projects / deliverable / linux.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Bluetooth: Refactor ioctl scan state update to its own function
[deliverable/linux.git] / net / bluetooth / hci_event.c
CommitLineData
8e87d142 1/*
1da177e4 2 BlueZ - Bluetooth protocol stack for Linux
2d0a0346 3 Copyright (c) 2000-2001, 2010, Code Aurora Forum. All rights reserved.
1da177e4
LT		 4
5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
8e87d142
YH		 15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
1da177e4
LT		 18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
8e87d142
YH		 20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
1da177e4
LT		 22 SOFTWARE IS DISCLAIMED.
23*/
24
25/* Bluetooth HCI event handling. */
26
1da177e4
LT		 27#include <asm/unaligned.h>
28
29#include <net/bluetooth/bluetooth.h>
30#include <net/bluetooth/hci_core.h>
f0d6a0ea 31#include <net/bluetooth/mgmt.h>
7ef9fbf0 32
7024728e 33#include "a2mp.h"
7ef9fbf0 34#include "amp.h"
2ceba539 35#include "smp.h"
1da177e4 36
1da177e4
LT		 37/* Handle HCI Event packets */
38
a9de9248 39static void hci_cc_inquiry_cancel(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 40{
a9de9248 41 __u8 status = *((__u8 *) skb->data);
1da177e4 42
9f1db00c 43 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1da177e4 44
82f4785c 45 if (status)
a9de9248 46 return;
1da177e4 47
89352e7d 48 clear_bit(HCI_INQUIRY, &hdev->flags);
4e857c58 49 smp_mb__after_atomic(); /* wake_up_bit advises about this barrier */
3e13fa1e 50 wake_up_bit(&hdev->flags, HCI_INQUIRY);
89352e7d 51
50143a43
JH		 52 hci_dev_lock(hdev);
53 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
54 hci_dev_unlock(hdev);
55
a9de9248
MH		 56 hci_conn_check_pending(hdev);
57}
6bd57416 58
4d93483b
AG		 59static void hci_cc_periodic_inq(struct hci_dev *hdev, struct sk_buff *skb)
60{
61 __u8 status = *((__u8 *) skb->data);
62
9f1db00c 63 BT_DBG("%s status 0x%2.2x", hdev->name, status);
ae854a70
AG		 64
65 if (status)
66 return;
67
68 set_bit(HCI_PERIODIC_INQ, &hdev->dev_flags);
4d93483b
AG		 69}
70
a9de9248
MH		 71static void hci_cc_exit_periodic_inq(struct hci_dev *hdev, struct sk_buff *skb)
72{
73 __u8 status = *((__u8 *) skb->data);
6bd57416 74
9f1db00c 75 BT_DBG("%s status 0x%2.2x", hdev->name, status);
6bd57416 76
a9de9248
MH		 77 if (status)
78 return;
1da177e4 79
ae854a70
AG		 80 clear_bit(HCI_PERIODIC_INQ, &hdev->dev_flags);
81
a9de9248
MH		 82 hci_conn_check_pending(hdev);
83}
84
807deac2
GP		 85static void hci_cc_remote_name_req_cancel(struct hci_dev *hdev,
86 struct sk_buff *skb)
a9de9248
MH		 87{
88 BT_DBG("%s", hdev->name);
89}
90
91static void hci_cc_role_discovery(struct hci_dev *hdev, struct sk_buff *skb)
92{
93 struct hci_rp_role_discovery *rp = (void *) skb->data;
94 struct hci_conn *conn;
95
9f1db00c 96 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
a9de9248
MH		 97
98 if (rp->status)
99 return;
100
101 hci_dev_lock(hdev);
102
103 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
104 if (conn) {
105 if (rp->role)
4dae2798 106 clear_bit(HCI_CONN_MASTER, &conn->flags);
a9de9248 107 else
4dae2798 108 set_bit(HCI_CONN_MASTER, &conn->flags);
1da177e4 109 }
a9de9248
MH		 110
111 hci_dev_unlock(hdev);
1da177e4
LT		 112}
113
e4e8e37c
MH		 114static void hci_cc_read_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
115{
116 struct hci_rp_read_link_policy *rp = (void *) skb->data;
117 struct hci_conn *conn;
118
9f1db00c 119 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
e4e8e37c
MH		 120
121 if (rp->status)
122 return;
123
124 hci_dev_lock(hdev);
125
126 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
127 if (conn)
128 conn->link_policy = __le16_to_cpu(rp->policy);
129
130 hci_dev_unlock(hdev);
131}
132
a9de9248 133static void hci_cc_write_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 134{
a9de9248 135 struct hci_rp_write_link_policy *rp = (void *) skb->data;
1da177e4 136 struct hci_conn *conn;
04837f64 137 void *sent;
1da177e4 138
9f1db00c 139 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1da177e4 140
a9de9248
MH		 141 if (rp->status)
142 return;
1da177e4 143
a9de9248
MH		 144 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LINK_POLICY);
145 if (!sent)
146 return;
1da177e4 147
a9de9248 148 hci_dev_lock(hdev);
1da177e4 149
a9de9248 150 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
e4e8e37c 151 if (conn)
83985319 152 conn->link_policy = get_unaligned_le16(sent + 2);
1da177e4 153
a9de9248
MH		 154 hci_dev_unlock(hdev);
155}
1da177e4 156
807deac2
GP		 157static void hci_cc_read_def_link_policy(struct hci_dev *hdev,
158 struct sk_buff *skb)
e4e8e37c
MH		 159{
160 struct hci_rp_read_def_link_policy *rp = (void *) skb->data;
161
9f1db00c 162 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
e4e8e37c
MH		 163
164 if (rp->status)
165 return;
166
167 hdev->link_policy = __le16_to_cpu(rp->policy);
168}
169
807deac2
GP		 170static void hci_cc_write_def_link_policy(struct hci_dev *hdev,
171 struct sk_buff *skb)
e4e8e37c
MH		 172{
173 __u8 status = *((__u8 *) skb->data);
174 void *sent;
175
9f1db00c 176 BT_DBG("%s status 0x%2.2x", hdev->name, status);
e4e8e37c 177
45296acd
MH		 178 if (status)
179 return;
180
e4e8e37c
MH		 181 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_DEF_LINK_POLICY);
182 if (!sent)
183 return;
184
45296acd 185 hdev->link_policy = get_unaligned_le16(sent);
e4e8e37c
MH		 186}
187
a9de9248
MH		 188static void hci_cc_reset(struct hci_dev *hdev, struct sk_buff *skb)
189{
190 __u8 status = *((__u8 *) skb->data);
04837f64 191
9f1db00c 192 BT_DBG("%s status 0x%2.2x", hdev->name, status);
04837f64 193
10572132
GP		 194 clear_bit(HCI_RESET, &hdev->flags);
195
a297e97c 196 /* Reset all non-persistent flags */
2cc6fb00 197 hdev->dev_flags &= ~HCI_PERSISTENT_MASK;
69775ff6
AG		 198
199 hdev->discovery.state = DISCOVERY_STOPPED;
bbaf444a
JH		 200 hdev->inq_tx_power = HCI_TX_POWER_INVALID;
201 hdev->adv_tx_power = HCI_TX_POWER_INVALID;
3f0f524b
JH		 202
203 memset(hdev->adv_data, 0, sizeof(hdev->adv_data));
204 hdev->adv_data_len = 0;
f8e808bd
MH		 205
206 memset(hdev->scan_rsp_data, 0, sizeof(hdev->scan_rsp_data));
207 hdev->scan_rsp_data_len = 0;
06f5b778 208
533553f8
MH		 209 hdev->le_scan_type = LE_SCAN_PASSIVE;
210
06f5b778 211 hdev->ssp_debug_mode = 0;
a9de9248 212}
04837f64 213
a9de9248
MH		 214static void hci_cc_write_local_name(struct hci_dev *hdev, struct sk_buff *skb)
215{
216 __u8 status = *((__u8 *) skb->data);
217 void *sent;
04837f64 218
9f1db00c 219 BT_DBG("%s status 0x%2.2x", hdev->name, status);
04837f64 220
a9de9248
MH		 221 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LOCAL_NAME);
222 if (!sent)
223 return;
04837f64 224
56e5cb86
JH		 225 hci_dev_lock(hdev);
226
f51d5b24
JH		 227 if (test_bit(HCI_MGMT, &hdev->dev_flags))
228 mgmt_set_local_name_complete(hdev, sent, status);
28cc7bde
JH		 229 else if (!status)
230 memcpy(hdev->dev_name, sent, HCI_MAX_NAME_LENGTH);
f51d5b24 231
56e5cb86 232 hci_dev_unlock(hdev);
a9de9248
MH		 233}
234
235static void hci_cc_read_local_name(struct hci_dev *hdev, struct sk_buff *skb)
236{
237 struct hci_rp_read_local_name *rp = (void *) skb->data;
238
9f1db00c 239 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
a9de9248
MH		 240
241 if (rp->status)
242 return;
243
db99b5fc
JH		 244 if (test_bit(HCI_SETUP, &hdev->dev_flags))
245 memcpy(hdev->dev_name, rp->name, HCI_MAX_NAME_LENGTH);
a9de9248
MH		 246}
247
248static void hci_cc_write_auth_enable(struct hci_dev *hdev, struct sk_buff *skb)
249{
250 __u8 status = *((__u8 *) skb->data);
251 void *sent;
252
9f1db00c 253 BT_DBG("%s status 0x%2.2x", hdev->name, status);
a9de9248
MH		 254
255 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_AUTH_ENABLE);
256 if (!sent)
257 return;
258
259 if (!status) {
260 __u8 param = *((__u8 *) sent);
261
262 if (param == AUTH_ENABLED)
263 set_bit(HCI_AUTH, &hdev->flags);
264 else
265 clear_bit(HCI_AUTH, &hdev->flags);
1da177e4 266 }
a9de9248 267
33ef95ed
JH		 268 if (test_bit(HCI_MGMT, &hdev->dev_flags))
269 mgmt_auth_enable_complete(hdev, status);
1da177e4
LT		 270}
271
a9de9248 272static void hci_cc_write_encrypt_mode(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 273{
a9de9248 274 __u8 status = *((__u8 *) skb->data);
45296acd 275 __u8 param;
1da177e4
LT		 276 void *sent;
277
9f1db00c 278 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1da177e4 279
45296acd
MH		 280 if (status)
281 return;
282
a9de9248
MH		 283 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_ENCRYPT_MODE);
284 if (!sent)
285 return;
1da177e4 286
45296acd 287 param = *((__u8 *) sent);
a9de9248 288
45296acd
MH		 289 if (param)
290 set_bit(HCI_ENCRYPT, &hdev->flags);
291 else
292 clear_bit(HCI_ENCRYPT, &hdev->flags);
a9de9248 293}
1da177e4 294
a9de9248
MH		 295static void hci_cc_write_scan_enable(struct hci_dev *hdev, struct sk_buff *skb)
296{
45296acd
MH		 297 __u8 status = *((__u8 *) skb->data);
298 __u8 param;
36f7fc7e 299 int old_pscan, old_iscan;
a9de9248 300 void *sent;
1da177e4 301
9f1db00c 302 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1da177e4 303
a9de9248
MH		 304 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SCAN_ENABLE);
305 if (!sent)
306 return;
1da177e4 307
36f7fc7e
JH		 308 param = *((__u8 *) sent);
309
56e5cb86
JH		 310 hci_dev_lock(hdev);
311
fa1bd918 312 if (status) {
744cf19e 313 mgmt_write_scan_failed(hdev, param, status);
2d7cee58
JH		 314 hdev->discov_timeout = 0;
315 goto done;
316 }
317
0663ca2a
JH		 318 /* We need to ensure that we set this back on if someone changed
319 * the scan mode through a raw HCI socket.
320 */
321 set_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
322
36f7fc7e
JH		 323 old_pscan = test_and_clear_bit(HCI_PSCAN, &hdev->flags);
324 old_iscan = test_and_clear_bit(HCI_ISCAN, &hdev->flags);
325
326 if (param & SCAN_INQUIRY) {
327 set_bit(HCI_ISCAN, &hdev->flags);
328 if (!old_iscan)
744cf19e 329 mgmt_discoverable(hdev, 1);
36f7fc7e 330 } else if (old_iscan)
744cf19e 331 mgmt_discoverable(hdev, 0);
36f7fc7e 332
031547d8 333 if (param & SCAN_PAGE)
36f7fc7e 334 set_bit(HCI_PSCAN, &hdev->flags);
1da177e4 335
36f7fc7e 336done:
56e5cb86 337 hci_dev_unlock(hdev);
a9de9248 338}
1da177e4 339
a9de9248
MH		 340static void hci_cc_read_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
341{
342 struct hci_rp_read_class_of_dev *rp = (void *) skb->data;
1da177e4 343
9f1db00c 344 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1da177e4 345
a9de9248
MH		 346 if (rp->status)
347 return;
1da177e4 348
a9de9248 349 memcpy(hdev->dev_class, rp->dev_class, 3);
1da177e4 350
a9de9248 351 BT_DBG("%s class 0x%.2x%.2x%.2x", hdev->name,
807deac2 352 hdev->dev_class[2], hdev->dev_class[1], hdev->dev_class[0]);
a9de9248 353}
1da177e4 354
a9de9248
MH		 355static void hci_cc_write_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
356{
357 __u8 status = *((__u8 *) skb->data);
358 void *sent;
1da177e4 359
9f1db00c 360 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1da177e4 361
a9de9248
MH		 362 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_CLASS_OF_DEV);
363 if (!sent)
364 return;
1da177e4 365
7f9a903c
MH		 366 hci_dev_lock(hdev);
367
368 if (status == 0)
369 memcpy(hdev->dev_class, sent, 3);
370
371 if (test_bit(HCI_MGMT, &hdev->dev_flags))
372 mgmt_set_class_of_dev_complete(hdev, sent, status);
373
374 hci_dev_unlock(hdev);
a9de9248 375}
1da177e4 376
a9de9248
MH		 377static void hci_cc_read_voice_setting(struct hci_dev *hdev, struct sk_buff *skb)
378{
379 struct hci_rp_read_voice_setting *rp = (void *) skb->data;
380 __u16 setting;
381
9f1db00c 382 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
a9de9248
MH		 383
384 if (rp->status)
385 return;
386
387 setting = __le16_to_cpu(rp->voice_setting);
388
f383f275 389 if (hdev->voice_setting == setting)
a9de9248
MH		 390 return;
391
392 hdev->voice_setting = setting;
393
9f1db00c 394 BT_DBG("%s voice setting 0x%4.4x", hdev->name, setting);
a9de9248 395
3c54711c 396 if (hdev->notify)
a9de9248 397 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
a9de9248
MH		 398}
399
8fc9ced3
GP		 400static void hci_cc_write_voice_setting(struct hci_dev *hdev,
401 struct sk_buff *skb)
a9de9248
MH		 402{
403 __u8 status = *((__u8 *) skb->data);
f383f275 404 __u16 setting;
a9de9248
MH		 405 void *sent;
406
9f1db00c 407 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1da177e4 408
f383f275
MH		 409 if (status)
410 return;
411
a9de9248
MH		 412 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_VOICE_SETTING);
413 if (!sent)
414 return;
1da177e4 415
f383f275 416 setting = get_unaligned_le16(sent);
1da177e4 417
f383f275
MH		 418 if (hdev->voice_setting == setting)
419 return;
420
421 hdev->voice_setting = setting;
1da177e4 422
9f1db00c 423 BT_DBG("%s voice setting 0x%4.4x", hdev->name, setting);
1da177e4 424
3c54711c 425 if (hdev->notify)
f383f275 426 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
1da177e4
LT		 427}
428
b4cb9fb2
MH		 429static void hci_cc_read_num_supported_iac(struct hci_dev *hdev,
430 struct sk_buff *skb)
431{
432 struct hci_rp_read_num_supported_iac *rp = (void *) skb->data;
433
434 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
435
436 if (rp->status)
437 return;
438
439 hdev->num_iac = rp->num_iac;
440
441 BT_DBG("%s num iac %d", hdev->name, hdev->num_iac);
442}
443
333140b5
MH		 444static void hci_cc_write_ssp_mode(struct hci_dev *hdev, struct sk_buff *skb)
445{
446 __u8 status = *((__u8 *) skb->data);
5ed8eb2f 447 struct hci_cp_write_ssp_mode *sent;
333140b5 448
9f1db00c 449 BT_DBG("%s status 0x%2.2x", hdev->name, status);
333140b5 450
333140b5
MH		 451 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SSP_MODE);
452 if (!sent)
453 return;
454
5ed8eb2f
JH		 455 if (!status) {
456 if (sent->mode)
cad718ed 457 hdev->features[1][0] |= LMP_HOST_SSP;
5ed8eb2f 458 else
cad718ed 459 hdev->features[1][0] &= ~LMP_HOST_SSP;
5ed8eb2f
JH		 460 }
461
ed2c4ee3 462 if (test_bit(HCI_MGMT, &hdev->dev_flags))
5ed8eb2f 463 mgmt_ssp_enable_complete(hdev, sent->mode, status);
c0ecddc2 464 else if (!status) {
5ed8eb2f 465 if (sent->mode)
c0ecddc2
JH		 466 set_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
467 else
468 clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
469 }
333140b5
MH		 470}
471
eac83dc6
MH		 472static void hci_cc_write_sc_support(struct hci_dev *hdev, struct sk_buff *skb)
473{
474 u8 status = *((u8 *) skb->data);
475 struct hci_cp_write_sc_support *sent;
476
477 BT_DBG("%s status 0x%2.2x", hdev->name, status);
478
479 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SC_SUPPORT);
480 if (!sent)
481 return;
482
483 if (!status) {
484 if (sent->support)
485 hdev->features[1][0] |= LMP_HOST_SC;
486 else
487 hdev->features[1][0] &= ~LMP_HOST_SC;
488 }
489
490 if (test_bit(HCI_MGMT, &hdev->dev_flags))
491 mgmt_sc_enable_complete(hdev, sent->support, status);
492 else if (!status) {
493 if (sent->support)
494 set_bit(HCI_SC_ENABLED, &hdev->dev_flags);
495 else
496 clear_bit(HCI_SC_ENABLED, &hdev->dev_flags);
497 }
498}
499
a9de9248
MH		 500static void hci_cc_read_local_version(struct hci_dev *hdev, struct sk_buff *skb)
501{
502 struct hci_rp_read_local_version *rp = (void *) skb->data;
1143e5a6 503
9f1db00c 504 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1143e5a6 505
a9de9248 506 if (rp->status)
42c6b129 507 return;
1143e5a6 508
0d5551f5
MH		 509 if (test_bit(HCI_SETUP, &hdev->dev_flags)) {
510 hdev->hci_ver = rp->hci_ver;
511 hdev->hci_rev = __le16_to_cpu(rp->hci_rev);
512 hdev->lmp_ver = rp->lmp_ver;
513 hdev->manufacturer = __le16_to_cpu(rp->manufacturer);
514 hdev->lmp_subver = __le16_to_cpu(rp->lmp_subver);
515 }
d5859e22
JH		 516}
517
8fc9ced3
GP		 518static void hci_cc_read_local_commands(struct hci_dev *hdev,
519 struct sk_buff *skb)
a9de9248
MH		 520{
521 struct hci_rp_read_local_commands *rp = (void *) skb->data;
1da177e4 522
9f1db00c 523 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1da177e4 524
6a070e6e
MH		 525 if (rp->status)
526 return;
527
528 if (test_bit(HCI_SETUP, &hdev->dev_flags))
2177bab5 529 memcpy(hdev->commands, rp->commands, sizeof(hdev->commands));
a9de9248 530}
1da177e4 531
8fc9ced3
GP		 532static void hci_cc_read_local_features(struct hci_dev *hdev,
533 struct sk_buff *skb)
a9de9248
MH		 534{
535 struct hci_rp_read_local_features *rp = (void *) skb->data;
5b7f9909 536
9f1db00c 537 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1da177e4 538
a9de9248
MH		 539 if (rp->status)
540 return;
5b7f9909 541
a9de9248 542 memcpy(hdev->features, rp->features, 8);
5b7f9909 543
a9de9248
MH		 544 /* Adjust default settings according to features
545 * supported by device. */
1da177e4 546
cad718ed 547 if (hdev->features[0][0] & LMP_3SLOT)
a9de9248 548 hdev->pkt_type |= (HCI_DM3 | HCI_DH3);
1da177e4 549
cad718ed 550 if (hdev->features[0][0] & LMP_5SLOT)
a9de9248 551 hdev->pkt_type |= (HCI_DM5 | HCI_DH5);
1da177e4 552
cad718ed 553 if (hdev->features[0][1] & LMP_HV2) {
a9de9248
MH		 554 hdev->pkt_type |= (HCI_HV2);
555 hdev->esco_type |= (ESCO_HV2);
556 }
1da177e4 557
cad718ed 558 if (hdev->features[0][1] & LMP_HV3) {
a9de9248
MH		 559 hdev->pkt_type |= (HCI_HV3);
560 hdev->esco_type |= (ESCO_HV3);
561 }
1da177e4 562
45db810f 563 if (lmp_esco_capable(hdev))
a9de9248 564 hdev->esco_type |= (ESCO_EV3);
da1f5198 565
cad718ed 566 if (hdev->features[0][4] & LMP_EV4)
a9de9248 567 hdev->esco_type |= (ESCO_EV4);
da1f5198 568
cad718ed 569 if (hdev->features[0][4] & LMP_EV5)
a9de9248 570 hdev->esco_type |= (ESCO_EV5);
1da177e4 571
cad718ed 572 if (hdev->features[0][5] & LMP_EDR_ESCO_2M)
efc7688b
MH		 573 hdev->esco_type |= (ESCO_2EV3);
574
cad718ed 575 if (hdev->features[0][5] & LMP_EDR_ESCO_3M)
efc7688b
MH		 576 hdev->esco_type |= (ESCO_3EV3);
577
cad718ed 578 if (hdev->features[0][5] & LMP_EDR_3S_ESCO)
efc7688b 579 hdev->esco_type |= (ESCO_2EV5 | ESCO_3EV5);
a9de9248 580}
1da177e4 581
971e3a4b 582static void hci_cc_read_local_ext_features(struct hci_dev *hdev,
807deac2 583 struct sk_buff *skb)
971e3a4b
AG		 584{
585 struct hci_rp_read_local_ext_features *rp = (void *) skb->data;
586
9f1db00c 587 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
971e3a4b
AG		 588
589 if (rp->status)
42c6b129 590 return;
971e3a4b 591
57af75a8
MH		 592 if (hdev->max_page < rp->max_page)
593 hdev->max_page = rp->max_page;
d2c5d77f 594
cad718ed
JH		 595 if (rp->page < HCI_MAX_PAGES)
596 memcpy(hdev->features[rp->page], rp->features, 8);
971e3a4b
AG		 597}
598
1e89cffb 599static void hci_cc_read_flow_control_mode(struct hci_dev *hdev,
807deac2 600 struct sk_buff *skb)
1e89cffb
AE		 601{
602 struct hci_rp_read_flow_control_mode *rp = (void *) skb->data;
603
9f1db00c 604 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1e89cffb 605
45296acd
MH		 606 if (rp->status)
607 return;
608
609 hdev->flow_ctl_mode = rp->mode;
1e89cffb
AE		 610}
611
a9de9248
MH		 612static void hci_cc_read_buffer_size(struct hci_dev *hdev, struct sk_buff *skb)
613{
614 struct hci_rp_read_buffer_size *rp = (void *) skb->data;
1da177e4 615
9f1db00c 616 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1da177e4 617
a9de9248
MH		 618 if (rp->status)
619 return;
1da177e4 620
a9de9248
MH		 621 hdev->acl_mtu = __le16_to_cpu(rp->acl_mtu);
622 hdev->sco_mtu = rp->sco_mtu;
623 hdev->acl_pkts = __le16_to_cpu(rp->acl_max_pkt);
624 hdev->sco_pkts = __le16_to_cpu(rp->sco_max_pkt);
625
626 if (test_bit(HCI_QUIRK_FIXUP_BUFFER_SIZE, &hdev->quirks)) {
627 hdev->sco_mtu = 64;
628 hdev->sco_pkts = 8;
1da177e4 629 }
a9de9248
MH		 630
631 hdev->acl_cnt = hdev->acl_pkts;
632 hdev->sco_cnt = hdev->sco_pkts;
633
807deac2
GP		 634 BT_DBG("%s acl mtu %d:%d sco mtu %d:%d", hdev->name, hdev->acl_mtu,
635 hdev->acl_pkts, hdev->sco_mtu, hdev->sco_pkts);
a9de9248
MH		 636}
637
638static void hci_cc_read_bd_addr(struct hci_dev *hdev, struct sk_buff *skb)
639{
640 struct hci_rp_read_bd_addr *rp = (void *) skb->data;
641
9f1db00c 642 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
a9de9248 643
e30d3f5f
MH		 644 if (rp->status)
645 return;
646
647 if (test_bit(HCI_INIT, &hdev->flags))
a9de9248 648 bacpy(&hdev->bdaddr, &rp->bdaddr);
e30d3f5f
MH		 649
650 if (test_bit(HCI_SETUP, &hdev->dev_flags))
651 bacpy(&hdev->setup_addr, &rp->bdaddr);
23bb5763
JH		 652}
653
f332ec66
JH		 654static void hci_cc_read_page_scan_activity(struct hci_dev *hdev,
655 struct sk_buff *skb)
656{
657 struct hci_rp_read_page_scan_activity *rp = (void *) skb->data;
658
659 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
660
45296acd
MH		 661 if (rp->status)
662 return;
663
664 if (test_bit(HCI_INIT, &hdev->flags)) {
f332ec66
JH		 665 hdev->page_scan_interval = __le16_to_cpu(rp->interval);
666 hdev->page_scan_window = __le16_to_cpu(rp->window);
667 }
668}
669
4a3ee763
JH		 670static void hci_cc_write_page_scan_activity(struct hci_dev *hdev,
671 struct sk_buff *skb)
672{
673 u8 status = *((u8 *) skb->data);
674 struct hci_cp_write_page_scan_activity *sent;
675
676 BT_DBG("%s status 0x%2.2x", hdev->name, status);
677
678 if (status)
679 return;
680
681 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY);
682 if (!sent)
683 return;
684
685 hdev->page_scan_interval = __le16_to_cpu(sent->interval);
686 hdev->page_scan_window = __le16_to_cpu(sent->window);
687}
688
f332ec66
JH		 689static void hci_cc_read_page_scan_type(struct hci_dev *hdev,
690 struct sk_buff *skb)
691{
692 struct hci_rp_read_page_scan_type *rp = (void *) skb->data;
693
694 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
695
45296acd
MH		 696 if (rp->status)
697 return;
698
699 if (test_bit(HCI_INIT, &hdev->flags))
f332ec66
JH		 700 hdev->page_scan_type = rp->type;
701}
702
4a3ee763
JH		 703static void hci_cc_write_page_scan_type(struct hci_dev *hdev,
704 struct sk_buff *skb)
705{
706 u8 status = *((u8 *) skb->data);
707 u8 *type;
708
709 BT_DBG("%s status 0x%2.2x", hdev->name, status);
710
711 if (status)
712 return;
713
714 type = hci_sent_cmd_data(hdev, HCI_OP_WRITE_PAGE_SCAN_TYPE);
715 if (type)
716 hdev->page_scan_type = *type;
717}
718
350ee4cf 719static void hci_cc_read_data_block_size(struct hci_dev *hdev,
807deac2 720 struct sk_buff *skb)
350ee4cf
AE		 721{
722 struct hci_rp_read_data_block_size *rp = (void *) skb->data;
723
9f1db00c 724 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
350ee4cf
AE		 725
726 if (rp->status)
727 return;
728
729 hdev->block_mtu = __le16_to_cpu(rp->max_acl_len);
730 hdev->block_len = __le16_to_cpu(rp->block_len);
731 hdev->num_blocks = __le16_to_cpu(rp->num_blocks);
732
733 hdev->block_cnt = hdev->num_blocks;
734
735 BT_DBG("%s blk mtu %d cnt %d len %d", hdev->name, hdev->block_mtu,
807deac2 736 hdev->block_cnt, hdev->block_len);
350ee4cf
AE		 737}
738
33f35721
JH		 739static void hci_cc_read_clock(struct hci_dev *hdev, struct sk_buff *skb)
740{
741 struct hci_rp_read_clock *rp = (void *) skb->data;
742 struct hci_cp_read_clock *cp;
743 struct hci_conn *conn;
744
745 BT_DBG("%s", hdev->name);
746
747 if (skb->len < sizeof(*rp))
748 return;
749
750 if (rp->status)
751 return;
752
753 hci_dev_lock(hdev);
754
755 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_CLOCK);
756 if (!cp)
757 goto unlock;
758
759 if (cp->which == 0x00) {
760 hdev->clock = le32_to_cpu(rp->clock);
761 goto unlock;
762 }
763
764 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
765 if (conn) {
766 conn->clock = le32_to_cpu(rp->clock);
767 conn->clock_accuracy = le16_to_cpu(rp->accuracy);
768 }
769
770unlock:
771 hci_dev_unlock(hdev);
772}
773
928abaa7 774static void hci_cc_read_local_amp_info(struct hci_dev *hdev,
807deac2 775 struct sk_buff *skb)
928abaa7
AE		 776{
777 struct hci_rp_read_local_amp_info *rp = (void *) skb->data;
778
9f1db00c 779 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
928abaa7
AE		 780
781 if (rp->status)
8e2a0d92 782 goto a2mp_rsp;
928abaa7
AE		 783
784 hdev->amp_status = rp->amp_status;
785 hdev->amp_total_bw = __le32_to_cpu(rp->total_bw);
786 hdev->amp_max_bw = __le32_to_cpu(rp->max_bw);
787 hdev->amp_min_latency = __le32_to_cpu(rp->min_latency);
788 hdev->amp_max_pdu = __le32_to_cpu(rp->max_pdu);
789 hdev->amp_type = rp->amp_type;
790 hdev->amp_pal_cap = __le16_to_cpu(rp->pal_cap);
791 hdev->amp_assoc_size = __le16_to_cpu(rp->max_assoc_size);
792 hdev->amp_be_flush_to = __le32_to_cpu(rp->be_flush_to);
793 hdev->amp_max_flush_to = __le32_to_cpu(rp->max_flush_to);
794
8e2a0d92
AE		 795a2mp_rsp:
796 a2mp_send_getinfo_rsp(hdev);
928abaa7
AE		 797}
798
903e4541
AE		 799static void hci_cc_read_local_amp_assoc(struct hci_dev *hdev,
800 struct sk_buff *skb)
801{
802 struct hci_rp_read_local_amp_assoc *rp = (void *) skb->data;
803 struct amp_assoc *assoc = &hdev->loc_assoc;
804 size_t rem_len, frag_len;
805
806 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
807
808 if (rp->status)
809 goto a2mp_rsp;
810
811 frag_len = skb->len - sizeof(*rp);
812 rem_len = __le16_to_cpu(rp->rem_len);
813
814 if (rem_len > frag_len) {
2e430be3 815 BT_DBG("frag_len %zu rem_len %zu", frag_len, rem_len);
903e4541
AE		 816
817 memcpy(assoc->data + assoc->offset, rp->frag, frag_len);
818 assoc->offset += frag_len;
819
820 /* Read other fragments */
821 amp_read_loc_assoc_frag(hdev, rp->phy_handle);
822
823 return;
824 }
825
826 memcpy(assoc->data + assoc->offset, rp->frag, rem_len);
827 assoc->len = assoc->offset + rem_len;
828 assoc->offset = 0;
829
830a2mp_rsp:
831 /* Send A2MP Rsp when all fragments are received */
832 a2mp_send_getampassoc_rsp(hdev, rp->status);
9495b2ee 833 a2mp_send_create_phy_link_req(hdev, rp->status);
903e4541
AE		 834}
835
d5859e22 836static void hci_cc_read_inq_rsp_tx_power(struct hci_dev *hdev,
807deac2 837 struct sk_buff *skb)
d5859e22 838{
91c4e9b1 839 struct hci_rp_read_inq_rsp_tx_power *rp = (void *) skb->data;
d5859e22 840
9f1db00c 841 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
91c4e9b1 842
45296acd
MH		 843 if (rp->status)
844 return;
845
846 hdev->inq_tx_power = rp->tx_power;
d5859e22
JH		 847}
848
980e1a53
JH		 849static void hci_cc_pin_code_reply(struct hci_dev *hdev, struct sk_buff *skb)
850{
851 struct hci_rp_pin_code_reply *rp = (void *) skb->data;
852 struct hci_cp_pin_code_reply *cp;
853 struct hci_conn *conn;
854
9f1db00c 855 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
980e1a53 856
56e5cb86
JH		 857 hci_dev_lock(hdev);
858
a8b2d5c2 859 if (test_bit(HCI_MGMT, &hdev->dev_flags))
744cf19e 860 mgmt_pin_code_reply_complete(hdev, &rp->bdaddr, rp->status);
980e1a53 861
fa1bd918 862 if (rp->status)
56e5cb86 863 goto unlock;
980e1a53
JH		 864
865 cp = hci_sent_cmd_data(hdev, HCI_OP_PIN_CODE_REPLY);
866 if (!cp)
56e5cb86 867 goto unlock;
980e1a53
JH		 868
869 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
870 if (conn)
871 conn->pin_length = cp->pin_len;
56e5cb86
JH		 872
873unlock:
874 hci_dev_unlock(hdev);
980e1a53
JH		 875}
876
877static void hci_cc_pin_code_neg_reply(struct hci_dev *hdev, struct sk_buff *skb)
878{
879 struct hci_rp_pin_code_neg_reply *rp = (void *) skb->data;
880
9f1db00c 881 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
980e1a53 882
56e5cb86
JH		 883 hci_dev_lock(hdev);
884
a8b2d5c2 885 if (test_bit(HCI_MGMT, &hdev->dev_flags))
744cf19e 886 mgmt_pin_code_neg_reply_complete(hdev, &rp->bdaddr,
807deac2 887 rp->status);
56e5cb86
JH		 888
889 hci_dev_unlock(hdev);
980e1a53 890}
56e5cb86 891
6ed58ec5
VT		 892static void hci_cc_le_read_buffer_size(struct hci_dev *hdev,
893 struct sk_buff *skb)
894{
895 struct hci_rp_le_read_buffer_size *rp = (void *) skb->data;
896
9f1db00c 897 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
6ed58ec5
VT		 898
899 if (rp->status)
900 return;
901
902 hdev->le_mtu = __le16_to_cpu(rp->le_mtu);
903 hdev->le_pkts = rp->le_max_pkt;
904
905 hdev->le_cnt = hdev->le_pkts;
906
907 BT_DBG("%s le mtu %d:%d", hdev->name, hdev->le_mtu, hdev->le_pkts);
6ed58ec5 908}
980e1a53 909
60e77321
JH		 910static void hci_cc_le_read_local_features(struct hci_dev *hdev,
911 struct sk_buff *skb)
912{
913 struct hci_rp_le_read_local_features *rp = (void *) skb->data;
914
915 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
916
45296acd
MH		 917 if (rp->status)
918 return;
919
920 memcpy(hdev->le_features, rp->features, 8);
60e77321
JH		 921}
922
8fa19098
JH		 923static void hci_cc_le_read_adv_tx_power(struct hci_dev *hdev,
924 struct sk_buff *skb)
925{
926 struct hci_rp_le_read_adv_tx_power *rp = (void *) skb->data;
927
928 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
929
45296acd
MH		 930 if (rp->status)
931 return;
932
933 hdev->adv_tx_power = rp->tx_power;
8fa19098
JH		 934}
935
a5c29683
JH		 936static void hci_cc_user_confirm_reply(struct hci_dev *hdev, struct sk_buff *skb)
937{
938 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
939
9f1db00c 940 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
a5c29683 941
56e5cb86
JH		 942 hci_dev_lock(hdev);
943
a8b2d5c2 944 if (test_bit(HCI_MGMT, &hdev->dev_flags))
04124681
GP		 945 mgmt_user_confirm_reply_complete(hdev, &rp->bdaddr, ACL_LINK, 0,
946 rp->status);
56e5cb86
JH		 947
948 hci_dev_unlock(hdev);
a5c29683
JH		 949}
950
951static void hci_cc_user_confirm_neg_reply(struct hci_dev *hdev,
807deac2 952 struct sk_buff *skb)
a5c29683
JH		 953{
954 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
955
9f1db00c 956 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
a5c29683 957
56e5cb86
JH		 958 hci_dev_lock(hdev);
959
a8b2d5c2 960 if (test_bit(HCI_MGMT, &hdev->dev_flags))
744cf19e 961 mgmt_user_confirm_neg_reply_complete(hdev, &rp->bdaddr,
04124681 962 ACL_LINK, 0, rp->status);
56e5cb86
JH		 963
964 hci_dev_unlock(hdev);
a5c29683
JH		 965}
966
1143d458
BG		 967static void hci_cc_user_passkey_reply(struct hci_dev *hdev, struct sk_buff *skb)
968{
969 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
970
9f1db00c 971 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1143d458
BG		 972
973 hci_dev_lock(hdev);
974
a8b2d5c2 975 if (test_bit(HCI_MGMT, &hdev->dev_flags))
272d90df 976 mgmt_user_passkey_reply_complete(hdev, &rp->bdaddr, ACL_LINK,
04124681 977 0, rp->status);
1143d458
BG		 978
979 hci_dev_unlock(hdev);
980}
981
982static void hci_cc_user_passkey_neg_reply(struct hci_dev *hdev,
807deac2 983 struct sk_buff *skb)
1143d458
BG		 984{
985 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
986
9f1db00c 987 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1143d458
BG		 988
989 hci_dev_lock(hdev);
990
a8b2d5c2 991 if (test_bit(HCI_MGMT, &hdev->dev_flags))
1143d458 992 mgmt_user_passkey_neg_reply_complete(hdev, &rp->bdaddr,
04124681 993 ACL_LINK, 0, rp->status);
1143d458
BG		 994
995 hci_dev_unlock(hdev);
996}
997
4d2d2796
MH		 998static void hci_cc_read_local_oob_data(struct hci_dev *hdev,
999 struct sk_buff *skb)
c35938b2
SJ		 1000{
1001 struct hci_rp_read_local_oob_data *rp = (void *) skb->data;
1002
9f1db00c 1003 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
c35938b2 1004
56e5cb86 1005 hci_dev_lock(hdev);
4d2d2796
MH		 1006 mgmt_read_local_oob_data_complete(hdev, rp->hash, rp->randomizer,
1007 NULL, NULL, rp->status);
1008 hci_dev_unlock(hdev);
1009}
1010
1011static void hci_cc_read_local_oob_ext_data(struct hci_dev *hdev,
1012 struct sk_buff *skb)
1013{
1014 struct hci_rp_read_local_oob_ext_data *rp = (void *) skb->data;
1015
1016 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1017
1018 hci_dev_lock(hdev);
1019 mgmt_read_local_oob_data_complete(hdev, rp->hash192, rp->randomizer192,
1020 rp->hash256, rp->randomizer256,
1021 rp->status);
56e5cb86 1022 hci_dev_unlock(hdev);
c35938b2
SJ		 1023}
1024
7a4cd51d
MH		 1025
1026static void hci_cc_le_set_random_addr(struct hci_dev *hdev, struct sk_buff *skb)
1027{
1028 __u8 status = *((__u8 *) skb->data);
1029 bdaddr_t *sent;
1030
1031 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1032
45296acd
MH		 1033 if (status)
1034 return;
1035
7a4cd51d
MH		 1036 sent = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_RANDOM_ADDR);
1037 if (!sent)
1038 return;
1039
1040 hci_dev_lock(hdev);
1041
45296acd 1042 bacpy(&hdev->random_addr, sent);
7a4cd51d
MH		 1043
1044 hci_dev_unlock(hdev);
1045}
1046
c1d5dc4a
JH		 1047static void hci_cc_le_set_adv_enable(struct hci_dev *hdev, struct sk_buff *skb)
1048{
1049 __u8 *sent, status = *((__u8 *) skb->data);
1050
1051 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1052
45296acd 1053 if (status)
c1d5dc4a
JH		 1054 return;
1055
45296acd
MH		 1056 sent = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_ADV_ENABLE);
1057 if (!sent)
3c857757
JH		 1058 return;
1059
c1d5dc4a
JH		 1060 hci_dev_lock(hdev);
1061
3c857757
JH		 1062 /* If we're doing connection initation as peripheral. Set a
1063 * timeout in case something goes wrong.
1064 */
1065 if (*sent) {
1066 struct hci_conn *conn;
1067
66c417c1
JH		 1068 set_bit(HCI_LE_ADV, &hdev->dev_flags);
1069
3c857757
JH		 1070 conn = hci_conn_hash_lookup_state(hdev, LE_LINK, BT_CONNECT);
1071 if (conn)
1072 queue_delayed_work(hdev->workqueue,
1073 &conn->le_conn_timeout,
09ae260b 1074 conn->conn_timeout);
66c417c1
JH		 1075 } else {
1076 clear_bit(HCI_LE_ADV, &hdev->dev_flags);
3c857757
JH		 1077 }
1078
04b4edcb 1079 hci_dev_unlock(hdev);
c1d5dc4a
JH		 1080}
1081
533553f8
MH		 1082static void hci_cc_le_set_scan_param(struct hci_dev *hdev, struct sk_buff *skb)
1083{
1084 struct hci_cp_le_set_scan_param *cp;
1085 __u8 status = *((__u8 *) skb->data);
1086
1087 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1088
45296acd
MH		 1089 if (status)
1090 return;
1091
533553f8
MH		 1092 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_SCAN_PARAM);
1093 if (!cp)
1094 return;
1095
1096 hci_dev_lock(hdev);
1097
45296acd 1098 hdev->le_scan_type = cp->type;
533553f8
MH		 1099
1100 hci_dev_unlock(hdev);
1101}
1102
b9a6328f
JH		 1103static bool has_pending_adv_report(struct hci_dev *hdev)
1104{
1105 struct discovery_state *d = &hdev->discovery;
1106
1107 return bacmp(&d->last_adv_addr, BDADDR_ANY);
1108}
1109
1110static void clear_pending_adv_report(struct hci_dev *hdev)
1111{
1112 struct discovery_state *d = &hdev->discovery;
1113
1114 bacpy(&d->last_adv_addr, BDADDR_ANY);
1115 d->last_adv_data_len = 0;
1116}
1117
1118static void store_pending_adv_report(struct hci_dev *hdev, bdaddr_t *bdaddr,
c70a7e4c
MH		 1119 u8 bdaddr_type, s8 rssi, u32 flags,
1120 u8 *data, u8 len)
b9a6328f
JH		 1121{
1122 struct discovery_state *d = &hdev->discovery;
1123
1124 bacpy(&d->last_adv_addr, bdaddr);
1125 d->last_adv_addr_type = bdaddr_type;
ff5cd29f 1126 d->last_adv_rssi = rssi;
c70a7e4c 1127 d->last_adv_flags = flags;
b9a6328f
JH		 1128 memcpy(d->last_adv_data, data, len);
1129 d->last_adv_data_len = len;
1130}
1131
eb9d91f5 1132static void hci_cc_le_set_scan_enable(struct hci_dev *hdev,
807deac2 1133 struct sk_buff *skb)
eb9d91f5
AG		 1134{
1135 struct hci_cp_le_set_scan_enable *cp;
1136 __u8 status = *((__u8 *) skb->data);
1137
9f1db00c 1138 BT_DBG("%s status 0x%2.2x", hdev->name, status);
eb9d91f5 1139
45296acd 1140 if (status)
eb9d91f5
AG		 1141 return;
1142
45296acd
MH		 1143 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_SCAN_ENABLE);
1144 if (!cp)
3fd319b8
AG		 1145 return;
1146
68a8aea4 1147 switch (cp->enable) {
76a388be 1148 case LE_SCAN_ENABLE:
d23264a8 1149 set_bit(HCI_LE_SCAN, &hdev->dev_flags);
b9a6328f
JH		 1150 if (hdev->le_scan_type == LE_SCAN_ACTIVE)
1151 clear_pending_adv_report(hdev);
68a8aea4
AE		 1152 break;
1153
76a388be 1154 case LE_SCAN_DISABLE:
b9a6328f
JH		 1155 /* We do this here instead of when setting DISCOVERY_STOPPED
1156 * since the latter would potentially require waiting for
1157 * inquiry to stop too.
1158 */
1159 if (has_pending_adv_report(hdev)) {
1160 struct discovery_state *d = &hdev->discovery;
1161
1162 mgmt_device_found(hdev, &d->last_adv_addr, LE_LINK,
ab0aa433 1163 d->last_adv_addr_type, NULL,
c70a7e4c 1164 d->last_adv_rssi, d->last_adv_flags,
ab0aa433 1165 d->last_adv_data,
b9a6328f
JH		 1166 d->last_adv_data_len, NULL, 0);
1167 }
1168
317ac8cb
JH		 1169 /* Cancel this timer so that we don't try to disable scanning
1170 * when it's already disabled.
1171 */
1172 cancel_delayed_work(&hdev->le_scan_disable);
1173
d23264a8 1174 clear_bit(HCI_LE_SCAN, &hdev->dev_flags);
e8bb6b97 1175
81ad6fd9
JH		 1176 /* The HCI_LE_SCAN_INTERRUPTED flag indicates that we
1177 * interrupted scanning due to a connect request. Mark
e8bb6b97
JH		 1178 * therefore discovery as stopped. If this was not
1179 * because of a connect request advertising might have
1180 * been disabled because of active scanning, so
1181 * re-enable it again if necessary.
81ad6fd9
JH		 1182 */
1183 if (test_and_clear_bit(HCI_LE_SCAN_INTERRUPTED,
1184 &hdev->dev_flags))
1185 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
e8bb6b97 1186 else if (!test_bit(HCI_LE_ADV, &hdev->dev_flags) &&
34722277 1187 hdev->discovery.state == DISCOVERY_FINDING)
e8bb6b97
JH		 1188 mgmt_reenable_advertising(hdev);
1189
68a8aea4
AE		 1190 break;
1191
1192 default:
1193 BT_ERR("Used reserved LE_Scan_Enable param %d", cp->enable);
1194 break;
35815085 1195 }
eb9d91f5
AG		 1196}
1197
cf1d081f
JH		 1198static void hci_cc_le_read_white_list_size(struct hci_dev *hdev,
1199 struct sk_buff *skb)
1200{
1201 struct hci_rp_le_read_white_list_size *rp = (void *) skb->data;
1202
1203 BT_DBG("%s status 0x%2.2x size %u", hdev->name, rp->status, rp->size);
1204
45296acd
MH		 1205 if (rp->status)
1206 return;
1207
1208 hdev->le_white_list_size = rp->size;
cf1d081f
JH		 1209}
1210
0f36b589
MH		 1211static void hci_cc_le_clear_white_list(struct hci_dev *hdev,
1212 struct sk_buff *skb)
1213{
1214 __u8 status = *((__u8 *) skb->data);
1215
1216 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1217
45296acd
MH		 1218 if (status)
1219 return;
1220
dcc36c16 1221 hci_bdaddr_list_clear(&hdev->le_white_list);
0f36b589
MH		 1222}
1223
1224static void hci_cc_le_add_to_white_list(struct hci_dev *hdev,
1225 struct sk_buff *skb)
1226{
1227 struct hci_cp_le_add_to_white_list *sent;
1228 __u8 status = *((__u8 *) skb->data);
1229
1230 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1231
45296acd
MH		 1232 if (status)
1233 return;
1234
0f36b589
MH		 1235 sent = hci_sent_cmd_data(hdev, HCI_OP_LE_ADD_TO_WHITE_LIST);
1236 if (!sent)
1237 return;
1238
dcc36c16
JH		 1239 hci_bdaddr_list_add(&hdev->le_white_list, &sent->bdaddr,
1240 sent->bdaddr_type);
0f36b589
MH		 1241}
1242
1243static void hci_cc_le_del_from_white_list(struct hci_dev *hdev,
1244 struct sk_buff *skb)
1245{
1246 struct hci_cp_le_del_from_white_list *sent;
1247 __u8 status = *((__u8 *) skb->data);
1248
1249 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1250
45296acd
MH		 1251 if (status)
1252 return;
1253
0f36b589
MH		 1254 sent = hci_sent_cmd_data(hdev, HCI_OP_LE_DEL_FROM_WHITE_LIST);
1255 if (!sent)
1256 return;
1257
dcc36c16
JH		 1258 hci_bdaddr_list_del(&hdev->le_white_list, &sent->bdaddr,
1259 sent->bdaddr_type);
0f36b589
MH		 1260}
1261
9b008c04
JH		 1262static void hci_cc_le_read_supported_states(struct hci_dev *hdev,
1263 struct sk_buff *skb)
1264{
1265 struct hci_rp_le_read_supported_states *rp = (void *) skb->data;
1266
1267 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1268
45296acd
MH		 1269 if (rp->status)
1270 return;
1271
1272 memcpy(hdev->le_states, rp->le_states, 8);
9b008c04
JH		 1273}
1274
6039aa73
GP		 1275static void hci_cc_write_le_host_supported(struct hci_dev *hdev,
1276 struct sk_buff *skb)
f9b49306 1277{
06199cf8 1278 struct hci_cp_write_le_host_supported *sent;
f9b49306
AG		 1279 __u8 status = *((__u8 *) skb->data);
1280
9f1db00c 1281 BT_DBG("%s status 0x%2.2x", hdev->name, status);
f9b49306 1282
45296acd
MH		 1283 if (status)
1284 return;
1285
06199cf8 1286 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED);
8f984dfa 1287 if (!sent)
f9b49306
AG		 1288 return;
1289
45296acd
MH		 1290 if (sent->le) {
1291 hdev->features[1][0] |= LMP_HOST_LE;
1292 set_bit(HCI_LE_ENABLED, &hdev->dev_flags);
1293 } else {
1294 hdev->features[1][0] &= ~LMP_HOST_LE;
1295 clear_bit(HCI_LE_ENABLED, &hdev->dev_flags);
1296 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
8f984dfa 1297 }
45296acd
MH		 1298
1299 if (sent->simul)
1300 hdev->features[1][0] |= LMP_HOST_LE_BREDR;
1301 else
1302 hdev->features[1][0] &= ~LMP_HOST_LE_BREDR;
f9b49306
AG		 1303}
1304
56ed2cb8
JH		 1305static void hci_cc_set_adv_param(struct hci_dev *hdev, struct sk_buff *skb)
1306{
1307 struct hci_cp_le_set_adv_param *cp;
1308 u8 status = *((u8 *) skb->data);
1309
1310 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1311
1312 if (status)
1313 return;
1314
1315 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_ADV_PARAM);
1316 if (!cp)
1317 return;
1318
1319 hci_dev_lock(hdev);
1320 hdev->adv_addr_type = cp->own_address_type;
1321 hci_dev_unlock(hdev);
1322}
1323
93c284ee
AE		 1324static void hci_cc_write_remote_amp_assoc(struct hci_dev *hdev,
1325 struct sk_buff *skb)
1326{
1327 struct hci_rp_write_remote_amp_assoc *rp = (void *) skb->data;
1328
1329 BT_DBG("%s status 0x%2.2x phy_handle 0x%2.2x",
1330 hdev->name, rp->status, rp->phy_handle);
1331
1332 if (rp->status)
1333 return;
1334
1335 amp_write_rem_assoc_continue(hdev, rp->phy_handle);
1336}
1337
5ae76a94
AK		 1338static void hci_cc_read_rssi(struct hci_dev *hdev, struct sk_buff *skb)
1339{
1340 struct hci_rp_read_rssi *rp = (void *) skb->data;
1341 struct hci_conn *conn;
1342
1343 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1344
1345 if (rp->status)
1346 return;
1347
1348 hci_dev_lock(hdev);
1349
1350 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
1351 if (conn)
1352 conn->rssi = rp->rssi;
1353
1354 hci_dev_unlock(hdev);
1355}
1356
5a134fae
AK		 1357static void hci_cc_read_tx_power(struct hci_dev *hdev, struct sk_buff *skb)
1358{
1359 struct hci_cp_read_tx_power *sent;
1360 struct hci_rp_read_tx_power *rp = (void *) skb->data;
1361 struct hci_conn *conn;
1362
1363 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1364
1365 if (rp->status)
1366 return;
1367
1368 sent = hci_sent_cmd_data(hdev, HCI_OP_READ_TX_POWER);
1369 if (!sent)
1370 return;
1371
1372 hci_dev_lock(hdev);
1373
1374 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
d0455ed9
AK		 1375 if (!conn)
1376 goto unlock;
1377
1378 switch (sent->type) {
1379 case 0x00:
5a134fae 1380 conn->tx_power = rp->tx_power;
d0455ed9
AK		 1381 break;
1382 case 0x01:
1383 conn->max_tx_power = rp->tx_power;
1384 break;
1385 }
5a134fae 1386
d0455ed9 1387unlock:
5a134fae
AK		 1388 hci_dev_unlock(hdev);
1389}
1390
6039aa73 1391static void hci_cs_inquiry(struct hci_dev *hdev, __u8 status)
a9de9248 1392{
9f1db00c 1393 BT_DBG("%s status 0x%2.2x", hdev->name, status);
a9de9248
MH		 1394
1395 if (status) {
a9de9248 1396 hci_conn_check_pending(hdev);
314b2381
JH		 1397 return;
1398 }
1399
89352e7d 1400 set_bit(HCI_INQUIRY, &hdev->flags);
1da177e4
LT		 1401}
1402
6039aa73 1403static void hci_cs_create_conn(struct hci_dev *hdev, __u8 status)
1da177e4 1404{
a9de9248 1405 struct hci_cp_create_conn *cp;
1da177e4 1406 struct hci_conn *conn;
1da177e4 1407
9f1db00c 1408 BT_DBG("%s status 0x%2.2x", hdev->name, status);
a9de9248
MH		 1409
1410 cp = hci_sent_cmd_data(hdev, HCI_OP_CREATE_CONN);
1da177e4
LT		 1411 if (!cp)
1412 return;
1413
1414 hci_dev_lock(hdev);
1415
1416 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1417
6ed93dc6 1418 BT_DBG("%s bdaddr %pMR hcon %p", hdev->name, &cp->bdaddr, conn);
1da177e4
LT		 1419
1420 if (status) {
1421 if (conn && conn->state == BT_CONNECT) {
4c67bc74
MH		 1422 if (status != 0x0c || conn->attempt > 2) {
1423 conn->state = BT_CLOSED;
1424 hci_proto_connect_cfm(conn, status);
1425 hci_conn_del(conn);
1426 } else
1427 conn->state = BT_CONNECT2;
1da177e4
LT		 1428 }
1429 } else {
1430 if (!conn) {
1431 conn = hci_conn_add(hdev, ACL_LINK, &cp->bdaddr);
1432 if (conn) {
a0c808b3 1433 conn->out = true;
4dae2798 1434 set_bit(HCI_CONN_MASTER, &conn->flags);
1da177e4 1435 } else
893ef971 1436 BT_ERR("No memory for new connection");
1da177e4
LT		 1437 }
1438 }
1439
1440 hci_dev_unlock(hdev);
1441}
1442
a9de9248 1443static void hci_cs_add_sco(struct hci_dev *hdev, __u8 status)
1da177e4 1444{
a9de9248
MH		 1445 struct hci_cp_add_sco *cp;
1446 struct hci_conn *acl, *sco;
1447 __u16 handle;
1da177e4 1448
9f1db00c 1449 BT_DBG("%s status 0x%2.2x", hdev->name, status);
b6a0dc82 1450
a9de9248
MH		 1451 if (!status)
1452 return;
1da177e4 1453
a9de9248
MH		 1454 cp = hci_sent_cmd_data(hdev, HCI_OP_ADD_SCO);
1455 if (!cp)
1456 return;
1da177e4 1457
a9de9248 1458 handle = __le16_to_cpu(cp->handle);
1da177e4 1459
9f1db00c 1460 BT_DBG("%s handle 0x%4.4x", hdev->name, handle);
1da177e4 1461
a9de9248 1462 hci_dev_lock(hdev);
1da177e4 1463
a9de9248 1464 acl = hci_conn_hash_lookup_handle(hdev, handle);
5a08ecce
AE		 1465 if (acl) {
1466 sco = acl->link;
1467 if (sco) {
1468 sco->state = BT_CLOSED;
1da177e4 1469
5a08ecce
AE		 1470 hci_proto_connect_cfm(sco, status);
1471 hci_conn_del(sco);
1472 }
a9de9248 1473 }
1da177e4 1474
a9de9248
MH		 1475 hci_dev_unlock(hdev);
1476}
1da177e4 1477
f8558555
MH		 1478static void hci_cs_auth_requested(struct hci_dev *hdev, __u8 status)
1479{
1480 struct hci_cp_auth_requested *cp;
1481 struct hci_conn *conn;
1482
9f1db00c 1483 BT_DBG("%s status 0x%2.2x", hdev->name, status);
f8558555
MH		 1484
1485 if (!status)
1486 return;
1487
1488 cp = hci_sent_cmd_data(hdev, HCI_OP_AUTH_REQUESTED);
1489 if (!cp)
1490 return;
1491
1492 hci_dev_lock(hdev);
1493
1494 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1495 if (conn) {
1496 if (conn->state == BT_CONFIG) {
1497 hci_proto_connect_cfm(conn, status);
76a68ba0 1498 hci_conn_drop(conn);
f8558555
MH		 1499 }
1500 }
1501
1502 hci_dev_unlock(hdev);
1503}
1504
1505static void hci_cs_set_conn_encrypt(struct hci_dev *hdev, __u8 status)
1506{
1507 struct hci_cp_set_conn_encrypt *cp;
1508 struct hci_conn *conn;
1509
9f1db00c 1510 BT_DBG("%s status 0x%2.2x", hdev->name, status);
f8558555
MH		 1511
1512 if (!status)
1513 return;
1514
1515 cp = hci_sent_cmd_data(hdev, HCI_OP_SET_CONN_ENCRYPT);
1516 if (!cp)
1517 return;
1518
1519 hci_dev_lock(hdev);
1520
1521 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1522 if (conn) {
1523 if (conn->state == BT_CONFIG) {
1524 hci_proto_connect_cfm(conn, status);
76a68ba0 1525 hci_conn_drop(conn);
f8558555
MH		 1526 }
1527 }
1528
1529 hci_dev_unlock(hdev);
1530}
1531
127178d2 1532static int hci_outgoing_auth_needed(struct hci_dev *hdev,
807deac2 1533 struct hci_conn *conn)
392599b9 1534{
392599b9
JH		 1535 if (conn->state != BT_CONFIG || !conn->out)
1536 return 0;
1537
765c2a96 1538 if (conn->pending_sec_level == BT_SECURITY_SDP)
392599b9
JH		 1539 return 0;
1540
1541 /* Only request authentication for SSP connections or non-SSP
264b8b4e
JH		 1542 * devices with sec_level MEDIUM or HIGH or if MITM protection
1543 * is requested.
1544 */
807deac2 1545 if (!hci_conn_ssp_enabled(conn) && !(conn->auth_type & 0x01) &&
7e3691e1 1546 conn->pending_sec_level != BT_SECURITY_FIPS &&
264b8b4e
JH		 1547 conn->pending_sec_level != BT_SECURITY_HIGH &&
1548 conn->pending_sec_level != BT_SECURITY_MEDIUM)
392599b9
JH		 1549 return 0;
1550
392599b9
JH		 1551 return 1;
1552}
1553
6039aa73 1554static int hci_resolve_name(struct hci_dev *hdev,
04124681 1555 struct inquiry_entry *e)
30dc78e1
JH		 1556{
1557 struct hci_cp_remote_name_req cp;
1558
1559 memset(&cp, 0, sizeof(cp));
1560
1561 bacpy(&cp.bdaddr, &e->data.bdaddr);
1562 cp.pscan_rep_mode = e->data.pscan_rep_mode;
1563 cp.pscan_mode = e->data.pscan_mode;
1564 cp.clock_offset = e->data.clock_offset;
1565
1566 return hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
1567}
1568
b644ba33 1569static bool hci_resolve_next_name(struct hci_dev *hdev)
30dc78e1
JH		 1570{
1571 struct discovery_state *discov = &hdev->discovery;
1572 struct inquiry_entry *e;
1573
b644ba33
JH		 1574 if (list_empty(&discov->resolve))
1575 return false;
1576
1577 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_NEEDED);
c810089c
RM		 1578 if (!e)
1579 return false;
1580
b644ba33
JH		 1581 if (hci_resolve_name(hdev, e) == 0) {
1582 e->name_state = NAME_PENDING;
1583 return true;
1584 }
1585
1586 return false;
1587}
1588
1589static void hci_check_pending_name(struct hci_dev *hdev, struct hci_conn *conn,
04124681 1590 bdaddr_t *bdaddr, u8 *name, u8 name_len)
b644ba33
JH		 1591{
1592 struct discovery_state *discov = &hdev->discovery;
1593 struct inquiry_entry *e;
1594
1595 if (conn && !test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
04124681
GP		 1596 mgmt_device_connected(hdev, bdaddr, ACL_LINK, 0x00, 0, name,
1597 name_len, conn->dev_class);
b644ba33
JH		 1598
1599 if (discov->state == DISCOVERY_STOPPED)
1600 return;
1601
30dc78e1
JH		 1602 if (discov->state == DISCOVERY_STOPPING)
1603 goto discov_complete;
1604
1605 if (discov->state != DISCOVERY_RESOLVING)
1606 return;
1607
1608 e = hci_inquiry_cache_lookup_resolve(hdev, bdaddr, NAME_PENDING);
7cc8380e
RM		 1609 /* If the device was not found in a list of found devices names of which
1610 * are pending. there is no need to continue resolving a next name as it
1611 * will be done upon receiving another Remote Name Request Complete
1612 * Event */
1613 if (!e)
1614 return;
1615
1616 list_del(&e->list);
1617 if (name) {
30dc78e1 1618 e->name_state = NAME_KNOWN;
7cc8380e
RM		 1619 mgmt_remote_name(hdev, bdaddr, ACL_LINK, 0x00,
1620 e->data.rssi, name, name_len);
c3e7c0d9
RM		 1621 } else {
1622 e->name_state = NAME_NOT_KNOWN;
30dc78e1
JH		 1623 }
1624
b644ba33 1625 if (hci_resolve_next_name(hdev))
30dc78e1 1626 return;
30dc78e1
JH		 1627
1628discov_complete:
1629 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1630}
1631
a9de9248
MH		 1632static void hci_cs_remote_name_req(struct hci_dev *hdev, __u8 status)
1633{
127178d2
JH		 1634 struct hci_cp_remote_name_req *cp;
1635 struct hci_conn *conn;
1636
9f1db00c 1637 BT_DBG("%s status 0x%2.2x", hdev->name, status);
127178d2
JH		 1638
1639 /* If successful wait for the name req complete event before
1640 * checking for the need to do authentication */
1641 if (!status)
1642 return;
1643
1644 cp = hci_sent_cmd_data(hdev, HCI_OP_REMOTE_NAME_REQ);
1645 if (!cp)
1646 return;
1647
1648 hci_dev_lock(hdev);
1649
b644ba33
JH		 1650 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1651
a8b2d5c2 1652 if (test_bit(HCI_MGMT, &hdev->dev_flags))
b644ba33 1653 hci_check_pending_name(hdev, conn, &cp->bdaddr, NULL, 0);
30dc78e1 1654
79c6c70c
JH		 1655 if (!conn)
1656 goto unlock;
1657
1658 if (!hci_outgoing_auth_needed(hdev, conn))
1659 goto unlock;
1660
51a8efd7 1661 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
c1f23a2b
JB		 1662 struct hci_cp_auth_requested auth_cp;
1663
1664 auth_cp.handle = __cpu_to_le16(conn->handle);
1665 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED,
1666 sizeof(auth_cp), &auth_cp);
127178d2
JH		 1667 }
1668
79c6c70c 1669unlock:
127178d2 1670 hci_dev_unlock(hdev);
a9de9248 1671}
1da177e4 1672
769be974
MH		 1673static void hci_cs_read_remote_features(struct hci_dev *hdev, __u8 status)
1674{
1675 struct hci_cp_read_remote_features *cp;
1676 struct hci_conn *conn;
1677
9f1db00c 1678 BT_DBG("%s status 0x%2.2x", hdev->name, status);
769be974
MH		 1679
1680 if (!status)
1681 return;
1682
1683 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_FEATURES);
1684 if (!cp)
1685 return;
1686
1687 hci_dev_lock(hdev);
1688
1689 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1690 if (conn) {
1691 if (conn->state == BT_CONFIG) {
769be974 1692 hci_proto_connect_cfm(conn, status);
76a68ba0 1693 hci_conn_drop(conn);
769be974
MH		 1694 }
1695 }
1696
1697 hci_dev_unlock(hdev);
1698}
1699
1700static void hci_cs_read_remote_ext_features(struct hci_dev *hdev, __u8 status)
1701{
1702 struct hci_cp_read_remote_ext_features *cp;
1703 struct hci_conn *conn;
1704
9f1db00c 1705 BT_DBG("%s status 0x%2.2x", hdev->name, status);
769be974
MH		 1706
1707 if (!status)
1708 return;
1709
1710 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES);
1711 if (!cp)
1712 return;
1713
1714 hci_dev_lock(hdev);
1715
1716 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1717 if (conn) {
1718 if (conn->state == BT_CONFIG) {
769be974 1719 hci_proto_connect_cfm(conn, status);
76a68ba0 1720 hci_conn_drop(conn);
769be974
MH		 1721 }
1722 }
1723
1724 hci_dev_unlock(hdev);
1725}
1726
a9de9248
MH		 1727static void hci_cs_setup_sync_conn(struct hci_dev *hdev, __u8 status)
1728{
b6a0dc82
MH		 1729 struct hci_cp_setup_sync_conn *cp;
1730 struct hci_conn *acl, *sco;
1731 __u16 handle;
1732
9f1db00c 1733 BT_DBG("%s status 0x%2.2x", hdev->name, status);
b6a0dc82
MH		 1734
1735 if (!status)
1736 return;
1737
1738 cp = hci_sent_cmd_data(hdev, HCI_OP_SETUP_SYNC_CONN);
1739 if (!cp)
1740 return;
1741
1742 handle = __le16_to_cpu(cp->handle);
1743
9f1db00c 1744 BT_DBG("%s handle 0x%4.4x", hdev->name, handle);
b6a0dc82
MH		 1745
1746 hci_dev_lock(hdev);
1747
1748 acl = hci_conn_hash_lookup_handle(hdev, handle);
5a08ecce
AE		 1749 if (acl) {
1750 sco = acl->link;
1751 if (sco) {
1752 sco->state = BT_CLOSED;
b6a0dc82 1753
5a08ecce
AE		 1754 hci_proto_connect_cfm(sco, status);
1755 hci_conn_del(sco);
1756 }
b6a0dc82
MH		 1757 }
1758
1759 hci_dev_unlock(hdev);
1da177e4
LT		 1760}
1761
a9de9248 1762static void hci_cs_sniff_mode(struct hci_dev *hdev, __u8 status)
1da177e4 1763{
a9de9248
MH		 1764 struct hci_cp_sniff_mode *cp;
1765 struct hci_conn *conn;
1da177e4 1766
9f1db00c 1767 BT_DBG("%s status 0x%2.2x", hdev->name, status);
04837f64 1768
a9de9248
MH		 1769 if (!status)
1770 return;
04837f64 1771
a9de9248
MH		 1772 cp = hci_sent_cmd_data(hdev, HCI_OP_SNIFF_MODE);
1773 if (!cp)
1774 return;
04837f64 1775
a9de9248 1776 hci_dev_lock(hdev);
04837f64 1777
a9de9248 1778 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
e73439d8 1779 if (conn) {
51a8efd7 1780 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags);
04837f64 1781
51a8efd7 1782 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
e73439d8
MH		 1783 hci_sco_setup(conn, status);
1784 }
1785
a9de9248
MH		 1786 hci_dev_unlock(hdev);
1787}
04837f64 1788
a9de9248
MH		 1789static void hci_cs_exit_sniff_mode(struct hci_dev *hdev, __u8 status)
1790{
1791 struct hci_cp_exit_sniff_mode *cp;
1792 struct hci_conn *conn;
04837f64 1793
9f1db00c 1794 BT_DBG("%s status 0x%2.2x", hdev->name, status);
04837f64 1795
a9de9248
MH		 1796 if (!status)
1797 return;
04837f64 1798
a9de9248
MH		 1799 cp = hci_sent_cmd_data(hdev, HCI_OP_EXIT_SNIFF_MODE);
1800 if (!cp)
1801 return;
04837f64 1802
a9de9248 1803 hci_dev_lock(hdev);
1da177e4 1804
a9de9248 1805 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
e73439d8 1806 if (conn) {
51a8efd7 1807 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags);
1da177e4 1808
51a8efd7 1809 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
e73439d8
MH		 1810 hci_sco_setup(conn, status);
1811 }
1812
a9de9248 1813 hci_dev_unlock(hdev);
1da177e4
LT		 1814}
1815
88c3df13
JH		 1816static void hci_cs_disconnect(struct hci_dev *hdev, u8 status)
1817{
1818 struct hci_cp_disconnect *cp;
1819 struct hci_conn *conn;
1820
1821 if (!status)
1822 return;
1823
1824 cp = hci_sent_cmd_data(hdev, HCI_OP_DISCONNECT);
1825 if (!cp)
1826 return;
1827
1828 hci_dev_lock(hdev);
1829
1830 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1831 if (conn)
1832 mgmt_disconnect_failed(hdev, &conn->dst, conn->type,
04124681 1833 conn->dst_type, status);
88c3df13
JH		 1834
1835 hci_dev_unlock(hdev);
1836}
1837
a02226d6
AE		 1838static void hci_cs_create_phylink(struct hci_dev *hdev, u8 status)
1839{
93c284ee
AE		 1840 struct hci_cp_create_phy_link *cp;
1841
a02226d6 1842 BT_DBG("%s status 0x%2.2x", hdev->name, status);
93c284ee 1843
93c284ee
AE		 1844 cp = hci_sent_cmd_data(hdev, HCI_OP_CREATE_PHY_LINK);
1845 if (!cp)
1846 return;
1847
e58917b9
AE		 1848 hci_dev_lock(hdev);
1849
1850 if (status) {
1851 struct hci_conn *hcon;
1852
1853 hcon = hci_conn_hash_lookup_handle(hdev, cp->phy_handle);
1854 if (hcon)
1855 hci_conn_del(hcon);
1856 } else {
1857 amp_write_remote_assoc(hdev, cp->phy_handle);
1858 }
1859
1860 hci_dev_unlock(hdev);
a02226d6
AE		 1861}
1862
0b26ab9d
AE		 1863static void hci_cs_accept_phylink(struct hci_dev *hdev, u8 status)
1864{
1865 struct hci_cp_accept_phy_link *cp;
1866
1867 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1868
1869 if (status)
1870 return;
1871
1872 cp = hci_sent_cmd_data(hdev, HCI_OP_ACCEPT_PHY_LINK);
1873 if (!cp)
1874 return;
1875
1876 amp_write_remote_assoc(hdev, cp->phy_handle);
1877}
1878
cb1d68f7
JH		 1879static void hci_cs_le_create_conn(struct hci_dev *hdev, u8 status)
1880{
1881 struct hci_cp_le_create_conn *cp;
1882 struct hci_conn *conn;
1883
1884 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1885
1886 /* All connection failure handling is taken care of by the
1887 * hci_le_conn_failed function which is triggered by the HCI
1888 * request completion callbacks used for connecting.
1889 */
1890 if (status)
1891 return;
1892
1893 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_CREATE_CONN);
1894 if (!cp)
1895 return;
1896
1897 hci_dev_lock(hdev);
1898
1899 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->peer_addr);
1900 if (!conn)
1901 goto unlock;
1902
1903 /* Store the initiator and responder address information which
1904 * is needed for SMP. These values will not change during the
1905 * lifetime of the connection.
1906 */
1907 conn->init_addr_type = cp->own_address_type;
1908 if (cp->own_address_type == ADDR_LE_DEV_RANDOM)
1909 bacpy(&conn->init_addr, &hdev->random_addr);
1910 else
1911 bacpy(&conn->init_addr, &hdev->bdaddr);
1912
1913 conn->resp_addr_type = cp->peer_addr_type;
1914 bacpy(&conn->resp_addr, &cp->peer_addr);
1915
9489eca4
JH		 1916 /* We don't want the connection attempt to stick around
1917 * indefinitely since LE doesn't have a page timeout concept
1918 * like BR/EDR. Set a timer for any connection that doesn't use
1919 * the white list for connecting.
1920 */
1921 if (cp->filter_policy == HCI_LE_USE_PEER_ADDR)
1922 queue_delayed_work(conn->hdev->workqueue,
1923 &conn->le_conn_timeout,
09ae260b 1924 conn->conn_timeout);
9489eca4 1925
cb1d68f7
JH		 1926unlock:
1927 hci_dev_unlock(hdev);
1928}
1929
81d0c8ad
JH		 1930static void hci_cs_le_start_enc(struct hci_dev *hdev, u8 status)
1931{
1932 struct hci_cp_le_start_enc *cp;
1933 struct hci_conn *conn;
1934
1935 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1936
1937 if (!status)
1938 return;
1939
1940 hci_dev_lock(hdev);
1941
1942 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_START_ENC);
1943 if (!cp)
1944 goto unlock;
1945
1946 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1947 if (!conn)
1948 goto unlock;
1949
1950 if (conn->state != BT_CONNECTED)
1951 goto unlock;
1952
1953 hci_disconnect(conn, HCI_ERROR_AUTH_FAILURE);
1954 hci_conn_drop(conn);
1955
1956unlock:
1957 hci_dev_unlock(hdev);
1958}
1959
6039aa73 1960static void hci_inquiry_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4
LT		 1961{
1962 __u8 status = *((__u8 *) skb->data);
30dc78e1
JH		 1963 struct discovery_state *discov = &hdev->discovery;
1964 struct inquiry_entry *e;
1da177e4 1965
9f1db00c 1966 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1da177e4 1967
a9de9248 1968 hci_conn_check_pending(hdev);
89352e7d
AG		 1969
1970 if (!test_and_clear_bit(HCI_INQUIRY, &hdev->flags))
1971 return;
1972
4e857c58 1973 smp_mb__after_atomic(); /* wake_up_bit advises about this barrier */
3e13fa1e
AG		 1974 wake_up_bit(&hdev->flags, HCI_INQUIRY);
1975
a8b2d5c2 1976 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
30dc78e1
JH		 1977 return;
1978
56e5cb86 1979 hci_dev_lock(hdev);
30dc78e1 1980
343f935b 1981 if (discov->state != DISCOVERY_FINDING)
30dc78e1
JH		 1982 goto unlock;
1983
1984 if (list_empty(&discov->resolve)) {
1985 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1986 goto unlock;
1987 }
1988
1989 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_NEEDED);
1990 if (e && hci_resolve_name(hdev, e) == 0) {
1991 e->name_state = NAME_PENDING;
1992 hci_discovery_set_state(hdev, DISCOVERY_RESOLVING);
1993 } else {
1994 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1995 }
1996
1997unlock:
56e5cb86 1998 hci_dev_unlock(hdev);
1da177e4
LT		 1999}
2000
6039aa73 2001static void hci_inquiry_result_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 2002{
45bb4bf0 2003 struct inquiry_data data;
a9de9248 2004 struct inquiry_info *info = (void *) (skb->data + 1);
1da177e4
LT		 2005 int num_rsp = *((__u8 *) skb->data);
2006
2007 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
2008
45bb4bf0
MH		 2009 if (!num_rsp)
2010 return;
2011
1519cc17
AG		 2012 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags))
2013 return;
2014
1da177e4 2015 hci_dev_lock(hdev);
45bb4bf0 2016
e17acd40 2017 for (; num_rsp; num_rsp--, info++) {
af58925c 2018 u32 flags;
3175405b 2019
1da177e4
LT		 2020 bacpy(&data.bdaddr, &info->bdaddr);
2021 data.pscan_rep_mode = info->pscan_rep_mode;
2022 data.pscan_period_mode = info->pscan_period_mode;
2023 data.pscan_mode = info->pscan_mode;
2024 memcpy(data.dev_class, info->dev_class, 3);
2025 data.clock_offset = info->clock_offset;
2026 data.rssi = 0x00;
41a96212 2027 data.ssp_mode = 0x00;
3175405b 2028
af58925c
MH		 2029 flags = hci_inquiry_cache_update(hdev, &data, false);
2030
48264f06 2031 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
af58925c 2032 info->dev_class, 0, flags, NULL, 0, NULL, 0);
1da177e4 2033 }
45bb4bf0 2034
1da177e4
LT		 2035 hci_dev_unlock(hdev);
2036}
2037
6039aa73 2038static void hci_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 2039{
a9de9248
MH		 2040 struct hci_ev_conn_complete *ev = (void *) skb->data;
2041 struct hci_conn *conn;
1da177e4
LT		 2042
2043 BT_DBG("%s", hdev->name);
2044
2045 hci_dev_lock(hdev);
2046
2047 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
9499237a
MH		 2048 if (!conn) {
2049 if (ev->link_type != SCO_LINK)
2050 goto unlock;
2051
2052 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
2053 if (!conn)
2054 goto unlock;
2055
2056 conn->type = SCO_LINK;
2057 }
1da177e4
LT		 2058
2059 if (!ev->status) {
2060 conn->handle = __le16_to_cpu(ev->handle);
769be974
MH		 2061
2062 if (conn->type == ACL_LINK) {
2063 conn->state = BT_CONFIG;
2064 hci_conn_hold(conn);
a9ea3ed9
SJ		 2065
2066 if (!conn->out && !hci_conn_ssp_enabled(conn) &&
2067 !hci_find_link_key(hdev, &ev->bdaddr))
2068 conn->disc_timeout = HCI_PAIRING_TIMEOUT;
2069 else
2070 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
769be974
MH		 2071 } else
2072 conn->state = BT_CONNECTED;
1da177e4 2073
7d0db0a3
MH		 2074 hci_conn_add_sysfs(conn);
2075
1da177e4 2076 if (test_bit(HCI_AUTH, &hdev->flags))
4dae2798 2077 set_bit(HCI_CONN_AUTH, &conn->flags);
1da177e4
LT		 2078
2079 if (test_bit(HCI_ENCRYPT, &hdev->flags))
4dae2798 2080 set_bit(HCI_CONN_ENCRYPT, &conn->flags);
1da177e4 2081
04837f64
MH		 2082 /* Get remote features */
2083 if (conn->type == ACL_LINK) {
2084 struct hci_cp_read_remote_features cp;
2085 cp.handle = ev->handle;
769be974 2086 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_FEATURES,
04124681 2087 sizeof(cp), &cp);
04837f64
MH		 2088 }
2089
1da177e4 2090 /* Set packet type for incoming connection */
d095c1eb 2091 if (!conn->out && hdev->hci_ver < BLUETOOTH_VER_2_0) {
1da177e4
LT		 2092 struct hci_cp_change_conn_ptype cp;
2093 cp.handle = ev->handle;
a8746417 2094 cp.pkt_type = cpu_to_le16(conn->pkt_type);
04124681
GP		 2095 hci_send_cmd(hdev, HCI_OP_CHANGE_CONN_PTYPE, sizeof(cp),
2096 &cp);
1da177e4 2097 }
17d5c04c 2098 } else {
1da177e4 2099 conn->state = BT_CLOSED;
17d5c04c 2100 if (conn->type == ACL_LINK)
64c7b77c 2101 mgmt_connect_failed(hdev, &conn->dst, conn->type,
04124681 2102 conn->dst_type, ev->status);
17d5c04c 2103 }
1da177e4 2104
e73439d8
MH		 2105 if (conn->type == ACL_LINK)
2106 hci_sco_setup(conn, ev->status);
1da177e4 2107
769be974
MH		 2108 if (ev->status) {
2109 hci_proto_connect_cfm(conn, ev->status);
1da177e4 2110 hci_conn_del(conn);
c89b6e6b
MH		 2111 } else if (ev->link_type != ACL_LINK)
2112 hci_proto_connect_cfm(conn, ev->status);
1da177e4 2113
a9de9248 2114unlock:
1da177e4 2115 hci_dev_unlock(hdev);
1da177e4 2116
a9de9248 2117 hci_conn_check_pending(hdev);
1da177e4
LT		 2118}
2119
70c46425
JH		 2120static void hci_reject_conn(struct hci_dev *hdev, bdaddr_t *bdaddr)
2121{
2122 struct hci_cp_reject_conn_req cp;
2123
2124 bacpy(&cp.bdaddr, bdaddr);
2125 cp.reason = HCI_ERROR_REJ_BAD_ADDR;
2126 hci_send_cmd(hdev, HCI_OP_REJECT_CONN_REQ, sizeof(cp), &cp);
2127}
2128
6039aa73 2129static void hci_conn_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 2130{
a9de9248
MH		 2131 struct hci_ev_conn_request *ev = (void *) skb->data;
2132 int mask = hdev->link_mode;
70c46425
JH		 2133 struct inquiry_entry *ie;
2134 struct hci_conn *conn;
20714bfe 2135 __u8 flags = 0;
1da177e4 2136
6ed93dc6 2137 BT_DBG("%s bdaddr %pMR type 0x%x", hdev->name, &ev->bdaddr,
807deac2 2138 ev->link_type);
1da177e4 2139
20714bfe
FD		 2140 mask |= hci_proto_connect_ind(hdev, &ev->bdaddr, ev->link_type,
2141 &flags);
1da177e4 2142
70c46425
JH		 2143 if (!(mask & HCI_LM_ACCEPT)) {
2144 hci_reject_conn(hdev, &ev->bdaddr);
2145 return;
2146 }
2147
a55bd29d
JH		 2148 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags)) {
2149 if (hci_bdaddr_list_lookup(&hdev->blacklist, &ev->bdaddr,
2150 BDADDR_BREDR)) {
2151 hci_reject_conn(hdev, &ev->bdaddr);
2152 return;
2153 }
2154 } else {
2155 if (!hci_bdaddr_list_lookup(&hdev->whitelist, &ev->bdaddr,
2156 BDADDR_BREDR)) {
2157 hci_reject_conn(hdev, &ev->bdaddr);
2158 return;
2159 }
70c46425 2160 }
1da177e4 2161
70c46425 2162 /* Connection accepted */
b6a0dc82 2163
70c46425
JH		 2164 hci_dev_lock(hdev);
2165
2166 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
2167 if (ie)
2168 memcpy(ie->data.dev_class, ev->dev_class, 3);
c7bdd502 2169
70c46425
JH		 2170 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type,
2171 &ev->bdaddr);
2172 if (!conn) {
2173 conn = hci_conn_add(hdev, ev->link_type, &ev->bdaddr);
a9de9248 2174 if (!conn) {
70c46425
JH		 2175 BT_ERR("No memory for new connection");
2176 hci_dev_unlock(hdev);
2177 return;
1da177e4 2178 }
70c46425 2179 }
b6a0dc82 2180
70c46425 2181 memcpy(conn->dev_class, ev->dev_class, 3);
b6a0dc82 2182
70c46425 2183 hci_dev_unlock(hdev);
1da177e4 2184
70c46425
JH		 2185 if (ev->link_type == ACL_LINK ||
2186 (!(flags & HCI_PROTO_DEFER) && !lmp_esco_capable(hdev))) {
2187 struct hci_cp_accept_conn_req cp;
2188 conn->state = BT_CONNECT;
1da177e4 2189
70c46425 2190 bacpy(&cp.bdaddr, &ev->bdaddr);
b6a0dc82 2191
70c46425
JH		 2192 if (lmp_rswitch_capable(hdev) && (mask & HCI_LM_MASTER))
2193 cp.role = 0x00; /* Become master */
2194 else
2195 cp.role = 0x01; /* Remain slave */
b6a0dc82 2196
70c46425
JH		 2197 hci_send_cmd(hdev, HCI_OP_ACCEPT_CONN_REQ, sizeof(cp), &cp);
2198 } else if (!(flags & HCI_PROTO_DEFER)) {
2199 struct hci_cp_accept_sync_conn_req cp;
2200 conn->state = BT_CONNECT;
b6a0dc82 2201
70c46425
JH		 2202 bacpy(&cp.bdaddr, &ev->bdaddr);
2203 cp.pkt_type = cpu_to_le16(conn->pkt_type);
b6a0dc82 2204
70c46425
JH		 2205 cp.tx_bandwidth = cpu_to_le32(0x00001f40);
2206 cp.rx_bandwidth = cpu_to_le32(0x00001f40);
2207 cp.max_latency = cpu_to_le16(0xffff);
2208 cp.content_format = cpu_to_le16(hdev->voice_setting);
2209 cp.retrans_effort = 0xff;
1da177e4 2210
70c46425
JH		 2211 hci_send_cmd(hdev, HCI_OP_ACCEPT_SYNC_CONN_REQ, sizeof(cp),
2212 &cp);
a9de9248 2213 } else {
70c46425
JH		 2214 conn->state = BT_CONNECT2;
2215 hci_proto_connect_cfm(conn, 0);
1da177e4 2216 }
1da177e4
LT		 2217}
2218
f0d6a0ea
MA		 2219static u8 hci_to_mgmt_reason(u8 err)
2220{
2221 switch (err) {
2222 case HCI_ERROR_CONNECTION_TIMEOUT:
2223 return MGMT_DEV_DISCONN_TIMEOUT;
2224 case HCI_ERROR_REMOTE_USER_TERM:
2225 case HCI_ERROR_REMOTE_LOW_RESOURCES:
2226 case HCI_ERROR_REMOTE_POWER_OFF:
2227 return MGMT_DEV_DISCONN_REMOTE;
2228 case HCI_ERROR_LOCAL_HOST_TERM:
2229 return MGMT_DEV_DISCONN_LOCAL_HOST;
2230 default:
2231 return MGMT_DEV_DISCONN_UNKNOWN;
2232 }
2233}
2234
6039aa73 2235static void hci_disconn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
04837f64 2236{
a9de9248 2237 struct hci_ev_disconn_complete *ev = (void *) skb->data;
abf54a50 2238 u8 reason = hci_to_mgmt_reason(ev->reason);
9fcb18ef 2239 struct hci_conn_params *params;
04837f64 2240 struct hci_conn *conn;
12d4a3b2 2241 bool mgmt_connected;
3846220b 2242 u8 type;
04837f64 2243
9f1db00c 2244 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
04837f64
MH		 2245
2246 hci_dev_lock(hdev);
2247
2248 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
f7520543
JH		 2249 if (!conn)
2250 goto unlock;
7d0db0a3 2251
abf54a50
AG		 2252 if (ev->status) {
2253 mgmt_disconnect_failed(hdev, &conn->dst, conn->type,
2254 conn->dst_type, ev->status);
2255 goto unlock;
37d9ef76 2256 }
f7520543 2257
3846220b
AG		 2258 conn->state = BT_CLOSED;
2259
12d4a3b2
JH		 2260 mgmt_connected = test_and_clear_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags);
2261 mgmt_device_disconnected(hdev, &conn->dst, conn->type, conn->dst_type,
2262 reason, mgmt_connected);
abf54a50 2263
af6a9c32
JH		 2264 if (conn->type == ACL_LINK &&
2265 test_bit(HCI_CONN_FLUSH_KEY, &conn->flags))
3846220b 2266 hci_remove_link_key(hdev, &conn->dst);
2210246c 2267
9fcb18ef
AG		 2268 params = hci_conn_params_lookup(hdev, &conn->dst, conn->dst_type);
2269 if (params) {
2270 switch (params->auto_connect) {
2271 case HCI_AUTO_CONN_LINK_LOSS:
2272 if (ev->reason != HCI_ERROR_CONNECTION_TIMEOUT)
2273 break;
2274 /* Fall through */
2275
2276 case HCI_AUTO_CONN_ALWAYS:
418025d1
JH		 2277 list_del_init(&params->action);
2278 list_add(&params->action, &hdev->pend_le_conns);
2279 hci_update_background_scan(hdev);
9fcb18ef
AG		 2280 break;
2281
2282 default:
2283 break;
2284 }
2285 }
2286
3846220b 2287 type = conn->type;
2210246c 2288
3846220b
AG		 2289 hci_proto_disconn_cfm(conn, ev->reason);
2290 hci_conn_del(conn);
2291
2292 /* Re-enable advertising if necessary, since it might
2293 * have been disabled by the connection. From the
2294 * HCI_LE_Set_Advertise_Enable command description in
2295 * the core specification (v4.0):
2296 * "The Controller shall continue advertising until the Host
2297 * issues an LE_Set_Advertise_Enable command with
2298 * Advertising_Enable set to 0x00 (Advertising is disabled)
2299 * or until a connection is created or until the Advertising
2300 * is timed out due to Directed Advertising."
2301 */
2302 if (type == LE_LINK)
2303 mgmt_reenable_advertising(hdev);
f7520543
JH		 2304
2305unlock:
04837f64
MH		 2306 hci_dev_unlock(hdev);
2307}
2308
6039aa73 2309static void hci_auth_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 2310{
a9de9248 2311 struct hci_ev_auth_complete *ev = (void *) skb->data;
04837f64 2312 struct hci_conn *conn;
1da177e4 2313
9f1db00c 2314 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
1da177e4
LT		 2315
2316 hci_dev_lock(hdev);
2317
04837f64 2318 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
d7556e20
WR		 2319 if (!conn)
2320 goto unlock;
2321
2322 if (!ev->status) {
aa64a8b5 2323 if (!hci_conn_ssp_enabled(conn) &&
807deac2 2324 test_bit(HCI_CONN_REAUTH_PEND, &conn->flags)) {
d7556e20 2325 BT_INFO("re-auth of legacy device is not possible.");
2a611692 2326 } else {
4dae2798 2327 set_bit(HCI_CONN_AUTH, &conn->flags);
d7556e20 2328 conn->sec_level = conn->pending_sec_level;
2a611692 2329 }
d7556e20 2330 } else {
bab73cb6 2331 mgmt_auth_failed(hdev, &conn->dst, conn->type, conn->dst_type,
04124681 2332 ev->status);
d7556e20 2333 }
1da177e4 2334
51a8efd7
JH		 2335 clear_bit(HCI_CONN_AUTH_PEND, &conn->flags);
2336 clear_bit(HCI_CONN_REAUTH_PEND, &conn->flags);
1da177e4 2337
d7556e20 2338 if (conn->state == BT_CONFIG) {
aa64a8b5 2339 if (!ev->status && hci_conn_ssp_enabled(conn)) {
d7556e20
WR		 2340 struct hci_cp_set_conn_encrypt cp;
2341 cp.handle = ev->handle;
2342 cp.encrypt = 0x01;
2343 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
807deac2 2344 &cp);
052b30b0 2345 } else {
d7556e20
WR		 2346 conn->state = BT_CONNECTED;
2347 hci_proto_connect_cfm(conn, ev->status);
76a68ba0 2348 hci_conn_drop(conn);
052b30b0 2349 }
d7556e20
WR		 2350 } else {
2351 hci_auth_cfm(conn, ev->status);
052b30b0 2352
d7556e20
WR		 2353 hci_conn_hold(conn);
2354 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
76a68ba0 2355 hci_conn_drop(conn);
d7556e20
WR		 2356 }
2357
51a8efd7 2358 if (test_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags)) {
d7556e20
WR		 2359 if (!ev->status) {
2360 struct hci_cp_set_conn_encrypt cp;
2361 cp.handle = ev->handle;
2362 cp.encrypt = 0x01;
2363 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
807deac2 2364 &cp);
d7556e20 2365 } else {
51a8efd7 2366 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
d7556e20 2367 hci_encrypt_cfm(conn, ev->status, 0x00);
1da177e4
LT		 2368 }
2369 }
2370
d7556e20 2371unlock:
1da177e4
LT		 2372 hci_dev_unlock(hdev);
2373}
2374
6039aa73 2375static void hci_remote_name_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 2376{
127178d2
JH		 2377 struct hci_ev_remote_name *ev = (void *) skb->data;
2378 struct hci_conn *conn;
2379
a9de9248 2380 BT_DBG("%s", hdev->name);
1da177e4 2381
a9de9248 2382 hci_conn_check_pending(hdev);
127178d2
JH		 2383
2384 hci_dev_lock(hdev);
2385
b644ba33 2386 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
30dc78e1 2387
b644ba33
JH		 2388 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
2389 goto check_auth;
a88a9652 2390
b644ba33
JH		 2391 if (ev->status == 0)
2392 hci_check_pending_name(hdev, conn, &ev->bdaddr, ev->name,
04124681 2393 strnlen(ev->name, HCI_MAX_NAME_LENGTH));
b644ba33
JH		 2394 else
2395 hci_check_pending_name(hdev, conn, &ev->bdaddr, NULL, 0);
2396
2397check_auth:
79c6c70c
JH		 2398 if (!conn)
2399 goto unlock;
2400
2401 if (!hci_outgoing_auth_needed(hdev, conn))
2402 goto unlock;
2403
51a8efd7 2404 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
127178d2
JH		 2405 struct hci_cp_auth_requested cp;
2406 cp.handle = __cpu_to_le16(conn->handle);
2407 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp);
2408 }
2409
79c6c70c 2410unlock:
127178d2 2411 hci_dev_unlock(hdev);
a9de9248
MH		 2412}
2413
6039aa73 2414static void hci_encrypt_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248
MH		 2415{
2416 struct hci_ev_encrypt_change *ev = (void *) skb->data;
2417 struct hci_conn *conn;
2418
9f1db00c 2419 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
1da177e4
LT		 2420
2421 hci_dev_lock(hdev);
2422
04837f64 2423 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
dc8357cc
MH		 2424 if (!conn)
2425 goto unlock;
1da177e4 2426
dc8357cc
MH		 2427 if (!ev->status) {
2428 if (ev->encrypt) {
2429 /* Encryption implies authentication */
4dae2798
JH		 2430 set_bit(HCI_CONN_AUTH, &conn->flags);
2431 set_bit(HCI_CONN_ENCRYPT, &conn->flags);
dc8357cc 2432 conn->sec_level = conn->pending_sec_level;
abf76bad 2433
914a6ffe
MH		 2434 /* P-256 authentication key implies FIPS */
2435 if (conn->key_type == HCI_LK_AUTH_COMBINATION_P256)
4dae2798 2436 set_bit(HCI_CONN_FIPS, &conn->flags);
914a6ffe 2437
abf76bad
MH		 2438 if ((conn->type == ACL_LINK && ev->encrypt == 0x02) ||
2439 conn->type == LE_LINK)
2440 set_bit(HCI_CONN_AES_CCM, &conn->flags);
2441 } else {
4dae2798 2442 clear_bit(HCI_CONN_ENCRYPT, &conn->flags);
abf76bad
MH		 2443 clear_bit(HCI_CONN_AES_CCM, &conn->flags);
2444 }
dc8357cc 2445 }
a7d7723a 2446
dc8357cc 2447 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
f8558555 2448
dc8357cc
MH		 2449 if (ev->status && conn->state == BT_CONNECTED) {
2450 hci_disconnect(conn, HCI_ERROR_AUTH_FAILURE);
2451 hci_conn_drop(conn);
2452 goto unlock;
1da177e4
LT		 2453 }
2454
dc8357cc
MH		 2455 if (conn->state == BT_CONFIG) {
2456 if (!ev->status)
2457 conn->state = BT_CONNECTED;
2458
40b552aa
MH		 2459 /* In Secure Connections Only mode, do not allow any
2460 * connections that are not encrypted with AES-CCM
2461 * using a P-256 authenticated combination key.
2462 */
2463 if (test_bit(HCI_SC_ONLY, &hdev->dev_flags) &&
2464 (!test_bit(HCI_CONN_AES_CCM, &conn->flags) ||
2465 conn->key_type != HCI_LK_AUTH_COMBINATION_P256)) {
2466 hci_proto_connect_cfm(conn, HCI_ERROR_AUTH_FAILURE);
2467 hci_conn_drop(conn);
2468 goto unlock;
2469 }
2470
dc8357cc
MH		 2471 hci_proto_connect_cfm(conn, ev->status);
2472 hci_conn_drop(conn);
2473 } else
2474 hci_encrypt_cfm(conn, ev->status, ev->encrypt);
2475
a7d7723a 2476unlock:
1da177e4
LT		 2477 hci_dev_unlock(hdev);
2478}
2479
6039aa73
GP		 2480static void hci_change_link_key_complete_evt(struct hci_dev *hdev,
2481 struct sk_buff *skb)
1da177e4 2482{
a9de9248 2483 struct hci_ev_change_link_key_complete *ev = (void *) skb->data;
04837f64 2484 struct hci_conn *conn;
1da177e4 2485
9f1db00c 2486 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
1da177e4
LT		 2487
2488 hci_dev_lock(hdev);
2489
04837f64 2490 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1da177e4
LT		 2491 if (conn) {
2492 if (!ev->status)
4dae2798 2493 set_bit(HCI_CONN_SECURE, &conn->flags);
1da177e4 2494
51a8efd7 2495 clear_bit(HCI_CONN_AUTH_PEND, &conn->flags);
1da177e4
LT		 2496
2497 hci_key_change_cfm(conn, ev->status);
2498 }
2499
2500 hci_dev_unlock(hdev);
2501}
2502
6039aa73
GP		 2503static void hci_remote_features_evt(struct hci_dev *hdev,
2504 struct sk_buff *skb)
1da177e4 2505{
a9de9248
MH		 2506 struct hci_ev_remote_features *ev = (void *) skb->data;
2507 struct hci_conn *conn;
2508
9f1db00c 2509 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
a9de9248 2510
a9de9248
MH		 2511 hci_dev_lock(hdev);
2512
2513 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
ccd556fe
JH		 2514 if (!conn)
2515 goto unlock;
769be974 2516
ccd556fe 2517 if (!ev->status)
cad718ed 2518 memcpy(conn->features[0], ev->features, 8);
ccd556fe
JH		 2519
2520 if (conn->state != BT_CONFIG)
2521 goto unlock;
2522
2523 if (!ev->status && lmp_ssp_capable(hdev) && lmp_ssp_capable(conn)) {
2524 struct hci_cp_read_remote_ext_features cp;
2525 cp.handle = ev->handle;
2526 cp.page = 0x01;
2527 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES,
807deac2 2528 sizeof(cp), &cp);
392599b9
JH		 2529 goto unlock;
2530 }
2531
671267bf 2532 if (!ev->status && !test_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags)) {
127178d2
JH		 2533 struct hci_cp_remote_name_req cp;
2534 memset(&cp, 0, sizeof(cp));
2535 bacpy(&cp.bdaddr, &conn->dst);
2536 cp.pscan_rep_mode = 0x02;
2537 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
b644ba33
JH		 2538 } else if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
2539 mgmt_device_connected(hdev, &conn->dst, conn->type,
04124681
GP		 2540 conn->dst_type, 0, NULL, 0,
2541 conn->dev_class);
392599b9 2542
127178d2 2543 if (!hci_outgoing_auth_needed(hdev, conn)) {
ccd556fe
JH		 2544 conn->state = BT_CONNECTED;
2545 hci_proto_connect_cfm(conn, ev->status);
76a68ba0 2546 hci_conn_drop(conn);
769be974 2547 }
a9de9248 2548
ccd556fe 2549unlock:
a9de9248 2550 hci_dev_unlock(hdev);
1da177e4
LT		 2551}
2552
6039aa73 2553static void hci_cmd_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248
MH		 2554{
2555 struct hci_ev_cmd_complete *ev = (void *) skb->data;
9238f36a 2556 u8 status = skb->data[sizeof(*ev)];
a9de9248
MH		 2557 __u16 opcode;
2558
2559 skb_pull(skb, sizeof(*ev));
2560
2561 opcode = __le16_to_cpu(ev->opcode);
2562
2563 switch (opcode) {
2564 case HCI_OP_INQUIRY_CANCEL:
2565 hci_cc_inquiry_cancel(hdev, skb);
2566 break;
2567
4d93483b
AG		 2568 case HCI_OP_PERIODIC_INQ:
2569 hci_cc_periodic_inq(hdev, skb);
2570 break;
2571
a9de9248
MH		 2572 case HCI_OP_EXIT_PERIODIC_INQ:
2573 hci_cc_exit_periodic_inq(hdev, skb);
2574 break;
2575
2576 case HCI_OP_REMOTE_NAME_REQ_CANCEL:
2577 hci_cc_remote_name_req_cancel(hdev, skb);
2578 break;
2579
2580 case HCI_OP_ROLE_DISCOVERY:
2581 hci_cc_role_discovery(hdev, skb);
2582 break;
2583
e4e8e37c
MH		 2584 case HCI_OP_READ_LINK_POLICY:
2585 hci_cc_read_link_policy(hdev, skb);
2586 break;
2587
a9de9248
MH		 2588 case HCI_OP_WRITE_LINK_POLICY:
2589 hci_cc_write_link_policy(hdev, skb);
2590 break;
2591
e4e8e37c
MH		 2592 case HCI_OP_READ_DEF_LINK_POLICY:
2593 hci_cc_read_def_link_policy(hdev, skb);
2594 break;
2595
2596 case HCI_OP_WRITE_DEF_LINK_POLICY:
2597 hci_cc_write_def_link_policy(hdev, skb);
2598 break;
2599
a9de9248
MH		 2600 case HCI_OP_RESET:
2601 hci_cc_reset(hdev, skb);
2602 break;
2603
2604 case HCI_OP_WRITE_LOCAL_NAME:
2605 hci_cc_write_local_name(hdev, skb);
2606 break;
2607
2608 case HCI_OP_READ_LOCAL_NAME:
2609 hci_cc_read_local_name(hdev, skb);
2610 break;
2611
2612 case HCI_OP_WRITE_AUTH_ENABLE:
2613 hci_cc_write_auth_enable(hdev, skb);
2614 break;
2615
2616 case HCI_OP_WRITE_ENCRYPT_MODE:
2617 hci_cc_write_encrypt_mode(hdev, skb);
2618 break;
2619
2620 case HCI_OP_WRITE_SCAN_ENABLE:
2621 hci_cc_write_scan_enable(hdev, skb);
2622 break;
2623
2624 case HCI_OP_READ_CLASS_OF_DEV:
2625 hci_cc_read_class_of_dev(hdev, skb);
2626 break;
2627
2628 case HCI_OP_WRITE_CLASS_OF_DEV:
2629 hci_cc_write_class_of_dev(hdev, skb);
2630 break;
2631
2632 case HCI_OP_READ_VOICE_SETTING:
2633 hci_cc_read_voice_setting(hdev, skb);
2634 break;
2635
2636 case HCI_OP_WRITE_VOICE_SETTING:
2637 hci_cc_write_voice_setting(hdev, skb);
2638 break;
2639
b4cb9fb2
MH		 2640 case HCI_OP_READ_NUM_SUPPORTED_IAC:
2641 hci_cc_read_num_supported_iac(hdev, skb);
2642 break;
2643
333140b5
MH		 2644 case HCI_OP_WRITE_SSP_MODE:
2645 hci_cc_write_ssp_mode(hdev, skb);
2646 break;
2647
eac83dc6
MH		 2648 case HCI_OP_WRITE_SC_SUPPORT:
2649 hci_cc_write_sc_support(hdev, skb);
2650 break;
2651
a9de9248
MH		 2652 case HCI_OP_READ_LOCAL_VERSION:
2653 hci_cc_read_local_version(hdev, skb);
2654 break;
2655
2656 case HCI_OP_READ_LOCAL_COMMANDS:
2657 hci_cc_read_local_commands(hdev, skb);
2658 break;
2659
2660 case HCI_OP_READ_LOCAL_FEATURES:
2661 hci_cc_read_local_features(hdev, skb);
2662 break;
2663
971e3a4b
AG		 2664 case HCI_OP_READ_LOCAL_EXT_FEATURES:
2665 hci_cc_read_local_ext_features(hdev, skb);
2666 break;
2667
a9de9248
MH		 2668 case HCI_OP_READ_BUFFER_SIZE:
2669 hci_cc_read_buffer_size(hdev, skb);
2670 break;
2671
2672 case HCI_OP_READ_BD_ADDR:
2673 hci_cc_read_bd_addr(hdev, skb);
2674 break;
2675
f332ec66
JH		 2676 case HCI_OP_READ_PAGE_SCAN_ACTIVITY:
2677 hci_cc_read_page_scan_activity(hdev, skb);
2678 break;
2679
4a3ee763
JH		 2680 case HCI_OP_WRITE_PAGE_SCAN_ACTIVITY:
2681 hci_cc_write_page_scan_activity(hdev, skb);
2682 break;
2683
f332ec66
JH		 2684 case HCI_OP_READ_PAGE_SCAN_TYPE:
2685 hci_cc_read_page_scan_type(hdev, skb);
2686 break;
2687
4a3ee763
JH		 2688 case HCI_OP_WRITE_PAGE_SCAN_TYPE:
2689 hci_cc_write_page_scan_type(hdev, skb);
2690 break;
2691
350ee4cf
AE		 2692 case HCI_OP_READ_DATA_BLOCK_SIZE:
2693 hci_cc_read_data_block_size(hdev, skb);
2694 break;
2695
1e89cffb
AE		 2696 case HCI_OP_READ_FLOW_CONTROL_MODE:
2697 hci_cc_read_flow_control_mode(hdev, skb);
2698 break;
2699
928abaa7
AE		 2700 case HCI_OP_READ_LOCAL_AMP_INFO:
2701 hci_cc_read_local_amp_info(hdev, skb);
2702 break;
2703
33f35721
JH		 2704 case HCI_OP_READ_CLOCK:
2705 hci_cc_read_clock(hdev, skb);
2706 break;
2707
903e4541
AE		 2708 case HCI_OP_READ_LOCAL_AMP_ASSOC:
2709 hci_cc_read_local_amp_assoc(hdev, skb);
2710 break;
2711
d5859e22
JH		 2712 case HCI_OP_READ_INQ_RSP_TX_POWER:
2713 hci_cc_read_inq_rsp_tx_power(hdev, skb);
2714 break;
2715
980e1a53
JH		 2716 case HCI_OP_PIN_CODE_REPLY:
2717 hci_cc_pin_code_reply(hdev, skb);
2718 break;
2719
2720 case HCI_OP_PIN_CODE_NEG_REPLY:
2721 hci_cc_pin_code_neg_reply(hdev, skb);
2722 break;
2723
c35938b2 2724 case HCI_OP_READ_LOCAL_OOB_DATA:
4d2d2796
MH		 2725 hci_cc_read_local_oob_data(hdev, skb);
2726 break;
2727
2728 case HCI_OP_READ_LOCAL_OOB_EXT_DATA:
2729 hci_cc_read_local_oob_ext_data(hdev, skb);
c35938b2
SJ		 2730 break;
2731
6ed58ec5
VT		 2732 case HCI_OP_LE_READ_BUFFER_SIZE:
2733 hci_cc_le_read_buffer_size(hdev, skb);
2734 break;
2735
60e77321
JH		 2736 case HCI_OP_LE_READ_LOCAL_FEATURES:
2737 hci_cc_le_read_local_features(hdev, skb);
2738 break;
2739
8fa19098
JH		 2740 case HCI_OP_LE_READ_ADV_TX_POWER:
2741 hci_cc_le_read_adv_tx_power(hdev, skb);
2742 break;
2743
a5c29683
JH		 2744 case HCI_OP_USER_CONFIRM_REPLY:
2745 hci_cc_user_confirm_reply(hdev, skb);
2746 break;
2747
2748 case HCI_OP_USER_CONFIRM_NEG_REPLY:
2749 hci_cc_user_confirm_neg_reply(hdev, skb);
2750 break;
2751
1143d458
BG		 2752 case HCI_OP_USER_PASSKEY_REPLY:
2753 hci_cc_user_passkey_reply(hdev, skb);
2754 break;
2755
2756 case HCI_OP_USER_PASSKEY_NEG_REPLY:
2757 hci_cc_user_passkey_neg_reply(hdev, skb);
16cde993 2758 break;
07f7fa5d 2759
7a4cd51d
MH		 2760 case HCI_OP_LE_SET_RANDOM_ADDR:
2761 hci_cc_le_set_random_addr(hdev, skb);
2762 break;
2763
c1d5dc4a
JH		 2764 case HCI_OP_LE_SET_ADV_ENABLE:
2765 hci_cc_le_set_adv_enable(hdev, skb);
2766 break;
2767
533553f8
MH		 2768 case HCI_OP_LE_SET_SCAN_PARAM:
2769 hci_cc_le_set_scan_param(hdev, skb);
2770 break;
2771
eb9d91f5
AG		 2772 case HCI_OP_LE_SET_SCAN_ENABLE:
2773 hci_cc_le_set_scan_enable(hdev, skb);
2774 break;
2775
cf1d081f
JH		 2776 case HCI_OP_LE_READ_WHITE_LIST_SIZE:
2777 hci_cc_le_read_white_list_size(hdev, skb);
2778 break;
2779
0f36b589
MH		 2780 case HCI_OP_LE_CLEAR_WHITE_LIST:
2781 hci_cc_le_clear_white_list(hdev, skb);
2782 break;
2783
2784 case HCI_OP_LE_ADD_TO_WHITE_LIST:
2785 hci_cc_le_add_to_white_list(hdev, skb);
2786 break;
2787
2788 case HCI_OP_LE_DEL_FROM_WHITE_LIST:
2789 hci_cc_le_del_from_white_list(hdev, skb);
2790 break;
2791
9b008c04
JH		 2792 case HCI_OP_LE_READ_SUPPORTED_STATES:
2793 hci_cc_le_read_supported_states(hdev, skb);
2794 break;
2795
f9b49306
AG		 2796 case HCI_OP_WRITE_LE_HOST_SUPPORTED:
2797 hci_cc_write_le_host_supported(hdev, skb);
2798 break;
2799
56ed2cb8
JH		 2800 case HCI_OP_LE_SET_ADV_PARAM:
2801 hci_cc_set_adv_param(hdev, skb);
2802 break;
2803
93c284ee
AE		 2804 case HCI_OP_WRITE_REMOTE_AMP_ASSOC:
2805 hci_cc_write_remote_amp_assoc(hdev, skb);
2806 break;
2807
5ae76a94
AK		 2808 case HCI_OP_READ_RSSI:
2809 hci_cc_read_rssi(hdev, skb);
2810 break;
2811
5a134fae
AK		 2812 case HCI_OP_READ_TX_POWER:
2813 hci_cc_read_tx_power(hdev, skb);
2814 break;
2815
a9de9248 2816 default:
9f1db00c 2817 BT_DBG("%s opcode 0x%4.4x", hdev->name, opcode);
a9de9248
MH		 2818 break;
2819 }
2820
ad82cdd1 2821 if (opcode != HCI_OP_NOP)
65cc2b49 2822 cancel_delayed_work(&hdev->cmd_timer);
6bd32326 2823
ad82cdd1 2824 hci_req_cmd_complete(hdev, opcode, status);
9238f36a 2825
dbccd791 2826 if (ev->ncmd && !test_bit(HCI_RESET, &hdev->flags)) {
a9de9248
MH		 2827 atomic_set(&hdev->cmd_cnt, 1);
2828 if (!skb_queue_empty(&hdev->cmd_q))
c347b765 2829 queue_work(hdev->workqueue, &hdev->cmd_work);
a9de9248
MH		 2830 }
2831}
2832
6039aa73 2833static void hci_cmd_status_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248
MH		 2834{
2835 struct hci_ev_cmd_status *ev = (void *) skb->data;
2836 __u16 opcode;
2837
2838 skb_pull(skb, sizeof(*ev));
2839
2840 opcode = __le16_to_cpu(ev->opcode);
2841
2842 switch (opcode) {
2843 case HCI_OP_INQUIRY:
2844 hci_cs_inquiry(hdev, ev->status);
2845 break;
2846
2847 case HCI_OP_CREATE_CONN:
2848 hci_cs_create_conn(hdev, ev->status);
2849 break;
2850
2851 case HCI_OP_ADD_SCO:
2852 hci_cs_add_sco(hdev, ev->status);
2853 break;
2854
f8558555
MH		 2855 case HCI_OP_AUTH_REQUESTED:
2856 hci_cs_auth_requested(hdev, ev->status);
2857 break;
2858
2859 case HCI_OP_SET_CONN_ENCRYPT:
2860 hci_cs_set_conn_encrypt(hdev, ev->status);
2861 break;
2862
a9de9248
MH		 2863 case HCI_OP_REMOTE_NAME_REQ:
2864 hci_cs_remote_name_req(hdev, ev->status);
2865 break;
2866
769be974
MH		 2867 case HCI_OP_READ_REMOTE_FEATURES:
2868 hci_cs_read_remote_features(hdev, ev->status);
2869 break;
2870
2871 case HCI_OP_READ_REMOTE_EXT_FEATURES:
2872 hci_cs_read_remote_ext_features(hdev, ev->status);
2873 break;
2874
a9de9248
MH		 2875 case HCI_OP_SETUP_SYNC_CONN:
2876 hci_cs_setup_sync_conn(hdev, ev->status);
2877 break;
2878
2879 case HCI_OP_SNIFF_MODE:
2880 hci_cs_sniff_mode(hdev, ev->status);
2881 break;
2882
2883 case HCI_OP_EXIT_SNIFF_MODE:
2884 hci_cs_exit_sniff_mode(hdev, ev->status);
2885 break;
2886
8962ee74 2887 case HCI_OP_DISCONNECT:
88c3df13 2888 hci_cs_disconnect(hdev, ev->status);
8962ee74
JH		 2889 break;
2890
a02226d6
AE		 2891 case HCI_OP_CREATE_PHY_LINK:
2892 hci_cs_create_phylink(hdev, ev->status);
2893 break;
2894
0b26ab9d
AE		 2895 case HCI_OP_ACCEPT_PHY_LINK:
2896 hci_cs_accept_phylink(hdev, ev->status);
2897 break;
2898
cb1d68f7
JH		 2899 case HCI_OP_LE_CREATE_CONN:
2900 hci_cs_le_create_conn(hdev, ev->status);
2901 break;
2902
81d0c8ad
JH		 2903 case HCI_OP_LE_START_ENC:
2904 hci_cs_le_start_enc(hdev, ev->status);
2905 break;
2906
a9de9248 2907 default:
9f1db00c 2908 BT_DBG("%s opcode 0x%4.4x", hdev->name, opcode);
a9de9248
MH		 2909 break;
2910 }
2911
ad82cdd1 2912 if (opcode != HCI_OP_NOP)
65cc2b49 2913 cancel_delayed_work(&hdev->cmd_timer);
6bd32326 2914
02350a72
JH		 2915 if (ev->status ||
2916 (hdev->sent_cmd && !bt_cb(hdev->sent_cmd)->req.event))
2917 hci_req_cmd_complete(hdev, opcode, ev->status);
9238f36a 2918
10572132 2919 if (ev->ncmd && !test_bit(HCI_RESET, &hdev->flags)) {
a9de9248
MH		 2920 atomic_set(&hdev->cmd_cnt, 1);
2921 if (!skb_queue_empty(&hdev->cmd_q))
c347b765 2922 queue_work(hdev->workqueue, &hdev->cmd_work);
a9de9248
MH		 2923 }
2924}
2925
6039aa73 2926static void hci_role_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248
MH		 2927{
2928 struct hci_ev_role_change *ev = (void *) skb->data;
2929 struct hci_conn *conn;
2930
9f1db00c 2931 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
a9de9248
MH		 2932
2933 hci_dev_lock(hdev);
2934
2935 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2936 if (conn) {
2937 if (!ev->status) {
2938 if (ev->role)
4dae2798 2939 clear_bit(HCI_CONN_MASTER, &conn->flags);
a9de9248 2940 else
4dae2798 2941 set_bit(HCI_CONN_MASTER, &conn->flags);
a9de9248
MH		 2942 }
2943
51a8efd7 2944 clear_bit(HCI_CONN_RSWITCH_PEND, &conn->flags);
a9de9248
MH		 2945
2946 hci_role_switch_cfm(conn, ev->status, ev->role);
2947 }
2948
2949 hci_dev_unlock(hdev);
2950}
2951
6039aa73 2952static void hci_num_comp_pkts_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248
MH		 2953{
2954 struct hci_ev_num_comp_pkts *ev = (void *) skb->data;
a9de9248
MH		 2955 int i;
2956
32ac5b9b
AE		 2957 if (hdev->flow_ctl_mode != HCI_FLOW_CTL_MODE_PACKET_BASED) {
2958 BT_ERR("Wrong event for mode %d", hdev->flow_ctl_mode);
2959 return;
2960 }
2961
c5993de8 2962 if (skb->len < sizeof(*ev) || skb->len < sizeof(*ev) +
807deac2 2963 ev->num_hndl * sizeof(struct hci_comp_pkts_info)) {
a9de9248
MH		 2964 BT_DBG("%s bad parameters", hdev->name);
2965 return;
2966 }
2967
c5993de8
AE		 2968 BT_DBG("%s num_hndl %d", hdev->name, ev->num_hndl);
2969
613a1c0c
AE		 2970 for (i = 0; i < ev->num_hndl; i++) {
2971 struct hci_comp_pkts_info *info = &ev->handles[i];
a9de9248
MH		 2972 struct hci_conn *conn;
2973 __u16 handle, count;
2974
613a1c0c
AE		 2975 handle = __le16_to_cpu(info->handle);
2976 count = __le16_to_cpu(info->count);
a9de9248
MH		 2977
2978 conn = hci_conn_hash_lookup_handle(hdev, handle);
f4280918
AE		 2979 if (!conn)
2980 continue;
2981
2982 conn->sent -= count;
2983
2984 switch (conn->type) {
2985 case ACL_LINK:
2986 hdev->acl_cnt += count;
2987 if (hdev->acl_cnt > hdev->acl_pkts)
2988 hdev->acl_cnt = hdev->acl_pkts;
2989 break;
2990
2991 case LE_LINK:
2992 if (hdev->le_pkts) {
2993 hdev->le_cnt += count;
2994 if (hdev->le_cnt > hdev->le_pkts)
2995 hdev->le_cnt = hdev->le_pkts;
2996 } else {
70f23020
AE		 2997 hdev->acl_cnt += count;
2998 if (hdev->acl_cnt > hdev->acl_pkts)
a9de9248 2999 hdev->acl_cnt = hdev->acl_pkts;
a9de9248 3000 }
f4280918
AE		 3001 break;
3002
3003 case SCO_LINK:
3004 hdev->sco_cnt += count;
3005 if (hdev->sco_cnt > hdev->sco_pkts)
3006 hdev->sco_cnt = hdev->sco_pkts;
3007 break;
3008
3009 default:
3010 BT_ERR("Unknown type %d conn %p", conn->type, conn);
3011 break;
a9de9248
MH		 3012 }
3013 }
3014
3eff45ea 3015 queue_work(hdev->workqueue, &hdev->tx_work);
a9de9248
MH		 3016}
3017
76ef7cf7
AE		 3018static struct hci_conn *__hci_conn_lookup_handle(struct hci_dev *hdev,
3019 __u16 handle)
3020{
3021 struct hci_chan *chan;
3022
3023 switch (hdev->dev_type) {
3024 case HCI_BREDR:
3025 return hci_conn_hash_lookup_handle(hdev, handle);
3026 case HCI_AMP:
3027 chan = hci_chan_lookup_handle(hdev, handle);
3028 if (chan)
3029 return chan->conn;
3030 break;
3031 default:
3032 BT_ERR("%s unknown dev_type %d", hdev->name, hdev->dev_type);
3033 break;
3034 }
3035
3036 return NULL;
3037}
3038
6039aa73 3039static void hci_num_comp_blocks_evt(struct hci_dev *hdev, struct sk_buff *skb)
25e89e99
AE		 3040{
3041 struct hci_ev_num_comp_blocks *ev = (void *) skb->data;
3042 int i;
3043
3044 if (hdev->flow_ctl_mode != HCI_FLOW_CTL_MODE_BLOCK_BASED) {
3045 BT_ERR("Wrong event for mode %d", hdev->flow_ctl_mode);
3046 return;
3047 }
3048
3049 if (skb->len < sizeof(*ev) || skb->len < sizeof(*ev) +
807deac2 3050 ev->num_hndl * sizeof(struct hci_comp_blocks_info)) {
25e89e99
AE		 3051 BT_DBG("%s bad parameters", hdev->name);
3052 return;
3053 }
3054
3055 BT_DBG("%s num_blocks %d num_hndl %d", hdev->name, ev->num_blocks,
807deac2 3056 ev->num_hndl);
25e89e99
AE		 3057
3058 for (i = 0; i < ev->num_hndl; i++) {
3059 struct hci_comp_blocks_info *info = &ev->handles[i];
76ef7cf7 3060 struct hci_conn *conn = NULL;
25e89e99
AE		 3061 __u16 handle, block_count;
3062
3063 handle = __le16_to_cpu(info->handle);
3064 block_count = __le16_to_cpu(info->blocks);
3065
76ef7cf7 3066 conn = __hci_conn_lookup_handle(hdev, handle);
25e89e99
AE		 3067 if (!conn)
3068 continue;
3069
3070 conn->sent -= block_count;
3071
3072 switch (conn->type) {
3073 case ACL_LINK:
bd1eb66b 3074 case AMP_LINK:
25e89e99
AE		 3075 hdev->block_cnt += block_count;
3076 if (hdev->block_cnt > hdev->num_blocks)
3077 hdev->block_cnt = hdev->num_blocks;
3078 break;
3079
3080 default:
3081 BT_ERR("Unknown type %d conn %p", conn->type, conn);
3082 break;
3083 }
3084 }
3085
3086 queue_work(hdev->workqueue, &hdev->tx_work);
3087}
3088
6039aa73 3089static void hci_mode_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
04837f64 3090{
a9de9248 3091 struct hci_ev_mode_change *ev = (void *) skb->data;
04837f64
MH		 3092 struct hci_conn *conn;
3093
9f1db00c 3094 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
04837f64
MH		 3095
3096 hci_dev_lock(hdev);
3097
3098 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
a9de9248
MH		 3099 if (conn) {
3100 conn->mode = ev->mode;
a9de9248 3101
8fc9ced3
GP		 3102 if (!test_and_clear_bit(HCI_CONN_MODE_CHANGE_PEND,
3103 &conn->flags)) {
a9de9248 3104 if (conn->mode == HCI_CM_ACTIVE)
58a681ef 3105 set_bit(HCI_CONN_POWER_SAVE, &conn->flags);
a9de9248 3106 else
58a681ef 3107 clear_bit(HCI_CONN_POWER_SAVE, &conn->flags);
a9de9248 3108 }
e73439d8 3109
51a8efd7 3110 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
e73439d8 3111 hci_sco_setup(conn, ev->status);
04837f64
MH		 3112 }
3113
3114 hci_dev_unlock(hdev);
3115}
3116
6039aa73 3117static void hci_pin_code_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248 3118{
052b30b0
MH		 3119 struct hci_ev_pin_code_req *ev = (void *) skb->data;
3120 struct hci_conn *conn;
3121
a9de9248 3122 BT_DBG("%s", hdev->name);
052b30b0
MH		 3123
3124 hci_dev_lock(hdev);
3125
3126 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
b6f98044
WR		 3127 if (!conn)
3128 goto unlock;
3129
3130 if (conn->state == BT_CONNECTED) {
052b30b0
MH		 3131 hci_conn_hold(conn);
3132 conn->disc_timeout = HCI_PAIRING_TIMEOUT;
76a68ba0 3133 hci_conn_drop(conn);
052b30b0
MH		 3134 }
3135
a8b2d5c2 3136 if (!test_bit(HCI_PAIRABLE, &hdev->dev_flags))
03b555e1 3137 hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
807deac2 3138 sizeof(ev->bdaddr), &ev->bdaddr);
a8b2d5c2 3139 else if (test_bit(HCI_MGMT, &hdev->dev_flags)) {
a770bb5a
WR		 3140 u8 secure;
3141
3142 if (conn->pending_sec_level == BT_SECURITY_HIGH)
3143 secure = 1;
3144 else
3145 secure = 0;
3146
744cf19e 3147 mgmt_pin_code_request(hdev, &ev->bdaddr, secure);
a770bb5a 3148 }
980e1a53 3149
b6f98044 3150unlock:
052b30b0 3151 hci_dev_unlock(hdev);
a9de9248
MH		 3152}
3153
6039aa73 3154static void hci_link_key_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248 3155{
55ed8ca1
JH		 3156 struct hci_ev_link_key_req *ev = (void *) skb->data;
3157 struct hci_cp_link_key_reply cp;
3158 struct hci_conn *conn;
3159 struct link_key *key;
3160
a9de9248 3161 BT_DBG("%s", hdev->name);
55ed8ca1 3162
034cbea0 3163 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
55ed8ca1
JH		 3164 return;
3165
3166 hci_dev_lock(hdev);
3167
3168 key = hci_find_link_key(hdev, &ev->bdaddr);
3169 if (!key) {
6ed93dc6
AE		 3170 BT_DBG("%s link key not found for %pMR", hdev->name,
3171 &ev->bdaddr);
55ed8ca1
JH		 3172 goto not_found;
3173 }
3174
6ed93dc6
AE		 3175 BT_DBG("%s found key type %u for %pMR", hdev->name, key->type,
3176 &ev->bdaddr);
55ed8ca1 3177
55ed8ca1 3178 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
60b83f57 3179 if (conn) {
66138ce8
MH		 3180 if ((key->type == HCI_LK_UNAUTH_COMBINATION_P192 ||
3181 key->type == HCI_LK_UNAUTH_COMBINATION_P256) &&
807deac2 3182 conn->auth_type != 0xff && (conn->auth_type & 0x01)) {
60b83f57
WR		 3183 BT_DBG("%s ignoring unauthenticated key", hdev->name);
3184 goto not_found;
3185 }
55ed8ca1 3186
60b83f57 3187 if (key->type == HCI_LK_COMBINATION && key->pin_len < 16 &&
f3fb0b58
JH		 3188 (conn->pending_sec_level == BT_SECURITY_HIGH ||
3189 conn->pending_sec_level == BT_SECURITY_FIPS)) {
8fc9ced3
GP		 3190 BT_DBG("%s ignoring key unauthenticated for high security",
3191 hdev->name);
60b83f57
WR		 3192 goto not_found;
3193 }
3194
3195 conn->key_type = key->type;
3196 conn->pin_length = key->pin_len;
55ed8ca1
JH		 3197 }
3198
3199 bacpy(&cp.bdaddr, &ev->bdaddr);
9b3b4460 3200 memcpy(cp.link_key, key->val, HCI_LINK_KEY_SIZE);
55ed8ca1
JH		 3201
3202 hci_send_cmd(hdev, HCI_OP_LINK_KEY_REPLY, sizeof(cp), &cp);
3203
3204 hci_dev_unlock(hdev);
3205
3206 return;
3207
3208not_found:
3209 hci_send_cmd(hdev, HCI_OP_LINK_KEY_NEG_REPLY, 6, &ev->bdaddr);
3210 hci_dev_unlock(hdev);
a9de9248
MH		 3211}
3212
6039aa73 3213static void hci_link_key_notify_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248 3214{
052b30b0
MH		 3215 struct hci_ev_link_key_notify *ev = (void *) skb->data;
3216 struct hci_conn *conn;
7652ff6a
JH		 3217 struct link_key *key;
3218 bool persistent;
55ed8ca1 3219 u8 pin_len = 0;
052b30b0 3220
a9de9248 3221 BT_DBG("%s", hdev->name);
052b30b0
MH		 3222
3223 hci_dev_lock(hdev);
3224
3225 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3226 if (conn) {
3227 hci_conn_hold(conn);
3228 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
980e1a53 3229 pin_len = conn->pin_length;
13d39315
WR		 3230
3231 if (ev->key_type != HCI_LK_CHANGED_COMBINATION)
3232 conn->key_type = ev->key_type;
3233
76a68ba0 3234 hci_conn_drop(conn);
052b30b0
MH		 3235 }
3236
7652ff6a
JH		 3237 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
3238 goto unlock;
3239
3240 key = hci_add_link_key(hdev, conn, &ev->bdaddr, ev->link_key,
3241 ev->key_type, pin_len, &persistent);
3242 if (!key)
3243 goto unlock;
3244
3245 mgmt_new_link_key(hdev, key, persistent);
55ed8ca1 3246
6d5650c4
JH		 3247 /* Keep debug keys around only if the HCI_KEEP_DEBUG_KEYS flag
3248 * is set. If it's not set simply remove the key from the kernel
3249 * list (we've still notified user space about it but with
3250 * store_hint being 0).
3251 */
3252 if (key->type == HCI_LK_DEBUG_COMBINATION &&
3253 !test_bit(HCI_KEEP_DEBUG_KEYS, &hdev->dev_flags)) {
3254 list_del(&key->list);
3255 kfree(key);
3256 } else if (conn) {
af6a9c32
JH		 3257 if (persistent)
3258 clear_bit(HCI_CONN_FLUSH_KEY, &conn->flags);
3259 else
3260 set_bit(HCI_CONN_FLUSH_KEY, &conn->flags);
6d5650c4 3261 }
7652ff6a
JH		 3262
3263unlock:
052b30b0 3264 hci_dev_unlock(hdev);
a9de9248
MH		 3265}
3266
6039aa73 3267static void hci_clock_offset_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 3268{
a9de9248 3269 struct hci_ev_clock_offset *ev = (void *) skb->data;
04837f64 3270 struct hci_conn *conn;
1da177e4 3271
9f1db00c 3272 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
1da177e4
LT		 3273
3274 hci_dev_lock(hdev);
3275
04837f64 3276 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1da177e4
LT		 3277 if (conn && !ev->status) {
3278 struct inquiry_entry *ie;
3279
cc11b9c1
AE		 3280 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
3281 if (ie) {
1da177e4
LT		 3282 ie->data.clock_offset = ev->clock_offset;
3283 ie->timestamp = jiffies;
3284 }
3285 }
3286
3287 hci_dev_unlock(hdev);
3288}
3289
6039aa73 3290static void hci_pkt_type_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
a8746417
MH		 3291{
3292 struct hci_ev_pkt_type_change *ev = (void *) skb->data;
3293 struct hci_conn *conn;
3294
9f1db00c 3295 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
a8746417
MH		 3296
3297 hci_dev_lock(hdev);
3298
3299 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
3300 if (conn && !ev->status)
3301 conn->pkt_type = __le16_to_cpu(ev->pkt_type);
3302
3303 hci_dev_unlock(hdev);
3304}
3305
6039aa73 3306static void hci_pscan_rep_mode_evt(struct hci_dev *hdev, struct sk_buff *skb)
85a1e930 3307{
a9de9248 3308 struct hci_ev_pscan_rep_mode *ev = (void *) skb->data;
85a1e930
MH		 3309 struct inquiry_entry *ie;
3310
3311 BT_DBG("%s", hdev->name);
3312
3313 hci_dev_lock(hdev);
3314
cc11b9c1
AE		 3315 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
3316 if (ie) {
85a1e930
MH		 3317 ie->data.pscan_rep_mode = ev->pscan_rep_mode;
3318 ie->timestamp = jiffies;
3319 }
3320
3321 hci_dev_unlock(hdev);
3322}
3323
6039aa73
GP		 3324static void hci_inquiry_result_with_rssi_evt(struct hci_dev *hdev,
3325 struct sk_buff *skb)
a9de9248
MH		 3326{
3327 struct inquiry_data data;
3328 int num_rsp = *((__u8 *) skb->data);
3329
3330 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
3331
3332 if (!num_rsp)
3333 return;
3334
1519cc17
AG		 3335 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags))
3336 return;
3337
a9de9248
MH		 3338 hci_dev_lock(hdev);
3339
3340 if ((skb->len - 1) / num_rsp != sizeof(struct inquiry_info_with_rssi)) {
138d22ef
SJ		 3341 struct inquiry_info_with_rssi_and_pscan_mode *info;
3342 info = (void *) (skb->data + 1);
a9de9248 3343
e17acd40 3344 for (; num_rsp; num_rsp--, info++) {
af58925c
MH		 3345 u32 flags;
3346
a9de9248
MH		 3347 bacpy(&data.bdaddr, &info->bdaddr);
3348 data.pscan_rep_mode = info->pscan_rep_mode;
3349 data.pscan_period_mode = info->pscan_period_mode;
3350 data.pscan_mode = info->pscan_mode;
3351 memcpy(data.dev_class, info->dev_class, 3);
3352 data.clock_offset = info->clock_offset;
3353 data.rssi = info->rssi;
41a96212 3354 data.ssp_mode = 0x00;
3175405b 3355
af58925c
MH		 3356 flags = hci_inquiry_cache_update(hdev, &data, false);
3357
48264f06 3358 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
04124681 3359 info->dev_class, info->rssi,
af58925c 3360 flags, NULL, 0, NULL, 0);
a9de9248
MH		 3361 }
3362 } else {
3363 struct inquiry_info_with_rssi *info = (void *) (skb->data + 1);
3364
e17acd40 3365 for (; num_rsp; num_rsp--, info++) {
af58925c
MH		 3366 u32 flags;
3367
a9de9248
MH		 3368 bacpy(&data.bdaddr, &info->bdaddr);
3369 data.pscan_rep_mode = info->pscan_rep_mode;
3370 data.pscan_period_mode = info->pscan_period_mode;
3371 data.pscan_mode = 0x00;
3372 memcpy(data.dev_class, info->dev_class, 3);
3373 data.clock_offset = info->clock_offset;
3374 data.rssi = info->rssi;
41a96212 3375 data.ssp_mode = 0x00;
af58925c
MH		 3376
3377 flags = hci_inquiry_cache_update(hdev, &data, false);
3378
48264f06 3379 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
04124681 3380 info->dev_class, info->rssi,
af58925c 3381 flags, NULL, 0, NULL, 0);
a9de9248
MH		 3382 }
3383 }
3384
3385 hci_dev_unlock(hdev);
3386}
3387
6039aa73
GP		 3388static void hci_remote_ext_features_evt(struct hci_dev *hdev,
3389 struct sk_buff *skb)
a9de9248 3390{
41a96212
MH		 3391 struct hci_ev_remote_ext_features *ev = (void *) skb->data;
3392 struct hci_conn *conn;
3393
a9de9248 3394 BT_DBG("%s", hdev->name);
41a96212 3395
41a96212
MH		 3396 hci_dev_lock(hdev);
3397
3398 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
ccd556fe
JH		 3399 if (!conn)
3400 goto unlock;
41a96212 3401
cad718ed
JH		 3402 if (ev->page < HCI_MAX_PAGES)
3403 memcpy(conn->features[ev->page], ev->features, 8);
3404
ccd556fe
JH		 3405 if (!ev->status && ev->page == 0x01) {
3406 struct inquiry_entry *ie;
41a96212 3407
cc11b9c1
AE		 3408 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
3409 if (ie)
02b7cc62 3410 ie->data.ssp_mode = (ev->features[0] & LMP_HOST_SSP);
769be974 3411
bbb0eada 3412 if (ev->features[0] & LMP_HOST_SSP) {
58a681ef 3413 set_bit(HCI_CONN_SSP_ENABLED, &conn->flags);
bbb0eada
JK		 3414 } else {
3415 /* It is mandatory by the Bluetooth specification that
3416 * Extended Inquiry Results are only used when Secure
3417 * Simple Pairing is enabled, but some devices violate
3418 * this.
3419 *
3420 * To make these devices work, the internal SSP
3421 * enabled flag needs to be cleared if the remote host
3422 * features do not indicate SSP support */
3423 clear_bit(HCI_CONN_SSP_ENABLED, &conn->flags);
3424 }
eb9a8f3f
MH		 3425
3426 if (ev->features[0] & LMP_HOST_SC)
3427 set_bit(HCI_CONN_SC_ENABLED, &conn->flags);
ccd556fe
JH		 3428 }
3429
3430 if (conn->state != BT_CONFIG)
3431 goto unlock;
3432
671267bf 3433 if (!ev->status && !test_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags)) {
127178d2
JH		 3434 struct hci_cp_remote_name_req cp;
3435 memset(&cp, 0, sizeof(cp));
3436 bacpy(&cp.bdaddr, &conn->dst);
3437 cp.pscan_rep_mode = 0x02;
3438 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
b644ba33
JH		 3439 } else if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
3440 mgmt_device_connected(hdev, &conn->dst, conn->type,
04124681
GP		 3441 conn->dst_type, 0, NULL, 0,
3442 conn->dev_class);
392599b9 3443
127178d2 3444 if (!hci_outgoing_auth_needed(hdev, conn)) {
ccd556fe
JH		 3445 conn->state = BT_CONNECTED;
3446 hci_proto_connect_cfm(conn, ev->status);
76a68ba0 3447 hci_conn_drop(conn);
41a96212
MH		 3448 }
3449
ccd556fe 3450unlock:
41a96212 3451 hci_dev_unlock(hdev);
a9de9248
MH		 3452}
3453
6039aa73
GP		 3454static void hci_sync_conn_complete_evt(struct hci_dev *hdev,
3455 struct sk_buff *skb)
a9de9248 3456{
b6a0dc82
MH		 3457 struct hci_ev_sync_conn_complete *ev = (void *) skb->data;
3458 struct hci_conn *conn;
3459
9f1db00c 3460 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
b6a0dc82
MH		 3461
3462 hci_dev_lock(hdev);
3463
3464 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
9dc0a3af
MH		 3465 if (!conn) {
3466 if (ev->link_type == ESCO_LINK)
3467 goto unlock;
3468
3469 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
3470 if (!conn)
3471 goto unlock;
3472
3473 conn->type = SCO_LINK;
3474 }
b6a0dc82 3475
732547f9
MH		 3476 switch (ev->status) {
3477 case 0x00:
b6a0dc82
MH		 3478 conn->handle = __le16_to_cpu(ev->handle);
3479 conn->state = BT_CONNECTED;
7d0db0a3
MH		 3480
3481 hci_conn_add_sysfs(conn);
732547f9
MH		 3482 break;
3483
81218d20 3484 case 0x10: /* Connection Accept Timeout */
1a4c958c 3485 case 0x0d: /* Connection Rejected due to Limited Resources */
705e5711 3486 case 0x11: /* Unsupported Feature or Parameter Value */
732547f9 3487 case 0x1c: /* SCO interval rejected */
1038a00b 3488 case 0x1a: /* Unsupported Remote Feature */
732547f9 3489 case 0x1f: /* Unspecified error */
27539bc4 3490 case 0x20: /* Unsupported LMP Parameter value */
2dea632f 3491 if (conn->out) {
732547f9
MH		 3492 conn->pkt_type = (hdev->esco_type & SCO_ESCO_MASK) |
3493 (hdev->esco_type & EDR_ESCO_MASK);
2dea632f
FD		 3494 if (hci_setup_sync(conn, conn->link->handle))
3495 goto unlock;
732547f9
MH		 3496 }
3497 /* fall through */
3498
3499 default:
b6a0dc82 3500 conn->state = BT_CLOSED;
732547f9
MH		 3501 break;
3502 }
b6a0dc82
MH		 3503
3504 hci_proto_connect_cfm(conn, ev->status);
3505 if (ev->status)
3506 hci_conn_del(conn);
3507
3508unlock:
3509 hci_dev_unlock(hdev);
a9de9248
MH		 3510}
3511
efdcf8e3
MH		 3512static inline size_t eir_get_length(u8 *eir, size_t eir_len)
3513{
3514 size_t parsed = 0;
3515
3516 while (parsed < eir_len) {
3517 u8 field_len = eir[0];
3518
3519 if (field_len == 0)
3520 return parsed;
3521
3522 parsed += field_len + 1;
3523 eir += field_len + 1;
3524 }
3525
3526 return eir_len;
3527}
3528
6039aa73
GP		 3529static void hci_extended_inquiry_result_evt(struct hci_dev *hdev,
3530 struct sk_buff *skb)
1da177e4 3531{
a9de9248
MH		 3532 struct inquiry_data data;
3533 struct extended_inquiry_info *info = (void *) (skb->data + 1);
3534 int num_rsp = *((__u8 *) skb->data);
9d939d94 3535 size_t eir_len;
1da177e4 3536
a9de9248 3537 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
1da177e4 3538
a9de9248
MH		 3539 if (!num_rsp)
3540 return;
1da177e4 3541
1519cc17
AG		 3542 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags))
3543 return;
3544
a9de9248
MH		 3545 hci_dev_lock(hdev);
3546
e17acd40 3547 for (; num_rsp; num_rsp--, info++) {
af58925c
MH		 3548 u32 flags;
3549 bool name_known;
561aafbc 3550
a9de9248 3551 bacpy(&data.bdaddr, &info->bdaddr);
138d22ef
SJ		 3552 data.pscan_rep_mode = info->pscan_rep_mode;
3553 data.pscan_period_mode = info->pscan_period_mode;
3554 data.pscan_mode = 0x00;
a9de9248 3555 memcpy(data.dev_class, info->dev_class, 3);
138d22ef
SJ		 3556 data.clock_offset = info->clock_offset;
3557 data.rssi = info->rssi;
41a96212 3558 data.ssp_mode = 0x01;
561aafbc 3559
a8b2d5c2 3560 if (test_bit(HCI_MGMT, &hdev->dev_flags))
4ddb1930 3561 name_known = eir_has_data_type(info->data,
04124681
GP		 3562 sizeof(info->data),
3563 EIR_NAME_COMPLETE);
561aafbc
JH		 3564 else
3565 name_known = true;
3566
af58925c
MH		 3567 flags = hci_inquiry_cache_update(hdev, &data, name_known);
3568
9d939d94 3569 eir_len = eir_get_length(info->data, sizeof(info->data));
af58925c 3570
48264f06 3571 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
af58925c
MH		 3572 info->dev_class, info->rssi,
3573 flags, info->data, eir_len, NULL, 0);
a9de9248
MH		 3574 }
3575
3576 hci_dev_unlock(hdev);
3577}
1da177e4 3578
1c2e0041
JH		 3579static void hci_key_refresh_complete_evt(struct hci_dev *hdev,
3580 struct sk_buff *skb)
3581{
3582 struct hci_ev_key_refresh_complete *ev = (void *) skb->data;
3583 struct hci_conn *conn;
3584
9f1db00c 3585 BT_DBG("%s status 0x%2.2x handle 0x%4.4x", hdev->name, ev->status,
1c2e0041
JH		 3586 __le16_to_cpu(ev->handle));
3587
3588 hci_dev_lock(hdev);
3589
3590 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
3591 if (!conn)
3592 goto unlock;
3593
9eb1fbfa
JH		 3594 /* For BR/EDR the necessary steps are taken through the
3595 * auth_complete event.
3596 */
3597 if (conn->type != LE_LINK)
3598 goto unlock;
3599
1c2e0041
JH		 3600 if (!ev->status)
3601 conn->sec_level = conn->pending_sec_level;
3602
3603 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
3604
3605 if (ev->status && conn->state == BT_CONNECTED) {
bed71748 3606 hci_disconnect(conn, HCI_ERROR_AUTH_FAILURE);
76a68ba0 3607 hci_conn_drop(conn);
1c2e0041
JH		 3608 goto unlock;
3609 }
3610
3611 if (conn->state == BT_CONFIG) {
3612 if (!ev->status)
3613 conn->state = BT_CONNECTED;
3614
3615 hci_proto_connect_cfm(conn, ev->status);
76a68ba0 3616 hci_conn_drop(conn);
1c2e0041
JH		 3617 } else {
3618 hci_auth_cfm(conn, ev->status);
3619
3620 hci_conn_hold(conn);
3621 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
76a68ba0 3622 hci_conn_drop(conn);
1c2e0041
JH		 3623 }
3624
3625unlock:
3626 hci_dev_unlock(hdev);
3627}
3628
6039aa73 3629static u8 hci_get_auth_req(struct hci_conn *conn)
17fa4b9d 3630{
17fa4b9d 3631 /* If remote requests no-bonding follow that lead */
acabae96
MA		 3632 if (conn->remote_auth == HCI_AT_NO_BONDING ||
3633 conn->remote_auth == HCI_AT_NO_BONDING_MITM)
58797bf7 3634 return conn->remote_auth | (conn->auth_type & 0x01);
17fa4b9d 3635
b7f94c88
MA		 3636 /* If both remote and local have enough IO capabilities, require
3637 * MITM protection
3638 */
3639 if (conn->remote_cap != HCI_IO_NO_INPUT_OUTPUT &&
3640 conn->io_capability != HCI_IO_NO_INPUT_OUTPUT)
3641 return conn->remote_auth | 0x01;
3642
7e74170a
TM		 3643 /* No MITM protection possible so ignore remote requirement */
3644 return (conn->remote_auth & ~0x01) | (conn->auth_type & 0x01);
17fa4b9d
JH		 3645}
3646
6039aa73 3647static void hci_io_capa_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
0493684e
MH		 3648{
3649 struct hci_ev_io_capa_request *ev = (void *) skb->data;
3650 struct hci_conn *conn;
3651
3652 BT_DBG("%s", hdev->name);
3653
3654 hci_dev_lock(hdev);
3655
3656 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
03b555e1
JH		 3657 if (!conn)
3658 goto unlock;
3659
3660 hci_conn_hold(conn);
3661
a8b2d5c2 3662 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
03b555e1
JH		 3663 goto unlock;
3664
a8b2d5c2 3665 if (test_bit(HCI_PAIRABLE, &hdev->dev_flags) ||
807deac2 3666 (conn->remote_auth & ~0x01) == HCI_AT_NO_BONDING) {
17fa4b9d
JH		 3667 struct hci_cp_io_capability_reply cp;
3668
3669 bacpy(&cp.bdaddr, &ev->bdaddr);
7a7f1e7c
HG		 3670 /* Change the IO capability from KeyboardDisplay
3671 * to DisplayYesNo as it is not supported by BT spec. */
3672 cp.capability = (conn->io_capability == 0x04) ?
a767631a 3673 HCI_IO_DISPLAY_YESNO : conn->io_capability;
b7f94c88
MA		 3674
3675 /* If we are initiators, there is no remote information yet */
3676 if (conn->remote_auth == 0xff) {
3677 cp.authentication = conn->auth_type;
6fd6b915 3678
b16c6604 3679 /* Request MITM protection if our IO caps allow it
4ad51a75
JH		 3680 * except for the no-bonding case.
3681 * conn->auth_type is not updated here since
3682 * that might cause the user confirmation to be
3683 * rejected in case the remote doesn't have the
3684 * IO capabilities for MITM.
b16c6604 3685 */
6fd6b915 3686 if (conn->io_capability != HCI_IO_NO_INPUT_OUTPUT &&
b16c6604 3687 cp.authentication != HCI_AT_NO_BONDING)
6fd6b915 3688 cp.authentication |= 0x01;
b7f94c88
MA		 3689 } else {
3690 conn->auth_type = hci_get_auth_req(conn);
3691 cp.authentication = conn->auth_type;
3692 }
17fa4b9d 3693
8fc9ced3
GP		 3694 if (hci_find_remote_oob_data(hdev, &conn->dst) &&
3695 (conn->out || test_bit(HCI_CONN_REMOTE_OOB, &conn->flags)))
ce85ee13
SJ		 3696 cp.oob_data = 0x01;
3697 else
3698 cp.oob_data = 0x00;
3699
17fa4b9d 3700 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_REPLY,
807deac2 3701 sizeof(cp), &cp);
03b555e1
JH		 3702 } else {
3703 struct hci_cp_io_capability_neg_reply cp;
3704
3705 bacpy(&cp.bdaddr, &ev->bdaddr);
9f5a0d7b 3706 cp.reason = HCI_ERROR_PAIRING_NOT_ALLOWED;
0493684e 3707
03b555e1 3708 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_NEG_REPLY,
807deac2 3709 sizeof(cp), &cp);
03b555e1
JH		 3710 }
3711
3712unlock:
3713 hci_dev_unlock(hdev);
3714}
3715
6039aa73 3716static void hci_io_capa_reply_evt(struct hci_dev *hdev, struct sk_buff *skb)
03b555e1
JH		 3717{
3718 struct hci_ev_io_capa_reply *ev = (void *) skb->data;
3719 struct hci_conn *conn;
3720
3721 BT_DBG("%s", hdev->name);
3722
3723 hci_dev_lock(hdev);
3724
3725 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3726 if (!conn)
3727 goto unlock;
3728
03b555e1 3729 conn->remote_cap = ev->capability;
03b555e1 3730 conn->remote_auth = ev->authentication;
58a681ef
JH		 3731 if (ev->oob_data)
3732 set_bit(HCI_CONN_REMOTE_OOB, &conn->flags);
03b555e1
JH		 3733
3734unlock:
0493684e
MH		 3735 hci_dev_unlock(hdev);
3736}
3737
6039aa73
GP		 3738static void hci_user_confirm_request_evt(struct hci_dev *hdev,
3739 struct sk_buff *skb)
a5c29683
JH		 3740{
3741 struct hci_ev_user_confirm_req *ev = (void *) skb->data;
55bc1a37 3742 int loc_mitm, rem_mitm, confirm_hint = 0;
7a828908 3743 struct hci_conn *conn;
a5c29683
JH		 3744
3745 BT_DBG("%s", hdev->name);
3746
3747 hci_dev_lock(hdev);
3748
a8b2d5c2 3749 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
7a828908 3750 goto unlock;
a5c29683 3751
7a828908
JH		 3752 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3753 if (!conn)
3754 goto unlock;
3755
3756 loc_mitm = (conn->auth_type & 0x01);
3757 rem_mitm = (conn->remote_auth & 0x01);
3758
3759 /* If we require MITM but the remote device can't provide that
6fd6b915
MA		 3760 * (it has NoInputNoOutput) then reject the confirmation request
3761 */
3762 if (loc_mitm && conn->remote_cap == HCI_IO_NO_INPUT_OUTPUT) {
7a828908
JH		 3763 BT_DBG("Rejecting request: remote device can't provide MITM");
3764 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_NEG_REPLY,
807deac2 3765 sizeof(ev->bdaddr), &ev->bdaddr);
7a828908
JH		 3766 goto unlock;
3767 }
3768
3769 /* If no side requires MITM protection; auto-accept */
a767631a
MA		 3770 if ((!loc_mitm || conn->remote_cap == HCI_IO_NO_INPUT_OUTPUT) &&
3771 (!rem_mitm || conn->io_capability == HCI_IO_NO_INPUT_OUTPUT)) {
55bc1a37
JH		 3772
3773 /* If we're not the initiators request authorization to
3774 * proceed from user space (mgmt_user_confirm with
ba15a58b
JH		 3775 * confirm_hint set to 1). The exception is if neither
3776 * side had MITM in which case we do auto-accept.
3777 */
3778 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->flags) &&
3779 (loc_mitm || rem_mitm)) {
55bc1a37
JH		 3780 BT_DBG("Confirming auto-accept as acceptor");
3781 confirm_hint = 1;
3782 goto confirm;
3783 }
3784
9f61656a 3785 BT_DBG("Auto-accept of user confirmation with %ums delay",
807deac2 3786 hdev->auto_accept_delay);
9f61656a
JH		 3787
3788 if (hdev->auto_accept_delay > 0) {
3789 int delay = msecs_to_jiffies(hdev->auto_accept_delay);
7bc18d9d
JH		 3790 queue_delayed_work(conn->hdev->workqueue,
3791 &conn->auto_accept_work, delay);
9f61656a
JH		 3792 goto unlock;
3793 }
3794
7a828908 3795 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_REPLY,
807deac2 3796 sizeof(ev->bdaddr), &ev->bdaddr);
7a828908
JH		 3797 goto unlock;
3798 }
3799
55bc1a37 3800confirm:
39adbffe
JH		 3801 mgmt_user_confirm_request(hdev, &ev->bdaddr, ACL_LINK, 0,
3802 le32_to_cpu(ev->passkey), confirm_hint);
7a828908
JH		 3803
3804unlock:
a5c29683
JH		 3805 hci_dev_unlock(hdev);
3806}
3807
6039aa73
GP		 3808static void hci_user_passkey_request_evt(struct hci_dev *hdev,
3809 struct sk_buff *skb)
1143d458
BG		 3810{
3811 struct hci_ev_user_passkey_req *ev = (void *) skb->data;
3812
3813 BT_DBG("%s", hdev->name);
3814
a8b2d5c2 3815 if (test_bit(HCI_MGMT, &hdev->dev_flags))
272d90df 3816 mgmt_user_passkey_request(hdev, &ev->bdaddr, ACL_LINK, 0);
1143d458
BG		 3817}
3818
92a25256
JH		 3819static void hci_user_passkey_notify_evt(struct hci_dev *hdev,
3820 struct sk_buff *skb)
3821{
3822 struct hci_ev_user_passkey_notify *ev = (void *) skb->data;
3823 struct hci_conn *conn;
3824
3825 BT_DBG("%s", hdev->name);
3826
3827 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3828 if (!conn)
3829 return;
3830
3831 conn->passkey_notify = __le32_to_cpu(ev->passkey);
3832 conn->passkey_entered = 0;
3833
3834 if (test_bit(HCI_MGMT, &hdev->dev_flags))
3835 mgmt_user_passkey_notify(hdev, &conn->dst, conn->type,
3836 conn->dst_type, conn->passkey_notify,
3837 conn->passkey_entered);
3838}
3839
3840static void hci_keypress_notify_evt(struct hci_dev *hdev, struct sk_buff *skb)
3841{
3842 struct hci_ev_keypress_notify *ev = (void *) skb->data;
3843 struct hci_conn *conn;
3844
3845 BT_DBG("%s", hdev->name);
3846
3847 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3848 if (!conn)
3849 return;
3850
3851 switch (ev->type) {
3852 case HCI_KEYPRESS_STARTED:
3853 conn->passkey_entered = 0;
3854 return;
3855
3856 case HCI_KEYPRESS_ENTERED:
3857 conn->passkey_entered++;
3858 break;
3859
3860 case HCI_KEYPRESS_ERASED:
3861 conn->passkey_entered--;
3862 break;
3863
3864 case HCI_KEYPRESS_CLEARED:
3865 conn->passkey_entered = 0;
3866 break;
3867
3868 case HCI_KEYPRESS_COMPLETED:
3869 return;
3870 }
3871
3872 if (test_bit(HCI_MGMT, &hdev->dev_flags))
3873 mgmt_user_passkey_notify(hdev, &conn->dst, conn->type,
3874 conn->dst_type, conn->passkey_notify,
3875 conn->passkey_entered);
3876}
3877
6039aa73
GP		 3878static void hci_simple_pair_complete_evt(struct hci_dev *hdev,
3879 struct sk_buff *skb)
0493684e
MH		 3880{
3881 struct hci_ev_simple_pair_complete *ev = (void *) skb->data;
3882 struct hci_conn *conn;
3883
3884 BT_DBG("%s", hdev->name);
3885
3886 hci_dev_lock(hdev);
3887
3888 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2a611692
JH		 3889 if (!conn)
3890 goto unlock;
3891
3892 /* To avoid duplicate auth_failed events to user space we check
3893 * the HCI_CONN_AUTH_PEND flag which will be set if we
3894 * initiated the authentication. A traditional auth_complete
3895 * event gets always produced as initiator and is also mapped to
3896 * the mgmt_auth_failed event */
fa1bd918 3897 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->flags) && ev->status)
bab73cb6 3898 mgmt_auth_failed(hdev, &conn->dst, conn->type, conn->dst_type,
04124681 3899 ev->status);
0493684e 3900
76a68ba0 3901 hci_conn_drop(conn);
2a611692
JH		 3902
3903unlock:
0493684e
MH		 3904 hci_dev_unlock(hdev);
3905}
3906
6039aa73
GP		 3907static void hci_remote_host_features_evt(struct hci_dev *hdev,
3908 struct sk_buff *skb)
41a96212
MH		 3909{
3910 struct hci_ev_remote_host_features *ev = (void *) skb->data;
3911 struct inquiry_entry *ie;
cad718ed 3912 struct hci_conn *conn;
41a96212
MH		 3913
3914 BT_DBG("%s", hdev->name);
3915
3916 hci_dev_lock(hdev);
3917
cad718ed
JH		 3918 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3919 if (conn)
3920 memcpy(conn->features[1], ev->features, 8);
3921
cc11b9c1
AE		 3922 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
3923 if (ie)
02b7cc62 3924 ie->data.ssp_mode = (ev->features[0] & LMP_HOST_SSP);
41a96212
MH		 3925
3926 hci_dev_unlock(hdev);
3927}
3928
6039aa73
GP		 3929static void hci_remote_oob_data_request_evt(struct hci_dev *hdev,
3930 struct sk_buff *skb)
2763eda6
SJ		 3931{
3932 struct hci_ev_remote_oob_data_request *ev = (void *) skb->data;
3933 struct oob_data *data;
3934
3935 BT_DBG("%s", hdev->name);
3936
3937 hci_dev_lock(hdev);
3938
a8b2d5c2 3939 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
e1ba1f15
SJ		 3940 goto unlock;
3941
2763eda6
SJ		 3942 data = hci_find_remote_oob_data(hdev, &ev->bdaddr);
3943 if (data) {
519ca9d0
MH		 3944 if (test_bit(HCI_SC_ENABLED, &hdev->dev_flags)) {
3945 struct hci_cp_remote_oob_ext_data_reply cp;
2763eda6 3946
519ca9d0
MH		 3947 bacpy(&cp.bdaddr, &ev->bdaddr);
3948 memcpy(cp.hash192, data->hash192, sizeof(cp.hash192));
3949 memcpy(cp.randomizer192, data->randomizer192,
3950 sizeof(cp.randomizer192));
3951 memcpy(cp.hash256, data->hash256, sizeof(cp.hash256));
3952 memcpy(cp.randomizer256, data->randomizer256,
3953 sizeof(cp.randomizer256));
3954
3955 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_EXT_DATA_REPLY,
3956 sizeof(cp), &cp);
3957 } else {
3958 struct hci_cp_remote_oob_data_reply cp;
2763eda6 3959
519ca9d0
MH		 3960 bacpy(&cp.bdaddr, &ev->bdaddr);
3961 memcpy(cp.hash, data->hash192, sizeof(cp.hash));
3962 memcpy(cp.randomizer, data->randomizer192,
3963 sizeof(cp.randomizer));
3964
3965 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_REPLY,
3966 sizeof(cp), &cp);
3967 }
2763eda6
SJ		 3968 } else {
3969 struct hci_cp_remote_oob_data_neg_reply cp;
3970
3971 bacpy(&cp.bdaddr, &ev->bdaddr);
519ca9d0
MH		 3972 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_NEG_REPLY,
3973 sizeof(cp), &cp);
2763eda6
SJ		 3974 }
3975
e1ba1f15 3976unlock:
2763eda6
SJ		 3977 hci_dev_unlock(hdev);
3978}
3979
d5e91192
AE		 3980static void hci_phy_link_complete_evt(struct hci_dev *hdev,
3981 struct sk_buff *skb)
3982{
3983 struct hci_ev_phy_link_complete *ev = (void *) skb->data;
3984 struct hci_conn *hcon, *bredr_hcon;
3985
3986 BT_DBG("%s handle 0x%2.2x status 0x%2.2x", hdev->name, ev->phy_handle,
3987 ev->status);
3988
3989 hci_dev_lock(hdev);
3990
3991 hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
3992 if (!hcon) {
3993 hci_dev_unlock(hdev);
3994 return;
3995 }
3996
3997 if (ev->status) {
3998 hci_conn_del(hcon);
3999 hci_dev_unlock(hdev);
4000 return;
4001 }
4002
4003 bredr_hcon = hcon->amp_mgr->l2cap_conn->hcon;
4004
4005 hcon->state = BT_CONNECTED;
4006 bacpy(&hcon->dst, &bredr_hcon->dst);
4007
4008 hci_conn_hold(hcon);
4009 hcon->disc_timeout = HCI_DISCONN_TIMEOUT;
76a68ba0 4010 hci_conn_drop(hcon);
d5e91192 4011
d5e91192
AE		 4012 hci_conn_add_sysfs(hcon);
4013
cf70ff22 4014 amp_physical_cfm(bredr_hcon, hcon);
d5e91192 4015
cf70ff22 4016 hci_dev_unlock(hdev);
d5e91192
AE		 4017}
4018
27695fb4
AE		 4019static void hci_loglink_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
4020{
4021 struct hci_ev_logical_link_complete *ev = (void *) skb->data;
4022 struct hci_conn *hcon;
4023 struct hci_chan *hchan;
4024 struct amp_mgr *mgr;
4025
4026 BT_DBG("%s log_handle 0x%4.4x phy_handle 0x%2.2x status 0x%2.2x",
4027 hdev->name, le16_to_cpu(ev->handle), ev->phy_handle,
4028 ev->status);
4029
4030 hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
4031 if (!hcon)
4032 return;
4033
4034 /* Create AMP hchan */
4035 hchan = hci_chan_create(hcon);
4036 if (!hchan)
4037 return;
4038
4039 hchan->handle = le16_to_cpu(ev->handle);
4040
4041 BT_DBG("hcon %p mgr %p hchan %p", hcon, hcon->amp_mgr, hchan);
4042
4043 mgr = hcon->amp_mgr;
4044 if (mgr && mgr->bredr_chan) {
4045 struct l2cap_chan *bredr_chan = mgr->bredr_chan;
4046
4047 l2cap_chan_lock(bredr_chan);
4048
4049 bredr_chan->conn->mtu = hdev->block_mtu;
4050 l2cap_logical_cfm(bredr_chan, hchan, 0);
4051 hci_conn_hold(hcon);
4052
4053 l2cap_chan_unlock(bredr_chan);
4054 }
4055}
4056
606e2a10
AE		 4057static void hci_disconn_loglink_complete_evt(struct hci_dev *hdev,
4058 struct sk_buff *skb)
4059{
4060 struct hci_ev_disconn_logical_link_complete *ev = (void *) skb->data;
4061 struct hci_chan *hchan;
4062
4063 BT_DBG("%s log handle 0x%4.4x status 0x%2.2x", hdev->name,
4064 le16_to_cpu(ev->handle), ev->status);
4065
4066 if (ev->status)
4067 return;
4068
4069 hci_dev_lock(hdev);
4070
4071 hchan = hci_chan_lookup_handle(hdev, le16_to_cpu(ev->handle));
4072 if (!hchan)
4073 goto unlock;
4074
4075 amp_destroy_logical_link(hchan, ev->reason);
4076
4077unlock:
4078 hci_dev_unlock(hdev);
4079}
4080
9eef6b3a
AE		 4081static void hci_disconn_phylink_complete_evt(struct hci_dev *hdev,
4082 struct sk_buff *skb)
4083{
4084 struct hci_ev_disconn_phy_link_complete *ev = (void *) skb->data;
4085 struct hci_conn *hcon;
4086
4087 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
4088
4089 if (ev->status)
4090 return;
4091
4092 hci_dev_lock(hdev);
4093
4094 hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
4095 if (hcon) {
4096 hcon->state = BT_CLOSED;
4097 hci_conn_del(hcon);
4098 }
4099
4100 hci_dev_unlock(hdev);
4101}
4102
6039aa73 4103static void hci_le_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
fcd89c09
VT		 4104{
4105 struct hci_ev_le_conn_complete *ev = (void *) skb->data;
912b42ef 4106 struct hci_conn_params *params;
fcd89c09 4107 struct hci_conn *conn;
68d6f6de 4108 struct smp_irk *irk;
837d502e 4109 u8 addr_type;
fcd89c09 4110
9f1db00c 4111 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
fcd89c09
VT		 4112
4113 hci_dev_lock(hdev);
4114
fbd96c15
JH		 4115 /* All controllers implicitly stop advertising in the event of a
4116 * connection, so ensure that the state bit is cleared.
4117 */
4118 clear_bit(HCI_LE_ADV, &hdev->dev_flags);
4119
b47a09b3 4120 conn = hci_conn_hash_lookup_state(hdev, LE_LINK, BT_CONNECT);
b62f328b
VT		 4121 if (!conn) {
4122 conn = hci_conn_add(hdev, LE_LINK, &ev->bdaddr);
4123 if (!conn) {
4124 BT_ERR("No memory for new connection");
230fd16a 4125 goto unlock;
b62f328b 4126 }
29b7988a
AG		 4127
4128 conn->dst_type = ev->bdaddr_type;
b9b343d2
AG		 4129
4130 if (ev->role == LE_CONN_ROLE_MASTER) {
4131 conn->out = true;
4dae2798 4132 set_bit(HCI_CONN_MASTER, &conn->flags);
b9b343d2 4133 }
cb1d68f7
JH		 4134
4135 /* If we didn't have a hci_conn object previously
4136 * but we're in master role this must be something
4137 * initiated using a white list. Since white list based
4138 * connections are not "first class citizens" we don't
4139 * have full tracking of them. Therefore, we go ahead
4140 * with a "best effort" approach of determining the
4141 * initiator address based on the HCI_PRIVACY flag.
4142 */
4143 if (conn->out) {
4144 conn->resp_addr_type = ev->bdaddr_type;
4145 bacpy(&conn->resp_addr, &ev->bdaddr);
4146 if (test_bit(HCI_PRIVACY, &hdev->dev_flags)) {
4147 conn->init_addr_type = ADDR_LE_DEV_RANDOM;
4148 bacpy(&conn->init_addr, &hdev->rpa);
4149 } else {
4150 hci_copy_identity_address(hdev,
4151 &conn->init_addr,
4152 &conn->init_addr_type);
4153 }
cb1d68f7 4154 }
9489eca4
JH		 4155 } else {
4156 cancel_delayed_work(&conn->le_conn_timeout);
b62f328b 4157 }
fcd89c09 4158
80c24ab8
JH		 4159 if (!conn->out) {
4160 /* Set the responder (our side) address type based on
4161 * the advertising address type.
4162 */
4163 conn->resp_addr_type = hdev->adv_addr_type;
4164 if (hdev->adv_addr_type == ADDR_LE_DEV_RANDOM)
4165 bacpy(&conn->resp_addr, &hdev->random_addr);
4166 else
4167 bacpy(&conn->resp_addr, &hdev->bdaddr);
4168
4169 conn->init_addr_type = ev->bdaddr_type;
4170 bacpy(&conn->init_addr, &ev->bdaddr);
a720d735
MH		 4171
4172 /* For incoming connections, set the default minimum
4173 * and maximum connection interval. They will be used
4174 * to check if the parameters are in range and if not
4175 * trigger the connection update procedure.
4176 */
4177 conn->le_conn_min_interval = hdev->le_conn_min_interval;
4178 conn->le_conn_max_interval = hdev->le_conn_max_interval;
80c24ab8 4179 }
7be2edbb 4180
edb4b466
MH		 4181 /* Lookup the identity address from the stored connection
4182 * address and address type.
4183 *
4184 * When establishing connections to an identity address, the
4185 * connection procedure will store the resolvable random
4186 * address first. Now if it can be converted back into the
4187 * identity address, start using the identity address from
4188 * now on.
4189 */
4190 irk = hci_get_irk(hdev, &conn->dst, conn->dst_type);
68d6f6de
JH		 4191 if (irk) {
4192 bacpy(&conn->dst, &irk->bdaddr);
4193 conn->dst_type = irk->addr_type;
4194 }
4195
837d502e
JH		 4196 if (conn->dst_type == ADDR_LE_DEV_PUBLIC)
4197 addr_type = BDADDR_LE_PUBLIC;
4198 else
4199 addr_type = BDADDR_LE_RANDOM;
4200
4201 /* Drop the connection if he device is blocked */
dcc36c16 4202 if (hci_bdaddr_list_lookup(&hdev->blacklist, &conn->dst, addr_type)) {
837d502e
JH		 4203 hci_conn_drop(conn);
4204 goto unlock;
4205 }
4206
cd17decb 4207 if (ev->status) {
06c053fb 4208 hci_le_conn_failed(conn, ev->status);
cd17decb
AG		 4209 goto unlock;
4210 }
4211
b644ba33 4212 if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
01fdb0fc 4213 mgmt_device_connected(hdev, &conn->dst, conn->type,
04124681 4214 conn->dst_type, 0, NULL, 0, NULL);
83bc71b4 4215
7b5c0d52 4216 conn->sec_level = BT_SECURITY_LOW;
fcd89c09
VT		 4217 conn->handle = __le16_to_cpu(ev->handle);
4218 conn->state = BT_CONNECTED;
4219
e04fde60
MH		 4220 conn->le_conn_interval = le16_to_cpu(ev->interval);
4221 conn->le_conn_latency = le16_to_cpu(ev->latency);
4222 conn->le_supv_timeout = le16_to_cpu(ev->supervision_timeout);
4223
fcd89c09
VT		 4224 hci_conn_add_sysfs(conn);
4225
4226 hci_proto_connect_cfm(conn, ev->status);
4227
912b42ef 4228 params = hci_conn_params_lookup(hdev, &conn->dst, conn->dst_type);
223683a5 4229 if (params)
95305baa 4230 list_del_init(&params->action);
a4790dbd 4231
fcd89c09 4232unlock:
223683a5 4233 hci_update_background_scan(hdev);
fcd89c09
VT		 4234 hci_dev_unlock(hdev);
4235}
4236
1855d92d
MH		 4237static void hci_le_conn_update_complete_evt(struct hci_dev *hdev,
4238 struct sk_buff *skb)
4239{
4240 struct hci_ev_le_conn_update_complete *ev = (void *) skb->data;
4241 struct hci_conn *conn;
4242
4243 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
4244
4245 if (ev->status)
4246 return;
4247
4248 hci_dev_lock(hdev);
4249
4250 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
4251 if (conn) {
4252 conn->le_conn_interval = le16_to_cpu(ev->interval);
4253 conn->le_conn_latency = le16_to_cpu(ev->latency);
4254 conn->le_supv_timeout = le16_to_cpu(ev->supervision_timeout);
4255 }
4256
4257 hci_dev_unlock(hdev);
4258}
4259
a4790dbd 4260/* This function requires the caller holds hdev->lock */
7e899c94 4261static void check_pending_le_conn(struct hci_dev *hdev, bdaddr_t *addr,
1c1abcab 4262 u8 addr_type, u8 adv_type)
a4790dbd
AG		 4263{
4264 struct hci_conn *conn;
4265
1c1abcab
JH		 4266 /* If the event is not connectable don't proceed further */
4267 if (adv_type != LE_ADV_IND && adv_type != LE_ADV_DIRECT_IND)
7e899c94 4268 return;
1c1abcab
JH		 4269
4270 /* Ignore if the device is blocked */
dcc36c16 4271 if (hci_bdaddr_list_lookup(&hdev->blacklist, addr, addr_type))
7e899c94 4272 return;
1c1abcab
JH		 4273
4274 /* If we're connectable, always connect any ADV_DIRECT_IND event */
4275 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags) &&
4276 adv_type == LE_ADV_DIRECT_IND)
4277 goto connect;
4278
4279 /* If we're not connectable only connect devices that we have in
4280 * our pend_le_conns list.
4281 */
501f8827 4282 if (!hci_pend_le_action_lookup(&hdev->pend_le_conns, addr, addr_type))
7e899c94 4283 return;
a4790dbd 4284
1c1abcab 4285connect:
cdd6275e 4286 /* Request connection in master = true role */
a4790dbd 4287 conn = hci_connect_le(hdev, addr, addr_type, BT_SECURITY_LOW,
cdd6275e 4288 HCI_LE_AUTOCONN_TIMEOUT, true);
a4790dbd 4289 if (!IS_ERR(conn))
7e899c94 4290 return;
a4790dbd
AG		 4291
4292 switch (PTR_ERR(conn)) {
4293 case -EBUSY:
4294 /* If hci_connect() returns -EBUSY it means there is already
4295 * an LE connection attempt going on. Since controllers don't
4296 * support more than one connection attempt at the time, we
4297 * don't consider this an error case.
4298 */
4299 break;
4300 default:
4301 BT_DBG("Failed to connect: err %ld", PTR_ERR(conn));
4302 }
4303}
4304
4af605d8
JH		 4305static void process_adv_report(struct hci_dev *hdev, u8 type, bdaddr_t *bdaddr,
4306 u8 bdaddr_type, s8 rssi, u8 *data, u8 len)
4307{
b9a6328f 4308 struct discovery_state *d = &hdev->discovery;
1c1abcab 4309 struct smp_irk *irk;
474ee066 4310 bool match;
c70a7e4c 4311 u32 flags;
b9a6328f 4312
1c1abcab
JH		 4313 /* Check if we need to convert to identity address */
4314 irk = hci_get_irk(hdev, bdaddr, bdaddr_type);
4315 if (irk) {
4316 bdaddr = &irk->bdaddr;
4317 bdaddr_type = irk->addr_type;
4318 }
4319
4320 /* Check if we have been requested to connect to this device */
4321 check_pending_le_conn(hdev, bdaddr, bdaddr_type, type);
4322
0d2bf134
JH		 4323 /* Passive scanning shouldn't trigger any device found events,
4324 * except for devices marked as CONN_REPORT for which we do send
4325 * device found events.
4326 */
ca5c4be7 4327 if (hdev->le_scan_type == LE_SCAN_PASSIVE) {
0d2bf134 4328 struct hci_conn_params *param;
0d2bf134 4329
0d2bf134
JH		 4330 if (type == LE_ADV_DIRECT_IND)
4331 return;
4332
a7545f2a
JH		 4333 param = hci_pend_le_action_lookup(&hdev->pend_le_reports,
4334 bdaddr, bdaddr_type);
4335 if (!param)
0d2bf134
JH		 4336 return;
4337
4338 if (type == LE_ADV_NONCONN_IND || type == LE_ADV_SCAN_IND)
4339 flags = MGMT_DEV_FOUND_NOT_CONNECTABLE;
4340 else
4341 flags = 0;
4342 mgmt_device_found(hdev, bdaddr, LE_LINK, bdaddr_type, NULL,
4343 rssi, flags, data, len, NULL, 0);
97bf2e99 4344 return;
ca5c4be7 4345 }
4af605d8 4346
c70a7e4c
MH		 4347 /* When receiving non-connectable or scannable undirected
4348 * advertising reports, this means that the remote device is
4349 * not connectable and then clearly indicate this in the
4350 * device found event.
4351 *
4352 * When receiving a scan response, then there is no way to
4353 * know if the remote device is connectable or not. However
4354 * since scan responses are merged with a previously seen
4355 * advertising report, the flags field from that report
4356 * will be used.
4357 *
4358 * In the really unlikely case that a controller get confused
4359 * and just sends a scan response event, then it is marked as
4360 * not connectable as well.
4361 */
4362 if (type == LE_ADV_NONCONN_IND || type == LE_ADV_SCAN_IND ||
4363 type == LE_ADV_SCAN_RSP)
4364 flags = MGMT_DEV_FOUND_NOT_CONNECTABLE;
4365 else
4366 flags = 0;
4367
b9a6328f
JH		 4368 /* If there's nothing pending either store the data from this
4369 * event or send an immediate device found event if the data
4370 * should not be stored for later.
4371 */
4372 if (!has_pending_adv_report(hdev)) {
4373 /* If the report will trigger a SCAN_REQ store it for
4374 * later merging.
4375 */
4376 if (type == LE_ADV_IND || type == LE_ADV_SCAN_IND) {
4377 store_pending_adv_report(hdev, bdaddr, bdaddr_type,
c70a7e4c 4378 rssi, flags, data, len);
b9a6328f
JH		 4379 return;
4380 }
4381
4382 mgmt_device_found(hdev, bdaddr, LE_LINK, bdaddr_type, NULL,
c70a7e4c 4383 rssi, flags, data, len, NULL, 0);
b9a6328f
JH		 4384 return;
4385 }
4386
474ee066
JH		 4387 /* Check if the pending report is for the same device as the new one */
4388 match = (!bacmp(bdaddr, &d->last_adv_addr) &&
4389 bdaddr_type == d->last_adv_addr_type);
4390
b9a6328f
JH		 4391 /* If the pending data doesn't match this report or this isn't a
4392 * scan response (e.g. we got a duplicate ADV_IND) then force
4393 * sending of the pending data.
4394 */
474ee066
JH		 4395 if (type != LE_ADV_SCAN_RSP || !match) {
4396 /* Send out whatever is in the cache, but skip duplicates */
4397 if (!match)
4398 mgmt_device_found(hdev, &d->last_adv_addr, LE_LINK,
ff5cd29f 4399 d->last_adv_addr_type, NULL,
c70a7e4c 4400 d->last_adv_rssi, d->last_adv_flags,
ff5cd29f 4401 d->last_adv_data,
474ee066 4402 d->last_adv_data_len, NULL, 0);
b9a6328f
JH		 4403
4404 /* If the new report will trigger a SCAN_REQ store it for
4405 * later merging.
4406 */
4407 if (type == LE_ADV_IND || type == LE_ADV_SCAN_IND) {
4408 store_pending_adv_report(hdev, bdaddr, bdaddr_type,
c70a7e4c 4409 rssi, flags, data, len);
b9a6328f
JH		 4410 return;
4411 }
4412
4413 /* The advertising reports cannot be merged, so clear
4414 * the pending report and send out a device found event.
4415 */
4416 clear_pending_adv_report(hdev);
5c5b93e4 4417 mgmt_device_found(hdev, bdaddr, LE_LINK, bdaddr_type, NULL,
c70a7e4c 4418 rssi, flags, data, len, NULL, 0);
b9a6328f
JH		 4419 return;
4420 }
4421
4422 /* If we get here we've got a pending ADV_IND or ADV_SCAN_IND and
4423 * the new event is a SCAN_RSP. We can therefore proceed with
4424 * sending a merged device found event.
4425 */
4426 mgmt_device_found(hdev, &d->last_adv_addr, LE_LINK,
c70a7e4c 4427 d->last_adv_addr_type, NULL, rssi, d->last_adv_flags,
42bd6a56 4428 d->last_adv_data, d->last_adv_data_len, data, len);
b9a6328f 4429 clear_pending_adv_report(hdev);
4af605d8
JH		 4430}
4431
6039aa73 4432static void hci_le_adv_report_evt(struct hci_dev *hdev, struct sk_buff *skb)
9aa04c91 4433{
e95beb41
AG		 4434 u8 num_reports = skb->data[0];
4435 void *ptr = &skb->data[1];
9aa04c91 4436
a4790dbd
AG		 4437 hci_dev_lock(hdev);
4438
e95beb41
AG		 4439 while (num_reports--) {
4440 struct hci_ev_le_advertising_info *ev = ptr;
4af605d8 4441 s8 rssi;
a4790dbd 4442
3c9e9195 4443 rssi = ev->data[ev->length];
4af605d8
JH		 4444 process_adv_report(hdev, ev->evt_type, &ev->bdaddr,
4445 ev->bdaddr_type, rssi, ev->data, ev->length);
3c9e9195 4446
e95beb41 4447 ptr += sizeof(*ev) + ev->length + 1;
9aa04c91 4448 }
a4790dbd
AG		 4449
4450 hci_dev_unlock(hdev);
9aa04c91
AG		 4451}
4452
6039aa73 4453static void hci_le_ltk_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
a7a595f6
VCG		 4454{
4455 struct hci_ev_le_ltk_req *ev = (void *) skb->data;
4456 struct hci_cp_le_ltk_reply cp;
bea710fe 4457 struct hci_cp_le_ltk_neg_reply neg;
a7a595f6 4458 struct hci_conn *conn;
c9839a11 4459 struct smp_ltk *ltk;
a7a595f6 4460
9f1db00c 4461 BT_DBG("%s handle 0x%4.4x", hdev->name, __le16_to_cpu(ev->handle));
a7a595f6
VCG		 4462
4463 hci_dev_lock(hdev);
4464
4465 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
bea710fe
VCG		 4466 if (conn == NULL)
4467 goto not_found;
a7a595f6 4468
fe39c7b2 4469 ltk = hci_find_ltk(hdev, ev->ediv, ev->rand, conn->out);
bea710fe
VCG		 4470 if (ltk == NULL)
4471 goto not_found;
4472
4473 memcpy(cp.ltk, ltk->val, sizeof(ltk->val));
a7a595f6 4474 cp.handle = cpu_to_le16(conn->handle);
c9839a11
VCG		 4475
4476 if (ltk->authenticated)
f8776218
AG		 4477 conn->pending_sec_level = BT_SECURITY_HIGH;
4478 else
4479 conn->pending_sec_level = BT_SECURITY_MEDIUM;
a7a595f6 4480
89cbb4da 4481 conn->enc_key_size = ltk->enc_size;
a7a595f6
VCG		 4482
4483 hci_send_cmd(hdev, HCI_OP_LE_LTK_REPLY, sizeof(cp), &cp);
4484
5981a882
CT		 4485 /* Ref. Bluetooth Core SPEC pages 1975 and 2004. STK is a
4486 * temporary key used to encrypt a connection following
4487 * pairing. It is used during the Encrypted Session Setup to
4488 * distribute the keys. Later, security can be re-established
4489 * using a distributed LTK.
4490 */
2ceba539 4491 if (ltk->type == SMP_STK) {
fe59a05f 4492 set_bit(HCI_CONN_STK_ENCRYPT, &conn->flags);
c9839a11
VCG		 4493 list_del(&ltk->list);
4494 kfree(ltk);
fe59a05f
JH		 4495 } else {
4496 clear_bit(HCI_CONN_STK_ENCRYPT, &conn->flags);
c9839a11
VCG		 4497 }
4498
a7a595f6 4499 hci_dev_unlock(hdev);
bea710fe
VCG		 4500
4501 return;
4502
4503not_found:
4504 neg.handle = ev->handle;
4505 hci_send_cmd(hdev, HCI_OP_LE_LTK_NEG_REPLY, sizeof(neg), &neg);
4506 hci_dev_unlock(hdev);
a7a595f6
VCG		 4507}
4508
8e75b46a
AG		 4509static void send_conn_param_neg_reply(struct hci_dev *hdev, u16 handle,
4510 u8 reason)
4511{
4512 struct hci_cp_le_conn_param_req_neg_reply cp;
4513
4514 cp.handle = cpu_to_le16(handle);
4515 cp.reason = reason;
4516
4517 hci_send_cmd(hdev, HCI_OP_LE_CONN_PARAM_REQ_NEG_REPLY, sizeof(cp),
4518 &cp);
4519}
4520
4521static void hci_le_remote_conn_param_req_evt(struct hci_dev *hdev,
4522 struct sk_buff *skb)
4523{
4524 struct hci_ev_le_remote_conn_param_req *ev = (void *) skb->data;
4525 struct hci_cp_le_conn_param_req_reply cp;
4526 struct hci_conn *hcon;
4527 u16 handle, min, max, latency, timeout;
4528
4529 handle = le16_to_cpu(ev->handle);
4530 min = le16_to_cpu(ev->interval_min);
4531 max = le16_to_cpu(ev->interval_max);
4532 latency = le16_to_cpu(ev->latency);
4533 timeout = le16_to_cpu(ev->timeout);
4534
4535 hcon = hci_conn_hash_lookup_handle(hdev, handle);
4536 if (!hcon || hcon->state != BT_CONNECTED)
4537 return send_conn_param_neg_reply(hdev, handle,
4538 HCI_ERROR_UNKNOWN_CONN_ID);
4539
4540 if (hci_check_conn_params(min, max, latency, timeout))
4541 return send_conn_param_neg_reply(hdev, handle,
4542 HCI_ERROR_INVALID_LL_PARAMS);
4543
348d50b8
JH		 4544 if (test_bit(HCI_CONN_MASTER, &hcon->flags)) {
4545 struct hci_conn_params *params;
f4869e2a 4546 u8 store_hint;
348d50b8
JH		 4547
4548 hci_dev_lock(hdev);
4549
4550 params = hci_conn_params_lookup(hdev, &hcon->dst,
4551 hcon->dst_type);
4552 if (params) {
4553 params->conn_min_interval = min;
4554 params->conn_max_interval = max;
4555 params->conn_latency = latency;
4556 params->supervision_timeout = timeout;
f4869e2a
JH		 4557 store_hint = 0x01;
4558 } else{
4559 store_hint = 0x00;
348d50b8
JH		 4560 }
4561
4562 hci_dev_unlock(hdev);
4563
f4869e2a
JH		 4564 mgmt_new_conn_param(hdev, &hcon->dst, hcon->dst_type,
4565 store_hint, min, max, latency, timeout);
348d50b8 4566 }
ffb5a827 4567
8e75b46a
AG		 4568 cp.handle = ev->handle;
4569 cp.interval_min = ev->interval_min;
4570 cp.interval_max = ev->interval_max;
4571 cp.latency = ev->latency;
4572 cp.timeout = ev->timeout;
4573 cp.min_ce_len = 0;
4574 cp.max_ce_len = 0;
4575
4576 hci_send_cmd(hdev, HCI_OP_LE_CONN_PARAM_REQ_REPLY, sizeof(cp), &cp);
4577}
4578
6039aa73 4579static void hci_le_meta_evt(struct hci_dev *hdev, struct sk_buff *skb)
fcd89c09
VT		 4580{
4581 struct hci_ev_le_meta *le_ev = (void *) skb->data;
4582
4583 skb_pull(skb, sizeof(*le_ev));
4584
4585 switch (le_ev->subevent) {
4586 case HCI_EV_LE_CONN_COMPLETE:
4587 hci_le_conn_complete_evt(hdev, skb);
4588 break;
4589
1855d92d
MH		 4590 case HCI_EV_LE_CONN_UPDATE_COMPLETE:
4591 hci_le_conn_update_complete_evt(hdev, skb);
4592 break;
4593
9aa04c91
AG		 4594 case HCI_EV_LE_ADVERTISING_REPORT:
4595 hci_le_adv_report_evt(hdev, skb);
4596 break;
4597
a7a595f6
VCG		 4598 case HCI_EV_LE_LTK_REQ:
4599 hci_le_ltk_request_evt(hdev, skb);
4600 break;
4601
8e75b46a
AG		 4602 case HCI_EV_LE_REMOTE_CONN_PARAM_REQ:
4603 hci_le_remote_conn_param_req_evt(hdev, skb);
4604 break;
4605
fcd89c09
VT		 4606 default:
4607 break;
4608 }
4609}
4610
9495b2ee
AE		 4611static void hci_chan_selected_evt(struct hci_dev *hdev, struct sk_buff *skb)
4612{
4613 struct hci_ev_channel_selected *ev = (void *) skb->data;
4614 struct hci_conn *hcon;
4615
4616 BT_DBG("%s handle 0x%2.2x", hdev->name, ev->phy_handle);
4617
4618 skb_pull(skb, sizeof(*ev));
4619
4620 hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
4621 if (!hcon)
4622 return;
4623
4624 amp_read_loc_assoc_final_data(hdev, hcon);
4625}
4626
a9de9248
MH		 4627void hci_event_packet(struct hci_dev *hdev, struct sk_buff *skb)
4628{
4629 struct hci_event_hdr *hdr = (void *) skb->data;
4630 __u8 event = hdr->evt;
4631
b6ddb638
JH		 4632 hci_dev_lock(hdev);
4633
4634 /* Received events are (currently) only needed when a request is
4635 * ongoing so avoid unnecessary memory allocation.
4636 */
4637 if (hdev->req_status == HCI_REQ_PEND) {
4638 kfree_skb(hdev->recv_evt);
4639 hdev->recv_evt = skb_clone(skb, GFP_KERNEL);
4640 }
4641
4642 hci_dev_unlock(hdev);
4643
a9de9248
MH		 4644 skb_pull(skb, HCI_EVENT_HDR_SIZE);
4645
02350a72 4646 if (hdev->sent_cmd && bt_cb(hdev->sent_cmd)->req.event == event) {
c1f23a2b
JB		 4647 struct hci_command_hdr *cmd_hdr = (void *) hdev->sent_cmd->data;
4648 u16 opcode = __le16_to_cpu(cmd_hdr->opcode);
02350a72
JH		 4649
4650 hci_req_cmd_complete(hdev, opcode, 0);
4651 }
4652
a9de9248 4653 switch (event) {
1da177e4
LT		 4654 case HCI_EV_INQUIRY_COMPLETE:
4655 hci_inquiry_complete_evt(hdev, skb);
4656 break;
4657
4658 case HCI_EV_INQUIRY_RESULT:
4659 hci_inquiry_result_evt(hdev, skb);
4660 break;
4661
a9de9248
MH		 4662 case HCI_EV_CONN_COMPLETE:
4663 hci_conn_complete_evt(hdev, skb);
21d9e30e
MH		 4664 break;
4665
1da177e4
LT		 4666 case HCI_EV_CONN_REQUEST:
4667 hci_conn_request_evt(hdev, skb);
4668 break;
4669
1da177e4
LT		 4670 case HCI_EV_DISCONN_COMPLETE:
4671 hci_disconn_complete_evt(hdev, skb);
4672 break;
4673
1da177e4
LT		 4674 case HCI_EV_AUTH_COMPLETE:
4675 hci_auth_complete_evt(hdev, skb);
4676 break;
4677
a9de9248
MH		 4678 case HCI_EV_REMOTE_NAME:
4679 hci_remote_name_evt(hdev, skb);
4680 break;
4681
1da177e4
LT		 4682 case HCI_EV_ENCRYPT_CHANGE:
4683 hci_encrypt_change_evt(hdev, skb);
4684 break;
4685
a9de9248
MH		 4686 case HCI_EV_CHANGE_LINK_KEY_COMPLETE:
4687 hci_change_link_key_complete_evt(hdev, skb);
4688 break;
4689
4690 case HCI_EV_REMOTE_FEATURES:
4691 hci_remote_features_evt(hdev, skb);
4692 break;
4693
a9de9248
MH		 4694 case HCI_EV_CMD_COMPLETE:
4695 hci_cmd_complete_evt(hdev, skb);
4696 break;
4697
4698 case HCI_EV_CMD_STATUS:
4699 hci_cmd_status_evt(hdev, skb);
4700 break;
4701
4702 case HCI_EV_ROLE_CHANGE:
4703 hci_role_change_evt(hdev, skb);
4704 break;
4705
4706 case HCI_EV_NUM_COMP_PKTS:
4707 hci_num_comp_pkts_evt(hdev, skb);
4708 break;
4709
4710 case HCI_EV_MODE_CHANGE:
4711 hci_mode_change_evt(hdev, skb);
1da177e4
LT		 4712 break;
4713
4714 case HCI_EV_PIN_CODE_REQ:
4715 hci_pin_code_request_evt(hdev, skb);
4716 break;
4717
4718 case HCI_EV_LINK_KEY_REQ:
4719 hci_link_key_request_evt(hdev, skb);
4720 break;
4721
4722 case HCI_EV_LINK_KEY_NOTIFY:
4723 hci_link_key_notify_evt(hdev, skb);
4724 break;
4725
4726 case HCI_EV_CLOCK_OFFSET:
4727 hci_clock_offset_evt(hdev, skb);
4728 break;
4729
a8746417
MH		 4730 case HCI_EV_PKT_TYPE_CHANGE:
4731 hci_pkt_type_change_evt(hdev, skb);
4732 break;
4733
85a1e930
MH		 4734 case HCI_EV_PSCAN_REP_MODE:
4735 hci_pscan_rep_mode_evt(hdev, skb);
4736 break;
4737
a9de9248
MH		 4738 case HCI_EV_INQUIRY_RESULT_WITH_RSSI:
4739 hci_inquiry_result_with_rssi_evt(hdev, skb);
04837f64
MH		 4740 break;
4741
a9de9248
MH		 4742 case HCI_EV_REMOTE_EXT_FEATURES:
4743 hci_remote_ext_features_evt(hdev, skb);
1da177e4
LT		 4744 break;
4745
a9de9248
MH		 4746 case HCI_EV_SYNC_CONN_COMPLETE:
4747 hci_sync_conn_complete_evt(hdev, skb);
4748 break;
1da177e4 4749
a9de9248
MH		 4750 case HCI_EV_EXTENDED_INQUIRY_RESULT:
4751 hci_extended_inquiry_result_evt(hdev, skb);
4752 break;
1da177e4 4753
1c2e0041
JH		 4754 case HCI_EV_KEY_REFRESH_COMPLETE:
4755 hci_key_refresh_complete_evt(hdev, skb);
4756 break;
4757
0493684e
MH		 4758 case HCI_EV_IO_CAPA_REQUEST:
4759 hci_io_capa_request_evt(hdev, skb);
4760 break;
4761
03b555e1
JH		 4762 case HCI_EV_IO_CAPA_REPLY:
4763 hci_io_capa_reply_evt(hdev, skb);
4764 break;
4765
a5c29683
JH		 4766 case HCI_EV_USER_CONFIRM_REQUEST:
4767 hci_user_confirm_request_evt(hdev, skb);
4768 break;
4769
1143d458
BG		 4770 case HCI_EV_USER_PASSKEY_REQUEST:
4771 hci_user_passkey_request_evt(hdev, skb);
4772 break;
4773
92a25256
JH		 4774 case HCI_EV_USER_PASSKEY_NOTIFY:
4775 hci_user_passkey_notify_evt(hdev, skb);
4776 break;
4777
4778 case HCI_EV_KEYPRESS_NOTIFY:
4779 hci_keypress_notify_evt(hdev, skb);
4780 break;
4781
0493684e
MH		 4782 case HCI_EV_SIMPLE_PAIR_COMPLETE:
4783 hci_simple_pair_complete_evt(hdev, skb);
4784 break;
4785
41a96212
MH		 4786 case HCI_EV_REMOTE_HOST_FEATURES:
4787 hci_remote_host_features_evt(hdev, skb);
4788 break;
4789
fcd89c09
VT		 4790 case HCI_EV_LE_META:
4791 hci_le_meta_evt(hdev, skb);
4792 break;
4793
9495b2ee
AE		 4794 case HCI_EV_CHANNEL_SELECTED:
4795 hci_chan_selected_evt(hdev, skb);
4796 break;
4797
2763eda6
SJ		 4798 case HCI_EV_REMOTE_OOB_DATA_REQUEST:
4799 hci_remote_oob_data_request_evt(hdev, skb);
4800 break;
4801
d5e91192
AE		 4802 case HCI_EV_PHY_LINK_COMPLETE:
4803 hci_phy_link_complete_evt(hdev, skb);
4804 break;
4805
27695fb4
AE		 4806 case HCI_EV_LOGICAL_LINK_COMPLETE:
4807 hci_loglink_complete_evt(hdev, skb);
4808 break;
4809
606e2a10
AE		 4810 case HCI_EV_DISCONN_LOGICAL_LINK_COMPLETE:
4811 hci_disconn_loglink_complete_evt(hdev, skb);
4812 break;
4813
9eef6b3a
AE		 4814 case HCI_EV_DISCONN_PHY_LINK_COMPLETE:
4815 hci_disconn_phylink_complete_evt(hdev, skb);
4816 break;
4817
25e89e99
AE		 4818 case HCI_EV_NUM_COMP_BLOCKS:
4819 hci_num_comp_blocks_evt(hdev, skb);
4820 break;
4821
a9de9248 4822 default:
9f1db00c 4823 BT_DBG("%s event 0x%2.2x", hdev->name, event);
1da177e4
LT		 4824 break;
4825 }
4826
4827 kfree_skb(skb);
4828 hdev->stat.evt_rx++;
4829}
Linux kernel - Deliverables
This page took 1.071452 seconds and 5 git commands to generate.