 int mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
3463                                                                 u8 status)
3464 {
3465         struct pending_cmd *cmd;
3466         struct mgmt_rp_pin_code_reply rp;
3467         int err;
3468
3469         cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, hdev);
3470         if (!cmd)
3471                 return -ENOENT;
3472
3473         bacpy(&rp.addr.bdaddr, bdaddr);
3474         rp.addr.type = MGMT_ADDR_BREDR;
3475
3476         err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_NEG_REPLY,
3477                                         mgmt_status(status), &rp, sizeof(rp));
3478
3479         mgmt_pending_remove(cmd);
3480
3481         return err;
3482 }
3483
3484 int mgmt_user_confirm_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
3485                                 u8 link_type, u8 addr_type, __le32 value,
3486                                 u8 confirm_hint)
3487 {
3488         struct mgmt_ev_user_confirm_request ev;
3489
3490         BT_DBG("%s", hdev->name);
3491
3492         bacpy(&ev.addr.bdaddr, bdaddr);
3493         ev.addr.type = link_to_mgmt(link_type, addr_type);
3494         ev.confirm_hint = confirm_hint;
3495         put_unaligned_le32(value, &ev.value);
3496
3497         return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, hdev, &ev, sizeof(ev),
3498                                                                         NULL);
3499 }
3500
3501 int mgmt_user_passkey_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
3502                                                 u8 link_type, u8 addr_type)
3503 {
3504         struct mgmt_ev_user_passkey_request ev;
3505
3506         BT_DBG("%s", hdev->name);
3507
3508         bacpy(&ev.addr.bdaddr, bdaddr);
3509         ev.addr.type = link_to_mgmt(link_type, addr_type);
3510
3511         return mgmt_event(MGMT_EV_USER_PASSKEY_REQUEST, hdev, &ev, sizeof(ev),
3512                                                                         NULL);
3513 }
3514
3515 static int user_pairing_resp_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
3516                                         u8 link_type, u8 addr_type, u8 status,
3517                                         u8 opcode)
3518 {
3519         struct pending_cmd *cmd;
3520         struct mgmt_rp_user_confirm_reply rp;
3521         int err;
3522
3523         cmd = mgmt_pending_find(opcode, hdev);
3524         if (!cmd)
3525                 return -ENOENT;
3526
3527         bacpy(&rp.addr.bdaddr, bdaddr);
3528         rp.addr.type = link_to_mgmt(link_type, addr_type);
3529         err = cmd_complete(cmd->sk, hdev->id, opcode, mgmt_status(status),
3530                                                         &rp, sizeof(rp));
3531
3532         mgmt_pending_remove(cmd);
3533
3534         return err;
3535 }
3536
3537 int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
3538                                         u8 link_type, u8 addr_type, u8 status)
3539 {
3540         return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
3541                                         status, MGMT_OP_USER_CONFIRM_REPLY);
3542 }
3543
3544 int mgmt_user_confirm_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
3545                                         u8 link_type, u8 addr_type, u8 status)
3546 {
3547         return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
3548                                         status, MGMT_OP_USER_CONFIRM_NEG_REPLY);
3549 }
3550
3551 int mgmt_user_passkey_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
3552                                         u8 link_type, u8 addr_type, u8 status)
3553 {
3554         return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
3555                                         status, MGMT_OP_USER_PASSKEY_REPLY);
3556 }
3557
3558 int mgmt_user_passkey_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
3559                                         u8 link_type, u8 addr_type, u8 status)
3560 {
3561         return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
3562                                         status, MGMT_OP_USER_PASSKEY_NEG_REPLY);
3563 }
3564
3565 int mgmt_auth_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
3566                                                 u8 addr_type, u8 status)
3567 {
3568         struct mgmt_ev_auth_failed ev;
3569
3570         bacpy(&ev.addr.bdaddr, bdaddr);
3571         ev.addr.type = link_to_mgmt(link_type, addr_type);
3572         ev.status = mgmt_status(status);
3573
3574         return mgmt_event(MGMT_EV_AUTH_FAILED, hdev, &ev, sizeof(ev), NULL);
3575 }
3576
3577 int mgmt_auth_enable_complete(struct hci_dev *hdev, u8 status)
3578 {
3579         struct cmd_lookup match = { NULL, hdev };
3580         bool changed = false;
3581         int err = 0;
3582
3583         if (status) {
3584                 u8 mgmt_err = mgmt_status(status);
3585                 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev,
3586                                                 cmd_status_rsp, &mgmt_err);
3587                 return 0;
3588         }
3589
3590         if (test_bit(HCI_AUTH, &hdev->flags)) {
3591                 if (!test_and_set_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
3592                         changed = true;
3593         } else {
3594                 if (test_and_clear_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
3595                         changed = true;
3596         }
3597
3598         mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev, settings_rsp,
3599                                                                 &match);
3600
3601         if (changed)
3602                 err = new_settings(hdev, match.sk);
3603
3604         if (match.sk)
3605                 sock_put(match.sk);
3606
3607         return err;
3608 }
3609
3610 static int clear_eir(struct hci_dev *hdev)
3611 {
3612         struct hci_cp_write_eir cp;
3613
3614         if (!(hdev->features[6] & LMP_EXT_INQ))
3615                 return 0;
3616
3617         memset(hdev->eir, 0, sizeof(hdev->eir));
3618
3619         memset(&cp, 0, sizeof(cp));
3620
3621         return hci_send_cmd(hdev, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
3622 }
3623
3624 int mgmt_ssp_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
3625 {
3626         struct cmd_lookup match = { NULL, hdev };
3627         bool changed = false;
3628         int err = 0;
3629
3630         if (status) {
3631                 u8 mgmt_err = mgmt_status(status);
3632
3633                 if (enable && test_and_clear_bit(HCI_SSP_ENABLED,
3634                                                         &hdev->dev_flags))
3635                         err = new_settings(hdev, NULL);
3636
3637                 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev,
3638                                                 cmd_status_rsp, &mgmt_err);
3639
3640                 return err;
3641         }
3642
3643         if (enable) {
3644                 if (!test_and_set_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
3645                         changed = true;
3646         } else {
3647                 if (test_and_clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
3648                         changed = true;
3649         }
3650
3651         mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, settings_rsp, &match);
3652
3653         if (changed)
3654                 err = new_settings(hdev, match.sk);
3655
3656         if (match.sk)
3657                 sock_put(match.sk);
3658
3659         if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
3660                 update_eir(hdev);
3661         else
3662                 clear_eir(hdev);
3663
3664         return err;
3665 }
3666
3667 static void class_rsp(struct pending_cmd *cmd, void *data)
3668 {
3669         struct cmd_lookup *match = data;
3670
3671         cmd_complete(cmd->sk, cmd->index, cmd->opcode, match->mgmt_status,
3672                                                 match->hdev->dev_class, 3);
3673
3674         list_del(&cmd->list);
3675
3676         if (match->sk == NULL) {
3677                 match->sk = cmd->sk;
3678                 sock_hold(match->sk);
3679         }
3680
3681         mgmt_pending_free(cmd);
3682 }
3683
3684 int mgmt_set_class_of_dev_complete(struct hci_dev *hdev, u8 *dev_class,
3685                                                                 u8 status)
3686 {
3687         struct cmd_lookup match = { NULL, hdev, mgmt_status(status) };
3688         int err = 0;
3689
3690         clear_bit(HCI_PENDING_CLASS, &hdev->dev_flags);
3691
3692         mgmt_pending_foreach(MGMT_OP_SET_DEV_CLASS, hdev, class_rsp, &match);
3693         mgmt_pending_foreach(MGMT_OP_ADD_UUID, hdev, class_rsp, &match);
3694         mgmt_pending_foreach(MGMT_OP_REMOVE_UUID, hdev, class_rsp, &match);
3695
3696         if (!status)
3697                 err = mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev,
3698                                                         dev_class, 3, NULL);
3699
3700         if (match.sk)
3701                 sock_put(match.sk);
3702
3703         return err;
3704 }
3705
3706 int mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status)
3707 {
3708         struct pending_cmd *cmd;
3709         struct mgmt_cp_set_local_name ev;
3710         bool changed = false;
3711         int err = 0;
3712
3713         if (memcmp(name, hdev->dev_name, sizeof(hdev->dev_name)) != 0) {
3714                 memcpy(hdev->dev_name, name, sizeof(hdev->dev_name));
3715                 changed = true;
3716         }
3717
3718         memset(&ev, 0, sizeof(ev));
3719         memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
3720         memcpy(ev.short_name, hdev->short_name, HCI_MAX_SHORT_NAME_LENGTH);
3721
3722         cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
3723         if (!cmd)
3724                 goto send_event;
3725
3726         /* Always assume that either the short or the complete name has
3727          * changed if there was a pending mgmt command */
3728         changed = true;
3729
3730         if (status) {
3731                 err = cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME,
3732                                                         mgmt_status(status));
3733                 goto failed;
3734         }
3735
3736         err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0, &ev,
3737                                                                 sizeof(ev));
3738         if (err < 0)
3739                 goto failed;
3740
3741 send_event:
3742         if (changed)
3743                 err = mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, &ev,
3744                                         sizeof(ev), cmd ? cmd->sk : NULL);
3745
3746         update_eir(hdev);
3747
3748 failed:
3749         if (cmd)
3750                 mgmt_pending_remove(cmd);
3751         return err;
3752 }
3753
3754 int mgmt_read_local_oob_data_reply_complete(struct hci_dev *hdev, u8 *hash,
3755                                                 u8 *randomizer, u8 status)
3756 {
3757         struct pending_cmd *cmd;
3758         int err;
3759
3760         BT_DBG("%s status %u", hdev->name, status);
3761
3762         cmd = mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev);
3763         if (!cmd)
3764                 return -ENOENT;
3765
3766         if (status) {
3767                 err = cmd_status(cmd->sk, hdev->id,
3768                                                 MGMT_OP_READ_LOCAL_OOB_DATA,
3769                                                 mgmt_status(status));
3770         } else {
3771                 struct mgmt_rp_read_local_oob_data rp;
3772
3773                 memcpy(rp.hash, hash, sizeof(rp.hash));
3774                 memcpy(rp.randomizer, randomizer, sizeof(rp.randomizer));
3775
3776                 err = cmd_complete(cmd->sk, hdev->id,
3777                                                 MGMT_OP_READ_LOCAL_OOB_DATA,
3778                                                 0, &rp, sizeof(rp));
3779         }
3780
3781         mgmt_pending_remove(cmd);
3782
3783         return err;
3784 }
3785
3786 int mgmt_le_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
3787 {
3788         struct cmd_lookup match = { NULL, hdev };
3789         bool changed = false;
3790         int err = 0;
3791
3792         if (status) {
3793                 u8 mgmt_err = mgmt_status(status);
3794
3795                 if (enable && test_and_clear_bit(HCI_LE_ENABLED,
3796                                                         &hdev->dev_flags))
3797                         err = new_settings(hdev, NULL);
3798
3799                 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev,
3800                                                 cmd_status_rsp, &mgmt_err);
3801
3802                 return err;
3803         }
3804
3805         if (enable) {
3806                 if (!test_and_set_bit(HCI_LE_ENABLED, &hdev->dev_flags))
3807                         changed = true;
3808         } else {
3809                 if (test_and_clear_bit(HCI_LE_ENABLED, &hdev->dev_flags))
3810                         changed = true;
3811         }
3812
3813         mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, settings_rsp, &match);
3814
3815         if (changed)
3816                 err = new_settings(hdev, match.sk);
3817
3818         if (match.sk)
3819                 sock_put(match.sk);
3820
3821         return err;
3822 }
3823
3824 int mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
3825                                 u8 addr_type, u8 *dev_class, s8 rssi,
3826                                 u8 cfm_name, u8 ssp, u8 *eir, u16 eir_len)
3827 {
3828         char buf[512];
3829         struct mgmt_ev_device_found *ev = (void *) buf;
3830         size_t ev_size;
3831
3832         /* Leave 5 bytes for a potential CoD field */
3833         if (sizeof(*ev) + eir_len + 5 > sizeof(buf))
3834                 return -EINVAL;
3835
3836         memset(buf, 0, sizeof(buf));
3837
3838         bacpy(&ev->addr.bdaddr, bdaddr);
3839         ev->addr.type = link_to_mgmt(link_type, addr_type);
3840         ev->rssi = rssi;
3841         if (cfm_name)
3842                 ev->flags[0] |= MGMT_DEV_FOUND_CONFIRM_NAME;
3843         if (!ssp)
3844                 ev->flags[0] |= MGMT_DEV_FOUND_LEGACY_PAIRING;
3845
3846         if (eir_len > 0)
3847                 memcpy(ev->eir, eir, eir_len);
3848
3849         if (dev_class && !eir_has_data_type(ev->eir, eir_len, EIR_CLASS_OF_DEV))
3850                 eir_len = eir_append_data(ev->eir, eir_len, EIR_CLASS_OF_DEV,
3851                                                                 dev_class, 3);
3852
3853         put_unaligned_le16(eir_len, &ev->eir_len);
3854
3855         ev_size = sizeof(*ev) + eir_len;
3856
3857         return mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, ev_size, NULL);
3858 }
3859
3860 int mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
3861                                 u8 addr_type, s8 rssi, u8 *name, u8 name_len)
3862 {
3863         struct mgmt_ev_device_found *ev;
3864         char buf[sizeof(*ev) + HCI_MAX_NAME_LENGTH + 2];
3865         u16 eir_len;
3866
3867         ev = (struct mgmt_ev_device_found *) buf;
3868
3869         memset(buf, 0, sizeof(buf));
3870
3871         bacpy(&ev->addr.bdaddr, bdaddr);
3872         ev->addr.type = link_to_mgmt(link_type, addr_type);
3873         ev->rssi = rssi;
3874
3875         eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE, name,
3876                                                                 name_len);
3877
3878         put_unaligned_le16(eir_len, &ev->eir_len);
3879
3880         return mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev,
3881                                                 sizeof(*ev) + eir_len, NULL);
3882 }
3883
3884 int mgmt_start_discovery_failed(struct hci_dev *hdev, u8 status)
3885 {
3886         struct pending_cmd *cmd;
3887         u8 type;
3888         int err;
3889
3890         hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3891
3892         cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
3893         if (!cmd)
3894                 return -ENOENT;
3895
3896         type = hdev->discovery.type;
3897
3898         err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
3899                                                         &type, sizeof(type));
3900         mgmt_pending_remove(cmd);
3901
3902         return err;
3903 }
3904
3905 int mgmt_stop_discovery_failed(struct hci_dev *hdev, u8 status)
3906 {
3907         struct pending_cmd *cmd;
3908         int err;
3909
3910         cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
3911         if (!cmd)
3912                 return -ENOENT;
3913
3914         err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
3915                                                 &hdev->discovery.type,
3916                                                 sizeof(hdev->discovery.type));
3917         mgmt_pending_remove(cmd);
3918
3919         return err;
3920 }
3921
3922 int mgmt_discovering(struct hci_dev *hdev, u8 discovering)
3923 {
3924         struct mgmt_ev_discovering ev;
3925         struct pending_cmd *cmd;
3926
3927         BT_DBG("%s discovering %u", hdev->name, discovering);
3928
3929         if (discovering)
3930                 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
3931         else
3932                 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
3933
3934         if (cmd != NULL) {
3935                 u8 type = hdev->discovery.type;
3936
3937                 cmd_complete(cmd->sk, hdev->id, cmd->opcode, 0,
3938                                                         &type, sizeof(type));
3939                 mgmt_pending_remove(cmd);
3940         }
3941
3942         memset(&ev, 0, sizeof(ev));
3943         ev.type = hdev->discovery.type;
3944         ev.discovering = discovering;
3945
3946         return mgmt_event(MGMT_EV_DISCOVERING, hdev, &ev, sizeof(ev), NULL);
3947 }
3948
3949 int mgmt_device_blocked(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
3950 {
3951         struct pending_cmd *cmd;
3952         struct mgmt_ev_device_blocked ev;
3953
3954         cmd = mgmt_pending_find(MGMT_OP_BLOCK_DEVICE, hdev);
3955
3956         bacpy(&ev.addr.bdaddr, bdaddr);
3957         ev.addr.type = type;
3958
3959         return mgmt_event(MGMT_EV_DEVICE_BLOCKED, hdev, &ev, sizeof(ev),
3960                                                         cmd ? cmd->sk : NULL);
3961 }
3962
3963 int mgmt_device_unblocked(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
3964 {
3965         struct pending_cmd *cmd;
3966         struct mgmt_ev_device_unblocked ev;
3967
3968         cmd = mgmt_pending_find(MGMT_OP_UNBLOCK_DEVICE, hdev);
3969
3970         bacpy(&ev.addr.bdaddr, bdaddr);
3971         ev.addr.type = type;
3972
3973         return mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, hdev, &ev, sizeof(ev),
3974                                                         cmd ? cmd->sk : NULL);
3975 }
3976
3977 module_param(enable_hs, bool, 0644);
3978 MODULE_PARM_DESC(enable_hs, "Enable High Speed support");
3979
3980 module_param(enable_le, bool, 0644);
3981 MODULE_PARM_DESC(enable_le, "Enable Low Energy support");