Bluetooth: Verify a pin code in pin_code_reply
[linux-2.6.git] / net / bluetooth / mgmt.c
1 /*
2    BlueZ - Bluetooth protocol stack for Linux
3    Copyright (C) 2010  Nokia Corporation
4
5    This program is free software; you can redistribute it and/or modify
6    it under the terms of the GNU General Public License version 2 as
7    published by the Free Software Foundation;
8
9    THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
10    OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
11    FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
12    IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
13    CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
14    WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15    ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
16    OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17
18    ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
19    COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
20    SOFTWARE IS DISCLAIMED.
21 */
22
23 /* Bluetooth HCI Management interface */
24
25 #include <linux/uaccess.h>
26 #include <asm/unaligned.h>
27
28 #include <net/bluetooth/bluetooth.h>
29 #include <net/bluetooth/hci_core.h>
30 #include <net/bluetooth/mgmt.h>
31
32 #define MGMT_VERSION    0
33 #define MGMT_REVISION   1
34
35 struct pending_cmd {
36         struct list_head list;
37         __u16 opcode;
38         int index;
39         void *param;
40         struct sock *sk;
41         void *user_data;
42 };
43
44 static LIST_HEAD(cmd_list);
45
46 static int cmd_status(struct sock *sk, u16 index, u16 cmd, u8 status)
47 {
48         struct sk_buff *skb;
49         struct mgmt_hdr *hdr;
50         struct mgmt_ev_cmd_status *ev;
51
52         BT_DBG("sock %p, index %u, cmd %u, status %u", sk, index, cmd, status);
53
54         skb = alloc_skb(sizeof(*hdr) + sizeof(*ev), GFP_ATOMIC);
55         if (!skb)
56                 return -ENOMEM;
57
58         hdr = (void *) skb_put(skb, sizeof(*hdr));
59
60         hdr->opcode = cpu_to_le16(MGMT_EV_CMD_STATUS);
61         hdr->index = cpu_to_le16(index);
62         hdr->len = cpu_to_le16(sizeof(*ev));
63
64         ev = (void *) skb_put(skb, sizeof(*ev));
65         ev->status = status;
66         put_unaligned_le16(cmd, &ev->opcode);
67
68         if (sock_queue_rcv_skb(sk, skb) < 0)
69                 kfree_skb(skb);
70
71         return 0;
72 }
73
74 static int cmd_complete(struct sock *sk, u16 index, u16 cmd, void *rp,
75                                                                 size_t rp_len)
76 {
77         struct sk_buff *skb;
78         struct mgmt_hdr *hdr;
79         struct mgmt_ev_cmd_complete *ev;
80
81         BT_DBG("sock %p", sk);
82
83         skb = alloc_skb(sizeof(*hdr) + sizeof(*ev) + rp_len, GFP_ATOMIC);
84         if (!skb)
85                 return -ENOMEM;
86
87         hdr = (void *) skb_put(skb, sizeof(*hdr));
88
89         hdr->opcode = cpu_to_le16(MGMT_EV_CMD_COMPLETE);
90         hdr->index = cpu_to_le16(index);
91         hdr->len = cpu_to_le16(sizeof(*ev) + rp_len);
92
93         ev = (void *) skb_put(skb, sizeof(*ev) + rp_len);
94         put_unaligned_le16(cmd, &ev->opcode);
95
96         if (rp)
97                 memcpy(ev->data, rp, rp_len);
98
99         if (sock_queue_rcv_skb(sk, skb) < 0)
100                 kfree_skb(skb);
101
102         return 0;
103 }
104
105 static int read_version(struct sock *sk)
106 {
107         struct mgmt_rp_read_version rp;
108
109         BT_DBG("sock %p", sk);
110
111         rp.version = MGMT_VERSION;
112         put_unaligned_le16(MGMT_REVISION, &rp.revision);
113
114         return cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, &rp,
115                                                                 sizeof(rp));
116 }
117
118 static int read_index_list(struct sock *sk)
119 {
120         struct mgmt_rp_read_index_list *rp;
121         struct list_head *p;
122         size_t rp_len;
123         u16 count;
124         int i, err;
125
126         BT_DBG("sock %p", sk);
127
128         read_lock(&hci_dev_list_lock);
129
130         count = 0;
131         list_for_each(p, &hci_dev_list) {
132                 count++;
133         }
134
135         rp_len = sizeof(*rp) + (2 * count);
136         rp = kmalloc(rp_len, GFP_ATOMIC);
137         if (!rp) {
138                 read_unlock(&hci_dev_list_lock);
139                 return -ENOMEM;
140         }
141
142         put_unaligned_le16(count, &rp->num_controllers);
143
144         i = 0;
145         list_for_each(p, &hci_dev_list) {
146                 struct hci_dev *d = list_entry(p, struct hci_dev, list);
147
148                 hci_del_off_timer(d);
149
150                 set_bit(HCI_MGMT, &d->flags);
151
152                 if (test_bit(HCI_SETUP, &d->flags))
153                         continue;
154
155                 put_unaligned_le16(d->id, &rp->index[i++]);
156                 BT_DBG("Added hci%u", d->id);
157         }
158
159         read_unlock(&hci_dev_list_lock);
160
161         err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST, rp,
162                                                                         rp_len);
163
164         kfree(rp);
165
166         return err;
167 }
168
169 static int read_controller_info(struct sock *sk, u16 index)
170 {
171         struct mgmt_rp_read_info rp;
172         struct hci_dev *hdev;
173
174         BT_DBG("sock %p hci%u", sk, index);
175
176         hdev = hci_dev_get(index);
177         if (!hdev)
178                 return cmd_status(sk, index, MGMT_OP_READ_INFO, ENODEV);
179
180         hci_del_off_timer(hdev);
181
182         hci_dev_lock(hdev);
183
184         set_bit(HCI_MGMT, &hdev->flags);
185
186         memset(&rp, 0, sizeof(rp));
187
188         rp.type = hdev->dev_type;
189
190         rp.powered = test_bit(HCI_UP, &hdev->flags);
191         rp.connectable = test_bit(HCI_PSCAN, &hdev->flags);
192         rp.discoverable = test_bit(HCI_ISCAN, &hdev->flags);
193         rp.pairable = test_bit(HCI_PSCAN, &hdev->flags);
194
195         if (test_bit(HCI_AUTH, &hdev->flags))
196                 rp.sec_mode = 3;
197         else if (hdev->ssp_mode > 0)
198                 rp.sec_mode = 4;
199         else
200                 rp.sec_mode = 2;
201
202         bacpy(&rp.bdaddr, &hdev->bdaddr);
203         memcpy(rp.features, hdev->features, 8);
204         memcpy(rp.dev_class, hdev->dev_class, 3);
205         put_unaligned_le16(hdev->manufacturer, &rp.manufacturer);
206         rp.hci_ver = hdev->hci_ver;
207         put_unaligned_le16(hdev->hci_rev, &rp.hci_rev);
208
209         memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name));
210
211         hci_dev_unlock(hdev);
212         hci_dev_put(hdev);
213
214         return cmd_complete(sk, index, MGMT_OP_READ_INFO, &rp, sizeof(rp));
215 }
216
217 static void mgmt_pending_free(struct pending_cmd *cmd)
218 {
219         sock_put(cmd->sk);
220         kfree(cmd->param);
221         kfree(cmd);
222 }
223
224 static struct pending_cmd *mgmt_pending_add(struct sock *sk, u16 opcode,
225                                                 u16 index, void *data, u16 len)
226 {
227         struct pending_cmd *cmd;
228
229         cmd = kmalloc(sizeof(*cmd), GFP_ATOMIC);
230         if (!cmd)
231                 return NULL;
232
233         cmd->opcode = opcode;
234         cmd->index = index;
235
236         cmd->param = kmalloc(len, GFP_ATOMIC);
237         if (!cmd->param) {
238                 kfree(cmd);
239                 return NULL;
240         }
241
242         if (data)
243                 memcpy(cmd->param, data, len);
244
245         cmd->sk = sk;
246         sock_hold(sk);
247
248         list_add(&cmd->list, &cmd_list);
249
250         return cmd;
251 }
252
253 static void mgmt_pending_foreach(u16 opcode, int index,
254                                 void (*cb)(struct pending_cmd *cmd, void *data),
255                                 void *data)
256 {
257         struct list_head *p, *n;
258
259         list_for_each_safe(p, n, &cmd_list) {
260                 struct pending_cmd *cmd;
261
262                 cmd = list_entry(p, struct pending_cmd, list);
263
264                 if (cmd->opcode != opcode)
265                         continue;
266
267                 if (index >= 0 && cmd->index != index)
268                         continue;
269
270                 cb(cmd, data);
271         }
272 }
273
274 static struct pending_cmd *mgmt_pending_find(u16 opcode, int index)
275 {
276         struct list_head *p;
277
278         list_for_each(p, &cmd_list) {
279                 struct pending_cmd *cmd;
280
281                 cmd = list_entry(p, struct pending_cmd, list);
282
283                 if (cmd->opcode != opcode)
284                         continue;
285
286                 if (index >= 0 && cmd->index != index)
287                         continue;
288
289                 return cmd;
290         }
291
292         return NULL;
293 }
294
295 static void mgmt_pending_remove(struct pending_cmd *cmd)
296 {
297         list_del(&cmd->list);
298         mgmt_pending_free(cmd);
299 }
300
301 static int set_powered(struct sock *sk, u16 index, unsigned char *data, u16 len)
302 {
303         struct mgmt_mode *cp;
304         struct hci_dev *hdev;
305         struct pending_cmd *cmd;
306         int err, up;
307
308         cp = (void *) data;
309
310         BT_DBG("request for hci%u", index);
311
312         if (len != sizeof(*cp))
313                 return cmd_status(sk, index, MGMT_OP_SET_POWERED, EINVAL);
314
315         hdev = hci_dev_get(index);
316         if (!hdev)
317                 return cmd_status(sk, index, MGMT_OP_SET_POWERED, ENODEV);
318
319         hci_dev_lock(hdev);
320
321         up = test_bit(HCI_UP, &hdev->flags);
322         if ((cp->val && up) || (!cp->val && !up)) {
323                 err = cmd_status(sk, index, MGMT_OP_SET_POWERED, EALREADY);
324                 goto failed;
325         }
326
327         if (mgmt_pending_find(MGMT_OP_SET_POWERED, index)) {
328                 err = cmd_status(sk, index, MGMT_OP_SET_POWERED, EBUSY);
329                 goto failed;
330         }
331
332         cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, index, data, len);
333         if (!cmd) {
334                 err = -ENOMEM;
335                 goto failed;
336         }
337
338         if (cp->val)
339                 queue_work(hdev->workqueue, &hdev->power_on);
340         else
341                 queue_work(hdev->workqueue, &hdev->power_off);
342
343         err = 0;
344
345 failed:
346         hci_dev_unlock(hdev);
347         hci_dev_put(hdev);
348         return err;
349 }
350
351 static int set_discoverable(struct sock *sk, u16 index, unsigned char *data,
352                                                                         u16 len)
353 {
354         struct mgmt_mode *cp;
355         struct hci_dev *hdev;
356         struct pending_cmd *cmd;
357         u8 scan;
358         int err;
359
360         cp = (void *) data;
361
362         BT_DBG("request for hci%u", index);
363
364         if (len != sizeof(*cp))
365                 return cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE, EINVAL);
366
367         hdev = hci_dev_get(index);
368         if (!hdev)
369                 return cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE, ENODEV);
370
371         hci_dev_lock(hdev);
372
373         if (!test_bit(HCI_UP, &hdev->flags)) {
374                 err = cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE, ENETDOWN);
375                 goto failed;
376         }
377
378         if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, index) ||
379                         mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, index)) {
380                 err = cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE, EBUSY);
381                 goto failed;
382         }
383
384         if (cp->val == test_bit(HCI_ISCAN, &hdev->flags) &&
385                                         test_bit(HCI_PSCAN, &hdev->flags)) {
386                 err = cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE, EALREADY);
387                 goto failed;
388         }
389
390         cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, index, data, len);
391         if (!cmd) {
392                 err = -ENOMEM;
393                 goto failed;
394         }
395
396         scan = SCAN_PAGE;
397
398         if (cp->val)
399                 scan |= SCAN_INQUIRY;
400
401         err = hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
402         if (err < 0)
403                 mgmt_pending_remove(cmd);
404
405 failed:
406         hci_dev_unlock(hdev);
407         hci_dev_put(hdev);
408
409         return err;
410 }
411
412 static int set_connectable(struct sock *sk, u16 index, unsigned char *data,
413                                                                         u16 len)
414 {
415         struct mgmt_mode *cp;
416         struct hci_dev *hdev;
417         struct pending_cmd *cmd;
418         u8 scan;
419         int err;
420
421         cp = (void *) data;
422
423         BT_DBG("request for hci%u", index);
424
425         if (len != sizeof(*cp))
426                 return cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE, EINVAL);
427
428         hdev = hci_dev_get(index);
429         if (!hdev)
430                 return cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE, ENODEV);
431
432         hci_dev_lock(hdev);
433
434         if (!test_bit(HCI_UP, &hdev->flags)) {
435                 err = cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE, ENETDOWN);
436                 goto failed;
437         }
438
439         if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, index) ||
440                         mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, index)) {
441                 err = cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE, EBUSY);
442                 goto failed;
443         }
444
445         if (cp->val == test_bit(HCI_PSCAN, &hdev->flags)) {
446                 err = cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE, EALREADY);
447                 goto failed;
448         }
449
450         cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, index, data, len);
451         if (!cmd) {
452                 err = -ENOMEM;
453                 goto failed;
454         }
455
456         if (cp->val)
457                 scan = SCAN_PAGE;
458         else
459                 scan = 0;
460
461         err = hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
462         if (err < 0)
463                 mgmt_pending_remove(cmd);
464
465 failed:
466         hci_dev_unlock(hdev);
467         hci_dev_put(hdev);
468
469         return err;
470 }
471
472 static int mgmt_event(u16 event, u16 index, void *data, u16 data_len,
473                                                         struct sock *skip_sk)
474 {
475         struct sk_buff *skb;
476         struct mgmt_hdr *hdr;
477
478         skb = alloc_skb(sizeof(*hdr) + data_len, GFP_ATOMIC);
479         if (!skb)
480                 return -ENOMEM;
481
482         bt_cb(skb)->channel = HCI_CHANNEL_CONTROL;
483
484         hdr = (void *) skb_put(skb, sizeof(*hdr));
485         hdr->opcode = cpu_to_le16(event);
486         hdr->index = cpu_to_le16(index);
487         hdr->len = cpu_to_le16(data_len);
488
489         if (data)
490                 memcpy(skb_put(skb, data_len), data, data_len);
491
492         hci_send_to_sock(NULL, skb, skip_sk);
493         kfree_skb(skb);
494
495         return 0;
496 }
497
498 static int send_mode_rsp(struct sock *sk, u16 opcode, u16 index, u8 val)
499 {
500         struct mgmt_mode rp;
501
502         rp.val = val;
503
504         return cmd_complete(sk, index, opcode, &rp, sizeof(rp));
505 }
506
507 static int set_pairable(struct sock *sk, u16 index, unsigned char *data,
508                                                                         u16 len)
509 {
510         struct mgmt_mode *cp, ev;
511         struct hci_dev *hdev;
512         int err;
513
514         cp = (void *) data;
515
516         BT_DBG("request for hci%u", index);
517
518         if (len != sizeof(*cp))
519                 return cmd_status(sk, index, MGMT_OP_SET_PAIRABLE, EINVAL);
520
521         hdev = hci_dev_get(index);
522         if (!hdev)
523                 return cmd_status(sk, index, MGMT_OP_SET_PAIRABLE, ENODEV);
524
525         hci_dev_lock(hdev);
526
527         if (cp->val)
528                 set_bit(HCI_PAIRABLE, &hdev->flags);
529         else
530                 clear_bit(HCI_PAIRABLE, &hdev->flags);
531
532         err = send_mode_rsp(sk, MGMT_OP_SET_PAIRABLE, index, cp->val);
533         if (err < 0)
534                 goto failed;
535
536         ev.val = cp->val;
537
538         err = mgmt_event(MGMT_EV_PAIRABLE, index, &ev, sizeof(ev), sk);
539
540 failed:
541         hci_dev_unlock(hdev);
542         hci_dev_put(hdev);
543
544         return err;
545 }
546
547 #define EIR_FLAGS               0x01 /* flags */
548 #define EIR_UUID16_SOME         0x02 /* 16-bit UUID, more available */
549 #define EIR_UUID16_ALL          0x03 /* 16-bit UUID, all listed */
550 #define EIR_UUID32_SOME         0x04 /* 32-bit UUID, more available */
551 #define EIR_UUID32_ALL          0x05 /* 32-bit UUID, all listed */
552 #define EIR_UUID128_SOME        0x06 /* 128-bit UUID, more available */
553 #define EIR_UUID128_ALL         0x07 /* 128-bit UUID, all listed */
554 #define EIR_NAME_SHORT          0x08 /* shortened local name */
555 #define EIR_NAME_COMPLETE       0x09 /* complete local name */
556 #define EIR_TX_POWER            0x0A /* transmit power level */
557 #define EIR_DEVICE_ID           0x10 /* device ID */
558
559 #define PNP_INFO_SVCLASS_ID             0x1200
560
561 static u8 bluetooth_base_uuid[] = {
562                         0xFB, 0x34, 0x9B, 0x5F, 0x80, 0x00, 0x00, 0x80,
563                         0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
564 };
565
566 static u16 get_uuid16(u8 *uuid128)
567 {
568         u32 val;
569         int i;
570
571         for (i = 0; i < 12; i++) {
572                 if (bluetooth_base_uuid[i] != uuid128[i])
573                         return 0;
574         }
575
576         memcpy(&val, &uuid128[12], 4);
577
578         val = le32_to_cpu(val);
579         if (val > 0xffff)
580                 return 0;
581
582         return (u16) val;
583 }
584
585 static void create_eir(struct hci_dev *hdev, u8 *data)
586 {
587         u8 *ptr = data;
588         u16 eir_len = 0;
589         u16 uuid16_list[HCI_MAX_EIR_LENGTH / sizeof(u16)];
590         int i, truncated = 0;
591         struct list_head *p;
592         size_t name_len;
593
594         name_len = strlen(hdev->dev_name);
595
596         if (name_len > 0) {
597                 /* EIR Data type */
598                 if (name_len > 48) {
599                         name_len = 48;
600                         ptr[1] = EIR_NAME_SHORT;
601                 } else
602                         ptr[1] = EIR_NAME_COMPLETE;
603
604                 /* EIR Data length */
605                 ptr[0] = name_len + 1;
606
607                 memcpy(ptr + 2, hdev->dev_name, name_len);
608
609                 eir_len += (name_len + 2);
610                 ptr += (name_len + 2);
611         }
612
613         memset(uuid16_list, 0, sizeof(uuid16_list));
614
615         /* Group all UUID16 types */
616         list_for_each(p, &hdev->uuids) {
617                 struct bt_uuid *uuid = list_entry(p, struct bt_uuid, list);
618                 u16 uuid16;
619
620                 uuid16 = get_uuid16(uuid->uuid);
621                 if (uuid16 == 0)
622                         return;
623
624                 if (uuid16 < 0x1100)
625                         continue;
626
627                 if (uuid16 == PNP_INFO_SVCLASS_ID)
628                         continue;
629
630                 /* Stop if not enough space to put next UUID */
631                 if (eir_len + 2 + sizeof(u16) > HCI_MAX_EIR_LENGTH) {
632                         truncated = 1;
633                         break;
634                 }
635
636                 /* Check for duplicates */
637                 for (i = 0; uuid16_list[i] != 0; i++)
638                         if (uuid16_list[i] == uuid16)
639                                 break;
640
641                 if (uuid16_list[i] == 0) {
642                         uuid16_list[i] = uuid16;
643                         eir_len += sizeof(u16);
644                 }
645         }
646
647         if (uuid16_list[0] != 0) {
648                 u8 *length = ptr;
649
650                 /* EIR Data type */
651                 ptr[1] = truncated ? EIR_UUID16_SOME : EIR_UUID16_ALL;
652
653                 ptr += 2;
654                 eir_len += 2;
655
656                 for (i = 0; uuid16_list[i] != 0; i++) {
657                         *ptr++ = (uuid16_list[i] & 0x00ff);
658                         *ptr++ = (uuid16_list[i] & 0xff00) >> 8;
659                 }
660
661                 /* EIR Data length */
662                 *length = (i * sizeof(u16)) + 1;
663         }
664 }
665
666 static int update_eir(struct hci_dev *hdev)
667 {
668         struct hci_cp_write_eir cp;
669
670         if (!(hdev->features[6] & LMP_EXT_INQ))
671                 return 0;
672
673         if (hdev->ssp_mode == 0)
674                 return 0;
675
676         if (test_bit(HCI_SERVICE_CACHE, &hdev->flags))
677                 return 0;
678
679         memset(&cp, 0, sizeof(cp));
680
681         create_eir(hdev, cp.data);
682
683         if (memcmp(cp.data, hdev->eir, sizeof(cp.data)) == 0)
684                 return 0;
685
686         memcpy(hdev->eir, cp.data, sizeof(cp.data));
687
688         return hci_send_cmd(hdev, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
689 }
690
691 static u8 get_service_classes(struct hci_dev *hdev)
692 {
693         struct list_head *p;
694         u8 val = 0;
695
696         list_for_each(p, &hdev->uuids) {
697                 struct bt_uuid *uuid = list_entry(p, struct bt_uuid, list);
698
699                 val |= uuid->svc_hint;
700         }
701
702         return val;
703 }
704
705 static int update_class(struct hci_dev *hdev)
706 {
707         u8 cod[3];
708
709         BT_DBG("%s", hdev->name);
710
711         if (test_bit(HCI_SERVICE_CACHE, &hdev->flags))
712                 return 0;
713
714         cod[0] = hdev->minor_class;
715         cod[1] = hdev->major_class;
716         cod[2] = get_service_classes(hdev);
717
718         if (memcmp(cod, hdev->dev_class, 3) == 0)
719                 return 0;
720
721         return hci_send_cmd(hdev, HCI_OP_WRITE_CLASS_OF_DEV, sizeof(cod), cod);
722 }
723
724 static int add_uuid(struct sock *sk, u16 index, unsigned char *data, u16 len)
725 {
726         struct mgmt_cp_add_uuid *cp;
727         struct hci_dev *hdev;
728         struct bt_uuid *uuid;
729         int err;
730
731         cp = (void *) data;
732
733         BT_DBG("request for hci%u", index);
734
735         if (len != sizeof(*cp))
736                 return cmd_status(sk, index, MGMT_OP_ADD_UUID, EINVAL);
737
738         hdev = hci_dev_get(index);
739         if (!hdev)
740                 return cmd_status(sk, index, MGMT_OP_ADD_UUID, ENODEV);
741
742         hci_dev_lock(hdev);
743
744         uuid = kmalloc(sizeof(*uuid), GFP_ATOMIC);
745         if (!uuid) {
746                 err = -ENOMEM;
747                 goto failed;
748         }
749
750         memcpy(uuid->uuid, cp->uuid, 16);
751         uuid->svc_hint = cp->svc_hint;
752
753         list_add(&uuid->list, &hdev->uuids);
754
755         err = update_class(hdev);
756         if (err < 0)
757                 goto failed;
758
759         err = update_eir(hdev);
760         if (err < 0)
761                 goto failed;
762
763         err = cmd_complete(sk, index, MGMT_OP_ADD_UUID, NULL, 0);
764
765 failed:
766         hci_dev_unlock(hdev);
767         hci_dev_put(hdev);
768
769         return err;
770 }
771
772 static int remove_uuid(struct sock *sk, u16 index, unsigned char *data, u16 len)
773 {
774         struct list_head *p, *n;
775         struct mgmt_cp_remove_uuid *cp;
776         struct hci_dev *hdev;
777         u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
778         int err, found;
779
780         cp = (void *) data;
781
782         BT_DBG("request for hci%u", index);
783
784         if (len != sizeof(*cp))
785                 return cmd_status(sk, index, MGMT_OP_REMOVE_UUID, EINVAL);
786
787         hdev = hci_dev_get(index);
788         if (!hdev)
789                 return cmd_status(sk, index, MGMT_OP_REMOVE_UUID, ENODEV);
790
791         hci_dev_lock(hdev);
792
793         if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) {
794                 err = hci_uuids_clear(hdev);
795                 goto unlock;
796         }
797
798         found = 0;
799
800         list_for_each_safe(p, n, &hdev->uuids) {
801                 struct bt_uuid *match = list_entry(p, struct bt_uuid, list);
802
803                 if (memcmp(match->uuid, cp->uuid, 16) != 0)
804                         continue;
805
806                 list_del(&match->list);
807                 found++;
808         }
809
810         if (found == 0) {
811                 err = cmd_status(sk, index, MGMT_OP_REMOVE_UUID, ENOENT);
812                 goto unlock;
813         }
814
815         err = update_class(hdev);
816         if (err < 0)
817                 goto unlock;
818
819         err = update_eir(hdev);
820         if (err < 0)
821                 goto unlock;
822
823         err = cmd_complete(sk, index, MGMT_OP_REMOVE_UUID, NULL, 0);
824
825 unlock:
826         hci_dev_unlock(hdev);
827         hci_dev_put(hdev);
828
829         return err;
830 }
831
832 static int set_dev_class(struct sock *sk, u16 index, unsigned char *data,
833                                                                         u16 len)
834 {
835         struct hci_dev *hdev;
836         struct mgmt_cp_set_dev_class *cp;
837         int err;
838
839         cp = (void *) data;
840
841         BT_DBG("request for hci%u", index);
842
843         if (len != sizeof(*cp))
844                 return cmd_status(sk, index, MGMT_OP_SET_DEV_CLASS, EINVAL);
845
846         hdev = hci_dev_get(index);
847         if (!hdev)
848                 return cmd_status(sk, index, MGMT_OP_SET_DEV_CLASS, ENODEV);
849
850         hci_dev_lock(hdev);
851
852         hdev->major_class = cp->major;
853         hdev->minor_class = cp->minor;
854
855         err = update_class(hdev);
856
857         if (err == 0)
858                 err = cmd_complete(sk, index, MGMT_OP_SET_DEV_CLASS, NULL, 0);
859
860         hci_dev_unlock(hdev);
861         hci_dev_put(hdev);
862
863         return err;
864 }
865
866 static int set_service_cache(struct sock *sk, u16 index,  unsigned char *data,
867                                                                         u16 len)
868 {
869         struct hci_dev *hdev;
870         struct mgmt_cp_set_service_cache *cp;
871         int err;
872
873         cp = (void *) data;
874
875         if (len != sizeof(*cp))
876                 return cmd_status(sk, index, MGMT_OP_SET_SERVICE_CACHE, EINVAL);
877
878         hdev = hci_dev_get(index);
879         if (!hdev)
880                 return cmd_status(sk, index, MGMT_OP_SET_SERVICE_CACHE, ENODEV);
881
882         hci_dev_lock(hdev);
883
884         BT_DBG("hci%u enable %d", index, cp->enable);
885
886         if (cp->enable) {
887                 set_bit(HCI_SERVICE_CACHE, &hdev->flags);
888                 err = 0;
889         } else {
890                 clear_bit(HCI_SERVICE_CACHE, &hdev->flags);
891                 err = update_class(hdev);
892                 if (err == 0)
893                         err = update_eir(hdev);
894         }
895
896         if (err == 0)
897                 err = cmd_complete(sk, index, MGMT_OP_SET_SERVICE_CACHE, NULL,
898                                                                         0);
899
900         hci_dev_unlock(hdev);
901         hci_dev_put(hdev);
902
903         return err;
904 }
905
906 static int load_keys(struct sock *sk, u16 index, unsigned char *data, u16 len)
907 {
908         struct hci_dev *hdev;
909         struct mgmt_cp_load_keys *cp;
910         u16 key_count, expected_len;
911         int i;
912
913         cp = (void *) data;
914
915         if (len < sizeof(*cp))
916                 return -EINVAL;
917
918         key_count = get_unaligned_le16(&cp->key_count);
919
920         expected_len = sizeof(*cp) + key_count * sizeof(struct mgmt_key_info);
921         if (expected_len != len) {
922                 BT_ERR("load_keys: expected %u bytes, got %u bytes",
923                                                         len, expected_len);
924                 return -EINVAL;
925         }
926
927         hdev = hci_dev_get(index);
928         if (!hdev)
929                 return cmd_status(sk, index, MGMT_OP_LOAD_KEYS, ENODEV);
930
931         BT_DBG("hci%u debug_keys %u key_count %u", index, cp->debug_keys,
932                                                                 key_count);
933
934         hci_dev_lock(hdev);
935
936         hci_link_keys_clear(hdev);
937
938         set_bit(HCI_LINK_KEYS, &hdev->flags);
939
940         if (cp->debug_keys)
941                 set_bit(HCI_DEBUG_KEYS, &hdev->flags);
942         else
943                 clear_bit(HCI_DEBUG_KEYS, &hdev->flags);
944
945         for (i = 0; i < key_count; i++) {
946                 struct mgmt_key_info *key = &cp->keys[i];
947
948                 hci_add_link_key(hdev, NULL, 0, &key->bdaddr, key->val, key->type,
949                                                                 key->pin_len);
950         }
951
952         hci_dev_unlock(hdev);
953         hci_dev_put(hdev);
954
955         return 0;
956 }
957
958 static int remove_key(struct sock *sk, u16 index, unsigned char *data, u16 len)
959 {
960         struct hci_dev *hdev;
961         struct mgmt_cp_remove_key *cp;
962         struct hci_conn *conn;
963         int err;
964
965         cp = (void *) data;
966
967         if (len != sizeof(*cp))
968                 return cmd_status(sk, index, MGMT_OP_REMOVE_KEY, EINVAL);
969
970         hdev = hci_dev_get(index);
971         if (!hdev)
972                 return cmd_status(sk, index, MGMT_OP_REMOVE_KEY, ENODEV);
973
974         hci_dev_lock(hdev);
975
976         err = hci_remove_link_key(hdev, &cp->bdaddr);
977         if (err < 0) {
978                 err = cmd_status(sk, index, MGMT_OP_REMOVE_KEY, -err);
979                 goto unlock;
980         }
981
982         err = 0;
983
984         if (!test_bit(HCI_UP, &hdev->flags) || !cp->disconnect)
985                 goto unlock;
986
987         conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
988         if (conn) {
989                 struct hci_cp_disconnect dc;
990
991                 put_unaligned_le16(conn->handle, &dc.handle);
992                 dc.reason = 0x13; /* Remote User Terminated Connection */
993                 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, 0, NULL);
994         }
995
996 unlock:
997         hci_dev_unlock(hdev);
998         hci_dev_put(hdev);
999
1000         return err;
1001 }
1002
1003 static int disconnect(struct sock *sk, u16 index, unsigned char *data, u16 len)
1004 {
1005         struct hci_dev *hdev;
1006         struct mgmt_cp_disconnect *cp;
1007         struct hci_cp_disconnect dc;
1008         struct pending_cmd *cmd;
1009         struct hci_conn *conn;
1010         int err;
1011
1012         BT_DBG("");
1013
1014         cp = (void *) data;
1015
1016         if (len != sizeof(*cp))
1017                 return cmd_status(sk, index, MGMT_OP_DISCONNECT, EINVAL);
1018
1019         hdev = hci_dev_get(index);
1020         if (!hdev)
1021                 return cmd_status(sk, index, MGMT_OP_DISCONNECT, ENODEV);
1022
1023         hci_dev_lock(hdev);
1024
1025         if (!test_bit(HCI_UP, &hdev->flags)) {
1026                 err = cmd_status(sk, index, MGMT_OP_DISCONNECT, ENETDOWN);
1027                 goto failed;
1028         }
1029
1030         if (mgmt_pending_find(MGMT_OP_DISCONNECT, index)) {
1031                 err = cmd_status(sk, index, MGMT_OP_DISCONNECT, EBUSY);
1032                 goto failed;
1033         }
1034
1035         conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1036         if (!conn)
1037                 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->bdaddr);
1038
1039         if (!conn) {
1040                 err = cmd_status(sk, index, MGMT_OP_DISCONNECT, ENOTCONN);
1041                 goto failed;
1042         }
1043
1044         cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, index, data, len);
1045         if (!cmd) {
1046                 err = -ENOMEM;
1047                 goto failed;
1048         }
1049
1050         put_unaligned_le16(conn->handle, &dc.handle);
1051         dc.reason = 0x13; /* Remote User Terminated Connection */
1052
1053         err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1054         if (err < 0)
1055                 mgmt_pending_remove(cmd);
1056
1057 failed:
1058         hci_dev_unlock(hdev);
1059         hci_dev_put(hdev);
1060
1061         return err;
1062 }
1063
1064 static int get_connections(struct sock *sk, u16 index)
1065 {
1066         struct mgmt_rp_get_connections *rp;
1067         struct hci_dev *hdev;
1068         struct list_head *p;
1069         size_t rp_len;
1070         u16 count;
1071         int i, err;
1072
1073         BT_DBG("");
1074
1075         hdev = hci_dev_get(index);
1076         if (!hdev)
1077                 return cmd_status(sk, index, MGMT_OP_GET_CONNECTIONS, ENODEV);
1078
1079         hci_dev_lock(hdev);
1080
1081         count = 0;
1082         list_for_each(p, &hdev->conn_hash.list) {
1083                 count++;
1084         }
1085
1086         rp_len = sizeof(*rp) + (count * sizeof(bdaddr_t));
1087         rp = kmalloc(rp_len, GFP_ATOMIC);
1088         if (!rp) {
1089                 err = -ENOMEM;
1090                 goto unlock;
1091         }
1092
1093         put_unaligned_le16(count, &rp->conn_count);
1094
1095         i = 0;
1096         list_for_each(p, &hdev->conn_hash.list) {
1097                 struct hci_conn *c = list_entry(p, struct hci_conn, list);
1098
1099                 bacpy(&rp->conn[i++], &c->dst);
1100         }
1101
1102         err = cmd_complete(sk, index, MGMT_OP_GET_CONNECTIONS, rp, rp_len);
1103
1104 unlock:
1105         kfree(rp);
1106         hci_dev_unlock(hdev);
1107         hci_dev_put(hdev);
1108         return err;
1109 }
1110
1111 static int send_pin_code_neg_reply(struct sock *sk, u16 index,
1112                 struct hci_dev *hdev, struct mgmt_cp_pin_code_neg_reply *cp)
1113 {
1114         struct pending_cmd *cmd;
1115         int err;
1116
1117         cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, index, cp,
1118                                                                 sizeof(*cp));
1119         if (!cmd)
1120                 return -ENOMEM;
1121
1122         err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY, sizeof(cp->bdaddr),
1123                                                                 &cp->bdaddr);
1124         if (err < 0)
1125                 mgmt_pending_remove(cmd);
1126
1127         return err;
1128 }
1129
1130 static int pin_code_reply(struct sock *sk, u16 index, unsigned char *data,
1131                                                                         u16 len)
1132 {
1133         struct hci_dev *hdev;
1134         struct hci_conn *conn;
1135         struct mgmt_cp_pin_code_reply *cp;
1136         struct mgmt_cp_pin_code_neg_reply ncp;
1137         struct hci_cp_pin_code_reply reply;
1138         struct pending_cmd *cmd;
1139         int err;
1140
1141         BT_DBG("");
1142
1143         cp = (void *) data;
1144
1145         if (len != sizeof(*cp))
1146                 return cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY, EINVAL);
1147
1148         hdev = hci_dev_get(index);
1149         if (!hdev)
1150                 return cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY, ENODEV);
1151
1152         hci_dev_lock(hdev);
1153
1154         if (!test_bit(HCI_UP, &hdev->flags)) {
1155                 err = cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY, ENETDOWN);
1156                 goto failed;
1157         }
1158
1159         conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1160         if (!conn) {
1161                 err = cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY, ENOTCONN);
1162                 goto failed;
1163         }
1164
1165         if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) {
1166                 bacpy(&ncp.bdaddr, &cp->bdaddr);
1167
1168                 BT_ERR("PIN code is not 16 bytes long");
1169
1170                 err = send_pin_code_neg_reply(sk, index, hdev, &ncp);
1171                 if (err >= 0)
1172                         err = cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY,
1173                                                                 EINVAL);
1174
1175                 goto failed;
1176         }
1177
1178         cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, index, data, len);
1179         if (!cmd) {
1180                 err = -ENOMEM;
1181                 goto failed;
1182         }
1183
1184         bacpy(&reply.bdaddr, &cp->bdaddr);
1185         reply.pin_len = cp->pin_len;
1186         memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code));
1187
1188         err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply);
1189         if (err < 0)
1190                 mgmt_pending_remove(cmd);
1191
1192 failed:
1193         hci_dev_unlock(hdev);
1194         hci_dev_put(hdev);
1195
1196         return err;
1197 }
1198
1199 static int pin_code_neg_reply(struct sock *sk, u16 index, unsigned char *data,
1200                                                                         u16 len)
1201 {
1202         struct hci_dev *hdev;
1203         struct mgmt_cp_pin_code_neg_reply *cp;
1204         int err;
1205
1206         BT_DBG("");
1207
1208         cp = (void *) data;
1209
1210         if (len != sizeof(*cp))
1211                 return cmd_status(sk, index, MGMT_OP_PIN_CODE_NEG_REPLY,
1212                                                                         EINVAL);
1213
1214         hdev = hci_dev_get(index);
1215         if (!hdev)
1216                 return cmd_status(sk, index, MGMT_OP_PIN_CODE_NEG_REPLY,
1217                                                                         ENODEV);
1218
1219         hci_dev_lock(hdev);
1220
1221         if (!test_bit(HCI_UP, &hdev->flags)) {
1222                 err = cmd_status(sk, index, MGMT_OP_PIN_CODE_NEG_REPLY,
1223                                                                 ENETDOWN);
1224                 goto failed;
1225         }
1226
1227         err = send_pin_code_neg_reply(sk, index, hdev, cp);
1228
1229 failed:
1230         hci_dev_unlock(hdev);
1231         hci_dev_put(hdev);
1232
1233         return err;
1234 }
1235
1236 static int set_io_capability(struct sock *sk, u16 index, unsigned char *data,
1237                                                                         u16 len)
1238 {
1239         struct hci_dev *hdev;
1240         struct mgmt_cp_set_io_capability *cp;
1241
1242         BT_DBG("");
1243
1244         cp = (void *) data;
1245
1246         if (len != sizeof(*cp))
1247                 return cmd_status(sk, index, MGMT_OP_SET_IO_CAPABILITY, EINVAL);
1248
1249         hdev = hci_dev_get(index);
1250         if (!hdev)
1251                 return cmd_status(sk, index, MGMT_OP_SET_IO_CAPABILITY, ENODEV);
1252
1253         hci_dev_lock(hdev);
1254
1255         hdev->io_capability = cp->io_capability;
1256
1257         BT_DBG("%s IO capability set to 0x%02x", hdev->name,
1258                                                         hdev->io_capability);
1259
1260         hci_dev_unlock(hdev);
1261         hci_dev_put(hdev);
1262
1263         return cmd_complete(sk, index, MGMT_OP_SET_IO_CAPABILITY, NULL, 0);
1264 }
1265
1266 static inline struct pending_cmd *find_pairing(struct hci_conn *conn)
1267 {
1268         struct hci_dev *hdev = conn->hdev;
1269         struct list_head *p;
1270
1271         list_for_each(p, &cmd_list) {
1272                 struct pending_cmd *cmd;
1273
1274                 cmd = list_entry(p, struct pending_cmd, list);
1275
1276                 if (cmd->opcode != MGMT_OP_PAIR_DEVICE)
1277                         continue;
1278
1279                 if (cmd->index != hdev->id)
1280                         continue;
1281
1282                 if (cmd->user_data != conn)
1283                         continue;
1284
1285                 return cmd;
1286         }
1287
1288         return NULL;
1289 }
1290
1291 static void pairing_complete(struct pending_cmd *cmd, u8 status)
1292 {
1293         struct mgmt_rp_pair_device rp;
1294         struct hci_conn *conn = cmd->user_data;
1295
1296         bacpy(&rp.bdaddr, &conn->dst);
1297         rp.status = status;
1298
1299         cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE, &rp, sizeof(rp));
1300
1301         /* So we don't get further callbacks for this connection */
1302         conn->connect_cfm_cb = NULL;
1303         conn->security_cfm_cb = NULL;
1304         conn->disconn_cfm_cb = NULL;
1305
1306         hci_conn_put(conn);
1307
1308         mgmt_pending_remove(cmd);
1309 }
1310
1311 static void pairing_complete_cb(struct hci_conn *conn, u8 status)
1312 {
1313         struct pending_cmd *cmd;
1314
1315         BT_DBG("status %u", status);
1316
1317         cmd = find_pairing(conn);
1318         if (!cmd) {
1319                 BT_DBG("Unable to find a pending command");
1320                 return;
1321         }
1322
1323         pairing_complete(cmd, status);
1324 }
1325
1326 static int pair_device(struct sock *sk, u16 index, unsigned char *data, u16 len)
1327 {
1328         struct hci_dev *hdev;
1329         struct mgmt_cp_pair_device *cp;
1330         struct pending_cmd *cmd;
1331         u8 sec_level, auth_type;
1332         struct hci_conn *conn;
1333         int err;
1334
1335         BT_DBG("");
1336
1337         cp = (void *) data;
1338
1339         if (len != sizeof(*cp))
1340                 return cmd_status(sk, index, MGMT_OP_PAIR_DEVICE, EINVAL);
1341
1342         hdev = hci_dev_get(index);
1343         if (!hdev)
1344                 return cmd_status(sk, index, MGMT_OP_PAIR_DEVICE, ENODEV);
1345
1346         hci_dev_lock(hdev);
1347
1348         if (cp->io_cap == 0x03) {
1349                 sec_level = BT_SECURITY_MEDIUM;
1350                 auth_type = HCI_AT_DEDICATED_BONDING;
1351         } else {
1352                 sec_level = BT_SECURITY_HIGH;
1353                 auth_type = HCI_AT_DEDICATED_BONDING_MITM;
1354         }
1355
1356         conn = hci_connect(hdev, ACL_LINK, &cp->bdaddr, sec_level, auth_type);
1357         if (IS_ERR(conn)) {
1358                 err = PTR_ERR(conn);
1359                 goto unlock;
1360         }
1361
1362         if (conn->connect_cfm_cb) {
1363                 hci_conn_put(conn);
1364                 err = cmd_status(sk, index, MGMT_OP_PAIR_DEVICE, EBUSY);
1365                 goto unlock;
1366         }
1367
1368         cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, index, data, len);
1369         if (!cmd) {
1370                 err = -ENOMEM;
1371                 hci_conn_put(conn);
1372                 goto unlock;
1373         }
1374
1375         conn->connect_cfm_cb = pairing_complete_cb;
1376         conn->security_cfm_cb = pairing_complete_cb;
1377         conn->disconn_cfm_cb = pairing_complete_cb;
1378         conn->io_capability = cp->io_cap;
1379         cmd->user_data = conn;
1380
1381         if (conn->state == BT_CONNECTED &&
1382                                 hci_conn_security(conn, sec_level, auth_type))
1383                 pairing_complete(cmd, 0);
1384
1385         err = 0;
1386
1387 unlock:
1388         hci_dev_unlock(hdev);
1389         hci_dev_put(hdev);
1390
1391         return err;
1392 }
1393
1394 static int user_confirm_reply(struct sock *sk, u16 index, unsigned char *data,
1395                                                         u16 len, int success)
1396 {
1397         struct mgmt_cp_user_confirm_reply *cp = (void *) data;
1398         u16 mgmt_op, hci_op;
1399         struct pending_cmd *cmd;
1400         struct hci_dev *hdev;
1401         int err;
1402
1403         BT_DBG("");
1404
1405         if (success) {
1406                 mgmt_op = MGMT_OP_USER_CONFIRM_REPLY;
1407                 hci_op = HCI_OP_USER_CONFIRM_REPLY;
1408         } else {
1409                 mgmt_op = MGMT_OP_USER_CONFIRM_NEG_REPLY;
1410                 hci_op = HCI_OP_USER_CONFIRM_NEG_REPLY;
1411         }
1412
1413         if (len != sizeof(*cp))
1414                 return cmd_status(sk, index, mgmt_op, EINVAL);
1415
1416         hdev = hci_dev_get(index);
1417         if (!hdev)
1418                 return cmd_status(sk, index, mgmt_op, ENODEV);
1419
1420         hci_dev_lock(hdev);
1421
1422         if (!test_bit(HCI_UP, &hdev->flags)) {
1423                 err = cmd_status(sk, index, mgmt_op, ENETDOWN);
1424                 goto failed;
1425         }
1426
1427         cmd = mgmt_pending_add(sk, mgmt_op, index, data, len);
1428         if (!cmd) {
1429                 err = -ENOMEM;
1430                 goto failed;
1431         }
1432
1433         err = hci_send_cmd(hdev, hci_op, sizeof(cp->bdaddr), &cp->bdaddr);
1434         if (err < 0)
1435                 mgmt_pending_remove(cmd);
1436
1437 failed:
1438         hci_dev_unlock(hdev);
1439         hci_dev_put(hdev);
1440
1441         return err;
1442 }
1443
1444 static int set_local_name(struct sock *sk, u16 index, unsigned char *data,
1445                                                                 u16 len)
1446 {
1447         struct mgmt_cp_set_local_name *mgmt_cp = (void *) data;
1448         struct hci_cp_write_local_name hci_cp;
1449         struct hci_dev *hdev;
1450         struct pending_cmd *cmd;
1451         int err;
1452
1453         BT_DBG("");
1454
1455         if (len != sizeof(*mgmt_cp))
1456                 return cmd_status(sk, index, MGMT_OP_SET_LOCAL_NAME, EINVAL);
1457
1458         hdev = hci_dev_get(index);
1459         if (!hdev)
1460                 return cmd_status(sk, index, MGMT_OP_SET_LOCAL_NAME, ENODEV);
1461
1462         hci_dev_lock(hdev);
1463
1464         cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, index, data, len);
1465         if (!cmd) {
1466                 err = -ENOMEM;
1467                 goto failed;
1468         }
1469
1470         memcpy(hci_cp.name, mgmt_cp->name, sizeof(hci_cp.name));
1471         err = hci_send_cmd(hdev, HCI_OP_WRITE_LOCAL_NAME, sizeof(hci_cp),
1472                                                                 &hci_cp);
1473         if (err < 0)
1474                 mgmt_pending_remove(cmd);
1475
1476 failed:
1477         hci_dev_unlock(hdev);
1478         hci_dev_put(hdev);
1479
1480         return err;
1481 }
1482
1483 static int read_local_oob_data(struct sock *sk, u16 index)
1484 {
1485         struct hci_dev *hdev;
1486         struct pending_cmd *cmd;
1487         int err;
1488
1489         BT_DBG("hci%u", index);
1490
1491         hdev = hci_dev_get(index);
1492         if (!hdev)
1493                 return cmd_status(sk, index, MGMT_OP_READ_LOCAL_OOB_DATA,
1494                                                                         ENODEV);
1495
1496         hci_dev_lock(hdev);
1497
1498         if (!test_bit(HCI_UP, &hdev->flags)) {
1499                 err = cmd_status(sk, index, MGMT_OP_READ_LOCAL_OOB_DATA,
1500                                                                 ENETDOWN);
1501                 goto unlock;
1502         }
1503
1504         if (!(hdev->features[6] & LMP_SIMPLE_PAIR)) {
1505                 err = cmd_status(sk, index, MGMT_OP_READ_LOCAL_OOB_DATA,
1506                                                                 EOPNOTSUPP);
1507                 goto unlock;
1508         }
1509
1510         if (mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, index)) {
1511                 err = cmd_status(sk, index, MGMT_OP_READ_LOCAL_OOB_DATA, EBUSY);
1512                 goto unlock;
1513         }
1514
1515         cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_DATA, index, NULL, 0);
1516         if (!cmd) {
1517                 err = -ENOMEM;
1518                 goto unlock;
1519         }
1520
1521         err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
1522         if (err < 0)
1523                 mgmt_pending_remove(cmd);
1524
1525 unlock:
1526         hci_dev_unlock(hdev);
1527         hci_dev_put(hdev);
1528
1529         return err;
1530 }
1531
1532 static int add_remote_oob_data(struct sock *sk, u16 index, unsigned char *data,
1533                                                                         u16 len)
1534 {
1535         struct hci_dev *hdev;
1536         struct mgmt_cp_add_remote_oob_data *cp = (void *) data;
1537         int err;
1538
1539         BT_DBG("hci%u ", index);
1540
1541         if (len != sizeof(*cp))
1542                 return cmd_status(sk, index, MGMT_OP_ADD_REMOTE_OOB_DATA,
1543                                                                         EINVAL);
1544
1545         hdev = hci_dev_get(index);
1546         if (!hdev)
1547                 return cmd_status(sk, index, MGMT_OP_ADD_REMOTE_OOB_DATA,
1548                                                                         ENODEV);
1549
1550         hci_dev_lock(hdev);
1551
1552         err = hci_add_remote_oob_data(hdev, &cp->bdaddr, cp->hash,
1553                                                                 cp->randomizer);
1554         if (err < 0)
1555                 err = cmd_status(sk, index, MGMT_OP_ADD_REMOTE_OOB_DATA, -err);
1556         else
1557                 err = cmd_complete(sk, index, MGMT_OP_ADD_REMOTE_OOB_DATA, NULL,
1558                                                                         0);
1559
1560         hci_dev_unlock(hdev);
1561         hci_dev_put(hdev);
1562
1563         return err;
1564 }
1565
1566 static int remove_remote_oob_data(struct sock *sk, u16 index,
1567                                                 unsigned char *data, u16 len)
1568 {
1569         struct hci_dev *hdev;
1570         struct mgmt_cp_remove_remote_oob_data *cp = (void *) data;
1571         int err;
1572
1573         BT_DBG("hci%u ", index);
1574
1575         if (len != sizeof(*cp))
1576                 return cmd_status(sk, index, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
1577                                                                         EINVAL);
1578
1579         hdev = hci_dev_get(index);
1580         if (!hdev)
1581                 return cmd_status(sk, index, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
1582                                                                         ENODEV);
1583
1584         hci_dev_lock(hdev);
1585
1586         err = hci_remove_remote_oob_data(hdev, &cp->bdaddr);
1587         if (err < 0)
1588                 err = cmd_status(sk, index, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
1589                                                                         -err);
1590         else
1591                 err = cmd_complete(sk, index, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
1592                                                                 NULL, 0);
1593
1594         hci_dev_unlock(hdev);
1595         hci_dev_put(hdev);
1596
1597         return err;
1598 }
1599
1600 static int start_discovery(struct sock *sk, u16 index)
1601 {
1602         u8 lap[3] = { 0x33, 0x8b, 0x9e };
1603         struct hci_cp_inquiry cp;
1604         struct pending_cmd *cmd;
1605         struct hci_dev *hdev;
1606         int err;
1607
1608         BT_DBG("hci%u", index);
1609
1610         hdev = hci_dev_get(index);
1611         if (!hdev)
1612                 return cmd_status(sk, index, MGMT_OP_START_DISCOVERY, ENODEV);
1613
1614         hci_dev_lock_bh(hdev);
1615
1616         cmd = mgmt_pending_add(sk, MGMT_OP_START_DISCOVERY, index, NULL, 0);
1617         if (!cmd) {
1618                 err = -ENOMEM;
1619                 goto failed;
1620         }
1621
1622         memset(&cp, 0, sizeof(cp));
1623         memcpy(&cp.lap, lap, 3);
1624         cp.length  = 0x08;
1625         cp.num_rsp = 0x00;
1626
1627         err = hci_send_cmd(hdev, HCI_OP_INQUIRY, sizeof(cp), &cp);
1628         if (err < 0)
1629                 mgmt_pending_remove(cmd);
1630
1631 failed:
1632         hci_dev_unlock_bh(hdev);
1633         hci_dev_put(hdev);
1634
1635         return err;
1636 }
1637
1638 static int stop_discovery(struct sock *sk, u16 index)
1639 {
1640         struct hci_dev *hdev;
1641         struct pending_cmd *cmd;
1642         int err;
1643
1644         BT_DBG("hci%u", index);
1645
1646         hdev = hci_dev_get(index);
1647         if (!hdev)
1648                 return cmd_status(sk, index, MGMT_OP_STOP_DISCOVERY, ENODEV);
1649
1650         hci_dev_lock_bh(hdev);
1651
1652         cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, index, NULL, 0);
1653         if (!cmd) {
1654                 err = -ENOMEM;
1655                 goto failed;
1656         }
1657
1658         err = hci_send_cmd(hdev, HCI_OP_INQUIRY_CANCEL, 0, NULL);
1659         if (err < 0)
1660                 mgmt_pending_remove(cmd);
1661
1662 failed:
1663         hci_dev_unlock_bh(hdev);
1664         hci_dev_put(hdev);
1665
1666         return err;
1667 }
1668
1669 int mgmt_control(struct sock *sk, struct msghdr *msg, size_t msglen)
1670 {
1671         unsigned char *buf;
1672         struct mgmt_hdr *hdr;
1673         u16 opcode, index, len;
1674         int err;
1675
1676         BT_DBG("got %zu bytes", msglen);
1677
1678         if (msglen < sizeof(*hdr))
1679                 return -EINVAL;
1680
1681         buf = kmalloc(msglen, GFP_KERNEL);
1682         if (!buf)
1683                 return -ENOMEM;
1684
1685         if (memcpy_fromiovec(buf, msg->msg_iov, msglen)) {
1686                 err = -EFAULT;
1687                 goto done;
1688         }
1689
1690         hdr = (struct mgmt_hdr *) buf;
1691         opcode = get_unaligned_le16(&hdr->opcode);
1692         index = get_unaligned_le16(&hdr->index);
1693         len = get_unaligned_le16(&hdr->len);
1694
1695         if (len != msglen - sizeof(*hdr)) {
1696                 err = -EINVAL;
1697                 goto done;
1698         }
1699
1700         switch (opcode) {
1701         case MGMT_OP_READ_VERSION:
1702                 err = read_version(sk);
1703                 break;
1704         case MGMT_OP_READ_INDEX_LIST:
1705                 err = read_index_list(sk);
1706                 break;
1707         case MGMT_OP_READ_INFO:
1708                 err = read_controller_info(sk, index);
1709                 break;
1710         case MGMT_OP_SET_POWERED:
1711                 err = set_powered(sk, index, buf + sizeof(*hdr), len);
1712                 break;
1713         case MGMT_OP_SET_DISCOVERABLE:
1714                 err = set_discoverable(sk, index, buf + sizeof(*hdr), len);
1715                 break;
1716         case MGMT_OP_SET_CONNECTABLE:
1717                 err = set_connectable(sk, index, buf + sizeof(*hdr), len);
1718                 break;
1719         case MGMT_OP_SET_PAIRABLE:
1720                 err = set_pairable(sk, index, buf + sizeof(*hdr), len);
1721                 break;
1722         case MGMT_OP_ADD_UUID:
1723                 err = add_uuid(sk, index, buf + sizeof(*hdr), len);
1724                 break;
1725         case MGMT_OP_REMOVE_UUID:
1726                 err = remove_uuid(sk, index, buf + sizeof(*hdr), len);
1727                 break;
1728         case MGMT_OP_SET_DEV_CLASS:
1729                 err = set_dev_class(sk, index, buf + sizeof(*hdr), len);
1730                 break;
1731         case MGMT_OP_SET_SERVICE_CACHE:
1732                 err = set_service_cache(sk, index, buf + sizeof(*hdr), len);
1733                 break;
1734         case MGMT_OP_LOAD_KEYS:
1735                 err = load_keys(sk, index, buf + sizeof(*hdr), len);
1736                 break;
1737         case MGMT_OP_REMOVE_KEY:
1738                 err = remove_key(sk, index, buf + sizeof(*hdr), len);
1739                 break;
1740         case MGMT_OP_DISCONNECT:
1741                 err = disconnect(sk, index, buf + sizeof(*hdr), len);
1742                 break;
1743         case MGMT_OP_GET_CONNECTIONS:
1744                 err = get_connections(sk, index);
1745                 break;
1746         case MGMT_OP_PIN_CODE_REPLY:
1747                 err = pin_code_reply(sk, index, buf + sizeof(*hdr), len);
1748                 break;
1749         case MGMT_OP_PIN_CODE_NEG_REPLY:
1750                 err = pin_code_neg_reply(sk, index, buf + sizeof(*hdr), len);
1751                 break;
1752         case MGMT_OP_SET_IO_CAPABILITY:
1753                 err = set_io_capability(sk, index, buf + sizeof(*hdr), len);
1754                 break;
1755         case MGMT_OP_PAIR_DEVICE:
1756                 err = pair_device(sk, index, buf + sizeof(*hdr), len);
1757                 break;
1758         case MGMT_OP_USER_CONFIRM_REPLY:
1759                 err = user_confirm_reply(sk, index, buf + sizeof(*hdr), len, 1);
1760                 break;
1761         case MGMT_OP_USER_CONFIRM_NEG_REPLY:
1762                 err = user_confirm_reply(sk, index, buf + sizeof(*hdr), len, 0);
1763                 break;
1764         case MGMT_OP_SET_LOCAL_NAME:
1765                 err = set_local_name(sk, index, buf + sizeof(*hdr), len);
1766                 break;
1767         case MGMT_OP_READ_LOCAL_OOB_DATA:
1768                 err = read_local_oob_data(sk, index);
1769                 break;
1770         case MGMT_OP_ADD_REMOTE_OOB_DATA:
1771                 err = add_remote_oob_data(sk, index, buf + sizeof(*hdr), len);
1772                 break;
1773         case MGMT_OP_REMOVE_REMOTE_OOB_DATA:
1774                 err = remove_remote_oob_data(sk, index, buf + sizeof(*hdr),
1775                                                                         len);
1776                 break;
1777         case MGMT_OP_START_DISCOVERY:
1778                 err = start_discovery(sk, index);
1779                 break;
1780         case MGMT_OP_STOP_DISCOVERY:
1781                 err = stop_discovery(sk, index);
1782                 break;
1783         default:
1784                 BT_DBG("Unknown op %u", opcode);
1785                 err = cmd_status(sk, index, opcode, 0x01);
1786                 break;
1787         }
1788
1789         if (err < 0)
1790                 goto done;
1791
1792         err = msglen;
1793
1794 done:
1795         kfree(buf);
1796         return err;
1797 }
1798
1799 int mgmt_index_added(u16 index)
1800 {
1801         return mgmt_event(MGMT_EV_INDEX_ADDED, index, NULL, 0, NULL);
1802 }
1803
1804 int mgmt_index_removed(u16 index)
1805 {
1806         return mgmt_event(MGMT_EV_INDEX_REMOVED, index, NULL, 0, NULL);
1807 }
1808
1809 struct cmd_lookup {
1810         u8 val;
1811         struct sock *sk;
1812 };
1813
1814 static void mode_rsp(struct pending_cmd *cmd, void *data)
1815 {
1816         struct mgmt_mode *cp = cmd->param;
1817         struct cmd_lookup *match = data;
1818
1819         if (cp->val != match->val)
1820                 return;
1821
1822         send_mode_rsp(cmd->sk, cmd->opcode, cmd->index, cp->val);
1823
1824         list_del(&cmd->list);
1825
1826         if (match->sk == NULL) {
1827                 match->sk = cmd->sk;
1828                 sock_hold(match->sk);
1829         }
1830
1831         mgmt_pending_free(cmd);
1832 }
1833
1834 int mgmt_powered(u16 index, u8 powered)
1835 {
1836         struct mgmt_mode ev;
1837         struct cmd_lookup match = { powered, NULL };
1838         int ret;
1839
1840         mgmt_pending_foreach(MGMT_OP_SET_POWERED, index, mode_rsp, &match);
1841
1842         ev.val = powered;
1843
1844         ret = mgmt_event(MGMT_EV_POWERED, index, &ev, sizeof(ev), match.sk);
1845
1846         if (match.sk)
1847                 sock_put(match.sk);
1848
1849         return ret;
1850 }
1851
1852 int mgmt_discoverable(u16 index, u8 discoverable)
1853 {
1854         struct mgmt_mode ev;
1855         struct cmd_lookup match = { discoverable, NULL };
1856         int ret;
1857
1858         mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, index, mode_rsp, &match);
1859
1860         ev.val = discoverable;
1861
1862         ret = mgmt_event(MGMT_EV_DISCOVERABLE, index, &ev, sizeof(ev),
1863                                                                 match.sk);
1864
1865         if (match.sk)
1866                 sock_put(match.sk);
1867
1868         return ret;
1869 }
1870
1871 int mgmt_connectable(u16 index, u8 connectable)
1872 {
1873         struct mgmt_mode ev;
1874         struct cmd_lookup match = { connectable, NULL };
1875         int ret;
1876
1877         mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, index, mode_rsp, &match);
1878
1879         ev.val = connectable;
1880
1881         ret = mgmt_event(MGMT_EV_CONNECTABLE, index, &ev, sizeof(ev), match.sk);
1882
1883         if (match.sk)
1884                 sock_put(match.sk);
1885
1886         return ret;
1887 }
1888
1889 int mgmt_new_key(u16 index, struct link_key *key, u8 persistent)
1890 {
1891         struct mgmt_ev_new_key ev;
1892
1893         memset(&ev, 0, sizeof(ev));
1894
1895         ev.store_hint = persistent;
1896         bacpy(&ev.key.bdaddr, &key->bdaddr);
1897         ev.key.type = key->type;
1898         memcpy(ev.key.val, key->val, 16);
1899         ev.key.pin_len = key->pin_len;
1900
1901         return mgmt_event(MGMT_EV_NEW_KEY, index, &ev, sizeof(ev), NULL);
1902 }
1903
1904 int mgmt_connected(u16 index, bdaddr_t *bdaddr)
1905 {
1906         struct mgmt_ev_connected ev;
1907
1908         bacpy(&ev.bdaddr, bdaddr);
1909
1910         return mgmt_event(MGMT_EV_CONNECTED, index, &ev, sizeof(ev), NULL);
1911 }
1912
1913 static void disconnect_rsp(struct pending_cmd *cmd, void *data)
1914 {
1915         struct mgmt_cp_disconnect *cp = cmd->param;
1916         struct sock **sk = data;
1917         struct mgmt_rp_disconnect rp;
1918
1919         bacpy(&rp.bdaddr, &cp->bdaddr);
1920
1921         cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT, &rp, sizeof(rp));
1922
1923         *sk = cmd->sk;
1924         sock_hold(*sk);
1925
1926         mgmt_pending_remove(cmd);
1927 }
1928
1929 int mgmt_disconnected(u16 index, bdaddr_t *bdaddr)
1930 {
1931         struct mgmt_ev_disconnected ev;
1932         struct sock *sk = NULL;
1933         int err;
1934
1935         mgmt_pending_foreach(MGMT_OP_DISCONNECT, index, disconnect_rsp, &sk);
1936
1937         bacpy(&ev.bdaddr, bdaddr);
1938
1939         err = mgmt_event(MGMT_EV_DISCONNECTED, index, &ev, sizeof(ev), sk);
1940
1941         if (sk)
1942                 sock_put(sk);
1943
1944         return err;
1945 }
1946
1947 int mgmt_disconnect_failed(u16 index)
1948 {
1949         struct pending_cmd *cmd;
1950         int err;
1951
1952         cmd = mgmt_pending_find(MGMT_OP_DISCONNECT, index);
1953         if (!cmd)
1954                 return -ENOENT;
1955
1956         err = cmd_status(cmd->sk, index, MGMT_OP_DISCONNECT, EIO);
1957
1958         mgmt_pending_remove(cmd);
1959
1960         return err;
1961 }
1962
1963 int mgmt_connect_failed(u16 index, bdaddr_t *bdaddr, u8 status)
1964 {
1965         struct mgmt_ev_connect_failed ev;
1966
1967         bacpy(&ev.bdaddr, bdaddr);
1968         ev.status = status;
1969
1970         return mgmt_event(MGMT_EV_CONNECT_FAILED, index, &ev, sizeof(ev), NULL);
1971 }
1972
1973 int mgmt_pin_code_request(u16 index, bdaddr_t *bdaddr, u8 secure)
1974 {
1975         struct mgmt_ev_pin_code_request ev;
1976
1977         bacpy(&ev.bdaddr, bdaddr);
1978         ev.secure = secure;
1979
1980         return mgmt_event(MGMT_EV_PIN_CODE_REQUEST, index, &ev, sizeof(ev),
1981                                                                         NULL);
1982 }
1983
1984 int mgmt_pin_code_reply_complete(u16 index, bdaddr_t *bdaddr, u8 status)
1985 {
1986         struct pending_cmd *cmd;
1987         struct mgmt_rp_pin_code_reply rp;
1988         int err;
1989
1990         cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_REPLY, index);
1991         if (!cmd)
1992                 return -ENOENT;
1993
1994         bacpy(&rp.bdaddr, bdaddr);
1995         rp.status = status;
1996
1997         err = cmd_complete(cmd->sk, index, MGMT_OP_PIN_CODE_REPLY, &rp,
1998                                                                 sizeof(rp));
1999
2000         mgmt_pending_remove(cmd);
2001
2002         return err;
2003 }
2004
2005 int mgmt_pin_code_neg_reply_complete(u16 index, bdaddr_t *bdaddr, u8 status)
2006 {
2007         struct pending_cmd *cmd;
2008         struct mgmt_rp_pin_code_reply rp;
2009         int err;
2010
2011         cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, index);
2012         if (!cmd)
2013                 return -ENOENT;
2014
2015         bacpy(&rp.bdaddr, bdaddr);
2016         rp.status = status;
2017
2018         err = cmd_complete(cmd->sk, index, MGMT_OP_PIN_CODE_NEG_REPLY, &rp,
2019                                                                 sizeof(rp));
2020
2021         mgmt_pending_remove(cmd);
2022
2023         return err;
2024 }
2025
2026 int mgmt_user_confirm_request(u16 index, bdaddr_t *bdaddr, __le32 value,
2027                                                         u8 confirm_hint)
2028 {
2029         struct mgmt_ev_user_confirm_request ev;
2030
2031         BT_DBG("hci%u", index);
2032
2033         bacpy(&ev.bdaddr, bdaddr);
2034         ev.confirm_hint = confirm_hint;
2035         put_unaligned_le32(value, &ev.value);
2036
2037         return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, index, &ev, sizeof(ev),
2038                                                                         NULL);
2039 }
2040
2041 static int confirm_reply_complete(u16 index, bdaddr_t *bdaddr, u8 status,
2042                                                                 u8 opcode)
2043 {
2044         struct pending_cmd *cmd;
2045         struct mgmt_rp_user_confirm_reply rp;
2046         int err;
2047
2048         cmd = mgmt_pending_find(opcode, index);
2049         if (!cmd)
2050                 return -ENOENT;
2051
2052         bacpy(&rp.bdaddr, bdaddr);
2053         rp.status = status;
2054         err = cmd_complete(cmd->sk, index, opcode, &rp, sizeof(rp));
2055
2056         mgmt_pending_remove(cmd);
2057
2058         return err;
2059 }
2060
2061 int mgmt_user_confirm_reply_complete(u16 index, bdaddr_t *bdaddr, u8 status)
2062 {
2063         return confirm_reply_complete(index, bdaddr, status,
2064                                                 MGMT_OP_USER_CONFIRM_REPLY);
2065 }
2066
2067 int mgmt_user_confirm_neg_reply_complete(u16 index, bdaddr_t *bdaddr, u8 status)
2068 {
2069         return confirm_reply_complete(index, bdaddr, status,
2070                                         MGMT_OP_USER_CONFIRM_NEG_REPLY);
2071 }
2072
2073 int mgmt_auth_failed(u16 index, bdaddr_t *bdaddr, u8 status)
2074 {
2075         struct mgmt_ev_auth_failed ev;
2076
2077         bacpy(&ev.bdaddr, bdaddr);
2078         ev.status = status;
2079
2080         return mgmt_event(MGMT_EV_AUTH_FAILED, index, &ev, sizeof(ev), NULL);
2081 }
2082
2083 int mgmt_set_local_name_complete(u16 index, u8 *name, u8 status)
2084 {
2085         struct pending_cmd *cmd;
2086         struct hci_dev *hdev;
2087         struct mgmt_cp_set_local_name ev;
2088         int err;
2089
2090         memset(&ev, 0, sizeof(ev));
2091         memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
2092
2093         cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, index);
2094         if (!cmd)
2095                 goto send_event;
2096
2097         if (status) {
2098                 err = cmd_status(cmd->sk, index, MGMT_OP_SET_LOCAL_NAME, EIO);
2099                 goto failed;
2100         }
2101
2102         hdev = hci_dev_get(index);
2103         if (hdev) {
2104                 hci_dev_lock_bh(hdev);
2105                 update_eir(hdev);
2106                 hci_dev_unlock_bh(hdev);
2107                 hci_dev_put(hdev);
2108         }
2109
2110         err = cmd_complete(cmd->sk, index, MGMT_OP_SET_LOCAL_NAME, &ev,
2111                                                                 sizeof(ev));
2112         if (err < 0)
2113                 goto failed;
2114
2115 send_event:
2116         err = mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, index, &ev, sizeof(ev),
2117                                                         cmd ? cmd->sk : NULL);
2118
2119 failed:
2120         if (cmd)
2121                 mgmt_pending_remove(cmd);
2122         return err;
2123 }
2124
2125 int mgmt_read_local_oob_data_reply_complete(u16 index, u8 *hash, u8 *randomizer,
2126                                                                 u8 status)
2127 {
2128         struct pending_cmd *cmd;
2129         int err;
2130
2131         BT_DBG("hci%u status %u", index, status);
2132
2133         cmd = mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, index);
2134         if (!cmd)
2135                 return -ENOENT;
2136
2137         if (status) {
2138                 err = cmd_status(cmd->sk, index, MGMT_OP_READ_LOCAL_OOB_DATA,
2139                                                                         EIO);
2140         } else {
2141                 struct mgmt_rp_read_local_oob_data rp;
2142
2143                 memcpy(rp.hash, hash, sizeof(rp.hash));
2144                 memcpy(rp.randomizer, randomizer, sizeof(rp.randomizer));
2145
2146                 err = cmd_complete(cmd->sk, index, MGMT_OP_READ_LOCAL_OOB_DATA,
2147                                                         &rp, sizeof(rp));
2148         }
2149
2150         mgmt_pending_remove(cmd);
2151
2152         return err;
2153 }
2154
2155 int mgmt_device_found(u16 index, bdaddr_t *bdaddr, u8 *dev_class, s8 rssi,
2156                                                                 u8 *eir)
2157 {
2158         struct mgmt_ev_device_found ev;
2159
2160         memset(&ev, 0, sizeof(ev));
2161
2162         bacpy(&ev.bdaddr, bdaddr);
2163         memcpy(ev.dev_class, dev_class, sizeof(ev.dev_class));
2164         ev.rssi = rssi;
2165
2166         if (eir)
2167                 memcpy(ev.eir, eir, sizeof(ev.eir));
2168
2169         return mgmt_event(MGMT_EV_DEVICE_FOUND, index, &ev, sizeof(ev), NULL);
2170 }
2171
2172 int mgmt_remote_name(u16 index, bdaddr_t *bdaddr, u8 *name)
2173 {
2174         struct mgmt_ev_remote_name ev;
2175
2176         memset(&ev, 0, sizeof(ev));
2177
2178         bacpy(&ev.bdaddr, bdaddr);
2179         memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
2180
2181         return mgmt_event(MGMT_EV_REMOTE_NAME, index, &ev, sizeof(ev), NULL);
2182 }
2183
2184 int mgmt_discovering(u16 index, u8 discovering)
2185 {
2186         return mgmt_event(MGMT_EV_DISCOVERING, index, &discovering,
2187                                                 sizeof(discovering), NULL);
2188 }