projects / deliverable / linux.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Bluetooth: Fix using test_and_clear instead of test_and_set
[deliverable/linux.git] / net / bluetooth / hci_event.c
CommitLineData
8e87d142 1/*
1da177e4 2 BlueZ - Bluetooth protocol stack for Linux
2d0a0346 3 Copyright (c) 2000-2001, 2010, Code Aurora Forum. All rights reserved.
1da177e4
LT		 4
5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
8e87d142
YH		 15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
1da177e4
LT		 18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
8e87d142
YH		 20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
1da177e4
LT		 22 SOFTWARE IS DISCLAIMED.
23*/
24
25/* Bluetooth HCI event handling. */
26
1da177e4
LT		 27#include <asm/unaligned.h>
28
29#include <net/bluetooth/bluetooth.h>
30#include <net/bluetooth/hci_core.h>
f0d6a0ea 31#include <net/bluetooth/mgmt.h>
7ef9fbf0 32
7024728e 33#include "a2mp.h"
7ef9fbf0 34#include "amp.h"
2ceba539 35#include "smp.h"
1da177e4 36
1da177e4
LT		 37/* Handle HCI Event packets */
38
a9de9248 39static void hci_cc_inquiry_cancel(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 40{
a9de9248 41 __u8 status = *((__u8 *) skb->data);
1da177e4 42
9f1db00c 43 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1da177e4 44
82f4785c 45 if (status)
a9de9248 46 return;
1da177e4 47
89352e7d 48 clear_bit(HCI_INQUIRY, &hdev->flags);
4e857c58 49 smp_mb__after_atomic(); /* wake_up_bit advises about this barrier */
3e13fa1e 50 wake_up_bit(&hdev->flags, HCI_INQUIRY);
89352e7d 51
50143a43
JH		 52 hci_dev_lock(hdev);
53 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
54 hci_dev_unlock(hdev);
55
a9de9248
MH		 56 hci_conn_check_pending(hdev);
57}
6bd57416 58
4d93483b
AG		 59static void hci_cc_periodic_inq(struct hci_dev *hdev, struct sk_buff *skb)
60{
61 __u8 status = *((__u8 *) skb->data);
62
9f1db00c 63 BT_DBG("%s status 0x%2.2x", hdev->name, status);
ae854a70
AG		 64
65 if (status)
66 return;
67
68 set_bit(HCI_PERIODIC_INQ, &hdev->dev_flags);
4d93483b
AG		 69}
70
a9de9248
MH		 71static void hci_cc_exit_periodic_inq(struct hci_dev *hdev, struct sk_buff *skb)
72{
73 __u8 status = *((__u8 *) skb->data);
6bd57416 74
9f1db00c 75 BT_DBG("%s status 0x%2.2x", hdev->name, status);
6bd57416 76
a9de9248
MH		 77 if (status)
78 return;
1da177e4 79
ae854a70
AG		 80 clear_bit(HCI_PERIODIC_INQ, &hdev->dev_flags);
81
a9de9248
MH		 82 hci_conn_check_pending(hdev);
83}
84
807deac2
GP		 85static void hci_cc_remote_name_req_cancel(struct hci_dev *hdev,
86 struct sk_buff *skb)
a9de9248
MH		 87{
88 BT_DBG("%s", hdev->name);
89}
90
91static void hci_cc_role_discovery(struct hci_dev *hdev, struct sk_buff *skb)
92{
93 struct hci_rp_role_discovery *rp = (void *) skb->data;
94 struct hci_conn *conn;
95
9f1db00c 96 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
a9de9248
MH		 97
98 if (rp->status)
99 return;
100
101 hci_dev_lock(hdev);
102
103 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
104 if (conn) {
105 if (rp->role)
4dae2798 106 clear_bit(HCI_CONN_MASTER, &conn->flags);
a9de9248 107 else
4dae2798 108 set_bit(HCI_CONN_MASTER, &conn->flags);
1da177e4 109 }
a9de9248
MH		 110
111 hci_dev_unlock(hdev);
1da177e4
LT		 112}
113
e4e8e37c
MH		 114static void hci_cc_read_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
115{
116 struct hci_rp_read_link_policy *rp = (void *) skb->data;
117 struct hci_conn *conn;
118
9f1db00c 119 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
e4e8e37c
MH		 120
121 if (rp->status)
122 return;
123
124 hci_dev_lock(hdev);
125
126 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
127 if (conn)
128 conn->link_policy = __le16_to_cpu(rp->policy);
129
130 hci_dev_unlock(hdev);
131}
132
a9de9248 133static void hci_cc_write_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 134{
a9de9248 135 struct hci_rp_write_link_policy *rp = (void *) skb->data;
1da177e4 136 struct hci_conn *conn;
04837f64 137 void *sent;
1da177e4 138
9f1db00c 139 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1da177e4 140
a9de9248
MH		 141 if (rp->status)
142 return;
1da177e4 143
a9de9248
MH		 144 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LINK_POLICY);
145 if (!sent)
146 return;
1da177e4 147
a9de9248 148 hci_dev_lock(hdev);
1da177e4 149
a9de9248 150 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
e4e8e37c 151 if (conn)
83985319 152 conn->link_policy = get_unaligned_le16(sent + 2);
1da177e4 153
a9de9248
MH		 154 hci_dev_unlock(hdev);
155}
1da177e4 156
807deac2
GP		 157static void hci_cc_read_def_link_policy(struct hci_dev *hdev,
158 struct sk_buff *skb)
e4e8e37c
MH		 159{
160 struct hci_rp_read_def_link_policy *rp = (void *) skb->data;
161
9f1db00c 162 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
e4e8e37c
MH		 163
164 if (rp->status)
165 return;
166
167 hdev->link_policy = __le16_to_cpu(rp->policy);
168}
169
807deac2
GP		 170static void hci_cc_write_def_link_policy(struct hci_dev *hdev,
171 struct sk_buff *skb)
e4e8e37c
MH		 172{
173 __u8 status = *((__u8 *) skb->data);
174 void *sent;
175
9f1db00c 176 BT_DBG("%s status 0x%2.2x", hdev->name, status);
e4e8e37c 177
45296acd
MH		 178 if (status)
179 return;
180
e4e8e37c
MH		 181 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_DEF_LINK_POLICY);
182 if (!sent)
183 return;
184
45296acd 185 hdev->link_policy = get_unaligned_le16(sent);
e4e8e37c
MH		 186}
187
a9de9248
MH		 188static void hci_cc_reset(struct hci_dev *hdev, struct sk_buff *skb)
189{
190 __u8 status = *((__u8 *) skb->data);
04837f64 191
9f1db00c 192 BT_DBG("%s status 0x%2.2x", hdev->name, status);
04837f64 193
10572132
GP		 194 clear_bit(HCI_RESET, &hdev->flags);
195
a297e97c 196 /* Reset all non-persistent flags */
2cc6fb00 197 hdev->dev_flags &= ~HCI_PERSISTENT_MASK;
69775ff6
AG		 198
199 hdev->discovery.state = DISCOVERY_STOPPED;
bbaf444a
JH		 200 hdev->inq_tx_power = HCI_TX_POWER_INVALID;
201 hdev->adv_tx_power = HCI_TX_POWER_INVALID;
3f0f524b
JH		 202
203 memset(hdev->adv_data, 0, sizeof(hdev->adv_data));
204 hdev->adv_data_len = 0;
f8e808bd
MH		 205
206 memset(hdev->scan_rsp_data, 0, sizeof(hdev->scan_rsp_data));
207 hdev->scan_rsp_data_len = 0;
06f5b778 208
533553f8
MH		 209 hdev->le_scan_type = LE_SCAN_PASSIVE;
210
06f5b778 211 hdev->ssp_debug_mode = 0;
a9de9248 212}
04837f64 213
a9de9248
MH		 214static void hci_cc_write_local_name(struct hci_dev *hdev, struct sk_buff *skb)
215{
216 __u8 status = *((__u8 *) skb->data);
217 void *sent;
04837f64 218
9f1db00c 219 BT_DBG("%s status 0x%2.2x", hdev->name, status);
04837f64 220
a9de9248
MH		 221 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LOCAL_NAME);
222 if (!sent)
223 return;
04837f64 224
56e5cb86
JH		 225 hci_dev_lock(hdev);
226
f51d5b24
JH		 227 if (test_bit(HCI_MGMT, &hdev->dev_flags))
228 mgmt_set_local_name_complete(hdev, sent, status);
28cc7bde
JH		 229 else if (!status)
230 memcpy(hdev->dev_name, sent, HCI_MAX_NAME_LENGTH);
f51d5b24 231
56e5cb86 232 hci_dev_unlock(hdev);
a9de9248
MH		 233}
234
235static void hci_cc_read_local_name(struct hci_dev *hdev, struct sk_buff *skb)
236{
237 struct hci_rp_read_local_name *rp = (void *) skb->data;
238
9f1db00c 239 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
a9de9248
MH		 240
241 if (rp->status)
242 return;
243
db99b5fc
JH		 244 if (test_bit(HCI_SETUP, &hdev->dev_flags))
245 memcpy(hdev->dev_name, rp->name, HCI_MAX_NAME_LENGTH);
a9de9248
MH		 246}
247
248static void hci_cc_write_auth_enable(struct hci_dev *hdev, struct sk_buff *skb)
249{
250 __u8 status = *((__u8 *) skb->data);
251 void *sent;
252
9f1db00c 253 BT_DBG("%s status 0x%2.2x", hdev->name, status);
a9de9248
MH		 254
255 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_AUTH_ENABLE);
256 if (!sent)
257 return;
258
259 if (!status) {
260 __u8 param = *((__u8 *) sent);
261
262 if (param == AUTH_ENABLED)
263 set_bit(HCI_AUTH, &hdev->flags);
264 else
265 clear_bit(HCI_AUTH, &hdev->flags);
1da177e4 266 }
a9de9248 267
33ef95ed
JH		 268 if (test_bit(HCI_MGMT, &hdev->dev_flags))
269 mgmt_auth_enable_complete(hdev, status);
1da177e4
LT		 270}
271
a9de9248 272static void hci_cc_write_encrypt_mode(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 273{
a9de9248 274 __u8 status = *((__u8 *) skb->data);
45296acd 275 __u8 param;
1da177e4
LT		 276 void *sent;
277
9f1db00c 278 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1da177e4 279
45296acd
MH		 280 if (status)
281 return;
282
a9de9248
MH		 283 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_ENCRYPT_MODE);
284 if (!sent)
285 return;
1da177e4 286
45296acd 287 param = *((__u8 *) sent);
a9de9248 288
45296acd
MH		 289 if (param)
290 set_bit(HCI_ENCRYPT, &hdev->flags);
291 else
292 clear_bit(HCI_ENCRYPT, &hdev->flags);
a9de9248 293}
1da177e4 294
a9de9248
MH		 295static void hci_cc_write_scan_enable(struct hci_dev *hdev, struct sk_buff *skb)
296{
45296acd
MH		 297 __u8 status = *((__u8 *) skb->data);
298 __u8 param;
36f7fc7e 299 int old_pscan, old_iscan;
a9de9248 300 void *sent;
1da177e4 301
9f1db00c 302 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1da177e4 303
a9de9248
MH		 304 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SCAN_ENABLE);
305 if (!sent)
306 return;
1da177e4 307
36f7fc7e
JH		 308 param = *((__u8 *) sent);
309
56e5cb86
JH		 310 hci_dev_lock(hdev);
311
fa1bd918 312 if (status) {
744cf19e 313 mgmt_write_scan_failed(hdev, param, status);
2d7cee58
JH		 314 hdev->discov_timeout = 0;
315 goto done;
316 }
317
0663ca2a
JH		 318 /* We need to ensure that we set this back on if someone changed
319 * the scan mode through a raw HCI socket.
320 */
321 set_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
322
36f7fc7e
JH		 323 old_pscan = test_and_clear_bit(HCI_PSCAN, &hdev->flags);
324 old_iscan = test_and_clear_bit(HCI_ISCAN, &hdev->flags);
325
326 if (param & SCAN_INQUIRY) {
327 set_bit(HCI_ISCAN, &hdev->flags);
328 if (!old_iscan)
744cf19e 329 mgmt_discoverable(hdev, 1);
36f7fc7e 330 } else if (old_iscan)
744cf19e 331 mgmt_discoverable(hdev, 0);
36f7fc7e
JH		 332
333 if (param & SCAN_PAGE) {
334 set_bit(HCI_PSCAN, &hdev->flags);
335 if (!old_pscan)
744cf19e 336 mgmt_connectable(hdev, 1);
36f7fc7e 337 } else if (old_pscan)
744cf19e 338 mgmt_connectable(hdev, 0);
1da177e4 339
36f7fc7e 340done:
56e5cb86 341 hci_dev_unlock(hdev);
a9de9248 342}
1da177e4 343
a9de9248
MH		 344static void hci_cc_read_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
345{
346 struct hci_rp_read_class_of_dev *rp = (void *) skb->data;
1da177e4 347
9f1db00c 348 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1da177e4 349
a9de9248
MH		 350 if (rp->status)
351 return;
1da177e4 352
a9de9248 353 memcpy(hdev->dev_class, rp->dev_class, 3);
1da177e4 354
a9de9248 355 BT_DBG("%s class 0x%.2x%.2x%.2x", hdev->name,
807deac2 356 hdev->dev_class[2], hdev->dev_class[1], hdev->dev_class[0]);
a9de9248 357}
1da177e4 358
a9de9248
MH		 359static void hci_cc_write_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
360{
361 __u8 status = *((__u8 *) skb->data);
362 void *sent;
1da177e4 363
9f1db00c 364 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1da177e4 365
a9de9248
MH		 366 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_CLASS_OF_DEV);
367 if (!sent)
368 return;
1da177e4 369
7f9a903c
MH		 370 hci_dev_lock(hdev);
371
372 if (status == 0)
373 memcpy(hdev->dev_class, sent, 3);
374
375 if (test_bit(HCI_MGMT, &hdev->dev_flags))
376 mgmt_set_class_of_dev_complete(hdev, sent, status);
377
378 hci_dev_unlock(hdev);
a9de9248 379}
1da177e4 380
a9de9248
MH		 381static void hci_cc_read_voice_setting(struct hci_dev *hdev, struct sk_buff *skb)
382{
383 struct hci_rp_read_voice_setting *rp = (void *) skb->data;
384 __u16 setting;
385
9f1db00c 386 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
a9de9248
MH		 387
388 if (rp->status)
389 return;
390
391 setting = __le16_to_cpu(rp->voice_setting);
392
f383f275 393 if (hdev->voice_setting == setting)
a9de9248
MH		 394 return;
395
396 hdev->voice_setting = setting;
397
9f1db00c 398 BT_DBG("%s voice setting 0x%4.4x", hdev->name, setting);
a9de9248 399
3c54711c 400 if (hdev->notify)
a9de9248 401 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
a9de9248
MH		 402}
403
8fc9ced3
GP		 404static void hci_cc_write_voice_setting(struct hci_dev *hdev,
405 struct sk_buff *skb)
a9de9248
MH		 406{
407 __u8 status = *((__u8 *) skb->data);
f383f275 408 __u16 setting;
a9de9248
MH		 409 void *sent;
410
9f1db00c 411 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1da177e4 412
f383f275
MH		 413 if (status)
414 return;
415
a9de9248
MH		 416 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_VOICE_SETTING);
417 if (!sent)
418 return;
1da177e4 419
f383f275 420 setting = get_unaligned_le16(sent);
1da177e4 421
f383f275
MH		 422 if (hdev->voice_setting == setting)
423 return;
424
425 hdev->voice_setting = setting;
1da177e4 426
9f1db00c 427 BT_DBG("%s voice setting 0x%4.4x", hdev->name, setting);
1da177e4 428
3c54711c 429 if (hdev->notify)
f383f275 430 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
1da177e4
LT		 431}
432
b4cb9fb2
MH		 433static void hci_cc_read_num_supported_iac(struct hci_dev *hdev,
434 struct sk_buff *skb)
435{
436 struct hci_rp_read_num_supported_iac *rp = (void *) skb->data;
437
438 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
439
440 if (rp->status)
441 return;
442
443 hdev->num_iac = rp->num_iac;
444
445 BT_DBG("%s num iac %d", hdev->name, hdev->num_iac);
446}
447
333140b5
MH		 448static void hci_cc_write_ssp_mode(struct hci_dev *hdev, struct sk_buff *skb)
449{
450 __u8 status = *((__u8 *) skb->data);
5ed8eb2f 451 struct hci_cp_write_ssp_mode *sent;
333140b5 452
9f1db00c 453 BT_DBG("%s status 0x%2.2x", hdev->name, status);
333140b5 454
333140b5
MH		 455 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SSP_MODE);
456 if (!sent)
457 return;
458
5ed8eb2f
JH		 459 if (!status) {
460 if (sent->mode)
cad718ed 461 hdev->features[1][0] |= LMP_HOST_SSP;
5ed8eb2f 462 else
cad718ed 463 hdev->features[1][0] &= ~LMP_HOST_SSP;
5ed8eb2f
JH		 464 }
465
ed2c4ee3 466 if (test_bit(HCI_MGMT, &hdev->dev_flags))
5ed8eb2f 467 mgmt_ssp_enable_complete(hdev, sent->mode, status);
c0ecddc2 468 else if (!status) {
5ed8eb2f 469 if (sent->mode)
c0ecddc2
JH		 470 set_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
471 else
472 clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
473 }
333140b5
MH		 474}
475
eac83dc6
MH		 476static void hci_cc_write_sc_support(struct hci_dev *hdev, struct sk_buff *skb)
477{
478 u8 status = *((u8 *) skb->data);
479 struct hci_cp_write_sc_support *sent;
480
481 BT_DBG("%s status 0x%2.2x", hdev->name, status);
482
483 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SC_SUPPORT);
484 if (!sent)
485 return;
486
487 if (!status) {
488 if (sent->support)
489 hdev->features[1][0] |= LMP_HOST_SC;
490 else
491 hdev->features[1][0] &= ~LMP_HOST_SC;
492 }
493
494 if (test_bit(HCI_MGMT, &hdev->dev_flags))
495 mgmt_sc_enable_complete(hdev, sent->support, status);
496 else if (!status) {
497 if (sent->support)
498 set_bit(HCI_SC_ENABLED, &hdev->dev_flags);
499 else
500 clear_bit(HCI_SC_ENABLED, &hdev->dev_flags);
501 }
502}
503
a9de9248
MH		 504static void hci_cc_read_local_version(struct hci_dev *hdev, struct sk_buff *skb)
505{
506 struct hci_rp_read_local_version *rp = (void *) skb->data;
1143e5a6 507
9f1db00c 508 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1143e5a6 509
a9de9248 510 if (rp->status)
42c6b129 511 return;
1143e5a6 512
0d5551f5
MH		 513 if (test_bit(HCI_SETUP, &hdev->dev_flags)) {
514 hdev->hci_ver = rp->hci_ver;
515 hdev->hci_rev = __le16_to_cpu(rp->hci_rev);
516 hdev->lmp_ver = rp->lmp_ver;
517 hdev->manufacturer = __le16_to_cpu(rp->manufacturer);
518 hdev->lmp_subver = __le16_to_cpu(rp->lmp_subver);
519 }
d5859e22
JH		 520}
521
8fc9ced3
GP		 522static void hci_cc_read_local_commands(struct hci_dev *hdev,
523 struct sk_buff *skb)
a9de9248
MH		 524{
525 struct hci_rp_read_local_commands *rp = (void *) skb->data;
1da177e4 526
9f1db00c 527 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1da177e4 528
6a070e6e
MH		 529 if (rp->status)
530 return;
531
532 if (test_bit(HCI_SETUP, &hdev->dev_flags))
2177bab5 533 memcpy(hdev->commands, rp->commands, sizeof(hdev->commands));
a9de9248 534}
1da177e4 535
8fc9ced3
GP		 536static void hci_cc_read_local_features(struct hci_dev *hdev,
537 struct sk_buff *skb)
a9de9248
MH		 538{
539 struct hci_rp_read_local_features *rp = (void *) skb->data;
5b7f9909 540
9f1db00c 541 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1da177e4 542
a9de9248
MH		 543 if (rp->status)
544 return;
5b7f9909 545
a9de9248 546 memcpy(hdev->features, rp->features, 8);
5b7f9909 547
a9de9248
MH		 548 /* Adjust default settings according to features
549 * supported by device. */
1da177e4 550
cad718ed 551 if (hdev->features[0][0] & LMP_3SLOT)
a9de9248 552 hdev->pkt_type |= (HCI_DM3 | HCI_DH3);
1da177e4 553
cad718ed 554 if (hdev->features[0][0] & LMP_5SLOT)
a9de9248 555 hdev->pkt_type |= (HCI_DM5 | HCI_DH5);
1da177e4 556
cad718ed 557 if (hdev->features[0][1] & LMP_HV2) {
a9de9248
MH		 558 hdev->pkt_type |= (HCI_HV2);
559 hdev->esco_type |= (ESCO_HV2);
560 }
1da177e4 561
cad718ed 562 if (hdev->features[0][1] & LMP_HV3) {
a9de9248
MH		 563 hdev->pkt_type |= (HCI_HV3);
564 hdev->esco_type |= (ESCO_HV3);
565 }
1da177e4 566
45db810f 567 if (lmp_esco_capable(hdev))
a9de9248 568 hdev->esco_type |= (ESCO_EV3);
da1f5198 569
cad718ed 570 if (hdev->features[0][4] & LMP_EV4)
a9de9248 571 hdev->esco_type |= (ESCO_EV4);
da1f5198 572
cad718ed 573 if (hdev->features[0][4] & LMP_EV5)
a9de9248 574 hdev->esco_type |= (ESCO_EV5);
1da177e4 575
cad718ed 576 if (hdev->features[0][5] & LMP_EDR_ESCO_2M)
efc7688b
MH		 577 hdev->esco_type |= (ESCO_2EV3);
578
cad718ed 579 if (hdev->features[0][5] & LMP_EDR_ESCO_3M)
efc7688b
MH		 580 hdev->esco_type |= (ESCO_3EV3);
581
cad718ed 582 if (hdev->features[0][5] & LMP_EDR_3S_ESCO)
efc7688b 583 hdev->esco_type |= (ESCO_2EV5 | ESCO_3EV5);
a9de9248 584}
1da177e4 585
971e3a4b 586static void hci_cc_read_local_ext_features(struct hci_dev *hdev,
807deac2 587 struct sk_buff *skb)
971e3a4b
AG		 588{
589 struct hci_rp_read_local_ext_features *rp = (void *) skb->data;
590
9f1db00c 591 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
971e3a4b
AG		 592
593 if (rp->status)
42c6b129 594 return;
971e3a4b 595
57af75a8
MH		 596 if (hdev->max_page < rp->max_page)
597 hdev->max_page = rp->max_page;
d2c5d77f 598
cad718ed
JH		 599 if (rp->page < HCI_MAX_PAGES)
600 memcpy(hdev->features[rp->page], rp->features, 8);
971e3a4b
AG		 601}
602
1e89cffb 603static void hci_cc_read_flow_control_mode(struct hci_dev *hdev,
807deac2 604 struct sk_buff *skb)
1e89cffb
AE		 605{
606 struct hci_rp_read_flow_control_mode *rp = (void *) skb->data;
607
9f1db00c 608 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1e89cffb 609
45296acd
MH		 610 if (rp->status)
611 return;
612
613 hdev->flow_ctl_mode = rp->mode;
1e89cffb
AE		 614}
615
a9de9248
MH		 616static void hci_cc_read_buffer_size(struct hci_dev *hdev, struct sk_buff *skb)
617{
618 struct hci_rp_read_buffer_size *rp = (void *) skb->data;
1da177e4 619
9f1db00c 620 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1da177e4 621
a9de9248
MH		 622 if (rp->status)
623 return;
1da177e4 624
a9de9248
MH		 625 hdev->acl_mtu = __le16_to_cpu(rp->acl_mtu);
626 hdev->sco_mtu = rp->sco_mtu;
627 hdev->acl_pkts = __le16_to_cpu(rp->acl_max_pkt);
628 hdev->sco_pkts = __le16_to_cpu(rp->sco_max_pkt);
629
630 if (test_bit(HCI_QUIRK_FIXUP_BUFFER_SIZE, &hdev->quirks)) {
631 hdev->sco_mtu = 64;
632 hdev->sco_pkts = 8;
1da177e4 633 }
a9de9248
MH		 634
635 hdev->acl_cnt = hdev->acl_pkts;
636 hdev->sco_cnt = hdev->sco_pkts;
637
807deac2
GP		 638 BT_DBG("%s acl mtu %d:%d sco mtu %d:%d", hdev->name, hdev->acl_mtu,
639 hdev->acl_pkts, hdev->sco_mtu, hdev->sco_pkts);
a9de9248
MH		 640}
641
642static void hci_cc_read_bd_addr(struct hci_dev *hdev, struct sk_buff *skb)
643{
644 struct hci_rp_read_bd_addr *rp = (void *) skb->data;
645
9f1db00c 646 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
a9de9248 647
e30d3f5f
MH		 648 if (rp->status)
649 return;
650
651 if (test_bit(HCI_INIT, &hdev->flags))
a9de9248 652 bacpy(&hdev->bdaddr, &rp->bdaddr);
e30d3f5f
MH		 653
654 if (test_bit(HCI_SETUP, &hdev->dev_flags))
655 bacpy(&hdev->setup_addr, &rp->bdaddr);
23bb5763
JH		 656}
657
f332ec66
JH		 658static void hci_cc_read_page_scan_activity(struct hci_dev *hdev,
659 struct sk_buff *skb)
660{
661 struct hci_rp_read_page_scan_activity *rp = (void *) skb->data;
662
663 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
664
45296acd
MH		 665 if (rp->status)
666 return;
667
668 if (test_bit(HCI_INIT, &hdev->flags)) {
f332ec66
JH		 669 hdev->page_scan_interval = __le16_to_cpu(rp->interval);
670 hdev->page_scan_window = __le16_to_cpu(rp->window);
671 }
672}
673
4a3ee763
JH		 674static void hci_cc_write_page_scan_activity(struct hci_dev *hdev,
675 struct sk_buff *skb)
676{
677 u8 status = *((u8 *) skb->data);
678 struct hci_cp_write_page_scan_activity *sent;
679
680 BT_DBG("%s status 0x%2.2x", hdev->name, status);
681
682 if (status)
683 return;
684
685 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY);
686 if (!sent)
687 return;
688
689 hdev->page_scan_interval = __le16_to_cpu(sent->interval);
690 hdev->page_scan_window = __le16_to_cpu(sent->window);
691}
692
f332ec66
JH		 693static void hci_cc_read_page_scan_type(struct hci_dev *hdev,
694 struct sk_buff *skb)
695{
696 struct hci_rp_read_page_scan_type *rp = (void *) skb->data;
697
698 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
699
45296acd
MH		 700 if (rp->status)
701 return;
702
703 if (test_bit(HCI_INIT, &hdev->flags))
f332ec66
JH		 704 hdev->page_scan_type = rp->type;
705}
706
4a3ee763
JH		 707static void hci_cc_write_page_scan_type(struct hci_dev *hdev,
708 struct sk_buff *skb)
709{
710 u8 status = *((u8 *) skb->data);
711 u8 *type;
712
713 BT_DBG("%s status 0x%2.2x", hdev->name, status);
714
715 if (status)
716 return;
717
718 type = hci_sent_cmd_data(hdev, HCI_OP_WRITE_PAGE_SCAN_TYPE);
719 if (type)
720 hdev->page_scan_type = *type;
721}
722
350ee4cf 723static void hci_cc_read_data_block_size(struct hci_dev *hdev,
807deac2 724 struct sk_buff *skb)
350ee4cf
AE		 725{
726 struct hci_rp_read_data_block_size *rp = (void *) skb->data;
727
9f1db00c 728 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
350ee4cf
AE		 729
730 if (rp->status)
731 return;
732
733 hdev->block_mtu = __le16_to_cpu(rp->max_acl_len);
734 hdev->block_len = __le16_to_cpu(rp->block_len);
735 hdev->num_blocks = __le16_to_cpu(rp->num_blocks);
736
737 hdev->block_cnt = hdev->num_blocks;
738
739 BT_DBG("%s blk mtu %d cnt %d len %d", hdev->name, hdev->block_mtu,
807deac2 740 hdev->block_cnt, hdev->block_len);
350ee4cf
AE		 741}
742
33f35721
JH		 743static void hci_cc_read_clock(struct hci_dev *hdev, struct sk_buff *skb)
744{
745 struct hci_rp_read_clock *rp = (void *) skb->data;
746 struct hci_cp_read_clock *cp;
747 struct hci_conn *conn;
748
749 BT_DBG("%s", hdev->name);
750
751 if (skb->len < sizeof(*rp))
752 return;
753
754 if (rp->status)
755 return;
756
757 hci_dev_lock(hdev);
758
759 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_CLOCK);
760 if (!cp)
761 goto unlock;
762
763 if (cp->which == 0x00) {
764 hdev->clock = le32_to_cpu(rp->clock);
765 goto unlock;
766 }
767
768 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
769 if (conn) {
770 conn->clock = le32_to_cpu(rp->clock);
771 conn->clock_accuracy = le16_to_cpu(rp->accuracy);
772 }
773
774unlock:
775 hci_dev_unlock(hdev);
776}
777
928abaa7 778static void hci_cc_read_local_amp_info(struct hci_dev *hdev,
807deac2 779 struct sk_buff *skb)
928abaa7
AE		 780{
781 struct hci_rp_read_local_amp_info *rp = (void *) skb->data;
782
9f1db00c 783 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
928abaa7
AE		 784
785 if (rp->status)
8e2a0d92 786 goto a2mp_rsp;
928abaa7
AE		 787
788 hdev->amp_status = rp->amp_status;
789 hdev->amp_total_bw = __le32_to_cpu(rp->total_bw);
790 hdev->amp_max_bw = __le32_to_cpu(rp->max_bw);
791 hdev->amp_min_latency = __le32_to_cpu(rp->min_latency);
792 hdev->amp_max_pdu = __le32_to_cpu(rp->max_pdu);
793 hdev->amp_type = rp->amp_type;
794 hdev->amp_pal_cap = __le16_to_cpu(rp->pal_cap);
795 hdev->amp_assoc_size = __le16_to_cpu(rp->max_assoc_size);
796 hdev->amp_be_flush_to = __le32_to_cpu(rp->be_flush_to);
797 hdev->amp_max_flush_to = __le32_to_cpu(rp->max_flush_to);
798
8e2a0d92
AE		 799a2mp_rsp:
800 a2mp_send_getinfo_rsp(hdev);
928abaa7
AE		 801}
802
903e4541
AE		 803static void hci_cc_read_local_amp_assoc(struct hci_dev *hdev,
804 struct sk_buff *skb)
805{
806 struct hci_rp_read_local_amp_assoc *rp = (void *) skb->data;
807 struct amp_assoc *assoc = &hdev->loc_assoc;
808 size_t rem_len, frag_len;
809
810 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
811
812 if (rp->status)
813 goto a2mp_rsp;
814
815 frag_len = skb->len - sizeof(*rp);
816 rem_len = __le16_to_cpu(rp->rem_len);
817
818 if (rem_len > frag_len) {
2e430be3 819 BT_DBG("frag_len %zu rem_len %zu", frag_len, rem_len);
903e4541
AE		 820
821 memcpy(assoc->data + assoc->offset, rp->frag, frag_len);
822 assoc->offset += frag_len;
823
824 /* Read other fragments */
825 amp_read_loc_assoc_frag(hdev, rp->phy_handle);
826
827 return;
828 }
829
830 memcpy(assoc->data + assoc->offset, rp->frag, rem_len);
831 assoc->len = assoc->offset + rem_len;
832 assoc->offset = 0;
833
834a2mp_rsp:
835 /* Send A2MP Rsp when all fragments are received */
836 a2mp_send_getampassoc_rsp(hdev, rp->status);
9495b2ee 837 a2mp_send_create_phy_link_req(hdev, rp->status);
903e4541
AE		 838}
839
d5859e22 840static void hci_cc_read_inq_rsp_tx_power(struct hci_dev *hdev,
807deac2 841 struct sk_buff *skb)
d5859e22 842{
91c4e9b1 843 struct hci_rp_read_inq_rsp_tx_power *rp = (void *) skb->data;
d5859e22 844
9f1db00c 845 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
91c4e9b1 846
45296acd
MH		 847 if (rp->status)
848 return;
849
850 hdev->inq_tx_power = rp->tx_power;
d5859e22
JH		 851}
852
980e1a53
JH		 853static void hci_cc_pin_code_reply(struct hci_dev *hdev, struct sk_buff *skb)
854{
855 struct hci_rp_pin_code_reply *rp = (void *) skb->data;
856 struct hci_cp_pin_code_reply *cp;
857 struct hci_conn *conn;
858
9f1db00c 859 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
980e1a53 860
56e5cb86
JH		 861 hci_dev_lock(hdev);
862
a8b2d5c2 863 if (test_bit(HCI_MGMT, &hdev->dev_flags))
744cf19e 864 mgmt_pin_code_reply_complete(hdev, &rp->bdaddr, rp->status);
980e1a53 865
fa1bd918 866 if (rp->status)
56e5cb86 867 goto unlock;
980e1a53
JH		 868
869 cp = hci_sent_cmd_data(hdev, HCI_OP_PIN_CODE_REPLY);
870 if (!cp)
56e5cb86 871 goto unlock;
980e1a53
JH		 872
873 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
874 if (conn)
875 conn->pin_length = cp->pin_len;
56e5cb86
JH		 876
877unlock:
878 hci_dev_unlock(hdev);
980e1a53
JH		 879}
880
881static void hci_cc_pin_code_neg_reply(struct hci_dev *hdev, struct sk_buff *skb)
882{
883 struct hci_rp_pin_code_neg_reply *rp = (void *) skb->data;
884
9f1db00c 885 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
980e1a53 886
56e5cb86
JH		 887 hci_dev_lock(hdev);
888
a8b2d5c2 889 if (test_bit(HCI_MGMT, &hdev->dev_flags))
744cf19e 890 mgmt_pin_code_neg_reply_complete(hdev, &rp->bdaddr,
807deac2 891 rp->status);
56e5cb86
JH		 892
893 hci_dev_unlock(hdev);
980e1a53 894}
56e5cb86 895
6ed58ec5
VT		 896static void hci_cc_le_read_buffer_size(struct hci_dev *hdev,
897 struct sk_buff *skb)
898{
899 struct hci_rp_le_read_buffer_size *rp = (void *) skb->data;
900
9f1db00c 901 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
6ed58ec5
VT		 902
903 if (rp->status)
904 return;
905
906 hdev->le_mtu = __le16_to_cpu(rp->le_mtu);
907 hdev->le_pkts = rp->le_max_pkt;
908
909 hdev->le_cnt = hdev->le_pkts;
910
911 BT_DBG("%s le mtu %d:%d", hdev->name, hdev->le_mtu, hdev->le_pkts);
6ed58ec5 912}
980e1a53 913
60e77321
JH		 914static void hci_cc_le_read_local_features(struct hci_dev *hdev,
915 struct sk_buff *skb)
916{
917 struct hci_rp_le_read_local_features *rp = (void *) skb->data;
918
919 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
920
45296acd
MH		 921 if (rp->status)
922 return;
923
924 memcpy(hdev->le_features, rp->features, 8);
60e77321
JH		 925}
926
8fa19098
JH		 927static void hci_cc_le_read_adv_tx_power(struct hci_dev *hdev,
928 struct sk_buff *skb)
929{
930 struct hci_rp_le_read_adv_tx_power *rp = (void *) skb->data;
931
932 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
933
45296acd
MH		 934 if (rp->status)
935 return;
936
937 hdev->adv_tx_power = rp->tx_power;
8fa19098
JH		 938}
939
a5c29683
JH		 940static void hci_cc_user_confirm_reply(struct hci_dev *hdev, struct sk_buff *skb)
941{
942 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
943
9f1db00c 944 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
a5c29683 945
56e5cb86
JH		 946 hci_dev_lock(hdev);
947
a8b2d5c2 948 if (test_bit(HCI_MGMT, &hdev->dev_flags))
04124681
GP		 949 mgmt_user_confirm_reply_complete(hdev, &rp->bdaddr, ACL_LINK, 0,
950 rp->status);
56e5cb86
JH		 951
952 hci_dev_unlock(hdev);
a5c29683
JH		 953}
954
955static void hci_cc_user_confirm_neg_reply(struct hci_dev *hdev,
807deac2 956 struct sk_buff *skb)
a5c29683
JH		 957{
958 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
959
9f1db00c 960 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
a5c29683 961
56e5cb86
JH		 962 hci_dev_lock(hdev);
963
a8b2d5c2 964 if (test_bit(HCI_MGMT, &hdev->dev_flags))
744cf19e 965 mgmt_user_confirm_neg_reply_complete(hdev, &rp->bdaddr,
04124681 966 ACL_LINK, 0, rp->status);
56e5cb86
JH		 967
968 hci_dev_unlock(hdev);
a5c29683
JH		 969}
970
1143d458
BG		 971static void hci_cc_user_passkey_reply(struct hci_dev *hdev, struct sk_buff *skb)
972{
973 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
974
9f1db00c 975 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1143d458
BG		 976
977 hci_dev_lock(hdev);
978
a8b2d5c2 979 if (test_bit(HCI_MGMT, &hdev->dev_flags))
272d90df 980 mgmt_user_passkey_reply_complete(hdev, &rp->bdaddr, ACL_LINK,
04124681 981 0, rp->status);
1143d458
BG		 982
983 hci_dev_unlock(hdev);
984}
985
986static void hci_cc_user_passkey_neg_reply(struct hci_dev *hdev,
807deac2 987 struct sk_buff *skb)
1143d458
BG		 988{
989 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
990
9f1db00c 991 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1143d458
BG		 992
993 hci_dev_lock(hdev);
994
a8b2d5c2 995 if (test_bit(HCI_MGMT, &hdev->dev_flags))
1143d458 996 mgmt_user_passkey_neg_reply_complete(hdev, &rp->bdaddr,
04124681 997 ACL_LINK, 0, rp->status);
1143d458
BG		 998
999 hci_dev_unlock(hdev);
1000}
1001
4d2d2796
MH		 1002static void hci_cc_read_local_oob_data(struct hci_dev *hdev,
1003 struct sk_buff *skb)
c35938b2
SJ		 1004{
1005 struct hci_rp_read_local_oob_data *rp = (void *) skb->data;
1006
9f1db00c 1007 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
c35938b2 1008
56e5cb86 1009 hci_dev_lock(hdev);
4d2d2796
MH		 1010 mgmt_read_local_oob_data_complete(hdev, rp->hash, rp->randomizer,
1011 NULL, NULL, rp->status);
1012 hci_dev_unlock(hdev);
1013}
1014
1015static void hci_cc_read_local_oob_ext_data(struct hci_dev *hdev,
1016 struct sk_buff *skb)
1017{
1018 struct hci_rp_read_local_oob_ext_data *rp = (void *) skb->data;
1019
1020 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1021
1022 hci_dev_lock(hdev);
1023 mgmt_read_local_oob_data_complete(hdev, rp->hash192, rp->randomizer192,
1024 rp->hash256, rp->randomizer256,
1025 rp->status);
56e5cb86 1026 hci_dev_unlock(hdev);
c35938b2
SJ		 1027}
1028
7a4cd51d
MH		 1029
1030static void hci_cc_le_set_random_addr(struct hci_dev *hdev, struct sk_buff *skb)
1031{
1032 __u8 status = *((__u8 *) skb->data);
1033 bdaddr_t *sent;
1034
1035 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1036
45296acd
MH		 1037 if (status)
1038 return;
1039
7a4cd51d
MH		 1040 sent = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_RANDOM_ADDR);
1041 if (!sent)
1042 return;
1043
1044 hci_dev_lock(hdev);
1045
45296acd 1046 bacpy(&hdev->random_addr, sent);
7a4cd51d
MH		 1047
1048 hci_dev_unlock(hdev);
1049}
1050
c1d5dc4a
JH		 1051static void hci_cc_le_set_adv_enable(struct hci_dev *hdev, struct sk_buff *skb)
1052{
1053 __u8 *sent, status = *((__u8 *) skb->data);
1054
1055 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1056
45296acd 1057 if (status)
c1d5dc4a
JH		 1058 return;
1059
45296acd
MH		 1060 sent = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_ADV_ENABLE);
1061 if (!sent)
3c857757
JH		 1062 return;
1063
c1d5dc4a
JH		 1064 hci_dev_lock(hdev);
1065
3c857757
JH		 1066 /* If we're doing connection initation as peripheral. Set a
1067 * timeout in case something goes wrong.
1068 */
1069 if (*sent) {
1070 struct hci_conn *conn;
1071
66c417c1
JH		 1072 set_bit(HCI_LE_ADV, &hdev->dev_flags);
1073
3c857757
JH		 1074 conn = hci_conn_hash_lookup_state(hdev, LE_LINK, BT_CONNECT);
1075 if (conn)
1076 queue_delayed_work(hdev->workqueue,
1077 &conn->le_conn_timeout,
09ae260b 1078 conn->conn_timeout);
66c417c1
JH		 1079 } else {
1080 clear_bit(HCI_LE_ADV, &hdev->dev_flags);
3c857757
JH		 1081 }
1082
04b4edcb 1083 hci_dev_unlock(hdev);
c1d5dc4a
JH		 1084}
1085
533553f8
MH		 1086static void hci_cc_le_set_scan_param(struct hci_dev *hdev, struct sk_buff *skb)
1087{
1088 struct hci_cp_le_set_scan_param *cp;
1089 __u8 status = *((__u8 *) skb->data);
1090
1091 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1092
45296acd
MH		 1093 if (status)
1094 return;
1095
533553f8
MH		 1096 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_SCAN_PARAM);
1097 if (!cp)
1098 return;
1099
1100 hci_dev_lock(hdev);
1101
45296acd 1102 hdev->le_scan_type = cp->type;
533553f8
MH		 1103
1104 hci_dev_unlock(hdev);
1105}
1106
b9a6328f
JH		 1107static bool has_pending_adv_report(struct hci_dev *hdev)
1108{
1109 struct discovery_state *d = &hdev->discovery;
1110
1111 return bacmp(&d->last_adv_addr, BDADDR_ANY);
1112}
1113
1114static void clear_pending_adv_report(struct hci_dev *hdev)
1115{
1116 struct discovery_state *d = &hdev->discovery;
1117
1118 bacpy(&d->last_adv_addr, BDADDR_ANY);
1119 d->last_adv_data_len = 0;
1120}
1121
1122static void store_pending_adv_report(struct hci_dev *hdev, bdaddr_t *bdaddr,
c70a7e4c
MH		 1123 u8 bdaddr_type, s8 rssi, u32 flags,
1124 u8 *data, u8 len)
b9a6328f
JH		 1125{
1126 struct discovery_state *d = &hdev->discovery;
1127
1128 bacpy(&d->last_adv_addr, bdaddr);
1129 d->last_adv_addr_type = bdaddr_type;
ff5cd29f 1130 d->last_adv_rssi = rssi;
c70a7e4c 1131 d->last_adv_flags = flags;
b9a6328f
JH		 1132 memcpy(d->last_adv_data, data, len);
1133 d->last_adv_data_len = len;
1134}
1135
eb9d91f5 1136static void hci_cc_le_set_scan_enable(struct hci_dev *hdev,
807deac2 1137 struct sk_buff *skb)
eb9d91f5
AG		 1138{
1139 struct hci_cp_le_set_scan_enable *cp;
1140 __u8 status = *((__u8 *) skb->data);
1141
9f1db00c 1142 BT_DBG("%s status 0x%2.2x", hdev->name, status);
eb9d91f5 1143
45296acd 1144 if (status)
eb9d91f5
AG		 1145 return;
1146
45296acd
MH		 1147 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_SCAN_ENABLE);
1148 if (!cp)
3fd319b8
AG		 1149 return;
1150
68a8aea4 1151 switch (cp->enable) {
76a388be 1152 case LE_SCAN_ENABLE:
d23264a8 1153 set_bit(HCI_LE_SCAN, &hdev->dev_flags);
b9a6328f
JH		 1154 if (hdev->le_scan_type == LE_SCAN_ACTIVE)
1155 clear_pending_adv_report(hdev);
68a8aea4
AE		 1156 break;
1157
76a388be 1158 case LE_SCAN_DISABLE:
b9a6328f
JH		 1159 /* We do this here instead of when setting DISCOVERY_STOPPED
1160 * since the latter would potentially require waiting for
1161 * inquiry to stop too.
1162 */
1163 if (has_pending_adv_report(hdev)) {
1164 struct discovery_state *d = &hdev->discovery;
1165
1166 mgmt_device_found(hdev, &d->last_adv_addr, LE_LINK,
ab0aa433 1167 d->last_adv_addr_type, NULL,
c70a7e4c 1168 d->last_adv_rssi, d->last_adv_flags,
ab0aa433 1169 d->last_adv_data,
b9a6328f
JH		 1170 d->last_adv_data_len, NULL, 0);
1171 }
1172
317ac8cb
JH		 1173 /* Cancel this timer so that we don't try to disable scanning
1174 * when it's already disabled.
1175 */
1176 cancel_delayed_work(&hdev->le_scan_disable);
1177
d23264a8 1178 clear_bit(HCI_LE_SCAN, &hdev->dev_flags);
e8bb6b97 1179
81ad6fd9
JH		 1180 /* The HCI_LE_SCAN_INTERRUPTED flag indicates that we
1181 * interrupted scanning due to a connect request. Mark
e8bb6b97
JH		 1182 * therefore discovery as stopped. If this was not
1183 * because of a connect request advertising might have
1184 * been disabled because of active scanning, so
1185 * re-enable it again if necessary.
81ad6fd9
JH		 1186 */
1187 if (test_and_clear_bit(HCI_LE_SCAN_INTERRUPTED,
1188 &hdev->dev_flags))
1189 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
e8bb6b97 1190 else if (!test_bit(HCI_LE_ADV, &hdev->dev_flags) &&
34722277 1191 hdev->discovery.state == DISCOVERY_FINDING)
e8bb6b97
JH		 1192 mgmt_reenable_advertising(hdev);
1193
68a8aea4
AE		 1194 break;
1195
1196 default:
1197 BT_ERR("Used reserved LE_Scan_Enable param %d", cp->enable);
1198 break;
35815085 1199 }
eb9d91f5
AG		 1200}
1201
cf1d081f
JH		 1202static void hci_cc_le_read_white_list_size(struct hci_dev *hdev,
1203 struct sk_buff *skb)
1204{
1205 struct hci_rp_le_read_white_list_size *rp = (void *) skb->data;
1206
1207 BT_DBG("%s status 0x%2.2x size %u", hdev->name, rp->status, rp->size);
1208
45296acd
MH		 1209 if (rp->status)
1210 return;
1211
1212 hdev->le_white_list_size = rp->size;
cf1d081f
JH		 1213}
1214
0f36b589
MH		 1215static void hci_cc_le_clear_white_list(struct hci_dev *hdev,
1216 struct sk_buff *skb)
1217{
1218 __u8 status = *((__u8 *) skb->data);
1219
1220 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1221
45296acd
MH		 1222 if (status)
1223 return;
1224
dcc36c16 1225 hci_bdaddr_list_clear(&hdev->le_white_list);
0f36b589
MH		 1226}
1227
1228static void hci_cc_le_add_to_white_list(struct hci_dev *hdev,
1229 struct sk_buff *skb)
1230{
1231 struct hci_cp_le_add_to_white_list *sent;
1232 __u8 status = *((__u8 *) skb->data);
1233
1234 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1235
45296acd
MH		 1236 if (status)
1237 return;
1238
0f36b589
MH		 1239 sent = hci_sent_cmd_data(hdev, HCI_OP_LE_ADD_TO_WHITE_LIST);
1240 if (!sent)
1241 return;
1242
dcc36c16
JH		 1243 hci_bdaddr_list_add(&hdev->le_white_list, &sent->bdaddr,
1244 sent->bdaddr_type);
0f36b589
MH		 1245}
1246
1247static void hci_cc_le_del_from_white_list(struct hci_dev *hdev,
1248 struct sk_buff *skb)
1249{
1250 struct hci_cp_le_del_from_white_list *sent;
1251 __u8 status = *((__u8 *) skb->data);
1252
1253 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1254
45296acd
MH		 1255 if (status)
1256 return;
1257
0f36b589
MH		 1258 sent = hci_sent_cmd_data(hdev, HCI_OP_LE_DEL_FROM_WHITE_LIST);
1259 if (!sent)
1260 return;
1261
dcc36c16
JH		 1262 hci_bdaddr_list_del(&hdev->le_white_list, &sent->bdaddr,
1263 sent->bdaddr_type);
0f36b589
MH		 1264}
1265
9b008c04
JH		 1266static void hci_cc_le_read_supported_states(struct hci_dev *hdev,
1267 struct sk_buff *skb)
1268{
1269 struct hci_rp_le_read_supported_states *rp = (void *) skb->data;
1270
1271 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1272
45296acd
MH		 1273 if (rp->status)
1274 return;
1275
1276 memcpy(hdev->le_states, rp->le_states, 8);
9b008c04
JH		 1277}
1278
6039aa73
GP		 1279static void hci_cc_write_le_host_supported(struct hci_dev *hdev,
1280 struct sk_buff *skb)
f9b49306 1281{
06199cf8 1282 struct hci_cp_write_le_host_supported *sent;
f9b49306
AG		 1283 __u8 status = *((__u8 *) skb->data);
1284
9f1db00c 1285 BT_DBG("%s status 0x%2.2x", hdev->name, status);
f9b49306 1286
45296acd
MH		 1287 if (status)
1288 return;
1289
06199cf8 1290 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED);
8f984dfa 1291 if (!sent)
f9b49306
AG		 1292 return;
1293
45296acd
MH		 1294 if (sent->le) {
1295 hdev->features[1][0] |= LMP_HOST_LE;
1296 set_bit(HCI_LE_ENABLED, &hdev->dev_flags);
1297 } else {
1298 hdev->features[1][0] &= ~LMP_HOST_LE;
1299 clear_bit(HCI_LE_ENABLED, &hdev->dev_flags);
1300 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
8f984dfa 1301 }
45296acd
MH		 1302
1303 if (sent->simul)
1304 hdev->features[1][0] |= LMP_HOST_LE_BREDR;
1305 else
1306 hdev->features[1][0] &= ~LMP_HOST_LE_BREDR;
f9b49306
AG		 1307}
1308
56ed2cb8
JH		 1309static void hci_cc_set_adv_param(struct hci_dev *hdev, struct sk_buff *skb)
1310{
1311 struct hci_cp_le_set_adv_param *cp;
1312 u8 status = *((u8 *) skb->data);
1313
1314 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1315
1316 if (status)
1317 return;
1318
1319 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_ADV_PARAM);
1320 if (!cp)
1321 return;
1322
1323 hci_dev_lock(hdev);
1324 hdev->adv_addr_type = cp->own_address_type;
1325 hci_dev_unlock(hdev);
1326}
1327
93c284ee
AE		 1328static void hci_cc_write_remote_amp_assoc(struct hci_dev *hdev,
1329 struct sk_buff *skb)
1330{
1331 struct hci_rp_write_remote_amp_assoc *rp = (void *) skb->data;
1332
1333 BT_DBG("%s status 0x%2.2x phy_handle 0x%2.2x",
1334 hdev->name, rp->status, rp->phy_handle);
1335
1336 if (rp->status)
1337 return;
1338
1339 amp_write_rem_assoc_continue(hdev, rp->phy_handle);
1340}
1341
5ae76a94
AK		 1342static void hci_cc_read_rssi(struct hci_dev *hdev, struct sk_buff *skb)
1343{
1344 struct hci_rp_read_rssi *rp = (void *) skb->data;
1345 struct hci_conn *conn;
1346
1347 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1348
1349 if (rp->status)
1350 return;
1351
1352 hci_dev_lock(hdev);
1353
1354 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
1355 if (conn)
1356 conn->rssi = rp->rssi;
1357
1358 hci_dev_unlock(hdev);
1359}
1360
5a134fae
AK		 1361static void hci_cc_read_tx_power(struct hci_dev *hdev, struct sk_buff *skb)
1362{
1363 struct hci_cp_read_tx_power *sent;
1364 struct hci_rp_read_tx_power *rp = (void *) skb->data;
1365 struct hci_conn *conn;
1366
1367 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1368
1369 if (rp->status)
1370 return;
1371
1372 sent = hci_sent_cmd_data(hdev, HCI_OP_READ_TX_POWER);
1373 if (!sent)
1374 return;
1375
1376 hci_dev_lock(hdev);
1377
1378 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
d0455ed9
AK		 1379 if (!conn)
1380 goto unlock;
1381
1382 switch (sent->type) {
1383 case 0x00:
5a134fae 1384 conn->tx_power = rp->tx_power;
d0455ed9
AK		 1385 break;
1386 case 0x01:
1387 conn->max_tx_power = rp->tx_power;
1388 break;
1389 }
5a134fae 1390
d0455ed9 1391unlock:
5a134fae
AK		 1392 hci_dev_unlock(hdev);
1393}
1394
6039aa73 1395static void hci_cs_inquiry(struct hci_dev *hdev, __u8 status)
a9de9248 1396{
9f1db00c 1397 BT_DBG("%s status 0x%2.2x", hdev->name, status);
a9de9248
MH		 1398
1399 if (status) {
a9de9248 1400 hci_conn_check_pending(hdev);
314b2381
JH		 1401 return;
1402 }
1403
89352e7d 1404 set_bit(HCI_INQUIRY, &hdev->flags);
1da177e4
LT		 1405}
1406
6039aa73 1407static void hci_cs_create_conn(struct hci_dev *hdev, __u8 status)
1da177e4 1408{
a9de9248 1409 struct hci_cp_create_conn *cp;
1da177e4 1410 struct hci_conn *conn;
1da177e4 1411
9f1db00c 1412 BT_DBG("%s status 0x%2.2x", hdev->name, status);
a9de9248
MH		 1413
1414 cp = hci_sent_cmd_data(hdev, HCI_OP_CREATE_CONN);
1da177e4
LT		 1415 if (!cp)
1416 return;
1417
1418 hci_dev_lock(hdev);
1419
1420 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1421
6ed93dc6 1422 BT_DBG("%s bdaddr %pMR hcon %p", hdev->name, &cp->bdaddr, conn);
1da177e4
LT		 1423
1424 if (status) {
1425 if (conn && conn->state == BT_CONNECT) {
4c67bc74
MH		 1426 if (status != 0x0c || conn->attempt > 2) {
1427 conn->state = BT_CLOSED;
1428 hci_proto_connect_cfm(conn, status);
1429 hci_conn_del(conn);
1430 } else
1431 conn->state = BT_CONNECT2;
1da177e4
LT		 1432 }
1433 } else {
1434 if (!conn) {
1435 conn = hci_conn_add(hdev, ACL_LINK, &cp->bdaddr);
1436 if (conn) {
a0c808b3 1437 conn->out = true;
4dae2798 1438 set_bit(HCI_CONN_MASTER, &conn->flags);
1da177e4 1439 } else
893ef971 1440 BT_ERR("No memory for new connection");
1da177e4
LT		 1441 }
1442 }
1443
1444 hci_dev_unlock(hdev);
1445}
1446
a9de9248 1447static void hci_cs_add_sco(struct hci_dev *hdev, __u8 status)
1da177e4 1448{
a9de9248
MH		 1449 struct hci_cp_add_sco *cp;
1450 struct hci_conn *acl, *sco;
1451 __u16 handle;
1da177e4 1452
9f1db00c 1453 BT_DBG("%s status 0x%2.2x", hdev->name, status);
b6a0dc82 1454
a9de9248
MH		 1455 if (!status)
1456 return;
1da177e4 1457
a9de9248
MH		 1458 cp = hci_sent_cmd_data(hdev, HCI_OP_ADD_SCO);
1459 if (!cp)
1460 return;
1da177e4 1461
a9de9248 1462 handle = __le16_to_cpu(cp->handle);
1da177e4 1463
9f1db00c 1464 BT_DBG("%s handle 0x%4.4x", hdev->name, handle);
1da177e4 1465
a9de9248 1466 hci_dev_lock(hdev);
1da177e4 1467
a9de9248 1468 acl = hci_conn_hash_lookup_handle(hdev, handle);
5a08ecce
AE		 1469 if (acl) {
1470 sco = acl->link;
1471 if (sco) {
1472 sco->state = BT_CLOSED;
1da177e4 1473
5a08ecce
AE		 1474 hci_proto_connect_cfm(sco, status);
1475 hci_conn_del(sco);
1476 }
a9de9248 1477 }
1da177e4 1478
a9de9248
MH		 1479 hci_dev_unlock(hdev);
1480}
1da177e4 1481
f8558555
MH		 1482static void hci_cs_auth_requested(struct hci_dev *hdev, __u8 status)
1483{
1484 struct hci_cp_auth_requested *cp;
1485 struct hci_conn *conn;
1486
9f1db00c 1487 BT_DBG("%s status 0x%2.2x", hdev->name, status);
f8558555
MH		 1488
1489 if (!status)
1490 return;
1491
1492 cp = hci_sent_cmd_data(hdev, HCI_OP_AUTH_REQUESTED);
1493 if (!cp)
1494 return;
1495
1496 hci_dev_lock(hdev);
1497
1498 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1499 if (conn) {
1500 if (conn->state == BT_CONFIG) {
1501 hci_proto_connect_cfm(conn, status);
76a68ba0 1502 hci_conn_drop(conn);
f8558555
MH		 1503 }
1504 }
1505
1506 hci_dev_unlock(hdev);
1507}
1508
1509static void hci_cs_set_conn_encrypt(struct hci_dev *hdev, __u8 status)
1510{
1511 struct hci_cp_set_conn_encrypt *cp;
1512 struct hci_conn *conn;
1513
9f1db00c 1514 BT_DBG("%s status 0x%2.2x", hdev->name, status);
f8558555
MH		 1515
1516 if (!status)
1517 return;
1518
1519 cp = hci_sent_cmd_data(hdev, HCI_OP_SET_CONN_ENCRYPT);
1520 if (!cp)
1521 return;
1522
1523 hci_dev_lock(hdev);
1524
1525 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1526 if (conn) {
1527 if (conn->state == BT_CONFIG) {
1528 hci_proto_connect_cfm(conn, status);
76a68ba0 1529 hci_conn_drop(conn);
f8558555
MH		 1530 }
1531 }
1532
1533 hci_dev_unlock(hdev);
1534}
1535
127178d2 1536static int hci_outgoing_auth_needed(struct hci_dev *hdev,
807deac2 1537 struct hci_conn *conn)
392599b9 1538{
392599b9
JH		 1539 if (conn->state != BT_CONFIG || !conn->out)
1540 return 0;
1541
765c2a96 1542 if (conn->pending_sec_level == BT_SECURITY_SDP)
392599b9
JH		 1543 return 0;
1544
1545 /* Only request authentication for SSP connections or non-SSP
264b8b4e
JH		 1546 * devices with sec_level MEDIUM or HIGH or if MITM protection
1547 * is requested.
1548 */
807deac2 1549 if (!hci_conn_ssp_enabled(conn) && !(conn->auth_type & 0x01) &&
7e3691e1 1550 conn->pending_sec_level != BT_SECURITY_FIPS &&
264b8b4e
JH		 1551 conn->pending_sec_level != BT_SECURITY_HIGH &&
1552 conn->pending_sec_level != BT_SECURITY_MEDIUM)
392599b9
JH		 1553 return 0;
1554
392599b9
JH		 1555 return 1;
1556}
1557
6039aa73 1558static int hci_resolve_name(struct hci_dev *hdev,
04124681 1559 struct inquiry_entry *e)
30dc78e1
JH		 1560{
1561 struct hci_cp_remote_name_req cp;
1562
1563 memset(&cp, 0, sizeof(cp));
1564
1565 bacpy(&cp.bdaddr, &e->data.bdaddr);
1566 cp.pscan_rep_mode = e->data.pscan_rep_mode;
1567 cp.pscan_mode = e->data.pscan_mode;
1568 cp.clock_offset = e->data.clock_offset;
1569
1570 return hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
1571}
1572
b644ba33 1573static bool hci_resolve_next_name(struct hci_dev *hdev)
30dc78e1
JH		 1574{
1575 struct discovery_state *discov = &hdev->discovery;
1576 struct inquiry_entry *e;
1577
b644ba33
JH		 1578 if (list_empty(&discov->resolve))
1579 return false;
1580
1581 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_NEEDED);
c810089c
RM		 1582 if (!e)
1583 return false;
1584
b644ba33
JH		 1585 if (hci_resolve_name(hdev, e) == 0) {
1586 e->name_state = NAME_PENDING;
1587 return true;
1588 }
1589
1590 return false;
1591}
1592
1593static void hci_check_pending_name(struct hci_dev *hdev, struct hci_conn *conn,
04124681 1594 bdaddr_t *bdaddr, u8 *name, u8 name_len)
b644ba33
JH		 1595{
1596 struct discovery_state *discov = &hdev->discovery;
1597 struct inquiry_entry *e;
1598
1599 if (conn && !test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
04124681
GP		 1600 mgmt_device_connected(hdev, bdaddr, ACL_LINK, 0x00, 0, name,
1601 name_len, conn->dev_class);
b644ba33
JH		 1602
1603 if (discov->state == DISCOVERY_STOPPED)
1604 return;
1605
30dc78e1
JH		 1606 if (discov->state == DISCOVERY_STOPPING)
1607 goto discov_complete;
1608
1609 if (discov->state != DISCOVERY_RESOLVING)
1610 return;
1611
1612 e = hci_inquiry_cache_lookup_resolve(hdev, bdaddr, NAME_PENDING);
7cc8380e
RM		 1613 /* If the device was not found in a list of found devices names of which
1614 * are pending. there is no need to continue resolving a next name as it
1615 * will be done upon receiving another Remote Name Request Complete
1616 * Event */
1617 if (!e)
1618 return;
1619
1620 list_del(&e->list);
1621 if (name) {
30dc78e1 1622 e->name_state = NAME_KNOWN;
7cc8380e
RM		 1623 mgmt_remote_name(hdev, bdaddr, ACL_LINK, 0x00,
1624 e->data.rssi, name, name_len);
c3e7c0d9
RM		 1625 } else {
1626 e->name_state = NAME_NOT_KNOWN;
30dc78e1
JH		 1627 }
1628
b644ba33 1629 if (hci_resolve_next_name(hdev))
30dc78e1 1630 return;
30dc78e1
JH		 1631
1632discov_complete:
1633 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1634}
1635
a9de9248
MH		 1636static void hci_cs_remote_name_req(struct hci_dev *hdev, __u8 status)
1637{
127178d2
JH		 1638 struct hci_cp_remote_name_req *cp;
1639 struct hci_conn *conn;
1640
9f1db00c 1641 BT_DBG("%s status 0x%2.2x", hdev->name, status);
127178d2
JH		 1642
1643 /* If successful wait for the name req complete event before
1644 * checking for the need to do authentication */
1645 if (!status)
1646 return;
1647
1648 cp = hci_sent_cmd_data(hdev, HCI_OP_REMOTE_NAME_REQ);
1649 if (!cp)
1650 return;
1651
1652 hci_dev_lock(hdev);
1653
b644ba33
JH		 1654 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1655
a8b2d5c2 1656 if (test_bit(HCI_MGMT, &hdev->dev_flags))
b644ba33 1657 hci_check_pending_name(hdev, conn, &cp->bdaddr, NULL, 0);
30dc78e1 1658
79c6c70c
JH		 1659 if (!conn)
1660 goto unlock;
1661
1662 if (!hci_outgoing_auth_needed(hdev, conn))
1663 goto unlock;
1664
51a8efd7 1665 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
c1f23a2b
JB		 1666 struct hci_cp_auth_requested auth_cp;
1667
1668 auth_cp.handle = __cpu_to_le16(conn->handle);
1669 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED,
1670 sizeof(auth_cp), &auth_cp);
127178d2
JH		 1671 }
1672
79c6c70c 1673unlock:
127178d2 1674 hci_dev_unlock(hdev);
a9de9248 1675}
1da177e4 1676
769be974
MH		 1677static void hci_cs_read_remote_features(struct hci_dev *hdev, __u8 status)
1678{
1679 struct hci_cp_read_remote_features *cp;
1680 struct hci_conn *conn;
1681
9f1db00c 1682 BT_DBG("%s status 0x%2.2x", hdev->name, status);
769be974
MH		 1683
1684 if (!status)
1685 return;
1686
1687 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_FEATURES);
1688 if (!cp)
1689 return;
1690
1691 hci_dev_lock(hdev);
1692
1693 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1694 if (conn) {
1695 if (conn->state == BT_CONFIG) {
769be974 1696 hci_proto_connect_cfm(conn, status);
76a68ba0 1697 hci_conn_drop(conn);
769be974
MH		 1698 }
1699 }
1700
1701 hci_dev_unlock(hdev);
1702}
1703
1704static void hci_cs_read_remote_ext_features(struct hci_dev *hdev, __u8 status)
1705{
1706 struct hci_cp_read_remote_ext_features *cp;
1707 struct hci_conn *conn;
1708
9f1db00c 1709 BT_DBG("%s status 0x%2.2x", hdev->name, status);
769be974
MH		 1710
1711 if (!status)
1712 return;
1713
1714 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES);
1715 if (!cp)
1716 return;
1717
1718 hci_dev_lock(hdev);
1719
1720 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1721 if (conn) {
1722 if (conn->state == BT_CONFIG) {
769be974 1723 hci_proto_connect_cfm(conn, status);
76a68ba0 1724 hci_conn_drop(conn);
769be974
MH		 1725 }
1726 }
1727
1728 hci_dev_unlock(hdev);
1729}
1730
a9de9248
MH		 1731static void hci_cs_setup_sync_conn(struct hci_dev *hdev, __u8 status)
1732{
b6a0dc82
MH		 1733 struct hci_cp_setup_sync_conn *cp;
1734 struct hci_conn *acl, *sco;
1735 __u16 handle;
1736
9f1db00c 1737 BT_DBG("%s status 0x%2.2x", hdev->name, status);
b6a0dc82
MH		 1738
1739 if (!status)
1740 return;
1741
1742 cp = hci_sent_cmd_data(hdev, HCI_OP_SETUP_SYNC_CONN);
1743 if (!cp)
1744 return;
1745
1746 handle = __le16_to_cpu(cp->handle);
1747
9f1db00c 1748 BT_DBG("%s handle 0x%4.4x", hdev->name, handle);
b6a0dc82
MH		 1749
1750 hci_dev_lock(hdev);
1751
1752 acl = hci_conn_hash_lookup_handle(hdev, handle);
5a08ecce
AE		 1753 if (acl) {
1754 sco = acl->link;
1755 if (sco) {
1756 sco->state = BT_CLOSED;
b6a0dc82 1757
5a08ecce
AE		 1758 hci_proto_connect_cfm(sco, status);
1759 hci_conn_del(sco);
1760 }
b6a0dc82
MH		 1761 }
1762
1763 hci_dev_unlock(hdev);
1da177e4
LT		 1764}
1765
a9de9248 1766static void hci_cs_sniff_mode(struct hci_dev *hdev, __u8 status)
1da177e4 1767{
a9de9248
MH		 1768 struct hci_cp_sniff_mode *cp;
1769 struct hci_conn *conn;
1da177e4 1770
9f1db00c 1771 BT_DBG("%s status 0x%2.2x", hdev->name, status);
04837f64 1772
a9de9248
MH		 1773 if (!status)
1774 return;
04837f64 1775
a9de9248
MH		 1776 cp = hci_sent_cmd_data(hdev, HCI_OP_SNIFF_MODE);
1777 if (!cp)
1778 return;
04837f64 1779
a9de9248 1780 hci_dev_lock(hdev);
04837f64 1781
a9de9248 1782 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
e73439d8 1783 if (conn) {
51a8efd7 1784 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags);
04837f64 1785
51a8efd7 1786 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
e73439d8
MH		 1787 hci_sco_setup(conn, status);
1788 }
1789
a9de9248
MH		 1790 hci_dev_unlock(hdev);
1791}
04837f64 1792
a9de9248
MH		 1793static void hci_cs_exit_sniff_mode(struct hci_dev *hdev, __u8 status)
1794{
1795 struct hci_cp_exit_sniff_mode *cp;
1796 struct hci_conn *conn;
04837f64 1797
9f1db00c 1798 BT_DBG("%s status 0x%2.2x", hdev->name, status);
04837f64 1799
a9de9248
MH		 1800 if (!status)
1801 return;
04837f64 1802
a9de9248
MH		 1803 cp = hci_sent_cmd_data(hdev, HCI_OP_EXIT_SNIFF_MODE);
1804 if (!cp)
1805 return;
04837f64 1806
a9de9248 1807 hci_dev_lock(hdev);
1da177e4 1808
a9de9248 1809 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
e73439d8 1810 if (conn) {
51a8efd7 1811 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags);
1da177e4 1812
51a8efd7 1813 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
e73439d8
MH		 1814 hci_sco_setup(conn, status);
1815 }
1816
a9de9248 1817 hci_dev_unlock(hdev);
1da177e4
LT		 1818}
1819
88c3df13
JH		 1820static void hci_cs_disconnect(struct hci_dev *hdev, u8 status)
1821{
1822 struct hci_cp_disconnect *cp;
1823 struct hci_conn *conn;
1824
1825 if (!status)
1826 return;
1827
1828 cp = hci_sent_cmd_data(hdev, HCI_OP_DISCONNECT);
1829 if (!cp)
1830 return;
1831
1832 hci_dev_lock(hdev);
1833
1834 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1835 if (conn)
1836 mgmt_disconnect_failed(hdev, &conn->dst, conn->type,
04124681 1837 conn->dst_type, status);
88c3df13
JH		 1838
1839 hci_dev_unlock(hdev);
1840}
1841
a02226d6
AE		 1842static void hci_cs_create_phylink(struct hci_dev *hdev, u8 status)
1843{
93c284ee
AE		 1844 struct hci_cp_create_phy_link *cp;
1845
a02226d6 1846 BT_DBG("%s status 0x%2.2x", hdev->name, status);
93c284ee 1847
93c284ee
AE		 1848 cp = hci_sent_cmd_data(hdev, HCI_OP_CREATE_PHY_LINK);
1849 if (!cp)
1850 return;
1851
e58917b9
AE		 1852 hci_dev_lock(hdev);
1853
1854 if (status) {
1855 struct hci_conn *hcon;
1856
1857 hcon = hci_conn_hash_lookup_handle(hdev, cp->phy_handle);
1858 if (hcon)
1859 hci_conn_del(hcon);
1860 } else {
1861 amp_write_remote_assoc(hdev, cp->phy_handle);
1862 }
1863
1864 hci_dev_unlock(hdev);
a02226d6
AE		 1865}
1866
0b26ab9d
AE		 1867static void hci_cs_accept_phylink(struct hci_dev *hdev, u8 status)
1868{
1869 struct hci_cp_accept_phy_link *cp;
1870
1871 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1872
1873 if (status)
1874 return;
1875
1876 cp = hci_sent_cmd_data(hdev, HCI_OP_ACCEPT_PHY_LINK);
1877 if (!cp)
1878 return;
1879
1880 amp_write_remote_assoc(hdev, cp->phy_handle);
1881}
1882
cb1d68f7
JH		 1883static void hci_cs_le_create_conn(struct hci_dev *hdev, u8 status)
1884{
1885 struct hci_cp_le_create_conn *cp;
1886 struct hci_conn *conn;
1887
1888 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1889
1890 /* All connection failure handling is taken care of by the
1891 * hci_le_conn_failed function which is triggered by the HCI
1892 * request completion callbacks used for connecting.
1893 */
1894 if (status)
1895 return;
1896
1897 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_CREATE_CONN);
1898 if (!cp)
1899 return;
1900
1901 hci_dev_lock(hdev);
1902
1903 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->peer_addr);
1904 if (!conn)
1905 goto unlock;
1906
1907 /* Store the initiator and responder address information which
1908 * is needed for SMP. These values will not change during the
1909 * lifetime of the connection.
1910 */
1911 conn->init_addr_type = cp->own_address_type;
1912 if (cp->own_address_type == ADDR_LE_DEV_RANDOM)
1913 bacpy(&conn->init_addr, &hdev->random_addr);
1914 else
1915 bacpy(&conn->init_addr, &hdev->bdaddr);
1916
1917 conn->resp_addr_type = cp->peer_addr_type;
1918 bacpy(&conn->resp_addr, &cp->peer_addr);
1919
9489eca4
JH		 1920 /* We don't want the connection attempt to stick around
1921 * indefinitely since LE doesn't have a page timeout concept
1922 * like BR/EDR. Set a timer for any connection that doesn't use
1923 * the white list for connecting.
1924 */
1925 if (cp->filter_policy == HCI_LE_USE_PEER_ADDR)
1926 queue_delayed_work(conn->hdev->workqueue,
1927 &conn->le_conn_timeout,
09ae260b 1928 conn->conn_timeout);
9489eca4 1929
cb1d68f7
JH		 1930unlock:
1931 hci_dev_unlock(hdev);
1932}
1933
81d0c8ad
JH		 1934static void hci_cs_le_start_enc(struct hci_dev *hdev, u8 status)
1935{
1936 struct hci_cp_le_start_enc *cp;
1937 struct hci_conn *conn;
1938
1939 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1940
1941 if (!status)
1942 return;
1943
1944 hci_dev_lock(hdev);
1945
1946 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_START_ENC);
1947 if (!cp)
1948 goto unlock;
1949
1950 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1951 if (!conn)
1952 goto unlock;
1953
1954 if (conn->state != BT_CONNECTED)
1955 goto unlock;
1956
1957 hci_disconnect(conn, HCI_ERROR_AUTH_FAILURE);
1958 hci_conn_drop(conn);
1959
1960unlock:
1961 hci_dev_unlock(hdev);
1962}
1963
6039aa73 1964static void hci_inquiry_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4
LT		 1965{
1966 __u8 status = *((__u8 *) skb->data);
30dc78e1
JH		 1967 struct discovery_state *discov = &hdev->discovery;
1968 struct inquiry_entry *e;
1da177e4 1969
9f1db00c 1970 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1da177e4 1971
a9de9248 1972 hci_conn_check_pending(hdev);
89352e7d
AG		 1973
1974 if (!test_and_clear_bit(HCI_INQUIRY, &hdev->flags))
1975 return;
1976
4e857c58 1977 smp_mb__after_atomic(); /* wake_up_bit advises about this barrier */
3e13fa1e
AG		 1978 wake_up_bit(&hdev->flags, HCI_INQUIRY);
1979
a8b2d5c2 1980 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
30dc78e1
JH		 1981 return;
1982
56e5cb86 1983 hci_dev_lock(hdev);
30dc78e1 1984
343f935b 1985 if (discov->state != DISCOVERY_FINDING)
30dc78e1
JH		 1986 goto unlock;
1987
1988 if (list_empty(&discov->resolve)) {
1989 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1990 goto unlock;
1991 }
1992
1993 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_NEEDED);
1994 if (e && hci_resolve_name(hdev, e) == 0) {
1995 e->name_state = NAME_PENDING;
1996 hci_discovery_set_state(hdev, DISCOVERY_RESOLVING);
1997 } else {
1998 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1999 }
2000
2001unlock:
56e5cb86 2002 hci_dev_unlock(hdev);
1da177e4
LT		 2003}
2004
6039aa73 2005static void hci_inquiry_result_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 2006{
45bb4bf0 2007 struct inquiry_data data;
a9de9248 2008 struct inquiry_info *info = (void *) (skb->data + 1);
1da177e4
LT		 2009 int num_rsp = *((__u8 *) skb->data);
2010
2011 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
2012
45bb4bf0
MH		 2013 if (!num_rsp)
2014 return;
2015
1519cc17
AG		 2016 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags))
2017 return;
2018
1da177e4 2019 hci_dev_lock(hdev);
45bb4bf0 2020
e17acd40 2021 for (; num_rsp; num_rsp--, info++) {
af58925c 2022 u32 flags;
3175405b 2023
1da177e4
LT		 2024 bacpy(&data.bdaddr, &info->bdaddr);
2025 data.pscan_rep_mode = info->pscan_rep_mode;
2026 data.pscan_period_mode = info->pscan_period_mode;
2027 data.pscan_mode = info->pscan_mode;
2028 memcpy(data.dev_class, info->dev_class, 3);
2029 data.clock_offset = info->clock_offset;
2030 data.rssi = 0x00;
41a96212 2031 data.ssp_mode = 0x00;
3175405b 2032
af58925c
MH		 2033 flags = hci_inquiry_cache_update(hdev, &data, false);
2034
48264f06 2035 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
af58925c 2036 info->dev_class, 0, flags, NULL, 0, NULL, 0);
1da177e4 2037 }
45bb4bf0 2038
1da177e4
LT		 2039 hci_dev_unlock(hdev);
2040}
2041
6039aa73 2042static void hci_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 2043{
a9de9248
MH		 2044 struct hci_ev_conn_complete *ev = (void *) skb->data;
2045 struct hci_conn *conn;
1da177e4
LT		 2046
2047 BT_DBG("%s", hdev->name);
2048
2049 hci_dev_lock(hdev);
2050
2051 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
9499237a
MH		 2052 if (!conn) {
2053 if (ev->link_type != SCO_LINK)
2054 goto unlock;
2055
2056 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
2057 if (!conn)
2058 goto unlock;
2059
2060 conn->type = SCO_LINK;
2061 }
1da177e4
LT		 2062
2063 if (!ev->status) {
2064 conn->handle = __le16_to_cpu(ev->handle);
769be974
MH		 2065
2066 if (conn->type == ACL_LINK) {
2067 conn->state = BT_CONFIG;
2068 hci_conn_hold(conn);
a9ea3ed9
SJ		 2069
2070 if (!conn->out && !hci_conn_ssp_enabled(conn) &&
2071 !hci_find_link_key(hdev, &ev->bdaddr))
2072 conn->disc_timeout = HCI_PAIRING_TIMEOUT;
2073 else
2074 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
769be974
MH		 2075 } else
2076 conn->state = BT_CONNECTED;
1da177e4 2077
7d0db0a3
MH		 2078 hci_conn_add_sysfs(conn);
2079
1da177e4 2080 if (test_bit(HCI_AUTH, &hdev->flags))
4dae2798 2081 set_bit(HCI_CONN_AUTH, &conn->flags);
1da177e4
LT		 2082
2083 if (test_bit(HCI_ENCRYPT, &hdev->flags))
4dae2798 2084 set_bit(HCI_CONN_ENCRYPT, &conn->flags);
1da177e4 2085
04837f64
MH		 2086 /* Get remote features */
2087 if (conn->type == ACL_LINK) {
2088 struct hci_cp_read_remote_features cp;
2089 cp.handle = ev->handle;
769be974 2090 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_FEATURES,
04124681 2091 sizeof(cp), &cp);
04837f64
MH		 2092 }
2093
1da177e4 2094 /* Set packet type for incoming connection */
d095c1eb 2095 if (!conn->out && hdev->hci_ver < BLUETOOTH_VER_2_0) {
1da177e4
LT		 2096 struct hci_cp_change_conn_ptype cp;
2097 cp.handle = ev->handle;
a8746417 2098 cp.pkt_type = cpu_to_le16(conn->pkt_type);
04124681
GP		 2099 hci_send_cmd(hdev, HCI_OP_CHANGE_CONN_PTYPE, sizeof(cp),
2100 &cp);
1da177e4 2101 }
17d5c04c 2102 } else {
1da177e4 2103 conn->state = BT_CLOSED;
17d5c04c 2104 if (conn->type == ACL_LINK)
64c7b77c 2105 mgmt_connect_failed(hdev, &conn->dst, conn->type,
04124681 2106 conn->dst_type, ev->status);
17d5c04c 2107 }
1da177e4 2108
e73439d8
MH		 2109 if (conn->type == ACL_LINK)
2110 hci_sco_setup(conn, ev->status);
1da177e4 2111
769be974
MH		 2112 if (ev->status) {
2113 hci_proto_connect_cfm(conn, ev->status);
1da177e4 2114 hci_conn_del(conn);
c89b6e6b
MH		 2115 } else if (ev->link_type != ACL_LINK)
2116 hci_proto_connect_cfm(conn, ev->status);
1da177e4 2117
a9de9248 2118unlock:
1da177e4 2119 hci_dev_unlock(hdev);
1da177e4 2120
a9de9248 2121 hci_conn_check_pending(hdev);
1da177e4
LT		 2122}
2123
70c46425
JH		 2124static void hci_reject_conn(struct hci_dev *hdev, bdaddr_t *bdaddr)
2125{
2126 struct hci_cp_reject_conn_req cp;
2127
2128 bacpy(&cp.bdaddr, bdaddr);
2129 cp.reason = HCI_ERROR_REJ_BAD_ADDR;
2130 hci_send_cmd(hdev, HCI_OP_REJECT_CONN_REQ, sizeof(cp), &cp);
2131}
2132
6039aa73 2133static void hci_conn_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 2134{
a9de9248
MH		 2135 struct hci_ev_conn_request *ev = (void *) skb->data;
2136 int mask = hdev->link_mode;
70c46425
JH		 2137 struct inquiry_entry *ie;
2138 struct hci_conn *conn;
20714bfe 2139 __u8 flags = 0;
1da177e4 2140
6ed93dc6 2141 BT_DBG("%s bdaddr %pMR type 0x%x", hdev->name, &ev->bdaddr,
807deac2 2142 ev->link_type);
1da177e4 2143
20714bfe
FD		 2144 mask |= hci_proto_connect_ind(hdev, &ev->bdaddr, ev->link_type,
2145 &flags);
1da177e4 2146
70c46425
JH		 2147 if (!(mask & HCI_LM_ACCEPT)) {
2148 hci_reject_conn(hdev, &ev->bdaddr);
2149 return;
2150 }
2151
a55bd29d
JH		 2152 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags)) {
2153 if (hci_bdaddr_list_lookup(&hdev->blacklist, &ev->bdaddr,
2154 BDADDR_BREDR)) {
2155 hci_reject_conn(hdev, &ev->bdaddr);
2156 return;
2157 }
2158 } else {
2159 if (!hci_bdaddr_list_lookup(&hdev->whitelist, &ev->bdaddr,
2160 BDADDR_BREDR)) {
2161 hci_reject_conn(hdev, &ev->bdaddr);
2162 return;
2163 }
70c46425 2164 }
1da177e4 2165
70c46425 2166 /* Connection accepted */
b6a0dc82 2167
70c46425
JH		 2168 hci_dev_lock(hdev);
2169
2170 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
2171 if (ie)
2172 memcpy(ie->data.dev_class, ev->dev_class, 3);
c7bdd502 2173
70c46425
JH		 2174 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type,
2175 &ev->bdaddr);
2176 if (!conn) {
2177 conn = hci_conn_add(hdev, ev->link_type, &ev->bdaddr);
a9de9248 2178 if (!conn) {
70c46425
JH		 2179 BT_ERR("No memory for new connection");
2180 hci_dev_unlock(hdev);
2181 return;
1da177e4 2182 }
70c46425 2183 }
b6a0dc82 2184
70c46425 2185 memcpy(conn->dev_class, ev->dev_class, 3);
b6a0dc82 2186
70c46425 2187 hci_dev_unlock(hdev);
1da177e4 2188
70c46425
JH		 2189 if (ev->link_type == ACL_LINK ||
2190 (!(flags & HCI_PROTO_DEFER) && !lmp_esco_capable(hdev))) {
2191 struct hci_cp_accept_conn_req cp;
2192 conn->state = BT_CONNECT;
1da177e4 2193
70c46425 2194 bacpy(&cp.bdaddr, &ev->bdaddr);
b6a0dc82 2195
70c46425
JH		 2196 if (lmp_rswitch_capable(hdev) && (mask & HCI_LM_MASTER))
2197 cp.role = 0x00; /* Become master */
2198 else
2199 cp.role = 0x01; /* Remain slave */
b6a0dc82 2200
70c46425
JH		 2201 hci_send_cmd(hdev, HCI_OP_ACCEPT_CONN_REQ, sizeof(cp), &cp);
2202 } else if (!(flags & HCI_PROTO_DEFER)) {
2203 struct hci_cp_accept_sync_conn_req cp;
2204 conn->state = BT_CONNECT;
b6a0dc82 2205
70c46425
JH		 2206 bacpy(&cp.bdaddr, &ev->bdaddr);
2207 cp.pkt_type = cpu_to_le16(conn->pkt_type);
b6a0dc82 2208
70c46425
JH		 2209 cp.tx_bandwidth = cpu_to_le32(0x00001f40);
2210 cp.rx_bandwidth = cpu_to_le32(0x00001f40);
2211 cp.max_latency = cpu_to_le16(0xffff);
2212 cp.content_format = cpu_to_le16(hdev->voice_setting);
2213 cp.retrans_effort = 0xff;
1da177e4 2214
70c46425
JH		 2215 hci_send_cmd(hdev, HCI_OP_ACCEPT_SYNC_CONN_REQ, sizeof(cp),
2216 &cp);
a9de9248 2217 } else {
70c46425
JH		 2218 conn->state = BT_CONNECT2;
2219 hci_proto_connect_cfm(conn, 0);
1da177e4 2220 }
1da177e4
LT		 2221}
2222
f0d6a0ea
MA		 2223static u8 hci_to_mgmt_reason(u8 err)
2224{
2225 switch (err) {
2226 case HCI_ERROR_CONNECTION_TIMEOUT:
2227 return MGMT_DEV_DISCONN_TIMEOUT;
2228 case HCI_ERROR_REMOTE_USER_TERM:
2229 case HCI_ERROR_REMOTE_LOW_RESOURCES:
2230 case HCI_ERROR_REMOTE_POWER_OFF:
2231 return MGMT_DEV_DISCONN_REMOTE;
2232 case HCI_ERROR_LOCAL_HOST_TERM:
2233 return MGMT_DEV_DISCONN_LOCAL_HOST;
2234 default:
2235 return MGMT_DEV_DISCONN_UNKNOWN;
2236 }
2237}
2238
6039aa73 2239static void hci_disconn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
04837f64 2240{
a9de9248 2241 struct hci_ev_disconn_complete *ev = (void *) skb->data;
abf54a50 2242 u8 reason = hci_to_mgmt_reason(ev->reason);
9fcb18ef 2243 struct hci_conn_params *params;
04837f64 2244 struct hci_conn *conn;
12d4a3b2 2245 bool mgmt_connected;
3846220b 2246 u8 type;
04837f64 2247
9f1db00c 2248 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
04837f64
MH		 2249
2250 hci_dev_lock(hdev);
2251
2252 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
f7520543
JH		 2253 if (!conn)
2254 goto unlock;
7d0db0a3 2255
abf54a50
AG		 2256 if (ev->status) {
2257 mgmt_disconnect_failed(hdev, &conn->dst, conn->type,
2258 conn->dst_type, ev->status);
2259 goto unlock;
37d9ef76 2260 }
f7520543 2261
3846220b
AG		 2262 conn->state = BT_CLOSED;
2263
12d4a3b2
JH		 2264 mgmt_connected = test_and_clear_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags);
2265 mgmt_device_disconnected(hdev, &conn->dst, conn->type, conn->dst_type,
2266 reason, mgmt_connected);
abf54a50 2267
af6a9c32
JH		 2268 if (conn->type == ACL_LINK &&
2269 test_bit(HCI_CONN_FLUSH_KEY, &conn->flags))
3846220b 2270 hci_remove_link_key(hdev, &conn->dst);
2210246c 2271
9fcb18ef
AG		 2272 params = hci_conn_params_lookup(hdev, &conn->dst, conn->dst_type);
2273 if (params) {
2274 switch (params->auto_connect) {
2275 case HCI_AUTO_CONN_LINK_LOSS:
2276 if (ev->reason != HCI_ERROR_CONNECTION_TIMEOUT)
2277 break;
2278 /* Fall through */
2279
2280 case HCI_AUTO_CONN_ALWAYS:
418025d1
JH		 2281 list_del_init(&params->action);
2282 list_add(&params->action, &hdev->pend_le_conns);
2283 hci_update_background_scan(hdev);
9fcb18ef
AG		 2284 break;
2285
2286 default:
2287 break;
2288 }
2289 }
2290
3846220b 2291 type = conn->type;
2210246c 2292
3846220b
AG		 2293 hci_proto_disconn_cfm(conn, ev->reason);
2294 hci_conn_del(conn);
2295
2296 /* Re-enable advertising if necessary, since it might
2297 * have been disabled by the connection. From the
2298 * HCI_LE_Set_Advertise_Enable command description in
2299 * the core specification (v4.0):
2300 * "The Controller shall continue advertising until the Host
2301 * issues an LE_Set_Advertise_Enable command with
2302 * Advertising_Enable set to 0x00 (Advertising is disabled)
2303 * or until a connection is created or until the Advertising
2304 * is timed out due to Directed Advertising."
2305 */
2306 if (type == LE_LINK)
2307 mgmt_reenable_advertising(hdev);
f7520543
JH		 2308
2309unlock:
04837f64
MH		 2310 hci_dev_unlock(hdev);
2311}
2312
6039aa73 2313static void hci_auth_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 2314{
a9de9248 2315 struct hci_ev_auth_complete *ev = (void *) skb->data;
04837f64 2316 struct hci_conn *conn;
1da177e4 2317
9f1db00c 2318 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
1da177e4
LT		 2319
2320 hci_dev_lock(hdev);
2321
04837f64 2322 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
d7556e20
WR		 2323 if (!conn)
2324 goto unlock;
2325
2326 if (!ev->status) {
aa64a8b5 2327 if (!hci_conn_ssp_enabled(conn) &&
807deac2 2328 test_bit(HCI_CONN_REAUTH_PEND, &conn->flags)) {
d7556e20 2329 BT_INFO("re-auth of legacy device is not possible.");
2a611692 2330 } else {
4dae2798 2331 set_bit(HCI_CONN_AUTH, &conn->flags);
d7556e20 2332 conn->sec_level = conn->pending_sec_level;
2a611692 2333 }
d7556e20 2334 } else {
bab73cb6 2335 mgmt_auth_failed(hdev, &conn->dst, conn->type, conn->dst_type,
04124681 2336 ev->status);
d7556e20 2337 }
1da177e4 2338
51a8efd7
JH		 2339 clear_bit(HCI_CONN_AUTH_PEND, &conn->flags);
2340 clear_bit(HCI_CONN_REAUTH_PEND, &conn->flags);
1da177e4 2341
d7556e20 2342 if (conn->state == BT_CONFIG) {
aa64a8b5 2343 if (!ev->status && hci_conn_ssp_enabled(conn)) {
d7556e20
WR		 2344 struct hci_cp_set_conn_encrypt cp;
2345 cp.handle = ev->handle;
2346 cp.encrypt = 0x01;
2347 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
807deac2 2348 &cp);
052b30b0 2349 } else {
d7556e20
WR		 2350 conn->state = BT_CONNECTED;
2351 hci_proto_connect_cfm(conn, ev->status);
76a68ba0 2352 hci_conn_drop(conn);
052b30b0 2353 }
d7556e20
WR		 2354 } else {
2355 hci_auth_cfm(conn, ev->status);
052b30b0 2356
d7556e20
WR		 2357 hci_conn_hold(conn);
2358 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
76a68ba0 2359 hci_conn_drop(conn);
d7556e20
WR		 2360 }
2361
51a8efd7 2362 if (test_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags)) {
d7556e20
WR		 2363 if (!ev->status) {
2364 struct hci_cp_set_conn_encrypt cp;
2365 cp.handle = ev->handle;
2366 cp.encrypt = 0x01;
2367 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
807deac2 2368 &cp);
d7556e20 2369 } else {
51a8efd7 2370 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
d7556e20 2371 hci_encrypt_cfm(conn, ev->status, 0x00);
1da177e4
LT		 2372 }
2373 }
2374
d7556e20 2375unlock:
1da177e4
LT		 2376 hci_dev_unlock(hdev);
2377}
2378
6039aa73 2379static void hci_remote_name_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 2380{
127178d2
JH		 2381 struct hci_ev_remote_name *ev = (void *) skb->data;
2382 struct hci_conn *conn;
2383
a9de9248 2384 BT_DBG("%s", hdev->name);
1da177e4 2385
a9de9248 2386 hci_conn_check_pending(hdev);
127178d2
JH		 2387
2388 hci_dev_lock(hdev);
2389
b644ba33 2390 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
30dc78e1 2391
b644ba33
JH		 2392 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
2393 goto check_auth;
a88a9652 2394
b644ba33
JH		 2395 if (ev->status == 0)
2396 hci_check_pending_name(hdev, conn, &ev->bdaddr, ev->name,
04124681 2397 strnlen(ev->name, HCI_MAX_NAME_LENGTH));
b644ba33
JH		 2398 else
2399 hci_check_pending_name(hdev, conn, &ev->bdaddr, NULL, 0);
2400
2401check_auth:
79c6c70c
JH		 2402 if (!conn)
2403 goto unlock;
2404
2405 if (!hci_outgoing_auth_needed(hdev, conn))
2406 goto unlock;
2407
51a8efd7 2408 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
127178d2
JH		 2409 struct hci_cp_auth_requested cp;
2410 cp.handle = __cpu_to_le16(conn->handle);
2411 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp);
2412 }
2413
79c6c70c 2414unlock:
127178d2 2415 hci_dev_unlock(hdev);
a9de9248
MH		 2416}
2417
6039aa73 2418static void hci_encrypt_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248
MH		 2419{
2420 struct hci_ev_encrypt_change *ev = (void *) skb->data;
2421 struct hci_conn *conn;
2422
9f1db00c 2423 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
1da177e4
LT		 2424
2425 hci_dev_lock(hdev);
2426
04837f64 2427 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
dc8357cc
MH		 2428 if (!conn)
2429 goto unlock;
1da177e4 2430
dc8357cc
MH		 2431 if (!ev->status) {
2432 if (ev->encrypt) {
2433 /* Encryption implies authentication */
4dae2798
JH		 2434 set_bit(HCI_CONN_AUTH, &conn->flags);
2435 set_bit(HCI_CONN_ENCRYPT, &conn->flags);
dc8357cc 2436 conn->sec_level = conn->pending_sec_level;
abf76bad 2437
914a6ffe
MH		 2438 /* P-256 authentication key implies FIPS */
2439 if (conn->key_type == HCI_LK_AUTH_COMBINATION_P256)
4dae2798 2440 set_bit(HCI_CONN_FIPS, &conn->flags);
914a6ffe 2441
abf76bad
MH		 2442 if ((conn->type == ACL_LINK && ev->encrypt == 0x02) ||
2443 conn->type == LE_LINK)
2444 set_bit(HCI_CONN_AES_CCM, &conn->flags);
2445 } else {
4dae2798 2446 clear_bit(HCI_CONN_ENCRYPT, &conn->flags);
abf76bad
MH		 2447 clear_bit(HCI_CONN_AES_CCM, &conn->flags);
2448 }
dc8357cc 2449 }
a7d7723a 2450
dc8357cc 2451 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
f8558555 2452
dc8357cc
MH		 2453 if (ev->status && conn->state == BT_CONNECTED) {
2454 hci_disconnect(conn, HCI_ERROR_AUTH_FAILURE);
2455 hci_conn_drop(conn);
2456 goto unlock;
1da177e4
LT		 2457 }
2458
dc8357cc
MH		 2459 if (conn->state == BT_CONFIG) {
2460 if (!ev->status)
2461 conn->state = BT_CONNECTED;
2462
40b552aa
MH		 2463 /* In Secure Connections Only mode, do not allow any
2464 * connections that are not encrypted with AES-CCM
2465 * using a P-256 authenticated combination key.
2466 */
2467 if (test_bit(HCI_SC_ONLY, &hdev->dev_flags) &&
2468 (!test_bit(HCI_CONN_AES_CCM, &conn->flags) ||
2469 conn->key_type != HCI_LK_AUTH_COMBINATION_P256)) {
2470 hci_proto_connect_cfm(conn, HCI_ERROR_AUTH_FAILURE);
2471 hci_conn_drop(conn);
2472 goto unlock;
2473 }
2474
dc8357cc
MH		 2475 hci_proto_connect_cfm(conn, ev->status);
2476 hci_conn_drop(conn);
2477 } else
2478 hci_encrypt_cfm(conn, ev->status, ev->encrypt);
2479
a7d7723a 2480unlock:
1da177e4
LT		 2481 hci_dev_unlock(hdev);
2482}
2483
6039aa73
GP		 2484static void hci_change_link_key_complete_evt(struct hci_dev *hdev,
2485 struct sk_buff *skb)
1da177e4 2486{
a9de9248 2487 struct hci_ev_change_link_key_complete *ev = (void *) skb->data;
04837f64 2488 struct hci_conn *conn;
1da177e4 2489
9f1db00c 2490 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
1da177e4
LT		 2491
2492 hci_dev_lock(hdev);
2493
04837f64 2494 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1da177e4
LT		 2495 if (conn) {
2496 if (!ev->status)
4dae2798 2497 set_bit(HCI_CONN_SECURE, &conn->flags);
1da177e4 2498
51a8efd7 2499 clear_bit(HCI_CONN_AUTH_PEND, &conn->flags);
1da177e4
LT		 2500
2501 hci_key_change_cfm(conn, ev->status);
2502 }
2503
2504 hci_dev_unlock(hdev);
2505}
2506
6039aa73
GP		 2507static void hci_remote_features_evt(struct hci_dev *hdev,
2508 struct sk_buff *skb)
1da177e4 2509{
a9de9248
MH		 2510 struct hci_ev_remote_features *ev = (void *) skb->data;
2511 struct hci_conn *conn;
2512
9f1db00c 2513 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
a9de9248 2514
a9de9248
MH		 2515 hci_dev_lock(hdev);
2516
2517 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
ccd556fe
JH		 2518 if (!conn)
2519 goto unlock;
769be974 2520
ccd556fe 2521 if (!ev->status)
cad718ed 2522 memcpy(conn->features[0], ev->features, 8);
ccd556fe
JH		 2523
2524 if (conn->state != BT_CONFIG)
2525 goto unlock;
2526
2527 if (!ev->status && lmp_ssp_capable(hdev) && lmp_ssp_capable(conn)) {
2528 struct hci_cp_read_remote_ext_features cp;
2529 cp.handle = ev->handle;
2530 cp.page = 0x01;
2531 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES,
807deac2 2532 sizeof(cp), &cp);
392599b9
JH		 2533 goto unlock;
2534 }
2535
671267bf 2536 if (!ev->status && !test_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags)) {
127178d2
JH		 2537 struct hci_cp_remote_name_req cp;
2538 memset(&cp, 0, sizeof(cp));
2539 bacpy(&cp.bdaddr, &conn->dst);
2540 cp.pscan_rep_mode = 0x02;
2541 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
b644ba33
JH		 2542 } else if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
2543 mgmt_device_connected(hdev, &conn->dst, conn->type,
04124681
GP		 2544 conn->dst_type, 0, NULL, 0,
2545 conn->dev_class);
392599b9 2546
127178d2 2547 if (!hci_outgoing_auth_needed(hdev, conn)) {
ccd556fe
JH		 2548 conn->state = BT_CONNECTED;
2549 hci_proto_connect_cfm(conn, ev->status);
76a68ba0 2550 hci_conn_drop(conn);
769be974 2551 }
a9de9248 2552
ccd556fe 2553unlock:
a9de9248 2554 hci_dev_unlock(hdev);
1da177e4
LT		 2555}
2556
6039aa73 2557static void hci_cmd_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248
MH		 2558{
2559 struct hci_ev_cmd_complete *ev = (void *) skb->data;
9238f36a 2560 u8 status = skb->data[sizeof(*ev)];
a9de9248
MH		 2561 __u16 opcode;
2562
2563 skb_pull(skb, sizeof(*ev));
2564
2565 opcode = __le16_to_cpu(ev->opcode);
2566
2567 switch (opcode) {
2568 case HCI_OP_INQUIRY_CANCEL:
2569 hci_cc_inquiry_cancel(hdev, skb);
2570 break;
2571
4d93483b
AG		 2572 case HCI_OP_PERIODIC_INQ:
2573 hci_cc_periodic_inq(hdev, skb);
2574 break;
2575
a9de9248
MH		 2576 case HCI_OP_EXIT_PERIODIC_INQ:
2577 hci_cc_exit_periodic_inq(hdev, skb);
2578 break;
2579
2580 case HCI_OP_REMOTE_NAME_REQ_CANCEL:
2581 hci_cc_remote_name_req_cancel(hdev, skb);
2582 break;
2583
2584 case HCI_OP_ROLE_DISCOVERY:
2585 hci_cc_role_discovery(hdev, skb);
2586 break;
2587
e4e8e37c
MH		 2588 case HCI_OP_READ_LINK_POLICY:
2589 hci_cc_read_link_policy(hdev, skb);
2590 break;
2591
a9de9248
MH		 2592 case HCI_OP_WRITE_LINK_POLICY:
2593 hci_cc_write_link_policy(hdev, skb);
2594 break;
2595
e4e8e37c
MH		 2596 case HCI_OP_READ_DEF_LINK_POLICY:
2597 hci_cc_read_def_link_policy(hdev, skb);
2598 break;
2599
2600 case HCI_OP_WRITE_DEF_LINK_POLICY:
2601 hci_cc_write_def_link_policy(hdev, skb);
2602 break;
2603
a9de9248
MH		 2604 case HCI_OP_RESET:
2605 hci_cc_reset(hdev, skb);
2606 break;
2607
2608 case HCI_OP_WRITE_LOCAL_NAME:
2609 hci_cc_write_local_name(hdev, skb);
2610 break;
2611
2612 case HCI_OP_READ_LOCAL_NAME:
2613 hci_cc_read_local_name(hdev, skb);
2614 break;
2615
2616 case HCI_OP_WRITE_AUTH_ENABLE:
2617 hci_cc_write_auth_enable(hdev, skb);
2618 break;
2619
2620 case HCI_OP_WRITE_ENCRYPT_MODE:
2621 hci_cc_write_encrypt_mode(hdev, skb);
2622 break;
2623
2624 case HCI_OP_WRITE_SCAN_ENABLE:
2625 hci_cc_write_scan_enable(hdev, skb);
2626 break;
2627
2628 case HCI_OP_READ_CLASS_OF_DEV:
2629 hci_cc_read_class_of_dev(hdev, skb);
2630 break;
2631
2632 case HCI_OP_WRITE_CLASS_OF_DEV:
2633 hci_cc_write_class_of_dev(hdev, skb);
2634 break;
2635
2636 case HCI_OP_READ_VOICE_SETTING:
2637 hci_cc_read_voice_setting(hdev, skb);
2638 break;
2639
2640 case HCI_OP_WRITE_VOICE_SETTING:
2641 hci_cc_write_voice_setting(hdev, skb);
2642 break;
2643
b4cb9fb2
MH		 2644 case HCI_OP_READ_NUM_SUPPORTED_IAC:
2645 hci_cc_read_num_supported_iac(hdev, skb);
2646 break;
2647
333140b5
MH		 2648 case HCI_OP_WRITE_SSP_MODE:
2649 hci_cc_write_ssp_mode(hdev, skb);
2650 break;
2651
eac83dc6
MH		 2652 case HCI_OP_WRITE_SC_SUPPORT:
2653 hci_cc_write_sc_support(hdev, skb);
2654 break;
2655
a9de9248
MH		 2656 case HCI_OP_READ_LOCAL_VERSION:
2657 hci_cc_read_local_version(hdev, skb);
2658 break;
2659
2660 case HCI_OP_READ_LOCAL_COMMANDS:
2661 hci_cc_read_local_commands(hdev, skb);
2662 break;
2663
2664 case HCI_OP_READ_LOCAL_FEATURES:
2665 hci_cc_read_local_features(hdev, skb);
2666 break;
2667
971e3a4b
AG		 2668 case HCI_OP_READ_LOCAL_EXT_FEATURES:
2669 hci_cc_read_local_ext_features(hdev, skb);
2670 break;
2671
a9de9248
MH		 2672 case HCI_OP_READ_BUFFER_SIZE:
2673 hci_cc_read_buffer_size(hdev, skb);
2674 break;
2675
2676 case HCI_OP_READ_BD_ADDR:
2677 hci_cc_read_bd_addr(hdev, skb);
2678 break;
2679
f332ec66
JH		 2680 case HCI_OP_READ_PAGE_SCAN_ACTIVITY:
2681 hci_cc_read_page_scan_activity(hdev, skb);
2682 break;
2683
4a3ee763
JH		 2684 case HCI_OP_WRITE_PAGE_SCAN_ACTIVITY:
2685 hci_cc_write_page_scan_activity(hdev, skb);
2686 break;
2687
f332ec66
JH		 2688 case HCI_OP_READ_PAGE_SCAN_TYPE:
2689 hci_cc_read_page_scan_type(hdev, skb);
2690 break;
2691
4a3ee763
JH		 2692 case HCI_OP_WRITE_PAGE_SCAN_TYPE:
2693 hci_cc_write_page_scan_type(hdev, skb);
2694 break;
2695
350ee4cf
AE		 2696 case HCI_OP_READ_DATA_BLOCK_SIZE:
2697 hci_cc_read_data_block_size(hdev, skb);
2698 break;
2699
1e89cffb
AE		 2700 case HCI_OP_READ_FLOW_CONTROL_MODE:
2701 hci_cc_read_flow_control_mode(hdev, skb);
2702 break;
2703
928abaa7
AE		 2704 case HCI_OP_READ_LOCAL_AMP_INFO:
2705 hci_cc_read_local_amp_info(hdev, skb);
2706 break;
2707
33f35721
JH		 2708 case HCI_OP_READ_CLOCK:
2709 hci_cc_read_clock(hdev, skb);
2710 break;
2711
903e4541
AE		 2712 case HCI_OP_READ_LOCAL_AMP_ASSOC:
2713 hci_cc_read_local_amp_assoc(hdev, skb);
2714 break;
2715
d5859e22
JH		 2716 case HCI_OP_READ_INQ_RSP_TX_POWER:
2717 hci_cc_read_inq_rsp_tx_power(hdev, skb);
2718 break;
2719
980e1a53
JH		 2720 case HCI_OP_PIN_CODE_REPLY:
2721 hci_cc_pin_code_reply(hdev, skb);
2722 break;
2723
2724 case HCI_OP_PIN_CODE_NEG_REPLY:
2725 hci_cc_pin_code_neg_reply(hdev, skb);
2726 break;
2727
c35938b2 2728 case HCI_OP_READ_LOCAL_OOB_DATA:
4d2d2796
MH		 2729 hci_cc_read_local_oob_data(hdev, skb);
2730 break;
2731
2732 case HCI_OP_READ_LOCAL_OOB_EXT_DATA:
2733 hci_cc_read_local_oob_ext_data(hdev, skb);
c35938b2
SJ		 2734 break;
2735
6ed58ec5
VT		 2736 case HCI_OP_LE_READ_BUFFER_SIZE:
2737 hci_cc_le_read_buffer_size(hdev, skb);
2738 break;
2739
60e77321
JH		 2740 case HCI_OP_LE_READ_LOCAL_FEATURES:
2741 hci_cc_le_read_local_features(hdev, skb);
2742 break;
2743
8fa19098
JH		 2744 case HCI_OP_LE_READ_ADV_TX_POWER:
2745 hci_cc_le_read_adv_tx_power(hdev, skb);
2746 break;
2747
a5c29683
JH		 2748 case HCI_OP_USER_CONFIRM_REPLY:
2749 hci_cc_user_confirm_reply(hdev, skb);
2750 break;
2751
2752 case HCI_OP_USER_CONFIRM_NEG_REPLY:
2753 hci_cc_user_confirm_neg_reply(hdev, skb);
2754 break;
2755
1143d458
BG		 2756 case HCI_OP_USER_PASSKEY_REPLY:
2757 hci_cc_user_passkey_reply(hdev, skb);
2758 break;
2759
2760 case HCI_OP_USER_PASSKEY_NEG_REPLY:
2761 hci_cc_user_passkey_neg_reply(hdev, skb);
16cde993 2762 break;
07f7fa5d 2763
7a4cd51d
MH		 2764 case HCI_OP_LE_SET_RANDOM_ADDR:
2765 hci_cc_le_set_random_addr(hdev, skb);
2766 break;
2767
c1d5dc4a
JH		 2768 case HCI_OP_LE_SET_ADV_ENABLE:
2769 hci_cc_le_set_adv_enable(hdev, skb);
2770 break;
2771
533553f8
MH		 2772 case HCI_OP_LE_SET_SCAN_PARAM:
2773 hci_cc_le_set_scan_param(hdev, skb);
2774 break;
2775
eb9d91f5
AG		 2776 case HCI_OP_LE_SET_SCAN_ENABLE:
2777 hci_cc_le_set_scan_enable(hdev, skb);
2778 break;
2779
cf1d081f
JH		 2780 case HCI_OP_LE_READ_WHITE_LIST_SIZE:
2781 hci_cc_le_read_white_list_size(hdev, skb);
2782 break;
2783
0f36b589
MH		 2784 case HCI_OP_LE_CLEAR_WHITE_LIST:
2785 hci_cc_le_clear_white_list(hdev, skb);
2786 break;
2787
2788 case HCI_OP_LE_ADD_TO_WHITE_LIST:
2789 hci_cc_le_add_to_white_list(hdev, skb);
2790 break;
2791
2792 case HCI_OP_LE_DEL_FROM_WHITE_LIST:
2793 hci_cc_le_del_from_white_list(hdev, skb);
2794 break;
2795
9b008c04
JH		 2796 case HCI_OP_LE_READ_SUPPORTED_STATES:
2797 hci_cc_le_read_supported_states(hdev, skb);
2798 break;
2799
f9b49306
AG		 2800 case HCI_OP_WRITE_LE_HOST_SUPPORTED:
2801 hci_cc_write_le_host_supported(hdev, skb);
2802 break;
2803
56ed2cb8
JH		 2804 case HCI_OP_LE_SET_ADV_PARAM:
2805 hci_cc_set_adv_param(hdev, skb);
2806 break;
2807
93c284ee
AE		 2808 case HCI_OP_WRITE_REMOTE_AMP_ASSOC:
2809 hci_cc_write_remote_amp_assoc(hdev, skb);
2810 break;
2811
5ae76a94
AK		 2812 case HCI_OP_READ_RSSI:
2813 hci_cc_read_rssi(hdev, skb);
2814 break;
2815
5a134fae
AK		 2816 case HCI_OP_READ_TX_POWER:
2817 hci_cc_read_tx_power(hdev, skb);
2818 break;
2819
a9de9248 2820 default:
9f1db00c 2821 BT_DBG("%s opcode 0x%4.4x", hdev->name, opcode);
a9de9248
MH		 2822 break;
2823 }
2824
ad82cdd1 2825 if (opcode != HCI_OP_NOP)
65cc2b49 2826 cancel_delayed_work(&hdev->cmd_timer);
6bd32326 2827
ad82cdd1 2828 hci_req_cmd_complete(hdev, opcode, status);
9238f36a 2829
dbccd791 2830 if (ev->ncmd && !test_bit(HCI_RESET, &hdev->flags)) {
a9de9248
MH		 2831 atomic_set(&hdev->cmd_cnt, 1);
2832 if (!skb_queue_empty(&hdev->cmd_q))
c347b765 2833 queue_work(hdev->workqueue, &hdev->cmd_work);
a9de9248
MH		 2834 }
2835}
2836
6039aa73 2837static void hci_cmd_status_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248
MH		 2838{
2839 struct hci_ev_cmd_status *ev = (void *) skb->data;
2840 __u16 opcode;
2841
2842 skb_pull(skb, sizeof(*ev));
2843
2844 opcode = __le16_to_cpu(ev->opcode);
2845
2846 switch (opcode) {
2847 case HCI_OP_INQUIRY:
2848 hci_cs_inquiry(hdev, ev->status);
2849 break;
2850
2851 case HCI_OP_CREATE_CONN:
2852 hci_cs_create_conn(hdev, ev->status);
2853 break;
2854
2855 case HCI_OP_ADD_SCO:
2856 hci_cs_add_sco(hdev, ev->status);
2857 break;
2858
f8558555
MH		 2859 case HCI_OP_AUTH_REQUESTED:
2860 hci_cs_auth_requested(hdev, ev->status);
2861 break;
2862
2863 case HCI_OP_SET_CONN_ENCRYPT:
2864 hci_cs_set_conn_encrypt(hdev, ev->status);
2865 break;
2866
a9de9248
MH		 2867 case HCI_OP_REMOTE_NAME_REQ:
2868 hci_cs_remote_name_req(hdev, ev->status);
2869 break;
2870
769be974
MH		 2871 case HCI_OP_READ_REMOTE_FEATURES:
2872 hci_cs_read_remote_features(hdev, ev->status);
2873 break;
2874
2875 case HCI_OP_READ_REMOTE_EXT_FEATURES:
2876 hci_cs_read_remote_ext_features(hdev, ev->status);
2877 break;
2878
a9de9248
MH		 2879 case HCI_OP_SETUP_SYNC_CONN:
2880 hci_cs_setup_sync_conn(hdev, ev->status);
2881 break;
2882
2883 case HCI_OP_SNIFF_MODE:
2884 hci_cs_sniff_mode(hdev, ev->status);
2885 break;
2886
2887 case HCI_OP_EXIT_SNIFF_MODE:
2888 hci_cs_exit_sniff_mode(hdev, ev->status);
2889 break;
2890
8962ee74 2891 case HCI_OP_DISCONNECT:
88c3df13 2892 hci_cs_disconnect(hdev, ev->status);
8962ee74
JH		 2893 break;
2894
a02226d6
AE		 2895 case HCI_OP_CREATE_PHY_LINK:
2896 hci_cs_create_phylink(hdev, ev->status);
2897 break;
2898
0b26ab9d
AE		 2899 case HCI_OP_ACCEPT_PHY_LINK:
2900 hci_cs_accept_phylink(hdev, ev->status);
2901 break;
2902
cb1d68f7
JH		 2903 case HCI_OP_LE_CREATE_CONN:
2904 hci_cs_le_create_conn(hdev, ev->status);
2905 break;
2906
81d0c8ad
JH		 2907 case HCI_OP_LE_START_ENC:
2908 hci_cs_le_start_enc(hdev, ev->status);
2909 break;
2910
a9de9248 2911 default:
9f1db00c 2912 BT_DBG("%s opcode 0x%4.4x", hdev->name, opcode);
a9de9248
MH		 2913 break;
2914 }
2915
ad82cdd1 2916 if (opcode != HCI_OP_NOP)
65cc2b49 2917 cancel_delayed_work(&hdev->cmd_timer);
6bd32326 2918
02350a72
JH		 2919 if (ev->status ||
2920 (hdev->sent_cmd && !bt_cb(hdev->sent_cmd)->req.event))
2921 hci_req_cmd_complete(hdev, opcode, ev->status);
9238f36a 2922
10572132 2923 if (ev->ncmd && !test_bit(HCI_RESET, &hdev->flags)) {
a9de9248
MH		 2924 atomic_set(&hdev->cmd_cnt, 1);
2925 if (!skb_queue_empty(&hdev->cmd_q))
c347b765 2926 queue_work(hdev->workqueue, &hdev->cmd_work);
a9de9248
MH		 2927 }
2928}
2929
6039aa73 2930static void hci_role_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248
MH		 2931{
2932 struct hci_ev_role_change *ev = (void *) skb->data;
2933 struct hci_conn *conn;
2934
9f1db00c 2935 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
a9de9248
MH		 2936
2937 hci_dev_lock(hdev);
2938
2939 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2940 if (conn) {
2941 if (!ev->status) {
2942 if (ev->role)
4dae2798 2943 clear_bit(HCI_CONN_MASTER, &conn->flags);
a9de9248 2944 else
4dae2798 2945 set_bit(HCI_CONN_MASTER, &conn->flags);
a9de9248
MH		 2946 }
2947
51a8efd7 2948 clear_bit(HCI_CONN_RSWITCH_PEND, &conn->flags);
a9de9248
MH		 2949
2950 hci_role_switch_cfm(conn, ev->status, ev->role);
2951 }
2952
2953 hci_dev_unlock(hdev);
2954}
2955
6039aa73 2956static void hci_num_comp_pkts_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248
MH		 2957{
2958 struct hci_ev_num_comp_pkts *ev = (void *) skb->data;
a9de9248
MH		 2959 int i;
2960
32ac5b9b
AE		 2961 if (hdev->flow_ctl_mode != HCI_FLOW_CTL_MODE_PACKET_BASED) {
2962 BT_ERR("Wrong event for mode %d", hdev->flow_ctl_mode);
2963 return;
2964 }
2965
c5993de8 2966 if (skb->len < sizeof(*ev) || skb->len < sizeof(*ev) +
807deac2 2967 ev->num_hndl * sizeof(struct hci_comp_pkts_info)) {
a9de9248
MH		 2968 BT_DBG("%s bad parameters", hdev->name);
2969 return;
2970 }
2971
c5993de8
AE		 2972 BT_DBG("%s num_hndl %d", hdev->name, ev->num_hndl);
2973
613a1c0c
AE		 2974 for (i = 0; i < ev->num_hndl; i++) {
2975 struct hci_comp_pkts_info *info = &ev->handles[i];
a9de9248
MH		 2976 struct hci_conn *conn;
2977 __u16 handle, count;
2978
613a1c0c
AE		 2979 handle = __le16_to_cpu(info->handle);
2980 count = __le16_to_cpu(info->count);
a9de9248
MH		 2981
2982 conn = hci_conn_hash_lookup_handle(hdev, handle);
f4280918
AE		 2983 if (!conn)
2984 continue;
2985
2986 conn->sent -= count;
2987
2988 switch (conn->type) {
2989 case ACL_LINK:
2990 hdev->acl_cnt += count;
2991 if (hdev->acl_cnt > hdev->acl_pkts)
2992 hdev->acl_cnt = hdev->acl_pkts;
2993 break;
2994
2995 case LE_LINK:
2996 if (hdev->le_pkts) {
2997 hdev->le_cnt += count;
2998 if (hdev->le_cnt > hdev->le_pkts)
2999 hdev->le_cnt = hdev->le_pkts;
3000 } else {
70f23020
AE		 3001 hdev->acl_cnt += count;
3002 if (hdev->acl_cnt > hdev->acl_pkts)
a9de9248 3003 hdev->acl_cnt = hdev->acl_pkts;
a9de9248 3004 }
f4280918
AE		 3005 break;
3006
3007 case SCO_LINK:
3008 hdev->sco_cnt += count;
3009 if (hdev->sco_cnt > hdev->sco_pkts)
3010 hdev->sco_cnt = hdev->sco_pkts;
3011 break;
3012
3013 default:
3014 BT_ERR("Unknown type %d conn %p", conn->type, conn);
3015 break;
a9de9248
MH		 3016 }
3017 }
3018
3eff45ea 3019 queue_work(hdev->workqueue, &hdev->tx_work);
a9de9248
MH		 3020}
3021
76ef7cf7
AE		 3022static struct hci_conn *__hci_conn_lookup_handle(struct hci_dev *hdev,
3023 __u16 handle)
3024{
3025 struct hci_chan *chan;
3026
3027 switch (hdev->dev_type) {
3028 case HCI_BREDR:
3029 return hci_conn_hash_lookup_handle(hdev, handle);
3030 case HCI_AMP:
3031 chan = hci_chan_lookup_handle(hdev, handle);
3032 if (chan)
3033 return chan->conn;
3034 break;
3035 default:
3036 BT_ERR("%s unknown dev_type %d", hdev->name, hdev->dev_type);
3037 break;
3038 }
3039
3040 return NULL;
3041}
3042
6039aa73 3043static void hci_num_comp_blocks_evt(struct hci_dev *hdev, struct sk_buff *skb)
25e89e99
AE		 3044{
3045 struct hci_ev_num_comp_blocks *ev = (void *) skb->data;
3046 int i;
3047
3048 if (hdev->flow_ctl_mode != HCI_FLOW_CTL_MODE_BLOCK_BASED) {
3049 BT_ERR("Wrong event for mode %d", hdev->flow_ctl_mode);
3050 return;
3051 }
3052
3053 if (skb->len < sizeof(*ev) || skb->len < sizeof(*ev) +
807deac2 3054 ev->num_hndl * sizeof(struct hci_comp_blocks_info)) {
25e89e99
AE		 3055 BT_DBG("%s bad parameters", hdev->name);
3056 return;
3057 }
3058
3059 BT_DBG("%s num_blocks %d num_hndl %d", hdev->name, ev->num_blocks,
807deac2 3060 ev->num_hndl);
25e89e99
AE		 3061
3062 for (i = 0; i < ev->num_hndl; i++) {
3063 struct hci_comp_blocks_info *info = &ev->handles[i];
76ef7cf7 3064 struct hci_conn *conn = NULL;
25e89e99
AE		 3065 __u16 handle, block_count;
3066
3067 handle = __le16_to_cpu(info->handle);
3068 block_count = __le16_to_cpu(info->blocks);
3069
76ef7cf7 3070 conn = __hci_conn_lookup_handle(hdev, handle);
25e89e99
AE		 3071 if (!conn)
3072 continue;
3073
3074 conn->sent -= block_count;
3075
3076 switch (conn->type) {
3077 case ACL_LINK:
bd1eb66b 3078 case AMP_LINK:
25e89e99
AE		 3079 hdev->block_cnt += block_count;
3080 if (hdev->block_cnt > hdev->num_blocks)
3081 hdev->block_cnt = hdev->num_blocks;
3082 break;
3083
3084 default:
3085 BT_ERR("Unknown type %d conn %p", conn->type, conn);
3086 break;
3087 }
3088 }
3089
3090 queue_work(hdev->workqueue, &hdev->tx_work);
3091}
3092
6039aa73 3093static void hci_mode_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
04837f64 3094{
a9de9248 3095 struct hci_ev_mode_change *ev = (void *) skb->data;
04837f64
MH		 3096 struct hci_conn *conn;
3097
9f1db00c 3098 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
04837f64
MH		 3099
3100 hci_dev_lock(hdev);
3101
3102 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
a9de9248
MH		 3103 if (conn) {
3104 conn->mode = ev->mode;
a9de9248 3105
8fc9ced3
GP		 3106 if (!test_and_clear_bit(HCI_CONN_MODE_CHANGE_PEND,
3107 &conn->flags)) {
a9de9248 3108 if (conn->mode == HCI_CM_ACTIVE)
58a681ef 3109 set_bit(HCI_CONN_POWER_SAVE, &conn->flags);
a9de9248 3110 else
58a681ef 3111 clear_bit(HCI_CONN_POWER_SAVE, &conn->flags);
a9de9248 3112 }
e73439d8 3113
51a8efd7 3114 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
e73439d8 3115 hci_sco_setup(conn, ev->status);
04837f64
MH		 3116 }
3117
3118 hci_dev_unlock(hdev);
3119}
3120
6039aa73 3121static void hci_pin_code_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248 3122{
052b30b0
MH		 3123 struct hci_ev_pin_code_req *ev = (void *) skb->data;
3124 struct hci_conn *conn;
3125
a9de9248 3126 BT_DBG("%s", hdev->name);
052b30b0
MH		 3127
3128 hci_dev_lock(hdev);
3129
3130 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
b6f98044
WR		 3131 if (!conn)
3132 goto unlock;
3133
3134 if (conn->state == BT_CONNECTED) {
052b30b0
MH		 3135 hci_conn_hold(conn);
3136 conn->disc_timeout = HCI_PAIRING_TIMEOUT;
76a68ba0 3137 hci_conn_drop(conn);
052b30b0
MH		 3138 }
3139
a8b2d5c2 3140 if (!test_bit(HCI_PAIRABLE, &hdev->dev_flags))
03b555e1 3141 hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
807deac2 3142 sizeof(ev->bdaddr), &ev->bdaddr);
a8b2d5c2 3143 else if (test_bit(HCI_MGMT, &hdev->dev_flags)) {
a770bb5a
WR		 3144 u8 secure;
3145
3146 if (conn->pending_sec_level == BT_SECURITY_HIGH)
3147 secure = 1;
3148 else
3149 secure = 0;
3150
744cf19e 3151 mgmt_pin_code_request(hdev, &ev->bdaddr, secure);
a770bb5a 3152 }
980e1a53 3153
b6f98044 3154unlock:
052b30b0 3155 hci_dev_unlock(hdev);
a9de9248
MH		 3156}
3157
6039aa73 3158static void hci_link_key_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248 3159{
55ed8ca1
JH		 3160 struct hci_ev_link_key_req *ev = (void *) skb->data;
3161 struct hci_cp_link_key_reply cp;
3162 struct hci_conn *conn;
3163 struct link_key *key;
3164
a9de9248 3165 BT_DBG("%s", hdev->name);
55ed8ca1 3166
034cbea0 3167 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
55ed8ca1
JH		 3168 return;
3169
3170 hci_dev_lock(hdev);
3171
3172 key = hci_find_link_key(hdev, &ev->bdaddr);
3173 if (!key) {
6ed93dc6
AE		 3174 BT_DBG("%s link key not found for %pMR", hdev->name,
3175 &ev->bdaddr);
55ed8ca1
JH		 3176 goto not_found;
3177 }
3178
6ed93dc6
AE		 3179 BT_DBG("%s found key type %u for %pMR", hdev->name, key->type,
3180 &ev->bdaddr);
55ed8ca1 3181
55ed8ca1 3182 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
60b83f57 3183 if (conn) {
66138ce8
MH		 3184 if ((key->type == HCI_LK_UNAUTH_COMBINATION_P192 ||
3185 key->type == HCI_LK_UNAUTH_COMBINATION_P256) &&
807deac2 3186 conn->auth_type != 0xff && (conn->auth_type & 0x01)) {
60b83f57
WR		 3187 BT_DBG("%s ignoring unauthenticated key", hdev->name);
3188 goto not_found;
3189 }
55ed8ca1 3190
60b83f57 3191 if (key->type == HCI_LK_COMBINATION && key->pin_len < 16 &&
f3fb0b58
JH		 3192 (conn->pending_sec_level == BT_SECURITY_HIGH ||
3193 conn->pending_sec_level == BT_SECURITY_FIPS)) {
8fc9ced3
GP		 3194 BT_DBG("%s ignoring key unauthenticated for high security",
3195 hdev->name);
60b83f57
WR		 3196 goto not_found;
3197 }
3198
3199 conn->key_type = key->type;
3200 conn->pin_length = key->pin_len;
55ed8ca1
JH		 3201 }
3202
3203 bacpy(&cp.bdaddr, &ev->bdaddr);
9b3b4460 3204 memcpy(cp.link_key, key->val, HCI_LINK_KEY_SIZE);
55ed8ca1
JH		 3205
3206 hci_send_cmd(hdev, HCI_OP_LINK_KEY_REPLY, sizeof(cp), &cp);
3207
3208 hci_dev_unlock(hdev);
3209
3210 return;
3211
3212not_found:
3213 hci_send_cmd(hdev, HCI_OP_LINK_KEY_NEG_REPLY, 6, &ev->bdaddr);
3214 hci_dev_unlock(hdev);
a9de9248
MH		 3215}
3216
6039aa73 3217static void hci_link_key_notify_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248 3218{
052b30b0
MH		 3219 struct hci_ev_link_key_notify *ev = (void *) skb->data;
3220 struct hci_conn *conn;
7652ff6a
JH		 3221 struct link_key *key;
3222 bool persistent;
55ed8ca1 3223 u8 pin_len = 0;
052b30b0 3224
a9de9248 3225 BT_DBG("%s", hdev->name);
052b30b0
MH		 3226
3227 hci_dev_lock(hdev);
3228
3229 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3230 if (conn) {
3231 hci_conn_hold(conn);
3232 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
980e1a53 3233 pin_len = conn->pin_length;
13d39315
WR		 3234
3235 if (ev->key_type != HCI_LK_CHANGED_COMBINATION)
3236 conn->key_type = ev->key_type;
3237
76a68ba0 3238 hci_conn_drop(conn);
052b30b0
MH		 3239 }
3240
7652ff6a
JH		 3241 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
3242 goto unlock;
3243
3244 key = hci_add_link_key(hdev, conn, &ev->bdaddr, ev->link_key,
3245 ev->key_type, pin_len, &persistent);
3246 if (!key)
3247 goto unlock;
3248
3249 mgmt_new_link_key(hdev, key, persistent);
55ed8ca1 3250
6d5650c4
JH		 3251 /* Keep debug keys around only if the HCI_KEEP_DEBUG_KEYS flag
3252 * is set. If it's not set simply remove the key from the kernel
3253 * list (we've still notified user space about it but with
3254 * store_hint being 0).
3255 */
3256 if (key->type == HCI_LK_DEBUG_COMBINATION &&
3257 !test_bit(HCI_KEEP_DEBUG_KEYS, &hdev->dev_flags)) {
3258 list_del(&key->list);
3259 kfree(key);
3260 } else if (conn) {
af6a9c32
JH		 3261 if (persistent)
3262 clear_bit(HCI_CONN_FLUSH_KEY, &conn->flags);
3263 else
3264 set_bit(HCI_CONN_FLUSH_KEY, &conn->flags);
6d5650c4 3265 }
7652ff6a
JH		 3266
3267unlock:
052b30b0 3268 hci_dev_unlock(hdev);
a9de9248
MH		 3269}
3270
6039aa73 3271static void hci_clock_offset_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 3272{
a9de9248 3273 struct hci_ev_clock_offset *ev = (void *) skb->data;
04837f64 3274 struct hci_conn *conn;
1da177e4 3275
9f1db00c 3276 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
1da177e4
LT		 3277
3278 hci_dev_lock(hdev);
3279
04837f64 3280 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1da177e4
LT		 3281 if (conn && !ev->status) {
3282 struct inquiry_entry *ie;
3283
cc11b9c1
AE		 3284 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
3285 if (ie) {
1da177e4
LT		 3286 ie->data.clock_offset = ev->clock_offset;
3287 ie->timestamp = jiffies;
3288 }
3289 }
3290
3291 hci_dev_unlock(hdev);
3292}
3293
6039aa73 3294static void hci_pkt_type_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
a8746417
MH		 3295{
3296 struct hci_ev_pkt_type_change *ev = (void *) skb->data;
3297 struct hci_conn *conn;
3298
9f1db00c 3299 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
a8746417
MH		 3300
3301 hci_dev_lock(hdev);
3302
3303 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
3304 if (conn && !ev->status)
3305 conn->pkt_type = __le16_to_cpu(ev->pkt_type);
3306
3307 hci_dev_unlock(hdev);
3308}
3309
6039aa73 3310static void hci_pscan_rep_mode_evt(struct hci_dev *hdev, struct sk_buff *skb)
85a1e930 3311{
a9de9248 3312 struct hci_ev_pscan_rep_mode *ev = (void *) skb->data;
85a1e930
MH		 3313 struct inquiry_entry *ie;
3314
3315 BT_DBG("%s", hdev->name);
3316
3317 hci_dev_lock(hdev);
3318
cc11b9c1
AE		 3319 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
3320 if (ie) {
85a1e930
MH		 3321 ie->data.pscan_rep_mode = ev->pscan_rep_mode;
3322 ie->timestamp = jiffies;
3323 }
3324
3325 hci_dev_unlock(hdev);
3326}
3327
6039aa73
GP		 3328static void hci_inquiry_result_with_rssi_evt(struct hci_dev *hdev,
3329 struct sk_buff *skb)
a9de9248
MH		 3330{
3331 struct inquiry_data data;
3332 int num_rsp = *((__u8 *) skb->data);
3333
3334 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
3335
3336 if (!num_rsp)
3337 return;
3338
1519cc17
AG		 3339 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags))
3340 return;
3341
a9de9248
MH		 3342 hci_dev_lock(hdev);
3343
3344 if ((skb->len - 1) / num_rsp != sizeof(struct inquiry_info_with_rssi)) {
138d22ef
SJ		 3345 struct inquiry_info_with_rssi_and_pscan_mode *info;
3346 info = (void *) (skb->data + 1);
a9de9248 3347
e17acd40 3348 for (; num_rsp; num_rsp--, info++) {
af58925c
MH		 3349 u32 flags;
3350
a9de9248
MH		 3351 bacpy(&data.bdaddr, &info->bdaddr);
3352 data.pscan_rep_mode = info->pscan_rep_mode;
3353 data.pscan_period_mode = info->pscan_period_mode;
3354 data.pscan_mode = info->pscan_mode;
3355 memcpy(data.dev_class, info->dev_class, 3);
3356 data.clock_offset = info->clock_offset;
3357 data.rssi = info->rssi;
41a96212 3358 data.ssp_mode = 0x00;
3175405b 3359
af58925c
MH		 3360 flags = hci_inquiry_cache_update(hdev, &data, false);
3361
48264f06 3362 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
04124681 3363 info->dev_class, info->rssi,
af58925c 3364 flags, NULL, 0, NULL, 0);
a9de9248
MH		 3365 }
3366 } else {
3367 struct inquiry_info_with_rssi *info = (void *) (skb->data + 1);
3368
e17acd40 3369 for (; num_rsp; num_rsp--, info++) {
af58925c
MH		 3370 u32 flags;
3371
a9de9248
MH		 3372 bacpy(&data.bdaddr, &info->bdaddr);
3373 data.pscan_rep_mode = info->pscan_rep_mode;
3374 data.pscan_period_mode = info->pscan_period_mode;
3375 data.pscan_mode = 0x00;
3376 memcpy(data.dev_class, info->dev_class, 3);
3377 data.clock_offset = info->clock_offset;
3378 data.rssi = info->rssi;
41a96212 3379 data.ssp_mode = 0x00;
af58925c
MH		 3380
3381 flags = hci_inquiry_cache_update(hdev, &data, false);
3382
48264f06 3383 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
04124681 3384 info->dev_class, info->rssi,
af58925c 3385 flags, NULL, 0, NULL, 0);
a9de9248
MH		 3386 }
3387 }
3388
3389 hci_dev_unlock(hdev);
3390}
3391
6039aa73
GP		 3392static void hci_remote_ext_features_evt(struct hci_dev *hdev,
3393 struct sk_buff *skb)
a9de9248 3394{
41a96212
MH		 3395 struct hci_ev_remote_ext_features *ev = (void *) skb->data;
3396 struct hci_conn *conn;
3397
a9de9248 3398 BT_DBG("%s", hdev->name);
41a96212 3399
41a96212
MH		 3400 hci_dev_lock(hdev);
3401
3402 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
ccd556fe
JH		 3403 if (!conn)
3404 goto unlock;
41a96212 3405
cad718ed
JH		 3406 if (ev->page < HCI_MAX_PAGES)
3407 memcpy(conn->features[ev->page], ev->features, 8);
3408
ccd556fe
JH		 3409 if (!ev->status && ev->page == 0x01) {
3410 struct inquiry_entry *ie;
41a96212 3411
cc11b9c1
AE		 3412 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
3413 if (ie)
02b7cc62 3414 ie->data.ssp_mode = (ev->features[0] & LMP_HOST_SSP);
769be974 3415
bbb0eada 3416 if (ev->features[0] & LMP_HOST_SSP) {
58a681ef 3417 set_bit(HCI_CONN_SSP_ENABLED, &conn->flags);
bbb0eada
JK		 3418 } else {
3419 /* It is mandatory by the Bluetooth specification that
3420 * Extended Inquiry Results are only used when Secure
3421 * Simple Pairing is enabled, but some devices violate
3422 * this.
3423 *
3424 * To make these devices work, the internal SSP
3425 * enabled flag needs to be cleared if the remote host
3426 * features do not indicate SSP support */
3427 clear_bit(HCI_CONN_SSP_ENABLED, &conn->flags);
3428 }
eb9a8f3f
MH		 3429
3430 if (ev->features[0] & LMP_HOST_SC)
3431 set_bit(HCI_CONN_SC_ENABLED, &conn->flags);
ccd556fe
JH		 3432 }
3433
3434 if (conn->state != BT_CONFIG)
3435 goto unlock;
3436
671267bf 3437 if (!ev->status && !test_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags)) {
127178d2
JH		 3438 struct hci_cp_remote_name_req cp;
3439 memset(&cp, 0, sizeof(cp));
3440 bacpy(&cp.bdaddr, &conn->dst);
3441 cp.pscan_rep_mode = 0x02;
3442 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
b644ba33
JH		 3443 } else if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
3444 mgmt_device_connected(hdev, &conn->dst, conn->type,
04124681
GP		 3445 conn->dst_type, 0, NULL, 0,
3446 conn->dev_class);
392599b9 3447
127178d2 3448 if (!hci_outgoing_auth_needed(hdev, conn)) {
ccd556fe
JH		 3449 conn->state = BT_CONNECTED;
3450 hci_proto_connect_cfm(conn, ev->status);
76a68ba0 3451 hci_conn_drop(conn);
41a96212
MH		 3452 }
3453
ccd556fe 3454unlock:
41a96212 3455 hci_dev_unlock(hdev);
a9de9248
MH		 3456}
3457
6039aa73
GP		 3458static void hci_sync_conn_complete_evt(struct hci_dev *hdev,
3459 struct sk_buff *skb)
a9de9248 3460{
b6a0dc82
MH		 3461 struct hci_ev_sync_conn_complete *ev = (void *) skb->data;
3462 struct hci_conn *conn;
3463
9f1db00c 3464 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
b6a0dc82
MH		 3465
3466 hci_dev_lock(hdev);
3467
3468 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
9dc0a3af
MH		 3469 if (!conn) {
3470 if (ev->link_type == ESCO_LINK)
3471 goto unlock;
3472
3473 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
3474 if (!conn)
3475 goto unlock;
3476
3477 conn->type = SCO_LINK;
3478 }
b6a0dc82 3479
732547f9
MH		 3480 switch (ev->status) {
3481 case 0x00:
b6a0dc82
MH		 3482 conn->handle = __le16_to_cpu(ev->handle);
3483 conn->state = BT_CONNECTED;
7d0db0a3
MH		 3484
3485 hci_conn_add_sysfs(conn);
732547f9
MH		 3486 break;
3487
81218d20 3488 case 0x10: /* Connection Accept Timeout */
1a4c958c 3489 case 0x0d: /* Connection Rejected due to Limited Resources */
705e5711 3490 case 0x11: /* Unsupported Feature or Parameter Value */
732547f9 3491 case 0x1c: /* SCO interval rejected */
1038a00b 3492 case 0x1a: /* Unsupported Remote Feature */
732547f9 3493 case 0x1f: /* Unspecified error */
27539bc4 3494 case 0x20: /* Unsupported LMP Parameter value */
2dea632f 3495 if (conn->out) {
732547f9
MH		 3496 conn->pkt_type = (hdev->esco_type & SCO_ESCO_MASK) |
3497 (hdev->esco_type & EDR_ESCO_MASK);
2dea632f
FD		 3498 if (hci_setup_sync(conn, conn->link->handle))
3499 goto unlock;
732547f9
MH		 3500 }
3501 /* fall through */
3502
3503 default:
b6a0dc82 3504 conn->state = BT_CLOSED;
732547f9
MH		 3505 break;
3506 }
b6a0dc82
MH		 3507
3508 hci_proto_connect_cfm(conn, ev->status);
3509 if (ev->status)
3510 hci_conn_del(conn);
3511
3512unlock:
3513 hci_dev_unlock(hdev);
a9de9248
MH		 3514}
3515
efdcf8e3
MH		 3516static inline size_t eir_get_length(u8 *eir, size_t eir_len)
3517{
3518 size_t parsed = 0;
3519
3520 while (parsed < eir_len) {
3521 u8 field_len = eir[0];
3522
3523 if (field_len == 0)
3524 return parsed;
3525
3526 parsed += field_len + 1;
3527 eir += field_len + 1;
3528 }
3529
3530 return eir_len;
3531}
3532
6039aa73
GP		 3533static void hci_extended_inquiry_result_evt(struct hci_dev *hdev,
3534 struct sk_buff *skb)
1da177e4 3535{
a9de9248
MH		 3536 struct inquiry_data data;
3537 struct extended_inquiry_info *info = (void *) (skb->data + 1);
3538 int num_rsp = *((__u8 *) skb->data);
9d939d94 3539 size_t eir_len;
1da177e4 3540
a9de9248 3541 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
1da177e4 3542
a9de9248
MH		 3543 if (!num_rsp)
3544 return;
1da177e4 3545
1519cc17
AG		 3546 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags))
3547 return;
3548
a9de9248
MH		 3549 hci_dev_lock(hdev);
3550
e17acd40 3551 for (; num_rsp; num_rsp--, info++) {
af58925c
MH		 3552 u32 flags;
3553 bool name_known;
561aafbc 3554
a9de9248 3555 bacpy(&data.bdaddr, &info->bdaddr);
138d22ef
SJ		 3556 data.pscan_rep_mode = info->pscan_rep_mode;
3557 data.pscan_period_mode = info->pscan_period_mode;
3558 data.pscan_mode = 0x00;
a9de9248 3559 memcpy(data.dev_class, info->dev_class, 3);
138d22ef
SJ		 3560 data.clock_offset = info->clock_offset;
3561 data.rssi = info->rssi;
41a96212 3562 data.ssp_mode = 0x01;
561aafbc 3563
a8b2d5c2 3564 if (test_bit(HCI_MGMT, &hdev->dev_flags))
4ddb1930 3565 name_known = eir_has_data_type(info->data,
04124681
GP		 3566 sizeof(info->data),
3567 EIR_NAME_COMPLETE);
561aafbc
JH		 3568 else
3569 name_known = true;
3570
af58925c
MH		 3571 flags = hci_inquiry_cache_update(hdev, &data, name_known);
3572
9d939d94 3573 eir_len = eir_get_length(info->data, sizeof(info->data));
af58925c 3574
48264f06 3575 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
af58925c
MH		 3576 info->dev_class, info->rssi,
3577 flags, info->data, eir_len, NULL, 0);
a9de9248
MH		 3578 }
3579
3580 hci_dev_unlock(hdev);
3581}
1da177e4 3582
1c2e0041
JH		 3583static void hci_key_refresh_complete_evt(struct hci_dev *hdev,
3584 struct sk_buff *skb)
3585{
3586 struct hci_ev_key_refresh_complete *ev = (void *) skb->data;
3587 struct hci_conn *conn;
3588
9f1db00c 3589 BT_DBG("%s status 0x%2.2x handle 0x%4.4x", hdev->name, ev->status,
1c2e0041
JH		 3590 __le16_to_cpu(ev->handle));
3591
3592 hci_dev_lock(hdev);
3593
3594 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
3595 if (!conn)
3596 goto unlock;
3597
9eb1fbfa
JH		 3598 /* For BR/EDR the necessary steps are taken through the
3599 * auth_complete event.
3600 */
3601 if (conn->type != LE_LINK)
3602 goto unlock;
3603
1c2e0041
JH		 3604 if (!ev->status)
3605 conn->sec_level = conn->pending_sec_level;
3606
3607 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
3608
3609 if (ev->status && conn->state == BT_CONNECTED) {
bed71748 3610 hci_disconnect(conn, HCI_ERROR_AUTH_FAILURE);
76a68ba0 3611 hci_conn_drop(conn);
1c2e0041
JH		 3612 goto unlock;
3613 }
3614
3615 if (conn->state == BT_CONFIG) {
3616 if (!ev->status)
3617 conn->state = BT_CONNECTED;
3618
3619 hci_proto_connect_cfm(conn, ev->status);
76a68ba0 3620 hci_conn_drop(conn);
1c2e0041
JH		 3621 } else {
3622 hci_auth_cfm(conn, ev->status);
3623
3624 hci_conn_hold(conn);
3625 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
76a68ba0 3626 hci_conn_drop(conn);
1c2e0041
JH		 3627 }
3628
3629unlock:
3630 hci_dev_unlock(hdev);
3631}
3632
6039aa73 3633static u8 hci_get_auth_req(struct hci_conn *conn)
17fa4b9d 3634{
17fa4b9d 3635 /* If remote requests no-bonding follow that lead */
acabae96
MA		 3636 if (conn->remote_auth == HCI_AT_NO_BONDING ||
3637 conn->remote_auth == HCI_AT_NO_BONDING_MITM)
58797bf7 3638 return conn->remote_auth | (conn->auth_type & 0x01);
17fa4b9d 3639
b7f94c88
MA		 3640 /* If both remote and local have enough IO capabilities, require
3641 * MITM protection
3642 */
3643 if (conn->remote_cap != HCI_IO_NO_INPUT_OUTPUT &&
3644 conn->io_capability != HCI_IO_NO_INPUT_OUTPUT)
3645 return conn->remote_auth | 0x01;
3646
7e74170a
TM		 3647 /* No MITM protection possible so ignore remote requirement */
3648 return (conn->remote_auth & ~0x01) | (conn->auth_type & 0x01);
17fa4b9d
JH		 3649}
3650
6039aa73 3651static void hci_io_capa_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
0493684e
MH		 3652{
3653 struct hci_ev_io_capa_request *ev = (void *) skb->data;
3654 struct hci_conn *conn;
3655
3656 BT_DBG("%s", hdev->name);
3657
3658 hci_dev_lock(hdev);
3659
3660 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
03b555e1
JH		 3661 if (!conn)
3662 goto unlock;
3663
3664 hci_conn_hold(conn);
3665
a8b2d5c2 3666 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
03b555e1
JH		 3667 goto unlock;
3668
a8b2d5c2 3669 if (test_bit(HCI_PAIRABLE, &hdev->dev_flags) ||
807deac2 3670 (conn->remote_auth & ~0x01) == HCI_AT_NO_BONDING) {
17fa4b9d
JH		 3671 struct hci_cp_io_capability_reply cp;
3672
3673 bacpy(&cp.bdaddr, &ev->bdaddr);
7a7f1e7c
HG		 3674 /* Change the IO capability from KeyboardDisplay
3675 * to DisplayYesNo as it is not supported by BT spec. */
3676 cp.capability = (conn->io_capability == 0x04) ?
a767631a 3677 HCI_IO_DISPLAY_YESNO : conn->io_capability;
b7f94c88
MA		 3678
3679 /* If we are initiators, there is no remote information yet */
3680 if (conn->remote_auth == 0xff) {
3681 cp.authentication = conn->auth_type;
6fd6b915 3682
b16c6604 3683 /* Request MITM protection if our IO caps allow it
4ad51a75
JH		 3684 * except for the no-bonding case.
3685 * conn->auth_type is not updated here since
3686 * that might cause the user confirmation to be
3687 * rejected in case the remote doesn't have the
3688 * IO capabilities for MITM.
b16c6604 3689 */
6fd6b915 3690 if (conn->io_capability != HCI_IO_NO_INPUT_OUTPUT &&
b16c6604 3691 cp.authentication != HCI_AT_NO_BONDING)
6fd6b915 3692 cp.authentication |= 0x01;
b7f94c88
MA		 3693 } else {
3694 conn->auth_type = hci_get_auth_req(conn);
3695 cp.authentication = conn->auth_type;
3696 }
17fa4b9d 3697
8fc9ced3
GP		 3698 if (hci_find_remote_oob_data(hdev, &conn->dst) &&
3699 (conn->out || test_bit(HCI_CONN_REMOTE_OOB, &conn->flags)))
ce85ee13
SJ		 3700 cp.oob_data = 0x01;
3701 else
3702 cp.oob_data = 0x00;
3703
17fa4b9d 3704 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_REPLY,
807deac2 3705 sizeof(cp), &cp);
03b555e1
JH		 3706 } else {
3707 struct hci_cp_io_capability_neg_reply cp;
3708
3709 bacpy(&cp.bdaddr, &ev->bdaddr);
9f5a0d7b 3710 cp.reason = HCI_ERROR_PAIRING_NOT_ALLOWED;
0493684e 3711
03b555e1 3712 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_NEG_REPLY,
807deac2 3713 sizeof(cp), &cp);
03b555e1
JH		 3714 }
3715
3716unlock:
3717 hci_dev_unlock(hdev);
3718}
3719
6039aa73 3720static void hci_io_capa_reply_evt(struct hci_dev *hdev, struct sk_buff *skb)
03b555e1
JH		 3721{
3722 struct hci_ev_io_capa_reply *ev = (void *) skb->data;
3723 struct hci_conn *conn;
3724
3725 BT_DBG("%s", hdev->name);
3726
3727 hci_dev_lock(hdev);
3728
3729 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3730 if (!conn)
3731 goto unlock;
3732
03b555e1 3733 conn->remote_cap = ev->capability;
03b555e1 3734 conn->remote_auth = ev->authentication;
58a681ef
JH		 3735 if (ev->oob_data)
3736 set_bit(HCI_CONN_REMOTE_OOB, &conn->flags);
03b555e1
JH		 3737
3738unlock:
0493684e
MH		 3739 hci_dev_unlock(hdev);
3740}
3741
6039aa73
GP		 3742static void hci_user_confirm_request_evt(struct hci_dev *hdev,
3743 struct sk_buff *skb)
a5c29683
JH		 3744{
3745 struct hci_ev_user_confirm_req *ev = (void *) skb->data;
55bc1a37 3746 int loc_mitm, rem_mitm, confirm_hint = 0;
7a828908 3747 struct hci_conn *conn;
a5c29683
JH		 3748
3749 BT_DBG("%s", hdev->name);
3750
3751 hci_dev_lock(hdev);
3752
a8b2d5c2 3753 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
7a828908 3754 goto unlock;
a5c29683 3755
7a828908
JH		 3756 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3757 if (!conn)
3758 goto unlock;
3759
3760 loc_mitm = (conn->auth_type & 0x01);
3761 rem_mitm = (conn->remote_auth & 0x01);
3762
3763 /* If we require MITM but the remote device can't provide that
6fd6b915
MA		 3764 * (it has NoInputNoOutput) then reject the confirmation request
3765 */
3766 if (loc_mitm && conn->remote_cap == HCI_IO_NO_INPUT_OUTPUT) {
7a828908
JH		 3767 BT_DBG("Rejecting request: remote device can't provide MITM");
3768 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_NEG_REPLY,
807deac2 3769 sizeof(ev->bdaddr), &ev->bdaddr);
7a828908
JH		 3770 goto unlock;
3771 }
3772
3773 /* If no side requires MITM protection; auto-accept */
a767631a
MA		 3774 if ((!loc_mitm || conn->remote_cap == HCI_IO_NO_INPUT_OUTPUT) &&
3775 (!rem_mitm || conn->io_capability == HCI_IO_NO_INPUT_OUTPUT)) {
55bc1a37
JH		 3776
3777 /* If we're not the initiators request authorization to
3778 * proceed from user space (mgmt_user_confirm with
ba15a58b
JH		 3779 * confirm_hint set to 1). The exception is if neither
3780 * side had MITM in which case we do auto-accept.
3781 */
3782 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->flags) &&
3783 (loc_mitm || rem_mitm)) {
55bc1a37
JH		 3784 BT_DBG("Confirming auto-accept as acceptor");
3785 confirm_hint = 1;
3786 goto confirm;
3787 }
3788
9f61656a 3789 BT_DBG("Auto-accept of user confirmation with %ums delay",
807deac2 3790 hdev->auto_accept_delay);
9f61656a
JH		 3791
3792 if (hdev->auto_accept_delay > 0) {
3793 int delay = msecs_to_jiffies(hdev->auto_accept_delay);
7bc18d9d
JH		 3794 queue_delayed_work(conn->hdev->workqueue,
3795 &conn->auto_accept_work, delay);
9f61656a
JH		 3796 goto unlock;
3797 }
3798
7a828908 3799 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_REPLY,
807deac2 3800 sizeof(ev->bdaddr), &ev->bdaddr);
7a828908
JH		 3801 goto unlock;
3802 }
3803
55bc1a37 3804confirm:
39adbffe
JH		 3805 mgmt_user_confirm_request(hdev, &ev->bdaddr, ACL_LINK, 0,
3806 le32_to_cpu(ev->passkey), confirm_hint);
7a828908
JH		 3807
3808unlock:
a5c29683
JH		 3809 hci_dev_unlock(hdev);
3810}
3811
6039aa73
GP		 3812static void hci_user_passkey_request_evt(struct hci_dev *hdev,
3813 struct sk_buff *skb)
1143d458
BG		 3814{
3815 struct hci_ev_user_passkey_req *ev = (void *) skb->data;
3816
3817 BT_DBG("%s", hdev->name);
3818
a8b2d5c2 3819 if (test_bit(HCI_MGMT, &hdev->dev_flags))
272d90df 3820 mgmt_user_passkey_request(hdev, &ev->bdaddr, ACL_LINK, 0);
1143d458
BG		 3821}
3822
92a25256
JH		 3823static void hci_user_passkey_notify_evt(struct hci_dev *hdev,
3824 struct sk_buff *skb)
3825{
3826 struct hci_ev_user_passkey_notify *ev = (void *) skb->data;
3827 struct hci_conn *conn;
3828
3829 BT_DBG("%s", hdev->name);
3830
3831 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3832 if (!conn)
3833 return;
3834
3835 conn->passkey_notify = __le32_to_cpu(ev->passkey);
3836 conn->passkey_entered = 0;
3837
3838 if (test_bit(HCI_MGMT, &hdev->dev_flags))
3839 mgmt_user_passkey_notify(hdev, &conn->dst, conn->type,
3840 conn->dst_type, conn->passkey_notify,
3841 conn->passkey_entered);
3842}
3843
3844static void hci_keypress_notify_evt(struct hci_dev *hdev, struct sk_buff *skb)
3845{
3846 struct hci_ev_keypress_notify *ev = (void *) skb->data;
3847 struct hci_conn *conn;
3848
3849 BT_DBG("%s", hdev->name);
3850
3851 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3852 if (!conn)
3853 return;
3854
3855 switch (ev->type) {
3856 case HCI_KEYPRESS_STARTED:
3857 conn->passkey_entered = 0;
3858 return;
3859
3860 case HCI_KEYPRESS_ENTERED:
3861 conn->passkey_entered++;
3862 break;
3863
3864 case HCI_KEYPRESS_ERASED:
3865 conn->passkey_entered--;
3866 break;
3867
3868 case HCI_KEYPRESS_CLEARED:
3869 conn->passkey_entered = 0;
3870 break;
3871
3872 case HCI_KEYPRESS_COMPLETED:
3873 return;
3874 }
3875
3876 if (test_bit(HCI_MGMT, &hdev->dev_flags))
3877 mgmt_user_passkey_notify(hdev, &conn->dst, conn->type,
3878 conn->dst_type, conn->passkey_notify,
3879 conn->passkey_entered);
3880}
3881
6039aa73
GP		 3882static void hci_simple_pair_complete_evt(struct hci_dev *hdev,
3883 struct sk_buff *skb)
0493684e
MH		 3884{
3885 struct hci_ev_simple_pair_complete *ev = (void *) skb->data;
3886 struct hci_conn *conn;
3887
3888 BT_DBG("%s", hdev->name);
3889
3890 hci_dev_lock(hdev);
3891
3892 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2a611692
JH		 3893 if (!conn)
3894 goto unlock;
3895
3896 /* To avoid duplicate auth_failed events to user space we check
3897 * the HCI_CONN_AUTH_PEND flag which will be set if we
3898 * initiated the authentication. A traditional auth_complete
3899 * event gets always produced as initiator and is also mapped to
3900 * the mgmt_auth_failed event */
fa1bd918 3901 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->flags) && ev->status)
bab73cb6 3902 mgmt_auth_failed(hdev, &conn->dst, conn->type, conn->dst_type,
04124681 3903 ev->status);
0493684e 3904
76a68ba0 3905 hci_conn_drop(conn);
2a611692
JH		 3906
3907unlock:
0493684e
MH		 3908 hci_dev_unlock(hdev);
3909}
3910
6039aa73
GP		 3911static void hci_remote_host_features_evt(struct hci_dev *hdev,
3912 struct sk_buff *skb)
41a96212
MH		 3913{
3914 struct hci_ev_remote_host_features *ev = (void *) skb->data;
3915 struct inquiry_entry *ie;
cad718ed 3916 struct hci_conn *conn;
41a96212
MH		 3917
3918 BT_DBG("%s", hdev->name);
3919
3920 hci_dev_lock(hdev);
3921
cad718ed
JH		 3922 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3923 if (conn)
3924 memcpy(conn->features[1], ev->features, 8);
3925
cc11b9c1
AE		 3926 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
3927 if (ie)
02b7cc62 3928 ie->data.ssp_mode = (ev->features[0] & LMP_HOST_SSP);
41a96212
MH		 3929
3930 hci_dev_unlock(hdev);
3931}
3932
6039aa73
GP		 3933static void hci_remote_oob_data_request_evt(struct hci_dev *hdev,
3934 struct sk_buff *skb)
2763eda6
SJ		 3935{
3936 struct hci_ev_remote_oob_data_request *ev = (void *) skb->data;
3937 struct oob_data *data;
3938
3939 BT_DBG("%s", hdev->name);
3940
3941 hci_dev_lock(hdev);
3942
a8b2d5c2 3943 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
e1ba1f15
SJ		 3944 goto unlock;
3945
2763eda6
SJ		 3946 data = hci_find_remote_oob_data(hdev, &ev->bdaddr);
3947 if (data) {
519ca9d0
MH		 3948 if (test_bit(HCI_SC_ENABLED, &hdev->dev_flags)) {
3949 struct hci_cp_remote_oob_ext_data_reply cp;
2763eda6 3950
519ca9d0
MH		 3951 bacpy(&cp.bdaddr, &ev->bdaddr);
3952 memcpy(cp.hash192, data->hash192, sizeof(cp.hash192));
3953 memcpy(cp.randomizer192, data->randomizer192,
3954 sizeof(cp.randomizer192));
3955 memcpy(cp.hash256, data->hash256, sizeof(cp.hash256));
3956 memcpy(cp.randomizer256, data->randomizer256,
3957 sizeof(cp.randomizer256));
3958
3959 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_EXT_DATA_REPLY,
3960 sizeof(cp), &cp);
3961 } else {
3962 struct hci_cp_remote_oob_data_reply cp;
2763eda6 3963
519ca9d0
MH		 3964 bacpy(&cp.bdaddr, &ev->bdaddr);
3965 memcpy(cp.hash, data->hash192, sizeof(cp.hash));
3966 memcpy(cp.randomizer, data->randomizer192,
3967 sizeof(cp.randomizer));
3968
3969 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_REPLY,
3970 sizeof(cp), &cp);
3971 }
2763eda6
SJ		 3972 } else {
3973 struct hci_cp_remote_oob_data_neg_reply cp;
3974
3975 bacpy(&cp.bdaddr, &ev->bdaddr);
519ca9d0
MH		 3976 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_NEG_REPLY,
3977 sizeof(cp), &cp);
2763eda6
SJ		 3978 }
3979
e1ba1f15 3980unlock:
2763eda6
SJ		 3981 hci_dev_unlock(hdev);
3982}
3983
d5e91192
AE		 3984static void hci_phy_link_complete_evt(struct hci_dev *hdev,
3985 struct sk_buff *skb)
3986{
3987 struct hci_ev_phy_link_complete *ev = (void *) skb->data;
3988 struct hci_conn *hcon, *bredr_hcon;
3989
3990 BT_DBG("%s handle 0x%2.2x status 0x%2.2x", hdev->name, ev->phy_handle,
3991 ev->status);
3992
3993 hci_dev_lock(hdev);
3994
3995 hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
3996 if (!hcon) {
3997 hci_dev_unlock(hdev);
3998 return;
3999 }
4000
4001 if (ev->status) {
4002 hci_conn_del(hcon);
4003 hci_dev_unlock(hdev);
4004 return;
4005 }
4006
4007 bredr_hcon = hcon->amp_mgr->l2cap_conn->hcon;
4008
4009 hcon->state = BT_CONNECTED;
4010 bacpy(&hcon->dst, &bredr_hcon->dst);
4011
4012 hci_conn_hold(hcon);
4013 hcon->disc_timeout = HCI_DISCONN_TIMEOUT;
76a68ba0 4014 hci_conn_drop(hcon);
d5e91192 4015
d5e91192
AE		 4016 hci_conn_add_sysfs(hcon);
4017
cf70ff22 4018 amp_physical_cfm(bredr_hcon, hcon);
d5e91192 4019
cf70ff22 4020 hci_dev_unlock(hdev);
d5e91192
AE		 4021}
4022
27695fb4
AE		 4023static void hci_loglink_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
4024{
4025 struct hci_ev_logical_link_complete *ev = (void *) skb->data;
4026 struct hci_conn *hcon;
4027 struct hci_chan *hchan;
4028 struct amp_mgr *mgr;
4029
4030 BT_DBG("%s log_handle 0x%4.4x phy_handle 0x%2.2x status 0x%2.2x",
4031 hdev->name, le16_to_cpu(ev->handle), ev->phy_handle,
4032 ev->status);
4033
4034 hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
4035 if (!hcon)
4036 return;
4037
4038 /* Create AMP hchan */
4039 hchan = hci_chan_create(hcon);
4040 if (!hchan)
4041 return;
4042
4043 hchan->handle = le16_to_cpu(ev->handle);
4044
4045 BT_DBG("hcon %p mgr %p hchan %p", hcon, hcon->amp_mgr, hchan);
4046
4047 mgr = hcon->amp_mgr;
4048 if (mgr && mgr->bredr_chan) {
4049 struct l2cap_chan *bredr_chan = mgr->bredr_chan;
4050
4051 l2cap_chan_lock(bredr_chan);
4052
4053 bredr_chan->conn->mtu = hdev->block_mtu;
4054 l2cap_logical_cfm(bredr_chan, hchan, 0);
4055 hci_conn_hold(hcon);
4056
4057 l2cap_chan_unlock(bredr_chan);
4058 }
4059}
4060
606e2a10
AE		 4061static void hci_disconn_loglink_complete_evt(struct hci_dev *hdev,
4062 struct sk_buff *skb)
4063{
4064 struct hci_ev_disconn_logical_link_complete *ev = (void *) skb->data;
4065 struct hci_chan *hchan;
4066
4067 BT_DBG("%s log handle 0x%4.4x status 0x%2.2x", hdev->name,
4068 le16_to_cpu(ev->handle), ev->status);
4069
4070 if (ev->status)
4071 return;
4072
4073 hci_dev_lock(hdev);
4074
4075 hchan = hci_chan_lookup_handle(hdev, le16_to_cpu(ev->handle));
4076 if (!hchan)
4077 goto unlock;
4078
4079 amp_destroy_logical_link(hchan, ev->reason);
4080
4081unlock:
4082 hci_dev_unlock(hdev);
4083}
4084
9eef6b3a
AE		 4085static void hci_disconn_phylink_complete_evt(struct hci_dev *hdev,
4086 struct sk_buff *skb)
4087{
4088 struct hci_ev_disconn_phy_link_complete *ev = (void *) skb->data;
4089 struct hci_conn *hcon;
4090
4091 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
4092
4093 if (ev->status)
4094 return;
4095
4096 hci_dev_lock(hdev);
4097
4098 hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
4099 if (hcon) {
4100 hcon->state = BT_CLOSED;
4101 hci_conn_del(hcon);
4102 }
4103
4104 hci_dev_unlock(hdev);
4105}
4106
6039aa73 4107static void hci_le_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
fcd89c09
VT		 4108{
4109 struct hci_ev_le_conn_complete *ev = (void *) skb->data;
912b42ef 4110 struct hci_conn_params *params;
fcd89c09 4111 struct hci_conn *conn;
68d6f6de 4112 struct smp_irk *irk;
837d502e 4113 u8 addr_type;
fcd89c09 4114
9f1db00c 4115 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
fcd89c09
VT		 4116
4117 hci_dev_lock(hdev);
4118
fbd96c15
JH		 4119 /* All controllers implicitly stop advertising in the event of a
4120 * connection, so ensure that the state bit is cleared.
4121 */
4122 clear_bit(HCI_LE_ADV, &hdev->dev_flags);
4123
b47a09b3 4124 conn = hci_conn_hash_lookup_state(hdev, LE_LINK, BT_CONNECT);
b62f328b
VT		 4125 if (!conn) {
4126 conn = hci_conn_add(hdev, LE_LINK, &ev->bdaddr);
4127 if (!conn) {
4128 BT_ERR("No memory for new connection");
230fd16a 4129 goto unlock;
b62f328b 4130 }
29b7988a
AG		 4131
4132 conn->dst_type = ev->bdaddr_type;
b9b343d2
AG		 4133
4134 if (ev->role == LE_CONN_ROLE_MASTER) {
4135 conn->out = true;
4dae2798 4136 set_bit(HCI_CONN_MASTER, &conn->flags);
b9b343d2 4137 }
cb1d68f7
JH		 4138
4139 /* If we didn't have a hci_conn object previously
4140 * but we're in master role this must be something
4141 * initiated using a white list. Since white list based
4142 * connections are not "first class citizens" we don't
4143 * have full tracking of them. Therefore, we go ahead
4144 * with a "best effort" approach of determining the
4145 * initiator address based on the HCI_PRIVACY flag.
4146 */
4147 if (conn->out) {
4148 conn->resp_addr_type = ev->bdaddr_type;
4149 bacpy(&conn->resp_addr, &ev->bdaddr);
4150 if (test_bit(HCI_PRIVACY, &hdev->dev_flags)) {
4151 conn->init_addr_type = ADDR_LE_DEV_RANDOM;
4152 bacpy(&conn->init_addr, &hdev->rpa);
4153 } else {
4154 hci_copy_identity_address(hdev,
4155 &conn->init_addr,
4156 &conn->init_addr_type);
4157 }
cb1d68f7 4158 }
9489eca4
JH		 4159 } else {
4160 cancel_delayed_work(&conn->le_conn_timeout);
b62f328b 4161 }
fcd89c09 4162
80c24ab8
JH		 4163 if (!conn->out) {
4164 /* Set the responder (our side) address type based on
4165 * the advertising address type.
4166 */
4167 conn->resp_addr_type = hdev->adv_addr_type;
4168 if (hdev->adv_addr_type == ADDR_LE_DEV_RANDOM)
4169 bacpy(&conn->resp_addr, &hdev->random_addr);
4170 else
4171 bacpy(&conn->resp_addr, &hdev->bdaddr);
4172
4173 conn->init_addr_type = ev->bdaddr_type;
4174 bacpy(&conn->init_addr, &ev->bdaddr);
a720d735
MH		 4175
4176 /* For incoming connections, set the default minimum
4177 * and maximum connection interval. They will be used
4178 * to check if the parameters are in range and if not
4179 * trigger the connection update procedure.
4180 */
4181 conn->le_conn_min_interval = hdev->le_conn_min_interval;
4182 conn->le_conn_max_interval = hdev->le_conn_max_interval;
80c24ab8 4183 }
7be2edbb 4184
edb4b466
MH		 4185 /* Lookup the identity address from the stored connection
4186 * address and address type.
4187 *
4188 * When establishing connections to an identity address, the
4189 * connection procedure will store the resolvable random
4190 * address first. Now if it can be converted back into the
4191 * identity address, start using the identity address from
4192 * now on.
4193 */
4194 irk = hci_get_irk(hdev, &conn->dst, conn->dst_type);
68d6f6de
JH		 4195 if (irk) {
4196 bacpy(&conn->dst, &irk->bdaddr);
4197 conn->dst_type = irk->addr_type;
4198 }
4199
837d502e
JH		 4200 if (conn->dst_type == ADDR_LE_DEV_PUBLIC)
4201 addr_type = BDADDR_LE_PUBLIC;
4202 else
4203 addr_type = BDADDR_LE_RANDOM;
4204
4205 /* Drop the connection if he device is blocked */
dcc36c16 4206 if (hci_bdaddr_list_lookup(&hdev->blacklist, &conn->dst, addr_type)) {
837d502e
JH		 4207 hci_conn_drop(conn);
4208 goto unlock;
4209 }
4210
cd17decb 4211 if (ev->status) {
06c053fb 4212 hci_le_conn_failed(conn, ev->status);
cd17decb
AG		 4213 goto unlock;
4214 }
4215
b644ba33 4216 if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
01fdb0fc 4217 mgmt_device_connected(hdev, &conn->dst, conn->type,
04124681 4218 conn->dst_type, 0, NULL, 0, NULL);
83bc71b4 4219
7b5c0d52 4220 conn->sec_level = BT_SECURITY_LOW;
fcd89c09
VT		 4221 conn->handle = __le16_to_cpu(ev->handle);
4222 conn->state = BT_CONNECTED;
4223
e04fde60
MH		 4224 conn->le_conn_interval = le16_to_cpu(ev->interval);
4225 conn->le_conn_latency = le16_to_cpu(ev->latency);
4226 conn->le_supv_timeout = le16_to_cpu(ev->supervision_timeout);
4227
fcd89c09
VT		 4228 hci_conn_add_sysfs(conn);
4229
4230 hci_proto_connect_cfm(conn, ev->status);
4231
912b42ef 4232 params = hci_conn_params_lookup(hdev, &conn->dst, conn->dst_type);
223683a5 4233 if (params)
95305baa 4234 list_del_init(&params->action);
a4790dbd 4235
fcd89c09 4236unlock:
223683a5 4237 hci_update_background_scan(hdev);
fcd89c09
VT		 4238 hci_dev_unlock(hdev);
4239}
4240
1855d92d
MH		 4241static void hci_le_conn_update_complete_evt(struct hci_dev *hdev,
4242 struct sk_buff *skb)
4243{
4244 struct hci_ev_le_conn_update_complete *ev = (void *) skb->data;
4245 struct hci_conn *conn;
4246
4247 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
4248
4249 if (ev->status)
4250 return;
4251
4252 hci_dev_lock(hdev);
4253
4254 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
4255 if (conn) {
4256 conn->le_conn_interval = le16_to_cpu(ev->interval);
4257 conn->le_conn_latency = le16_to_cpu(ev->latency);
4258 conn->le_supv_timeout = le16_to_cpu(ev->supervision_timeout);
4259 }
4260
4261 hci_dev_unlock(hdev);
4262}
4263
a4790dbd 4264/* This function requires the caller holds hdev->lock */
7e899c94 4265static void check_pending_le_conn(struct hci_dev *hdev, bdaddr_t *addr,
1c1abcab 4266 u8 addr_type, u8 adv_type)
a4790dbd
AG		 4267{
4268 struct hci_conn *conn;
4269
1c1abcab
JH		 4270 /* If the event is not connectable don't proceed further */
4271 if (adv_type != LE_ADV_IND && adv_type != LE_ADV_DIRECT_IND)
7e899c94 4272 return;
1c1abcab
JH		 4273
4274 /* Ignore if the device is blocked */
dcc36c16 4275 if (hci_bdaddr_list_lookup(&hdev->blacklist, addr, addr_type))
7e899c94 4276 return;
1c1abcab
JH		 4277
4278 /* If we're connectable, always connect any ADV_DIRECT_IND event */
4279 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags) &&
4280 adv_type == LE_ADV_DIRECT_IND)
4281 goto connect;
4282
4283 /* If we're not connectable only connect devices that we have in
4284 * our pend_le_conns list.
4285 */
501f8827 4286 if (!hci_pend_le_action_lookup(&hdev->pend_le_conns, addr, addr_type))
7e899c94 4287 return;
a4790dbd 4288
1c1abcab 4289connect:
cdd6275e 4290 /* Request connection in master = true role */
a4790dbd 4291 conn = hci_connect_le(hdev, addr, addr_type, BT_SECURITY_LOW,
cdd6275e 4292 HCI_LE_AUTOCONN_TIMEOUT, true);
a4790dbd 4293 if (!IS_ERR(conn))
7e899c94 4294 return;
a4790dbd
AG		 4295
4296 switch (PTR_ERR(conn)) {
4297 case -EBUSY:
4298 /* If hci_connect() returns -EBUSY it means there is already
4299 * an LE connection attempt going on. Since controllers don't
4300 * support more than one connection attempt at the time, we
4301 * don't consider this an error case.
4302 */
4303 break;
4304 default:
4305 BT_DBG("Failed to connect: err %ld", PTR_ERR(conn));
4306 }
4307}
4308
4af605d8
JH		 4309static void process_adv_report(struct hci_dev *hdev, u8 type, bdaddr_t *bdaddr,
4310 u8 bdaddr_type, s8 rssi, u8 *data, u8 len)
4311{
b9a6328f 4312 struct discovery_state *d = &hdev->discovery;
1c1abcab 4313 struct smp_irk *irk;
474ee066 4314 bool match;
c70a7e4c 4315 u32 flags;
b9a6328f 4316
1c1abcab
JH		 4317 /* Check if we need to convert to identity address */
4318 irk = hci_get_irk(hdev, bdaddr, bdaddr_type);
4319 if (irk) {
4320 bdaddr = &irk->bdaddr;
4321 bdaddr_type = irk->addr_type;
4322 }
4323
4324 /* Check if we have been requested to connect to this device */
4325 check_pending_le_conn(hdev, bdaddr, bdaddr_type, type);
4326
0d2bf134
JH		 4327 /* Passive scanning shouldn't trigger any device found events,
4328 * except for devices marked as CONN_REPORT for which we do send
4329 * device found events.
4330 */
ca5c4be7 4331 if (hdev->le_scan_type == LE_SCAN_PASSIVE) {
0d2bf134 4332 struct hci_conn_params *param;
0d2bf134 4333
0d2bf134
JH		 4334 if (type == LE_ADV_DIRECT_IND)
4335 return;
4336
a7545f2a
JH		 4337 param = hci_pend_le_action_lookup(&hdev->pend_le_reports,
4338 bdaddr, bdaddr_type);
4339 if (!param)
0d2bf134
JH		 4340 return;
4341
4342 if (type == LE_ADV_NONCONN_IND || type == LE_ADV_SCAN_IND)
4343 flags = MGMT_DEV_FOUND_NOT_CONNECTABLE;
4344 else
4345 flags = 0;
4346 mgmt_device_found(hdev, bdaddr, LE_LINK, bdaddr_type, NULL,
4347 rssi, flags, data, len, NULL, 0);
97bf2e99 4348 return;
ca5c4be7 4349 }
4af605d8 4350
c70a7e4c
MH		 4351 /* When receiving non-connectable or scannable undirected
4352 * advertising reports, this means that the remote device is
4353 * not connectable and then clearly indicate this in the
4354 * device found event.
4355 *
4356 * When receiving a scan response, then there is no way to
4357 * know if the remote device is connectable or not. However
4358 * since scan responses are merged with a previously seen
4359 * advertising report, the flags field from that report
4360 * will be used.
4361 *
4362 * In the really unlikely case that a controller get confused
4363 * and just sends a scan response event, then it is marked as
4364 * not connectable as well.
4365 */
4366 if (type == LE_ADV_NONCONN_IND || type == LE_ADV_SCAN_IND ||
4367 type == LE_ADV_SCAN_RSP)
4368 flags = MGMT_DEV_FOUND_NOT_CONNECTABLE;
4369 else
4370 flags = 0;
4371
b9a6328f
JH		 4372 /* If there's nothing pending either store the data from this
4373 * event or send an immediate device found event if the data
4374 * should not be stored for later.
4375 */
4376 if (!has_pending_adv_report(hdev)) {
4377 /* If the report will trigger a SCAN_REQ store it for
4378 * later merging.
4379 */
4380 if (type == LE_ADV_IND || type == LE_ADV_SCAN_IND) {
4381 store_pending_adv_report(hdev, bdaddr, bdaddr_type,
c70a7e4c 4382 rssi, flags, data, len);
b9a6328f
JH		 4383 return;
4384 }
4385
4386 mgmt_device_found(hdev, bdaddr, LE_LINK, bdaddr_type, NULL,
c70a7e4c 4387 rssi, flags, data, len, NULL, 0);
b9a6328f
JH		 4388 return;
4389 }
4390
474ee066
JH		 4391 /* Check if the pending report is for the same device as the new one */
4392 match = (!bacmp(bdaddr, &d->last_adv_addr) &&
4393 bdaddr_type == d->last_adv_addr_type);
4394
b9a6328f
JH		 4395 /* If the pending data doesn't match this report or this isn't a
4396 * scan response (e.g. we got a duplicate ADV_IND) then force
4397 * sending of the pending data.
4398 */
474ee066
JH		 4399 if (type != LE_ADV_SCAN_RSP || !match) {
4400 /* Send out whatever is in the cache, but skip duplicates */
4401 if (!match)
4402 mgmt_device_found(hdev, &d->last_adv_addr, LE_LINK,
ff5cd29f 4403 d->last_adv_addr_type, NULL,
c70a7e4c 4404 d->last_adv_rssi, d->last_adv_flags,
ff5cd29f 4405 d->last_adv_data,
474ee066 4406 d->last_adv_data_len, NULL, 0);
b9a6328f
JH		 4407
4408 /* If the new report will trigger a SCAN_REQ store it for
4409 * later merging.
4410 */
4411 if (type == LE_ADV_IND || type == LE_ADV_SCAN_IND) {
4412 store_pending_adv_report(hdev, bdaddr, bdaddr_type,
c70a7e4c 4413 rssi, flags, data, len);
b9a6328f
JH		 4414 return;
4415 }
4416
4417 /* The advertising reports cannot be merged, so clear
4418 * the pending report and send out a device found event.
4419 */
4420 clear_pending_adv_report(hdev);
5c5b93e4 4421 mgmt_device_found(hdev, bdaddr, LE_LINK, bdaddr_type, NULL,
c70a7e4c 4422 rssi, flags, data, len, NULL, 0);
b9a6328f
JH		 4423 return;
4424 }
4425
4426 /* If we get here we've got a pending ADV_IND or ADV_SCAN_IND and
4427 * the new event is a SCAN_RSP. We can therefore proceed with
4428 * sending a merged device found event.
4429 */
4430 mgmt_device_found(hdev, &d->last_adv_addr, LE_LINK,
c70a7e4c 4431 d->last_adv_addr_type, NULL, rssi, d->last_adv_flags,
42bd6a56 4432 d->last_adv_data, d->last_adv_data_len, data, len);
b9a6328f 4433 clear_pending_adv_report(hdev);
4af605d8
JH		 4434}
4435
6039aa73 4436static void hci_le_adv_report_evt(struct hci_dev *hdev, struct sk_buff *skb)
9aa04c91 4437{
e95beb41
AG		 4438 u8 num_reports = skb->data[0];
4439 void *ptr = &skb->data[1];
9aa04c91 4440
a4790dbd
AG		 4441 hci_dev_lock(hdev);
4442
e95beb41
AG		 4443 while (num_reports--) {
4444 struct hci_ev_le_advertising_info *ev = ptr;
4af605d8 4445 s8 rssi;
a4790dbd 4446
3c9e9195 4447 rssi = ev->data[ev->length];
4af605d8
JH		 4448 process_adv_report(hdev, ev->evt_type, &ev->bdaddr,
4449 ev->bdaddr_type, rssi, ev->data, ev->length);
3c9e9195 4450
e95beb41 4451 ptr += sizeof(*ev) + ev->length + 1;
9aa04c91 4452 }
a4790dbd
AG		 4453
4454 hci_dev_unlock(hdev);
9aa04c91
AG		 4455}
4456
6039aa73 4457static void hci_le_ltk_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
a7a595f6
VCG		 4458{
4459 struct hci_ev_le_ltk_req *ev = (void *) skb->data;
4460 struct hci_cp_le_ltk_reply cp;
bea710fe 4461 struct hci_cp_le_ltk_neg_reply neg;
a7a595f6 4462 struct hci_conn *conn;
c9839a11 4463 struct smp_ltk *ltk;
a7a595f6 4464
9f1db00c 4465 BT_DBG("%s handle 0x%4.4x", hdev->name, __le16_to_cpu(ev->handle));
a7a595f6
VCG		 4466
4467 hci_dev_lock(hdev);
4468
4469 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
bea710fe
VCG		 4470 if (conn == NULL)
4471 goto not_found;
a7a595f6 4472
fe39c7b2 4473 ltk = hci_find_ltk(hdev, ev->ediv, ev->rand, conn->out);
bea710fe
VCG		 4474 if (ltk == NULL)
4475 goto not_found;
4476
4477 memcpy(cp.ltk, ltk->val, sizeof(ltk->val));
a7a595f6 4478 cp.handle = cpu_to_le16(conn->handle);
c9839a11
VCG		 4479
4480 if (ltk->authenticated)
f8776218
AG		 4481 conn->pending_sec_level = BT_SECURITY_HIGH;
4482 else
4483 conn->pending_sec_level = BT_SECURITY_MEDIUM;
a7a595f6 4484
89cbb4da 4485 conn->enc_key_size = ltk->enc_size;
a7a595f6
VCG		 4486
4487 hci_send_cmd(hdev, HCI_OP_LE_LTK_REPLY, sizeof(cp), &cp);
4488
5981a882
CT		 4489 /* Ref. Bluetooth Core SPEC pages 1975 and 2004. STK is a
4490 * temporary key used to encrypt a connection following
4491 * pairing. It is used during the Encrypted Session Setup to
4492 * distribute the keys. Later, security can be re-established
4493 * using a distributed LTK.
4494 */
2ceba539 4495 if (ltk->type == SMP_STK) {
fe59a05f 4496 set_bit(HCI_CONN_STK_ENCRYPT, &conn->flags);
c9839a11
VCG		 4497 list_del(&ltk->list);
4498 kfree(ltk);
fe59a05f
JH		 4499 } else {
4500 clear_bit(HCI_CONN_STK_ENCRYPT, &conn->flags);
c9839a11
VCG		 4501 }
4502
a7a595f6 4503 hci_dev_unlock(hdev);
bea710fe
VCG		 4504
4505 return;
4506
4507not_found:
4508 neg.handle = ev->handle;
4509 hci_send_cmd(hdev, HCI_OP_LE_LTK_NEG_REPLY, sizeof(neg), &neg);
4510 hci_dev_unlock(hdev);
a7a595f6
VCG		 4511}
4512
8e75b46a
AG		 4513static void send_conn_param_neg_reply(struct hci_dev *hdev, u16 handle,
4514 u8 reason)
4515{
4516 struct hci_cp_le_conn_param_req_neg_reply cp;
4517
4518 cp.handle = cpu_to_le16(handle);
4519 cp.reason = reason;
4520
4521 hci_send_cmd(hdev, HCI_OP_LE_CONN_PARAM_REQ_NEG_REPLY, sizeof(cp),
4522 &cp);
4523}
4524
4525static void hci_le_remote_conn_param_req_evt(struct hci_dev *hdev,
4526 struct sk_buff *skb)
4527{
4528 struct hci_ev_le_remote_conn_param_req *ev = (void *) skb->data;
4529 struct hci_cp_le_conn_param_req_reply cp;
4530 struct hci_conn *hcon;
4531 u16 handle, min, max, latency, timeout;
4532
4533 handle = le16_to_cpu(ev->handle);
4534 min = le16_to_cpu(ev->interval_min);
4535 max = le16_to_cpu(ev->interval_max);
4536 latency = le16_to_cpu(ev->latency);
4537 timeout = le16_to_cpu(ev->timeout);
4538
4539 hcon = hci_conn_hash_lookup_handle(hdev, handle);
4540 if (!hcon || hcon->state != BT_CONNECTED)
4541 return send_conn_param_neg_reply(hdev, handle,
4542 HCI_ERROR_UNKNOWN_CONN_ID);
4543
4544 if (hci_check_conn_params(min, max, latency, timeout))
4545 return send_conn_param_neg_reply(hdev, handle,
4546 HCI_ERROR_INVALID_LL_PARAMS);
4547
348d50b8
JH		 4548 if (test_bit(HCI_CONN_MASTER, &hcon->flags)) {
4549 struct hci_conn_params *params;
f4869e2a 4550 u8 store_hint;
348d50b8
JH		 4551
4552 hci_dev_lock(hdev);
4553
4554 params = hci_conn_params_lookup(hdev, &hcon->dst,
4555 hcon->dst_type);
4556 if (params) {
4557 params->conn_min_interval = min;
4558 params->conn_max_interval = max;
4559 params->conn_latency = latency;
4560 params->supervision_timeout = timeout;
f4869e2a
JH		 4561 store_hint = 0x01;
4562 } else{
4563 store_hint = 0x00;
348d50b8
JH		 4564 }
4565
4566 hci_dev_unlock(hdev);
4567
f4869e2a
JH		 4568 mgmt_new_conn_param(hdev, &hcon->dst, hcon->dst_type,
4569 store_hint, min, max, latency, timeout);
348d50b8 4570 }
ffb5a827 4571
8e75b46a
AG		 4572 cp.handle = ev->handle;
4573 cp.interval_min = ev->interval_min;
4574 cp.interval_max = ev->interval_max;
4575 cp.latency = ev->latency;
4576 cp.timeout = ev->timeout;
4577 cp.min_ce_len = 0;
4578 cp.max_ce_len = 0;
4579
4580 hci_send_cmd(hdev, HCI_OP_LE_CONN_PARAM_REQ_REPLY, sizeof(cp), &cp);
4581}
4582
6039aa73 4583static void hci_le_meta_evt(struct hci_dev *hdev, struct sk_buff *skb)
fcd89c09
VT		 4584{
4585 struct hci_ev_le_meta *le_ev = (void *) skb->data;
4586
4587 skb_pull(skb, sizeof(*le_ev));
4588
4589 switch (le_ev->subevent) {
4590 case HCI_EV_LE_CONN_COMPLETE:
4591 hci_le_conn_complete_evt(hdev, skb);
4592 break;
4593
1855d92d
MH		 4594 case HCI_EV_LE_CONN_UPDATE_COMPLETE:
4595 hci_le_conn_update_complete_evt(hdev, skb);
4596 break;
4597
9aa04c91
AG		 4598 case HCI_EV_LE_ADVERTISING_REPORT:
4599 hci_le_adv_report_evt(hdev, skb);
4600 break;
4601
a7a595f6
VCG		 4602 case HCI_EV_LE_LTK_REQ:
4603 hci_le_ltk_request_evt(hdev, skb);
4604 break;
4605
8e75b46a
AG		 4606 case HCI_EV_LE_REMOTE_CONN_PARAM_REQ:
4607 hci_le_remote_conn_param_req_evt(hdev, skb);
4608 break;
4609
fcd89c09
VT		 4610 default:
4611 break;
4612 }
4613}
4614
9495b2ee
AE		 4615static void hci_chan_selected_evt(struct hci_dev *hdev, struct sk_buff *skb)
4616{
4617 struct hci_ev_channel_selected *ev = (void *) skb->data;
4618 struct hci_conn *hcon;
4619
4620 BT_DBG("%s handle 0x%2.2x", hdev->name, ev->phy_handle);
4621
4622 skb_pull(skb, sizeof(*ev));
4623
4624 hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
4625 if (!hcon)
4626 return;
4627
4628 amp_read_loc_assoc_final_data(hdev, hcon);
4629}
4630
a9de9248
MH		 4631void hci_event_packet(struct hci_dev *hdev, struct sk_buff *skb)
4632{
4633 struct hci_event_hdr *hdr = (void *) skb->data;
4634 __u8 event = hdr->evt;
4635
b6ddb638
JH		 4636 hci_dev_lock(hdev);
4637
4638 /* Received events are (currently) only needed when a request is
4639 * ongoing so avoid unnecessary memory allocation.
4640 */
4641 if (hdev->req_status == HCI_REQ_PEND) {
4642 kfree_skb(hdev->recv_evt);
4643 hdev->recv_evt = skb_clone(skb, GFP_KERNEL);
4644 }
4645
4646 hci_dev_unlock(hdev);
4647
a9de9248
MH		 4648 skb_pull(skb, HCI_EVENT_HDR_SIZE);
4649
02350a72 4650 if (hdev->sent_cmd && bt_cb(hdev->sent_cmd)->req.event == event) {
c1f23a2b
JB		 4651 struct hci_command_hdr *cmd_hdr = (void *) hdev->sent_cmd->data;
4652 u16 opcode = __le16_to_cpu(cmd_hdr->opcode);
02350a72
JH		 4653
4654 hci_req_cmd_complete(hdev, opcode, 0);
4655 }
4656
a9de9248 4657 switch (event) {
1da177e4
LT		 4658 case HCI_EV_INQUIRY_COMPLETE:
4659 hci_inquiry_complete_evt(hdev, skb);
4660 break;
4661
4662 case HCI_EV_INQUIRY_RESULT:
4663 hci_inquiry_result_evt(hdev, skb);
4664 break;
4665
a9de9248
MH		 4666 case HCI_EV_CONN_COMPLETE:
4667 hci_conn_complete_evt(hdev, skb);
21d9e30e
MH		 4668 break;
4669
1da177e4
LT		 4670 case HCI_EV_CONN_REQUEST:
4671 hci_conn_request_evt(hdev, skb);
4672 break;
4673
1da177e4
LT		 4674 case HCI_EV_DISCONN_COMPLETE:
4675 hci_disconn_complete_evt(hdev, skb);
4676 break;
4677
1da177e4
LT		 4678 case HCI_EV_AUTH_COMPLETE:
4679 hci_auth_complete_evt(hdev, skb);
4680 break;
4681
a9de9248
MH		 4682 case HCI_EV_REMOTE_NAME:
4683 hci_remote_name_evt(hdev, skb);
4684 break;
4685
1da177e4
LT		 4686 case HCI_EV_ENCRYPT_CHANGE:
4687 hci_encrypt_change_evt(hdev, skb);
4688 break;
4689
a9de9248
MH		 4690 case HCI_EV_CHANGE_LINK_KEY_COMPLETE:
4691 hci_change_link_key_complete_evt(hdev, skb);
4692 break;
4693
4694 case HCI_EV_REMOTE_FEATURES:
4695 hci_remote_features_evt(hdev, skb);
4696 break;
4697
a9de9248
MH		 4698 case HCI_EV_CMD_COMPLETE:
4699 hci_cmd_complete_evt(hdev, skb);
4700 break;
4701
4702 case HCI_EV_CMD_STATUS:
4703 hci_cmd_status_evt(hdev, skb);
4704 break;
4705
4706 case HCI_EV_ROLE_CHANGE:
4707 hci_role_change_evt(hdev, skb);
4708 break;
4709
4710 case HCI_EV_NUM_COMP_PKTS:
4711 hci_num_comp_pkts_evt(hdev, skb);
4712 break;
4713
4714 case HCI_EV_MODE_CHANGE:
4715 hci_mode_change_evt(hdev, skb);
1da177e4
LT		 4716 break;
4717
4718 case HCI_EV_PIN_CODE_REQ:
4719 hci_pin_code_request_evt(hdev, skb);
4720 break;
4721
4722 case HCI_EV_LINK_KEY_REQ:
4723 hci_link_key_request_evt(hdev, skb);
4724 break;
4725
4726 case HCI_EV_LINK_KEY_NOTIFY:
4727 hci_link_key_notify_evt(hdev, skb);
4728 break;
4729
4730 case HCI_EV_CLOCK_OFFSET:
4731 hci_clock_offset_evt(hdev, skb);
4732 break;
4733
a8746417
MH		 4734 case HCI_EV_PKT_TYPE_CHANGE:
4735 hci_pkt_type_change_evt(hdev, skb);
4736 break;
4737
85a1e930
MH		 4738 case HCI_EV_PSCAN_REP_MODE:
4739 hci_pscan_rep_mode_evt(hdev, skb);
4740 break;
4741
a9de9248
MH		 4742 case HCI_EV_INQUIRY_RESULT_WITH_RSSI:
4743 hci_inquiry_result_with_rssi_evt(hdev, skb);
04837f64
MH		 4744 break;
4745
a9de9248
MH		 4746 case HCI_EV_REMOTE_EXT_FEATURES:
4747 hci_remote_ext_features_evt(hdev, skb);
1da177e4
LT		 4748 break;
4749
a9de9248
MH		 4750 case HCI_EV_SYNC_CONN_COMPLETE:
4751 hci_sync_conn_complete_evt(hdev, skb);
4752 break;
1da177e4 4753
a9de9248
MH		 4754 case HCI_EV_EXTENDED_INQUIRY_RESULT:
4755 hci_extended_inquiry_result_evt(hdev, skb);
4756 break;
1da177e4 4757
1c2e0041
JH		 4758 case HCI_EV_KEY_REFRESH_COMPLETE:
4759 hci_key_refresh_complete_evt(hdev, skb);
4760 break;
4761
0493684e
MH		 4762 case HCI_EV_IO_CAPA_REQUEST:
4763 hci_io_capa_request_evt(hdev, skb);
4764 break;
4765
03b555e1
JH		 4766 case HCI_EV_IO_CAPA_REPLY:
4767 hci_io_capa_reply_evt(hdev, skb);
4768 break;
4769
a5c29683
JH		 4770 case HCI_EV_USER_CONFIRM_REQUEST:
4771 hci_user_confirm_request_evt(hdev, skb);
4772 break;
4773
1143d458
BG		 4774 case HCI_EV_USER_PASSKEY_REQUEST:
4775 hci_user_passkey_request_evt(hdev, skb);
4776 break;
4777
92a25256
JH		 4778 case HCI_EV_USER_PASSKEY_NOTIFY:
4779 hci_user_passkey_notify_evt(hdev, skb);
4780 break;
4781
4782 case HCI_EV_KEYPRESS_NOTIFY:
4783 hci_keypress_notify_evt(hdev, skb);
4784 break;
4785
0493684e
MH		 4786 case HCI_EV_SIMPLE_PAIR_COMPLETE:
4787 hci_simple_pair_complete_evt(hdev, skb);
4788 break;
4789
41a96212
MH		 4790 case HCI_EV_REMOTE_HOST_FEATURES:
4791 hci_remote_host_features_evt(hdev, skb);
4792 break;
4793
fcd89c09
VT		 4794 case HCI_EV_LE_META:
4795 hci_le_meta_evt(hdev, skb);
4796 break;
4797
9495b2ee
AE		 4798 case HCI_EV_CHANNEL_SELECTED:
4799 hci_chan_selected_evt(hdev, skb);
4800 break;
4801
2763eda6
SJ		 4802 case HCI_EV_REMOTE_OOB_DATA_REQUEST:
4803 hci_remote_oob_data_request_evt(hdev, skb);
4804 break;
4805
d5e91192
AE		 4806 case HCI_EV_PHY_LINK_COMPLETE:
4807 hci_phy_link_complete_evt(hdev, skb);
4808 break;
4809
27695fb4
AE		 4810 case HCI_EV_LOGICAL_LINK_COMPLETE:
4811 hci_loglink_complete_evt(hdev, skb);
4812 break;
4813
606e2a10
AE		 4814 case HCI_EV_DISCONN_LOGICAL_LINK_COMPLETE:
4815 hci_disconn_loglink_complete_evt(hdev, skb);
4816 break;
4817
9eef6b3a
AE		 4818 case HCI_EV_DISCONN_PHY_LINK_COMPLETE:
4819 hci_disconn_phylink_complete_evt(hdev, skb);
4820 break;
4821
25e89e99
AE		 4822 case HCI_EV_NUM_COMP_BLOCKS:
4823 hci_num_comp_blocks_evt(hdev, skb);
4824 break;
4825
a9de9248 4826 default:
9f1db00c 4827 BT_DBG("%s event 0x%2.2x", hdev->name, event);
1da177e4
LT		 4828 break;
4829 }
4830
4831 kfree_skb(skb);
4832 hdev->stat.evt_rx++;
4833}
Linux kernel - Deliverables
This page took 1.368792 seconds and 5 git commands to generate.