projects / deliverable / linux.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Bluetooth: Fix trying to disable scanning twice
[deliverable/linux.git] / net / bluetooth / hci_event.c
CommitLineData
8e87d142 1/*
1da177e4 2 BlueZ - Bluetooth protocol stack for Linux
2d0a0346 3 Copyright (c) 2000-2001, 2010, Code Aurora Forum. All rights reserved.
1da177e4
LT		 4
5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
8e87d142
YH		 15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
1da177e4
LT		 18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
8e87d142
YH		 20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
1da177e4
LT		 22 SOFTWARE IS DISCLAIMED.
23*/
24
25/* Bluetooth HCI event handling. */
26
1da177e4
LT		 27#include <asm/unaligned.h>
28
29#include <net/bluetooth/bluetooth.h>
30#include <net/bluetooth/hci_core.h>
f0d6a0ea 31#include <net/bluetooth/mgmt.h>
7ef9fbf0 32
7024728e 33#include "a2mp.h"
7ef9fbf0 34#include "amp.h"
1da177e4 35
1da177e4
LT		 36/* Handle HCI Event packets */
37
a9de9248 38static void hci_cc_inquiry_cancel(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 39{
a9de9248 40 __u8 status = *((__u8 *) skb->data);
1da177e4 41
9f1db00c 42 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1da177e4 43
82f4785c 44 if (status)
a9de9248 45 return;
1da177e4 46
89352e7d 47 clear_bit(HCI_INQUIRY, &hdev->flags);
3e13fa1e
AG		 48 smp_mb__after_clear_bit(); /* wake_up_bit advises about this barrier */
49 wake_up_bit(&hdev->flags, HCI_INQUIRY);
89352e7d 50
a9de9248
MH		 51 hci_conn_check_pending(hdev);
52}
6bd57416 53
4d93483b
AG		 54static void hci_cc_periodic_inq(struct hci_dev *hdev, struct sk_buff *skb)
55{
56 __u8 status = *((__u8 *) skb->data);
57
9f1db00c 58 BT_DBG("%s status 0x%2.2x", hdev->name, status);
ae854a70
AG		 59
60 if (status)
61 return;
62
63 set_bit(HCI_PERIODIC_INQ, &hdev->dev_flags);
4d93483b
AG		 64}
65
a9de9248
MH		 66static void hci_cc_exit_periodic_inq(struct hci_dev *hdev, struct sk_buff *skb)
67{
68 __u8 status = *((__u8 *) skb->data);
6bd57416 69
9f1db00c 70 BT_DBG("%s status 0x%2.2x", hdev->name, status);
6bd57416 71
a9de9248
MH		 72 if (status)
73 return;
1da177e4 74
ae854a70
AG		 75 clear_bit(HCI_PERIODIC_INQ, &hdev->dev_flags);
76
a9de9248
MH		 77 hci_conn_check_pending(hdev);
78}
79
807deac2
GP		 80static void hci_cc_remote_name_req_cancel(struct hci_dev *hdev,
81 struct sk_buff *skb)
a9de9248
MH		 82{
83 BT_DBG("%s", hdev->name);
84}
85
86static void hci_cc_role_discovery(struct hci_dev *hdev, struct sk_buff *skb)
87{
88 struct hci_rp_role_discovery *rp = (void *) skb->data;
89 struct hci_conn *conn;
90
9f1db00c 91 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
a9de9248
MH		 92
93 if (rp->status)
94 return;
95
96 hci_dev_lock(hdev);
97
98 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
99 if (conn) {
100 if (rp->role)
101 conn->link_mode &= ~HCI_LM_MASTER;
102 else
103 conn->link_mode |= HCI_LM_MASTER;
1da177e4 104 }
a9de9248
MH		 105
106 hci_dev_unlock(hdev);
1da177e4
LT		 107}
108
e4e8e37c
MH		 109static void hci_cc_read_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
110{
111 struct hci_rp_read_link_policy *rp = (void *) skb->data;
112 struct hci_conn *conn;
113
9f1db00c 114 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
e4e8e37c
MH		 115
116 if (rp->status)
117 return;
118
119 hci_dev_lock(hdev);
120
121 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
122 if (conn)
123 conn->link_policy = __le16_to_cpu(rp->policy);
124
125 hci_dev_unlock(hdev);
126}
127
a9de9248 128static void hci_cc_write_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 129{
a9de9248 130 struct hci_rp_write_link_policy *rp = (void *) skb->data;
1da177e4 131 struct hci_conn *conn;
04837f64 132 void *sent;
1da177e4 133
9f1db00c 134 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1da177e4 135
a9de9248
MH		 136 if (rp->status)
137 return;
1da177e4 138
a9de9248
MH		 139 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LINK_POLICY);
140 if (!sent)
141 return;
1da177e4 142
a9de9248 143 hci_dev_lock(hdev);
1da177e4 144
a9de9248 145 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
e4e8e37c 146 if (conn)
83985319 147 conn->link_policy = get_unaligned_le16(sent + 2);
1da177e4 148
a9de9248
MH		 149 hci_dev_unlock(hdev);
150}
1da177e4 151
807deac2
GP		 152static void hci_cc_read_def_link_policy(struct hci_dev *hdev,
153 struct sk_buff *skb)
e4e8e37c
MH		 154{
155 struct hci_rp_read_def_link_policy *rp = (void *) skb->data;
156
9f1db00c 157 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
e4e8e37c
MH		 158
159 if (rp->status)
160 return;
161
162 hdev->link_policy = __le16_to_cpu(rp->policy);
163}
164
807deac2
GP		 165static void hci_cc_write_def_link_policy(struct hci_dev *hdev,
166 struct sk_buff *skb)
e4e8e37c
MH		 167{
168 __u8 status = *((__u8 *) skb->data);
169 void *sent;
170
9f1db00c 171 BT_DBG("%s status 0x%2.2x", hdev->name, status);
e4e8e37c
MH		 172
173 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_DEF_LINK_POLICY);
174 if (!sent)
175 return;
176
177 if (!status)
178 hdev->link_policy = get_unaligned_le16(sent);
e4e8e37c
MH		 179}
180
a9de9248
MH		 181static void hci_cc_reset(struct hci_dev *hdev, struct sk_buff *skb)
182{
183 __u8 status = *((__u8 *) skb->data);
04837f64 184
9f1db00c 185 BT_DBG("%s status 0x%2.2x", hdev->name, status);
04837f64 186
10572132
GP		 187 clear_bit(HCI_RESET, &hdev->flags);
188
a297e97c 189 /* Reset all non-persistent flags */
2cc6fb00 190 hdev->dev_flags &= ~HCI_PERSISTENT_MASK;
69775ff6
AG		 191
192 hdev->discovery.state = DISCOVERY_STOPPED;
bbaf444a
JH		 193 hdev->inq_tx_power = HCI_TX_POWER_INVALID;
194 hdev->adv_tx_power = HCI_TX_POWER_INVALID;
3f0f524b
JH		 195
196 memset(hdev->adv_data, 0, sizeof(hdev->adv_data));
197 hdev->adv_data_len = 0;
f8e808bd
MH		 198
199 memset(hdev->scan_rsp_data, 0, sizeof(hdev->scan_rsp_data));
200 hdev->scan_rsp_data_len = 0;
06f5b778
MH		 201
202 hdev->ssp_debug_mode = 0;
a9de9248 203}
04837f64 204
a9de9248
MH		 205static void hci_cc_write_local_name(struct hci_dev *hdev, struct sk_buff *skb)
206{
207 __u8 status = *((__u8 *) skb->data);
208 void *sent;
04837f64 209
9f1db00c 210 BT_DBG("%s status 0x%2.2x", hdev->name, status);
04837f64 211
a9de9248
MH		 212 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LOCAL_NAME);
213 if (!sent)
214 return;
04837f64 215
56e5cb86
JH		 216 hci_dev_lock(hdev);
217
f51d5b24
JH		 218 if (test_bit(HCI_MGMT, &hdev->dev_flags))
219 mgmt_set_local_name_complete(hdev, sent, status);
28cc7bde
JH		 220 else if (!status)
221 memcpy(hdev->dev_name, sent, HCI_MAX_NAME_LENGTH);
f51d5b24 222
56e5cb86 223 hci_dev_unlock(hdev);
a9de9248
MH		 224}
225
226static void hci_cc_read_local_name(struct hci_dev *hdev, struct sk_buff *skb)
227{
228 struct hci_rp_read_local_name *rp = (void *) skb->data;
229
9f1db00c 230 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
a9de9248
MH		 231
232 if (rp->status)
233 return;
234
db99b5fc
JH		 235 if (test_bit(HCI_SETUP, &hdev->dev_flags))
236 memcpy(hdev->dev_name, rp->name, HCI_MAX_NAME_LENGTH);
a9de9248
MH		 237}
238
239static void hci_cc_write_auth_enable(struct hci_dev *hdev, struct sk_buff *skb)
240{
241 __u8 status = *((__u8 *) skb->data);
242 void *sent;
243
9f1db00c 244 BT_DBG("%s status 0x%2.2x", hdev->name, status);
a9de9248
MH		 245
246 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_AUTH_ENABLE);
247 if (!sent)
248 return;
249
250 if (!status) {
251 __u8 param = *((__u8 *) sent);
252
253 if (param == AUTH_ENABLED)
254 set_bit(HCI_AUTH, &hdev->flags);
255 else
256 clear_bit(HCI_AUTH, &hdev->flags);
1da177e4 257 }
a9de9248 258
33ef95ed
JH		 259 if (test_bit(HCI_MGMT, &hdev->dev_flags))
260 mgmt_auth_enable_complete(hdev, status);
1da177e4
LT		 261}
262
a9de9248 263static void hci_cc_write_encrypt_mode(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 264{
a9de9248 265 __u8 status = *((__u8 *) skb->data);
1da177e4
LT		 266 void *sent;
267
9f1db00c 268 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1da177e4 269
a9de9248
MH		 270 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_ENCRYPT_MODE);
271 if (!sent)
272 return;
1da177e4 273
a9de9248
MH		 274 if (!status) {
275 __u8 param = *((__u8 *) sent);
276
277 if (param)
278 set_bit(HCI_ENCRYPT, &hdev->flags);
279 else
280 clear_bit(HCI_ENCRYPT, &hdev->flags);
281 }
a9de9248 282}
1da177e4 283
a9de9248
MH		 284static void hci_cc_write_scan_enable(struct hci_dev *hdev, struct sk_buff *skb)
285{
36f7fc7e
JH		 286 __u8 param, status = *((__u8 *) skb->data);
287 int old_pscan, old_iscan;
a9de9248 288 void *sent;
1da177e4 289
9f1db00c 290 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1da177e4 291
a9de9248
MH		 292 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SCAN_ENABLE);
293 if (!sent)
294 return;
1da177e4 295
36f7fc7e
JH		 296 param = *((__u8 *) sent);
297
56e5cb86
JH		 298 hci_dev_lock(hdev);
299
fa1bd918 300 if (status) {
744cf19e 301 mgmt_write_scan_failed(hdev, param, status);
2d7cee58
JH		 302 hdev->discov_timeout = 0;
303 goto done;
304 }
305
0663ca2a
JH		 306 /* We need to ensure that we set this back on if someone changed
307 * the scan mode through a raw HCI socket.
308 */
309 set_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
310
36f7fc7e
JH		 311 old_pscan = test_and_clear_bit(HCI_PSCAN, &hdev->flags);
312 old_iscan = test_and_clear_bit(HCI_ISCAN, &hdev->flags);
313
314 if (param & SCAN_INQUIRY) {
315 set_bit(HCI_ISCAN, &hdev->flags);
316 if (!old_iscan)
744cf19e 317 mgmt_discoverable(hdev, 1);
36f7fc7e 318 } else if (old_iscan)
744cf19e 319 mgmt_discoverable(hdev, 0);
36f7fc7e
JH		 320
321 if (param & SCAN_PAGE) {
322 set_bit(HCI_PSCAN, &hdev->flags);
323 if (!old_pscan)
744cf19e 324 mgmt_connectable(hdev, 1);
36f7fc7e 325 } else if (old_pscan)
744cf19e 326 mgmt_connectable(hdev, 0);
1da177e4 327
36f7fc7e 328done:
56e5cb86 329 hci_dev_unlock(hdev);
a9de9248 330}
1da177e4 331
a9de9248
MH		 332static void hci_cc_read_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
333{
334 struct hci_rp_read_class_of_dev *rp = (void *) skb->data;
1da177e4 335
9f1db00c 336 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1da177e4 337
a9de9248
MH		 338 if (rp->status)
339 return;
1da177e4 340
a9de9248 341 memcpy(hdev->dev_class, rp->dev_class, 3);
1da177e4 342
a9de9248 343 BT_DBG("%s class 0x%.2x%.2x%.2x", hdev->name,
807deac2 344 hdev->dev_class[2], hdev->dev_class[1], hdev->dev_class[0]);
a9de9248 345}
1da177e4 346
a9de9248
MH		 347static void hci_cc_write_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
348{
349 __u8 status = *((__u8 *) skb->data);
350 void *sent;
1da177e4 351
9f1db00c 352 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1da177e4 353
a9de9248
MH		 354 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_CLASS_OF_DEV);
355 if (!sent)
356 return;
1da177e4 357
7f9a903c
MH		 358 hci_dev_lock(hdev);
359
360 if (status == 0)
361 memcpy(hdev->dev_class, sent, 3);
362
363 if (test_bit(HCI_MGMT, &hdev->dev_flags))
364 mgmt_set_class_of_dev_complete(hdev, sent, status);
365
366 hci_dev_unlock(hdev);
a9de9248 367}
1da177e4 368
a9de9248
MH		 369static void hci_cc_read_voice_setting(struct hci_dev *hdev, struct sk_buff *skb)
370{
371 struct hci_rp_read_voice_setting *rp = (void *) skb->data;
372 __u16 setting;
373
9f1db00c 374 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
a9de9248
MH		 375
376 if (rp->status)
377 return;
378
379 setting = __le16_to_cpu(rp->voice_setting);
380
f383f275 381 if (hdev->voice_setting == setting)
a9de9248
MH		 382 return;
383
384 hdev->voice_setting = setting;
385
9f1db00c 386 BT_DBG("%s voice setting 0x%4.4x", hdev->name, setting);
a9de9248 387
3c54711c 388 if (hdev->notify)
a9de9248 389 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
a9de9248
MH		 390}
391
8fc9ced3
GP		 392static void hci_cc_write_voice_setting(struct hci_dev *hdev,
393 struct sk_buff *skb)
a9de9248
MH		 394{
395 __u8 status = *((__u8 *) skb->data);
f383f275 396 __u16 setting;
a9de9248
MH		 397 void *sent;
398
9f1db00c 399 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1da177e4 400
f383f275
MH		 401 if (status)
402 return;
403
a9de9248
MH		 404 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_VOICE_SETTING);
405 if (!sent)
406 return;
1da177e4 407
f383f275 408 setting = get_unaligned_le16(sent);
1da177e4 409
f383f275
MH		 410 if (hdev->voice_setting == setting)
411 return;
412
413 hdev->voice_setting = setting;
1da177e4 414
9f1db00c 415 BT_DBG("%s voice setting 0x%4.4x", hdev->name, setting);
1da177e4 416
3c54711c 417 if (hdev->notify)
f383f275 418 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
1da177e4
LT		 419}
420
b4cb9fb2
MH		 421static void hci_cc_read_num_supported_iac(struct hci_dev *hdev,
422 struct sk_buff *skb)
423{
424 struct hci_rp_read_num_supported_iac *rp = (void *) skb->data;
425
426 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
427
428 if (rp->status)
429 return;
430
431 hdev->num_iac = rp->num_iac;
432
433 BT_DBG("%s num iac %d", hdev->name, hdev->num_iac);
434}
435
333140b5
MH		 436static void hci_cc_write_ssp_mode(struct hci_dev *hdev, struct sk_buff *skb)
437{
438 __u8 status = *((__u8 *) skb->data);
5ed8eb2f 439 struct hci_cp_write_ssp_mode *sent;
333140b5 440
9f1db00c 441 BT_DBG("%s status 0x%2.2x", hdev->name, status);
333140b5 442
333140b5
MH		 443 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SSP_MODE);
444 if (!sent)
445 return;
446
5ed8eb2f
JH		 447 if (!status) {
448 if (sent->mode)
cad718ed 449 hdev->features[1][0] |= LMP_HOST_SSP;
5ed8eb2f 450 else
cad718ed 451 hdev->features[1][0] &= ~LMP_HOST_SSP;
5ed8eb2f
JH		 452 }
453
ed2c4ee3 454 if (test_bit(HCI_MGMT, &hdev->dev_flags))
5ed8eb2f 455 mgmt_ssp_enable_complete(hdev, sent->mode, status);
c0ecddc2 456 else if (!status) {
5ed8eb2f 457 if (sent->mode)
c0ecddc2
JH		 458 set_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
459 else
460 clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
461 }
333140b5
MH		 462}
463
eac83dc6
MH		 464static void hci_cc_write_sc_support(struct hci_dev *hdev, struct sk_buff *skb)
465{
466 u8 status = *((u8 *) skb->data);
467 struct hci_cp_write_sc_support *sent;
468
469 BT_DBG("%s status 0x%2.2x", hdev->name, status);
470
471 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SC_SUPPORT);
472 if (!sent)
473 return;
474
475 if (!status) {
476 if (sent->support)
477 hdev->features[1][0] |= LMP_HOST_SC;
478 else
479 hdev->features[1][0] &= ~LMP_HOST_SC;
480 }
481
482 if (test_bit(HCI_MGMT, &hdev->dev_flags))
483 mgmt_sc_enable_complete(hdev, sent->support, status);
484 else if (!status) {
485 if (sent->support)
486 set_bit(HCI_SC_ENABLED, &hdev->dev_flags);
487 else
488 clear_bit(HCI_SC_ENABLED, &hdev->dev_flags);
489 }
490}
491
a9de9248
MH		 492static void hci_cc_read_local_version(struct hci_dev *hdev, struct sk_buff *skb)
493{
494 struct hci_rp_read_local_version *rp = (void *) skb->data;
1143e5a6 495
9f1db00c 496 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1143e5a6 497
a9de9248 498 if (rp->status)
42c6b129 499 return;
1143e5a6 500
0d5551f5
MH		 501 if (test_bit(HCI_SETUP, &hdev->dev_flags)) {
502 hdev->hci_ver = rp->hci_ver;
503 hdev->hci_rev = __le16_to_cpu(rp->hci_rev);
504 hdev->lmp_ver = rp->lmp_ver;
505 hdev->manufacturer = __le16_to_cpu(rp->manufacturer);
506 hdev->lmp_subver = __le16_to_cpu(rp->lmp_subver);
507 }
d5859e22
JH		 508}
509
8fc9ced3
GP		 510static void hci_cc_read_local_commands(struct hci_dev *hdev,
511 struct sk_buff *skb)
a9de9248
MH		 512{
513 struct hci_rp_read_local_commands *rp = (void *) skb->data;
1da177e4 514
9f1db00c 515 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1da177e4 516
6a070e6e
MH		 517 if (rp->status)
518 return;
519
520 if (test_bit(HCI_SETUP, &hdev->dev_flags))
2177bab5 521 memcpy(hdev->commands, rp->commands, sizeof(hdev->commands));
a9de9248 522}
1da177e4 523
8fc9ced3
GP		 524static void hci_cc_read_local_features(struct hci_dev *hdev,
525 struct sk_buff *skb)
a9de9248
MH		 526{
527 struct hci_rp_read_local_features *rp = (void *) skb->data;
5b7f9909 528
9f1db00c 529 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1da177e4 530
a9de9248
MH		 531 if (rp->status)
532 return;
5b7f9909 533
a9de9248 534 memcpy(hdev->features, rp->features, 8);
5b7f9909 535
a9de9248
MH		 536 /* Adjust default settings according to features
537 * supported by device. */
1da177e4 538
cad718ed 539 if (hdev->features[0][0] & LMP_3SLOT)
a9de9248 540 hdev->pkt_type |= (HCI_DM3 | HCI_DH3);
1da177e4 541
cad718ed 542 if (hdev->features[0][0] & LMP_5SLOT)
a9de9248 543 hdev->pkt_type |= (HCI_DM5 | HCI_DH5);
1da177e4 544
cad718ed 545 if (hdev->features[0][1] & LMP_HV2) {
a9de9248
MH		 546 hdev->pkt_type |= (HCI_HV2);
547 hdev->esco_type |= (ESCO_HV2);
548 }
1da177e4 549
cad718ed 550 if (hdev->features[0][1] & LMP_HV3) {
a9de9248
MH		 551 hdev->pkt_type |= (HCI_HV3);
552 hdev->esco_type |= (ESCO_HV3);
553 }
1da177e4 554
45db810f 555 if (lmp_esco_capable(hdev))
a9de9248 556 hdev->esco_type |= (ESCO_EV3);
da1f5198 557
cad718ed 558 if (hdev->features[0][4] & LMP_EV4)
a9de9248 559 hdev->esco_type |= (ESCO_EV4);
da1f5198 560
cad718ed 561 if (hdev->features[0][4] & LMP_EV5)
a9de9248 562 hdev->esco_type |= (ESCO_EV5);
1da177e4 563
cad718ed 564 if (hdev->features[0][5] & LMP_EDR_ESCO_2M)
efc7688b
MH		 565 hdev->esco_type |= (ESCO_2EV3);
566
cad718ed 567 if (hdev->features[0][5] & LMP_EDR_ESCO_3M)
efc7688b
MH		 568 hdev->esco_type |= (ESCO_3EV3);
569
cad718ed 570 if (hdev->features[0][5] & LMP_EDR_3S_ESCO)
efc7688b 571 hdev->esco_type |= (ESCO_2EV5 | ESCO_3EV5);
a9de9248 572}
1da177e4 573
971e3a4b 574static void hci_cc_read_local_ext_features(struct hci_dev *hdev,
807deac2 575 struct sk_buff *skb)
971e3a4b
AG		 576{
577 struct hci_rp_read_local_ext_features *rp = (void *) skb->data;
578
9f1db00c 579 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
971e3a4b
AG		 580
581 if (rp->status)
42c6b129 582 return;
971e3a4b 583
57af75a8
MH		 584 if (hdev->max_page < rp->max_page)
585 hdev->max_page = rp->max_page;
d2c5d77f 586
cad718ed
JH		 587 if (rp->page < HCI_MAX_PAGES)
588 memcpy(hdev->features[rp->page], rp->features, 8);
971e3a4b
AG		 589}
590
1e89cffb 591static void hci_cc_read_flow_control_mode(struct hci_dev *hdev,
807deac2 592 struct sk_buff *skb)
1e89cffb
AE		 593{
594 struct hci_rp_read_flow_control_mode *rp = (void *) skb->data;
595
9f1db00c 596 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1e89cffb 597
42c6b129
JH		 598 if (!rp->status)
599 hdev->flow_ctl_mode = rp->mode;
1e89cffb
AE		 600}
601
a9de9248
MH		 602static void hci_cc_read_buffer_size(struct hci_dev *hdev, struct sk_buff *skb)
603{
604 struct hci_rp_read_buffer_size *rp = (void *) skb->data;
1da177e4 605
9f1db00c 606 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1da177e4 607
a9de9248
MH		 608 if (rp->status)
609 return;
1da177e4 610
a9de9248
MH		 611 hdev->acl_mtu = __le16_to_cpu(rp->acl_mtu);
612 hdev->sco_mtu = rp->sco_mtu;
613 hdev->acl_pkts = __le16_to_cpu(rp->acl_max_pkt);
614 hdev->sco_pkts = __le16_to_cpu(rp->sco_max_pkt);
615
616 if (test_bit(HCI_QUIRK_FIXUP_BUFFER_SIZE, &hdev->quirks)) {
617 hdev->sco_mtu = 64;
618 hdev->sco_pkts = 8;
1da177e4 619 }
a9de9248
MH		 620
621 hdev->acl_cnt = hdev->acl_pkts;
622 hdev->sco_cnt = hdev->sco_pkts;
623
807deac2
GP		 624 BT_DBG("%s acl mtu %d:%d sco mtu %d:%d", hdev->name, hdev->acl_mtu,
625 hdev->acl_pkts, hdev->sco_mtu, hdev->sco_pkts);
a9de9248
MH		 626}
627
628static void hci_cc_read_bd_addr(struct hci_dev *hdev, struct sk_buff *skb)
629{
630 struct hci_rp_read_bd_addr *rp = (void *) skb->data;
631
9f1db00c 632 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
a9de9248
MH		 633
634 if (!rp->status)
635 bacpy(&hdev->bdaddr, &rp->bdaddr);
23bb5763
JH		 636}
637
f332ec66
JH		 638static void hci_cc_read_page_scan_activity(struct hci_dev *hdev,
639 struct sk_buff *skb)
640{
641 struct hci_rp_read_page_scan_activity *rp = (void *) skb->data;
642
643 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
644
645 if (test_bit(HCI_INIT, &hdev->flags) && !rp->status) {
646 hdev->page_scan_interval = __le16_to_cpu(rp->interval);
647 hdev->page_scan_window = __le16_to_cpu(rp->window);
648 }
649}
650
4a3ee763
JH		 651static void hci_cc_write_page_scan_activity(struct hci_dev *hdev,
652 struct sk_buff *skb)
653{
654 u8 status = *((u8 *) skb->data);
655 struct hci_cp_write_page_scan_activity *sent;
656
657 BT_DBG("%s status 0x%2.2x", hdev->name, status);
658
659 if (status)
660 return;
661
662 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY);
663 if (!sent)
664 return;
665
666 hdev->page_scan_interval = __le16_to_cpu(sent->interval);
667 hdev->page_scan_window = __le16_to_cpu(sent->window);
668}
669
f332ec66
JH		 670static void hci_cc_read_page_scan_type(struct hci_dev *hdev,
671 struct sk_buff *skb)
672{
673 struct hci_rp_read_page_scan_type *rp = (void *) skb->data;
674
675 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
676
677 if (test_bit(HCI_INIT, &hdev->flags) && !rp->status)
678 hdev->page_scan_type = rp->type;
679}
680
4a3ee763
JH		 681static void hci_cc_write_page_scan_type(struct hci_dev *hdev,
682 struct sk_buff *skb)
683{
684 u8 status = *((u8 *) skb->data);
685 u8 *type;
686
687 BT_DBG("%s status 0x%2.2x", hdev->name, status);
688
689 if (status)
690 return;
691
692 type = hci_sent_cmd_data(hdev, HCI_OP_WRITE_PAGE_SCAN_TYPE);
693 if (type)
694 hdev->page_scan_type = *type;
695}
696
350ee4cf 697static void hci_cc_read_data_block_size(struct hci_dev *hdev,
807deac2 698 struct sk_buff *skb)
350ee4cf
AE		 699{
700 struct hci_rp_read_data_block_size *rp = (void *) skb->data;
701
9f1db00c 702 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
350ee4cf
AE		 703
704 if (rp->status)
705 return;
706
707 hdev->block_mtu = __le16_to_cpu(rp->max_acl_len);
708 hdev->block_len = __le16_to_cpu(rp->block_len);
709 hdev->num_blocks = __le16_to_cpu(rp->num_blocks);
710
711 hdev->block_cnt = hdev->num_blocks;
712
713 BT_DBG("%s blk mtu %d cnt %d len %d", hdev->name, hdev->block_mtu,
807deac2 714 hdev->block_cnt, hdev->block_len);
350ee4cf
AE		 715}
716
928abaa7 717static void hci_cc_read_local_amp_info(struct hci_dev *hdev,
807deac2 718 struct sk_buff *skb)
928abaa7
AE		 719{
720 struct hci_rp_read_local_amp_info *rp = (void *) skb->data;
721
9f1db00c 722 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
928abaa7
AE		 723
724 if (rp->status)
8e2a0d92 725 goto a2mp_rsp;
928abaa7
AE		 726
727 hdev->amp_status = rp->amp_status;
728 hdev->amp_total_bw = __le32_to_cpu(rp->total_bw);
729 hdev->amp_max_bw = __le32_to_cpu(rp->max_bw);
730 hdev->amp_min_latency = __le32_to_cpu(rp->min_latency);
731 hdev->amp_max_pdu = __le32_to_cpu(rp->max_pdu);
732 hdev->amp_type = rp->amp_type;
733 hdev->amp_pal_cap = __le16_to_cpu(rp->pal_cap);
734 hdev->amp_assoc_size = __le16_to_cpu(rp->max_assoc_size);
735 hdev->amp_be_flush_to = __le32_to_cpu(rp->be_flush_to);
736 hdev->amp_max_flush_to = __le32_to_cpu(rp->max_flush_to);
737
8e2a0d92
AE		 738a2mp_rsp:
739 a2mp_send_getinfo_rsp(hdev);
928abaa7
AE		 740}
741
903e4541
AE		 742static void hci_cc_read_local_amp_assoc(struct hci_dev *hdev,
743 struct sk_buff *skb)
744{
745 struct hci_rp_read_local_amp_assoc *rp = (void *) skb->data;
746 struct amp_assoc *assoc = &hdev->loc_assoc;
747 size_t rem_len, frag_len;
748
749 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
750
751 if (rp->status)
752 goto a2mp_rsp;
753
754 frag_len = skb->len - sizeof(*rp);
755 rem_len = __le16_to_cpu(rp->rem_len);
756
757 if (rem_len > frag_len) {
2e430be3 758 BT_DBG("frag_len %zu rem_len %zu", frag_len, rem_len);
903e4541
AE		 759
760 memcpy(assoc->data + assoc->offset, rp->frag, frag_len);
761 assoc->offset += frag_len;
762
763 /* Read other fragments */
764 amp_read_loc_assoc_frag(hdev, rp->phy_handle);
765
766 return;
767 }
768
769 memcpy(assoc->data + assoc->offset, rp->frag, rem_len);
770 assoc->len = assoc->offset + rem_len;
771 assoc->offset = 0;
772
773a2mp_rsp:
774 /* Send A2MP Rsp when all fragments are received */
775 a2mp_send_getampassoc_rsp(hdev, rp->status);
9495b2ee 776 a2mp_send_create_phy_link_req(hdev, rp->status);
903e4541
AE		 777}
778
d5859e22 779static void hci_cc_read_inq_rsp_tx_power(struct hci_dev *hdev,
807deac2 780 struct sk_buff *skb)
d5859e22 781{
91c4e9b1 782 struct hci_rp_read_inq_rsp_tx_power *rp = (void *) skb->data;
d5859e22 783
9f1db00c 784 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
91c4e9b1
MH		 785
786 if (!rp->status)
787 hdev->inq_tx_power = rp->tx_power;
d5859e22
JH		 788}
789
980e1a53
JH		 790static void hci_cc_pin_code_reply(struct hci_dev *hdev, struct sk_buff *skb)
791{
792 struct hci_rp_pin_code_reply *rp = (void *) skb->data;
793 struct hci_cp_pin_code_reply *cp;
794 struct hci_conn *conn;
795
9f1db00c 796 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
980e1a53 797
56e5cb86
JH		 798 hci_dev_lock(hdev);
799
a8b2d5c2 800 if (test_bit(HCI_MGMT, &hdev->dev_flags))
744cf19e 801 mgmt_pin_code_reply_complete(hdev, &rp->bdaddr, rp->status);
980e1a53 802
fa1bd918 803 if (rp->status)
56e5cb86 804 goto unlock;
980e1a53
JH		 805
806 cp = hci_sent_cmd_data(hdev, HCI_OP_PIN_CODE_REPLY);
807 if (!cp)
56e5cb86 808 goto unlock;
980e1a53
JH		 809
810 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
811 if (conn)
812 conn->pin_length = cp->pin_len;
56e5cb86
JH		 813
814unlock:
815 hci_dev_unlock(hdev);
980e1a53
JH		 816}
817
818static void hci_cc_pin_code_neg_reply(struct hci_dev *hdev, struct sk_buff *skb)
819{
820 struct hci_rp_pin_code_neg_reply *rp = (void *) skb->data;
821
9f1db00c 822 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
980e1a53 823
56e5cb86
JH		 824 hci_dev_lock(hdev);
825
a8b2d5c2 826 if (test_bit(HCI_MGMT, &hdev->dev_flags))
744cf19e 827 mgmt_pin_code_neg_reply_complete(hdev, &rp->bdaddr,
807deac2 828 rp->status);
56e5cb86
JH		 829
830 hci_dev_unlock(hdev);
980e1a53 831}
56e5cb86 832
6ed58ec5
VT		 833static void hci_cc_le_read_buffer_size(struct hci_dev *hdev,
834 struct sk_buff *skb)
835{
836 struct hci_rp_le_read_buffer_size *rp = (void *) skb->data;
837
9f1db00c 838 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
6ed58ec5
VT		 839
840 if (rp->status)
841 return;
842
843 hdev->le_mtu = __le16_to_cpu(rp->le_mtu);
844 hdev->le_pkts = rp->le_max_pkt;
845
846 hdev->le_cnt = hdev->le_pkts;
847
848 BT_DBG("%s le mtu %d:%d", hdev->name, hdev->le_mtu, hdev->le_pkts);
6ed58ec5 849}
980e1a53 850
60e77321
JH		 851static void hci_cc_le_read_local_features(struct hci_dev *hdev,
852 struct sk_buff *skb)
853{
854 struct hci_rp_le_read_local_features *rp = (void *) skb->data;
855
856 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
857
858 if (!rp->status)
859 memcpy(hdev->le_features, rp->features, 8);
60e77321
JH		 860}
861
8fa19098
JH		 862static void hci_cc_le_read_adv_tx_power(struct hci_dev *hdev,
863 struct sk_buff *skb)
864{
865 struct hci_rp_le_read_adv_tx_power *rp = (void *) skb->data;
866
867 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
868
04b4edcb 869 if (!rp->status)
8fa19098 870 hdev->adv_tx_power = rp->tx_power;
8fa19098
JH		 871}
872
a5c29683
JH		 873static void hci_cc_user_confirm_reply(struct hci_dev *hdev, struct sk_buff *skb)
874{
875 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
876
9f1db00c 877 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
a5c29683 878
56e5cb86
JH		 879 hci_dev_lock(hdev);
880
a8b2d5c2 881 if (test_bit(HCI_MGMT, &hdev->dev_flags))
04124681
GP		 882 mgmt_user_confirm_reply_complete(hdev, &rp->bdaddr, ACL_LINK, 0,
883 rp->status);
56e5cb86
JH		 884
885 hci_dev_unlock(hdev);
a5c29683
JH		 886}
887
888static void hci_cc_user_confirm_neg_reply(struct hci_dev *hdev,
807deac2 889 struct sk_buff *skb)
a5c29683
JH		 890{
891 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
892
9f1db00c 893 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
a5c29683 894
56e5cb86
JH		 895 hci_dev_lock(hdev);
896
a8b2d5c2 897 if (test_bit(HCI_MGMT, &hdev->dev_flags))
744cf19e 898 mgmt_user_confirm_neg_reply_complete(hdev, &rp->bdaddr,
04124681 899 ACL_LINK, 0, rp->status);
56e5cb86
JH		 900
901 hci_dev_unlock(hdev);
a5c29683
JH		 902}
903
1143d458
BG		 904static void hci_cc_user_passkey_reply(struct hci_dev *hdev, struct sk_buff *skb)
905{
906 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
907
9f1db00c 908 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1143d458
BG		 909
910 hci_dev_lock(hdev);
911
a8b2d5c2 912 if (test_bit(HCI_MGMT, &hdev->dev_flags))
272d90df 913 mgmt_user_passkey_reply_complete(hdev, &rp->bdaddr, ACL_LINK,
04124681 914 0, rp->status);
1143d458
BG		 915
916 hci_dev_unlock(hdev);
917}
918
919static void hci_cc_user_passkey_neg_reply(struct hci_dev *hdev,
807deac2 920 struct sk_buff *skb)
1143d458
BG		 921{
922 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
923
9f1db00c 924 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1143d458
BG		 925
926 hci_dev_lock(hdev);
927
a8b2d5c2 928 if (test_bit(HCI_MGMT, &hdev->dev_flags))
1143d458 929 mgmt_user_passkey_neg_reply_complete(hdev, &rp->bdaddr,
04124681 930 ACL_LINK, 0, rp->status);
1143d458
BG		 931
932 hci_dev_unlock(hdev);
933}
934
4d2d2796
MH		 935static void hci_cc_read_local_oob_data(struct hci_dev *hdev,
936 struct sk_buff *skb)
c35938b2
SJ		 937{
938 struct hci_rp_read_local_oob_data *rp = (void *) skb->data;
939
9f1db00c 940 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
c35938b2 941
56e5cb86 942 hci_dev_lock(hdev);
4d2d2796
MH		 943 mgmt_read_local_oob_data_complete(hdev, rp->hash, rp->randomizer,
944 NULL, NULL, rp->status);
945 hci_dev_unlock(hdev);
946}
947
948static void hci_cc_read_local_oob_ext_data(struct hci_dev *hdev,
949 struct sk_buff *skb)
950{
951 struct hci_rp_read_local_oob_ext_data *rp = (void *) skb->data;
952
953 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
954
955 hci_dev_lock(hdev);
956 mgmt_read_local_oob_data_complete(hdev, rp->hash192, rp->randomizer192,
957 rp->hash256, rp->randomizer256,
958 rp->status);
56e5cb86 959 hci_dev_unlock(hdev);
c35938b2
SJ		 960}
961
7a4cd51d
MH		 962
963static void hci_cc_le_set_random_addr(struct hci_dev *hdev, struct sk_buff *skb)
964{
965 __u8 status = *((__u8 *) skb->data);
966 bdaddr_t *sent;
967
968 BT_DBG("%s status 0x%2.2x", hdev->name, status);
969
970 sent = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_RANDOM_ADDR);
971 if (!sent)
972 return;
973
974 hci_dev_lock(hdev);
975
976 if (!status)
977 bacpy(&hdev->random_addr, sent);
978
979 hci_dev_unlock(hdev);
980}
981
c1d5dc4a
JH		 982static void hci_cc_le_set_adv_enable(struct hci_dev *hdev, struct sk_buff *skb)
983{
984 __u8 *sent, status = *((__u8 *) skb->data);
985
986 BT_DBG("%s status 0x%2.2x", hdev->name, status);
987
988 sent = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_ADV_ENABLE);
989 if (!sent)
990 return;
991
992 hci_dev_lock(hdev);
993
778b235a
JH		 994 if (!status)
995 mgmt_advertising(hdev, *sent);
c1d5dc4a 996
04b4edcb 997 hci_dev_unlock(hdev);
c1d5dc4a
JH		 998}
999
eb9d91f5 1000static void hci_cc_le_set_scan_enable(struct hci_dev *hdev,
807deac2 1001 struct sk_buff *skb)
eb9d91f5
AG		 1002{
1003 struct hci_cp_le_set_scan_enable *cp;
1004 __u8 status = *((__u8 *) skb->data);
1005
9f1db00c 1006 BT_DBG("%s status 0x%2.2x", hdev->name, status);
eb9d91f5 1007
eb9d91f5
AG		 1008 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_SCAN_ENABLE);
1009 if (!cp)
1010 return;
1011
3fd319b8
AG		 1012 if (status)
1013 return;
1014
68a8aea4 1015 switch (cp->enable) {
76a388be 1016 case LE_SCAN_ENABLE:
d23264a8 1017 set_bit(HCI_LE_SCAN, &hdev->dev_flags);
68a8aea4
AE		 1018 break;
1019
76a388be 1020 case LE_SCAN_DISABLE:
317ac8cb
JH		 1021 /* Cancel this timer so that we don't try to disable scanning
1022 * when it's already disabled.
1023 */
1024 cancel_delayed_work(&hdev->le_scan_disable);
1025
d23264a8 1026 clear_bit(HCI_LE_SCAN, &hdev->dev_flags);
68a8aea4
AE		 1027 break;
1028
1029 default:
1030 BT_ERR("Used reserved LE_Scan_Enable param %d", cp->enable);
1031 break;
35815085 1032 }
eb9d91f5
AG		 1033}
1034
cf1d081f
JH		 1035static void hci_cc_le_read_white_list_size(struct hci_dev *hdev,
1036 struct sk_buff *skb)
1037{
1038 struct hci_rp_le_read_white_list_size *rp = (void *) skb->data;
1039
1040 BT_DBG("%s status 0x%2.2x size %u", hdev->name, rp->status, rp->size);
1041
1042 if (!rp->status)
1043 hdev->le_white_list_size = rp->size;
cf1d081f
JH		 1044}
1045
0f36b589
MH		 1046static void hci_cc_le_clear_white_list(struct hci_dev *hdev,
1047 struct sk_buff *skb)
1048{
1049 __u8 status = *((__u8 *) skb->data);
1050
1051 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1052
1053 if (!status)
1054 hci_white_list_clear(hdev);
1055}
1056
1057static void hci_cc_le_add_to_white_list(struct hci_dev *hdev,
1058 struct sk_buff *skb)
1059{
1060 struct hci_cp_le_add_to_white_list *sent;
1061 __u8 status = *((__u8 *) skb->data);
1062
1063 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1064
1065 sent = hci_sent_cmd_data(hdev, HCI_OP_LE_ADD_TO_WHITE_LIST);
1066 if (!sent)
1067 return;
1068
1069 if (!status)
1070 hci_white_list_add(hdev, &sent->bdaddr, sent->bdaddr_type);
1071}
1072
1073static void hci_cc_le_del_from_white_list(struct hci_dev *hdev,
1074 struct sk_buff *skb)
1075{
1076 struct hci_cp_le_del_from_white_list *sent;
1077 __u8 status = *((__u8 *) skb->data);
1078
1079 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1080
1081 sent = hci_sent_cmd_data(hdev, HCI_OP_LE_DEL_FROM_WHITE_LIST);
1082 if (!sent)
1083 return;
1084
1085 if (!status)
1086 hci_white_list_del(hdev, &sent->bdaddr, sent->bdaddr_type);
1087}
1088
9b008c04
JH		 1089static void hci_cc_le_read_supported_states(struct hci_dev *hdev,
1090 struct sk_buff *skb)
1091{
1092 struct hci_rp_le_read_supported_states *rp = (void *) skb->data;
1093
1094 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1095
1096 if (!rp->status)
1097 memcpy(hdev->le_states, rp->le_states, 8);
9b008c04
JH		 1098}
1099
6039aa73
GP		 1100static void hci_cc_write_le_host_supported(struct hci_dev *hdev,
1101 struct sk_buff *skb)
f9b49306 1102{
06199cf8 1103 struct hci_cp_write_le_host_supported *sent;
f9b49306
AG		 1104 __u8 status = *((__u8 *) skb->data);
1105
9f1db00c 1106 BT_DBG("%s status 0x%2.2x", hdev->name, status);
f9b49306 1107
06199cf8 1108 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED);
8f984dfa 1109 if (!sent)
f9b49306
AG		 1110 return;
1111
8f984dfa 1112 if (!status) {
416a4ae5 1113 if (sent->le) {
cad718ed 1114 hdev->features[1][0] |= LMP_HOST_LE;
416a4ae5
JH		 1115 set_bit(HCI_LE_ENABLED, &hdev->dev_flags);
1116 } else {
cad718ed 1117 hdev->features[1][0] &= ~LMP_HOST_LE;
416a4ae5 1118 clear_bit(HCI_LE_ENABLED, &hdev->dev_flags);
f3d3444a 1119 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
416a4ae5 1120 }
53b2caab
JH		 1121
1122 if (sent->simul)
cad718ed 1123 hdev->features[1][0] |= LMP_HOST_LE_BREDR;
53b2caab 1124 else
cad718ed 1125 hdev->features[1][0] &= ~LMP_HOST_LE_BREDR;
8f984dfa 1126 }
f9b49306
AG		 1127}
1128
56ed2cb8
JH		 1129static void hci_cc_set_adv_param(struct hci_dev *hdev, struct sk_buff *skb)
1130{
1131 struct hci_cp_le_set_adv_param *cp;
1132 u8 status = *((u8 *) skb->data);
1133
1134 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1135
1136 if (status)
1137 return;
1138
1139 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_ADV_PARAM);
1140 if (!cp)
1141 return;
1142
1143 hci_dev_lock(hdev);
1144 hdev->adv_addr_type = cp->own_address_type;
1145 hci_dev_unlock(hdev);
1146}
1147
93c284ee
AE		 1148static void hci_cc_write_remote_amp_assoc(struct hci_dev *hdev,
1149 struct sk_buff *skb)
1150{
1151 struct hci_rp_write_remote_amp_assoc *rp = (void *) skb->data;
1152
1153 BT_DBG("%s status 0x%2.2x phy_handle 0x%2.2x",
1154 hdev->name, rp->status, rp->phy_handle);
1155
1156 if (rp->status)
1157 return;
1158
1159 amp_write_rem_assoc_continue(hdev, rp->phy_handle);
1160}
1161
6039aa73 1162static void hci_cs_inquiry(struct hci_dev *hdev, __u8 status)
a9de9248 1163{
9f1db00c 1164 BT_DBG("%s status 0x%2.2x", hdev->name, status);
a9de9248
MH		 1165
1166 if (status) {
a9de9248 1167 hci_conn_check_pending(hdev);
314b2381
JH		 1168 return;
1169 }
1170
89352e7d 1171 set_bit(HCI_INQUIRY, &hdev->flags);
1da177e4
LT		 1172}
1173
6039aa73 1174static void hci_cs_create_conn(struct hci_dev *hdev, __u8 status)
1da177e4 1175{
a9de9248 1176 struct hci_cp_create_conn *cp;
1da177e4 1177 struct hci_conn *conn;
1da177e4 1178
9f1db00c 1179 BT_DBG("%s status 0x%2.2x", hdev->name, status);
a9de9248
MH		 1180
1181 cp = hci_sent_cmd_data(hdev, HCI_OP_CREATE_CONN);
1da177e4
LT		 1182 if (!cp)
1183 return;
1184
1185 hci_dev_lock(hdev);
1186
1187 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1188
6ed93dc6 1189 BT_DBG("%s bdaddr %pMR hcon %p", hdev->name, &cp->bdaddr, conn);
1da177e4
LT		 1190
1191 if (status) {
1192 if (conn && conn->state == BT_CONNECT) {
4c67bc74
MH		 1193 if (status != 0x0c || conn->attempt > 2) {
1194 conn->state = BT_CLOSED;
1195 hci_proto_connect_cfm(conn, status);
1196 hci_conn_del(conn);
1197 } else
1198 conn->state = BT_CONNECT2;
1da177e4
LT		 1199 }
1200 } else {
1201 if (!conn) {
1202 conn = hci_conn_add(hdev, ACL_LINK, &cp->bdaddr);
1203 if (conn) {
a0c808b3 1204 conn->out = true;
1da177e4
LT		 1205 conn->link_mode |= HCI_LM_MASTER;
1206 } else
893ef971 1207 BT_ERR("No memory for new connection");
1da177e4
LT		 1208 }
1209 }
1210
1211 hci_dev_unlock(hdev);
1212}
1213
a9de9248 1214static void hci_cs_add_sco(struct hci_dev *hdev, __u8 status)
1da177e4 1215{
a9de9248
MH		 1216 struct hci_cp_add_sco *cp;
1217 struct hci_conn *acl, *sco;
1218 __u16 handle;
1da177e4 1219
9f1db00c 1220 BT_DBG("%s status 0x%2.2x", hdev->name, status);
b6a0dc82 1221
a9de9248
MH		 1222 if (!status)
1223 return;
1da177e4 1224
a9de9248
MH		 1225 cp = hci_sent_cmd_data(hdev, HCI_OP_ADD_SCO);
1226 if (!cp)
1227 return;
1da177e4 1228
a9de9248 1229 handle = __le16_to_cpu(cp->handle);
1da177e4 1230
9f1db00c 1231 BT_DBG("%s handle 0x%4.4x", hdev->name, handle);
1da177e4 1232
a9de9248 1233 hci_dev_lock(hdev);
1da177e4 1234
a9de9248 1235 acl = hci_conn_hash_lookup_handle(hdev, handle);
5a08ecce
AE		 1236 if (acl) {
1237 sco = acl->link;
1238 if (sco) {
1239 sco->state = BT_CLOSED;
1da177e4 1240
5a08ecce
AE		 1241 hci_proto_connect_cfm(sco, status);
1242 hci_conn_del(sco);
1243 }
a9de9248 1244 }
1da177e4 1245
a9de9248
MH		 1246 hci_dev_unlock(hdev);
1247}
1da177e4 1248
f8558555
MH		 1249static void hci_cs_auth_requested(struct hci_dev *hdev, __u8 status)
1250{
1251 struct hci_cp_auth_requested *cp;
1252 struct hci_conn *conn;
1253
9f1db00c 1254 BT_DBG("%s status 0x%2.2x", hdev->name, status);
f8558555
MH		 1255
1256 if (!status)
1257 return;
1258
1259 cp = hci_sent_cmd_data(hdev, HCI_OP_AUTH_REQUESTED);
1260 if (!cp)
1261 return;
1262
1263 hci_dev_lock(hdev);
1264
1265 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1266 if (conn) {
1267 if (conn->state == BT_CONFIG) {
1268 hci_proto_connect_cfm(conn, status);
76a68ba0 1269 hci_conn_drop(conn);
f8558555
MH		 1270 }
1271 }
1272
1273 hci_dev_unlock(hdev);
1274}
1275
1276static void hci_cs_set_conn_encrypt(struct hci_dev *hdev, __u8 status)
1277{
1278 struct hci_cp_set_conn_encrypt *cp;
1279 struct hci_conn *conn;
1280
9f1db00c 1281 BT_DBG("%s status 0x%2.2x", hdev->name, status);
f8558555
MH		 1282
1283 if (!status)
1284 return;
1285
1286 cp = hci_sent_cmd_data(hdev, HCI_OP_SET_CONN_ENCRYPT);
1287 if (!cp)
1288 return;
1289
1290 hci_dev_lock(hdev);
1291
1292 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1293 if (conn) {
1294 if (conn->state == BT_CONFIG) {
1295 hci_proto_connect_cfm(conn, status);
76a68ba0 1296 hci_conn_drop(conn);
f8558555
MH		 1297 }
1298 }
1299
1300 hci_dev_unlock(hdev);
1301}
1302
127178d2 1303static int hci_outgoing_auth_needed(struct hci_dev *hdev,
807deac2 1304 struct hci_conn *conn)
392599b9 1305{
392599b9
JH		 1306 if (conn->state != BT_CONFIG || !conn->out)
1307 return 0;
1308
765c2a96 1309 if (conn->pending_sec_level == BT_SECURITY_SDP)
392599b9
JH		 1310 return 0;
1311
1312 /* Only request authentication for SSP connections or non-SSP
264b8b4e
JH		 1313 * devices with sec_level MEDIUM or HIGH or if MITM protection
1314 * is requested.
1315 */
807deac2 1316 if (!hci_conn_ssp_enabled(conn) && !(conn->auth_type & 0x01) &&
264b8b4e
JH		 1317 conn->pending_sec_level != BT_SECURITY_HIGH &&
1318 conn->pending_sec_level != BT_SECURITY_MEDIUM)
392599b9
JH		 1319 return 0;
1320
392599b9
JH		 1321 return 1;
1322}
1323
6039aa73 1324static int hci_resolve_name(struct hci_dev *hdev,
04124681 1325 struct inquiry_entry *e)
30dc78e1
JH		 1326{
1327 struct hci_cp_remote_name_req cp;
1328
1329 memset(&cp, 0, sizeof(cp));
1330
1331 bacpy(&cp.bdaddr, &e->data.bdaddr);
1332 cp.pscan_rep_mode = e->data.pscan_rep_mode;
1333 cp.pscan_mode = e->data.pscan_mode;
1334 cp.clock_offset = e->data.clock_offset;
1335
1336 return hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
1337}
1338
b644ba33 1339static bool hci_resolve_next_name(struct hci_dev *hdev)
30dc78e1
JH		 1340{
1341 struct discovery_state *discov = &hdev->discovery;
1342 struct inquiry_entry *e;
1343
b644ba33
JH		 1344 if (list_empty(&discov->resolve))
1345 return false;
1346
1347 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_NEEDED);
c810089c
RM		 1348 if (!e)
1349 return false;
1350
b644ba33
JH		 1351 if (hci_resolve_name(hdev, e) == 0) {
1352 e->name_state = NAME_PENDING;
1353 return true;
1354 }
1355
1356 return false;
1357}
1358
1359static void hci_check_pending_name(struct hci_dev *hdev, struct hci_conn *conn,
04124681 1360 bdaddr_t *bdaddr, u8 *name, u8 name_len)
b644ba33
JH		 1361{
1362 struct discovery_state *discov = &hdev->discovery;
1363 struct inquiry_entry *e;
1364
1365 if (conn && !test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
04124681
GP		 1366 mgmt_device_connected(hdev, bdaddr, ACL_LINK, 0x00, 0, name,
1367 name_len, conn->dev_class);
b644ba33
JH		 1368
1369 if (discov->state == DISCOVERY_STOPPED)
1370 return;
1371
30dc78e1
JH		 1372 if (discov->state == DISCOVERY_STOPPING)
1373 goto discov_complete;
1374
1375 if (discov->state != DISCOVERY_RESOLVING)
1376 return;
1377
1378 e = hci_inquiry_cache_lookup_resolve(hdev, bdaddr, NAME_PENDING);
7cc8380e
RM		 1379 /* If the device was not found in a list of found devices names of which
1380 * are pending. there is no need to continue resolving a next name as it
1381 * will be done upon receiving another Remote Name Request Complete
1382 * Event */
1383 if (!e)
1384 return;
1385
1386 list_del(&e->list);
1387 if (name) {
30dc78e1 1388 e->name_state = NAME_KNOWN;
7cc8380e
RM		 1389 mgmt_remote_name(hdev, bdaddr, ACL_LINK, 0x00,
1390 e->data.rssi, name, name_len);
c3e7c0d9
RM		 1391 } else {
1392 e->name_state = NAME_NOT_KNOWN;
30dc78e1
JH		 1393 }
1394
b644ba33 1395 if (hci_resolve_next_name(hdev))
30dc78e1 1396 return;
30dc78e1
JH		 1397
1398discov_complete:
1399 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1400}
1401
a9de9248
MH		 1402static void hci_cs_remote_name_req(struct hci_dev *hdev, __u8 status)
1403{
127178d2
JH		 1404 struct hci_cp_remote_name_req *cp;
1405 struct hci_conn *conn;
1406
9f1db00c 1407 BT_DBG("%s status 0x%2.2x", hdev->name, status);
127178d2
JH		 1408
1409 /* If successful wait for the name req complete event before
1410 * checking for the need to do authentication */
1411 if (!status)
1412 return;
1413
1414 cp = hci_sent_cmd_data(hdev, HCI_OP_REMOTE_NAME_REQ);
1415 if (!cp)
1416 return;
1417
1418 hci_dev_lock(hdev);
1419
b644ba33
JH		 1420 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1421
a8b2d5c2 1422 if (test_bit(HCI_MGMT, &hdev->dev_flags))
b644ba33 1423 hci_check_pending_name(hdev, conn, &cp->bdaddr, NULL, 0);
30dc78e1 1424
79c6c70c
JH		 1425 if (!conn)
1426 goto unlock;
1427
1428 if (!hci_outgoing_auth_needed(hdev, conn))
1429 goto unlock;
1430
51a8efd7 1431 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
c1f23a2b
JB		 1432 struct hci_cp_auth_requested auth_cp;
1433
1434 auth_cp.handle = __cpu_to_le16(conn->handle);
1435 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED,
1436 sizeof(auth_cp), &auth_cp);
127178d2
JH		 1437 }
1438
79c6c70c 1439unlock:
127178d2 1440 hci_dev_unlock(hdev);
a9de9248 1441}
1da177e4 1442
769be974
MH		 1443static void hci_cs_read_remote_features(struct hci_dev *hdev, __u8 status)
1444{
1445 struct hci_cp_read_remote_features *cp;
1446 struct hci_conn *conn;
1447
9f1db00c 1448 BT_DBG("%s status 0x%2.2x", hdev->name, status);
769be974
MH		 1449
1450 if (!status)
1451 return;
1452
1453 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_FEATURES);
1454 if (!cp)
1455 return;
1456
1457 hci_dev_lock(hdev);
1458
1459 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1460 if (conn) {
1461 if (conn->state == BT_CONFIG) {
769be974 1462 hci_proto_connect_cfm(conn, status);
76a68ba0 1463 hci_conn_drop(conn);
769be974
MH		 1464 }
1465 }
1466
1467 hci_dev_unlock(hdev);
1468}
1469
1470static void hci_cs_read_remote_ext_features(struct hci_dev *hdev, __u8 status)
1471{
1472 struct hci_cp_read_remote_ext_features *cp;
1473 struct hci_conn *conn;
1474
9f1db00c 1475 BT_DBG("%s status 0x%2.2x", hdev->name, status);
769be974
MH		 1476
1477 if (!status)
1478 return;
1479
1480 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES);
1481 if (!cp)
1482 return;
1483
1484 hci_dev_lock(hdev);
1485
1486 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1487 if (conn) {
1488 if (conn->state == BT_CONFIG) {
769be974 1489 hci_proto_connect_cfm(conn, status);
76a68ba0 1490 hci_conn_drop(conn);
769be974
MH		 1491 }
1492 }
1493
1494 hci_dev_unlock(hdev);
1495}
1496
a9de9248
MH		 1497static void hci_cs_setup_sync_conn(struct hci_dev *hdev, __u8 status)
1498{
b6a0dc82
MH		 1499 struct hci_cp_setup_sync_conn *cp;
1500 struct hci_conn *acl, *sco;
1501 __u16 handle;
1502
9f1db00c 1503 BT_DBG("%s status 0x%2.2x", hdev->name, status);
b6a0dc82
MH		 1504
1505 if (!status)
1506 return;
1507
1508 cp = hci_sent_cmd_data(hdev, HCI_OP_SETUP_SYNC_CONN);
1509 if (!cp)
1510 return;
1511
1512 handle = __le16_to_cpu(cp->handle);
1513
9f1db00c 1514 BT_DBG("%s handle 0x%4.4x", hdev->name, handle);
b6a0dc82
MH		 1515
1516 hci_dev_lock(hdev);
1517
1518 acl = hci_conn_hash_lookup_handle(hdev, handle);
5a08ecce
AE		 1519 if (acl) {
1520 sco = acl->link;
1521 if (sco) {
1522 sco->state = BT_CLOSED;
b6a0dc82 1523
5a08ecce
AE		 1524 hci_proto_connect_cfm(sco, status);
1525 hci_conn_del(sco);
1526 }
b6a0dc82
MH		 1527 }
1528
1529 hci_dev_unlock(hdev);
1da177e4
LT		 1530}
1531
a9de9248 1532static void hci_cs_sniff_mode(struct hci_dev *hdev, __u8 status)
1da177e4 1533{
a9de9248
MH		 1534 struct hci_cp_sniff_mode *cp;
1535 struct hci_conn *conn;
1da177e4 1536
9f1db00c 1537 BT_DBG("%s status 0x%2.2x", hdev->name, status);
04837f64 1538
a9de9248
MH		 1539 if (!status)
1540 return;
04837f64 1541
a9de9248
MH		 1542 cp = hci_sent_cmd_data(hdev, HCI_OP_SNIFF_MODE);
1543 if (!cp)
1544 return;
04837f64 1545
a9de9248 1546 hci_dev_lock(hdev);
04837f64 1547
a9de9248 1548 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
e73439d8 1549 if (conn) {
51a8efd7 1550 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags);
04837f64 1551
51a8efd7 1552 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
e73439d8
MH		 1553 hci_sco_setup(conn, status);
1554 }
1555
a9de9248
MH		 1556 hci_dev_unlock(hdev);
1557}
04837f64 1558
a9de9248
MH		 1559static void hci_cs_exit_sniff_mode(struct hci_dev *hdev, __u8 status)
1560{
1561 struct hci_cp_exit_sniff_mode *cp;
1562 struct hci_conn *conn;
04837f64 1563
9f1db00c 1564 BT_DBG("%s status 0x%2.2x", hdev->name, status);
04837f64 1565
a9de9248
MH		 1566 if (!status)
1567 return;
04837f64 1568
a9de9248
MH		 1569 cp = hci_sent_cmd_data(hdev, HCI_OP_EXIT_SNIFF_MODE);
1570 if (!cp)
1571 return;
04837f64 1572
a9de9248 1573 hci_dev_lock(hdev);
1da177e4 1574
a9de9248 1575 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
e73439d8 1576 if (conn) {
51a8efd7 1577 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags);
1da177e4 1578
51a8efd7 1579 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
e73439d8
MH		 1580 hci_sco_setup(conn, status);
1581 }
1582
a9de9248 1583 hci_dev_unlock(hdev);
1da177e4
LT		 1584}
1585
88c3df13
JH		 1586static void hci_cs_disconnect(struct hci_dev *hdev, u8 status)
1587{
1588 struct hci_cp_disconnect *cp;
1589 struct hci_conn *conn;
1590
1591 if (!status)
1592 return;
1593
1594 cp = hci_sent_cmd_data(hdev, HCI_OP_DISCONNECT);
1595 if (!cp)
1596 return;
1597
1598 hci_dev_lock(hdev);
1599
1600 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1601 if (conn)
1602 mgmt_disconnect_failed(hdev, &conn->dst, conn->type,
04124681 1603 conn->dst_type, status);
88c3df13
JH		 1604
1605 hci_dev_unlock(hdev);
1606}
1607
a02226d6
AE		 1608static void hci_cs_create_phylink(struct hci_dev *hdev, u8 status)
1609{
93c284ee
AE		 1610 struct hci_cp_create_phy_link *cp;
1611
a02226d6 1612 BT_DBG("%s status 0x%2.2x", hdev->name, status);
93c284ee 1613
93c284ee
AE		 1614 cp = hci_sent_cmd_data(hdev, HCI_OP_CREATE_PHY_LINK);
1615 if (!cp)
1616 return;
1617
e58917b9
AE		 1618 hci_dev_lock(hdev);
1619
1620 if (status) {
1621 struct hci_conn *hcon;
1622
1623 hcon = hci_conn_hash_lookup_handle(hdev, cp->phy_handle);
1624 if (hcon)
1625 hci_conn_del(hcon);
1626 } else {
1627 amp_write_remote_assoc(hdev, cp->phy_handle);
1628 }
1629
1630 hci_dev_unlock(hdev);
a02226d6
AE		 1631}
1632
0b26ab9d
AE		 1633static void hci_cs_accept_phylink(struct hci_dev *hdev, u8 status)
1634{
1635 struct hci_cp_accept_phy_link *cp;
1636
1637 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1638
1639 if (status)
1640 return;
1641
1642 cp = hci_sent_cmd_data(hdev, HCI_OP_ACCEPT_PHY_LINK);
1643 if (!cp)
1644 return;
1645
1646 amp_write_remote_assoc(hdev, cp->phy_handle);
1647}
1648
cb1d68f7
JH		 1649static void hci_cs_le_create_conn(struct hci_dev *hdev, u8 status)
1650{
1651 struct hci_cp_le_create_conn *cp;
1652 struct hci_conn *conn;
1653
1654 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1655
1656 /* All connection failure handling is taken care of by the
1657 * hci_le_conn_failed function which is triggered by the HCI
1658 * request completion callbacks used for connecting.
1659 */
1660 if (status)
1661 return;
1662
1663 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_CREATE_CONN);
1664 if (!cp)
1665 return;
1666
1667 hci_dev_lock(hdev);
1668
1669 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->peer_addr);
1670 if (!conn)
1671 goto unlock;
1672
1673 /* Store the initiator and responder address information which
1674 * is needed for SMP. These values will not change during the
1675 * lifetime of the connection.
1676 */
1677 conn->init_addr_type = cp->own_address_type;
1678 if (cp->own_address_type == ADDR_LE_DEV_RANDOM)
1679 bacpy(&conn->init_addr, &hdev->random_addr);
1680 else
1681 bacpy(&conn->init_addr, &hdev->bdaddr);
1682
1683 conn->resp_addr_type = cp->peer_addr_type;
1684 bacpy(&conn->resp_addr, &cp->peer_addr);
1685
9489eca4
JH		 1686 /* We don't want the connection attempt to stick around
1687 * indefinitely since LE doesn't have a page timeout concept
1688 * like BR/EDR. Set a timer for any connection that doesn't use
1689 * the white list for connecting.
1690 */
1691 if (cp->filter_policy == HCI_LE_USE_PEER_ADDR)
1692 queue_delayed_work(conn->hdev->workqueue,
1693 &conn->le_conn_timeout,
1694 HCI_LE_CONN_TIMEOUT);
1695
cb1d68f7
JH		 1696unlock:
1697 hci_dev_unlock(hdev);
1698}
1699
6039aa73 1700static void hci_inquiry_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4
LT		 1701{
1702 __u8 status = *((__u8 *) skb->data);
30dc78e1
JH		 1703 struct discovery_state *discov = &hdev->discovery;
1704 struct inquiry_entry *e;
1da177e4 1705
9f1db00c 1706 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1da177e4 1707
a9de9248 1708 hci_conn_check_pending(hdev);
89352e7d
AG		 1709
1710 if (!test_and_clear_bit(HCI_INQUIRY, &hdev->flags))
1711 return;
1712
3e13fa1e
AG		 1713 smp_mb__after_clear_bit(); /* wake_up_bit advises about this barrier */
1714 wake_up_bit(&hdev->flags, HCI_INQUIRY);
1715
a8b2d5c2 1716 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
30dc78e1
JH		 1717 return;
1718
56e5cb86 1719 hci_dev_lock(hdev);
30dc78e1 1720
343f935b 1721 if (discov->state != DISCOVERY_FINDING)
30dc78e1
JH		 1722 goto unlock;
1723
1724 if (list_empty(&discov->resolve)) {
1725 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1726 goto unlock;
1727 }
1728
1729 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_NEEDED);
1730 if (e && hci_resolve_name(hdev, e) == 0) {
1731 e->name_state = NAME_PENDING;
1732 hci_discovery_set_state(hdev, DISCOVERY_RESOLVING);
1733 } else {
1734 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1735 }
1736
1737unlock:
56e5cb86 1738 hci_dev_unlock(hdev);
1da177e4
LT		 1739}
1740
6039aa73 1741static void hci_inquiry_result_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 1742{
45bb4bf0 1743 struct inquiry_data data;
a9de9248 1744 struct inquiry_info *info = (void *) (skb->data + 1);
1da177e4
LT		 1745 int num_rsp = *((__u8 *) skb->data);
1746
1747 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
1748
45bb4bf0
MH		 1749 if (!num_rsp)
1750 return;
1751
1519cc17
AG		 1752 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags))
1753 return;
1754
1da177e4 1755 hci_dev_lock(hdev);
45bb4bf0 1756
e17acd40 1757 for (; num_rsp; num_rsp--, info++) {
388fc8fa 1758 bool name_known, ssp;
3175405b 1759
1da177e4
LT		 1760 bacpy(&data.bdaddr, &info->bdaddr);
1761 data.pscan_rep_mode = info->pscan_rep_mode;
1762 data.pscan_period_mode = info->pscan_period_mode;
1763 data.pscan_mode = info->pscan_mode;
1764 memcpy(data.dev_class, info->dev_class, 3);
1765 data.clock_offset = info->clock_offset;
1766 data.rssi = 0x00;
41a96212 1767 data.ssp_mode = 0x00;
3175405b 1768
388fc8fa 1769 name_known = hci_inquiry_cache_update(hdev, &data, false, &ssp);
48264f06 1770 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
04124681
GP		 1771 info->dev_class, 0, !name_known, ssp, NULL,
1772 0);
1da177e4 1773 }
45bb4bf0 1774
1da177e4
LT		 1775 hci_dev_unlock(hdev);
1776}
1777
6039aa73 1778static void hci_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 1779{
a9de9248
MH		 1780 struct hci_ev_conn_complete *ev = (void *) skb->data;
1781 struct hci_conn *conn;
1da177e4
LT		 1782
1783 BT_DBG("%s", hdev->name);
1784
1785 hci_dev_lock(hdev);
1786
1787 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
9499237a
MH		 1788 if (!conn) {
1789 if (ev->link_type != SCO_LINK)
1790 goto unlock;
1791
1792 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
1793 if (!conn)
1794 goto unlock;
1795
1796 conn->type = SCO_LINK;
1797 }
1da177e4
LT		 1798
1799 if (!ev->status) {
1800 conn->handle = __le16_to_cpu(ev->handle);
769be974
MH		 1801
1802 if (conn->type == ACL_LINK) {
1803 conn->state = BT_CONFIG;
1804 hci_conn_hold(conn);
a9ea3ed9
SJ		 1805
1806 if (!conn->out && !hci_conn_ssp_enabled(conn) &&
1807 !hci_find_link_key(hdev, &ev->bdaddr))
1808 conn->disc_timeout = HCI_PAIRING_TIMEOUT;
1809 else
1810 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
769be974
MH		 1811 } else
1812 conn->state = BT_CONNECTED;
1da177e4 1813
7d0db0a3
MH		 1814 hci_conn_add_sysfs(conn);
1815
1da177e4
LT		 1816 if (test_bit(HCI_AUTH, &hdev->flags))
1817 conn->link_mode |= HCI_LM_AUTH;
1818
1819 if (test_bit(HCI_ENCRYPT, &hdev->flags))
1820 conn->link_mode |= HCI_LM_ENCRYPT;
1821
04837f64
MH		 1822 /* Get remote features */
1823 if (conn->type == ACL_LINK) {
1824 struct hci_cp_read_remote_features cp;
1825 cp.handle = ev->handle;
769be974 1826 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_FEATURES,
04124681 1827 sizeof(cp), &cp);
04837f64
MH		 1828 }
1829
1da177e4 1830 /* Set packet type for incoming connection */
d095c1eb 1831 if (!conn->out && hdev->hci_ver < BLUETOOTH_VER_2_0) {
1da177e4
LT		 1832 struct hci_cp_change_conn_ptype cp;
1833 cp.handle = ev->handle;
a8746417 1834 cp.pkt_type = cpu_to_le16(conn->pkt_type);
04124681
GP		 1835 hci_send_cmd(hdev, HCI_OP_CHANGE_CONN_PTYPE, sizeof(cp),
1836 &cp);
1da177e4 1837 }
17d5c04c 1838 } else {
1da177e4 1839 conn->state = BT_CLOSED;
17d5c04c 1840 if (conn->type == ACL_LINK)
64c7b77c 1841 mgmt_connect_failed(hdev, &conn->dst, conn->type,
04124681 1842 conn->dst_type, ev->status);
17d5c04c 1843 }
1da177e4 1844
e73439d8
MH		 1845 if (conn->type == ACL_LINK)
1846 hci_sco_setup(conn, ev->status);
1da177e4 1847
769be974
MH		 1848 if (ev->status) {
1849 hci_proto_connect_cfm(conn, ev->status);
1da177e4 1850 hci_conn_del(conn);
c89b6e6b
MH		 1851 } else if (ev->link_type != ACL_LINK)
1852 hci_proto_connect_cfm(conn, ev->status);
1da177e4 1853
a9de9248 1854unlock:
1da177e4 1855 hci_dev_unlock(hdev);
1da177e4 1856
a9de9248 1857 hci_conn_check_pending(hdev);
1da177e4
LT		 1858}
1859
6039aa73 1860static void hci_conn_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 1861{
a9de9248
MH		 1862 struct hci_ev_conn_request *ev = (void *) skb->data;
1863 int mask = hdev->link_mode;
20714bfe 1864 __u8 flags = 0;
1da177e4 1865
6ed93dc6 1866 BT_DBG("%s bdaddr %pMR type 0x%x", hdev->name, &ev->bdaddr,
807deac2 1867 ev->link_type);
1da177e4 1868
20714bfe
FD		 1869 mask |= hci_proto_connect_ind(hdev, &ev->bdaddr, ev->link_type,
1870 &flags);
1da177e4 1871
138d22ef 1872 if ((mask & HCI_LM_ACCEPT) &&
b9ee0a78 1873 !hci_blacklist_lookup(hdev, &ev->bdaddr, BDADDR_BREDR)) {
a9de9248 1874 /* Connection accepted */
c7bdd502 1875 struct inquiry_entry *ie;
1da177e4 1876 struct hci_conn *conn;
1da177e4 1877
a9de9248 1878 hci_dev_lock(hdev);
b6a0dc82 1879
cc11b9c1
AE		 1880 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
1881 if (ie)
c7bdd502
MH		 1882 memcpy(ie->data.dev_class, ev->dev_class, 3);
1883
8fc9ced3
GP		 1884 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type,
1885 &ev->bdaddr);
a9de9248 1886 if (!conn) {
cc11b9c1
AE		 1887 conn = hci_conn_add(hdev, ev->link_type, &ev->bdaddr);
1888 if (!conn) {
893ef971 1889 BT_ERR("No memory for new connection");
a9de9248
MH		 1890 hci_dev_unlock(hdev);
1891 return;
1da177e4
LT		 1892 }
1893 }
b6a0dc82 1894
a9de9248 1895 memcpy(conn->dev_class, ev->dev_class, 3);
b6a0dc82 1896
a9de9248 1897 hci_dev_unlock(hdev);
1da177e4 1898
20714bfe
FD		 1899 if (ev->link_type == ACL_LINK ||
1900 (!(flags & HCI_PROTO_DEFER) && !lmp_esco_capable(hdev))) {
b6a0dc82 1901 struct hci_cp_accept_conn_req cp;
20714bfe 1902 conn->state = BT_CONNECT;
1da177e4 1903
b6a0dc82
MH		 1904 bacpy(&cp.bdaddr, &ev->bdaddr);
1905
1906 if (lmp_rswitch_capable(hdev) && (mask & HCI_LM_MASTER))
1907 cp.role = 0x00; /* Become master */
1908 else
1909 cp.role = 0x01; /* Remain slave */
1910
04124681
GP		 1911 hci_send_cmd(hdev, HCI_OP_ACCEPT_CONN_REQ, sizeof(cp),
1912 &cp);
20714bfe 1913 } else if (!(flags & HCI_PROTO_DEFER)) {
b6a0dc82 1914 struct hci_cp_accept_sync_conn_req cp;
20714bfe 1915 conn->state = BT_CONNECT;
b6a0dc82
MH		 1916
1917 bacpy(&cp.bdaddr, &ev->bdaddr);
a8746417 1918 cp.pkt_type = cpu_to_le16(conn->pkt_type);
b6a0dc82 1919
82781e63
AE		 1920 cp.tx_bandwidth = __constant_cpu_to_le32(0x00001f40);
1921 cp.rx_bandwidth = __constant_cpu_to_le32(0x00001f40);
1922 cp.max_latency = __constant_cpu_to_le16(0xffff);
b6a0dc82
MH		 1923 cp.content_format = cpu_to_le16(hdev->voice_setting);
1924 cp.retrans_effort = 0xff;
1da177e4 1925
b6a0dc82 1926 hci_send_cmd(hdev, HCI_OP_ACCEPT_SYNC_CONN_REQ,
04124681 1927 sizeof(cp), &cp);
20714bfe
FD		 1928 } else {
1929 conn->state = BT_CONNECT2;
1930 hci_proto_connect_cfm(conn, 0);
b6a0dc82 1931 }
a9de9248
MH		 1932 } else {
1933 /* Connection rejected */
1934 struct hci_cp_reject_conn_req cp;
1da177e4 1935
a9de9248 1936 bacpy(&cp.bdaddr, &ev->bdaddr);
9f5a0d7b 1937 cp.reason = HCI_ERROR_REJ_BAD_ADDR;
a9de9248 1938 hci_send_cmd(hdev, HCI_OP_REJECT_CONN_REQ, sizeof(cp), &cp);
1da177e4 1939 }
1da177e4
LT		 1940}
1941
f0d6a0ea
MA		 1942static u8 hci_to_mgmt_reason(u8 err)
1943{
1944 switch (err) {
1945 case HCI_ERROR_CONNECTION_TIMEOUT:
1946 return MGMT_DEV_DISCONN_TIMEOUT;
1947 case HCI_ERROR_REMOTE_USER_TERM:
1948 case HCI_ERROR_REMOTE_LOW_RESOURCES:
1949 case HCI_ERROR_REMOTE_POWER_OFF:
1950 return MGMT_DEV_DISCONN_REMOTE;
1951 case HCI_ERROR_LOCAL_HOST_TERM:
1952 return MGMT_DEV_DISCONN_LOCAL_HOST;
1953 default:
1954 return MGMT_DEV_DISCONN_UNKNOWN;
1955 }
1956}
1957
6039aa73 1958static void hci_disconn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
04837f64 1959{
a9de9248 1960 struct hci_ev_disconn_complete *ev = (void *) skb->data;
abf54a50 1961 u8 reason = hci_to_mgmt_reason(ev->reason);
9fcb18ef 1962 struct hci_conn_params *params;
04837f64 1963 struct hci_conn *conn;
12d4a3b2 1964 bool mgmt_connected;
3846220b 1965 u8 type;
04837f64 1966
9f1db00c 1967 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
04837f64
MH		 1968
1969 hci_dev_lock(hdev);
1970
1971 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
f7520543
JH		 1972 if (!conn)
1973 goto unlock;
7d0db0a3 1974
abf54a50
AG		 1975 if (ev->status) {
1976 mgmt_disconnect_failed(hdev, &conn->dst, conn->type,
1977 conn->dst_type, ev->status);
1978 goto unlock;
37d9ef76 1979 }
f7520543 1980
3846220b
AG		 1981 conn->state = BT_CLOSED;
1982
12d4a3b2
JH		 1983 mgmt_connected = test_and_clear_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags);
1984 mgmt_device_disconnected(hdev, &conn->dst, conn->type, conn->dst_type,
1985 reason, mgmt_connected);
abf54a50 1986
3846220b
AG		 1987 if (conn->type == ACL_LINK && conn->flush_key)
1988 hci_remove_link_key(hdev, &conn->dst);
2210246c 1989
9fcb18ef
AG		 1990 params = hci_conn_params_lookup(hdev, &conn->dst, conn->dst_type);
1991 if (params) {
1992 switch (params->auto_connect) {
1993 case HCI_AUTO_CONN_LINK_LOSS:
1994 if (ev->reason != HCI_ERROR_CONNECTION_TIMEOUT)
1995 break;
1996 /* Fall through */
1997
1998 case HCI_AUTO_CONN_ALWAYS:
1999 hci_pend_le_conn_add(hdev, &conn->dst, conn->dst_type);
2000 break;
2001
2002 default:
2003 break;
2004 }
2005 }
2006
3846220b 2007 type = conn->type;
2210246c 2008
3846220b
AG		 2009 hci_proto_disconn_cfm(conn, ev->reason);
2010 hci_conn_del(conn);
2011
2012 /* Re-enable advertising if necessary, since it might
2013 * have been disabled by the connection. From the
2014 * HCI_LE_Set_Advertise_Enable command description in
2015 * the core specification (v4.0):
2016 * "The Controller shall continue advertising until the Host
2017 * issues an LE_Set_Advertise_Enable command with
2018 * Advertising_Enable set to 0x00 (Advertising is disabled)
2019 * or until a connection is created or until the Advertising
2020 * is timed out due to Directed Advertising."
2021 */
2022 if (type == LE_LINK)
2023 mgmt_reenable_advertising(hdev);
f7520543
JH		 2024
2025unlock:
04837f64
MH		 2026 hci_dev_unlock(hdev);
2027}
2028
6039aa73 2029static void hci_auth_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 2030{
a9de9248 2031 struct hci_ev_auth_complete *ev = (void *) skb->data;
04837f64 2032 struct hci_conn *conn;
1da177e4 2033
9f1db00c 2034 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
1da177e4
LT		 2035
2036 hci_dev_lock(hdev);
2037
04837f64 2038 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
d7556e20
WR		 2039 if (!conn)
2040 goto unlock;
2041
2042 if (!ev->status) {
aa64a8b5 2043 if (!hci_conn_ssp_enabled(conn) &&
807deac2 2044 test_bit(HCI_CONN_REAUTH_PEND, &conn->flags)) {
d7556e20 2045 BT_INFO("re-auth of legacy device is not possible.");
2a611692 2046 } else {
d7556e20
WR		 2047 conn->link_mode |= HCI_LM_AUTH;
2048 conn->sec_level = conn->pending_sec_level;
2a611692 2049 }
d7556e20 2050 } else {
bab73cb6 2051 mgmt_auth_failed(hdev, &conn->dst, conn->type, conn->dst_type,
04124681 2052 ev->status);
d7556e20 2053 }
1da177e4 2054
51a8efd7
JH		 2055 clear_bit(HCI_CONN_AUTH_PEND, &conn->flags);
2056 clear_bit(HCI_CONN_REAUTH_PEND, &conn->flags);
1da177e4 2057
d7556e20 2058 if (conn->state == BT_CONFIG) {
aa64a8b5 2059 if (!ev->status && hci_conn_ssp_enabled(conn)) {
d7556e20
WR		 2060 struct hci_cp_set_conn_encrypt cp;
2061 cp.handle = ev->handle;
2062 cp.encrypt = 0x01;
2063 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
807deac2 2064 &cp);
052b30b0 2065 } else {
d7556e20
WR		 2066 conn->state = BT_CONNECTED;
2067 hci_proto_connect_cfm(conn, ev->status);
76a68ba0 2068 hci_conn_drop(conn);
052b30b0 2069 }
d7556e20
WR		 2070 } else {
2071 hci_auth_cfm(conn, ev->status);
052b30b0 2072
d7556e20
WR		 2073 hci_conn_hold(conn);
2074 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
76a68ba0 2075 hci_conn_drop(conn);
d7556e20
WR		 2076 }
2077
51a8efd7 2078 if (test_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags)) {
d7556e20
WR		 2079 if (!ev->status) {
2080 struct hci_cp_set_conn_encrypt cp;
2081 cp.handle = ev->handle;
2082 cp.encrypt = 0x01;
2083 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
807deac2 2084 &cp);
d7556e20 2085 } else {
51a8efd7 2086 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
d7556e20 2087 hci_encrypt_cfm(conn, ev->status, 0x00);
1da177e4
LT		 2088 }
2089 }
2090
d7556e20 2091unlock:
1da177e4
LT		 2092 hci_dev_unlock(hdev);
2093}
2094
6039aa73 2095static void hci_remote_name_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 2096{
127178d2
JH		 2097 struct hci_ev_remote_name *ev = (void *) skb->data;
2098 struct hci_conn *conn;
2099
a9de9248 2100 BT_DBG("%s", hdev->name);
1da177e4 2101
a9de9248 2102 hci_conn_check_pending(hdev);
127178d2
JH		 2103
2104 hci_dev_lock(hdev);
2105
b644ba33 2106 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
30dc78e1 2107
b644ba33
JH		 2108 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
2109 goto check_auth;
a88a9652 2110
b644ba33
JH		 2111 if (ev->status == 0)
2112 hci_check_pending_name(hdev, conn, &ev->bdaddr, ev->name,
04124681 2113 strnlen(ev->name, HCI_MAX_NAME_LENGTH));
b644ba33
JH		 2114 else
2115 hci_check_pending_name(hdev, conn, &ev->bdaddr, NULL, 0);
2116
2117check_auth:
79c6c70c
JH		 2118 if (!conn)
2119 goto unlock;
2120
2121 if (!hci_outgoing_auth_needed(hdev, conn))
2122 goto unlock;
2123
51a8efd7 2124 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
127178d2
JH		 2125 struct hci_cp_auth_requested cp;
2126 cp.handle = __cpu_to_le16(conn->handle);
2127 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp);
2128 }
2129
79c6c70c 2130unlock:
127178d2 2131 hci_dev_unlock(hdev);
a9de9248
MH		 2132}
2133
6039aa73 2134static void hci_encrypt_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248
MH		 2135{
2136 struct hci_ev_encrypt_change *ev = (void *) skb->data;
2137 struct hci_conn *conn;
2138
9f1db00c 2139 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
1da177e4
LT		 2140
2141 hci_dev_lock(hdev);
2142
04837f64 2143 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
dc8357cc
MH		 2144 if (!conn)
2145 goto unlock;
1da177e4 2146
dc8357cc
MH		 2147 if (!ev->status) {
2148 if (ev->encrypt) {
2149 /* Encryption implies authentication */
2150 conn->link_mode |= HCI_LM_AUTH;
2151 conn->link_mode |= HCI_LM_ENCRYPT;
2152 conn->sec_level = conn->pending_sec_level;
abf76bad 2153
914a6ffe
MH		 2154 /* P-256 authentication key implies FIPS */
2155 if (conn->key_type == HCI_LK_AUTH_COMBINATION_P256)
2156 conn->link_mode |= HCI_LM_FIPS;
2157
abf76bad
MH		 2158 if ((conn->type == ACL_LINK && ev->encrypt == 0x02) ||
2159 conn->type == LE_LINK)
2160 set_bit(HCI_CONN_AES_CCM, &conn->flags);
2161 } else {
dc8357cc 2162 conn->link_mode &= ~HCI_LM_ENCRYPT;
abf76bad
MH		 2163 clear_bit(HCI_CONN_AES_CCM, &conn->flags);
2164 }
dc8357cc 2165 }
a7d7723a 2166
dc8357cc 2167 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
f8558555 2168
dc8357cc
MH		 2169 if (ev->status && conn->state == BT_CONNECTED) {
2170 hci_disconnect(conn, HCI_ERROR_AUTH_FAILURE);
2171 hci_conn_drop(conn);
2172 goto unlock;
1da177e4
LT		 2173 }
2174
dc8357cc
MH		 2175 if (conn->state == BT_CONFIG) {
2176 if (!ev->status)
2177 conn->state = BT_CONNECTED;
2178
2179 hci_proto_connect_cfm(conn, ev->status);
2180 hci_conn_drop(conn);
2181 } else
2182 hci_encrypt_cfm(conn, ev->status, ev->encrypt);
2183
a7d7723a 2184unlock:
1da177e4
LT		 2185 hci_dev_unlock(hdev);
2186}
2187
6039aa73
GP		 2188static void hci_change_link_key_complete_evt(struct hci_dev *hdev,
2189 struct sk_buff *skb)
1da177e4 2190{
a9de9248 2191 struct hci_ev_change_link_key_complete *ev = (void *) skb->data;
04837f64 2192 struct hci_conn *conn;
1da177e4 2193
9f1db00c 2194 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
1da177e4
LT		 2195
2196 hci_dev_lock(hdev);
2197
04837f64 2198 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1da177e4
LT		 2199 if (conn) {
2200 if (!ev->status)
2201 conn->link_mode |= HCI_LM_SECURE;
2202
51a8efd7 2203 clear_bit(HCI_CONN_AUTH_PEND, &conn->flags);
1da177e4
LT		 2204
2205 hci_key_change_cfm(conn, ev->status);
2206 }
2207
2208 hci_dev_unlock(hdev);
2209}
2210
6039aa73
GP		 2211static void hci_remote_features_evt(struct hci_dev *hdev,
2212 struct sk_buff *skb)
1da177e4 2213{
a9de9248
MH		 2214 struct hci_ev_remote_features *ev = (void *) skb->data;
2215 struct hci_conn *conn;
2216
9f1db00c 2217 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
a9de9248 2218
a9de9248
MH		 2219 hci_dev_lock(hdev);
2220
2221 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
ccd556fe
JH		 2222 if (!conn)
2223 goto unlock;
769be974 2224
ccd556fe 2225 if (!ev->status)
cad718ed 2226 memcpy(conn->features[0], ev->features, 8);
ccd556fe
JH		 2227
2228 if (conn->state != BT_CONFIG)
2229 goto unlock;
2230
2231 if (!ev->status && lmp_ssp_capable(hdev) && lmp_ssp_capable(conn)) {
2232 struct hci_cp_read_remote_ext_features cp;
2233 cp.handle = ev->handle;
2234 cp.page = 0x01;
2235 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES,
807deac2 2236 sizeof(cp), &cp);
392599b9
JH		 2237 goto unlock;
2238 }
2239
671267bf 2240 if (!ev->status && !test_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags)) {
127178d2
JH		 2241 struct hci_cp_remote_name_req cp;
2242 memset(&cp, 0, sizeof(cp));
2243 bacpy(&cp.bdaddr, &conn->dst);
2244 cp.pscan_rep_mode = 0x02;
2245 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
b644ba33
JH		 2246 } else if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
2247 mgmt_device_connected(hdev, &conn->dst, conn->type,
04124681
GP		 2248 conn->dst_type, 0, NULL, 0,
2249 conn->dev_class);
392599b9 2250
127178d2 2251 if (!hci_outgoing_auth_needed(hdev, conn)) {
ccd556fe
JH		 2252 conn->state = BT_CONNECTED;
2253 hci_proto_connect_cfm(conn, ev->status);
76a68ba0 2254 hci_conn_drop(conn);
769be974 2255 }
a9de9248 2256
ccd556fe 2257unlock:
a9de9248 2258 hci_dev_unlock(hdev);
1da177e4
LT		 2259}
2260
6039aa73 2261static void hci_cmd_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248
MH		 2262{
2263 struct hci_ev_cmd_complete *ev = (void *) skb->data;
9238f36a 2264 u8 status = skb->data[sizeof(*ev)];
a9de9248
MH		 2265 __u16 opcode;
2266
2267 skb_pull(skb, sizeof(*ev));
2268
2269 opcode = __le16_to_cpu(ev->opcode);
2270
2271 switch (opcode) {
2272 case HCI_OP_INQUIRY_CANCEL:
2273 hci_cc_inquiry_cancel(hdev, skb);
2274 break;
2275
4d93483b
AG		 2276 case HCI_OP_PERIODIC_INQ:
2277 hci_cc_periodic_inq(hdev, skb);
2278 break;
2279
a9de9248
MH		 2280 case HCI_OP_EXIT_PERIODIC_INQ:
2281 hci_cc_exit_periodic_inq(hdev, skb);
2282 break;
2283
2284 case HCI_OP_REMOTE_NAME_REQ_CANCEL:
2285 hci_cc_remote_name_req_cancel(hdev, skb);
2286 break;
2287
2288 case HCI_OP_ROLE_DISCOVERY:
2289 hci_cc_role_discovery(hdev, skb);
2290 break;
2291
e4e8e37c
MH		 2292 case HCI_OP_READ_LINK_POLICY:
2293 hci_cc_read_link_policy(hdev, skb);
2294 break;
2295
a9de9248
MH		 2296 case HCI_OP_WRITE_LINK_POLICY:
2297 hci_cc_write_link_policy(hdev, skb);
2298 break;
2299
e4e8e37c
MH		 2300 case HCI_OP_READ_DEF_LINK_POLICY:
2301 hci_cc_read_def_link_policy(hdev, skb);
2302 break;
2303
2304 case HCI_OP_WRITE_DEF_LINK_POLICY:
2305 hci_cc_write_def_link_policy(hdev, skb);
2306 break;
2307
a9de9248
MH		 2308 case HCI_OP_RESET:
2309 hci_cc_reset(hdev, skb);
2310 break;
2311
2312 case HCI_OP_WRITE_LOCAL_NAME:
2313 hci_cc_write_local_name(hdev, skb);
2314 break;
2315
2316 case HCI_OP_READ_LOCAL_NAME:
2317 hci_cc_read_local_name(hdev, skb);
2318 break;
2319
2320 case HCI_OP_WRITE_AUTH_ENABLE:
2321 hci_cc_write_auth_enable(hdev, skb);
2322 break;
2323
2324 case HCI_OP_WRITE_ENCRYPT_MODE:
2325 hci_cc_write_encrypt_mode(hdev, skb);
2326 break;
2327
2328 case HCI_OP_WRITE_SCAN_ENABLE:
2329 hci_cc_write_scan_enable(hdev, skb);
2330 break;
2331
2332 case HCI_OP_READ_CLASS_OF_DEV:
2333 hci_cc_read_class_of_dev(hdev, skb);
2334 break;
2335
2336 case HCI_OP_WRITE_CLASS_OF_DEV:
2337 hci_cc_write_class_of_dev(hdev, skb);
2338 break;
2339
2340 case HCI_OP_READ_VOICE_SETTING:
2341 hci_cc_read_voice_setting(hdev, skb);
2342 break;
2343
2344 case HCI_OP_WRITE_VOICE_SETTING:
2345 hci_cc_write_voice_setting(hdev, skb);
2346 break;
2347
b4cb9fb2
MH		 2348 case HCI_OP_READ_NUM_SUPPORTED_IAC:
2349 hci_cc_read_num_supported_iac(hdev, skb);
2350 break;
2351
333140b5
MH		 2352 case HCI_OP_WRITE_SSP_MODE:
2353 hci_cc_write_ssp_mode(hdev, skb);
2354 break;
2355
eac83dc6
MH		 2356 case HCI_OP_WRITE_SC_SUPPORT:
2357 hci_cc_write_sc_support(hdev, skb);
2358 break;
2359
a9de9248
MH		 2360 case HCI_OP_READ_LOCAL_VERSION:
2361 hci_cc_read_local_version(hdev, skb);
2362 break;
2363
2364 case HCI_OP_READ_LOCAL_COMMANDS:
2365 hci_cc_read_local_commands(hdev, skb);
2366 break;
2367
2368 case HCI_OP_READ_LOCAL_FEATURES:
2369 hci_cc_read_local_features(hdev, skb);
2370 break;
2371
971e3a4b
AG		 2372 case HCI_OP_READ_LOCAL_EXT_FEATURES:
2373 hci_cc_read_local_ext_features(hdev, skb);
2374 break;
2375
a9de9248
MH		 2376 case HCI_OP_READ_BUFFER_SIZE:
2377 hci_cc_read_buffer_size(hdev, skb);
2378 break;
2379
2380 case HCI_OP_READ_BD_ADDR:
2381 hci_cc_read_bd_addr(hdev, skb);
2382 break;
2383
f332ec66
JH		 2384 case HCI_OP_READ_PAGE_SCAN_ACTIVITY:
2385 hci_cc_read_page_scan_activity(hdev, skb);
2386 break;
2387
4a3ee763
JH		 2388 case HCI_OP_WRITE_PAGE_SCAN_ACTIVITY:
2389 hci_cc_write_page_scan_activity(hdev, skb);
2390 break;
2391
f332ec66
JH		 2392 case HCI_OP_READ_PAGE_SCAN_TYPE:
2393 hci_cc_read_page_scan_type(hdev, skb);
2394 break;
2395
4a3ee763
JH		 2396 case HCI_OP_WRITE_PAGE_SCAN_TYPE:
2397 hci_cc_write_page_scan_type(hdev, skb);
2398 break;
2399
350ee4cf
AE		 2400 case HCI_OP_READ_DATA_BLOCK_SIZE:
2401 hci_cc_read_data_block_size(hdev, skb);
2402 break;
2403
1e89cffb
AE		 2404 case HCI_OP_READ_FLOW_CONTROL_MODE:
2405 hci_cc_read_flow_control_mode(hdev, skb);
2406 break;
2407
928abaa7
AE		 2408 case HCI_OP_READ_LOCAL_AMP_INFO:
2409 hci_cc_read_local_amp_info(hdev, skb);
2410 break;
2411
903e4541
AE		 2412 case HCI_OP_READ_LOCAL_AMP_ASSOC:
2413 hci_cc_read_local_amp_assoc(hdev, skb);
2414 break;
2415
d5859e22
JH		 2416 case HCI_OP_READ_INQ_RSP_TX_POWER:
2417 hci_cc_read_inq_rsp_tx_power(hdev, skb);
2418 break;
2419
980e1a53
JH		 2420 case HCI_OP_PIN_CODE_REPLY:
2421 hci_cc_pin_code_reply(hdev, skb);
2422 break;
2423
2424 case HCI_OP_PIN_CODE_NEG_REPLY:
2425 hci_cc_pin_code_neg_reply(hdev, skb);
2426 break;
2427
c35938b2 2428 case HCI_OP_READ_LOCAL_OOB_DATA:
4d2d2796
MH		 2429 hci_cc_read_local_oob_data(hdev, skb);
2430 break;
2431
2432 case HCI_OP_READ_LOCAL_OOB_EXT_DATA:
2433 hci_cc_read_local_oob_ext_data(hdev, skb);
c35938b2
SJ		 2434 break;
2435
6ed58ec5
VT		 2436 case HCI_OP_LE_READ_BUFFER_SIZE:
2437 hci_cc_le_read_buffer_size(hdev, skb);
2438 break;
2439
60e77321
JH		 2440 case HCI_OP_LE_READ_LOCAL_FEATURES:
2441 hci_cc_le_read_local_features(hdev, skb);
2442 break;
2443
8fa19098
JH		 2444 case HCI_OP_LE_READ_ADV_TX_POWER:
2445 hci_cc_le_read_adv_tx_power(hdev, skb);
2446 break;
2447
a5c29683
JH		 2448 case HCI_OP_USER_CONFIRM_REPLY:
2449 hci_cc_user_confirm_reply(hdev, skb);
2450 break;
2451
2452 case HCI_OP_USER_CONFIRM_NEG_REPLY:
2453 hci_cc_user_confirm_neg_reply(hdev, skb);
2454 break;
2455
1143d458
BG		 2456 case HCI_OP_USER_PASSKEY_REPLY:
2457 hci_cc_user_passkey_reply(hdev, skb);
2458 break;
2459
2460 case HCI_OP_USER_PASSKEY_NEG_REPLY:
2461 hci_cc_user_passkey_neg_reply(hdev, skb);
16cde993 2462 break;
07f7fa5d 2463
7a4cd51d
MH		 2464 case HCI_OP_LE_SET_RANDOM_ADDR:
2465 hci_cc_le_set_random_addr(hdev, skb);
2466 break;
2467
c1d5dc4a
JH		 2468 case HCI_OP_LE_SET_ADV_ENABLE:
2469 hci_cc_le_set_adv_enable(hdev, skb);
2470 break;
2471
eb9d91f5
AG		 2472 case HCI_OP_LE_SET_SCAN_ENABLE:
2473 hci_cc_le_set_scan_enable(hdev, skb);
2474 break;
2475
cf1d081f
JH		 2476 case HCI_OP_LE_READ_WHITE_LIST_SIZE:
2477 hci_cc_le_read_white_list_size(hdev, skb);
2478 break;
2479
0f36b589
MH		 2480 case HCI_OP_LE_CLEAR_WHITE_LIST:
2481 hci_cc_le_clear_white_list(hdev, skb);
2482 break;
2483
2484 case HCI_OP_LE_ADD_TO_WHITE_LIST:
2485 hci_cc_le_add_to_white_list(hdev, skb);
2486 break;
2487
2488 case HCI_OP_LE_DEL_FROM_WHITE_LIST:
2489 hci_cc_le_del_from_white_list(hdev, skb);
2490 break;
2491
9b008c04
JH		 2492 case HCI_OP_LE_READ_SUPPORTED_STATES:
2493 hci_cc_le_read_supported_states(hdev, skb);
2494 break;
2495
f9b49306
AG		 2496 case HCI_OP_WRITE_LE_HOST_SUPPORTED:
2497 hci_cc_write_le_host_supported(hdev, skb);
2498 break;
2499
56ed2cb8
JH		 2500 case HCI_OP_LE_SET_ADV_PARAM:
2501 hci_cc_set_adv_param(hdev, skb);
2502 break;
2503
93c284ee
AE		 2504 case HCI_OP_WRITE_REMOTE_AMP_ASSOC:
2505 hci_cc_write_remote_amp_assoc(hdev, skb);
2506 break;
2507
a9de9248 2508 default:
9f1db00c 2509 BT_DBG("%s opcode 0x%4.4x", hdev->name, opcode);
a9de9248
MH		 2510 break;
2511 }
2512
ad82cdd1 2513 if (opcode != HCI_OP_NOP)
6bd32326
VT		 2514 del_timer(&hdev->cmd_timer);
2515
ad82cdd1 2516 hci_req_cmd_complete(hdev, opcode, status);
9238f36a 2517
dbccd791 2518 if (ev->ncmd && !test_bit(HCI_RESET, &hdev->flags)) {
a9de9248
MH		 2519 atomic_set(&hdev->cmd_cnt, 1);
2520 if (!skb_queue_empty(&hdev->cmd_q))
c347b765 2521 queue_work(hdev->workqueue, &hdev->cmd_work);
a9de9248
MH		 2522 }
2523}
2524
6039aa73 2525static void hci_cmd_status_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248
MH		 2526{
2527 struct hci_ev_cmd_status *ev = (void *) skb->data;
2528 __u16 opcode;
2529
2530 skb_pull(skb, sizeof(*ev));
2531
2532 opcode = __le16_to_cpu(ev->opcode);
2533
2534 switch (opcode) {
2535 case HCI_OP_INQUIRY:
2536 hci_cs_inquiry(hdev, ev->status);
2537 break;
2538
2539 case HCI_OP_CREATE_CONN:
2540 hci_cs_create_conn(hdev, ev->status);
2541 break;
2542
2543 case HCI_OP_ADD_SCO:
2544 hci_cs_add_sco(hdev, ev->status);
2545 break;
2546
f8558555
MH		 2547 case HCI_OP_AUTH_REQUESTED:
2548 hci_cs_auth_requested(hdev, ev->status);
2549 break;
2550
2551 case HCI_OP_SET_CONN_ENCRYPT:
2552 hci_cs_set_conn_encrypt(hdev, ev->status);
2553 break;
2554
a9de9248
MH		 2555 case HCI_OP_REMOTE_NAME_REQ:
2556 hci_cs_remote_name_req(hdev, ev->status);
2557 break;
2558
769be974
MH		 2559 case HCI_OP_READ_REMOTE_FEATURES:
2560 hci_cs_read_remote_features(hdev, ev->status);
2561 break;
2562
2563 case HCI_OP_READ_REMOTE_EXT_FEATURES:
2564 hci_cs_read_remote_ext_features(hdev, ev->status);
2565 break;
2566
a9de9248
MH		 2567 case HCI_OP_SETUP_SYNC_CONN:
2568 hci_cs_setup_sync_conn(hdev, ev->status);
2569 break;
2570
2571 case HCI_OP_SNIFF_MODE:
2572 hci_cs_sniff_mode(hdev, ev->status);
2573 break;
2574
2575 case HCI_OP_EXIT_SNIFF_MODE:
2576 hci_cs_exit_sniff_mode(hdev, ev->status);
2577 break;
2578
8962ee74 2579 case HCI_OP_DISCONNECT:
88c3df13 2580 hci_cs_disconnect(hdev, ev->status);
8962ee74
JH		 2581 break;
2582
a02226d6
AE		 2583 case HCI_OP_CREATE_PHY_LINK:
2584 hci_cs_create_phylink(hdev, ev->status);
2585 break;
2586
0b26ab9d
AE		 2587 case HCI_OP_ACCEPT_PHY_LINK:
2588 hci_cs_accept_phylink(hdev, ev->status);
2589 break;
2590
cb1d68f7
JH		 2591 case HCI_OP_LE_CREATE_CONN:
2592 hci_cs_le_create_conn(hdev, ev->status);
2593 break;
2594
a9de9248 2595 default:
9f1db00c 2596 BT_DBG("%s opcode 0x%4.4x", hdev->name, opcode);
a9de9248
MH		 2597 break;
2598 }
2599
ad82cdd1 2600 if (opcode != HCI_OP_NOP)
6bd32326
VT		 2601 del_timer(&hdev->cmd_timer);
2602
02350a72
JH		 2603 if (ev->status ||
2604 (hdev->sent_cmd && !bt_cb(hdev->sent_cmd)->req.event))
2605 hci_req_cmd_complete(hdev, opcode, ev->status);
9238f36a 2606
10572132 2607 if (ev->ncmd && !test_bit(HCI_RESET, &hdev->flags)) {
a9de9248
MH		 2608 atomic_set(&hdev->cmd_cnt, 1);
2609 if (!skb_queue_empty(&hdev->cmd_q))
c347b765 2610 queue_work(hdev->workqueue, &hdev->cmd_work);
a9de9248
MH		 2611 }
2612}
2613
6039aa73 2614static void hci_role_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248
MH		 2615{
2616 struct hci_ev_role_change *ev = (void *) skb->data;
2617 struct hci_conn *conn;
2618
9f1db00c 2619 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
a9de9248
MH		 2620
2621 hci_dev_lock(hdev);
2622
2623 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2624 if (conn) {
2625 if (!ev->status) {
2626 if (ev->role)
2627 conn->link_mode &= ~HCI_LM_MASTER;
2628 else
2629 conn->link_mode |= HCI_LM_MASTER;
2630 }
2631
51a8efd7 2632 clear_bit(HCI_CONN_RSWITCH_PEND, &conn->flags);
a9de9248
MH		 2633
2634 hci_role_switch_cfm(conn, ev->status, ev->role);
2635 }
2636
2637 hci_dev_unlock(hdev);
2638}
2639
6039aa73 2640static void hci_num_comp_pkts_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248
MH		 2641{
2642 struct hci_ev_num_comp_pkts *ev = (void *) skb->data;
a9de9248
MH		 2643 int i;
2644
32ac5b9b
AE		 2645 if (hdev->flow_ctl_mode != HCI_FLOW_CTL_MODE_PACKET_BASED) {
2646 BT_ERR("Wrong event for mode %d", hdev->flow_ctl_mode);
2647 return;
2648 }
2649
c5993de8 2650 if (skb->len < sizeof(*ev) || skb->len < sizeof(*ev) +
807deac2 2651 ev->num_hndl * sizeof(struct hci_comp_pkts_info)) {
a9de9248
MH		 2652 BT_DBG("%s bad parameters", hdev->name);
2653 return;
2654 }
2655
c5993de8
AE		 2656 BT_DBG("%s num_hndl %d", hdev->name, ev->num_hndl);
2657
613a1c0c
AE		 2658 for (i = 0; i < ev->num_hndl; i++) {
2659 struct hci_comp_pkts_info *info = &ev->handles[i];
a9de9248
MH		 2660 struct hci_conn *conn;
2661 __u16 handle, count;
2662
613a1c0c
AE		 2663 handle = __le16_to_cpu(info->handle);
2664 count = __le16_to_cpu(info->count);
a9de9248
MH		 2665
2666 conn = hci_conn_hash_lookup_handle(hdev, handle);
f4280918
AE		 2667 if (!conn)
2668 continue;
2669
2670 conn->sent -= count;
2671
2672 switch (conn->type) {
2673 case ACL_LINK:
2674 hdev->acl_cnt += count;
2675 if (hdev->acl_cnt > hdev->acl_pkts)
2676 hdev->acl_cnt = hdev->acl_pkts;
2677 break;
2678
2679 case LE_LINK:
2680 if (hdev->le_pkts) {
2681 hdev->le_cnt += count;
2682 if (hdev->le_cnt > hdev->le_pkts)
2683 hdev->le_cnt = hdev->le_pkts;
2684 } else {
70f23020
AE		 2685 hdev->acl_cnt += count;
2686 if (hdev->acl_cnt > hdev->acl_pkts)
a9de9248 2687 hdev->acl_cnt = hdev->acl_pkts;
a9de9248 2688 }
f4280918
AE		 2689 break;
2690
2691 case SCO_LINK:
2692 hdev->sco_cnt += count;
2693 if (hdev->sco_cnt > hdev->sco_pkts)
2694 hdev->sco_cnt = hdev->sco_pkts;
2695 break;
2696
2697 default:
2698 BT_ERR("Unknown type %d conn %p", conn->type, conn);
2699 break;
a9de9248
MH		 2700 }
2701 }
2702
3eff45ea 2703 queue_work(hdev->workqueue, &hdev->tx_work);
a9de9248
MH		 2704}
2705
76ef7cf7
AE		 2706static struct hci_conn *__hci_conn_lookup_handle(struct hci_dev *hdev,
2707 __u16 handle)
2708{
2709 struct hci_chan *chan;
2710
2711 switch (hdev->dev_type) {
2712 case HCI_BREDR:
2713 return hci_conn_hash_lookup_handle(hdev, handle);
2714 case HCI_AMP:
2715 chan = hci_chan_lookup_handle(hdev, handle);
2716 if (chan)
2717 return chan->conn;
2718 break;
2719 default:
2720 BT_ERR("%s unknown dev_type %d", hdev->name, hdev->dev_type);
2721 break;
2722 }
2723
2724 return NULL;
2725}
2726
6039aa73 2727static void hci_num_comp_blocks_evt(struct hci_dev *hdev, struct sk_buff *skb)
25e89e99
AE		 2728{
2729 struct hci_ev_num_comp_blocks *ev = (void *) skb->data;
2730 int i;
2731
2732 if (hdev->flow_ctl_mode != HCI_FLOW_CTL_MODE_BLOCK_BASED) {
2733 BT_ERR("Wrong event for mode %d", hdev->flow_ctl_mode);
2734 return;
2735 }
2736
2737 if (skb->len < sizeof(*ev) || skb->len < sizeof(*ev) +
807deac2 2738 ev->num_hndl * sizeof(struct hci_comp_blocks_info)) {
25e89e99
AE		 2739 BT_DBG("%s bad parameters", hdev->name);
2740 return;
2741 }
2742
2743 BT_DBG("%s num_blocks %d num_hndl %d", hdev->name, ev->num_blocks,
807deac2 2744 ev->num_hndl);
25e89e99
AE		 2745
2746 for (i = 0; i < ev->num_hndl; i++) {
2747 struct hci_comp_blocks_info *info = &ev->handles[i];
76ef7cf7 2748 struct hci_conn *conn = NULL;
25e89e99
AE		 2749 __u16 handle, block_count;
2750
2751 handle = __le16_to_cpu(info->handle);
2752 block_count = __le16_to_cpu(info->blocks);
2753
76ef7cf7 2754 conn = __hci_conn_lookup_handle(hdev, handle);
25e89e99
AE		 2755 if (!conn)
2756 continue;
2757
2758 conn->sent -= block_count;
2759
2760 switch (conn->type) {
2761 case ACL_LINK:
bd1eb66b 2762 case AMP_LINK:
25e89e99
AE		 2763 hdev->block_cnt += block_count;
2764 if (hdev->block_cnt > hdev->num_blocks)
2765 hdev->block_cnt = hdev->num_blocks;
2766 break;
2767
2768 default:
2769 BT_ERR("Unknown type %d conn %p", conn->type, conn);
2770 break;
2771 }
2772 }
2773
2774 queue_work(hdev->workqueue, &hdev->tx_work);
2775}
2776
6039aa73 2777static void hci_mode_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
04837f64 2778{
a9de9248 2779 struct hci_ev_mode_change *ev = (void *) skb->data;
04837f64
MH		 2780 struct hci_conn *conn;
2781
9f1db00c 2782 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
04837f64
MH		 2783
2784 hci_dev_lock(hdev);
2785
2786 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
a9de9248
MH		 2787 if (conn) {
2788 conn->mode = ev->mode;
a9de9248 2789
8fc9ced3
GP		 2790 if (!test_and_clear_bit(HCI_CONN_MODE_CHANGE_PEND,
2791 &conn->flags)) {
a9de9248 2792 if (conn->mode == HCI_CM_ACTIVE)
58a681ef 2793 set_bit(HCI_CONN_POWER_SAVE, &conn->flags);
a9de9248 2794 else
58a681ef 2795 clear_bit(HCI_CONN_POWER_SAVE, &conn->flags);
a9de9248 2796 }
e73439d8 2797
51a8efd7 2798 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
e73439d8 2799 hci_sco_setup(conn, ev->status);
04837f64
MH		 2800 }
2801
2802 hci_dev_unlock(hdev);
2803}
2804
6039aa73 2805static void hci_pin_code_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248 2806{
052b30b0
MH		 2807 struct hci_ev_pin_code_req *ev = (void *) skb->data;
2808 struct hci_conn *conn;
2809
a9de9248 2810 BT_DBG("%s", hdev->name);
052b30b0
MH		 2811
2812 hci_dev_lock(hdev);
2813
2814 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
b6f98044
WR		 2815 if (!conn)
2816 goto unlock;
2817
2818 if (conn->state == BT_CONNECTED) {
052b30b0
MH		 2819 hci_conn_hold(conn);
2820 conn->disc_timeout = HCI_PAIRING_TIMEOUT;
76a68ba0 2821 hci_conn_drop(conn);
052b30b0
MH		 2822 }
2823
a8b2d5c2 2824 if (!test_bit(HCI_PAIRABLE, &hdev->dev_flags))
03b555e1 2825 hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
807deac2 2826 sizeof(ev->bdaddr), &ev->bdaddr);
a8b2d5c2 2827 else if (test_bit(HCI_MGMT, &hdev->dev_flags)) {
a770bb5a
WR		 2828 u8 secure;
2829
2830 if (conn->pending_sec_level == BT_SECURITY_HIGH)
2831 secure = 1;
2832 else
2833 secure = 0;
2834
744cf19e 2835 mgmt_pin_code_request(hdev, &ev->bdaddr, secure);
a770bb5a 2836 }
980e1a53 2837
b6f98044 2838unlock:
052b30b0 2839 hci_dev_unlock(hdev);
a9de9248
MH		 2840}
2841
6039aa73 2842static void hci_link_key_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248 2843{
55ed8ca1
JH		 2844 struct hci_ev_link_key_req *ev = (void *) skb->data;
2845 struct hci_cp_link_key_reply cp;
2846 struct hci_conn *conn;
2847 struct link_key *key;
2848
a9de9248 2849 BT_DBG("%s", hdev->name);
55ed8ca1 2850
034cbea0 2851 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
55ed8ca1
JH		 2852 return;
2853
2854 hci_dev_lock(hdev);
2855
2856 key = hci_find_link_key(hdev, &ev->bdaddr);
2857 if (!key) {
6ed93dc6
AE		 2858 BT_DBG("%s link key not found for %pMR", hdev->name,
2859 &ev->bdaddr);
55ed8ca1
JH		 2860 goto not_found;
2861 }
2862
6ed93dc6
AE		 2863 BT_DBG("%s found key type %u for %pMR", hdev->name, key->type,
2864 &ev->bdaddr);
55ed8ca1 2865
a8b2d5c2 2866 if (!test_bit(HCI_DEBUG_KEYS, &hdev->dev_flags) &&
807deac2 2867 key->type == HCI_LK_DEBUG_COMBINATION) {
55ed8ca1
JH		 2868 BT_DBG("%s ignoring debug key", hdev->name);
2869 goto not_found;
2870 }
2871
2872 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
60b83f57 2873 if (conn) {
66138ce8
MH		 2874 if ((key->type == HCI_LK_UNAUTH_COMBINATION_P192 ||
2875 key->type == HCI_LK_UNAUTH_COMBINATION_P256) &&
807deac2 2876 conn->auth_type != 0xff && (conn->auth_type & 0x01)) {
60b83f57
WR		 2877 BT_DBG("%s ignoring unauthenticated key", hdev->name);
2878 goto not_found;
2879 }
55ed8ca1 2880
60b83f57 2881 if (key->type == HCI_LK_COMBINATION && key->pin_len < 16 &&
807deac2 2882 conn->pending_sec_level == BT_SECURITY_HIGH) {
8fc9ced3
GP		 2883 BT_DBG("%s ignoring key unauthenticated for high security",
2884 hdev->name);
60b83f57
WR		 2885 goto not_found;
2886 }
2887
2888 conn->key_type = key->type;
2889 conn->pin_length = key->pin_len;
55ed8ca1
JH		 2890 }
2891
2892 bacpy(&cp.bdaddr, &ev->bdaddr);
9b3b4460 2893 memcpy(cp.link_key, key->val, HCI_LINK_KEY_SIZE);
55ed8ca1
JH		 2894
2895 hci_send_cmd(hdev, HCI_OP_LINK_KEY_REPLY, sizeof(cp), &cp);
2896
2897 hci_dev_unlock(hdev);
2898
2899 return;
2900
2901not_found:
2902 hci_send_cmd(hdev, HCI_OP_LINK_KEY_NEG_REPLY, 6, &ev->bdaddr);
2903 hci_dev_unlock(hdev);
a9de9248
MH		 2904}
2905
6039aa73 2906static void hci_link_key_notify_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248 2907{
052b30b0
MH		 2908 struct hci_ev_link_key_notify *ev = (void *) skb->data;
2909 struct hci_conn *conn;
55ed8ca1 2910 u8 pin_len = 0;
052b30b0 2911
a9de9248 2912 BT_DBG("%s", hdev->name);
052b30b0
MH		 2913
2914 hci_dev_lock(hdev);
2915
2916 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2917 if (conn) {
2918 hci_conn_hold(conn);
2919 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
980e1a53 2920 pin_len = conn->pin_length;
13d39315
WR		 2921
2922 if (ev->key_type != HCI_LK_CHANGED_COMBINATION)
2923 conn->key_type = ev->key_type;
2924
76a68ba0 2925 hci_conn_drop(conn);
052b30b0
MH		 2926 }
2927
034cbea0 2928 if (test_bit(HCI_MGMT, &hdev->dev_flags))
d25e28ab 2929 hci_add_link_key(hdev, conn, 1, &ev->bdaddr, ev->link_key,
807deac2 2930 ev->key_type, pin_len);
55ed8ca1 2931
052b30b0 2932 hci_dev_unlock(hdev);
a9de9248
MH		 2933}
2934
6039aa73 2935static void hci_clock_offset_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 2936{
a9de9248 2937 struct hci_ev_clock_offset *ev = (void *) skb->data;
04837f64 2938 struct hci_conn *conn;
1da177e4 2939
9f1db00c 2940 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
1da177e4
LT		 2941
2942 hci_dev_lock(hdev);
2943
04837f64 2944 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1da177e4
LT		 2945 if (conn && !ev->status) {
2946 struct inquiry_entry *ie;
2947
cc11b9c1
AE		 2948 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
2949 if (ie) {
1da177e4
LT		 2950 ie->data.clock_offset = ev->clock_offset;
2951 ie->timestamp = jiffies;
2952 }
2953 }
2954
2955 hci_dev_unlock(hdev);
2956}
2957
6039aa73 2958static void hci_pkt_type_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
a8746417
MH		 2959{
2960 struct hci_ev_pkt_type_change *ev = (void *) skb->data;
2961 struct hci_conn *conn;
2962
9f1db00c 2963 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
a8746417
MH		 2964
2965 hci_dev_lock(hdev);
2966
2967 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2968 if (conn && !ev->status)
2969 conn->pkt_type = __le16_to_cpu(ev->pkt_type);
2970
2971 hci_dev_unlock(hdev);
2972}
2973
6039aa73 2974static void hci_pscan_rep_mode_evt(struct hci_dev *hdev, struct sk_buff *skb)
85a1e930 2975{
a9de9248 2976 struct hci_ev_pscan_rep_mode *ev = (void *) skb->data;
85a1e930
MH		 2977 struct inquiry_entry *ie;
2978
2979 BT_DBG("%s", hdev->name);
2980
2981 hci_dev_lock(hdev);
2982
cc11b9c1
AE		 2983 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
2984 if (ie) {
85a1e930
MH		 2985 ie->data.pscan_rep_mode = ev->pscan_rep_mode;
2986 ie->timestamp = jiffies;
2987 }
2988
2989 hci_dev_unlock(hdev);
2990}
2991
6039aa73
GP		 2992static void hci_inquiry_result_with_rssi_evt(struct hci_dev *hdev,
2993 struct sk_buff *skb)
a9de9248
MH		 2994{
2995 struct inquiry_data data;
2996 int num_rsp = *((__u8 *) skb->data);
388fc8fa 2997 bool name_known, ssp;
a9de9248
MH		 2998
2999 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
3000
3001 if (!num_rsp)
3002 return;
3003
1519cc17
AG		 3004 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags))
3005 return;
3006
a9de9248
MH		 3007 hci_dev_lock(hdev);
3008
3009 if ((skb->len - 1) / num_rsp != sizeof(struct inquiry_info_with_rssi)) {
138d22ef
SJ		 3010 struct inquiry_info_with_rssi_and_pscan_mode *info;
3011 info = (void *) (skb->data + 1);
a9de9248 3012
e17acd40 3013 for (; num_rsp; num_rsp--, info++) {
a9de9248
MH		 3014 bacpy(&data.bdaddr, &info->bdaddr);
3015 data.pscan_rep_mode = info->pscan_rep_mode;
3016 data.pscan_period_mode = info->pscan_period_mode;
3017 data.pscan_mode = info->pscan_mode;
3018 memcpy(data.dev_class, info->dev_class, 3);
3019 data.clock_offset = info->clock_offset;
3020 data.rssi = info->rssi;
41a96212 3021 data.ssp_mode = 0x00;
3175405b
JH		 3022
3023 name_known = hci_inquiry_cache_update(hdev, &data,
04124681 3024 false, &ssp);
48264f06 3025 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
04124681
GP		 3026 info->dev_class, info->rssi,
3027 !name_known, ssp, NULL, 0);
a9de9248
MH		 3028 }
3029 } else {
3030 struct inquiry_info_with_rssi *info = (void *) (skb->data + 1);
3031
e17acd40 3032 for (; num_rsp; num_rsp--, info++) {
a9de9248
MH		 3033 bacpy(&data.bdaddr, &info->bdaddr);
3034 data.pscan_rep_mode = info->pscan_rep_mode;
3035 data.pscan_period_mode = info->pscan_period_mode;
3036 data.pscan_mode = 0x00;
3037 memcpy(data.dev_class, info->dev_class, 3);
3038 data.clock_offset = info->clock_offset;
3039 data.rssi = info->rssi;
41a96212 3040 data.ssp_mode = 0x00;
3175405b 3041 name_known = hci_inquiry_cache_update(hdev, &data,
04124681 3042 false, &ssp);
48264f06 3043 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
04124681
GP		 3044 info->dev_class, info->rssi,
3045 !name_known, ssp, NULL, 0);
a9de9248
MH		 3046 }
3047 }
3048
3049 hci_dev_unlock(hdev);
3050}
3051
6039aa73
GP		 3052static void hci_remote_ext_features_evt(struct hci_dev *hdev,
3053 struct sk_buff *skb)
a9de9248 3054{
41a96212
MH		 3055 struct hci_ev_remote_ext_features *ev = (void *) skb->data;
3056 struct hci_conn *conn;
3057
a9de9248 3058 BT_DBG("%s", hdev->name);
41a96212 3059
41a96212
MH		 3060 hci_dev_lock(hdev);
3061
3062 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
ccd556fe
JH		 3063 if (!conn)
3064 goto unlock;
41a96212 3065
cad718ed
JH		 3066 if (ev->page < HCI_MAX_PAGES)
3067 memcpy(conn->features[ev->page], ev->features, 8);
3068
ccd556fe
JH		 3069 if (!ev->status && ev->page == 0x01) {
3070 struct inquiry_entry *ie;
41a96212 3071
cc11b9c1
AE		 3072 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
3073 if (ie)
02b7cc62 3074 ie->data.ssp_mode = (ev->features[0] & LMP_HOST_SSP);
769be974 3075
bbb0eada 3076 if (ev->features[0] & LMP_HOST_SSP) {
58a681ef 3077 set_bit(HCI_CONN_SSP_ENABLED, &conn->flags);
bbb0eada
JK		 3078 } else {
3079 /* It is mandatory by the Bluetooth specification that
3080 * Extended Inquiry Results are only used when Secure
3081 * Simple Pairing is enabled, but some devices violate
3082 * this.
3083 *
3084 * To make these devices work, the internal SSP
3085 * enabled flag needs to be cleared if the remote host
3086 * features do not indicate SSP support */
3087 clear_bit(HCI_CONN_SSP_ENABLED, &conn->flags);
3088 }
eb9a8f3f
MH		 3089
3090 if (ev->features[0] & LMP_HOST_SC)
3091 set_bit(HCI_CONN_SC_ENABLED, &conn->flags);
ccd556fe
JH		 3092 }
3093
3094 if (conn->state != BT_CONFIG)
3095 goto unlock;
3096
671267bf 3097 if (!ev->status && !test_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags)) {
127178d2
JH		 3098 struct hci_cp_remote_name_req cp;
3099 memset(&cp, 0, sizeof(cp));
3100 bacpy(&cp.bdaddr, &conn->dst);
3101 cp.pscan_rep_mode = 0x02;
3102 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
b644ba33
JH		 3103 } else if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
3104 mgmt_device_connected(hdev, &conn->dst, conn->type,
04124681
GP		 3105 conn->dst_type, 0, NULL, 0,
3106 conn->dev_class);
392599b9 3107
127178d2 3108 if (!hci_outgoing_auth_needed(hdev, conn)) {
ccd556fe
JH		 3109 conn->state = BT_CONNECTED;
3110 hci_proto_connect_cfm(conn, ev->status);
76a68ba0 3111 hci_conn_drop(conn);
41a96212
MH		 3112 }
3113
ccd556fe 3114unlock:
41a96212 3115 hci_dev_unlock(hdev);
a9de9248
MH		 3116}
3117
6039aa73
GP		 3118static void hci_sync_conn_complete_evt(struct hci_dev *hdev,
3119 struct sk_buff *skb)
a9de9248 3120{
b6a0dc82
MH		 3121 struct hci_ev_sync_conn_complete *ev = (void *) skb->data;
3122 struct hci_conn *conn;
3123
9f1db00c 3124 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
b6a0dc82
MH		 3125
3126 hci_dev_lock(hdev);
3127
3128 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
9dc0a3af
MH		 3129 if (!conn) {
3130 if (ev->link_type == ESCO_LINK)
3131 goto unlock;
3132
3133 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
3134 if (!conn)
3135 goto unlock;
3136
3137 conn->type = SCO_LINK;
3138 }
b6a0dc82 3139
732547f9
MH		 3140 switch (ev->status) {
3141 case 0x00:
b6a0dc82
MH		 3142 conn->handle = __le16_to_cpu(ev->handle);
3143 conn->state = BT_CONNECTED;
7d0db0a3
MH		 3144
3145 hci_conn_add_sysfs(conn);
732547f9
MH		 3146 break;
3147
1a4c958c 3148 case 0x0d: /* Connection Rejected due to Limited Resources */
705e5711 3149 case 0x11: /* Unsupported Feature or Parameter Value */
732547f9 3150 case 0x1c: /* SCO interval rejected */
1038a00b 3151 case 0x1a: /* Unsupported Remote Feature */
732547f9 3152 case 0x1f: /* Unspecified error */
2dea632f 3153 if (conn->out) {
732547f9
MH		 3154 conn->pkt_type = (hdev->esco_type & SCO_ESCO_MASK) |
3155 (hdev->esco_type & EDR_ESCO_MASK);
2dea632f
FD		 3156 if (hci_setup_sync(conn, conn->link->handle))
3157 goto unlock;
732547f9
MH		 3158 }
3159 /* fall through */
3160
3161 default:
b6a0dc82 3162 conn->state = BT_CLOSED;
732547f9
MH		 3163 break;
3164 }
b6a0dc82
MH		 3165
3166 hci_proto_connect_cfm(conn, ev->status);
3167 if (ev->status)
3168 hci_conn_del(conn);
3169
3170unlock:
3171 hci_dev_unlock(hdev);
a9de9248
MH		 3172}
3173
efdcf8e3
MH		 3174static inline size_t eir_get_length(u8 *eir, size_t eir_len)
3175{
3176 size_t parsed = 0;
3177
3178 while (parsed < eir_len) {
3179 u8 field_len = eir[0];
3180
3181 if (field_len == 0)
3182 return parsed;
3183
3184 parsed += field_len + 1;
3185 eir += field_len + 1;
3186 }
3187
3188 return eir_len;
3189}
3190
6039aa73
GP		 3191static void hci_extended_inquiry_result_evt(struct hci_dev *hdev,
3192 struct sk_buff *skb)
1da177e4 3193{
a9de9248
MH		 3194 struct inquiry_data data;
3195 struct extended_inquiry_info *info = (void *) (skb->data + 1);
3196 int num_rsp = *((__u8 *) skb->data);
9d939d94 3197 size_t eir_len;
1da177e4 3198
a9de9248 3199 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
1da177e4 3200
a9de9248
MH		 3201 if (!num_rsp)
3202 return;
1da177e4 3203
1519cc17
AG		 3204 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags))
3205 return;
3206
a9de9248
MH		 3207 hci_dev_lock(hdev);
3208
e17acd40 3209 for (; num_rsp; num_rsp--, info++) {
388fc8fa 3210 bool name_known, ssp;
561aafbc 3211
a9de9248 3212 bacpy(&data.bdaddr, &info->bdaddr);
138d22ef
SJ		 3213 data.pscan_rep_mode = info->pscan_rep_mode;
3214 data.pscan_period_mode = info->pscan_period_mode;
3215 data.pscan_mode = 0x00;
a9de9248 3216 memcpy(data.dev_class, info->dev_class, 3);
138d22ef
SJ		 3217 data.clock_offset = info->clock_offset;
3218 data.rssi = info->rssi;
41a96212 3219 data.ssp_mode = 0x01;
561aafbc 3220
a8b2d5c2 3221 if (test_bit(HCI_MGMT, &hdev->dev_flags))
4ddb1930 3222 name_known = eir_has_data_type(info->data,
04124681
GP		 3223 sizeof(info->data),
3224 EIR_NAME_COMPLETE);
561aafbc
JH		 3225 else
3226 name_known = true;
3227
388fc8fa 3228 name_known = hci_inquiry_cache_update(hdev, &data, name_known,
04124681 3229 &ssp);
9d939d94 3230 eir_len = eir_get_length(info->data, sizeof(info->data));
48264f06 3231 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
04124681 3232 info->dev_class, info->rssi, !name_known,
9d939d94 3233 ssp, info->data, eir_len);
a9de9248
MH		 3234 }
3235
3236 hci_dev_unlock(hdev);
3237}
1da177e4 3238
1c2e0041
JH		 3239static void hci_key_refresh_complete_evt(struct hci_dev *hdev,
3240 struct sk_buff *skb)
3241{
3242 struct hci_ev_key_refresh_complete *ev = (void *) skb->data;
3243 struct hci_conn *conn;
3244
9f1db00c 3245 BT_DBG("%s status 0x%2.2x handle 0x%4.4x", hdev->name, ev->status,
1c2e0041
JH		 3246 __le16_to_cpu(ev->handle));
3247
3248 hci_dev_lock(hdev);
3249
3250 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
3251 if (!conn)
3252 goto unlock;
3253
3254 if (!ev->status)
3255 conn->sec_level = conn->pending_sec_level;
3256
3257 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
3258
3259 if (ev->status && conn->state == BT_CONNECTED) {
bed71748 3260 hci_disconnect(conn, HCI_ERROR_AUTH_FAILURE);
76a68ba0 3261 hci_conn_drop(conn);
1c2e0041
JH		 3262 goto unlock;
3263 }
3264
3265 if (conn->state == BT_CONFIG) {
3266 if (!ev->status)
3267 conn->state = BT_CONNECTED;
3268
3269 hci_proto_connect_cfm(conn, ev->status);
76a68ba0 3270 hci_conn_drop(conn);
1c2e0041
JH		 3271 } else {
3272 hci_auth_cfm(conn, ev->status);
3273
3274 hci_conn_hold(conn);
3275 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
76a68ba0 3276 hci_conn_drop(conn);
1c2e0041
JH		 3277 }
3278
3279unlock:
3280 hci_dev_unlock(hdev);
3281}
3282
6039aa73 3283static u8 hci_get_auth_req(struct hci_conn *conn)
17fa4b9d
JH		 3284{
3285 /* If remote requests dedicated bonding follow that lead */
acabae96
MA		 3286 if (conn->remote_auth == HCI_AT_DEDICATED_BONDING ||
3287 conn->remote_auth == HCI_AT_DEDICATED_BONDING_MITM) {
17fa4b9d
JH		 3288 /* If both remote and local IO capabilities allow MITM
3289 * protection then require it, otherwise don't */
acabae96
MA		 3290 if (conn->remote_cap == HCI_IO_NO_INPUT_OUTPUT ||
3291 conn->io_capability == HCI_IO_NO_INPUT_OUTPUT)
3292 return HCI_AT_DEDICATED_BONDING;
17fa4b9d 3293 else
acabae96 3294 return HCI_AT_DEDICATED_BONDING_MITM;
17fa4b9d
JH		 3295 }
3296
3297 /* If remote requests no-bonding follow that lead */
acabae96
MA		 3298 if (conn->remote_auth == HCI_AT_NO_BONDING ||
3299 conn->remote_auth == HCI_AT_NO_BONDING_MITM)
58797bf7 3300 return conn->remote_auth | (conn->auth_type & 0x01);
17fa4b9d
JH		 3301
3302 return conn->auth_type;
3303}
3304
6039aa73 3305static void hci_io_capa_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
0493684e
MH		 3306{
3307 struct hci_ev_io_capa_request *ev = (void *) skb->data;
3308 struct hci_conn *conn;
3309
3310 BT_DBG("%s", hdev->name);
3311
3312 hci_dev_lock(hdev);
3313
3314 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
03b555e1
JH		 3315 if (!conn)
3316 goto unlock;
3317
3318 hci_conn_hold(conn);
3319
a8b2d5c2 3320 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
03b555e1
JH		 3321 goto unlock;
3322
a8b2d5c2 3323 if (test_bit(HCI_PAIRABLE, &hdev->dev_flags) ||
807deac2 3324 (conn->remote_auth & ~0x01) == HCI_AT_NO_BONDING) {
17fa4b9d
JH		 3325 struct hci_cp_io_capability_reply cp;
3326
3327 bacpy(&cp.bdaddr, &ev->bdaddr);
7a7f1e7c
HG		 3328 /* Change the IO capability from KeyboardDisplay
3329 * to DisplayYesNo as it is not supported by BT spec. */
3330 cp.capability = (conn->io_capability == 0x04) ?
a767631a 3331 HCI_IO_DISPLAY_YESNO : conn->io_capability;
7cbc9bd9
JH		 3332 conn->auth_type = hci_get_auth_req(conn);
3333 cp.authentication = conn->auth_type;
17fa4b9d 3334
8fc9ced3
GP		 3335 if (hci_find_remote_oob_data(hdev, &conn->dst) &&
3336 (conn->out || test_bit(HCI_CONN_REMOTE_OOB, &conn->flags)))
ce85ee13
SJ		 3337 cp.oob_data = 0x01;
3338 else
3339 cp.oob_data = 0x00;
3340
17fa4b9d 3341 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_REPLY,
807deac2 3342 sizeof(cp), &cp);
03b555e1
JH		 3343 } else {
3344 struct hci_cp_io_capability_neg_reply cp;
3345
3346 bacpy(&cp.bdaddr, &ev->bdaddr);
9f5a0d7b 3347 cp.reason = HCI_ERROR_PAIRING_NOT_ALLOWED;
0493684e 3348
03b555e1 3349 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_NEG_REPLY,
807deac2 3350 sizeof(cp), &cp);
03b555e1
JH		 3351 }
3352
3353unlock:
3354 hci_dev_unlock(hdev);
3355}
3356
6039aa73 3357static void hci_io_capa_reply_evt(struct hci_dev *hdev, struct sk_buff *skb)
03b555e1
JH		 3358{
3359 struct hci_ev_io_capa_reply *ev = (void *) skb->data;
3360 struct hci_conn *conn;
3361
3362 BT_DBG("%s", hdev->name);
3363
3364 hci_dev_lock(hdev);
3365
3366 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3367 if (!conn)
3368 goto unlock;
3369
03b555e1 3370 conn->remote_cap = ev->capability;
03b555e1 3371 conn->remote_auth = ev->authentication;
58a681ef
JH		 3372 if (ev->oob_data)
3373 set_bit(HCI_CONN_REMOTE_OOB, &conn->flags);
03b555e1
JH		 3374
3375unlock:
0493684e
MH		 3376 hci_dev_unlock(hdev);
3377}
3378
6039aa73
GP		 3379static void hci_user_confirm_request_evt(struct hci_dev *hdev,
3380 struct sk_buff *skb)
a5c29683
JH		 3381{
3382 struct hci_ev_user_confirm_req *ev = (void *) skb->data;
55bc1a37 3383 int loc_mitm, rem_mitm, confirm_hint = 0;
7a828908 3384 struct hci_conn *conn;
a5c29683
JH		 3385
3386 BT_DBG("%s", hdev->name);
3387
3388 hci_dev_lock(hdev);
3389
a8b2d5c2 3390 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
7a828908 3391 goto unlock;
a5c29683 3392
7a828908
JH		 3393 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3394 if (!conn)
3395 goto unlock;
3396
3397 loc_mitm = (conn->auth_type & 0x01);
3398 rem_mitm = (conn->remote_auth & 0x01);
3399
3400 /* If we require MITM but the remote device can't provide that
3401 * (it has NoInputNoOutput) then reject the confirmation
3402 * request. The only exception is when we're dedicated bonding
3403 * initiators (connect_cfm_cb set) since then we always have the MITM
3404 * bit set. */
a767631a
MA		 3405 if (!conn->connect_cfm_cb && loc_mitm &&
3406 conn->remote_cap == HCI_IO_NO_INPUT_OUTPUT) {
7a828908
JH		 3407 BT_DBG("Rejecting request: remote device can't provide MITM");
3408 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_NEG_REPLY,
807deac2 3409 sizeof(ev->bdaddr), &ev->bdaddr);
7a828908
JH		 3410 goto unlock;
3411 }
3412
3413 /* If no side requires MITM protection; auto-accept */
a767631a
MA		 3414 if ((!loc_mitm || conn->remote_cap == HCI_IO_NO_INPUT_OUTPUT) &&
3415 (!rem_mitm || conn->io_capability == HCI_IO_NO_INPUT_OUTPUT)) {
55bc1a37
JH		 3416
3417 /* If we're not the initiators request authorization to
3418 * proceed from user space (mgmt_user_confirm with
3419 * confirm_hint set to 1). */
51a8efd7 3420 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
55bc1a37
JH		 3421 BT_DBG("Confirming auto-accept as acceptor");
3422 confirm_hint = 1;
3423 goto confirm;
3424 }
3425
9f61656a 3426 BT_DBG("Auto-accept of user confirmation with %ums delay",
807deac2 3427 hdev->auto_accept_delay);
9f61656a
JH		 3428
3429 if (hdev->auto_accept_delay > 0) {
3430 int delay = msecs_to_jiffies(hdev->auto_accept_delay);
7bc18d9d
JH		 3431 queue_delayed_work(conn->hdev->workqueue,
3432 &conn->auto_accept_work, delay);
9f61656a
JH		 3433 goto unlock;
3434 }
3435
7a828908 3436 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_REPLY,
807deac2 3437 sizeof(ev->bdaddr), &ev->bdaddr);
7a828908
JH		 3438 goto unlock;
3439 }
3440
55bc1a37 3441confirm:
272d90df 3442 mgmt_user_confirm_request(hdev, &ev->bdaddr, ACL_LINK, 0, ev->passkey,
04124681 3443 confirm_hint);
7a828908
JH		 3444
3445unlock:
a5c29683
JH		 3446 hci_dev_unlock(hdev);
3447}
3448
6039aa73
GP		 3449static void hci_user_passkey_request_evt(struct hci_dev *hdev,
3450 struct sk_buff *skb)
1143d458
BG		 3451{
3452 struct hci_ev_user_passkey_req *ev = (void *) skb->data;
3453
3454 BT_DBG("%s", hdev->name);
3455
a8b2d5c2 3456 if (test_bit(HCI_MGMT, &hdev->dev_flags))
272d90df 3457 mgmt_user_passkey_request(hdev, &ev->bdaddr, ACL_LINK, 0);
1143d458
BG		 3458}
3459
92a25256
JH		 3460static void hci_user_passkey_notify_evt(struct hci_dev *hdev,
3461 struct sk_buff *skb)
3462{
3463 struct hci_ev_user_passkey_notify *ev = (void *) skb->data;
3464 struct hci_conn *conn;
3465
3466 BT_DBG("%s", hdev->name);
3467
3468 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3469 if (!conn)
3470 return;
3471
3472 conn->passkey_notify = __le32_to_cpu(ev->passkey);
3473 conn->passkey_entered = 0;
3474
3475 if (test_bit(HCI_MGMT, &hdev->dev_flags))
3476 mgmt_user_passkey_notify(hdev, &conn->dst, conn->type,
3477 conn->dst_type, conn->passkey_notify,
3478 conn->passkey_entered);
3479}
3480
3481static void hci_keypress_notify_evt(struct hci_dev *hdev, struct sk_buff *skb)
3482{
3483 struct hci_ev_keypress_notify *ev = (void *) skb->data;
3484 struct hci_conn *conn;
3485
3486 BT_DBG("%s", hdev->name);
3487
3488 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3489 if (!conn)
3490 return;
3491
3492 switch (ev->type) {
3493 case HCI_KEYPRESS_STARTED:
3494 conn->passkey_entered = 0;
3495 return;
3496
3497 case HCI_KEYPRESS_ENTERED:
3498 conn->passkey_entered++;
3499 break;
3500
3501 case HCI_KEYPRESS_ERASED:
3502 conn->passkey_entered--;
3503 break;
3504
3505 case HCI_KEYPRESS_CLEARED:
3506 conn->passkey_entered = 0;
3507 break;
3508
3509 case HCI_KEYPRESS_COMPLETED:
3510 return;
3511 }
3512
3513 if (test_bit(HCI_MGMT, &hdev->dev_flags))
3514 mgmt_user_passkey_notify(hdev, &conn->dst, conn->type,
3515 conn->dst_type, conn->passkey_notify,
3516 conn->passkey_entered);
3517}
3518
6039aa73
GP		 3519static void hci_simple_pair_complete_evt(struct hci_dev *hdev,
3520 struct sk_buff *skb)
0493684e
MH		 3521{
3522 struct hci_ev_simple_pair_complete *ev = (void *) skb->data;
3523 struct hci_conn *conn;
3524
3525 BT_DBG("%s", hdev->name);
3526
3527 hci_dev_lock(hdev);
3528
3529 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2a611692
JH		 3530 if (!conn)
3531 goto unlock;
3532
3533 /* To avoid duplicate auth_failed events to user space we check
3534 * the HCI_CONN_AUTH_PEND flag which will be set if we
3535 * initiated the authentication. A traditional auth_complete
3536 * event gets always produced as initiator and is also mapped to
3537 * the mgmt_auth_failed event */
fa1bd918 3538 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->flags) && ev->status)
bab73cb6 3539 mgmt_auth_failed(hdev, &conn->dst, conn->type, conn->dst_type,
04124681 3540 ev->status);
0493684e 3541
76a68ba0 3542 hci_conn_drop(conn);
2a611692
JH		 3543
3544unlock:
0493684e
MH		 3545 hci_dev_unlock(hdev);
3546}
3547
6039aa73
GP		 3548static void hci_remote_host_features_evt(struct hci_dev *hdev,
3549 struct sk_buff *skb)
41a96212
MH		 3550{
3551 struct hci_ev_remote_host_features *ev = (void *) skb->data;
3552 struct inquiry_entry *ie;
cad718ed 3553 struct hci_conn *conn;
41a96212
MH		 3554
3555 BT_DBG("%s", hdev->name);
3556
3557 hci_dev_lock(hdev);
3558
cad718ed
JH		 3559 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3560 if (conn)
3561 memcpy(conn->features[1], ev->features, 8);
3562
cc11b9c1
AE		 3563 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
3564 if (ie)
02b7cc62 3565 ie->data.ssp_mode = (ev->features[0] & LMP_HOST_SSP);
41a96212
MH		 3566
3567 hci_dev_unlock(hdev);
3568}
3569
6039aa73
GP		 3570static void hci_remote_oob_data_request_evt(struct hci_dev *hdev,
3571 struct sk_buff *skb)
2763eda6
SJ		 3572{
3573 struct hci_ev_remote_oob_data_request *ev = (void *) skb->data;
3574 struct oob_data *data;
3575
3576 BT_DBG("%s", hdev->name);
3577
3578 hci_dev_lock(hdev);
3579
a8b2d5c2 3580 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
e1ba1f15
SJ		 3581 goto unlock;
3582
2763eda6
SJ		 3583 data = hci_find_remote_oob_data(hdev, &ev->bdaddr);
3584 if (data) {
519ca9d0
MH		 3585 if (test_bit(HCI_SC_ENABLED, &hdev->dev_flags)) {
3586 struct hci_cp_remote_oob_ext_data_reply cp;
2763eda6 3587
519ca9d0
MH		 3588 bacpy(&cp.bdaddr, &ev->bdaddr);
3589 memcpy(cp.hash192, data->hash192, sizeof(cp.hash192));
3590 memcpy(cp.randomizer192, data->randomizer192,
3591 sizeof(cp.randomizer192));
3592 memcpy(cp.hash256, data->hash256, sizeof(cp.hash256));
3593 memcpy(cp.randomizer256, data->randomizer256,
3594 sizeof(cp.randomizer256));
3595
3596 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_EXT_DATA_REPLY,
3597 sizeof(cp), &cp);
3598 } else {
3599 struct hci_cp_remote_oob_data_reply cp;
2763eda6 3600
519ca9d0
MH		 3601 bacpy(&cp.bdaddr, &ev->bdaddr);
3602 memcpy(cp.hash, data->hash192, sizeof(cp.hash));
3603 memcpy(cp.randomizer, data->randomizer192,
3604 sizeof(cp.randomizer));
3605
3606 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_REPLY,
3607 sizeof(cp), &cp);
3608 }
2763eda6
SJ		 3609 } else {
3610 struct hci_cp_remote_oob_data_neg_reply cp;
3611
3612 bacpy(&cp.bdaddr, &ev->bdaddr);
519ca9d0
MH		 3613 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_NEG_REPLY,
3614 sizeof(cp), &cp);
2763eda6
SJ		 3615 }
3616
e1ba1f15 3617unlock:
2763eda6
SJ		 3618 hci_dev_unlock(hdev);
3619}
3620
d5e91192
AE		 3621static void hci_phy_link_complete_evt(struct hci_dev *hdev,
3622 struct sk_buff *skb)
3623{
3624 struct hci_ev_phy_link_complete *ev = (void *) skb->data;
3625 struct hci_conn *hcon, *bredr_hcon;
3626
3627 BT_DBG("%s handle 0x%2.2x status 0x%2.2x", hdev->name, ev->phy_handle,
3628 ev->status);
3629
3630 hci_dev_lock(hdev);
3631
3632 hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
3633 if (!hcon) {
3634 hci_dev_unlock(hdev);
3635 return;
3636 }
3637
3638 if (ev->status) {
3639 hci_conn_del(hcon);
3640 hci_dev_unlock(hdev);
3641 return;
3642 }
3643
3644 bredr_hcon = hcon->amp_mgr->l2cap_conn->hcon;
3645
3646 hcon->state = BT_CONNECTED;
3647 bacpy(&hcon->dst, &bredr_hcon->dst);
3648
3649 hci_conn_hold(hcon);
3650 hcon->disc_timeout = HCI_DISCONN_TIMEOUT;
76a68ba0 3651 hci_conn_drop(hcon);
d5e91192 3652
d5e91192
AE		 3653 hci_conn_add_sysfs(hcon);
3654
cf70ff22 3655 amp_physical_cfm(bredr_hcon, hcon);
d5e91192 3656
cf70ff22 3657 hci_dev_unlock(hdev);
d5e91192
AE		 3658}
3659
27695fb4
AE		 3660static void hci_loglink_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
3661{
3662 struct hci_ev_logical_link_complete *ev = (void *) skb->data;
3663 struct hci_conn *hcon;
3664 struct hci_chan *hchan;
3665 struct amp_mgr *mgr;
3666
3667 BT_DBG("%s log_handle 0x%4.4x phy_handle 0x%2.2x status 0x%2.2x",
3668 hdev->name, le16_to_cpu(ev->handle), ev->phy_handle,
3669 ev->status);
3670
3671 hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
3672 if (!hcon)
3673 return;
3674
3675 /* Create AMP hchan */
3676 hchan = hci_chan_create(hcon);
3677 if (!hchan)
3678 return;
3679
3680 hchan->handle = le16_to_cpu(ev->handle);
3681
3682 BT_DBG("hcon %p mgr %p hchan %p", hcon, hcon->amp_mgr, hchan);
3683
3684 mgr = hcon->amp_mgr;
3685 if (mgr && mgr->bredr_chan) {
3686 struct l2cap_chan *bredr_chan = mgr->bredr_chan;
3687
3688 l2cap_chan_lock(bredr_chan);
3689
3690 bredr_chan->conn->mtu = hdev->block_mtu;
3691 l2cap_logical_cfm(bredr_chan, hchan, 0);
3692 hci_conn_hold(hcon);
3693
3694 l2cap_chan_unlock(bredr_chan);
3695 }
3696}
3697
606e2a10
AE		 3698static void hci_disconn_loglink_complete_evt(struct hci_dev *hdev,
3699 struct sk_buff *skb)
3700{
3701 struct hci_ev_disconn_logical_link_complete *ev = (void *) skb->data;
3702 struct hci_chan *hchan;
3703
3704 BT_DBG("%s log handle 0x%4.4x status 0x%2.2x", hdev->name,
3705 le16_to_cpu(ev->handle), ev->status);
3706
3707 if (ev->status)
3708 return;
3709
3710 hci_dev_lock(hdev);
3711
3712 hchan = hci_chan_lookup_handle(hdev, le16_to_cpu(ev->handle));
3713 if (!hchan)
3714 goto unlock;
3715
3716 amp_destroy_logical_link(hchan, ev->reason);
3717
3718unlock:
3719 hci_dev_unlock(hdev);
3720}
3721
9eef6b3a
AE		 3722static void hci_disconn_phylink_complete_evt(struct hci_dev *hdev,
3723 struct sk_buff *skb)
3724{
3725 struct hci_ev_disconn_phy_link_complete *ev = (void *) skb->data;
3726 struct hci_conn *hcon;
3727
3728 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
3729
3730 if (ev->status)
3731 return;
3732
3733 hci_dev_lock(hdev);
3734
3735 hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
3736 if (hcon) {
3737 hcon->state = BT_CLOSED;
3738 hci_conn_del(hcon);
3739 }
3740
3741 hci_dev_unlock(hdev);
3742}
3743
6039aa73 3744static void hci_le_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
fcd89c09
VT		 3745{
3746 struct hci_ev_le_conn_complete *ev = (void *) skb->data;
3747 struct hci_conn *conn;
68d6f6de 3748 struct smp_irk *irk;
fcd89c09 3749
9f1db00c 3750 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
fcd89c09
VT		 3751
3752 hci_dev_lock(hdev);
3753
b47a09b3 3754 conn = hci_conn_hash_lookup_state(hdev, LE_LINK, BT_CONNECT);
b62f328b
VT		 3755 if (!conn) {
3756 conn = hci_conn_add(hdev, LE_LINK, &ev->bdaddr);
3757 if (!conn) {
3758 BT_ERR("No memory for new connection");
230fd16a 3759 goto unlock;
b62f328b 3760 }
29b7988a
AG		 3761
3762 conn->dst_type = ev->bdaddr_type;
b9b343d2 3763
880be4e8
MH		 3764 /* The advertising parameters for own address type
3765 * define which source address and source address
3766 * type this connections has.
3767 */
3768 if (bacmp(&conn->src, BDADDR_ANY)) {
3769 conn->src_type = ADDR_LE_DEV_PUBLIC;
3770 } else {
3771 bacpy(&conn->src, &hdev->static_addr);
3772 conn->src_type = ADDR_LE_DEV_RANDOM;
3773 }
3774
b9b343d2
AG		 3775 if (ev->role == LE_CONN_ROLE_MASTER) {
3776 conn->out = true;
3777 conn->link_mode |= HCI_LM_MASTER;
3778 }
cb1d68f7
JH		 3779
3780 /* If we didn't have a hci_conn object previously
3781 * but we're in master role this must be something
3782 * initiated using a white list. Since white list based
3783 * connections are not "first class citizens" we don't
3784 * have full tracking of them. Therefore, we go ahead
3785 * with a "best effort" approach of determining the
3786 * initiator address based on the HCI_PRIVACY flag.
3787 */
3788 if (conn->out) {
3789 conn->resp_addr_type = ev->bdaddr_type;
3790 bacpy(&conn->resp_addr, &ev->bdaddr);
3791 if (test_bit(HCI_PRIVACY, &hdev->dev_flags)) {
3792 conn->init_addr_type = ADDR_LE_DEV_RANDOM;
3793 bacpy(&conn->init_addr, &hdev->rpa);
3794 } else {
3795 hci_copy_identity_address(hdev,
3796 &conn->init_addr,
3797 &conn->init_addr_type);
3798 }
3799 } else {
3800 /* Set the responder (our side) address type based on
3801 * the advertising address type.
3802 */
3803 conn->resp_addr_type = hdev->adv_addr_type;
3804 if (hdev->adv_addr_type == ADDR_LE_DEV_RANDOM)
3805 bacpy(&conn->resp_addr, &hdev->random_addr);
3806 else
3807 bacpy(&conn->resp_addr, &hdev->bdaddr);
3808
3809 conn->init_addr_type = ev->bdaddr_type;
3810 bacpy(&conn->init_addr, &ev->bdaddr);
3811 }
9489eca4
JH		 3812 } else {
3813 cancel_delayed_work(&conn->le_conn_timeout);
b62f328b 3814 }
fcd89c09 3815
7be2edbb
JH		 3816 /* Ensure that the hci_conn contains the identity address type
3817 * regardless of which address the connection was made with.
7be2edbb 3818 */
a1f4c318 3819 hci_copy_identity_address(hdev, &conn->src, &conn->src_type);
7be2edbb 3820
edb4b466
MH		 3821 /* Lookup the identity address from the stored connection
3822 * address and address type.
3823 *
3824 * When establishing connections to an identity address, the
3825 * connection procedure will store the resolvable random
3826 * address first. Now if it can be converted back into the
3827 * identity address, start using the identity address from
3828 * now on.
3829 */
3830 irk = hci_get_irk(hdev, &conn->dst, conn->dst_type);
68d6f6de
JH		 3831 if (irk) {
3832 bacpy(&conn->dst, &irk->bdaddr);
3833 conn->dst_type = irk->addr_type;
3834 }
3835
cd17decb 3836 if (ev->status) {
06c053fb 3837 hci_le_conn_failed(conn, ev->status);
cd17decb
AG		 3838 goto unlock;
3839 }
3840
b644ba33 3841 if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
01fdb0fc 3842 mgmt_device_connected(hdev, &conn->dst, conn->type,
04124681 3843 conn->dst_type, 0, NULL, 0, NULL);
83bc71b4 3844
7b5c0d52 3845 conn->sec_level = BT_SECURITY_LOW;
fcd89c09
VT		 3846 conn->handle = __le16_to_cpu(ev->handle);
3847 conn->state = BT_CONNECTED;
3848
18722c24
JR		 3849 if (test_bit(HCI_6LOWPAN_ENABLED, &hdev->dev_flags))
3850 set_bit(HCI_CONN_6LOWPAN, &conn->flags);
3851
fcd89c09
VT		 3852 hci_conn_add_sysfs(conn);
3853
3854 hci_proto_connect_cfm(conn, ev->status);
3855
a4790dbd
AG		 3856 hci_pend_le_conn_del(hdev, &conn->dst, conn->dst_type);
3857
fcd89c09
VT		 3858unlock:
3859 hci_dev_unlock(hdev);
3860}
3861
a4790dbd
AG		 3862/* This function requires the caller holds hdev->lock */
3863static void check_pending_le_conn(struct hci_dev *hdev, bdaddr_t *addr,
3864 u8 addr_type)
3865{
3866 struct hci_conn *conn;
5b906a84
AG		 3867 struct smp_irk *irk;
3868
3869 /* If this is a resolvable address, we should resolve it and then
3870 * update address and address type variables.
3871 */
3872 irk = hci_get_irk(hdev, addr, addr_type);
3873 if (irk) {
3874 addr = &irk->bdaddr;
3875 addr_type = irk->addr_type;
3876 }
a4790dbd
AG		 3877
3878 if (!hci_pend_le_conn_lookup(hdev, addr, addr_type))
3879 return;
3880
3881 conn = hci_connect_le(hdev, addr, addr_type, BT_SECURITY_LOW,
3882 HCI_AT_NO_BONDING);
3883 if (!IS_ERR(conn))
3884 return;
3885
3886 switch (PTR_ERR(conn)) {
3887 case -EBUSY:
3888 /* If hci_connect() returns -EBUSY it means there is already
3889 * an LE connection attempt going on. Since controllers don't
3890 * support more than one connection attempt at the time, we
3891 * don't consider this an error case.
3892 */
3893 break;
3894 default:
3895 BT_DBG("Failed to connect: err %ld", PTR_ERR(conn));
3896 }
3897}
3898
6039aa73 3899static void hci_le_adv_report_evt(struct hci_dev *hdev, struct sk_buff *skb)
9aa04c91 3900{
e95beb41
AG		 3901 u8 num_reports = skb->data[0];
3902 void *ptr = &skb->data[1];
3c9e9195 3903 s8 rssi;
9aa04c91 3904
a4790dbd
AG		 3905 hci_dev_lock(hdev);
3906
e95beb41
AG		 3907 while (num_reports--) {
3908 struct hci_ev_le_advertising_info *ev = ptr;
9aa04c91 3909
a4790dbd
AG		 3910 if (ev->evt_type == LE_ADV_IND ||
3911 ev->evt_type == LE_ADV_DIRECT_IND)
3912 check_pending_le_conn(hdev, &ev->bdaddr,
3913 ev->bdaddr_type);
3914
3c9e9195
AG		 3915 rssi = ev->data[ev->length];
3916 mgmt_device_found(hdev, &ev->bdaddr, LE_LINK, ev->bdaddr_type,
04124681 3917 NULL, rssi, 0, 1, ev->data, ev->length);
3c9e9195 3918
e95beb41 3919 ptr += sizeof(*ev) + ev->length + 1;
9aa04c91 3920 }
a4790dbd
AG		 3921
3922 hci_dev_unlock(hdev);
9aa04c91
AG		 3923}
3924
6039aa73 3925static void hci_le_ltk_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
a7a595f6
VCG		 3926{
3927 struct hci_ev_le_ltk_req *ev = (void *) skb->data;
3928 struct hci_cp_le_ltk_reply cp;
bea710fe 3929 struct hci_cp_le_ltk_neg_reply neg;
a7a595f6 3930 struct hci_conn *conn;
c9839a11 3931 struct smp_ltk *ltk;
a7a595f6 3932
9f1db00c 3933 BT_DBG("%s handle 0x%4.4x", hdev->name, __le16_to_cpu(ev->handle));
a7a595f6
VCG		 3934
3935 hci_dev_lock(hdev);
3936
3937 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
bea710fe
VCG		 3938 if (conn == NULL)
3939 goto not_found;
a7a595f6 3940
fe39c7b2 3941 ltk = hci_find_ltk(hdev, ev->ediv, ev->rand, conn->out);
bea710fe
VCG		 3942 if (ltk == NULL)
3943 goto not_found;
3944
3945 memcpy(cp.ltk, ltk->val, sizeof(ltk->val));
a7a595f6 3946 cp.handle = cpu_to_le16(conn->handle);
c9839a11
VCG		 3947
3948 if (ltk->authenticated)
f8776218
AG		 3949 conn->pending_sec_level = BT_SECURITY_HIGH;
3950 else
3951 conn->pending_sec_level = BT_SECURITY_MEDIUM;
a7a595f6 3952
89cbb4da 3953 conn->enc_key_size = ltk->enc_size;
a7a595f6
VCG		 3954
3955 hci_send_cmd(hdev, HCI_OP_LE_LTK_REPLY, sizeof(cp), &cp);
3956
c9839a11
VCG		 3957 if (ltk->type & HCI_SMP_STK) {
3958 list_del(&ltk->list);
3959 kfree(ltk);
3960 }
3961
a7a595f6 3962 hci_dev_unlock(hdev);
bea710fe
VCG		 3963
3964 return;
3965
3966not_found:
3967 neg.handle = ev->handle;
3968 hci_send_cmd(hdev, HCI_OP_LE_LTK_NEG_REPLY, sizeof(neg), &neg);
3969 hci_dev_unlock(hdev);
a7a595f6
VCG		 3970}
3971
6039aa73 3972static void hci_le_meta_evt(struct hci_dev *hdev, struct sk_buff *skb)
fcd89c09
VT		 3973{
3974 struct hci_ev_le_meta *le_ev = (void *) skb->data;
3975
3976 skb_pull(skb, sizeof(*le_ev));
3977
3978 switch (le_ev->subevent) {
3979 case HCI_EV_LE_CONN_COMPLETE:
3980 hci_le_conn_complete_evt(hdev, skb);
3981 break;
3982
9aa04c91
AG		 3983 case HCI_EV_LE_ADVERTISING_REPORT:
3984 hci_le_adv_report_evt(hdev, skb);
3985 break;
3986
a7a595f6
VCG		 3987 case HCI_EV_LE_LTK_REQ:
3988 hci_le_ltk_request_evt(hdev, skb);
3989 break;
3990
fcd89c09
VT		 3991 default:
3992 break;
3993 }
3994}
3995
9495b2ee
AE		 3996static void hci_chan_selected_evt(struct hci_dev *hdev, struct sk_buff *skb)
3997{
3998 struct hci_ev_channel_selected *ev = (void *) skb->data;
3999 struct hci_conn *hcon;
4000
4001 BT_DBG("%s handle 0x%2.2x", hdev->name, ev->phy_handle);
4002
4003 skb_pull(skb, sizeof(*ev));
4004
4005 hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
4006 if (!hcon)
4007 return;
4008
4009 amp_read_loc_assoc_final_data(hdev, hcon);
4010}
4011
a9de9248
MH		 4012void hci_event_packet(struct hci_dev *hdev, struct sk_buff *skb)
4013{
4014 struct hci_event_hdr *hdr = (void *) skb->data;
4015 __u8 event = hdr->evt;
4016
b6ddb638
JH		 4017 hci_dev_lock(hdev);
4018
4019 /* Received events are (currently) only needed when a request is
4020 * ongoing so avoid unnecessary memory allocation.
4021 */
4022 if (hdev->req_status == HCI_REQ_PEND) {
4023 kfree_skb(hdev->recv_evt);
4024 hdev->recv_evt = skb_clone(skb, GFP_KERNEL);
4025 }
4026
4027 hci_dev_unlock(hdev);
4028
a9de9248
MH		 4029 skb_pull(skb, HCI_EVENT_HDR_SIZE);
4030
02350a72 4031 if (hdev->sent_cmd && bt_cb(hdev->sent_cmd)->req.event == event) {
c1f23a2b
JB		 4032 struct hci_command_hdr *cmd_hdr = (void *) hdev->sent_cmd->data;
4033 u16 opcode = __le16_to_cpu(cmd_hdr->opcode);
02350a72
JH		 4034
4035 hci_req_cmd_complete(hdev, opcode, 0);
4036 }
4037
a9de9248 4038 switch (event) {
1da177e4
LT		 4039 case HCI_EV_INQUIRY_COMPLETE:
4040 hci_inquiry_complete_evt(hdev, skb);
4041 break;
4042
4043 case HCI_EV_INQUIRY_RESULT:
4044 hci_inquiry_result_evt(hdev, skb);
4045 break;
4046
a9de9248
MH		 4047 case HCI_EV_CONN_COMPLETE:
4048 hci_conn_complete_evt(hdev, skb);
21d9e30e
MH		 4049 break;
4050
1da177e4
LT		 4051 case HCI_EV_CONN_REQUEST:
4052 hci_conn_request_evt(hdev, skb);
4053 break;
4054
1da177e4
LT		 4055 case HCI_EV_DISCONN_COMPLETE:
4056 hci_disconn_complete_evt(hdev, skb);
4057 break;
4058
1da177e4
LT		 4059 case HCI_EV_AUTH_COMPLETE:
4060 hci_auth_complete_evt(hdev, skb);
4061 break;
4062
a9de9248
MH		 4063 case HCI_EV_REMOTE_NAME:
4064 hci_remote_name_evt(hdev, skb);
4065 break;
4066
1da177e4
LT		 4067 case HCI_EV_ENCRYPT_CHANGE:
4068 hci_encrypt_change_evt(hdev, skb);
4069 break;
4070
a9de9248
MH		 4071 case HCI_EV_CHANGE_LINK_KEY_COMPLETE:
4072 hci_change_link_key_complete_evt(hdev, skb);
4073 break;
4074
4075 case HCI_EV_REMOTE_FEATURES:
4076 hci_remote_features_evt(hdev, skb);
4077 break;
4078
a9de9248
MH		 4079 case HCI_EV_CMD_COMPLETE:
4080 hci_cmd_complete_evt(hdev, skb);
4081 break;
4082
4083 case HCI_EV_CMD_STATUS:
4084 hci_cmd_status_evt(hdev, skb);
4085 break;
4086
4087 case HCI_EV_ROLE_CHANGE:
4088 hci_role_change_evt(hdev, skb);
4089 break;
4090
4091 case HCI_EV_NUM_COMP_PKTS:
4092 hci_num_comp_pkts_evt(hdev, skb);
4093 break;
4094
4095 case HCI_EV_MODE_CHANGE:
4096 hci_mode_change_evt(hdev, skb);
1da177e4
LT		 4097 break;
4098
4099 case HCI_EV_PIN_CODE_REQ:
4100 hci_pin_code_request_evt(hdev, skb);
4101 break;
4102
4103 case HCI_EV_LINK_KEY_REQ:
4104 hci_link_key_request_evt(hdev, skb);
4105 break;
4106
4107 case HCI_EV_LINK_KEY_NOTIFY:
4108 hci_link_key_notify_evt(hdev, skb);
4109 break;
4110
4111 case HCI_EV_CLOCK_OFFSET:
4112 hci_clock_offset_evt(hdev, skb);
4113 break;
4114
a8746417
MH		 4115 case HCI_EV_PKT_TYPE_CHANGE:
4116 hci_pkt_type_change_evt(hdev, skb);
4117 break;
4118
85a1e930
MH		 4119 case HCI_EV_PSCAN_REP_MODE:
4120 hci_pscan_rep_mode_evt(hdev, skb);
4121 break;
4122
a9de9248
MH		 4123 case HCI_EV_INQUIRY_RESULT_WITH_RSSI:
4124 hci_inquiry_result_with_rssi_evt(hdev, skb);
04837f64
MH		 4125 break;
4126
a9de9248
MH		 4127 case HCI_EV_REMOTE_EXT_FEATURES:
4128 hci_remote_ext_features_evt(hdev, skb);
1da177e4
LT		 4129 break;
4130
a9de9248
MH		 4131 case HCI_EV_SYNC_CONN_COMPLETE:
4132 hci_sync_conn_complete_evt(hdev, skb);
4133 break;
1da177e4 4134
a9de9248
MH		 4135 case HCI_EV_EXTENDED_INQUIRY_RESULT:
4136 hci_extended_inquiry_result_evt(hdev, skb);
4137 break;
1da177e4 4138
1c2e0041
JH		 4139 case HCI_EV_KEY_REFRESH_COMPLETE:
4140 hci_key_refresh_complete_evt(hdev, skb);
4141 break;
4142
0493684e
MH		 4143 case HCI_EV_IO_CAPA_REQUEST:
4144 hci_io_capa_request_evt(hdev, skb);
4145 break;
4146
03b555e1
JH		 4147 case HCI_EV_IO_CAPA_REPLY:
4148 hci_io_capa_reply_evt(hdev, skb);
4149 break;
4150
a5c29683
JH		 4151 case HCI_EV_USER_CONFIRM_REQUEST:
4152 hci_user_confirm_request_evt(hdev, skb);
4153 break;
4154
1143d458
BG		 4155 case HCI_EV_USER_PASSKEY_REQUEST:
4156 hci_user_passkey_request_evt(hdev, skb);
4157 break;
4158
92a25256
JH		 4159 case HCI_EV_USER_PASSKEY_NOTIFY:
4160 hci_user_passkey_notify_evt(hdev, skb);
4161 break;
4162
4163 case HCI_EV_KEYPRESS_NOTIFY:
4164 hci_keypress_notify_evt(hdev, skb);
4165 break;
4166
0493684e
MH		 4167 case HCI_EV_SIMPLE_PAIR_COMPLETE:
4168 hci_simple_pair_complete_evt(hdev, skb);
4169 break;
4170
41a96212
MH		 4171 case HCI_EV_REMOTE_HOST_FEATURES:
4172 hci_remote_host_features_evt(hdev, skb);
4173 break;
4174
fcd89c09
VT		 4175 case HCI_EV_LE_META:
4176 hci_le_meta_evt(hdev, skb);
4177 break;
4178
9495b2ee
AE		 4179 case HCI_EV_CHANNEL_SELECTED:
4180 hci_chan_selected_evt(hdev, skb);
4181 break;
4182
2763eda6
SJ		 4183 case HCI_EV_REMOTE_OOB_DATA_REQUEST:
4184 hci_remote_oob_data_request_evt(hdev, skb);
4185 break;
4186
d5e91192
AE		 4187 case HCI_EV_PHY_LINK_COMPLETE:
4188 hci_phy_link_complete_evt(hdev, skb);
4189 break;
4190
27695fb4
AE		 4191 case HCI_EV_LOGICAL_LINK_COMPLETE:
4192 hci_loglink_complete_evt(hdev, skb);
4193 break;
4194
606e2a10
AE		 4195 case HCI_EV_DISCONN_LOGICAL_LINK_COMPLETE:
4196 hci_disconn_loglink_complete_evt(hdev, skb);
4197 break;
4198
9eef6b3a
AE		 4199 case HCI_EV_DISCONN_PHY_LINK_COMPLETE:
4200 hci_disconn_phylink_complete_evt(hdev, skb);
4201 break;
4202
25e89e99
AE		 4203 case HCI_EV_NUM_COMP_BLOCKS:
4204 hci_num_comp_blocks_evt(hdev, skb);
4205 break;
4206
a9de9248 4207 default:
9f1db00c 4208 BT_DBG("%s event 0x%2.2x", hdev->name, event);
1da177e4
LT		 4209 break;
4210 }
4211
4212 kfree_skb(skb);
4213 hdev->stat.evt_rx++;
4214}
Linux kernel - Deliverables
This page took 1.089737 seconds and 5 git commands to generate.