projects / deliverable / linux.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Bluetooth: Fix address in unmergeable device found events
[deliverable/linux.git] / net / bluetooth / hci_event.c
CommitLineData
8e87d142 1/*
1da177e4 2 BlueZ - Bluetooth protocol stack for Linux
2d0a0346 3 Copyright (c) 2000-2001, 2010, Code Aurora Forum. All rights reserved.
1da177e4
LT		 4
5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
8e87d142
YH		 15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
1da177e4
LT		 18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
8e87d142
YH		 20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
1da177e4
LT		 22 SOFTWARE IS DISCLAIMED.
23*/
24
25/* Bluetooth HCI event handling. */
26
1da177e4
LT		 27#include <asm/unaligned.h>
28
29#include <net/bluetooth/bluetooth.h>
30#include <net/bluetooth/hci_core.h>
f0d6a0ea 31#include <net/bluetooth/mgmt.h>
7ef9fbf0 32
7024728e 33#include "a2mp.h"
7ef9fbf0 34#include "amp.h"
1da177e4 35
1da177e4
LT		 36/* Handle HCI Event packets */
37
a9de9248 38static void hci_cc_inquiry_cancel(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 39{
a9de9248 40 __u8 status = *((__u8 *) skb->data);
1da177e4 41
9f1db00c 42 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1da177e4 43
82f4785c 44 if (status)
a9de9248 45 return;
1da177e4 46
89352e7d 47 clear_bit(HCI_INQUIRY, &hdev->flags);
3e13fa1e
AG		 48 smp_mb__after_clear_bit(); /* wake_up_bit advises about this barrier */
49 wake_up_bit(&hdev->flags, HCI_INQUIRY);
89352e7d 50
a9de9248
MH		 51 hci_conn_check_pending(hdev);
52}
6bd57416 53
4d93483b
AG		 54static void hci_cc_periodic_inq(struct hci_dev *hdev, struct sk_buff *skb)
55{
56 __u8 status = *((__u8 *) skb->data);
57
9f1db00c 58 BT_DBG("%s status 0x%2.2x", hdev->name, status);
ae854a70
AG		 59
60 if (status)
61 return;
62
63 set_bit(HCI_PERIODIC_INQ, &hdev->dev_flags);
4d93483b
AG		 64}
65
a9de9248
MH		 66static void hci_cc_exit_periodic_inq(struct hci_dev *hdev, struct sk_buff *skb)
67{
68 __u8 status = *((__u8 *) skb->data);
6bd57416 69
9f1db00c 70 BT_DBG("%s status 0x%2.2x", hdev->name, status);
6bd57416 71
a9de9248
MH		 72 if (status)
73 return;
1da177e4 74
ae854a70
AG		 75 clear_bit(HCI_PERIODIC_INQ, &hdev->dev_flags);
76
a9de9248
MH		 77 hci_conn_check_pending(hdev);
78}
79
807deac2
GP		 80static void hci_cc_remote_name_req_cancel(struct hci_dev *hdev,
81 struct sk_buff *skb)
a9de9248
MH		 82{
83 BT_DBG("%s", hdev->name);
84}
85
86static void hci_cc_role_discovery(struct hci_dev *hdev, struct sk_buff *skb)
87{
88 struct hci_rp_role_discovery *rp = (void *) skb->data;
89 struct hci_conn *conn;
90
9f1db00c 91 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
a9de9248
MH		 92
93 if (rp->status)
94 return;
95
96 hci_dev_lock(hdev);
97
98 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
99 if (conn) {
100 if (rp->role)
101 conn->link_mode &= ~HCI_LM_MASTER;
102 else
103 conn->link_mode |= HCI_LM_MASTER;
1da177e4 104 }
a9de9248
MH		 105
106 hci_dev_unlock(hdev);
1da177e4
LT		 107}
108
e4e8e37c
MH		 109static void hci_cc_read_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
110{
111 struct hci_rp_read_link_policy *rp = (void *) skb->data;
112 struct hci_conn *conn;
113
9f1db00c 114 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
e4e8e37c
MH		 115
116 if (rp->status)
117 return;
118
119 hci_dev_lock(hdev);
120
121 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
122 if (conn)
123 conn->link_policy = __le16_to_cpu(rp->policy);
124
125 hci_dev_unlock(hdev);
126}
127
a9de9248 128static void hci_cc_write_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 129{
a9de9248 130 struct hci_rp_write_link_policy *rp = (void *) skb->data;
1da177e4 131 struct hci_conn *conn;
04837f64 132 void *sent;
1da177e4 133
9f1db00c 134 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1da177e4 135
a9de9248
MH		 136 if (rp->status)
137 return;
1da177e4 138
a9de9248
MH		 139 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LINK_POLICY);
140 if (!sent)
141 return;
1da177e4 142
a9de9248 143 hci_dev_lock(hdev);
1da177e4 144
a9de9248 145 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
e4e8e37c 146 if (conn)
83985319 147 conn->link_policy = get_unaligned_le16(sent + 2);
1da177e4 148
a9de9248
MH		 149 hci_dev_unlock(hdev);
150}
1da177e4 151
807deac2
GP		 152static void hci_cc_read_def_link_policy(struct hci_dev *hdev,
153 struct sk_buff *skb)
e4e8e37c
MH		 154{
155 struct hci_rp_read_def_link_policy *rp = (void *) skb->data;
156
9f1db00c 157 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
e4e8e37c
MH		 158
159 if (rp->status)
160 return;
161
162 hdev->link_policy = __le16_to_cpu(rp->policy);
163}
164
807deac2
GP		 165static void hci_cc_write_def_link_policy(struct hci_dev *hdev,
166 struct sk_buff *skb)
e4e8e37c
MH		 167{
168 __u8 status = *((__u8 *) skb->data);
169 void *sent;
170
9f1db00c 171 BT_DBG("%s status 0x%2.2x", hdev->name, status);
e4e8e37c
MH		 172
173 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_DEF_LINK_POLICY);
174 if (!sent)
175 return;
176
177 if (!status)
178 hdev->link_policy = get_unaligned_le16(sent);
e4e8e37c
MH		 179}
180
a9de9248
MH		 181static void hci_cc_reset(struct hci_dev *hdev, struct sk_buff *skb)
182{
183 __u8 status = *((__u8 *) skb->data);
04837f64 184
9f1db00c 185 BT_DBG("%s status 0x%2.2x", hdev->name, status);
04837f64 186
10572132
GP		 187 clear_bit(HCI_RESET, &hdev->flags);
188
a297e97c 189 /* Reset all non-persistent flags */
2cc6fb00 190 hdev->dev_flags &= ~HCI_PERSISTENT_MASK;
69775ff6
AG		 191
192 hdev->discovery.state = DISCOVERY_STOPPED;
bbaf444a
JH		 193 hdev->inq_tx_power = HCI_TX_POWER_INVALID;
194 hdev->adv_tx_power = HCI_TX_POWER_INVALID;
3f0f524b
JH		 195
196 memset(hdev->adv_data, 0, sizeof(hdev->adv_data));
197 hdev->adv_data_len = 0;
f8e808bd
MH		 198
199 memset(hdev->scan_rsp_data, 0, sizeof(hdev->scan_rsp_data));
200 hdev->scan_rsp_data_len = 0;
06f5b778 201
533553f8
MH		 202 hdev->le_scan_type = LE_SCAN_PASSIVE;
203
06f5b778 204 hdev->ssp_debug_mode = 0;
a9de9248 205}
04837f64 206
a9de9248
MH		 207static void hci_cc_write_local_name(struct hci_dev *hdev, struct sk_buff *skb)
208{
209 __u8 status = *((__u8 *) skb->data);
210 void *sent;
04837f64 211
9f1db00c 212 BT_DBG("%s status 0x%2.2x", hdev->name, status);
04837f64 213
a9de9248
MH		 214 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LOCAL_NAME);
215 if (!sent)
216 return;
04837f64 217
56e5cb86
JH		 218 hci_dev_lock(hdev);
219
f51d5b24
JH		 220 if (test_bit(HCI_MGMT, &hdev->dev_flags))
221 mgmt_set_local_name_complete(hdev, sent, status);
28cc7bde
JH		 222 else if (!status)
223 memcpy(hdev->dev_name, sent, HCI_MAX_NAME_LENGTH);
f51d5b24 224
56e5cb86 225 hci_dev_unlock(hdev);
a9de9248
MH		 226}
227
228static void hci_cc_read_local_name(struct hci_dev *hdev, struct sk_buff *skb)
229{
230 struct hci_rp_read_local_name *rp = (void *) skb->data;
231
9f1db00c 232 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
a9de9248
MH		 233
234 if (rp->status)
235 return;
236
db99b5fc
JH		 237 if (test_bit(HCI_SETUP, &hdev->dev_flags))
238 memcpy(hdev->dev_name, rp->name, HCI_MAX_NAME_LENGTH);
a9de9248
MH		 239}
240
241static void hci_cc_write_auth_enable(struct hci_dev *hdev, struct sk_buff *skb)
242{
243 __u8 status = *((__u8 *) skb->data);
244 void *sent;
245
9f1db00c 246 BT_DBG("%s status 0x%2.2x", hdev->name, status);
a9de9248
MH		 247
248 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_AUTH_ENABLE);
249 if (!sent)
250 return;
251
252 if (!status) {
253 __u8 param = *((__u8 *) sent);
254
255 if (param == AUTH_ENABLED)
256 set_bit(HCI_AUTH, &hdev->flags);
257 else
258 clear_bit(HCI_AUTH, &hdev->flags);
1da177e4 259 }
a9de9248 260
33ef95ed
JH		 261 if (test_bit(HCI_MGMT, &hdev->dev_flags))
262 mgmt_auth_enable_complete(hdev, status);
1da177e4
LT		 263}
264
a9de9248 265static void hci_cc_write_encrypt_mode(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 266{
a9de9248 267 __u8 status = *((__u8 *) skb->data);
1da177e4
LT		 268 void *sent;
269
9f1db00c 270 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1da177e4 271
a9de9248
MH		 272 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_ENCRYPT_MODE);
273 if (!sent)
274 return;
1da177e4 275
a9de9248
MH		 276 if (!status) {
277 __u8 param = *((__u8 *) sent);
278
279 if (param)
280 set_bit(HCI_ENCRYPT, &hdev->flags);
281 else
282 clear_bit(HCI_ENCRYPT, &hdev->flags);
283 }
a9de9248 284}
1da177e4 285
a9de9248
MH		 286static void hci_cc_write_scan_enable(struct hci_dev *hdev, struct sk_buff *skb)
287{
36f7fc7e
JH		 288 __u8 param, status = *((__u8 *) skb->data);
289 int old_pscan, old_iscan;
a9de9248 290 void *sent;
1da177e4 291
9f1db00c 292 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1da177e4 293
a9de9248
MH		 294 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SCAN_ENABLE);
295 if (!sent)
296 return;
1da177e4 297
36f7fc7e
JH		 298 param = *((__u8 *) sent);
299
56e5cb86
JH		 300 hci_dev_lock(hdev);
301
fa1bd918 302 if (status) {
744cf19e 303 mgmt_write_scan_failed(hdev, param, status);
2d7cee58
JH		 304 hdev->discov_timeout = 0;
305 goto done;
306 }
307
0663ca2a
JH		 308 /* We need to ensure that we set this back on if someone changed
309 * the scan mode through a raw HCI socket.
310 */
311 set_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
312
36f7fc7e
JH		 313 old_pscan = test_and_clear_bit(HCI_PSCAN, &hdev->flags);
314 old_iscan = test_and_clear_bit(HCI_ISCAN, &hdev->flags);
315
316 if (param & SCAN_INQUIRY) {
317 set_bit(HCI_ISCAN, &hdev->flags);
318 if (!old_iscan)
744cf19e 319 mgmt_discoverable(hdev, 1);
36f7fc7e 320 } else if (old_iscan)
744cf19e 321 mgmt_discoverable(hdev, 0);
36f7fc7e
JH		 322
323 if (param & SCAN_PAGE) {
324 set_bit(HCI_PSCAN, &hdev->flags);
325 if (!old_pscan)
744cf19e 326 mgmt_connectable(hdev, 1);
36f7fc7e 327 } else if (old_pscan)
744cf19e 328 mgmt_connectable(hdev, 0);
1da177e4 329
36f7fc7e 330done:
56e5cb86 331 hci_dev_unlock(hdev);
a9de9248 332}
1da177e4 333
a9de9248
MH		 334static void hci_cc_read_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
335{
336 struct hci_rp_read_class_of_dev *rp = (void *) skb->data;
1da177e4 337
9f1db00c 338 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1da177e4 339
a9de9248
MH		 340 if (rp->status)
341 return;
1da177e4 342
a9de9248 343 memcpy(hdev->dev_class, rp->dev_class, 3);
1da177e4 344
a9de9248 345 BT_DBG("%s class 0x%.2x%.2x%.2x", hdev->name,
807deac2 346 hdev->dev_class[2], hdev->dev_class[1], hdev->dev_class[0]);
a9de9248 347}
1da177e4 348
a9de9248
MH		 349static void hci_cc_write_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
350{
351 __u8 status = *((__u8 *) skb->data);
352 void *sent;
1da177e4 353
9f1db00c 354 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1da177e4 355
a9de9248
MH		 356 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_CLASS_OF_DEV);
357 if (!sent)
358 return;
1da177e4 359
7f9a903c
MH		 360 hci_dev_lock(hdev);
361
362 if (status == 0)
363 memcpy(hdev->dev_class, sent, 3);
364
365 if (test_bit(HCI_MGMT, &hdev->dev_flags))
366 mgmt_set_class_of_dev_complete(hdev, sent, status);
367
368 hci_dev_unlock(hdev);
a9de9248 369}
1da177e4 370
a9de9248
MH		 371static void hci_cc_read_voice_setting(struct hci_dev *hdev, struct sk_buff *skb)
372{
373 struct hci_rp_read_voice_setting *rp = (void *) skb->data;
374 __u16 setting;
375
9f1db00c 376 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
a9de9248
MH		 377
378 if (rp->status)
379 return;
380
381 setting = __le16_to_cpu(rp->voice_setting);
382
f383f275 383 if (hdev->voice_setting == setting)
a9de9248
MH		 384 return;
385
386 hdev->voice_setting = setting;
387
9f1db00c 388 BT_DBG("%s voice setting 0x%4.4x", hdev->name, setting);
a9de9248 389
3c54711c 390 if (hdev->notify)
a9de9248 391 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
a9de9248
MH		 392}
393
8fc9ced3
GP		 394static void hci_cc_write_voice_setting(struct hci_dev *hdev,
395 struct sk_buff *skb)
a9de9248
MH		 396{
397 __u8 status = *((__u8 *) skb->data);
f383f275 398 __u16 setting;
a9de9248
MH		 399 void *sent;
400
9f1db00c 401 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1da177e4 402
f383f275
MH		 403 if (status)
404 return;
405
a9de9248
MH		 406 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_VOICE_SETTING);
407 if (!sent)
408 return;
1da177e4 409
f383f275 410 setting = get_unaligned_le16(sent);
1da177e4 411
f383f275
MH		 412 if (hdev->voice_setting == setting)
413 return;
414
415 hdev->voice_setting = setting;
1da177e4 416
9f1db00c 417 BT_DBG("%s voice setting 0x%4.4x", hdev->name, setting);
1da177e4 418
3c54711c 419 if (hdev->notify)
f383f275 420 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
1da177e4
LT		 421}
422
b4cb9fb2
MH		 423static void hci_cc_read_num_supported_iac(struct hci_dev *hdev,
424 struct sk_buff *skb)
425{
426 struct hci_rp_read_num_supported_iac *rp = (void *) skb->data;
427
428 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
429
430 if (rp->status)
431 return;
432
433 hdev->num_iac = rp->num_iac;
434
435 BT_DBG("%s num iac %d", hdev->name, hdev->num_iac);
436}
437
333140b5
MH		 438static void hci_cc_write_ssp_mode(struct hci_dev *hdev, struct sk_buff *skb)
439{
440 __u8 status = *((__u8 *) skb->data);
5ed8eb2f 441 struct hci_cp_write_ssp_mode *sent;
333140b5 442
9f1db00c 443 BT_DBG("%s status 0x%2.2x", hdev->name, status);
333140b5 444
333140b5
MH		 445 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SSP_MODE);
446 if (!sent)
447 return;
448
5ed8eb2f
JH		 449 if (!status) {
450 if (sent->mode)
cad718ed 451 hdev->features[1][0] |= LMP_HOST_SSP;
5ed8eb2f 452 else
cad718ed 453 hdev->features[1][0] &= ~LMP_HOST_SSP;
5ed8eb2f
JH		 454 }
455
ed2c4ee3 456 if (test_bit(HCI_MGMT, &hdev->dev_flags))
5ed8eb2f 457 mgmt_ssp_enable_complete(hdev, sent->mode, status);
c0ecddc2 458 else if (!status) {
5ed8eb2f 459 if (sent->mode)
c0ecddc2
JH		 460 set_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
461 else
462 clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
463 }
333140b5
MH		 464}
465
eac83dc6
MH		 466static void hci_cc_write_sc_support(struct hci_dev *hdev, struct sk_buff *skb)
467{
468 u8 status = *((u8 *) skb->data);
469 struct hci_cp_write_sc_support *sent;
470
471 BT_DBG("%s status 0x%2.2x", hdev->name, status);
472
473 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SC_SUPPORT);
474 if (!sent)
475 return;
476
477 if (!status) {
478 if (sent->support)
479 hdev->features[1][0] |= LMP_HOST_SC;
480 else
481 hdev->features[1][0] &= ~LMP_HOST_SC;
482 }
483
484 if (test_bit(HCI_MGMT, &hdev->dev_flags))
485 mgmt_sc_enable_complete(hdev, sent->support, status);
486 else if (!status) {
487 if (sent->support)
488 set_bit(HCI_SC_ENABLED, &hdev->dev_flags);
489 else
490 clear_bit(HCI_SC_ENABLED, &hdev->dev_flags);
491 }
492}
493
a9de9248
MH		 494static void hci_cc_read_local_version(struct hci_dev *hdev, struct sk_buff *skb)
495{
496 struct hci_rp_read_local_version *rp = (void *) skb->data;
1143e5a6 497
9f1db00c 498 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1143e5a6 499
a9de9248 500 if (rp->status)
42c6b129 501 return;
1143e5a6 502
0d5551f5
MH		 503 if (test_bit(HCI_SETUP, &hdev->dev_flags)) {
504 hdev->hci_ver = rp->hci_ver;
505 hdev->hci_rev = __le16_to_cpu(rp->hci_rev);
506 hdev->lmp_ver = rp->lmp_ver;
507 hdev->manufacturer = __le16_to_cpu(rp->manufacturer);
508 hdev->lmp_subver = __le16_to_cpu(rp->lmp_subver);
509 }
d5859e22
JH		 510}
511
8fc9ced3
GP		 512static void hci_cc_read_local_commands(struct hci_dev *hdev,
513 struct sk_buff *skb)
a9de9248
MH		 514{
515 struct hci_rp_read_local_commands *rp = (void *) skb->data;
1da177e4 516
9f1db00c 517 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1da177e4 518
6a070e6e
MH		 519 if (rp->status)
520 return;
521
522 if (test_bit(HCI_SETUP, &hdev->dev_flags))
2177bab5 523 memcpy(hdev->commands, rp->commands, sizeof(hdev->commands));
a9de9248 524}
1da177e4 525
8fc9ced3
GP		 526static void hci_cc_read_local_features(struct hci_dev *hdev,
527 struct sk_buff *skb)
a9de9248
MH		 528{
529 struct hci_rp_read_local_features *rp = (void *) skb->data;
5b7f9909 530
9f1db00c 531 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1da177e4 532
a9de9248
MH		 533 if (rp->status)
534 return;
5b7f9909 535
a9de9248 536 memcpy(hdev->features, rp->features, 8);
5b7f9909 537
a9de9248
MH		 538 /* Adjust default settings according to features
539 * supported by device. */
1da177e4 540
cad718ed 541 if (hdev->features[0][0] & LMP_3SLOT)
a9de9248 542 hdev->pkt_type |= (HCI_DM3 | HCI_DH3);
1da177e4 543
cad718ed 544 if (hdev->features[0][0] & LMP_5SLOT)
a9de9248 545 hdev->pkt_type |= (HCI_DM5 | HCI_DH5);
1da177e4 546
cad718ed 547 if (hdev->features[0][1] & LMP_HV2) {
a9de9248
MH		 548 hdev->pkt_type |= (HCI_HV2);
549 hdev->esco_type |= (ESCO_HV2);
550 }
1da177e4 551
cad718ed 552 if (hdev->features[0][1] & LMP_HV3) {
a9de9248
MH		 553 hdev->pkt_type |= (HCI_HV3);
554 hdev->esco_type |= (ESCO_HV3);
555 }
1da177e4 556
45db810f 557 if (lmp_esco_capable(hdev))
a9de9248 558 hdev->esco_type |= (ESCO_EV3);
da1f5198 559
cad718ed 560 if (hdev->features[0][4] & LMP_EV4)
a9de9248 561 hdev->esco_type |= (ESCO_EV4);
da1f5198 562
cad718ed 563 if (hdev->features[0][4] & LMP_EV5)
a9de9248 564 hdev->esco_type |= (ESCO_EV5);
1da177e4 565
cad718ed 566 if (hdev->features[0][5] & LMP_EDR_ESCO_2M)
efc7688b
MH		 567 hdev->esco_type |= (ESCO_2EV3);
568
cad718ed 569 if (hdev->features[0][5] & LMP_EDR_ESCO_3M)
efc7688b
MH		 570 hdev->esco_type |= (ESCO_3EV3);
571
cad718ed 572 if (hdev->features[0][5] & LMP_EDR_3S_ESCO)
efc7688b 573 hdev->esco_type |= (ESCO_2EV5 | ESCO_3EV5);
a9de9248 574}
1da177e4 575
971e3a4b 576static void hci_cc_read_local_ext_features(struct hci_dev *hdev,
807deac2 577 struct sk_buff *skb)
971e3a4b
AG		 578{
579 struct hci_rp_read_local_ext_features *rp = (void *) skb->data;
580
9f1db00c 581 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
971e3a4b
AG		 582
583 if (rp->status)
42c6b129 584 return;
971e3a4b 585
57af75a8
MH		 586 if (hdev->max_page < rp->max_page)
587 hdev->max_page = rp->max_page;
d2c5d77f 588
cad718ed
JH		 589 if (rp->page < HCI_MAX_PAGES)
590 memcpy(hdev->features[rp->page], rp->features, 8);
971e3a4b
AG		 591}
592
1e89cffb 593static void hci_cc_read_flow_control_mode(struct hci_dev *hdev,
807deac2 594 struct sk_buff *skb)
1e89cffb
AE		 595{
596 struct hci_rp_read_flow_control_mode *rp = (void *) skb->data;
597
9f1db00c 598 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1e89cffb 599
42c6b129
JH		 600 if (!rp->status)
601 hdev->flow_ctl_mode = rp->mode;
1e89cffb
AE		 602}
603
a9de9248
MH		 604static void hci_cc_read_buffer_size(struct hci_dev *hdev, struct sk_buff *skb)
605{
606 struct hci_rp_read_buffer_size *rp = (void *) skb->data;
1da177e4 607
9f1db00c 608 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1da177e4 609
a9de9248
MH		 610 if (rp->status)
611 return;
1da177e4 612
a9de9248
MH		 613 hdev->acl_mtu = __le16_to_cpu(rp->acl_mtu);
614 hdev->sco_mtu = rp->sco_mtu;
615 hdev->acl_pkts = __le16_to_cpu(rp->acl_max_pkt);
616 hdev->sco_pkts = __le16_to_cpu(rp->sco_max_pkt);
617
618 if (test_bit(HCI_QUIRK_FIXUP_BUFFER_SIZE, &hdev->quirks)) {
619 hdev->sco_mtu = 64;
620 hdev->sco_pkts = 8;
1da177e4 621 }
a9de9248
MH		 622
623 hdev->acl_cnt = hdev->acl_pkts;
624 hdev->sco_cnt = hdev->sco_pkts;
625
807deac2
GP		 626 BT_DBG("%s acl mtu %d:%d sco mtu %d:%d", hdev->name, hdev->acl_mtu,
627 hdev->acl_pkts, hdev->sco_mtu, hdev->sco_pkts);
a9de9248
MH		 628}
629
630static void hci_cc_read_bd_addr(struct hci_dev *hdev, struct sk_buff *skb)
631{
632 struct hci_rp_read_bd_addr *rp = (void *) skb->data;
633
9f1db00c 634 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
a9de9248
MH		 635
636 if (!rp->status)
637 bacpy(&hdev->bdaddr, &rp->bdaddr);
23bb5763
JH		 638}
639
f332ec66
JH		 640static void hci_cc_read_page_scan_activity(struct hci_dev *hdev,
641 struct sk_buff *skb)
642{
643 struct hci_rp_read_page_scan_activity *rp = (void *) skb->data;
644
645 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
646
647 if (test_bit(HCI_INIT, &hdev->flags) && !rp->status) {
648 hdev->page_scan_interval = __le16_to_cpu(rp->interval);
649 hdev->page_scan_window = __le16_to_cpu(rp->window);
650 }
651}
652
4a3ee763
JH		 653static void hci_cc_write_page_scan_activity(struct hci_dev *hdev,
654 struct sk_buff *skb)
655{
656 u8 status = *((u8 *) skb->data);
657 struct hci_cp_write_page_scan_activity *sent;
658
659 BT_DBG("%s status 0x%2.2x", hdev->name, status);
660
661 if (status)
662 return;
663
664 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY);
665 if (!sent)
666 return;
667
668 hdev->page_scan_interval = __le16_to_cpu(sent->interval);
669 hdev->page_scan_window = __le16_to_cpu(sent->window);
670}
671
f332ec66
JH		 672static void hci_cc_read_page_scan_type(struct hci_dev *hdev,
673 struct sk_buff *skb)
674{
675 struct hci_rp_read_page_scan_type *rp = (void *) skb->data;
676
677 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
678
679 if (test_bit(HCI_INIT, &hdev->flags) && !rp->status)
680 hdev->page_scan_type = rp->type;
681}
682
4a3ee763
JH		 683static void hci_cc_write_page_scan_type(struct hci_dev *hdev,
684 struct sk_buff *skb)
685{
686 u8 status = *((u8 *) skb->data);
687 u8 *type;
688
689 BT_DBG("%s status 0x%2.2x", hdev->name, status);
690
691 if (status)
692 return;
693
694 type = hci_sent_cmd_data(hdev, HCI_OP_WRITE_PAGE_SCAN_TYPE);
695 if (type)
696 hdev->page_scan_type = *type;
697}
698
350ee4cf 699static void hci_cc_read_data_block_size(struct hci_dev *hdev,
807deac2 700 struct sk_buff *skb)
350ee4cf
AE		 701{
702 struct hci_rp_read_data_block_size *rp = (void *) skb->data;
703
9f1db00c 704 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
350ee4cf
AE		 705
706 if (rp->status)
707 return;
708
709 hdev->block_mtu = __le16_to_cpu(rp->max_acl_len);
710 hdev->block_len = __le16_to_cpu(rp->block_len);
711 hdev->num_blocks = __le16_to_cpu(rp->num_blocks);
712
713 hdev->block_cnt = hdev->num_blocks;
714
715 BT_DBG("%s blk mtu %d cnt %d len %d", hdev->name, hdev->block_mtu,
807deac2 716 hdev->block_cnt, hdev->block_len);
350ee4cf
AE		 717}
718
928abaa7 719static void hci_cc_read_local_amp_info(struct hci_dev *hdev,
807deac2 720 struct sk_buff *skb)
928abaa7
AE		 721{
722 struct hci_rp_read_local_amp_info *rp = (void *) skb->data;
723
9f1db00c 724 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
928abaa7
AE		 725
726 if (rp->status)
8e2a0d92 727 goto a2mp_rsp;
928abaa7
AE		 728
729 hdev->amp_status = rp->amp_status;
730 hdev->amp_total_bw = __le32_to_cpu(rp->total_bw);
731 hdev->amp_max_bw = __le32_to_cpu(rp->max_bw);
732 hdev->amp_min_latency = __le32_to_cpu(rp->min_latency);
733 hdev->amp_max_pdu = __le32_to_cpu(rp->max_pdu);
734 hdev->amp_type = rp->amp_type;
735 hdev->amp_pal_cap = __le16_to_cpu(rp->pal_cap);
736 hdev->amp_assoc_size = __le16_to_cpu(rp->max_assoc_size);
737 hdev->amp_be_flush_to = __le32_to_cpu(rp->be_flush_to);
738 hdev->amp_max_flush_to = __le32_to_cpu(rp->max_flush_to);
739
8e2a0d92
AE		 740a2mp_rsp:
741 a2mp_send_getinfo_rsp(hdev);
928abaa7
AE		 742}
743
903e4541
AE		 744static void hci_cc_read_local_amp_assoc(struct hci_dev *hdev,
745 struct sk_buff *skb)
746{
747 struct hci_rp_read_local_amp_assoc *rp = (void *) skb->data;
748 struct amp_assoc *assoc = &hdev->loc_assoc;
749 size_t rem_len, frag_len;
750
751 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
752
753 if (rp->status)
754 goto a2mp_rsp;
755
756 frag_len = skb->len - sizeof(*rp);
757 rem_len = __le16_to_cpu(rp->rem_len);
758
759 if (rem_len > frag_len) {
2e430be3 760 BT_DBG("frag_len %zu rem_len %zu", frag_len, rem_len);
903e4541
AE		 761
762 memcpy(assoc->data + assoc->offset, rp->frag, frag_len);
763 assoc->offset += frag_len;
764
765 /* Read other fragments */
766 amp_read_loc_assoc_frag(hdev, rp->phy_handle);
767
768 return;
769 }
770
771 memcpy(assoc->data + assoc->offset, rp->frag, rem_len);
772 assoc->len = assoc->offset + rem_len;
773 assoc->offset = 0;
774
775a2mp_rsp:
776 /* Send A2MP Rsp when all fragments are received */
777 a2mp_send_getampassoc_rsp(hdev, rp->status);
9495b2ee 778 a2mp_send_create_phy_link_req(hdev, rp->status);
903e4541
AE		 779}
780
d5859e22 781static void hci_cc_read_inq_rsp_tx_power(struct hci_dev *hdev,
807deac2 782 struct sk_buff *skb)
d5859e22 783{
91c4e9b1 784 struct hci_rp_read_inq_rsp_tx_power *rp = (void *) skb->data;
d5859e22 785
9f1db00c 786 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
91c4e9b1
MH		 787
788 if (!rp->status)
789 hdev->inq_tx_power = rp->tx_power;
d5859e22
JH		 790}
791
980e1a53
JH		 792static void hci_cc_pin_code_reply(struct hci_dev *hdev, struct sk_buff *skb)
793{
794 struct hci_rp_pin_code_reply *rp = (void *) skb->data;
795 struct hci_cp_pin_code_reply *cp;
796 struct hci_conn *conn;
797
9f1db00c 798 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
980e1a53 799
56e5cb86
JH		 800 hci_dev_lock(hdev);
801
a8b2d5c2 802 if (test_bit(HCI_MGMT, &hdev->dev_flags))
744cf19e 803 mgmt_pin_code_reply_complete(hdev, &rp->bdaddr, rp->status);
980e1a53 804
fa1bd918 805 if (rp->status)
56e5cb86 806 goto unlock;
980e1a53
JH		 807
808 cp = hci_sent_cmd_data(hdev, HCI_OP_PIN_CODE_REPLY);
809 if (!cp)
56e5cb86 810 goto unlock;
980e1a53
JH		 811
812 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
813 if (conn)
814 conn->pin_length = cp->pin_len;
56e5cb86
JH		 815
816unlock:
817 hci_dev_unlock(hdev);
980e1a53
JH		 818}
819
820static void hci_cc_pin_code_neg_reply(struct hci_dev *hdev, struct sk_buff *skb)
821{
822 struct hci_rp_pin_code_neg_reply *rp = (void *) skb->data;
823
9f1db00c 824 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
980e1a53 825
56e5cb86
JH		 826 hci_dev_lock(hdev);
827
a8b2d5c2 828 if (test_bit(HCI_MGMT, &hdev->dev_flags))
744cf19e 829 mgmt_pin_code_neg_reply_complete(hdev, &rp->bdaddr,
807deac2 830 rp->status);
56e5cb86
JH		 831
832 hci_dev_unlock(hdev);
980e1a53 833}
56e5cb86 834
6ed58ec5
VT		 835static void hci_cc_le_read_buffer_size(struct hci_dev *hdev,
836 struct sk_buff *skb)
837{
838 struct hci_rp_le_read_buffer_size *rp = (void *) skb->data;
839
9f1db00c 840 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
6ed58ec5
VT		 841
842 if (rp->status)
843 return;
844
845 hdev->le_mtu = __le16_to_cpu(rp->le_mtu);
846 hdev->le_pkts = rp->le_max_pkt;
847
848 hdev->le_cnt = hdev->le_pkts;
849
850 BT_DBG("%s le mtu %d:%d", hdev->name, hdev->le_mtu, hdev->le_pkts);
6ed58ec5 851}
980e1a53 852
60e77321
JH		 853static void hci_cc_le_read_local_features(struct hci_dev *hdev,
854 struct sk_buff *skb)
855{
856 struct hci_rp_le_read_local_features *rp = (void *) skb->data;
857
858 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
859
860 if (!rp->status)
861 memcpy(hdev->le_features, rp->features, 8);
60e77321
JH		 862}
863
8fa19098
JH		 864static void hci_cc_le_read_adv_tx_power(struct hci_dev *hdev,
865 struct sk_buff *skb)
866{
867 struct hci_rp_le_read_adv_tx_power *rp = (void *) skb->data;
868
869 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
870
04b4edcb 871 if (!rp->status)
8fa19098 872 hdev->adv_tx_power = rp->tx_power;
8fa19098
JH		 873}
874
a5c29683
JH		 875static void hci_cc_user_confirm_reply(struct hci_dev *hdev, struct sk_buff *skb)
876{
877 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
878
9f1db00c 879 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
a5c29683 880
56e5cb86
JH		 881 hci_dev_lock(hdev);
882
a8b2d5c2 883 if (test_bit(HCI_MGMT, &hdev->dev_flags))
04124681
GP		 884 mgmt_user_confirm_reply_complete(hdev, &rp->bdaddr, ACL_LINK, 0,
885 rp->status);
56e5cb86
JH		 886
887 hci_dev_unlock(hdev);
a5c29683
JH		 888}
889
890static void hci_cc_user_confirm_neg_reply(struct hci_dev *hdev,
807deac2 891 struct sk_buff *skb)
a5c29683
JH		 892{
893 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
894
9f1db00c 895 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
a5c29683 896
56e5cb86
JH		 897 hci_dev_lock(hdev);
898
a8b2d5c2 899 if (test_bit(HCI_MGMT, &hdev->dev_flags))
744cf19e 900 mgmt_user_confirm_neg_reply_complete(hdev, &rp->bdaddr,
04124681 901 ACL_LINK, 0, rp->status);
56e5cb86
JH		 902
903 hci_dev_unlock(hdev);
a5c29683
JH		 904}
905
1143d458
BG		 906static void hci_cc_user_passkey_reply(struct hci_dev *hdev, struct sk_buff *skb)
907{
908 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
909
9f1db00c 910 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1143d458
BG		 911
912 hci_dev_lock(hdev);
913
a8b2d5c2 914 if (test_bit(HCI_MGMT, &hdev->dev_flags))
272d90df 915 mgmt_user_passkey_reply_complete(hdev, &rp->bdaddr, ACL_LINK,
04124681 916 0, rp->status);
1143d458
BG		 917
918 hci_dev_unlock(hdev);
919}
920
921static void hci_cc_user_passkey_neg_reply(struct hci_dev *hdev,
807deac2 922 struct sk_buff *skb)
1143d458
BG		 923{
924 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
925
9f1db00c 926 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1143d458
BG		 927
928 hci_dev_lock(hdev);
929
a8b2d5c2 930 if (test_bit(HCI_MGMT, &hdev->dev_flags))
1143d458 931 mgmt_user_passkey_neg_reply_complete(hdev, &rp->bdaddr,
04124681 932 ACL_LINK, 0, rp->status);
1143d458
BG		 933
934 hci_dev_unlock(hdev);
935}
936
4d2d2796
MH		 937static void hci_cc_read_local_oob_data(struct hci_dev *hdev,
938 struct sk_buff *skb)
c35938b2
SJ		 939{
940 struct hci_rp_read_local_oob_data *rp = (void *) skb->data;
941
9f1db00c 942 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
c35938b2 943
56e5cb86 944 hci_dev_lock(hdev);
4d2d2796
MH		 945 mgmt_read_local_oob_data_complete(hdev, rp->hash, rp->randomizer,
946 NULL, NULL, rp->status);
947 hci_dev_unlock(hdev);
948}
949
950static void hci_cc_read_local_oob_ext_data(struct hci_dev *hdev,
951 struct sk_buff *skb)
952{
953 struct hci_rp_read_local_oob_ext_data *rp = (void *) skb->data;
954
955 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
956
957 hci_dev_lock(hdev);
958 mgmt_read_local_oob_data_complete(hdev, rp->hash192, rp->randomizer192,
959 rp->hash256, rp->randomizer256,
960 rp->status);
56e5cb86 961 hci_dev_unlock(hdev);
c35938b2
SJ		 962}
963
7a4cd51d
MH		 964
965static void hci_cc_le_set_random_addr(struct hci_dev *hdev, struct sk_buff *skb)
966{
967 __u8 status = *((__u8 *) skb->data);
968 bdaddr_t *sent;
969
970 BT_DBG("%s status 0x%2.2x", hdev->name, status);
971
972 sent = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_RANDOM_ADDR);
973 if (!sent)
974 return;
975
976 hci_dev_lock(hdev);
977
978 if (!status)
979 bacpy(&hdev->random_addr, sent);
980
981 hci_dev_unlock(hdev);
982}
983
c1d5dc4a
JH		 984static void hci_cc_le_set_adv_enable(struct hci_dev *hdev, struct sk_buff *skb)
985{
986 __u8 *sent, status = *((__u8 *) skb->data);
987
988 BT_DBG("%s status 0x%2.2x", hdev->name, status);
989
990 sent = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_ADV_ENABLE);
991 if (!sent)
992 return;
993
3c857757
JH		 994 if (status)
995 return;
996
c1d5dc4a
JH		 997 hci_dev_lock(hdev);
998
3c857757
JH		 999 /* If we're doing connection initation as peripheral. Set a
1000 * timeout in case something goes wrong.
1001 */
1002 if (*sent) {
1003 struct hci_conn *conn;
1004
1005 conn = hci_conn_hash_lookup_state(hdev, LE_LINK, BT_CONNECT);
1006 if (conn)
1007 queue_delayed_work(hdev->workqueue,
1008 &conn->le_conn_timeout,
1009 HCI_LE_CONN_TIMEOUT);
1010 }
1011
1012 mgmt_advertising(hdev, *sent);
c1d5dc4a 1013
04b4edcb 1014 hci_dev_unlock(hdev);
c1d5dc4a
JH		 1015}
1016
533553f8
MH		 1017static void hci_cc_le_set_scan_param(struct hci_dev *hdev, struct sk_buff *skb)
1018{
1019 struct hci_cp_le_set_scan_param *cp;
1020 __u8 status = *((__u8 *) skb->data);
1021
1022 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1023
1024 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_SCAN_PARAM);
1025 if (!cp)
1026 return;
1027
1028 hci_dev_lock(hdev);
1029
1030 if (!status)
1031 hdev->le_scan_type = cp->type;
1032
1033 hci_dev_unlock(hdev);
1034}
1035
b9a6328f
JH		 1036static bool has_pending_adv_report(struct hci_dev *hdev)
1037{
1038 struct discovery_state *d = &hdev->discovery;
1039
1040 return bacmp(&d->last_adv_addr, BDADDR_ANY);
1041}
1042
1043static void clear_pending_adv_report(struct hci_dev *hdev)
1044{
1045 struct discovery_state *d = &hdev->discovery;
1046
1047 bacpy(&d->last_adv_addr, BDADDR_ANY);
1048 d->last_adv_data_len = 0;
1049}
1050
1051static void store_pending_adv_report(struct hci_dev *hdev, bdaddr_t *bdaddr,
ff5cd29f 1052 u8 bdaddr_type, s8 rssi, u8 *data, u8 len)
b9a6328f
JH		 1053{
1054 struct discovery_state *d = &hdev->discovery;
1055
1056 bacpy(&d->last_adv_addr, bdaddr);
1057 d->last_adv_addr_type = bdaddr_type;
ff5cd29f 1058 d->last_adv_rssi = rssi;
b9a6328f
JH		 1059 memcpy(d->last_adv_data, data, len);
1060 d->last_adv_data_len = len;
1061}
1062
eb9d91f5 1063static void hci_cc_le_set_scan_enable(struct hci_dev *hdev,
807deac2 1064 struct sk_buff *skb)
eb9d91f5
AG		 1065{
1066 struct hci_cp_le_set_scan_enable *cp;
1067 __u8 status = *((__u8 *) skb->data);
1068
9f1db00c 1069 BT_DBG("%s status 0x%2.2x", hdev->name, status);
eb9d91f5 1070
eb9d91f5
AG		 1071 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_SCAN_ENABLE);
1072 if (!cp)
1073 return;
1074
3fd319b8
AG		 1075 if (status)
1076 return;
1077
68a8aea4 1078 switch (cp->enable) {
76a388be 1079 case LE_SCAN_ENABLE:
d23264a8 1080 set_bit(HCI_LE_SCAN, &hdev->dev_flags);
b9a6328f
JH		 1081 if (hdev->le_scan_type == LE_SCAN_ACTIVE)
1082 clear_pending_adv_report(hdev);
68a8aea4
AE		 1083 break;
1084
76a388be 1085 case LE_SCAN_DISABLE:
b9a6328f
JH		 1086 /* We do this here instead of when setting DISCOVERY_STOPPED
1087 * since the latter would potentially require waiting for
1088 * inquiry to stop too.
1089 */
1090 if (has_pending_adv_report(hdev)) {
1091 struct discovery_state *d = &hdev->discovery;
1092
1093 mgmt_device_found(hdev, &d->last_adv_addr, LE_LINK,
ab0aa433
JH		 1094 d->last_adv_addr_type, NULL,
1095 d->last_adv_rssi, 0, 1,
1096 d->last_adv_data,
b9a6328f
JH		 1097 d->last_adv_data_len, NULL, 0);
1098 }
1099
317ac8cb
JH		 1100 /* Cancel this timer so that we don't try to disable scanning
1101 * when it's already disabled.
1102 */
1103 cancel_delayed_work(&hdev->le_scan_disable);
1104
d23264a8 1105 clear_bit(HCI_LE_SCAN, &hdev->dev_flags);
81ad6fd9
JH		 1106 /* The HCI_LE_SCAN_INTERRUPTED flag indicates that we
1107 * interrupted scanning due to a connect request. Mark
1108 * therefore discovery as stopped.
1109 */
1110 if (test_and_clear_bit(HCI_LE_SCAN_INTERRUPTED,
1111 &hdev->dev_flags))
1112 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
68a8aea4
AE		 1113 break;
1114
1115 default:
1116 BT_ERR("Used reserved LE_Scan_Enable param %d", cp->enable);
1117 break;
35815085 1118 }
eb9d91f5
AG		 1119}
1120
cf1d081f
JH		 1121static void hci_cc_le_read_white_list_size(struct hci_dev *hdev,
1122 struct sk_buff *skb)
1123{
1124 struct hci_rp_le_read_white_list_size *rp = (void *) skb->data;
1125
1126 BT_DBG("%s status 0x%2.2x size %u", hdev->name, rp->status, rp->size);
1127
1128 if (!rp->status)
1129 hdev->le_white_list_size = rp->size;
cf1d081f
JH		 1130}
1131
0f36b589
MH		 1132static void hci_cc_le_clear_white_list(struct hci_dev *hdev,
1133 struct sk_buff *skb)
1134{
1135 __u8 status = *((__u8 *) skb->data);
1136
1137 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1138
1139 if (!status)
1140 hci_white_list_clear(hdev);
1141}
1142
1143static void hci_cc_le_add_to_white_list(struct hci_dev *hdev,
1144 struct sk_buff *skb)
1145{
1146 struct hci_cp_le_add_to_white_list *sent;
1147 __u8 status = *((__u8 *) skb->data);
1148
1149 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1150
1151 sent = hci_sent_cmd_data(hdev, HCI_OP_LE_ADD_TO_WHITE_LIST);
1152 if (!sent)
1153 return;
1154
1155 if (!status)
1156 hci_white_list_add(hdev, &sent->bdaddr, sent->bdaddr_type);
1157}
1158
1159static void hci_cc_le_del_from_white_list(struct hci_dev *hdev,
1160 struct sk_buff *skb)
1161{
1162 struct hci_cp_le_del_from_white_list *sent;
1163 __u8 status = *((__u8 *) skb->data);
1164
1165 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1166
1167 sent = hci_sent_cmd_data(hdev, HCI_OP_LE_DEL_FROM_WHITE_LIST);
1168 if (!sent)
1169 return;
1170
1171 if (!status)
1172 hci_white_list_del(hdev, &sent->bdaddr, sent->bdaddr_type);
1173}
1174
9b008c04
JH		 1175static void hci_cc_le_read_supported_states(struct hci_dev *hdev,
1176 struct sk_buff *skb)
1177{
1178 struct hci_rp_le_read_supported_states *rp = (void *) skb->data;
1179
1180 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1181
1182 if (!rp->status)
1183 memcpy(hdev->le_states, rp->le_states, 8);
9b008c04
JH		 1184}
1185
6039aa73
GP		 1186static void hci_cc_write_le_host_supported(struct hci_dev *hdev,
1187 struct sk_buff *skb)
f9b49306 1188{
06199cf8 1189 struct hci_cp_write_le_host_supported *sent;
f9b49306
AG		 1190 __u8 status = *((__u8 *) skb->data);
1191
9f1db00c 1192 BT_DBG("%s status 0x%2.2x", hdev->name, status);
f9b49306 1193
06199cf8 1194 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED);
8f984dfa 1195 if (!sent)
f9b49306
AG		 1196 return;
1197
8f984dfa 1198 if (!status) {
416a4ae5 1199 if (sent->le) {
cad718ed 1200 hdev->features[1][0] |= LMP_HOST_LE;
416a4ae5
JH		 1201 set_bit(HCI_LE_ENABLED, &hdev->dev_flags);
1202 } else {
cad718ed 1203 hdev->features[1][0] &= ~LMP_HOST_LE;
416a4ae5 1204 clear_bit(HCI_LE_ENABLED, &hdev->dev_flags);
f3d3444a 1205 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
416a4ae5 1206 }
53b2caab
JH		 1207
1208 if (sent->simul)
cad718ed 1209 hdev->features[1][0] |= LMP_HOST_LE_BREDR;
53b2caab 1210 else
cad718ed 1211 hdev->features[1][0] &= ~LMP_HOST_LE_BREDR;
8f984dfa 1212 }
f9b49306
AG		 1213}
1214
56ed2cb8
JH		 1215static void hci_cc_set_adv_param(struct hci_dev *hdev, struct sk_buff *skb)
1216{
1217 struct hci_cp_le_set_adv_param *cp;
1218 u8 status = *((u8 *) skb->data);
1219
1220 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1221
1222 if (status)
1223 return;
1224
1225 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_ADV_PARAM);
1226 if (!cp)
1227 return;
1228
1229 hci_dev_lock(hdev);
1230 hdev->adv_addr_type = cp->own_address_type;
1231 hci_dev_unlock(hdev);
1232}
1233
93c284ee
AE		 1234static void hci_cc_write_remote_amp_assoc(struct hci_dev *hdev,
1235 struct sk_buff *skb)
1236{
1237 struct hci_rp_write_remote_amp_assoc *rp = (void *) skb->data;
1238
1239 BT_DBG("%s status 0x%2.2x phy_handle 0x%2.2x",
1240 hdev->name, rp->status, rp->phy_handle);
1241
1242 if (rp->status)
1243 return;
1244
1245 amp_write_rem_assoc_continue(hdev, rp->phy_handle);
1246}
1247
6039aa73 1248static void hci_cs_inquiry(struct hci_dev *hdev, __u8 status)
a9de9248 1249{
9f1db00c 1250 BT_DBG("%s status 0x%2.2x", hdev->name, status);
a9de9248
MH		 1251
1252 if (status) {
a9de9248 1253 hci_conn_check_pending(hdev);
314b2381
JH		 1254 return;
1255 }
1256
89352e7d 1257 set_bit(HCI_INQUIRY, &hdev->flags);
1da177e4
LT		 1258}
1259
6039aa73 1260static void hci_cs_create_conn(struct hci_dev *hdev, __u8 status)
1da177e4 1261{
a9de9248 1262 struct hci_cp_create_conn *cp;
1da177e4 1263 struct hci_conn *conn;
1da177e4 1264
9f1db00c 1265 BT_DBG("%s status 0x%2.2x", hdev->name, status);
a9de9248
MH		 1266
1267 cp = hci_sent_cmd_data(hdev, HCI_OP_CREATE_CONN);
1da177e4
LT		 1268 if (!cp)
1269 return;
1270
1271 hci_dev_lock(hdev);
1272
1273 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1274
6ed93dc6 1275 BT_DBG("%s bdaddr %pMR hcon %p", hdev->name, &cp->bdaddr, conn);
1da177e4
LT		 1276
1277 if (status) {
1278 if (conn && conn->state == BT_CONNECT) {
4c67bc74
MH		 1279 if (status != 0x0c || conn->attempt > 2) {
1280 conn->state = BT_CLOSED;
1281 hci_proto_connect_cfm(conn, status);
1282 hci_conn_del(conn);
1283 } else
1284 conn->state = BT_CONNECT2;
1da177e4
LT		 1285 }
1286 } else {
1287 if (!conn) {
1288 conn = hci_conn_add(hdev, ACL_LINK, &cp->bdaddr);
1289 if (conn) {
a0c808b3 1290 conn->out = true;
1da177e4
LT		 1291 conn->link_mode |= HCI_LM_MASTER;
1292 } else
893ef971 1293 BT_ERR("No memory for new connection");
1da177e4
LT		 1294 }
1295 }
1296
1297 hci_dev_unlock(hdev);
1298}
1299
a9de9248 1300static void hci_cs_add_sco(struct hci_dev *hdev, __u8 status)
1da177e4 1301{
a9de9248
MH		 1302 struct hci_cp_add_sco *cp;
1303 struct hci_conn *acl, *sco;
1304 __u16 handle;
1da177e4 1305
9f1db00c 1306 BT_DBG("%s status 0x%2.2x", hdev->name, status);
b6a0dc82 1307
a9de9248
MH		 1308 if (!status)
1309 return;
1da177e4 1310
a9de9248
MH		 1311 cp = hci_sent_cmd_data(hdev, HCI_OP_ADD_SCO);
1312 if (!cp)
1313 return;
1da177e4 1314
a9de9248 1315 handle = __le16_to_cpu(cp->handle);
1da177e4 1316
9f1db00c 1317 BT_DBG("%s handle 0x%4.4x", hdev->name, handle);
1da177e4 1318
a9de9248 1319 hci_dev_lock(hdev);
1da177e4 1320
a9de9248 1321 acl = hci_conn_hash_lookup_handle(hdev, handle);
5a08ecce
AE		 1322 if (acl) {
1323 sco = acl->link;
1324 if (sco) {
1325 sco->state = BT_CLOSED;
1da177e4 1326
5a08ecce
AE		 1327 hci_proto_connect_cfm(sco, status);
1328 hci_conn_del(sco);
1329 }
a9de9248 1330 }
1da177e4 1331
a9de9248
MH		 1332 hci_dev_unlock(hdev);
1333}
1da177e4 1334
f8558555
MH		 1335static void hci_cs_auth_requested(struct hci_dev *hdev, __u8 status)
1336{
1337 struct hci_cp_auth_requested *cp;
1338 struct hci_conn *conn;
1339
9f1db00c 1340 BT_DBG("%s status 0x%2.2x", hdev->name, status);
f8558555
MH		 1341
1342 if (!status)
1343 return;
1344
1345 cp = hci_sent_cmd_data(hdev, HCI_OP_AUTH_REQUESTED);
1346 if (!cp)
1347 return;
1348
1349 hci_dev_lock(hdev);
1350
1351 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1352 if (conn) {
1353 if (conn->state == BT_CONFIG) {
1354 hci_proto_connect_cfm(conn, status);
76a68ba0 1355 hci_conn_drop(conn);
f8558555
MH		 1356 }
1357 }
1358
1359 hci_dev_unlock(hdev);
1360}
1361
1362static void hci_cs_set_conn_encrypt(struct hci_dev *hdev, __u8 status)
1363{
1364 struct hci_cp_set_conn_encrypt *cp;
1365 struct hci_conn *conn;
1366
9f1db00c 1367 BT_DBG("%s status 0x%2.2x", hdev->name, status);
f8558555
MH		 1368
1369 if (!status)
1370 return;
1371
1372 cp = hci_sent_cmd_data(hdev, HCI_OP_SET_CONN_ENCRYPT);
1373 if (!cp)
1374 return;
1375
1376 hci_dev_lock(hdev);
1377
1378 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1379 if (conn) {
1380 if (conn->state == BT_CONFIG) {
1381 hci_proto_connect_cfm(conn, status);
76a68ba0 1382 hci_conn_drop(conn);
f8558555
MH		 1383 }
1384 }
1385
1386 hci_dev_unlock(hdev);
1387}
1388
127178d2 1389static int hci_outgoing_auth_needed(struct hci_dev *hdev,
807deac2 1390 struct hci_conn *conn)
392599b9 1391{
392599b9
JH		 1392 if (conn->state != BT_CONFIG || !conn->out)
1393 return 0;
1394
765c2a96 1395 if (conn->pending_sec_level == BT_SECURITY_SDP)
392599b9
JH		 1396 return 0;
1397
1398 /* Only request authentication for SSP connections or non-SSP
264b8b4e
JH		 1399 * devices with sec_level MEDIUM or HIGH or if MITM protection
1400 * is requested.
1401 */
807deac2 1402 if (!hci_conn_ssp_enabled(conn) && !(conn->auth_type & 0x01) &&
264b8b4e
JH		 1403 conn->pending_sec_level != BT_SECURITY_HIGH &&
1404 conn->pending_sec_level != BT_SECURITY_MEDIUM)
392599b9
JH		 1405 return 0;
1406
392599b9
JH		 1407 return 1;
1408}
1409
6039aa73 1410static int hci_resolve_name(struct hci_dev *hdev,
04124681 1411 struct inquiry_entry *e)
30dc78e1
JH		 1412{
1413 struct hci_cp_remote_name_req cp;
1414
1415 memset(&cp, 0, sizeof(cp));
1416
1417 bacpy(&cp.bdaddr, &e->data.bdaddr);
1418 cp.pscan_rep_mode = e->data.pscan_rep_mode;
1419 cp.pscan_mode = e->data.pscan_mode;
1420 cp.clock_offset = e->data.clock_offset;
1421
1422 return hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
1423}
1424
b644ba33 1425static bool hci_resolve_next_name(struct hci_dev *hdev)
30dc78e1
JH		 1426{
1427 struct discovery_state *discov = &hdev->discovery;
1428 struct inquiry_entry *e;
1429
b644ba33
JH		 1430 if (list_empty(&discov->resolve))
1431 return false;
1432
1433 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_NEEDED);
c810089c
RM		 1434 if (!e)
1435 return false;
1436
b644ba33
JH		 1437 if (hci_resolve_name(hdev, e) == 0) {
1438 e->name_state = NAME_PENDING;
1439 return true;
1440 }
1441
1442 return false;
1443}
1444
1445static void hci_check_pending_name(struct hci_dev *hdev, struct hci_conn *conn,
04124681 1446 bdaddr_t *bdaddr, u8 *name, u8 name_len)
b644ba33
JH		 1447{
1448 struct discovery_state *discov = &hdev->discovery;
1449 struct inquiry_entry *e;
1450
1451 if (conn && !test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
04124681
GP		 1452 mgmt_device_connected(hdev, bdaddr, ACL_LINK, 0x00, 0, name,
1453 name_len, conn->dev_class);
b644ba33
JH		 1454
1455 if (discov->state == DISCOVERY_STOPPED)
1456 return;
1457
30dc78e1
JH		 1458 if (discov->state == DISCOVERY_STOPPING)
1459 goto discov_complete;
1460
1461 if (discov->state != DISCOVERY_RESOLVING)
1462 return;
1463
1464 e = hci_inquiry_cache_lookup_resolve(hdev, bdaddr, NAME_PENDING);
7cc8380e
RM		 1465 /* If the device was not found in a list of found devices names of which
1466 * are pending. there is no need to continue resolving a next name as it
1467 * will be done upon receiving another Remote Name Request Complete
1468 * Event */
1469 if (!e)
1470 return;
1471
1472 list_del(&e->list);
1473 if (name) {
30dc78e1 1474 e->name_state = NAME_KNOWN;
7cc8380e
RM		 1475 mgmt_remote_name(hdev, bdaddr, ACL_LINK, 0x00,
1476 e->data.rssi, name, name_len);
c3e7c0d9
RM		 1477 } else {
1478 e->name_state = NAME_NOT_KNOWN;
30dc78e1
JH		 1479 }
1480
b644ba33 1481 if (hci_resolve_next_name(hdev))
30dc78e1 1482 return;
30dc78e1
JH		 1483
1484discov_complete:
1485 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1486}
1487
a9de9248
MH		 1488static void hci_cs_remote_name_req(struct hci_dev *hdev, __u8 status)
1489{
127178d2
JH		 1490 struct hci_cp_remote_name_req *cp;
1491 struct hci_conn *conn;
1492
9f1db00c 1493 BT_DBG("%s status 0x%2.2x", hdev->name, status);
127178d2
JH		 1494
1495 /* If successful wait for the name req complete event before
1496 * checking for the need to do authentication */
1497 if (!status)
1498 return;
1499
1500 cp = hci_sent_cmd_data(hdev, HCI_OP_REMOTE_NAME_REQ);
1501 if (!cp)
1502 return;
1503
1504 hci_dev_lock(hdev);
1505
b644ba33
JH		 1506 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1507
a8b2d5c2 1508 if (test_bit(HCI_MGMT, &hdev->dev_flags))
b644ba33 1509 hci_check_pending_name(hdev, conn, &cp->bdaddr, NULL, 0);
30dc78e1 1510
79c6c70c
JH		 1511 if (!conn)
1512 goto unlock;
1513
1514 if (!hci_outgoing_auth_needed(hdev, conn))
1515 goto unlock;
1516
51a8efd7 1517 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
c1f23a2b
JB		 1518 struct hci_cp_auth_requested auth_cp;
1519
1520 auth_cp.handle = __cpu_to_le16(conn->handle);
1521 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED,
1522 sizeof(auth_cp), &auth_cp);
127178d2
JH		 1523 }
1524
79c6c70c 1525unlock:
127178d2 1526 hci_dev_unlock(hdev);
a9de9248 1527}
1da177e4 1528
769be974
MH		 1529static void hci_cs_read_remote_features(struct hci_dev *hdev, __u8 status)
1530{
1531 struct hci_cp_read_remote_features *cp;
1532 struct hci_conn *conn;
1533
9f1db00c 1534 BT_DBG("%s status 0x%2.2x", hdev->name, status);
769be974
MH		 1535
1536 if (!status)
1537 return;
1538
1539 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_FEATURES);
1540 if (!cp)
1541 return;
1542
1543 hci_dev_lock(hdev);
1544
1545 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1546 if (conn) {
1547 if (conn->state == BT_CONFIG) {
769be974 1548 hci_proto_connect_cfm(conn, status);
76a68ba0 1549 hci_conn_drop(conn);
769be974
MH		 1550 }
1551 }
1552
1553 hci_dev_unlock(hdev);
1554}
1555
1556static void hci_cs_read_remote_ext_features(struct hci_dev *hdev, __u8 status)
1557{
1558 struct hci_cp_read_remote_ext_features *cp;
1559 struct hci_conn *conn;
1560
9f1db00c 1561 BT_DBG("%s status 0x%2.2x", hdev->name, status);
769be974
MH		 1562
1563 if (!status)
1564 return;
1565
1566 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES);
1567 if (!cp)
1568 return;
1569
1570 hci_dev_lock(hdev);
1571
1572 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1573 if (conn) {
1574 if (conn->state == BT_CONFIG) {
769be974 1575 hci_proto_connect_cfm(conn, status);
76a68ba0 1576 hci_conn_drop(conn);
769be974
MH		 1577 }
1578 }
1579
1580 hci_dev_unlock(hdev);
1581}
1582
a9de9248
MH		 1583static void hci_cs_setup_sync_conn(struct hci_dev *hdev, __u8 status)
1584{
b6a0dc82
MH		 1585 struct hci_cp_setup_sync_conn *cp;
1586 struct hci_conn *acl, *sco;
1587 __u16 handle;
1588
9f1db00c 1589 BT_DBG("%s status 0x%2.2x", hdev->name, status);
b6a0dc82
MH		 1590
1591 if (!status)
1592 return;
1593
1594 cp = hci_sent_cmd_data(hdev, HCI_OP_SETUP_SYNC_CONN);
1595 if (!cp)
1596 return;
1597
1598 handle = __le16_to_cpu(cp->handle);
1599
9f1db00c 1600 BT_DBG("%s handle 0x%4.4x", hdev->name, handle);
b6a0dc82
MH		 1601
1602 hci_dev_lock(hdev);
1603
1604 acl = hci_conn_hash_lookup_handle(hdev, handle);
5a08ecce
AE		 1605 if (acl) {
1606 sco = acl->link;
1607 if (sco) {
1608 sco->state = BT_CLOSED;
b6a0dc82 1609
5a08ecce
AE		 1610 hci_proto_connect_cfm(sco, status);
1611 hci_conn_del(sco);
1612 }
b6a0dc82
MH		 1613 }
1614
1615 hci_dev_unlock(hdev);
1da177e4
LT		 1616}
1617
a9de9248 1618static void hci_cs_sniff_mode(struct hci_dev *hdev, __u8 status)
1da177e4 1619{
a9de9248
MH		 1620 struct hci_cp_sniff_mode *cp;
1621 struct hci_conn *conn;
1da177e4 1622
9f1db00c 1623 BT_DBG("%s status 0x%2.2x", hdev->name, status);
04837f64 1624
a9de9248
MH		 1625 if (!status)
1626 return;
04837f64 1627
a9de9248
MH		 1628 cp = hci_sent_cmd_data(hdev, HCI_OP_SNIFF_MODE);
1629 if (!cp)
1630 return;
04837f64 1631
a9de9248 1632 hci_dev_lock(hdev);
04837f64 1633
a9de9248 1634 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
e73439d8 1635 if (conn) {
51a8efd7 1636 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags);
04837f64 1637
51a8efd7 1638 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
e73439d8
MH		 1639 hci_sco_setup(conn, status);
1640 }
1641
a9de9248
MH		 1642 hci_dev_unlock(hdev);
1643}
04837f64 1644
a9de9248
MH		 1645static void hci_cs_exit_sniff_mode(struct hci_dev *hdev, __u8 status)
1646{
1647 struct hci_cp_exit_sniff_mode *cp;
1648 struct hci_conn *conn;
04837f64 1649
9f1db00c 1650 BT_DBG("%s status 0x%2.2x", hdev->name, status);
04837f64 1651
a9de9248
MH		 1652 if (!status)
1653 return;
04837f64 1654
a9de9248
MH		 1655 cp = hci_sent_cmd_data(hdev, HCI_OP_EXIT_SNIFF_MODE);
1656 if (!cp)
1657 return;
04837f64 1658
a9de9248 1659 hci_dev_lock(hdev);
1da177e4 1660
a9de9248 1661 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
e73439d8 1662 if (conn) {
51a8efd7 1663 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags);
1da177e4 1664
51a8efd7 1665 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
e73439d8
MH		 1666 hci_sco_setup(conn, status);
1667 }
1668
a9de9248 1669 hci_dev_unlock(hdev);
1da177e4
LT		 1670}
1671
88c3df13
JH		 1672static void hci_cs_disconnect(struct hci_dev *hdev, u8 status)
1673{
1674 struct hci_cp_disconnect *cp;
1675 struct hci_conn *conn;
1676
1677 if (!status)
1678 return;
1679
1680 cp = hci_sent_cmd_data(hdev, HCI_OP_DISCONNECT);
1681 if (!cp)
1682 return;
1683
1684 hci_dev_lock(hdev);
1685
1686 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1687 if (conn)
1688 mgmt_disconnect_failed(hdev, &conn->dst, conn->type,
04124681 1689 conn->dst_type, status);
88c3df13
JH		 1690
1691 hci_dev_unlock(hdev);
1692}
1693
a02226d6
AE		 1694static void hci_cs_create_phylink(struct hci_dev *hdev, u8 status)
1695{
93c284ee
AE		 1696 struct hci_cp_create_phy_link *cp;
1697
a02226d6 1698 BT_DBG("%s status 0x%2.2x", hdev->name, status);
93c284ee 1699
93c284ee
AE		 1700 cp = hci_sent_cmd_data(hdev, HCI_OP_CREATE_PHY_LINK);
1701 if (!cp)
1702 return;
1703
e58917b9
AE		 1704 hci_dev_lock(hdev);
1705
1706 if (status) {
1707 struct hci_conn *hcon;
1708
1709 hcon = hci_conn_hash_lookup_handle(hdev, cp->phy_handle);
1710 if (hcon)
1711 hci_conn_del(hcon);
1712 } else {
1713 amp_write_remote_assoc(hdev, cp->phy_handle);
1714 }
1715
1716 hci_dev_unlock(hdev);
a02226d6
AE		 1717}
1718
0b26ab9d
AE		 1719static void hci_cs_accept_phylink(struct hci_dev *hdev, u8 status)
1720{
1721 struct hci_cp_accept_phy_link *cp;
1722
1723 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1724
1725 if (status)
1726 return;
1727
1728 cp = hci_sent_cmd_data(hdev, HCI_OP_ACCEPT_PHY_LINK);
1729 if (!cp)
1730 return;
1731
1732 amp_write_remote_assoc(hdev, cp->phy_handle);
1733}
1734
cb1d68f7
JH		 1735static void hci_cs_le_create_conn(struct hci_dev *hdev, u8 status)
1736{
1737 struct hci_cp_le_create_conn *cp;
1738 struct hci_conn *conn;
1739
1740 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1741
1742 /* All connection failure handling is taken care of by the
1743 * hci_le_conn_failed function which is triggered by the HCI
1744 * request completion callbacks used for connecting.
1745 */
1746 if (status)
1747 return;
1748
1749 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_CREATE_CONN);
1750 if (!cp)
1751 return;
1752
1753 hci_dev_lock(hdev);
1754
1755 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->peer_addr);
1756 if (!conn)
1757 goto unlock;
1758
1759 /* Store the initiator and responder address information which
1760 * is needed for SMP. These values will not change during the
1761 * lifetime of the connection.
1762 */
1763 conn->init_addr_type = cp->own_address_type;
1764 if (cp->own_address_type == ADDR_LE_DEV_RANDOM)
1765 bacpy(&conn->init_addr, &hdev->random_addr);
1766 else
1767 bacpy(&conn->init_addr, &hdev->bdaddr);
1768
1769 conn->resp_addr_type = cp->peer_addr_type;
1770 bacpy(&conn->resp_addr, &cp->peer_addr);
1771
9489eca4
JH		 1772 /* We don't want the connection attempt to stick around
1773 * indefinitely since LE doesn't have a page timeout concept
1774 * like BR/EDR. Set a timer for any connection that doesn't use
1775 * the white list for connecting.
1776 */
1777 if (cp->filter_policy == HCI_LE_USE_PEER_ADDR)
1778 queue_delayed_work(conn->hdev->workqueue,
1779 &conn->le_conn_timeout,
1780 HCI_LE_CONN_TIMEOUT);
1781
cb1d68f7
JH		 1782unlock:
1783 hci_dev_unlock(hdev);
1784}
1785
81d0c8ad
JH		 1786static void hci_cs_le_start_enc(struct hci_dev *hdev, u8 status)
1787{
1788 struct hci_cp_le_start_enc *cp;
1789 struct hci_conn *conn;
1790
1791 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1792
1793 if (!status)
1794 return;
1795
1796 hci_dev_lock(hdev);
1797
1798 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_START_ENC);
1799 if (!cp)
1800 goto unlock;
1801
1802 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1803 if (!conn)
1804 goto unlock;
1805
1806 if (conn->state != BT_CONNECTED)
1807 goto unlock;
1808
1809 hci_disconnect(conn, HCI_ERROR_AUTH_FAILURE);
1810 hci_conn_drop(conn);
1811
1812unlock:
1813 hci_dev_unlock(hdev);
1814}
1815
6039aa73 1816static void hci_inquiry_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4
LT		 1817{
1818 __u8 status = *((__u8 *) skb->data);
30dc78e1
JH		 1819 struct discovery_state *discov = &hdev->discovery;
1820 struct inquiry_entry *e;
1da177e4 1821
9f1db00c 1822 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1da177e4 1823
a9de9248 1824 hci_conn_check_pending(hdev);
89352e7d
AG		 1825
1826 if (!test_and_clear_bit(HCI_INQUIRY, &hdev->flags))
1827 return;
1828
3e13fa1e
AG		 1829 smp_mb__after_clear_bit(); /* wake_up_bit advises about this barrier */
1830 wake_up_bit(&hdev->flags, HCI_INQUIRY);
1831
a8b2d5c2 1832 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
30dc78e1
JH		 1833 return;
1834
56e5cb86 1835 hci_dev_lock(hdev);
30dc78e1 1836
343f935b 1837 if (discov->state != DISCOVERY_FINDING)
30dc78e1
JH		 1838 goto unlock;
1839
1840 if (list_empty(&discov->resolve)) {
1841 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1842 goto unlock;
1843 }
1844
1845 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_NEEDED);
1846 if (e && hci_resolve_name(hdev, e) == 0) {
1847 e->name_state = NAME_PENDING;
1848 hci_discovery_set_state(hdev, DISCOVERY_RESOLVING);
1849 } else {
1850 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1851 }
1852
1853unlock:
56e5cb86 1854 hci_dev_unlock(hdev);
1da177e4
LT		 1855}
1856
6039aa73 1857static void hci_inquiry_result_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 1858{
45bb4bf0 1859 struct inquiry_data data;
a9de9248 1860 struct inquiry_info *info = (void *) (skb->data + 1);
1da177e4
LT		 1861 int num_rsp = *((__u8 *) skb->data);
1862
1863 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
1864
45bb4bf0
MH		 1865 if (!num_rsp)
1866 return;
1867
1519cc17
AG		 1868 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags))
1869 return;
1870
1da177e4 1871 hci_dev_lock(hdev);
45bb4bf0 1872
e17acd40 1873 for (; num_rsp; num_rsp--, info++) {
388fc8fa 1874 bool name_known, ssp;
3175405b 1875
1da177e4
LT		 1876 bacpy(&data.bdaddr, &info->bdaddr);
1877 data.pscan_rep_mode = info->pscan_rep_mode;
1878 data.pscan_period_mode = info->pscan_period_mode;
1879 data.pscan_mode = info->pscan_mode;
1880 memcpy(data.dev_class, info->dev_class, 3);
1881 data.clock_offset = info->clock_offset;
1882 data.rssi = 0x00;
41a96212 1883 data.ssp_mode = 0x00;
3175405b 1884
388fc8fa 1885 name_known = hci_inquiry_cache_update(hdev, &data, false, &ssp);
48264f06 1886 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
04124681 1887 info->dev_class, 0, !name_known, ssp, NULL,
5d2e9fad 1888 0, NULL, 0);
1da177e4 1889 }
45bb4bf0 1890
1da177e4
LT		 1891 hci_dev_unlock(hdev);
1892}
1893
6039aa73 1894static void hci_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 1895{
a9de9248
MH		 1896 struct hci_ev_conn_complete *ev = (void *) skb->data;
1897 struct hci_conn *conn;
1da177e4
LT		 1898
1899 BT_DBG("%s", hdev->name);
1900
1901 hci_dev_lock(hdev);
1902
1903 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
9499237a
MH		 1904 if (!conn) {
1905 if (ev->link_type != SCO_LINK)
1906 goto unlock;
1907
1908 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
1909 if (!conn)
1910 goto unlock;
1911
1912 conn->type = SCO_LINK;
1913 }
1da177e4
LT		 1914
1915 if (!ev->status) {
1916 conn->handle = __le16_to_cpu(ev->handle);
769be974
MH		 1917
1918 if (conn->type == ACL_LINK) {
1919 conn->state = BT_CONFIG;
1920 hci_conn_hold(conn);
a9ea3ed9
SJ		 1921
1922 if (!conn->out && !hci_conn_ssp_enabled(conn) &&
1923 !hci_find_link_key(hdev, &ev->bdaddr))
1924 conn->disc_timeout = HCI_PAIRING_TIMEOUT;
1925 else
1926 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
769be974
MH		 1927 } else
1928 conn->state = BT_CONNECTED;
1da177e4 1929
7d0db0a3
MH		 1930 hci_conn_add_sysfs(conn);
1931
1da177e4
LT		 1932 if (test_bit(HCI_AUTH, &hdev->flags))
1933 conn->link_mode |= HCI_LM_AUTH;
1934
1935 if (test_bit(HCI_ENCRYPT, &hdev->flags))
1936 conn->link_mode |= HCI_LM_ENCRYPT;
1937
04837f64
MH		 1938 /* Get remote features */
1939 if (conn->type == ACL_LINK) {
1940 struct hci_cp_read_remote_features cp;
1941 cp.handle = ev->handle;
769be974 1942 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_FEATURES,
04124681 1943 sizeof(cp), &cp);
04837f64
MH		 1944 }
1945
1da177e4 1946 /* Set packet type for incoming connection */
d095c1eb 1947 if (!conn->out && hdev->hci_ver < BLUETOOTH_VER_2_0) {
1da177e4
LT		 1948 struct hci_cp_change_conn_ptype cp;
1949 cp.handle = ev->handle;
a8746417 1950 cp.pkt_type = cpu_to_le16(conn->pkt_type);
04124681
GP		 1951 hci_send_cmd(hdev, HCI_OP_CHANGE_CONN_PTYPE, sizeof(cp),
1952 &cp);
1da177e4 1953 }
17d5c04c 1954 } else {
1da177e4 1955 conn->state = BT_CLOSED;
17d5c04c 1956 if (conn->type == ACL_LINK)
64c7b77c 1957 mgmt_connect_failed(hdev, &conn->dst, conn->type,
04124681 1958 conn->dst_type, ev->status);
17d5c04c 1959 }
1da177e4 1960
e73439d8
MH		 1961 if (conn->type == ACL_LINK)
1962 hci_sco_setup(conn, ev->status);
1da177e4 1963
769be974
MH		 1964 if (ev->status) {
1965 hci_proto_connect_cfm(conn, ev->status);
1da177e4 1966 hci_conn_del(conn);
c89b6e6b
MH		 1967 } else if (ev->link_type != ACL_LINK)
1968 hci_proto_connect_cfm(conn, ev->status);
1da177e4 1969
a9de9248 1970unlock:
1da177e4 1971 hci_dev_unlock(hdev);
1da177e4 1972
a9de9248 1973 hci_conn_check_pending(hdev);
1da177e4
LT		 1974}
1975
6039aa73 1976static void hci_conn_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 1977{
a9de9248
MH		 1978 struct hci_ev_conn_request *ev = (void *) skb->data;
1979 int mask = hdev->link_mode;
20714bfe 1980 __u8 flags = 0;
1da177e4 1981
6ed93dc6 1982 BT_DBG("%s bdaddr %pMR type 0x%x", hdev->name, &ev->bdaddr,
807deac2 1983 ev->link_type);
1da177e4 1984
20714bfe
FD		 1985 mask |= hci_proto_connect_ind(hdev, &ev->bdaddr, ev->link_type,
1986 &flags);
1da177e4 1987
138d22ef 1988 if ((mask & HCI_LM_ACCEPT) &&
b9ee0a78 1989 !hci_blacklist_lookup(hdev, &ev->bdaddr, BDADDR_BREDR)) {
a9de9248 1990 /* Connection accepted */
c7bdd502 1991 struct inquiry_entry *ie;
1da177e4 1992 struct hci_conn *conn;
1da177e4 1993
a9de9248 1994 hci_dev_lock(hdev);
b6a0dc82 1995
cc11b9c1
AE		 1996 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
1997 if (ie)
c7bdd502
MH		 1998 memcpy(ie->data.dev_class, ev->dev_class, 3);
1999
8fc9ced3
GP		 2000 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type,
2001 &ev->bdaddr);
a9de9248 2002 if (!conn) {
cc11b9c1
AE		 2003 conn = hci_conn_add(hdev, ev->link_type, &ev->bdaddr);
2004 if (!conn) {
893ef971 2005 BT_ERR("No memory for new connection");
a9de9248
MH		 2006 hci_dev_unlock(hdev);
2007 return;
1da177e4
LT		 2008 }
2009 }
b6a0dc82 2010
a9de9248 2011 memcpy(conn->dev_class, ev->dev_class, 3);
b6a0dc82 2012
a9de9248 2013 hci_dev_unlock(hdev);
1da177e4 2014
20714bfe
FD		 2015 if (ev->link_type == ACL_LINK ||
2016 (!(flags & HCI_PROTO_DEFER) && !lmp_esco_capable(hdev))) {
b6a0dc82 2017 struct hci_cp_accept_conn_req cp;
20714bfe 2018 conn->state = BT_CONNECT;
1da177e4 2019
b6a0dc82
MH		 2020 bacpy(&cp.bdaddr, &ev->bdaddr);
2021
2022 if (lmp_rswitch_capable(hdev) && (mask & HCI_LM_MASTER))
2023 cp.role = 0x00; /* Become master */
2024 else
2025 cp.role = 0x01; /* Remain slave */
2026
04124681
GP		 2027 hci_send_cmd(hdev, HCI_OP_ACCEPT_CONN_REQ, sizeof(cp),
2028 &cp);
20714bfe 2029 } else if (!(flags & HCI_PROTO_DEFER)) {
b6a0dc82 2030 struct hci_cp_accept_sync_conn_req cp;
20714bfe 2031 conn->state = BT_CONNECT;
b6a0dc82
MH		 2032
2033 bacpy(&cp.bdaddr, &ev->bdaddr);
a8746417 2034 cp.pkt_type = cpu_to_le16(conn->pkt_type);
b6a0dc82 2035
dcf4adbf
JP		 2036 cp.tx_bandwidth = cpu_to_le32(0x00001f40);
2037 cp.rx_bandwidth = cpu_to_le32(0x00001f40);
2038 cp.max_latency = cpu_to_le16(0xffff);
b6a0dc82
MH		 2039 cp.content_format = cpu_to_le16(hdev->voice_setting);
2040 cp.retrans_effort = 0xff;
1da177e4 2041
b6a0dc82 2042 hci_send_cmd(hdev, HCI_OP_ACCEPT_SYNC_CONN_REQ,
04124681 2043 sizeof(cp), &cp);
20714bfe
FD		 2044 } else {
2045 conn->state = BT_CONNECT2;
2046 hci_proto_connect_cfm(conn, 0);
b6a0dc82 2047 }
a9de9248
MH		 2048 } else {
2049 /* Connection rejected */
2050 struct hci_cp_reject_conn_req cp;
1da177e4 2051
a9de9248 2052 bacpy(&cp.bdaddr, &ev->bdaddr);
9f5a0d7b 2053 cp.reason = HCI_ERROR_REJ_BAD_ADDR;
a9de9248 2054 hci_send_cmd(hdev, HCI_OP_REJECT_CONN_REQ, sizeof(cp), &cp);
1da177e4 2055 }
1da177e4
LT		 2056}
2057
f0d6a0ea
MA		 2058static u8 hci_to_mgmt_reason(u8 err)
2059{
2060 switch (err) {
2061 case HCI_ERROR_CONNECTION_TIMEOUT:
2062 return MGMT_DEV_DISCONN_TIMEOUT;
2063 case HCI_ERROR_REMOTE_USER_TERM:
2064 case HCI_ERROR_REMOTE_LOW_RESOURCES:
2065 case HCI_ERROR_REMOTE_POWER_OFF:
2066 return MGMT_DEV_DISCONN_REMOTE;
2067 case HCI_ERROR_LOCAL_HOST_TERM:
2068 return MGMT_DEV_DISCONN_LOCAL_HOST;
2069 default:
2070 return MGMT_DEV_DISCONN_UNKNOWN;
2071 }
2072}
2073
6039aa73 2074static void hci_disconn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
04837f64 2075{
a9de9248 2076 struct hci_ev_disconn_complete *ev = (void *) skb->data;
abf54a50 2077 u8 reason = hci_to_mgmt_reason(ev->reason);
9fcb18ef 2078 struct hci_conn_params *params;
04837f64 2079 struct hci_conn *conn;
12d4a3b2 2080 bool mgmt_connected;
3846220b 2081 u8 type;
04837f64 2082
9f1db00c 2083 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
04837f64
MH		 2084
2085 hci_dev_lock(hdev);
2086
2087 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
f7520543
JH		 2088 if (!conn)
2089 goto unlock;
7d0db0a3 2090
abf54a50
AG		 2091 if (ev->status) {
2092 mgmt_disconnect_failed(hdev, &conn->dst, conn->type,
2093 conn->dst_type, ev->status);
2094 goto unlock;
37d9ef76 2095 }
f7520543 2096
3846220b
AG		 2097 conn->state = BT_CLOSED;
2098
12d4a3b2
JH		 2099 mgmt_connected = test_and_clear_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags);
2100 mgmt_device_disconnected(hdev, &conn->dst, conn->type, conn->dst_type,
2101 reason, mgmt_connected);
abf54a50 2102
3846220b
AG		 2103 if (conn->type == ACL_LINK && conn->flush_key)
2104 hci_remove_link_key(hdev, &conn->dst);
2210246c 2105
9fcb18ef
AG		 2106 params = hci_conn_params_lookup(hdev, &conn->dst, conn->dst_type);
2107 if (params) {
2108 switch (params->auto_connect) {
2109 case HCI_AUTO_CONN_LINK_LOSS:
2110 if (ev->reason != HCI_ERROR_CONNECTION_TIMEOUT)
2111 break;
2112 /* Fall through */
2113
2114 case HCI_AUTO_CONN_ALWAYS:
2115 hci_pend_le_conn_add(hdev, &conn->dst, conn->dst_type);
2116 break;
2117
2118 default:
2119 break;
2120 }
2121 }
2122
3846220b 2123 type = conn->type;
2210246c 2124
3846220b
AG		 2125 hci_proto_disconn_cfm(conn, ev->reason);
2126 hci_conn_del(conn);
2127
2128 /* Re-enable advertising if necessary, since it might
2129 * have been disabled by the connection. From the
2130 * HCI_LE_Set_Advertise_Enable command description in
2131 * the core specification (v4.0):
2132 * "The Controller shall continue advertising until the Host
2133 * issues an LE_Set_Advertise_Enable command with
2134 * Advertising_Enable set to 0x00 (Advertising is disabled)
2135 * or until a connection is created or until the Advertising
2136 * is timed out due to Directed Advertising."
2137 */
2138 if (type == LE_LINK)
2139 mgmt_reenable_advertising(hdev);
f7520543
JH		 2140
2141unlock:
04837f64
MH		 2142 hci_dev_unlock(hdev);
2143}
2144
6039aa73 2145static void hci_auth_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 2146{
a9de9248 2147 struct hci_ev_auth_complete *ev = (void *) skb->data;
04837f64 2148 struct hci_conn *conn;
1da177e4 2149
9f1db00c 2150 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
1da177e4
LT		 2151
2152 hci_dev_lock(hdev);
2153
04837f64 2154 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
d7556e20
WR		 2155 if (!conn)
2156 goto unlock;
2157
2158 if (!ev->status) {
aa64a8b5 2159 if (!hci_conn_ssp_enabled(conn) &&
807deac2 2160 test_bit(HCI_CONN_REAUTH_PEND, &conn->flags)) {
d7556e20 2161 BT_INFO("re-auth of legacy device is not possible.");
2a611692 2162 } else {
d7556e20
WR		 2163 conn->link_mode |= HCI_LM_AUTH;
2164 conn->sec_level = conn->pending_sec_level;
2a611692 2165 }
d7556e20 2166 } else {
bab73cb6 2167 mgmt_auth_failed(hdev, &conn->dst, conn->type, conn->dst_type,
04124681 2168 ev->status);
d7556e20 2169 }
1da177e4 2170
51a8efd7
JH		 2171 clear_bit(HCI_CONN_AUTH_PEND, &conn->flags);
2172 clear_bit(HCI_CONN_REAUTH_PEND, &conn->flags);
1da177e4 2173
d7556e20 2174 if (conn->state == BT_CONFIG) {
aa64a8b5 2175 if (!ev->status && hci_conn_ssp_enabled(conn)) {
d7556e20
WR		 2176 struct hci_cp_set_conn_encrypt cp;
2177 cp.handle = ev->handle;
2178 cp.encrypt = 0x01;
2179 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
807deac2 2180 &cp);
052b30b0 2181 } else {
d7556e20
WR		 2182 conn->state = BT_CONNECTED;
2183 hci_proto_connect_cfm(conn, ev->status);
76a68ba0 2184 hci_conn_drop(conn);
052b30b0 2185 }
d7556e20
WR		 2186 } else {
2187 hci_auth_cfm(conn, ev->status);
052b30b0 2188
d7556e20
WR		 2189 hci_conn_hold(conn);
2190 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
76a68ba0 2191 hci_conn_drop(conn);
d7556e20
WR		 2192 }
2193
51a8efd7 2194 if (test_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags)) {
d7556e20
WR		 2195 if (!ev->status) {
2196 struct hci_cp_set_conn_encrypt cp;
2197 cp.handle = ev->handle;
2198 cp.encrypt = 0x01;
2199 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
807deac2 2200 &cp);
d7556e20 2201 } else {
51a8efd7 2202 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
d7556e20 2203 hci_encrypt_cfm(conn, ev->status, 0x00);
1da177e4
LT		 2204 }
2205 }
2206
d7556e20 2207unlock:
1da177e4
LT		 2208 hci_dev_unlock(hdev);
2209}
2210
6039aa73 2211static void hci_remote_name_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 2212{
127178d2
JH		 2213 struct hci_ev_remote_name *ev = (void *) skb->data;
2214 struct hci_conn *conn;
2215
a9de9248 2216 BT_DBG("%s", hdev->name);
1da177e4 2217
a9de9248 2218 hci_conn_check_pending(hdev);
127178d2
JH		 2219
2220 hci_dev_lock(hdev);
2221
b644ba33 2222 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
30dc78e1 2223
b644ba33
JH		 2224 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
2225 goto check_auth;
a88a9652 2226
b644ba33
JH		 2227 if (ev->status == 0)
2228 hci_check_pending_name(hdev, conn, &ev->bdaddr, ev->name,
04124681 2229 strnlen(ev->name, HCI_MAX_NAME_LENGTH));
b644ba33
JH		 2230 else
2231 hci_check_pending_name(hdev, conn, &ev->bdaddr, NULL, 0);
2232
2233check_auth:
79c6c70c
JH		 2234 if (!conn)
2235 goto unlock;
2236
2237 if (!hci_outgoing_auth_needed(hdev, conn))
2238 goto unlock;
2239
51a8efd7 2240 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
127178d2
JH		 2241 struct hci_cp_auth_requested cp;
2242 cp.handle = __cpu_to_le16(conn->handle);
2243 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp);
2244 }
2245
79c6c70c 2246unlock:
127178d2 2247 hci_dev_unlock(hdev);
a9de9248
MH		 2248}
2249
6039aa73 2250static void hci_encrypt_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248
MH		 2251{
2252 struct hci_ev_encrypt_change *ev = (void *) skb->data;
2253 struct hci_conn *conn;
2254
9f1db00c 2255 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
1da177e4
LT		 2256
2257 hci_dev_lock(hdev);
2258
04837f64 2259 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
dc8357cc
MH		 2260 if (!conn)
2261 goto unlock;
1da177e4 2262
dc8357cc
MH		 2263 if (!ev->status) {
2264 if (ev->encrypt) {
2265 /* Encryption implies authentication */
2266 conn->link_mode |= HCI_LM_AUTH;
2267 conn->link_mode |= HCI_LM_ENCRYPT;
2268 conn->sec_level = conn->pending_sec_level;
abf76bad 2269
914a6ffe
MH		 2270 /* P-256 authentication key implies FIPS */
2271 if (conn->key_type == HCI_LK_AUTH_COMBINATION_P256)
2272 conn->link_mode |= HCI_LM_FIPS;
2273
abf76bad
MH		 2274 if ((conn->type == ACL_LINK && ev->encrypt == 0x02) ||
2275 conn->type == LE_LINK)
2276 set_bit(HCI_CONN_AES_CCM, &conn->flags);
2277 } else {
dc8357cc 2278 conn->link_mode &= ~HCI_LM_ENCRYPT;
abf76bad
MH		 2279 clear_bit(HCI_CONN_AES_CCM, &conn->flags);
2280 }
dc8357cc 2281 }
a7d7723a 2282
dc8357cc 2283 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
f8558555 2284
dc8357cc
MH		 2285 if (ev->status && conn->state == BT_CONNECTED) {
2286 hci_disconnect(conn, HCI_ERROR_AUTH_FAILURE);
2287 hci_conn_drop(conn);
2288 goto unlock;
1da177e4
LT		 2289 }
2290
dc8357cc
MH		 2291 if (conn->state == BT_CONFIG) {
2292 if (!ev->status)
2293 conn->state = BT_CONNECTED;
2294
40b552aa
MH		 2295 /* In Secure Connections Only mode, do not allow any
2296 * connections that are not encrypted with AES-CCM
2297 * using a P-256 authenticated combination key.
2298 */
2299 if (test_bit(HCI_SC_ONLY, &hdev->dev_flags) &&
2300 (!test_bit(HCI_CONN_AES_CCM, &conn->flags) ||
2301 conn->key_type != HCI_LK_AUTH_COMBINATION_P256)) {
2302 hci_proto_connect_cfm(conn, HCI_ERROR_AUTH_FAILURE);
2303 hci_conn_drop(conn);
2304 goto unlock;
2305 }
2306
dc8357cc
MH		 2307 hci_proto_connect_cfm(conn, ev->status);
2308 hci_conn_drop(conn);
2309 } else
2310 hci_encrypt_cfm(conn, ev->status, ev->encrypt);
2311
a7d7723a 2312unlock:
1da177e4
LT		 2313 hci_dev_unlock(hdev);
2314}
2315
6039aa73
GP		 2316static void hci_change_link_key_complete_evt(struct hci_dev *hdev,
2317 struct sk_buff *skb)
1da177e4 2318{
a9de9248 2319 struct hci_ev_change_link_key_complete *ev = (void *) skb->data;
04837f64 2320 struct hci_conn *conn;
1da177e4 2321
9f1db00c 2322 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
1da177e4
LT		 2323
2324 hci_dev_lock(hdev);
2325
04837f64 2326 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1da177e4
LT		 2327 if (conn) {
2328 if (!ev->status)
2329 conn->link_mode |= HCI_LM_SECURE;
2330
51a8efd7 2331 clear_bit(HCI_CONN_AUTH_PEND, &conn->flags);
1da177e4
LT		 2332
2333 hci_key_change_cfm(conn, ev->status);
2334 }
2335
2336 hci_dev_unlock(hdev);
2337}
2338
6039aa73
GP		 2339static void hci_remote_features_evt(struct hci_dev *hdev,
2340 struct sk_buff *skb)
1da177e4 2341{
a9de9248
MH		 2342 struct hci_ev_remote_features *ev = (void *) skb->data;
2343 struct hci_conn *conn;
2344
9f1db00c 2345 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
a9de9248 2346
a9de9248
MH		 2347 hci_dev_lock(hdev);
2348
2349 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
ccd556fe
JH		 2350 if (!conn)
2351 goto unlock;
769be974 2352
ccd556fe 2353 if (!ev->status)
cad718ed 2354 memcpy(conn->features[0], ev->features, 8);
ccd556fe
JH		 2355
2356 if (conn->state != BT_CONFIG)
2357 goto unlock;
2358
2359 if (!ev->status && lmp_ssp_capable(hdev) && lmp_ssp_capable(conn)) {
2360 struct hci_cp_read_remote_ext_features cp;
2361 cp.handle = ev->handle;
2362 cp.page = 0x01;
2363 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES,
807deac2 2364 sizeof(cp), &cp);
392599b9
JH		 2365 goto unlock;
2366 }
2367
671267bf 2368 if (!ev->status && !test_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags)) {
127178d2
JH		 2369 struct hci_cp_remote_name_req cp;
2370 memset(&cp, 0, sizeof(cp));
2371 bacpy(&cp.bdaddr, &conn->dst);
2372 cp.pscan_rep_mode = 0x02;
2373 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
b644ba33
JH		 2374 } else if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
2375 mgmt_device_connected(hdev, &conn->dst, conn->type,
04124681
GP		 2376 conn->dst_type, 0, NULL, 0,
2377 conn->dev_class);
392599b9 2378
127178d2 2379 if (!hci_outgoing_auth_needed(hdev, conn)) {
ccd556fe
JH		 2380 conn->state = BT_CONNECTED;
2381 hci_proto_connect_cfm(conn, ev->status);
76a68ba0 2382 hci_conn_drop(conn);
769be974 2383 }
a9de9248 2384
ccd556fe 2385unlock:
a9de9248 2386 hci_dev_unlock(hdev);
1da177e4
LT		 2387}
2388
6039aa73 2389static void hci_cmd_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248
MH		 2390{
2391 struct hci_ev_cmd_complete *ev = (void *) skb->data;
9238f36a 2392 u8 status = skb->data[sizeof(*ev)];
a9de9248
MH		 2393 __u16 opcode;
2394
2395 skb_pull(skb, sizeof(*ev));
2396
2397 opcode = __le16_to_cpu(ev->opcode);
2398
2399 switch (opcode) {
2400 case HCI_OP_INQUIRY_CANCEL:
2401 hci_cc_inquiry_cancel(hdev, skb);
2402 break;
2403
4d93483b
AG		 2404 case HCI_OP_PERIODIC_INQ:
2405 hci_cc_periodic_inq(hdev, skb);
2406 break;
2407
a9de9248
MH		 2408 case HCI_OP_EXIT_PERIODIC_INQ:
2409 hci_cc_exit_periodic_inq(hdev, skb);
2410 break;
2411
2412 case HCI_OP_REMOTE_NAME_REQ_CANCEL:
2413 hci_cc_remote_name_req_cancel(hdev, skb);
2414 break;
2415
2416 case HCI_OP_ROLE_DISCOVERY:
2417 hci_cc_role_discovery(hdev, skb);
2418 break;
2419
e4e8e37c
MH		 2420 case HCI_OP_READ_LINK_POLICY:
2421 hci_cc_read_link_policy(hdev, skb);
2422 break;
2423
a9de9248
MH		 2424 case HCI_OP_WRITE_LINK_POLICY:
2425 hci_cc_write_link_policy(hdev, skb);
2426 break;
2427
e4e8e37c
MH		 2428 case HCI_OP_READ_DEF_LINK_POLICY:
2429 hci_cc_read_def_link_policy(hdev, skb);
2430 break;
2431
2432 case HCI_OP_WRITE_DEF_LINK_POLICY:
2433 hci_cc_write_def_link_policy(hdev, skb);
2434 break;
2435
a9de9248
MH		 2436 case HCI_OP_RESET:
2437 hci_cc_reset(hdev, skb);
2438 break;
2439
2440 case HCI_OP_WRITE_LOCAL_NAME:
2441 hci_cc_write_local_name(hdev, skb);
2442 break;
2443
2444 case HCI_OP_READ_LOCAL_NAME:
2445 hci_cc_read_local_name(hdev, skb);
2446 break;
2447
2448 case HCI_OP_WRITE_AUTH_ENABLE:
2449 hci_cc_write_auth_enable(hdev, skb);
2450 break;
2451
2452 case HCI_OP_WRITE_ENCRYPT_MODE:
2453 hci_cc_write_encrypt_mode(hdev, skb);
2454 break;
2455
2456 case HCI_OP_WRITE_SCAN_ENABLE:
2457 hci_cc_write_scan_enable(hdev, skb);
2458 break;
2459
2460 case HCI_OP_READ_CLASS_OF_DEV:
2461 hci_cc_read_class_of_dev(hdev, skb);
2462 break;
2463
2464 case HCI_OP_WRITE_CLASS_OF_DEV:
2465 hci_cc_write_class_of_dev(hdev, skb);
2466 break;
2467
2468 case HCI_OP_READ_VOICE_SETTING:
2469 hci_cc_read_voice_setting(hdev, skb);
2470 break;
2471
2472 case HCI_OP_WRITE_VOICE_SETTING:
2473 hci_cc_write_voice_setting(hdev, skb);
2474 break;
2475
b4cb9fb2
MH		 2476 case HCI_OP_READ_NUM_SUPPORTED_IAC:
2477 hci_cc_read_num_supported_iac(hdev, skb);
2478 break;
2479
333140b5
MH		 2480 case HCI_OP_WRITE_SSP_MODE:
2481 hci_cc_write_ssp_mode(hdev, skb);
2482 break;
2483
eac83dc6
MH		 2484 case HCI_OP_WRITE_SC_SUPPORT:
2485 hci_cc_write_sc_support(hdev, skb);
2486 break;
2487
a9de9248
MH		 2488 case HCI_OP_READ_LOCAL_VERSION:
2489 hci_cc_read_local_version(hdev, skb);
2490 break;
2491
2492 case HCI_OP_READ_LOCAL_COMMANDS:
2493 hci_cc_read_local_commands(hdev, skb);
2494 break;
2495
2496 case HCI_OP_READ_LOCAL_FEATURES:
2497 hci_cc_read_local_features(hdev, skb);
2498 break;
2499
971e3a4b
AG		 2500 case HCI_OP_READ_LOCAL_EXT_FEATURES:
2501 hci_cc_read_local_ext_features(hdev, skb);
2502 break;
2503
a9de9248
MH		 2504 case HCI_OP_READ_BUFFER_SIZE:
2505 hci_cc_read_buffer_size(hdev, skb);
2506 break;
2507
2508 case HCI_OP_READ_BD_ADDR:
2509 hci_cc_read_bd_addr(hdev, skb);
2510 break;
2511
f332ec66
JH		 2512 case HCI_OP_READ_PAGE_SCAN_ACTIVITY:
2513 hci_cc_read_page_scan_activity(hdev, skb);
2514 break;
2515
4a3ee763
JH		 2516 case HCI_OP_WRITE_PAGE_SCAN_ACTIVITY:
2517 hci_cc_write_page_scan_activity(hdev, skb);
2518 break;
2519
f332ec66
JH		 2520 case HCI_OP_READ_PAGE_SCAN_TYPE:
2521 hci_cc_read_page_scan_type(hdev, skb);
2522 break;
2523
4a3ee763
JH		 2524 case HCI_OP_WRITE_PAGE_SCAN_TYPE:
2525 hci_cc_write_page_scan_type(hdev, skb);
2526 break;
2527
350ee4cf
AE		 2528 case HCI_OP_READ_DATA_BLOCK_SIZE:
2529 hci_cc_read_data_block_size(hdev, skb);
2530 break;
2531
1e89cffb
AE		 2532 case HCI_OP_READ_FLOW_CONTROL_MODE:
2533 hci_cc_read_flow_control_mode(hdev, skb);
2534 break;
2535
928abaa7
AE		 2536 case HCI_OP_READ_LOCAL_AMP_INFO:
2537 hci_cc_read_local_amp_info(hdev, skb);
2538 break;
2539
903e4541
AE		 2540 case HCI_OP_READ_LOCAL_AMP_ASSOC:
2541 hci_cc_read_local_amp_assoc(hdev, skb);
2542 break;
2543
d5859e22
JH		 2544 case HCI_OP_READ_INQ_RSP_TX_POWER:
2545 hci_cc_read_inq_rsp_tx_power(hdev, skb);
2546 break;
2547
980e1a53
JH		 2548 case HCI_OP_PIN_CODE_REPLY:
2549 hci_cc_pin_code_reply(hdev, skb);
2550 break;
2551
2552 case HCI_OP_PIN_CODE_NEG_REPLY:
2553 hci_cc_pin_code_neg_reply(hdev, skb);
2554 break;
2555
c35938b2 2556 case HCI_OP_READ_LOCAL_OOB_DATA:
4d2d2796
MH		 2557 hci_cc_read_local_oob_data(hdev, skb);
2558 break;
2559
2560 case HCI_OP_READ_LOCAL_OOB_EXT_DATA:
2561 hci_cc_read_local_oob_ext_data(hdev, skb);
c35938b2
SJ		 2562 break;
2563
6ed58ec5
VT		 2564 case HCI_OP_LE_READ_BUFFER_SIZE:
2565 hci_cc_le_read_buffer_size(hdev, skb);
2566 break;
2567
60e77321
JH		 2568 case HCI_OP_LE_READ_LOCAL_FEATURES:
2569 hci_cc_le_read_local_features(hdev, skb);
2570 break;
2571
8fa19098
JH		 2572 case HCI_OP_LE_READ_ADV_TX_POWER:
2573 hci_cc_le_read_adv_tx_power(hdev, skb);
2574 break;
2575
a5c29683
JH		 2576 case HCI_OP_USER_CONFIRM_REPLY:
2577 hci_cc_user_confirm_reply(hdev, skb);
2578 break;
2579
2580 case HCI_OP_USER_CONFIRM_NEG_REPLY:
2581 hci_cc_user_confirm_neg_reply(hdev, skb);
2582 break;
2583
1143d458
BG		 2584 case HCI_OP_USER_PASSKEY_REPLY:
2585 hci_cc_user_passkey_reply(hdev, skb);
2586 break;
2587
2588 case HCI_OP_USER_PASSKEY_NEG_REPLY:
2589 hci_cc_user_passkey_neg_reply(hdev, skb);
16cde993 2590 break;
07f7fa5d 2591
7a4cd51d
MH		 2592 case HCI_OP_LE_SET_RANDOM_ADDR:
2593 hci_cc_le_set_random_addr(hdev, skb);
2594 break;
2595
c1d5dc4a
JH		 2596 case HCI_OP_LE_SET_ADV_ENABLE:
2597 hci_cc_le_set_adv_enable(hdev, skb);
2598 break;
2599
533553f8
MH		 2600 case HCI_OP_LE_SET_SCAN_PARAM:
2601 hci_cc_le_set_scan_param(hdev, skb);
2602 break;
2603
eb9d91f5
AG		 2604 case HCI_OP_LE_SET_SCAN_ENABLE:
2605 hci_cc_le_set_scan_enable(hdev, skb);
2606 break;
2607
cf1d081f
JH		 2608 case HCI_OP_LE_READ_WHITE_LIST_SIZE:
2609 hci_cc_le_read_white_list_size(hdev, skb);
2610 break;
2611
0f36b589
MH		 2612 case HCI_OP_LE_CLEAR_WHITE_LIST:
2613 hci_cc_le_clear_white_list(hdev, skb);
2614 break;
2615
2616 case HCI_OP_LE_ADD_TO_WHITE_LIST:
2617 hci_cc_le_add_to_white_list(hdev, skb);
2618 break;
2619
2620 case HCI_OP_LE_DEL_FROM_WHITE_LIST:
2621 hci_cc_le_del_from_white_list(hdev, skb);
2622 break;
2623
9b008c04
JH		 2624 case HCI_OP_LE_READ_SUPPORTED_STATES:
2625 hci_cc_le_read_supported_states(hdev, skb);
2626 break;
2627
f9b49306
AG		 2628 case HCI_OP_WRITE_LE_HOST_SUPPORTED:
2629 hci_cc_write_le_host_supported(hdev, skb);
2630 break;
2631
56ed2cb8
JH		 2632 case HCI_OP_LE_SET_ADV_PARAM:
2633 hci_cc_set_adv_param(hdev, skb);
2634 break;
2635
93c284ee
AE		 2636 case HCI_OP_WRITE_REMOTE_AMP_ASSOC:
2637 hci_cc_write_remote_amp_assoc(hdev, skb);
2638 break;
2639
a9de9248 2640 default:
9f1db00c 2641 BT_DBG("%s opcode 0x%4.4x", hdev->name, opcode);
a9de9248
MH		 2642 break;
2643 }
2644
ad82cdd1 2645 if (opcode != HCI_OP_NOP)
6bd32326
VT		 2646 del_timer(&hdev->cmd_timer);
2647
ad82cdd1 2648 hci_req_cmd_complete(hdev, opcode, status);
9238f36a 2649
dbccd791 2650 if (ev->ncmd && !test_bit(HCI_RESET, &hdev->flags)) {
a9de9248
MH		 2651 atomic_set(&hdev->cmd_cnt, 1);
2652 if (!skb_queue_empty(&hdev->cmd_q))
c347b765 2653 queue_work(hdev->workqueue, &hdev->cmd_work);
a9de9248
MH		 2654 }
2655}
2656
6039aa73 2657static void hci_cmd_status_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248
MH		 2658{
2659 struct hci_ev_cmd_status *ev = (void *) skb->data;
2660 __u16 opcode;
2661
2662 skb_pull(skb, sizeof(*ev));
2663
2664 opcode = __le16_to_cpu(ev->opcode);
2665
2666 switch (opcode) {
2667 case HCI_OP_INQUIRY:
2668 hci_cs_inquiry(hdev, ev->status);
2669 break;
2670
2671 case HCI_OP_CREATE_CONN:
2672 hci_cs_create_conn(hdev, ev->status);
2673 break;
2674
2675 case HCI_OP_ADD_SCO:
2676 hci_cs_add_sco(hdev, ev->status);
2677 break;
2678
f8558555
MH		 2679 case HCI_OP_AUTH_REQUESTED:
2680 hci_cs_auth_requested(hdev, ev->status);
2681 break;
2682
2683 case HCI_OP_SET_CONN_ENCRYPT:
2684 hci_cs_set_conn_encrypt(hdev, ev->status);
2685 break;
2686
a9de9248
MH		 2687 case HCI_OP_REMOTE_NAME_REQ:
2688 hci_cs_remote_name_req(hdev, ev->status);
2689 break;
2690
769be974
MH		 2691 case HCI_OP_READ_REMOTE_FEATURES:
2692 hci_cs_read_remote_features(hdev, ev->status);
2693 break;
2694
2695 case HCI_OP_READ_REMOTE_EXT_FEATURES:
2696 hci_cs_read_remote_ext_features(hdev, ev->status);
2697 break;
2698
a9de9248
MH		 2699 case HCI_OP_SETUP_SYNC_CONN:
2700 hci_cs_setup_sync_conn(hdev, ev->status);
2701 break;
2702
2703 case HCI_OP_SNIFF_MODE:
2704 hci_cs_sniff_mode(hdev, ev->status);
2705 break;
2706
2707 case HCI_OP_EXIT_SNIFF_MODE:
2708 hci_cs_exit_sniff_mode(hdev, ev->status);
2709 break;
2710
8962ee74 2711 case HCI_OP_DISCONNECT:
88c3df13 2712 hci_cs_disconnect(hdev, ev->status);
8962ee74
JH		 2713 break;
2714
a02226d6
AE		 2715 case HCI_OP_CREATE_PHY_LINK:
2716 hci_cs_create_phylink(hdev, ev->status);
2717 break;
2718
0b26ab9d
AE		 2719 case HCI_OP_ACCEPT_PHY_LINK:
2720 hci_cs_accept_phylink(hdev, ev->status);
2721 break;
2722
cb1d68f7
JH		 2723 case HCI_OP_LE_CREATE_CONN:
2724 hci_cs_le_create_conn(hdev, ev->status);
2725 break;
2726
81d0c8ad
JH		 2727 case HCI_OP_LE_START_ENC:
2728 hci_cs_le_start_enc(hdev, ev->status);
2729 break;
2730
a9de9248 2731 default:
9f1db00c 2732 BT_DBG("%s opcode 0x%4.4x", hdev->name, opcode);
a9de9248
MH		 2733 break;
2734 }
2735
ad82cdd1 2736 if (opcode != HCI_OP_NOP)
6bd32326
VT		 2737 del_timer(&hdev->cmd_timer);
2738
02350a72
JH		 2739 if (ev->status ||
2740 (hdev->sent_cmd && !bt_cb(hdev->sent_cmd)->req.event))
2741 hci_req_cmd_complete(hdev, opcode, ev->status);
9238f36a 2742
10572132 2743 if (ev->ncmd && !test_bit(HCI_RESET, &hdev->flags)) {
a9de9248
MH		 2744 atomic_set(&hdev->cmd_cnt, 1);
2745 if (!skb_queue_empty(&hdev->cmd_q))
c347b765 2746 queue_work(hdev->workqueue, &hdev->cmd_work);
a9de9248
MH		 2747 }
2748}
2749
6039aa73 2750static void hci_role_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248
MH		 2751{
2752 struct hci_ev_role_change *ev = (void *) skb->data;
2753 struct hci_conn *conn;
2754
9f1db00c 2755 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
a9de9248
MH		 2756
2757 hci_dev_lock(hdev);
2758
2759 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2760 if (conn) {
2761 if (!ev->status) {
2762 if (ev->role)
2763 conn->link_mode &= ~HCI_LM_MASTER;
2764 else
2765 conn->link_mode |= HCI_LM_MASTER;
2766 }
2767
51a8efd7 2768 clear_bit(HCI_CONN_RSWITCH_PEND, &conn->flags);
a9de9248
MH		 2769
2770 hci_role_switch_cfm(conn, ev->status, ev->role);
2771 }
2772
2773 hci_dev_unlock(hdev);
2774}
2775
6039aa73 2776static void hci_num_comp_pkts_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248
MH		 2777{
2778 struct hci_ev_num_comp_pkts *ev = (void *) skb->data;
a9de9248
MH		 2779 int i;
2780
32ac5b9b
AE		 2781 if (hdev->flow_ctl_mode != HCI_FLOW_CTL_MODE_PACKET_BASED) {
2782 BT_ERR("Wrong event for mode %d", hdev->flow_ctl_mode);
2783 return;
2784 }
2785
c5993de8 2786 if (skb->len < sizeof(*ev) || skb->len < sizeof(*ev) +
807deac2 2787 ev->num_hndl * sizeof(struct hci_comp_pkts_info)) {
a9de9248
MH		 2788 BT_DBG("%s bad parameters", hdev->name);
2789 return;
2790 }
2791
c5993de8
AE		 2792 BT_DBG("%s num_hndl %d", hdev->name, ev->num_hndl);
2793
613a1c0c
AE		 2794 for (i = 0; i < ev->num_hndl; i++) {
2795 struct hci_comp_pkts_info *info = &ev->handles[i];
a9de9248
MH		 2796 struct hci_conn *conn;
2797 __u16 handle, count;
2798
613a1c0c
AE		 2799 handle = __le16_to_cpu(info->handle);
2800 count = __le16_to_cpu(info->count);
a9de9248
MH		 2801
2802 conn = hci_conn_hash_lookup_handle(hdev, handle);
f4280918
AE		 2803 if (!conn)
2804 continue;
2805
2806 conn->sent -= count;
2807
2808 switch (conn->type) {
2809 case ACL_LINK:
2810 hdev->acl_cnt += count;
2811 if (hdev->acl_cnt > hdev->acl_pkts)
2812 hdev->acl_cnt = hdev->acl_pkts;
2813 break;
2814
2815 case LE_LINK:
2816 if (hdev->le_pkts) {
2817 hdev->le_cnt += count;
2818 if (hdev->le_cnt > hdev->le_pkts)
2819 hdev->le_cnt = hdev->le_pkts;
2820 } else {
70f23020
AE		 2821 hdev->acl_cnt += count;
2822 if (hdev->acl_cnt > hdev->acl_pkts)
a9de9248 2823 hdev->acl_cnt = hdev->acl_pkts;
a9de9248 2824 }
f4280918
AE		 2825 break;
2826
2827 case SCO_LINK:
2828 hdev->sco_cnt += count;
2829 if (hdev->sco_cnt > hdev->sco_pkts)
2830 hdev->sco_cnt = hdev->sco_pkts;
2831 break;
2832
2833 default:
2834 BT_ERR("Unknown type %d conn %p", conn->type, conn);
2835 break;
a9de9248
MH		 2836 }
2837 }
2838
3eff45ea 2839 queue_work(hdev->workqueue, &hdev->tx_work);
a9de9248
MH		 2840}
2841
76ef7cf7
AE		 2842static struct hci_conn *__hci_conn_lookup_handle(struct hci_dev *hdev,
2843 __u16 handle)
2844{
2845 struct hci_chan *chan;
2846
2847 switch (hdev->dev_type) {
2848 case HCI_BREDR:
2849 return hci_conn_hash_lookup_handle(hdev, handle);
2850 case HCI_AMP:
2851 chan = hci_chan_lookup_handle(hdev, handle);
2852 if (chan)
2853 return chan->conn;
2854 break;
2855 default:
2856 BT_ERR("%s unknown dev_type %d", hdev->name, hdev->dev_type);
2857 break;
2858 }
2859
2860 return NULL;
2861}
2862
6039aa73 2863static void hci_num_comp_blocks_evt(struct hci_dev *hdev, struct sk_buff *skb)
25e89e99
AE		 2864{
2865 struct hci_ev_num_comp_blocks *ev = (void *) skb->data;
2866 int i;
2867
2868 if (hdev->flow_ctl_mode != HCI_FLOW_CTL_MODE_BLOCK_BASED) {
2869 BT_ERR("Wrong event for mode %d", hdev->flow_ctl_mode);
2870 return;
2871 }
2872
2873 if (skb->len < sizeof(*ev) || skb->len < sizeof(*ev) +
807deac2 2874 ev->num_hndl * sizeof(struct hci_comp_blocks_info)) {
25e89e99
AE		 2875 BT_DBG("%s bad parameters", hdev->name);
2876 return;
2877 }
2878
2879 BT_DBG("%s num_blocks %d num_hndl %d", hdev->name, ev->num_blocks,
807deac2 2880 ev->num_hndl);
25e89e99
AE		 2881
2882 for (i = 0; i < ev->num_hndl; i++) {
2883 struct hci_comp_blocks_info *info = &ev->handles[i];
76ef7cf7 2884 struct hci_conn *conn = NULL;
25e89e99
AE		 2885 __u16 handle, block_count;
2886
2887 handle = __le16_to_cpu(info->handle);
2888 block_count = __le16_to_cpu(info->blocks);
2889
76ef7cf7 2890 conn = __hci_conn_lookup_handle(hdev, handle);
25e89e99
AE		 2891 if (!conn)
2892 continue;
2893
2894 conn->sent -= block_count;
2895
2896 switch (conn->type) {
2897 case ACL_LINK:
bd1eb66b 2898 case AMP_LINK:
25e89e99
AE		 2899 hdev->block_cnt += block_count;
2900 if (hdev->block_cnt > hdev->num_blocks)
2901 hdev->block_cnt = hdev->num_blocks;
2902 break;
2903
2904 default:
2905 BT_ERR("Unknown type %d conn %p", conn->type, conn);
2906 break;
2907 }
2908 }
2909
2910 queue_work(hdev->workqueue, &hdev->tx_work);
2911}
2912
6039aa73 2913static void hci_mode_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
04837f64 2914{
a9de9248 2915 struct hci_ev_mode_change *ev = (void *) skb->data;
04837f64
MH		 2916 struct hci_conn *conn;
2917
9f1db00c 2918 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
04837f64
MH		 2919
2920 hci_dev_lock(hdev);
2921
2922 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
a9de9248
MH		 2923 if (conn) {
2924 conn->mode = ev->mode;
a9de9248 2925
8fc9ced3
GP		 2926 if (!test_and_clear_bit(HCI_CONN_MODE_CHANGE_PEND,
2927 &conn->flags)) {
a9de9248 2928 if (conn->mode == HCI_CM_ACTIVE)
58a681ef 2929 set_bit(HCI_CONN_POWER_SAVE, &conn->flags);
a9de9248 2930 else
58a681ef 2931 clear_bit(HCI_CONN_POWER_SAVE, &conn->flags);
a9de9248 2932 }
e73439d8 2933
51a8efd7 2934 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
e73439d8 2935 hci_sco_setup(conn, ev->status);
04837f64
MH		 2936 }
2937
2938 hci_dev_unlock(hdev);
2939}
2940
6039aa73 2941static void hci_pin_code_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248 2942{
052b30b0
MH		 2943 struct hci_ev_pin_code_req *ev = (void *) skb->data;
2944 struct hci_conn *conn;
2945
a9de9248 2946 BT_DBG("%s", hdev->name);
052b30b0
MH		 2947
2948 hci_dev_lock(hdev);
2949
2950 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
b6f98044
WR		 2951 if (!conn)
2952 goto unlock;
2953
2954 if (conn->state == BT_CONNECTED) {
052b30b0
MH		 2955 hci_conn_hold(conn);
2956 conn->disc_timeout = HCI_PAIRING_TIMEOUT;
76a68ba0 2957 hci_conn_drop(conn);
052b30b0
MH		 2958 }
2959
a8b2d5c2 2960 if (!test_bit(HCI_PAIRABLE, &hdev->dev_flags))
03b555e1 2961 hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
807deac2 2962 sizeof(ev->bdaddr), &ev->bdaddr);
a8b2d5c2 2963 else if (test_bit(HCI_MGMT, &hdev->dev_flags)) {
a770bb5a
WR		 2964 u8 secure;
2965
2966 if (conn->pending_sec_level == BT_SECURITY_HIGH)
2967 secure = 1;
2968 else
2969 secure = 0;
2970
744cf19e 2971 mgmt_pin_code_request(hdev, &ev->bdaddr, secure);
a770bb5a 2972 }
980e1a53 2973
b6f98044 2974unlock:
052b30b0 2975 hci_dev_unlock(hdev);
a9de9248
MH		 2976}
2977
6039aa73 2978static void hci_link_key_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248 2979{
55ed8ca1
JH		 2980 struct hci_ev_link_key_req *ev = (void *) skb->data;
2981 struct hci_cp_link_key_reply cp;
2982 struct hci_conn *conn;
2983 struct link_key *key;
2984
a9de9248 2985 BT_DBG("%s", hdev->name);
55ed8ca1 2986
034cbea0 2987 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
55ed8ca1
JH		 2988 return;
2989
2990 hci_dev_lock(hdev);
2991
2992 key = hci_find_link_key(hdev, &ev->bdaddr);
2993 if (!key) {
6ed93dc6
AE		 2994 BT_DBG("%s link key not found for %pMR", hdev->name,
2995 &ev->bdaddr);
55ed8ca1
JH		 2996 goto not_found;
2997 }
2998
6ed93dc6
AE		 2999 BT_DBG("%s found key type %u for %pMR", hdev->name, key->type,
3000 &ev->bdaddr);
55ed8ca1 3001
a8b2d5c2 3002 if (!test_bit(HCI_DEBUG_KEYS, &hdev->dev_flags) &&
807deac2 3003 key->type == HCI_LK_DEBUG_COMBINATION) {
55ed8ca1
JH		 3004 BT_DBG("%s ignoring debug key", hdev->name);
3005 goto not_found;
3006 }
3007
3008 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
60b83f57 3009 if (conn) {
66138ce8
MH		 3010 if ((key->type == HCI_LK_UNAUTH_COMBINATION_P192 ||
3011 key->type == HCI_LK_UNAUTH_COMBINATION_P256) &&
807deac2 3012 conn->auth_type != 0xff && (conn->auth_type & 0x01)) {
60b83f57
WR		 3013 BT_DBG("%s ignoring unauthenticated key", hdev->name);
3014 goto not_found;
3015 }
55ed8ca1 3016
60b83f57 3017 if (key->type == HCI_LK_COMBINATION && key->pin_len < 16 &&
807deac2 3018 conn->pending_sec_level == BT_SECURITY_HIGH) {
8fc9ced3
GP		 3019 BT_DBG("%s ignoring key unauthenticated for high security",
3020 hdev->name);
60b83f57
WR		 3021 goto not_found;
3022 }
3023
3024 conn->key_type = key->type;
3025 conn->pin_length = key->pin_len;
55ed8ca1
JH		 3026 }
3027
3028 bacpy(&cp.bdaddr, &ev->bdaddr);
9b3b4460 3029 memcpy(cp.link_key, key->val, HCI_LINK_KEY_SIZE);
55ed8ca1
JH		 3030
3031 hci_send_cmd(hdev, HCI_OP_LINK_KEY_REPLY, sizeof(cp), &cp);
3032
3033 hci_dev_unlock(hdev);
3034
3035 return;
3036
3037not_found:
3038 hci_send_cmd(hdev, HCI_OP_LINK_KEY_NEG_REPLY, 6, &ev->bdaddr);
3039 hci_dev_unlock(hdev);
a9de9248
MH		 3040}
3041
6039aa73 3042static void hci_link_key_notify_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248 3043{
052b30b0
MH		 3044 struct hci_ev_link_key_notify *ev = (void *) skb->data;
3045 struct hci_conn *conn;
55ed8ca1 3046 u8 pin_len = 0;
052b30b0 3047
a9de9248 3048 BT_DBG("%s", hdev->name);
052b30b0
MH		 3049
3050 hci_dev_lock(hdev);
3051
3052 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3053 if (conn) {
3054 hci_conn_hold(conn);
3055 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
980e1a53 3056 pin_len = conn->pin_length;
13d39315
WR		 3057
3058 if (ev->key_type != HCI_LK_CHANGED_COMBINATION)
3059 conn->key_type = ev->key_type;
3060
76a68ba0 3061 hci_conn_drop(conn);
052b30b0
MH		 3062 }
3063
034cbea0 3064 if (test_bit(HCI_MGMT, &hdev->dev_flags))
d25e28ab 3065 hci_add_link_key(hdev, conn, 1, &ev->bdaddr, ev->link_key,
807deac2 3066 ev->key_type, pin_len);
55ed8ca1 3067
052b30b0 3068 hci_dev_unlock(hdev);
a9de9248
MH		 3069}
3070
6039aa73 3071static void hci_clock_offset_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 3072{
a9de9248 3073 struct hci_ev_clock_offset *ev = (void *) skb->data;
04837f64 3074 struct hci_conn *conn;
1da177e4 3075
9f1db00c 3076 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
1da177e4
LT		 3077
3078 hci_dev_lock(hdev);
3079
04837f64 3080 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1da177e4
LT		 3081 if (conn && !ev->status) {
3082 struct inquiry_entry *ie;
3083
cc11b9c1
AE		 3084 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
3085 if (ie) {
1da177e4
LT		 3086 ie->data.clock_offset = ev->clock_offset;
3087 ie->timestamp = jiffies;
3088 }
3089 }
3090
3091 hci_dev_unlock(hdev);
3092}
3093
6039aa73 3094static void hci_pkt_type_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
a8746417
MH		 3095{
3096 struct hci_ev_pkt_type_change *ev = (void *) skb->data;
3097 struct hci_conn *conn;
3098
9f1db00c 3099 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
a8746417
MH		 3100
3101 hci_dev_lock(hdev);
3102
3103 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
3104 if (conn && !ev->status)
3105 conn->pkt_type = __le16_to_cpu(ev->pkt_type);
3106
3107 hci_dev_unlock(hdev);
3108}
3109
6039aa73 3110static void hci_pscan_rep_mode_evt(struct hci_dev *hdev, struct sk_buff *skb)
85a1e930 3111{
a9de9248 3112 struct hci_ev_pscan_rep_mode *ev = (void *) skb->data;
85a1e930
MH		 3113 struct inquiry_entry *ie;
3114
3115 BT_DBG("%s", hdev->name);
3116
3117 hci_dev_lock(hdev);
3118
cc11b9c1
AE		 3119 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
3120 if (ie) {
85a1e930
MH		 3121 ie->data.pscan_rep_mode = ev->pscan_rep_mode;
3122 ie->timestamp = jiffies;
3123 }
3124
3125 hci_dev_unlock(hdev);
3126}
3127
6039aa73
GP		 3128static void hci_inquiry_result_with_rssi_evt(struct hci_dev *hdev,
3129 struct sk_buff *skb)
a9de9248
MH		 3130{
3131 struct inquiry_data data;
3132 int num_rsp = *((__u8 *) skb->data);
388fc8fa 3133 bool name_known, ssp;
a9de9248
MH		 3134
3135 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
3136
3137 if (!num_rsp)
3138 return;
3139
1519cc17
AG		 3140 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags))
3141 return;
3142
a9de9248
MH		 3143 hci_dev_lock(hdev);
3144
3145 if ((skb->len - 1) / num_rsp != sizeof(struct inquiry_info_with_rssi)) {
138d22ef
SJ		 3146 struct inquiry_info_with_rssi_and_pscan_mode *info;
3147 info = (void *) (skb->data + 1);
a9de9248 3148
e17acd40 3149 for (; num_rsp; num_rsp--, info++) {
a9de9248
MH		 3150 bacpy(&data.bdaddr, &info->bdaddr);
3151 data.pscan_rep_mode = info->pscan_rep_mode;
3152 data.pscan_period_mode = info->pscan_period_mode;
3153 data.pscan_mode = info->pscan_mode;
3154 memcpy(data.dev_class, info->dev_class, 3);
3155 data.clock_offset = info->clock_offset;
3156 data.rssi = info->rssi;
41a96212 3157 data.ssp_mode = 0x00;
3175405b
JH		 3158
3159 name_known = hci_inquiry_cache_update(hdev, &data,
04124681 3160 false, &ssp);
48264f06 3161 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
04124681 3162 info->dev_class, info->rssi,
5d2e9fad 3163 !name_known, ssp, NULL, 0, NULL, 0);
a9de9248
MH		 3164 }
3165 } else {
3166 struct inquiry_info_with_rssi *info = (void *) (skb->data + 1);
3167
e17acd40 3168 for (; num_rsp; num_rsp--, info++) {
a9de9248
MH		 3169 bacpy(&data.bdaddr, &info->bdaddr);
3170 data.pscan_rep_mode = info->pscan_rep_mode;
3171 data.pscan_period_mode = info->pscan_period_mode;
3172 data.pscan_mode = 0x00;
3173 memcpy(data.dev_class, info->dev_class, 3);
3174 data.clock_offset = info->clock_offset;
3175 data.rssi = info->rssi;
41a96212 3176 data.ssp_mode = 0x00;
3175405b 3177 name_known = hci_inquiry_cache_update(hdev, &data,
04124681 3178 false, &ssp);
48264f06 3179 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
04124681 3180 info->dev_class, info->rssi,
5d2e9fad 3181 !name_known, ssp, NULL, 0, NULL, 0);
a9de9248
MH		 3182 }
3183 }
3184
3185 hci_dev_unlock(hdev);
3186}
3187
6039aa73
GP		 3188static void hci_remote_ext_features_evt(struct hci_dev *hdev,
3189 struct sk_buff *skb)
a9de9248 3190{
41a96212
MH		 3191 struct hci_ev_remote_ext_features *ev = (void *) skb->data;
3192 struct hci_conn *conn;
3193
a9de9248 3194 BT_DBG("%s", hdev->name);
41a96212 3195
41a96212
MH		 3196 hci_dev_lock(hdev);
3197
3198 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
ccd556fe
JH		 3199 if (!conn)
3200 goto unlock;
41a96212 3201
cad718ed
JH		 3202 if (ev->page < HCI_MAX_PAGES)
3203 memcpy(conn->features[ev->page], ev->features, 8);
3204
ccd556fe
JH		 3205 if (!ev->status && ev->page == 0x01) {
3206 struct inquiry_entry *ie;
41a96212 3207
cc11b9c1
AE		 3208 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
3209 if (ie)
02b7cc62 3210 ie->data.ssp_mode = (ev->features[0] & LMP_HOST_SSP);
769be974 3211
bbb0eada 3212 if (ev->features[0] & LMP_HOST_SSP) {
58a681ef 3213 set_bit(HCI_CONN_SSP_ENABLED, &conn->flags);
bbb0eada
JK		 3214 } else {
3215 /* It is mandatory by the Bluetooth specification that
3216 * Extended Inquiry Results are only used when Secure
3217 * Simple Pairing is enabled, but some devices violate
3218 * this.
3219 *
3220 * To make these devices work, the internal SSP
3221 * enabled flag needs to be cleared if the remote host
3222 * features do not indicate SSP support */
3223 clear_bit(HCI_CONN_SSP_ENABLED, &conn->flags);
3224 }
eb9a8f3f
MH		 3225
3226 if (ev->features[0] & LMP_HOST_SC)
3227 set_bit(HCI_CONN_SC_ENABLED, &conn->flags);
ccd556fe
JH		 3228 }
3229
3230 if (conn->state != BT_CONFIG)
3231 goto unlock;
3232
671267bf 3233 if (!ev->status && !test_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags)) {
127178d2
JH		 3234 struct hci_cp_remote_name_req cp;
3235 memset(&cp, 0, sizeof(cp));
3236 bacpy(&cp.bdaddr, &conn->dst);
3237 cp.pscan_rep_mode = 0x02;
3238 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
b644ba33
JH		 3239 } else if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
3240 mgmt_device_connected(hdev, &conn->dst, conn->type,
04124681
GP		 3241 conn->dst_type, 0, NULL, 0,
3242 conn->dev_class);
392599b9 3243
127178d2 3244 if (!hci_outgoing_auth_needed(hdev, conn)) {
ccd556fe
JH		 3245 conn->state = BT_CONNECTED;
3246 hci_proto_connect_cfm(conn, ev->status);
76a68ba0 3247 hci_conn_drop(conn);
41a96212
MH		 3248 }
3249
ccd556fe 3250unlock:
41a96212 3251 hci_dev_unlock(hdev);
a9de9248
MH		 3252}
3253
6039aa73
GP		 3254static void hci_sync_conn_complete_evt(struct hci_dev *hdev,
3255 struct sk_buff *skb)
a9de9248 3256{
b6a0dc82
MH		 3257 struct hci_ev_sync_conn_complete *ev = (void *) skb->data;
3258 struct hci_conn *conn;
3259
9f1db00c 3260 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
b6a0dc82
MH		 3261
3262 hci_dev_lock(hdev);
3263
3264 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
9dc0a3af
MH		 3265 if (!conn) {
3266 if (ev->link_type == ESCO_LINK)
3267 goto unlock;
3268
3269 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
3270 if (!conn)
3271 goto unlock;
3272
3273 conn->type = SCO_LINK;
3274 }
b6a0dc82 3275
732547f9
MH		 3276 switch (ev->status) {
3277 case 0x00:
b6a0dc82
MH		 3278 conn->handle = __le16_to_cpu(ev->handle);
3279 conn->state = BT_CONNECTED;
7d0db0a3
MH		 3280
3281 hci_conn_add_sysfs(conn);
732547f9
MH		 3282 break;
3283
1a4c958c 3284 case 0x0d: /* Connection Rejected due to Limited Resources */
705e5711 3285 case 0x11: /* Unsupported Feature or Parameter Value */
732547f9 3286 case 0x1c: /* SCO interval rejected */
1038a00b 3287 case 0x1a: /* Unsupported Remote Feature */
732547f9 3288 case 0x1f: /* Unspecified error */
27539bc4 3289 case 0x20: /* Unsupported LMP Parameter value */
2dea632f 3290 if (conn->out) {
732547f9
MH		 3291 conn->pkt_type = (hdev->esco_type & SCO_ESCO_MASK) |
3292 (hdev->esco_type & EDR_ESCO_MASK);
2dea632f
FD		 3293 if (hci_setup_sync(conn, conn->link->handle))
3294 goto unlock;
732547f9
MH		 3295 }
3296 /* fall through */
3297
3298 default:
b6a0dc82 3299 conn->state = BT_CLOSED;
732547f9
MH		 3300 break;
3301 }
b6a0dc82
MH		 3302
3303 hci_proto_connect_cfm(conn, ev->status);
3304 if (ev->status)
3305 hci_conn_del(conn);
3306
3307unlock:
3308 hci_dev_unlock(hdev);
a9de9248
MH		 3309}
3310
efdcf8e3
MH		 3311static inline size_t eir_get_length(u8 *eir, size_t eir_len)
3312{
3313 size_t parsed = 0;
3314
3315 while (parsed < eir_len) {
3316 u8 field_len = eir[0];
3317
3318 if (field_len == 0)
3319 return parsed;
3320
3321 parsed += field_len + 1;
3322 eir += field_len + 1;
3323 }
3324
3325 return eir_len;
3326}
3327
6039aa73
GP		 3328static void hci_extended_inquiry_result_evt(struct hci_dev *hdev,
3329 struct sk_buff *skb)
1da177e4 3330{
a9de9248
MH		 3331 struct inquiry_data data;
3332 struct extended_inquiry_info *info = (void *) (skb->data + 1);
3333 int num_rsp = *((__u8 *) skb->data);
9d939d94 3334 size_t eir_len;
1da177e4 3335
a9de9248 3336 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
1da177e4 3337
a9de9248
MH		 3338 if (!num_rsp)
3339 return;
1da177e4 3340
1519cc17
AG		 3341 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags))
3342 return;
3343
a9de9248
MH		 3344 hci_dev_lock(hdev);
3345
e17acd40 3346 for (; num_rsp; num_rsp--, info++) {
388fc8fa 3347 bool name_known, ssp;
561aafbc 3348
a9de9248 3349 bacpy(&data.bdaddr, &info->bdaddr);
138d22ef
SJ		 3350 data.pscan_rep_mode = info->pscan_rep_mode;
3351 data.pscan_period_mode = info->pscan_period_mode;
3352 data.pscan_mode = 0x00;
a9de9248 3353 memcpy(data.dev_class, info->dev_class, 3);
138d22ef
SJ		 3354 data.clock_offset = info->clock_offset;
3355 data.rssi = info->rssi;
41a96212 3356 data.ssp_mode = 0x01;
561aafbc 3357
a8b2d5c2 3358 if (test_bit(HCI_MGMT, &hdev->dev_flags))
4ddb1930 3359 name_known = eir_has_data_type(info->data,
04124681
GP		 3360 sizeof(info->data),
3361 EIR_NAME_COMPLETE);
561aafbc
JH		 3362 else
3363 name_known = true;
3364
388fc8fa 3365 name_known = hci_inquiry_cache_update(hdev, &data, name_known,
04124681 3366 &ssp);
9d939d94 3367 eir_len = eir_get_length(info->data, sizeof(info->data));
48264f06 3368 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
04124681 3369 info->dev_class, info->rssi, !name_known,
5d2e9fad 3370 ssp, info->data, eir_len, NULL, 0);
a9de9248
MH		 3371 }
3372
3373 hci_dev_unlock(hdev);
3374}
1da177e4 3375
1c2e0041
JH		 3376static void hci_key_refresh_complete_evt(struct hci_dev *hdev,
3377 struct sk_buff *skb)
3378{
3379 struct hci_ev_key_refresh_complete *ev = (void *) skb->data;
3380 struct hci_conn *conn;
3381
9f1db00c 3382 BT_DBG("%s status 0x%2.2x handle 0x%4.4x", hdev->name, ev->status,
1c2e0041
JH		 3383 __le16_to_cpu(ev->handle));
3384
3385 hci_dev_lock(hdev);
3386
3387 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
3388 if (!conn)
3389 goto unlock;
3390
3391 if (!ev->status)
3392 conn->sec_level = conn->pending_sec_level;
3393
3394 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
3395
3396 if (ev->status && conn->state == BT_CONNECTED) {
bed71748 3397 hci_disconnect(conn, HCI_ERROR_AUTH_FAILURE);
76a68ba0 3398 hci_conn_drop(conn);
1c2e0041
JH		 3399 goto unlock;
3400 }
3401
3402 if (conn->state == BT_CONFIG) {
3403 if (!ev->status)
3404 conn->state = BT_CONNECTED;
3405
3406 hci_proto_connect_cfm(conn, ev->status);
76a68ba0 3407 hci_conn_drop(conn);
1c2e0041
JH		 3408 } else {
3409 hci_auth_cfm(conn, ev->status);
3410
3411 hci_conn_hold(conn);
3412 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
76a68ba0 3413 hci_conn_drop(conn);
1c2e0041
JH		 3414 }
3415
3416unlock:
3417 hci_dev_unlock(hdev);
3418}
3419
6039aa73 3420static u8 hci_get_auth_req(struct hci_conn *conn)
17fa4b9d
JH		 3421{
3422 /* If remote requests dedicated bonding follow that lead */
acabae96
MA		 3423 if (conn->remote_auth == HCI_AT_DEDICATED_BONDING ||
3424 conn->remote_auth == HCI_AT_DEDICATED_BONDING_MITM) {
17fa4b9d
JH		 3425 /* If both remote and local IO capabilities allow MITM
3426 * protection then require it, otherwise don't */
acabae96
MA		 3427 if (conn->remote_cap == HCI_IO_NO_INPUT_OUTPUT ||
3428 conn->io_capability == HCI_IO_NO_INPUT_OUTPUT)
3429 return HCI_AT_DEDICATED_BONDING;
17fa4b9d 3430 else
acabae96 3431 return HCI_AT_DEDICATED_BONDING_MITM;
17fa4b9d
JH		 3432 }
3433
3434 /* If remote requests no-bonding follow that lead */
acabae96
MA		 3435 if (conn->remote_auth == HCI_AT_NO_BONDING ||
3436 conn->remote_auth == HCI_AT_NO_BONDING_MITM)
58797bf7 3437 return conn->remote_auth | (conn->auth_type & 0x01);
17fa4b9d
JH		 3438
3439 return conn->auth_type;
3440}
3441
6039aa73 3442static void hci_io_capa_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
0493684e
MH		 3443{
3444 struct hci_ev_io_capa_request *ev = (void *) skb->data;
3445 struct hci_conn *conn;
3446
3447 BT_DBG("%s", hdev->name);
3448
3449 hci_dev_lock(hdev);
3450
3451 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
03b555e1
JH		 3452 if (!conn)
3453 goto unlock;
3454
3455 hci_conn_hold(conn);
3456
a8b2d5c2 3457 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
03b555e1
JH		 3458 goto unlock;
3459
a8b2d5c2 3460 if (test_bit(HCI_PAIRABLE, &hdev->dev_flags) ||
807deac2 3461 (conn->remote_auth & ~0x01) == HCI_AT_NO_BONDING) {
17fa4b9d
JH		 3462 struct hci_cp_io_capability_reply cp;
3463
3464 bacpy(&cp.bdaddr, &ev->bdaddr);
7a7f1e7c
HG		 3465 /* Change the IO capability from KeyboardDisplay
3466 * to DisplayYesNo as it is not supported by BT spec. */
3467 cp.capability = (conn->io_capability == 0x04) ?
a767631a 3468 HCI_IO_DISPLAY_YESNO : conn->io_capability;
7cbc9bd9
JH		 3469 conn->auth_type = hci_get_auth_req(conn);
3470 cp.authentication = conn->auth_type;
17fa4b9d 3471
8fc9ced3
GP		 3472 if (hci_find_remote_oob_data(hdev, &conn->dst) &&
3473 (conn->out || test_bit(HCI_CONN_REMOTE_OOB, &conn->flags)))
ce85ee13
SJ		 3474 cp.oob_data = 0x01;
3475 else
3476 cp.oob_data = 0x00;
3477
17fa4b9d 3478 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_REPLY,
807deac2 3479 sizeof(cp), &cp);
03b555e1
JH		 3480 } else {
3481 struct hci_cp_io_capability_neg_reply cp;
3482
3483 bacpy(&cp.bdaddr, &ev->bdaddr);
9f5a0d7b 3484 cp.reason = HCI_ERROR_PAIRING_NOT_ALLOWED;
0493684e 3485
03b555e1 3486 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_NEG_REPLY,
807deac2 3487 sizeof(cp), &cp);
03b555e1
JH		 3488 }
3489
3490unlock:
3491 hci_dev_unlock(hdev);
3492}
3493
6039aa73 3494static void hci_io_capa_reply_evt(struct hci_dev *hdev, struct sk_buff *skb)
03b555e1
JH		 3495{
3496 struct hci_ev_io_capa_reply *ev = (void *) skb->data;
3497 struct hci_conn *conn;
3498
3499 BT_DBG("%s", hdev->name);
3500
3501 hci_dev_lock(hdev);
3502
3503 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3504 if (!conn)
3505 goto unlock;
3506
03b555e1 3507 conn->remote_cap = ev->capability;
03b555e1 3508 conn->remote_auth = ev->authentication;
58a681ef
JH		 3509 if (ev->oob_data)
3510 set_bit(HCI_CONN_REMOTE_OOB, &conn->flags);
03b555e1
JH		 3511
3512unlock:
0493684e
MH		 3513 hci_dev_unlock(hdev);
3514}
3515
6039aa73
GP		 3516static void hci_user_confirm_request_evt(struct hci_dev *hdev,
3517 struct sk_buff *skb)
a5c29683
JH		 3518{
3519 struct hci_ev_user_confirm_req *ev = (void *) skb->data;
55bc1a37 3520 int loc_mitm, rem_mitm, confirm_hint = 0;
7a828908 3521 struct hci_conn *conn;
a5c29683
JH		 3522
3523 BT_DBG("%s", hdev->name);
3524
3525 hci_dev_lock(hdev);
3526
a8b2d5c2 3527 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
7a828908 3528 goto unlock;
a5c29683 3529
7a828908
JH		 3530 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3531 if (!conn)
3532 goto unlock;
3533
3534 loc_mitm = (conn->auth_type & 0x01);
3535 rem_mitm = (conn->remote_auth & 0x01);
3536
3537 /* If we require MITM but the remote device can't provide that
3538 * (it has NoInputNoOutput) then reject the confirmation
3539 * request. The only exception is when we're dedicated bonding
3540 * initiators (connect_cfm_cb set) since then we always have the MITM
3541 * bit set. */
a767631a
MA		 3542 if (!conn->connect_cfm_cb && loc_mitm &&
3543 conn->remote_cap == HCI_IO_NO_INPUT_OUTPUT) {
7a828908
JH		 3544 BT_DBG("Rejecting request: remote device can't provide MITM");
3545 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_NEG_REPLY,
807deac2 3546 sizeof(ev->bdaddr), &ev->bdaddr);
7a828908
JH		 3547 goto unlock;
3548 }
3549
3550 /* If no side requires MITM protection; auto-accept */
a767631a
MA		 3551 if ((!loc_mitm || conn->remote_cap == HCI_IO_NO_INPUT_OUTPUT) &&
3552 (!rem_mitm || conn->io_capability == HCI_IO_NO_INPUT_OUTPUT)) {
55bc1a37
JH		 3553
3554 /* If we're not the initiators request authorization to
3555 * proceed from user space (mgmt_user_confirm with
3556 * confirm_hint set to 1). */
51a8efd7 3557 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
55bc1a37
JH		 3558 BT_DBG("Confirming auto-accept as acceptor");
3559 confirm_hint = 1;
3560 goto confirm;
3561 }
3562
9f61656a 3563 BT_DBG("Auto-accept of user confirmation with %ums delay",
807deac2 3564 hdev->auto_accept_delay);
9f61656a
JH		 3565
3566 if (hdev->auto_accept_delay > 0) {
3567 int delay = msecs_to_jiffies(hdev->auto_accept_delay);
7bc18d9d
JH		 3568 queue_delayed_work(conn->hdev->workqueue,
3569 &conn->auto_accept_work, delay);
9f61656a
JH		 3570 goto unlock;
3571 }
3572
7a828908 3573 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_REPLY,
807deac2 3574 sizeof(ev->bdaddr), &ev->bdaddr);
7a828908
JH		 3575 goto unlock;
3576 }
3577
55bc1a37 3578confirm:
39adbffe
JH		 3579 mgmt_user_confirm_request(hdev, &ev->bdaddr, ACL_LINK, 0,
3580 le32_to_cpu(ev->passkey), confirm_hint);
7a828908
JH		 3581
3582unlock:
a5c29683
JH		 3583 hci_dev_unlock(hdev);
3584}
3585
6039aa73
GP		 3586static void hci_user_passkey_request_evt(struct hci_dev *hdev,
3587 struct sk_buff *skb)
1143d458
BG		 3588{
3589 struct hci_ev_user_passkey_req *ev = (void *) skb->data;
3590
3591 BT_DBG("%s", hdev->name);
3592
a8b2d5c2 3593 if (test_bit(HCI_MGMT, &hdev->dev_flags))
272d90df 3594 mgmt_user_passkey_request(hdev, &ev->bdaddr, ACL_LINK, 0);
1143d458
BG		 3595}
3596
92a25256
JH		 3597static void hci_user_passkey_notify_evt(struct hci_dev *hdev,
3598 struct sk_buff *skb)
3599{
3600 struct hci_ev_user_passkey_notify *ev = (void *) skb->data;
3601 struct hci_conn *conn;
3602
3603 BT_DBG("%s", hdev->name);
3604
3605 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3606 if (!conn)
3607 return;
3608
3609 conn->passkey_notify = __le32_to_cpu(ev->passkey);
3610 conn->passkey_entered = 0;
3611
3612 if (test_bit(HCI_MGMT, &hdev->dev_flags))
3613 mgmt_user_passkey_notify(hdev, &conn->dst, conn->type,
3614 conn->dst_type, conn->passkey_notify,
3615 conn->passkey_entered);
3616}
3617
3618static void hci_keypress_notify_evt(struct hci_dev *hdev, struct sk_buff *skb)
3619{
3620 struct hci_ev_keypress_notify *ev = (void *) skb->data;
3621 struct hci_conn *conn;
3622
3623 BT_DBG("%s", hdev->name);
3624
3625 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3626 if (!conn)
3627 return;
3628
3629 switch (ev->type) {
3630 case HCI_KEYPRESS_STARTED:
3631 conn->passkey_entered = 0;
3632 return;
3633
3634 case HCI_KEYPRESS_ENTERED:
3635 conn->passkey_entered++;
3636 break;
3637
3638 case HCI_KEYPRESS_ERASED:
3639 conn->passkey_entered--;
3640 break;
3641
3642 case HCI_KEYPRESS_CLEARED:
3643 conn->passkey_entered = 0;
3644 break;
3645
3646 case HCI_KEYPRESS_COMPLETED:
3647 return;
3648 }
3649
3650 if (test_bit(HCI_MGMT, &hdev->dev_flags))
3651 mgmt_user_passkey_notify(hdev, &conn->dst, conn->type,
3652 conn->dst_type, conn->passkey_notify,
3653 conn->passkey_entered);
3654}
3655
6039aa73
GP		 3656static void hci_simple_pair_complete_evt(struct hci_dev *hdev,
3657 struct sk_buff *skb)
0493684e
MH		 3658{
3659 struct hci_ev_simple_pair_complete *ev = (void *) skb->data;
3660 struct hci_conn *conn;
3661
3662 BT_DBG("%s", hdev->name);
3663
3664 hci_dev_lock(hdev);
3665
3666 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2a611692
JH		 3667 if (!conn)
3668 goto unlock;
3669
3670 /* To avoid duplicate auth_failed events to user space we check
3671 * the HCI_CONN_AUTH_PEND flag which will be set if we
3672 * initiated the authentication. A traditional auth_complete
3673 * event gets always produced as initiator and is also mapped to
3674 * the mgmt_auth_failed event */
fa1bd918 3675 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->flags) && ev->status)
bab73cb6 3676 mgmt_auth_failed(hdev, &conn->dst, conn->type, conn->dst_type,
04124681 3677 ev->status);
0493684e 3678
76a68ba0 3679 hci_conn_drop(conn);
2a611692
JH		 3680
3681unlock:
0493684e
MH		 3682 hci_dev_unlock(hdev);
3683}
3684
6039aa73
GP		 3685static void hci_remote_host_features_evt(struct hci_dev *hdev,
3686 struct sk_buff *skb)
41a96212
MH		 3687{
3688 struct hci_ev_remote_host_features *ev = (void *) skb->data;
3689 struct inquiry_entry *ie;
cad718ed 3690 struct hci_conn *conn;
41a96212
MH		 3691
3692 BT_DBG("%s", hdev->name);
3693
3694 hci_dev_lock(hdev);
3695
cad718ed
JH		 3696 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3697 if (conn)
3698 memcpy(conn->features[1], ev->features, 8);
3699
cc11b9c1
AE		 3700 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
3701 if (ie)
02b7cc62 3702 ie->data.ssp_mode = (ev->features[0] & LMP_HOST_SSP);
41a96212
MH		 3703
3704 hci_dev_unlock(hdev);
3705}
3706
6039aa73
GP		 3707static void hci_remote_oob_data_request_evt(struct hci_dev *hdev,
3708 struct sk_buff *skb)
2763eda6
SJ		 3709{
3710 struct hci_ev_remote_oob_data_request *ev = (void *) skb->data;
3711 struct oob_data *data;
3712
3713 BT_DBG("%s", hdev->name);
3714
3715 hci_dev_lock(hdev);
3716
a8b2d5c2 3717 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
e1ba1f15
SJ		 3718 goto unlock;
3719
2763eda6
SJ		 3720 data = hci_find_remote_oob_data(hdev, &ev->bdaddr);
3721 if (data) {
519ca9d0
MH		 3722 if (test_bit(HCI_SC_ENABLED, &hdev->dev_flags)) {
3723 struct hci_cp_remote_oob_ext_data_reply cp;
2763eda6 3724
519ca9d0
MH		 3725 bacpy(&cp.bdaddr, &ev->bdaddr);
3726 memcpy(cp.hash192, data->hash192, sizeof(cp.hash192));
3727 memcpy(cp.randomizer192, data->randomizer192,
3728 sizeof(cp.randomizer192));
3729 memcpy(cp.hash256, data->hash256, sizeof(cp.hash256));
3730 memcpy(cp.randomizer256, data->randomizer256,
3731 sizeof(cp.randomizer256));
3732
3733 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_EXT_DATA_REPLY,
3734 sizeof(cp), &cp);
3735 } else {
3736 struct hci_cp_remote_oob_data_reply cp;
2763eda6 3737
519ca9d0
MH		 3738 bacpy(&cp.bdaddr, &ev->bdaddr);
3739 memcpy(cp.hash, data->hash192, sizeof(cp.hash));
3740 memcpy(cp.randomizer, data->randomizer192,
3741 sizeof(cp.randomizer));
3742
3743 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_REPLY,
3744 sizeof(cp), &cp);
3745 }
2763eda6
SJ		 3746 } else {
3747 struct hci_cp_remote_oob_data_neg_reply cp;
3748
3749 bacpy(&cp.bdaddr, &ev->bdaddr);
519ca9d0
MH		 3750 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_NEG_REPLY,
3751 sizeof(cp), &cp);
2763eda6
SJ		 3752 }
3753
e1ba1f15 3754unlock:
2763eda6
SJ		 3755 hci_dev_unlock(hdev);
3756}
3757
d5e91192
AE		 3758static void hci_phy_link_complete_evt(struct hci_dev *hdev,
3759 struct sk_buff *skb)
3760{
3761 struct hci_ev_phy_link_complete *ev = (void *) skb->data;
3762 struct hci_conn *hcon, *bredr_hcon;
3763
3764 BT_DBG("%s handle 0x%2.2x status 0x%2.2x", hdev->name, ev->phy_handle,
3765 ev->status);
3766
3767 hci_dev_lock(hdev);
3768
3769 hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
3770 if (!hcon) {
3771 hci_dev_unlock(hdev);
3772 return;
3773 }
3774
3775 if (ev->status) {
3776 hci_conn_del(hcon);
3777 hci_dev_unlock(hdev);
3778 return;
3779 }
3780
3781 bredr_hcon = hcon->amp_mgr->l2cap_conn->hcon;
3782
3783 hcon->state = BT_CONNECTED;
3784 bacpy(&hcon->dst, &bredr_hcon->dst);
3785
3786 hci_conn_hold(hcon);
3787 hcon->disc_timeout = HCI_DISCONN_TIMEOUT;
76a68ba0 3788 hci_conn_drop(hcon);
d5e91192 3789
d5e91192
AE		 3790 hci_conn_add_sysfs(hcon);
3791
cf70ff22 3792 amp_physical_cfm(bredr_hcon, hcon);
d5e91192 3793
cf70ff22 3794 hci_dev_unlock(hdev);
d5e91192
AE		 3795}
3796
27695fb4
AE		 3797static void hci_loglink_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
3798{
3799 struct hci_ev_logical_link_complete *ev = (void *) skb->data;
3800 struct hci_conn *hcon;
3801 struct hci_chan *hchan;
3802 struct amp_mgr *mgr;
3803
3804 BT_DBG("%s log_handle 0x%4.4x phy_handle 0x%2.2x status 0x%2.2x",
3805 hdev->name, le16_to_cpu(ev->handle), ev->phy_handle,
3806 ev->status);
3807
3808 hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
3809 if (!hcon)
3810 return;
3811
3812 /* Create AMP hchan */
3813 hchan = hci_chan_create(hcon);
3814 if (!hchan)
3815 return;
3816
3817 hchan->handle = le16_to_cpu(ev->handle);
3818
3819 BT_DBG("hcon %p mgr %p hchan %p", hcon, hcon->amp_mgr, hchan);
3820
3821 mgr = hcon->amp_mgr;
3822 if (mgr && mgr->bredr_chan) {
3823 struct l2cap_chan *bredr_chan = mgr->bredr_chan;
3824
3825 l2cap_chan_lock(bredr_chan);
3826
3827 bredr_chan->conn->mtu = hdev->block_mtu;
3828 l2cap_logical_cfm(bredr_chan, hchan, 0);
3829 hci_conn_hold(hcon);
3830
3831 l2cap_chan_unlock(bredr_chan);
3832 }
3833}
3834
606e2a10
AE		 3835static void hci_disconn_loglink_complete_evt(struct hci_dev *hdev,
3836 struct sk_buff *skb)
3837{
3838 struct hci_ev_disconn_logical_link_complete *ev = (void *) skb->data;
3839 struct hci_chan *hchan;
3840
3841 BT_DBG("%s log handle 0x%4.4x status 0x%2.2x", hdev->name,
3842 le16_to_cpu(ev->handle), ev->status);
3843
3844 if (ev->status)
3845 return;
3846
3847 hci_dev_lock(hdev);
3848
3849 hchan = hci_chan_lookup_handle(hdev, le16_to_cpu(ev->handle));
3850 if (!hchan)
3851 goto unlock;
3852
3853 amp_destroy_logical_link(hchan, ev->reason);
3854
3855unlock:
3856 hci_dev_unlock(hdev);
3857}
3858
9eef6b3a
AE		 3859static void hci_disconn_phylink_complete_evt(struct hci_dev *hdev,
3860 struct sk_buff *skb)
3861{
3862 struct hci_ev_disconn_phy_link_complete *ev = (void *) skb->data;
3863 struct hci_conn *hcon;
3864
3865 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
3866
3867 if (ev->status)
3868 return;
3869
3870 hci_dev_lock(hdev);
3871
3872 hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
3873 if (hcon) {
3874 hcon->state = BT_CLOSED;
3875 hci_conn_del(hcon);
3876 }
3877
3878 hci_dev_unlock(hdev);
3879}
3880
6039aa73 3881static void hci_le_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
fcd89c09
VT		 3882{
3883 struct hci_ev_le_conn_complete *ev = (void *) skb->data;
3884 struct hci_conn *conn;
68d6f6de 3885 struct smp_irk *irk;
fcd89c09 3886
9f1db00c 3887 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
fcd89c09
VT		 3888
3889 hci_dev_lock(hdev);
3890
b47a09b3 3891 conn = hci_conn_hash_lookup_state(hdev, LE_LINK, BT_CONNECT);
b62f328b
VT		 3892 if (!conn) {
3893 conn = hci_conn_add(hdev, LE_LINK, &ev->bdaddr);
3894 if (!conn) {
3895 BT_ERR("No memory for new connection");
230fd16a 3896 goto unlock;
b62f328b 3897 }
29b7988a
AG		 3898
3899 conn->dst_type = ev->bdaddr_type;
b9b343d2
AG		 3900
3901 if (ev->role == LE_CONN_ROLE_MASTER) {
3902 conn->out = true;
3903 conn->link_mode |= HCI_LM_MASTER;
3904 }
cb1d68f7
JH		 3905
3906 /* If we didn't have a hci_conn object previously
3907 * but we're in master role this must be something
3908 * initiated using a white list. Since white list based
3909 * connections are not "first class citizens" we don't
3910 * have full tracking of them. Therefore, we go ahead
3911 * with a "best effort" approach of determining the
3912 * initiator address based on the HCI_PRIVACY flag.
3913 */
3914 if (conn->out) {
3915 conn->resp_addr_type = ev->bdaddr_type;
3916 bacpy(&conn->resp_addr, &ev->bdaddr);
3917 if (test_bit(HCI_PRIVACY, &hdev->dev_flags)) {
3918 conn->init_addr_type = ADDR_LE_DEV_RANDOM;
3919 bacpy(&conn->init_addr, &hdev->rpa);
3920 } else {
3921 hci_copy_identity_address(hdev,
3922 &conn->init_addr,
3923 &conn->init_addr_type);
3924 }
cb1d68f7 3925 }
9489eca4
JH		 3926 } else {
3927 cancel_delayed_work(&conn->le_conn_timeout);
b62f328b 3928 }
fcd89c09 3929
80c24ab8
JH		 3930 if (!conn->out) {
3931 /* Set the responder (our side) address type based on
3932 * the advertising address type.
3933 */
3934 conn->resp_addr_type = hdev->adv_addr_type;
3935 if (hdev->adv_addr_type == ADDR_LE_DEV_RANDOM)
3936 bacpy(&conn->resp_addr, &hdev->random_addr);
3937 else
3938 bacpy(&conn->resp_addr, &hdev->bdaddr);
3939
3940 conn->init_addr_type = ev->bdaddr_type;
3941 bacpy(&conn->init_addr, &ev->bdaddr);
3942 }
3943
edb4b466
MH		 3944 /* Lookup the identity address from the stored connection
3945 * address and address type.
3946 *
3947 * When establishing connections to an identity address, the
3948 * connection procedure will store the resolvable random
3949 * address first. Now if it can be converted back into the
3950 * identity address, start using the identity address from
3951 * now on.
3952 */
3953 irk = hci_get_irk(hdev, &conn->dst, conn->dst_type);
68d6f6de
JH		 3954 if (irk) {
3955 bacpy(&conn->dst, &irk->bdaddr);
3956 conn->dst_type = irk->addr_type;
3957 }
3958
cd17decb 3959 if (ev->status) {
06c053fb 3960 hci_le_conn_failed(conn, ev->status);
cd17decb
AG		 3961 goto unlock;
3962 }
3963
b644ba33 3964 if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
01fdb0fc 3965 mgmt_device_connected(hdev, &conn->dst, conn->type,
04124681 3966 conn->dst_type, 0, NULL, 0, NULL);
83bc71b4 3967
7b5c0d52 3968 conn->sec_level = BT_SECURITY_LOW;
fcd89c09
VT		 3969 conn->handle = __le16_to_cpu(ev->handle);
3970 conn->state = BT_CONNECTED;
3971
18722c24
JR		 3972 if (test_bit(HCI_6LOWPAN_ENABLED, &hdev->dev_flags))
3973 set_bit(HCI_CONN_6LOWPAN, &conn->flags);
3974
fcd89c09
VT		 3975 hci_conn_add_sysfs(conn);
3976
3977 hci_proto_connect_cfm(conn, ev->status);
3978
a4790dbd
AG		 3979 hci_pend_le_conn_del(hdev, &conn->dst, conn->dst_type);
3980
fcd89c09
VT		 3981unlock:
3982 hci_dev_unlock(hdev);
3983}
3984
a4790dbd
AG		 3985/* This function requires the caller holds hdev->lock */
3986static void check_pending_le_conn(struct hci_dev *hdev, bdaddr_t *addr,
3987 u8 addr_type)
3988{
3989 struct hci_conn *conn;
5b906a84
AG		 3990 struct smp_irk *irk;
3991
3992 /* If this is a resolvable address, we should resolve it and then
3993 * update address and address type variables.
3994 */
3995 irk = hci_get_irk(hdev, addr, addr_type);
3996 if (irk) {
3997 addr = &irk->bdaddr;
3998 addr_type = irk->addr_type;
3999 }
a4790dbd
AG		 4000
4001 if (!hci_pend_le_conn_lookup(hdev, addr, addr_type))
4002 return;
4003
4004 conn = hci_connect_le(hdev, addr, addr_type, BT_SECURITY_LOW,
4005 HCI_AT_NO_BONDING);
4006 if (!IS_ERR(conn))
4007 return;
4008
4009 switch (PTR_ERR(conn)) {
4010 case -EBUSY:
4011 /* If hci_connect() returns -EBUSY it means there is already
4012 * an LE connection attempt going on. Since controllers don't
4013 * support more than one connection attempt at the time, we
4014 * don't consider this an error case.
4015 */
4016 break;
4017 default:
4018 BT_DBG("Failed to connect: err %ld", PTR_ERR(conn));
4019 }
4020}
4021
4af605d8
JH		 4022static void process_adv_report(struct hci_dev *hdev, u8 type, bdaddr_t *bdaddr,
4023 u8 bdaddr_type, s8 rssi, u8 *data, u8 len)
4024{
b9a6328f 4025 struct discovery_state *d = &hdev->discovery;
474ee066 4026 bool match;
b9a6328f 4027
ca5c4be7
JH		 4028 /* Passive scanning shouldn't trigger any device found events */
4029 if (hdev->le_scan_type == LE_SCAN_PASSIVE) {
4030 if (type == LE_ADV_IND || type == LE_ADV_DIRECT_IND)
4031 check_pending_le_conn(hdev, bdaddr, bdaddr_type);
4032 return;
4033 }
4af605d8 4034
b9a6328f
JH		 4035 /* If there's nothing pending either store the data from this
4036 * event or send an immediate device found event if the data
4037 * should not be stored for later.
4038 */
4039 if (!has_pending_adv_report(hdev)) {
4040 /* If the report will trigger a SCAN_REQ store it for
4041 * later merging.
4042 */
4043 if (type == LE_ADV_IND || type == LE_ADV_SCAN_IND) {
4044 store_pending_adv_report(hdev, bdaddr, bdaddr_type,
ff5cd29f 4045 rssi, data, len);
b9a6328f
JH		 4046 return;
4047 }
4048
4049 mgmt_device_found(hdev, bdaddr, LE_LINK, bdaddr_type, NULL,
4050 rssi, 0, 1, data, len, NULL, 0);
4051 return;
4052 }
4053
474ee066
JH		 4054 /* Check if the pending report is for the same device as the new one */
4055 match = (!bacmp(bdaddr, &d->last_adv_addr) &&
4056 bdaddr_type == d->last_adv_addr_type);
4057
b9a6328f
JH		 4058 /* If the pending data doesn't match this report or this isn't a
4059 * scan response (e.g. we got a duplicate ADV_IND) then force
4060 * sending of the pending data.
4061 */
474ee066
JH		 4062 if (type != LE_ADV_SCAN_RSP || !match) {
4063 /* Send out whatever is in the cache, but skip duplicates */
4064 if (!match)
4065 mgmt_device_found(hdev, &d->last_adv_addr, LE_LINK,
ff5cd29f
JH		 4066 d->last_adv_addr_type, NULL,
4067 d->last_adv_rssi, 0, 1,
4068 d->last_adv_data,
474ee066 4069 d->last_adv_data_len, NULL, 0);
b9a6328f
JH		 4070
4071 /* If the new report will trigger a SCAN_REQ store it for
4072 * later merging.
4073 */
4074 if (type == LE_ADV_IND || type == LE_ADV_SCAN_IND) {
4075 store_pending_adv_report(hdev, bdaddr, bdaddr_type,
ff5cd29f 4076 rssi, data, len);
b9a6328f
JH		 4077 return;
4078 }
4079
4080 /* The advertising reports cannot be merged, so clear
4081 * the pending report and send out a device found event.
4082 */
4083 clear_pending_adv_report(hdev);
5c5b93e4
JH		 4084 mgmt_device_found(hdev, bdaddr, LE_LINK, bdaddr_type, NULL,
4085 rssi, 0, 1, data, len, NULL, 0);
b9a6328f
JH		 4086 return;
4087 }
4088
4089 /* If we get here we've got a pending ADV_IND or ADV_SCAN_IND and
4090 * the new event is a SCAN_RSP. We can therefore proceed with
4091 * sending a merged device found event.
4092 */
4093 mgmt_device_found(hdev, &d->last_adv_addr, LE_LINK,
4094 d->last_adv_addr_type, NULL, rssi, 0, 1, data, len,
4095 d->last_adv_data, d->last_adv_data_len);
4096 clear_pending_adv_report(hdev);
4af605d8
JH		 4097}
4098
6039aa73 4099static void hci_le_adv_report_evt(struct hci_dev *hdev, struct sk_buff *skb)
9aa04c91 4100{
e95beb41
AG		 4101 u8 num_reports = skb->data[0];
4102 void *ptr = &skb->data[1];
9aa04c91 4103
a4790dbd
AG		 4104 hci_dev_lock(hdev);
4105
e95beb41
AG		 4106 while (num_reports--) {
4107 struct hci_ev_le_advertising_info *ev = ptr;
4af605d8 4108 s8 rssi;
a4790dbd 4109
3c9e9195 4110 rssi = ev->data[ev->length];
4af605d8
JH		 4111 process_adv_report(hdev, ev->evt_type, &ev->bdaddr,
4112 ev->bdaddr_type, rssi, ev->data, ev->length);
3c9e9195 4113
e95beb41 4114 ptr += sizeof(*ev) + ev->length + 1;
9aa04c91 4115 }
a4790dbd
AG		 4116
4117 hci_dev_unlock(hdev);
9aa04c91
AG		 4118}
4119
6039aa73 4120static void hci_le_ltk_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
a7a595f6
VCG		 4121{
4122 struct hci_ev_le_ltk_req *ev = (void *) skb->data;
4123 struct hci_cp_le_ltk_reply cp;
bea710fe 4124 struct hci_cp_le_ltk_neg_reply neg;
a7a595f6 4125 struct hci_conn *conn;
c9839a11 4126 struct smp_ltk *ltk;
a7a595f6 4127
9f1db00c 4128 BT_DBG("%s handle 0x%4.4x", hdev->name, __le16_to_cpu(ev->handle));
a7a595f6
VCG		 4129
4130 hci_dev_lock(hdev);
4131
4132 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
bea710fe
VCG		 4133 if (conn == NULL)
4134 goto not_found;
a7a595f6 4135
fe39c7b2 4136 ltk = hci_find_ltk(hdev, ev->ediv, ev->rand, conn->out);
bea710fe
VCG		 4137 if (ltk == NULL)
4138 goto not_found;
4139
4140 memcpy(cp.ltk, ltk->val, sizeof(ltk->val));
a7a595f6 4141 cp.handle = cpu_to_le16(conn->handle);
c9839a11
VCG		 4142
4143 if (ltk->authenticated)
f8776218
AG		 4144 conn->pending_sec_level = BT_SECURITY_HIGH;
4145 else
4146 conn->pending_sec_level = BT_SECURITY_MEDIUM;
a7a595f6 4147
89cbb4da 4148 conn->enc_key_size = ltk->enc_size;
a7a595f6
VCG		 4149
4150 hci_send_cmd(hdev, HCI_OP_LE_LTK_REPLY, sizeof(cp), &cp);
4151
5981a882
CT		 4152 /* Ref. Bluetooth Core SPEC pages 1975 and 2004. STK is a
4153 * temporary key used to encrypt a connection following
4154 * pairing. It is used during the Encrypted Session Setup to
4155 * distribute the keys. Later, security can be re-established
4156 * using a distributed LTK.
4157 */
4158 if (ltk->type == HCI_SMP_STK_SLAVE) {
c9839a11
VCG		 4159 list_del(&ltk->list);
4160 kfree(ltk);
4161 }
4162
a7a595f6 4163 hci_dev_unlock(hdev);
bea710fe
VCG		 4164
4165 return;
4166
4167not_found:
4168 neg.handle = ev->handle;
4169 hci_send_cmd(hdev, HCI_OP_LE_LTK_NEG_REPLY, sizeof(neg), &neg);
4170 hci_dev_unlock(hdev);
a7a595f6
VCG		 4171}
4172
6039aa73 4173static void hci_le_meta_evt(struct hci_dev *hdev, struct sk_buff *skb)
fcd89c09
VT		 4174{
4175 struct hci_ev_le_meta *le_ev = (void *) skb->data;
4176
4177 skb_pull(skb, sizeof(*le_ev));
4178
4179 switch (le_ev->subevent) {
4180 case HCI_EV_LE_CONN_COMPLETE:
4181 hci_le_conn_complete_evt(hdev, skb);
4182 break;
4183
9aa04c91
AG		 4184 case HCI_EV_LE_ADVERTISING_REPORT:
4185 hci_le_adv_report_evt(hdev, skb);
4186 break;
4187
a7a595f6
VCG		 4188 case HCI_EV_LE_LTK_REQ:
4189 hci_le_ltk_request_evt(hdev, skb);
4190 break;
4191
fcd89c09
VT		 4192 default:
4193 break;
4194 }
4195}
4196
9495b2ee
AE		 4197static void hci_chan_selected_evt(struct hci_dev *hdev, struct sk_buff *skb)
4198{
4199 struct hci_ev_channel_selected *ev = (void *) skb->data;
4200 struct hci_conn *hcon;
4201
4202 BT_DBG("%s handle 0x%2.2x", hdev->name, ev->phy_handle);
4203
4204 skb_pull(skb, sizeof(*ev));
4205
4206 hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
4207 if (!hcon)
4208 return;
4209
4210 amp_read_loc_assoc_final_data(hdev, hcon);
4211}
4212
a9de9248
MH		 4213void hci_event_packet(struct hci_dev *hdev, struct sk_buff *skb)
4214{
4215 struct hci_event_hdr *hdr = (void *) skb->data;
4216 __u8 event = hdr->evt;
4217
b6ddb638
JH		 4218 hci_dev_lock(hdev);
4219
4220 /* Received events are (currently) only needed when a request is
4221 * ongoing so avoid unnecessary memory allocation.
4222 */
4223 if (hdev->req_status == HCI_REQ_PEND) {
4224 kfree_skb(hdev->recv_evt);
4225 hdev->recv_evt = skb_clone(skb, GFP_KERNEL);
4226 }
4227
4228 hci_dev_unlock(hdev);
4229
a9de9248
MH		 4230 skb_pull(skb, HCI_EVENT_HDR_SIZE);
4231
02350a72 4232 if (hdev->sent_cmd && bt_cb(hdev->sent_cmd)->req.event == event) {
c1f23a2b
JB		 4233 struct hci_command_hdr *cmd_hdr = (void *) hdev->sent_cmd->data;
4234 u16 opcode = __le16_to_cpu(cmd_hdr->opcode);
02350a72
JH		 4235
4236 hci_req_cmd_complete(hdev, opcode, 0);
4237 }
4238
a9de9248 4239 switch (event) {
1da177e4
LT		 4240 case HCI_EV_INQUIRY_COMPLETE:
4241 hci_inquiry_complete_evt(hdev, skb);
4242 break;
4243
4244 case HCI_EV_INQUIRY_RESULT:
4245 hci_inquiry_result_evt(hdev, skb);
4246 break;
4247
a9de9248
MH		 4248 case HCI_EV_CONN_COMPLETE:
4249 hci_conn_complete_evt(hdev, skb);
21d9e30e
MH		 4250 break;
4251
1da177e4
LT		 4252 case HCI_EV_CONN_REQUEST:
4253 hci_conn_request_evt(hdev, skb);
4254 break;
4255
1da177e4
LT		 4256 case HCI_EV_DISCONN_COMPLETE:
4257 hci_disconn_complete_evt(hdev, skb);
4258 break;
4259
1da177e4
LT		 4260 case HCI_EV_AUTH_COMPLETE:
4261 hci_auth_complete_evt(hdev, skb);
4262 break;
4263
a9de9248
MH		 4264 case HCI_EV_REMOTE_NAME:
4265 hci_remote_name_evt(hdev, skb);
4266 break;
4267
1da177e4
LT		 4268 case HCI_EV_ENCRYPT_CHANGE:
4269 hci_encrypt_change_evt(hdev, skb);
4270 break;
4271
a9de9248
MH		 4272 case HCI_EV_CHANGE_LINK_KEY_COMPLETE:
4273 hci_change_link_key_complete_evt(hdev, skb);
4274 break;
4275
4276 case HCI_EV_REMOTE_FEATURES:
4277 hci_remote_features_evt(hdev, skb);
4278 break;
4279
a9de9248
MH		 4280 case HCI_EV_CMD_COMPLETE:
4281 hci_cmd_complete_evt(hdev, skb);
4282 break;
4283
4284 case HCI_EV_CMD_STATUS:
4285 hci_cmd_status_evt(hdev, skb);
4286 break;
4287
4288 case HCI_EV_ROLE_CHANGE:
4289 hci_role_change_evt(hdev, skb);
4290 break;
4291
4292 case HCI_EV_NUM_COMP_PKTS:
4293 hci_num_comp_pkts_evt(hdev, skb);
4294 break;
4295
4296 case HCI_EV_MODE_CHANGE:
4297 hci_mode_change_evt(hdev, skb);
1da177e4
LT		 4298 break;
4299
4300 case HCI_EV_PIN_CODE_REQ:
4301 hci_pin_code_request_evt(hdev, skb);
4302 break;
4303
4304 case HCI_EV_LINK_KEY_REQ:
4305 hci_link_key_request_evt(hdev, skb);
4306 break;
4307
4308 case HCI_EV_LINK_KEY_NOTIFY:
4309 hci_link_key_notify_evt(hdev, skb);
4310 break;
4311
4312 case HCI_EV_CLOCK_OFFSET:
4313 hci_clock_offset_evt(hdev, skb);
4314 break;
4315
a8746417
MH		 4316 case HCI_EV_PKT_TYPE_CHANGE:
4317 hci_pkt_type_change_evt(hdev, skb);
4318 break;
4319
85a1e930
MH		 4320 case HCI_EV_PSCAN_REP_MODE:
4321 hci_pscan_rep_mode_evt(hdev, skb);
4322 break;
4323
a9de9248
MH		 4324 case HCI_EV_INQUIRY_RESULT_WITH_RSSI:
4325 hci_inquiry_result_with_rssi_evt(hdev, skb);
04837f64
MH		 4326 break;
4327
a9de9248
MH		 4328 case HCI_EV_REMOTE_EXT_FEATURES:
4329 hci_remote_ext_features_evt(hdev, skb);
1da177e4
LT		 4330 break;
4331
a9de9248
MH		 4332 case HCI_EV_SYNC_CONN_COMPLETE:
4333 hci_sync_conn_complete_evt(hdev, skb);
4334 break;
1da177e4 4335
a9de9248
MH		 4336 case HCI_EV_EXTENDED_INQUIRY_RESULT:
4337 hci_extended_inquiry_result_evt(hdev, skb);
4338 break;
1da177e4 4339
1c2e0041
JH		 4340 case HCI_EV_KEY_REFRESH_COMPLETE:
4341 hci_key_refresh_complete_evt(hdev, skb);
4342 break;
4343
0493684e
MH		 4344 case HCI_EV_IO_CAPA_REQUEST:
4345 hci_io_capa_request_evt(hdev, skb);
4346 break;
4347
03b555e1
JH		 4348 case HCI_EV_IO_CAPA_REPLY:
4349 hci_io_capa_reply_evt(hdev, skb);
4350 break;
4351
a5c29683
JH		 4352 case HCI_EV_USER_CONFIRM_REQUEST:
4353 hci_user_confirm_request_evt(hdev, skb);
4354 break;
4355
1143d458
BG		 4356 case HCI_EV_USER_PASSKEY_REQUEST:
4357 hci_user_passkey_request_evt(hdev, skb);
4358 break;
4359
92a25256
JH		 4360 case HCI_EV_USER_PASSKEY_NOTIFY:
4361 hci_user_passkey_notify_evt(hdev, skb);
4362 break;
4363
4364 case HCI_EV_KEYPRESS_NOTIFY:
4365 hci_keypress_notify_evt(hdev, skb);
4366 break;
4367
0493684e
MH		 4368 case HCI_EV_SIMPLE_PAIR_COMPLETE:
4369 hci_simple_pair_complete_evt(hdev, skb);
4370 break;
4371
41a96212
MH		 4372 case HCI_EV_REMOTE_HOST_FEATURES:
4373 hci_remote_host_features_evt(hdev, skb);
4374 break;
4375
fcd89c09
VT		 4376 case HCI_EV_LE_META:
4377 hci_le_meta_evt(hdev, skb);
4378 break;
4379
9495b2ee
AE		 4380 case HCI_EV_CHANNEL_SELECTED:
4381 hci_chan_selected_evt(hdev, skb);
4382 break;
4383
2763eda6
SJ		 4384 case HCI_EV_REMOTE_OOB_DATA_REQUEST:
4385 hci_remote_oob_data_request_evt(hdev, skb);
4386 break;
4387
d5e91192
AE		 4388 case HCI_EV_PHY_LINK_COMPLETE:
4389 hci_phy_link_complete_evt(hdev, skb);
4390 break;
4391
27695fb4
AE		 4392 case HCI_EV_LOGICAL_LINK_COMPLETE:
4393 hci_loglink_complete_evt(hdev, skb);
4394 break;
4395
606e2a10
AE		 4396 case HCI_EV_DISCONN_LOGICAL_LINK_COMPLETE:
4397 hci_disconn_loglink_complete_evt(hdev, skb);
4398 break;
4399
9eef6b3a
AE		 4400 case HCI_EV_DISCONN_PHY_LINK_COMPLETE:
4401 hci_disconn_phylink_complete_evt(hdev, skb);
4402 break;
4403
25e89e99
AE		 4404 case HCI_EV_NUM_COMP_BLOCKS:
4405 hci_num_comp_blocks_evt(hdev, skb);
4406 break;
4407
a9de9248 4408 default:
9f1db00c 4409 BT_DBG("%s event 0x%2.2x", hdev->name, event);
1da177e4
LT		 4410 break;
4411 }
4412
4413 kfree_skb(skb);
4414 hdev->stat.evt_rx++;
4415}
Linux kernel - Deliverables
This page took 1.577535 seconds and 5 git commands to generate.