projects / deliverable / linux.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Bluetooth: Don't store debug keys if flag for them is not set
[deliverable/linux.git] / net / bluetooth / hci_event.c
CommitLineData
8e87d142 1/*
1da177e4 2 BlueZ - Bluetooth protocol stack for Linux
2d0a0346 3 Copyright (c) 2000-2001, 2010, Code Aurora Forum. All rights reserved.
1da177e4
LT		 4
5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
8e87d142
YH		 15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
1da177e4
LT		 18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
8e87d142
YH		 20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
1da177e4
LT		 22 SOFTWARE IS DISCLAIMED.
23*/
24
25/* Bluetooth HCI event handling. */
26
1da177e4
LT		 27#include <asm/unaligned.h>
28
29#include <net/bluetooth/bluetooth.h>
30#include <net/bluetooth/hci_core.h>
f0d6a0ea 31#include <net/bluetooth/mgmt.h>
7ef9fbf0 32
7024728e 33#include "a2mp.h"
7ef9fbf0 34#include "amp.h"
2ceba539 35#include "smp.h"
1da177e4 36
1da177e4
LT		 37/* Handle HCI Event packets */
38
a9de9248 39static void hci_cc_inquiry_cancel(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 40{
a9de9248 41 __u8 status = *((__u8 *) skb->data);
1da177e4 42
9f1db00c 43 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1da177e4 44
82f4785c 45 if (status)
a9de9248 46 return;
1da177e4 47
89352e7d 48 clear_bit(HCI_INQUIRY, &hdev->flags);
4e857c58 49 smp_mb__after_atomic(); /* wake_up_bit advises about this barrier */
3e13fa1e 50 wake_up_bit(&hdev->flags, HCI_INQUIRY);
89352e7d 51
50143a43
JH		 52 hci_dev_lock(hdev);
53 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
54 hci_dev_unlock(hdev);
55
a9de9248
MH		 56 hci_conn_check_pending(hdev);
57}
6bd57416 58
4d93483b
AG		 59static void hci_cc_periodic_inq(struct hci_dev *hdev, struct sk_buff *skb)
60{
61 __u8 status = *((__u8 *) skb->data);
62
9f1db00c 63 BT_DBG("%s status 0x%2.2x", hdev->name, status);
ae854a70
AG		 64
65 if (status)
66 return;
67
68 set_bit(HCI_PERIODIC_INQ, &hdev->dev_flags);
4d93483b
AG		 69}
70
a9de9248
MH		 71static void hci_cc_exit_periodic_inq(struct hci_dev *hdev, struct sk_buff *skb)
72{
73 __u8 status = *((__u8 *) skb->data);
6bd57416 74
9f1db00c 75 BT_DBG("%s status 0x%2.2x", hdev->name, status);
6bd57416 76
a9de9248
MH		 77 if (status)
78 return;
1da177e4 79
ae854a70
AG		 80 clear_bit(HCI_PERIODIC_INQ, &hdev->dev_flags);
81
a9de9248
MH		 82 hci_conn_check_pending(hdev);
83}
84
807deac2
GP		 85static void hci_cc_remote_name_req_cancel(struct hci_dev *hdev,
86 struct sk_buff *skb)
a9de9248
MH		 87{
88 BT_DBG("%s", hdev->name);
89}
90
91static void hci_cc_role_discovery(struct hci_dev *hdev, struct sk_buff *skb)
92{
93 struct hci_rp_role_discovery *rp = (void *) skb->data;
94 struct hci_conn *conn;
95
9f1db00c 96 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
a9de9248
MH		 97
98 if (rp->status)
99 return;
100
101 hci_dev_lock(hdev);
102
103 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
104 if (conn) {
105 if (rp->role)
106 conn->link_mode &= ~HCI_LM_MASTER;
107 else
108 conn->link_mode |= HCI_LM_MASTER;
1da177e4 109 }
a9de9248
MH		 110
111 hci_dev_unlock(hdev);
1da177e4
LT		 112}
113
e4e8e37c
MH		 114static void hci_cc_read_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
115{
116 struct hci_rp_read_link_policy *rp = (void *) skb->data;
117 struct hci_conn *conn;
118
9f1db00c 119 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
e4e8e37c
MH		 120
121 if (rp->status)
122 return;
123
124 hci_dev_lock(hdev);
125
126 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
127 if (conn)
128 conn->link_policy = __le16_to_cpu(rp->policy);
129
130 hci_dev_unlock(hdev);
131}
132
a9de9248 133static void hci_cc_write_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 134{
a9de9248 135 struct hci_rp_write_link_policy *rp = (void *) skb->data;
1da177e4 136 struct hci_conn *conn;
04837f64 137 void *sent;
1da177e4 138
9f1db00c 139 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1da177e4 140
a9de9248
MH		 141 if (rp->status)
142 return;
1da177e4 143
a9de9248
MH		 144 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LINK_POLICY);
145 if (!sent)
146 return;
1da177e4 147
a9de9248 148 hci_dev_lock(hdev);
1da177e4 149
a9de9248 150 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
e4e8e37c 151 if (conn)
83985319 152 conn->link_policy = get_unaligned_le16(sent + 2);
1da177e4 153
a9de9248
MH		 154 hci_dev_unlock(hdev);
155}
1da177e4 156
807deac2
GP		 157static void hci_cc_read_def_link_policy(struct hci_dev *hdev,
158 struct sk_buff *skb)
e4e8e37c
MH		 159{
160 struct hci_rp_read_def_link_policy *rp = (void *) skb->data;
161
9f1db00c 162 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
e4e8e37c
MH		 163
164 if (rp->status)
165 return;
166
167 hdev->link_policy = __le16_to_cpu(rp->policy);
168}
169
807deac2
GP		 170static void hci_cc_write_def_link_policy(struct hci_dev *hdev,
171 struct sk_buff *skb)
e4e8e37c
MH		 172{
173 __u8 status = *((__u8 *) skb->data);
174 void *sent;
175
9f1db00c 176 BT_DBG("%s status 0x%2.2x", hdev->name, status);
e4e8e37c
MH		 177
178 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_DEF_LINK_POLICY);
179 if (!sent)
180 return;
181
182 if (!status)
183 hdev->link_policy = get_unaligned_le16(sent);
e4e8e37c
MH		 184}
185
a9de9248
MH		 186static void hci_cc_reset(struct hci_dev *hdev, struct sk_buff *skb)
187{
188 __u8 status = *((__u8 *) skb->data);
04837f64 189
9f1db00c 190 BT_DBG("%s status 0x%2.2x", hdev->name, status);
04837f64 191
10572132
GP		 192 clear_bit(HCI_RESET, &hdev->flags);
193
a297e97c 194 /* Reset all non-persistent flags */
2cc6fb00 195 hdev->dev_flags &= ~HCI_PERSISTENT_MASK;
69775ff6
AG		 196
197 hdev->discovery.state = DISCOVERY_STOPPED;
bbaf444a
JH		 198 hdev->inq_tx_power = HCI_TX_POWER_INVALID;
199 hdev->adv_tx_power = HCI_TX_POWER_INVALID;
3f0f524b
JH		 200
201 memset(hdev->adv_data, 0, sizeof(hdev->adv_data));
202 hdev->adv_data_len = 0;
f8e808bd
MH		 203
204 memset(hdev->scan_rsp_data, 0, sizeof(hdev->scan_rsp_data));
205 hdev->scan_rsp_data_len = 0;
06f5b778 206
533553f8
MH		 207 hdev->le_scan_type = LE_SCAN_PASSIVE;
208
06f5b778 209 hdev->ssp_debug_mode = 0;
a9de9248 210}
04837f64 211
a9de9248
MH		 212static void hci_cc_write_local_name(struct hci_dev *hdev, struct sk_buff *skb)
213{
214 __u8 status = *((__u8 *) skb->data);
215 void *sent;
04837f64 216
9f1db00c 217 BT_DBG("%s status 0x%2.2x", hdev->name, status);
04837f64 218
a9de9248
MH		 219 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LOCAL_NAME);
220 if (!sent)
221 return;
04837f64 222
56e5cb86
JH		 223 hci_dev_lock(hdev);
224
f51d5b24
JH		 225 if (test_bit(HCI_MGMT, &hdev->dev_flags))
226 mgmt_set_local_name_complete(hdev, sent, status);
28cc7bde
JH		 227 else if (!status)
228 memcpy(hdev->dev_name, sent, HCI_MAX_NAME_LENGTH);
f51d5b24 229
56e5cb86 230 hci_dev_unlock(hdev);
a9de9248
MH		 231}
232
233static void hci_cc_read_local_name(struct hci_dev *hdev, struct sk_buff *skb)
234{
235 struct hci_rp_read_local_name *rp = (void *) skb->data;
236
9f1db00c 237 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
a9de9248
MH		 238
239 if (rp->status)
240 return;
241
db99b5fc
JH		 242 if (test_bit(HCI_SETUP, &hdev->dev_flags))
243 memcpy(hdev->dev_name, rp->name, HCI_MAX_NAME_LENGTH);
a9de9248
MH		 244}
245
246static void hci_cc_write_auth_enable(struct hci_dev *hdev, struct sk_buff *skb)
247{
248 __u8 status = *((__u8 *) skb->data);
249 void *sent;
250
9f1db00c 251 BT_DBG("%s status 0x%2.2x", hdev->name, status);
a9de9248
MH		 252
253 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_AUTH_ENABLE);
254 if (!sent)
255 return;
256
257 if (!status) {
258 __u8 param = *((__u8 *) sent);
259
260 if (param == AUTH_ENABLED)
261 set_bit(HCI_AUTH, &hdev->flags);
262 else
263 clear_bit(HCI_AUTH, &hdev->flags);
1da177e4 264 }
a9de9248 265
33ef95ed
JH		 266 if (test_bit(HCI_MGMT, &hdev->dev_flags))
267 mgmt_auth_enable_complete(hdev, status);
1da177e4
LT		 268}
269
a9de9248 270static void hci_cc_write_encrypt_mode(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 271{
a9de9248 272 __u8 status = *((__u8 *) skb->data);
1da177e4
LT		 273 void *sent;
274
9f1db00c 275 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1da177e4 276
a9de9248
MH		 277 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_ENCRYPT_MODE);
278 if (!sent)
279 return;
1da177e4 280
a9de9248
MH		 281 if (!status) {
282 __u8 param = *((__u8 *) sent);
283
284 if (param)
285 set_bit(HCI_ENCRYPT, &hdev->flags);
286 else
287 clear_bit(HCI_ENCRYPT, &hdev->flags);
288 }
a9de9248 289}
1da177e4 290
a9de9248
MH		 291static void hci_cc_write_scan_enable(struct hci_dev *hdev, struct sk_buff *skb)
292{
36f7fc7e
JH		 293 __u8 param, status = *((__u8 *) skb->data);
294 int old_pscan, old_iscan;
a9de9248 295 void *sent;
1da177e4 296
9f1db00c 297 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1da177e4 298
a9de9248
MH		 299 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SCAN_ENABLE);
300 if (!sent)
301 return;
1da177e4 302
36f7fc7e
JH		 303 param = *((__u8 *) sent);
304
56e5cb86
JH		 305 hci_dev_lock(hdev);
306
fa1bd918 307 if (status) {
744cf19e 308 mgmt_write_scan_failed(hdev, param, status);
2d7cee58
JH		 309 hdev->discov_timeout = 0;
310 goto done;
311 }
312
0663ca2a
JH		 313 /* We need to ensure that we set this back on if someone changed
314 * the scan mode through a raw HCI socket.
315 */
316 set_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
317
36f7fc7e
JH		 318 old_pscan = test_and_clear_bit(HCI_PSCAN, &hdev->flags);
319 old_iscan = test_and_clear_bit(HCI_ISCAN, &hdev->flags);
320
321 if (param & SCAN_INQUIRY) {
322 set_bit(HCI_ISCAN, &hdev->flags);
323 if (!old_iscan)
744cf19e 324 mgmt_discoverable(hdev, 1);
36f7fc7e 325 } else if (old_iscan)
744cf19e 326 mgmt_discoverable(hdev, 0);
36f7fc7e
JH		 327
328 if (param & SCAN_PAGE) {
329 set_bit(HCI_PSCAN, &hdev->flags);
330 if (!old_pscan)
744cf19e 331 mgmt_connectable(hdev, 1);
36f7fc7e 332 } else if (old_pscan)
744cf19e 333 mgmt_connectable(hdev, 0);
1da177e4 334
36f7fc7e 335done:
56e5cb86 336 hci_dev_unlock(hdev);
a9de9248 337}
1da177e4 338
a9de9248
MH		 339static void hci_cc_read_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
340{
341 struct hci_rp_read_class_of_dev *rp = (void *) skb->data;
1da177e4 342
9f1db00c 343 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1da177e4 344
a9de9248
MH		 345 if (rp->status)
346 return;
1da177e4 347
a9de9248 348 memcpy(hdev->dev_class, rp->dev_class, 3);
1da177e4 349
a9de9248 350 BT_DBG("%s class 0x%.2x%.2x%.2x", hdev->name,
807deac2 351 hdev->dev_class[2], hdev->dev_class[1], hdev->dev_class[0]);
a9de9248 352}
1da177e4 353
a9de9248
MH		 354static void hci_cc_write_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
355{
356 __u8 status = *((__u8 *) skb->data);
357 void *sent;
1da177e4 358
9f1db00c 359 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1da177e4 360
a9de9248
MH		 361 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_CLASS_OF_DEV);
362 if (!sent)
363 return;
1da177e4 364
7f9a903c
MH		 365 hci_dev_lock(hdev);
366
367 if (status == 0)
368 memcpy(hdev->dev_class, sent, 3);
369
370 if (test_bit(HCI_MGMT, &hdev->dev_flags))
371 mgmt_set_class_of_dev_complete(hdev, sent, status);
372
373 hci_dev_unlock(hdev);
a9de9248 374}
1da177e4 375
a9de9248
MH		 376static void hci_cc_read_voice_setting(struct hci_dev *hdev, struct sk_buff *skb)
377{
378 struct hci_rp_read_voice_setting *rp = (void *) skb->data;
379 __u16 setting;
380
9f1db00c 381 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
a9de9248
MH		 382
383 if (rp->status)
384 return;
385
386 setting = __le16_to_cpu(rp->voice_setting);
387
f383f275 388 if (hdev->voice_setting == setting)
a9de9248
MH		 389 return;
390
391 hdev->voice_setting = setting;
392
9f1db00c 393 BT_DBG("%s voice setting 0x%4.4x", hdev->name, setting);
a9de9248 394
3c54711c 395 if (hdev->notify)
a9de9248 396 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
a9de9248
MH		 397}
398
8fc9ced3
GP		 399static void hci_cc_write_voice_setting(struct hci_dev *hdev,
400 struct sk_buff *skb)
a9de9248
MH		 401{
402 __u8 status = *((__u8 *) skb->data);
f383f275 403 __u16 setting;
a9de9248
MH		 404 void *sent;
405
9f1db00c 406 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1da177e4 407
f383f275
MH		 408 if (status)
409 return;
410
a9de9248
MH		 411 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_VOICE_SETTING);
412 if (!sent)
413 return;
1da177e4 414
f383f275 415 setting = get_unaligned_le16(sent);
1da177e4 416
f383f275
MH		 417 if (hdev->voice_setting == setting)
418 return;
419
420 hdev->voice_setting = setting;
1da177e4 421
9f1db00c 422 BT_DBG("%s voice setting 0x%4.4x", hdev->name, setting);
1da177e4 423
3c54711c 424 if (hdev->notify)
f383f275 425 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
1da177e4
LT		 426}
427
b4cb9fb2
MH		 428static void hci_cc_read_num_supported_iac(struct hci_dev *hdev,
429 struct sk_buff *skb)
430{
431 struct hci_rp_read_num_supported_iac *rp = (void *) skb->data;
432
433 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
434
435 if (rp->status)
436 return;
437
438 hdev->num_iac = rp->num_iac;
439
440 BT_DBG("%s num iac %d", hdev->name, hdev->num_iac);
441}
442
333140b5
MH		 443static void hci_cc_write_ssp_mode(struct hci_dev *hdev, struct sk_buff *skb)
444{
445 __u8 status = *((__u8 *) skb->data);
5ed8eb2f 446 struct hci_cp_write_ssp_mode *sent;
333140b5 447
9f1db00c 448 BT_DBG("%s status 0x%2.2x", hdev->name, status);
333140b5 449
333140b5
MH		 450 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SSP_MODE);
451 if (!sent)
452 return;
453
5ed8eb2f
JH		 454 if (!status) {
455 if (sent->mode)
cad718ed 456 hdev->features[1][0] |= LMP_HOST_SSP;
5ed8eb2f 457 else
cad718ed 458 hdev->features[1][0] &= ~LMP_HOST_SSP;
5ed8eb2f
JH		 459 }
460
ed2c4ee3 461 if (test_bit(HCI_MGMT, &hdev->dev_flags))
5ed8eb2f 462 mgmt_ssp_enable_complete(hdev, sent->mode, status);
c0ecddc2 463 else if (!status) {
5ed8eb2f 464 if (sent->mode)
c0ecddc2
JH		 465 set_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
466 else
467 clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
468 }
333140b5
MH		 469}
470
eac83dc6
MH		 471static void hci_cc_write_sc_support(struct hci_dev *hdev, struct sk_buff *skb)
472{
473 u8 status = *((u8 *) skb->data);
474 struct hci_cp_write_sc_support *sent;
475
476 BT_DBG("%s status 0x%2.2x", hdev->name, status);
477
478 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SC_SUPPORT);
479 if (!sent)
480 return;
481
482 if (!status) {
483 if (sent->support)
484 hdev->features[1][0] |= LMP_HOST_SC;
485 else
486 hdev->features[1][0] &= ~LMP_HOST_SC;
487 }
488
489 if (test_bit(HCI_MGMT, &hdev->dev_flags))
490 mgmt_sc_enable_complete(hdev, sent->support, status);
491 else if (!status) {
492 if (sent->support)
493 set_bit(HCI_SC_ENABLED, &hdev->dev_flags);
494 else
495 clear_bit(HCI_SC_ENABLED, &hdev->dev_flags);
496 }
497}
498
a9de9248
MH		 499static void hci_cc_read_local_version(struct hci_dev *hdev, struct sk_buff *skb)
500{
501 struct hci_rp_read_local_version *rp = (void *) skb->data;
1143e5a6 502
9f1db00c 503 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1143e5a6 504
a9de9248 505 if (rp->status)
42c6b129 506 return;
1143e5a6 507
0d5551f5
MH		 508 if (test_bit(HCI_SETUP, &hdev->dev_flags)) {
509 hdev->hci_ver = rp->hci_ver;
510 hdev->hci_rev = __le16_to_cpu(rp->hci_rev);
511 hdev->lmp_ver = rp->lmp_ver;
512 hdev->manufacturer = __le16_to_cpu(rp->manufacturer);
513 hdev->lmp_subver = __le16_to_cpu(rp->lmp_subver);
514 }
d5859e22
JH		 515}
516
8fc9ced3
GP		 517static void hci_cc_read_local_commands(struct hci_dev *hdev,
518 struct sk_buff *skb)
a9de9248
MH		 519{
520 struct hci_rp_read_local_commands *rp = (void *) skb->data;
1da177e4 521
9f1db00c 522 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1da177e4 523
6a070e6e
MH		 524 if (rp->status)
525 return;
526
527 if (test_bit(HCI_SETUP, &hdev->dev_flags))
2177bab5 528 memcpy(hdev->commands, rp->commands, sizeof(hdev->commands));
a9de9248 529}
1da177e4 530
8fc9ced3
GP		 531static void hci_cc_read_local_features(struct hci_dev *hdev,
532 struct sk_buff *skb)
a9de9248
MH		 533{
534 struct hci_rp_read_local_features *rp = (void *) skb->data;
5b7f9909 535
9f1db00c 536 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1da177e4 537
a9de9248
MH		 538 if (rp->status)
539 return;
5b7f9909 540
a9de9248 541 memcpy(hdev->features, rp->features, 8);
5b7f9909 542
a9de9248
MH		 543 /* Adjust default settings according to features
544 * supported by device. */
1da177e4 545
cad718ed 546 if (hdev->features[0][0] & LMP_3SLOT)
a9de9248 547 hdev->pkt_type |= (HCI_DM3 | HCI_DH3);
1da177e4 548
cad718ed 549 if (hdev->features[0][0] & LMP_5SLOT)
a9de9248 550 hdev->pkt_type |= (HCI_DM5 | HCI_DH5);
1da177e4 551
cad718ed 552 if (hdev->features[0][1] & LMP_HV2) {
a9de9248
MH		 553 hdev->pkt_type |= (HCI_HV2);
554 hdev->esco_type |= (ESCO_HV2);
555 }
1da177e4 556
cad718ed 557 if (hdev->features[0][1] & LMP_HV3) {
a9de9248
MH		 558 hdev->pkt_type |= (HCI_HV3);
559 hdev->esco_type |= (ESCO_HV3);
560 }
1da177e4 561
45db810f 562 if (lmp_esco_capable(hdev))
a9de9248 563 hdev->esco_type |= (ESCO_EV3);
da1f5198 564
cad718ed 565 if (hdev->features[0][4] & LMP_EV4)
a9de9248 566 hdev->esco_type |= (ESCO_EV4);
da1f5198 567
cad718ed 568 if (hdev->features[0][4] & LMP_EV5)
a9de9248 569 hdev->esco_type |= (ESCO_EV5);
1da177e4 570
cad718ed 571 if (hdev->features[0][5] & LMP_EDR_ESCO_2M)
efc7688b
MH		 572 hdev->esco_type |= (ESCO_2EV3);
573
cad718ed 574 if (hdev->features[0][5] & LMP_EDR_ESCO_3M)
efc7688b
MH		 575 hdev->esco_type |= (ESCO_3EV3);
576
cad718ed 577 if (hdev->features[0][5] & LMP_EDR_3S_ESCO)
efc7688b 578 hdev->esco_type |= (ESCO_2EV5 | ESCO_3EV5);
a9de9248 579}
1da177e4 580
971e3a4b 581static void hci_cc_read_local_ext_features(struct hci_dev *hdev,
807deac2 582 struct sk_buff *skb)
971e3a4b
AG		 583{
584 struct hci_rp_read_local_ext_features *rp = (void *) skb->data;
585
9f1db00c 586 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
971e3a4b
AG		 587
588 if (rp->status)
42c6b129 589 return;
971e3a4b 590
57af75a8
MH		 591 if (hdev->max_page < rp->max_page)
592 hdev->max_page = rp->max_page;
d2c5d77f 593
cad718ed
JH		 594 if (rp->page < HCI_MAX_PAGES)
595 memcpy(hdev->features[rp->page], rp->features, 8);
971e3a4b
AG		 596}
597
1e89cffb 598static void hci_cc_read_flow_control_mode(struct hci_dev *hdev,
807deac2 599 struct sk_buff *skb)
1e89cffb
AE		 600{
601 struct hci_rp_read_flow_control_mode *rp = (void *) skb->data;
602
9f1db00c 603 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1e89cffb 604
42c6b129
JH		 605 if (!rp->status)
606 hdev->flow_ctl_mode = rp->mode;
1e89cffb
AE		 607}
608
a9de9248
MH		 609static void hci_cc_read_buffer_size(struct hci_dev *hdev, struct sk_buff *skb)
610{
611 struct hci_rp_read_buffer_size *rp = (void *) skb->data;
1da177e4 612
9f1db00c 613 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1da177e4 614
a9de9248
MH		 615 if (rp->status)
616 return;
1da177e4 617
a9de9248
MH		 618 hdev->acl_mtu = __le16_to_cpu(rp->acl_mtu);
619 hdev->sco_mtu = rp->sco_mtu;
620 hdev->acl_pkts = __le16_to_cpu(rp->acl_max_pkt);
621 hdev->sco_pkts = __le16_to_cpu(rp->sco_max_pkt);
622
623 if (test_bit(HCI_QUIRK_FIXUP_BUFFER_SIZE, &hdev->quirks)) {
624 hdev->sco_mtu = 64;
625 hdev->sco_pkts = 8;
1da177e4 626 }
a9de9248
MH		 627
628 hdev->acl_cnt = hdev->acl_pkts;
629 hdev->sco_cnt = hdev->sco_pkts;
630
807deac2
GP		 631 BT_DBG("%s acl mtu %d:%d sco mtu %d:%d", hdev->name, hdev->acl_mtu,
632 hdev->acl_pkts, hdev->sco_mtu, hdev->sco_pkts);
a9de9248
MH		 633}
634
635static void hci_cc_read_bd_addr(struct hci_dev *hdev, struct sk_buff *skb)
636{
637 struct hci_rp_read_bd_addr *rp = (void *) skb->data;
638
9f1db00c 639 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
a9de9248
MH		 640
641 if (!rp->status)
642 bacpy(&hdev->bdaddr, &rp->bdaddr);
23bb5763
JH		 643}
644
f332ec66
JH		 645static void hci_cc_read_page_scan_activity(struct hci_dev *hdev,
646 struct sk_buff *skb)
647{
648 struct hci_rp_read_page_scan_activity *rp = (void *) skb->data;
649
650 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
651
652 if (test_bit(HCI_INIT, &hdev->flags) && !rp->status) {
653 hdev->page_scan_interval = __le16_to_cpu(rp->interval);
654 hdev->page_scan_window = __le16_to_cpu(rp->window);
655 }
656}
657
4a3ee763
JH		 658static void hci_cc_write_page_scan_activity(struct hci_dev *hdev,
659 struct sk_buff *skb)
660{
661 u8 status = *((u8 *) skb->data);
662 struct hci_cp_write_page_scan_activity *sent;
663
664 BT_DBG("%s status 0x%2.2x", hdev->name, status);
665
666 if (status)
667 return;
668
669 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY);
670 if (!sent)
671 return;
672
673 hdev->page_scan_interval = __le16_to_cpu(sent->interval);
674 hdev->page_scan_window = __le16_to_cpu(sent->window);
675}
676
f332ec66
JH		 677static void hci_cc_read_page_scan_type(struct hci_dev *hdev,
678 struct sk_buff *skb)
679{
680 struct hci_rp_read_page_scan_type *rp = (void *) skb->data;
681
682 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
683
684 if (test_bit(HCI_INIT, &hdev->flags) && !rp->status)
685 hdev->page_scan_type = rp->type;
686}
687
4a3ee763
JH		 688static void hci_cc_write_page_scan_type(struct hci_dev *hdev,
689 struct sk_buff *skb)
690{
691 u8 status = *((u8 *) skb->data);
692 u8 *type;
693
694 BT_DBG("%s status 0x%2.2x", hdev->name, status);
695
696 if (status)
697 return;
698
699 type = hci_sent_cmd_data(hdev, HCI_OP_WRITE_PAGE_SCAN_TYPE);
700 if (type)
701 hdev->page_scan_type = *type;
702}
703
350ee4cf 704static void hci_cc_read_data_block_size(struct hci_dev *hdev,
807deac2 705 struct sk_buff *skb)
350ee4cf
AE		 706{
707 struct hci_rp_read_data_block_size *rp = (void *) skb->data;
708
9f1db00c 709 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
350ee4cf
AE		 710
711 if (rp->status)
712 return;
713
714 hdev->block_mtu = __le16_to_cpu(rp->max_acl_len);
715 hdev->block_len = __le16_to_cpu(rp->block_len);
716 hdev->num_blocks = __le16_to_cpu(rp->num_blocks);
717
718 hdev->block_cnt = hdev->num_blocks;
719
720 BT_DBG("%s blk mtu %d cnt %d len %d", hdev->name, hdev->block_mtu,
807deac2 721 hdev->block_cnt, hdev->block_len);
350ee4cf
AE		 722}
723
928abaa7 724static void hci_cc_read_local_amp_info(struct hci_dev *hdev,
807deac2 725 struct sk_buff *skb)
928abaa7
AE		 726{
727 struct hci_rp_read_local_amp_info *rp = (void *) skb->data;
728
9f1db00c 729 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
928abaa7
AE		 730
731 if (rp->status)
8e2a0d92 732 goto a2mp_rsp;
928abaa7
AE		 733
734 hdev->amp_status = rp->amp_status;
735 hdev->amp_total_bw = __le32_to_cpu(rp->total_bw);
736 hdev->amp_max_bw = __le32_to_cpu(rp->max_bw);
737 hdev->amp_min_latency = __le32_to_cpu(rp->min_latency);
738 hdev->amp_max_pdu = __le32_to_cpu(rp->max_pdu);
739 hdev->amp_type = rp->amp_type;
740 hdev->amp_pal_cap = __le16_to_cpu(rp->pal_cap);
741 hdev->amp_assoc_size = __le16_to_cpu(rp->max_assoc_size);
742 hdev->amp_be_flush_to = __le32_to_cpu(rp->be_flush_to);
743 hdev->amp_max_flush_to = __le32_to_cpu(rp->max_flush_to);
744
8e2a0d92
AE		 745a2mp_rsp:
746 a2mp_send_getinfo_rsp(hdev);
928abaa7
AE		 747}
748
903e4541
AE		 749static void hci_cc_read_local_amp_assoc(struct hci_dev *hdev,
750 struct sk_buff *skb)
751{
752 struct hci_rp_read_local_amp_assoc *rp = (void *) skb->data;
753 struct amp_assoc *assoc = &hdev->loc_assoc;
754 size_t rem_len, frag_len;
755
756 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
757
758 if (rp->status)
759 goto a2mp_rsp;
760
761 frag_len = skb->len - sizeof(*rp);
762 rem_len = __le16_to_cpu(rp->rem_len);
763
764 if (rem_len > frag_len) {
2e430be3 765 BT_DBG("frag_len %zu rem_len %zu", frag_len, rem_len);
903e4541
AE		 766
767 memcpy(assoc->data + assoc->offset, rp->frag, frag_len);
768 assoc->offset += frag_len;
769
770 /* Read other fragments */
771 amp_read_loc_assoc_frag(hdev, rp->phy_handle);
772
773 return;
774 }
775
776 memcpy(assoc->data + assoc->offset, rp->frag, rem_len);
777 assoc->len = assoc->offset + rem_len;
778 assoc->offset = 0;
779
780a2mp_rsp:
781 /* Send A2MP Rsp when all fragments are received */
782 a2mp_send_getampassoc_rsp(hdev, rp->status);
9495b2ee 783 a2mp_send_create_phy_link_req(hdev, rp->status);
903e4541
AE		 784}
785
d5859e22 786static void hci_cc_read_inq_rsp_tx_power(struct hci_dev *hdev,
807deac2 787 struct sk_buff *skb)
d5859e22 788{
91c4e9b1 789 struct hci_rp_read_inq_rsp_tx_power *rp = (void *) skb->data;
d5859e22 790
9f1db00c 791 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
91c4e9b1
MH		 792
793 if (!rp->status)
794 hdev->inq_tx_power = rp->tx_power;
d5859e22
JH		 795}
796
980e1a53
JH		 797static void hci_cc_pin_code_reply(struct hci_dev *hdev, struct sk_buff *skb)
798{
799 struct hci_rp_pin_code_reply *rp = (void *) skb->data;
800 struct hci_cp_pin_code_reply *cp;
801 struct hci_conn *conn;
802
9f1db00c 803 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
980e1a53 804
56e5cb86
JH		 805 hci_dev_lock(hdev);
806
a8b2d5c2 807 if (test_bit(HCI_MGMT, &hdev->dev_flags))
744cf19e 808 mgmt_pin_code_reply_complete(hdev, &rp->bdaddr, rp->status);
980e1a53 809
fa1bd918 810 if (rp->status)
56e5cb86 811 goto unlock;
980e1a53
JH		 812
813 cp = hci_sent_cmd_data(hdev, HCI_OP_PIN_CODE_REPLY);
814 if (!cp)
56e5cb86 815 goto unlock;
980e1a53
JH		 816
817 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
818 if (conn)
819 conn->pin_length = cp->pin_len;
56e5cb86
JH		 820
821unlock:
822 hci_dev_unlock(hdev);
980e1a53
JH		 823}
824
825static void hci_cc_pin_code_neg_reply(struct hci_dev *hdev, struct sk_buff *skb)
826{
827 struct hci_rp_pin_code_neg_reply *rp = (void *) skb->data;
828
9f1db00c 829 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
980e1a53 830
56e5cb86
JH		 831 hci_dev_lock(hdev);
832
a8b2d5c2 833 if (test_bit(HCI_MGMT, &hdev->dev_flags))
744cf19e 834 mgmt_pin_code_neg_reply_complete(hdev, &rp->bdaddr,
807deac2 835 rp->status);
56e5cb86
JH		 836
837 hci_dev_unlock(hdev);
980e1a53 838}
56e5cb86 839
6ed58ec5
VT		 840static void hci_cc_le_read_buffer_size(struct hci_dev *hdev,
841 struct sk_buff *skb)
842{
843 struct hci_rp_le_read_buffer_size *rp = (void *) skb->data;
844
9f1db00c 845 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
6ed58ec5
VT		 846
847 if (rp->status)
848 return;
849
850 hdev->le_mtu = __le16_to_cpu(rp->le_mtu);
851 hdev->le_pkts = rp->le_max_pkt;
852
853 hdev->le_cnt = hdev->le_pkts;
854
855 BT_DBG("%s le mtu %d:%d", hdev->name, hdev->le_mtu, hdev->le_pkts);
6ed58ec5 856}
980e1a53 857
60e77321
JH		 858static void hci_cc_le_read_local_features(struct hci_dev *hdev,
859 struct sk_buff *skb)
860{
861 struct hci_rp_le_read_local_features *rp = (void *) skb->data;
862
863 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
864
865 if (!rp->status)
866 memcpy(hdev->le_features, rp->features, 8);
60e77321
JH		 867}
868
8fa19098
JH		 869static void hci_cc_le_read_adv_tx_power(struct hci_dev *hdev,
870 struct sk_buff *skb)
871{
872 struct hci_rp_le_read_adv_tx_power *rp = (void *) skb->data;
873
874 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
875
04b4edcb 876 if (!rp->status)
8fa19098 877 hdev->adv_tx_power = rp->tx_power;
8fa19098
JH		 878}
879
a5c29683
JH		 880static void hci_cc_user_confirm_reply(struct hci_dev *hdev, struct sk_buff *skb)
881{
882 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
883
9f1db00c 884 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
a5c29683 885
56e5cb86
JH		 886 hci_dev_lock(hdev);
887
a8b2d5c2 888 if (test_bit(HCI_MGMT, &hdev->dev_flags))
04124681
GP		 889 mgmt_user_confirm_reply_complete(hdev, &rp->bdaddr, ACL_LINK, 0,
890 rp->status);
56e5cb86
JH		 891
892 hci_dev_unlock(hdev);
a5c29683
JH		 893}
894
895static void hci_cc_user_confirm_neg_reply(struct hci_dev *hdev,
807deac2 896 struct sk_buff *skb)
a5c29683
JH		 897{
898 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
899
9f1db00c 900 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
a5c29683 901
56e5cb86
JH		 902 hci_dev_lock(hdev);
903
a8b2d5c2 904 if (test_bit(HCI_MGMT, &hdev->dev_flags))
744cf19e 905 mgmt_user_confirm_neg_reply_complete(hdev, &rp->bdaddr,
04124681 906 ACL_LINK, 0, rp->status);
56e5cb86
JH		 907
908 hci_dev_unlock(hdev);
a5c29683
JH		 909}
910
1143d458
BG		 911static void hci_cc_user_passkey_reply(struct hci_dev *hdev, struct sk_buff *skb)
912{
913 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
914
9f1db00c 915 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1143d458
BG		 916
917 hci_dev_lock(hdev);
918
a8b2d5c2 919 if (test_bit(HCI_MGMT, &hdev->dev_flags))
272d90df 920 mgmt_user_passkey_reply_complete(hdev, &rp->bdaddr, ACL_LINK,
04124681 921 0, rp->status);
1143d458
BG		 922
923 hci_dev_unlock(hdev);
924}
925
926static void hci_cc_user_passkey_neg_reply(struct hci_dev *hdev,
807deac2 927 struct sk_buff *skb)
1143d458
BG		 928{
929 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
930
9f1db00c 931 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1143d458
BG		 932
933 hci_dev_lock(hdev);
934
a8b2d5c2 935 if (test_bit(HCI_MGMT, &hdev->dev_flags))
1143d458 936 mgmt_user_passkey_neg_reply_complete(hdev, &rp->bdaddr,
04124681 937 ACL_LINK, 0, rp->status);
1143d458
BG		 938
939 hci_dev_unlock(hdev);
940}
941
4d2d2796
MH		 942static void hci_cc_read_local_oob_data(struct hci_dev *hdev,
943 struct sk_buff *skb)
c35938b2
SJ		 944{
945 struct hci_rp_read_local_oob_data *rp = (void *) skb->data;
946
9f1db00c 947 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
c35938b2 948
56e5cb86 949 hci_dev_lock(hdev);
4d2d2796
MH		 950 mgmt_read_local_oob_data_complete(hdev, rp->hash, rp->randomizer,
951 NULL, NULL, rp->status);
952 hci_dev_unlock(hdev);
953}
954
955static void hci_cc_read_local_oob_ext_data(struct hci_dev *hdev,
956 struct sk_buff *skb)
957{
958 struct hci_rp_read_local_oob_ext_data *rp = (void *) skb->data;
959
960 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
961
962 hci_dev_lock(hdev);
963 mgmt_read_local_oob_data_complete(hdev, rp->hash192, rp->randomizer192,
964 rp->hash256, rp->randomizer256,
965 rp->status);
56e5cb86 966 hci_dev_unlock(hdev);
c35938b2
SJ		 967}
968
7a4cd51d
MH		 969
970static void hci_cc_le_set_random_addr(struct hci_dev *hdev, struct sk_buff *skb)
971{
972 __u8 status = *((__u8 *) skb->data);
973 bdaddr_t *sent;
974
975 BT_DBG("%s status 0x%2.2x", hdev->name, status);
976
977 sent = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_RANDOM_ADDR);
978 if (!sent)
979 return;
980
981 hci_dev_lock(hdev);
982
983 if (!status)
984 bacpy(&hdev->random_addr, sent);
985
986 hci_dev_unlock(hdev);
987}
988
c1d5dc4a
JH		 989static void hci_cc_le_set_adv_enable(struct hci_dev *hdev, struct sk_buff *skb)
990{
991 __u8 *sent, status = *((__u8 *) skb->data);
992
993 BT_DBG("%s status 0x%2.2x", hdev->name, status);
994
995 sent = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_ADV_ENABLE);
996 if (!sent)
997 return;
998
3c857757
JH		 999 if (status)
1000 return;
1001
c1d5dc4a
JH		 1002 hci_dev_lock(hdev);
1003
3c857757
JH		 1004 /* If we're doing connection initation as peripheral. Set a
1005 * timeout in case something goes wrong.
1006 */
1007 if (*sent) {
1008 struct hci_conn *conn;
1009
1010 conn = hci_conn_hash_lookup_state(hdev, LE_LINK, BT_CONNECT);
1011 if (conn)
1012 queue_delayed_work(hdev->workqueue,
1013 &conn->le_conn_timeout,
1014 HCI_LE_CONN_TIMEOUT);
1015 }
1016
1017 mgmt_advertising(hdev, *sent);
c1d5dc4a 1018
04b4edcb 1019 hci_dev_unlock(hdev);
c1d5dc4a
JH		 1020}
1021
533553f8
MH		 1022static void hci_cc_le_set_scan_param(struct hci_dev *hdev, struct sk_buff *skb)
1023{
1024 struct hci_cp_le_set_scan_param *cp;
1025 __u8 status = *((__u8 *) skb->data);
1026
1027 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1028
1029 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_SCAN_PARAM);
1030 if (!cp)
1031 return;
1032
1033 hci_dev_lock(hdev);
1034
1035 if (!status)
1036 hdev->le_scan_type = cp->type;
1037
1038 hci_dev_unlock(hdev);
1039}
1040
b9a6328f
JH		 1041static bool has_pending_adv_report(struct hci_dev *hdev)
1042{
1043 struct discovery_state *d = &hdev->discovery;
1044
1045 return bacmp(&d->last_adv_addr, BDADDR_ANY);
1046}
1047
1048static void clear_pending_adv_report(struct hci_dev *hdev)
1049{
1050 struct discovery_state *d = &hdev->discovery;
1051
1052 bacpy(&d->last_adv_addr, BDADDR_ANY);
1053 d->last_adv_data_len = 0;
1054}
1055
1056static void store_pending_adv_report(struct hci_dev *hdev, bdaddr_t *bdaddr,
ff5cd29f 1057 u8 bdaddr_type, s8 rssi, u8 *data, u8 len)
b9a6328f
JH		 1058{
1059 struct discovery_state *d = &hdev->discovery;
1060
1061 bacpy(&d->last_adv_addr, bdaddr);
1062 d->last_adv_addr_type = bdaddr_type;
ff5cd29f 1063 d->last_adv_rssi = rssi;
b9a6328f
JH		 1064 memcpy(d->last_adv_data, data, len);
1065 d->last_adv_data_len = len;
1066}
1067
eb9d91f5 1068static void hci_cc_le_set_scan_enable(struct hci_dev *hdev,
807deac2 1069 struct sk_buff *skb)
eb9d91f5
AG		 1070{
1071 struct hci_cp_le_set_scan_enable *cp;
1072 __u8 status = *((__u8 *) skb->data);
1073
9f1db00c 1074 BT_DBG("%s status 0x%2.2x", hdev->name, status);
eb9d91f5 1075
eb9d91f5
AG		 1076 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_SCAN_ENABLE);
1077 if (!cp)
1078 return;
1079
3fd319b8
AG		 1080 if (status)
1081 return;
1082
68a8aea4 1083 switch (cp->enable) {
76a388be 1084 case LE_SCAN_ENABLE:
d23264a8 1085 set_bit(HCI_LE_SCAN, &hdev->dev_flags);
b9a6328f
JH		 1086 if (hdev->le_scan_type == LE_SCAN_ACTIVE)
1087 clear_pending_adv_report(hdev);
68a8aea4
AE		 1088 break;
1089
76a388be 1090 case LE_SCAN_DISABLE:
b9a6328f
JH		 1091 /* We do this here instead of when setting DISCOVERY_STOPPED
1092 * since the latter would potentially require waiting for
1093 * inquiry to stop too.
1094 */
1095 if (has_pending_adv_report(hdev)) {
1096 struct discovery_state *d = &hdev->discovery;
1097
1098 mgmt_device_found(hdev, &d->last_adv_addr, LE_LINK,
ab0aa433
JH		 1099 d->last_adv_addr_type, NULL,
1100 d->last_adv_rssi, 0, 1,
1101 d->last_adv_data,
b9a6328f
JH		 1102 d->last_adv_data_len, NULL, 0);
1103 }
1104
317ac8cb
JH		 1105 /* Cancel this timer so that we don't try to disable scanning
1106 * when it's already disabled.
1107 */
1108 cancel_delayed_work(&hdev->le_scan_disable);
1109
d23264a8 1110 clear_bit(HCI_LE_SCAN, &hdev->dev_flags);
81ad6fd9
JH		 1111 /* The HCI_LE_SCAN_INTERRUPTED flag indicates that we
1112 * interrupted scanning due to a connect request. Mark
1113 * therefore discovery as stopped.
1114 */
1115 if (test_and_clear_bit(HCI_LE_SCAN_INTERRUPTED,
1116 &hdev->dev_flags))
1117 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
68a8aea4
AE		 1118 break;
1119
1120 default:
1121 BT_ERR("Used reserved LE_Scan_Enable param %d", cp->enable);
1122 break;
35815085 1123 }
eb9d91f5
AG		 1124}
1125
cf1d081f
JH		 1126static void hci_cc_le_read_white_list_size(struct hci_dev *hdev,
1127 struct sk_buff *skb)
1128{
1129 struct hci_rp_le_read_white_list_size *rp = (void *) skb->data;
1130
1131 BT_DBG("%s status 0x%2.2x size %u", hdev->name, rp->status, rp->size);
1132
1133 if (!rp->status)
1134 hdev->le_white_list_size = rp->size;
cf1d081f
JH		 1135}
1136
0f36b589
MH		 1137static void hci_cc_le_clear_white_list(struct hci_dev *hdev,
1138 struct sk_buff *skb)
1139{
1140 __u8 status = *((__u8 *) skb->data);
1141
1142 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1143
1144 if (!status)
1145 hci_white_list_clear(hdev);
1146}
1147
1148static void hci_cc_le_add_to_white_list(struct hci_dev *hdev,
1149 struct sk_buff *skb)
1150{
1151 struct hci_cp_le_add_to_white_list *sent;
1152 __u8 status = *((__u8 *) skb->data);
1153
1154 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1155
1156 sent = hci_sent_cmd_data(hdev, HCI_OP_LE_ADD_TO_WHITE_LIST);
1157 if (!sent)
1158 return;
1159
1160 if (!status)
1161 hci_white_list_add(hdev, &sent->bdaddr, sent->bdaddr_type);
1162}
1163
1164static void hci_cc_le_del_from_white_list(struct hci_dev *hdev,
1165 struct sk_buff *skb)
1166{
1167 struct hci_cp_le_del_from_white_list *sent;
1168 __u8 status = *((__u8 *) skb->data);
1169
1170 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1171
1172 sent = hci_sent_cmd_data(hdev, HCI_OP_LE_DEL_FROM_WHITE_LIST);
1173 if (!sent)
1174 return;
1175
1176 if (!status)
1177 hci_white_list_del(hdev, &sent->bdaddr, sent->bdaddr_type);
1178}
1179
9b008c04
JH		 1180static void hci_cc_le_read_supported_states(struct hci_dev *hdev,
1181 struct sk_buff *skb)
1182{
1183 struct hci_rp_le_read_supported_states *rp = (void *) skb->data;
1184
1185 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1186
1187 if (!rp->status)
1188 memcpy(hdev->le_states, rp->le_states, 8);
9b008c04
JH		 1189}
1190
6039aa73
GP		 1191static void hci_cc_write_le_host_supported(struct hci_dev *hdev,
1192 struct sk_buff *skb)
f9b49306 1193{
06199cf8 1194 struct hci_cp_write_le_host_supported *sent;
f9b49306
AG		 1195 __u8 status = *((__u8 *) skb->data);
1196
9f1db00c 1197 BT_DBG("%s status 0x%2.2x", hdev->name, status);
f9b49306 1198
06199cf8 1199 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED);
8f984dfa 1200 if (!sent)
f9b49306
AG		 1201 return;
1202
8f984dfa 1203 if (!status) {
416a4ae5 1204 if (sent->le) {
cad718ed 1205 hdev->features[1][0] |= LMP_HOST_LE;
416a4ae5
JH		 1206 set_bit(HCI_LE_ENABLED, &hdev->dev_flags);
1207 } else {
cad718ed 1208 hdev->features[1][0] &= ~LMP_HOST_LE;
416a4ae5 1209 clear_bit(HCI_LE_ENABLED, &hdev->dev_flags);
f3d3444a 1210 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
416a4ae5 1211 }
53b2caab
JH		 1212
1213 if (sent->simul)
cad718ed 1214 hdev->features[1][0] |= LMP_HOST_LE_BREDR;
53b2caab 1215 else
cad718ed 1216 hdev->features[1][0] &= ~LMP_HOST_LE_BREDR;
8f984dfa 1217 }
f9b49306
AG		 1218}
1219
56ed2cb8
JH		 1220static void hci_cc_set_adv_param(struct hci_dev *hdev, struct sk_buff *skb)
1221{
1222 struct hci_cp_le_set_adv_param *cp;
1223 u8 status = *((u8 *) skb->data);
1224
1225 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1226
1227 if (status)
1228 return;
1229
1230 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_ADV_PARAM);
1231 if (!cp)
1232 return;
1233
1234 hci_dev_lock(hdev);
1235 hdev->adv_addr_type = cp->own_address_type;
1236 hci_dev_unlock(hdev);
1237}
1238
93c284ee
AE		 1239static void hci_cc_write_remote_amp_assoc(struct hci_dev *hdev,
1240 struct sk_buff *skb)
1241{
1242 struct hci_rp_write_remote_amp_assoc *rp = (void *) skb->data;
1243
1244 BT_DBG("%s status 0x%2.2x phy_handle 0x%2.2x",
1245 hdev->name, rp->status, rp->phy_handle);
1246
1247 if (rp->status)
1248 return;
1249
1250 amp_write_rem_assoc_continue(hdev, rp->phy_handle);
1251}
1252
5ae76a94
AK		 1253static void hci_cc_read_rssi(struct hci_dev *hdev, struct sk_buff *skb)
1254{
1255 struct hci_rp_read_rssi *rp = (void *) skb->data;
1256 struct hci_conn *conn;
1257
1258 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1259
1260 if (rp->status)
1261 return;
1262
1263 hci_dev_lock(hdev);
1264
1265 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
1266 if (conn)
1267 conn->rssi = rp->rssi;
1268
1269 hci_dev_unlock(hdev);
1270}
1271
5a134fae
AK		 1272static void hci_cc_read_tx_power(struct hci_dev *hdev, struct sk_buff *skb)
1273{
1274 struct hci_cp_read_tx_power *sent;
1275 struct hci_rp_read_tx_power *rp = (void *) skb->data;
1276 struct hci_conn *conn;
1277
1278 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1279
1280 if (rp->status)
1281 return;
1282
1283 sent = hci_sent_cmd_data(hdev, HCI_OP_READ_TX_POWER);
1284 if (!sent)
1285 return;
1286
1287 hci_dev_lock(hdev);
1288
1289 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
d0455ed9
AK		 1290 if (!conn)
1291 goto unlock;
1292
1293 switch (sent->type) {
1294 case 0x00:
5a134fae 1295 conn->tx_power = rp->tx_power;
d0455ed9
AK		 1296 break;
1297 case 0x01:
1298 conn->max_tx_power = rp->tx_power;
1299 break;
1300 }
5a134fae 1301
d0455ed9 1302unlock:
5a134fae
AK		 1303 hci_dev_unlock(hdev);
1304}
1305
6039aa73 1306static void hci_cs_inquiry(struct hci_dev *hdev, __u8 status)
a9de9248 1307{
9f1db00c 1308 BT_DBG("%s status 0x%2.2x", hdev->name, status);
a9de9248
MH		 1309
1310 if (status) {
a9de9248 1311 hci_conn_check_pending(hdev);
314b2381
JH		 1312 return;
1313 }
1314
89352e7d 1315 set_bit(HCI_INQUIRY, &hdev->flags);
1da177e4
LT		 1316}
1317
6039aa73 1318static void hci_cs_create_conn(struct hci_dev *hdev, __u8 status)
1da177e4 1319{
a9de9248 1320 struct hci_cp_create_conn *cp;
1da177e4 1321 struct hci_conn *conn;
1da177e4 1322
9f1db00c 1323 BT_DBG("%s status 0x%2.2x", hdev->name, status);
a9de9248
MH		 1324
1325 cp = hci_sent_cmd_data(hdev, HCI_OP_CREATE_CONN);
1da177e4
LT		 1326 if (!cp)
1327 return;
1328
1329 hci_dev_lock(hdev);
1330
1331 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1332
6ed93dc6 1333 BT_DBG("%s bdaddr %pMR hcon %p", hdev->name, &cp->bdaddr, conn);
1da177e4
LT		 1334
1335 if (status) {
1336 if (conn && conn->state == BT_CONNECT) {
4c67bc74
MH		 1337 if (status != 0x0c || conn->attempt > 2) {
1338 conn->state = BT_CLOSED;
1339 hci_proto_connect_cfm(conn, status);
1340 hci_conn_del(conn);
1341 } else
1342 conn->state = BT_CONNECT2;
1da177e4
LT		 1343 }
1344 } else {
1345 if (!conn) {
1346 conn = hci_conn_add(hdev, ACL_LINK, &cp->bdaddr);
1347 if (conn) {
a0c808b3 1348 conn->out = true;
1da177e4
LT		 1349 conn->link_mode |= HCI_LM_MASTER;
1350 } else
893ef971 1351 BT_ERR("No memory for new connection");
1da177e4
LT		 1352 }
1353 }
1354
1355 hci_dev_unlock(hdev);
1356}
1357
a9de9248 1358static void hci_cs_add_sco(struct hci_dev *hdev, __u8 status)
1da177e4 1359{
a9de9248
MH		 1360 struct hci_cp_add_sco *cp;
1361 struct hci_conn *acl, *sco;
1362 __u16 handle;
1da177e4 1363
9f1db00c 1364 BT_DBG("%s status 0x%2.2x", hdev->name, status);
b6a0dc82 1365
a9de9248
MH		 1366 if (!status)
1367 return;
1da177e4 1368
a9de9248
MH		 1369 cp = hci_sent_cmd_data(hdev, HCI_OP_ADD_SCO);
1370 if (!cp)
1371 return;
1da177e4 1372
a9de9248 1373 handle = __le16_to_cpu(cp->handle);
1da177e4 1374
9f1db00c 1375 BT_DBG("%s handle 0x%4.4x", hdev->name, handle);
1da177e4 1376
a9de9248 1377 hci_dev_lock(hdev);
1da177e4 1378
a9de9248 1379 acl = hci_conn_hash_lookup_handle(hdev, handle);
5a08ecce
AE		 1380 if (acl) {
1381 sco = acl->link;
1382 if (sco) {
1383 sco->state = BT_CLOSED;
1da177e4 1384
5a08ecce
AE		 1385 hci_proto_connect_cfm(sco, status);
1386 hci_conn_del(sco);
1387 }
a9de9248 1388 }
1da177e4 1389
a9de9248
MH		 1390 hci_dev_unlock(hdev);
1391}
1da177e4 1392
f8558555
MH		 1393static void hci_cs_auth_requested(struct hci_dev *hdev, __u8 status)
1394{
1395 struct hci_cp_auth_requested *cp;
1396 struct hci_conn *conn;
1397
9f1db00c 1398 BT_DBG("%s status 0x%2.2x", hdev->name, status);
f8558555
MH		 1399
1400 if (!status)
1401 return;
1402
1403 cp = hci_sent_cmd_data(hdev, HCI_OP_AUTH_REQUESTED);
1404 if (!cp)
1405 return;
1406
1407 hci_dev_lock(hdev);
1408
1409 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1410 if (conn) {
1411 if (conn->state == BT_CONFIG) {
1412 hci_proto_connect_cfm(conn, status);
76a68ba0 1413 hci_conn_drop(conn);
f8558555
MH		 1414 }
1415 }
1416
1417 hci_dev_unlock(hdev);
1418}
1419
1420static void hci_cs_set_conn_encrypt(struct hci_dev *hdev, __u8 status)
1421{
1422 struct hci_cp_set_conn_encrypt *cp;
1423 struct hci_conn *conn;
1424
9f1db00c 1425 BT_DBG("%s status 0x%2.2x", hdev->name, status);
f8558555
MH		 1426
1427 if (!status)
1428 return;
1429
1430 cp = hci_sent_cmd_data(hdev, HCI_OP_SET_CONN_ENCRYPT);
1431 if (!cp)
1432 return;
1433
1434 hci_dev_lock(hdev);
1435
1436 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1437 if (conn) {
1438 if (conn->state == BT_CONFIG) {
1439 hci_proto_connect_cfm(conn, status);
76a68ba0 1440 hci_conn_drop(conn);
f8558555
MH		 1441 }
1442 }
1443
1444 hci_dev_unlock(hdev);
1445}
1446
127178d2 1447static int hci_outgoing_auth_needed(struct hci_dev *hdev,
807deac2 1448 struct hci_conn *conn)
392599b9 1449{
392599b9
JH		 1450 if (conn->state != BT_CONFIG || !conn->out)
1451 return 0;
1452
765c2a96 1453 if (conn->pending_sec_level == BT_SECURITY_SDP)
392599b9
JH		 1454 return 0;
1455
1456 /* Only request authentication for SSP connections or non-SSP
264b8b4e
JH		 1457 * devices with sec_level MEDIUM or HIGH or if MITM protection
1458 * is requested.
1459 */
807deac2 1460 if (!hci_conn_ssp_enabled(conn) && !(conn->auth_type & 0x01) &&
7e3691e1 1461 conn->pending_sec_level != BT_SECURITY_FIPS &&
264b8b4e
JH		 1462 conn->pending_sec_level != BT_SECURITY_HIGH &&
1463 conn->pending_sec_level != BT_SECURITY_MEDIUM)
392599b9
JH		 1464 return 0;
1465
392599b9
JH		 1466 return 1;
1467}
1468
6039aa73 1469static int hci_resolve_name(struct hci_dev *hdev,
04124681 1470 struct inquiry_entry *e)
30dc78e1
JH		 1471{
1472 struct hci_cp_remote_name_req cp;
1473
1474 memset(&cp, 0, sizeof(cp));
1475
1476 bacpy(&cp.bdaddr, &e->data.bdaddr);
1477 cp.pscan_rep_mode = e->data.pscan_rep_mode;
1478 cp.pscan_mode = e->data.pscan_mode;
1479 cp.clock_offset = e->data.clock_offset;
1480
1481 return hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
1482}
1483
b644ba33 1484static bool hci_resolve_next_name(struct hci_dev *hdev)
30dc78e1
JH		 1485{
1486 struct discovery_state *discov = &hdev->discovery;
1487 struct inquiry_entry *e;
1488
b644ba33
JH		 1489 if (list_empty(&discov->resolve))
1490 return false;
1491
1492 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_NEEDED);
c810089c
RM		 1493 if (!e)
1494 return false;
1495
b644ba33
JH		 1496 if (hci_resolve_name(hdev, e) == 0) {
1497 e->name_state = NAME_PENDING;
1498 return true;
1499 }
1500
1501 return false;
1502}
1503
1504static void hci_check_pending_name(struct hci_dev *hdev, struct hci_conn *conn,
04124681 1505 bdaddr_t *bdaddr, u8 *name, u8 name_len)
b644ba33
JH		 1506{
1507 struct discovery_state *discov = &hdev->discovery;
1508 struct inquiry_entry *e;
1509
1510 if (conn && !test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
04124681
GP		 1511 mgmt_device_connected(hdev, bdaddr, ACL_LINK, 0x00, 0, name,
1512 name_len, conn->dev_class);
b644ba33
JH		 1513
1514 if (discov->state == DISCOVERY_STOPPED)
1515 return;
1516
30dc78e1
JH		 1517 if (discov->state == DISCOVERY_STOPPING)
1518 goto discov_complete;
1519
1520 if (discov->state != DISCOVERY_RESOLVING)
1521 return;
1522
1523 e = hci_inquiry_cache_lookup_resolve(hdev, bdaddr, NAME_PENDING);
7cc8380e
RM		 1524 /* If the device was not found in a list of found devices names of which
1525 * are pending. there is no need to continue resolving a next name as it
1526 * will be done upon receiving another Remote Name Request Complete
1527 * Event */
1528 if (!e)
1529 return;
1530
1531 list_del(&e->list);
1532 if (name) {
30dc78e1 1533 e->name_state = NAME_KNOWN;
7cc8380e
RM		 1534 mgmt_remote_name(hdev, bdaddr, ACL_LINK, 0x00,
1535 e->data.rssi, name, name_len);
c3e7c0d9
RM		 1536 } else {
1537 e->name_state = NAME_NOT_KNOWN;
30dc78e1
JH		 1538 }
1539
b644ba33 1540 if (hci_resolve_next_name(hdev))
30dc78e1 1541 return;
30dc78e1
JH		 1542
1543discov_complete:
1544 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1545}
1546
a9de9248
MH		 1547static void hci_cs_remote_name_req(struct hci_dev *hdev, __u8 status)
1548{
127178d2
JH		 1549 struct hci_cp_remote_name_req *cp;
1550 struct hci_conn *conn;
1551
9f1db00c 1552 BT_DBG("%s status 0x%2.2x", hdev->name, status);
127178d2
JH		 1553
1554 /* If successful wait for the name req complete event before
1555 * checking for the need to do authentication */
1556 if (!status)
1557 return;
1558
1559 cp = hci_sent_cmd_data(hdev, HCI_OP_REMOTE_NAME_REQ);
1560 if (!cp)
1561 return;
1562
1563 hci_dev_lock(hdev);
1564
b644ba33
JH		 1565 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1566
a8b2d5c2 1567 if (test_bit(HCI_MGMT, &hdev->dev_flags))
b644ba33 1568 hci_check_pending_name(hdev, conn, &cp->bdaddr, NULL, 0);
30dc78e1 1569
79c6c70c
JH		 1570 if (!conn)
1571 goto unlock;
1572
1573 if (!hci_outgoing_auth_needed(hdev, conn))
1574 goto unlock;
1575
51a8efd7 1576 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
c1f23a2b
JB		 1577 struct hci_cp_auth_requested auth_cp;
1578
1579 auth_cp.handle = __cpu_to_le16(conn->handle);
1580 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED,
1581 sizeof(auth_cp), &auth_cp);
127178d2
JH		 1582 }
1583
79c6c70c 1584unlock:
127178d2 1585 hci_dev_unlock(hdev);
a9de9248 1586}
1da177e4 1587
769be974
MH		 1588static void hci_cs_read_remote_features(struct hci_dev *hdev, __u8 status)
1589{
1590 struct hci_cp_read_remote_features *cp;
1591 struct hci_conn *conn;
1592
9f1db00c 1593 BT_DBG("%s status 0x%2.2x", hdev->name, status);
769be974
MH		 1594
1595 if (!status)
1596 return;
1597
1598 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_FEATURES);
1599 if (!cp)
1600 return;
1601
1602 hci_dev_lock(hdev);
1603
1604 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1605 if (conn) {
1606 if (conn->state == BT_CONFIG) {
769be974 1607 hci_proto_connect_cfm(conn, status);
76a68ba0 1608 hci_conn_drop(conn);
769be974
MH		 1609 }
1610 }
1611
1612 hci_dev_unlock(hdev);
1613}
1614
1615static void hci_cs_read_remote_ext_features(struct hci_dev *hdev, __u8 status)
1616{
1617 struct hci_cp_read_remote_ext_features *cp;
1618 struct hci_conn *conn;
1619
9f1db00c 1620 BT_DBG("%s status 0x%2.2x", hdev->name, status);
769be974
MH		 1621
1622 if (!status)
1623 return;
1624
1625 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES);
1626 if (!cp)
1627 return;
1628
1629 hci_dev_lock(hdev);
1630
1631 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1632 if (conn) {
1633 if (conn->state == BT_CONFIG) {
769be974 1634 hci_proto_connect_cfm(conn, status);
76a68ba0 1635 hci_conn_drop(conn);
769be974
MH		 1636 }
1637 }
1638
1639 hci_dev_unlock(hdev);
1640}
1641
a9de9248
MH		 1642static void hci_cs_setup_sync_conn(struct hci_dev *hdev, __u8 status)
1643{
b6a0dc82
MH		 1644 struct hci_cp_setup_sync_conn *cp;
1645 struct hci_conn *acl, *sco;
1646 __u16 handle;
1647
9f1db00c 1648 BT_DBG("%s status 0x%2.2x", hdev->name, status);
b6a0dc82
MH		 1649
1650 if (!status)
1651 return;
1652
1653 cp = hci_sent_cmd_data(hdev, HCI_OP_SETUP_SYNC_CONN);
1654 if (!cp)
1655 return;
1656
1657 handle = __le16_to_cpu(cp->handle);
1658
9f1db00c 1659 BT_DBG("%s handle 0x%4.4x", hdev->name, handle);
b6a0dc82
MH		 1660
1661 hci_dev_lock(hdev);
1662
1663 acl = hci_conn_hash_lookup_handle(hdev, handle);
5a08ecce
AE		 1664 if (acl) {
1665 sco = acl->link;
1666 if (sco) {
1667 sco->state = BT_CLOSED;
b6a0dc82 1668
5a08ecce
AE		 1669 hci_proto_connect_cfm(sco, status);
1670 hci_conn_del(sco);
1671 }
b6a0dc82
MH		 1672 }
1673
1674 hci_dev_unlock(hdev);
1da177e4
LT		 1675}
1676
a9de9248 1677static void hci_cs_sniff_mode(struct hci_dev *hdev, __u8 status)
1da177e4 1678{
a9de9248
MH		 1679 struct hci_cp_sniff_mode *cp;
1680 struct hci_conn *conn;
1da177e4 1681
9f1db00c 1682 BT_DBG("%s status 0x%2.2x", hdev->name, status);
04837f64 1683
a9de9248
MH		 1684 if (!status)
1685 return;
04837f64 1686
a9de9248
MH		 1687 cp = hci_sent_cmd_data(hdev, HCI_OP_SNIFF_MODE);
1688 if (!cp)
1689 return;
04837f64 1690
a9de9248 1691 hci_dev_lock(hdev);
04837f64 1692
a9de9248 1693 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
e73439d8 1694 if (conn) {
51a8efd7 1695 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags);
04837f64 1696
51a8efd7 1697 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
e73439d8
MH		 1698 hci_sco_setup(conn, status);
1699 }
1700
a9de9248
MH		 1701 hci_dev_unlock(hdev);
1702}
04837f64 1703
a9de9248
MH		 1704static void hci_cs_exit_sniff_mode(struct hci_dev *hdev, __u8 status)
1705{
1706 struct hci_cp_exit_sniff_mode *cp;
1707 struct hci_conn *conn;
04837f64 1708
9f1db00c 1709 BT_DBG("%s status 0x%2.2x", hdev->name, status);
04837f64 1710
a9de9248
MH		 1711 if (!status)
1712 return;
04837f64 1713
a9de9248
MH		 1714 cp = hci_sent_cmd_data(hdev, HCI_OP_EXIT_SNIFF_MODE);
1715 if (!cp)
1716 return;
04837f64 1717
a9de9248 1718 hci_dev_lock(hdev);
1da177e4 1719
a9de9248 1720 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
e73439d8 1721 if (conn) {
51a8efd7 1722 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags);
1da177e4 1723
51a8efd7 1724 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
e73439d8
MH		 1725 hci_sco_setup(conn, status);
1726 }
1727
a9de9248 1728 hci_dev_unlock(hdev);
1da177e4
LT		 1729}
1730
88c3df13
JH		 1731static void hci_cs_disconnect(struct hci_dev *hdev, u8 status)
1732{
1733 struct hci_cp_disconnect *cp;
1734 struct hci_conn *conn;
1735
1736 if (!status)
1737 return;
1738
1739 cp = hci_sent_cmd_data(hdev, HCI_OP_DISCONNECT);
1740 if (!cp)
1741 return;
1742
1743 hci_dev_lock(hdev);
1744
1745 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1746 if (conn)
1747 mgmt_disconnect_failed(hdev, &conn->dst, conn->type,
04124681 1748 conn->dst_type, status);
88c3df13
JH		 1749
1750 hci_dev_unlock(hdev);
1751}
1752
a02226d6
AE		 1753static void hci_cs_create_phylink(struct hci_dev *hdev, u8 status)
1754{
93c284ee
AE		 1755 struct hci_cp_create_phy_link *cp;
1756
a02226d6 1757 BT_DBG("%s status 0x%2.2x", hdev->name, status);
93c284ee 1758
93c284ee
AE		 1759 cp = hci_sent_cmd_data(hdev, HCI_OP_CREATE_PHY_LINK);
1760 if (!cp)
1761 return;
1762
e58917b9
AE		 1763 hci_dev_lock(hdev);
1764
1765 if (status) {
1766 struct hci_conn *hcon;
1767
1768 hcon = hci_conn_hash_lookup_handle(hdev, cp->phy_handle);
1769 if (hcon)
1770 hci_conn_del(hcon);
1771 } else {
1772 amp_write_remote_assoc(hdev, cp->phy_handle);
1773 }
1774
1775 hci_dev_unlock(hdev);
a02226d6
AE		 1776}
1777
0b26ab9d
AE		 1778static void hci_cs_accept_phylink(struct hci_dev *hdev, u8 status)
1779{
1780 struct hci_cp_accept_phy_link *cp;
1781
1782 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1783
1784 if (status)
1785 return;
1786
1787 cp = hci_sent_cmd_data(hdev, HCI_OP_ACCEPT_PHY_LINK);
1788 if (!cp)
1789 return;
1790
1791 amp_write_remote_assoc(hdev, cp->phy_handle);
1792}
1793
cb1d68f7
JH		 1794static void hci_cs_le_create_conn(struct hci_dev *hdev, u8 status)
1795{
1796 struct hci_cp_le_create_conn *cp;
1797 struct hci_conn *conn;
1798
1799 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1800
1801 /* All connection failure handling is taken care of by the
1802 * hci_le_conn_failed function which is triggered by the HCI
1803 * request completion callbacks used for connecting.
1804 */
1805 if (status)
1806 return;
1807
1808 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_CREATE_CONN);
1809 if (!cp)
1810 return;
1811
1812 hci_dev_lock(hdev);
1813
1814 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->peer_addr);
1815 if (!conn)
1816 goto unlock;
1817
1818 /* Store the initiator and responder address information which
1819 * is needed for SMP. These values will not change during the
1820 * lifetime of the connection.
1821 */
1822 conn->init_addr_type = cp->own_address_type;
1823 if (cp->own_address_type == ADDR_LE_DEV_RANDOM)
1824 bacpy(&conn->init_addr, &hdev->random_addr);
1825 else
1826 bacpy(&conn->init_addr, &hdev->bdaddr);
1827
1828 conn->resp_addr_type = cp->peer_addr_type;
1829 bacpy(&conn->resp_addr, &cp->peer_addr);
1830
9489eca4
JH		 1831 /* We don't want the connection attempt to stick around
1832 * indefinitely since LE doesn't have a page timeout concept
1833 * like BR/EDR. Set a timer for any connection that doesn't use
1834 * the white list for connecting.
1835 */
1836 if (cp->filter_policy == HCI_LE_USE_PEER_ADDR)
1837 queue_delayed_work(conn->hdev->workqueue,
1838 &conn->le_conn_timeout,
1839 HCI_LE_CONN_TIMEOUT);
1840
cb1d68f7
JH		 1841unlock:
1842 hci_dev_unlock(hdev);
1843}
1844
81d0c8ad
JH		 1845static void hci_cs_le_start_enc(struct hci_dev *hdev, u8 status)
1846{
1847 struct hci_cp_le_start_enc *cp;
1848 struct hci_conn *conn;
1849
1850 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1851
1852 if (!status)
1853 return;
1854
1855 hci_dev_lock(hdev);
1856
1857 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_START_ENC);
1858 if (!cp)
1859 goto unlock;
1860
1861 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1862 if (!conn)
1863 goto unlock;
1864
1865 if (conn->state != BT_CONNECTED)
1866 goto unlock;
1867
1868 hci_disconnect(conn, HCI_ERROR_AUTH_FAILURE);
1869 hci_conn_drop(conn);
1870
1871unlock:
1872 hci_dev_unlock(hdev);
1873}
1874
6039aa73 1875static void hci_inquiry_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4
LT		 1876{
1877 __u8 status = *((__u8 *) skb->data);
30dc78e1
JH		 1878 struct discovery_state *discov = &hdev->discovery;
1879 struct inquiry_entry *e;
1da177e4 1880
9f1db00c 1881 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1da177e4 1882
a9de9248 1883 hci_conn_check_pending(hdev);
89352e7d
AG		 1884
1885 if (!test_and_clear_bit(HCI_INQUIRY, &hdev->flags))
1886 return;
1887
4e857c58 1888 smp_mb__after_atomic(); /* wake_up_bit advises about this barrier */
3e13fa1e
AG		 1889 wake_up_bit(&hdev->flags, HCI_INQUIRY);
1890
a8b2d5c2 1891 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
30dc78e1
JH		 1892 return;
1893
56e5cb86 1894 hci_dev_lock(hdev);
30dc78e1 1895
343f935b 1896 if (discov->state != DISCOVERY_FINDING)
30dc78e1
JH		 1897 goto unlock;
1898
1899 if (list_empty(&discov->resolve)) {
1900 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1901 goto unlock;
1902 }
1903
1904 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_NEEDED);
1905 if (e && hci_resolve_name(hdev, e) == 0) {
1906 e->name_state = NAME_PENDING;
1907 hci_discovery_set_state(hdev, DISCOVERY_RESOLVING);
1908 } else {
1909 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1910 }
1911
1912unlock:
56e5cb86 1913 hci_dev_unlock(hdev);
1da177e4
LT		 1914}
1915
6039aa73 1916static void hci_inquiry_result_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 1917{
45bb4bf0 1918 struct inquiry_data data;
a9de9248 1919 struct inquiry_info *info = (void *) (skb->data + 1);
1da177e4
LT		 1920 int num_rsp = *((__u8 *) skb->data);
1921
1922 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
1923
45bb4bf0
MH		 1924 if (!num_rsp)
1925 return;
1926
1519cc17
AG		 1927 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags))
1928 return;
1929
1da177e4 1930 hci_dev_lock(hdev);
45bb4bf0 1931
e17acd40 1932 for (; num_rsp; num_rsp--, info++) {
388fc8fa 1933 bool name_known, ssp;
3175405b 1934
1da177e4
LT		 1935 bacpy(&data.bdaddr, &info->bdaddr);
1936 data.pscan_rep_mode = info->pscan_rep_mode;
1937 data.pscan_period_mode = info->pscan_period_mode;
1938 data.pscan_mode = info->pscan_mode;
1939 memcpy(data.dev_class, info->dev_class, 3);
1940 data.clock_offset = info->clock_offset;
1941 data.rssi = 0x00;
41a96212 1942 data.ssp_mode = 0x00;
3175405b 1943
388fc8fa 1944 name_known = hci_inquiry_cache_update(hdev, &data, false, &ssp);
48264f06 1945 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
04124681 1946 info->dev_class, 0, !name_known, ssp, NULL,
5d2e9fad 1947 0, NULL, 0);
1da177e4 1948 }
45bb4bf0 1949
1da177e4
LT		 1950 hci_dev_unlock(hdev);
1951}
1952
6039aa73 1953static void hci_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 1954{
a9de9248
MH		 1955 struct hci_ev_conn_complete *ev = (void *) skb->data;
1956 struct hci_conn *conn;
1da177e4
LT		 1957
1958 BT_DBG("%s", hdev->name);
1959
1960 hci_dev_lock(hdev);
1961
1962 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
9499237a
MH		 1963 if (!conn) {
1964 if (ev->link_type != SCO_LINK)
1965 goto unlock;
1966
1967 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
1968 if (!conn)
1969 goto unlock;
1970
1971 conn->type = SCO_LINK;
1972 }
1da177e4
LT		 1973
1974 if (!ev->status) {
1975 conn->handle = __le16_to_cpu(ev->handle);
769be974
MH		 1976
1977 if (conn->type == ACL_LINK) {
1978 conn->state = BT_CONFIG;
1979 hci_conn_hold(conn);
a9ea3ed9
SJ		 1980
1981 if (!conn->out && !hci_conn_ssp_enabled(conn) &&
1982 !hci_find_link_key(hdev, &ev->bdaddr))
1983 conn->disc_timeout = HCI_PAIRING_TIMEOUT;
1984 else
1985 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
769be974
MH		 1986 } else
1987 conn->state = BT_CONNECTED;
1da177e4 1988
7d0db0a3
MH		 1989 hci_conn_add_sysfs(conn);
1990
1da177e4
LT		 1991 if (test_bit(HCI_AUTH, &hdev->flags))
1992 conn->link_mode |= HCI_LM_AUTH;
1993
1994 if (test_bit(HCI_ENCRYPT, &hdev->flags))
1995 conn->link_mode |= HCI_LM_ENCRYPT;
1996
04837f64
MH		 1997 /* Get remote features */
1998 if (conn->type == ACL_LINK) {
1999 struct hci_cp_read_remote_features cp;
2000 cp.handle = ev->handle;
769be974 2001 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_FEATURES,
04124681 2002 sizeof(cp), &cp);
04837f64
MH		 2003 }
2004
1da177e4 2005 /* Set packet type for incoming connection */
d095c1eb 2006 if (!conn->out && hdev->hci_ver < BLUETOOTH_VER_2_0) {
1da177e4
LT		 2007 struct hci_cp_change_conn_ptype cp;
2008 cp.handle = ev->handle;
a8746417 2009 cp.pkt_type = cpu_to_le16(conn->pkt_type);
04124681
GP		 2010 hci_send_cmd(hdev, HCI_OP_CHANGE_CONN_PTYPE, sizeof(cp),
2011 &cp);
1da177e4 2012 }
17d5c04c 2013 } else {
1da177e4 2014 conn->state = BT_CLOSED;
17d5c04c 2015 if (conn->type == ACL_LINK)
64c7b77c 2016 mgmt_connect_failed(hdev, &conn->dst, conn->type,
04124681 2017 conn->dst_type, ev->status);
17d5c04c 2018 }
1da177e4 2019
e73439d8
MH		 2020 if (conn->type == ACL_LINK)
2021 hci_sco_setup(conn, ev->status);
1da177e4 2022
769be974
MH		 2023 if (ev->status) {
2024 hci_proto_connect_cfm(conn, ev->status);
1da177e4 2025 hci_conn_del(conn);
c89b6e6b
MH		 2026 } else if (ev->link_type != ACL_LINK)
2027 hci_proto_connect_cfm(conn, ev->status);
1da177e4 2028
a9de9248 2029unlock:
1da177e4 2030 hci_dev_unlock(hdev);
1da177e4 2031
a9de9248 2032 hci_conn_check_pending(hdev);
1da177e4
LT		 2033}
2034
6039aa73 2035static void hci_conn_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 2036{
a9de9248
MH		 2037 struct hci_ev_conn_request *ev = (void *) skb->data;
2038 int mask = hdev->link_mode;
20714bfe 2039 __u8 flags = 0;
1da177e4 2040
6ed93dc6 2041 BT_DBG("%s bdaddr %pMR type 0x%x", hdev->name, &ev->bdaddr,
807deac2 2042 ev->link_type);
1da177e4 2043
20714bfe
FD		 2044 mask |= hci_proto_connect_ind(hdev, &ev->bdaddr, ev->link_type,
2045 &flags);
1da177e4 2046
138d22ef 2047 if ((mask & HCI_LM_ACCEPT) &&
b9ee0a78 2048 !hci_blacklist_lookup(hdev, &ev->bdaddr, BDADDR_BREDR)) {
a9de9248 2049 /* Connection accepted */
c7bdd502 2050 struct inquiry_entry *ie;
1da177e4 2051 struct hci_conn *conn;
1da177e4 2052
a9de9248 2053 hci_dev_lock(hdev);
b6a0dc82 2054
cc11b9c1
AE		 2055 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
2056 if (ie)
c7bdd502
MH		 2057 memcpy(ie->data.dev_class, ev->dev_class, 3);
2058
8fc9ced3
GP		 2059 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type,
2060 &ev->bdaddr);
a9de9248 2061 if (!conn) {
cc11b9c1
AE		 2062 conn = hci_conn_add(hdev, ev->link_type, &ev->bdaddr);
2063 if (!conn) {
893ef971 2064 BT_ERR("No memory for new connection");
a9de9248
MH		 2065 hci_dev_unlock(hdev);
2066 return;
1da177e4
LT		 2067 }
2068 }
b6a0dc82 2069
a9de9248 2070 memcpy(conn->dev_class, ev->dev_class, 3);
b6a0dc82 2071
a9de9248 2072 hci_dev_unlock(hdev);
1da177e4 2073
20714bfe
FD		 2074 if (ev->link_type == ACL_LINK ||
2075 (!(flags & HCI_PROTO_DEFER) && !lmp_esco_capable(hdev))) {
b6a0dc82 2076 struct hci_cp_accept_conn_req cp;
20714bfe 2077 conn->state = BT_CONNECT;
1da177e4 2078
b6a0dc82
MH		 2079 bacpy(&cp.bdaddr, &ev->bdaddr);
2080
2081 if (lmp_rswitch_capable(hdev) && (mask & HCI_LM_MASTER))
2082 cp.role = 0x00; /* Become master */
2083 else
2084 cp.role = 0x01; /* Remain slave */
2085
04124681
GP		 2086 hci_send_cmd(hdev, HCI_OP_ACCEPT_CONN_REQ, sizeof(cp),
2087 &cp);
20714bfe 2088 } else if (!(flags & HCI_PROTO_DEFER)) {
b6a0dc82 2089 struct hci_cp_accept_sync_conn_req cp;
20714bfe 2090 conn->state = BT_CONNECT;
b6a0dc82
MH		 2091
2092 bacpy(&cp.bdaddr, &ev->bdaddr);
a8746417 2093 cp.pkt_type = cpu_to_le16(conn->pkt_type);
b6a0dc82 2094
dcf4adbf
JP		 2095 cp.tx_bandwidth = cpu_to_le32(0x00001f40);
2096 cp.rx_bandwidth = cpu_to_le32(0x00001f40);
2097 cp.max_latency = cpu_to_le16(0xffff);
b6a0dc82
MH		 2098 cp.content_format = cpu_to_le16(hdev->voice_setting);
2099 cp.retrans_effort = 0xff;
1da177e4 2100
b6a0dc82 2101 hci_send_cmd(hdev, HCI_OP_ACCEPT_SYNC_CONN_REQ,
04124681 2102 sizeof(cp), &cp);
20714bfe
FD		 2103 } else {
2104 conn->state = BT_CONNECT2;
2105 hci_proto_connect_cfm(conn, 0);
b6a0dc82 2106 }
a9de9248
MH		 2107 } else {
2108 /* Connection rejected */
2109 struct hci_cp_reject_conn_req cp;
1da177e4 2110
a9de9248 2111 bacpy(&cp.bdaddr, &ev->bdaddr);
9f5a0d7b 2112 cp.reason = HCI_ERROR_REJ_BAD_ADDR;
a9de9248 2113 hci_send_cmd(hdev, HCI_OP_REJECT_CONN_REQ, sizeof(cp), &cp);
1da177e4 2114 }
1da177e4
LT		 2115}
2116
f0d6a0ea
MA		 2117static u8 hci_to_mgmt_reason(u8 err)
2118{
2119 switch (err) {
2120 case HCI_ERROR_CONNECTION_TIMEOUT:
2121 return MGMT_DEV_DISCONN_TIMEOUT;
2122 case HCI_ERROR_REMOTE_USER_TERM:
2123 case HCI_ERROR_REMOTE_LOW_RESOURCES:
2124 case HCI_ERROR_REMOTE_POWER_OFF:
2125 return MGMT_DEV_DISCONN_REMOTE;
2126 case HCI_ERROR_LOCAL_HOST_TERM:
2127 return MGMT_DEV_DISCONN_LOCAL_HOST;
2128 default:
2129 return MGMT_DEV_DISCONN_UNKNOWN;
2130 }
2131}
2132
6039aa73 2133static void hci_disconn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
04837f64 2134{
a9de9248 2135 struct hci_ev_disconn_complete *ev = (void *) skb->data;
abf54a50 2136 u8 reason = hci_to_mgmt_reason(ev->reason);
9fcb18ef 2137 struct hci_conn_params *params;
04837f64 2138 struct hci_conn *conn;
12d4a3b2 2139 bool mgmt_connected;
3846220b 2140 u8 type;
04837f64 2141
9f1db00c 2142 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
04837f64
MH		 2143
2144 hci_dev_lock(hdev);
2145
2146 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
f7520543
JH		 2147 if (!conn)
2148 goto unlock;
7d0db0a3 2149
abf54a50
AG		 2150 if (ev->status) {
2151 mgmt_disconnect_failed(hdev, &conn->dst, conn->type,
2152 conn->dst_type, ev->status);
2153 goto unlock;
37d9ef76 2154 }
f7520543 2155
3846220b
AG		 2156 conn->state = BT_CLOSED;
2157
12d4a3b2
JH		 2158 mgmt_connected = test_and_clear_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags);
2159 mgmt_device_disconnected(hdev, &conn->dst, conn->type, conn->dst_type,
2160 reason, mgmt_connected);
abf54a50 2161
3846220b
AG		 2162 if (conn->type == ACL_LINK && conn->flush_key)
2163 hci_remove_link_key(hdev, &conn->dst);
2210246c 2164
9fcb18ef
AG		 2165 params = hci_conn_params_lookup(hdev, &conn->dst, conn->dst_type);
2166 if (params) {
2167 switch (params->auto_connect) {
2168 case HCI_AUTO_CONN_LINK_LOSS:
2169 if (ev->reason != HCI_ERROR_CONNECTION_TIMEOUT)
2170 break;
2171 /* Fall through */
2172
2173 case HCI_AUTO_CONN_ALWAYS:
2174 hci_pend_le_conn_add(hdev, &conn->dst, conn->dst_type);
2175 break;
2176
2177 default:
2178 break;
2179 }
2180 }
2181
3846220b 2182 type = conn->type;
2210246c 2183
3846220b
AG		 2184 hci_proto_disconn_cfm(conn, ev->reason);
2185 hci_conn_del(conn);
2186
2187 /* Re-enable advertising if necessary, since it might
2188 * have been disabled by the connection. From the
2189 * HCI_LE_Set_Advertise_Enable command description in
2190 * the core specification (v4.0):
2191 * "The Controller shall continue advertising until the Host
2192 * issues an LE_Set_Advertise_Enable command with
2193 * Advertising_Enable set to 0x00 (Advertising is disabled)
2194 * or until a connection is created or until the Advertising
2195 * is timed out due to Directed Advertising."
2196 */
2197 if (type == LE_LINK)
2198 mgmt_reenable_advertising(hdev);
f7520543
JH		 2199
2200unlock:
04837f64
MH		 2201 hci_dev_unlock(hdev);
2202}
2203
6039aa73 2204static void hci_auth_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 2205{
a9de9248 2206 struct hci_ev_auth_complete *ev = (void *) skb->data;
04837f64 2207 struct hci_conn *conn;
1da177e4 2208
9f1db00c 2209 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
1da177e4
LT		 2210
2211 hci_dev_lock(hdev);
2212
04837f64 2213 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
d7556e20
WR		 2214 if (!conn)
2215 goto unlock;
2216
2217 if (!ev->status) {
aa64a8b5 2218 if (!hci_conn_ssp_enabled(conn) &&
807deac2 2219 test_bit(HCI_CONN_REAUTH_PEND, &conn->flags)) {
d7556e20 2220 BT_INFO("re-auth of legacy device is not possible.");
2a611692 2221 } else {
d7556e20
WR		 2222 conn->link_mode |= HCI_LM_AUTH;
2223 conn->sec_level = conn->pending_sec_level;
2a611692 2224 }
d7556e20 2225 } else {
bab73cb6 2226 mgmt_auth_failed(hdev, &conn->dst, conn->type, conn->dst_type,
04124681 2227 ev->status);
d7556e20 2228 }
1da177e4 2229
51a8efd7
JH		 2230 clear_bit(HCI_CONN_AUTH_PEND, &conn->flags);
2231 clear_bit(HCI_CONN_REAUTH_PEND, &conn->flags);
1da177e4 2232
d7556e20 2233 if (conn->state == BT_CONFIG) {
aa64a8b5 2234 if (!ev->status && hci_conn_ssp_enabled(conn)) {
d7556e20
WR		 2235 struct hci_cp_set_conn_encrypt cp;
2236 cp.handle = ev->handle;
2237 cp.encrypt = 0x01;
2238 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
807deac2 2239 &cp);
052b30b0 2240 } else {
d7556e20
WR		 2241 conn->state = BT_CONNECTED;
2242 hci_proto_connect_cfm(conn, ev->status);
76a68ba0 2243 hci_conn_drop(conn);
052b30b0 2244 }
d7556e20
WR		 2245 } else {
2246 hci_auth_cfm(conn, ev->status);
052b30b0 2247
d7556e20
WR		 2248 hci_conn_hold(conn);
2249 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
76a68ba0 2250 hci_conn_drop(conn);
d7556e20
WR		 2251 }
2252
51a8efd7 2253 if (test_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags)) {
d7556e20
WR		 2254 if (!ev->status) {
2255 struct hci_cp_set_conn_encrypt cp;
2256 cp.handle = ev->handle;
2257 cp.encrypt = 0x01;
2258 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
807deac2 2259 &cp);
d7556e20 2260 } else {
51a8efd7 2261 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
d7556e20 2262 hci_encrypt_cfm(conn, ev->status, 0x00);
1da177e4
LT		 2263 }
2264 }
2265
d7556e20 2266unlock:
1da177e4
LT		 2267 hci_dev_unlock(hdev);
2268}
2269
6039aa73 2270static void hci_remote_name_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 2271{
127178d2
JH		 2272 struct hci_ev_remote_name *ev = (void *) skb->data;
2273 struct hci_conn *conn;
2274
a9de9248 2275 BT_DBG("%s", hdev->name);
1da177e4 2276
a9de9248 2277 hci_conn_check_pending(hdev);
127178d2
JH		 2278
2279 hci_dev_lock(hdev);
2280
b644ba33 2281 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
30dc78e1 2282
b644ba33
JH		 2283 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
2284 goto check_auth;
a88a9652 2285
b644ba33
JH		 2286 if (ev->status == 0)
2287 hci_check_pending_name(hdev, conn, &ev->bdaddr, ev->name,
04124681 2288 strnlen(ev->name, HCI_MAX_NAME_LENGTH));
b644ba33
JH		 2289 else
2290 hci_check_pending_name(hdev, conn, &ev->bdaddr, NULL, 0);
2291
2292check_auth:
79c6c70c
JH		 2293 if (!conn)
2294 goto unlock;
2295
2296 if (!hci_outgoing_auth_needed(hdev, conn))
2297 goto unlock;
2298
51a8efd7 2299 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
127178d2
JH		 2300 struct hci_cp_auth_requested cp;
2301 cp.handle = __cpu_to_le16(conn->handle);
2302 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp);
2303 }
2304
79c6c70c 2305unlock:
127178d2 2306 hci_dev_unlock(hdev);
a9de9248
MH		 2307}
2308
6039aa73 2309static void hci_encrypt_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248
MH		 2310{
2311 struct hci_ev_encrypt_change *ev = (void *) skb->data;
2312 struct hci_conn *conn;
2313
9f1db00c 2314 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
1da177e4
LT		 2315
2316 hci_dev_lock(hdev);
2317
04837f64 2318 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
dc8357cc
MH		 2319 if (!conn)
2320 goto unlock;
1da177e4 2321
dc8357cc
MH		 2322 if (!ev->status) {
2323 if (ev->encrypt) {
2324 /* Encryption implies authentication */
2325 conn->link_mode |= HCI_LM_AUTH;
2326 conn->link_mode |= HCI_LM_ENCRYPT;
2327 conn->sec_level = conn->pending_sec_level;
abf76bad 2328
914a6ffe
MH		 2329 /* P-256 authentication key implies FIPS */
2330 if (conn->key_type == HCI_LK_AUTH_COMBINATION_P256)
2331 conn->link_mode |= HCI_LM_FIPS;
2332
abf76bad
MH		 2333 if ((conn->type == ACL_LINK && ev->encrypt == 0x02) ||
2334 conn->type == LE_LINK)
2335 set_bit(HCI_CONN_AES_CCM, &conn->flags);
2336 } else {
dc8357cc 2337 conn->link_mode &= ~HCI_LM_ENCRYPT;
abf76bad
MH		 2338 clear_bit(HCI_CONN_AES_CCM, &conn->flags);
2339 }
dc8357cc 2340 }
a7d7723a 2341
dc8357cc 2342 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
f8558555 2343
dc8357cc
MH		 2344 if (ev->status && conn->state == BT_CONNECTED) {
2345 hci_disconnect(conn, HCI_ERROR_AUTH_FAILURE);
2346 hci_conn_drop(conn);
2347 goto unlock;
1da177e4
LT		 2348 }
2349
dc8357cc
MH		 2350 if (conn->state == BT_CONFIG) {
2351 if (!ev->status)
2352 conn->state = BT_CONNECTED;
2353
40b552aa
MH		 2354 /* In Secure Connections Only mode, do not allow any
2355 * connections that are not encrypted with AES-CCM
2356 * using a P-256 authenticated combination key.
2357 */
2358 if (test_bit(HCI_SC_ONLY, &hdev->dev_flags) &&
2359 (!test_bit(HCI_CONN_AES_CCM, &conn->flags) ||
2360 conn->key_type != HCI_LK_AUTH_COMBINATION_P256)) {
2361 hci_proto_connect_cfm(conn, HCI_ERROR_AUTH_FAILURE);
2362 hci_conn_drop(conn);
2363 goto unlock;
2364 }
2365
dc8357cc
MH		 2366 hci_proto_connect_cfm(conn, ev->status);
2367 hci_conn_drop(conn);
2368 } else
2369 hci_encrypt_cfm(conn, ev->status, ev->encrypt);
2370
a7d7723a 2371unlock:
1da177e4
LT		 2372 hci_dev_unlock(hdev);
2373}
2374
6039aa73
GP		 2375static void hci_change_link_key_complete_evt(struct hci_dev *hdev,
2376 struct sk_buff *skb)
1da177e4 2377{
a9de9248 2378 struct hci_ev_change_link_key_complete *ev = (void *) skb->data;
04837f64 2379 struct hci_conn *conn;
1da177e4 2380
9f1db00c 2381 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
1da177e4
LT		 2382
2383 hci_dev_lock(hdev);
2384
04837f64 2385 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1da177e4
LT		 2386 if (conn) {
2387 if (!ev->status)
2388 conn->link_mode |= HCI_LM_SECURE;
2389
51a8efd7 2390 clear_bit(HCI_CONN_AUTH_PEND, &conn->flags);
1da177e4
LT		 2391
2392 hci_key_change_cfm(conn, ev->status);
2393 }
2394
2395 hci_dev_unlock(hdev);
2396}
2397
6039aa73
GP		 2398static void hci_remote_features_evt(struct hci_dev *hdev,
2399 struct sk_buff *skb)
1da177e4 2400{
a9de9248
MH		 2401 struct hci_ev_remote_features *ev = (void *) skb->data;
2402 struct hci_conn *conn;
2403
9f1db00c 2404 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
a9de9248 2405
a9de9248
MH		 2406 hci_dev_lock(hdev);
2407
2408 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
ccd556fe
JH		 2409 if (!conn)
2410 goto unlock;
769be974 2411
ccd556fe 2412 if (!ev->status)
cad718ed 2413 memcpy(conn->features[0], ev->features, 8);
ccd556fe
JH		 2414
2415 if (conn->state != BT_CONFIG)
2416 goto unlock;
2417
2418 if (!ev->status && lmp_ssp_capable(hdev) && lmp_ssp_capable(conn)) {
2419 struct hci_cp_read_remote_ext_features cp;
2420 cp.handle = ev->handle;
2421 cp.page = 0x01;
2422 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES,
807deac2 2423 sizeof(cp), &cp);
392599b9
JH		 2424 goto unlock;
2425 }
2426
671267bf 2427 if (!ev->status && !test_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags)) {
127178d2
JH		 2428 struct hci_cp_remote_name_req cp;
2429 memset(&cp, 0, sizeof(cp));
2430 bacpy(&cp.bdaddr, &conn->dst);
2431 cp.pscan_rep_mode = 0x02;
2432 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
b644ba33
JH		 2433 } else if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
2434 mgmt_device_connected(hdev, &conn->dst, conn->type,
04124681
GP		 2435 conn->dst_type, 0, NULL, 0,
2436 conn->dev_class);
392599b9 2437
127178d2 2438 if (!hci_outgoing_auth_needed(hdev, conn)) {
ccd556fe
JH		 2439 conn->state = BT_CONNECTED;
2440 hci_proto_connect_cfm(conn, ev->status);
76a68ba0 2441 hci_conn_drop(conn);
769be974 2442 }
a9de9248 2443
ccd556fe 2444unlock:
a9de9248 2445 hci_dev_unlock(hdev);
1da177e4
LT		 2446}
2447
6039aa73 2448static void hci_cmd_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248
MH		 2449{
2450 struct hci_ev_cmd_complete *ev = (void *) skb->data;
9238f36a 2451 u8 status = skb->data[sizeof(*ev)];
a9de9248
MH		 2452 __u16 opcode;
2453
2454 skb_pull(skb, sizeof(*ev));
2455
2456 opcode = __le16_to_cpu(ev->opcode);
2457
2458 switch (opcode) {
2459 case HCI_OP_INQUIRY_CANCEL:
2460 hci_cc_inquiry_cancel(hdev, skb);
2461 break;
2462
4d93483b
AG		 2463 case HCI_OP_PERIODIC_INQ:
2464 hci_cc_periodic_inq(hdev, skb);
2465 break;
2466
a9de9248
MH		 2467 case HCI_OP_EXIT_PERIODIC_INQ:
2468 hci_cc_exit_periodic_inq(hdev, skb);
2469 break;
2470
2471 case HCI_OP_REMOTE_NAME_REQ_CANCEL:
2472 hci_cc_remote_name_req_cancel(hdev, skb);
2473 break;
2474
2475 case HCI_OP_ROLE_DISCOVERY:
2476 hci_cc_role_discovery(hdev, skb);
2477 break;
2478
e4e8e37c
MH		 2479 case HCI_OP_READ_LINK_POLICY:
2480 hci_cc_read_link_policy(hdev, skb);
2481 break;
2482
a9de9248
MH		 2483 case HCI_OP_WRITE_LINK_POLICY:
2484 hci_cc_write_link_policy(hdev, skb);
2485 break;
2486
e4e8e37c
MH		 2487 case HCI_OP_READ_DEF_LINK_POLICY:
2488 hci_cc_read_def_link_policy(hdev, skb);
2489 break;
2490
2491 case HCI_OP_WRITE_DEF_LINK_POLICY:
2492 hci_cc_write_def_link_policy(hdev, skb);
2493 break;
2494
a9de9248
MH		 2495 case HCI_OP_RESET:
2496 hci_cc_reset(hdev, skb);
2497 break;
2498
2499 case HCI_OP_WRITE_LOCAL_NAME:
2500 hci_cc_write_local_name(hdev, skb);
2501 break;
2502
2503 case HCI_OP_READ_LOCAL_NAME:
2504 hci_cc_read_local_name(hdev, skb);
2505 break;
2506
2507 case HCI_OP_WRITE_AUTH_ENABLE:
2508 hci_cc_write_auth_enable(hdev, skb);
2509 break;
2510
2511 case HCI_OP_WRITE_ENCRYPT_MODE:
2512 hci_cc_write_encrypt_mode(hdev, skb);
2513 break;
2514
2515 case HCI_OP_WRITE_SCAN_ENABLE:
2516 hci_cc_write_scan_enable(hdev, skb);
2517 break;
2518
2519 case HCI_OP_READ_CLASS_OF_DEV:
2520 hci_cc_read_class_of_dev(hdev, skb);
2521 break;
2522
2523 case HCI_OP_WRITE_CLASS_OF_DEV:
2524 hci_cc_write_class_of_dev(hdev, skb);
2525 break;
2526
2527 case HCI_OP_READ_VOICE_SETTING:
2528 hci_cc_read_voice_setting(hdev, skb);
2529 break;
2530
2531 case HCI_OP_WRITE_VOICE_SETTING:
2532 hci_cc_write_voice_setting(hdev, skb);
2533 break;
2534
b4cb9fb2
MH		 2535 case HCI_OP_READ_NUM_SUPPORTED_IAC:
2536 hci_cc_read_num_supported_iac(hdev, skb);
2537 break;
2538
333140b5
MH		 2539 case HCI_OP_WRITE_SSP_MODE:
2540 hci_cc_write_ssp_mode(hdev, skb);
2541 break;
2542
eac83dc6
MH		 2543 case HCI_OP_WRITE_SC_SUPPORT:
2544 hci_cc_write_sc_support(hdev, skb);
2545 break;
2546
a9de9248
MH		 2547 case HCI_OP_READ_LOCAL_VERSION:
2548 hci_cc_read_local_version(hdev, skb);
2549 break;
2550
2551 case HCI_OP_READ_LOCAL_COMMANDS:
2552 hci_cc_read_local_commands(hdev, skb);
2553 break;
2554
2555 case HCI_OP_READ_LOCAL_FEATURES:
2556 hci_cc_read_local_features(hdev, skb);
2557 break;
2558
971e3a4b
AG		 2559 case HCI_OP_READ_LOCAL_EXT_FEATURES:
2560 hci_cc_read_local_ext_features(hdev, skb);
2561 break;
2562
a9de9248
MH		 2563 case HCI_OP_READ_BUFFER_SIZE:
2564 hci_cc_read_buffer_size(hdev, skb);
2565 break;
2566
2567 case HCI_OP_READ_BD_ADDR:
2568 hci_cc_read_bd_addr(hdev, skb);
2569 break;
2570
f332ec66
JH		 2571 case HCI_OP_READ_PAGE_SCAN_ACTIVITY:
2572 hci_cc_read_page_scan_activity(hdev, skb);
2573 break;
2574
4a3ee763
JH		 2575 case HCI_OP_WRITE_PAGE_SCAN_ACTIVITY:
2576 hci_cc_write_page_scan_activity(hdev, skb);
2577 break;
2578
f332ec66
JH		 2579 case HCI_OP_READ_PAGE_SCAN_TYPE:
2580 hci_cc_read_page_scan_type(hdev, skb);
2581 break;
2582
4a3ee763
JH		 2583 case HCI_OP_WRITE_PAGE_SCAN_TYPE:
2584 hci_cc_write_page_scan_type(hdev, skb);
2585 break;
2586
350ee4cf
AE		 2587 case HCI_OP_READ_DATA_BLOCK_SIZE:
2588 hci_cc_read_data_block_size(hdev, skb);
2589 break;
2590
1e89cffb
AE		 2591 case HCI_OP_READ_FLOW_CONTROL_MODE:
2592 hci_cc_read_flow_control_mode(hdev, skb);
2593 break;
2594
928abaa7
AE		 2595 case HCI_OP_READ_LOCAL_AMP_INFO:
2596 hci_cc_read_local_amp_info(hdev, skb);
2597 break;
2598
903e4541
AE		 2599 case HCI_OP_READ_LOCAL_AMP_ASSOC:
2600 hci_cc_read_local_amp_assoc(hdev, skb);
2601 break;
2602
d5859e22
JH		 2603 case HCI_OP_READ_INQ_RSP_TX_POWER:
2604 hci_cc_read_inq_rsp_tx_power(hdev, skb);
2605 break;
2606
980e1a53
JH		 2607 case HCI_OP_PIN_CODE_REPLY:
2608 hci_cc_pin_code_reply(hdev, skb);
2609 break;
2610
2611 case HCI_OP_PIN_CODE_NEG_REPLY:
2612 hci_cc_pin_code_neg_reply(hdev, skb);
2613 break;
2614
c35938b2 2615 case HCI_OP_READ_LOCAL_OOB_DATA:
4d2d2796
MH		 2616 hci_cc_read_local_oob_data(hdev, skb);
2617 break;
2618
2619 case HCI_OP_READ_LOCAL_OOB_EXT_DATA:
2620 hci_cc_read_local_oob_ext_data(hdev, skb);
c35938b2
SJ		 2621 break;
2622
6ed58ec5
VT		 2623 case HCI_OP_LE_READ_BUFFER_SIZE:
2624 hci_cc_le_read_buffer_size(hdev, skb);
2625 break;
2626
60e77321
JH		 2627 case HCI_OP_LE_READ_LOCAL_FEATURES:
2628 hci_cc_le_read_local_features(hdev, skb);
2629 break;
2630
8fa19098
JH		 2631 case HCI_OP_LE_READ_ADV_TX_POWER:
2632 hci_cc_le_read_adv_tx_power(hdev, skb);
2633 break;
2634
a5c29683
JH		 2635 case HCI_OP_USER_CONFIRM_REPLY:
2636 hci_cc_user_confirm_reply(hdev, skb);
2637 break;
2638
2639 case HCI_OP_USER_CONFIRM_NEG_REPLY:
2640 hci_cc_user_confirm_neg_reply(hdev, skb);
2641 break;
2642
1143d458
BG		 2643 case HCI_OP_USER_PASSKEY_REPLY:
2644 hci_cc_user_passkey_reply(hdev, skb);
2645 break;
2646
2647 case HCI_OP_USER_PASSKEY_NEG_REPLY:
2648 hci_cc_user_passkey_neg_reply(hdev, skb);
16cde993 2649 break;
07f7fa5d 2650
7a4cd51d
MH		 2651 case HCI_OP_LE_SET_RANDOM_ADDR:
2652 hci_cc_le_set_random_addr(hdev, skb);
2653 break;
2654
c1d5dc4a
JH		 2655 case HCI_OP_LE_SET_ADV_ENABLE:
2656 hci_cc_le_set_adv_enable(hdev, skb);
2657 break;
2658
533553f8
MH		 2659 case HCI_OP_LE_SET_SCAN_PARAM:
2660 hci_cc_le_set_scan_param(hdev, skb);
2661 break;
2662
eb9d91f5
AG		 2663 case HCI_OP_LE_SET_SCAN_ENABLE:
2664 hci_cc_le_set_scan_enable(hdev, skb);
2665 break;
2666
cf1d081f
JH		 2667 case HCI_OP_LE_READ_WHITE_LIST_SIZE:
2668 hci_cc_le_read_white_list_size(hdev, skb);
2669 break;
2670
0f36b589
MH		 2671 case HCI_OP_LE_CLEAR_WHITE_LIST:
2672 hci_cc_le_clear_white_list(hdev, skb);
2673 break;
2674
2675 case HCI_OP_LE_ADD_TO_WHITE_LIST:
2676 hci_cc_le_add_to_white_list(hdev, skb);
2677 break;
2678
2679 case HCI_OP_LE_DEL_FROM_WHITE_LIST:
2680 hci_cc_le_del_from_white_list(hdev, skb);
2681 break;
2682
9b008c04
JH		 2683 case HCI_OP_LE_READ_SUPPORTED_STATES:
2684 hci_cc_le_read_supported_states(hdev, skb);
2685 break;
2686
f9b49306
AG		 2687 case HCI_OP_WRITE_LE_HOST_SUPPORTED:
2688 hci_cc_write_le_host_supported(hdev, skb);
2689 break;
2690
56ed2cb8
JH		 2691 case HCI_OP_LE_SET_ADV_PARAM:
2692 hci_cc_set_adv_param(hdev, skb);
2693 break;
2694
93c284ee
AE		 2695 case HCI_OP_WRITE_REMOTE_AMP_ASSOC:
2696 hci_cc_write_remote_amp_assoc(hdev, skb);
2697 break;
2698
5ae76a94
AK		 2699 case HCI_OP_READ_RSSI:
2700 hci_cc_read_rssi(hdev, skb);
2701 break;
2702
5a134fae
AK		 2703 case HCI_OP_READ_TX_POWER:
2704 hci_cc_read_tx_power(hdev, skb);
2705 break;
2706
a9de9248 2707 default:
9f1db00c 2708 BT_DBG("%s opcode 0x%4.4x", hdev->name, opcode);
a9de9248
MH		 2709 break;
2710 }
2711
ad82cdd1 2712 if (opcode != HCI_OP_NOP)
65cc2b49 2713 cancel_delayed_work(&hdev->cmd_timer);
6bd32326 2714
ad82cdd1 2715 hci_req_cmd_complete(hdev, opcode, status);
9238f36a 2716
dbccd791 2717 if (ev->ncmd && !test_bit(HCI_RESET, &hdev->flags)) {
a9de9248
MH		 2718 atomic_set(&hdev->cmd_cnt, 1);
2719 if (!skb_queue_empty(&hdev->cmd_q))
c347b765 2720 queue_work(hdev->workqueue, &hdev->cmd_work);
a9de9248
MH		 2721 }
2722}
2723
6039aa73 2724static void hci_cmd_status_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248
MH		 2725{
2726 struct hci_ev_cmd_status *ev = (void *) skb->data;
2727 __u16 opcode;
2728
2729 skb_pull(skb, sizeof(*ev));
2730
2731 opcode = __le16_to_cpu(ev->opcode);
2732
2733 switch (opcode) {
2734 case HCI_OP_INQUIRY:
2735 hci_cs_inquiry(hdev, ev->status);
2736 break;
2737
2738 case HCI_OP_CREATE_CONN:
2739 hci_cs_create_conn(hdev, ev->status);
2740 break;
2741
2742 case HCI_OP_ADD_SCO:
2743 hci_cs_add_sco(hdev, ev->status);
2744 break;
2745
f8558555
MH		 2746 case HCI_OP_AUTH_REQUESTED:
2747 hci_cs_auth_requested(hdev, ev->status);
2748 break;
2749
2750 case HCI_OP_SET_CONN_ENCRYPT:
2751 hci_cs_set_conn_encrypt(hdev, ev->status);
2752 break;
2753
a9de9248
MH		 2754 case HCI_OP_REMOTE_NAME_REQ:
2755 hci_cs_remote_name_req(hdev, ev->status);
2756 break;
2757
769be974
MH		 2758 case HCI_OP_READ_REMOTE_FEATURES:
2759 hci_cs_read_remote_features(hdev, ev->status);
2760 break;
2761
2762 case HCI_OP_READ_REMOTE_EXT_FEATURES:
2763 hci_cs_read_remote_ext_features(hdev, ev->status);
2764 break;
2765
a9de9248
MH		 2766 case HCI_OP_SETUP_SYNC_CONN:
2767 hci_cs_setup_sync_conn(hdev, ev->status);
2768 break;
2769
2770 case HCI_OP_SNIFF_MODE:
2771 hci_cs_sniff_mode(hdev, ev->status);
2772 break;
2773
2774 case HCI_OP_EXIT_SNIFF_MODE:
2775 hci_cs_exit_sniff_mode(hdev, ev->status);
2776 break;
2777
8962ee74 2778 case HCI_OP_DISCONNECT:
88c3df13 2779 hci_cs_disconnect(hdev, ev->status);
8962ee74
JH		 2780 break;
2781
a02226d6
AE		 2782 case HCI_OP_CREATE_PHY_LINK:
2783 hci_cs_create_phylink(hdev, ev->status);
2784 break;
2785
0b26ab9d
AE		 2786 case HCI_OP_ACCEPT_PHY_LINK:
2787 hci_cs_accept_phylink(hdev, ev->status);
2788 break;
2789
cb1d68f7
JH		 2790 case HCI_OP_LE_CREATE_CONN:
2791 hci_cs_le_create_conn(hdev, ev->status);
2792 break;
2793
81d0c8ad
JH		 2794 case HCI_OP_LE_START_ENC:
2795 hci_cs_le_start_enc(hdev, ev->status);
2796 break;
2797
a9de9248 2798 default:
9f1db00c 2799 BT_DBG("%s opcode 0x%4.4x", hdev->name, opcode);
a9de9248
MH		 2800 break;
2801 }
2802
ad82cdd1 2803 if (opcode != HCI_OP_NOP)
65cc2b49 2804 cancel_delayed_work(&hdev->cmd_timer);
6bd32326 2805
02350a72
JH		 2806 if (ev->status ||
2807 (hdev->sent_cmd && !bt_cb(hdev->sent_cmd)->req.event))
2808 hci_req_cmd_complete(hdev, opcode, ev->status);
9238f36a 2809
10572132 2810 if (ev->ncmd && !test_bit(HCI_RESET, &hdev->flags)) {
a9de9248
MH		 2811 atomic_set(&hdev->cmd_cnt, 1);
2812 if (!skb_queue_empty(&hdev->cmd_q))
c347b765 2813 queue_work(hdev->workqueue, &hdev->cmd_work);
a9de9248
MH		 2814 }
2815}
2816
6039aa73 2817static void hci_role_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248
MH		 2818{
2819 struct hci_ev_role_change *ev = (void *) skb->data;
2820 struct hci_conn *conn;
2821
9f1db00c 2822 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
a9de9248
MH		 2823
2824 hci_dev_lock(hdev);
2825
2826 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2827 if (conn) {
2828 if (!ev->status) {
2829 if (ev->role)
2830 conn->link_mode &= ~HCI_LM_MASTER;
2831 else
2832 conn->link_mode |= HCI_LM_MASTER;
2833 }
2834
51a8efd7 2835 clear_bit(HCI_CONN_RSWITCH_PEND, &conn->flags);
a9de9248
MH		 2836
2837 hci_role_switch_cfm(conn, ev->status, ev->role);
2838 }
2839
2840 hci_dev_unlock(hdev);
2841}
2842
6039aa73 2843static void hci_num_comp_pkts_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248
MH		 2844{
2845 struct hci_ev_num_comp_pkts *ev = (void *) skb->data;
a9de9248
MH		 2846 int i;
2847
32ac5b9b
AE		 2848 if (hdev->flow_ctl_mode != HCI_FLOW_CTL_MODE_PACKET_BASED) {
2849 BT_ERR("Wrong event for mode %d", hdev->flow_ctl_mode);
2850 return;
2851 }
2852
c5993de8 2853 if (skb->len < sizeof(*ev) || skb->len < sizeof(*ev) +
807deac2 2854 ev->num_hndl * sizeof(struct hci_comp_pkts_info)) {
a9de9248
MH		 2855 BT_DBG("%s bad parameters", hdev->name);
2856 return;
2857 }
2858
c5993de8
AE		 2859 BT_DBG("%s num_hndl %d", hdev->name, ev->num_hndl);
2860
613a1c0c
AE		 2861 for (i = 0; i < ev->num_hndl; i++) {
2862 struct hci_comp_pkts_info *info = &ev->handles[i];
a9de9248
MH		 2863 struct hci_conn *conn;
2864 __u16 handle, count;
2865
613a1c0c
AE		 2866 handle = __le16_to_cpu(info->handle);
2867 count = __le16_to_cpu(info->count);
a9de9248
MH		 2868
2869 conn = hci_conn_hash_lookup_handle(hdev, handle);
f4280918
AE		 2870 if (!conn)
2871 continue;
2872
2873 conn->sent -= count;
2874
2875 switch (conn->type) {
2876 case ACL_LINK:
2877 hdev->acl_cnt += count;
2878 if (hdev->acl_cnt > hdev->acl_pkts)
2879 hdev->acl_cnt = hdev->acl_pkts;
2880 break;
2881
2882 case LE_LINK:
2883 if (hdev->le_pkts) {
2884 hdev->le_cnt += count;
2885 if (hdev->le_cnt > hdev->le_pkts)
2886 hdev->le_cnt = hdev->le_pkts;
2887 } else {
70f23020
AE		 2888 hdev->acl_cnt += count;
2889 if (hdev->acl_cnt > hdev->acl_pkts)
a9de9248 2890 hdev->acl_cnt = hdev->acl_pkts;
a9de9248 2891 }
f4280918
AE		 2892 break;
2893
2894 case SCO_LINK:
2895 hdev->sco_cnt += count;
2896 if (hdev->sco_cnt > hdev->sco_pkts)
2897 hdev->sco_cnt = hdev->sco_pkts;
2898 break;
2899
2900 default:
2901 BT_ERR("Unknown type %d conn %p", conn->type, conn);
2902 break;
a9de9248
MH		 2903 }
2904 }
2905
3eff45ea 2906 queue_work(hdev->workqueue, &hdev->tx_work);
a9de9248
MH		 2907}
2908
76ef7cf7
AE		 2909static struct hci_conn *__hci_conn_lookup_handle(struct hci_dev *hdev,
2910 __u16 handle)
2911{
2912 struct hci_chan *chan;
2913
2914 switch (hdev->dev_type) {
2915 case HCI_BREDR:
2916 return hci_conn_hash_lookup_handle(hdev, handle);
2917 case HCI_AMP:
2918 chan = hci_chan_lookup_handle(hdev, handle);
2919 if (chan)
2920 return chan->conn;
2921 break;
2922 default:
2923 BT_ERR("%s unknown dev_type %d", hdev->name, hdev->dev_type);
2924 break;
2925 }
2926
2927 return NULL;
2928}
2929
6039aa73 2930static void hci_num_comp_blocks_evt(struct hci_dev *hdev, struct sk_buff *skb)
25e89e99
AE		 2931{
2932 struct hci_ev_num_comp_blocks *ev = (void *) skb->data;
2933 int i;
2934
2935 if (hdev->flow_ctl_mode != HCI_FLOW_CTL_MODE_BLOCK_BASED) {
2936 BT_ERR("Wrong event for mode %d", hdev->flow_ctl_mode);
2937 return;
2938 }
2939
2940 if (skb->len < sizeof(*ev) || skb->len < sizeof(*ev) +
807deac2 2941 ev->num_hndl * sizeof(struct hci_comp_blocks_info)) {
25e89e99
AE		 2942 BT_DBG("%s bad parameters", hdev->name);
2943 return;
2944 }
2945
2946 BT_DBG("%s num_blocks %d num_hndl %d", hdev->name, ev->num_blocks,
807deac2 2947 ev->num_hndl);
25e89e99
AE		 2948
2949 for (i = 0; i < ev->num_hndl; i++) {
2950 struct hci_comp_blocks_info *info = &ev->handles[i];
76ef7cf7 2951 struct hci_conn *conn = NULL;
25e89e99
AE		 2952 __u16 handle, block_count;
2953
2954 handle = __le16_to_cpu(info->handle);
2955 block_count = __le16_to_cpu(info->blocks);
2956
76ef7cf7 2957 conn = __hci_conn_lookup_handle(hdev, handle);
25e89e99
AE		 2958 if (!conn)
2959 continue;
2960
2961 conn->sent -= block_count;
2962
2963 switch (conn->type) {
2964 case ACL_LINK:
bd1eb66b 2965 case AMP_LINK:
25e89e99
AE		 2966 hdev->block_cnt += block_count;
2967 if (hdev->block_cnt > hdev->num_blocks)
2968 hdev->block_cnt = hdev->num_blocks;
2969 break;
2970
2971 default:
2972 BT_ERR("Unknown type %d conn %p", conn->type, conn);
2973 break;
2974 }
2975 }
2976
2977 queue_work(hdev->workqueue, &hdev->tx_work);
2978}
2979
6039aa73 2980static void hci_mode_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
04837f64 2981{
a9de9248 2982 struct hci_ev_mode_change *ev = (void *) skb->data;
04837f64
MH		 2983 struct hci_conn *conn;
2984
9f1db00c 2985 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
04837f64
MH		 2986
2987 hci_dev_lock(hdev);
2988
2989 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
a9de9248
MH		 2990 if (conn) {
2991 conn->mode = ev->mode;
a9de9248 2992
8fc9ced3
GP		 2993 if (!test_and_clear_bit(HCI_CONN_MODE_CHANGE_PEND,
2994 &conn->flags)) {
a9de9248 2995 if (conn->mode == HCI_CM_ACTIVE)
58a681ef 2996 set_bit(HCI_CONN_POWER_SAVE, &conn->flags);
a9de9248 2997 else
58a681ef 2998 clear_bit(HCI_CONN_POWER_SAVE, &conn->flags);
a9de9248 2999 }
e73439d8 3000
51a8efd7 3001 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
e73439d8 3002 hci_sco_setup(conn, ev->status);
04837f64
MH		 3003 }
3004
3005 hci_dev_unlock(hdev);
3006}
3007
6039aa73 3008static void hci_pin_code_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248 3009{
052b30b0
MH		 3010 struct hci_ev_pin_code_req *ev = (void *) skb->data;
3011 struct hci_conn *conn;
3012
a9de9248 3013 BT_DBG("%s", hdev->name);
052b30b0
MH		 3014
3015 hci_dev_lock(hdev);
3016
3017 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
b6f98044
WR		 3018 if (!conn)
3019 goto unlock;
3020
3021 if (conn->state == BT_CONNECTED) {
052b30b0
MH		 3022 hci_conn_hold(conn);
3023 conn->disc_timeout = HCI_PAIRING_TIMEOUT;
76a68ba0 3024 hci_conn_drop(conn);
052b30b0
MH		 3025 }
3026
a8b2d5c2 3027 if (!test_bit(HCI_PAIRABLE, &hdev->dev_flags))
03b555e1 3028 hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
807deac2 3029 sizeof(ev->bdaddr), &ev->bdaddr);
a8b2d5c2 3030 else if (test_bit(HCI_MGMT, &hdev->dev_flags)) {
a770bb5a
WR		 3031 u8 secure;
3032
3033 if (conn->pending_sec_level == BT_SECURITY_HIGH)
3034 secure = 1;
3035 else
3036 secure = 0;
3037
744cf19e 3038 mgmt_pin_code_request(hdev, &ev->bdaddr, secure);
a770bb5a 3039 }
980e1a53 3040
b6f98044 3041unlock:
052b30b0 3042 hci_dev_unlock(hdev);
a9de9248
MH		 3043}
3044
6039aa73 3045static void hci_link_key_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248 3046{
55ed8ca1
JH		 3047 struct hci_ev_link_key_req *ev = (void *) skb->data;
3048 struct hci_cp_link_key_reply cp;
3049 struct hci_conn *conn;
3050 struct link_key *key;
3051
a9de9248 3052 BT_DBG("%s", hdev->name);
55ed8ca1 3053
034cbea0 3054 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
55ed8ca1
JH		 3055 return;
3056
3057 hci_dev_lock(hdev);
3058
3059 key = hci_find_link_key(hdev, &ev->bdaddr);
3060 if (!key) {
6ed93dc6
AE		 3061 BT_DBG("%s link key not found for %pMR", hdev->name,
3062 &ev->bdaddr);
55ed8ca1
JH		 3063 goto not_found;
3064 }
3065
6ed93dc6
AE		 3066 BT_DBG("%s found key type %u for %pMR", hdev->name, key->type,
3067 &ev->bdaddr);
55ed8ca1 3068
55ed8ca1 3069 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
60b83f57 3070 if (conn) {
66138ce8
MH		 3071 if ((key->type == HCI_LK_UNAUTH_COMBINATION_P192 ||
3072 key->type == HCI_LK_UNAUTH_COMBINATION_P256) &&
807deac2 3073 conn->auth_type != 0xff && (conn->auth_type & 0x01)) {
60b83f57
WR		 3074 BT_DBG("%s ignoring unauthenticated key", hdev->name);
3075 goto not_found;
3076 }
55ed8ca1 3077
60b83f57 3078 if (key->type == HCI_LK_COMBINATION && key->pin_len < 16 &&
f3fb0b58
JH		 3079 (conn->pending_sec_level == BT_SECURITY_HIGH ||
3080 conn->pending_sec_level == BT_SECURITY_FIPS)) {
8fc9ced3
GP		 3081 BT_DBG("%s ignoring key unauthenticated for high security",
3082 hdev->name);
60b83f57
WR		 3083 goto not_found;
3084 }
3085
3086 conn->key_type = key->type;
3087 conn->pin_length = key->pin_len;
55ed8ca1
JH		 3088 }
3089
3090 bacpy(&cp.bdaddr, &ev->bdaddr);
9b3b4460 3091 memcpy(cp.link_key, key->val, HCI_LINK_KEY_SIZE);
55ed8ca1
JH		 3092
3093 hci_send_cmd(hdev, HCI_OP_LINK_KEY_REPLY, sizeof(cp), &cp);
3094
3095 hci_dev_unlock(hdev);
3096
3097 return;
3098
3099not_found:
3100 hci_send_cmd(hdev, HCI_OP_LINK_KEY_NEG_REPLY, 6, &ev->bdaddr);
3101 hci_dev_unlock(hdev);
a9de9248
MH		 3102}
3103
6039aa73 3104static void hci_link_key_notify_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248 3105{
052b30b0
MH		 3106 struct hci_ev_link_key_notify *ev = (void *) skb->data;
3107 struct hci_conn *conn;
7652ff6a
JH		 3108 struct link_key *key;
3109 bool persistent;
55ed8ca1 3110 u8 pin_len = 0;
052b30b0 3111
a9de9248 3112 BT_DBG("%s", hdev->name);
052b30b0
MH		 3113
3114 hci_dev_lock(hdev);
3115
3116 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3117 if (conn) {
3118 hci_conn_hold(conn);
3119 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
980e1a53 3120 pin_len = conn->pin_length;
13d39315
WR		 3121
3122 if (ev->key_type != HCI_LK_CHANGED_COMBINATION)
3123 conn->key_type = ev->key_type;
3124
76a68ba0 3125 hci_conn_drop(conn);
052b30b0
MH		 3126 }
3127
7652ff6a
JH		 3128 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
3129 goto unlock;
3130
3131 key = hci_add_link_key(hdev, conn, &ev->bdaddr, ev->link_key,
3132 ev->key_type, pin_len, &persistent);
3133 if (!key)
3134 goto unlock;
3135
3136 mgmt_new_link_key(hdev, key, persistent);
55ed8ca1 3137
6d5650c4
JH		 3138 /* Keep debug keys around only if the HCI_KEEP_DEBUG_KEYS flag
3139 * is set. If it's not set simply remove the key from the kernel
3140 * list (we've still notified user space about it but with
3141 * store_hint being 0).
3142 */
3143 if (key->type == HCI_LK_DEBUG_COMBINATION &&
3144 !test_bit(HCI_KEEP_DEBUG_KEYS, &hdev->dev_flags)) {
3145 list_del(&key->list);
3146 kfree(key);
3147 } else if (conn) {
7652ff6a 3148 conn->flush_key = !persistent;
6d5650c4 3149 }
7652ff6a
JH		 3150
3151unlock:
052b30b0 3152 hci_dev_unlock(hdev);
a9de9248
MH		 3153}
3154
6039aa73 3155static void hci_clock_offset_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 3156{
a9de9248 3157 struct hci_ev_clock_offset *ev = (void *) skb->data;
04837f64 3158 struct hci_conn *conn;
1da177e4 3159
9f1db00c 3160 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
1da177e4
LT		 3161
3162 hci_dev_lock(hdev);
3163
04837f64 3164 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1da177e4
LT		 3165 if (conn && !ev->status) {
3166 struct inquiry_entry *ie;
3167
cc11b9c1
AE		 3168 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
3169 if (ie) {
1da177e4
LT		 3170 ie->data.clock_offset = ev->clock_offset;
3171 ie->timestamp = jiffies;
3172 }
3173 }
3174
3175 hci_dev_unlock(hdev);
3176}
3177
6039aa73 3178static void hci_pkt_type_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
a8746417
MH		 3179{
3180 struct hci_ev_pkt_type_change *ev = (void *) skb->data;
3181 struct hci_conn *conn;
3182
9f1db00c 3183 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
a8746417
MH		 3184
3185 hci_dev_lock(hdev);
3186
3187 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
3188 if (conn && !ev->status)
3189 conn->pkt_type = __le16_to_cpu(ev->pkt_type);
3190
3191 hci_dev_unlock(hdev);
3192}
3193
6039aa73 3194static void hci_pscan_rep_mode_evt(struct hci_dev *hdev, struct sk_buff *skb)
85a1e930 3195{
a9de9248 3196 struct hci_ev_pscan_rep_mode *ev = (void *) skb->data;
85a1e930
MH		 3197 struct inquiry_entry *ie;
3198
3199 BT_DBG("%s", hdev->name);
3200
3201 hci_dev_lock(hdev);
3202
cc11b9c1
AE		 3203 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
3204 if (ie) {
85a1e930
MH		 3205 ie->data.pscan_rep_mode = ev->pscan_rep_mode;
3206 ie->timestamp = jiffies;
3207 }
3208
3209 hci_dev_unlock(hdev);
3210}
3211
6039aa73
GP		 3212static void hci_inquiry_result_with_rssi_evt(struct hci_dev *hdev,
3213 struct sk_buff *skb)
a9de9248
MH		 3214{
3215 struct inquiry_data data;
3216 int num_rsp = *((__u8 *) skb->data);
388fc8fa 3217 bool name_known, ssp;
a9de9248
MH		 3218
3219 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
3220
3221 if (!num_rsp)
3222 return;
3223
1519cc17
AG		 3224 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags))
3225 return;
3226
a9de9248
MH		 3227 hci_dev_lock(hdev);
3228
3229 if ((skb->len - 1) / num_rsp != sizeof(struct inquiry_info_with_rssi)) {
138d22ef
SJ		 3230 struct inquiry_info_with_rssi_and_pscan_mode *info;
3231 info = (void *) (skb->data + 1);
a9de9248 3232
e17acd40 3233 for (; num_rsp; num_rsp--, info++) {
a9de9248
MH		 3234 bacpy(&data.bdaddr, &info->bdaddr);
3235 data.pscan_rep_mode = info->pscan_rep_mode;
3236 data.pscan_period_mode = info->pscan_period_mode;
3237 data.pscan_mode = info->pscan_mode;
3238 memcpy(data.dev_class, info->dev_class, 3);
3239 data.clock_offset = info->clock_offset;
3240 data.rssi = info->rssi;
41a96212 3241 data.ssp_mode = 0x00;
3175405b
JH		 3242
3243 name_known = hci_inquiry_cache_update(hdev, &data,
04124681 3244 false, &ssp);
48264f06 3245 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
04124681 3246 info->dev_class, info->rssi,
5d2e9fad 3247 !name_known, ssp, NULL, 0, NULL, 0);
a9de9248
MH		 3248 }
3249 } else {
3250 struct inquiry_info_with_rssi *info = (void *) (skb->data + 1);
3251
e17acd40 3252 for (; num_rsp; num_rsp--, info++) {
a9de9248
MH		 3253 bacpy(&data.bdaddr, &info->bdaddr);
3254 data.pscan_rep_mode = info->pscan_rep_mode;
3255 data.pscan_period_mode = info->pscan_period_mode;
3256 data.pscan_mode = 0x00;
3257 memcpy(data.dev_class, info->dev_class, 3);
3258 data.clock_offset = info->clock_offset;
3259 data.rssi = info->rssi;
41a96212 3260 data.ssp_mode = 0x00;
3175405b 3261 name_known = hci_inquiry_cache_update(hdev, &data,
04124681 3262 false, &ssp);
48264f06 3263 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
04124681 3264 info->dev_class, info->rssi,
5d2e9fad 3265 !name_known, ssp, NULL, 0, NULL, 0);
a9de9248
MH		 3266 }
3267 }
3268
3269 hci_dev_unlock(hdev);
3270}
3271
6039aa73
GP		 3272static void hci_remote_ext_features_evt(struct hci_dev *hdev,
3273 struct sk_buff *skb)
a9de9248 3274{
41a96212
MH		 3275 struct hci_ev_remote_ext_features *ev = (void *) skb->data;
3276 struct hci_conn *conn;
3277
a9de9248 3278 BT_DBG("%s", hdev->name);
41a96212 3279
41a96212
MH		 3280 hci_dev_lock(hdev);
3281
3282 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
ccd556fe
JH		 3283 if (!conn)
3284 goto unlock;
41a96212 3285
cad718ed
JH		 3286 if (ev->page < HCI_MAX_PAGES)
3287 memcpy(conn->features[ev->page], ev->features, 8);
3288
ccd556fe
JH		 3289 if (!ev->status && ev->page == 0x01) {
3290 struct inquiry_entry *ie;
41a96212 3291
cc11b9c1
AE		 3292 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
3293 if (ie)
02b7cc62 3294 ie->data.ssp_mode = (ev->features[0] & LMP_HOST_SSP);
769be974 3295
bbb0eada 3296 if (ev->features[0] & LMP_HOST_SSP) {
58a681ef 3297 set_bit(HCI_CONN_SSP_ENABLED, &conn->flags);
bbb0eada
JK		 3298 } else {
3299 /* It is mandatory by the Bluetooth specification that
3300 * Extended Inquiry Results are only used when Secure
3301 * Simple Pairing is enabled, but some devices violate
3302 * this.
3303 *
3304 * To make these devices work, the internal SSP
3305 * enabled flag needs to be cleared if the remote host
3306 * features do not indicate SSP support */
3307 clear_bit(HCI_CONN_SSP_ENABLED, &conn->flags);
3308 }
eb9a8f3f
MH		 3309
3310 if (ev->features[0] & LMP_HOST_SC)
3311 set_bit(HCI_CONN_SC_ENABLED, &conn->flags);
ccd556fe
JH		 3312 }
3313
3314 if (conn->state != BT_CONFIG)
3315 goto unlock;
3316
671267bf 3317 if (!ev->status && !test_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags)) {
127178d2
JH		 3318 struct hci_cp_remote_name_req cp;
3319 memset(&cp, 0, sizeof(cp));
3320 bacpy(&cp.bdaddr, &conn->dst);
3321 cp.pscan_rep_mode = 0x02;
3322 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
b644ba33
JH		 3323 } else if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
3324 mgmt_device_connected(hdev, &conn->dst, conn->type,
04124681
GP		 3325 conn->dst_type, 0, NULL, 0,
3326 conn->dev_class);
392599b9 3327
127178d2 3328 if (!hci_outgoing_auth_needed(hdev, conn)) {
ccd556fe
JH		 3329 conn->state = BT_CONNECTED;
3330 hci_proto_connect_cfm(conn, ev->status);
76a68ba0 3331 hci_conn_drop(conn);
41a96212
MH		 3332 }
3333
ccd556fe 3334unlock:
41a96212 3335 hci_dev_unlock(hdev);
a9de9248
MH		 3336}
3337
6039aa73
GP		 3338static void hci_sync_conn_complete_evt(struct hci_dev *hdev,
3339 struct sk_buff *skb)
a9de9248 3340{
b6a0dc82
MH		 3341 struct hci_ev_sync_conn_complete *ev = (void *) skb->data;
3342 struct hci_conn *conn;
3343
9f1db00c 3344 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
b6a0dc82
MH		 3345
3346 hci_dev_lock(hdev);
3347
3348 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
9dc0a3af
MH		 3349 if (!conn) {
3350 if (ev->link_type == ESCO_LINK)
3351 goto unlock;
3352
3353 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
3354 if (!conn)
3355 goto unlock;
3356
3357 conn->type = SCO_LINK;
3358 }
b6a0dc82 3359
732547f9
MH		 3360 switch (ev->status) {
3361 case 0x00:
b6a0dc82
MH		 3362 conn->handle = __le16_to_cpu(ev->handle);
3363 conn->state = BT_CONNECTED;
7d0db0a3
MH		 3364
3365 hci_conn_add_sysfs(conn);
732547f9
MH		 3366 break;
3367
1a4c958c 3368 case 0x0d: /* Connection Rejected due to Limited Resources */
705e5711 3369 case 0x11: /* Unsupported Feature or Parameter Value */
732547f9 3370 case 0x1c: /* SCO interval rejected */
1038a00b 3371 case 0x1a: /* Unsupported Remote Feature */
732547f9 3372 case 0x1f: /* Unspecified error */
27539bc4 3373 case 0x20: /* Unsupported LMP Parameter value */
2dea632f 3374 if (conn->out) {
732547f9
MH		 3375 conn->pkt_type = (hdev->esco_type & SCO_ESCO_MASK) |
3376 (hdev->esco_type & EDR_ESCO_MASK);
2dea632f
FD		 3377 if (hci_setup_sync(conn, conn->link->handle))
3378 goto unlock;
732547f9
MH		 3379 }
3380 /* fall through */
3381
3382 default:
b6a0dc82 3383 conn->state = BT_CLOSED;
732547f9
MH		 3384 break;
3385 }
b6a0dc82
MH		 3386
3387 hci_proto_connect_cfm(conn, ev->status);
3388 if (ev->status)
3389 hci_conn_del(conn);
3390
3391unlock:
3392 hci_dev_unlock(hdev);
a9de9248
MH		 3393}
3394
efdcf8e3
MH		 3395static inline size_t eir_get_length(u8 *eir, size_t eir_len)
3396{
3397 size_t parsed = 0;
3398
3399 while (parsed < eir_len) {
3400 u8 field_len = eir[0];
3401
3402 if (field_len == 0)
3403 return parsed;
3404
3405 parsed += field_len + 1;
3406 eir += field_len + 1;
3407 }
3408
3409 return eir_len;
3410}
3411
6039aa73
GP		 3412static void hci_extended_inquiry_result_evt(struct hci_dev *hdev,
3413 struct sk_buff *skb)
1da177e4 3414{
a9de9248
MH		 3415 struct inquiry_data data;
3416 struct extended_inquiry_info *info = (void *) (skb->data + 1);
3417 int num_rsp = *((__u8 *) skb->data);
9d939d94 3418 size_t eir_len;
1da177e4 3419
a9de9248 3420 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
1da177e4 3421
a9de9248
MH		 3422 if (!num_rsp)
3423 return;
1da177e4 3424
1519cc17
AG		 3425 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags))
3426 return;
3427
a9de9248
MH		 3428 hci_dev_lock(hdev);
3429
e17acd40 3430 for (; num_rsp; num_rsp--, info++) {
388fc8fa 3431 bool name_known, ssp;
561aafbc 3432
a9de9248 3433 bacpy(&data.bdaddr, &info->bdaddr);
138d22ef
SJ		 3434 data.pscan_rep_mode = info->pscan_rep_mode;
3435 data.pscan_period_mode = info->pscan_period_mode;
3436 data.pscan_mode = 0x00;
a9de9248 3437 memcpy(data.dev_class, info->dev_class, 3);
138d22ef
SJ		 3438 data.clock_offset = info->clock_offset;
3439 data.rssi = info->rssi;
41a96212 3440 data.ssp_mode = 0x01;
561aafbc 3441
a8b2d5c2 3442 if (test_bit(HCI_MGMT, &hdev->dev_flags))
4ddb1930 3443 name_known = eir_has_data_type(info->data,
04124681
GP		 3444 sizeof(info->data),
3445 EIR_NAME_COMPLETE);
561aafbc
JH		 3446 else
3447 name_known = true;
3448
388fc8fa 3449 name_known = hci_inquiry_cache_update(hdev, &data, name_known,
04124681 3450 &ssp);
9d939d94 3451 eir_len = eir_get_length(info->data, sizeof(info->data));
48264f06 3452 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
04124681 3453 info->dev_class, info->rssi, !name_known,
5d2e9fad 3454 ssp, info->data, eir_len, NULL, 0);
a9de9248
MH		 3455 }
3456
3457 hci_dev_unlock(hdev);
3458}
1da177e4 3459
1c2e0041
JH		 3460static void hci_key_refresh_complete_evt(struct hci_dev *hdev,
3461 struct sk_buff *skb)
3462{
3463 struct hci_ev_key_refresh_complete *ev = (void *) skb->data;
3464 struct hci_conn *conn;
3465
9f1db00c 3466 BT_DBG("%s status 0x%2.2x handle 0x%4.4x", hdev->name, ev->status,
1c2e0041
JH		 3467 __le16_to_cpu(ev->handle));
3468
3469 hci_dev_lock(hdev);
3470
3471 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
3472 if (!conn)
3473 goto unlock;
3474
9eb1fbfa
JH		 3475 /* For BR/EDR the necessary steps are taken through the
3476 * auth_complete event.
3477 */
3478 if (conn->type != LE_LINK)
3479 goto unlock;
3480
1c2e0041
JH		 3481 if (!ev->status)
3482 conn->sec_level = conn->pending_sec_level;
3483
3484 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
3485
3486 if (ev->status && conn->state == BT_CONNECTED) {
bed71748 3487 hci_disconnect(conn, HCI_ERROR_AUTH_FAILURE);
76a68ba0 3488 hci_conn_drop(conn);
1c2e0041
JH		 3489 goto unlock;
3490 }
3491
3492 if (conn->state == BT_CONFIG) {
3493 if (!ev->status)
3494 conn->state = BT_CONNECTED;
3495
3496 hci_proto_connect_cfm(conn, ev->status);
76a68ba0 3497 hci_conn_drop(conn);
1c2e0041
JH		 3498 } else {
3499 hci_auth_cfm(conn, ev->status);
3500
3501 hci_conn_hold(conn);
3502 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
76a68ba0 3503 hci_conn_drop(conn);
1c2e0041
JH		 3504 }
3505
3506unlock:
3507 hci_dev_unlock(hdev);
3508}
3509
6039aa73 3510static u8 hci_get_auth_req(struct hci_conn *conn)
17fa4b9d 3511{
17fa4b9d 3512 /* If remote requests no-bonding follow that lead */
acabae96
MA		 3513 if (conn->remote_auth == HCI_AT_NO_BONDING ||
3514 conn->remote_auth == HCI_AT_NO_BONDING_MITM)
58797bf7 3515 return conn->remote_auth | (conn->auth_type & 0x01);
17fa4b9d 3516
b7f94c88
MA		 3517 /* If both remote and local have enough IO capabilities, require
3518 * MITM protection
3519 */
3520 if (conn->remote_cap != HCI_IO_NO_INPUT_OUTPUT &&
3521 conn->io_capability != HCI_IO_NO_INPUT_OUTPUT)
3522 return conn->remote_auth | 0x01;
3523
7e74170a
TM		 3524 /* No MITM protection possible so ignore remote requirement */
3525 return (conn->remote_auth & ~0x01) | (conn->auth_type & 0x01);
17fa4b9d
JH		 3526}
3527
6039aa73 3528static void hci_io_capa_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
0493684e
MH		 3529{
3530 struct hci_ev_io_capa_request *ev = (void *) skb->data;
3531 struct hci_conn *conn;
3532
3533 BT_DBG("%s", hdev->name);
3534
3535 hci_dev_lock(hdev);
3536
3537 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
03b555e1
JH		 3538 if (!conn)
3539 goto unlock;
3540
3541 hci_conn_hold(conn);
3542
a8b2d5c2 3543 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
03b555e1
JH		 3544 goto unlock;
3545
a8b2d5c2 3546 if (test_bit(HCI_PAIRABLE, &hdev->dev_flags) ||
807deac2 3547 (conn->remote_auth & ~0x01) == HCI_AT_NO_BONDING) {
17fa4b9d
JH		 3548 struct hci_cp_io_capability_reply cp;
3549
3550 bacpy(&cp.bdaddr, &ev->bdaddr);
7a7f1e7c
HG		 3551 /* Change the IO capability from KeyboardDisplay
3552 * to DisplayYesNo as it is not supported by BT spec. */
3553 cp.capability = (conn->io_capability == 0x04) ?
a767631a 3554 HCI_IO_DISPLAY_YESNO : conn->io_capability;
b7f94c88
MA		 3555
3556 /* If we are initiators, there is no remote information yet */
3557 if (conn->remote_auth == 0xff) {
3558 cp.authentication = conn->auth_type;
6fd6b915 3559
b16c6604 3560 /* Request MITM protection if our IO caps allow it
4ad51a75
JH		 3561 * except for the no-bonding case.
3562 * conn->auth_type is not updated here since
3563 * that might cause the user confirmation to be
3564 * rejected in case the remote doesn't have the
3565 * IO capabilities for MITM.
b16c6604 3566 */
6fd6b915 3567 if (conn->io_capability != HCI_IO_NO_INPUT_OUTPUT &&
b16c6604 3568 cp.authentication != HCI_AT_NO_BONDING)
6fd6b915 3569 cp.authentication |= 0x01;
b7f94c88
MA		 3570 } else {
3571 conn->auth_type = hci_get_auth_req(conn);
3572 cp.authentication = conn->auth_type;
3573 }
17fa4b9d 3574
8fc9ced3
GP		 3575 if (hci_find_remote_oob_data(hdev, &conn->dst) &&
3576 (conn->out || test_bit(HCI_CONN_REMOTE_OOB, &conn->flags)))
ce85ee13
SJ		 3577 cp.oob_data = 0x01;
3578 else
3579 cp.oob_data = 0x00;
3580
17fa4b9d 3581 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_REPLY,
807deac2 3582 sizeof(cp), &cp);
03b555e1
JH		 3583 } else {
3584 struct hci_cp_io_capability_neg_reply cp;
3585
3586 bacpy(&cp.bdaddr, &ev->bdaddr);
9f5a0d7b 3587 cp.reason = HCI_ERROR_PAIRING_NOT_ALLOWED;
0493684e 3588
03b555e1 3589 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_NEG_REPLY,
807deac2 3590 sizeof(cp), &cp);
03b555e1
JH		 3591 }
3592
3593unlock:
3594 hci_dev_unlock(hdev);
3595}
3596
6039aa73 3597static void hci_io_capa_reply_evt(struct hci_dev *hdev, struct sk_buff *skb)
03b555e1
JH		 3598{
3599 struct hci_ev_io_capa_reply *ev = (void *) skb->data;
3600 struct hci_conn *conn;
3601
3602 BT_DBG("%s", hdev->name);
3603
3604 hci_dev_lock(hdev);
3605
3606 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3607 if (!conn)
3608 goto unlock;
3609
03b555e1 3610 conn->remote_cap = ev->capability;
03b555e1 3611 conn->remote_auth = ev->authentication;
58a681ef
JH		 3612 if (ev->oob_data)
3613 set_bit(HCI_CONN_REMOTE_OOB, &conn->flags);
03b555e1
JH		 3614
3615unlock:
0493684e
MH		 3616 hci_dev_unlock(hdev);
3617}
3618
6039aa73
GP		 3619static void hci_user_confirm_request_evt(struct hci_dev *hdev,
3620 struct sk_buff *skb)
a5c29683
JH		 3621{
3622 struct hci_ev_user_confirm_req *ev = (void *) skb->data;
55bc1a37 3623 int loc_mitm, rem_mitm, confirm_hint = 0;
7a828908 3624 struct hci_conn *conn;
a5c29683
JH		 3625
3626 BT_DBG("%s", hdev->name);
3627
3628 hci_dev_lock(hdev);
3629
a8b2d5c2 3630 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
7a828908 3631 goto unlock;
a5c29683 3632
7a828908
JH		 3633 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3634 if (!conn)
3635 goto unlock;
3636
3637 loc_mitm = (conn->auth_type & 0x01);
3638 rem_mitm = (conn->remote_auth & 0x01);
3639
3640 /* If we require MITM but the remote device can't provide that
6fd6b915
MA		 3641 * (it has NoInputNoOutput) then reject the confirmation request
3642 */
3643 if (loc_mitm && conn->remote_cap == HCI_IO_NO_INPUT_OUTPUT) {
7a828908
JH		 3644 BT_DBG("Rejecting request: remote device can't provide MITM");
3645 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_NEG_REPLY,
807deac2 3646 sizeof(ev->bdaddr), &ev->bdaddr);
7a828908
JH		 3647 goto unlock;
3648 }
3649
3650 /* If no side requires MITM protection; auto-accept */
a767631a
MA		 3651 if ((!loc_mitm || conn->remote_cap == HCI_IO_NO_INPUT_OUTPUT) &&
3652 (!rem_mitm || conn->io_capability == HCI_IO_NO_INPUT_OUTPUT)) {
55bc1a37
JH		 3653
3654 /* If we're not the initiators request authorization to
3655 * proceed from user space (mgmt_user_confirm with
ba15a58b
JH		 3656 * confirm_hint set to 1). The exception is if neither
3657 * side had MITM in which case we do auto-accept.
3658 */
3659 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->flags) &&
3660 (loc_mitm || rem_mitm)) {
55bc1a37
JH		 3661 BT_DBG("Confirming auto-accept as acceptor");
3662 confirm_hint = 1;
3663 goto confirm;
3664 }
3665
9f61656a 3666 BT_DBG("Auto-accept of user confirmation with %ums delay",
807deac2 3667 hdev->auto_accept_delay);
9f61656a
JH		 3668
3669 if (hdev->auto_accept_delay > 0) {
3670 int delay = msecs_to_jiffies(hdev->auto_accept_delay);
7bc18d9d
JH		 3671 queue_delayed_work(conn->hdev->workqueue,
3672 &conn->auto_accept_work, delay);
9f61656a
JH		 3673 goto unlock;
3674 }
3675
7a828908 3676 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_REPLY,
807deac2 3677 sizeof(ev->bdaddr), &ev->bdaddr);
7a828908
JH		 3678 goto unlock;
3679 }
3680
55bc1a37 3681confirm:
39adbffe
JH		 3682 mgmt_user_confirm_request(hdev, &ev->bdaddr, ACL_LINK, 0,
3683 le32_to_cpu(ev->passkey), confirm_hint);
7a828908
JH		 3684
3685unlock:
a5c29683
JH		 3686 hci_dev_unlock(hdev);
3687}
3688
6039aa73
GP		 3689static void hci_user_passkey_request_evt(struct hci_dev *hdev,
3690 struct sk_buff *skb)
1143d458
BG		 3691{
3692 struct hci_ev_user_passkey_req *ev = (void *) skb->data;
3693
3694 BT_DBG("%s", hdev->name);
3695
a8b2d5c2 3696 if (test_bit(HCI_MGMT, &hdev->dev_flags))
272d90df 3697 mgmt_user_passkey_request(hdev, &ev->bdaddr, ACL_LINK, 0);
1143d458
BG		 3698}
3699
92a25256
JH		 3700static void hci_user_passkey_notify_evt(struct hci_dev *hdev,
3701 struct sk_buff *skb)
3702{
3703 struct hci_ev_user_passkey_notify *ev = (void *) skb->data;
3704 struct hci_conn *conn;
3705
3706 BT_DBG("%s", hdev->name);
3707
3708 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3709 if (!conn)
3710 return;
3711
3712 conn->passkey_notify = __le32_to_cpu(ev->passkey);
3713 conn->passkey_entered = 0;
3714
3715 if (test_bit(HCI_MGMT, &hdev->dev_flags))
3716 mgmt_user_passkey_notify(hdev, &conn->dst, conn->type,
3717 conn->dst_type, conn->passkey_notify,
3718 conn->passkey_entered);
3719}
3720
3721static void hci_keypress_notify_evt(struct hci_dev *hdev, struct sk_buff *skb)
3722{
3723 struct hci_ev_keypress_notify *ev = (void *) skb->data;
3724 struct hci_conn *conn;
3725
3726 BT_DBG("%s", hdev->name);
3727
3728 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3729 if (!conn)
3730 return;
3731
3732 switch (ev->type) {
3733 case HCI_KEYPRESS_STARTED:
3734 conn->passkey_entered = 0;
3735 return;
3736
3737 case HCI_KEYPRESS_ENTERED:
3738 conn->passkey_entered++;
3739 break;
3740
3741 case HCI_KEYPRESS_ERASED:
3742 conn->passkey_entered--;
3743 break;
3744
3745 case HCI_KEYPRESS_CLEARED:
3746 conn->passkey_entered = 0;
3747 break;
3748
3749 case HCI_KEYPRESS_COMPLETED:
3750 return;
3751 }
3752
3753 if (test_bit(HCI_MGMT, &hdev->dev_flags))
3754 mgmt_user_passkey_notify(hdev, &conn->dst, conn->type,
3755 conn->dst_type, conn->passkey_notify,
3756 conn->passkey_entered);
3757}
3758
6039aa73
GP		 3759static void hci_simple_pair_complete_evt(struct hci_dev *hdev,
3760 struct sk_buff *skb)
0493684e
MH		 3761{
3762 struct hci_ev_simple_pair_complete *ev = (void *) skb->data;
3763 struct hci_conn *conn;
3764
3765 BT_DBG("%s", hdev->name);
3766
3767 hci_dev_lock(hdev);
3768
3769 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2a611692
JH		 3770 if (!conn)
3771 goto unlock;
3772
3773 /* To avoid duplicate auth_failed events to user space we check
3774 * the HCI_CONN_AUTH_PEND flag which will be set if we
3775 * initiated the authentication. A traditional auth_complete
3776 * event gets always produced as initiator and is also mapped to
3777 * the mgmt_auth_failed event */
fa1bd918 3778 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->flags) && ev->status)
bab73cb6 3779 mgmt_auth_failed(hdev, &conn->dst, conn->type, conn->dst_type,
04124681 3780 ev->status);
0493684e 3781
76a68ba0 3782 hci_conn_drop(conn);
2a611692
JH		 3783
3784unlock:
0493684e
MH		 3785 hci_dev_unlock(hdev);
3786}
3787
6039aa73
GP		 3788static void hci_remote_host_features_evt(struct hci_dev *hdev,
3789 struct sk_buff *skb)
41a96212
MH		 3790{
3791 struct hci_ev_remote_host_features *ev = (void *) skb->data;
3792 struct inquiry_entry *ie;
cad718ed 3793 struct hci_conn *conn;
41a96212
MH		 3794
3795 BT_DBG("%s", hdev->name);
3796
3797 hci_dev_lock(hdev);
3798
cad718ed
JH		 3799 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3800 if (conn)
3801 memcpy(conn->features[1], ev->features, 8);
3802
cc11b9c1
AE		 3803 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
3804 if (ie)
02b7cc62 3805 ie->data.ssp_mode = (ev->features[0] & LMP_HOST_SSP);
41a96212
MH		 3806
3807 hci_dev_unlock(hdev);
3808}
3809
6039aa73
GP		 3810static void hci_remote_oob_data_request_evt(struct hci_dev *hdev,
3811 struct sk_buff *skb)
2763eda6
SJ		 3812{
3813 struct hci_ev_remote_oob_data_request *ev = (void *) skb->data;
3814 struct oob_data *data;
3815
3816 BT_DBG("%s", hdev->name);
3817
3818 hci_dev_lock(hdev);
3819
a8b2d5c2 3820 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
e1ba1f15
SJ		 3821 goto unlock;
3822
2763eda6
SJ		 3823 data = hci_find_remote_oob_data(hdev, &ev->bdaddr);
3824 if (data) {
519ca9d0
MH		 3825 if (test_bit(HCI_SC_ENABLED, &hdev->dev_flags)) {
3826 struct hci_cp_remote_oob_ext_data_reply cp;
2763eda6 3827
519ca9d0
MH		 3828 bacpy(&cp.bdaddr, &ev->bdaddr);
3829 memcpy(cp.hash192, data->hash192, sizeof(cp.hash192));
3830 memcpy(cp.randomizer192, data->randomizer192,
3831 sizeof(cp.randomizer192));
3832 memcpy(cp.hash256, data->hash256, sizeof(cp.hash256));
3833 memcpy(cp.randomizer256, data->randomizer256,
3834 sizeof(cp.randomizer256));
3835
3836 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_EXT_DATA_REPLY,
3837 sizeof(cp), &cp);
3838 } else {
3839 struct hci_cp_remote_oob_data_reply cp;
2763eda6 3840
519ca9d0
MH		 3841 bacpy(&cp.bdaddr, &ev->bdaddr);
3842 memcpy(cp.hash, data->hash192, sizeof(cp.hash));
3843 memcpy(cp.randomizer, data->randomizer192,
3844 sizeof(cp.randomizer));
3845
3846 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_REPLY,
3847 sizeof(cp), &cp);
3848 }
2763eda6
SJ		 3849 } else {
3850 struct hci_cp_remote_oob_data_neg_reply cp;
3851
3852 bacpy(&cp.bdaddr, &ev->bdaddr);
519ca9d0
MH		 3853 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_NEG_REPLY,
3854 sizeof(cp), &cp);
2763eda6
SJ		 3855 }
3856
e1ba1f15 3857unlock:
2763eda6
SJ		 3858 hci_dev_unlock(hdev);
3859}
3860
d5e91192
AE		 3861static void hci_phy_link_complete_evt(struct hci_dev *hdev,
3862 struct sk_buff *skb)
3863{
3864 struct hci_ev_phy_link_complete *ev = (void *) skb->data;
3865 struct hci_conn *hcon, *bredr_hcon;
3866
3867 BT_DBG("%s handle 0x%2.2x status 0x%2.2x", hdev->name, ev->phy_handle,
3868 ev->status);
3869
3870 hci_dev_lock(hdev);
3871
3872 hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
3873 if (!hcon) {
3874 hci_dev_unlock(hdev);
3875 return;
3876 }
3877
3878 if (ev->status) {
3879 hci_conn_del(hcon);
3880 hci_dev_unlock(hdev);
3881 return;
3882 }
3883
3884 bredr_hcon = hcon->amp_mgr->l2cap_conn->hcon;
3885
3886 hcon->state = BT_CONNECTED;
3887 bacpy(&hcon->dst, &bredr_hcon->dst);
3888
3889 hci_conn_hold(hcon);
3890 hcon->disc_timeout = HCI_DISCONN_TIMEOUT;
76a68ba0 3891 hci_conn_drop(hcon);
d5e91192 3892
d5e91192
AE		 3893 hci_conn_add_sysfs(hcon);
3894
cf70ff22 3895 amp_physical_cfm(bredr_hcon, hcon);
d5e91192 3896
cf70ff22 3897 hci_dev_unlock(hdev);
d5e91192
AE		 3898}
3899
27695fb4
AE		 3900static void hci_loglink_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
3901{
3902 struct hci_ev_logical_link_complete *ev = (void *) skb->data;
3903 struct hci_conn *hcon;
3904 struct hci_chan *hchan;
3905 struct amp_mgr *mgr;
3906
3907 BT_DBG("%s log_handle 0x%4.4x phy_handle 0x%2.2x status 0x%2.2x",
3908 hdev->name, le16_to_cpu(ev->handle), ev->phy_handle,
3909 ev->status);
3910
3911 hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
3912 if (!hcon)
3913 return;
3914
3915 /* Create AMP hchan */
3916 hchan = hci_chan_create(hcon);
3917 if (!hchan)
3918 return;
3919
3920 hchan->handle = le16_to_cpu(ev->handle);
3921
3922 BT_DBG("hcon %p mgr %p hchan %p", hcon, hcon->amp_mgr, hchan);
3923
3924 mgr = hcon->amp_mgr;
3925 if (mgr && mgr->bredr_chan) {
3926 struct l2cap_chan *bredr_chan = mgr->bredr_chan;
3927
3928 l2cap_chan_lock(bredr_chan);
3929
3930 bredr_chan->conn->mtu = hdev->block_mtu;
3931 l2cap_logical_cfm(bredr_chan, hchan, 0);
3932 hci_conn_hold(hcon);
3933
3934 l2cap_chan_unlock(bredr_chan);
3935 }
3936}
3937
606e2a10
AE		 3938static void hci_disconn_loglink_complete_evt(struct hci_dev *hdev,
3939 struct sk_buff *skb)
3940{
3941 struct hci_ev_disconn_logical_link_complete *ev = (void *) skb->data;
3942 struct hci_chan *hchan;
3943
3944 BT_DBG("%s log handle 0x%4.4x status 0x%2.2x", hdev->name,
3945 le16_to_cpu(ev->handle), ev->status);
3946
3947 if (ev->status)
3948 return;
3949
3950 hci_dev_lock(hdev);
3951
3952 hchan = hci_chan_lookup_handle(hdev, le16_to_cpu(ev->handle));
3953 if (!hchan)
3954 goto unlock;
3955
3956 amp_destroy_logical_link(hchan, ev->reason);
3957
3958unlock:
3959 hci_dev_unlock(hdev);
3960}
3961
9eef6b3a
AE		 3962static void hci_disconn_phylink_complete_evt(struct hci_dev *hdev,
3963 struct sk_buff *skb)
3964{
3965 struct hci_ev_disconn_phy_link_complete *ev = (void *) skb->data;
3966 struct hci_conn *hcon;
3967
3968 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
3969
3970 if (ev->status)
3971 return;
3972
3973 hci_dev_lock(hdev);
3974
3975 hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
3976 if (hcon) {
3977 hcon->state = BT_CLOSED;
3978 hci_conn_del(hcon);
3979 }
3980
3981 hci_dev_unlock(hdev);
3982}
3983
6039aa73 3984static void hci_le_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
fcd89c09
VT		 3985{
3986 struct hci_ev_le_conn_complete *ev = (void *) skb->data;
3987 struct hci_conn *conn;
68d6f6de 3988 struct smp_irk *irk;
fcd89c09 3989
9f1db00c 3990 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
fcd89c09
VT		 3991
3992 hci_dev_lock(hdev);
3993
b47a09b3 3994 conn = hci_conn_hash_lookup_state(hdev, LE_LINK, BT_CONNECT);
b62f328b
VT		 3995 if (!conn) {
3996 conn = hci_conn_add(hdev, LE_LINK, &ev->bdaddr);
3997 if (!conn) {
3998 BT_ERR("No memory for new connection");
230fd16a 3999 goto unlock;
b62f328b 4000 }
29b7988a
AG		 4001
4002 conn->dst_type = ev->bdaddr_type;
b9b343d2
AG		 4003
4004 if (ev->role == LE_CONN_ROLE_MASTER) {
4005 conn->out = true;
4006 conn->link_mode |= HCI_LM_MASTER;
4007 }
cb1d68f7
JH		 4008
4009 /* If we didn't have a hci_conn object previously
4010 * but we're in master role this must be something
4011 * initiated using a white list. Since white list based
4012 * connections are not "first class citizens" we don't
4013 * have full tracking of them. Therefore, we go ahead
4014 * with a "best effort" approach of determining the
4015 * initiator address based on the HCI_PRIVACY flag.
4016 */
4017 if (conn->out) {
4018 conn->resp_addr_type = ev->bdaddr_type;
4019 bacpy(&conn->resp_addr, &ev->bdaddr);
4020 if (test_bit(HCI_PRIVACY, &hdev->dev_flags)) {
4021 conn->init_addr_type = ADDR_LE_DEV_RANDOM;
4022 bacpy(&conn->init_addr, &hdev->rpa);
4023 } else {
4024 hci_copy_identity_address(hdev,
4025 &conn->init_addr,
4026 &conn->init_addr_type);
4027 }
cb1d68f7 4028 }
9489eca4
JH		 4029 } else {
4030 cancel_delayed_work(&conn->le_conn_timeout);
b62f328b 4031 }
fcd89c09 4032
80c24ab8
JH		 4033 if (!conn->out) {
4034 /* Set the responder (our side) address type based on
4035 * the advertising address type.
4036 */
4037 conn->resp_addr_type = hdev->adv_addr_type;
4038 if (hdev->adv_addr_type == ADDR_LE_DEV_RANDOM)
4039 bacpy(&conn->resp_addr, &hdev->random_addr);
4040 else
4041 bacpy(&conn->resp_addr, &hdev->bdaddr);
4042
4043 conn->init_addr_type = ev->bdaddr_type;
4044 bacpy(&conn->init_addr, &ev->bdaddr);
a720d735
MH		 4045
4046 /* For incoming connections, set the default minimum
4047 * and maximum connection interval. They will be used
4048 * to check if the parameters are in range and if not
4049 * trigger the connection update procedure.
4050 */
4051 conn->le_conn_min_interval = hdev->le_conn_min_interval;
4052 conn->le_conn_max_interval = hdev->le_conn_max_interval;
80c24ab8 4053 }
7be2edbb 4054
edb4b466
MH		 4055 /* Lookup the identity address from the stored connection
4056 * address and address type.
4057 *
4058 * When establishing connections to an identity address, the
4059 * connection procedure will store the resolvable random
4060 * address first. Now if it can be converted back into the
4061 * identity address, start using the identity address from
4062 * now on.
4063 */
4064 irk = hci_get_irk(hdev, &conn->dst, conn->dst_type);
68d6f6de
JH		 4065 if (irk) {
4066 bacpy(&conn->dst, &irk->bdaddr);
4067 conn->dst_type = irk->addr_type;
4068 }
4069
cd17decb 4070 if (ev->status) {
06c053fb 4071 hci_le_conn_failed(conn, ev->status);
cd17decb
AG		 4072 goto unlock;
4073 }
4074
b644ba33 4075 if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
01fdb0fc 4076 mgmt_device_connected(hdev, &conn->dst, conn->type,
04124681 4077 conn->dst_type, 0, NULL, 0, NULL);
83bc71b4 4078
7b5c0d52 4079 conn->sec_level = BT_SECURITY_LOW;
fcd89c09
VT		 4080 conn->handle = __le16_to_cpu(ev->handle);
4081 conn->state = BT_CONNECTED;
4082
e04fde60
MH		 4083 conn->le_conn_interval = le16_to_cpu(ev->interval);
4084 conn->le_conn_latency = le16_to_cpu(ev->latency);
4085 conn->le_supv_timeout = le16_to_cpu(ev->supervision_timeout);
4086
fcd89c09
VT		 4087 hci_conn_add_sysfs(conn);
4088
4089 hci_proto_connect_cfm(conn, ev->status);
4090
a4790dbd
AG		 4091 hci_pend_le_conn_del(hdev, &conn->dst, conn->dst_type);
4092
fcd89c09
VT		 4093unlock:
4094 hci_dev_unlock(hdev);
4095}
4096
1855d92d
MH		 4097static void hci_le_conn_update_complete_evt(struct hci_dev *hdev,
4098 struct sk_buff *skb)
4099{
4100 struct hci_ev_le_conn_update_complete *ev = (void *) skb->data;
4101 struct hci_conn *conn;
4102
4103 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
4104
4105 if (ev->status)
4106 return;
4107
4108 hci_dev_lock(hdev);
4109
4110 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
4111 if (conn) {
4112 conn->le_conn_interval = le16_to_cpu(ev->interval);
4113 conn->le_conn_latency = le16_to_cpu(ev->latency);
4114 conn->le_supv_timeout = le16_to_cpu(ev->supervision_timeout);
4115 }
4116
4117 hci_dev_unlock(hdev);
4118}
4119
a4790dbd
AG		 4120/* This function requires the caller holds hdev->lock */
4121static void check_pending_le_conn(struct hci_dev *hdev, bdaddr_t *addr,
4122 u8 addr_type)
4123{
4124 struct hci_conn *conn;
5b906a84
AG		 4125 struct smp_irk *irk;
4126
4127 /* If this is a resolvable address, we should resolve it and then
4128 * update address and address type variables.
4129 */
4130 irk = hci_get_irk(hdev, addr, addr_type);
4131 if (irk) {
4132 addr = &irk->bdaddr;
4133 addr_type = irk->addr_type;
4134 }
a4790dbd
AG		 4135
4136 if (!hci_pend_le_conn_lookup(hdev, addr, addr_type))
4137 return;
4138
4139 conn = hci_connect_le(hdev, addr, addr_type, BT_SECURITY_LOW,
4140 HCI_AT_NO_BONDING);
4141 if (!IS_ERR(conn))
4142 return;
4143
4144 switch (PTR_ERR(conn)) {
4145 case -EBUSY:
4146 /* If hci_connect() returns -EBUSY it means there is already
4147 * an LE connection attempt going on. Since controllers don't
4148 * support more than one connection attempt at the time, we
4149 * don't consider this an error case.
4150 */
4151 break;
4152 default:
4153 BT_DBG("Failed to connect: err %ld", PTR_ERR(conn));
4154 }
4155}
4156
4af605d8
JH		 4157static void process_adv_report(struct hci_dev *hdev, u8 type, bdaddr_t *bdaddr,
4158 u8 bdaddr_type, s8 rssi, u8 *data, u8 len)
4159{
b9a6328f 4160 struct discovery_state *d = &hdev->discovery;
474ee066 4161 bool match;
b9a6328f 4162
ca5c4be7
JH		 4163 /* Passive scanning shouldn't trigger any device found events */
4164 if (hdev->le_scan_type == LE_SCAN_PASSIVE) {
4165 if (type == LE_ADV_IND || type == LE_ADV_DIRECT_IND)
4166 check_pending_le_conn(hdev, bdaddr, bdaddr_type);
4167 return;
4168 }
4af605d8 4169
b9a6328f
JH		 4170 /* If there's nothing pending either store the data from this
4171 * event or send an immediate device found event if the data
4172 * should not be stored for later.
4173 */
4174 if (!has_pending_adv_report(hdev)) {
4175 /* If the report will trigger a SCAN_REQ store it for
4176 * later merging.
4177 */
4178 if (type == LE_ADV_IND || type == LE_ADV_SCAN_IND) {
4179 store_pending_adv_report(hdev, bdaddr, bdaddr_type,
ff5cd29f 4180 rssi, data, len);
b9a6328f
JH		 4181 return;
4182 }
4183
4184 mgmt_device_found(hdev, bdaddr, LE_LINK, bdaddr_type, NULL,
4185 rssi, 0, 1, data, len, NULL, 0);
4186 return;
4187 }
4188
474ee066
JH		 4189 /* Check if the pending report is for the same device as the new one */
4190 match = (!bacmp(bdaddr, &d->last_adv_addr) &&
4191 bdaddr_type == d->last_adv_addr_type);
4192
b9a6328f
JH		 4193 /* If the pending data doesn't match this report or this isn't a
4194 * scan response (e.g. we got a duplicate ADV_IND) then force
4195 * sending of the pending data.
4196 */
474ee066
JH		 4197 if (type != LE_ADV_SCAN_RSP || !match) {
4198 /* Send out whatever is in the cache, but skip duplicates */
4199 if (!match)
4200 mgmt_device_found(hdev, &d->last_adv_addr, LE_LINK,
ff5cd29f
JH		 4201 d->last_adv_addr_type, NULL,
4202 d->last_adv_rssi, 0, 1,
4203 d->last_adv_data,
474ee066 4204 d->last_adv_data_len, NULL, 0);
b9a6328f
JH		 4205
4206 /* If the new report will trigger a SCAN_REQ store it for
4207 * later merging.
4208 */
4209 if (type == LE_ADV_IND || type == LE_ADV_SCAN_IND) {
4210 store_pending_adv_report(hdev, bdaddr, bdaddr_type,
ff5cd29f 4211 rssi, data, len);
b9a6328f
JH		 4212 return;
4213 }
4214
4215 /* The advertising reports cannot be merged, so clear
4216 * the pending report and send out a device found event.
4217 */
4218 clear_pending_adv_report(hdev);
5c5b93e4
JH		 4219 mgmt_device_found(hdev, bdaddr, LE_LINK, bdaddr_type, NULL,
4220 rssi, 0, 1, data, len, NULL, 0);
b9a6328f
JH		 4221 return;
4222 }
4223
4224 /* If we get here we've got a pending ADV_IND or ADV_SCAN_IND and
4225 * the new event is a SCAN_RSP. We can therefore proceed with
4226 * sending a merged device found event.
4227 */
4228 mgmt_device_found(hdev, &d->last_adv_addr, LE_LINK,
4229 d->last_adv_addr_type, NULL, rssi, 0, 1, data, len,
4230 d->last_adv_data, d->last_adv_data_len);
4231 clear_pending_adv_report(hdev);
4af605d8
JH		 4232}
4233
6039aa73 4234static void hci_le_adv_report_evt(struct hci_dev *hdev, struct sk_buff *skb)
9aa04c91 4235{
e95beb41
AG		 4236 u8 num_reports = skb->data[0];
4237 void *ptr = &skb->data[1];
9aa04c91 4238
a4790dbd
AG		 4239 hci_dev_lock(hdev);
4240
e95beb41
AG		 4241 while (num_reports--) {
4242 struct hci_ev_le_advertising_info *ev = ptr;
4af605d8 4243 s8 rssi;
a4790dbd 4244
3c9e9195 4245 rssi = ev->data[ev->length];
4af605d8
JH		 4246 process_adv_report(hdev, ev->evt_type, &ev->bdaddr,
4247 ev->bdaddr_type, rssi, ev->data, ev->length);
3c9e9195 4248
e95beb41 4249 ptr += sizeof(*ev) + ev->length + 1;
9aa04c91 4250 }
a4790dbd
AG		 4251
4252 hci_dev_unlock(hdev);
9aa04c91
AG		 4253}
4254
6039aa73 4255static void hci_le_ltk_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
a7a595f6
VCG		 4256{
4257 struct hci_ev_le_ltk_req *ev = (void *) skb->data;
4258 struct hci_cp_le_ltk_reply cp;
bea710fe 4259 struct hci_cp_le_ltk_neg_reply neg;
a7a595f6 4260 struct hci_conn *conn;
c9839a11 4261 struct smp_ltk *ltk;
a7a595f6 4262
9f1db00c 4263 BT_DBG("%s handle 0x%4.4x", hdev->name, __le16_to_cpu(ev->handle));
a7a595f6
VCG		 4264
4265 hci_dev_lock(hdev);
4266
4267 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
bea710fe
VCG		 4268 if (conn == NULL)
4269 goto not_found;
a7a595f6 4270
fe39c7b2 4271 ltk = hci_find_ltk(hdev, ev->ediv, ev->rand, conn->out);
bea710fe
VCG		 4272 if (ltk == NULL)
4273 goto not_found;
4274
4275 memcpy(cp.ltk, ltk->val, sizeof(ltk->val));
a7a595f6 4276 cp.handle = cpu_to_le16(conn->handle);
c9839a11
VCG		 4277
4278 if (ltk->authenticated)
f8776218
AG		 4279 conn->pending_sec_level = BT_SECURITY_HIGH;
4280 else
4281 conn->pending_sec_level = BT_SECURITY_MEDIUM;
a7a595f6 4282
89cbb4da 4283 conn->enc_key_size = ltk->enc_size;
a7a595f6
VCG		 4284
4285 hci_send_cmd(hdev, HCI_OP_LE_LTK_REPLY, sizeof(cp), &cp);
4286
5981a882
CT		 4287 /* Ref. Bluetooth Core SPEC pages 1975 and 2004. STK is a
4288 * temporary key used to encrypt a connection following
4289 * pairing. It is used during the Encrypted Session Setup to
4290 * distribute the keys. Later, security can be re-established
4291 * using a distributed LTK.
4292 */
2ceba539 4293 if (ltk->type == SMP_STK) {
c9839a11
VCG		 4294 list_del(&ltk->list);
4295 kfree(ltk);
4296 }
4297
a7a595f6 4298 hci_dev_unlock(hdev);
bea710fe
VCG		 4299
4300 return;
4301
4302not_found:
4303 neg.handle = ev->handle;
4304 hci_send_cmd(hdev, HCI_OP_LE_LTK_NEG_REPLY, sizeof(neg), &neg);
4305 hci_dev_unlock(hdev);
a7a595f6
VCG		 4306}
4307
6039aa73 4308static void hci_le_meta_evt(struct hci_dev *hdev, struct sk_buff *skb)
fcd89c09
VT		 4309{
4310 struct hci_ev_le_meta *le_ev = (void *) skb->data;
4311
4312 skb_pull(skb, sizeof(*le_ev));
4313
4314 switch (le_ev->subevent) {
4315 case HCI_EV_LE_CONN_COMPLETE:
4316 hci_le_conn_complete_evt(hdev, skb);
4317 break;
4318
1855d92d
MH		 4319 case HCI_EV_LE_CONN_UPDATE_COMPLETE:
4320 hci_le_conn_update_complete_evt(hdev, skb);
4321 break;
4322
9aa04c91
AG		 4323 case HCI_EV_LE_ADVERTISING_REPORT:
4324 hci_le_adv_report_evt(hdev, skb);
4325 break;
4326
a7a595f6
VCG		 4327 case HCI_EV_LE_LTK_REQ:
4328 hci_le_ltk_request_evt(hdev, skb);
4329 break;
4330
fcd89c09
VT		 4331 default:
4332 break;
4333 }
4334}
4335
9495b2ee
AE		 4336static void hci_chan_selected_evt(struct hci_dev *hdev, struct sk_buff *skb)
4337{
4338 struct hci_ev_channel_selected *ev = (void *) skb->data;
4339 struct hci_conn *hcon;
4340
4341 BT_DBG("%s handle 0x%2.2x", hdev->name, ev->phy_handle);
4342
4343 skb_pull(skb, sizeof(*ev));
4344
4345 hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
4346 if (!hcon)
4347 return;
4348
4349 amp_read_loc_assoc_final_data(hdev, hcon);
4350}
4351
a9de9248
MH		 4352void hci_event_packet(struct hci_dev *hdev, struct sk_buff *skb)
4353{
4354 struct hci_event_hdr *hdr = (void *) skb->data;
4355 __u8 event = hdr->evt;
4356
b6ddb638
JH		 4357 hci_dev_lock(hdev);
4358
4359 /* Received events are (currently) only needed when a request is
4360 * ongoing so avoid unnecessary memory allocation.
4361 */
4362 if (hdev->req_status == HCI_REQ_PEND) {
4363 kfree_skb(hdev->recv_evt);
4364 hdev->recv_evt = skb_clone(skb, GFP_KERNEL);
4365 }
4366
4367 hci_dev_unlock(hdev);
4368
a9de9248
MH		 4369 skb_pull(skb, HCI_EVENT_HDR_SIZE);
4370
02350a72 4371 if (hdev->sent_cmd && bt_cb(hdev->sent_cmd)->req.event == event) {
c1f23a2b
JB		 4372 struct hci_command_hdr *cmd_hdr = (void *) hdev->sent_cmd->data;
4373 u16 opcode = __le16_to_cpu(cmd_hdr->opcode);
02350a72
JH		 4374
4375 hci_req_cmd_complete(hdev, opcode, 0);
4376 }
4377
a9de9248 4378 switch (event) {
1da177e4
LT		 4379 case HCI_EV_INQUIRY_COMPLETE:
4380 hci_inquiry_complete_evt(hdev, skb);
4381 break;
4382
4383 case HCI_EV_INQUIRY_RESULT:
4384 hci_inquiry_result_evt(hdev, skb);
4385 break;
4386
a9de9248
MH		 4387 case HCI_EV_CONN_COMPLETE:
4388 hci_conn_complete_evt(hdev, skb);
21d9e30e
MH		 4389 break;
4390
1da177e4
LT		 4391 case HCI_EV_CONN_REQUEST:
4392 hci_conn_request_evt(hdev, skb);
4393 break;
4394
1da177e4
LT		 4395 case HCI_EV_DISCONN_COMPLETE:
4396 hci_disconn_complete_evt(hdev, skb);
4397 break;
4398
1da177e4
LT		 4399 case HCI_EV_AUTH_COMPLETE:
4400 hci_auth_complete_evt(hdev, skb);
4401 break;
4402
a9de9248
MH		 4403 case HCI_EV_REMOTE_NAME:
4404 hci_remote_name_evt(hdev, skb);
4405 break;
4406
1da177e4
LT		 4407 case HCI_EV_ENCRYPT_CHANGE:
4408 hci_encrypt_change_evt(hdev, skb);
4409 break;
4410
a9de9248
MH		 4411 case HCI_EV_CHANGE_LINK_KEY_COMPLETE:
4412 hci_change_link_key_complete_evt(hdev, skb);
4413 break;
4414
4415 case HCI_EV_REMOTE_FEATURES:
4416 hci_remote_features_evt(hdev, skb);
4417 break;
4418
a9de9248
MH		 4419 case HCI_EV_CMD_COMPLETE:
4420 hci_cmd_complete_evt(hdev, skb);
4421 break;
4422
4423 case HCI_EV_CMD_STATUS:
4424 hci_cmd_status_evt(hdev, skb);
4425 break;
4426
4427 case HCI_EV_ROLE_CHANGE:
4428 hci_role_change_evt(hdev, skb);
4429 break;
4430
4431 case HCI_EV_NUM_COMP_PKTS:
4432 hci_num_comp_pkts_evt(hdev, skb);
4433 break;
4434
4435 case HCI_EV_MODE_CHANGE:
4436 hci_mode_change_evt(hdev, skb);
1da177e4
LT		 4437 break;
4438
4439 case HCI_EV_PIN_CODE_REQ:
4440 hci_pin_code_request_evt(hdev, skb);
4441 break;
4442
4443 case HCI_EV_LINK_KEY_REQ:
4444 hci_link_key_request_evt(hdev, skb);
4445 break;
4446
4447 case HCI_EV_LINK_KEY_NOTIFY:
4448 hci_link_key_notify_evt(hdev, skb);
4449 break;
4450
4451 case HCI_EV_CLOCK_OFFSET:
4452 hci_clock_offset_evt(hdev, skb);
4453 break;
4454
a8746417
MH		 4455 case HCI_EV_PKT_TYPE_CHANGE:
4456 hci_pkt_type_change_evt(hdev, skb);
4457 break;
4458
85a1e930
MH		 4459 case HCI_EV_PSCAN_REP_MODE:
4460 hci_pscan_rep_mode_evt(hdev, skb);
4461 break;
4462
a9de9248
MH		 4463 case HCI_EV_INQUIRY_RESULT_WITH_RSSI:
4464 hci_inquiry_result_with_rssi_evt(hdev, skb);
04837f64
MH		 4465 break;
4466
a9de9248
MH		 4467 case HCI_EV_REMOTE_EXT_FEATURES:
4468 hci_remote_ext_features_evt(hdev, skb);
1da177e4
LT		 4469 break;
4470
a9de9248
MH		 4471 case HCI_EV_SYNC_CONN_COMPLETE:
4472 hci_sync_conn_complete_evt(hdev, skb);
4473 break;
1da177e4 4474
a9de9248
MH		 4475 case HCI_EV_EXTENDED_INQUIRY_RESULT:
4476 hci_extended_inquiry_result_evt(hdev, skb);
4477 break;
1da177e4 4478
1c2e0041
JH		 4479 case HCI_EV_KEY_REFRESH_COMPLETE:
4480 hci_key_refresh_complete_evt(hdev, skb);
4481 break;
4482
0493684e
MH		 4483 case HCI_EV_IO_CAPA_REQUEST:
4484 hci_io_capa_request_evt(hdev, skb);
4485 break;
4486
03b555e1
JH		 4487 case HCI_EV_IO_CAPA_REPLY:
4488 hci_io_capa_reply_evt(hdev, skb);
4489 break;
4490
a5c29683
JH		 4491 case HCI_EV_USER_CONFIRM_REQUEST:
4492 hci_user_confirm_request_evt(hdev, skb);
4493 break;
4494
1143d458
BG		 4495 case HCI_EV_USER_PASSKEY_REQUEST:
4496 hci_user_passkey_request_evt(hdev, skb);
4497 break;
4498
92a25256
JH		 4499 case HCI_EV_USER_PASSKEY_NOTIFY:
4500 hci_user_passkey_notify_evt(hdev, skb);
4501 break;
4502
4503 case HCI_EV_KEYPRESS_NOTIFY:
4504 hci_keypress_notify_evt(hdev, skb);
4505 break;
4506
0493684e
MH		 4507 case HCI_EV_SIMPLE_PAIR_COMPLETE:
4508 hci_simple_pair_complete_evt(hdev, skb);
4509 break;
4510
41a96212
MH		 4511 case HCI_EV_REMOTE_HOST_FEATURES:
4512 hci_remote_host_features_evt(hdev, skb);
4513 break;
4514
fcd89c09
VT		 4515 case HCI_EV_LE_META:
4516 hci_le_meta_evt(hdev, skb);
4517 break;
4518
9495b2ee
AE		 4519 case HCI_EV_CHANNEL_SELECTED:
4520 hci_chan_selected_evt(hdev, skb);
4521 break;
4522
2763eda6
SJ		 4523 case HCI_EV_REMOTE_OOB_DATA_REQUEST:
4524 hci_remote_oob_data_request_evt(hdev, skb);
4525 break;
4526
d5e91192
AE		 4527 case HCI_EV_PHY_LINK_COMPLETE:
4528 hci_phy_link_complete_evt(hdev, skb);
4529 break;
4530
27695fb4
AE		 4531 case HCI_EV_LOGICAL_LINK_COMPLETE:
4532 hci_loglink_complete_evt(hdev, skb);
4533 break;
4534
606e2a10
AE		 4535 case HCI_EV_DISCONN_LOGICAL_LINK_COMPLETE:
4536 hci_disconn_loglink_complete_evt(hdev, skb);
4537 break;
4538
9eef6b3a
AE		 4539 case HCI_EV_DISCONN_PHY_LINK_COMPLETE:
4540 hci_disconn_phylink_complete_evt(hdev, skb);
4541 break;
4542
25e89e99
AE		 4543 case HCI_EV_NUM_COMP_BLOCKS:
4544 hci_num_comp_blocks_evt(hdev, skb);
4545 break;
4546
a9de9248 4547 default:
9f1db00c 4548 BT_DBG("%s event 0x%2.2x", hdev->name, event);
1da177e4
LT		 4549 break;
4550 }
4551
4552 kfree_skb(skb);
4553 hdev->stat.evt_rx++;
4554}
Linux kernel - Deliverables
This page took 1.751299 seconds and 5 git commands to generate.