projects / deliverable / linux.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Bluetooth: Allow L2CAP getpeername() for BT_CONFIG state
[deliverable/linux.git] / net / bluetooth / hci_event.c
CommitLineData
8e87d142 1/*
1da177e4 2 BlueZ - Bluetooth protocol stack for Linux
2d0a0346 3 Copyright (c) 2000-2001, 2010, Code Aurora Forum. All rights reserved.
1da177e4
LT		 4
5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
8e87d142
YH		 15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
1da177e4
LT		 18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
8e87d142
YH		 20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
1da177e4
LT		 22 SOFTWARE IS DISCLAIMED.
23*/
24
25/* Bluetooth HCI event handling. */
26
1da177e4
LT		 27#include <asm/unaligned.h>
28
29#include <net/bluetooth/bluetooth.h>
30#include <net/bluetooth/hci_core.h>
f0d6a0ea 31#include <net/bluetooth/mgmt.h>
7ef9fbf0 32
7024728e 33#include "a2mp.h"
7ef9fbf0 34#include "amp.h"
2ceba539 35#include "smp.h"
1da177e4 36
1da177e4
LT		 37/* Handle HCI Event packets */
38
a9de9248 39static void hci_cc_inquiry_cancel(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 40{
a9de9248 41 __u8 status = *((__u8 *) skb->data);
1da177e4 42
9f1db00c 43 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1da177e4 44
82f4785c 45 if (status)
a9de9248 46 return;
1da177e4 47
89352e7d 48 clear_bit(HCI_INQUIRY, &hdev->flags);
4e857c58 49 smp_mb__after_atomic(); /* wake_up_bit advises about this barrier */
3e13fa1e 50 wake_up_bit(&hdev->flags, HCI_INQUIRY);
89352e7d 51
50143a43
JH		 52 hci_dev_lock(hdev);
53 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
54 hci_dev_unlock(hdev);
55
a9de9248
MH		 56 hci_conn_check_pending(hdev);
57}
6bd57416 58
4d93483b
AG		 59static void hci_cc_periodic_inq(struct hci_dev *hdev, struct sk_buff *skb)
60{
61 __u8 status = *((__u8 *) skb->data);
62
9f1db00c 63 BT_DBG("%s status 0x%2.2x", hdev->name, status);
ae854a70
AG		 64
65 if (status)
66 return;
67
68 set_bit(HCI_PERIODIC_INQ, &hdev->dev_flags);
4d93483b
AG		 69}
70
a9de9248
MH		 71static void hci_cc_exit_periodic_inq(struct hci_dev *hdev, struct sk_buff *skb)
72{
73 __u8 status = *((__u8 *) skb->data);
6bd57416 74
9f1db00c 75 BT_DBG("%s status 0x%2.2x", hdev->name, status);
6bd57416 76
a9de9248
MH		 77 if (status)
78 return;
1da177e4 79
ae854a70
AG		 80 clear_bit(HCI_PERIODIC_INQ, &hdev->dev_flags);
81
a9de9248
MH		 82 hci_conn_check_pending(hdev);
83}
84
807deac2
GP		 85static void hci_cc_remote_name_req_cancel(struct hci_dev *hdev,
86 struct sk_buff *skb)
a9de9248
MH		 87{
88 BT_DBG("%s", hdev->name);
89}
90
91static void hci_cc_role_discovery(struct hci_dev *hdev, struct sk_buff *skb)
92{
93 struct hci_rp_role_discovery *rp = (void *) skb->data;
94 struct hci_conn *conn;
95
9f1db00c 96 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
a9de9248
MH		 97
98 if (rp->status)
99 return;
100
101 hci_dev_lock(hdev);
102
103 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
104 if (conn) {
105 if (rp->role)
4dae2798 106 clear_bit(HCI_CONN_MASTER, &conn->flags);
a9de9248 107 else
4dae2798 108 set_bit(HCI_CONN_MASTER, &conn->flags);
1da177e4 109 }
a9de9248
MH		 110
111 hci_dev_unlock(hdev);
1da177e4
LT		 112}
113
e4e8e37c
MH		 114static void hci_cc_read_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
115{
116 struct hci_rp_read_link_policy *rp = (void *) skb->data;
117 struct hci_conn *conn;
118
9f1db00c 119 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
e4e8e37c
MH		 120
121 if (rp->status)
122 return;
123
124 hci_dev_lock(hdev);
125
126 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
127 if (conn)
128 conn->link_policy = __le16_to_cpu(rp->policy);
129
130 hci_dev_unlock(hdev);
131}
132
a9de9248 133static void hci_cc_write_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 134{
a9de9248 135 struct hci_rp_write_link_policy *rp = (void *) skb->data;
1da177e4 136 struct hci_conn *conn;
04837f64 137 void *sent;
1da177e4 138
9f1db00c 139 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1da177e4 140
a9de9248
MH		 141 if (rp->status)
142 return;
1da177e4 143
a9de9248
MH		 144 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LINK_POLICY);
145 if (!sent)
146 return;
1da177e4 147
a9de9248 148 hci_dev_lock(hdev);
1da177e4 149
a9de9248 150 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
e4e8e37c 151 if (conn)
83985319 152 conn->link_policy = get_unaligned_le16(sent + 2);
1da177e4 153
a9de9248
MH		 154 hci_dev_unlock(hdev);
155}
1da177e4 156
807deac2
GP		 157static void hci_cc_read_def_link_policy(struct hci_dev *hdev,
158 struct sk_buff *skb)
e4e8e37c
MH		 159{
160 struct hci_rp_read_def_link_policy *rp = (void *) skb->data;
161
9f1db00c 162 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
e4e8e37c
MH		 163
164 if (rp->status)
165 return;
166
167 hdev->link_policy = __le16_to_cpu(rp->policy);
168}
169
807deac2
GP		 170static void hci_cc_write_def_link_policy(struct hci_dev *hdev,
171 struct sk_buff *skb)
e4e8e37c
MH		 172{
173 __u8 status = *((__u8 *) skb->data);
174 void *sent;
175
9f1db00c 176 BT_DBG("%s status 0x%2.2x", hdev->name, status);
e4e8e37c
MH		 177
178 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_DEF_LINK_POLICY);
179 if (!sent)
180 return;
181
182 if (!status)
183 hdev->link_policy = get_unaligned_le16(sent);
e4e8e37c
MH		 184}
185
a9de9248
MH		 186static void hci_cc_reset(struct hci_dev *hdev, struct sk_buff *skb)
187{
188 __u8 status = *((__u8 *) skb->data);
04837f64 189
9f1db00c 190 BT_DBG("%s status 0x%2.2x", hdev->name, status);
04837f64 191
10572132
GP		 192 clear_bit(HCI_RESET, &hdev->flags);
193
a297e97c 194 /* Reset all non-persistent flags */
2cc6fb00 195 hdev->dev_flags &= ~HCI_PERSISTENT_MASK;
69775ff6
AG		 196
197 hdev->discovery.state = DISCOVERY_STOPPED;
bbaf444a
JH		 198 hdev->inq_tx_power = HCI_TX_POWER_INVALID;
199 hdev->adv_tx_power = HCI_TX_POWER_INVALID;
3f0f524b
JH		 200
201 memset(hdev->adv_data, 0, sizeof(hdev->adv_data));
202 hdev->adv_data_len = 0;
f8e808bd
MH		 203
204 memset(hdev->scan_rsp_data, 0, sizeof(hdev->scan_rsp_data));
205 hdev->scan_rsp_data_len = 0;
06f5b778 206
533553f8
MH		 207 hdev->le_scan_type = LE_SCAN_PASSIVE;
208
06f5b778 209 hdev->ssp_debug_mode = 0;
a9de9248 210}
04837f64 211
a9de9248
MH		 212static void hci_cc_write_local_name(struct hci_dev *hdev, struct sk_buff *skb)
213{
214 __u8 status = *((__u8 *) skb->data);
215 void *sent;
04837f64 216
9f1db00c 217 BT_DBG("%s status 0x%2.2x", hdev->name, status);
04837f64 218
a9de9248
MH		 219 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LOCAL_NAME);
220 if (!sent)
221 return;
04837f64 222
56e5cb86
JH		 223 hci_dev_lock(hdev);
224
f51d5b24
JH		 225 if (test_bit(HCI_MGMT, &hdev->dev_flags))
226 mgmt_set_local_name_complete(hdev, sent, status);
28cc7bde
JH		 227 else if (!status)
228 memcpy(hdev->dev_name, sent, HCI_MAX_NAME_LENGTH);
f51d5b24 229
56e5cb86 230 hci_dev_unlock(hdev);
a9de9248
MH		 231}
232
233static void hci_cc_read_local_name(struct hci_dev *hdev, struct sk_buff *skb)
234{
235 struct hci_rp_read_local_name *rp = (void *) skb->data;
236
9f1db00c 237 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
a9de9248
MH		 238
239 if (rp->status)
240 return;
241
db99b5fc
JH		 242 if (test_bit(HCI_SETUP, &hdev->dev_flags))
243 memcpy(hdev->dev_name, rp->name, HCI_MAX_NAME_LENGTH);
a9de9248
MH		 244}
245
246static void hci_cc_write_auth_enable(struct hci_dev *hdev, struct sk_buff *skb)
247{
248 __u8 status = *((__u8 *) skb->data);
249 void *sent;
250
9f1db00c 251 BT_DBG("%s status 0x%2.2x", hdev->name, status);
a9de9248
MH		 252
253 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_AUTH_ENABLE);
254 if (!sent)
255 return;
256
257 if (!status) {
258 __u8 param = *((__u8 *) sent);
259
260 if (param == AUTH_ENABLED)
261 set_bit(HCI_AUTH, &hdev->flags);
262 else
263 clear_bit(HCI_AUTH, &hdev->flags);
1da177e4 264 }
a9de9248 265
33ef95ed
JH		 266 if (test_bit(HCI_MGMT, &hdev->dev_flags))
267 mgmt_auth_enable_complete(hdev, status);
1da177e4
LT		 268}
269
a9de9248 270static void hci_cc_write_encrypt_mode(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 271{
a9de9248 272 __u8 status = *((__u8 *) skb->data);
1da177e4
LT		 273 void *sent;
274
9f1db00c 275 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1da177e4 276
a9de9248
MH		 277 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_ENCRYPT_MODE);
278 if (!sent)
279 return;
1da177e4 280
a9de9248
MH		 281 if (!status) {
282 __u8 param = *((__u8 *) sent);
283
284 if (param)
285 set_bit(HCI_ENCRYPT, &hdev->flags);
286 else
287 clear_bit(HCI_ENCRYPT, &hdev->flags);
288 }
a9de9248 289}
1da177e4 290
a9de9248
MH		 291static void hci_cc_write_scan_enable(struct hci_dev *hdev, struct sk_buff *skb)
292{
36f7fc7e
JH		 293 __u8 param, status = *((__u8 *) skb->data);
294 int old_pscan, old_iscan;
a9de9248 295 void *sent;
1da177e4 296
9f1db00c 297 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1da177e4 298
a9de9248
MH		 299 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SCAN_ENABLE);
300 if (!sent)
301 return;
1da177e4 302
36f7fc7e
JH		 303 param = *((__u8 *) sent);
304
56e5cb86
JH		 305 hci_dev_lock(hdev);
306
fa1bd918 307 if (status) {
744cf19e 308 mgmt_write_scan_failed(hdev, param, status);
2d7cee58
JH		 309 hdev->discov_timeout = 0;
310 goto done;
311 }
312
0663ca2a
JH		 313 /* We need to ensure that we set this back on if someone changed
314 * the scan mode through a raw HCI socket.
315 */
316 set_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
317
36f7fc7e
JH		 318 old_pscan = test_and_clear_bit(HCI_PSCAN, &hdev->flags);
319 old_iscan = test_and_clear_bit(HCI_ISCAN, &hdev->flags);
320
321 if (param & SCAN_INQUIRY) {
322 set_bit(HCI_ISCAN, &hdev->flags);
323 if (!old_iscan)
744cf19e 324 mgmt_discoverable(hdev, 1);
36f7fc7e 325 } else if (old_iscan)
744cf19e 326 mgmt_discoverable(hdev, 0);
36f7fc7e
JH		 327
328 if (param & SCAN_PAGE) {
329 set_bit(HCI_PSCAN, &hdev->flags);
330 if (!old_pscan)
744cf19e 331 mgmt_connectable(hdev, 1);
36f7fc7e 332 } else if (old_pscan)
744cf19e 333 mgmt_connectable(hdev, 0);
1da177e4 334
36f7fc7e 335done:
56e5cb86 336 hci_dev_unlock(hdev);
a9de9248 337}
1da177e4 338
a9de9248
MH		 339static void hci_cc_read_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
340{
341 struct hci_rp_read_class_of_dev *rp = (void *) skb->data;
1da177e4 342
9f1db00c 343 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1da177e4 344
a9de9248
MH		 345 if (rp->status)
346 return;
1da177e4 347
a9de9248 348 memcpy(hdev->dev_class, rp->dev_class, 3);
1da177e4 349
a9de9248 350 BT_DBG("%s class 0x%.2x%.2x%.2x", hdev->name,
807deac2 351 hdev->dev_class[2], hdev->dev_class[1], hdev->dev_class[0]);
a9de9248 352}
1da177e4 353
a9de9248
MH		 354static void hci_cc_write_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
355{
356 __u8 status = *((__u8 *) skb->data);
357 void *sent;
1da177e4 358
9f1db00c 359 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1da177e4 360
a9de9248
MH		 361 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_CLASS_OF_DEV);
362 if (!sent)
363 return;
1da177e4 364
7f9a903c
MH		 365 hci_dev_lock(hdev);
366
367 if (status == 0)
368 memcpy(hdev->dev_class, sent, 3);
369
370 if (test_bit(HCI_MGMT, &hdev->dev_flags))
371 mgmt_set_class_of_dev_complete(hdev, sent, status);
372
373 hci_dev_unlock(hdev);
a9de9248 374}
1da177e4 375
a9de9248
MH		 376static void hci_cc_read_voice_setting(struct hci_dev *hdev, struct sk_buff *skb)
377{
378 struct hci_rp_read_voice_setting *rp = (void *) skb->data;
379 __u16 setting;
380
9f1db00c 381 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
a9de9248
MH		 382
383 if (rp->status)
384 return;
385
386 setting = __le16_to_cpu(rp->voice_setting);
387
f383f275 388 if (hdev->voice_setting == setting)
a9de9248
MH		 389 return;
390
391 hdev->voice_setting = setting;
392
9f1db00c 393 BT_DBG("%s voice setting 0x%4.4x", hdev->name, setting);
a9de9248 394
3c54711c 395 if (hdev->notify)
a9de9248 396 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
a9de9248
MH		 397}
398
8fc9ced3
GP		 399static void hci_cc_write_voice_setting(struct hci_dev *hdev,
400 struct sk_buff *skb)
a9de9248
MH		 401{
402 __u8 status = *((__u8 *) skb->data);
f383f275 403 __u16 setting;
a9de9248
MH		 404 void *sent;
405
9f1db00c 406 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1da177e4 407
f383f275
MH		 408 if (status)
409 return;
410
a9de9248
MH		 411 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_VOICE_SETTING);
412 if (!sent)
413 return;
1da177e4 414
f383f275 415 setting = get_unaligned_le16(sent);
1da177e4 416
f383f275
MH		 417 if (hdev->voice_setting == setting)
418 return;
419
420 hdev->voice_setting = setting;
1da177e4 421
9f1db00c 422 BT_DBG("%s voice setting 0x%4.4x", hdev->name, setting);
1da177e4 423
3c54711c 424 if (hdev->notify)
f383f275 425 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
1da177e4
LT		 426}
427
b4cb9fb2
MH		 428static void hci_cc_read_num_supported_iac(struct hci_dev *hdev,
429 struct sk_buff *skb)
430{
431 struct hci_rp_read_num_supported_iac *rp = (void *) skb->data;
432
433 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
434
435 if (rp->status)
436 return;
437
438 hdev->num_iac = rp->num_iac;
439
440 BT_DBG("%s num iac %d", hdev->name, hdev->num_iac);
441}
442
333140b5
MH		 443static void hci_cc_write_ssp_mode(struct hci_dev *hdev, struct sk_buff *skb)
444{
445 __u8 status = *((__u8 *) skb->data);
5ed8eb2f 446 struct hci_cp_write_ssp_mode *sent;
333140b5 447
9f1db00c 448 BT_DBG("%s status 0x%2.2x", hdev->name, status);
333140b5 449
333140b5
MH		 450 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SSP_MODE);
451 if (!sent)
452 return;
453
5ed8eb2f
JH		 454 if (!status) {
455 if (sent->mode)
cad718ed 456 hdev->features[1][0] |= LMP_HOST_SSP;
5ed8eb2f 457 else
cad718ed 458 hdev->features[1][0] &= ~LMP_HOST_SSP;
5ed8eb2f
JH		 459 }
460
ed2c4ee3 461 if (test_bit(HCI_MGMT, &hdev->dev_flags))
5ed8eb2f 462 mgmt_ssp_enable_complete(hdev, sent->mode, status);
c0ecddc2 463 else if (!status) {
5ed8eb2f 464 if (sent->mode)
c0ecddc2
JH		 465 set_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
466 else
467 clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
468 }
333140b5
MH		 469}
470
eac83dc6
MH		 471static void hci_cc_write_sc_support(struct hci_dev *hdev, struct sk_buff *skb)
472{
473 u8 status = *((u8 *) skb->data);
474 struct hci_cp_write_sc_support *sent;
475
476 BT_DBG("%s status 0x%2.2x", hdev->name, status);
477
478 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SC_SUPPORT);
479 if (!sent)
480 return;
481
482 if (!status) {
483 if (sent->support)
484 hdev->features[1][0] |= LMP_HOST_SC;
485 else
486 hdev->features[1][0] &= ~LMP_HOST_SC;
487 }
488
489 if (test_bit(HCI_MGMT, &hdev->dev_flags))
490 mgmt_sc_enable_complete(hdev, sent->support, status);
491 else if (!status) {
492 if (sent->support)
493 set_bit(HCI_SC_ENABLED, &hdev->dev_flags);
494 else
495 clear_bit(HCI_SC_ENABLED, &hdev->dev_flags);
496 }
497}
498
a9de9248
MH		 499static void hci_cc_read_local_version(struct hci_dev *hdev, struct sk_buff *skb)
500{
501 struct hci_rp_read_local_version *rp = (void *) skb->data;
1143e5a6 502
9f1db00c 503 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1143e5a6 504
a9de9248 505 if (rp->status)
42c6b129 506 return;
1143e5a6 507
0d5551f5
MH		 508 if (test_bit(HCI_SETUP, &hdev->dev_flags)) {
509 hdev->hci_ver = rp->hci_ver;
510 hdev->hci_rev = __le16_to_cpu(rp->hci_rev);
511 hdev->lmp_ver = rp->lmp_ver;
512 hdev->manufacturer = __le16_to_cpu(rp->manufacturer);
513 hdev->lmp_subver = __le16_to_cpu(rp->lmp_subver);
514 }
d5859e22
JH		 515}
516
8fc9ced3
GP		 517static void hci_cc_read_local_commands(struct hci_dev *hdev,
518 struct sk_buff *skb)
a9de9248
MH		 519{
520 struct hci_rp_read_local_commands *rp = (void *) skb->data;
1da177e4 521
9f1db00c 522 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1da177e4 523
6a070e6e
MH		 524 if (rp->status)
525 return;
526
527 if (test_bit(HCI_SETUP, &hdev->dev_flags))
2177bab5 528 memcpy(hdev->commands, rp->commands, sizeof(hdev->commands));
a9de9248 529}
1da177e4 530
8fc9ced3
GP		 531static void hci_cc_read_local_features(struct hci_dev *hdev,
532 struct sk_buff *skb)
a9de9248
MH		 533{
534 struct hci_rp_read_local_features *rp = (void *) skb->data;
5b7f9909 535
9f1db00c 536 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1da177e4 537
a9de9248
MH		 538 if (rp->status)
539 return;
5b7f9909 540
a9de9248 541 memcpy(hdev->features, rp->features, 8);
5b7f9909 542
a9de9248
MH		 543 /* Adjust default settings according to features
544 * supported by device. */
1da177e4 545
cad718ed 546 if (hdev->features[0][0] & LMP_3SLOT)
a9de9248 547 hdev->pkt_type |= (HCI_DM3 | HCI_DH3);
1da177e4 548
cad718ed 549 if (hdev->features[0][0] & LMP_5SLOT)
a9de9248 550 hdev->pkt_type |= (HCI_DM5 | HCI_DH5);
1da177e4 551
cad718ed 552 if (hdev->features[0][1] & LMP_HV2) {
a9de9248
MH		 553 hdev->pkt_type |= (HCI_HV2);
554 hdev->esco_type |= (ESCO_HV2);
555 }
1da177e4 556
cad718ed 557 if (hdev->features[0][1] & LMP_HV3) {
a9de9248
MH		 558 hdev->pkt_type |= (HCI_HV3);
559 hdev->esco_type |= (ESCO_HV3);
560 }
1da177e4 561
45db810f 562 if (lmp_esco_capable(hdev))
a9de9248 563 hdev->esco_type |= (ESCO_EV3);
da1f5198 564
cad718ed 565 if (hdev->features[0][4] & LMP_EV4)
a9de9248 566 hdev->esco_type |= (ESCO_EV4);
da1f5198 567
cad718ed 568 if (hdev->features[0][4] & LMP_EV5)
a9de9248 569 hdev->esco_type |= (ESCO_EV5);
1da177e4 570
cad718ed 571 if (hdev->features[0][5] & LMP_EDR_ESCO_2M)
efc7688b
MH		 572 hdev->esco_type |= (ESCO_2EV3);
573
cad718ed 574 if (hdev->features[0][5] & LMP_EDR_ESCO_3M)
efc7688b
MH		 575 hdev->esco_type |= (ESCO_3EV3);
576
cad718ed 577 if (hdev->features[0][5] & LMP_EDR_3S_ESCO)
efc7688b 578 hdev->esco_type |= (ESCO_2EV5 | ESCO_3EV5);
a9de9248 579}
1da177e4 580
971e3a4b 581static void hci_cc_read_local_ext_features(struct hci_dev *hdev,
807deac2 582 struct sk_buff *skb)
971e3a4b
AG		 583{
584 struct hci_rp_read_local_ext_features *rp = (void *) skb->data;
585
9f1db00c 586 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
971e3a4b
AG		 587
588 if (rp->status)
42c6b129 589 return;
971e3a4b 590
57af75a8
MH		 591 if (hdev->max_page < rp->max_page)
592 hdev->max_page = rp->max_page;
d2c5d77f 593
cad718ed
JH		 594 if (rp->page < HCI_MAX_PAGES)
595 memcpy(hdev->features[rp->page], rp->features, 8);
971e3a4b
AG		 596}
597
1e89cffb 598static void hci_cc_read_flow_control_mode(struct hci_dev *hdev,
807deac2 599 struct sk_buff *skb)
1e89cffb
AE		 600{
601 struct hci_rp_read_flow_control_mode *rp = (void *) skb->data;
602
9f1db00c 603 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1e89cffb 604
42c6b129
JH		 605 if (!rp->status)
606 hdev->flow_ctl_mode = rp->mode;
1e89cffb
AE		 607}
608
a9de9248
MH		 609static void hci_cc_read_buffer_size(struct hci_dev *hdev, struct sk_buff *skb)
610{
611 struct hci_rp_read_buffer_size *rp = (void *) skb->data;
1da177e4 612
9f1db00c 613 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1da177e4 614
a9de9248
MH		 615 if (rp->status)
616 return;
1da177e4 617
a9de9248
MH		 618 hdev->acl_mtu = __le16_to_cpu(rp->acl_mtu);
619 hdev->sco_mtu = rp->sco_mtu;
620 hdev->acl_pkts = __le16_to_cpu(rp->acl_max_pkt);
621 hdev->sco_pkts = __le16_to_cpu(rp->sco_max_pkt);
622
623 if (test_bit(HCI_QUIRK_FIXUP_BUFFER_SIZE, &hdev->quirks)) {
624 hdev->sco_mtu = 64;
625 hdev->sco_pkts = 8;
1da177e4 626 }
a9de9248
MH		 627
628 hdev->acl_cnt = hdev->acl_pkts;
629 hdev->sco_cnt = hdev->sco_pkts;
630
807deac2
GP		 631 BT_DBG("%s acl mtu %d:%d sco mtu %d:%d", hdev->name, hdev->acl_mtu,
632 hdev->acl_pkts, hdev->sco_mtu, hdev->sco_pkts);
a9de9248
MH		 633}
634
635static void hci_cc_read_bd_addr(struct hci_dev *hdev, struct sk_buff *skb)
636{
637 struct hci_rp_read_bd_addr *rp = (void *) skb->data;
638
9f1db00c 639 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
a9de9248
MH		 640
641 if (!rp->status)
642 bacpy(&hdev->bdaddr, &rp->bdaddr);
23bb5763
JH		 643}
644
f332ec66
JH		 645static void hci_cc_read_page_scan_activity(struct hci_dev *hdev,
646 struct sk_buff *skb)
647{
648 struct hci_rp_read_page_scan_activity *rp = (void *) skb->data;
649
650 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
651
652 if (test_bit(HCI_INIT, &hdev->flags) && !rp->status) {
653 hdev->page_scan_interval = __le16_to_cpu(rp->interval);
654 hdev->page_scan_window = __le16_to_cpu(rp->window);
655 }
656}
657
4a3ee763
JH		 658static void hci_cc_write_page_scan_activity(struct hci_dev *hdev,
659 struct sk_buff *skb)
660{
661 u8 status = *((u8 *) skb->data);
662 struct hci_cp_write_page_scan_activity *sent;
663
664 BT_DBG("%s status 0x%2.2x", hdev->name, status);
665
666 if (status)
667 return;
668
669 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY);
670 if (!sent)
671 return;
672
673 hdev->page_scan_interval = __le16_to_cpu(sent->interval);
674 hdev->page_scan_window = __le16_to_cpu(sent->window);
675}
676
f332ec66
JH		 677static void hci_cc_read_page_scan_type(struct hci_dev *hdev,
678 struct sk_buff *skb)
679{
680 struct hci_rp_read_page_scan_type *rp = (void *) skb->data;
681
682 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
683
684 if (test_bit(HCI_INIT, &hdev->flags) && !rp->status)
685 hdev->page_scan_type = rp->type;
686}
687
4a3ee763
JH		 688static void hci_cc_write_page_scan_type(struct hci_dev *hdev,
689 struct sk_buff *skb)
690{
691 u8 status = *((u8 *) skb->data);
692 u8 *type;
693
694 BT_DBG("%s status 0x%2.2x", hdev->name, status);
695
696 if (status)
697 return;
698
699 type = hci_sent_cmd_data(hdev, HCI_OP_WRITE_PAGE_SCAN_TYPE);
700 if (type)
701 hdev->page_scan_type = *type;
702}
703
350ee4cf 704static void hci_cc_read_data_block_size(struct hci_dev *hdev,
807deac2 705 struct sk_buff *skb)
350ee4cf
AE		 706{
707 struct hci_rp_read_data_block_size *rp = (void *) skb->data;
708
9f1db00c 709 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
350ee4cf
AE		 710
711 if (rp->status)
712 return;
713
714 hdev->block_mtu = __le16_to_cpu(rp->max_acl_len);
715 hdev->block_len = __le16_to_cpu(rp->block_len);
716 hdev->num_blocks = __le16_to_cpu(rp->num_blocks);
717
718 hdev->block_cnt = hdev->num_blocks;
719
720 BT_DBG("%s blk mtu %d cnt %d len %d", hdev->name, hdev->block_mtu,
807deac2 721 hdev->block_cnt, hdev->block_len);
350ee4cf
AE		 722}
723
33f35721
JH		 724static void hci_cc_read_clock(struct hci_dev *hdev, struct sk_buff *skb)
725{
726 struct hci_rp_read_clock *rp = (void *) skb->data;
727 struct hci_cp_read_clock *cp;
728 struct hci_conn *conn;
729
730 BT_DBG("%s", hdev->name);
731
732 if (skb->len < sizeof(*rp))
733 return;
734
735 if (rp->status)
736 return;
737
738 hci_dev_lock(hdev);
739
740 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_CLOCK);
741 if (!cp)
742 goto unlock;
743
744 if (cp->which == 0x00) {
745 hdev->clock = le32_to_cpu(rp->clock);
746 goto unlock;
747 }
748
749 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
750 if (conn) {
751 conn->clock = le32_to_cpu(rp->clock);
752 conn->clock_accuracy = le16_to_cpu(rp->accuracy);
753 }
754
755unlock:
756 hci_dev_unlock(hdev);
757}
758
928abaa7 759static void hci_cc_read_local_amp_info(struct hci_dev *hdev,
807deac2 760 struct sk_buff *skb)
928abaa7
AE		 761{
762 struct hci_rp_read_local_amp_info *rp = (void *) skb->data;
763
9f1db00c 764 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
928abaa7
AE		 765
766 if (rp->status)
8e2a0d92 767 goto a2mp_rsp;
928abaa7
AE		 768
769 hdev->amp_status = rp->amp_status;
770 hdev->amp_total_bw = __le32_to_cpu(rp->total_bw);
771 hdev->amp_max_bw = __le32_to_cpu(rp->max_bw);
772 hdev->amp_min_latency = __le32_to_cpu(rp->min_latency);
773 hdev->amp_max_pdu = __le32_to_cpu(rp->max_pdu);
774 hdev->amp_type = rp->amp_type;
775 hdev->amp_pal_cap = __le16_to_cpu(rp->pal_cap);
776 hdev->amp_assoc_size = __le16_to_cpu(rp->max_assoc_size);
777 hdev->amp_be_flush_to = __le32_to_cpu(rp->be_flush_to);
778 hdev->amp_max_flush_to = __le32_to_cpu(rp->max_flush_to);
779
8e2a0d92
AE		 780a2mp_rsp:
781 a2mp_send_getinfo_rsp(hdev);
928abaa7
AE		 782}
783
903e4541
AE		 784static void hci_cc_read_local_amp_assoc(struct hci_dev *hdev,
785 struct sk_buff *skb)
786{
787 struct hci_rp_read_local_amp_assoc *rp = (void *) skb->data;
788 struct amp_assoc *assoc = &hdev->loc_assoc;
789 size_t rem_len, frag_len;
790
791 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
792
793 if (rp->status)
794 goto a2mp_rsp;
795
796 frag_len = skb->len - sizeof(*rp);
797 rem_len = __le16_to_cpu(rp->rem_len);
798
799 if (rem_len > frag_len) {
2e430be3 800 BT_DBG("frag_len %zu rem_len %zu", frag_len, rem_len);
903e4541
AE		 801
802 memcpy(assoc->data + assoc->offset, rp->frag, frag_len);
803 assoc->offset += frag_len;
804
805 /* Read other fragments */
806 amp_read_loc_assoc_frag(hdev, rp->phy_handle);
807
808 return;
809 }
810
811 memcpy(assoc->data + assoc->offset, rp->frag, rem_len);
812 assoc->len = assoc->offset + rem_len;
813 assoc->offset = 0;
814
815a2mp_rsp:
816 /* Send A2MP Rsp when all fragments are received */
817 a2mp_send_getampassoc_rsp(hdev, rp->status);
9495b2ee 818 a2mp_send_create_phy_link_req(hdev, rp->status);
903e4541
AE		 819}
820
d5859e22 821static void hci_cc_read_inq_rsp_tx_power(struct hci_dev *hdev,
807deac2 822 struct sk_buff *skb)
d5859e22 823{
91c4e9b1 824 struct hci_rp_read_inq_rsp_tx_power *rp = (void *) skb->data;
d5859e22 825
9f1db00c 826 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
91c4e9b1
MH		 827
828 if (!rp->status)
829 hdev->inq_tx_power = rp->tx_power;
d5859e22
JH		 830}
831
980e1a53
JH		 832static void hci_cc_pin_code_reply(struct hci_dev *hdev, struct sk_buff *skb)
833{
834 struct hci_rp_pin_code_reply *rp = (void *) skb->data;
835 struct hci_cp_pin_code_reply *cp;
836 struct hci_conn *conn;
837
9f1db00c 838 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
980e1a53 839
56e5cb86
JH		 840 hci_dev_lock(hdev);
841
a8b2d5c2 842 if (test_bit(HCI_MGMT, &hdev->dev_flags))
744cf19e 843 mgmt_pin_code_reply_complete(hdev, &rp->bdaddr, rp->status);
980e1a53 844
fa1bd918 845 if (rp->status)
56e5cb86 846 goto unlock;
980e1a53
JH		 847
848 cp = hci_sent_cmd_data(hdev, HCI_OP_PIN_CODE_REPLY);
849 if (!cp)
56e5cb86 850 goto unlock;
980e1a53
JH		 851
852 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
853 if (conn)
854 conn->pin_length = cp->pin_len;
56e5cb86
JH		 855
856unlock:
857 hci_dev_unlock(hdev);
980e1a53
JH		 858}
859
860static void hci_cc_pin_code_neg_reply(struct hci_dev *hdev, struct sk_buff *skb)
861{
862 struct hci_rp_pin_code_neg_reply *rp = (void *) skb->data;
863
9f1db00c 864 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
980e1a53 865
56e5cb86
JH		 866 hci_dev_lock(hdev);
867
a8b2d5c2 868 if (test_bit(HCI_MGMT, &hdev->dev_flags))
744cf19e 869 mgmt_pin_code_neg_reply_complete(hdev, &rp->bdaddr,
807deac2 870 rp->status);
56e5cb86
JH		 871
872 hci_dev_unlock(hdev);
980e1a53 873}
56e5cb86 874
6ed58ec5
VT		 875static void hci_cc_le_read_buffer_size(struct hci_dev *hdev,
876 struct sk_buff *skb)
877{
878 struct hci_rp_le_read_buffer_size *rp = (void *) skb->data;
879
9f1db00c 880 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
6ed58ec5
VT		 881
882 if (rp->status)
883 return;
884
885 hdev->le_mtu = __le16_to_cpu(rp->le_mtu);
886 hdev->le_pkts = rp->le_max_pkt;
887
888 hdev->le_cnt = hdev->le_pkts;
889
890 BT_DBG("%s le mtu %d:%d", hdev->name, hdev->le_mtu, hdev->le_pkts);
6ed58ec5 891}
980e1a53 892
60e77321
JH		 893static void hci_cc_le_read_local_features(struct hci_dev *hdev,
894 struct sk_buff *skb)
895{
896 struct hci_rp_le_read_local_features *rp = (void *) skb->data;
897
898 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
899
900 if (!rp->status)
901 memcpy(hdev->le_features, rp->features, 8);
60e77321
JH		 902}
903
8fa19098
JH		 904static void hci_cc_le_read_adv_tx_power(struct hci_dev *hdev,
905 struct sk_buff *skb)
906{
907 struct hci_rp_le_read_adv_tx_power *rp = (void *) skb->data;
908
909 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
910
04b4edcb 911 if (!rp->status)
8fa19098 912 hdev->adv_tx_power = rp->tx_power;
8fa19098
JH		 913}
914
a5c29683
JH		 915static void hci_cc_user_confirm_reply(struct hci_dev *hdev, struct sk_buff *skb)
916{
917 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
918
9f1db00c 919 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
a5c29683 920
56e5cb86
JH		 921 hci_dev_lock(hdev);
922
a8b2d5c2 923 if (test_bit(HCI_MGMT, &hdev->dev_flags))
04124681
GP		 924 mgmt_user_confirm_reply_complete(hdev, &rp->bdaddr, ACL_LINK, 0,
925 rp->status);
56e5cb86
JH		 926
927 hci_dev_unlock(hdev);
a5c29683
JH		 928}
929
930static void hci_cc_user_confirm_neg_reply(struct hci_dev *hdev,
807deac2 931 struct sk_buff *skb)
a5c29683
JH		 932{
933 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
934
9f1db00c 935 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
a5c29683 936
56e5cb86
JH		 937 hci_dev_lock(hdev);
938
a8b2d5c2 939 if (test_bit(HCI_MGMT, &hdev->dev_flags))
744cf19e 940 mgmt_user_confirm_neg_reply_complete(hdev, &rp->bdaddr,
04124681 941 ACL_LINK, 0, rp->status);
56e5cb86
JH		 942
943 hci_dev_unlock(hdev);
a5c29683
JH		 944}
945
1143d458
BG		 946static void hci_cc_user_passkey_reply(struct hci_dev *hdev, struct sk_buff *skb)
947{
948 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
949
9f1db00c 950 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1143d458
BG		 951
952 hci_dev_lock(hdev);
953
a8b2d5c2 954 if (test_bit(HCI_MGMT, &hdev->dev_flags))
272d90df 955 mgmt_user_passkey_reply_complete(hdev, &rp->bdaddr, ACL_LINK,
04124681 956 0, rp->status);
1143d458
BG		 957
958 hci_dev_unlock(hdev);
959}
960
961static void hci_cc_user_passkey_neg_reply(struct hci_dev *hdev,
807deac2 962 struct sk_buff *skb)
1143d458
BG		 963{
964 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
965
9f1db00c 966 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1143d458
BG		 967
968 hci_dev_lock(hdev);
969
a8b2d5c2 970 if (test_bit(HCI_MGMT, &hdev->dev_flags))
1143d458 971 mgmt_user_passkey_neg_reply_complete(hdev, &rp->bdaddr,
04124681 972 ACL_LINK, 0, rp->status);
1143d458
BG		 973
974 hci_dev_unlock(hdev);
975}
976
4d2d2796
MH		 977static void hci_cc_read_local_oob_data(struct hci_dev *hdev,
978 struct sk_buff *skb)
c35938b2
SJ		 979{
980 struct hci_rp_read_local_oob_data *rp = (void *) skb->data;
981
9f1db00c 982 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
c35938b2 983
56e5cb86 984 hci_dev_lock(hdev);
4d2d2796
MH		 985 mgmt_read_local_oob_data_complete(hdev, rp->hash, rp->randomizer,
986 NULL, NULL, rp->status);
987 hci_dev_unlock(hdev);
988}
989
990static void hci_cc_read_local_oob_ext_data(struct hci_dev *hdev,
991 struct sk_buff *skb)
992{
993 struct hci_rp_read_local_oob_ext_data *rp = (void *) skb->data;
994
995 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
996
997 hci_dev_lock(hdev);
998 mgmt_read_local_oob_data_complete(hdev, rp->hash192, rp->randomizer192,
999 rp->hash256, rp->randomizer256,
1000 rp->status);
56e5cb86 1001 hci_dev_unlock(hdev);
c35938b2
SJ		 1002}
1003
7a4cd51d
MH		 1004
1005static void hci_cc_le_set_random_addr(struct hci_dev *hdev, struct sk_buff *skb)
1006{
1007 __u8 status = *((__u8 *) skb->data);
1008 bdaddr_t *sent;
1009
1010 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1011
1012 sent = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_RANDOM_ADDR);
1013 if (!sent)
1014 return;
1015
1016 hci_dev_lock(hdev);
1017
1018 if (!status)
1019 bacpy(&hdev->random_addr, sent);
1020
1021 hci_dev_unlock(hdev);
1022}
1023
c1d5dc4a
JH		 1024static void hci_cc_le_set_adv_enable(struct hci_dev *hdev, struct sk_buff *skb)
1025{
1026 __u8 *sent, status = *((__u8 *) skb->data);
1027
1028 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1029
1030 sent = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_ADV_ENABLE);
1031 if (!sent)
1032 return;
1033
3c857757
JH		 1034 if (status)
1035 return;
1036
c1d5dc4a
JH		 1037 hci_dev_lock(hdev);
1038
3c857757
JH		 1039 /* If we're doing connection initation as peripheral. Set a
1040 * timeout in case something goes wrong.
1041 */
1042 if (*sent) {
1043 struct hci_conn *conn;
1044
1045 conn = hci_conn_hash_lookup_state(hdev, LE_LINK, BT_CONNECT);
1046 if (conn)
1047 queue_delayed_work(hdev->workqueue,
1048 &conn->le_conn_timeout,
1049 HCI_LE_CONN_TIMEOUT);
1050 }
1051
1052 mgmt_advertising(hdev, *sent);
c1d5dc4a 1053
04b4edcb 1054 hci_dev_unlock(hdev);
c1d5dc4a
JH		 1055}
1056
533553f8
MH		 1057static void hci_cc_le_set_scan_param(struct hci_dev *hdev, struct sk_buff *skb)
1058{
1059 struct hci_cp_le_set_scan_param *cp;
1060 __u8 status = *((__u8 *) skb->data);
1061
1062 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1063
1064 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_SCAN_PARAM);
1065 if (!cp)
1066 return;
1067
1068 hci_dev_lock(hdev);
1069
1070 if (!status)
1071 hdev->le_scan_type = cp->type;
1072
1073 hci_dev_unlock(hdev);
1074}
1075
b9a6328f
JH		 1076static bool has_pending_adv_report(struct hci_dev *hdev)
1077{
1078 struct discovery_state *d = &hdev->discovery;
1079
1080 return bacmp(&d->last_adv_addr, BDADDR_ANY);
1081}
1082
1083static void clear_pending_adv_report(struct hci_dev *hdev)
1084{
1085 struct discovery_state *d = &hdev->discovery;
1086
1087 bacpy(&d->last_adv_addr, BDADDR_ANY);
1088 d->last_adv_data_len = 0;
1089}
1090
1091static void store_pending_adv_report(struct hci_dev *hdev, bdaddr_t *bdaddr,
ff5cd29f 1092 u8 bdaddr_type, s8 rssi, u8 *data, u8 len)
b9a6328f
JH		 1093{
1094 struct discovery_state *d = &hdev->discovery;
1095
1096 bacpy(&d->last_adv_addr, bdaddr);
1097 d->last_adv_addr_type = bdaddr_type;
ff5cd29f 1098 d->last_adv_rssi = rssi;
b9a6328f
JH		 1099 memcpy(d->last_adv_data, data, len);
1100 d->last_adv_data_len = len;
1101}
1102
eb9d91f5 1103static void hci_cc_le_set_scan_enable(struct hci_dev *hdev,
807deac2 1104 struct sk_buff *skb)
eb9d91f5
AG		 1105{
1106 struct hci_cp_le_set_scan_enable *cp;
1107 __u8 status = *((__u8 *) skb->data);
1108
9f1db00c 1109 BT_DBG("%s status 0x%2.2x", hdev->name, status);
eb9d91f5 1110
eb9d91f5
AG		 1111 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_SCAN_ENABLE);
1112 if (!cp)
1113 return;
1114
3fd319b8
AG		 1115 if (status)
1116 return;
1117
68a8aea4 1118 switch (cp->enable) {
76a388be 1119 case LE_SCAN_ENABLE:
d23264a8 1120 set_bit(HCI_LE_SCAN, &hdev->dev_flags);
b9a6328f
JH		 1121 if (hdev->le_scan_type == LE_SCAN_ACTIVE)
1122 clear_pending_adv_report(hdev);
68a8aea4
AE		 1123 break;
1124
76a388be 1125 case LE_SCAN_DISABLE:
b9a6328f
JH		 1126 /* We do this here instead of when setting DISCOVERY_STOPPED
1127 * since the latter would potentially require waiting for
1128 * inquiry to stop too.
1129 */
1130 if (has_pending_adv_report(hdev)) {
1131 struct discovery_state *d = &hdev->discovery;
1132
1133 mgmt_device_found(hdev, &d->last_adv_addr, LE_LINK,
ab0aa433
JH		 1134 d->last_adv_addr_type, NULL,
1135 d->last_adv_rssi, 0, 1,
1136 d->last_adv_data,
b9a6328f
JH		 1137 d->last_adv_data_len, NULL, 0);
1138 }
1139
317ac8cb
JH		 1140 /* Cancel this timer so that we don't try to disable scanning
1141 * when it's already disabled.
1142 */
1143 cancel_delayed_work(&hdev->le_scan_disable);
1144
d23264a8 1145 clear_bit(HCI_LE_SCAN, &hdev->dev_flags);
81ad6fd9
JH		 1146 /* The HCI_LE_SCAN_INTERRUPTED flag indicates that we
1147 * interrupted scanning due to a connect request. Mark
1148 * therefore discovery as stopped.
1149 */
1150 if (test_and_clear_bit(HCI_LE_SCAN_INTERRUPTED,
1151 &hdev->dev_flags))
1152 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
68a8aea4
AE		 1153 break;
1154
1155 default:
1156 BT_ERR("Used reserved LE_Scan_Enable param %d", cp->enable);
1157 break;
35815085 1158 }
eb9d91f5
AG		 1159}
1160
cf1d081f
JH		 1161static void hci_cc_le_read_white_list_size(struct hci_dev *hdev,
1162 struct sk_buff *skb)
1163{
1164 struct hci_rp_le_read_white_list_size *rp = (void *) skb->data;
1165
1166 BT_DBG("%s status 0x%2.2x size %u", hdev->name, rp->status, rp->size);
1167
1168 if (!rp->status)
1169 hdev->le_white_list_size = rp->size;
cf1d081f
JH		 1170}
1171
0f36b589
MH		 1172static void hci_cc_le_clear_white_list(struct hci_dev *hdev,
1173 struct sk_buff *skb)
1174{
1175 __u8 status = *((__u8 *) skb->data);
1176
1177 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1178
1179 if (!status)
1180 hci_white_list_clear(hdev);
1181}
1182
1183static void hci_cc_le_add_to_white_list(struct hci_dev *hdev,
1184 struct sk_buff *skb)
1185{
1186 struct hci_cp_le_add_to_white_list *sent;
1187 __u8 status = *((__u8 *) skb->data);
1188
1189 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1190
1191 sent = hci_sent_cmd_data(hdev, HCI_OP_LE_ADD_TO_WHITE_LIST);
1192 if (!sent)
1193 return;
1194
1195 if (!status)
1196 hci_white_list_add(hdev, &sent->bdaddr, sent->bdaddr_type);
1197}
1198
1199static void hci_cc_le_del_from_white_list(struct hci_dev *hdev,
1200 struct sk_buff *skb)
1201{
1202 struct hci_cp_le_del_from_white_list *sent;
1203 __u8 status = *((__u8 *) skb->data);
1204
1205 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1206
1207 sent = hci_sent_cmd_data(hdev, HCI_OP_LE_DEL_FROM_WHITE_LIST);
1208 if (!sent)
1209 return;
1210
1211 if (!status)
1212 hci_white_list_del(hdev, &sent->bdaddr, sent->bdaddr_type);
1213}
1214
9b008c04
JH		 1215static void hci_cc_le_read_supported_states(struct hci_dev *hdev,
1216 struct sk_buff *skb)
1217{
1218 struct hci_rp_le_read_supported_states *rp = (void *) skb->data;
1219
1220 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1221
1222 if (!rp->status)
1223 memcpy(hdev->le_states, rp->le_states, 8);
9b008c04
JH		 1224}
1225
6039aa73
GP		 1226static void hci_cc_write_le_host_supported(struct hci_dev *hdev,
1227 struct sk_buff *skb)
f9b49306 1228{
06199cf8 1229 struct hci_cp_write_le_host_supported *sent;
f9b49306
AG		 1230 __u8 status = *((__u8 *) skb->data);
1231
9f1db00c 1232 BT_DBG("%s status 0x%2.2x", hdev->name, status);
f9b49306 1233
06199cf8 1234 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED);
8f984dfa 1235 if (!sent)
f9b49306
AG		 1236 return;
1237
8f984dfa 1238 if (!status) {
416a4ae5 1239 if (sent->le) {
cad718ed 1240 hdev->features[1][0] |= LMP_HOST_LE;
416a4ae5
JH		 1241 set_bit(HCI_LE_ENABLED, &hdev->dev_flags);
1242 } else {
cad718ed 1243 hdev->features[1][0] &= ~LMP_HOST_LE;
416a4ae5 1244 clear_bit(HCI_LE_ENABLED, &hdev->dev_flags);
f3d3444a 1245 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
416a4ae5 1246 }
53b2caab
JH		 1247
1248 if (sent->simul)
cad718ed 1249 hdev->features[1][0] |= LMP_HOST_LE_BREDR;
53b2caab 1250 else
cad718ed 1251 hdev->features[1][0] &= ~LMP_HOST_LE_BREDR;
8f984dfa 1252 }
f9b49306
AG		 1253}
1254
56ed2cb8
JH		 1255static void hci_cc_set_adv_param(struct hci_dev *hdev, struct sk_buff *skb)
1256{
1257 struct hci_cp_le_set_adv_param *cp;
1258 u8 status = *((u8 *) skb->data);
1259
1260 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1261
1262 if (status)
1263 return;
1264
1265 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_ADV_PARAM);
1266 if (!cp)
1267 return;
1268
1269 hci_dev_lock(hdev);
1270 hdev->adv_addr_type = cp->own_address_type;
1271 hci_dev_unlock(hdev);
1272}
1273
93c284ee
AE		 1274static void hci_cc_write_remote_amp_assoc(struct hci_dev *hdev,
1275 struct sk_buff *skb)
1276{
1277 struct hci_rp_write_remote_amp_assoc *rp = (void *) skb->data;
1278
1279 BT_DBG("%s status 0x%2.2x phy_handle 0x%2.2x",
1280 hdev->name, rp->status, rp->phy_handle);
1281
1282 if (rp->status)
1283 return;
1284
1285 amp_write_rem_assoc_continue(hdev, rp->phy_handle);
1286}
1287
5ae76a94
AK		 1288static void hci_cc_read_rssi(struct hci_dev *hdev, struct sk_buff *skb)
1289{
1290 struct hci_rp_read_rssi *rp = (void *) skb->data;
1291 struct hci_conn *conn;
1292
1293 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1294
1295 if (rp->status)
1296 return;
1297
1298 hci_dev_lock(hdev);
1299
1300 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
1301 if (conn)
1302 conn->rssi = rp->rssi;
1303
1304 hci_dev_unlock(hdev);
1305}
1306
5a134fae
AK		 1307static void hci_cc_read_tx_power(struct hci_dev *hdev, struct sk_buff *skb)
1308{
1309 struct hci_cp_read_tx_power *sent;
1310 struct hci_rp_read_tx_power *rp = (void *) skb->data;
1311 struct hci_conn *conn;
1312
1313 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1314
1315 if (rp->status)
1316 return;
1317
1318 sent = hci_sent_cmd_data(hdev, HCI_OP_READ_TX_POWER);
1319 if (!sent)
1320 return;
1321
1322 hci_dev_lock(hdev);
1323
1324 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
d0455ed9
AK		 1325 if (!conn)
1326 goto unlock;
1327
1328 switch (sent->type) {
1329 case 0x00:
5a134fae 1330 conn->tx_power = rp->tx_power;
d0455ed9
AK		 1331 break;
1332 case 0x01:
1333 conn->max_tx_power = rp->tx_power;
1334 break;
1335 }
5a134fae 1336
d0455ed9 1337unlock:
5a134fae
AK		 1338 hci_dev_unlock(hdev);
1339}
1340
6039aa73 1341static void hci_cs_inquiry(struct hci_dev *hdev, __u8 status)
a9de9248 1342{
9f1db00c 1343 BT_DBG("%s status 0x%2.2x", hdev->name, status);
a9de9248
MH		 1344
1345 if (status) {
a9de9248 1346 hci_conn_check_pending(hdev);
314b2381
JH		 1347 return;
1348 }
1349
89352e7d 1350 set_bit(HCI_INQUIRY, &hdev->flags);
1da177e4
LT		 1351}
1352
6039aa73 1353static void hci_cs_create_conn(struct hci_dev *hdev, __u8 status)
1da177e4 1354{
a9de9248 1355 struct hci_cp_create_conn *cp;
1da177e4 1356 struct hci_conn *conn;
1da177e4 1357
9f1db00c 1358 BT_DBG("%s status 0x%2.2x", hdev->name, status);
a9de9248
MH		 1359
1360 cp = hci_sent_cmd_data(hdev, HCI_OP_CREATE_CONN);
1da177e4
LT		 1361 if (!cp)
1362 return;
1363
1364 hci_dev_lock(hdev);
1365
1366 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1367
6ed93dc6 1368 BT_DBG("%s bdaddr %pMR hcon %p", hdev->name, &cp->bdaddr, conn);
1da177e4
LT		 1369
1370 if (status) {
1371 if (conn && conn->state == BT_CONNECT) {
4c67bc74
MH		 1372 if (status != 0x0c || conn->attempt > 2) {
1373 conn->state = BT_CLOSED;
1374 hci_proto_connect_cfm(conn, status);
1375 hci_conn_del(conn);
1376 } else
1377 conn->state = BT_CONNECT2;
1da177e4
LT		 1378 }
1379 } else {
1380 if (!conn) {
1381 conn = hci_conn_add(hdev, ACL_LINK, &cp->bdaddr);
1382 if (conn) {
a0c808b3 1383 conn->out = true;
4dae2798 1384 set_bit(HCI_CONN_MASTER, &conn->flags);
1da177e4 1385 } else
893ef971 1386 BT_ERR("No memory for new connection");
1da177e4
LT		 1387 }
1388 }
1389
1390 hci_dev_unlock(hdev);
1391}
1392
a9de9248 1393static void hci_cs_add_sco(struct hci_dev *hdev, __u8 status)
1da177e4 1394{
a9de9248
MH		 1395 struct hci_cp_add_sco *cp;
1396 struct hci_conn *acl, *sco;
1397 __u16 handle;
1da177e4 1398
9f1db00c 1399 BT_DBG("%s status 0x%2.2x", hdev->name, status);
b6a0dc82 1400
a9de9248
MH		 1401 if (!status)
1402 return;
1da177e4 1403
a9de9248
MH		 1404 cp = hci_sent_cmd_data(hdev, HCI_OP_ADD_SCO);
1405 if (!cp)
1406 return;
1da177e4 1407
a9de9248 1408 handle = __le16_to_cpu(cp->handle);
1da177e4 1409
9f1db00c 1410 BT_DBG("%s handle 0x%4.4x", hdev->name, handle);
1da177e4 1411
a9de9248 1412 hci_dev_lock(hdev);
1da177e4 1413
a9de9248 1414 acl = hci_conn_hash_lookup_handle(hdev, handle);
5a08ecce
AE		 1415 if (acl) {
1416 sco = acl->link;
1417 if (sco) {
1418 sco->state = BT_CLOSED;
1da177e4 1419
5a08ecce
AE		 1420 hci_proto_connect_cfm(sco, status);
1421 hci_conn_del(sco);
1422 }
a9de9248 1423 }
1da177e4 1424
a9de9248
MH		 1425 hci_dev_unlock(hdev);
1426}
1da177e4 1427
f8558555
MH		 1428static void hci_cs_auth_requested(struct hci_dev *hdev, __u8 status)
1429{
1430 struct hci_cp_auth_requested *cp;
1431 struct hci_conn *conn;
1432
9f1db00c 1433 BT_DBG("%s status 0x%2.2x", hdev->name, status);
f8558555
MH		 1434
1435 if (!status)
1436 return;
1437
1438 cp = hci_sent_cmd_data(hdev, HCI_OP_AUTH_REQUESTED);
1439 if (!cp)
1440 return;
1441
1442 hci_dev_lock(hdev);
1443
1444 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1445 if (conn) {
1446 if (conn->state == BT_CONFIG) {
1447 hci_proto_connect_cfm(conn, status);
76a68ba0 1448 hci_conn_drop(conn);
f8558555
MH		 1449 }
1450 }
1451
1452 hci_dev_unlock(hdev);
1453}
1454
1455static void hci_cs_set_conn_encrypt(struct hci_dev *hdev, __u8 status)
1456{
1457 struct hci_cp_set_conn_encrypt *cp;
1458 struct hci_conn *conn;
1459
9f1db00c 1460 BT_DBG("%s status 0x%2.2x", hdev->name, status);
f8558555
MH		 1461
1462 if (!status)
1463 return;
1464
1465 cp = hci_sent_cmd_data(hdev, HCI_OP_SET_CONN_ENCRYPT);
1466 if (!cp)
1467 return;
1468
1469 hci_dev_lock(hdev);
1470
1471 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1472 if (conn) {
1473 if (conn->state == BT_CONFIG) {
1474 hci_proto_connect_cfm(conn, status);
76a68ba0 1475 hci_conn_drop(conn);
f8558555
MH		 1476 }
1477 }
1478
1479 hci_dev_unlock(hdev);
1480}
1481
127178d2 1482static int hci_outgoing_auth_needed(struct hci_dev *hdev,
807deac2 1483 struct hci_conn *conn)
392599b9 1484{
392599b9
JH		 1485 if (conn->state != BT_CONFIG || !conn->out)
1486 return 0;
1487
765c2a96 1488 if (conn->pending_sec_level == BT_SECURITY_SDP)
392599b9
JH		 1489 return 0;
1490
1491 /* Only request authentication for SSP connections or non-SSP
264b8b4e
JH		 1492 * devices with sec_level MEDIUM or HIGH or if MITM protection
1493 * is requested.
1494 */
807deac2 1495 if (!hci_conn_ssp_enabled(conn) && !(conn->auth_type & 0x01) &&
7e3691e1 1496 conn->pending_sec_level != BT_SECURITY_FIPS &&
264b8b4e
JH		 1497 conn->pending_sec_level != BT_SECURITY_HIGH &&
1498 conn->pending_sec_level != BT_SECURITY_MEDIUM)
392599b9
JH		 1499 return 0;
1500
392599b9
JH		 1501 return 1;
1502}
1503
6039aa73 1504static int hci_resolve_name(struct hci_dev *hdev,
04124681 1505 struct inquiry_entry *e)
30dc78e1
JH		 1506{
1507 struct hci_cp_remote_name_req cp;
1508
1509 memset(&cp, 0, sizeof(cp));
1510
1511 bacpy(&cp.bdaddr, &e->data.bdaddr);
1512 cp.pscan_rep_mode = e->data.pscan_rep_mode;
1513 cp.pscan_mode = e->data.pscan_mode;
1514 cp.clock_offset = e->data.clock_offset;
1515
1516 return hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
1517}
1518
b644ba33 1519static bool hci_resolve_next_name(struct hci_dev *hdev)
30dc78e1
JH		 1520{
1521 struct discovery_state *discov = &hdev->discovery;
1522 struct inquiry_entry *e;
1523
b644ba33
JH		 1524 if (list_empty(&discov->resolve))
1525 return false;
1526
1527 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_NEEDED);
c810089c
RM		 1528 if (!e)
1529 return false;
1530
b644ba33
JH		 1531 if (hci_resolve_name(hdev, e) == 0) {
1532 e->name_state = NAME_PENDING;
1533 return true;
1534 }
1535
1536 return false;
1537}
1538
1539static void hci_check_pending_name(struct hci_dev *hdev, struct hci_conn *conn,
04124681 1540 bdaddr_t *bdaddr, u8 *name, u8 name_len)
b644ba33
JH		 1541{
1542 struct discovery_state *discov = &hdev->discovery;
1543 struct inquiry_entry *e;
1544
1545 if (conn && !test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
04124681
GP		 1546 mgmt_device_connected(hdev, bdaddr, ACL_LINK, 0x00, 0, name,
1547 name_len, conn->dev_class);
b644ba33
JH		 1548
1549 if (discov->state == DISCOVERY_STOPPED)
1550 return;
1551
30dc78e1
JH		 1552 if (discov->state == DISCOVERY_STOPPING)
1553 goto discov_complete;
1554
1555 if (discov->state != DISCOVERY_RESOLVING)
1556 return;
1557
1558 e = hci_inquiry_cache_lookup_resolve(hdev, bdaddr, NAME_PENDING);
7cc8380e
RM		 1559 /* If the device was not found in a list of found devices names of which
1560 * are pending. there is no need to continue resolving a next name as it
1561 * will be done upon receiving another Remote Name Request Complete
1562 * Event */
1563 if (!e)
1564 return;
1565
1566 list_del(&e->list);
1567 if (name) {
30dc78e1 1568 e->name_state = NAME_KNOWN;
7cc8380e
RM		 1569 mgmt_remote_name(hdev, bdaddr, ACL_LINK, 0x00,
1570 e->data.rssi, name, name_len);
c3e7c0d9
RM		 1571 } else {
1572 e->name_state = NAME_NOT_KNOWN;
30dc78e1
JH		 1573 }
1574
b644ba33 1575 if (hci_resolve_next_name(hdev))
30dc78e1 1576 return;
30dc78e1
JH		 1577
1578discov_complete:
1579 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1580}
1581
a9de9248
MH		 1582static void hci_cs_remote_name_req(struct hci_dev *hdev, __u8 status)
1583{
127178d2
JH		 1584 struct hci_cp_remote_name_req *cp;
1585 struct hci_conn *conn;
1586
9f1db00c 1587 BT_DBG("%s status 0x%2.2x", hdev->name, status);
127178d2
JH		 1588
1589 /* If successful wait for the name req complete event before
1590 * checking for the need to do authentication */
1591 if (!status)
1592 return;
1593
1594 cp = hci_sent_cmd_data(hdev, HCI_OP_REMOTE_NAME_REQ);
1595 if (!cp)
1596 return;
1597
1598 hci_dev_lock(hdev);
1599
b644ba33
JH		 1600 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1601
a8b2d5c2 1602 if (test_bit(HCI_MGMT, &hdev->dev_flags))
b644ba33 1603 hci_check_pending_name(hdev, conn, &cp->bdaddr, NULL, 0);
30dc78e1 1604
79c6c70c
JH		 1605 if (!conn)
1606 goto unlock;
1607
1608 if (!hci_outgoing_auth_needed(hdev, conn))
1609 goto unlock;
1610
51a8efd7 1611 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
c1f23a2b
JB		 1612 struct hci_cp_auth_requested auth_cp;
1613
1614 auth_cp.handle = __cpu_to_le16(conn->handle);
1615 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED,
1616 sizeof(auth_cp), &auth_cp);
127178d2
JH		 1617 }
1618
79c6c70c 1619unlock:
127178d2 1620 hci_dev_unlock(hdev);
a9de9248 1621}
1da177e4 1622
769be974
MH		 1623static void hci_cs_read_remote_features(struct hci_dev *hdev, __u8 status)
1624{
1625 struct hci_cp_read_remote_features *cp;
1626 struct hci_conn *conn;
1627
9f1db00c 1628 BT_DBG("%s status 0x%2.2x", hdev->name, status);
769be974
MH		 1629
1630 if (!status)
1631 return;
1632
1633 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_FEATURES);
1634 if (!cp)
1635 return;
1636
1637 hci_dev_lock(hdev);
1638
1639 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1640 if (conn) {
1641 if (conn->state == BT_CONFIG) {
769be974 1642 hci_proto_connect_cfm(conn, status);
76a68ba0 1643 hci_conn_drop(conn);
769be974
MH		 1644 }
1645 }
1646
1647 hci_dev_unlock(hdev);
1648}
1649
1650static void hci_cs_read_remote_ext_features(struct hci_dev *hdev, __u8 status)
1651{
1652 struct hci_cp_read_remote_ext_features *cp;
1653 struct hci_conn *conn;
1654
9f1db00c 1655 BT_DBG("%s status 0x%2.2x", hdev->name, status);
769be974
MH		 1656
1657 if (!status)
1658 return;
1659
1660 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES);
1661 if (!cp)
1662 return;
1663
1664 hci_dev_lock(hdev);
1665
1666 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1667 if (conn) {
1668 if (conn->state == BT_CONFIG) {
769be974 1669 hci_proto_connect_cfm(conn, status);
76a68ba0 1670 hci_conn_drop(conn);
769be974
MH		 1671 }
1672 }
1673
1674 hci_dev_unlock(hdev);
1675}
1676
a9de9248
MH		 1677static void hci_cs_setup_sync_conn(struct hci_dev *hdev, __u8 status)
1678{
b6a0dc82
MH		 1679 struct hci_cp_setup_sync_conn *cp;
1680 struct hci_conn *acl, *sco;
1681 __u16 handle;
1682
9f1db00c 1683 BT_DBG("%s status 0x%2.2x", hdev->name, status);
b6a0dc82
MH		 1684
1685 if (!status)
1686 return;
1687
1688 cp = hci_sent_cmd_data(hdev, HCI_OP_SETUP_SYNC_CONN);
1689 if (!cp)
1690 return;
1691
1692 handle = __le16_to_cpu(cp->handle);
1693
9f1db00c 1694 BT_DBG("%s handle 0x%4.4x", hdev->name, handle);
b6a0dc82
MH		 1695
1696 hci_dev_lock(hdev);
1697
1698 acl = hci_conn_hash_lookup_handle(hdev, handle);
5a08ecce
AE		 1699 if (acl) {
1700 sco = acl->link;
1701 if (sco) {
1702 sco->state = BT_CLOSED;
b6a0dc82 1703
5a08ecce
AE		 1704 hci_proto_connect_cfm(sco, status);
1705 hci_conn_del(sco);
1706 }
b6a0dc82
MH		 1707 }
1708
1709 hci_dev_unlock(hdev);
1da177e4
LT		 1710}
1711
a9de9248 1712static void hci_cs_sniff_mode(struct hci_dev *hdev, __u8 status)
1da177e4 1713{
a9de9248
MH		 1714 struct hci_cp_sniff_mode *cp;
1715 struct hci_conn *conn;
1da177e4 1716
9f1db00c 1717 BT_DBG("%s status 0x%2.2x", hdev->name, status);
04837f64 1718
a9de9248
MH		 1719 if (!status)
1720 return;
04837f64 1721
a9de9248
MH		 1722 cp = hci_sent_cmd_data(hdev, HCI_OP_SNIFF_MODE);
1723 if (!cp)
1724 return;
04837f64 1725
a9de9248 1726 hci_dev_lock(hdev);
04837f64 1727
a9de9248 1728 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
e73439d8 1729 if (conn) {
51a8efd7 1730 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags);
04837f64 1731
51a8efd7 1732 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
e73439d8
MH		 1733 hci_sco_setup(conn, status);
1734 }
1735
a9de9248
MH		 1736 hci_dev_unlock(hdev);
1737}
04837f64 1738
a9de9248
MH		 1739static void hci_cs_exit_sniff_mode(struct hci_dev *hdev, __u8 status)
1740{
1741 struct hci_cp_exit_sniff_mode *cp;
1742 struct hci_conn *conn;
04837f64 1743
9f1db00c 1744 BT_DBG("%s status 0x%2.2x", hdev->name, status);
04837f64 1745
a9de9248
MH		 1746 if (!status)
1747 return;
04837f64 1748
a9de9248
MH		 1749 cp = hci_sent_cmd_data(hdev, HCI_OP_EXIT_SNIFF_MODE);
1750 if (!cp)
1751 return;
04837f64 1752
a9de9248 1753 hci_dev_lock(hdev);
1da177e4 1754
a9de9248 1755 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
e73439d8 1756 if (conn) {
51a8efd7 1757 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags);
1da177e4 1758
51a8efd7 1759 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
e73439d8
MH		 1760 hci_sco_setup(conn, status);
1761 }
1762
a9de9248 1763 hci_dev_unlock(hdev);
1da177e4
LT		 1764}
1765
88c3df13
JH		 1766static void hci_cs_disconnect(struct hci_dev *hdev, u8 status)
1767{
1768 struct hci_cp_disconnect *cp;
1769 struct hci_conn *conn;
1770
1771 if (!status)
1772 return;
1773
1774 cp = hci_sent_cmd_data(hdev, HCI_OP_DISCONNECT);
1775 if (!cp)
1776 return;
1777
1778 hci_dev_lock(hdev);
1779
1780 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1781 if (conn)
1782 mgmt_disconnect_failed(hdev, &conn->dst, conn->type,
04124681 1783 conn->dst_type, status);
88c3df13
JH		 1784
1785 hci_dev_unlock(hdev);
1786}
1787
a02226d6
AE		 1788static void hci_cs_create_phylink(struct hci_dev *hdev, u8 status)
1789{
93c284ee
AE		 1790 struct hci_cp_create_phy_link *cp;
1791
a02226d6 1792 BT_DBG("%s status 0x%2.2x", hdev->name, status);
93c284ee 1793
93c284ee
AE		 1794 cp = hci_sent_cmd_data(hdev, HCI_OP_CREATE_PHY_LINK);
1795 if (!cp)
1796 return;
1797
e58917b9
AE		 1798 hci_dev_lock(hdev);
1799
1800 if (status) {
1801 struct hci_conn *hcon;
1802
1803 hcon = hci_conn_hash_lookup_handle(hdev, cp->phy_handle);
1804 if (hcon)
1805 hci_conn_del(hcon);
1806 } else {
1807 amp_write_remote_assoc(hdev, cp->phy_handle);
1808 }
1809
1810 hci_dev_unlock(hdev);
a02226d6
AE		 1811}
1812
0b26ab9d
AE		 1813static void hci_cs_accept_phylink(struct hci_dev *hdev, u8 status)
1814{
1815 struct hci_cp_accept_phy_link *cp;
1816
1817 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1818
1819 if (status)
1820 return;
1821
1822 cp = hci_sent_cmd_data(hdev, HCI_OP_ACCEPT_PHY_LINK);
1823 if (!cp)
1824 return;
1825
1826 amp_write_remote_assoc(hdev, cp->phy_handle);
1827}
1828
cb1d68f7
JH		 1829static void hci_cs_le_create_conn(struct hci_dev *hdev, u8 status)
1830{
1831 struct hci_cp_le_create_conn *cp;
1832 struct hci_conn *conn;
1833
1834 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1835
1836 /* All connection failure handling is taken care of by the
1837 * hci_le_conn_failed function which is triggered by the HCI
1838 * request completion callbacks used for connecting.
1839 */
1840 if (status)
1841 return;
1842
1843 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_CREATE_CONN);
1844 if (!cp)
1845 return;
1846
1847 hci_dev_lock(hdev);
1848
1849 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->peer_addr);
1850 if (!conn)
1851 goto unlock;
1852
1853 /* Store the initiator and responder address information which
1854 * is needed for SMP. These values will not change during the
1855 * lifetime of the connection.
1856 */
1857 conn->init_addr_type = cp->own_address_type;
1858 if (cp->own_address_type == ADDR_LE_DEV_RANDOM)
1859 bacpy(&conn->init_addr, &hdev->random_addr);
1860 else
1861 bacpy(&conn->init_addr, &hdev->bdaddr);
1862
1863 conn->resp_addr_type = cp->peer_addr_type;
1864 bacpy(&conn->resp_addr, &cp->peer_addr);
1865
9489eca4
JH		 1866 /* We don't want the connection attempt to stick around
1867 * indefinitely since LE doesn't have a page timeout concept
1868 * like BR/EDR. Set a timer for any connection that doesn't use
1869 * the white list for connecting.
1870 */
1871 if (cp->filter_policy == HCI_LE_USE_PEER_ADDR)
1872 queue_delayed_work(conn->hdev->workqueue,
1873 &conn->le_conn_timeout,
1874 HCI_LE_CONN_TIMEOUT);
1875
cb1d68f7
JH		 1876unlock:
1877 hci_dev_unlock(hdev);
1878}
1879
81d0c8ad
JH		 1880static void hci_cs_le_start_enc(struct hci_dev *hdev, u8 status)
1881{
1882 struct hci_cp_le_start_enc *cp;
1883 struct hci_conn *conn;
1884
1885 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1886
1887 if (!status)
1888 return;
1889
1890 hci_dev_lock(hdev);
1891
1892 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_START_ENC);
1893 if (!cp)
1894 goto unlock;
1895
1896 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1897 if (!conn)
1898 goto unlock;
1899
1900 if (conn->state != BT_CONNECTED)
1901 goto unlock;
1902
1903 hci_disconnect(conn, HCI_ERROR_AUTH_FAILURE);
1904 hci_conn_drop(conn);
1905
1906unlock:
1907 hci_dev_unlock(hdev);
1908}
1909
6039aa73 1910static void hci_inquiry_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4
LT		 1911{
1912 __u8 status = *((__u8 *) skb->data);
30dc78e1
JH		 1913 struct discovery_state *discov = &hdev->discovery;
1914 struct inquiry_entry *e;
1da177e4 1915
9f1db00c 1916 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1da177e4 1917
a9de9248 1918 hci_conn_check_pending(hdev);
89352e7d
AG		 1919
1920 if (!test_and_clear_bit(HCI_INQUIRY, &hdev->flags))
1921 return;
1922
4e857c58 1923 smp_mb__after_atomic(); /* wake_up_bit advises about this barrier */
3e13fa1e
AG		 1924 wake_up_bit(&hdev->flags, HCI_INQUIRY);
1925
a8b2d5c2 1926 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
30dc78e1
JH		 1927 return;
1928
56e5cb86 1929 hci_dev_lock(hdev);
30dc78e1 1930
343f935b 1931 if (discov->state != DISCOVERY_FINDING)
30dc78e1
JH		 1932 goto unlock;
1933
1934 if (list_empty(&discov->resolve)) {
1935 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1936 goto unlock;
1937 }
1938
1939 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_NEEDED);
1940 if (e && hci_resolve_name(hdev, e) == 0) {
1941 e->name_state = NAME_PENDING;
1942 hci_discovery_set_state(hdev, DISCOVERY_RESOLVING);
1943 } else {
1944 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1945 }
1946
1947unlock:
56e5cb86 1948 hci_dev_unlock(hdev);
1da177e4
LT		 1949}
1950
6039aa73 1951static void hci_inquiry_result_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 1952{
45bb4bf0 1953 struct inquiry_data data;
a9de9248 1954 struct inquiry_info *info = (void *) (skb->data + 1);
1da177e4
LT		 1955 int num_rsp = *((__u8 *) skb->data);
1956
1957 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
1958
45bb4bf0
MH		 1959 if (!num_rsp)
1960 return;
1961
1519cc17
AG		 1962 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags))
1963 return;
1964
1da177e4 1965 hci_dev_lock(hdev);
45bb4bf0 1966
e17acd40 1967 for (; num_rsp; num_rsp--, info++) {
388fc8fa 1968 bool name_known, ssp;
3175405b 1969
1da177e4
LT		 1970 bacpy(&data.bdaddr, &info->bdaddr);
1971 data.pscan_rep_mode = info->pscan_rep_mode;
1972 data.pscan_period_mode = info->pscan_period_mode;
1973 data.pscan_mode = info->pscan_mode;
1974 memcpy(data.dev_class, info->dev_class, 3);
1975 data.clock_offset = info->clock_offset;
1976 data.rssi = 0x00;
41a96212 1977 data.ssp_mode = 0x00;
3175405b 1978
388fc8fa 1979 name_known = hci_inquiry_cache_update(hdev, &data, false, &ssp);
48264f06 1980 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
04124681 1981 info->dev_class, 0, !name_known, ssp, NULL,
5d2e9fad 1982 0, NULL, 0);
1da177e4 1983 }
45bb4bf0 1984
1da177e4
LT		 1985 hci_dev_unlock(hdev);
1986}
1987
6039aa73 1988static void hci_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 1989{
a9de9248
MH		 1990 struct hci_ev_conn_complete *ev = (void *) skb->data;
1991 struct hci_conn *conn;
1da177e4
LT		 1992
1993 BT_DBG("%s", hdev->name);
1994
1995 hci_dev_lock(hdev);
1996
1997 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
9499237a
MH		 1998 if (!conn) {
1999 if (ev->link_type != SCO_LINK)
2000 goto unlock;
2001
2002 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
2003 if (!conn)
2004 goto unlock;
2005
2006 conn->type = SCO_LINK;
2007 }
1da177e4
LT		 2008
2009 if (!ev->status) {
2010 conn->handle = __le16_to_cpu(ev->handle);
769be974
MH		 2011
2012 if (conn->type == ACL_LINK) {
2013 conn->state = BT_CONFIG;
2014 hci_conn_hold(conn);
a9ea3ed9
SJ		 2015
2016 if (!conn->out && !hci_conn_ssp_enabled(conn) &&
2017 !hci_find_link_key(hdev, &ev->bdaddr))
2018 conn->disc_timeout = HCI_PAIRING_TIMEOUT;
2019 else
2020 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
769be974
MH		 2021 } else
2022 conn->state = BT_CONNECTED;
1da177e4 2023
7d0db0a3
MH		 2024 hci_conn_add_sysfs(conn);
2025
1da177e4 2026 if (test_bit(HCI_AUTH, &hdev->flags))
4dae2798 2027 set_bit(HCI_CONN_AUTH, &conn->flags);
1da177e4
LT		 2028
2029 if (test_bit(HCI_ENCRYPT, &hdev->flags))
4dae2798 2030 set_bit(HCI_CONN_ENCRYPT, &conn->flags);
1da177e4 2031
04837f64
MH		 2032 /* Get remote features */
2033 if (conn->type == ACL_LINK) {
2034 struct hci_cp_read_remote_features cp;
2035 cp.handle = ev->handle;
769be974 2036 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_FEATURES,
04124681 2037 sizeof(cp), &cp);
04837f64
MH		 2038 }
2039
1da177e4 2040 /* Set packet type for incoming connection */
d095c1eb 2041 if (!conn->out && hdev->hci_ver < BLUETOOTH_VER_2_0) {
1da177e4
LT		 2042 struct hci_cp_change_conn_ptype cp;
2043 cp.handle = ev->handle;
a8746417 2044 cp.pkt_type = cpu_to_le16(conn->pkt_type);
04124681
GP		 2045 hci_send_cmd(hdev, HCI_OP_CHANGE_CONN_PTYPE, sizeof(cp),
2046 &cp);
1da177e4 2047 }
17d5c04c 2048 } else {
1da177e4 2049 conn->state = BT_CLOSED;
17d5c04c 2050 if (conn->type == ACL_LINK)
64c7b77c 2051 mgmt_connect_failed(hdev, &conn->dst, conn->type,
04124681 2052 conn->dst_type, ev->status);
17d5c04c 2053 }
1da177e4 2054
e73439d8
MH		 2055 if (conn->type == ACL_LINK)
2056 hci_sco_setup(conn, ev->status);
1da177e4 2057
769be974
MH		 2058 if (ev->status) {
2059 hci_proto_connect_cfm(conn, ev->status);
1da177e4 2060 hci_conn_del(conn);
c89b6e6b
MH		 2061 } else if (ev->link_type != ACL_LINK)
2062 hci_proto_connect_cfm(conn, ev->status);
1da177e4 2063
a9de9248 2064unlock:
1da177e4 2065 hci_dev_unlock(hdev);
1da177e4 2066
a9de9248 2067 hci_conn_check_pending(hdev);
1da177e4
LT		 2068}
2069
6039aa73 2070static void hci_conn_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 2071{
a9de9248
MH		 2072 struct hci_ev_conn_request *ev = (void *) skb->data;
2073 int mask = hdev->link_mode;
20714bfe 2074 __u8 flags = 0;
1da177e4 2075
6ed93dc6 2076 BT_DBG("%s bdaddr %pMR type 0x%x", hdev->name, &ev->bdaddr,
807deac2 2077 ev->link_type);
1da177e4 2078
20714bfe
FD		 2079 mask |= hci_proto_connect_ind(hdev, &ev->bdaddr, ev->link_type,
2080 &flags);
1da177e4 2081
138d22ef 2082 if ((mask & HCI_LM_ACCEPT) &&
b9ee0a78 2083 !hci_blacklist_lookup(hdev, &ev->bdaddr, BDADDR_BREDR)) {
a9de9248 2084 /* Connection accepted */
c7bdd502 2085 struct inquiry_entry *ie;
1da177e4 2086 struct hci_conn *conn;
1da177e4 2087
a9de9248 2088 hci_dev_lock(hdev);
b6a0dc82 2089
cc11b9c1
AE		 2090 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
2091 if (ie)
c7bdd502
MH		 2092 memcpy(ie->data.dev_class, ev->dev_class, 3);
2093
8fc9ced3
GP		 2094 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type,
2095 &ev->bdaddr);
a9de9248 2096 if (!conn) {
cc11b9c1
AE		 2097 conn = hci_conn_add(hdev, ev->link_type, &ev->bdaddr);
2098 if (!conn) {
893ef971 2099 BT_ERR("No memory for new connection");
a9de9248
MH		 2100 hci_dev_unlock(hdev);
2101 return;
1da177e4
LT		 2102 }
2103 }
b6a0dc82 2104
a9de9248 2105 memcpy(conn->dev_class, ev->dev_class, 3);
b6a0dc82 2106
a9de9248 2107 hci_dev_unlock(hdev);
1da177e4 2108
20714bfe
FD		 2109 if (ev->link_type == ACL_LINK ||
2110 (!(flags & HCI_PROTO_DEFER) && !lmp_esco_capable(hdev))) {
b6a0dc82 2111 struct hci_cp_accept_conn_req cp;
20714bfe 2112 conn->state = BT_CONNECT;
1da177e4 2113
b6a0dc82
MH		 2114 bacpy(&cp.bdaddr, &ev->bdaddr);
2115
2116 if (lmp_rswitch_capable(hdev) && (mask & HCI_LM_MASTER))
2117 cp.role = 0x00; /* Become master */
2118 else
2119 cp.role = 0x01; /* Remain slave */
2120
04124681
GP		 2121 hci_send_cmd(hdev, HCI_OP_ACCEPT_CONN_REQ, sizeof(cp),
2122 &cp);
20714bfe 2123 } else if (!(flags & HCI_PROTO_DEFER)) {
b6a0dc82 2124 struct hci_cp_accept_sync_conn_req cp;
20714bfe 2125 conn->state = BT_CONNECT;
b6a0dc82
MH		 2126
2127 bacpy(&cp.bdaddr, &ev->bdaddr);
a8746417 2128 cp.pkt_type = cpu_to_le16(conn->pkt_type);
b6a0dc82 2129
dcf4adbf
JP		 2130 cp.tx_bandwidth = cpu_to_le32(0x00001f40);
2131 cp.rx_bandwidth = cpu_to_le32(0x00001f40);
2132 cp.max_latency = cpu_to_le16(0xffff);
b6a0dc82
MH		 2133 cp.content_format = cpu_to_le16(hdev->voice_setting);
2134 cp.retrans_effort = 0xff;
1da177e4 2135
b6a0dc82 2136 hci_send_cmd(hdev, HCI_OP_ACCEPT_SYNC_CONN_REQ,
04124681 2137 sizeof(cp), &cp);
20714bfe
FD		 2138 } else {
2139 conn->state = BT_CONNECT2;
2140 hci_proto_connect_cfm(conn, 0);
b6a0dc82 2141 }
a9de9248
MH		 2142 } else {
2143 /* Connection rejected */
2144 struct hci_cp_reject_conn_req cp;
1da177e4 2145
a9de9248 2146 bacpy(&cp.bdaddr, &ev->bdaddr);
9f5a0d7b 2147 cp.reason = HCI_ERROR_REJ_BAD_ADDR;
a9de9248 2148 hci_send_cmd(hdev, HCI_OP_REJECT_CONN_REQ, sizeof(cp), &cp);
1da177e4 2149 }
1da177e4
LT		 2150}
2151
f0d6a0ea
MA		 2152static u8 hci_to_mgmt_reason(u8 err)
2153{
2154 switch (err) {
2155 case HCI_ERROR_CONNECTION_TIMEOUT:
2156 return MGMT_DEV_DISCONN_TIMEOUT;
2157 case HCI_ERROR_REMOTE_USER_TERM:
2158 case HCI_ERROR_REMOTE_LOW_RESOURCES:
2159 case HCI_ERROR_REMOTE_POWER_OFF:
2160 return MGMT_DEV_DISCONN_REMOTE;
2161 case HCI_ERROR_LOCAL_HOST_TERM:
2162 return MGMT_DEV_DISCONN_LOCAL_HOST;
2163 default:
2164 return MGMT_DEV_DISCONN_UNKNOWN;
2165 }
2166}
2167
6039aa73 2168static void hci_disconn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
04837f64 2169{
a9de9248 2170 struct hci_ev_disconn_complete *ev = (void *) skb->data;
abf54a50 2171 u8 reason = hci_to_mgmt_reason(ev->reason);
9fcb18ef 2172 struct hci_conn_params *params;
04837f64 2173 struct hci_conn *conn;
12d4a3b2 2174 bool mgmt_connected;
3846220b 2175 u8 type;
04837f64 2176
9f1db00c 2177 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
04837f64
MH		 2178
2179 hci_dev_lock(hdev);
2180
2181 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
f7520543
JH		 2182 if (!conn)
2183 goto unlock;
7d0db0a3 2184
abf54a50
AG		 2185 if (ev->status) {
2186 mgmt_disconnect_failed(hdev, &conn->dst, conn->type,
2187 conn->dst_type, ev->status);
2188 goto unlock;
37d9ef76 2189 }
f7520543 2190
3846220b
AG		 2191 conn->state = BT_CLOSED;
2192
12d4a3b2
JH		 2193 mgmt_connected = test_and_clear_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags);
2194 mgmt_device_disconnected(hdev, &conn->dst, conn->type, conn->dst_type,
2195 reason, mgmt_connected);
abf54a50 2196
af6a9c32
JH		 2197 if (conn->type == ACL_LINK &&
2198 test_bit(HCI_CONN_FLUSH_KEY, &conn->flags))
3846220b 2199 hci_remove_link_key(hdev, &conn->dst);
2210246c 2200
9fcb18ef
AG		 2201 params = hci_conn_params_lookup(hdev, &conn->dst, conn->dst_type);
2202 if (params) {
2203 switch (params->auto_connect) {
2204 case HCI_AUTO_CONN_LINK_LOSS:
2205 if (ev->reason != HCI_ERROR_CONNECTION_TIMEOUT)
2206 break;
2207 /* Fall through */
2208
2209 case HCI_AUTO_CONN_ALWAYS:
2210 hci_pend_le_conn_add(hdev, &conn->dst, conn->dst_type);
2211 break;
2212
2213 default:
2214 break;
2215 }
2216 }
2217
3846220b 2218 type = conn->type;
2210246c 2219
3846220b
AG		 2220 hci_proto_disconn_cfm(conn, ev->reason);
2221 hci_conn_del(conn);
2222
2223 /* Re-enable advertising if necessary, since it might
2224 * have been disabled by the connection. From the
2225 * HCI_LE_Set_Advertise_Enable command description in
2226 * the core specification (v4.0):
2227 * "The Controller shall continue advertising until the Host
2228 * issues an LE_Set_Advertise_Enable command with
2229 * Advertising_Enable set to 0x00 (Advertising is disabled)
2230 * or until a connection is created or until the Advertising
2231 * is timed out due to Directed Advertising."
2232 */
2233 if (type == LE_LINK)
2234 mgmt_reenable_advertising(hdev);
f7520543
JH		 2235
2236unlock:
04837f64
MH		 2237 hci_dev_unlock(hdev);
2238}
2239
6039aa73 2240static void hci_auth_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 2241{
a9de9248 2242 struct hci_ev_auth_complete *ev = (void *) skb->data;
04837f64 2243 struct hci_conn *conn;
1da177e4 2244
9f1db00c 2245 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
1da177e4
LT		 2246
2247 hci_dev_lock(hdev);
2248
04837f64 2249 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
d7556e20
WR		 2250 if (!conn)
2251 goto unlock;
2252
2253 if (!ev->status) {
aa64a8b5 2254 if (!hci_conn_ssp_enabled(conn) &&
807deac2 2255 test_bit(HCI_CONN_REAUTH_PEND, &conn->flags)) {
d7556e20 2256 BT_INFO("re-auth of legacy device is not possible.");
2a611692 2257 } else {
4dae2798 2258 set_bit(HCI_CONN_AUTH, &conn->flags);
d7556e20 2259 conn->sec_level = conn->pending_sec_level;
2a611692 2260 }
d7556e20 2261 } else {
bab73cb6 2262 mgmt_auth_failed(hdev, &conn->dst, conn->type, conn->dst_type,
04124681 2263 ev->status);
d7556e20 2264 }
1da177e4 2265
51a8efd7
JH		 2266 clear_bit(HCI_CONN_AUTH_PEND, &conn->flags);
2267 clear_bit(HCI_CONN_REAUTH_PEND, &conn->flags);
1da177e4 2268
d7556e20 2269 if (conn->state == BT_CONFIG) {
aa64a8b5 2270 if (!ev->status && hci_conn_ssp_enabled(conn)) {
d7556e20
WR		 2271 struct hci_cp_set_conn_encrypt cp;
2272 cp.handle = ev->handle;
2273 cp.encrypt = 0x01;
2274 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
807deac2 2275 &cp);
052b30b0 2276 } else {
d7556e20
WR		 2277 conn->state = BT_CONNECTED;
2278 hci_proto_connect_cfm(conn, ev->status);
76a68ba0 2279 hci_conn_drop(conn);
052b30b0 2280 }
d7556e20
WR		 2281 } else {
2282 hci_auth_cfm(conn, ev->status);
052b30b0 2283
d7556e20
WR		 2284 hci_conn_hold(conn);
2285 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
76a68ba0 2286 hci_conn_drop(conn);
d7556e20
WR		 2287 }
2288
51a8efd7 2289 if (test_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags)) {
d7556e20
WR		 2290 if (!ev->status) {
2291 struct hci_cp_set_conn_encrypt cp;
2292 cp.handle = ev->handle;
2293 cp.encrypt = 0x01;
2294 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
807deac2 2295 &cp);
d7556e20 2296 } else {
51a8efd7 2297 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
d7556e20 2298 hci_encrypt_cfm(conn, ev->status, 0x00);
1da177e4
LT		 2299 }
2300 }
2301
d7556e20 2302unlock:
1da177e4
LT		 2303 hci_dev_unlock(hdev);
2304}
2305
6039aa73 2306static void hci_remote_name_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 2307{
127178d2
JH		 2308 struct hci_ev_remote_name *ev = (void *) skb->data;
2309 struct hci_conn *conn;
2310
a9de9248 2311 BT_DBG("%s", hdev->name);
1da177e4 2312
a9de9248 2313 hci_conn_check_pending(hdev);
127178d2
JH		 2314
2315 hci_dev_lock(hdev);
2316
b644ba33 2317 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
30dc78e1 2318
b644ba33
JH		 2319 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
2320 goto check_auth;
a88a9652 2321
b644ba33
JH		 2322 if (ev->status == 0)
2323 hci_check_pending_name(hdev, conn, &ev->bdaddr, ev->name,
04124681 2324 strnlen(ev->name, HCI_MAX_NAME_LENGTH));
b644ba33
JH		 2325 else
2326 hci_check_pending_name(hdev, conn, &ev->bdaddr, NULL, 0);
2327
2328check_auth:
79c6c70c
JH		 2329 if (!conn)
2330 goto unlock;
2331
2332 if (!hci_outgoing_auth_needed(hdev, conn))
2333 goto unlock;
2334
51a8efd7 2335 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
127178d2
JH		 2336 struct hci_cp_auth_requested cp;
2337 cp.handle = __cpu_to_le16(conn->handle);
2338 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp);
2339 }
2340
79c6c70c 2341unlock:
127178d2 2342 hci_dev_unlock(hdev);
a9de9248
MH		 2343}
2344
6039aa73 2345static void hci_encrypt_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248
MH		 2346{
2347 struct hci_ev_encrypt_change *ev = (void *) skb->data;
2348 struct hci_conn *conn;
2349
9f1db00c 2350 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
1da177e4
LT		 2351
2352 hci_dev_lock(hdev);
2353
04837f64 2354 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
dc8357cc
MH		 2355 if (!conn)
2356 goto unlock;
1da177e4 2357
dc8357cc
MH		 2358 if (!ev->status) {
2359 if (ev->encrypt) {
2360 /* Encryption implies authentication */
4dae2798
JH		 2361 set_bit(HCI_CONN_AUTH, &conn->flags);
2362 set_bit(HCI_CONN_ENCRYPT, &conn->flags);
dc8357cc 2363 conn->sec_level = conn->pending_sec_level;
abf76bad 2364
914a6ffe
MH		 2365 /* P-256 authentication key implies FIPS */
2366 if (conn->key_type == HCI_LK_AUTH_COMBINATION_P256)
4dae2798 2367 set_bit(HCI_CONN_FIPS, &conn->flags);
914a6ffe 2368
abf76bad
MH		 2369 if ((conn->type == ACL_LINK && ev->encrypt == 0x02) ||
2370 conn->type == LE_LINK)
2371 set_bit(HCI_CONN_AES_CCM, &conn->flags);
2372 } else {
4dae2798 2373 clear_bit(HCI_CONN_ENCRYPT, &conn->flags);
abf76bad
MH		 2374 clear_bit(HCI_CONN_AES_CCM, &conn->flags);
2375 }
dc8357cc 2376 }
a7d7723a 2377
dc8357cc 2378 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
f8558555 2379
dc8357cc
MH		 2380 if (ev->status && conn->state == BT_CONNECTED) {
2381 hci_disconnect(conn, HCI_ERROR_AUTH_FAILURE);
2382 hci_conn_drop(conn);
2383 goto unlock;
1da177e4
LT		 2384 }
2385
dc8357cc
MH		 2386 if (conn->state == BT_CONFIG) {
2387 if (!ev->status)
2388 conn->state = BT_CONNECTED;
2389
40b552aa
MH		 2390 /* In Secure Connections Only mode, do not allow any
2391 * connections that are not encrypted with AES-CCM
2392 * using a P-256 authenticated combination key.
2393 */
2394 if (test_bit(HCI_SC_ONLY, &hdev->dev_flags) &&
2395 (!test_bit(HCI_CONN_AES_CCM, &conn->flags) ||
2396 conn->key_type != HCI_LK_AUTH_COMBINATION_P256)) {
2397 hci_proto_connect_cfm(conn, HCI_ERROR_AUTH_FAILURE);
2398 hci_conn_drop(conn);
2399 goto unlock;
2400 }
2401
dc8357cc
MH		 2402 hci_proto_connect_cfm(conn, ev->status);
2403 hci_conn_drop(conn);
2404 } else
2405 hci_encrypt_cfm(conn, ev->status, ev->encrypt);
2406
a7d7723a 2407unlock:
1da177e4
LT		 2408 hci_dev_unlock(hdev);
2409}
2410
6039aa73
GP		 2411static void hci_change_link_key_complete_evt(struct hci_dev *hdev,
2412 struct sk_buff *skb)
1da177e4 2413{
a9de9248 2414 struct hci_ev_change_link_key_complete *ev = (void *) skb->data;
04837f64 2415 struct hci_conn *conn;
1da177e4 2416
9f1db00c 2417 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
1da177e4
LT		 2418
2419 hci_dev_lock(hdev);
2420
04837f64 2421 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1da177e4
LT		 2422 if (conn) {
2423 if (!ev->status)
4dae2798 2424 set_bit(HCI_CONN_SECURE, &conn->flags);
1da177e4 2425
51a8efd7 2426 clear_bit(HCI_CONN_AUTH_PEND, &conn->flags);
1da177e4
LT		 2427
2428 hci_key_change_cfm(conn, ev->status);
2429 }
2430
2431 hci_dev_unlock(hdev);
2432}
2433
6039aa73
GP		 2434static void hci_remote_features_evt(struct hci_dev *hdev,
2435 struct sk_buff *skb)
1da177e4 2436{
a9de9248
MH		 2437 struct hci_ev_remote_features *ev = (void *) skb->data;
2438 struct hci_conn *conn;
2439
9f1db00c 2440 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
a9de9248 2441
a9de9248
MH		 2442 hci_dev_lock(hdev);
2443
2444 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
ccd556fe
JH		 2445 if (!conn)
2446 goto unlock;
769be974 2447
ccd556fe 2448 if (!ev->status)
cad718ed 2449 memcpy(conn->features[0], ev->features, 8);
ccd556fe
JH		 2450
2451 if (conn->state != BT_CONFIG)
2452 goto unlock;
2453
2454 if (!ev->status && lmp_ssp_capable(hdev) && lmp_ssp_capable(conn)) {
2455 struct hci_cp_read_remote_ext_features cp;
2456 cp.handle = ev->handle;
2457 cp.page = 0x01;
2458 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES,
807deac2 2459 sizeof(cp), &cp);
392599b9
JH		 2460 goto unlock;
2461 }
2462
671267bf 2463 if (!ev->status && !test_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags)) {
127178d2
JH		 2464 struct hci_cp_remote_name_req cp;
2465 memset(&cp, 0, sizeof(cp));
2466 bacpy(&cp.bdaddr, &conn->dst);
2467 cp.pscan_rep_mode = 0x02;
2468 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
b644ba33
JH		 2469 } else if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
2470 mgmt_device_connected(hdev, &conn->dst, conn->type,
04124681
GP		 2471 conn->dst_type, 0, NULL, 0,
2472 conn->dev_class);
392599b9 2473
127178d2 2474 if (!hci_outgoing_auth_needed(hdev, conn)) {
ccd556fe
JH		 2475 conn->state = BT_CONNECTED;
2476 hci_proto_connect_cfm(conn, ev->status);
76a68ba0 2477 hci_conn_drop(conn);
769be974 2478 }
a9de9248 2479
ccd556fe 2480unlock:
a9de9248 2481 hci_dev_unlock(hdev);
1da177e4
LT		 2482}
2483
6039aa73 2484static void hci_cmd_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248
MH		 2485{
2486 struct hci_ev_cmd_complete *ev = (void *) skb->data;
9238f36a 2487 u8 status = skb->data[sizeof(*ev)];
a9de9248
MH		 2488 __u16 opcode;
2489
2490 skb_pull(skb, sizeof(*ev));
2491
2492 opcode = __le16_to_cpu(ev->opcode);
2493
2494 switch (opcode) {
2495 case HCI_OP_INQUIRY_CANCEL:
2496 hci_cc_inquiry_cancel(hdev, skb);
2497 break;
2498
4d93483b
AG		 2499 case HCI_OP_PERIODIC_INQ:
2500 hci_cc_periodic_inq(hdev, skb);
2501 break;
2502
a9de9248
MH		 2503 case HCI_OP_EXIT_PERIODIC_INQ:
2504 hci_cc_exit_periodic_inq(hdev, skb);
2505 break;
2506
2507 case HCI_OP_REMOTE_NAME_REQ_CANCEL:
2508 hci_cc_remote_name_req_cancel(hdev, skb);
2509 break;
2510
2511 case HCI_OP_ROLE_DISCOVERY:
2512 hci_cc_role_discovery(hdev, skb);
2513 break;
2514
e4e8e37c
MH		 2515 case HCI_OP_READ_LINK_POLICY:
2516 hci_cc_read_link_policy(hdev, skb);
2517 break;
2518
a9de9248
MH		 2519 case HCI_OP_WRITE_LINK_POLICY:
2520 hci_cc_write_link_policy(hdev, skb);
2521 break;
2522
e4e8e37c
MH		 2523 case HCI_OP_READ_DEF_LINK_POLICY:
2524 hci_cc_read_def_link_policy(hdev, skb);
2525 break;
2526
2527 case HCI_OP_WRITE_DEF_LINK_POLICY:
2528 hci_cc_write_def_link_policy(hdev, skb);
2529 break;
2530
a9de9248
MH		 2531 case HCI_OP_RESET:
2532 hci_cc_reset(hdev, skb);
2533 break;
2534
2535 case HCI_OP_WRITE_LOCAL_NAME:
2536 hci_cc_write_local_name(hdev, skb);
2537 break;
2538
2539 case HCI_OP_READ_LOCAL_NAME:
2540 hci_cc_read_local_name(hdev, skb);
2541 break;
2542
2543 case HCI_OP_WRITE_AUTH_ENABLE:
2544 hci_cc_write_auth_enable(hdev, skb);
2545 break;
2546
2547 case HCI_OP_WRITE_ENCRYPT_MODE:
2548 hci_cc_write_encrypt_mode(hdev, skb);
2549 break;
2550
2551 case HCI_OP_WRITE_SCAN_ENABLE:
2552 hci_cc_write_scan_enable(hdev, skb);
2553 break;
2554
2555 case HCI_OP_READ_CLASS_OF_DEV:
2556 hci_cc_read_class_of_dev(hdev, skb);
2557 break;
2558
2559 case HCI_OP_WRITE_CLASS_OF_DEV:
2560 hci_cc_write_class_of_dev(hdev, skb);
2561 break;
2562
2563 case HCI_OP_READ_VOICE_SETTING:
2564 hci_cc_read_voice_setting(hdev, skb);
2565 break;
2566
2567 case HCI_OP_WRITE_VOICE_SETTING:
2568 hci_cc_write_voice_setting(hdev, skb);
2569 break;
2570
b4cb9fb2
MH		 2571 case HCI_OP_READ_NUM_SUPPORTED_IAC:
2572 hci_cc_read_num_supported_iac(hdev, skb);
2573 break;
2574
333140b5
MH		 2575 case HCI_OP_WRITE_SSP_MODE:
2576 hci_cc_write_ssp_mode(hdev, skb);
2577 break;
2578
eac83dc6
MH		 2579 case HCI_OP_WRITE_SC_SUPPORT:
2580 hci_cc_write_sc_support(hdev, skb);
2581 break;
2582
a9de9248
MH		 2583 case HCI_OP_READ_LOCAL_VERSION:
2584 hci_cc_read_local_version(hdev, skb);
2585 break;
2586
2587 case HCI_OP_READ_LOCAL_COMMANDS:
2588 hci_cc_read_local_commands(hdev, skb);
2589 break;
2590
2591 case HCI_OP_READ_LOCAL_FEATURES:
2592 hci_cc_read_local_features(hdev, skb);
2593 break;
2594
971e3a4b
AG		 2595 case HCI_OP_READ_LOCAL_EXT_FEATURES:
2596 hci_cc_read_local_ext_features(hdev, skb);
2597 break;
2598
a9de9248
MH		 2599 case HCI_OP_READ_BUFFER_SIZE:
2600 hci_cc_read_buffer_size(hdev, skb);
2601 break;
2602
2603 case HCI_OP_READ_BD_ADDR:
2604 hci_cc_read_bd_addr(hdev, skb);
2605 break;
2606
f332ec66
JH		 2607 case HCI_OP_READ_PAGE_SCAN_ACTIVITY:
2608 hci_cc_read_page_scan_activity(hdev, skb);
2609 break;
2610
4a3ee763
JH		 2611 case HCI_OP_WRITE_PAGE_SCAN_ACTIVITY:
2612 hci_cc_write_page_scan_activity(hdev, skb);
2613 break;
2614
f332ec66
JH		 2615 case HCI_OP_READ_PAGE_SCAN_TYPE:
2616 hci_cc_read_page_scan_type(hdev, skb);
2617 break;
2618
4a3ee763
JH		 2619 case HCI_OP_WRITE_PAGE_SCAN_TYPE:
2620 hci_cc_write_page_scan_type(hdev, skb);
2621 break;
2622
350ee4cf
AE		 2623 case HCI_OP_READ_DATA_BLOCK_SIZE:
2624 hci_cc_read_data_block_size(hdev, skb);
2625 break;
2626
1e89cffb
AE		 2627 case HCI_OP_READ_FLOW_CONTROL_MODE:
2628 hci_cc_read_flow_control_mode(hdev, skb);
2629 break;
2630
928abaa7
AE		 2631 case HCI_OP_READ_LOCAL_AMP_INFO:
2632 hci_cc_read_local_amp_info(hdev, skb);
2633 break;
2634
33f35721
JH		 2635 case HCI_OP_READ_CLOCK:
2636 hci_cc_read_clock(hdev, skb);
2637 break;
2638
903e4541
AE		 2639 case HCI_OP_READ_LOCAL_AMP_ASSOC:
2640 hci_cc_read_local_amp_assoc(hdev, skb);
2641 break;
2642
d5859e22
JH		 2643 case HCI_OP_READ_INQ_RSP_TX_POWER:
2644 hci_cc_read_inq_rsp_tx_power(hdev, skb);
2645 break;
2646
980e1a53
JH		 2647 case HCI_OP_PIN_CODE_REPLY:
2648 hci_cc_pin_code_reply(hdev, skb);
2649 break;
2650
2651 case HCI_OP_PIN_CODE_NEG_REPLY:
2652 hci_cc_pin_code_neg_reply(hdev, skb);
2653 break;
2654
c35938b2 2655 case HCI_OP_READ_LOCAL_OOB_DATA:
4d2d2796
MH		 2656 hci_cc_read_local_oob_data(hdev, skb);
2657 break;
2658
2659 case HCI_OP_READ_LOCAL_OOB_EXT_DATA:
2660 hci_cc_read_local_oob_ext_data(hdev, skb);
c35938b2
SJ		 2661 break;
2662
6ed58ec5
VT		 2663 case HCI_OP_LE_READ_BUFFER_SIZE:
2664 hci_cc_le_read_buffer_size(hdev, skb);
2665 break;
2666
60e77321
JH		 2667 case HCI_OP_LE_READ_LOCAL_FEATURES:
2668 hci_cc_le_read_local_features(hdev, skb);
2669 break;
2670
8fa19098
JH		 2671 case HCI_OP_LE_READ_ADV_TX_POWER:
2672 hci_cc_le_read_adv_tx_power(hdev, skb);
2673 break;
2674
a5c29683
JH		 2675 case HCI_OP_USER_CONFIRM_REPLY:
2676 hci_cc_user_confirm_reply(hdev, skb);
2677 break;
2678
2679 case HCI_OP_USER_CONFIRM_NEG_REPLY:
2680 hci_cc_user_confirm_neg_reply(hdev, skb);
2681 break;
2682
1143d458
BG		 2683 case HCI_OP_USER_PASSKEY_REPLY:
2684 hci_cc_user_passkey_reply(hdev, skb);
2685 break;
2686
2687 case HCI_OP_USER_PASSKEY_NEG_REPLY:
2688 hci_cc_user_passkey_neg_reply(hdev, skb);
16cde993 2689 break;
07f7fa5d 2690
7a4cd51d
MH		 2691 case HCI_OP_LE_SET_RANDOM_ADDR:
2692 hci_cc_le_set_random_addr(hdev, skb);
2693 break;
2694
c1d5dc4a
JH		 2695 case HCI_OP_LE_SET_ADV_ENABLE:
2696 hci_cc_le_set_adv_enable(hdev, skb);
2697 break;
2698
533553f8
MH		 2699 case HCI_OP_LE_SET_SCAN_PARAM:
2700 hci_cc_le_set_scan_param(hdev, skb);
2701 break;
2702
eb9d91f5
AG		 2703 case HCI_OP_LE_SET_SCAN_ENABLE:
2704 hci_cc_le_set_scan_enable(hdev, skb);
2705 break;
2706
cf1d081f
JH		 2707 case HCI_OP_LE_READ_WHITE_LIST_SIZE:
2708 hci_cc_le_read_white_list_size(hdev, skb);
2709 break;
2710
0f36b589
MH		 2711 case HCI_OP_LE_CLEAR_WHITE_LIST:
2712 hci_cc_le_clear_white_list(hdev, skb);
2713 break;
2714
2715 case HCI_OP_LE_ADD_TO_WHITE_LIST:
2716 hci_cc_le_add_to_white_list(hdev, skb);
2717 break;
2718
2719 case HCI_OP_LE_DEL_FROM_WHITE_LIST:
2720 hci_cc_le_del_from_white_list(hdev, skb);
2721 break;
2722
9b008c04
JH		 2723 case HCI_OP_LE_READ_SUPPORTED_STATES:
2724 hci_cc_le_read_supported_states(hdev, skb);
2725 break;
2726
f9b49306
AG		 2727 case HCI_OP_WRITE_LE_HOST_SUPPORTED:
2728 hci_cc_write_le_host_supported(hdev, skb);
2729 break;
2730
56ed2cb8
JH		 2731 case HCI_OP_LE_SET_ADV_PARAM:
2732 hci_cc_set_adv_param(hdev, skb);
2733 break;
2734
93c284ee
AE		 2735 case HCI_OP_WRITE_REMOTE_AMP_ASSOC:
2736 hci_cc_write_remote_amp_assoc(hdev, skb);
2737 break;
2738
5ae76a94
AK		 2739 case HCI_OP_READ_RSSI:
2740 hci_cc_read_rssi(hdev, skb);
2741 break;
2742
5a134fae
AK		 2743 case HCI_OP_READ_TX_POWER:
2744 hci_cc_read_tx_power(hdev, skb);
2745 break;
2746
a9de9248 2747 default:
9f1db00c 2748 BT_DBG("%s opcode 0x%4.4x", hdev->name, opcode);
a9de9248
MH		 2749 break;
2750 }
2751
ad82cdd1 2752 if (opcode != HCI_OP_NOP)
65cc2b49 2753 cancel_delayed_work(&hdev->cmd_timer);
6bd32326 2754
ad82cdd1 2755 hci_req_cmd_complete(hdev, opcode, status);
9238f36a 2756
dbccd791 2757 if (ev->ncmd && !test_bit(HCI_RESET, &hdev->flags)) {
a9de9248
MH		 2758 atomic_set(&hdev->cmd_cnt, 1);
2759 if (!skb_queue_empty(&hdev->cmd_q))
c347b765 2760 queue_work(hdev->workqueue, &hdev->cmd_work);
a9de9248
MH		 2761 }
2762}
2763
6039aa73 2764static void hci_cmd_status_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248
MH		 2765{
2766 struct hci_ev_cmd_status *ev = (void *) skb->data;
2767 __u16 opcode;
2768
2769 skb_pull(skb, sizeof(*ev));
2770
2771 opcode = __le16_to_cpu(ev->opcode);
2772
2773 switch (opcode) {
2774 case HCI_OP_INQUIRY:
2775 hci_cs_inquiry(hdev, ev->status);
2776 break;
2777
2778 case HCI_OP_CREATE_CONN:
2779 hci_cs_create_conn(hdev, ev->status);
2780 break;
2781
2782 case HCI_OP_ADD_SCO:
2783 hci_cs_add_sco(hdev, ev->status);
2784 break;
2785
f8558555
MH		 2786 case HCI_OP_AUTH_REQUESTED:
2787 hci_cs_auth_requested(hdev, ev->status);
2788 break;
2789
2790 case HCI_OP_SET_CONN_ENCRYPT:
2791 hci_cs_set_conn_encrypt(hdev, ev->status);
2792 break;
2793
a9de9248
MH		 2794 case HCI_OP_REMOTE_NAME_REQ:
2795 hci_cs_remote_name_req(hdev, ev->status);
2796 break;
2797
769be974
MH		 2798 case HCI_OP_READ_REMOTE_FEATURES:
2799 hci_cs_read_remote_features(hdev, ev->status);
2800 break;
2801
2802 case HCI_OP_READ_REMOTE_EXT_FEATURES:
2803 hci_cs_read_remote_ext_features(hdev, ev->status);
2804 break;
2805
a9de9248
MH		 2806 case HCI_OP_SETUP_SYNC_CONN:
2807 hci_cs_setup_sync_conn(hdev, ev->status);
2808 break;
2809
2810 case HCI_OP_SNIFF_MODE:
2811 hci_cs_sniff_mode(hdev, ev->status);
2812 break;
2813
2814 case HCI_OP_EXIT_SNIFF_MODE:
2815 hci_cs_exit_sniff_mode(hdev, ev->status);
2816 break;
2817
8962ee74 2818 case HCI_OP_DISCONNECT:
88c3df13 2819 hci_cs_disconnect(hdev, ev->status);
8962ee74
JH		 2820 break;
2821
a02226d6
AE		 2822 case HCI_OP_CREATE_PHY_LINK:
2823 hci_cs_create_phylink(hdev, ev->status);
2824 break;
2825
0b26ab9d
AE		 2826 case HCI_OP_ACCEPT_PHY_LINK:
2827 hci_cs_accept_phylink(hdev, ev->status);
2828 break;
2829
cb1d68f7
JH		 2830 case HCI_OP_LE_CREATE_CONN:
2831 hci_cs_le_create_conn(hdev, ev->status);
2832 break;
2833
81d0c8ad
JH		 2834 case HCI_OP_LE_START_ENC:
2835 hci_cs_le_start_enc(hdev, ev->status);
2836 break;
2837
a9de9248 2838 default:
9f1db00c 2839 BT_DBG("%s opcode 0x%4.4x", hdev->name, opcode);
a9de9248
MH		 2840 break;
2841 }
2842
ad82cdd1 2843 if (opcode != HCI_OP_NOP)
65cc2b49 2844 cancel_delayed_work(&hdev->cmd_timer);
6bd32326 2845
02350a72
JH		 2846 if (ev->status ||
2847 (hdev->sent_cmd && !bt_cb(hdev->sent_cmd)->req.event))
2848 hci_req_cmd_complete(hdev, opcode, ev->status);
9238f36a 2849
10572132 2850 if (ev->ncmd && !test_bit(HCI_RESET, &hdev->flags)) {
a9de9248
MH		 2851 atomic_set(&hdev->cmd_cnt, 1);
2852 if (!skb_queue_empty(&hdev->cmd_q))
c347b765 2853 queue_work(hdev->workqueue, &hdev->cmd_work);
a9de9248
MH		 2854 }
2855}
2856
6039aa73 2857static void hci_role_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248
MH		 2858{
2859 struct hci_ev_role_change *ev = (void *) skb->data;
2860 struct hci_conn *conn;
2861
9f1db00c 2862 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
a9de9248
MH		 2863
2864 hci_dev_lock(hdev);
2865
2866 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2867 if (conn) {
2868 if (!ev->status) {
2869 if (ev->role)
4dae2798 2870 clear_bit(HCI_CONN_MASTER, &conn->flags);
a9de9248 2871 else
4dae2798 2872 set_bit(HCI_CONN_MASTER, &conn->flags);
a9de9248
MH		 2873 }
2874
51a8efd7 2875 clear_bit(HCI_CONN_RSWITCH_PEND, &conn->flags);
a9de9248
MH		 2876
2877 hci_role_switch_cfm(conn, ev->status, ev->role);
2878 }
2879
2880 hci_dev_unlock(hdev);
2881}
2882
6039aa73 2883static void hci_num_comp_pkts_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248
MH		 2884{
2885 struct hci_ev_num_comp_pkts *ev = (void *) skb->data;
a9de9248
MH		 2886 int i;
2887
32ac5b9b
AE		 2888 if (hdev->flow_ctl_mode != HCI_FLOW_CTL_MODE_PACKET_BASED) {
2889 BT_ERR("Wrong event for mode %d", hdev->flow_ctl_mode);
2890 return;
2891 }
2892
c5993de8 2893 if (skb->len < sizeof(*ev) || skb->len < sizeof(*ev) +
807deac2 2894 ev->num_hndl * sizeof(struct hci_comp_pkts_info)) {
a9de9248
MH		 2895 BT_DBG("%s bad parameters", hdev->name);
2896 return;
2897 }
2898
c5993de8
AE		 2899 BT_DBG("%s num_hndl %d", hdev->name, ev->num_hndl);
2900
613a1c0c
AE		 2901 for (i = 0; i < ev->num_hndl; i++) {
2902 struct hci_comp_pkts_info *info = &ev->handles[i];
a9de9248
MH		 2903 struct hci_conn *conn;
2904 __u16 handle, count;
2905
613a1c0c
AE		 2906 handle = __le16_to_cpu(info->handle);
2907 count = __le16_to_cpu(info->count);
a9de9248
MH		 2908
2909 conn = hci_conn_hash_lookup_handle(hdev, handle);
f4280918
AE		 2910 if (!conn)
2911 continue;
2912
2913 conn->sent -= count;
2914
2915 switch (conn->type) {
2916 case ACL_LINK:
2917 hdev->acl_cnt += count;
2918 if (hdev->acl_cnt > hdev->acl_pkts)
2919 hdev->acl_cnt = hdev->acl_pkts;
2920 break;
2921
2922 case LE_LINK:
2923 if (hdev->le_pkts) {
2924 hdev->le_cnt += count;
2925 if (hdev->le_cnt > hdev->le_pkts)
2926 hdev->le_cnt = hdev->le_pkts;
2927 } else {
70f23020
AE		 2928 hdev->acl_cnt += count;
2929 if (hdev->acl_cnt > hdev->acl_pkts)
a9de9248 2930 hdev->acl_cnt = hdev->acl_pkts;
a9de9248 2931 }
f4280918
AE		 2932 break;
2933
2934 case SCO_LINK:
2935 hdev->sco_cnt += count;
2936 if (hdev->sco_cnt > hdev->sco_pkts)
2937 hdev->sco_cnt = hdev->sco_pkts;
2938 break;
2939
2940 default:
2941 BT_ERR("Unknown type %d conn %p", conn->type, conn);
2942 break;
a9de9248
MH		 2943 }
2944 }
2945
3eff45ea 2946 queue_work(hdev->workqueue, &hdev->tx_work);
a9de9248
MH		 2947}
2948
76ef7cf7
AE		 2949static struct hci_conn *__hci_conn_lookup_handle(struct hci_dev *hdev,
2950 __u16 handle)
2951{
2952 struct hci_chan *chan;
2953
2954 switch (hdev->dev_type) {
2955 case HCI_BREDR:
2956 return hci_conn_hash_lookup_handle(hdev, handle);
2957 case HCI_AMP:
2958 chan = hci_chan_lookup_handle(hdev, handle);
2959 if (chan)
2960 return chan->conn;
2961 break;
2962 default:
2963 BT_ERR("%s unknown dev_type %d", hdev->name, hdev->dev_type);
2964 break;
2965 }
2966
2967 return NULL;
2968}
2969
6039aa73 2970static void hci_num_comp_blocks_evt(struct hci_dev *hdev, struct sk_buff *skb)
25e89e99
AE		 2971{
2972 struct hci_ev_num_comp_blocks *ev = (void *) skb->data;
2973 int i;
2974
2975 if (hdev->flow_ctl_mode != HCI_FLOW_CTL_MODE_BLOCK_BASED) {
2976 BT_ERR("Wrong event for mode %d", hdev->flow_ctl_mode);
2977 return;
2978 }
2979
2980 if (skb->len < sizeof(*ev) || skb->len < sizeof(*ev) +
807deac2 2981 ev->num_hndl * sizeof(struct hci_comp_blocks_info)) {
25e89e99
AE		 2982 BT_DBG("%s bad parameters", hdev->name);
2983 return;
2984 }
2985
2986 BT_DBG("%s num_blocks %d num_hndl %d", hdev->name, ev->num_blocks,
807deac2 2987 ev->num_hndl);
25e89e99
AE		 2988
2989 for (i = 0; i < ev->num_hndl; i++) {
2990 struct hci_comp_blocks_info *info = &ev->handles[i];
76ef7cf7 2991 struct hci_conn *conn = NULL;
25e89e99
AE		 2992 __u16 handle, block_count;
2993
2994 handle = __le16_to_cpu(info->handle);
2995 block_count = __le16_to_cpu(info->blocks);
2996
76ef7cf7 2997 conn = __hci_conn_lookup_handle(hdev, handle);
25e89e99
AE		 2998 if (!conn)
2999 continue;
3000
3001 conn->sent -= block_count;
3002
3003 switch (conn->type) {
3004 case ACL_LINK:
bd1eb66b 3005 case AMP_LINK:
25e89e99
AE		 3006 hdev->block_cnt += block_count;
3007 if (hdev->block_cnt > hdev->num_blocks)
3008 hdev->block_cnt = hdev->num_blocks;
3009 break;
3010
3011 default:
3012 BT_ERR("Unknown type %d conn %p", conn->type, conn);
3013 break;
3014 }
3015 }
3016
3017 queue_work(hdev->workqueue, &hdev->tx_work);
3018}
3019
6039aa73 3020static void hci_mode_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
04837f64 3021{
a9de9248 3022 struct hci_ev_mode_change *ev = (void *) skb->data;
04837f64
MH		 3023 struct hci_conn *conn;
3024
9f1db00c 3025 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
04837f64
MH		 3026
3027 hci_dev_lock(hdev);
3028
3029 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
a9de9248
MH		 3030 if (conn) {
3031 conn->mode = ev->mode;
a9de9248 3032
8fc9ced3
GP		 3033 if (!test_and_clear_bit(HCI_CONN_MODE_CHANGE_PEND,
3034 &conn->flags)) {
a9de9248 3035 if (conn->mode == HCI_CM_ACTIVE)
58a681ef 3036 set_bit(HCI_CONN_POWER_SAVE, &conn->flags);
a9de9248 3037 else
58a681ef 3038 clear_bit(HCI_CONN_POWER_SAVE, &conn->flags);
a9de9248 3039 }
e73439d8 3040
51a8efd7 3041 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
e73439d8 3042 hci_sco_setup(conn, ev->status);
04837f64
MH		 3043 }
3044
3045 hci_dev_unlock(hdev);
3046}
3047
6039aa73 3048static void hci_pin_code_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248 3049{
052b30b0
MH		 3050 struct hci_ev_pin_code_req *ev = (void *) skb->data;
3051 struct hci_conn *conn;
3052
a9de9248 3053 BT_DBG("%s", hdev->name);
052b30b0
MH		 3054
3055 hci_dev_lock(hdev);
3056
3057 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
b6f98044
WR		 3058 if (!conn)
3059 goto unlock;
3060
3061 if (conn->state == BT_CONNECTED) {
052b30b0
MH		 3062 hci_conn_hold(conn);
3063 conn->disc_timeout = HCI_PAIRING_TIMEOUT;
76a68ba0 3064 hci_conn_drop(conn);
052b30b0
MH		 3065 }
3066
a8b2d5c2 3067 if (!test_bit(HCI_PAIRABLE, &hdev->dev_flags))
03b555e1 3068 hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
807deac2 3069 sizeof(ev->bdaddr), &ev->bdaddr);
a8b2d5c2 3070 else if (test_bit(HCI_MGMT, &hdev->dev_flags)) {
a770bb5a
WR		 3071 u8 secure;
3072
3073 if (conn->pending_sec_level == BT_SECURITY_HIGH)
3074 secure = 1;
3075 else
3076 secure = 0;
3077
744cf19e 3078 mgmt_pin_code_request(hdev, &ev->bdaddr, secure);
a770bb5a 3079 }
980e1a53 3080
b6f98044 3081unlock:
052b30b0 3082 hci_dev_unlock(hdev);
a9de9248
MH		 3083}
3084
6039aa73 3085static void hci_link_key_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248 3086{
55ed8ca1
JH		 3087 struct hci_ev_link_key_req *ev = (void *) skb->data;
3088 struct hci_cp_link_key_reply cp;
3089 struct hci_conn *conn;
3090 struct link_key *key;
3091
a9de9248 3092 BT_DBG("%s", hdev->name);
55ed8ca1 3093
034cbea0 3094 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
55ed8ca1
JH		 3095 return;
3096
3097 hci_dev_lock(hdev);
3098
3099 key = hci_find_link_key(hdev, &ev->bdaddr);
3100 if (!key) {
6ed93dc6
AE		 3101 BT_DBG("%s link key not found for %pMR", hdev->name,
3102 &ev->bdaddr);
55ed8ca1
JH		 3103 goto not_found;
3104 }
3105
6ed93dc6
AE		 3106 BT_DBG("%s found key type %u for %pMR", hdev->name, key->type,
3107 &ev->bdaddr);
55ed8ca1 3108
55ed8ca1 3109 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
60b83f57 3110 if (conn) {
66138ce8
MH		 3111 if ((key->type == HCI_LK_UNAUTH_COMBINATION_P192 ||
3112 key->type == HCI_LK_UNAUTH_COMBINATION_P256) &&
807deac2 3113 conn->auth_type != 0xff && (conn->auth_type & 0x01)) {
60b83f57
WR		 3114 BT_DBG("%s ignoring unauthenticated key", hdev->name);
3115 goto not_found;
3116 }
55ed8ca1 3117
60b83f57 3118 if (key->type == HCI_LK_COMBINATION && key->pin_len < 16 &&
f3fb0b58
JH		 3119 (conn->pending_sec_level == BT_SECURITY_HIGH ||
3120 conn->pending_sec_level == BT_SECURITY_FIPS)) {
8fc9ced3
GP		 3121 BT_DBG("%s ignoring key unauthenticated for high security",
3122 hdev->name);
60b83f57
WR		 3123 goto not_found;
3124 }
3125
3126 conn->key_type = key->type;
3127 conn->pin_length = key->pin_len;
55ed8ca1
JH		 3128 }
3129
3130 bacpy(&cp.bdaddr, &ev->bdaddr);
9b3b4460 3131 memcpy(cp.link_key, key->val, HCI_LINK_KEY_SIZE);
55ed8ca1
JH		 3132
3133 hci_send_cmd(hdev, HCI_OP_LINK_KEY_REPLY, sizeof(cp), &cp);
3134
3135 hci_dev_unlock(hdev);
3136
3137 return;
3138
3139not_found:
3140 hci_send_cmd(hdev, HCI_OP_LINK_KEY_NEG_REPLY, 6, &ev->bdaddr);
3141 hci_dev_unlock(hdev);
a9de9248
MH		 3142}
3143
6039aa73 3144static void hci_link_key_notify_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248 3145{
052b30b0
MH		 3146 struct hci_ev_link_key_notify *ev = (void *) skb->data;
3147 struct hci_conn *conn;
7652ff6a
JH		 3148 struct link_key *key;
3149 bool persistent;
55ed8ca1 3150 u8 pin_len = 0;
052b30b0 3151
a9de9248 3152 BT_DBG("%s", hdev->name);
052b30b0
MH		 3153
3154 hci_dev_lock(hdev);
3155
3156 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3157 if (conn) {
3158 hci_conn_hold(conn);
3159 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
980e1a53 3160 pin_len = conn->pin_length;
13d39315
WR		 3161
3162 if (ev->key_type != HCI_LK_CHANGED_COMBINATION)
3163 conn->key_type = ev->key_type;
3164
76a68ba0 3165 hci_conn_drop(conn);
052b30b0
MH		 3166 }
3167
7652ff6a
JH		 3168 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
3169 goto unlock;
3170
3171 key = hci_add_link_key(hdev, conn, &ev->bdaddr, ev->link_key,
3172 ev->key_type, pin_len, &persistent);
3173 if (!key)
3174 goto unlock;
3175
3176 mgmt_new_link_key(hdev, key, persistent);
55ed8ca1 3177
6d5650c4
JH		 3178 /* Keep debug keys around only if the HCI_KEEP_DEBUG_KEYS flag
3179 * is set. If it's not set simply remove the key from the kernel
3180 * list (we've still notified user space about it but with
3181 * store_hint being 0).
3182 */
3183 if (key->type == HCI_LK_DEBUG_COMBINATION &&
3184 !test_bit(HCI_KEEP_DEBUG_KEYS, &hdev->dev_flags)) {
3185 list_del(&key->list);
3186 kfree(key);
3187 } else if (conn) {
af6a9c32
JH		 3188 if (persistent)
3189 clear_bit(HCI_CONN_FLUSH_KEY, &conn->flags);
3190 else
3191 set_bit(HCI_CONN_FLUSH_KEY, &conn->flags);
6d5650c4 3192 }
7652ff6a
JH		 3193
3194unlock:
052b30b0 3195 hci_dev_unlock(hdev);
a9de9248
MH		 3196}
3197
6039aa73 3198static void hci_clock_offset_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 3199{
a9de9248 3200 struct hci_ev_clock_offset *ev = (void *) skb->data;
04837f64 3201 struct hci_conn *conn;
1da177e4 3202
9f1db00c 3203 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
1da177e4
LT		 3204
3205 hci_dev_lock(hdev);
3206
04837f64 3207 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1da177e4
LT		 3208 if (conn && !ev->status) {
3209 struct inquiry_entry *ie;
3210
cc11b9c1
AE		 3211 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
3212 if (ie) {
1da177e4
LT		 3213 ie->data.clock_offset = ev->clock_offset;
3214 ie->timestamp = jiffies;
3215 }
3216 }
3217
3218 hci_dev_unlock(hdev);
3219}
3220
6039aa73 3221static void hci_pkt_type_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
a8746417
MH		 3222{
3223 struct hci_ev_pkt_type_change *ev = (void *) skb->data;
3224 struct hci_conn *conn;
3225
9f1db00c 3226 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
a8746417
MH		 3227
3228 hci_dev_lock(hdev);
3229
3230 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
3231 if (conn && !ev->status)
3232 conn->pkt_type = __le16_to_cpu(ev->pkt_type);
3233
3234 hci_dev_unlock(hdev);
3235}
3236
6039aa73 3237static void hci_pscan_rep_mode_evt(struct hci_dev *hdev, struct sk_buff *skb)
85a1e930 3238{
a9de9248 3239 struct hci_ev_pscan_rep_mode *ev = (void *) skb->data;
85a1e930
MH		 3240 struct inquiry_entry *ie;
3241
3242 BT_DBG("%s", hdev->name);
3243
3244 hci_dev_lock(hdev);
3245
cc11b9c1
AE		 3246 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
3247 if (ie) {
85a1e930
MH		 3248 ie->data.pscan_rep_mode = ev->pscan_rep_mode;
3249 ie->timestamp = jiffies;
3250 }
3251
3252 hci_dev_unlock(hdev);
3253}
3254
6039aa73
GP		 3255static void hci_inquiry_result_with_rssi_evt(struct hci_dev *hdev,
3256 struct sk_buff *skb)
a9de9248
MH		 3257{
3258 struct inquiry_data data;
3259 int num_rsp = *((__u8 *) skb->data);
388fc8fa 3260 bool name_known, ssp;
a9de9248
MH		 3261
3262 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
3263
3264 if (!num_rsp)
3265 return;
3266
1519cc17
AG		 3267 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags))
3268 return;
3269
a9de9248
MH		 3270 hci_dev_lock(hdev);
3271
3272 if ((skb->len - 1) / num_rsp != sizeof(struct inquiry_info_with_rssi)) {
138d22ef
SJ		 3273 struct inquiry_info_with_rssi_and_pscan_mode *info;
3274 info = (void *) (skb->data + 1);
a9de9248 3275
e17acd40 3276 for (; num_rsp; num_rsp--, info++) {
a9de9248
MH		 3277 bacpy(&data.bdaddr, &info->bdaddr);
3278 data.pscan_rep_mode = info->pscan_rep_mode;
3279 data.pscan_period_mode = info->pscan_period_mode;
3280 data.pscan_mode = info->pscan_mode;
3281 memcpy(data.dev_class, info->dev_class, 3);
3282 data.clock_offset = info->clock_offset;
3283 data.rssi = info->rssi;
41a96212 3284 data.ssp_mode = 0x00;
3175405b
JH		 3285
3286 name_known = hci_inquiry_cache_update(hdev, &data,
04124681 3287 false, &ssp);
48264f06 3288 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
04124681 3289 info->dev_class, info->rssi,
5d2e9fad 3290 !name_known, ssp, NULL, 0, NULL, 0);
a9de9248
MH		 3291 }
3292 } else {
3293 struct inquiry_info_with_rssi *info = (void *) (skb->data + 1);
3294
e17acd40 3295 for (; num_rsp; num_rsp--, info++) {
a9de9248
MH		 3296 bacpy(&data.bdaddr, &info->bdaddr);
3297 data.pscan_rep_mode = info->pscan_rep_mode;
3298 data.pscan_period_mode = info->pscan_period_mode;
3299 data.pscan_mode = 0x00;
3300 memcpy(data.dev_class, info->dev_class, 3);
3301 data.clock_offset = info->clock_offset;
3302 data.rssi = info->rssi;
41a96212 3303 data.ssp_mode = 0x00;
3175405b 3304 name_known = hci_inquiry_cache_update(hdev, &data,
04124681 3305 false, &ssp);
48264f06 3306 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
04124681 3307 info->dev_class, info->rssi,
5d2e9fad 3308 !name_known, ssp, NULL, 0, NULL, 0);
a9de9248
MH		 3309 }
3310 }
3311
3312 hci_dev_unlock(hdev);
3313}
3314
6039aa73
GP		 3315static void hci_remote_ext_features_evt(struct hci_dev *hdev,
3316 struct sk_buff *skb)
a9de9248 3317{
41a96212
MH		 3318 struct hci_ev_remote_ext_features *ev = (void *) skb->data;
3319 struct hci_conn *conn;
3320
a9de9248 3321 BT_DBG("%s", hdev->name);
41a96212 3322
41a96212
MH		 3323 hci_dev_lock(hdev);
3324
3325 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
ccd556fe
JH		 3326 if (!conn)
3327 goto unlock;
41a96212 3328
cad718ed
JH		 3329 if (ev->page < HCI_MAX_PAGES)
3330 memcpy(conn->features[ev->page], ev->features, 8);
3331
ccd556fe
JH		 3332 if (!ev->status && ev->page == 0x01) {
3333 struct inquiry_entry *ie;
41a96212 3334
cc11b9c1
AE		 3335 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
3336 if (ie)
02b7cc62 3337 ie->data.ssp_mode = (ev->features[0] & LMP_HOST_SSP);
769be974 3338
bbb0eada 3339 if (ev->features[0] & LMP_HOST_SSP) {
58a681ef 3340 set_bit(HCI_CONN_SSP_ENABLED, &conn->flags);
bbb0eada
JK		 3341 } else {
3342 /* It is mandatory by the Bluetooth specification that
3343 * Extended Inquiry Results are only used when Secure
3344 * Simple Pairing is enabled, but some devices violate
3345 * this.
3346 *
3347 * To make these devices work, the internal SSP
3348 * enabled flag needs to be cleared if the remote host
3349 * features do not indicate SSP support */
3350 clear_bit(HCI_CONN_SSP_ENABLED, &conn->flags);
3351 }
eb9a8f3f
MH		 3352
3353 if (ev->features[0] & LMP_HOST_SC)
3354 set_bit(HCI_CONN_SC_ENABLED, &conn->flags);
ccd556fe
JH		 3355 }
3356
3357 if (conn->state != BT_CONFIG)
3358 goto unlock;
3359
671267bf 3360 if (!ev->status && !test_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags)) {
127178d2
JH		 3361 struct hci_cp_remote_name_req cp;
3362 memset(&cp, 0, sizeof(cp));
3363 bacpy(&cp.bdaddr, &conn->dst);
3364 cp.pscan_rep_mode = 0x02;
3365 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
b644ba33
JH		 3366 } else if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
3367 mgmt_device_connected(hdev, &conn->dst, conn->type,
04124681
GP		 3368 conn->dst_type, 0, NULL, 0,
3369 conn->dev_class);
392599b9 3370
127178d2 3371 if (!hci_outgoing_auth_needed(hdev, conn)) {
ccd556fe
JH		 3372 conn->state = BT_CONNECTED;
3373 hci_proto_connect_cfm(conn, ev->status);
76a68ba0 3374 hci_conn_drop(conn);
41a96212
MH		 3375 }
3376
ccd556fe 3377unlock:
41a96212 3378 hci_dev_unlock(hdev);
a9de9248
MH		 3379}
3380
6039aa73
GP		 3381static void hci_sync_conn_complete_evt(struct hci_dev *hdev,
3382 struct sk_buff *skb)
a9de9248 3383{
b6a0dc82
MH		 3384 struct hci_ev_sync_conn_complete *ev = (void *) skb->data;
3385 struct hci_conn *conn;
3386
9f1db00c 3387 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
b6a0dc82
MH		 3388
3389 hci_dev_lock(hdev);
3390
3391 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
9dc0a3af
MH		 3392 if (!conn) {
3393 if (ev->link_type == ESCO_LINK)
3394 goto unlock;
3395
3396 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
3397 if (!conn)
3398 goto unlock;
3399
3400 conn->type = SCO_LINK;
3401 }
b6a0dc82 3402
732547f9
MH		 3403 switch (ev->status) {
3404 case 0x00:
b6a0dc82
MH		 3405 conn->handle = __le16_to_cpu(ev->handle);
3406 conn->state = BT_CONNECTED;
7d0db0a3
MH		 3407
3408 hci_conn_add_sysfs(conn);
732547f9
MH		 3409 break;
3410
1a4c958c 3411 case 0x0d: /* Connection Rejected due to Limited Resources */
705e5711 3412 case 0x11: /* Unsupported Feature or Parameter Value */
732547f9 3413 case 0x1c: /* SCO interval rejected */
1038a00b 3414 case 0x1a: /* Unsupported Remote Feature */
732547f9 3415 case 0x1f: /* Unspecified error */
27539bc4 3416 case 0x20: /* Unsupported LMP Parameter value */
2dea632f 3417 if (conn->out) {
732547f9
MH		 3418 conn->pkt_type = (hdev->esco_type & SCO_ESCO_MASK) |
3419 (hdev->esco_type & EDR_ESCO_MASK);
2dea632f
FD		 3420 if (hci_setup_sync(conn, conn->link->handle))
3421 goto unlock;
732547f9
MH		 3422 }
3423 /* fall through */
3424
3425 default:
b6a0dc82 3426 conn->state = BT_CLOSED;
732547f9
MH		 3427 break;
3428 }
b6a0dc82
MH		 3429
3430 hci_proto_connect_cfm(conn, ev->status);
3431 if (ev->status)
3432 hci_conn_del(conn);
3433
3434unlock:
3435 hci_dev_unlock(hdev);
a9de9248
MH		 3436}
3437
efdcf8e3
MH		 3438static inline size_t eir_get_length(u8 *eir, size_t eir_len)
3439{
3440 size_t parsed = 0;
3441
3442 while (parsed < eir_len) {
3443 u8 field_len = eir[0];
3444
3445 if (field_len == 0)
3446 return parsed;
3447
3448 parsed += field_len + 1;
3449 eir += field_len + 1;
3450 }
3451
3452 return eir_len;
3453}
3454
6039aa73
GP		 3455static void hci_extended_inquiry_result_evt(struct hci_dev *hdev,
3456 struct sk_buff *skb)
1da177e4 3457{
a9de9248
MH		 3458 struct inquiry_data data;
3459 struct extended_inquiry_info *info = (void *) (skb->data + 1);
3460 int num_rsp = *((__u8 *) skb->data);
9d939d94 3461 size_t eir_len;
1da177e4 3462
a9de9248 3463 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
1da177e4 3464
a9de9248
MH		 3465 if (!num_rsp)
3466 return;
1da177e4 3467
1519cc17
AG		 3468 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags))
3469 return;
3470
a9de9248
MH		 3471 hci_dev_lock(hdev);
3472
e17acd40 3473 for (; num_rsp; num_rsp--, info++) {
388fc8fa 3474 bool name_known, ssp;
561aafbc 3475
a9de9248 3476 bacpy(&data.bdaddr, &info->bdaddr);
138d22ef
SJ		 3477 data.pscan_rep_mode = info->pscan_rep_mode;
3478 data.pscan_period_mode = info->pscan_period_mode;
3479 data.pscan_mode = 0x00;
a9de9248 3480 memcpy(data.dev_class, info->dev_class, 3);
138d22ef
SJ		 3481 data.clock_offset = info->clock_offset;
3482 data.rssi = info->rssi;
41a96212 3483 data.ssp_mode = 0x01;
561aafbc 3484
a8b2d5c2 3485 if (test_bit(HCI_MGMT, &hdev->dev_flags))
4ddb1930 3486 name_known = eir_has_data_type(info->data,
04124681
GP		 3487 sizeof(info->data),
3488 EIR_NAME_COMPLETE);
561aafbc
JH		 3489 else
3490 name_known = true;
3491
388fc8fa 3492 name_known = hci_inquiry_cache_update(hdev, &data, name_known,
04124681 3493 &ssp);
9d939d94 3494 eir_len = eir_get_length(info->data, sizeof(info->data));
48264f06 3495 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
04124681 3496 info->dev_class, info->rssi, !name_known,
5d2e9fad 3497 ssp, info->data, eir_len, NULL, 0);
a9de9248
MH		 3498 }
3499
3500 hci_dev_unlock(hdev);
3501}
1da177e4 3502
1c2e0041
JH		 3503static void hci_key_refresh_complete_evt(struct hci_dev *hdev,
3504 struct sk_buff *skb)
3505{
3506 struct hci_ev_key_refresh_complete *ev = (void *) skb->data;
3507 struct hci_conn *conn;
3508
9f1db00c 3509 BT_DBG("%s status 0x%2.2x handle 0x%4.4x", hdev->name, ev->status,
1c2e0041
JH		 3510 __le16_to_cpu(ev->handle));
3511
3512 hci_dev_lock(hdev);
3513
3514 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
3515 if (!conn)
3516 goto unlock;
3517
9eb1fbfa
JH		 3518 /* For BR/EDR the necessary steps are taken through the
3519 * auth_complete event.
3520 */
3521 if (conn->type != LE_LINK)
3522 goto unlock;
3523
1c2e0041
JH		 3524 if (!ev->status)
3525 conn->sec_level = conn->pending_sec_level;
3526
3527 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
3528
3529 if (ev->status && conn->state == BT_CONNECTED) {
bed71748 3530 hci_disconnect(conn, HCI_ERROR_AUTH_FAILURE);
76a68ba0 3531 hci_conn_drop(conn);
1c2e0041
JH		 3532 goto unlock;
3533 }
3534
3535 if (conn->state == BT_CONFIG) {
3536 if (!ev->status)
3537 conn->state = BT_CONNECTED;
3538
3539 hci_proto_connect_cfm(conn, ev->status);
76a68ba0 3540 hci_conn_drop(conn);
1c2e0041
JH		 3541 } else {
3542 hci_auth_cfm(conn, ev->status);
3543
3544 hci_conn_hold(conn);
3545 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
76a68ba0 3546 hci_conn_drop(conn);
1c2e0041
JH		 3547 }
3548
3549unlock:
3550 hci_dev_unlock(hdev);
3551}
3552
6039aa73 3553static u8 hci_get_auth_req(struct hci_conn *conn)
17fa4b9d 3554{
17fa4b9d 3555 /* If remote requests no-bonding follow that lead */
acabae96
MA		 3556 if (conn->remote_auth == HCI_AT_NO_BONDING ||
3557 conn->remote_auth == HCI_AT_NO_BONDING_MITM)
58797bf7 3558 return conn->remote_auth | (conn->auth_type & 0x01);
17fa4b9d 3559
b7f94c88
MA		 3560 /* If both remote and local have enough IO capabilities, require
3561 * MITM protection
3562 */
3563 if (conn->remote_cap != HCI_IO_NO_INPUT_OUTPUT &&
3564 conn->io_capability != HCI_IO_NO_INPUT_OUTPUT)
3565 return conn->remote_auth | 0x01;
3566
7e74170a
TM		 3567 /* No MITM protection possible so ignore remote requirement */
3568 return (conn->remote_auth & ~0x01) | (conn->auth_type & 0x01);
17fa4b9d
JH		 3569}
3570
6039aa73 3571static void hci_io_capa_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
0493684e
MH		 3572{
3573 struct hci_ev_io_capa_request *ev = (void *) skb->data;
3574 struct hci_conn *conn;
3575
3576 BT_DBG("%s", hdev->name);
3577
3578 hci_dev_lock(hdev);
3579
3580 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
03b555e1
JH		 3581 if (!conn)
3582 goto unlock;
3583
3584 hci_conn_hold(conn);
3585
a8b2d5c2 3586 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
03b555e1
JH		 3587 goto unlock;
3588
a8b2d5c2 3589 if (test_bit(HCI_PAIRABLE, &hdev->dev_flags) ||
807deac2 3590 (conn->remote_auth & ~0x01) == HCI_AT_NO_BONDING) {
17fa4b9d
JH		 3591 struct hci_cp_io_capability_reply cp;
3592
3593 bacpy(&cp.bdaddr, &ev->bdaddr);
7a7f1e7c
HG		 3594 /* Change the IO capability from KeyboardDisplay
3595 * to DisplayYesNo as it is not supported by BT spec. */
3596 cp.capability = (conn->io_capability == 0x04) ?
a767631a 3597 HCI_IO_DISPLAY_YESNO : conn->io_capability;
b7f94c88
MA		 3598
3599 /* If we are initiators, there is no remote information yet */
3600 if (conn->remote_auth == 0xff) {
3601 cp.authentication = conn->auth_type;
6fd6b915 3602
b16c6604 3603 /* Request MITM protection if our IO caps allow it
4ad51a75
JH		 3604 * except for the no-bonding case.
3605 * conn->auth_type is not updated here since
3606 * that might cause the user confirmation to be
3607 * rejected in case the remote doesn't have the
3608 * IO capabilities for MITM.
b16c6604 3609 */
6fd6b915 3610 if (conn->io_capability != HCI_IO_NO_INPUT_OUTPUT &&
b16c6604 3611 cp.authentication != HCI_AT_NO_BONDING)
6fd6b915 3612 cp.authentication |= 0x01;
b7f94c88
MA		 3613 } else {
3614 conn->auth_type = hci_get_auth_req(conn);
3615 cp.authentication = conn->auth_type;
3616 }
17fa4b9d 3617
8fc9ced3
GP		 3618 if (hci_find_remote_oob_data(hdev, &conn->dst) &&
3619 (conn->out || test_bit(HCI_CONN_REMOTE_OOB, &conn->flags)))
ce85ee13
SJ		 3620 cp.oob_data = 0x01;
3621 else
3622 cp.oob_data = 0x00;
3623
17fa4b9d 3624 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_REPLY,
807deac2 3625 sizeof(cp), &cp);
03b555e1
JH		 3626 } else {
3627 struct hci_cp_io_capability_neg_reply cp;
3628
3629 bacpy(&cp.bdaddr, &ev->bdaddr);
9f5a0d7b 3630 cp.reason = HCI_ERROR_PAIRING_NOT_ALLOWED;
0493684e 3631
03b555e1 3632 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_NEG_REPLY,
807deac2 3633 sizeof(cp), &cp);
03b555e1
JH		 3634 }
3635
3636unlock:
3637 hci_dev_unlock(hdev);
3638}
3639
6039aa73 3640static void hci_io_capa_reply_evt(struct hci_dev *hdev, struct sk_buff *skb)
03b555e1
JH		 3641{
3642 struct hci_ev_io_capa_reply *ev = (void *) skb->data;
3643 struct hci_conn *conn;
3644
3645 BT_DBG("%s", hdev->name);
3646
3647 hci_dev_lock(hdev);
3648
3649 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3650 if (!conn)
3651 goto unlock;
3652
03b555e1 3653 conn->remote_cap = ev->capability;
03b555e1 3654 conn->remote_auth = ev->authentication;
58a681ef
JH		 3655 if (ev->oob_data)
3656 set_bit(HCI_CONN_REMOTE_OOB, &conn->flags);
03b555e1
JH		 3657
3658unlock:
0493684e
MH		 3659 hci_dev_unlock(hdev);
3660}
3661
6039aa73
GP		 3662static void hci_user_confirm_request_evt(struct hci_dev *hdev,
3663 struct sk_buff *skb)
a5c29683
JH		 3664{
3665 struct hci_ev_user_confirm_req *ev = (void *) skb->data;
55bc1a37 3666 int loc_mitm, rem_mitm, confirm_hint = 0;
7a828908 3667 struct hci_conn *conn;
a5c29683
JH		 3668
3669 BT_DBG("%s", hdev->name);
3670
3671 hci_dev_lock(hdev);
3672
a8b2d5c2 3673 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
7a828908 3674 goto unlock;
a5c29683 3675
7a828908
JH		 3676 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3677 if (!conn)
3678 goto unlock;
3679
3680 loc_mitm = (conn->auth_type & 0x01);
3681 rem_mitm = (conn->remote_auth & 0x01);
3682
3683 /* If we require MITM but the remote device can't provide that
6fd6b915
MA		 3684 * (it has NoInputNoOutput) then reject the confirmation request
3685 */
3686 if (loc_mitm && conn->remote_cap == HCI_IO_NO_INPUT_OUTPUT) {
7a828908
JH		 3687 BT_DBG("Rejecting request: remote device can't provide MITM");
3688 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_NEG_REPLY,
807deac2 3689 sizeof(ev->bdaddr), &ev->bdaddr);
7a828908
JH		 3690 goto unlock;
3691 }
3692
3693 /* If no side requires MITM protection; auto-accept */
a767631a
MA		 3694 if ((!loc_mitm || conn->remote_cap == HCI_IO_NO_INPUT_OUTPUT) &&
3695 (!rem_mitm || conn->io_capability == HCI_IO_NO_INPUT_OUTPUT)) {
55bc1a37
JH		 3696
3697 /* If we're not the initiators request authorization to
3698 * proceed from user space (mgmt_user_confirm with
ba15a58b
JH		 3699 * confirm_hint set to 1). The exception is if neither
3700 * side had MITM in which case we do auto-accept.
3701 */
3702 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->flags) &&
3703 (loc_mitm || rem_mitm)) {
55bc1a37
JH		 3704 BT_DBG("Confirming auto-accept as acceptor");
3705 confirm_hint = 1;
3706 goto confirm;
3707 }
3708
9f61656a 3709 BT_DBG("Auto-accept of user confirmation with %ums delay",
807deac2 3710 hdev->auto_accept_delay);
9f61656a
JH		 3711
3712 if (hdev->auto_accept_delay > 0) {
3713 int delay = msecs_to_jiffies(hdev->auto_accept_delay);
7bc18d9d
JH		 3714 queue_delayed_work(conn->hdev->workqueue,
3715 &conn->auto_accept_work, delay);
9f61656a
JH		 3716 goto unlock;
3717 }
3718
7a828908 3719 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_REPLY,
807deac2 3720 sizeof(ev->bdaddr), &ev->bdaddr);
7a828908
JH		 3721 goto unlock;
3722 }
3723
55bc1a37 3724confirm:
39adbffe
JH		 3725 mgmt_user_confirm_request(hdev, &ev->bdaddr, ACL_LINK, 0,
3726 le32_to_cpu(ev->passkey), confirm_hint);
7a828908
JH		 3727
3728unlock:
a5c29683
JH		 3729 hci_dev_unlock(hdev);
3730}
3731
6039aa73
GP		 3732static void hci_user_passkey_request_evt(struct hci_dev *hdev,
3733 struct sk_buff *skb)
1143d458
BG		 3734{
3735 struct hci_ev_user_passkey_req *ev = (void *) skb->data;
3736
3737 BT_DBG("%s", hdev->name);
3738
a8b2d5c2 3739 if (test_bit(HCI_MGMT, &hdev->dev_flags))
272d90df 3740 mgmt_user_passkey_request(hdev, &ev->bdaddr, ACL_LINK, 0);
1143d458
BG		 3741}
3742
92a25256
JH		 3743static void hci_user_passkey_notify_evt(struct hci_dev *hdev,
3744 struct sk_buff *skb)
3745{
3746 struct hci_ev_user_passkey_notify *ev = (void *) skb->data;
3747 struct hci_conn *conn;
3748
3749 BT_DBG("%s", hdev->name);
3750
3751 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3752 if (!conn)
3753 return;
3754
3755 conn->passkey_notify = __le32_to_cpu(ev->passkey);
3756 conn->passkey_entered = 0;
3757
3758 if (test_bit(HCI_MGMT, &hdev->dev_flags))
3759 mgmt_user_passkey_notify(hdev, &conn->dst, conn->type,
3760 conn->dst_type, conn->passkey_notify,
3761 conn->passkey_entered);
3762}
3763
3764static void hci_keypress_notify_evt(struct hci_dev *hdev, struct sk_buff *skb)
3765{
3766 struct hci_ev_keypress_notify *ev = (void *) skb->data;
3767 struct hci_conn *conn;
3768
3769 BT_DBG("%s", hdev->name);
3770
3771 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3772 if (!conn)
3773 return;
3774
3775 switch (ev->type) {
3776 case HCI_KEYPRESS_STARTED:
3777 conn->passkey_entered = 0;
3778 return;
3779
3780 case HCI_KEYPRESS_ENTERED:
3781 conn->passkey_entered++;
3782 break;
3783
3784 case HCI_KEYPRESS_ERASED:
3785 conn->passkey_entered--;
3786 break;
3787
3788 case HCI_KEYPRESS_CLEARED:
3789 conn->passkey_entered = 0;
3790 break;
3791
3792 case HCI_KEYPRESS_COMPLETED:
3793 return;
3794 }
3795
3796 if (test_bit(HCI_MGMT, &hdev->dev_flags))
3797 mgmt_user_passkey_notify(hdev, &conn->dst, conn->type,
3798 conn->dst_type, conn->passkey_notify,
3799 conn->passkey_entered);
3800}
3801
6039aa73
GP		 3802static void hci_simple_pair_complete_evt(struct hci_dev *hdev,
3803 struct sk_buff *skb)
0493684e
MH		 3804{
3805 struct hci_ev_simple_pair_complete *ev = (void *) skb->data;
3806 struct hci_conn *conn;
3807
3808 BT_DBG("%s", hdev->name);
3809
3810 hci_dev_lock(hdev);
3811
3812 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2a611692
JH		 3813 if (!conn)
3814 goto unlock;
3815
3816 /* To avoid duplicate auth_failed events to user space we check
3817 * the HCI_CONN_AUTH_PEND flag which will be set if we
3818 * initiated the authentication. A traditional auth_complete
3819 * event gets always produced as initiator and is also mapped to
3820 * the mgmt_auth_failed event */
fa1bd918 3821 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->flags) && ev->status)
bab73cb6 3822 mgmt_auth_failed(hdev, &conn->dst, conn->type, conn->dst_type,
04124681 3823 ev->status);
0493684e 3824
76a68ba0 3825 hci_conn_drop(conn);
2a611692
JH		 3826
3827unlock:
0493684e
MH		 3828 hci_dev_unlock(hdev);
3829}
3830
6039aa73
GP		 3831static void hci_remote_host_features_evt(struct hci_dev *hdev,
3832 struct sk_buff *skb)
41a96212
MH		 3833{
3834 struct hci_ev_remote_host_features *ev = (void *) skb->data;
3835 struct inquiry_entry *ie;
cad718ed 3836 struct hci_conn *conn;
41a96212
MH		 3837
3838 BT_DBG("%s", hdev->name);
3839
3840 hci_dev_lock(hdev);
3841
cad718ed
JH		 3842 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3843 if (conn)
3844 memcpy(conn->features[1], ev->features, 8);
3845
cc11b9c1
AE		 3846 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
3847 if (ie)
02b7cc62 3848 ie->data.ssp_mode = (ev->features[0] & LMP_HOST_SSP);
41a96212
MH		 3849
3850 hci_dev_unlock(hdev);
3851}
3852
6039aa73
GP		 3853static void hci_remote_oob_data_request_evt(struct hci_dev *hdev,
3854 struct sk_buff *skb)
2763eda6
SJ		 3855{
3856 struct hci_ev_remote_oob_data_request *ev = (void *) skb->data;
3857 struct oob_data *data;
3858
3859 BT_DBG("%s", hdev->name);
3860
3861 hci_dev_lock(hdev);
3862
a8b2d5c2 3863 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
e1ba1f15
SJ		 3864 goto unlock;
3865
2763eda6
SJ		 3866 data = hci_find_remote_oob_data(hdev, &ev->bdaddr);
3867 if (data) {
519ca9d0
MH		 3868 if (test_bit(HCI_SC_ENABLED, &hdev->dev_flags)) {
3869 struct hci_cp_remote_oob_ext_data_reply cp;
2763eda6 3870
519ca9d0
MH		 3871 bacpy(&cp.bdaddr, &ev->bdaddr);
3872 memcpy(cp.hash192, data->hash192, sizeof(cp.hash192));
3873 memcpy(cp.randomizer192, data->randomizer192,
3874 sizeof(cp.randomizer192));
3875 memcpy(cp.hash256, data->hash256, sizeof(cp.hash256));
3876 memcpy(cp.randomizer256, data->randomizer256,
3877 sizeof(cp.randomizer256));
3878
3879 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_EXT_DATA_REPLY,
3880 sizeof(cp), &cp);
3881 } else {
3882 struct hci_cp_remote_oob_data_reply cp;
2763eda6 3883
519ca9d0
MH		 3884 bacpy(&cp.bdaddr, &ev->bdaddr);
3885 memcpy(cp.hash, data->hash192, sizeof(cp.hash));
3886 memcpy(cp.randomizer, data->randomizer192,
3887 sizeof(cp.randomizer));
3888
3889 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_REPLY,
3890 sizeof(cp), &cp);
3891 }
2763eda6
SJ		 3892 } else {
3893 struct hci_cp_remote_oob_data_neg_reply cp;
3894
3895 bacpy(&cp.bdaddr, &ev->bdaddr);
519ca9d0
MH		 3896 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_NEG_REPLY,
3897 sizeof(cp), &cp);
2763eda6
SJ		 3898 }
3899
e1ba1f15 3900unlock:
2763eda6
SJ		 3901 hci_dev_unlock(hdev);
3902}
3903
d5e91192
AE		 3904static void hci_phy_link_complete_evt(struct hci_dev *hdev,
3905 struct sk_buff *skb)
3906{
3907 struct hci_ev_phy_link_complete *ev = (void *) skb->data;
3908 struct hci_conn *hcon, *bredr_hcon;
3909
3910 BT_DBG("%s handle 0x%2.2x status 0x%2.2x", hdev->name, ev->phy_handle,
3911 ev->status);
3912
3913 hci_dev_lock(hdev);
3914
3915 hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
3916 if (!hcon) {
3917 hci_dev_unlock(hdev);
3918 return;
3919 }
3920
3921 if (ev->status) {
3922 hci_conn_del(hcon);
3923 hci_dev_unlock(hdev);
3924 return;
3925 }
3926
3927 bredr_hcon = hcon->amp_mgr->l2cap_conn->hcon;
3928
3929 hcon->state = BT_CONNECTED;
3930 bacpy(&hcon->dst, &bredr_hcon->dst);
3931
3932 hci_conn_hold(hcon);
3933 hcon->disc_timeout = HCI_DISCONN_TIMEOUT;
76a68ba0 3934 hci_conn_drop(hcon);
d5e91192 3935
d5e91192
AE		 3936 hci_conn_add_sysfs(hcon);
3937
cf70ff22 3938 amp_physical_cfm(bredr_hcon, hcon);
d5e91192 3939
cf70ff22 3940 hci_dev_unlock(hdev);
d5e91192
AE		 3941}
3942
27695fb4
AE		 3943static void hci_loglink_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
3944{
3945 struct hci_ev_logical_link_complete *ev = (void *) skb->data;
3946 struct hci_conn *hcon;
3947 struct hci_chan *hchan;
3948 struct amp_mgr *mgr;
3949
3950 BT_DBG("%s log_handle 0x%4.4x phy_handle 0x%2.2x status 0x%2.2x",
3951 hdev->name, le16_to_cpu(ev->handle), ev->phy_handle,
3952 ev->status);
3953
3954 hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
3955 if (!hcon)
3956 return;
3957
3958 /* Create AMP hchan */
3959 hchan = hci_chan_create(hcon);
3960 if (!hchan)
3961 return;
3962
3963 hchan->handle = le16_to_cpu(ev->handle);
3964
3965 BT_DBG("hcon %p mgr %p hchan %p", hcon, hcon->amp_mgr, hchan);
3966
3967 mgr = hcon->amp_mgr;
3968 if (mgr && mgr->bredr_chan) {
3969 struct l2cap_chan *bredr_chan = mgr->bredr_chan;
3970
3971 l2cap_chan_lock(bredr_chan);
3972
3973 bredr_chan->conn->mtu = hdev->block_mtu;
3974 l2cap_logical_cfm(bredr_chan, hchan, 0);
3975 hci_conn_hold(hcon);
3976
3977 l2cap_chan_unlock(bredr_chan);
3978 }
3979}
3980
606e2a10
AE		 3981static void hci_disconn_loglink_complete_evt(struct hci_dev *hdev,
3982 struct sk_buff *skb)
3983{
3984 struct hci_ev_disconn_logical_link_complete *ev = (void *) skb->data;
3985 struct hci_chan *hchan;
3986
3987 BT_DBG("%s log handle 0x%4.4x status 0x%2.2x", hdev->name,
3988 le16_to_cpu(ev->handle), ev->status);
3989
3990 if (ev->status)
3991 return;
3992
3993 hci_dev_lock(hdev);
3994
3995 hchan = hci_chan_lookup_handle(hdev, le16_to_cpu(ev->handle));
3996 if (!hchan)
3997 goto unlock;
3998
3999 amp_destroy_logical_link(hchan, ev->reason);
4000
4001unlock:
4002 hci_dev_unlock(hdev);
4003}
4004
9eef6b3a
AE		 4005static void hci_disconn_phylink_complete_evt(struct hci_dev *hdev,
4006 struct sk_buff *skb)
4007{
4008 struct hci_ev_disconn_phy_link_complete *ev = (void *) skb->data;
4009 struct hci_conn *hcon;
4010
4011 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
4012
4013 if (ev->status)
4014 return;
4015
4016 hci_dev_lock(hdev);
4017
4018 hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
4019 if (hcon) {
4020 hcon->state = BT_CLOSED;
4021 hci_conn_del(hcon);
4022 }
4023
4024 hci_dev_unlock(hdev);
4025}
4026
6039aa73 4027static void hci_le_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
fcd89c09
VT		 4028{
4029 struct hci_ev_le_conn_complete *ev = (void *) skb->data;
4030 struct hci_conn *conn;
68d6f6de 4031 struct smp_irk *irk;
fcd89c09 4032
9f1db00c 4033 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
fcd89c09
VT		 4034
4035 hci_dev_lock(hdev);
4036
b47a09b3 4037 conn = hci_conn_hash_lookup_state(hdev, LE_LINK, BT_CONNECT);
b62f328b
VT		 4038 if (!conn) {
4039 conn = hci_conn_add(hdev, LE_LINK, &ev->bdaddr);
4040 if (!conn) {
4041 BT_ERR("No memory for new connection");
230fd16a 4042 goto unlock;
b62f328b 4043 }
29b7988a
AG		 4044
4045 conn->dst_type = ev->bdaddr_type;
b9b343d2
AG		 4046
4047 if (ev->role == LE_CONN_ROLE_MASTER) {
4048 conn->out = true;
4dae2798 4049 set_bit(HCI_CONN_MASTER, &conn->flags);
b9b343d2 4050 }
cb1d68f7
JH		 4051
4052 /* If we didn't have a hci_conn object previously
4053 * but we're in master role this must be something
4054 * initiated using a white list. Since white list based
4055 * connections are not "first class citizens" we don't
4056 * have full tracking of them. Therefore, we go ahead
4057 * with a "best effort" approach of determining the
4058 * initiator address based on the HCI_PRIVACY flag.
4059 */
4060 if (conn->out) {
4061 conn->resp_addr_type = ev->bdaddr_type;
4062 bacpy(&conn->resp_addr, &ev->bdaddr);
4063 if (test_bit(HCI_PRIVACY, &hdev->dev_flags)) {
4064 conn->init_addr_type = ADDR_LE_DEV_RANDOM;
4065 bacpy(&conn->init_addr, &hdev->rpa);
4066 } else {
4067 hci_copy_identity_address(hdev,
4068 &conn->init_addr,
4069 &conn->init_addr_type);
4070 }
cb1d68f7 4071 }
9489eca4
JH		 4072 } else {
4073 cancel_delayed_work(&conn->le_conn_timeout);
b62f328b 4074 }
fcd89c09 4075
80c24ab8
JH		 4076 if (!conn->out) {
4077 /* Set the responder (our side) address type based on
4078 * the advertising address type.
4079 */
4080 conn->resp_addr_type = hdev->adv_addr_type;
4081 if (hdev->adv_addr_type == ADDR_LE_DEV_RANDOM)
4082 bacpy(&conn->resp_addr, &hdev->random_addr);
4083 else
4084 bacpy(&conn->resp_addr, &hdev->bdaddr);
4085
4086 conn->init_addr_type = ev->bdaddr_type;
4087 bacpy(&conn->init_addr, &ev->bdaddr);
a720d735
MH		 4088
4089 /* For incoming connections, set the default minimum
4090 * and maximum connection interval. They will be used
4091 * to check if the parameters are in range and if not
4092 * trigger the connection update procedure.
4093 */
4094 conn->le_conn_min_interval = hdev->le_conn_min_interval;
4095 conn->le_conn_max_interval = hdev->le_conn_max_interval;
80c24ab8 4096 }
7be2edbb 4097
edb4b466
MH		 4098 /* Lookup the identity address from the stored connection
4099 * address and address type.
4100 *
4101 * When establishing connections to an identity address, the
4102 * connection procedure will store the resolvable random
4103 * address first. Now if it can be converted back into the
4104 * identity address, start using the identity address from
4105 * now on.
4106 */
4107 irk = hci_get_irk(hdev, &conn->dst, conn->dst_type);
68d6f6de
JH		 4108 if (irk) {
4109 bacpy(&conn->dst, &irk->bdaddr);
4110 conn->dst_type = irk->addr_type;
4111 }
4112
cd17decb 4113 if (ev->status) {
06c053fb 4114 hci_le_conn_failed(conn, ev->status);
cd17decb
AG		 4115 goto unlock;
4116 }
4117
b644ba33 4118 if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
01fdb0fc 4119 mgmt_device_connected(hdev, &conn->dst, conn->type,
04124681 4120 conn->dst_type, 0, NULL, 0, NULL);
83bc71b4 4121
7b5c0d52 4122 conn->sec_level = BT_SECURITY_LOW;
fcd89c09
VT		 4123 conn->handle = __le16_to_cpu(ev->handle);
4124 conn->state = BT_CONNECTED;
4125
e04fde60
MH		 4126 conn->le_conn_interval = le16_to_cpu(ev->interval);
4127 conn->le_conn_latency = le16_to_cpu(ev->latency);
4128 conn->le_supv_timeout = le16_to_cpu(ev->supervision_timeout);
4129
fcd89c09
VT		 4130 hci_conn_add_sysfs(conn);
4131
4132 hci_proto_connect_cfm(conn, ev->status);
4133
a4790dbd
AG		 4134 hci_pend_le_conn_del(hdev, &conn->dst, conn->dst_type);
4135
fcd89c09
VT		 4136unlock:
4137 hci_dev_unlock(hdev);
4138}
4139
1855d92d
MH		 4140static void hci_le_conn_update_complete_evt(struct hci_dev *hdev,
4141 struct sk_buff *skb)
4142{
4143 struct hci_ev_le_conn_update_complete *ev = (void *) skb->data;
4144 struct hci_conn *conn;
4145
4146 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
4147
4148 if (ev->status)
4149 return;
4150
4151 hci_dev_lock(hdev);
4152
4153 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
4154 if (conn) {
4155 conn->le_conn_interval = le16_to_cpu(ev->interval);
4156 conn->le_conn_latency = le16_to_cpu(ev->latency);
4157 conn->le_supv_timeout = le16_to_cpu(ev->supervision_timeout);
4158 }
4159
4160 hci_dev_unlock(hdev);
4161}
4162
a4790dbd
AG		 4163/* This function requires the caller holds hdev->lock */
4164static void check_pending_le_conn(struct hci_dev *hdev, bdaddr_t *addr,
4165 u8 addr_type)
4166{
4167 struct hci_conn *conn;
5b906a84
AG		 4168 struct smp_irk *irk;
4169
4170 /* If this is a resolvable address, we should resolve it and then
4171 * update address and address type variables.
4172 */
4173 irk = hci_get_irk(hdev, addr, addr_type);
4174 if (irk) {
4175 addr = &irk->bdaddr;
4176 addr_type = irk->addr_type;
4177 }
a4790dbd
AG		 4178
4179 if (!hci_pend_le_conn_lookup(hdev, addr, addr_type))
4180 return;
4181
4182 conn = hci_connect_le(hdev, addr, addr_type, BT_SECURITY_LOW,
4183 HCI_AT_NO_BONDING);
4184 if (!IS_ERR(conn))
4185 return;
4186
4187 switch (PTR_ERR(conn)) {
4188 case -EBUSY:
4189 /* If hci_connect() returns -EBUSY it means there is already
4190 * an LE connection attempt going on. Since controllers don't
4191 * support more than one connection attempt at the time, we
4192 * don't consider this an error case.
4193 */
4194 break;
4195 default:
4196 BT_DBG("Failed to connect: err %ld", PTR_ERR(conn));
4197 }
4198}
4199
4af605d8
JH		 4200static void process_adv_report(struct hci_dev *hdev, u8 type, bdaddr_t *bdaddr,
4201 u8 bdaddr_type, s8 rssi, u8 *data, u8 len)
4202{
b9a6328f 4203 struct discovery_state *d = &hdev->discovery;
474ee066 4204 bool match;
b9a6328f 4205
ca5c4be7
JH		 4206 /* Passive scanning shouldn't trigger any device found events */
4207 if (hdev->le_scan_type == LE_SCAN_PASSIVE) {
4208 if (type == LE_ADV_IND || type == LE_ADV_DIRECT_IND)
4209 check_pending_le_conn(hdev, bdaddr, bdaddr_type);
4210 return;
4211 }
4af605d8 4212
b9a6328f
JH		 4213 /* If there's nothing pending either store the data from this
4214 * event or send an immediate device found event if the data
4215 * should not be stored for later.
4216 */
4217 if (!has_pending_adv_report(hdev)) {
4218 /* If the report will trigger a SCAN_REQ store it for
4219 * later merging.
4220 */
4221 if (type == LE_ADV_IND || type == LE_ADV_SCAN_IND) {
4222 store_pending_adv_report(hdev, bdaddr, bdaddr_type,
ff5cd29f 4223 rssi, data, len);
b9a6328f
JH		 4224 return;
4225 }
4226
4227 mgmt_device_found(hdev, bdaddr, LE_LINK, bdaddr_type, NULL,
4228 rssi, 0, 1, data, len, NULL, 0);
4229 return;
4230 }
4231
474ee066
JH		 4232 /* Check if the pending report is for the same device as the new one */
4233 match = (!bacmp(bdaddr, &d->last_adv_addr) &&
4234 bdaddr_type == d->last_adv_addr_type);
4235
b9a6328f
JH		 4236 /* If the pending data doesn't match this report or this isn't a
4237 * scan response (e.g. we got a duplicate ADV_IND) then force
4238 * sending of the pending data.
4239 */
474ee066
JH		 4240 if (type != LE_ADV_SCAN_RSP || !match) {
4241 /* Send out whatever is in the cache, but skip duplicates */
4242 if (!match)
4243 mgmt_device_found(hdev, &d->last_adv_addr, LE_LINK,
ff5cd29f
JH		 4244 d->last_adv_addr_type, NULL,
4245 d->last_adv_rssi, 0, 1,
4246 d->last_adv_data,
474ee066 4247 d->last_adv_data_len, NULL, 0);
b9a6328f
JH		 4248
4249 /* If the new report will trigger a SCAN_REQ store it for
4250 * later merging.
4251 */
4252 if (type == LE_ADV_IND || type == LE_ADV_SCAN_IND) {
4253 store_pending_adv_report(hdev, bdaddr, bdaddr_type,
ff5cd29f 4254 rssi, data, len);
b9a6328f
JH		 4255 return;
4256 }
4257
4258 /* The advertising reports cannot be merged, so clear
4259 * the pending report and send out a device found event.
4260 */
4261 clear_pending_adv_report(hdev);
5c5b93e4
JH		 4262 mgmt_device_found(hdev, bdaddr, LE_LINK, bdaddr_type, NULL,
4263 rssi, 0, 1, data, len, NULL, 0);
b9a6328f
JH		 4264 return;
4265 }
4266
4267 /* If we get here we've got a pending ADV_IND or ADV_SCAN_IND and
4268 * the new event is a SCAN_RSP. We can therefore proceed with
4269 * sending a merged device found event.
4270 */
4271 mgmt_device_found(hdev, &d->last_adv_addr, LE_LINK,
4272 d->last_adv_addr_type, NULL, rssi, 0, 1, data, len,
4273 d->last_adv_data, d->last_adv_data_len);
4274 clear_pending_adv_report(hdev);
4af605d8
JH		 4275}
4276
6039aa73 4277static void hci_le_adv_report_evt(struct hci_dev *hdev, struct sk_buff *skb)
9aa04c91 4278{
e95beb41
AG		 4279 u8 num_reports = skb->data[0];
4280 void *ptr = &skb->data[1];
9aa04c91 4281
a4790dbd
AG		 4282 hci_dev_lock(hdev);
4283
e95beb41
AG		 4284 while (num_reports--) {
4285 struct hci_ev_le_advertising_info *ev = ptr;
4af605d8 4286 s8 rssi;
a4790dbd 4287
3c9e9195 4288 rssi = ev->data[ev->length];
4af605d8
JH		 4289 process_adv_report(hdev, ev->evt_type, &ev->bdaddr,
4290 ev->bdaddr_type, rssi, ev->data, ev->length);
3c9e9195 4291
e95beb41 4292 ptr += sizeof(*ev) + ev->length + 1;
9aa04c91 4293 }
a4790dbd
AG		 4294
4295 hci_dev_unlock(hdev);
9aa04c91
AG		 4296}
4297
6039aa73 4298static void hci_le_ltk_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
a7a595f6
VCG		 4299{
4300 struct hci_ev_le_ltk_req *ev = (void *) skb->data;
4301 struct hci_cp_le_ltk_reply cp;
bea710fe 4302 struct hci_cp_le_ltk_neg_reply neg;
a7a595f6 4303 struct hci_conn *conn;
c9839a11 4304 struct smp_ltk *ltk;
a7a595f6 4305
9f1db00c 4306 BT_DBG("%s handle 0x%4.4x", hdev->name, __le16_to_cpu(ev->handle));
a7a595f6
VCG		 4307
4308 hci_dev_lock(hdev);
4309
4310 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
bea710fe
VCG		 4311 if (conn == NULL)
4312 goto not_found;
a7a595f6 4313
fe39c7b2 4314 ltk = hci_find_ltk(hdev, ev->ediv, ev->rand, conn->out);
bea710fe
VCG		 4315 if (ltk == NULL)
4316 goto not_found;
4317
4318 memcpy(cp.ltk, ltk->val, sizeof(ltk->val));
a7a595f6 4319 cp.handle = cpu_to_le16(conn->handle);
c9839a11
VCG		 4320
4321 if (ltk->authenticated)
f8776218
AG		 4322 conn->pending_sec_level = BT_SECURITY_HIGH;
4323 else
4324 conn->pending_sec_level = BT_SECURITY_MEDIUM;
a7a595f6 4325
89cbb4da 4326 conn->enc_key_size = ltk->enc_size;
a7a595f6
VCG		 4327
4328 hci_send_cmd(hdev, HCI_OP_LE_LTK_REPLY, sizeof(cp), &cp);
4329
5981a882
CT		 4330 /* Ref. Bluetooth Core SPEC pages 1975 and 2004. STK is a
4331 * temporary key used to encrypt a connection following
4332 * pairing. It is used during the Encrypted Session Setup to
4333 * distribute the keys. Later, security can be re-established
4334 * using a distributed LTK.
4335 */
2ceba539 4336 if (ltk->type == SMP_STK) {
c9839a11
VCG		 4337 list_del(&ltk->list);
4338 kfree(ltk);
4339 }
4340
a7a595f6 4341 hci_dev_unlock(hdev);
bea710fe
VCG		 4342
4343 return;
4344
4345not_found:
4346 neg.handle = ev->handle;
4347 hci_send_cmd(hdev, HCI_OP_LE_LTK_NEG_REPLY, sizeof(neg), &neg);
4348 hci_dev_unlock(hdev);
a7a595f6
VCG		 4349}
4350
6039aa73 4351static void hci_le_meta_evt(struct hci_dev *hdev, struct sk_buff *skb)
fcd89c09
VT		 4352{
4353 struct hci_ev_le_meta *le_ev = (void *) skb->data;
4354
4355 skb_pull(skb, sizeof(*le_ev));
4356
4357 switch (le_ev->subevent) {
4358 case HCI_EV_LE_CONN_COMPLETE:
4359 hci_le_conn_complete_evt(hdev, skb);
4360 break;
4361
1855d92d
MH		 4362 case HCI_EV_LE_CONN_UPDATE_COMPLETE:
4363 hci_le_conn_update_complete_evt(hdev, skb);
4364 break;
4365
9aa04c91
AG		 4366 case HCI_EV_LE_ADVERTISING_REPORT:
4367 hci_le_adv_report_evt(hdev, skb);
4368 break;
4369
a7a595f6
VCG		 4370 case HCI_EV_LE_LTK_REQ:
4371 hci_le_ltk_request_evt(hdev, skb);
4372 break;
4373
fcd89c09
VT		 4374 default:
4375 break;
4376 }
4377}
4378
9495b2ee
AE		 4379static void hci_chan_selected_evt(struct hci_dev *hdev, struct sk_buff *skb)
4380{
4381 struct hci_ev_channel_selected *ev = (void *) skb->data;
4382 struct hci_conn *hcon;
4383
4384 BT_DBG("%s handle 0x%2.2x", hdev->name, ev->phy_handle);
4385
4386 skb_pull(skb, sizeof(*ev));
4387
4388 hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
4389 if (!hcon)
4390 return;
4391
4392 amp_read_loc_assoc_final_data(hdev, hcon);
4393}
4394
a9de9248
MH		 4395void hci_event_packet(struct hci_dev *hdev, struct sk_buff *skb)
4396{
4397 struct hci_event_hdr *hdr = (void *) skb->data;
4398 __u8 event = hdr->evt;
4399
b6ddb638
JH		 4400 hci_dev_lock(hdev);
4401
4402 /* Received events are (currently) only needed when a request is
4403 * ongoing so avoid unnecessary memory allocation.
4404 */
4405 if (hdev->req_status == HCI_REQ_PEND) {
4406 kfree_skb(hdev->recv_evt);
4407 hdev->recv_evt = skb_clone(skb, GFP_KERNEL);
4408 }
4409
4410 hci_dev_unlock(hdev);
4411
a9de9248
MH		 4412 skb_pull(skb, HCI_EVENT_HDR_SIZE);
4413
02350a72 4414 if (hdev->sent_cmd && bt_cb(hdev->sent_cmd)->req.event == event) {
c1f23a2b
JB		 4415 struct hci_command_hdr *cmd_hdr = (void *) hdev->sent_cmd->data;
4416 u16 opcode = __le16_to_cpu(cmd_hdr->opcode);
02350a72
JH		 4417
4418 hci_req_cmd_complete(hdev, opcode, 0);
4419 }
4420
a9de9248 4421 switch (event) {
1da177e4
LT		 4422 case HCI_EV_INQUIRY_COMPLETE:
4423 hci_inquiry_complete_evt(hdev, skb);
4424 break;
4425
4426 case HCI_EV_INQUIRY_RESULT:
4427 hci_inquiry_result_evt(hdev, skb);
4428 break;
4429
a9de9248
MH		 4430 case HCI_EV_CONN_COMPLETE:
4431 hci_conn_complete_evt(hdev, skb);
21d9e30e
MH		 4432 break;
4433
1da177e4
LT		 4434 case HCI_EV_CONN_REQUEST:
4435 hci_conn_request_evt(hdev, skb);
4436 break;
4437
1da177e4
LT		 4438 case HCI_EV_DISCONN_COMPLETE:
4439 hci_disconn_complete_evt(hdev, skb);
4440 break;
4441
1da177e4
LT		 4442 case HCI_EV_AUTH_COMPLETE:
4443 hci_auth_complete_evt(hdev, skb);
4444 break;
4445
a9de9248
MH		 4446 case HCI_EV_REMOTE_NAME:
4447 hci_remote_name_evt(hdev, skb);
4448 break;
4449
1da177e4
LT		 4450 case HCI_EV_ENCRYPT_CHANGE:
4451 hci_encrypt_change_evt(hdev, skb);
4452 break;
4453
a9de9248
MH		 4454 case HCI_EV_CHANGE_LINK_KEY_COMPLETE:
4455 hci_change_link_key_complete_evt(hdev, skb);
4456 break;
4457
4458 case HCI_EV_REMOTE_FEATURES:
4459 hci_remote_features_evt(hdev, skb);
4460 break;
4461
a9de9248
MH		 4462 case HCI_EV_CMD_COMPLETE:
4463 hci_cmd_complete_evt(hdev, skb);
4464 break;
4465
4466 case HCI_EV_CMD_STATUS:
4467 hci_cmd_status_evt(hdev, skb);
4468 break;
4469
4470 case HCI_EV_ROLE_CHANGE:
4471 hci_role_change_evt(hdev, skb);
4472 break;
4473
4474 case HCI_EV_NUM_COMP_PKTS:
4475 hci_num_comp_pkts_evt(hdev, skb);
4476 break;
4477
4478 case HCI_EV_MODE_CHANGE:
4479 hci_mode_change_evt(hdev, skb);
1da177e4
LT		 4480 break;
4481
4482 case HCI_EV_PIN_CODE_REQ:
4483 hci_pin_code_request_evt(hdev, skb);
4484 break;
4485
4486 case HCI_EV_LINK_KEY_REQ:
4487 hci_link_key_request_evt(hdev, skb);
4488 break;
4489
4490 case HCI_EV_LINK_KEY_NOTIFY:
4491 hci_link_key_notify_evt(hdev, skb);
4492 break;
4493
4494 case HCI_EV_CLOCK_OFFSET:
4495 hci_clock_offset_evt(hdev, skb);
4496 break;
4497
a8746417
MH		 4498 case HCI_EV_PKT_TYPE_CHANGE:
4499 hci_pkt_type_change_evt(hdev, skb);
4500 break;
4501
85a1e930
MH		 4502 case HCI_EV_PSCAN_REP_MODE:
4503 hci_pscan_rep_mode_evt(hdev, skb);
4504 break;
4505
a9de9248
MH		 4506 case HCI_EV_INQUIRY_RESULT_WITH_RSSI:
4507 hci_inquiry_result_with_rssi_evt(hdev, skb);
04837f64
MH		 4508 break;
4509
a9de9248
MH		 4510 case HCI_EV_REMOTE_EXT_FEATURES:
4511 hci_remote_ext_features_evt(hdev, skb);
1da177e4
LT		 4512 break;
4513
a9de9248
MH		 4514 case HCI_EV_SYNC_CONN_COMPLETE:
4515 hci_sync_conn_complete_evt(hdev, skb);
4516 break;
1da177e4 4517
a9de9248
MH		 4518 case HCI_EV_EXTENDED_INQUIRY_RESULT:
4519 hci_extended_inquiry_result_evt(hdev, skb);
4520 break;
1da177e4 4521
1c2e0041
JH		 4522 case HCI_EV_KEY_REFRESH_COMPLETE:
4523 hci_key_refresh_complete_evt(hdev, skb);
4524 break;
4525
0493684e
MH		 4526 case HCI_EV_IO_CAPA_REQUEST:
4527 hci_io_capa_request_evt(hdev, skb);
4528 break;
4529
03b555e1
JH		 4530 case HCI_EV_IO_CAPA_REPLY:
4531 hci_io_capa_reply_evt(hdev, skb);
4532 break;
4533
a5c29683
JH		 4534 case HCI_EV_USER_CONFIRM_REQUEST:
4535 hci_user_confirm_request_evt(hdev, skb);
4536 break;
4537
1143d458
BG		 4538 case HCI_EV_USER_PASSKEY_REQUEST:
4539 hci_user_passkey_request_evt(hdev, skb);
4540 break;
4541
92a25256
JH		 4542 case HCI_EV_USER_PASSKEY_NOTIFY:
4543 hci_user_passkey_notify_evt(hdev, skb);
4544 break;
4545
4546 case HCI_EV_KEYPRESS_NOTIFY:
4547 hci_keypress_notify_evt(hdev, skb);
4548 break;
4549
0493684e
MH		 4550 case HCI_EV_SIMPLE_PAIR_COMPLETE:
4551 hci_simple_pair_complete_evt(hdev, skb);
4552 break;
4553
41a96212
MH		 4554 case HCI_EV_REMOTE_HOST_FEATURES:
4555 hci_remote_host_features_evt(hdev, skb);
4556 break;
4557
fcd89c09
VT		 4558 case HCI_EV_LE_META:
4559 hci_le_meta_evt(hdev, skb);
4560 break;
4561
9495b2ee
AE		 4562 case HCI_EV_CHANNEL_SELECTED:
4563 hci_chan_selected_evt(hdev, skb);
4564 break;
4565
2763eda6
SJ		 4566 case HCI_EV_REMOTE_OOB_DATA_REQUEST:
4567 hci_remote_oob_data_request_evt(hdev, skb);
4568 break;
4569
d5e91192
AE		 4570 case HCI_EV_PHY_LINK_COMPLETE:
4571 hci_phy_link_complete_evt(hdev, skb);
4572 break;
4573
27695fb4
AE		 4574 case HCI_EV_LOGICAL_LINK_COMPLETE:
4575 hci_loglink_complete_evt(hdev, skb);
4576 break;
4577
606e2a10
AE		 4578 case HCI_EV_DISCONN_LOGICAL_LINK_COMPLETE:
4579 hci_disconn_loglink_complete_evt(hdev, skb);
4580 break;
4581
9eef6b3a
AE		 4582 case HCI_EV_DISCONN_PHY_LINK_COMPLETE:
4583 hci_disconn_phylink_complete_evt(hdev, skb);
4584 break;
4585
25e89e99
AE		 4586 case HCI_EV_NUM_COMP_BLOCKS:
4587 hci_num_comp_blocks_evt(hdev, skb);
4588 break;
4589
a9de9248 4590 default:
9f1db00c 4591 BT_DBG("%s event 0x%2.2x", hdev->name, event);
1da177e4
LT		 4592 break;
4593 }
4594
4595 kfree_skb(skb);
4596 hdev->stat.evt_rx++;
4597}
Linux kernel - Deliverables
This page took 1.562126 seconds and 5 git commands to generate.