projects / deliverable / linux.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Bluetooth: Stop advertising always before initiating a connection
[deliverable/linux.git] / net / bluetooth / hci_event.c
CommitLineData
8e87d142 1/*
1da177e4 2 BlueZ - Bluetooth protocol stack for Linux
2d0a0346 3 Copyright (c) 2000-2001, 2010, Code Aurora Forum. All rights reserved.
1da177e4
LT		 4
5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
8e87d142
YH		 15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
1da177e4
LT		 18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
8e87d142
YH		 20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
1da177e4
LT		 22 SOFTWARE IS DISCLAIMED.
23*/
24
25/* Bluetooth HCI event handling. */
26
1da177e4
LT		 27#include <asm/unaligned.h>
28
29#include <net/bluetooth/bluetooth.h>
30#include <net/bluetooth/hci_core.h>
f0d6a0ea 31#include <net/bluetooth/mgmt.h>
7ef9fbf0 32
7024728e 33#include "a2mp.h"
7ef9fbf0 34#include "amp.h"
2ceba539 35#include "smp.h"
1da177e4 36
1da177e4
LT		 37/* Handle HCI Event packets */
38
a9de9248 39static void hci_cc_inquiry_cancel(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 40{
a9de9248 41 __u8 status = *((__u8 *) skb->data);
1da177e4 42
9f1db00c 43 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1da177e4 44
82f4785c 45 if (status)
a9de9248 46 return;
1da177e4 47
89352e7d 48 clear_bit(HCI_INQUIRY, &hdev->flags);
4e857c58 49 smp_mb__after_atomic(); /* wake_up_bit advises about this barrier */
3e13fa1e 50 wake_up_bit(&hdev->flags, HCI_INQUIRY);
89352e7d 51
50143a43
JH		 52 hci_dev_lock(hdev);
53 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
54 hci_dev_unlock(hdev);
55
a9de9248
MH		 56 hci_conn_check_pending(hdev);
57}
6bd57416 58
4d93483b
AG		 59static void hci_cc_periodic_inq(struct hci_dev *hdev, struct sk_buff *skb)
60{
61 __u8 status = *((__u8 *) skb->data);
62
9f1db00c 63 BT_DBG("%s status 0x%2.2x", hdev->name, status);
ae854a70
AG		 64
65 if (status)
66 return;
67
68 set_bit(HCI_PERIODIC_INQ, &hdev->dev_flags);
4d93483b
AG		 69}
70
a9de9248
MH		 71static void hci_cc_exit_periodic_inq(struct hci_dev *hdev, struct sk_buff *skb)
72{
73 __u8 status = *((__u8 *) skb->data);
6bd57416 74
9f1db00c 75 BT_DBG("%s status 0x%2.2x", hdev->name, status);
6bd57416 76
a9de9248
MH		 77 if (status)
78 return;
1da177e4 79
ae854a70
AG		 80 clear_bit(HCI_PERIODIC_INQ, &hdev->dev_flags);
81
a9de9248
MH		 82 hci_conn_check_pending(hdev);
83}
84
807deac2
GP		 85static void hci_cc_remote_name_req_cancel(struct hci_dev *hdev,
86 struct sk_buff *skb)
a9de9248
MH		 87{
88 BT_DBG("%s", hdev->name);
89}
90
91static void hci_cc_role_discovery(struct hci_dev *hdev, struct sk_buff *skb)
92{
93 struct hci_rp_role_discovery *rp = (void *) skb->data;
94 struct hci_conn *conn;
95
9f1db00c 96 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
a9de9248
MH		 97
98 if (rp->status)
99 return;
100
101 hci_dev_lock(hdev);
102
103 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
104 if (conn) {
105 if (rp->role)
4dae2798 106 clear_bit(HCI_CONN_MASTER, &conn->flags);
a9de9248 107 else
4dae2798 108 set_bit(HCI_CONN_MASTER, &conn->flags);
1da177e4 109 }
a9de9248
MH		 110
111 hci_dev_unlock(hdev);
1da177e4
LT		 112}
113
e4e8e37c
MH		 114static void hci_cc_read_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
115{
116 struct hci_rp_read_link_policy *rp = (void *) skb->data;
117 struct hci_conn *conn;
118
9f1db00c 119 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
e4e8e37c
MH		 120
121 if (rp->status)
122 return;
123
124 hci_dev_lock(hdev);
125
126 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
127 if (conn)
128 conn->link_policy = __le16_to_cpu(rp->policy);
129
130 hci_dev_unlock(hdev);
131}
132
a9de9248 133static void hci_cc_write_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 134{
a9de9248 135 struct hci_rp_write_link_policy *rp = (void *) skb->data;
1da177e4 136 struct hci_conn *conn;
04837f64 137 void *sent;
1da177e4 138
9f1db00c 139 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1da177e4 140
a9de9248
MH		 141 if (rp->status)
142 return;
1da177e4 143
a9de9248
MH		 144 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LINK_POLICY);
145 if (!sent)
146 return;
1da177e4 147
a9de9248 148 hci_dev_lock(hdev);
1da177e4 149
a9de9248 150 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
e4e8e37c 151 if (conn)
83985319 152 conn->link_policy = get_unaligned_le16(sent + 2);
1da177e4 153
a9de9248
MH		 154 hci_dev_unlock(hdev);
155}
1da177e4 156
807deac2
GP		 157static void hci_cc_read_def_link_policy(struct hci_dev *hdev,
158 struct sk_buff *skb)
e4e8e37c
MH		 159{
160 struct hci_rp_read_def_link_policy *rp = (void *) skb->data;
161
9f1db00c 162 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
e4e8e37c
MH		 163
164 if (rp->status)
165 return;
166
167 hdev->link_policy = __le16_to_cpu(rp->policy);
168}
169
807deac2
GP		 170static void hci_cc_write_def_link_policy(struct hci_dev *hdev,
171 struct sk_buff *skb)
e4e8e37c
MH		 172{
173 __u8 status = *((__u8 *) skb->data);
174 void *sent;
175
9f1db00c 176 BT_DBG("%s status 0x%2.2x", hdev->name, status);
e4e8e37c 177
45296acd
MH		 178 if (status)
179 return;
180
e4e8e37c
MH		 181 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_DEF_LINK_POLICY);
182 if (!sent)
183 return;
184
45296acd 185 hdev->link_policy = get_unaligned_le16(sent);
e4e8e37c
MH		 186}
187
a9de9248
MH		 188static void hci_cc_reset(struct hci_dev *hdev, struct sk_buff *skb)
189{
190 __u8 status = *((__u8 *) skb->data);
04837f64 191
9f1db00c 192 BT_DBG("%s status 0x%2.2x", hdev->name, status);
04837f64 193
10572132
GP		 194 clear_bit(HCI_RESET, &hdev->flags);
195
a297e97c 196 /* Reset all non-persistent flags */
2cc6fb00 197 hdev->dev_flags &= ~HCI_PERSISTENT_MASK;
69775ff6
AG		 198
199 hdev->discovery.state = DISCOVERY_STOPPED;
bbaf444a
JH		 200 hdev->inq_tx_power = HCI_TX_POWER_INVALID;
201 hdev->adv_tx_power = HCI_TX_POWER_INVALID;
3f0f524b
JH		 202
203 memset(hdev->adv_data, 0, sizeof(hdev->adv_data));
204 hdev->adv_data_len = 0;
f8e808bd
MH		 205
206 memset(hdev->scan_rsp_data, 0, sizeof(hdev->scan_rsp_data));
207 hdev->scan_rsp_data_len = 0;
06f5b778 208
533553f8
MH		 209 hdev->le_scan_type = LE_SCAN_PASSIVE;
210
06f5b778 211 hdev->ssp_debug_mode = 0;
a9de9248 212}
04837f64 213
a9de9248
MH		 214static void hci_cc_write_local_name(struct hci_dev *hdev, struct sk_buff *skb)
215{
216 __u8 status = *((__u8 *) skb->data);
217 void *sent;
04837f64 218
9f1db00c 219 BT_DBG("%s status 0x%2.2x", hdev->name, status);
04837f64 220
a9de9248
MH		 221 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LOCAL_NAME);
222 if (!sent)
223 return;
04837f64 224
56e5cb86
JH		 225 hci_dev_lock(hdev);
226
f51d5b24
JH		 227 if (test_bit(HCI_MGMT, &hdev->dev_flags))
228 mgmt_set_local_name_complete(hdev, sent, status);
28cc7bde
JH		 229 else if (!status)
230 memcpy(hdev->dev_name, sent, HCI_MAX_NAME_LENGTH);
f51d5b24 231
56e5cb86 232 hci_dev_unlock(hdev);
a9de9248
MH		 233}
234
235static void hci_cc_read_local_name(struct hci_dev *hdev, struct sk_buff *skb)
236{
237 struct hci_rp_read_local_name *rp = (void *) skb->data;
238
9f1db00c 239 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
a9de9248
MH		 240
241 if (rp->status)
242 return;
243
db99b5fc
JH		 244 if (test_bit(HCI_SETUP, &hdev->dev_flags))
245 memcpy(hdev->dev_name, rp->name, HCI_MAX_NAME_LENGTH);
a9de9248
MH		 246}
247
248static void hci_cc_write_auth_enable(struct hci_dev *hdev, struct sk_buff *skb)
249{
250 __u8 status = *((__u8 *) skb->data);
251 void *sent;
252
9f1db00c 253 BT_DBG("%s status 0x%2.2x", hdev->name, status);
a9de9248
MH		 254
255 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_AUTH_ENABLE);
256 if (!sent)
257 return;
258
259 if (!status) {
260 __u8 param = *((__u8 *) sent);
261
262 if (param == AUTH_ENABLED)
263 set_bit(HCI_AUTH, &hdev->flags);
264 else
265 clear_bit(HCI_AUTH, &hdev->flags);
1da177e4 266 }
a9de9248 267
33ef95ed
JH		 268 if (test_bit(HCI_MGMT, &hdev->dev_flags))
269 mgmt_auth_enable_complete(hdev, status);
1da177e4
LT		 270}
271
a9de9248 272static void hci_cc_write_encrypt_mode(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 273{
a9de9248 274 __u8 status = *((__u8 *) skb->data);
45296acd 275 __u8 param;
1da177e4
LT		 276 void *sent;
277
9f1db00c 278 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1da177e4 279
45296acd
MH		 280 if (status)
281 return;
282
a9de9248
MH		 283 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_ENCRYPT_MODE);
284 if (!sent)
285 return;
1da177e4 286
45296acd 287 param = *((__u8 *) sent);
a9de9248 288
45296acd
MH		 289 if (param)
290 set_bit(HCI_ENCRYPT, &hdev->flags);
291 else
292 clear_bit(HCI_ENCRYPT, &hdev->flags);
a9de9248 293}
1da177e4 294
a9de9248
MH		 295static void hci_cc_write_scan_enable(struct hci_dev *hdev, struct sk_buff *skb)
296{
45296acd
MH		 297 __u8 status = *((__u8 *) skb->data);
298 __u8 param;
36f7fc7e 299 int old_pscan, old_iscan;
a9de9248 300 void *sent;
1da177e4 301
9f1db00c 302 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1da177e4 303
a9de9248
MH		 304 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SCAN_ENABLE);
305 if (!sent)
306 return;
1da177e4 307
36f7fc7e
JH		 308 param = *((__u8 *) sent);
309
56e5cb86
JH		 310 hci_dev_lock(hdev);
311
fa1bd918 312 if (status) {
744cf19e 313 mgmt_write_scan_failed(hdev, param, status);
2d7cee58
JH		 314 hdev->discov_timeout = 0;
315 goto done;
316 }
317
0663ca2a
JH		 318 /* We need to ensure that we set this back on if someone changed
319 * the scan mode through a raw HCI socket.
320 */
321 set_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
322
36f7fc7e
JH		 323 old_pscan = test_and_clear_bit(HCI_PSCAN, &hdev->flags);
324 old_iscan = test_and_clear_bit(HCI_ISCAN, &hdev->flags);
325
326 if (param & SCAN_INQUIRY) {
327 set_bit(HCI_ISCAN, &hdev->flags);
328 if (!old_iscan)
744cf19e 329 mgmt_discoverable(hdev, 1);
36f7fc7e 330 } else if (old_iscan)
744cf19e 331 mgmt_discoverable(hdev, 0);
36f7fc7e
JH		 332
333 if (param & SCAN_PAGE) {
334 set_bit(HCI_PSCAN, &hdev->flags);
335 if (!old_pscan)
744cf19e 336 mgmt_connectable(hdev, 1);
36f7fc7e 337 } else if (old_pscan)
744cf19e 338 mgmt_connectable(hdev, 0);
1da177e4 339
36f7fc7e 340done:
56e5cb86 341 hci_dev_unlock(hdev);
a9de9248 342}
1da177e4 343
a9de9248
MH		 344static void hci_cc_read_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
345{
346 struct hci_rp_read_class_of_dev *rp = (void *) skb->data;
1da177e4 347
9f1db00c 348 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1da177e4 349
a9de9248
MH		 350 if (rp->status)
351 return;
1da177e4 352
a9de9248 353 memcpy(hdev->dev_class, rp->dev_class, 3);
1da177e4 354
a9de9248 355 BT_DBG("%s class 0x%.2x%.2x%.2x", hdev->name,
807deac2 356 hdev->dev_class[2], hdev->dev_class[1], hdev->dev_class[0]);
a9de9248 357}
1da177e4 358
a9de9248
MH		 359static void hci_cc_write_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
360{
361 __u8 status = *((__u8 *) skb->data);
362 void *sent;
1da177e4 363
9f1db00c 364 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1da177e4 365
a9de9248
MH		 366 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_CLASS_OF_DEV);
367 if (!sent)
368 return;
1da177e4 369
7f9a903c
MH		 370 hci_dev_lock(hdev);
371
372 if (status == 0)
373 memcpy(hdev->dev_class, sent, 3);
374
375 if (test_bit(HCI_MGMT, &hdev->dev_flags))
376 mgmt_set_class_of_dev_complete(hdev, sent, status);
377
378 hci_dev_unlock(hdev);
a9de9248 379}
1da177e4 380
a9de9248
MH		 381static void hci_cc_read_voice_setting(struct hci_dev *hdev, struct sk_buff *skb)
382{
383 struct hci_rp_read_voice_setting *rp = (void *) skb->data;
384 __u16 setting;
385
9f1db00c 386 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
a9de9248
MH		 387
388 if (rp->status)
389 return;
390
391 setting = __le16_to_cpu(rp->voice_setting);
392
f383f275 393 if (hdev->voice_setting == setting)
a9de9248
MH		 394 return;
395
396 hdev->voice_setting = setting;
397
9f1db00c 398 BT_DBG("%s voice setting 0x%4.4x", hdev->name, setting);
a9de9248 399
3c54711c 400 if (hdev->notify)
a9de9248 401 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
a9de9248
MH		 402}
403
8fc9ced3
GP		 404static void hci_cc_write_voice_setting(struct hci_dev *hdev,
405 struct sk_buff *skb)
a9de9248
MH		 406{
407 __u8 status = *((__u8 *) skb->data);
f383f275 408 __u16 setting;
a9de9248
MH		 409 void *sent;
410
9f1db00c 411 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1da177e4 412
f383f275
MH		 413 if (status)
414 return;
415
a9de9248
MH		 416 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_VOICE_SETTING);
417 if (!sent)
418 return;
1da177e4 419
f383f275 420 setting = get_unaligned_le16(sent);
1da177e4 421
f383f275
MH		 422 if (hdev->voice_setting == setting)
423 return;
424
425 hdev->voice_setting = setting;
1da177e4 426
9f1db00c 427 BT_DBG("%s voice setting 0x%4.4x", hdev->name, setting);
1da177e4 428
3c54711c 429 if (hdev->notify)
f383f275 430 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
1da177e4
LT		 431}
432
b4cb9fb2
MH		 433static void hci_cc_read_num_supported_iac(struct hci_dev *hdev,
434 struct sk_buff *skb)
435{
436 struct hci_rp_read_num_supported_iac *rp = (void *) skb->data;
437
438 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
439
440 if (rp->status)
441 return;
442
443 hdev->num_iac = rp->num_iac;
444
445 BT_DBG("%s num iac %d", hdev->name, hdev->num_iac);
446}
447
333140b5
MH		 448static void hci_cc_write_ssp_mode(struct hci_dev *hdev, struct sk_buff *skb)
449{
450 __u8 status = *((__u8 *) skb->data);
5ed8eb2f 451 struct hci_cp_write_ssp_mode *sent;
333140b5 452
9f1db00c 453 BT_DBG("%s status 0x%2.2x", hdev->name, status);
333140b5 454
333140b5
MH		 455 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SSP_MODE);
456 if (!sent)
457 return;
458
5ed8eb2f
JH		 459 if (!status) {
460 if (sent->mode)
cad718ed 461 hdev->features[1][0] |= LMP_HOST_SSP;
5ed8eb2f 462 else
cad718ed 463 hdev->features[1][0] &= ~LMP_HOST_SSP;
5ed8eb2f
JH		 464 }
465
ed2c4ee3 466 if (test_bit(HCI_MGMT, &hdev->dev_flags))
5ed8eb2f 467 mgmt_ssp_enable_complete(hdev, sent->mode, status);
c0ecddc2 468 else if (!status) {
5ed8eb2f 469 if (sent->mode)
c0ecddc2
JH		 470 set_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
471 else
472 clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
473 }
333140b5
MH		 474}
475
eac83dc6
MH		 476static void hci_cc_write_sc_support(struct hci_dev *hdev, struct sk_buff *skb)
477{
478 u8 status = *((u8 *) skb->data);
479 struct hci_cp_write_sc_support *sent;
480
481 BT_DBG("%s status 0x%2.2x", hdev->name, status);
482
483 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SC_SUPPORT);
484 if (!sent)
485 return;
486
487 if (!status) {
488 if (sent->support)
489 hdev->features[1][0] |= LMP_HOST_SC;
490 else
491 hdev->features[1][0] &= ~LMP_HOST_SC;
492 }
493
494 if (test_bit(HCI_MGMT, &hdev->dev_flags))
495 mgmt_sc_enable_complete(hdev, sent->support, status);
496 else if (!status) {
497 if (sent->support)
498 set_bit(HCI_SC_ENABLED, &hdev->dev_flags);
499 else
500 clear_bit(HCI_SC_ENABLED, &hdev->dev_flags);
501 }
502}
503
a9de9248
MH		 504static void hci_cc_read_local_version(struct hci_dev *hdev, struct sk_buff *skb)
505{
506 struct hci_rp_read_local_version *rp = (void *) skb->data;
1143e5a6 507
9f1db00c 508 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1143e5a6 509
a9de9248 510 if (rp->status)
42c6b129 511 return;
1143e5a6 512
0d5551f5
MH		 513 if (test_bit(HCI_SETUP, &hdev->dev_flags)) {
514 hdev->hci_ver = rp->hci_ver;
515 hdev->hci_rev = __le16_to_cpu(rp->hci_rev);
516 hdev->lmp_ver = rp->lmp_ver;
517 hdev->manufacturer = __le16_to_cpu(rp->manufacturer);
518 hdev->lmp_subver = __le16_to_cpu(rp->lmp_subver);
519 }
d5859e22
JH		 520}
521
8fc9ced3
GP		 522static void hci_cc_read_local_commands(struct hci_dev *hdev,
523 struct sk_buff *skb)
a9de9248
MH		 524{
525 struct hci_rp_read_local_commands *rp = (void *) skb->data;
1da177e4 526
9f1db00c 527 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1da177e4 528
6a070e6e
MH		 529 if (rp->status)
530 return;
531
532 if (test_bit(HCI_SETUP, &hdev->dev_flags))
2177bab5 533 memcpy(hdev->commands, rp->commands, sizeof(hdev->commands));
a9de9248 534}
1da177e4 535
8fc9ced3
GP		 536static void hci_cc_read_local_features(struct hci_dev *hdev,
537 struct sk_buff *skb)
a9de9248
MH		 538{
539 struct hci_rp_read_local_features *rp = (void *) skb->data;
5b7f9909 540
9f1db00c 541 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1da177e4 542
a9de9248
MH		 543 if (rp->status)
544 return;
5b7f9909 545
a9de9248 546 memcpy(hdev->features, rp->features, 8);
5b7f9909 547
a9de9248
MH		 548 /* Adjust default settings according to features
549 * supported by device. */
1da177e4 550
cad718ed 551 if (hdev->features[0][0] & LMP_3SLOT)
a9de9248 552 hdev->pkt_type |= (HCI_DM3 | HCI_DH3);
1da177e4 553
cad718ed 554 if (hdev->features[0][0] & LMP_5SLOT)
a9de9248 555 hdev->pkt_type |= (HCI_DM5 | HCI_DH5);
1da177e4 556
cad718ed 557 if (hdev->features[0][1] & LMP_HV2) {
a9de9248
MH		 558 hdev->pkt_type |= (HCI_HV2);
559 hdev->esco_type |= (ESCO_HV2);
560 }
1da177e4 561
cad718ed 562 if (hdev->features[0][1] & LMP_HV3) {
a9de9248
MH		 563 hdev->pkt_type |= (HCI_HV3);
564 hdev->esco_type |= (ESCO_HV3);
565 }
1da177e4 566
45db810f 567 if (lmp_esco_capable(hdev))
a9de9248 568 hdev->esco_type |= (ESCO_EV3);
da1f5198 569
cad718ed 570 if (hdev->features[0][4] & LMP_EV4)
a9de9248 571 hdev->esco_type |= (ESCO_EV4);
da1f5198 572
cad718ed 573 if (hdev->features[0][4] & LMP_EV5)
a9de9248 574 hdev->esco_type |= (ESCO_EV5);
1da177e4 575
cad718ed 576 if (hdev->features[0][5] & LMP_EDR_ESCO_2M)
efc7688b
MH		 577 hdev->esco_type |= (ESCO_2EV3);
578
cad718ed 579 if (hdev->features[0][5] & LMP_EDR_ESCO_3M)
efc7688b
MH		 580 hdev->esco_type |= (ESCO_3EV3);
581
cad718ed 582 if (hdev->features[0][5] & LMP_EDR_3S_ESCO)
efc7688b 583 hdev->esco_type |= (ESCO_2EV5 | ESCO_3EV5);
a9de9248 584}
1da177e4 585
971e3a4b 586static void hci_cc_read_local_ext_features(struct hci_dev *hdev,
807deac2 587 struct sk_buff *skb)
971e3a4b
AG		 588{
589 struct hci_rp_read_local_ext_features *rp = (void *) skb->data;
590
9f1db00c 591 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
971e3a4b
AG		 592
593 if (rp->status)
42c6b129 594 return;
971e3a4b 595
57af75a8
MH		 596 if (hdev->max_page < rp->max_page)
597 hdev->max_page = rp->max_page;
d2c5d77f 598
cad718ed
JH		 599 if (rp->page < HCI_MAX_PAGES)
600 memcpy(hdev->features[rp->page], rp->features, 8);
971e3a4b
AG		 601}
602
1e89cffb 603static void hci_cc_read_flow_control_mode(struct hci_dev *hdev,
807deac2 604 struct sk_buff *skb)
1e89cffb
AE		 605{
606 struct hci_rp_read_flow_control_mode *rp = (void *) skb->data;
607
9f1db00c 608 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1e89cffb 609
45296acd
MH		 610 if (rp->status)
611 return;
612
613 hdev->flow_ctl_mode = rp->mode;
1e89cffb
AE		 614}
615
a9de9248
MH		 616static void hci_cc_read_buffer_size(struct hci_dev *hdev, struct sk_buff *skb)
617{
618 struct hci_rp_read_buffer_size *rp = (void *) skb->data;
1da177e4 619
9f1db00c 620 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1da177e4 621
a9de9248
MH		 622 if (rp->status)
623 return;
1da177e4 624
a9de9248
MH		 625 hdev->acl_mtu = __le16_to_cpu(rp->acl_mtu);
626 hdev->sco_mtu = rp->sco_mtu;
627 hdev->acl_pkts = __le16_to_cpu(rp->acl_max_pkt);
628 hdev->sco_pkts = __le16_to_cpu(rp->sco_max_pkt);
629
630 if (test_bit(HCI_QUIRK_FIXUP_BUFFER_SIZE, &hdev->quirks)) {
631 hdev->sco_mtu = 64;
632 hdev->sco_pkts = 8;
1da177e4 633 }
a9de9248
MH		 634
635 hdev->acl_cnt = hdev->acl_pkts;
636 hdev->sco_cnt = hdev->sco_pkts;
637
807deac2
GP		 638 BT_DBG("%s acl mtu %d:%d sco mtu %d:%d", hdev->name, hdev->acl_mtu,
639 hdev->acl_pkts, hdev->sco_mtu, hdev->sco_pkts);
a9de9248
MH		 640}
641
642static void hci_cc_read_bd_addr(struct hci_dev *hdev, struct sk_buff *skb)
643{
644 struct hci_rp_read_bd_addr *rp = (void *) skb->data;
645
9f1db00c 646 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
a9de9248 647
e30d3f5f
MH		 648 if (rp->status)
649 return;
650
651 if (test_bit(HCI_INIT, &hdev->flags))
a9de9248 652 bacpy(&hdev->bdaddr, &rp->bdaddr);
e30d3f5f
MH		 653
654 if (test_bit(HCI_SETUP, &hdev->dev_flags))
655 bacpy(&hdev->setup_addr, &rp->bdaddr);
23bb5763
JH		 656}
657
f332ec66
JH		 658static void hci_cc_read_page_scan_activity(struct hci_dev *hdev,
659 struct sk_buff *skb)
660{
661 struct hci_rp_read_page_scan_activity *rp = (void *) skb->data;
662
663 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
664
45296acd
MH		 665 if (rp->status)
666 return;
667
668 if (test_bit(HCI_INIT, &hdev->flags)) {
f332ec66
JH		 669 hdev->page_scan_interval = __le16_to_cpu(rp->interval);
670 hdev->page_scan_window = __le16_to_cpu(rp->window);
671 }
672}
673
4a3ee763
JH		 674static void hci_cc_write_page_scan_activity(struct hci_dev *hdev,
675 struct sk_buff *skb)
676{
677 u8 status = *((u8 *) skb->data);
678 struct hci_cp_write_page_scan_activity *sent;
679
680 BT_DBG("%s status 0x%2.2x", hdev->name, status);
681
682 if (status)
683 return;
684
685 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY);
686 if (!sent)
687 return;
688
689 hdev->page_scan_interval = __le16_to_cpu(sent->interval);
690 hdev->page_scan_window = __le16_to_cpu(sent->window);
691}
692
f332ec66
JH		 693static void hci_cc_read_page_scan_type(struct hci_dev *hdev,
694 struct sk_buff *skb)
695{
696 struct hci_rp_read_page_scan_type *rp = (void *) skb->data;
697
698 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
699
45296acd
MH		 700 if (rp->status)
701 return;
702
703 if (test_bit(HCI_INIT, &hdev->flags))
f332ec66
JH		 704 hdev->page_scan_type = rp->type;
705}
706
4a3ee763
JH		 707static void hci_cc_write_page_scan_type(struct hci_dev *hdev,
708 struct sk_buff *skb)
709{
710 u8 status = *((u8 *) skb->data);
711 u8 *type;
712
713 BT_DBG("%s status 0x%2.2x", hdev->name, status);
714
715 if (status)
716 return;
717
718 type = hci_sent_cmd_data(hdev, HCI_OP_WRITE_PAGE_SCAN_TYPE);
719 if (type)
720 hdev->page_scan_type = *type;
721}
722
350ee4cf 723static void hci_cc_read_data_block_size(struct hci_dev *hdev,
807deac2 724 struct sk_buff *skb)
350ee4cf
AE		 725{
726 struct hci_rp_read_data_block_size *rp = (void *) skb->data;
727
9f1db00c 728 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
350ee4cf
AE		 729
730 if (rp->status)
731 return;
732
733 hdev->block_mtu = __le16_to_cpu(rp->max_acl_len);
734 hdev->block_len = __le16_to_cpu(rp->block_len);
735 hdev->num_blocks = __le16_to_cpu(rp->num_blocks);
736
737 hdev->block_cnt = hdev->num_blocks;
738
739 BT_DBG("%s blk mtu %d cnt %d len %d", hdev->name, hdev->block_mtu,
807deac2 740 hdev->block_cnt, hdev->block_len);
350ee4cf
AE		 741}
742
33f35721
JH		 743static void hci_cc_read_clock(struct hci_dev *hdev, struct sk_buff *skb)
744{
745 struct hci_rp_read_clock *rp = (void *) skb->data;
746 struct hci_cp_read_clock *cp;
747 struct hci_conn *conn;
748
749 BT_DBG("%s", hdev->name);
750
751 if (skb->len < sizeof(*rp))
752 return;
753
754 if (rp->status)
755 return;
756
757 hci_dev_lock(hdev);
758
759 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_CLOCK);
760 if (!cp)
761 goto unlock;
762
763 if (cp->which == 0x00) {
764 hdev->clock = le32_to_cpu(rp->clock);
765 goto unlock;
766 }
767
768 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
769 if (conn) {
770 conn->clock = le32_to_cpu(rp->clock);
771 conn->clock_accuracy = le16_to_cpu(rp->accuracy);
772 }
773
774unlock:
775 hci_dev_unlock(hdev);
776}
777
928abaa7 778static void hci_cc_read_local_amp_info(struct hci_dev *hdev,
807deac2 779 struct sk_buff *skb)
928abaa7
AE		 780{
781 struct hci_rp_read_local_amp_info *rp = (void *) skb->data;
782
9f1db00c 783 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
928abaa7
AE		 784
785 if (rp->status)
8e2a0d92 786 goto a2mp_rsp;
928abaa7
AE		 787
788 hdev->amp_status = rp->amp_status;
789 hdev->amp_total_bw = __le32_to_cpu(rp->total_bw);
790 hdev->amp_max_bw = __le32_to_cpu(rp->max_bw);
791 hdev->amp_min_latency = __le32_to_cpu(rp->min_latency);
792 hdev->amp_max_pdu = __le32_to_cpu(rp->max_pdu);
793 hdev->amp_type = rp->amp_type;
794 hdev->amp_pal_cap = __le16_to_cpu(rp->pal_cap);
795 hdev->amp_assoc_size = __le16_to_cpu(rp->max_assoc_size);
796 hdev->amp_be_flush_to = __le32_to_cpu(rp->be_flush_to);
797 hdev->amp_max_flush_to = __le32_to_cpu(rp->max_flush_to);
798
8e2a0d92
AE		 799a2mp_rsp:
800 a2mp_send_getinfo_rsp(hdev);
928abaa7
AE		 801}
802
903e4541
AE		 803static void hci_cc_read_local_amp_assoc(struct hci_dev *hdev,
804 struct sk_buff *skb)
805{
806 struct hci_rp_read_local_amp_assoc *rp = (void *) skb->data;
807 struct amp_assoc *assoc = &hdev->loc_assoc;
808 size_t rem_len, frag_len;
809
810 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
811
812 if (rp->status)
813 goto a2mp_rsp;
814
815 frag_len = skb->len - sizeof(*rp);
816 rem_len = __le16_to_cpu(rp->rem_len);
817
818 if (rem_len > frag_len) {
2e430be3 819 BT_DBG("frag_len %zu rem_len %zu", frag_len, rem_len);
903e4541
AE		 820
821 memcpy(assoc->data + assoc->offset, rp->frag, frag_len);
822 assoc->offset += frag_len;
823
824 /* Read other fragments */
825 amp_read_loc_assoc_frag(hdev, rp->phy_handle);
826
827 return;
828 }
829
830 memcpy(assoc->data + assoc->offset, rp->frag, rem_len);
831 assoc->len = assoc->offset + rem_len;
832 assoc->offset = 0;
833
834a2mp_rsp:
835 /* Send A2MP Rsp when all fragments are received */
836 a2mp_send_getampassoc_rsp(hdev, rp->status);
9495b2ee 837 a2mp_send_create_phy_link_req(hdev, rp->status);
903e4541
AE		 838}
839
d5859e22 840static void hci_cc_read_inq_rsp_tx_power(struct hci_dev *hdev,
807deac2 841 struct sk_buff *skb)
d5859e22 842{
91c4e9b1 843 struct hci_rp_read_inq_rsp_tx_power *rp = (void *) skb->data;
d5859e22 844
9f1db00c 845 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
91c4e9b1 846
45296acd
MH		 847 if (rp->status)
848 return;
849
850 hdev->inq_tx_power = rp->tx_power;
d5859e22
JH		 851}
852
980e1a53
JH		 853static void hci_cc_pin_code_reply(struct hci_dev *hdev, struct sk_buff *skb)
854{
855 struct hci_rp_pin_code_reply *rp = (void *) skb->data;
856 struct hci_cp_pin_code_reply *cp;
857 struct hci_conn *conn;
858
9f1db00c 859 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
980e1a53 860
56e5cb86
JH		 861 hci_dev_lock(hdev);
862
a8b2d5c2 863 if (test_bit(HCI_MGMT, &hdev->dev_flags))
744cf19e 864 mgmt_pin_code_reply_complete(hdev, &rp->bdaddr, rp->status);
980e1a53 865
fa1bd918 866 if (rp->status)
56e5cb86 867 goto unlock;
980e1a53
JH		 868
869 cp = hci_sent_cmd_data(hdev, HCI_OP_PIN_CODE_REPLY);
870 if (!cp)
56e5cb86 871 goto unlock;
980e1a53
JH		 872
873 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
874 if (conn)
875 conn->pin_length = cp->pin_len;
56e5cb86
JH		 876
877unlock:
878 hci_dev_unlock(hdev);
980e1a53
JH		 879}
880
881static void hci_cc_pin_code_neg_reply(struct hci_dev *hdev, struct sk_buff *skb)
882{
883 struct hci_rp_pin_code_neg_reply *rp = (void *) skb->data;
884
9f1db00c 885 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
980e1a53 886
56e5cb86
JH		 887 hci_dev_lock(hdev);
888
a8b2d5c2 889 if (test_bit(HCI_MGMT, &hdev->dev_flags))
744cf19e 890 mgmt_pin_code_neg_reply_complete(hdev, &rp->bdaddr,
807deac2 891 rp->status);
56e5cb86
JH		 892
893 hci_dev_unlock(hdev);
980e1a53 894}
56e5cb86 895
6ed58ec5
VT		 896static void hci_cc_le_read_buffer_size(struct hci_dev *hdev,
897 struct sk_buff *skb)
898{
899 struct hci_rp_le_read_buffer_size *rp = (void *) skb->data;
900
9f1db00c 901 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
6ed58ec5
VT		 902
903 if (rp->status)
904 return;
905
906 hdev->le_mtu = __le16_to_cpu(rp->le_mtu);
907 hdev->le_pkts = rp->le_max_pkt;
908
909 hdev->le_cnt = hdev->le_pkts;
910
911 BT_DBG("%s le mtu %d:%d", hdev->name, hdev->le_mtu, hdev->le_pkts);
6ed58ec5 912}
980e1a53 913
60e77321
JH		 914static void hci_cc_le_read_local_features(struct hci_dev *hdev,
915 struct sk_buff *skb)
916{
917 struct hci_rp_le_read_local_features *rp = (void *) skb->data;
918
919 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
920
45296acd
MH		 921 if (rp->status)
922 return;
923
924 memcpy(hdev->le_features, rp->features, 8);
60e77321
JH		 925}
926
8fa19098
JH		 927static void hci_cc_le_read_adv_tx_power(struct hci_dev *hdev,
928 struct sk_buff *skb)
929{
930 struct hci_rp_le_read_adv_tx_power *rp = (void *) skb->data;
931
932 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
933
45296acd
MH		 934 if (rp->status)
935 return;
936
937 hdev->adv_tx_power = rp->tx_power;
8fa19098
JH		 938}
939
a5c29683
JH		 940static void hci_cc_user_confirm_reply(struct hci_dev *hdev, struct sk_buff *skb)
941{
942 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
943
9f1db00c 944 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
a5c29683 945
56e5cb86
JH		 946 hci_dev_lock(hdev);
947
a8b2d5c2 948 if (test_bit(HCI_MGMT, &hdev->dev_flags))
04124681
GP		 949 mgmt_user_confirm_reply_complete(hdev, &rp->bdaddr, ACL_LINK, 0,
950 rp->status);
56e5cb86
JH		 951
952 hci_dev_unlock(hdev);
a5c29683
JH		 953}
954
955static void hci_cc_user_confirm_neg_reply(struct hci_dev *hdev,
807deac2 956 struct sk_buff *skb)
a5c29683
JH		 957{
958 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
959
9f1db00c 960 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
a5c29683 961
56e5cb86
JH		 962 hci_dev_lock(hdev);
963
a8b2d5c2 964 if (test_bit(HCI_MGMT, &hdev->dev_flags))
744cf19e 965 mgmt_user_confirm_neg_reply_complete(hdev, &rp->bdaddr,
04124681 966 ACL_LINK, 0, rp->status);
56e5cb86
JH		 967
968 hci_dev_unlock(hdev);
a5c29683
JH		 969}
970
1143d458
BG		 971static void hci_cc_user_passkey_reply(struct hci_dev *hdev, struct sk_buff *skb)
972{
973 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
974
9f1db00c 975 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1143d458
BG		 976
977 hci_dev_lock(hdev);
978
a8b2d5c2 979 if (test_bit(HCI_MGMT, &hdev->dev_flags))
272d90df 980 mgmt_user_passkey_reply_complete(hdev, &rp->bdaddr, ACL_LINK,
04124681 981 0, rp->status);
1143d458
BG		 982
983 hci_dev_unlock(hdev);
984}
985
986static void hci_cc_user_passkey_neg_reply(struct hci_dev *hdev,
807deac2 987 struct sk_buff *skb)
1143d458
BG		 988{
989 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
990
9f1db00c 991 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1143d458
BG		 992
993 hci_dev_lock(hdev);
994
a8b2d5c2 995 if (test_bit(HCI_MGMT, &hdev->dev_flags))
1143d458 996 mgmt_user_passkey_neg_reply_complete(hdev, &rp->bdaddr,
04124681 997 ACL_LINK, 0, rp->status);
1143d458
BG		 998
999 hci_dev_unlock(hdev);
1000}
1001
4d2d2796
MH		 1002static void hci_cc_read_local_oob_data(struct hci_dev *hdev,
1003 struct sk_buff *skb)
c35938b2
SJ		 1004{
1005 struct hci_rp_read_local_oob_data *rp = (void *) skb->data;
1006
9f1db00c 1007 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
c35938b2 1008
56e5cb86 1009 hci_dev_lock(hdev);
4d2d2796
MH		 1010 mgmt_read_local_oob_data_complete(hdev, rp->hash, rp->randomizer,
1011 NULL, NULL, rp->status);
1012 hci_dev_unlock(hdev);
1013}
1014
1015static void hci_cc_read_local_oob_ext_data(struct hci_dev *hdev,
1016 struct sk_buff *skb)
1017{
1018 struct hci_rp_read_local_oob_ext_data *rp = (void *) skb->data;
1019
1020 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1021
1022 hci_dev_lock(hdev);
1023 mgmt_read_local_oob_data_complete(hdev, rp->hash192, rp->randomizer192,
1024 rp->hash256, rp->randomizer256,
1025 rp->status);
56e5cb86 1026 hci_dev_unlock(hdev);
c35938b2
SJ		 1027}
1028
7a4cd51d
MH		 1029
1030static void hci_cc_le_set_random_addr(struct hci_dev *hdev, struct sk_buff *skb)
1031{
1032 __u8 status = *((__u8 *) skb->data);
1033 bdaddr_t *sent;
1034
1035 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1036
45296acd
MH		 1037 if (status)
1038 return;
1039
7a4cd51d
MH		 1040 sent = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_RANDOM_ADDR);
1041 if (!sent)
1042 return;
1043
1044 hci_dev_lock(hdev);
1045
45296acd 1046 bacpy(&hdev->random_addr, sent);
7a4cd51d
MH		 1047
1048 hci_dev_unlock(hdev);
1049}
1050
c1d5dc4a
JH		 1051static void hci_cc_le_set_adv_enable(struct hci_dev *hdev, struct sk_buff *skb)
1052{
1053 __u8 *sent, status = *((__u8 *) skb->data);
1054
1055 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1056
45296acd 1057 if (status)
c1d5dc4a
JH		 1058 return;
1059
45296acd
MH		 1060 sent = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_ADV_ENABLE);
1061 if (!sent)
3c857757
JH		 1062 return;
1063
c1d5dc4a
JH		 1064 hci_dev_lock(hdev);
1065
3c857757
JH		 1066 /* If we're doing connection initation as peripheral. Set a
1067 * timeout in case something goes wrong.
1068 */
1069 if (*sent) {
1070 struct hci_conn *conn;
1071
66c417c1
JH		 1072 set_bit(HCI_LE_ADV, &hdev->dev_flags);
1073
3c857757
JH		 1074 conn = hci_conn_hash_lookup_state(hdev, LE_LINK, BT_CONNECT);
1075 if (conn)
1076 queue_delayed_work(hdev->workqueue,
1077 &conn->le_conn_timeout,
09ae260b 1078 conn->conn_timeout);
66c417c1
JH		 1079 } else {
1080 clear_bit(HCI_LE_ADV, &hdev->dev_flags);
3c857757
JH		 1081 }
1082
04b4edcb 1083 hci_dev_unlock(hdev);
c1d5dc4a
JH		 1084}
1085
533553f8
MH		 1086static void hci_cc_le_set_scan_param(struct hci_dev *hdev, struct sk_buff *skb)
1087{
1088 struct hci_cp_le_set_scan_param *cp;
1089 __u8 status = *((__u8 *) skb->data);
1090
1091 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1092
45296acd
MH		 1093 if (status)
1094 return;
1095
533553f8
MH		 1096 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_SCAN_PARAM);
1097 if (!cp)
1098 return;
1099
1100 hci_dev_lock(hdev);
1101
45296acd 1102 hdev->le_scan_type = cp->type;
533553f8
MH		 1103
1104 hci_dev_unlock(hdev);
1105}
1106
b9a6328f
JH		 1107static bool has_pending_adv_report(struct hci_dev *hdev)
1108{
1109 struct discovery_state *d = &hdev->discovery;
1110
1111 return bacmp(&d->last_adv_addr, BDADDR_ANY);
1112}
1113
1114static void clear_pending_adv_report(struct hci_dev *hdev)
1115{
1116 struct discovery_state *d = &hdev->discovery;
1117
1118 bacpy(&d->last_adv_addr, BDADDR_ANY);
1119 d->last_adv_data_len = 0;
1120}
1121
1122static void store_pending_adv_report(struct hci_dev *hdev, bdaddr_t *bdaddr,
c70a7e4c
MH		 1123 u8 bdaddr_type, s8 rssi, u32 flags,
1124 u8 *data, u8 len)
b9a6328f
JH		 1125{
1126 struct discovery_state *d = &hdev->discovery;
1127
1128 bacpy(&d->last_adv_addr, bdaddr);
1129 d->last_adv_addr_type = bdaddr_type;
ff5cd29f 1130 d->last_adv_rssi = rssi;
c70a7e4c 1131 d->last_adv_flags = flags;
b9a6328f
JH		 1132 memcpy(d->last_adv_data, data, len);
1133 d->last_adv_data_len = len;
1134}
1135
eb9d91f5 1136static void hci_cc_le_set_scan_enable(struct hci_dev *hdev,
807deac2 1137 struct sk_buff *skb)
eb9d91f5
AG		 1138{
1139 struct hci_cp_le_set_scan_enable *cp;
1140 __u8 status = *((__u8 *) skb->data);
1141
9f1db00c 1142 BT_DBG("%s status 0x%2.2x", hdev->name, status);
eb9d91f5 1143
45296acd 1144 if (status)
eb9d91f5
AG		 1145 return;
1146
45296acd
MH		 1147 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_SCAN_ENABLE);
1148 if (!cp)
3fd319b8
AG		 1149 return;
1150
68a8aea4 1151 switch (cp->enable) {
76a388be 1152 case LE_SCAN_ENABLE:
d23264a8 1153 set_bit(HCI_LE_SCAN, &hdev->dev_flags);
b9a6328f
JH		 1154 if (hdev->le_scan_type == LE_SCAN_ACTIVE)
1155 clear_pending_adv_report(hdev);
68a8aea4
AE		 1156 break;
1157
76a388be 1158 case LE_SCAN_DISABLE:
b9a6328f
JH		 1159 /* We do this here instead of when setting DISCOVERY_STOPPED
1160 * since the latter would potentially require waiting for
1161 * inquiry to stop too.
1162 */
1163 if (has_pending_adv_report(hdev)) {
1164 struct discovery_state *d = &hdev->discovery;
1165
1166 mgmt_device_found(hdev, &d->last_adv_addr, LE_LINK,
ab0aa433 1167 d->last_adv_addr_type, NULL,
c70a7e4c 1168 d->last_adv_rssi, d->last_adv_flags,
ab0aa433 1169 d->last_adv_data,
b9a6328f
JH		 1170 d->last_adv_data_len, NULL, 0);
1171 }
1172
317ac8cb
JH		 1173 /* Cancel this timer so that we don't try to disable scanning
1174 * when it's already disabled.
1175 */
1176 cancel_delayed_work(&hdev->le_scan_disable);
1177
d23264a8 1178 clear_bit(HCI_LE_SCAN, &hdev->dev_flags);
81ad6fd9
JH		 1179 /* The HCI_LE_SCAN_INTERRUPTED flag indicates that we
1180 * interrupted scanning due to a connect request. Mark
1181 * therefore discovery as stopped.
1182 */
1183 if (test_and_clear_bit(HCI_LE_SCAN_INTERRUPTED,
1184 &hdev->dev_flags))
1185 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
68a8aea4
AE		 1186 break;
1187
1188 default:
1189 BT_ERR("Used reserved LE_Scan_Enable param %d", cp->enable);
1190 break;
35815085 1191 }
eb9d91f5
AG		 1192}
1193
cf1d081f
JH		 1194static void hci_cc_le_read_white_list_size(struct hci_dev *hdev,
1195 struct sk_buff *skb)
1196{
1197 struct hci_rp_le_read_white_list_size *rp = (void *) skb->data;
1198
1199 BT_DBG("%s status 0x%2.2x size %u", hdev->name, rp->status, rp->size);
1200
45296acd
MH		 1201 if (rp->status)
1202 return;
1203
1204 hdev->le_white_list_size = rp->size;
cf1d081f
JH		 1205}
1206
0f36b589
MH		 1207static void hci_cc_le_clear_white_list(struct hci_dev *hdev,
1208 struct sk_buff *skb)
1209{
1210 __u8 status = *((__u8 *) skb->data);
1211
1212 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1213
45296acd
MH		 1214 if (status)
1215 return;
1216
1217 hci_white_list_clear(hdev);
0f36b589
MH		 1218}
1219
1220static void hci_cc_le_add_to_white_list(struct hci_dev *hdev,
1221 struct sk_buff *skb)
1222{
1223 struct hci_cp_le_add_to_white_list *sent;
1224 __u8 status = *((__u8 *) skb->data);
1225
1226 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1227
45296acd
MH		 1228 if (status)
1229 return;
1230
0f36b589
MH		 1231 sent = hci_sent_cmd_data(hdev, HCI_OP_LE_ADD_TO_WHITE_LIST);
1232 if (!sent)
1233 return;
1234
45296acd 1235 hci_white_list_add(hdev, &sent->bdaddr, sent->bdaddr_type);
0f36b589
MH		 1236}
1237
1238static void hci_cc_le_del_from_white_list(struct hci_dev *hdev,
1239 struct sk_buff *skb)
1240{
1241 struct hci_cp_le_del_from_white_list *sent;
1242 __u8 status = *((__u8 *) skb->data);
1243
1244 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1245
45296acd
MH		 1246 if (status)
1247 return;
1248
0f36b589
MH		 1249 sent = hci_sent_cmd_data(hdev, HCI_OP_LE_DEL_FROM_WHITE_LIST);
1250 if (!sent)
1251 return;
1252
45296acd 1253 hci_white_list_del(hdev, &sent->bdaddr, sent->bdaddr_type);
0f36b589
MH		 1254}
1255
9b008c04
JH		 1256static void hci_cc_le_read_supported_states(struct hci_dev *hdev,
1257 struct sk_buff *skb)
1258{
1259 struct hci_rp_le_read_supported_states *rp = (void *) skb->data;
1260
1261 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1262
45296acd
MH		 1263 if (rp->status)
1264 return;
1265
1266 memcpy(hdev->le_states, rp->le_states, 8);
9b008c04
JH		 1267}
1268
6039aa73
GP		 1269static void hci_cc_write_le_host_supported(struct hci_dev *hdev,
1270 struct sk_buff *skb)
f9b49306 1271{
06199cf8 1272 struct hci_cp_write_le_host_supported *sent;
f9b49306
AG		 1273 __u8 status = *((__u8 *) skb->data);
1274
9f1db00c 1275 BT_DBG("%s status 0x%2.2x", hdev->name, status);
f9b49306 1276
45296acd
MH		 1277 if (status)
1278 return;
1279
06199cf8 1280 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED);
8f984dfa 1281 if (!sent)
f9b49306
AG		 1282 return;
1283
45296acd
MH		 1284 if (sent->le) {
1285 hdev->features[1][0] |= LMP_HOST_LE;
1286 set_bit(HCI_LE_ENABLED, &hdev->dev_flags);
1287 } else {
1288 hdev->features[1][0] &= ~LMP_HOST_LE;
1289 clear_bit(HCI_LE_ENABLED, &hdev->dev_flags);
1290 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
8f984dfa 1291 }
45296acd
MH		 1292
1293 if (sent->simul)
1294 hdev->features[1][0] |= LMP_HOST_LE_BREDR;
1295 else
1296 hdev->features[1][0] &= ~LMP_HOST_LE_BREDR;
f9b49306
AG		 1297}
1298
56ed2cb8
JH		 1299static void hci_cc_set_adv_param(struct hci_dev *hdev, struct sk_buff *skb)
1300{
1301 struct hci_cp_le_set_adv_param *cp;
1302 u8 status = *((u8 *) skb->data);
1303
1304 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1305
1306 if (status)
1307 return;
1308
1309 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_ADV_PARAM);
1310 if (!cp)
1311 return;
1312
1313 hci_dev_lock(hdev);
1314 hdev->adv_addr_type = cp->own_address_type;
1315 hci_dev_unlock(hdev);
1316}
1317
93c284ee
AE		 1318static void hci_cc_write_remote_amp_assoc(struct hci_dev *hdev,
1319 struct sk_buff *skb)
1320{
1321 struct hci_rp_write_remote_amp_assoc *rp = (void *) skb->data;
1322
1323 BT_DBG("%s status 0x%2.2x phy_handle 0x%2.2x",
1324 hdev->name, rp->status, rp->phy_handle);
1325
1326 if (rp->status)
1327 return;
1328
1329 amp_write_rem_assoc_continue(hdev, rp->phy_handle);
1330}
1331
5ae76a94
AK		 1332static void hci_cc_read_rssi(struct hci_dev *hdev, struct sk_buff *skb)
1333{
1334 struct hci_rp_read_rssi *rp = (void *) skb->data;
1335 struct hci_conn *conn;
1336
1337 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1338
1339 if (rp->status)
1340 return;
1341
1342 hci_dev_lock(hdev);
1343
1344 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
1345 if (conn)
1346 conn->rssi = rp->rssi;
1347
1348 hci_dev_unlock(hdev);
1349}
1350
5a134fae
AK		 1351static void hci_cc_read_tx_power(struct hci_dev *hdev, struct sk_buff *skb)
1352{
1353 struct hci_cp_read_tx_power *sent;
1354 struct hci_rp_read_tx_power *rp = (void *) skb->data;
1355 struct hci_conn *conn;
1356
1357 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1358
1359 if (rp->status)
1360 return;
1361
1362 sent = hci_sent_cmd_data(hdev, HCI_OP_READ_TX_POWER);
1363 if (!sent)
1364 return;
1365
1366 hci_dev_lock(hdev);
1367
1368 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
d0455ed9
AK		 1369 if (!conn)
1370 goto unlock;
1371
1372 switch (sent->type) {
1373 case 0x00:
5a134fae 1374 conn->tx_power = rp->tx_power;
d0455ed9
AK		 1375 break;
1376 case 0x01:
1377 conn->max_tx_power = rp->tx_power;
1378 break;
1379 }
5a134fae 1380
d0455ed9 1381unlock:
5a134fae
AK		 1382 hci_dev_unlock(hdev);
1383}
1384
6039aa73 1385static void hci_cs_inquiry(struct hci_dev *hdev, __u8 status)
a9de9248 1386{
9f1db00c 1387 BT_DBG("%s status 0x%2.2x", hdev->name, status);
a9de9248
MH		 1388
1389 if (status) {
a9de9248 1390 hci_conn_check_pending(hdev);
314b2381
JH		 1391 return;
1392 }
1393
89352e7d 1394 set_bit(HCI_INQUIRY, &hdev->flags);
1da177e4
LT		 1395}
1396
6039aa73 1397static void hci_cs_create_conn(struct hci_dev *hdev, __u8 status)
1da177e4 1398{
a9de9248 1399 struct hci_cp_create_conn *cp;
1da177e4 1400 struct hci_conn *conn;
1da177e4 1401
9f1db00c 1402 BT_DBG("%s status 0x%2.2x", hdev->name, status);
a9de9248
MH		 1403
1404 cp = hci_sent_cmd_data(hdev, HCI_OP_CREATE_CONN);
1da177e4
LT		 1405 if (!cp)
1406 return;
1407
1408 hci_dev_lock(hdev);
1409
1410 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1411
6ed93dc6 1412 BT_DBG("%s bdaddr %pMR hcon %p", hdev->name, &cp->bdaddr, conn);
1da177e4
LT		 1413
1414 if (status) {
1415 if (conn && conn->state == BT_CONNECT) {
4c67bc74
MH		 1416 if (status != 0x0c || conn->attempt > 2) {
1417 conn->state = BT_CLOSED;
1418 hci_proto_connect_cfm(conn, status);
1419 hci_conn_del(conn);
1420 } else
1421 conn->state = BT_CONNECT2;
1da177e4
LT		 1422 }
1423 } else {
1424 if (!conn) {
1425 conn = hci_conn_add(hdev, ACL_LINK, &cp->bdaddr);
1426 if (conn) {
a0c808b3 1427 conn->out = true;
4dae2798 1428 set_bit(HCI_CONN_MASTER, &conn->flags);
1da177e4 1429 } else
893ef971 1430 BT_ERR("No memory for new connection");
1da177e4
LT		 1431 }
1432 }
1433
1434 hci_dev_unlock(hdev);
1435}
1436
a9de9248 1437static void hci_cs_add_sco(struct hci_dev *hdev, __u8 status)
1da177e4 1438{
a9de9248
MH		 1439 struct hci_cp_add_sco *cp;
1440 struct hci_conn *acl, *sco;
1441 __u16 handle;
1da177e4 1442
9f1db00c 1443 BT_DBG("%s status 0x%2.2x", hdev->name, status);
b6a0dc82 1444
a9de9248
MH		 1445 if (!status)
1446 return;
1da177e4 1447
a9de9248
MH		 1448 cp = hci_sent_cmd_data(hdev, HCI_OP_ADD_SCO);
1449 if (!cp)
1450 return;
1da177e4 1451
a9de9248 1452 handle = __le16_to_cpu(cp->handle);
1da177e4 1453
9f1db00c 1454 BT_DBG("%s handle 0x%4.4x", hdev->name, handle);
1da177e4 1455
a9de9248 1456 hci_dev_lock(hdev);
1da177e4 1457
a9de9248 1458 acl = hci_conn_hash_lookup_handle(hdev, handle);
5a08ecce
AE		 1459 if (acl) {
1460 sco = acl->link;
1461 if (sco) {
1462 sco->state = BT_CLOSED;
1da177e4 1463
5a08ecce
AE		 1464 hci_proto_connect_cfm(sco, status);
1465 hci_conn_del(sco);
1466 }
a9de9248 1467 }
1da177e4 1468
a9de9248
MH		 1469 hci_dev_unlock(hdev);
1470}
1da177e4 1471
f8558555
MH		 1472static void hci_cs_auth_requested(struct hci_dev *hdev, __u8 status)
1473{
1474 struct hci_cp_auth_requested *cp;
1475 struct hci_conn *conn;
1476
9f1db00c 1477 BT_DBG("%s status 0x%2.2x", hdev->name, status);
f8558555
MH		 1478
1479 if (!status)
1480 return;
1481
1482 cp = hci_sent_cmd_data(hdev, HCI_OP_AUTH_REQUESTED);
1483 if (!cp)
1484 return;
1485
1486 hci_dev_lock(hdev);
1487
1488 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1489 if (conn) {
1490 if (conn->state == BT_CONFIG) {
1491 hci_proto_connect_cfm(conn, status);
76a68ba0 1492 hci_conn_drop(conn);
f8558555
MH		 1493 }
1494 }
1495
1496 hci_dev_unlock(hdev);
1497}
1498
1499static void hci_cs_set_conn_encrypt(struct hci_dev *hdev, __u8 status)
1500{
1501 struct hci_cp_set_conn_encrypt *cp;
1502 struct hci_conn *conn;
1503
9f1db00c 1504 BT_DBG("%s status 0x%2.2x", hdev->name, status);
f8558555
MH		 1505
1506 if (!status)
1507 return;
1508
1509 cp = hci_sent_cmd_data(hdev, HCI_OP_SET_CONN_ENCRYPT);
1510 if (!cp)
1511 return;
1512
1513 hci_dev_lock(hdev);
1514
1515 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1516 if (conn) {
1517 if (conn->state == BT_CONFIG) {
1518 hci_proto_connect_cfm(conn, status);
76a68ba0 1519 hci_conn_drop(conn);
f8558555
MH		 1520 }
1521 }
1522
1523 hci_dev_unlock(hdev);
1524}
1525
127178d2 1526static int hci_outgoing_auth_needed(struct hci_dev *hdev,
807deac2 1527 struct hci_conn *conn)
392599b9 1528{
392599b9
JH		 1529 if (conn->state != BT_CONFIG || !conn->out)
1530 return 0;
1531
765c2a96 1532 if (conn->pending_sec_level == BT_SECURITY_SDP)
392599b9
JH		 1533 return 0;
1534
1535 /* Only request authentication for SSP connections or non-SSP
264b8b4e
JH		 1536 * devices with sec_level MEDIUM or HIGH or if MITM protection
1537 * is requested.
1538 */
807deac2 1539 if (!hci_conn_ssp_enabled(conn) && !(conn->auth_type & 0x01) &&
7e3691e1 1540 conn->pending_sec_level != BT_SECURITY_FIPS &&
264b8b4e
JH		 1541 conn->pending_sec_level != BT_SECURITY_HIGH &&
1542 conn->pending_sec_level != BT_SECURITY_MEDIUM)
392599b9
JH		 1543 return 0;
1544
392599b9
JH		 1545 return 1;
1546}
1547
6039aa73 1548static int hci_resolve_name(struct hci_dev *hdev,
04124681 1549 struct inquiry_entry *e)
30dc78e1
JH		 1550{
1551 struct hci_cp_remote_name_req cp;
1552
1553 memset(&cp, 0, sizeof(cp));
1554
1555 bacpy(&cp.bdaddr, &e->data.bdaddr);
1556 cp.pscan_rep_mode = e->data.pscan_rep_mode;
1557 cp.pscan_mode = e->data.pscan_mode;
1558 cp.clock_offset = e->data.clock_offset;
1559
1560 return hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
1561}
1562
b644ba33 1563static bool hci_resolve_next_name(struct hci_dev *hdev)
30dc78e1
JH		 1564{
1565 struct discovery_state *discov = &hdev->discovery;
1566 struct inquiry_entry *e;
1567
b644ba33
JH		 1568 if (list_empty(&discov->resolve))
1569 return false;
1570
1571 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_NEEDED);
c810089c
RM		 1572 if (!e)
1573 return false;
1574
b644ba33
JH		 1575 if (hci_resolve_name(hdev, e) == 0) {
1576 e->name_state = NAME_PENDING;
1577 return true;
1578 }
1579
1580 return false;
1581}
1582
1583static void hci_check_pending_name(struct hci_dev *hdev, struct hci_conn *conn,
04124681 1584 bdaddr_t *bdaddr, u8 *name, u8 name_len)
b644ba33
JH		 1585{
1586 struct discovery_state *discov = &hdev->discovery;
1587 struct inquiry_entry *e;
1588
1589 if (conn && !test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
04124681
GP		 1590 mgmt_device_connected(hdev, bdaddr, ACL_LINK, 0x00, 0, name,
1591 name_len, conn->dev_class);
b644ba33
JH		 1592
1593 if (discov->state == DISCOVERY_STOPPED)
1594 return;
1595
30dc78e1
JH		 1596 if (discov->state == DISCOVERY_STOPPING)
1597 goto discov_complete;
1598
1599 if (discov->state != DISCOVERY_RESOLVING)
1600 return;
1601
1602 e = hci_inquiry_cache_lookup_resolve(hdev, bdaddr, NAME_PENDING);
7cc8380e
RM		 1603 /* If the device was not found in a list of found devices names of which
1604 * are pending. there is no need to continue resolving a next name as it
1605 * will be done upon receiving another Remote Name Request Complete
1606 * Event */
1607 if (!e)
1608 return;
1609
1610 list_del(&e->list);
1611 if (name) {
30dc78e1 1612 e->name_state = NAME_KNOWN;
7cc8380e
RM		 1613 mgmt_remote_name(hdev, bdaddr, ACL_LINK, 0x00,
1614 e->data.rssi, name, name_len);
c3e7c0d9
RM		 1615 } else {
1616 e->name_state = NAME_NOT_KNOWN;
30dc78e1
JH		 1617 }
1618
b644ba33 1619 if (hci_resolve_next_name(hdev))
30dc78e1 1620 return;
30dc78e1
JH		 1621
1622discov_complete:
1623 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1624}
1625
a9de9248
MH		 1626static void hci_cs_remote_name_req(struct hci_dev *hdev, __u8 status)
1627{
127178d2
JH		 1628 struct hci_cp_remote_name_req *cp;
1629 struct hci_conn *conn;
1630
9f1db00c 1631 BT_DBG("%s status 0x%2.2x", hdev->name, status);
127178d2
JH		 1632
1633 /* If successful wait for the name req complete event before
1634 * checking for the need to do authentication */
1635 if (!status)
1636 return;
1637
1638 cp = hci_sent_cmd_data(hdev, HCI_OP_REMOTE_NAME_REQ);
1639 if (!cp)
1640 return;
1641
1642 hci_dev_lock(hdev);
1643
b644ba33
JH		 1644 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1645
a8b2d5c2 1646 if (test_bit(HCI_MGMT, &hdev->dev_flags))
b644ba33 1647 hci_check_pending_name(hdev, conn, &cp->bdaddr, NULL, 0);
30dc78e1 1648
79c6c70c
JH		 1649 if (!conn)
1650 goto unlock;
1651
1652 if (!hci_outgoing_auth_needed(hdev, conn))
1653 goto unlock;
1654
51a8efd7 1655 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
c1f23a2b
JB		 1656 struct hci_cp_auth_requested auth_cp;
1657
1658 auth_cp.handle = __cpu_to_le16(conn->handle);
1659 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED,
1660 sizeof(auth_cp), &auth_cp);
127178d2
JH		 1661 }
1662
79c6c70c 1663unlock:
127178d2 1664 hci_dev_unlock(hdev);
a9de9248 1665}
1da177e4 1666
769be974
MH		 1667static void hci_cs_read_remote_features(struct hci_dev *hdev, __u8 status)
1668{
1669 struct hci_cp_read_remote_features *cp;
1670 struct hci_conn *conn;
1671
9f1db00c 1672 BT_DBG("%s status 0x%2.2x", hdev->name, status);
769be974
MH		 1673
1674 if (!status)
1675 return;
1676
1677 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_FEATURES);
1678 if (!cp)
1679 return;
1680
1681 hci_dev_lock(hdev);
1682
1683 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1684 if (conn) {
1685 if (conn->state == BT_CONFIG) {
769be974 1686 hci_proto_connect_cfm(conn, status);
76a68ba0 1687 hci_conn_drop(conn);
769be974
MH		 1688 }
1689 }
1690
1691 hci_dev_unlock(hdev);
1692}
1693
1694static void hci_cs_read_remote_ext_features(struct hci_dev *hdev, __u8 status)
1695{
1696 struct hci_cp_read_remote_ext_features *cp;
1697 struct hci_conn *conn;
1698
9f1db00c 1699 BT_DBG("%s status 0x%2.2x", hdev->name, status);
769be974
MH		 1700
1701 if (!status)
1702 return;
1703
1704 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES);
1705 if (!cp)
1706 return;
1707
1708 hci_dev_lock(hdev);
1709
1710 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1711 if (conn) {
1712 if (conn->state == BT_CONFIG) {
769be974 1713 hci_proto_connect_cfm(conn, status);
76a68ba0 1714 hci_conn_drop(conn);
769be974
MH		 1715 }
1716 }
1717
1718 hci_dev_unlock(hdev);
1719}
1720
a9de9248
MH		 1721static void hci_cs_setup_sync_conn(struct hci_dev *hdev, __u8 status)
1722{
b6a0dc82
MH		 1723 struct hci_cp_setup_sync_conn *cp;
1724 struct hci_conn *acl, *sco;
1725 __u16 handle;
1726
9f1db00c 1727 BT_DBG("%s status 0x%2.2x", hdev->name, status);
b6a0dc82
MH		 1728
1729 if (!status)
1730 return;
1731
1732 cp = hci_sent_cmd_data(hdev, HCI_OP_SETUP_SYNC_CONN);
1733 if (!cp)
1734 return;
1735
1736 handle = __le16_to_cpu(cp->handle);
1737
9f1db00c 1738 BT_DBG("%s handle 0x%4.4x", hdev->name, handle);
b6a0dc82
MH		 1739
1740 hci_dev_lock(hdev);
1741
1742 acl = hci_conn_hash_lookup_handle(hdev, handle);
5a08ecce
AE		 1743 if (acl) {
1744 sco = acl->link;
1745 if (sco) {
1746 sco->state = BT_CLOSED;
b6a0dc82 1747
5a08ecce
AE		 1748 hci_proto_connect_cfm(sco, status);
1749 hci_conn_del(sco);
1750 }
b6a0dc82
MH		 1751 }
1752
1753 hci_dev_unlock(hdev);
1da177e4
LT		 1754}
1755
a9de9248 1756static void hci_cs_sniff_mode(struct hci_dev *hdev, __u8 status)
1da177e4 1757{
a9de9248
MH		 1758 struct hci_cp_sniff_mode *cp;
1759 struct hci_conn *conn;
1da177e4 1760
9f1db00c 1761 BT_DBG("%s status 0x%2.2x", hdev->name, status);
04837f64 1762
a9de9248
MH		 1763 if (!status)
1764 return;
04837f64 1765
a9de9248
MH		 1766 cp = hci_sent_cmd_data(hdev, HCI_OP_SNIFF_MODE);
1767 if (!cp)
1768 return;
04837f64 1769
a9de9248 1770 hci_dev_lock(hdev);
04837f64 1771
a9de9248 1772 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
e73439d8 1773 if (conn) {
51a8efd7 1774 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags);
04837f64 1775
51a8efd7 1776 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
e73439d8
MH		 1777 hci_sco_setup(conn, status);
1778 }
1779
a9de9248
MH		 1780 hci_dev_unlock(hdev);
1781}
04837f64 1782
a9de9248
MH		 1783static void hci_cs_exit_sniff_mode(struct hci_dev *hdev, __u8 status)
1784{
1785 struct hci_cp_exit_sniff_mode *cp;
1786 struct hci_conn *conn;
04837f64 1787
9f1db00c 1788 BT_DBG("%s status 0x%2.2x", hdev->name, status);
04837f64 1789
a9de9248
MH		 1790 if (!status)
1791 return;
04837f64 1792
a9de9248
MH		 1793 cp = hci_sent_cmd_data(hdev, HCI_OP_EXIT_SNIFF_MODE);
1794 if (!cp)
1795 return;
04837f64 1796
a9de9248 1797 hci_dev_lock(hdev);
1da177e4 1798
a9de9248 1799 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
e73439d8 1800 if (conn) {
51a8efd7 1801 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags);
1da177e4 1802
51a8efd7 1803 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
e73439d8
MH		 1804 hci_sco_setup(conn, status);
1805 }
1806
a9de9248 1807 hci_dev_unlock(hdev);
1da177e4
LT		 1808}
1809
88c3df13
JH		 1810static void hci_cs_disconnect(struct hci_dev *hdev, u8 status)
1811{
1812 struct hci_cp_disconnect *cp;
1813 struct hci_conn *conn;
1814
1815 if (!status)
1816 return;
1817
1818 cp = hci_sent_cmd_data(hdev, HCI_OP_DISCONNECT);
1819 if (!cp)
1820 return;
1821
1822 hci_dev_lock(hdev);
1823
1824 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1825 if (conn)
1826 mgmt_disconnect_failed(hdev, &conn->dst, conn->type,
04124681 1827 conn->dst_type, status);
88c3df13
JH		 1828
1829 hci_dev_unlock(hdev);
1830}
1831
a02226d6
AE		 1832static void hci_cs_create_phylink(struct hci_dev *hdev, u8 status)
1833{
93c284ee
AE		 1834 struct hci_cp_create_phy_link *cp;
1835
a02226d6 1836 BT_DBG("%s status 0x%2.2x", hdev->name, status);
93c284ee 1837
93c284ee
AE		 1838 cp = hci_sent_cmd_data(hdev, HCI_OP_CREATE_PHY_LINK);
1839 if (!cp)
1840 return;
1841
e58917b9
AE		 1842 hci_dev_lock(hdev);
1843
1844 if (status) {
1845 struct hci_conn *hcon;
1846
1847 hcon = hci_conn_hash_lookup_handle(hdev, cp->phy_handle);
1848 if (hcon)
1849 hci_conn_del(hcon);
1850 } else {
1851 amp_write_remote_assoc(hdev, cp->phy_handle);
1852 }
1853
1854 hci_dev_unlock(hdev);
a02226d6
AE		 1855}
1856
0b26ab9d
AE		 1857static void hci_cs_accept_phylink(struct hci_dev *hdev, u8 status)
1858{
1859 struct hci_cp_accept_phy_link *cp;
1860
1861 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1862
1863 if (status)
1864 return;
1865
1866 cp = hci_sent_cmd_data(hdev, HCI_OP_ACCEPT_PHY_LINK);
1867 if (!cp)
1868 return;
1869
1870 amp_write_remote_assoc(hdev, cp->phy_handle);
1871}
1872
cb1d68f7
JH		 1873static void hci_cs_le_create_conn(struct hci_dev *hdev, u8 status)
1874{
1875 struct hci_cp_le_create_conn *cp;
1876 struct hci_conn *conn;
1877
1878 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1879
1880 /* All connection failure handling is taken care of by the
1881 * hci_le_conn_failed function which is triggered by the HCI
1882 * request completion callbacks used for connecting.
1883 */
1884 if (status)
1885 return;
1886
1887 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_CREATE_CONN);
1888 if (!cp)
1889 return;
1890
1891 hci_dev_lock(hdev);
1892
1893 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->peer_addr);
1894 if (!conn)
1895 goto unlock;
1896
1897 /* Store the initiator and responder address information which
1898 * is needed for SMP. These values will not change during the
1899 * lifetime of the connection.
1900 */
1901 conn->init_addr_type = cp->own_address_type;
1902 if (cp->own_address_type == ADDR_LE_DEV_RANDOM)
1903 bacpy(&conn->init_addr, &hdev->random_addr);
1904 else
1905 bacpy(&conn->init_addr, &hdev->bdaddr);
1906
1907 conn->resp_addr_type = cp->peer_addr_type;
1908 bacpy(&conn->resp_addr, &cp->peer_addr);
1909
9489eca4
JH		 1910 /* We don't want the connection attempt to stick around
1911 * indefinitely since LE doesn't have a page timeout concept
1912 * like BR/EDR. Set a timer for any connection that doesn't use
1913 * the white list for connecting.
1914 */
1915 if (cp->filter_policy == HCI_LE_USE_PEER_ADDR)
1916 queue_delayed_work(conn->hdev->workqueue,
1917 &conn->le_conn_timeout,
09ae260b 1918 conn->conn_timeout);
9489eca4 1919
cb1d68f7
JH		 1920unlock:
1921 hci_dev_unlock(hdev);
1922}
1923
81d0c8ad
JH		 1924static void hci_cs_le_start_enc(struct hci_dev *hdev, u8 status)
1925{
1926 struct hci_cp_le_start_enc *cp;
1927 struct hci_conn *conn;
1928
1929 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1930
1931 if (!status)
1932 return;
1933
1934 hci_dev_lock(hdev);
1935
1936 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_START_ENC);
1937 if (!cp)
1938 goto unlock;
1939
1940 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1941 if (!conn)
1942 goto unlock;
1943
1944 if (conn->state != BT_CONNECTED)
1945 goto unlock;
1946
1947 hci_disconnect(conn, HCI_ERROR_AUTH_FAILURE);
1948 hci_conn_drop(conn);
1949
1950unlock:
1951 hci_dev_unlock(hdev);
1952}
1953
6039aa73 1954static void hci_inquiry_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4
LT		 1955{
1956 __u8 status = *((__u8 *) skb->data);
30dc78e1
JH		 1957 struct discovery_state *discov = &hdev->discovery;
1958 struct inquiry_entry *e;
1da177e4 1959
9f1db00c 1960 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1da177e4 1961
a9de9248 1962 hci_conn_check_pending(hdev);
89352e7d
AG		 1963
1964 if (!test_and_clear_bit(HCI_INQUIRY, &hdev->flags))
1965 return;
1966
4e857c58 1967 smp_mb__after_atomic(); /* wake_up_bit advises about this barrier */
3e13fa1e
AG		 1968 wake_up_bit(&hdev->flags, HCI_INQUIRY);
1969
a8b2d5c2 1970 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
30dc78e1
JH		 1971 return;
1972
56e5cb86 1973 hci_dev_lock(hdev);
30dc78e1 1974
343f935b 1975 if (discov->state != DISCOVERY_FINDING)
30dc78e1
JH		 1976 goto unlock;
1977
1978 if (list_empty(&discov->resolve)) {
1979 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1980 goto unlock;
1981 }
1982
1983 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_NEEDED);
1984 if (e && hci_resolve_name(hdev, e) == 0) {
1985 e->name_state = NAME_PENDING;
1986 hci_discovery_set_state(hdev, DISCOVERY_RESOLVING);
1987 } else {
1988 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1989 }
1990
1991unlock:
56e5cb86 1992 hci_dev_unlock(hdev);
1da177e4
LT		 1993}
1994
6039aa73 1995static void hci_inquiry_result_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 1996{
45bb4bf0 1997 struct inquiry_data data;
a9de9248 1998 struct inquiry_info *info = (void *) (skb->data + 1);
1da177e4
LT		 1999 int num_rsp = *((__u8 *) skb->data);
2000
2001 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
2002
45bb4bf0
MH		 2003 if (!num_rsp)
2004 return;
2005
1519cc17
AG		 2006 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags))
2007 return;
2008
1da177e4 2009 hci_dev_lock(hdev);
45bb4bf0 2010
e17acd40 2011 for (; num_rsp; num_rsp--, info++) {
af58925c 2012 u32 flags;
3175405b 2013
1da177e4
LT		 2014 bacpy(&data.bdaddr, &info->bdaddr);
2015 data.pscan_rep_mode = info->pscan_rep_mode;
2016 data.pscan_period_mode = info->pscan_period_mode;
2017 data.pscan_mode = info->pscan_mode;
2018 memcpy(data.dev_class, info->dev_class, 3);
2019 data.clock_offset = info->clock_offset;
2020 data.rssi = 0x00;
41a96212 2021 data.ssp_mode = 0x00;
3175405b 2022
af58925c
MH		 2023 flags = hci_inquiry_cache_update(hdev, &data, false);
2024
48264f06 2025 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
af58925c 2026 info->dev_class, 0, flags, NULL, 0, NULL, 0);
1da177e4 2027 }
45bb4bf0 2028
1da177e4
LT		 2029 hci_dev_unlock(hdev);
2030}
2031
6039aa73 2032static void hci_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 2033{
a9de9248
MH		 2034 struct hci_ev_conn_complete *ev = (void *) skb->data;
2035 struct hci_conn *conn;
1da177e4
LT		 2036
2037 BT_DBG("%s", hdev->name);
2038
2039 hci_dev_lock(hdev);
2040
2041 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
9499237a
MH		 2042 if (!conn) {
2043 if (ev->link_type != SCO_LINK)
2044 goto unlock;
2045
2046 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
2047 if (!conn)
2048 goto unlock;
2049
2050 conn->type = SCO_LINK;
2051 }
1da177e4
LT		 2052
2053 if (!ev->status) {
2054 conn->handle = __le16_to_cpu(ev->handle);
769be974
MH		 2055
2056 if (conn->type == ACL_LINK) {
2057 conn->state = BT_CONFIG;
2058 hci_conn_hold(conn);
a9ea3ed9
SJ		 2059
2060 if (!conn->out && !hci_conn_ssp_enabled(conn) &&
2061 !hci_find_link_key(hdev, &ev->bdaddr))
2062 conn->disc_timeout = HCI_PAIRING_TIMEOUT;
2063 else
2064 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
769be974
MH		 2065 } else
2066 conn->state = BT_CONNECTED;
1da177e4 2067
7d0db0a3
MH		 2068 hci_conn_add_sysfs(conn);
2069
1da177e4 2070 if (test_bit(HCI_AUTH, &hdev->flags))
4dae2798 2071 set_bit(HCI_CONN_AUTH, &conn->flags);
1da177e4
LT		 2072
2073 if (test_bit(HCI_ENCRYPT, &hdev->flags))
4dae2798 2074 set_bit(HCI_CONN_ENCRYPT, &conn->flags);
1da177e4 2075
04837f64
MH		 2076 /* Get remote features */
2077 if (conn->type == ACL_LINK) {
2078 struct hci_cp_read_remote_features cp;
2079 cp.handle = ev->handle;
769be974 2080 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_FEATURES,
04124681 2081 sizeof(cp), &cp);
04837f64
MH		 2082 }
2083
1da177e4 2084 /* Set packet type for incoming connection */
d095c1eb 2085 if (!conn->out && hdev->hci_ver < BLUETOOTH_VER_2_0) {
1da177e4
LT		 2086 struct hci_cp_change_conn_ptype cp;
2087 cp.handle = ev->handle;
a8746417 2088 cp.pkt_type = cpu_to_le16(conn->pkt_type);
04124681
GP		 2089 hci_send_cmd(hdev, HCI_OP_CHANGE_CONN_PTYPE, sizeof(cp),
2090 &cp);
1da177e4 2091 }
17d5c04c 2092 } else {
1da177e4 2093 conn->state = BT_CLOSED;
17d5c04c 2094 if (conn->type == ACL_LINK)
64c7b77c 2095 mgmt_connect_failed(hdev, &conn->dst, conn->type,
04124681 2096 conn->dst_type, ev->status);
17d5c04c 2097 }
1da177e4 2098
e73439d8
MH		 2099 if (conn->type == ACL_LINK)
2100 hci_sco_setup(conn, ev->status);
1da177e4 2101
769be974
MH		 2102 if (ev->status) {
2103 hci_proto_connect_cfm(conn, ev->status);
1da177e4 2104 hci_conn_del(conn);
c89b6e6b
MH		 2105 } else if (ev->link_type != ACL_LINK)
2106 hci_proto_connect_cfm(conn, ev->status);
1da177e4 2107
a9de9248 2108unlock:
1da177e4 2109 hci_dev_unlock(hdev);
1da177e4 2110
a9de9248 2111 hci_conn_check_pending(hdev);
1da177e4
LT		 2112}
2113
6039aa73 2114static void hci_conn_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 2115{
a9de9248
MH		 2116 struct hci_ev_conn_request *ev = (void *) skb->data;
2117 int mask = hdev->link_mode;
20714bfe 2118 __u8 flags = 0;
1da177e4 2119
6ed93dc6 2120 BT_DBG("%s bdaddr %pMR type 0x%x", hdev->name, &ev->bdaddr,
807deac2 2121 ev->link_type);
1da177e4 2122
20714bfe
FD		 2123 mask |= hci_proto_connect_ind(hdev, &ev->bdaddr, ev->link_type,
2124 &flags);
1da177e4 2125
138d22ef 2126 if ((mask & HCI_LM_ACCEPT) &&
b9ee0a78 2127 !hci_blacklist_lookup(hdev, &ev->bdaddr, BDADDR_BREDR)) {
a9de9248 2128 /* Connection accepted */
c7bdd502 2129 struct inquiry_entry *ie;
1da177e4 2130 struct hci_conn *conn;
1da177e4 2131
a9de9248 2132 hci_dev_lock(hdev);
b6a0dc82 2133
cc11b9c1
AE		 2134 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
2135 if (ie)
c7bdd502
MH		 2136 memcpy(ie->data.dev_class, ev->dev_class, 3);
2137
8fc9ced3
GP		 2138 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type,
2139 &ev->bdaddr);
a9de9248 2140 if (!conn) {
cc11b9c1
AE		 2141 conn = hci_conn_add(hdev, ev->link_type, &ev->bdaddr);
2142 if (!conn) {
893ef971 2143 BT_ERR("No memory for new connection");
a9de9248
MH		 2144 hci_dev_unlock(hdev);
2145 return;
1da177e4
LT		 2146 }
2147 }
b6a0dc82 2148
a9de9248 2149 memcpy(conn->dev_class, ev->dev_class, 3);
b6a0dc82 2150
a9de9248 2151 hci_dev_unlock(hdev);
1da177e4 2152
20714bfe
FD		 2153 if (ev->link_type == ACL_LINK ||
2154 (!(flags & HCI_PROTO_DEFER) && !lmp_esco_capable(hdev))) {
b6a0dc82 2155 struct hci_cp_accept_conn_req cp;
20714bfe 2156 conn->state = BT_CONNECT;
1da177e4 2157
b6a0dc82
MH		 2158 bacpy(&cp.bdaddr, &ev->bdaddr);
2159
2160 if (lmp_rswitch_capable(hdev) && (mask & HCI_LM_MASTER))
2161 cp.role = 0x00; /* Become master */
2162 else
2163 cp.role = 0x01; /* Remain slave */
2164
04124681
GP		 2165 hci_send_cmd(hdev, HCI_OP_ACCEPT_CONN_REQ, sizeof(cp),
2166 &cp);
20714bfe 2167 } else if (!(flags & HCI_PROTO_DEFER)) {
b6a0dc82 2168 struct hci_cp_accept_sync_conn_req cp;
20714bfe 2169 conn->state = BT_CONNECT;
b6a0dc82
MH		 2170
2171 bacpy(&cp.bdaddr, &ev->bdaddr);
a8746417 2172 cp.pkt_type = cpu_to_le16(conn->pkt_type);
b6a0dc82 2173
dcf4adbf
JP		 2174 cp.tx_bandwidth = cpu_to_le32(0x00001f40);
2175 cp.rx_bandwidth = cpu_to_le32(0x00001f40);
2176 cp.max_latency = cpu_to_le16(0xffff);
b6a0dc82
MH		 2177 cp.content_format = cpu_to_le16(hdev->voice_setting);
2178 cp.retrans_effort = 0xff;
1da177e4 2179
b6a0dc82 2180 hci_send_cmd(hdev, HCI_OP_ACCEPT_SYNC_CONN_REQ,
04124681 2181 sizeof(cp), &cp);
20714bfe
FD		 2182 } else {
2183 conn->state = BT_CONNECT2;
2184 hci_proto_connect_cfm(conn, 0);
b6a0dc82 2185 }
a9de9248
MH		 2186 } else {
2187 /* Connection rejected */
2188 struct hci_cp_reject_conn_req cp;
1da177e4 2189
a9de9248 2190 bacpy(&cp.bdaddr, &ev->bdaddr);
9f5a0d7b 2191 cp.reason = HCI_ERROR_REJ_BAD_ADDR;
a9de9248 2192 hci_send_cmd(hdev, HCI_OP_REJECT_CONN_REQ, sizeof(cp), &cp);
1da177e4 2193 }
1da177e4
LT		 2194}
2195
f0d6a0ea
MA		 2196static u8 hci_to_mgmt_reason(u8 err)
2197{
2198 switch (err) {
2199 case HCI_ERROR_CONNECTION_TIMEOUT:
2200 return MGMT_DEV_DISCONN_TIMEOUT;
2201 case HCI_ERROR_REMOTE_USER_TERM:
2202 case HCI_ERROR_REMOTE_LOW_RESOURCES:
2203 case HCI_ERROR_REMOTE_POWER_OFF:
2204 return MGMT_DEV_DISCONN_REMOTE;
2205 case HCI_ERROR_LOCAL_HOST_TERM:
2206 return MGMT_DEV_DISCONN_LOCAL_HOST;
2207 default:
2208 return MGMT_DEV_DISCONN_UNKNOWN;
2209 }
2210}
2211
6039aa73 2212static void hci_disconn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
04837f64 2213{
a9de9248 2214 struct hci_ev_disconn_complete *ev = (void *) skb->data;
abf54a50 2215 u8 reason = hci_to_mgmt_reason(ev->reason);
9fcb18ef 2216 struct hci_conn_params *params;
04837f64 2217 struct hci_conn *conn;
12d4a3b2 2218 bool mgmt_connected;
3846220b 2219 u8 type;
04837f64 2220
9f1db00c 2221 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
04837f64
MH		 2222
2223 hci_dev_lock(hdev);
2224
2225 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
f7520543
JH		 2226 if (!conn)
2227 goto unlock;
7d0db0a3 2228
abf54a50
AG		 2229 if (ev->status) {
2230 mgmt_disconnect_failed(hdev, &conn->dst, conn->type,
2231 conn->dst_type, ev->status);
2232 goto unlock;
37d9ef76 2233 }
f7520543 2234
3846220b
AG		 2235 conn->state = BT_CLOSED;
2236
12d4a3b2
JH		 2237 mgmt_connected = test_and_clear_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags);
2238 mgmt_device_disconnected(hdev, &conn->dst, conn->type, conn->dst_type,
2239 reason, mgmt_connected);
abf54a50 2240
af6a9c32
JH		 2241 if (conn->type == ACL_LINK &&
2242 test_bit(HCI_CONN_FLUSH_KEY, &conn->flags))
3846220b 2243 hci_remove_link_key(hdev, &conn->dst);
2210246c 2244
9fcb18ef
AG		 2245 params = hci_conn_params_lookup(hdev, &conn->dst, conn->dst_type);
2246 if (params) {
2247 switch (params->auto_connect) {
2248 case HCI_AUTO_CONN_LINK_LOSS:
2249 if (ev->reason != HCI_ERROR_CONNECTION_TIMEOUT)
2250 break;
2251 /* Fall through */
2252
2253 case HCI_AUTO_CONN_ALWAYS:
418025d1
JH		 2254 list_del_init(&params->action);
2255 list_add(&params->action, &hdev->pend_le_conns);
2256 hci_update_background_scan(hdev);
9fcb18ef
AG		 2257 break;
2258
2259 default:
2260 break;
2261 }
2262 }
2263
3846220b 2264 type = conn->type;
2210246c 2265
3846220b
AG		 2266 hci_proto_disconn_cfm(conn, ev->reason);
2267 hci_conn_del(conn);
2268
2269 /* Re-enable advertising if necessary, since it might
2270 * have been disabled by the connection. From the
2271 * HCI_LE_Set_Advertise_Enable command description in
2272 * the core specification (v4.0):
2273 * "The Controller shall continue advertising until the Host
2274 * issues an LE_Set_Advertise_Enable command with
2275 * Advertising_Enable set to 0x00 (Advertising is disabled)
2276 * or until a connection is created or until the Advertising
2277 * is timed out due to Directed Advertising."
2278 */
2279 if (type == LE_LINK)
2280 mgmt_reenable_advertising(hdev);
f7520543
JH		 2281
2282unlock:
04837f64
MH		 2283 hci_dev_unlock(hdev);
2284}
2285
6039aa73 2286static void hci_auth_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 2287{
a9de9248 2288 struct hci_ev_auth_complete *ev = (void *) skb->data;
04837f64 2289 struct hci_conn *conn;
1da177e4 2290
9f1db00c 2291 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
1da177e4
LT		 2292
2293 hci_dev_lock(hdev);
2294
04837f64 2295 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
d7556e20
WR		 2296 if (!conn)
2297 goto unlock;
2298
2299 if (!ev->status) {
aa64a8b5 2300 if (!hci_conn_ssp_enabled(conn) &&
807deac2 2301 test_bit(HCI_CONN_REAUTH_PEND, &conn->flags)) {
d7556e20 2302 BT_INFO("re-auth of legacy device is not possible.");
2a611692 2303 } else {
4dae2798 2304 set_bit(HCI_CONN_AUTH, &conn->flags);
d7556e20 2305 conn->sec_level = conn->pending_sec_level;
2a611692 2306 }
d7556e20 2307 } else {
bab73cb6 2308 mgmt_auth_failed(hdev, &conn->dst, conn->type, conn->dst_type,
04124681 2309 ev->status);
d7556e20 2310 }
1da177e4 2311
51a8efd7
JH		 2312 clear_bit(HCI_CONN_AUTH_PEND, &conn->flags);
2313 clear_bit(HCI_CONN_REAUTH_PEND, &conn->flags);
1da177e4 2314
d7556e20 2315 if (conn->state == BT_CONFIG) {
aa64a8b5 2316 if (!ev->status && hci_conn_ssp_enabled(conn)) {
d7556e20
WR		 2317 struct hci_cp_set_conn_encrypt cp;
2318 cp.handle = ev->handle;
2319 cp.encrypt = 0x01;
2320 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
807deac2 2321 &cp);
052b30b0 2322 } else {
d7556e20
WR		 2323 conn->state = BT_CONNECTED;
2324 hci_proto_connect_cfm(conn, ev->status);
76a68ba0 2325 hci_conn_drop(conn);
052b30b0 2326 }
d7556e20
WR		 2327 } else {
2328 hci_auth_cfm(conn, ev->status);
052b30b0 2329
d7556e20
WR		 2330 hci_conn_hold(conn);
2331 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
76a68ba0 2332 hci_conn_drop(conn);
d7556e20
WR		 2333 }
2334
51a8efd7 2335 if (test_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags)) {
d7556e20
WR		 2336 if (!ev->status) {
2337 struct hci_cp_set_conn_encrypt cp;
2338 cp.handle = ev->handle;
2339 cp.encrypt = 0x01;
2340 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
807deac2 2341 &cp);
d7556e20 2342 } else {
51a8efd7 2343 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
d7556e20 2344 hci_encrypt_cfm(conn, ev->status, 0x00);
1da177e4
LT		 2345 }
2346 }
2347
d7556e20 2348unlock:
1da177e4
LT		 2349 hci_dev_unlock(hdev);
2350}
2351
6039aa73 2352static void hci_remote_name_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 2353{
127178d2
JH		 2354 struct hci_ev_remote_name *ev = (void *) skb->data;
2355 struct hci_conn *conn;
2356
a9de9248 2357 BT_DBG("%s", hdev->name);
1da177e4 2358
a9de9248 2359 hci_conn_check_pending(hdev);
127178d2
JH		 2360
2361 hci_dev_lock(hdev);
2362
b644ba33 2363 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
30dc78e1 2364
b644ba33
JH		 2365 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
2366 goto check_auth;
a88a9652 2367
b644ba33
JH		 2368 if (ev->status == 0)
2369 hci_check_pending_name(hdev, conn, &ev->bdaddr, ev->name,
04124681 2370 strnlen(ev->name, HCI_MAX_NAME_LENGTH));
b644ba33
JH		 2371 else
2372 hci_check_pending_name(hdev, conn, &ev->bdaddr, NULL, 0);
2373
2374check_auth:
79c6c70c
JH		 2375 if (!conn)
2376 goto unlock;
2377
2378 if (!hci_outgoing_auth_needed(hdev, conn))
2379 goto unlock;
2380
51a8efd7 2381 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
127178d2
JH		 2382 struct hci_cp_auth_requested cp;
2383 cp.handle = __cpu_to_le16(conn->handle);
2384 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp);
2385 }
2386
79c6c70c 2387unlock:
127178d2 2388 hci_dev_unlock(hdev);
a9de9248
MH		 2389}
2390
6039aa73 2391static void hci_encrypt_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248
MH		 2392{
2393 struct hci_ev_encrypt_change *ev = (void *) skb->data;
2394 struct hci_conn *conn;
2395
9f1db00c 2396 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
1da177e4
LT		 2397
2398 hci_dev_lock(hdev);
2399
04837f64 2400 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
dc8357cc
MH		 2401 if (!conn)
2402 goto unlock;
1da177e4 2403
dc8357cc
MH		 2404 if (!ev->status) {
2405 if (ev->encrypt) {
2406 /* Encryption implies authentication */
4dae2798
JH		 2407 set_bit(HCI_CONN_AUTH, &conn->flags);
2408 set_bit(HCI_CONN_ENCRYPT, &conn->flags);
dc8357cc 2409 conn->sec_level = conn->pending_sec_level;
abf76bad 2410
914a6ffe
MH		 2411 /* P-256 authentication key implies FIPS */
2412 if (conn->key_type == HCI_LK_AUTH_COMBINATION_P256)
4dae2798 2413 set_bit(HCI_CONN_FIPS, &conn->flags);
914a6ffe 2414
abf76bad
MH		 2415 if ((conn->type == ACL_LINK && ev->encrypt == 0x02) ||
2416 conn->type == LE_LINK)
2417 set_bit(HCI_CONN_AES_CCM, &conn->flags);
2418 } else {
4dae2798 2419 clear_bit(HCI_CONN_ENCRYPT, &conn->flags);
abf76bad
MH		 2420 clear_bit(HCI_CONN_AES_CCM, &conn->flags);
2421 }
dc8357cc 2422 }
a7d7723a 2423
dc8357cc 2424 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
f8558555 2425
dc8357cc
MH		 2426 if (ev->status && conn->state == BT_CONNECTED) {
2427 hci_disconnect(conn, HCI_ERROR_AUTH_FAILURE);
2428 hci_conn_drop(conn);
2429 goto unlock;
1da177e4
LT		 2430 }
2431
dc8357cc
MH		 2432 if (conn->state == BT_CONFIG) {
2433 if (!ev->status)
2434 conn->state = BT_CONNECTED;
2435
40b552aa
MH		 2436 /* In Secure Connections Only mode, do not allow any
2437 * connections that are not encrypted with AES-CCM
2438 * using a P-256 authenticated combination key.
2439 */
2440 if (test_bit(HCI_SC_ONLY, &hdev->dev_flags) &&
2441 (!test_bit(HCI_CONN_AES_CCM, &conn->flags) ||
2442 conn->key_type != HCI_LK_AUTH_COMBINATION_P256)) {
2443 hci_proto_connect_cfm(conn, HCI_ERROR_AUTH_FAILURE);
2444 hci_conn_drop(conn);
2445 goto unlock;
2446 }
2447
dc8357cc
MH		 2448 hci_proto_connect_cfm(conn, ev->status);
2449 hci_conn_drop(conn);
2450 } else
2451 hci_encrypt_cfm(conn, ev->status, ev->encrypt);
2452
a7d7723a 2453unlock:
1da177e4
LT		 2454 hci_dev_unlock(hdev);
2455}
2456
6039aa73
GP		 2457static void hci_change_link_key_complete_evt(struct hci_dev *hdev,
2458 struct sk_buff *skb)
1da177e4 2459{
a9de9248 2460 struct hci_ev_change_link_key_complete *ev = (void *) skb->data;
04837f64 2461 struct hci_conn *conn;
1da177e4 2462
9f1db00c 2463 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
1da177e4
LT		 2464
2465 hci_dev_lock(hdev);
2466
04837f64 2467 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1da177e4
LT		 2468 if (conn) {
2469 if (!ev->status)
4dae2798 2470 set_bit(HCI_CONN_SECURE, &conn->flags);
1da177e4 2471
51a8efd7 2472 clear_bit(HCI_CONN_AUTH_PEND, &conn->flags);
1da177e4
LT		 2473
2474 hci_key_change_cfm(conn, ev->status);
2475 }
2476
2477 hci_dev_unlock(hdev);
2478}
2479
6039aa73
GP		 2480static void hci_remote_features_evt(struct hci_dev *hdev,
2481 struct sk_buff *skb)
1da177e4 2482{
a9de9248
MH		 2483 struct hci_ev_remote_features *ev = (void *) skb->data;
2484 struct hci_conn *conn;
2485
9f1db00c 2486 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
a9de9248 2487
a9de9248
MH		 2488 hci_dev_lock(hdev);
2489
2490 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
ccd556fe
JH		 2491 if (!conn)
2492 goto unlock;
769be974 2493
ccd556fe 2494 if (!ev->status)
cad718ed 2495 memcpy(conn->features[0], ev->features, 8);
ccd556fe
JH		 2496
2497 if (conn->state != BT_CONFIG)
2498 goto unlock;
2499
2500 if (!ev->status && lmp_ssp_capable(hdev) && lmp_ssp_capable(conn)) {
2501 struct hci_cp_read_remote_ext_features cp;
2502 cp.handle = ev->handle;
2503 cp.page = 0x01;
2504 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES,
807deac2 2505 sizeof(cp), &cp);
392599b9
JH		 2506 goto unlock;
2507 }
2508
671267bf 2509 if (!ev->status && !test_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags)) {
127178d2
JH		 2510 struct hci_cp_remote_name_req cp;
2511 memset(&cp, 0, sizeof(cp));
2512 bacpy(&cp.bdaddr, &conn->dst);
2513 cp.pscan_rep_mode = 0x02;
2514 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
b644ba33
JH		 2515 } else if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
2516 mgmt_device_connected(hdev, &conn->dst, conn->type,
04124681
GP		 2517 conn->dst_type, 0, NULL, 0,
2518 conn->dev_class);
392599b9 2519
127178d2 2520 if (!hci_outgoing_auth_needed(hdev, conn)) {
ccd556fe
JH		 2521 conn->state = BT_CONNECTED;
2522 hci_proto_connect_cfm(conn, ev->status);
76a68ba0 2523 hci_conn_drop(conn);
769be974 2524 }
a9de9248 2525
ccd556fe 2526unlock:
a9de9248 2527 hci_dev_unlock(hdev);
1da177e4
LT		 2528}
2529
6039aa73 2530static void hci_cmd_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248
MH		 2531{
2532 struct hci_ev_cmd_complete *ev = (void *) skb->data;
9238f36a 2533 u8 status = skb->data[sizeof(*ev)];
a9de9248
MH		 2534 __u16 opcode;
2535
2536 skb_pull(skb, sizeof(*ev));
2537
2538 opcode = __le16_to_cpu(ev->opcode);
2539
2540 switch (opcode) {
2541 case HCI_OP_INQUIRY_CANCEL:
2542 hci_cc_inquiry_cancel(hdev, skb);
2543 break;
2544
4d93483b
AG		 2545 case HCI_OP_PERIODIC_INQ:
2546 hci_cc_periodic_inq(hdev, skb);
2547 break;
2548
a9de9248
MH		 2549 case HCI_OP_EXIT_PERIODIC_INQ:
2550 hci_cc_exit_periodic_inq(hdev, skb);
2551 break;
2552
2553 case HCI_OP_REMOTE_NAME_REQ_CANCEL:
2554 hci_cc_remote_name_req_cancel(hdev, skb);
2555 break;
2556
2557 case HCI_OP_ROLE_DISCOVERY:
2558 hci_cc_role_discovery(hdev, skb);
2559 break;
2560
e4e8e37c
MH		 2561 case HCI_OP_READ_LINK_POLICY:
2562 hci_cc_read_link_policy(hdev, skb);
2563 break;
2564
a9de9248
MH		 2565 case HCI_OP_WRITE_LINK_POLICY:
2566 hci_cc_write_link_policy(hdev, skb);
2567 break;
2568
e4e8e37c
MH		 2569 case HCI_OP_READ_DEF_LINK_POLICY:
2570 hci_cc_read_def_link_policy(hdev, skb);
2571 break;
2572
2573 case HCI_OP_WRITE_DEF_LINK_POLICY:
2574 hci_cc_write_def_link_policy(hdev, skb);
2575 break;
2576
a9de9248
MH		 2577 case HCI_OP_RESET:
2578 hci_cc_reset(hdev, skb);
2579 break;
2580
2581 case HCI_OP_WRITE_LOCAL_NAME:
2582 hci_cc_write_local_name(hdev, skb);
2583 break;
2584
2585 case HCI_OP_READ_LOCAL_NAME:
2586 hci_cc_read_local_name(hdev, skb);
2587 break;
2588
2589 case HCI_OP_WRITE_AUTH_ENABLE:
2590 hci_cc_write_auth_enable(hdev, skb);
2591 break;
2592
2593 case HCI_OP_WRITE_ENCRYPT_MODE:
2594 hci_cc_write_encrypt_mode(hdev, skb);
2595 break;
2596
2597 case HCI_OP_WRITE_SCAN_ENABLE:
2598 hci_cc_write_scan_enable(hdev, skb);
2599 break;
2600
2601 case HCI_OP_READ_CLASS_OF_DEV:
2602 hci_cc_read_class_of_dev(hdev, skb);
2603 break;
2604
2605 case HCI_OP_WRITE_CLASS_OF_DEV:
2606 hci_cc_write_class_of_dev(hdev, skb);
2607 break;
2608
2609 case HCI_OP_READ_VOICE_SETTING:
2610 hci_cc_read_voice_setting(hdev, skb);
2611 break;
2612
2613 case HCI_OP_WRITE_VOICE_SETTING:
2614 hci_cc_write_voice_setting(hdev, skb);
2615 break;
2616
b4cb9fb2
MH		 2617 case HCI_OP_READ_NUM_SUPPORTED_IAC:
2618 hci_cc_read_num_supported_iac(hdev, skb);
2619 break;
2620
333140b5
MH		 2621 case HCI_OP_WRITE_SSP_MODE:
2622 hci_cc_write_ssp_mode(hdev, skb);
2623 break;
2624
eac83dc6
MH		 2625 case HCI_OP_WRITE_SC_SUPPORT:
2626 hci_cc_write_sc_support(hdev, skb);
2627 break;
2628
a9de9248
MH		 2629 case HCI_OP_READ_LOCAL_VERSION:
2630 hci_cc_read_local_version(hdev, skb);
2631 break;
2632
2633 case HCI_OP_READ_LOCAL_COMMANDS:
2634 hci_cc_read_local_commands(hdev, skb);
2635 break;
2636
2637 case HCI_OP_READ_LOCAL_FEATURES:
2638 hci_cc_read_local_features(hdev, skb);
2639 break;
2640
971e3a4b
AG		 2641 case HCI_OP_READ_LOCAL_EXT_FEATURES:
2642 hci_cc_read_local_ext_features(hdev, skb);
2643 break;
2644
a9de9248
MH		 2645 case HCI_OP_READ_BUFFER_SIZE:
2646 hci_cc_read_buffer_size(hdev, skb);
2647 break;
2648
2649 case HCI_OP_READ_BD_ADDR:
2650 hci_cc_read_bd_addr(hdev, skb);
2651 break;
2652
f332ec66
JH		 2653 case HCI_OP_READ_PAGE_SCAN_ACTIVITY:
2654 hci_cc_read_page_scan_activity(hdev, skb);
2655 break;
2656
4a3ee763
JH		 2657 case HCI_OP_WRITE_PAGE_SCAN_ACTIVITY:
2658 hci_cc_write_page_scan_activity(hdev, skb);
2659 break;
2660
f332ec66
JH		 2661 case HCI_OP_READ_PAGE_SCAN_TYPE:
2662 hci_cc_read_page_scan_type(hdev, skb);
2663 break;
2664
4a3ee763
JH		 2665 case HCI_OP_WRITE_PAGE_SCAN_TYPE:
2666 hci_cc_write_page_scan_type(hdev, skb);
2667 break;
2668
350ee4cf
AE		 2669 case HCI_OP_READ_DATA_BLOCK_SIZE:
2670 hci_cc_read_data_block_size(hdev, skb);
2671 break;
2672
1e89cffb
AE		 2673 case HCI_OP_READ_FLOW_CONTROL_MODE:
2674 hci_cc_read_flow_control_mode(hdev, skb);
2675 break;
2676
928abaa7
AE		 2677 case HCI_OP_READ_LOCAL_AMP_INFO:
2678 hci_cc_read_local_amp_info(hdev, skb);
2679 break;
2680
33f35721
JH		 2681 case HCI_OP_READ_CLOCK:
2682 hci_cc_read_clock(hdev, skb);
2683 break;
2684
903e4541
AE		 2685 case HCI_OP_READ_LOCAL_AMP_ASSOC:
2686 hci_cc_read_local_amp_assoc(hdev, skb);
2687 break;
2688
d5859e22
JH		 2689 case HCI_OP_READ_INQ_RSP_TX_POWER:
2690 hci_cc_read_inq_rsp_tx_power(hdev, skb);
2691 break;
2692
980e1a53
JH		 2693 case HCI_OP_PIN_CODE_REPLY:
2694 hci_cc_pin_code_reply(hdev, skb);
2695 break;
2696
2697 case HCI_OP_PIN_CODE_NEG_REPLY:
2698 hci_cc_pin_code_neg_reply(hdev, skb);
2699 break;
2700
c35938b2 2701 case HCI_OP_READ_LOCAL_OOB_DATA:
4d2d2796
MH		 2702 hci_cc_read_local_oob_data(hdev, skb);
2703 break;
2704
2705 case HCI_OP_READ_LOCAL_OOB_EXT_DATA:
2706 hci_cc_read_local_oob_ext_data(hdev, skb);
c35938b2
SJ		 2707 break;
2708
6ed58ec5
VT		 2709 case HCI_OP_LE_READ_BUFFER_SIZE:
2710 hci_cc_le_read_buffer_size(hdev, skb);
2711 break;
2712
60e77321
JH		 2713 case HCI_OP_LE_READ_LOCAL_FEATURES:
2714 hci_cc_le_read_local_features(hdev, skb);
2715 break;
2716
8fa19098
JH		 2717 case HCI_OP_LE_READ_ADV_TX_POWER:
2718 hci_cc_le_read_adv_tx_power(hdev, skb);
2719 break;
2720
a5c29683
JH		 2721 case HCI_OP_USER_CONFIRM_REPLY:
2722 hci_cc_user_confirm_reply(hdev, skb);
2723 break;
2724
2725 case HCI_OP_USER_CONFIRM_NEG_REPLY:
2726 hci_cc_user_confirm_neg_reply(hdev, skb);
2727 break;
2728
1143d458
BG		 2729 case HCI_OP_USER_PASSKEY_REPLY:
2730 hci_cc_user_passkey_reply(hdev, skb);
2731 break;
2732
2733 case HCI_OP_USER_PASSKEY_NEG_REPLY:
2734 hci_cc_user_passkey_neg_reply(hdev, skb);
16cde993 2735 break;
07f7fa5d 2736
7a4cd51d
MH		 2737 case HCI_OP_LE_SET_RANDOM_ADDR:
2738 hci_cc_le_set_random_addr(hdev, skb);
2739 break;
2740
c1d5dc4a
JH		 2741 case HCI_OP_LE_SET_ADV_ENABLE:
2742 hci_cc_le_set_adv_enable(hdev, skb);
2743 break;
2744
533553f8
MH		 2745 case HCI_OP_LE_SET_SCAN_PARAM:
2746 hci_cc_le_set_scan_param(hdev, skb);
2747 break;
2748
eb9d91f5
AG		 2749 case HCI_OP_LE_SET_SCAN_ENABLE:
2750 hci_cc_le_set_scan_enable(hdev, skb);
2751 break;
2752
cf1d081f
JH		 2753 case HCI_OP_LE_READ_WHITE_LIST_SIZE:
2754 hci_cc_le_read_white_list_size(hdev, skb);
2755 break;
2756
0f36b589
MH		 2757 case HCI_OP_LE_CLEAR_WHITE_LIST:
2758 hci_cc_le_clear_white_list(hdev, skb);
2759 break;
2760
2761 case HCI_OP_LE_ADD_TO_WHITE_LIST:
2762 hci_cc_le_add_to_white_list(hdev, skb);
2763 break;
2764
2765 case HCI_OP_LE_DEL_FROM_WHITE_LIST:
2766 hci_cc_le_del_from_white_list(hdev, skb);
2767 break;
2768
9b008c04
JH		 2769 case HCI_OP_LE_READ_SUPPORTED_STATES:
2770 hci_cc_le_read_supported_states(hdev, skb);
2771 break;
2772
f9b49306
AG		 2773 case HCI_OP_WRITE_LE_HOST_SUPPORTED:
2774 hci_cc_write_le_host_supported(hdev, skb);
2775 break;
2776
56ed2cb8
JH		 2777 case HCI_OP_LE_SET_ADV_PARAM:
2778 hci_cc_set_adv_param(hdev, skb);
2779 break;
2780
93c284ee
AE		 2781 case HCI_OP_WRITE_REMOTE_AMP_ASSOC:
2782 hci_cc_write_remote_amp_assoc(hdev, skb);
2783 break;
2784
5ae76a94
AK		 2785 case HCI_OP_READ_RSSI:
2786 hci_cc_read_rssi(hdev, skb);
2787 break;
2788
5a134fae
AK		 2789 case HCI_OP_READ_TX_POWER:
2790 hci_cc_read_tx_power(hdev, skb);
2791 break;
2792
a9de9248 2793 default:
9f1db00c 2794 BT_DBG("%s opcode 0x%4.4x", hdev->name, opcode);
a9de9248
MH		 2795 break;
2796 }
2797
ad82cdd1 2798 if (opcode != HCI_OP_NOP)
65cc2b49 2799 cancel_delayed_work(&hdev->cmd_timer);
6bd32326 2800
ad82cdd1 2801 hci_req_cmd_complete(hdev, opcode, status);
9238f36a 2802
dbccd791 2803 if (ev->ncmd && !test_bit(HCI_RESET, &hdev->flags)) {
a9de9248
MH		 2804 atomic_set(&hdev->cmd_cnt, 1);
2805 if (!skb_queue_empty(&hdev->cmd_q))
c347b765 2806 queue_work(hdev->workqueue, &hdev->cmd_work);
a9de9248
MH		 2807 }
2808}
2809
6039aa73 2810static void hci_cmd_status_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248
MH		 2811{
2812 struct hci_ev_cmd_status *ev = (void *) skb->data;
2813 __u16 opcode;
2814
2815 skb_pull(skb, sizeof(*ev));
2816
2817 opcode = __le16_to_cpu(ev->opcode);
2818
2819 switch (opcode) {
2820 case HCI_OP_INQUIRY:
2821 hci_cs_inquiry(hdev, ev->status);
2822 break;
2823
2824 case HCI_OP_CREATE_CONN:
2825 hci_cs_create_conn(hdev, ev->status);
2826 break;
2827
2828 case HCI_OP_ADD_SCO:
2829 hci_cs_add_sco(hdev, ev->status);
2830 break;
2831
f8558555
MH		 2832 case HCI_OP_AUTH_REQUESTED:
2833 hci_cs_auth_requested(hdev, ev->status);
2834 break;
2835
2836 case HCI_OP_SET_CONN_ENCRYPT:
2837 hci_cs_set_conn_encrypt(hdev, ev->status);
2838 break;
2839
a9de9248
MH		 2840 case HCI_OP_REMOTE_NAME_REQ:
2841 hci_cs_remote_name_req(hdev, ev->status);
2842 break;
2843
769be974
MH		 2844 case HCI_OP_READ_REMOTE_FEATURES:
2845 hci_cs_read_remote_features(hdev, ev->status);
2846 break;
2847
2848 case HCI_OP_READ_REMOTE_EXT_FEATURES:
2849 hci_cs_read_remote_ext_features(hdev, ev->status);
2850 break;
2851
a9de9248
MH		 2852 case HCI_OP_SETUP_SYNC_CONN:
2853 hci_cs_setup_sync_conn(hdev, ev->status);
2854 break;
2855
2856 case HCI_OP_SNIFF_MODE:
2857 hci_cs_sniff_mode(hdev, ev->status);
2858 break;
2859
2860 case HCI_OP_EXIT_SNIFF_MODE:
2861 hci_cs_exit_sniff_mode(hdev, ev->status);
2862 break;
2863
8962ee74 2864 case HCI_OP_DISCONNECT:
88c3df13 2865 hci_cs_disconnect(hdev, ev->status);
8962ee74
JH		 2866 break;
2867
a02226d6
AE		 2868 case HCI_OP_CREATE_PHY_LINK:
2869 hci_cs_create_phylink(hdev, ev->status);
2870 break;
2871
0b26ab9d
AE		 2872 case HCI_OP_ACCEPT_PHY_LINK:
2873 hci_cs_accept_phylink(hdev, ev->status);
2874 break;
2875
cb1d68f7
JH		 2876 case HCI_OP_LE_CREATE_CONN:
2877 hci_cs_le_create_conn(hdev, ev->status);
2878 break;
2879
81d0c8ad
JH		 2880 case HCI_OP_LE_START_ENC:
2881 hci_cs_le_start_enc(hdev, ev->status);
2882 break;
2883
a9de9248 2884 default:
9f1db00c 2885 BT_DBG("%s opcode 0x%4.4x", hdev->name, opcode);
a9de9248
MH		 2886 break;
2887 }
2888
ad82cdd1 2889 if (opcode != HCI_OP_NOP)
65cc2b49 2890 cancel_delayed_work(&hdev->cmd_timer);
6bd32326 2891
02350a72
JH		 2892 if (ev->status ||
2893 (hdev->sent_cmd && !bt_cb(hdev->sent_cmd)->req.event))
2894 hci_req_cmd_complete(hdev, opcode, ev->status);
9238f36a 2895
10572132 2896 if (ev->ncmd && !test_bit(HCI_RESET, &hdev->flags)) {
a9de9248
MH		 2897 atomic_set(&hdev->cmd_cnt, 1);
2898 if (!skb_queue_empty(&hdev->cmd_q))
c347b765 2899 queue_work(hdev->workqueue, &hdev->cmd_work);
a9de9248
MH		 2900 }
2901}
2902
6039aa73 2903static void hci_role_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248
MH		 2904{
2905 struct hci_ev_role_change *ev = (void *) skb->data;
2906 struct hci_conn *conn;
2907
9f1db00c 2908 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
a9de9248
MH		 2909
2910 hci_dev_lock(hdev);
2911
2912 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2913 if (conn) {
2914 if (!ev->status) {
2915 if (ev->role)
4dae2798 2916 clear_bit(HCI_CONN_MASTER, &conn->flags);
a9de9248 2917 else
4dae2798 2918 set_bit(HCI_CONN_MASTER, &conn->flags);
a9de9248
MH		 2919 }
2920
51a8efd7 2921 clear_bit(HCI_CONN_RSWITCH_PEND, &conn->flags);
a9de9248
MH		 2922
2923 hci_role_switch_cfm(conn, ev->status, ev->role);
2924 }
2925
2926 hci_dev_unlock(hdev);
2927}
2928
6039aa73 2929static void hci_num_comp_pkts_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248
MH		 2930{
2931 struct hci_ev_num_comp_pkts *ev = (void *) skb->data;
a9de9248
MH		 2932 int i;
2933
32ac5b9b
AE		 2934 if (hdev->flow_ctl_mode != HCI_FLOW_CTL_MODE_PACKET_BASED) {
2935 BT_ERR("Wrong event for mode %d", hdev->flow_ctl_mode);
2936 return;
2937 }
2938
c5993de8 2939 if (skb->len < sizeof(*ev) || skb->len < sizeof(*ev) +
807deac2 2940 ev->num_hndl * sizeof(struct hci_comp_pkts_info)) {
a9de9248
MH		 2941 BT_DBG("%s bad parameters", hdev->name);
2942 return;
2943 }
2944
c5993de8
AE		 2945 BT_DBG("%s num_hndl %d", hdev->name, ev->num_hndl);
2946
613a1c0c
AE		 2947 for (i = 0; i < ev->num_hndl; i++) {
2948 struct hci_comp_pkts_info *info = &ev->handles[i];
a9de9248
MH		 2949 struct hci_conn *conn;
2950 __u16 handle, count;
2951
613a1c0c
AE		 2952 handle = __le16_to_cpu(info->handle);
2953 count = __le16_to_cpu(info->count);
a9de9248
MH		 2954
2955 conn = hci_conn_hash_lookup_handle(hdev, handle);
f4280918
AE		 2956 if (!conn)
2957 continue;
2958
2959 conn->sent -= count;
2960
2961 switch (conn->type) {
2962 case ACL_LINK:
2963 hdev->acl_cnt += count;
2964 if (hdev->acl_cnt > hdev->acl_pkts)
2965 hdev->acl_cnt = hdev->acl_pkts;
2966 break;
2967
2968 case LE_LINK:
2969 if (hdev->le_pkts) {
2970 hdev->le_cnt += count;
2971 if (hdev->le_cnt > hdev->le_pkts)
2972 hdev->le_cnt = hdev->le_pkts;
2973 } else {
70f23020
AE		 2974 hdev->acl_cnt += count;
2975 if (hdev->acl_cnt > hdev->acl_pkts)
a9de9248 2976 hdev->acl_cnt = hdev->acl_pkts;
a9de9248 2977 }
f4280918
AE		 2978 break;
2979
2980 case SCO_LINK:
2981 hdev->sco_cnt += count;
2982 if (hdev->sco_cnt > hdev->sco_pkts)
2983 hdev->sco_cnt = hdev->sco_pkts;
2984 break;
2985
2986 default:
2987 BT_ERR("Unknown type %d conn %p", conn->type, conn);
2988 break;
a9de9248
MH		 2989 }
2990 }
2991
3eff45ea 2992 queue_work(hdev->workqueue, &hdev->tx_work);
a9de9248
MH		 2993}
2994
76ef7cf7
AE		 2995static struct hci_conn *__hci_conn_lookup_handle(struct hci_dev *hdev,
2996 __u16 handle)
2997{
2998 struct hci_chan *chan;
2999
3000 switch (hdev->dev_type) {
3001 case HCI_BREDR:
3002 return hci_conn_hash_lookup_handle(hdev, handle);
3003 case HCI_AMP:
3004 chan = hci_chan_lookup_handle(hdev, handle);
3005 if (chan)
3006 return chan->conn;
3007 break;
3008 default:
3009 BT_ERR("%s unknown dev_type %d", hdev->name, hdev->dev_type);
3010 break;
3011 }
3012
3013 return NULL;
3014}
3015
6039aa73 3016static void hci_num_comp_blocks_evt(struct hci_dev *hdev, struct sk_buff *skb)
25e89e99
AE		 3017{
3018 struct hci_ev_num_comp_blocks *ev = (void *) skb->data;
3019 int i;
3020
3021 if (hdev->flow_ctl_mode != HCI_FLOW_CTL_MODE_BLOCK_BASED) {
3022 BT_ERR("Wrong event for mode %d", hdev->flow_ctl_mode);
3023 return;
3024 }
3025
3026 if (skb->len < sizeof(*ev) || skb->len < sizeof(*ev) +
807deac2 3027 ev->num_hndl * sizeof(struct hci_comp_blocks_info)) {
25e89e99
AE		 3028 BT_DBG("%s bad parameters", hdev->name);
3029 return;
3030 }
3031
3032 BT_DBG("%s num_blocks %d num_hndl %d", hdev->name, ev->num_blocks,
807deac2 3033 ev->num_hndl);
25e89e99
AE		 3034
3035 for (i = 0; i < ev->num_hndl; i++) {
3036 struct hci_comp_blocks_info *info = &ev->handles[i];
76ef7cf7 3037 struct hci_conn *conn = NULL;
25e89e99
AE		 3038 __u16 handle, block_count;
3039
3040 handle = __le16_to_cpu(info->handle);
3041 block_count = __le16_to_cpu(info->blocks);
3042
76ef7cf7 3043 conn = __hci_conn_lookup_handle(hdev, handle);
25e89e99
AE		 3044 if (!conn)
3045 continue;
3046
3047 conn->sent -= block_count;
3048
3049 switch (conn->type) {
3050 case ACL_LINK:
bd1eb66b 3051 case AMP_LINK:
25e89e99
AE		 3052 hdev->block_cnt += block_count;
3053 if (hdev->block_cnt > hdev->num_blocks)
3054 hdev->block_cnt = hdev->num_blocks;
3055 break;
3056
3057 default:
3058 BT_ERR("Unknown type %d conn %p", conn->type, conn);
3059 break;
3060 }
3061 }
3062
3063 queue_work(hdev->workqueue, &hdev->tx_work);
3064}
3065
6039aa73 3066static void hci_mode_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
04837f64 3067{
a9de9248 3068 struct hci_ev_mode_change *ev = (void *) skb->data;
04837f64
MH		 3069 struct hci_conn *conn;
3070
9f1db00c 3071 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
04837f64
MH		 3072
3073 hci_dev_lock(hdev);
3074
3075 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
a9de9248
MH		 3076 if (conn) {
3077 conn->mode = ev->mode;
a9de9248 3078
8fc9ced3
GP		 3079 if (!test_and_clear_bit(HCI_CONN_MODE_CHANGE_PEND,
3080 &conn->flags)) {
a9de9248 3081 if (conn->mode == HCI_CM_ACTIVE)
58a681ef 3082 set_bit(HCI_CONN_POWER_SAVE, &conn->flags);
a9de9248 3083 else
58a681ef 3084 clear_bit(HCI_CONN_POWER_SAVE, &conn->flags);
a9de9248 3085 }
e73439d8 3086
51a8efd7 3087 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
e73439d8 3088 hci_sco_setup(conn, ev->status);
04837f64
MH		 3089 }
3090
3091 hci_dev_unlock(hdev);
3092}
3093
6039aa73 3094static void hci_pin_code_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248 3095{
052b30b0
MH		 3096 struct hci_ev_pin_code_req *ev = (void *) skb->data;
3097 struct hci_conn *conn;
3098
a9de9248 3099 BT_DBG("%s", hdev->name);
052b30b0
MH		 3100
3101 hci_dev_lock(hdev);
3102
3103 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
b6f98044
WR		 3104 if (!conn)
3105 goto unlock;
3106
3107 if (conn->state == BT_CONNECTED) {
052b30b0
MH		 3108 hci_conn_hold(conn);
3109 conn->disc_timeout = HCI_PAIRING_TIMEOUT;
76a68ba0 3110 hci_conn_drop(conn);
052b30b0
MH		 3111 }
3112
a8b2d5c2 3113 if (!test_bit(HCI_PAIRABLE, &hdev->dev_flags))
03b555e1 3114 hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
807deac2 3115 sizeof(ev->bdaddr), &ev->bdaddr);
a8b2d5c2 3116 else if (test_bit(HCI_MGMT, &hdev->dev_flags)) {
a770bb5a
WR		 3117 u8 secure;
3118
3119 if (conn->pending_sec_level == BT_SECURITY_HIGH)
3120 secure = 1;
3121 else
3122 secure = 0;
3123
744cf19e 3124 mgmt_pin_code_request(hdev, &ev->bdaddr, secure);
a770bb5a 3125 }
980e1a53 3126
b6f98044 3127unlock:
052b30b0 3128 hci_dev_unlock(hdev);
a9de9248
MH		 3129}
3130
6039aa73 3131static void hci_link_key_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248 3132{
55ed8ca1
JH		 3133 struct hci_ev_link_key_req *ev = (void *) skb->data;
3134 struct hci_cp_link_key_reply cp;
3135 struct hci_conn *conn;
3136 struct link_key *key;
3137
a9de9248 3138 BT_DBG("%s", hdev->name);
55ed8ca1 3139
034cbea0 3140 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
55ed8ca1
JH		 3141 return;
3142
3143 hci_dev_lock(hdev);
3144
3145 key = hci_find_link_key(hdev, &ev->bdaddr);
3146 if (!key) {
6ed93dc6
AE		 3147 BT_DBG("%s link key not found for %pMR", hdev->name,
3148 &ev->bdaddr);
55ed8ca1
JH		 3149 goto not_found;
3150 }
3151
6ed93dc6
AE		 3152 BT_DBG("%s found key type %u for %pMR", hdev->name, key->type,
3153 &ev->bdaddr);
55ed8ca1 3154
55ed8ca1 3155 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
60b83f57 3156 if (conn) {
66138ce8
MH		 3157 if ((key->type == HCI_LK_UNAUTH_COMBINATION_P192 ||
3158 key->type == HCI_LK_UNAUTH_COMBINATION_P256) &&
807deac2 3159 conn->auth_type != 0xff && (conn->auth_type & 0x01)) {
60b83f57
WR		 3160 BT_DBG("%s ignoring unauthenticated key", hdev->name);
3161 goto not_found;
3162 }
55ed8ca1 3163
60b83f57 3164 if (key->type == HCI_LK_COMBINATION && key->pin_len < 16 &&
f3fb0b58
JH		 3165 (conn->pending_sec_level == BT_SECURITY_HIGH ||
3166 conn->pending_sec_level == BT_SECURITY_FIPS)) {
8fc9ced3
GP		 3167 BT_DBG("%s ignoring key unauthenticated for high security",
3168 hdev->name);
60b83f57
WR		 3169 goto not_found;
3170 }
3171
3172 conn->key_type = key->type;
3173 conn->pin_length = key->pin_len;
55ed8ca1
JH		 3174 }
3175
3176 bacpy(&cp.bdaddr, &ev->bdaddr);
9b3b4460 3177 memcpy(cp.link_key, key->val, HCI_LINK_KEY_SIZE);
55ed8ca1
JH		 3178
3179 hci_send_cmd(hdev, HCI_OP_LINK_KEY_REPLY, sizeof(cp), &cp);
3180
3181 hci_dev_unlock(hdev);
3182
3183 return;
3184
3185not_found:
3186 hci_send_cmd(hdev, HCI_OP_LINK_KEY_NEG_REPLY, 6, &ev->bdaddr);
3187 hci_dev_unlock(hdev);
a9de9248
MH		 3188}
3189
6039aa73 3190static void hci_link_key_notify_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248 3191{
052b30b0
MH		 3192 struct hci_ev_link_key_notify *ev = (void *) skb->data;
3193 struct hci_conn *conn;
7652ff6a
JH		 3194 struct link_key *key;
3195 bool persistent;
55ed8ca1 3196 u8 pin_len = 0;
052b30b0 3197
a9de9248 3198 BT_DBG("%s", hdev->name);
052b30b0
MH		 3199
3200 hci_dev_lock(hdev);
3201
3202 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3203 if (conn) {
3204 hci_conn_hold(conn);
3205 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
980e1a53 3206 pin_len = conn->pin_length;
13d39315
WR		 3207
3208 if (ev->key_type != HCI_LK_CHANGED_COMBINATION)
3209 conn->key_type = ev->key_type;
3210
76a68ba0 3211 hci_conn_drop(conn);
052b30b0
MH		 3212 }
3213
7652ff6a
JH		 3214 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
3215 goto unlock;
3216
3217 key = hci_add_link_key(hdev, conn, &ev->bdaddr, ev->link_key,
3218 ev->key_type, pin_len, &persistent);
3219 if (!key)
3220 goto unlock;
3221
3222 mgmt_new_link_key(hdev, key, persistent);
55ed8ca1 3223
6d5650c4
JH		 3224 /* Keep debug keys around only if the HCI_KEEP_DEBUG_KEYS flag
3225 * is set. If it's not set simply remove the key from the kernel
3226 * list (we've still notified user space about it but with
3227 * store_hint being 0).
3228 */
3229 if (key->type == HCI_LK_DEBUG_COMBINATION &&
3230 !test_bit(HCI_KEEP_DEBUG_KEYS, &hdev->dev_flags)) {
3231 list_del(&key->list);
3232 kfree(key);
3233 } else if (conn) {
af6a9c32
JH		 3234 if (persistent)
3235 clear_bit(HCI_CONN_FLUSH_KEY, &conn->flags);
3236 else
3237 set_bit(HCI_CONN_FLUSH_KEY, &conn->flags);
6d5650c4 3238 }
7652ff6a
JH		 3239
3240unlock:
052b30b0 3241 hci_dev_unlock(hdev);
a9de9248
MH		 3242}
3243
6039aa73 3244static void hci_clock_offset_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 3245{
a9de9248 3246 struct hci_ev_clock_offset *ev = (void *) skb->data;
04837f64 3247 struct hci_conn *conn;
1da177e4 3248
9f1db00c 3249 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
1da177e4
LT		 3250
3251 hci_dev_lock(hdev);
3252
04837f64 3253 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1da177e4
LT		 3254 if (conn && !ev->status) {
3255 struct inquiry_entry *ie;
3256
cc11b9c1
AE		 3257 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
3258 if (ie) {
1da177e4
LT		 3259 ie->data.clock_offset = ev->clock_offset;
3260 ie->timestamp = jiffies;
3261 }
3262 }
3263
3264 hci_dev_unlock(hdev);
3265}
3266
6039aa73 3267static void hci_pkt_type_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
a8746417
MH		 3268{
3269 struct hci_ev_pkt_type_change *ev = (void *) skb->data;
3270 struct hci_conn *conn;
3271
9f1db00c 3272 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
a8746417
MH		 3273
3274 hci_dev_lock(hdev);
3275
3276 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
3277 if (conn && !ev->status)
3278 conn->pkt_type = __le16_to_cpu(ev->pkt_type);
3279
3280 hci_dev_unlock(hdev);
3281}
3282
6039aa73 3283static void hci_pscan_rep_mode_evt(struct hci_dev *hdev, struct sk_buff *skb)
85a1e930 3284{
a9de9248 3285 struct hci_ev_pscan_rep_mode *ev = (void *) skb->data;
85a1e930
MH		 3286 struct inquiry_entry *ie;
3287
3288 BT_DBG("%s", hdev->name);
3289
3290 hci_dev_lock(hdev);
3291
cc11b9c1
AE		 3292 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
3293 if (ie) {
85a1e930
MH		 3294 ie->data.pscan_rep_mode = ev->pscan_rep_mode;
3295 ie->timestamp = jiffies;
3296 }
3297
3298 hci_dev_unlock(hdev);
3299}
3300
6039aa73
GP		 3301static void hci_inquiry_result_with_rssi_evt(struct hci_dev *hdev,
3302 struct sk_buff *skb)
a9de9248
MH		 3303{
3304 struct inquiry_data data;
3305 int num_rsp = *((__u8 *) skb->data);
3306
3307 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
3308
3309 if (!num_rsp)
3310 return;
3311
1519cc17
AG		 3312 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags))
3313 return;
3314
a9de9248
MH		 3315 hci_dev_lock(hdev);
3316
3317 if ((skb->len - 1) / num_rsp != sizeof(struct inquiry_info_with_rssi)) {
138d22ef
SJ		 3318 struct inquiry_info_with_rssi_and_pscan_mode *info;
3319 info = (void *) (skb->data + 1);
a9de9248 3320
e17acd40 3321 for (; num_rsp; num_rsp--, info++) {
af58925c
MH		 3322 u32 flags;
3323
a9de9248
MH		 3324 bacpy(&data.bdaddr, &info->bdaddr);
3325 data.pscan_rep_mode = info->pscan_rep_mode;
3326 data.pscan_period_mode = info->pscan_period_mode;
3327 data.pscan_mode = info->pscan_mode;
3328 memcpy(data.dev_class, info->dev_class, 3);
3329 data.clock_offset = info->clock_offset;
3330 data.rssi = info->rssi;
41a96212 3331 data.ssp_mode = 0x00;
3175405b 3332
af58925c
MH		 3333 flags = hci_inquiry_cache_update(hdev, &data, false);
3334
48264f06 3335 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
04124681 3336 info->dev_class, info->rssi,
af58925c 3337 flags, NULL, 0, NULL, 0);
a9de9248
MH		 3338 }
3339 } else {
3340 struct inquiry_info_with_rssi *info = (void *) (skb->data + 1);
3341
e17acd40 3342 for (; num_rsp; num_rsp--, info++) {
af58925c
MH		 3343 u32 flags;
3344
a9de9248
MH		 3345 bacpy(&data.bdaddr, &info->bdaddr);
3346 data.pscan_rep_mode = info->pscan_rep_mode;
3347 data.pscan_period_mode = info->pscan_period_mode;
3348 data.pscan_mode = 0x00;
3349 memcpy(data.dev_class, info->dev_class, 3);
3350 data.clock_offset = info->clock_offset;
3351 data.rssi = info->rssi;
41a96212 3352 data.ssp_mode = 0x00;
af58925c
MH		 3353
3354 flags = hci_inquiry_cache_update(hdev, &data, false);
3355
48264f06 3356 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
04124681 3357 info->dev_class, info->rssi,
af58925c 3358 flags, NULL, 0, NULL, 0);
a9de9248
MH		 3359 }
3360 }
3361
3362 hci_dev_unlock(hdev);
3363}
3364
6039aa73
GP		 3365static void hci_remote_ext_features_evt(struct hci_dev *hdev,
3366 struct sk_buff *skb)
a9de9248 3367{
41a96212
MH		 3368 struct hci_ev_remote_ext_features *ev = (void *) skb->data;
3369 struct hci_conn *conn;
3370
a9de9248 3371 BT_DBG("%s", hdev->name);
41a96212 3372
41a96212
MH		 3373 hci_dev_lock(hdev);
3374
3375 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
ccd556fe
JH		 3376 if (!conn)
3377 goto unlock;
41a96212 3378
cad718ed
JH		 3379 if (ev->page < HCI_MAX_PAGES)
3380 memcpy(conn->features[ev->page], ev->features, 8);
3381
ccd556fe
JH		 3382 if (!ev->status && ev->page == 0x01) {
3383 struct inquiry_entry *ie;
41a96212 3384
cc11b9c1
AE		 3385 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
3386 if (ie)
02b7cc62 3387 ie->data.ssp_mode = (ev->features[0] & LMP_HOST_SSP);
769be974 3388
bbb0eada 3389 if (ev->features[0] & LMP_HOST_SSP) {
58a681ef 3390 set_bit(HCI_CONN_SSP_ENABLED, &conn->flags);
bbb0eada
JK		 3391 } else {
3392 /* It is mandatory by the Bluetooth specification that
3393 * Extended Inquiry Results are only used when Secure
3394 * Simple Pairing is enabled, but some devices violate
3395 * this.
3396 *
3397 * To make these devices work, the internal SSP
3398 * enabled flag needs to be cleared if the remote host
3399 * features do not indicate SSP support */
3400 clear_bit(HCI_CONN_SSP_ENABLED, &conn->flags);
3401 }
eb9a8f3f
MH		 3402
3403 if (ev->features[0] & LMP_HOST_SC)
3404 set_bit(HCI_CONN_SC_ENABLED, &conn->flags);
ccd556fe
JH		 3405 }
3406
3407 if (conn->state != BT_CONFIG)
3408 goto unlock;
3409
671267bf 3410 if (!ev->status && !test_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags)) {
127178d2
JH		 3411 struct hci_cp_remote_name_req cp;
3412 memset(&cp, 0, sizeof(cp));
3413 bacpy(&cp.bdaddr, &conn->dst);
3414 cp.pscan_rep_mode = 0x02;
3415 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
b644ba33
JH		 3416 } else if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
3417 mgmt_device_connected(hdev, &conn->dst, conn->type,
04124681
GP		 3418 conn->dst_type, 0, NULL, 0,
3419 conn->dev_class);
392599b9 3420
127178d2 3421 if (!hci_outgoing_auth_needed(hdev, conn)) {
ccd556fe
JH		 3422 conn->state = BT_CONNECTED;
3423 hci_proto_connect_cfm(conn, ev->status);
76a68ba0 3424 hci_conn_drop(conn);
41a96212
MH		 3425 }
3426
ccd556fe 3427unlock:
41a96212 3428 hci_dev_unlock(hdev);
a9de9248
MH		 3429}
3430
6039aa73
GP		 3431static void hci_sync_conn_complete_evt(struct hci_dev *hdev,
3432 struct sk_buff *skb)
a9de9248 3433{
b6a0dc82
MH		 3434 struct hci_ev_sync_conn_complete *ev = (void *) skb->data;
3435 struct hci_conn *conn;
3436
9f1db00c 3437 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
b6a0dc82
MH		 3438
3439 hci_dev_lock(hdev);
3440
3441 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
9dc0a3af
MH		 3442 if (!conn) {
3443 if (ev->link_type == ESCO_LINK)
3444 goto unlock;
3445
3446 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
3447 if (!conn)
3448 goto unlock;
3449
3450 conn->type = SCO_LINK;
3451 }
b6a0dc82 3452
732547f9
MH		 3453 switch (ev->status) {
3454 case 0x00:
b6a0dc82
MH		 3455 conn->handle = __le16_to_cpu(ev->handle);
3456 conn->state = BT_CONNECTED;
7d0db0a3
MH		 3457
3458 hci_conn_add_sysfs(conn);
732547f9
MH		 3459 break;
3460
81218d20 3461 case 0x10: /* Connection Accept Timeout */
1a4c958c 3462 case 0x0d: /* Connection Rejected due to Limited Resources */
705e5711 3463 case 0x11: /* Unsupported Feature or Parameter Value */
732547f9 3464 case 0x1c: /* SCO interval rejected */
1038a00b 3465 case 0x1a: /* Unsupported Remote Feature */
732547f9 3466 case 0x1f: /* Unspecified error */
27539bc4 3467 case 0x20: /* Unsupported LMP Parameter value */
2dea632f 3468 if (conn->out) {
732547f9
MH		 3469 conn->pkt_type = (hdev->esco_type & SCO_ESCO_MASK) |
3470 (hdev->esco_type & EDR_ESCO_MASK);
2dea632f
FD		 3471 if (hci_setup_sync(conn, conn->link->handle))
3472 goto unlock;
732547f9
MH		 3473 }
3474 /* fall through */
3475
3476 default:
b6a0dc82 3477 conn->state = BT_CLOSED;
732547f9
MH		 3478 break;
3479 }
b6a0dc82
MH		 3480
3481 hci_proto_connect_cfm(conn, ev->status);
3482 if (ev->status)
3483 hci_conn_del(conn);
3484
3485unlock:
3486 hci_dev_unlock(hdev);
a9de9248
MH		 3487}
3488
efdcf8e3
MH		 3489static inline size_t eir_get_length(u8 *eir, size_t eir_len)
3490{
3491 size_t parsed = 0;
3492
3493 while (parsed < eir_len) {
3494 u8 field_len = eir[0];
3495
3496 if (field_len == 0)
3497 return parsed;
3498
3499 parsed += field_len + 1;
3500 eir += field_len + 1;
3501 }
3502
3503 return eir_len;
3504}
3505
6039aa73
GP		 3506static void hci_extended_inquiry_result_evt(struct hci_dev *hdev,
3507 struct sk_buff *skb)
1da177e4 3508{
a9de9248
MH		 3509 struct inquiry_data data;
3510 struct extended_inquiry_info *info = (void *) (skb->data + 1);
3511 int num_rsp = *((__u8 *) skb->data);
9d939d94 3512 size_t eir_len;
1da177e4 3513
a9de9248 3514 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
1da177e4 3515
a9de9248
MH		 3516 if (!num_rsp)
3517 return;
1da177e4 3518
1519cc17
AG		 3519 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags))
3520 return;
3521
a9de9248
MH		 3522 hci_dev_lock(hdev);
3523
e17acd40 3524 for (; num_rsp; num_rsp--, info++) {
af58925c
MH		 3525 u32 flags;
3526 bool name_known;
561aafbc 3527
a9de9248 3528 bacpy(&data.bdaddr, &info->bdaddr);
138d22ef
SJ		 3529 data.pscan_rep_mode = info->pscan_rep_mode;
3530 data.pscan_period_mode = info->pscan_period_mode;
3531 data.pscan_mode = 0x00;
a9de9248 3532 memcpy(data.dev_class, info->dev_class, 3);
138d22ef
SJ		 3533 data.clock_offset = info->clock_offset;
3534 data.rssi = info->rssi;
41a96212 3535 data.ssp_mode = 0x01;
561aafbc 3536
a8b2d5c2 3537 if (test_bit(HCI_MGMT, &hdev->dev_flags))
4ddb1930 3538 name_known = eir_has_data_type(info->data,
04124681
GP		 3539 sizeof(info->data),
3540 EIR_NAME_COMPLETE);
561aafbc
JH		 3541 else
3542 name_known = true;
3543
af58925c
MH		 3544 flags = hci_inquiry_cache_update(hdev, &data, name_known);
3545
9d939d94 3546 eir_len = eir_get_length(info->data, sizeof(info->data));
af58925c 3547
48264f06 3548 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
af58925c
MH		 3549 info->dev_class, info->rssi,
3550 flags, info->data, eir_len, NULL, 0);
a9de9248
MH		 3551 }
3552
3553 hci_dev_unlock(hdev);
3554}
1da177e4 3555
1c2e0041
JH		 3556static void hci_key_refresh_complete_evt(struct hci_dev *hdev,
3557 struct sk_buff *skb)
3558{
3559 struct hci_ev_key_refresh_complete *ev = (void *) skb->data;
3560 struct hci_conn *conn;
3561
9f1db00c 3562 BT_DBG("%s status 0x%2.2x handle 0x%4.4x", hdev->name, ev->status,
1c2e0041
JH		 3563 __le16_to_cpu(ev->handle));
3564
3565 hci_dev_lock(hdev);
3566
3567 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
3568 if (!conn)
3569 goto unlock;
3570
9eb1fbfa
JH		 3571 /* For BR/EDR the necessary steps are taken through the
3572 * auth_complete event.
3573 */
3574 if (conn->type != LE_LINK)
3575 goto unlock;
3576
1c2e0041
JH		 3577 if (!ev->status)
3578 conn->sec_level = conn->pending_sec_level;
3579
3580 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
3581
3582 if (ev->status && conn->state == BT_CONNECTED) {
bed71748 3583 hci_disconnect(conn, HCI_ERROR_AUTH_FAILURE);
76a68ba0 3584 hci_conn_drop(conn);
1c2e0041
JH		 3585 goto unlock;
3586 }
3587
3588 if (conn->state == BT_CONFIG) {
3589 if (!ev->status)
3590 conn->state = BT_CONNECTED;
3591
3592 hci_proto_connect_cfm(conn, ev->status);
76a68ba0 3593 hci_conn_drop(conn);
1c2e0041
JH		 3594 } else {
3595 hci_auth_cfm(conn, ev->status);
3596
3597 hci_conn_hold(conn);
3598 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
76a68ba0 3599 hci_conn_drop(conn);
1c2e0041
JH		 3600 }
3601
3602unlock:
3603 hci_dev_unlock(hdev);
3604}
3605
6039aa73 3606static u8 hci_get_auth_req(struct hci_conn *conn)
17fa4b9d 3607{
17fa4b9d 3608 /* If remote requests no-bonding follow that lead */
acabae96
MA		 3609 if (conn->remote_auth == HCI_AT_NO_BONDING ||
3610 conn->remote_auth == HCI_AT_NO_BONDING_MITM)
58797bf7 3611 return conn->remote_auth | (conn->auth_type & 0x01);
17fa4b9d 3612
b7f94c88
MA		 3613 /* If both remote and local have enough IO capabilities, require
3614 * MITM protection
3615 */
3616 if (conn->remote_cap != HCI_IO_NO_INPUT_OUTPUT &&
3617 conn->io_capability != HCI_IO_NO_INPUT_OUTPUT)
3618 return conn->remote_auth | 0x01;
3619
7e74170a
TM		 3620 /* No MITM protection possible so ignore remote requirement */
3621 return (conn->remote_auth & ~0x01) | (conn->auth_type & 0x01);
17fa4b9d
JH		 3622}
3623
6039aa73 3624static void hci_io_capa_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
0493684e
MH		 3625{
3626 struct hci_ev_io_capa_request *ev = (void *) skb->data;
3627 struct hci_conn *conn;
3628
3629 BT_DBG("%s", hdev->name);
3630
3631 hci_dev_lock(hdev);
3632
3633 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
03b555e1
JH		 3634 if (!conn)
3635 goto unlock;
3636
3637 hci_conn_hold(conn);
3638
a8b2d5c2 3639 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
03b555e1
JH		 3640 goto unlock;
3641
a8b2d5c2 3642 if (test_bit(HCI_PAIRABLE, &hdev->dev_flags) ||
807deac2 3643 (conn->remote_auth & ~0x01) == HCI_AT_NO_BONDING) {
17fa4b9d
JH		 3644 struct hci_cp_io_capability_reply cp;
3645
3646 bacpy(&cp.bdaddr, &ev->bdaddr);
7a7f1e7c
HG		 3647 /* Change the IO capability from KeyboardDisplay
3648 * to DisplayYesNo as it is not supported by BT spec. */
3649 cp.capability = (conn->io_capability == 0x04) ?
a767631a 3650 HCI_IO_DISPLAY_YESNO : conn->io_capability;
b7f94c88
MA		 3651
3652 /* If we are initiators, there is no remote information yet */
3653 if (conn->remote_auth == 0xff) {
3654 cp.authentication = conn->auth_type;
6fd6b915 3655
b16c6604 3656 /* Request MITM protection if our IO caps allow it
4ad51a75
JH		 3657 * except for the no-bonding case.
3658 * conn->auth_type is not updated here since
3659 * that might cause the user confirmation to be
3660 * rejected in case the remote doesn't have the
3661 * IO capabilities for MITM.
b16c6604 3662 */
6fd6b915 3663 if (conn->io_capability != HCI_IO_NO_INPUT_OUTPUT &&
b16c6604 3664 cp.authentication != HCI_AT_NO_BONDING)
6fd6b915 3665 cp.authentication |= 0x01;
b7f94c88
MA		 3666 } else {
3667 conn->auth_type = hci_get_auth_req(conn);
3668 cp.authentication = conn->auth_type;
3669 }
17fa4b9d 3670
8fc9ced3
GP		 3671 if (hci_find_remote_oob_data(hdev, &conn->dst) &&
3672 (conn->out || test_bit(HCI_CONN_REMOTE_OOB, &conn->flags)))
ce85ee13
SJ		 3673 cp.oob_data = 0x01;
3674 else
3675 cp.oob_data = 0x00;
3676
17fa4b9d 3677 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_REPLY,
807deac2 3678 sizeof(cp), &cp);
03b555e1
JH		 3679 } else {
3680 struct hci_cp_io_capability_neg_reply cp;
3681
3682 bacpy(&cp.bdaddr, &ev->bdaddr);
9f5a0d7b 3683 cp.reason = HCI_ERROR_PAIRING_NOT_ALLOWED;
0493684e 3684
03b555e1 3685 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_NEG_REPLY,
807deac2 3686 sizeof(cp), &cp);
03b555e1
JH		 3687 }
3688
3689unlock:
3690 hci_dev_unlock(hdev);
3691}
3692
6039aa73 3693static void hci_io_capa_reply_evt(struct hci_dev *hdev, struct sk_buff *skb)
03b555e1
JH		 3694{
3695 struct hci_ev_io_capa_reply *ev = (void *) skb->data;
3696 struct hci_conn *conn;
3697
3698 BT_DBG("%s", hdev->name);
3699
3700 hci_dev_lock(hdev);
3701
3702 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3703 if (!conn)
3704 goto unlock;
3705
03b555e1 3706 conn->remote_cap = ev->capability;
03b555e1 3707 conn->remote_auth = ev->authentication;
58a681ef
JH		 3708 if (ev->oob_data)
3709 set_bit(HCI_CONN_REMOTE_OOB, &conn->flags);
03b555e1
JH		 3710
3711unlock:
0493684e
MH		 3712 hci_dev_unlock(hdev);
3713}
3714
6039aa73
GP		 3715static void hci_user_confirm_request_evt(struct hci_dev *hdev,
3716 struct sk_buff *skb)
a5c29683
JH		 3717{
3718 struct hci_ev_user_confirm_req *ev = (void *) skb->data;
55bc1a37 3719 int loc_mitm, rem_mitm, confirm_hint = 0;
7a828908 3720 struct hci_conn *conn;
a5c29683
JH		 3721
3722 BT_DBG("%s", hdev->name);
3723
3724 hci_dev_lock(hdev);
3725
a8b2d5c2 3726 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
7a828908 3727 goto unlock;
a5c29683 3728
7a828908
JH		 3729 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3730 if (!conn)
3731 goto unlock;
3732
3733 loc_mitm = (conn->auth_type & 0x01);
3734 rem_mitm = (conn->remote_auth & 0x01);
3735
3736 /* If we require MITM but the remote device can't provide that
6fd6b915
MA		 3737 * (it has NoInputNoOutput) then reject the confirmation request
3738 */
3739 if (loc_mitm && conn->remote_cap == HCI_IO_NO_INPUT_OUTPUT) {
7a828908
JH		 3740 BT_DBG("Rejecting request: remote device can't provide MITM");
3741 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_NEG_REPLY,
807deac2 3742 sizeof(ev->bdaddr), &ev->bdaddr);
7a828908
JH		 3743 goto unlock;
3744 }
3745
3746 /* If no side requires MITM protection; auto-accept */
a767631a
MA		 3747 if ((!loc_mitm || conn->remote_cap == HCI_IO_NO_INPUT_OUTPUT) &&
3748 (!rem_mitm || conn->io_capability == HCI_IO_NO_INPUT_OUTPUT)) {
55bc1a37
JH		 3749
3750 /* If we're not the initiators request authorization to
3751 * proceed from user space (mgmt_user_confirm with
ba15a58b
JH		 3752 * confirm_hint set to 1). The exception is if neither
3753 * side had MITM in which case we do auto-accept.
3754 */
3755 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->flags) &&
3756 (loc_mitm || rem_mitm)) {
55bc1a37
JH		 3757 BT_DBG("Confirming auto-accept as acceptor");
3758 confirm_hint = 1;
3759 goto confirm;
3760 }
3761
9f61656a 3762 BT_DBG("Auto-accept of user confirmation with %ums delay",
807deac2 3763 hdev->auto_accept_delay);
9f61656a
JH		 3764
3765 if (hdev->auto_accept_delay > 0) {
3766 int delay = msecs_to_jiffies(hdev->auto_accept_delay);
7bc18d9d
JH		 3767 queue_delayed_work(conn->hdev->workqueue,
3768 &conn->auto_accept_work, delay);
9f61656a
JH		 3769 goto unlock;
3770 }
3771
7a828908 3772 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_REPLY,
807deac2 3773 sizeof(ev->bdaddr), &ev->bdaddr);
7a828908
JH		 3774 goto unlock;
3775 }
3776
55bc1a37 3777confirm:
39adbffe
JH		 3778 mgmt_user_confirm_request(hdev, &ev->bdaddr, ACL_LINK, 0,
3779 le32_to_cpu(ev->passkey), confirm_hint);
7a828908
JH		 3780
3781unlock:
a5c29683
JH		 3782 hci_dev_unlock(hdev);
3783}
3784
6039aa73
GP		 3785static void hci_user_passkey_request_evt(struct hci_dev *hdev,
3786 struct sk_buff *skb)
1143d458
BG		 3787{
3788 struct hci_ev_user_passkey_req *ev = (void *) skb->data;
3789
3790 BT_DBG("%s", hdev->name);
3791
a8b2d5c2 3792 if (test_bit(HCI_MGMT, &hdev->dev_flags))
272d90df 3793 mgmt_user_passkey_request(hdev, &ev->bdaddr, ACL_LINK, 0);
1143d458
BG		 3794}
3795
92a25256
JH		 3796static void hci_user_passkey_notify_evt(struct hci_dev *hdev,
3797 struct sk_buff *skb)
3798{
3799 struct hci_ev_user_passkey_notify *ev = (void *) skb->data;
3800 struct hci_conn *conn;
3801
3802 BT_DBG("%s", hdev->name);
3803
3804 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3805 if (!conn)
3806 return;
3807
3808 conn->passkey_notify = __le32_to_cpu(ev->passkey);
3809 conn->passkey_entered = 0;
3810
3811 if (test_bit(HCI_MGMT, &hdev->dev_flags))
3812 mgmt_user_passkey_notify(hdev, &conn->dst, conn->type,
3813 conn->dst_type, conn->passkey_notify,
3814 conn->passkey_entered);
3815}
3816
3817static void hci_keypress_notify_evt(struct hci_dev *hdev, struct sk_buff *skb)
3818{
3819 struct hci_ev_keypress_notify *ev = (void *) skb->data;
3820 struct hci_conn *conn;
3821
3822 BT_DBG("%s", hdev->name);
3823
3824 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3825 if (!conn)
3826 return;
3827
3828 switch (ev->type) {
3829 case HCI_KEYPRESS_STARTED:
3830 conn->passkey_entered = 0;
3831 return;
3832
3833 case HCI_KEYPRESS_ENTERED:
3834 conn->passkey_entered++;
3835 break;
3836
3837 case HCI_KEYPRESS_ERASED:
3838 conn->passkey_entered--;
3839 break;
3840
3841 case HCI_KEYPRESS_CLEARED:
3842 conn->passkey_entered = 0;
3843 break;
3844
3845 case HCI_KEYPRESS_COMPLETED:
3846 return;
3847 }
3848
3849 if (test_bit(HCI_MGMT, &hdev->dev_flags))
3850 mgmt_user_passkey_notify(hdev, &conn->dst, conn->type,
3851 conn->dst_type, conn->passkey_notify,
3852 conn->passkey_entered);
3853}
3854
6039aa73
GP		 3855static void hci_simple_pair_complete_evt(struct hci_dev *hdev,
3856 struct sk_buff *skb)
0493684e
MH		 3857{
3858 struct hci_ev_simple_pair_complete *ev = (void *) skb->data;
3859 struct hci_conn *conn;
3860
3861 BT_DBG("%s", hdev->name);
3862
3863 hci_dev_lock(hdev);
3864
3865 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2a611692
JH		 3866 if (!conn)
3867 goto unlock;
3868
3869 /* To avoid duplicate auth_failed events to user space we check
3870 * the HCI_CONN_AUTH_PEND flag which will be set if we
3871 * initiated the authentication. A traditional auth_complete
3872 * event gets always produced as initiator and is also mapped to
3873 * the mgmt_auth_failed event */
fa1bd918 3874 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->flags) && ev->status)
bab73cb6 3875 mgmt_auth_failed(hdev, &conn->dst, conn->type, conn->dst_type,
04124681 3876 ev->status);
0493684e 3877
76a68ba0 3878 hci_conn_drop(conn);
2a611692
JH		 3879
3880unlock:
0493684e
MH		 3881 hci_dev_unlock(hdev);
3882}
3883
6039aa73
GP		 3884static void hci_remote_host_features_evt(struct hci_dev *hdev,
3885 struct sk_buff *skb)
41a96212
MH		 3886{
3887 struct hci_ev_remote_host_features *ev = (void *) skb->data;
3888 struct inquiry_entry *ie;
cad718ed 3889 struct hci_conn *conn;
41a96212
MH		 3890
3891 BT_DBG("%s", hdev->name);
3892
3893 hci_dev_lock(hdev);
3894
cad718ed
JH		 3895 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3896 if (conn)
3897 memcpy(conn->features[1], ev->features, 8);
3898
cc11b9c1
AE		 3899 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
3900 if (ie)
02b7cc62 3901 ie->data.ssp_mode = (ev->features[0] & LMP_HOST_SSP);
41a96212
MH		 3902
3903 hci_dev_unlock(hdev);
3904}
3905
6039aa73
GP		 3906static void hci_remote_oob_data_request_evt(struct hci_dev *hdev,
3907 struct sk_buff *skb)
2763eda6
SJ		 3908{
3909 struct hci_ev_remote_oob_data_request *ev = (void *) skb->data;
3910 struct oob_data *data;
3911
3912 BT_DBG("%s", hdev->name);
3913
3914 hci_dev_lock(hdev);
3915
a8b2d5c2 3916 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
e1ba1f15
SJ		 3917 goto unlock;
3918
2763eda6
SJ		 3919 data = hci_find_remote_oob_data(hdev, &ev->bdaddr);
3920 if (data) {
519ca9d0
MH		 3921 if (test_bit(HCI_SC_ENABLED, &hdev->dev_flags)) {
3922 struct hci_cp_remote_oob_ext_data_reply cp;
2763eda6 3923
519ca9d0
MH		 3924 bacpy(&cp.bdaddr, &ev->bdaddr);
3925 memcpy(cp.hash192, data->hash192, sizeof(cp.hash192));
3926 memcpy(cp.randomizer192, data->randomizer192,
3927 sizeof(cp.randomizer192));
3928 memcpy(cp.hash256, data->hash256, sizeof(cp.hash256));
3929 memcpy(cp.randomizer256, data->randomizer256,
3930 sizeof(cp.randomizer256));
3931
3932 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_EXT_DATA_REPLY,
3933 sizeof(cp), &cp);
3934 } else {
3935 struct hci_cp_remote_oob_data_reply cp;
2763eda6 3936
519ca9d0
MH		 3937 bacpy(&cp.bdaddr, &ev->bdaddr);
3938 memcpy(cp.hash, data->hash192, sizeof(cp.hash));
3939 memcpy(cp.randomizer, data->randomizer192,
3940 sizeof(cp.randomizer));
3941
3942 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_REPLY,
3943 sizeof(cp), &cp);
3944 }
2763eda6
SJ		 3945 } else {
3946 struct hci_cp_remote_oob_data_neg_reply cp;
3947
3948 bacpy(&cp.bdaddr, &ev->bdaddr);
519ca9d0
MH		 3949 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_NEG_REPLY,
3950 sizeof(cp), &cp);
2763eda6
SJ		 3951 }
3952
e1ba1f15 3953unlock:
2763eda6
SJ		 3954 hci_dev_unlock(hdev);
3955}
3956
d5e91192
AE		 3957static void hci_phy_link_complete_evt(struct hci_dev *hdev,
3958 struct sk_buff *skb)
3959{
3960 struct hci_ev_phy_link_complete *ev = (void *) skb->data;
3961 struct hci_conn *hcon, *bredr_hcon;
3962
3963 BT_DBG("%s handle 0x%2.2x status 0x%2.2x", hdev->name, ev->phy_handle,
3964 ev->status);
3965
3966 hci_dev_lock(hdev);
3967
3968 hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
3969 if (!hcon) {
3970 hci_dev_unlock(hdev);
3971 return;
3972 }
3973
3974 if (ev->status) {
3975 hci_conn_del(hcon);
3976 hci_dev_unlock(hdev);
3977 return;
3978 }
3979
3980 bredr_hcon = hcon->amp_mgr->l2cap_conn->hcon;
3981
3982 hcon->state = BT_CONNECTED;
3983 bacpy(&hcon->dst, &bredr_hcon->dst);
3984
3985 hci_conn_hold(hcon);
3986 hcon->disc_timeout = HCI_DISCONN_TIMEOUT;
76a68ba0 3987 hci_conn_drop(hcon);
d5e91192 3988
d5e91192
AE		 3989 hci_conn_add_sysfs(hcon);
3990
cf70ff22 3991 amp_physical_cfm(bredr_hcon, hcon);
d5e91192 3992
cf70ff22 3993 hci_dev_unlock(hdev);
d5e91192
AE		 3994}
3995
27695fb4
AE		 3996static void hci_loglink_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
3997{
3998 struct hci_ev_logical_link_complete *ev = (void *) skb->data;
3999 struct hci_conn *hcon;
4000 struct hci_chan *hchan;
4001 struct amp_mgr *mgr;
4002
4003 BT_DBG("%s log_handle 0x%4.4x phy_handle 0x%2.2x status 0x%2.2x",
4004 hdev->name, le16_to_cpu(ev->handle), ev->phy_handle,
4005 ev->status);
4006
4007 hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
4008 if (!hcon)
4009 return;
4010
4011 /* Create AMP hchan */
4012 hchan = hci_chan_create(hcon);
4013 if (!hchan)
4014 return;
4015
4016 hchan->handle = le16_to_cpu(ev->handle);
4017
4018 BT_DBG("hcon %p mgr %p hchan %p", hcon, hcon->amp_mgr, hchan);
4019
4020 mgr = hcon->amp_mgr;
4021 if (mgr && mgr->bredr_chan) {
4022 struct l2cap_chan *bredr_chan = mgr->bredr_chan;
4023
4024 l2cap_chan_lock(bredr_chan);
4025
4026 bredr_chan->conn->mtu = hdev->block_mtu;
4027 l2cap_logical_cfm(bredr_chan, hchan, 0);
4028 hci_conn_hold(hcon);
4029
4030 l2cap_chan_unlock(bredr_chan);
4031 }
4032}
4033
606e2a10
AE		 4034static void hci_disconn_loglink_complete_evt(struct hci_dev *hdev,
4035 struct sk_buff *skb)
4036{
4037 struct hci_ev_disconn_logical_link_complete *ev = (void *) skb->data;
4038 struct hci_chan *hchan;
4039
4040 BT_DBG("%s log handle 0x%4.4x status 0x%2.2x", hdev->name,
4041 le16_to_cpu(ev->handle), ev->status);
4042
4043 if (ev->status)
4044 return;
4045
4046 hci_dev_lock(hdev);
4047
4048 hchan = hci_chan_lookup_handle(hdev, le16_to_cpu(ev->handle));
4049 if (!hchan)
4050 goto unlock;
4051
4052 amp_destroy_logical_link(hchan, ev->reason);
4053
4054unlock:
4055 hci_dev_unlock(hdev);
4056}
4057
9eef6b3a
AE		 4058static void hci_disconn_phylink_complete_evt(struct hci_dev *hdev,
4059 struct sk_buff *skb)
4060{
4061 struct hci_ev_disconn_phy_link_complete *ev = (void *) skb->data;
4062 struct hci_conn *hcon;
4063
4064 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
4065
4066 if (ev->status)
4067 return;
4068
4069 hci_dev_lock(hdev);
4070
4071 hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
4072 if (hcon) {
4073 hcon->state = BT_CLOSED;
4074 hci_conn_del(hcon);
4075 }
4076
4077 hci_dev_unlock(hdev);
4078}
4079
6039aa73 4080static void hci_le_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
fcd89c09
VT		 4081{
4082 struct hci_ev_le_conn_complete *ev = (void *) skb->data;
912b42ef 4083 struct hci_conn_params *params;
fcd89c09 4084 struct hci_conn *conn;
68d6f6de 4085 struct smp_irk *irk;
837d502e 4086 u8 addr_type;
fcd89c09 4087
9f1db00c 4088 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
fcd89c09
VT		 4089
4090 hci_dev_lock(hdev);
4091
b47a09b3 4092 conn = hci_conn_hash_lookup_state(hdev, LE_LINK, BT_CONNECT);
b62f328b
VT		 4093 if (!conn) {
4094 conn = hci_conn_add(hdev, LE_LINK, &ev->bdaddr);
4095 if (!conn) {
4096 BT_ERR("No memory for new connection");
230fd16a 4097 goto unlock;
b62f328b 4098 }
29b7988a
AG		 4099
4100 conn->dst_type = ev->bdaddr_type;
b9b343d2
AG		 4101
4102 if (ev->role == LE_CONN_ROLE_MASTER) {
4103 conn->out = true;
4dae2798 4104 set_bit(HCI_CONN_MASTER, &conn->flags);
b9b343d2 4105 }
cb1d68f7
JH		 4106
4107 /* If we didn't have a hci_conn object previously
4108 * but we're in master role this must be something
4109 * initiated using a white list. Since white list based
4110 * connections are not "first class citizens" we don't
4111 * have full tracking of them. Therefore, we go ahead
4112 * with a "best effort" approach of determining the
4113 * initiator address based on the HCI_PRIVACY flag.
4114 */
4115 if (conn->out) {
4116 conn->resp_addr_type = ev->bdaddr_type;
4117 bacpy(&conn->resp_addr, &ev->bdaddr);
4118 if (test_bit(HCI_PRIVACY, &hdev->dev_flags)) {
4119 conn->init_addr_type = ADDR_LE_DEV_RANDOM;
4120 bacpy(&conn->init_addr, &hdev->rpa);
4121 } else {
4122 hci_copy_identity_address(hdev,
4123 &conn->init_addr,
4124 &conn->init_addr_type);
4125 }
cb1d68f7 4126 }
9489eca4
JH		 4127 } else {
4128 cancel_delayed_work(&conn->le_conn_timeout);
b62f328b 4129 }
fcd89c09 4130
80c24ab8
JH		 4131 if (!conn->out) {
4132 /* Set the responder (our side) address type based on
4133 * the advertising address type.
4134 */
4135 conn->resp_addr_type = hdev->adv_addr_type;
4136 if (hdev->adv_addr_type == ADDR_LE_DEV_RANDOM)
4137 bacpy(&conn->resp_addr, &hdev->random_addr);
4138 else
4139 bacpy(&conn->resp_addr, &hdev->bdaddr);
4140
4141 conn->init_addr_type = ev->bdaddr_type;
4142 bacpy(&conn->init_addr, &ev->bdaddr);
a720d735
MH		 4143
4144 /* For incoming connections, set the default minimum
4145 * and maximum connection interval. They will be used
4146 * to check if the parameters are in range and if not
4147 * trigger the connection update procedure.
4148 */
4149 conn->le_conn_min_interval = hdev->le_conn_min_interval;
4150 conn->le_conn_max_interval = hdev->le_conn_max_interval;
80c24ab8 4151 }
7be2edbb 4152
edb4b466
MH		 4153 /* Lookup the identity address from the stored connection
4154 * address and address type.
4155 *
4156 * When establishing connections to an identity address, the
4157 * connection procedure will store the resolvable random
4158 * address first. Now if it can be converted back into the
4159 * identity address, start using the identity address from
4160 * now on.
4161 */
4162 irk = hci_get_irk(hdev, &conn->dst, conn->dst_type);
68d6f6de
JH		 4163 if (irk) {
4164 bacpy(&conn->dst, &irk->bdaddr);
4165 conn->dst_type = irk->addr_type;
4166 }
4167
837d502e
JH		 4168 if (conn->dst_type == ADDR_LE_DEV_PUBLIC)
4169 addr_type = BDADDR_LE_PUBLIC;
4170 else
4171 addr_type = BDADDR_LE_RANDOM;
4172
4173 /* Drop the connection if he device is blocked */
4174 if (hci_blacklist_lookup(hdev, &conn->dst, addr_type)) {
4175 hci_conn_drop(conn);
4176 goto unlock;
4177 }
4178
cd17decb 4179 if (ev->status) {
06c053fb 4180 hci_le_conn_failed(conn, ev->status);
cd17decb
AG		 4181 goto unlock;
4182 }
4183
b644ba33 4184 if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
01fdb0fc 4185 mgmt_device_connected(hdev, &conn->dst, conn->type,
04124681 4186 conn->dst_type, 0, NULL, 0, NULL);
83bc71b4 4187
7b5c0d52 4188 conn->sec_level = BT_SECURITY_LOW;
fcd89c09
VT		 4189 conn->handle = __le16_to_cpu(ev->handle);
4190 conn->state = BT_CONNECTED;
4191
e04fde60
MH		 4192 conn->le_conn_interval = le16_to_cpu(ev->interval);
4193 conn->le_conn_latency = le16_to_cpu(ev->latency);
4194 conn->le_supv_timeout = le16_to_cpu(ev->supervision_timeout);
4195
fcd89c09
VT		 4196 hci_conn_add_sysfs(conn);
4197
4198 hci_proto_connect_cfm(conn, ev->status);
4199
912b42ef 4200 params = hci_conn_params_lookup(hdev, &conn->dst, conn->dst_type);
223683a5 4201 if (params)
95305baa 4202 list_del_init(&params->action);
a4790dbd 4203
fcd89c09 4204unlock:
223683a5 4205 hci_update_background_scan(hdev);
fcd89c09
VT		 4206 hci_dev_unlock(hdev);
4207}
4208
1855d92d
MH		 4209static void hci_le_conn_update_complete_evt(struct hci_dev *hdev,
4210 struct sk_buff *skb)
4211{
4212 struct hci_ev_le_conn_update_complete *ev = (void *) skb->data;
4213 struct hci_conn *conn;
4214
4215 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
4216
4217 if (ev->status)
4218 return;
4219
4220 hci_dev_lock(hdev);
4221
4222 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
4223 if (conn) {
4224 conn->le_conn_interval = le16_to_cpu(ev->interval);
4225 conn->le_conn_latency = le16_to_cpu(ev->latency);
4226 conn->le_supv_timeout = le16_to_cpu(ev->supervision_timeout);
4227 }
4228
4229 hci_dev_unlock(hdev);
4230}
4231
a4790dbd 4232/* This function requires the caller holds hdev->lock */
7e899c94 4233static void check_pending_le_conn(struct hci_dev *hdev, bdaddr_t *addr,
1c1abcab 4234 u8 addr_type, u8 adv_type)
a4790dbd
AG		 4235{
4236 struct hci_conn *conn;
4237
1c1abcab
JH		 4238 /* If the event is not connectable don't proceed further */
4239 if (adv_type != LE_ADV_IND && adv_type != LE_ADV_DIRECT_IND)
7e899c94 4240 return;
1c1abcab
JH		 4241
4242 /* Ignore if the device is blocked */
4243 if (hci_blacklist_lookup(hdev, addr, addr_type))
7e899c94 4244 return;
1c1abcab
JH		 4245
4246 /* If we're connectable, always connect any ADV_DIRECT_IND event */
4247 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags) &&
4248 adv_type == LE_ADV_DIRECT_IND)
4249 goto connect;
4250
4251 /* If we're not connectable only connect devices that we have in
4252 * our pend_le_conns list.
4253 */
501f8827 4254 if (!hci_pend_le_action_lookup(&hdev->pend_le_conns, addr, addr_type))
7e899c94 4255 return;
a4790dbd 4256
1c1abcab 4257connect:
cdd6275e 4258 /* Request connection in master = true role */
a4790dbd 4259 conn = hci_connect_le(hdev, addr, addr_type, BT_SECURITY_LOW,
cdd6275e 4260 HCI_LE_AUTOCONN_TIMEOUT, true);
a4790dbd 4261 if (!IS_ERR(conn))
7e899c94 4262 return;
a4790dbd
AG		 4263
4264 switch (PTR_ERR(conn)) {
4265 case -EBUSY:
4266 /* If hci_connect() returns -EBUSY it means there is already
4267 * an LE connection attempt going on. Since controllers don't
4268 * support more than one connection attempt at the time, we
4269 * don't consider this an error case.
4270 */
4271 break;
4272 default:
4273 BT_DBG("Failed to connect: err %ld", PTR_ERR(conn));
4274 }
4275}
4276
4af605d8
JH		 4277static void process_adv_report(struct hci_dev *hdev, u8 type, bdaddr_t *bdaddr,
4278 u8 bdaddr_type, s8 rssi, u8 *data, u8 len)
4279{
b9a6328f 4280 struct discovery_state *d = &hdev->discovery;
1c1abcab 4281 struct smp_irk *irk;
474ee066 4282 bool match;
c70a7e4c 4283 u32 flags;
b9a6328f 4284
1c1abcab
JH		 4285 /* Check if we need to convert to identity address */
4286 irk = hci_get_irk(hdev, bdaddr, bdaddr_type);
4287 if (irk) {
4288 bdaddr = &irk->bdaddr;
4289 bdaddr_type = irk->addr_type;
4290 }
4291
4292 /* Check if we have been requested to connect to this device */
4293 check_pending_le_conn(hdev, bdaddr, bdaddr_type, type);
4294
0d2bf134
JH		 4295 /* Passive scanning shouldn't trigger any device found events,
4296 * except for devices marked as CONN_REPORT for which we do send
4297 * device found events.
4298 */
ca5c4be7 4299 if (hdev->le_scan_type == LE_SCAN_PASSIVE) {
0d2bf134 4300 struct hci_conn_params *param;
0d2bf134 4301
0d2bf134
JH		 4302 if (type == LE_ADV_DIRECT_IND)
4303 return;
4304
a7545f2a
JH		 4305 param = hci_pend_le_action_lookup(&hdev->pend_le_reports,
4306 bdaddr, bdaddr_type);
4307 if (!param)
0d2bf134
JH		 4308 return;
4309
4310 if (type == LE_ADV_NONCONN_IND || type == LE_ADV_SCAN_IND)
4311 flags = MGMT_DEV_FOUND_NOT_CONNECTABLE;
4312 else
4313 flags = 0;
4314 mgmt_device_found(hdev, bdaddr, LE_LINK, bdaddr_type, NULL,
4315 rssi, flags, data, len, NULL, 0);
97bf2e99 4316 return;
ca5c4be7 4317 }
4af605d8 4318
c70a7e4c
MH		 4319 /* When receiving non-connectable or scannable undirected
4320 * advertising reports, this means that the remote device is
4321 * not connectable and then clearly indicate this in the
4322 * device found event.
4323 *
4324 * When receiving a scan response, then there is no way to
4325 * know if the remote device is connectable or not. However
4326 * since scan responses are merged with a previously seen
4327 * advertising report, the flags field from that report
4328 * will be used.
4329 *
4330 * In the really unlikely case that a controller get confused
4331 * and just sends a scan response event, then it is marked as
4332 * not connectable as well.
4333 */
4334 if (type == LE_ADV_NONCONN_IND || type == LE_ADV_SCAN_IND ||
4335 type == LE_ADV_SCAN_RSP)
4336 flags = MGMT_DEV_FOUND_NOT_CONNECTABLE;
4337 else
4338 flags = 0;
4339
b9a6328f
JH		 4340 /* If there's nothing pending either store the data from this
4341 * event or send an immediate device found event if the data
4342 * should not be stored for later.
4343 */
4344 if (!has_pending_adv_report(hdev)) {
4345 /* If the report will trigger a SCAN_REQ store it for
4346 * later merging.
4347 */
4348 if (type == LE_ADV_IND || type == LE_ADV_SCAN_IND) {
4349 store_pending_adv_report(hdev, bdaddr, bdaddr_type,
c70a7e4c 4350 rssi, flags, data, len);
b9a6328f
JH		 4351 return;
4352 }
4353
4354 mgmt_device_found(hdev, bdaddr, LE_LINK, bdaddr_type, NULL,
c70a7e4c 4355 rssi, flags, data, len, NULL, 0);
b9a6328f
JH		 4356 return;
4357 }
4358
474ee066
JH		 4359 /* Check if the pending report is for the same device as the new one */
4360 match = (!bacmp(bdaddr, &d->last_adv_addr) &&
4361 bdaddr_type == d->last_adv_addr_type);
4362
b9a6328f
JH		 4363 /* If the pending data doesn't match this report or this isn't a
4364 * scan response (e.g. we got a duplicate ADV_IND) then force
4365 * sending of the pending data.
4366 */
474ee066
JH		 4367 if (type != LE_ADV_SCAN_RSP || !match) {
4368 /* Send out whatever is in the cache, but skip duplicates */
4369 if (!match)
4370 mgmt_device_found(hdev, &d->last_adv_addr, LE_LINK,
ff5cd29f 4371 d->last_adv_addr_type, NULL,
c70a7e4c 4372 d->last_adv_rssi, d->last_adv_flags,
ff5cd29f 4373 d->last_adv_data,
474ee066 4374 d->last_adv_data_len, NULL, 0);
b9a6328f
JH		 4375
4376 /* If the new report will trigger a SCAN_REQ store it for
4377 * later merging.
4378 */
4379 if (type == LE_ADV_IND || type == LE_ADV_SCAN_IND) {
4380 store_pending_adv_report(hdev, bdaddr, bdaddr_type,
c70a7e4c 4381 rssi, flags, data, len);
b9a6328f
JH		 4382 return;
4383 }
4384
4385 /* The advertising reports cannot be merged, so clear
4386 * the pending report and send out a device found event.
4387 */
4388 clear_pending_adv_report(hdev);
5c5b93e4 4389 mgmt_device_found(hdev, bdaddr, LE_LINK, bdaddr_type, NULL,
c70a7e4c 4390 rssi, flags, data, len, NULL, 0);
b9a6328f
JH		 4391 return;
4392 }
4393
4394 /* If we get here we've got a pending ADV_IND or ADV_SCAN_IND and
4395 * the new event is a SCAN_RSP. We can therefore proceed with
4396 * sending a merged device found event.
4397 */
4398 mgmt_device_found(hdev, &d->last_adv_addr, LE_LINK,
c70a7e4c 4399 d->last_adv_addr_type, NULL, rssi, d->last_adv_flags,
42bd6a56 4400 d->last_adv_data, d->last_adv_data_len, data, len);
b9a6328f 4401 clear_pending_adv_report(hdev);
4af605d8
JH		 4402}
4403
6039aa73 4404static void hci_le_adv_report_evt(struct hci_dev *hdev, struct sk_buff *skb)
9aa04c91 4405{
e95beb41
AG		 4406 u8 num_reports = skb->data[0];
4407 void *ptr = &skb->data[1];
9aa04c91 4408
a4790dbd
AG		 4409 hci_dev_lock(hdev);
4410
e95beb41
AG		 4411 while (num_reports--) {
4412 struct hci_ev_le_advertising_info *ev = ptr;
4af605d8 4413 s8 rssi;
a4790dbd 4414
3c9e9195 4415 rssi = ev->data[ev->length];
4af605d8
JH		 4416 process_adv_report(hdev, ev->evt_type, &ev->bdaddr,
4417 ev->bdaddr_type, rssi, ev->data, ev->length);
3c9e9195 4418
e95beb41 4419 ptr += sizeof(*ev) + ev->length + 1;
9aa04c91 4420 }
a4790dbd
AG		 4421
4422 hci_dev_unlock(hdev);
9aa04c91
AG		 4423}
4424
6039aa73 4425static void hci_le_ltk_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
a7a595f6
VCG		 4426{
4427 struct hci_ev_le_ltk_req *ev = (void *) skb->data;
4428 struct hci_cp_le_ltk_reply cp;
bea710fe 4429 struct hci_cp_le_ltk_neg_reply neg;
a7a595f6 4430 struct hci_conn *conn;
c9839a11 4431 struct smp_ltk *ltk;
a7a595f6 4432
9f1db00c 4433 BT_DBG("%s handle 0x%4.4x", hdev->name, __le16_to_cpu(ev->handle));
a7a595f6
VCG		 4434
4435 hci_dev_lock(hdev);
4436
4437 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
bea710fe
VCG		 4438 if (conn == NULL)
4439 goto not_found;
a7a595f6 4440
fe39c7b2 4441 ltk = hci_find_ltk(hdev, ev->ediv, ev->rand, conn->out);
bea710fe
VCG		 4442 if (ltk == NULL)
4443 goto not_found;
4444
4445 memcpy(cp.ltk, ltk->val, sizeof(ltk->val));
a7a595f6 4446 cp.handle = cpu_to_le16(conn->handle);
c9839a11
VCG		 4447
4448 if (ltk->authenticated)
f8776218
AG		 4449 conn->pending_sec_level = BT_SECURITY_HIGH;
4450 else
4451 conn->pending_sec_level = BT_SECURITY_MEDIUM;
a7a595f6 4452
89cbb4da 4453 conn->enc_key_size = ltk->enc_size;
a7a595f6
VCG		 4454
4455 hci_send_cmd(hdev, HCI_OP_LE_LTK_REPLY, sizeof(cp), &cp);
4456
5981a882
CT		 4457 /* Ref. Bluetooth Core SPEC pages 1975 and 2004. STK is a
4458 * temporary key used to encrypt a connection following
4459 * pairing. It is used during the Encrypted Session Setup to
4460 * distribute the keys. Later, security can be re-established
4461 * using a distributed LTK.
4462 */
2ceba539 4463 if (ltk->type == SMP_STK) {
fe59a05f 4464 set_bit(HCI_CONN_STK_ENCRYPT, &conn->flags);
c9839a11
VCG		 4465 list_del(&ltk->list);
4466 kfree(ltk);
fe59a05f
JH		 4467 } else {
4468 clear_bit(HCI_CONN_STK_ENCRYPT, &conn->flags);
c9839a11
VCG		 4469 }
4470
a7a595f6 4471 hci_dev_unlock(hdev);
bea710fe
VCG		 4472
4473 return;
4474
4475not_found:
4476 neg.handle = ev->handle;
4477 hci_send_cmd(hdev, HCI_OP_LE_LTK_NEG_REPLY, sizeof(neg), &neg);
4478 hci_dev_unlock(hdev);
a7a595f6
VCG		 4479}
4480
8e75b46a
AG		 4481static void send_conn_param_neg_reply(struct hci_dev *hdev, u16 handle,
4482 u8 reason)
4483{
4484 struct hci_cp_le_conn_param_req_neg_reply cp;
4485
4486 cp.handle = cpu_to_le16(handle);
4487 cp.reason = reason;
4488
4489 hci_send_cmd(hdev, HCI_OP_LE_CONN_PARAM_REQ_NEG_REPLY, sizeof(cp),
4490 &cp);
4491}
4492
4493static void hci_le_remote_conn_param_req_evt(struct hci_dev *hdev,
4494 struct sk_buff *skb)
4495{
4496 struct hci_ev_le_remote_conn_param_req *ev = (void *) skb->data;
4497 struct hci_cp_le_conn_param_req_reply cp;
4498 struct hci_conn *hcon;
4499 u16 handle, min, max, latency, timeout;
4500
4501 handle = le16_to_cpu(ev->handle);
4502 min = le16_to_cpu(ev->interval_min);
4503 max = le16_to_cpu(ev->interval_max);
4504 latency = le16_to_cpu(ev->latency);
4505 timeout = le16_to_cpu(ev->timeout);
4506
4507 hcon = hci_conn_hash_lookup_handle(hdev, handle);
4508 if (!hcon || hcon->state != BT_CONNECTED)
4509 return send_conn_param_neg_reply(hdev, handle,
4510 HCI_ERROR_UNKNOWN_CONN_ID);
4511
4512 if (hci_check_conn_params(min, max, latency, timeout))
4513 return send_conn_param_neg_reply(hdev, handle,
4514 HCI_ERROR_INVALID_LL_PARAMS);
4515
348d50b8
JH		 4516 if (test_bit(HCI_CONN_MASTER, &hcon->flags)) {
4517 struct hci_conn_params *params;
f4869e2a 4518 u8 store_hint;
348d50b8
JH		 4519
4520 hci_dev_lock(hdev);
4521
4522 params = hci_conn_params_lookup(hdev, &hcon->dst,
4523 hcon->dst_type);
4524 if (params) {
4525 params->conn_min_interval = min;
4526 params->conn_max_interval = max;
4527 params->conn_latency = latency;
4528 params->supervision_timeout = timeout;
f4869e2a
JH		 4529 store_hint = 0x01;
4530 } else{
4531 store_hint = 0x00;
348d50b8
JH		 4532 }
4533
4534 hci_dev_unlock(hdev);
4535
f4869e2a
JH		 4536 mgmt_new_conn_param(hdev, &hcon->dst, hcon->dst_type,
4537 store_hint, min, max, latency, timeout);
348d50b8 4538 }
ffb5a827 4539
8e75b46a
AG		 4540 cp.handle = ev->handle;
4541 cp.interval_min = ev->interval_min;
4542 cp.interval_max = ev->interval_max;
4543 cp.latency = ev->latency;
4544 cp.timeout = ev->timeout;
4545 cp.min_ce_len = 0;
4546 cp.max_ce_len = 0;
4547
4548 hci_send_cmd(hdev, HCI_OP_LE_CONN_PARAM_REQ_REPLY, sizeof(cp), &cp);
4549}
4550
6039aa73 4551static void hci_le_meta_evt(struct hci_dev *hdev, struct sk_buff *skb)
fcd89c09
VT		 4552{
4553 struct hci_ev_le_meta *le_ev = (void *) skb->data;
4554
4555 skb_pull(skb, sizeof(*le_ev));
4556
4557 switch (le_ev->subevent) {
4558 case HCI_EV_LE_CONN_COMPLETE:
4559 hci_le_conn_complete_evt(hdev, skb);
4560 break;
4561
1855d92d
MH		 4562 case HCI_EV_LE_CONN_UPDATE_COMPLETE:
4563 hci_le_conn_update_complete_evt(hdev, skb);
4564 break;
4565
9aa04c91
AG		 4566 case HCI_EV_LE_ADVERTISING_REPORT:
4567 hci_le_adv_report_evt(hdev, skb);
4568 break;
4569
a7a595f6
VCG		 4570 case HCI_EV_LE_LTK_REQ:
4571 hci_le_ltk_request_evt(hdev, skb);
4572 break;
4573
8e75b46a
AG		 4574 case HCI_EV_LE_REMOTE_CONN_PARAM_REQ:
4575 hci_le_remote_conn_param_req_evt(hdev, skb);
4576 break;
4577
fcd89c09
VT		 4578 default:
4579 break;
4580 }
4581}
4582
9495b2ee
AE		 4583static void hci_chan_selected_evt(struct hci_dev *hdev, struct sk_buff *skb)
4584{
4585 struct hci_ev_channel_selected *ev = (void *) skb->data;
4586 struct hci_conn *hcon;
4587
4588 BT_DBG("%s handle 0x%2.2x", hdev->name, ev->phy_handle);
4589
4590 skb_pull(skb, sizeof(*ev));
4591
4592 hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
4593 if (!hcon)
4594 return;
4595
4596 amp_read_loc_assoc_final_data(hdev, hcon);
4597}
4598
a9de9248
MH		 4599void hci_event_packet(struct hci_dev *hdev, struct sk_buff *skb)
4600{
4601 struct hci_event_hdr *hdr = (void *) skb->data;
4602 __u8 event = hdr->evt;
4603
b6ddb638
JH		 4604 hci_dev_lock(hdev);
4605
4606 /* Received events are (currently) only needed when a request is
4607 * ongoing so avoid unnecessary memory allocation.
4608 */
4609 if (hdev->req_status == HCI_REQ_PEND) {
4610 kfree_skb(hdev->recv_evt);
4611 hdev->recv_evt = skb_clone(skb, GFP_KERNEL);
4612 }
4613
4614 hci_dev_unlock(hdev);
4615
a9de9248
MH		 4616 skb_pull(skb, HCI_EVENT_HDR_SIZE);
4617
02350a72 4618 if (hdev->sent_cmd && bt_cb(hdev->sent_cmd)->req.event == event) {
c1f23a2b
JB		 4619 struct hci_command_hdr *cmd_hdr = (void *) hdev->sent_cmd->data;
4620 u16 opcode = __le16_to_cpu(cmd_hdr->opcode);
02350a72
JH		 4621
4622 hci_req_cmd_complete(hdev, opcode, 0);
4623 }
4624
a9de9248 4625 switch (event) {
1da177e4
LT		 4626 case HCI_EV_INQUIRY_COMPLETE:
4627 hci_inquiry_complete_evt(hdev, skb);
4628 break;
4629
4630 case HCI_EV_INQUIRY_RESULT:
4631 hci_inquiry_result_evt(hdev, skb);
4632 break;
4633
a9de9248
MH		 4634 case HCI_EV_CONN_COMPLETE:
4635 hci_conn_complete_evt(hdev, skb);
21d9e30e
MH		 4636 break;
4637
1da177e4
LT		 4638 case HCI_EV_CONN_REQUEST:
4639 hci_conn_request_evt(hdev, skb);
4640 break;
4641
1da177e4
LT		 4642 case HCI_EV_DISCONN_COMPLETE:
4643 hci_disconn_complete_evt(hdev, skb);
4644 break;
4645
1da177e4
LT		 4646 case HCI_EV_AUTH_COMPLETE:
4647 hci_auth_complete_evt(hdev, skb);
4648 break;
4649
a9de9248
MH		 4650 case HCI_EV_REMOTE_NAME:
4651 hci_remote_name_evt(hdev, skb);
4652 break;
4653
1da177e4
LT		 4654 case HCI_EV_ENCRYPT_CHANGE:
4655 hci_encrypt_change_evt(hdev, skb);
4656 break;
4657
a9de9248
MH		 4658 case HCI_EV_CHANGE_LINK_KEY_COMPLETE:
4659 hci_change_link_key_complete_evt(hdev, skb);
4660 break;
4661
4662 case HCI_EV_REMOTE_FEATURES:
4663 hci_remote_features_evt(hdev, skb);
4664 break;
4665
a9de9248
MH		 4666 case HCI_EV_CMD_COMPLETE:
4667 hci_cmd_complete_evt(hdev, skb);
4668 break;
4669
4670 case HCI_EV_CMD_STATUS:
4671 hci_cmd_status_evt(hdev, skb);
4672 break;
4673
4674 case HCI_EV_ROLE_CHANGE:
4675 hci_role_change_evt(hdev, skb);
4676 break;
4677
4678 case HCI_EV_NUM_COMP_PKTS:
4679 hci_num_comp_pkts_evt(hdev, skb);
4680 break;
4681
4682 case HCI_EV_MODE_CHANGE:
4683 hci_mode_change_evt(hdev, skb);
1da177e4
LT		 4684 break;
4685
4686 case HCI_EV_PIN_CODE_REQ:
4687 hci_pin_code_request_evt(hdev, skb);
4688 break;
4689
4690 case HCI_EV_LINK_KEY_REQ:
4691 hci_link_key_request_evt(hdev, skb);
4692 break;
4693
4694 case HCI_EV_LINK_KEY_NOTIFY:
4695 hci_link_key_notify_evt(hdev, skb);
4696 break;
4697
4698 case HCI_EV_CLOCK_OFFSET:
4699 hci_clock_offset_evt(hdev, skb);
4700 break;
4701
a8746417
MH		 4702 case HCI_EV_PKT_TYPE_CHANGE:
4703 hci_pkt_type_change_evt(hdev, skb);
4704 break;
4705
85a1e930
MH		 4706 case HCI_EV_PSCAN_REP_MODE:
4707 hci_pscan_rep_mode_evt(hdev, skb);
4708 break;
4709
a9de9248
MH		 4710 case HCI_EV_INQUIRY_RESULT_WITH_RSSI:
4711 hci_inquiry_result_with_rssi_evt(hdev, skb);
04837f64
MH		 4712 break;
4713
a9de9248
MH		 4714 case HCI_EV_REMOTE_EXT_FEATURES:
4715 hci_remote_ext_features_evt(hdev, skb);
1da177e4
LT		 4716 break;
4717
a9de9248
MH		 4718 case HCI_EV_SYNC_CONN_COMPLETE:
4719 hci_sync_conn_complete_evt(hdev, skb);
4720 break;
1da177e4 4721
a9de9248
MH		 4722 case HCI_EV_EXTENDED_INQUIRY_RESULT:
4723 hci_extended_inquiry_result_evt(hdev, skb);
4724 break;
1da177e4 4725
1c2e0041
JH		 4726 case HCI_EV_KEY_REFRESH_COMPLETE:
4727 hci_key_refresh_complete_evt(hdev, skb);
4728 break;
4729
0493684e
MH		 4730 case HCI_EV_IO_CAPA_REQUEST:
4731 hci_io_capa_request_evt(hdev, skb);
4732 break;
4733
03b555e1
JH		 4734 case HCI_EV_IO_CAPA_REPLY:
4735 hci_io_capa_reply_evt(hdev, skb);
4736 break;
4737
a5c29683
JH		 4738 case HCI_EV_USER_CONFIRM_REQUEST:
4739 hci_user_confirm_request_evt(hdev, skb);
4740 break;
4741
1143d458
BG		 4742 case HCI_EV_USER_PASSKEY_REQUEST:
4743 hci_user_passkey_request_evt(hdev, skb);
4744 break;
4745
92a25256
JH		 4746 case HCI_EV_USER_PASSKEY_NOTIFY:
4747 hci_user_passkey_notify_evt(hdev, skb);
4748 break;
4749
4750 case HCI_EV_KEYPRESS_NOTIFY:
4751 hci_keypress_notify_evt(hdev, skb);
4752 break;
4753
0493684e
MH		 4754 case HCI_EV_SIMPLE_PAIR_COMPLETE:
4755 hci_simple_pair_complete_evt(hdev, skb);
4756 break;
4757
41a96212
MH		 4758 case HCI_EV_REMOTE_HOST_FEATURES:
4759 hci_remote_host_features_evt(hdev, skb);
4760 break;
4761
fcd89c09
VT		 4762 case HCI_EV_LE_META:
4763 hci_le_meta_evt(hdev, skb);
4764 break;
4765
9495b2ee
AE		 4766 case HCI_EV_CHANNEL_SELECTED:
4767 hci_chan_selected_evt(hdev, skb);
4768 break;
4769
2763eda6
SJ		 4770 case HCI_EV_REMOTE_OOB_DATA_REQUEST:
4771 hci_remote_oob_data_request_evt(hdev, skb);
4772 break;
4773
d5e91192
AE		 4774 case HCI_EV_PHY_LINK_COMPLETE:
4775 hci_phy_link_complete_evt(hdev, skb);
4776 break;
4777
27695fb4
AE		 4778 case HCI_EV_LOGICAL_LINK_COMPLETE:
4779 hci_loglink_complete_evt(hdev, skb);
4780 break;
4781
606e2a10
AE		 4782 case HCI_EV_DISCONN_LOGICAL_LINK_COMPLETE:
4783 hci_disconn_loglink_complete_evt(hdev, skb);
4784 break;
4785
9eef6b3a
AE		 4786 case HCI_EV_DISCONN_PHY_LINK_COMPLETE:
4787 hci_disconn_phylink_complete_evt(hdev, skb);
4788 break;
4789
25e89e99
AE		 4790 case HCI_EV_NUM_COMP_BLOCKS:
4791 hci_num_comp_blocks_evt(hdev, skb);
4792 break;
4793
a9de9248 4794 default:
9f1db00c 4795 BT_DBG("%s event 0x%2.2x", hdev->name, event);
1da177e4
LT		 4796 break;
4797 }
4798
4799 kfree_skb(skb);
4800 hdev->stat.evt_rx++;
4801}
Linux kernel - Deliverables
This page took 1.622837 seconds and 5 git commands to generate.