module: make module param bint handle nul value
[linux-2.6.git] / net / bluetooth / mgmt.c
1 /*
2    BlueZ - Bluetooth protocol stack for Linux
3    Copyright (C) 2010  Nokia Corporation
4
5    This program is free software; you can redistribute it and/or modify
6    it under the terms of the GNU General Public License version 2 as
7    published by the Free Software Foundation;
8
9    THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
10    OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
11    FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
12    IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
13    CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
14    WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15    ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
16    OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17
18    ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
19    COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
20    SOFTWARE IS DISCLAIMED.
21 */
22
23 /* Bluetooth HCI Management interface */
24
25 #include <linux/kernel.h>
26 #include <linux/uaccess.h>
27 #include <linux/module.h>
28 #include <asm/unaligned.h>
29
30 #include <net/bluetooth/bluetooth.h>
31 #include <net/bluetooth/hci_core.h>
32 #include <net/bluetooth/mgmt.h>
33 #include <net/bluetooth/smp.h>
34
35 #define MGMT_VERSION    0
36 #define MGMT_REVISION   1
37
38 #define INQUIRY_LEN_BREDR 0x08 /* TGAP(100) */
39
40 #define SERVICE_CACHE_TIMEOUT (5 * 1000)
41
42 struct pending_cmd {
43         struct list_head list;
44         u16 opcode;
45         int index;
46         void *param;
47         struct sock *sk;
48         void *user_data;
49 };
50
51 /* HCI to MGMT error code conversion table */
52 static u8 mgmt_status_table[] = {
53         MGMT_STATUS_SUCCESS,
54         MGMT_STATUS_UNKNOWN_COMMAND,    /* Unknown Command */
55         MGMT_STATUS_NOT_CONNECTED,      /* No Connection */
56         MGMT_STATUS_FAILED,             /* Hardware Failure */
57         MGMT_STATUS_CONNECT_FAILED,     /* Page Timeout */
58         MGMT_STATUS_AUTH_FAILED,        /* Authentication Failed */
59         MGMT_STATUS_NOT_PAIRED,         /* PIN or Key Missing */
60         MGMT_STATUS_NO_RESOURCES,       /* Memory Full */
61         MGMT_STATUS_TIMEOUT,            /* Connection Timeout */
62         MGMT_STATUS_NO_RESOURCES,       /* Max Number of Connections */
63         MGMT_STATUS_NO_RESOURCES,       /* Max Number of SCO Connections */
64         MGMT_STATUS_ALREADY_CONNECTED,  /* ACL Connection Exists */
65         MGMT_STATUS_BUSY,               /* Command Disallowed */
66         MGMT_STATUS_NO_RESOURCES,       /* Rejected Limited Resources */
67         MGMT_STATUS_REJECTED,           /* Rejected Security */
68         MGMT_STATUS_REJECTED,           /* Rejected Personal */
69         MGMT_STATUS_TIMEOUT,            /* Host Timeout */
70         MGMT_STATUS_NOT_SUPPORTED,      /* Unsupported Feature */
71         MGMT_STATUS_INVALID_PARAMS,     /* Invalid Parameters */
72         MGMT_STATUS_DISCONNECTED,       /* OE User Ended Connection */
73         MGMT_STATUS_NO_RESOURCES,       /* OE Low Resources */
74         MGMT_STATUS_DISCONNECTED,       /* OE Power Off */
75         MGMT_STATUS_DISCONNECTED,       /* Connection Terminated */
76         MGMT_STATUS_BUSY,               /* Repeated Attempts */
77         MGMT_STATUS_REJECTED,           /* Pairing Not Allowed */
78         MGMT_STATUS_FAILED,             /* Unknown LMP PDU */
79         MGMT_STATUS_NOT_SUPPORTED,      /* Unsupported Remote Feature */
80         MGMT_STATUS_REJECTED,           /* SCO Offset Rejected */
81         MGMT_STATUS_REJECTED,           /* SCO Interval Rejected */
82         MGMT_STATUS_REJECTED,           /* Air Mode Rejected */
83         MGMT_STATUS_INVALID_PARAMS,     /* Invalid LMP Parameters */
84         MGMT_STATUS_FAILED,             /* Unspecified Error */
85         MGMT_STATUS_NOT_SUPPORTED,      /* Unsupported LMP Parameter Value */
86         MGMT_STATUS_FAILED,             /* Role Change Not Allowed */
87         MGMT_STATUS_TIMEOUT,            /* LMP Response Timeout */
88         MGMT_STATUS_FAILED,             /* LMP Error Transaction Collision */
89         MGMT_STATUS_FAILED,             /* LMP PDU Not Allowed */
90         MGMT_STATUS_REJECTED,           /* Encryption Mode Not Accepted */
91         MGMT_STATUS_FAILED,             /* Unit Link Key Used */
92         MGMT_STATUS_NOT_SUPPORTED,      /* QoS Not Supported */
93         MGMT_STATUS_TIMEOUT,            /* Instant Passed */
94         MGMT_STATUS_NOT_SUPPORTED,      /* Pairing Not Supported */
95         MGMT_STATUS_FAILED,             /* Transaction Collision */
96         MGMT_STATUS_INVALID_PARAMS,     /* Unacceptable Parameter */
97         MGMT_STATUS_REJECTED,           /* QoS Rejected */
98         MGMT_STATUS_NOT_SUPPORTED,      /* Classification Not Supported */
99         MGMT_STATUS_REJECTED,           /* Insufficient Security */
100         MGMT_STATUS_INVALID_PARAMS,     /* Parameter Out Of Range */
101         MGMT_STATUS_BUSY,               /* Role Switch Pending */
102         MGMT_STATUS_FAILED,             /* Slot Violation */
103         MGMT_STATUS_FAILED,             /* Role Switch Failed */
104         MGMT_STATUS_INVALID_PARAMS,     /* EIR Too Large */
105         MGMT_STATUS_NOT_SUPPORTED,      /* Simple Pairing Not Supported */
106         MGMT_STATUS_BUSY,               /* Host Busy Pairing */
107         MGMT_STATUS_REJECTED,           /* Rejected, No Suitable Channel */
108         MGMT_STATUS_BUSY,               /* Controller Busy */
109         MGMT_STATUS_INVALID_PARAMS,     /* Unsuitable Connection Interval */
110         MGMT_STATUS_TIMEOUT,            /* Directed Advertising Timeout */
111         MGMT_STATUS_AUTH_FAILED,        /* Terminated Due to MIC Failure */
112         MGMT_STATUS_CONNECT_FAILED,     /* Connection Establishment Failed */
113         MGMT_STATUS_CONNECT_FAILED,     /* MAC Connection Failed */
114 };
115
116 static u8 mgmt_status(u8 hci_status)
117 {
118         if (hci_status < ARRAY_SIZE(mgmt_status_table))
119                 return mgmt_status_table[hci_status];
120
121         return MGMT_STATUS_FAILED;
122 }
123
124 static int cmd_status(struct sock *sk, u16 index, u16 cmd, u8 status)
125 {
126         struct sk_buff *skb;
127         struct mgmt_hdr *hdr;
128         struct mgmt_ev_cmd_status *ev;
129         int err;
130
131         BT_DBG("sock %p, index %u, cmd %u, status %u", sk, index, cmd, status);
132
133         skb = alloc_skb(sizeof(*hdr) + sizeof(*ev), GFP_ATOMIC);
134         if (!skb)
135                 return -ENOMEM;
136
137         hdr = (void *) skb_put(skb, sizeof(*hdr));
138
139         hdr->opcode = cpu_to_le16(MGMT_EV_CMD_STATUS);
140         hdr->index = cpu_to_le16(index);
141         hdr->len = cpu_to_le16(sizeof(*ev));
142
143         ev = (void *) skb_put(skb, sizeof(*ev));
144         ev->status = status;
145         put_unaligned_le16(cmd, &ev->opcode);
146
147         err = sock_queue_rcv_skb(sk, skb);
148         if (err < 0)
149                 kfree_skb(skb);
150
151         return err;
152 }
153
154 static int cmd_complete(struct sock *sk, u16 index, u16 cmd, void *rp,
155                                                                 size_t rp_len)
156 {
157         struct sk_buff *skb;
158         struct mgmt_hdr *hdr;
159         struct mgmt_ev_cmd_complete *ev;
160         int err;
161
162         BT_DBG("sock %p", sk);
163
164         skb = alloc_skb(sizeof(*hdr) + sizeof(*ev) + rp_len, GFP_ATOMIC);
165         if (!skb)
166                 return -ENOMEM;
167
168         hdr = (void *) skb_put(skb, sizeof(*hdr));
169
170         hdr->opcode = cpu_to_le16(MGMT_EV_CMD_COMPLETE);
171         hdr->index = cpu_to_le16(index);
172         hdr->len = cpu_to_le16(sizeof(*ev) + rp_len);
173
174         ev = (void *) skb_put(skb, sizeof(*ev) + rp_len);
175         put_unaligned_le16(cmd, &ev->opcode);
176
177         if (rp)
178                 memcpy(ev->data, rp, rp_len);
179
180         err = sock_queue_rcv_skb(sk, skb);
181         if (err < 0)
182                 kfree_skb(skb);
183
184         return err;;
185 }
186
187 static int read_version(struct sock *sk)
188 {
189         struct mgmt_rp_read_version rp;
190
191         BT_DBG("sock %p", sk);
192
193         rp.version = MGMT_VERSION;
194         put_unaligned_le16(MGMT_REVISION, &rp.revision);
195
196         return cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, &rp,
197                                                                 sizeof(rp));
198 }
199
200 static int read_index_list(struct sock *sk)
201 {
202         struct mgmt_rp_read_index_list *rp;
203         struct list_head *p;
204         struct hci_dev *d;
205         size_t rp_len;
206         u16 count;
207         int i, err;
208
209         BT_DBG("sock %p", sk);
210
211         read_lock(&hci_dev_list_lock);
212
213         count = 0;
214         list_for_each(p, &hci_dev_list) {
215                 count++;
216         }
217
218         rp_len = sizeof(*rp) + (2 * count);
219         rp = kmalloc(rp_len, GFP_ATOMIC);
220         if (!rp) {
221                 read_unlock(&hci_dev_list_lock);
222                 return -ENOMEM;
223         }
224
225         put_unaligned_le16(count, &rp->num_controllers);
226
227         i = 0;
228         list_for_each_entry(d, &hci_dev_list, list) {
229                 if (test_and_clear_bit(HCI_AUTO_OFF, &d->flags))
230                         cancel_delayed_work(&d->power_off);
231
232                 if (test_bit(HCI_SETUP, &d->flags))
233                         continue;
234
235                 put_unaligned_le16(d->id, &rp->index[i++]);
236                 BT_DBG("Added hci%u", d->id);
237         }
238
239         read_unlock(&hci_dev_list_lock);
240
241         err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST, rp,
242                                                                         rp_len);
243
244         kfree(rp);
245
246         return err;
247 }
248
249 static u32 get_supported_settings(struct hci_dev *hdev)
250 {
251         u32 settings = 0;
252
253         settings |= MGMT_SETTING_POWERED;
254         settings |= MGMT_SETTING_CONNECTABLE;
255         settings |= MGMT_SETTING_FAST_CONNECTABLE;
256         settings |= MGMT_SETTING_DISCOVERABLE;
257         settings |= MGMT_SETTING_PAIRABLE;
258
259         if (hdev->features[6] & LMP_SIMPLE_PAIR)
260                 settings |= MGMT_SETTING_SSP;
261
262         if (!(hdev->features[4] & LMP_NO_BREDR)) {
263                 settings |= MGMT_SETTING_BREDR;
264                 settings |= MGMT_SETTING_LINK_SECURITY;
265         }
266
267         if (hdev->features[4] & LMP_LE)
268                 settings |= MGMT_SETTING_LE;
269
270         return settings;
271 }
272
273 static u32 get_current_settings(struct hci_dev *hdev)
274 {
275         u32 settings = 0;
276
277         if (test_bit(HCI_UP, &hdev->flags))
278                 settings |= MGMT_SETTING_POWERED;
279         else
280                 return settings;
281
282         if (test_bit(HCI_PSCAN, &hdev->flags))
283                 settings |= MGMT_SETTING_CONNECTABLE;
284
285         if (test_bit(HCI_ISCAN, &hdev->flags))
286                 settings |= MGMT_SETTING_DISCOVERABLE;
287
288         if (test_bit(HCI_PAIRABLE, &hdev->flags))
289                 settings |= MGMT_SETTING_PAIRABLE;
290
291         if (!(hdev->features[4] & LMP_NO_BREDR))
292                 settings |= MGMT_SETTING_BREDR;
293
294         if (hdev->host_features[0] & LMP_HOST_LE)
295                 settings |= MGMT_SETTING_LE;
296
297         if (test_bit(HCI_AUTH, &hdev->flags))
298                 settings |= MGMT_SETTING_LINK_SECURITY;
299
300         if (hdev->ssp_mode > 0)
301                 settings |= MGMT_SETTING_SSP;
302
303         return settings;
304 }
305
306 #define EIR_FLAGS               0x01 /* flags */
307 #define EIR_UUID16_SOME         0x02 /* 16-bit UUID, more available */
308 #define EIR_UUID16_ALL          0x03 /* 16-bit UUID, all listed */
309 #define EIR_UUID32_SOME         0x04 /* 32-bit UUID, more available */
310 #define EIR_UUID32_ALL          0x05 /* 32-bit UUID, all listed */
311 #define EIR_UUID128_SOME        0x06 /* 128-bit UUID, more available */
312 #define EIR_UUID128_ALL         0x07 /* 128-bit UUID, all listed */
313 #define EIR_NAME_SHORT          0x08 /* shortened local name */
314 #define EIR_NAME_COMPLETE       0x09 /* complete local name */
315 #define EIR_TX_POWER            0x0A /* transmit power level */
316 #define EIR_DEVICE_ID           0x10 /* device ID */
317
318 #define PNP_INFO_SVCLASS_ID             0x1200
319
320 static u8 bluetooth_base_uuid[] = {
321                         0xFB, 0x34, 0x9B, 0x5F, 0x80, 0x00, 0x00, 0x80,
322                         0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
323 };
324
325 static u16 get_uuid16(u8 *uuid128)
326 {
327         u32 val;
328         int i;
329
330         for (i = 0; i < 12; i++) {
331                 if (bluetooth_base_uuid[i] != uuid128[i])
332                         return 0;
333         }
334
335         memcpy(&val, &uuid128[12], 4);
336
337         val = le32_to_cpu(val);
338         if (val > 0xffff)
339                 return 0;
340
341         return (u16) val;
342 }
343
344 static void create_eir(struct hci_dev *hdev, u8 *data)
345 {
346         u8 *ptr = data;
347         u16 eir_len = 0;
348         u16 uuid16_list[HCI_MAX_EIR_LENGTH / sizeof(u16)];
349         int i, truncated = 0;
350         struct bt_uuid *uuid;
351         size_t name_len;
352
353         name_len = strlen(hdev->dev_name);
354
355         if (name_len > 0) {
356                 /* EIR Data type */
357                 if (name_len > 48) {
358                         name_len = 48;
359                         ptr[1] = EIR_NAME_SHORT;
360                 } else
361                         ptr[1] = EIR_NAME_COMPLETE;
362
363                 /* EIR Data length */
364                 ptr[0] = name_len + 1;
365
366                 memcpy(ptr + 2, hdev->dev_name, name_len);
367
368                 eir_len += (name_len + 2);
369                 ptr += (name_len + 2);
370         }
371
372         memset(uuid16_list, 0, sizeof(uuid16_list));
373
374         /* Group all UUID16 types */
375         list_for_each_entry(uuid, &hdev->uuids, list) {
376                 u16 uuid16;
377
378                 uuid16 = get_uuid16(uuid->uuid);
379                 if (uuid16 == 0)
380                         return;
381
382                 if (uuid16 < 0x1100)
383                         continue;
384
385                 if (uuid16 == PNP_INFO_SVCLASS_ID)
386                         continue;
387
388                 /* Stop if not enough space to put next UUID */
389                 if (eir_len + 2 + sizeof(u16) > HCI_MAX_EIR_LENGTH) {
390                         truncated = 1;
391                         break;
392                 }
393
394                 /* Check for duplicates */
395                 for (i = 0; uuid16_list[i] != 0; i++)
396                         if (uuid16_list[i] == uuid16)
397                                 break;
398
399                 if (uuid16_list[i] == 0) {
400                         uuid16_list[i] = uuid16;
401                         eir_len += sizeof(u16);
402                 }
403         }
404
405         if (uuid16_list[0] != 0) {
406                 u8 *length = ptr;
407
408                 /* EIR Data type */
409                 ptr[1] = truncated ? EIR_UUID16_SOME : EIR_UUID16_ALL;
410
411                 ptr += 2;
412                 eir_len += 2;
413
414                 for (i = 0; uuid16_list[i] != 0; i++) {
415                         *ptr++ = (uuid16_list[i] & 0x00ff);
416                         *ptr++ = (uuid16_list[i] & 0xff00) >> 8;
417                 }
418
419                 /* EIR Data length */
420                 *length = (i * sizeof(u16)) + 1;
421         }
422 }
423
424 static int update_eir(struct hci_dev *hdev)
425 {
426         struct hci_cp_write_eir cp;
427
428         if (!(hdev->features[6] & LMP_EXT_INQ))
429                 return 0;
430
431         if (hdev->ssp_mode == 0)
432                 return 0;
433
434         if (test_bit(HCI_SERVICE_CACHE, &hdev->flags))
435                 return 0;
436
437         memset(&cp, 0, sizeof(cp));
438
439         create_eir(hdev, cp.data);
440
441         if (memcmp(cp.data, hdev->eir, sizeof(cp.data)) == 0)
442                 return 0;
443
444         memcpy(hdev->eir, cp.data, sizeof(cp.data));
445
446         return hci_send_cmd(hdev, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
447 }
448
449 static u8 get_service_classes(struct hci_dev *hdev)
450 {
451         struct bt_uuid *uuid;
452         u8 val = 0;
453
454         list_for_each_entry(uuid, &hdev->uuids, list)
455                 val |= uuid->svc_hint;
456
457         return val;
458 }
459
460 static int update_class(struct hci_dev *hdev)
461 {
462         u8 cod[3];
463
464         BT_DBG("%s", hdev->name);
465
466         if (test_bit(HCI_SERVICE_CACHE, &hdev->flags))
467                 return 0;
468
469         cod[0] = hdev->minor_class;
470         cod[1] = hdev->major_class;
471         cod[2] = get_service_classes(hdev);
472
473         if (memcmp(cod, hdev->dev_class, 3) == 0)
474                 return 0;
475
476         return hci_send_cmd(hdev, HCI_OP_WRITE_CLASS_OF_DEV, sizeof(cod), cod);
477 }
478
479 static void service_cache_off(struct work_struct *work)
480 {
481         struct hci_dev *hdev = container_of(work, struct hci_dev,
482                                                         service_cache.work);
483
484         if (!test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->flags))
485                 return;
486
487         hci_dev_lock(hdev);
488
489         update_eir(hdev);
490         update_class(hdev);
491
492         hci_dev_unlock(hdev);
493 }
494
495 static void mgmt_init_hdev(struct hci_dev *hdev)
496 {
497         if (!test_and_set_bit(HCI_MGMT, &hdev->flags))
498                 INIT_DELAYED_WORK(&hdev->service_cache, service_cache_off);
499
500         if (!test_and_set_bit(HCI_SERVICE_CACHE, &hdev->flags))
501                 schedule_delayed_work(&hdev->service_cache,
502                                 msecs_to_jiffies(SERVICE_CACHE_TIMEOUT));
503 }
504
505 static int read_controller_info(struct sock *sk, u16 index)
506 {
507         struct mgmt_rp_read_info rp;
508         struct hci_dev *hdev;
509
510         BT_DBG("sock %p hci%u", sk, index);
511
512         hdev = hci_dev_get(index);
513         if (!hdev)
514                 return cmd_status(sk, index, MGMT_OP_READ_INFO,
515                                                 MGMT_STATUS_INVALID_PARAMS);
516
517         if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->flags))
518                 cancel_delayed_work_sync(&hdev->power_off);
519
520         hci_dev_lock(hdev);
521
522         if (test_and_clear_bit(HCI_PI_MGMT_INIT, &hci_pi(sk)->flags))
523                 mgmt_init_hdev(hdev);
524
525         memset(&rp, 0, sizeof(rp));
526
527         bacpy(&rp.bdaddr, &hdev->bdaddr);
528
529         rp.version = hdev->hci_ver;
530
531         put_unaligned_le16(hdev->manufacturer, &rp.manufacturer);
532
533         rp.supported_settings = cpu_to_le32(get_supported_settings(hdev));
534         rp.current_settings = cpu_to_le32(get_current_settings(hdev));
535
536         memcpy(rp.dev_class, hdev->dev_class, 3);
537
538         memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name));
539
540         hci_dev_unlock(hdev);
541         hci_dev_put(hdev);
542
543         return cmd_complete(sk, index, MGMT_OP_READ_INFO, &rp, sizeof(rp));
544 }
545
546 static void mgmt_pending_free(struct pending_cmd *cmd)
547 {
548         sock_put(cmd->sk);
549         kfree(cmd->param);
550         kfree(cmd);
551 }
552
553 static struct pending_cmd *mgmt_pending_add(struct sock *sk, u16 opcode,
554                                                         struct hci_dev *hdev,
555                                                         void *data, u16 len)
556 {
557         struct pending_cmd *cmd;
558
559         cmd = kmalloc(sizeof(*cmd), GFP_ATOMIC);
560         if (!cmd)
561                 return NULL;
562
563         cmd->opcode = opcode;
564         cmd->index = hdev->id;
565
566         cmd->param = kmalloc(len, GFP_ATOMIC);
567         if (!cmd->param) {
568                 kfree(cmd);
569                 return NULL;
570         }
571
572         if (data)
573                 memcpy(cmd->param, data, len);
574
575         cmd->sk = sk;
576         sock_hold(sk);
577
578         list_add(&cmd->list, &hdev->mgmt_pending);
579
580         return cmd;
581 }
582
583 static void mgmt_pending_foreach(u16 opcode, struct hci_dev *hdev,
584                                 void (*cb)(struct pending_cmd *cmd, void *data),
585                                 void *data)
586 {
587         struct list_head *p, *n;
588
589         list_for_each_safe(p, n, &hdev->mgmt_pending) {
590                 struct pending_cmd *cmd;
591
592                 cmd = list_entry(p, struct pending_cmd, list);
593
594                 if (opcode > 0 && cmd->opcode != opcode)
595                         continue;
596
597                 cb(cmd, data);
598         }
599 }
600
601 static struct pending_cmd *mgmt_pending_find(u16 opcode, struct hci_dev *hdev)
602 {
603         struct pending_cmd *cmd;
604
605         list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
606                 if (cmd->opcode == opcode)
607                         return cmd;
608         }
609
610         return NULL;
611 }
612
613 static void mgmt_pending_remove(struct pending_cmd *cmd)
614 {
615         list_del(&cmd->list);
616         mgmt_pending_free(cmd);
617 }
618
619 static int send_settings_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
620 {
621         __le32 settings = cpu_to_le32(get_current_settings(hdev));
622
623         return cmd_complete(sk, hdev->id, opcode, &settings, sizeof(settings));
624 }
625
626 static int set_powered(struct sock *sk, u16 index, unsigned char *data, u16 len)
627 {
628         struct mgmt_mode *cp;
629         struct hci_dev *hdev;
630         struct pending_cmd *cmd;
631         int err, up;
632
633         cp = (void *) data;
634
635         BT_DBG("request for hci%u", index);
636
637         if (len != sizeof(*cp))
638                 return cmd_status(sk, index, MGMT_OP_SET_POWERED,
639                                                 MGMT_STATUS_INVALID_PARAMS);
640
641         hdev = hci_dev_get(index);
642         if (!hdev)
643                 return cmd_status(sk, index, MGMT_OP_SET_POWERED,
644                                                 MGMT_STATUS_INVALID_PARAMS);
645
646         hci_dev_lock(hdev);
647
648         up = test_bit(HCI_UP, &hdev->flags);
649         if ((cp->val && up) || (!cp->val && !up)) {
650                 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
651                 goto failed;
652         }
653
654         if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev)) {
655                 err = cmd_status(sk, index, MGMT_OP_SET_POWERED,
656                                                         MGMT_STATUS_BUSY);
657                 goto failed;
658         }
659
660         cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev, data, len);
661         if (!cmd) {
662                 err = -ENOMEM;
663                 goto failed;
664         }
665
666         if (cp->val)
667                 schedule_work(&hdev->power_on);
668         else
669                 schedule_work(&hdev->power_off.work);
670
671         err = 0;
672
673 failed:
674         hci_dev_unlock(hdev);
675         hci_dev_put(hdev);
676         return err;
677 }
678
679 static int set_discoverable(struct sock *sk, u16 index, unsigned char *data,
680                                                                         u16 len)
681 {
682         struct mgmt_cp_set_discoverable *cp;
683         struct hci_dev *hdev;
684         struct pending_cmd *cmd;
685         u8 scan;
686         int err;
687
688         cp = (void *) data;
689
690         BT_DBG("request for hci%u", index);
691
692         if (len != sizeof(*cp))
693                 return cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE,
694                                                 MGMT_STATUS_INVALID_PARAMS);
695
696         hdev = hci_dev_get(index);
697         if (!hdev)
698                 return cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE,
699                                                 MGMT_STATUS_INVALID_PARAMS);
700
701         hci_dev_lock(hdev);
702
703         if (!test_bit(HCI_UP, &hdev->flags)) {
704                 err = cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE,
705                                                 MGMT_STATUS_NOT_POWERED);
706                 goto failed;
707         }
708
709         if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
710                         mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
711                 err = cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE,
712                                                         MGMT_STATUS_BUSY);
713                 goto failed;
714         }
715
716         if (cp->val == test_bit(HCI_ISCAN, &hdev->flags) &&
717                                         test_bit(HCI_PSCAN, &hdev->flags)) {
718                 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
719                 goto failed;
720         }
721
722         cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, hdev, data, len);
723         if (!cmd) {
724                 err = -ENOMEM;
725                 goto failed;
726         }
727
728         scan = SCAN_PAGE;
729
730         if (cp->val)
731                 scan |= SCAN_INQUIRY;
732         else
733                 cancel_delayed_work(&hdev->discov_off);
734
735         err = hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
736         if (err < 0)
737                 mgmt_pending_remove(cmd);
738
739         if (cp->val)
740                 hdev->discov_timeout = get_unaligned_le16(&cp->timeout);
741
742 failed:
743         hci_dev_unlock(hdev);
744         hci_dev_put(hdev);
745
746         return err;
747 }
748
749 static int set_connectable(struct sock *sk, u16 index, unsigned char *data,
750                                                                         u16 len)
751 {
752         struct mgmt_mode *cp;
753         struct hci_dev *hdev;
754         struct pending_cmd *cmd;
755         u8 scan;
756         int err;
757
758         cp = (void *) data;
759
760         BT_DBG("request for hci%u", index);
761
762         if (len != sizeof(*cp))
763                 return cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE,
764                                                 MGMT_STATUS_INVALID_PARAMS);
765
766         hdev = hci_dev_get(index);
767         if (!hdev)
768                 return cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE,
769                                                 MGMT_STATUS_INVALID_PARAMS);
770
771         hci_dev_lock(hdev);
772
773         if (!test_bit(HCI_UP, &hdev->flags)) {
774                 err = cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE,
775                                                 MGMT_STATUS_NOT_POWERED);
776                 goto failed;
777         }
778
779         if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
780                         mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
781                 err = cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE,
782                                                         MGMT_STATUS_BUSY);
783                 goto failed;
784         }
785
786         if (cp->val == test_bit(HCI_PSCAN, &hdev->flags)) {
787                 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
788                 goto failed;
789         }
790
791         cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, hdev, data, len);
792         if (!cmd) {
793                 err = -ENOMEM;
794                 goto failed;
795         }
796
797         if (cp->val)
798                 scan = SCAN_PAGE;
799         else
800                 scan = 0;
801
802         err = hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
803         if (err < 0)
804                 mgmt_pending_remove(cmd);
805
806 failed:
807         hci_dev_unlock(hdev);
808         hci_dev_put(hdev);
809
810         return err;
811 }
812
813 static int mgmt_event(u16 event, struct hci_dev *hdev, void *data,
814                                         u16 data_len, struct sock *skip_sk)
815 {
816         struct sk_buff *skb;
817         struct mgmt_hdr *hdr;
818
819         skb = alloc_skb(sizeof(*hdr) + data_len, GFP_ATOMIC);
820         if (!skb)
821                 return -ENOMEM;
822
823         bt_cb(skb)->channel = HCI_CHANNEL_CONTROL;
824
825         hdr = (void *) skb_put(skb, sizeof(*hdr));
826         hdr->opcode = cpu_to_le16(event);
827         if (hdev)
828                 hdr->index = cpu_to_le16(hdev->id);
829         else
830                 hdr->index = cpu_to_le16(MGMT_INDEX_NONE);
831         hdr->len = cpu_to_le16(data_len);
832
833         if (data)
834                 memcpy(skb_put(skb, data_len), data, data_len);
835
836         hci_send_to_sock(NULL, skb, skip_sk);
837         kfree_skb(skb);
838
839         return 0;
840 }
841
842 static int set_pairable(struct sock *sk, u16 index, unsigned char *data,
843                                                                         u16 len)
844 {
845         struct mgmt_mode *cp;
846         struct hci_dev *hdev;
847         __le32 ev;
848         int err;
849
850         cp = (void *) data;
851
852         BT_DBG("request for hci%u", index);
853
854         if (len != sizeof(*cp))
855                 return cmd_status(sk, index, MGMT_OP_SET_PAIRABLE,
856                                                 MGMT_STATUS_INVALID_PARAMS);
857
858         hdev = hci_dev_get(index);
859         if (!hdev)
860                 return cmd_status(sk, index, MGMT_OP_SET_PAIRABLE,
861                                                 MGMT_STATUS_INVALID_PARAMS);
862
863         hci_dev_lock(hdev);
864
865         if (cp->val)
866                 set_bit(HCI_PAIRABLE, &hdev->flags);
867         else
868                 clear_bit(HCI_PAIRABLE, &hdev->flags);
869
870         err = send_settings_rsp(sk, MGMT_OP_SET_PAIRABLE, hdev);
871         if (err < 0)
872                 goto failed;
873
874         ev = cpu_to_le32(get_current_settings(hdev));
875
876         err = mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev), sk);
877
878 failed:
879         hci_dev_unlock(hdev);
880         hci_dev_put(hdev);
881
882         return err;
883 }
884
885 static int add_uuid(struct sock *sk, u16 index, unsigned char *data, u16 len)
886 {
887         struct mgmt_cp_add_uuid *cp;
888         struct hci_dev *hdev;
889         struct bt_uuid *uuid;
890         int err;
891
892         cp = (void *) data;
893
894         BT_DBG("request for hci%u", index);
895
896         if (len != sizeof(*cp))
897                 return cmd_status(sk, index, MGMT_OP_ADD_UUID,
898                                                 MGMT_STATUS_INVALID_PARAMS);
899
900         hdev = hci_dev_get(index);
901         if (!hdev)
902                 return cmd_status(sk, index, MGMT_OP_ADD_UUID,
903                                                 MGMT_STATUS_INVALID_PARAMS);
904
905         hci_dev_lock(hdev);
906
907         uuid = kmalloc(sizeof(*uuid), GFP_ATOMIC);
908         if (!uuid) {
909                 err = -ENOMEM;
910                 goto failed;
911         }
912
913         memcpy(uuid->uuid, cp->uuid, 16);
914         uuid->svc_hint = cp->svc_hint;
915
916         list_add(&uuid->list, &hdev->uuids);
917
918         err = update_class(hdev);
919         if (err < 0)
920                 goto failed;
921
922         err = update_eir(hdev);
923         if (err < 0)
924                 goto failed;
925
926         err = cmd_complete(sk, index, MGMT_OP_ADD_UUID, NULL, 0);
927
928 failed:
929         hci_dev_unlock(hdev);
930         hci_dev_put(hdev);
931
932         return err;
933 }
934
935 static int remove_uuid(struct sock *sk, u16 index, unsigned char *data, u16 len)
936 {
937         struct list_head *p, *n;
938         struct mgmt_cp_remove_uuid *cp;
939         struct hci_dev *hdev;
940         u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
941         int err, found;
942
943         cp = (void *) data;
944
945         BT_DBG("request for hci%u", index);
946
947         if (len != sizeof(*cp))
948                 return cmd_status(sk, index, MGMT_OP_REMOVE_UUID,
949                                                 MGMT_STATUS_INVALID_PARAMS);
950
951         hdev = hci_dev_get(index);
952         if (!hdev)
953                 return cmd_status(sk, index, MGMT_OP_REMOVE_UUID,
954                                                 MGMT_STATUS_INVALID_PARAMS);
955
956         hci_dev_lock(hdev);
957
958         if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) {
959                 err = hci_uuids_clear(hdev);
960                 goto unlock;
961         }
962
963         found = 0;
964
965         list_for_each_safe(p, n, &hdev->uuids) {
966                 struct bt_uuid *match = list_entry(p, struct bt_uuid, list);
967
968                 if (memcmp(match->uuid, cp->uuid, 16) != 0)
969                         continue;
970
971                 list_del(&match->list);
972                 found++;
973         }
974
975         if (found == 0) {
976                 err = cmd_status(sk, index, MGMT_OP_REMOVE_UUID,
977                                                 MGMT_STATUS_INVALID_PARAMS);
978                 goto unlock;
979         }
980
981         err = update_class(hdev);
982         if (err < 0)
983                 goto unlock;
984
985         err = update_eir(hdev);
986         if (err < 0)
987                 goto unlock;
988
989         err = cmd_complete(sk, index, MGMT_OP_REMOVE_UUID, NULL, 0);
990
991 unlock:
992         hci_dev_unlock(hdev);
993         hci_dev_put(hdev);
994
995         return err;
996 }
997
998 static int set_dev_class(struct sock *sk, u16 index, unsigned char *data,
999                                                                         u16 len)
1000 {
1001         struct hci_dev *hdev;
1002         struct mgmt_cp_set_dev_class *cp;
1003         int err;
1004
1005         cp = (void *) data;
1006
1007         BT_DBG("request for hci%u", index);
1008
1009         if (len != sizeof(*cp))
1010                 return cmd_status(sk, index, MGMT_OP_SET_DEV_CLASS,
1011                                                 MGMT_STATUS_INVALID_PARAMS);
1012
1013         hdev = hci_dev_get(index);
1014         if (!hdev)
1015                 return cmd_status(sk, index, MGMT_OP_SET_DEV_CLASS,
1016                                                 MGMT_STATUS_INVALID_PARAMS);
1017
1018         hci_dev_lock(hdev);
1019
1020         hdev->major_class = cp->major;
1021         hdev->minor_class = cp->minor;
1022
1023         if (test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->flags)) {
1024                 hci_dev_unlock(hdev);
1025                 cancel_delayed_work_sync(&hdev->service_cache);
1026                 hci_dev_lock(hdev);
1027                 update_eir(hdev);
1028         }
1029
1030         err = update_class(hdev);
1031
1032         if (err == 0)
1033                 err = cmd_complete(sk, index, MGMT_OP_SET_DEV_CLASS, NULL, 0);
1034
1035         hci_dev_unlock(hdev);
1036         hci_dev_put(hdev);
1037
1038         return err;
1039 }
1040
1041 static int load_link_keys(struct sock *sk, u16 index, unsigned char *data,
1042                                                                 u16 len)
1043 {
1044         struct hci_dev *hdev;
1045         struct mgmt_cp_load_link_keys *cp;
1046         u16 key_count, expected_len;
1047         int i;
1048
1049         cp = (void *) data;
1050
1051         if (len < sizeof(*cp))
1052                 return cmd_status(sk, index, MGMT_OP_LOAD_LINK_KEYS,
1053                                                 MGMT_STATUS_INVALID_PARAMS);
1054
1055         key_count = get_unaligned_le16(&cp->key_count);
1056
1057         expected_len = sizeof(*cp) + key_count *
1058                                         sizeof(struct mgmt_link_key_info);
1059         if (expected_len != len) {
1060                 BT_ERR("load_link_keys: expected %u bytes, got %u bytes",
1061                                                         len, expected_len);
1062                 return cmd_status(sk, index, MGMT_OP_LOAD_LINK_KEYS,
1063                                                 MGMT_STATUS_INVALID_PARAMS);
1064         }
1065
1066         hdev = hci_dev_get(index);
1067         if (!hdev)
1068                 return cmd_status(sk, index, MGMT_OP_LOAD_LINK_KEYS,
1069                                                 MGMT_STATUS_INVALID_PARAMS);
1070
1071         BT_DBG("hci%u debug_keys %u key_count %u", index, cp->debug_keys,
1072                                                                 key_count);
1073
1074         hci_dev_lock(hdev);
1075
1076         hci_link_keys_clear(hdev);
1077
1078         set_bit(HCI_LINK_KEYS, &hdev->flags);
1079
1080         if (cp->debug_keys)
1081                 set_bit(HCI_DEBUG_KEYS, &hdev->flags);
1082         else
1083                 clear_bit(HCI_DEBUG_KEYS, &hdev->flags);
1084
1085         for (i = 0; i < key_count; i++) {
1086                 struct mgmt_link_key_info *key = &cp->keys[i];
1087
1088                 hci_add_link_key(hdev, NULL, 0, &key->bdaddr, key->val, key->type,
1089                                                                 key->pin_len);
1090         }
1091
1092         cmd_complete(sk, index, MGMT_OP_LOAD_LINK_KEYS, NULL, 0);
1093
1094         hci_dev_unlock(hdev);
1095         hci_dev_put(hdev);
1096
1097         return 0;
1098 }
1099
1100 static int remove_keys(struct sock *sk, u16 index, unsigned char *data,
1101                                                                 u16 len)
1102 {
1103         struct hci_dev *hdev;
1104         struct mgmt_cp_remove_keys *cp;
1105         struct mgmt_rp_remove_keys rp;
1106         struct hci_cp_disconnect dc;
1107         struct pending_cmd *cmd;
1108         struct hci_conn *conn;
1109         int err;
1110
1111         cp = (void *) data;
1112
1113         if (len != sizeof(*cp))
1114                 return cmd_status(sk, index, MGMT_OP_REMOVE_KEYS,
1115                                                 MGMT_STATUS_INVALID_PARAMS);
1116
1117         hdev = hci_dev_get(index);
1118         if (!hdev)
1119                 return cmd_status(sk, index, MGMT_OP_REMOVE_KEYS,
1120                                                 MGMT_STATUS_INVALID_PARAMS);
1121
1122         hci_dev_lock(hdev);
1123
1124         memset(&rp, 0, sizeof(rp));
1125         bacpy(&rp.bdaddr, &cp->bdaddr);
1126         rp.status = MGMT_STATUS_FAILED;
1127
1128         err = hci_remove_link_key(hdev, &cp->bdaddr);
1129         if (err < 0) {
1130                 rp.status = MGMT_STATUS_NOT_PAIRED;
1131                 goto unlock;
1132         }
1133
1134         if (!test_bit(HCI_UP, &hdev->flags) || !cp->disconnect) {
1135                 err = cmd_complete(sk, index, MGMT_OP_REMOVE_KEYS, &rp,
1136                                                                 sizeof(rp));
1137                 goto unlock;
1138         }
1139
1140         conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1141         if (!conn) {
1142                 err = cmd_complete(sk, index, MGMT_OP_REMOVE_KEYS, &rp,
1143                                                                 sizeof(rp));
1144                 goto unlock;
1145         }
1146
1147         cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_KEYS, hdev, cp, sizeof(*cp));
1148         if (!cmd) {
1149                 err = -ENOMEM;
1150                 goto unlock;
1151         }
1152
1153         put_unaligned_le16(conn->handle, &dc.handle);
1154         dc.reason = 0x13; /* Remote User Terminated Connection */
1155         err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1156         if (err < 0)
1157                 mgmt_pending_remove(cmd);
1158
1159 unlock:
1160         if (err < 0)
1161                 err = cmd_complete(sk, index, MGMT_OP_REMOVE_KEYS, &rp,
1162                                                                 sizeof(rp));
1163         hci_dev_unlock(hdev);
1164         hci_dev_put(hdev);
1165
1166         return err;
1167 }
1168
1169 static int disconnect(struct sock *sk, u16 index, unsigned char *data, u16 len)
1170 {
1171         struct hci_dev *hdev;
1172         struct mgmt_cp_disconnect *cp;
1173         struct hci_cp_disconnect dc;
1174         struct pending_cmd *cmd;
1175         struct hci_conn *conn;
1176         int err;
1177
1178         BT_DBG("");
1179
1180         cp = (void *) data;
1181
1182         if (len != sizeof(*cp))
1183                 return cmd_status(sk, index, MGMT_OP_DISCONNECT,
1184                                                 MGMT_STATUS_INVALID_PARAMS);
1185
1186         hdev = hci_dev_get(index);
1187         if (!hdev)
1188                 return cmd_status(sk, index, MGMT_OP_DISCONNECT,
1189                                                 MGMT_STATUS_INVALID_PARAMS);
1190
1191         hci_dev_lock(hdev);
1192
1193         if (!test_bit(HCI_UP, &hdev->flags)) {
1194                 err = cmd_status(sk, index, MGMT_OP_DISCONNECT,
1195                                                 MGMT_STATUS_NOT_POWERED);
1196                 goto failed;
1197         }
1198
1199         if (mgmt_pending_find(MGMT_OP_DISCONNECT, hdev)) {
1200                 err = cmd_status(sk, index, MGMT_OP_DISCONNECT,
1201                                                         MGMT_STATUS_BUSY);
1202                 goto failed;
1203         }
1204
1205         conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1206         if (!conn)
1207                 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->bdaddr);
1208
1209         if (!conn) {
1210                 err = cmd_status(sk, index, MGMT_OP_DISCONNECT,
1211                                                 MGMT_STATUS_NOT_CONNECTED);
1212                 goto failed;
1213         }
1214
1215         cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, hdev, data, len);
1216         if (!cmd) {
1217                 err = -ENOMEM;
1218                 goto failed;
1219         }
1220
1221         put_unaligned_le16(conn->handle, &dc.handle);
1222         dc.reason = 0x13; /* Remote User Terminated Connection */
1223
1224         err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1225         if (err < 0)
1226                 mgmt_pending_remove(cmd);
1227
1228 failed:
1229         hci_dev_unlock(hdev);
1230         hci_dev_put(hdev);
1231
1232         return err;
1233 }
1234
1235 static u8 link_to_mgmt(u8 link_type, u8 addr_type)
1236 {
1237         switch (link_type) {
1238         case LE_LINK:
1239                 switch (addr_type) {
1240                 case ADDR_LE_DEV_PUBLIC:
1241                         return MGMT_ADDR_LE_PUBLIC;
1242                 case ADDR_LE_DEV_RANDOM:
1243                         return MGMT_ADDR_LE_RANDOM;
1244                 default:
1245                         return MGMT_ADDR_INVALID;
1246                 }
1247         case ACL_LINK:
1248                 return MGMT_ADDR_BREDR;
1249         default:
1250                 return MGMT_ADDR_INVALID;
1251         }
1252 }
1253
1254 static int get_connections(struct sock *sk, u16 index)
1255 {
1256         struct mgmt_rp_get_connections *rp;
1257         struct hci_dev *hdev;
1258         struct hci_conn *c;
1259         struct list_head *p;
1260         size_t rp_len;
1261         u16 count;
1262         int i, err;
1263
1264         BT_DBG("");
1265
1266         hdev = hci_dev_get(index);
1267         if (!hdev)
1268                 return cmd_status(sk, index, MGMT_OP_GET_CONNECTIONS,
1269                                                 MGMT_STATUS_INVALID_PARAMS);
1270
1271         hci_dev_lock(hdev);
1272
1273         count = 0;
1274         list_for_each(p, &hdev->conn_hash.list) {
1275                 count++;
1276         }
1277
1278         rp_len = sizeof(*rp) + (count * sizeof(struct mgmt_addr_info));
1279         rp = kmalloc(rp_len, GFP_ATOMIC);
1280         if (!rp) {
1281                 err = -ENOMEM;
1282                 goto unlock;
1283         }
1284
1285         put_unaligned_le16(count, &rp->conn_count);
1286
1287         i = 0;
1288         list_for_each_entry(c, &hdev->conn_hash.list, list) {
1289                 bacpy(&rp->addr[i].bdaddr, &c->dst);
1290                 rp->addr[i].type = link_to_mgmt(c->type, c->dst_type);
1291                 if (rp->addr[i].type == MGMT_ADDR_INVALID)
1292                         continue;
1293                 i++;
1294         }
1295
1296         /* Recalculate length in case of filtered SCO connections, etc */
1297         rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
1298
1299         err = cmd_complete(sk, index, MGMT_OP_GET_CONNECTIONS, rp, rp_len);
1300
1301 unlock:
1302         kfree(rp);
1303         hci_dev_unlock(hdev);
1304         hci_dev_put(hdev);
1305         return err;
1306 }
1307
1308 static int send_pin_code_neg_reply(struct sock *sk, u16 index,
1309                 struct hci_dev *hdev, struct mgmt_cp_pin_code_neg_reply *cp)
1310 {
1311         struct pending_cmd *cmd;
1312         int err;
1313
1314         cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, hdev, cp,
1315                                                                 sizeof(*cp));
1316         if (!cmd)
1317                 return -ENOMEM;
1318
1319         err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY, sizeof(cp->bdaddr),
1320                                                                 &cp->bdaddr);
1321         if (err < 0)
1322                 mgmt_pending_remove(cmd);
1323
1324         return err;
1325 }
1326
1327 static int pin_code_reply(struct sock *sk, u16 index, unsigned char *data,
1328                                                                         u16 len)
1329 {
1330         struct hci_dev *hdev;
1331         struct hci_conn *conn;
1332         struct mgmt_cp_pin_code_reply *cp;
1333         struct mgmt_cp_pin_code_neg_reply ncp;
1334         struct hci_cp_pin_code_reply reply;
1335         struct pending_cmd *cmd;
1336         int err;
1337
1338         BT_DBG("");
1339
1340         cp = (void *) data;
1341
1342         if (len != sizeof(*cp))
1343                 return cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY,
1344                                                 MGMT_STATUS_INVALID_PARAMS);
1345
1346         hdev = hci_dev_get(index);
1347         if (!hdev)
1348                 return cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY,
1349                                                 MGMT_STATUS_INVALID_PARAMS);
1350
1351         hci_dev_lock(hdev);
1352
1353         if (!test_bit(HCI_UP, &hdev->flags)) {
1354                 err = cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY,
1355                                                 MGMT_STATUS_NOT_POWERED);
1356                 goto failed;
1357         }
1358
1359         conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1360         if (!conn) {
1361                 err = cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY,
1362                                                 MGMT_STATUS_NOT_CONNECTED);
1363                 goto failed;
1364         }
1365
1366         if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) {
1367                 bacpy(&ncp.bdaddr, &cp->bdaddr);
1368
1369                 BT_ERR("PIN code is not 16 bytes long");
1370
1371                 err = send_pin_code_neg_reply(sk, index, hdev, &ncp);
1372                 if (err >= 0)
1373                         err = cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY,
1374                                                 MGMT_STATUS_INVALID_PARAMS);
1375
1376                 goto failed;
1377         }
1378
1379         cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, hdev, data, len);
1380         if (!cmd) {
1381                 err = -ENOMEM;
1382                 goto failed;
1383         }
1384
1385         bacpy(&reply.bdaddr, &cp->bdaddr);
1386         reply.pin_len = cp->pin_len;
1387         memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code));
1388
1389         err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply);
1390         if (err < 0)
1391                 mgmt_pending_remove(cmd);
1392
1393 failed:
1394         hci_dev_unlock(hdev);
1395         hci_dev_put(hdev);
1396
1397         return err;
1398 }
1399
1400 static int pin_code_neg_reply(struct sock *sk, u16 index, unsigned char *data,
1401                                                                         u16 len)
1402 {
1403         struct hci_dev *hdev;
1404         struct mgmt_cp_pin_code_neg_reply *cp;
1405         int err;
1406
1407         BT_DBG("");
1408
1409         cp = (void *) data;
1410
1411         if (len != sizeof(*cp))
1412                 return cmd_status(sk, index, MGMT_OP_PIN_CODE_NEG_REPLY,
1413                                                 MGMT_STATUS_INVALID_PARAMS);
1414
1415         hdev = hci_dev_get(index);
1416         if (!hdev)
1417                 return cmd_status(sk, index, MGMT_OP_PIN_CODE_NEG_REPLY,
1418                                                 MGMT_STATUS_INVALID_PARAMS);
1419
1420         hci_dev_lock(hdev);
1421
1422         if (!test_bit(HCI_UP, &hdev->flags)) {
1423                 err = cmd_status(sk, index, MGMT_OP_PIN_CODE_NEG_REPLY,
1424                                                 MGMT_STATUS_NOT_POWERED);
1425                 goto failed;
1426         }
1427
1428         err = send_pin_code_neg_reply(sk, index, hdev, cp);
1429
1430 failed:
1431         hci_dev_unlock(hdev);
1432         hci_dev_put(hdev);
1433
1434         return err;
1435 }
1436
1437 static int set_io_capability(struct sock *sk, u16 index, unsigned char *data,
1438                                                                         u16 len)
1439 {
1440         struct hci_dev *hdev;
1441         struct mgmt_cp_set_io_capability *cp;
1442
1443         BT_DBG("");
1444
1445         cp = (void *) data;
1446
1447         if (len != sizeof(*cp))
1448                 return cmd_status(sk, index, MGMT_OP_SET_IO_CAPABILITY,
1449                                                 MGMT_STATUS_INVALID_PARAMS);
1450
1451         hdev = hci_dev_get(index);
1452         if (!hdev)
1453                 return cmd_status(sk, index, MGMT_OP_SET_IO_CAPABILITY,
1454                                                 MGMT_STATUS_INVALID_PARAMS);
1455
1456         hci_dev_lock(hdev);
1457
1458         hdev->io_capability = cp->io_capability;
1459
1460         BT_DBG("%s IO capability set to 0x%02x", hdev->name,
1461                                                         hdev->io_capability);
1462
1463         hci_dev_unlock(hdev);
1464         hci_dev_put(hdev);
1465
1466         return cmd_complete(sk, index, MGMT_OP_SET_IO_CAPABILITY, NULL, 0);
1467 }
1468
1469 static inline struct pending_cmd *find_pairing(struct hci_conn *conn)
1470 {
1471         struct hci_dev *hdev = conn->hdev;
1472         struct pending_cmd *cmd;
1473
1474         list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
1475                 if (cmd->opcode != MGMT_OP_PAIR_DEVICE)
1476                         continue;
1477
1478                 if (cmd->user_data != conn)
1479                         continue;
1480
1481                 return cmd;
1482         }
1483
1484         return NULL;
1485 }
1486
1487 static void pairing_complete(struct pending_cmd *cmd, u8 status)
1488 {
1489         struct mgmt_rp_pair_device rp;
1490         struct hci_conn *conn = cmd->user_data;
1491
1492         bacpy(&rp.addr.bdaddr, &conn->dst);
1493         rp.addr.type = link_to_mgmt(conn->type, conn->dst_type);
1494         rp.status = status;
1495
1496         cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE, &rp, sizeof(rp));
1497
1498         /* So we don't get further callbacks for this connection */
1499         conn->connect_cfm_cb = NULL;
1500         conn->security_cfm_cb = NULL;
1501         conn->disconn_cfm_cb = NULL;
1502
1503         hci_conn_put(conn);
1504
1505         mgmt_pending_remove(cmd);
1506 }
1507
1508 static void pairing_complete_cb(struct hci_conn *conn, u8 status)
1509 {
1510         struct pending_cmd *cmd;
1511
1512         BT_DBG("status %u", status);
1513
1514         cmd = find_pairing(conn);
1515         if (!cmd)
1516                 BT_DBG("Unable to find a pending command");
1517         else
1518                 pairing_complete(cmd, status);
1519 }
1520
1521 static int pair_device(struct sock *sk, u16 index, unsigned char *data, u16 len)
1522 {
1523         struct hci_dev *hdev;
1524         struct mgmt_cp_pair_device *cp;
1525         struct mgmt_rp_pair_device rp;
1526         struct pending_cmd *cmd;
1527         u8 sec_level, auth_type;
1528         struct hci_conn *conn;
1529         int err;
1530
1531         BT_DBG("");
1532
1533         cp = (void *) data;
1534
1535         if (len != sizeof(*cp))
1536                 return cmd_status(sk, index, MGMT_OP_PAIR_DEVICE,
1537                                                 MGMT_STATUS_INVALID_PARAMS);
1538
1539         hdev = hci_dev_get(index);
1540         if (!hdev)
1541                 return cmd_status(sk, index, MGMT_OP_PAIR_DEVICE,
1542                                                 MGMT_STATUS_INVALID_PARAMS);
1543
1544         hci_dev_lock(hdev);
1545
1546         sec_level = BT_SECURITY_MEDIUM;
1547         if (cp->io_cap == 0x03)
1548                 auth_type = HCI_AT_DEDICATED_BONDING;
1549         else
1550                 auth_type = HCI_AT_DEDICATED_BONDING_MITM;
1551
1552         if (cp->addr.type == MGMT_ADDR_BREDR)
1553                 conn = hci_connect(hdev, ACL_LINK, &cp->addr.bdaddr, sec_level,
1554                                                                 auth_type);
1555         else
1556                 conn = hci_connect(hdev, LE_LINK, &cp->addr.bdaddr, sec_level,
1557                                                                 auth_type);
1558
1559         memset(&rp, 0, sizeof(rp));
1560         bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
1561         rp.addr.type = cp->addr.type;
1562
1563         if (IS_ERR(conn)) {
1564                 rp.status = -PTR_ERR(conn);
1565                 err = cmd_complete(sk, index, MGMT_OP_PAIR_DEVICE,
1566                                                         &rp, sizeof(rp));
1567                 goto unlock;
1568         }
1569
1570         if (conn->connect_cfm_cb) {
1571                 hci_conn_put(conn);
1572                 rp.status = EBUSY;
1573                 err = cmd_complete(sk, index, MGMT_OP_PAIR_DEVICE,
1574                                                         &rp, sizeof(rp));
1575                 goto unlock;
1576         }
1577
1578         cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len);
1579         if (!cmd) {
1580                 err = -ENOMEM;
1581                 hci_conn_put(conn);
1582                 goto unlock;
1583         }
1584
1585         /* For LE, just connecting isn't a proof that the pairing finished */
1586         if (cp->addr.type == MGMT_ADDR_BREDR)
1587                 conn->connect_cfm_cb = pairing_complete_cb;
1588
1589         conn->security_cfm_cb = pairing_complete_cb;
1590         conn->disconn_cfm_cb = pairing_complete_cb;
1591         conn->io_capability = cp->io_cap;
1592         cmd->user_data = conn;
1593
1594         if (conn->state == BT_CONNECTED &&
1595                                 hci_conn_security(conn, sec_level, auth_type))
1596                 pairing_complete(cmd, 0);
1597
1598         err = 0;
1599
1600 unlock:
1601         hci_dev_unlock(hdev);
1602         hci_dev_put(hdev);
1603
1604         return err;
1605 }
1606
1607 static int user_pairing_resp(struct sock *sk, u16 index, bdaddr_t *bdaddr,
1608                                         u16 mgmt_op, u16 hci_op, __le32 passkey)
1609 {
1610         struct pending_cmd *cmd;
1611         struct hci_dev *hdev;
1612         struct hci_conn *conn;
1613         int err;
1614
1615         hdev = hci_dev_get(index);
1616         if (!hdev)
1617                 return cmd_status(sk, index, mgmt_op,
1618                                                 MGMT_STATUS_INVALID_PARAMS);
1619
1620         hci_dev_lock(hdev);
1621
1622         if (!test_bit(HCI_UP, &hdev->flags)) {
1623                 err = cmd_status(sk, index, mgmt_op, MGMT_STATUS_NOT_POWERED);
1624                 goto done;
1625         }
1626
1627         /*
1628          * Check for an existing ACL link, if present pair via
1629          * HCI commands.
1630          *
1631          * If no ACL link is present, check for an LE link and if
1632          * present, pair via the SMP engine.
1633          *
1634          * If neither ACL nor LE links are present, fail with error.
1635          */
1636         conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, bdaddr);
1637         if (!conn) {
1638                 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, bdaddr);
1639                 if (!conn) {
1640                         err = cmd_status(sk, index, mgmt_op,
1641                                                 MGMT_STATUS_NOT_CONNECTED);
1642                         goto done;
1643                 }
1644
1645                 /* Continue with pairing via SMP */
1646                 err = smp_user_confirm_reply(conn, mgmt_op, passkey);
1647
1648                 if (!err)
1649                         err = cmd_status(sk, index, mgmt_op,
1650                                                         MGMT_STATUS_SUCCESS);
1651                 else
1652                         err = cmd_status(sk, index, mgmt_op,
1653                                                         MGMT_STATUS_FAILED);
1654
1655                 goto done;
1656         }
1657
1658         cmd = mgmt_pending_add(sk, mgmt_op, hdev, bdaddr, sizeof(*bdaddr));
1659         if (!cmd) {
1660                 err = -ENOMEM;
1661                 goto done;
1662         }
1663
1664         /* Continue with pairing via HCI */
1665         if (hci_op == HCI_OP_USER_PASSKEY_REPLY) {
1666                 struct hci_cp_user_passkey_reply cp;
1667
1668                 bacpy(&cp.bdaddr, bdaddr);
1669                 cp.passkey = passkey;
1670                 err = hci_send_cmd(hdev, hci_op, sizeof(cp), &cp);
1671         } else
1672                 err = hci_send_cmd(hdev, hci_op, sizeof(*bdaddr), bdaddr);
1673
1674         if (err < 0)
1675                 mgmt_pending_remove(cmd);
1676
1677 done:
1678         hci_dev_unlock(hdev);
1679         hci_dev_put(hdev);
1680
1681         return err;
1682 }
1683
1684 static int user_confirm_reply(struct sock *sk, u16 index, void *data, u16 len)
1685 {
1686         struct mgmt_cp_user_confirm_reply *cp = (void *) data;
1687
1688         BT_DBG("");
1689
1690         if (len != sizeof(*cp))
1691                 return cmd_status(sk, index, MGMT_OP_USER_CONFIRM_REPLY,
1692                                                 MGMT_STATUS_INVALID_PARAMS);
1693
1694         return user_pairing_resp(sk, index, &cp->bdaddr,
1695                         MGMT_OP_USER_CONFIRM_REPLY,
1696                         HCI_OP_USER_CONFIRM_REPLY, 0);
1697 }
1698
1699 static int user_confirm_neg_reply(struct sock *sk, u16 index, void *data,
1700                                                                         u16 len)
1701 {
1702         struct mgmt_cp_user_confirm_neg_reply *cp = data;
1703
1704         BT_DBG("");
1705
1706         if (len != sizeof(*cp))
1707                 return cmd_status(sk, index, MGMT_OP_USER_CONFIRM_NEG_REPLY,
1708                                                 MGMT_STATUS_INVALID_PARAMS);
1709
1710         return user_pairing_resp(sk, index, &cp->bdaddr,
1711                         MGMT_OP_USER_CONFIRM_NEG_REPLY,
1712                         HCI_OP_USER_CONFIRM_NEG_REPLY, 0);
1713 }
1714
1715 static int user_passkey_reply(struct sock *sk, u16 index, void *data, u16 len)
1716 {
1717         struct mgmt_cp_user_passkey_reply *cp = (void *) data;
1718
1719         BT_DBG("");
1720
1721         if (len != sizeof(*cp))
1722                 return cmd_status(sk, index, MGMT_OP_USER_PASSKEY_REPLY,
1723                                                                         EINVAL);
1724
1725         return user_pairing_resp(sk, index, &cp->bdaddr,
1726                         MGMT_OP_USER_PASSKEY_REPLY,
1727                         HCI_OP_USER_PASSKEY_REPLY, cp->passkey);
1728 }
1729
1730 static int user_passkey_neg_reply(struct sock *sk, u16 index, void *data,
1731                                                                         u16 len)
1732 {
1733         struct mgmt_cp_user_passkey_neg_reply *cp = (void *) data;
1734
1735         BT_DBG("");
1736
1737         if (len != sizeof(*cp))
1738                 return cmd_status(sk, index, MGMT_OP_USER_PASSKEY_NEG_REPLY,
1739                                                                         EINVAL);
1740
1741         return user_pairing_resp(sk, index, &cp->bdaddr,
1742                         MGMT_OP_USER_PASSKEY_NEG_REPLY,
1743                         HCI_OP_USER_PASSKEY_NEG_REPLY, 0);
1744 }
1745
1746 static int set_local_name(struct sock *sk, u16 index, unsigned char *data,
1747                                                                 u16 len)
1748 {
1749         struct mgmt_cp_set_local_name *mgmt_cp = (void *) data;
1750         struct hci_cp_write_local_name hci_cp;
1751         struct hci_dev *hdev;
1752         struct pending_cmd *cmd;
1753         int err;
1754
1755         BT_DBG("");
1756
1757         if (len != sizeof(*mgmt_cp))
1758                 return cmd_status(sk, index, MGMT_OP_SET_LOCAL_NAME,
1759                                                 MGMT_STATUS_INVALID_PARAMS);
1760
1761         hdev = hci_dev_get(index);
1762         if (!hdev)
1763                 return cmd_status(sk, index, MGMT_OP_SET_LOCAL_NAME,
1764                                                 MGMT_STATUS_INVALID_PARAMS);
1765
1766         hci_dev_lock(hdev);
1767
1768         cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, hdev, data, len);
1769         if (!cmd) {
1770                 err = -ENOMEM;
1771                 goto failed;
1772         }
1773
1774         memcpy(hci_cp.name, mgmt_cp->name, sizeof(hci_cp.name));
1775         err = hci_send_cmd(hdev, HCI_OP_WRITE_LOCAL_NAME, sizeof(hci_cp),
1776                                                                 &hci_cp);
1777         if (err < 0)
1778                 mgmt_pending_remove(cmd);
1779
1780 failed:
1781         hci_dev_unlock(hdev);
1782         hci_dev_put(hdev);
1783
1784         return err;
1785 }
1786
1787 static int read_local_oob_data(struct sock *sk, u16 index)
1788 {
1789         struct hci_dev *hdev;
1790         struct pending_cmd *cmd;
1791         int err;
1792
1793         BT_DBG("hci%u", index);
1794
1795         hdev = hci_dev_get(index);
1796         if (!hdev)
1797                 return cmd_status(sk, index, MGMT_OP_READ_LOCAL_OOB_DATA,
1798                                                 MGMT_STATUS_INVALID_PARAMS);
1799
1800         hci_dev_lock(hdev);
1801
1802         if (!test_bit(HCI_UP, &hdev->flags)) {
1803                 err = cmd_status(sk, index, MGMT_OP_READ_LOCAL_OOB_DATA,
1804                                                 MGMT_STATUS_NOT_POWERED);
1805                 goto unlock;
1806         }
1807
1808         if (!(hdev->features[6] & LMP_SIMPLE_PAIR)) {
1809                 err = cmd_status(sk, index, MGMT_OP_READ_LOCAL_OOB_DATA,
1810                                                 MGMT_STATUS_NOT_SUPPORTED);
1811                 goto unlock;
1812         }
1813
1814         if (mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev)) {
1815                 err = cmd_status(sk, index, MGMT_OP_READ_LOCAL_OOB_DATA,
1816                                                         MGMT_STATUS_BUSY);
1817                 goto unlock;
1818         }
1819
1820         cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_DATA, hdev, NULL, 0);
1821         if (!cmd) {
1822                 err = -ENOMEM;
1823                 goto unlock;
1824         }
1825
1826         err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
1827         if (err < 0)
1828                 mgmt_pending_remove(cmd);
1829
1830 unlock:
1831         hci_dev_unlock(hdev);
1832         hci_dev_put(hdev);
1833
1834         return err;
1835 }
1836
1837 static int add_remote_oob_data(struct sock *sk, u16 index, unsigned char *data,
1838                                                                         u16 len)
1839 {
1840         struct hci_dev *hdev;
1841         struct mgmt_cp_add_remote_oob_data *cp = (void *) data;
1842         int err;
1843
1844         BT_DBG("hci%u ", index);
1845
1846         if (len != sizeof(*cp))
1847                 return cmd_status(sk, index, MGMT_OP_ADD_REMOTE_OOB_DATA,
1848                                                 MGMT_STATUS_INVALID_PARAMS);
1849
1850         hdev = hci_dev_get(index);
1851         if (!hdev)
1852                 return cmd_status(sk, index, MGMT_OP_ADD_REMOTE_OOB_DATA,
1853                                                 MGMT_STATUS_INVALID_PARAMS);
1854
1855         hci_dev_lock(hdev);
1856
1857         err = hci_add_remote_oob_data(hdev, &cp->bdaddr, cp->hash,
1858                                                                 cp->randomizer);
1859         if (err < 0)
1860                 err = cmd_status(sk, index, MGMT_OP_ADD_REMOTE_OOB_DATA,
1861                                                         MGMT_STATUS_FAILED);
1862         else
1863                 err = cmd_complete(sk, index, MGMT_OP_ADD_REMOTE_OOB_DATA, NULL,
1864                                                                         0);
1865
1866         hci_dev_unlock(hdev);
1867         hci_dev_put(hdev);
1868
1869         return err;
1870 }
1871
1872 static int remove_remote_oob_data(struct sock *sk, u16 index,
1873                                                 unsigned char *data, u16 len)
1874 {
1875         struct hci_dev *hdev;
1876         struct mgmt_cp_remove_remote_oob_data *cp = (void *) data;
1877         int err;
1878
1879         BT_DBG("hci%u ", index);
1880
1881         if (len != sizeof(*cp))
1882                 return cmd_status(sk, index, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
1883                                                 MGMT_STATUS_INVALID_PARAMS);
1884
1885         hdev = hci_dev_get(index);
1886         if (!hdev)
1887                 return cmd_status(sk, index, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
1888                                                 MGMT_STATUS_INVALID_PARAMS);
1889
1890         hci_dev_lock(hdev);
1891
1892         err = hci_remove_remote_oob_data(hdev, &cp->bdaddr);
1893         if (err < 0)
1894                 err = cmd_status(sk, index, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
1895                                                 MGMT_STATUS_INVALID_PARAMS);
1896         else
1897                 err = cmd_complete(sk, index, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
1898                                                                 NULL, 0);
1899
1900         hci_dev_unlock(hdev);
1901         hci_dev_put(hdev);
1902
1903         return err;
1904 }
1905
1906 static int start_discovery(struct sock *sk, u16 index,
1907                                                 unsigned char *data, u16 len)
1908 {
1909         struct mgmt_cp_start_discovery *cp = (void *) data;
1910         struct pending_cmd *cmd;
1911         struct hci_dev *hdev;
1912         int err;
1913
1914         BT_DBG("hci%u", index);
1915
1916         if (len != sizeof(*cp))
1917                 return cmd_status(sk, index, MGMT_OP_START_DISCOVERY,
1918                                                 MGMT_STATUS_INVALID_PARAMS);
1919
1920         hdev = hci_dev_get(index);
1921         if (!hdev)
1922                 return cmd_status(sk, index, MGMT_OP_START_DISCOVERY,
1923                                                 MGMT_STATUS_INVALID_PARAMS);
1924
1925         hci_dev_lock(hdev);
1926
1927         if (!test_bit(HCI_UP, &hdev->flags)) {
1928                 err = cmd_status(sk, index, MGMT_OP_START_DISCOVERY,
1929                                                 MGMT_STATUS_NOT_POWERED);
1930                 goto failed;
1931         }
1932
1933         cmd = mgmt_pending_add(sk, MGMT_OP_START_DISCOVERY, hdev, NULL, 0);
1934         if (!cmd) {
1935                 err = -ENOMEM;
1936                 goto failed;
1937         }
1938
1939         err = hci_do_inquiry(hdev, INQUIRY_LEN_BREDR);
1940         if (err < 0)
1941                 mgmt_pending_remove(cmd);
1942
1943 failed:
1944         hci_dev_unlock(hdev);
1945         hci_dev_put(hdev);
1946
1947         return err;
1948 }
1949
1950 static int stop_discovery(struct sock *sk, u16 index)
1951 {
1952         struct hci_dev *hdev;
1953         struct pending_cmd *cmd;
1954         int err;
1955
1956         BT_DBG("hci%u", index);
1957
1958         hdev = hci_dev_get(index);
1959         if (!hdev)
1960                 return cmd_status(sk, index, MGMT_OP_STOP_DISCOVERY,
1961                                                 MGMT_STATUS_INVALID_PARAMS);
1962
1963         hci_dev_lock(hdev);
1964
1965         cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, hdev, NULL, 0);
1966         if (!cmd) {
1967                 err = -ENOMEM;
1968                 goto failed;
1969         }
1970
1971         err = hci_cancel_inquiry(hdev);
1972         if (err < 0)
1973                 mgmt_pending_remove(cmd);
1974
1975 failed:
1976         hci_dev_unlock(hdev);
1977         hci_dev_put(hdev);
1978
1979         return err;
1980 }
1981
1982 static int block_device(struct sock *sk, u16 index, unsigned char *data,
1983                                                                 u16 len)
1984 {
1985         struct hci_dev *hdev;
1986         struct mgmt_cp_block_device *cp = (void *) data;
1987         int err;
1988
1989         BT_DBG("hci%u", index);
1990
1991         if (len != sizeof(*cp))
1992                 return cmd_status(sk, index, MGMT_OP_BLOCK_DEVICE,
1993                                                 MGMT_STATUS_INVALID_PARAMS);
1994
1995         hdev = hci_dev_get(index);
1996         if (!hdev)
1997                 return cmd_status(sk, index, MGMT_OP_BLOCK_DEVICE,
1998                                                 MGMT_STATUS_INVALID_PARAMS);
1999
2000         hci_dev_lock(hdev);
2001
2002         err = hci_blacklist_add(hdev, &cp->bdaddr);
2003         if (err < 0)
2004                 err = cmd_status(sk, index, MGMT_OP_BLOCK_DEVICE,
2005                                                         MGMT_STATUS_FAILED);
2006         else
2007                 err = cmd_complete(sk, index, MGMT_OP_BLOCK_DEVICE,
2008                                                         NULL, 0);
2009
2010         hci_dev_unlock(hdev);
2011         hci_dev_put(hdev);
2012
2013         return err;
2014 }
2015
2016 static int unblock_device(struct sock *sk, u16 index, unsigned char *data,
2017                                                                 u16 len)
2018 {
2019         struct hci_dev *hdev;
2020         struct mgmt_cp_unblock_device *cp = (void *) data;
2021         int err;
2022
2023         BT_DBG("hci%u", index);
2024
2025         if (len != sizeof(*cp))
2026                 return cmd_status(sk, index, MGMT_OP_UNBLOCK_DEVICE,
2027                                                 MGMT_STATUS_INVALID_PARAMS);
2028
2029         hdev = hci_dev_get(index);
2030         if (!hdev)
2031                 return cmd_status(sk, index, MGMT_OP_UNBLOCK_DEVICE,
2032                                                 MGMT_STATUS_INVALID_PARAMS);
2033
2034         hci_dev_lock(hdev);
2035
2036         err = hci_blacklist_del(hdev, &cp->bdaddr);
2037
2038         if (err < 0)
2039                 err = cmd_status(sk, index, MGMT_OP_UNBLOCK_DEVICE,
2040                                                 MGMT_STATUS_INVALID_PARAMS);
2041         else
2042                 err = cmd_complete(sk, index, MGMT_OP_UNBLOCK_DEVICE,
2043                                                                 NULL, 0);
2044
2045         hci_dev_unlock(hdev);
2046         hci_dev_put(hdev);
2047
2048         return err;
2049 }
2050
2051 static int set_fast_connectable(struct sock *sk, u16 index,
2052                                         unsigned char *data, u16 len)
2053 {
2054         struct hci_dev *hdev;
2055         struct mgmt_mode *cp = (void *) data;
2056         struct hci_cp_write_page_scan_activity acp;
2057         u8 type;
2058         int err;
2059
2060         BT_DBG("hci%u", index);
2061
2062         if (len != sizeof(*cp))
2063                 return cmd_status(sk, index, MGMT_OP_SET_FAST_CONNECTABLE,
2064                                                 MGMT_STATUS_INVALID_PARAMS);
2065
2066         hdev = hci_dev_get(index);
2067         if (!hdev)
2068                 return cmd_status(sk, index, MGMT_OP_SET_FAST_CONNECTABLE,
2069                                                 MGMT_STATUS_INVALID_PARAMS);
2070
2071         hci_dev_lock(hdev);
2072
2073         if (cp->val) {
2074                 type = PAGE_SCAN_TYPE_INTERLACED;
2075                 acp.interval = 0x0024;  /* 22.5 msec page scan interval */
2076         } else {
2077                 type = PAGE_SCAN_TYPE_STANDARD; /* default */
2078                 acp.interval = 0x0800;  /* default 1.28 sec page scan */
2079         }
2080
2081         acp.window = 0x0012;    /* default 11.25 msec page scan window */
2082
2083         err = hci_send_cmd(hdev, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY,
2084                                                 sizeof(acp), &acp);
2085         if (err < 0) {
2086                 err = cmd_status(sk, index, MGMT_OP_SET_FAST_CONNECTABLE,
2087                                                         MGMT_STATUS_FAILED);
2088                 goto done;
2089         }
2090
2091         err = hci_send_cmd(hdev, HCI_OP_WRITE_PAGE_SCAN_TYPE, 1, &type);
2092         if (err < 0) {
2093                 err = cmd_status(sk, index, MGMT_OP_SET_FAST_CONNECTABLE,
2094                                                         MGMT_STATUS_FAILED);
2095                 goto done;
2096         }
2097
2098         err = cmd_complete(sk, index, MGMT_OP_SET_FAST_CONNECTABLE,
2099                                                         NULL, 0);
2100 done:
2101         hci_dev_unlock(hdev);
2102         hci_dev_put(hdev);
2103
2104         return err;
2105 }
2106
2107 int mgmt_control(struct sock *sk, struct msghdr *msg, size_t msglen)
2108 {
2109         unsigned char *buf;
2110         struct mgmt_hdr *hdr;
2111         u16 opcode, index, len;
2112         int err;
2113
2114         BT_DBG("got %zu bytes", msglen);
2115
2116         if (msglen < sizeof(*hdr))
2117                 return -EINVAL;
2118
2119         buf = kmalloc(msglen, GFP_KERNEL);
2120         if (!buf)
2121                 return -ENOMEM;
2122
2123         if (memcpy_fromiovec(buf, msg->msg_iov, msglen)) {
2124                 err = -EFAULT;
2125                 goto done;
2126         }
2127
2128         hdr = (struct mgmt_hdr *) buf;
2129         opcode = get_unaligned_le16(&hdr->opcode);
2130         index = get_unaligned_le16(&hdr->index);
2131         len = get_unaligned_le16(&hdr->len);
2132
2133         if (len != msglen - sizeof(*hdr)) {
2134                 err = -EINVAL;
2135                 goto done;
2136         }
2137
2138         switch (opcode) {
2139         case MGMT_OP_READ_VERSION:
2140                 err = read_version(sk);
2141                 break;
2142         case MGMT_OP_READ_INDEX_LIST:
2143                 err = read_index_list(sk);
2144                 break;
2145         case MGMT_OP_READ_INFO:
2146                 err = read_controller_info(sk, index);
2147                 break;
2148         case MGMT_OP_SET_POWERED:
2149                 err = set_powered(sk, index, buf + sizeof(*hdr), len);
2150                 break;
2151         case MGMT_OP_SET_DISCOVERABLE:
2152                 err = set_discoverable(sk, index, buf + sizeof(*hdr), len);
2153                 break;
2154         case MGMT_OP_SET_CONNECTABLE:
2155                 err = set_connectable(sk, index, buf + sizeof(*hdr), len);
2156                 break;
2157         case MGMT_OP_SET_FAST_CONNECTABLE:
2158                 err = set_fast_connectable(sk, index, buf + sizeof(*hdr),
2159                                                                 len);
2160                 break;
2161         case MGMT_OP_SET_PAIRABLE:
2162                 err = set_pairable(sk, index, buf + sizeof(*hdr), len);
2163                 break;
2164         case MGMT_OP_ADD_UUID:
2165                 err = add_uuid(sk, index, buf + sizeof(*hdr), len);
2166                 break;
2167         case MGMT_OP_REMOVE_UUID:
2168                 err = remove_uuid(sk, index, buf + sizeof(*hdr), len);
2169                 break;
2170         case MGMT_OP_SET_DEV_CLASS:
2171                 err = set_dev_class(sk, index, buf + sizeof(*hdr), len);
2172                 break;
2173         case MGMT_OP_LOAD_LINK_KEYS:
2174                 err = load_link_keys(sk, index, buf + sizeof(*hdr), len);
2175                 break;
2176         case MGMT_OP_REMOVE_KEYS:
2177                 err = remove_keys(sk, index, buf + sizeof(*hdr), len);
2178                 break;
2179         case MGMT_OP_DISCONNECT:
2180                 err = disconnect(sk, index, buf + sizeof(*hdr), len);
2181                 break;
2182         case MGMT_OP_GET_CONNECTIONS:
2183                 err = get_connections(sk, index);
2184                 break;
2185         case MGMT_OP_PIN_CODE_REPLY:
2186                 err = pin_code_reply(sk, index, buf + sizeof(*hdr), len);
2187                 break;
2188         case MGMT_OP_PIN_CODE_NEG_REPLY:
2189                 err = pin_code_neg_reply(sk, index, buf + sizeof(*hdr), len);
2190                 break;
2191         case MGMT_OP_SET_IO_CAPABILITY:
2192                 err = set_io_capability(sk, index, buf + sizeof(*hdr), len);
2193                 break;
2194         case MGMT_OP_PAIR_DEVICE:
2195                 err = pair_device(sk, index, buf + sizeof(*hdr), len);
2196                 break;
2197         case MGMT_OP_USER_CONFIRM_REPLY:
2198                 err = user_confirm_reply(sk, index, buf + sizeof(*hdr), len);
2199                 break;
2200         case MGMT_OP_USER_CONFIRM_NEG_REPLY:
2201                 err = user_confirm_neg_reply(sk, index, buf + sizeof(*hdr),
2202                                                                         len);
2203                 break;
2204         case MGMT_OP_USER_PASSKEY_REPLY:
2205                 err = user_passkey_reply(sk, index, buf + sizeof(*hdr), len);
2206                 break;
2207         case MGMT_OP_USER_PASSKEY_NEG_REPLY:
2208                 err = user_passkey_neg_reply(sk, index, buf + sizeof(*hdr),
2209                                                                         len);
2210                 break;
2211         case MGMT_OP_SET_LOCAL_NAME:
2212                 err = set_local_name(sk, index, buf + sizeof(*hdr), len);
2213                 break;
2214         case MGMT_OP_READ_LOCAL_OOB_DATA:
2215                 err = read_local_oob_data(sk, index);
2216                 break;
2217         case MGMT_OP_ADD_REMOTE_OOB_DATA:
2218                 err = add_remote_oob_data(sk, index, buf + sizeof(*hdr), len);
2219                 break;
2220         case MGMT_OP_REMOVE_REMOTE_OOB_DATA:
2221                 err = remove_remote_oob_data(sk, index, buf + sizeof(*hdr),
2222                                                                         len);
2223                 break;
2224         case MGMT_OP_START_DISCOVERY:
2225                 err = start_discovery(sk, index, buf + sizeof(*hdr), len);
2226                 break;
2227         case MGMT_OP_STOP_DISCOVERY:
2228                 err = stop_discovery(sk, index);
2229                 break;
2230         case MGMT_OP_BLOCK_DEVICE:
2231                 err = block_device(sk, index, buf + sizeof(*hdr), len);
2232                 break;
2233         case MGMT_OP_UNBLOCK_DEVICE:
2234                 err = unblock_device(sk, index, buf + sizeof(*hdr), len);
2235                 break;
2236         default:
2237                 BT_DBG("Unknown op %u", opcode);
2238                 err = cmd_status(sk, index, opcode,
2239                                                 MGMT_STATUS_UNKNOWN_COMMAND);
2240                 break;
2241         }
2242
2243         if (err < 0)
2244                 goto done;
2245
2246         err = msglen;
2247
2248 done:
2249         kfree(buf);
2250         return err;
2251 }
2252
2253 static void cmd_status_rsp(struct pending_cmd *cmd, void *data)
2254 {
2255         u8 *status = data;
2256
2257         cmd_status(cmd->sk, cmd->index, cmd->opcode, *status);
2258         mgmt_pending_remove(cmd);
2259 }
2260
2261 int mgmt_index_added(struct hci_dev *hdev)
2262 {
2263         return mgmt_event(MGMT_EV_INDEX_ADDED, hdev, NULL, 0, NULL);
2264 }
2265
2266 int mgmt_index_removed(struct hci_dev *hdev)
2267 {
2268         u8 status = ENODEV;
2269
2270         mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status);
2271
2272         return mgmt_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0, NULL);
2273 }
2274
2275 struct cmd_lookup {
2276         u8 val;
2277         struct sock *sk;
2278         struct hci_dev *hdev;
2279 };
2280
2281 static void settings_rsp(struct pending_cmd *cmd, void *data)
2282 {
2283         struct cmd_lookup *match = data;
2284
2285         send_settings_rsp(cmd->sk, cmd->opcode, match->hdev);
2286
2287         list_del(&cmd->list);
2288
2289         if (match->sk == NULL) {
2290                 match->sk = cmd->sk;
2291                 sock_hold(match->sk);
2292         }
2293
2294         mgmt_pending_free(cmd);
2295 }
2296
2297 int mgmt_powered(struct hci_dev *hdev, u8 powered)
2298 {
2299         struct cmd_lookup match = { powered, NULL, hdev };
2300         __le32 ev;
2301         int ret;
2302
2303         mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
2304
2305         if (!powered) {
2306                 u8 status = ENETDOWN;
2307                 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status);
2308         }
2309
2310         ev = cpu_to_le32(get_current_settings(hdev));
2311
2312         ret = mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev),
2313                                                                 match.sk);
2314
2315         if (match.sk)
2316                 sock_put(match.sk);
2317
2318         return ret;
2319 }
2320
2321 int mgmt_discoverable(struct hci_dev *hdev, u8 discoverable)
2322 {
2323         struct cmd_lookup match = { discoverable, NULL, hdev };
2324         __le32 ev;
2325         int ret;
2326
2327         mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev, settings_rsp, &match);
2328
2329         ev = cpu_to_le32(get_current_settings(hdev));
2330
2331         ret = mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev),
2332                                                                 match.sk);
2333         if (match.sk)
2334                 sock_put(match.sk);
2335
2336         return ret;
2337 }
2338
2339 int mgmt_connectable(struct hci_dev *hdev, u8 connectable)
2340 {
2341         __le32 ev;
2342         struct cmd_lookup match = { connectable, NULL, hdev };
2343         int ret;
2344
2345         mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, hdev, settings_rsp,
2346                                                                 &match);
2347
2348         ev = cpu_to_le32(get_current_settings(hdev));
2349
2350         ret = mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev), match.sk);
2351
2352         if (match.sk)
2353                 sock_put(match.sk);
2354
2355         return ret;
2356 }
2357
2358 int mgmt_write_scan_failed(struct hci_dev *hdev, u8 scan, u8 status)
2359 {
2360         u8 mgmt_err = mgmt_status(status);
2361
2362         if (scan & SCAN_PAGE)
2363                 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, hdev,
2364                                                 cmd_status_rsp, &mgmt_err);
2365
2366         if (scan & SCAN_INQUIRY)
2367                 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev,
2368                                                 cmd_status_rsp, &mgmt_err);
2369
2370         return 0;
2371 }
2372
2373 int mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key,
2374                                                                 u8 persistent)
2375 {
2376         struct mgmt_ev_new_link_key ev;
2377
2378         memset(&ev, 0, sizeof(ev));
2379
2380         ev.store_hint = persistent;
2381         bacpy(&ev.key.bdaddr, &key->bdaddr);
2382         ev.key.type = key->type;
2383         memcpy(ev.key.val, key->val, 16);
2384         ev.key.pin_len = key->pin_len;
2385
2386         return mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL);
2387 }
2388
2389 int mgmt_connected(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
2390                                                                 u8 addr_type)
2391 {
2392         struct mgmt_addr_info ev;
2393
2394         bacpy(&ev.bdaddr, bdaddr);
2395         ev.type = link_to_mgmt(link_type, addr_type);
2396
2397         return mgmt_event(MGMT_EV_CONNECTED, hdev, &ev, sizeof(ev), NULL);
2398 }
2399
2400 static void disconnect_rsp(struct pending_cmd *cmd, void *data)
2401 {
2402         struct mgmt_cp_disconnect *cp = cmd->param;
2403         struct sock **sk = data;
2404         struct mgmt_rp_disconnect rp;
2405
2406         bacpy(&rp.bdaddr, &cp->bdaddr);
2407         rp.status = 0;
2408
2409         cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT, &rp, sizeof(rp));
2410
2411         *sk = cmd->sk;
2412         sock_hold(*sk);
2413
2414         mgmt_pending_remove(cmd);
2415 }
2416
2417 static void remove_keys_rsp(struct pending_cmd *cmd, void *data)
2418 {
2419         u8 *status = data;
2420         struct mgmt_cp_remove_keys *cp = cmd->param;
2421         struct mgmt_rp_remove_keys rp;
2422
2423         memset(&rp, 0, sizeof(rp));
2424         bacpy(&rp.bdaddr, &cp->bdaddr);
2425         if (status != NULL)
2426                 rp.status = *status;
2427
2428         cmd_complete(cmd->sk, cmd->index, MGMT_OP_REMOVE_KEYS, &rp,
2429                                                                 sizeof(rp));
2430
2431         mgmt_pending_remove(cmd);
2432 }
2433
2434 int mgmt_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
2435                                                                 u8 addr_type)
2436 {
2437         struct mgmt_addr_info ev;
2438         struct sock *sk = NULL;
2439         int err;
2440
2441         mgmt_pending_foreach(MGMT_OP_DISCONNECT, hdev, disconnect_rsp, &sk);
2442
2443         bacpy(&ev.bdaddr, bdaddr);
2444         ev.type = link_to_mgmt(link_type, addr_type);
2445
2446         err = mgmt_event(MGMT_EV_DISCONNECTED, hdev, &ev, sizeof(ev), sk);
2447
2448         if (sk)
2449                 sock_put(sk);
2450
2451         mgmt_pending_foreach(MGMT_OP_REMOVE_KEYS, hdev, remove_keys_rsp, NULL);
2452
2453         return err;
2454 }
2455
2456 int mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 status)
2457 {
2458         struct pending_cmd *cmd;
2459         u8 mgmt_err = mgmt_status(status);
2460         int err;
2461
2462         cmd = mgmt_pending_find(MGMT_OP_DISCONNECT, hdev);
2463         if (!cmd)
2464                 return -ENOENT;
2465
2466         if (bdaddr) {
2467                 struct mgmt_rp_disconnect rp;
2468
2469                 bacpy(&rp.bdaddr, bdaddr);
2470                 rp.status = status;
2471
2472                 err = cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT,
2473                                                         &rp, sizeof(rp));
2474         } else
2475                 err = cmd_status(cmd->sk, hdev->id, MGMT_OP_DISCONNECT,
2476                                                                 mgmt_err);
2477
2478         mgmt_pending_remove(cmd);
2479
2480         return err;
2481 }
2482
2483 int mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
2484                                                 u8 addr_type, u8 status)
2485 {
2486         struct mgmt_ev_connect_failed ev;
2487
2488         bacpy(&ev.addr.bdaddr, bdaddr);
2489         ev.addr.type = link_to_mgmt(link_type, addr_type);
2490         ev.status = mgmt_status(status);
2491
2492         return mgmt_event(MGMT_EV_CONNECT_FAILED, hdev, &ev, sizeof(ev), NULL);
2493 }
2494
2495 int mgmt_pin_code_request(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 secure)
2496 {
2497         struct mgmt_ev_pin_code_request ev;
2498
2499         bacpy(&ev.bdaddr, bdaddr);
2500         ev.secure = secure;
2501
2502         return mgmt_event(MGMT_EV_PIN_CODE_REQUEST, hdev, &ev, sizeof(ev),
2503                                                                         NULL);
2504 }
2505
2506 int mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
2507                                                                 u8 status)
2508 {
2509         struct pending_cmd *cmd;
2510         struct mgmt_rp_pin_code_reply rp;
2511         int err;
2512
2513         cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_REPLY, hdev);
2514         if (!cmd)
2515                 return -ENOENT;
2516
2517         bacpy(&rp.bdaddr, bdaddr);
2518         rp.status = mgmt_status(status);
2519
2520         err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_REPLY, &rp,
2521                                                                 sizeof(rp));
2522
2523         mgmt_pending_remove(cmd);
2524
2525         return err;
2526 }
2527
2528 int mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
2529                                                                 u8 status)
2530 {
2531         struct pending_cmd *cmd;
2532         struct mgmt_rp_pin_code_reply rp;
2533         int err;
2534
2535         cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, hdev);
2536         if (!cmd)
2537                 return -ENOENT;
2538
2539         bacpy(&rp.bdaddr, bdaddr);
2540         rp.status = mgmt_status(status);
2541
2542         err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_NEG_REPLY, &rp,
2543                                                                 sizeof(rp));
2544
2545         mgmt_pending_remove(cmd);
2546
2547         return err;
2548 }
2549
2550 int mgmt_user_confirm_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
2551                                                 __le32 value, u8 confirm_hint)
2552 {
2553         struct mgmt_ev_user_confirm_request ev;
2554
2555         BT_DBG("%s", hdev->name);
2556
2557         bacpy(&ev.bdaddr, bdaddr);
2558         ev.confirm_hint = confirm_hint;
2559         put_unaligned_le32(value, &ev.value);
2560
2561         return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, hdev, &ev, sizeof(ev),
2562                                                                         NULL);
2563 }
2564
2565 int mgmt_user_passkey_request(struct hci_dev *hdev, bdaddr_t *bdaddr)
2566 {
2567         struct mgmt_ev_user_passkey_request ev;
2568
2569         BT_DBG("%s", hdev->name);
2570
2571         bacpy(&ev.bdaddr, bdaddr);
2572
2573         return mgmt_event(MGMT_EV_USER_PASSKEY_REQUEST, hdev, &ev, sizeof(ev),
2574                                                                         NULL);
2575 }
2576
2577 static int user_pairing_resp_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
2578                                                         u8 status, u8 opcode)
2579 {
2580         struct pending_cmd *cmd;
2581         struct mgmt_rp_user_confirm_reply rp;
2582         int err;
2583
2584         cmd = mgmt_pending_find(opcode, hdev);
2585         if (!cmd)
2586                 return -ENOENT;
2587
2588         bacpy(&rp.bdaddr, bdaddr);
2589         rp.status = mgmt_status(status);
2590         err = cmd_complete(cmd->sk, hdev->id, opcode, &rp, sizeof(rp));
2591
2592         mgmt_pending_remove(cmd);
2593
2594         return err;
2595 }
2596
2597 int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
2598                                                                 u8 status)
2599 {
2600         return user_pairing_resp_complete(hdev, bdaddr, status,
2601                                                 MGMT_OP_USER_CONFIRM_REPLY);
2602 }
2603
2604 int mgmt_user_confirm_neg_reply_complete(struct hci_dev *hdev,
2605                                                 bdaddr_t *bdaddr, u8 status)
2606 {
2607         return user_pairing_resp_complete(hdev, bdaddr, status,
2608                                         MGMT_OP_USER_CONFIRM_NEG_REPLY);
2609 }
2610
2611 int mgmt_user_passkey_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
2612                                                                 u8 status)
2613 {
2614         return user_pairing_resp_complete(hdev, bdaddr, status,
2615                                                 MGMT_OP_USER_PASSKEY_REPLY);
2616 }
2617
2618 int mgmt_user_passkey_neg_reply_complete(struct hci_dev *hdev,
2619                                                 bdaddr_t *bdaddr, u8 status)
2620 {
2621         return user_pairing_resp_complete(hdev, bdaddr, status,
2622                                         MGMT_OP_USER_PASSKEY_NEG_REPLY);
2623 }
2624
2625 int mgmt_auth_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 status)
2626 {
2627         struct mgmt_ev_auth_failed ev;
2628
2629         bacpy(&ev.bdaddr, bdaddr);
2630         ev.status = mgmt_status(status);
2631
2632         return mgmt_event(MGMT_EV_AUTH_FAILED, hdev, &ev, sizeof(ev), NULL);
2633 }
2634
2635 int mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status)
2636 {
2637         struct pending_cmd *cmd;
2638         struct mgmt_cp_set_local_name ev;
2639         int err;
2640
2641         memset(&ev, 0, sizeof(ev));
2642         memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
2643
2644         cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
2645         if (!cmd)
2646                 goto send_event;
2647
2648         if (status) {
2649                 err = cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME,
2650                                                         mgmt_status(status));
2651                 goto failed;
2652         }
2653
2654         update_eir(hdev);
2655
2656         err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, &ev,
2657                                                                 sizeof(ev));
2658         if (err < 0)
2659                 goto failed;
2660
2661 send_event:
2662         err = mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, &ev, sizeof(ev),
2663                                                         cmd ? cmd->sk : NULL);
2664
2665 failed:
2666         if (cmd)
2667                 mgmt_pending_remove(cmd);
2668         return err;
2669 }
2670
2671 int mgmt_read_local_oob_data_reply_complete(struct hci_dev *hdev, u8 *hash,
2672                                                 u8 *randomizer, u8 status)
2673 {
2674         struct pending_cmd *cmd;
2675         int err;
2676
2677         BT_DBG("%s status %u", hdev->name, status);
2678
2679         cmd = mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev);
2680         if (!cmd)
2681                 return -ENOENT;
2682
2683         if (status) {
2684                 err = cmd_status(cmd->sk, hdev->id,
2685                                                 MGMT_OP_READ_LOCAL_OOB_DATA,
2686                                                 mgmt_status(status));
2687         } else {
2688                 struct mgmt_rp_read_local_oob_data rp;
2689
2690                 memcpy(rp.hash, hash, sizeof(rp.hash));
2691                 memcpy(rp.randomizer, randomizer, sizeof(rp.randomizer));
2692
2693                 err = cmd_complete(cmd->sk, hdev->id,
2694                                                 MGMT_OP_READ_LOCAL_OOB_DATA,
2695                                                 &rp, sizeof(rp));
2696         }
2697
2698         mgmt_pending_remove(cmd);
2699
2700         return err;
2701 }
2702
2703 int mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
2704                                 u8 addr_type, u8 *dev_class, s8 rssi, u8 *eir)
2705 {
2706         struct mgmt_ev_device_found ev;
2707
2708         memset(&ev, 0, sizeof(ev));
2709
2710         bacpy(&ev.addr.bdaddr, bdaddr);
2711         ev.addr.type = link_to_mgmt(link_type, addr_type);
2712         ev.rssi = rssi;
2713
2714         if (eir)
2715                 memcpy(ev.eir, eir, sizeof(ev.eir));
2716
2717         if (dev_class)
2718                 memcpy(ev.dev_class, dev_class, sizeof(ev.dev_class));
2719
2720         return mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, &ev, sizeof(ev), NULL);
2721 }
2722
2723 int mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 *name)
2724 {
2725         struct mgmt_ev_remote_name ev;
2726
2727         memset(&ev, 0, sizeof(ev));
2728
2729         bacpy(&ev.bdaddr, bdaddr);
2730         memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
2731
2732         return mgmt_event(MGMT_EV_REMOTE_NAME, hdev, &ev, sizeof(ev), NULL);
2733 }
2734
2735 int mgmt_start_discovery_failed(struct hci_dev *hdev, u8 status)
2736 {
2737         struct pending_cmd *cmd;
2738         int err;
2739
2740         cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
2741         if (!cmd)
2742                 return -ENOENT;
2743
2744         err = cmd_status(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status));
2745         mgmt_pending_remove(cmd);
2746
2747         return err;
2748 }
2749
2750 int mgmt_stop_discovery_failed(struct hci_dev *hdev, u8 status)
2751 {
2752         struct pending_cmd *cmd;
2753         int err;
2754
2755         cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
2756         if (!cmd)
2757                 return -ENOENT;
2758
2759         err = cmd_status(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status));
2760         mgmt_pending_remove(cmd);
2761
2762         return err;
2763 }
2764
2765 int mgmt_discovering(struct hci_dev *hdev, u8 discovering)
2766 {
2767         struct pending_cmd *cmd;
2768
2769         if (discovering)
2770                 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
2771         else
2772                 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
2773
2774         if (cmd != NULL) {
2775                 cmd_complete(cmd->sk, hdev->id, cmd->opcode, NULL, 0);
2776                 mgmt_pending_remove(cmd);
2777         }
2778
2779         return mgmt_event(MGMT_EV_DISCOVERING, hdev, &discovering,
2780                                                 sizeof(discovering), NULL);
2781 }
2782
2783 int mgmt_device_blocked(struct hci_dev *hdev, bdaddr_t *bdaddr)
2784 {
2785         struct pending_cmd *cmd;
2786         struct mgmt_ev_device_blocked ev;
2787
2788         cmd = mgmt_pending_find(MGMT_OP_BLOCK_DEVICE, hdev);
2789
2790         bacpy(&ev.bdaddr, bdaddr);
2791
2792         return mgmt_event(MGMT_EV_DEVICE_BLOCKED, hdev, &ev, sizeof(ev),
2793                                                         cmd ? cmd->sk : NULL);
2794 }
2795
2796 int mgmt_device_unblocked(struct hci_dev *hdev, bdaddr_t *bdaddr)
2797 {
2798         struct pending_cmd *cmd;
2799         struct mgmt_ev_device_unblocked ev;
2800
2801         cmd = mgmt_pending_find(MGMT_OP_UNBLOCK_DEVICE, hdev);
2802
2803         bacpy(&ev.bdaddr, bdaddr);
2804
2805         return mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, hdev, &ev, sizeof(ev),
2806                                                         cmd ? cmd->sk : NULL);
2807 }