projects / deliverable / linux.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Bluetooth: Stop BCSP/H5 timer before cleaning up
[deliverable/linux.git] / net / bluetooth / hci_event.c
CommitLineData
8e87d142 1/*
1da177e4 2 BlueZ - Bluetooth protocol stack for Linux
2d0a0346 3 Copyright (c) 2000-2001, 2010, Code Aurora Forum. All rights reserved.
1da177e4
LT		 4
5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
8e87d142
YH		 15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
1da177e4
LT		 18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
8e87d142
YH		 20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
1da177e4
LT		 22 SOFTWARE IS DISCLAIMED.
23*/
24
25/* Bluetooth HCI event handling. */
26
1da177e4
LT		 27#include <asm/unaligned.h>
28
29#include <net/bluetooth/bluetooth.h>
30#include <net/bluetooth/hci_core.h>
f0d6a0ea 31#include <net/bluetooth/mgmt.h>
7ef9fbf0 32
7024728e 33#include "a2mp.h"
7ef9fbf0 34#include "amp.h"
1da177e4 35
1da177e4
LT		 36/* Handle HCI Event packets */
37
a9de9248 38static void hci_cc_inquiry_cancel(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 39{
a9de9248 40 __u8 status = *((__u8 *) skb->data);
1da177e4 41
9f1db00c 42 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1da177e4 43
82f4785c 44 if (status)
a9de9248 45 return;
1da177e4 46
89352e7d 47 clear_bit(HCI_INQUIRY, &hdev->flags);
3e13fa1e
AG		 48 smp_mb__after_clear_bit(); /* wake_up_bit advises about this barrier */
49 wake_up_bit(&hdev->flags, HCI_INQUIRY);
89352e7d 50
a9de9248
MH		 51 hci_conn_check_pending(hdev);
52}
6bd57416 53
4d93483b
AG		 54static void hci_cc_periodic_inq(struct hci_dev *hdev, struct sk_buff *skb)
55{
56 __u8 status = *((__u8 *) skb->data);
57
9f1db00c 58 BT_DBG("%s status 0x%2.2x", hdev->name, status);
ae854a70
AG		 59
60 if (status)
61 return;
62
63 set_bit(HCI_PERIODIC_INQ, &hdev->dev_flags);
4d93483b
AG		 64}
65
a9de9248
MH		 66static void hci_cc_exit_periodic_inq(struct hci_dev *hdev, struct sk_buff *skb)
67{
68 __u8 status = *((__u8 *) skb->data);
6bd57416 69
9f1db00c 70 BT_DBG("%s status 0x%2.2x", hdev->name, status);
6bd57416 71
a9de9248
MH		 72 if (status)
73 return;
1da177e4 74
ae854a70
AG		 75 clear_bit(HCI_PERIODIC_INQ, &hdev->dev_flags);
76
a9de9248
MH		 77 hci_conn_check_pending(hdev);
78}
79
807deac2
GP		 80static void hci_cc_remote_name_req_cancel(struct hci_dev *hdev,
81 struct sk_buff *skb)
a9de9248
MH		 82{
83 BT_DBG("%s", hdev->name);
84}
85
86static void hci_cc_role_discovery(struct hci_dev *hdev, struct sk_buff *skb)
87{
88 struct hci_rp_role_discovery *rp = (void *) skb->data;
89 struct hci_conn *conn;
90
9f1db00c 91 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
a9de9248
MH		 92
93 if (rp->status)
94 return;
95
96 hci_dev_lock(hdev);
97
98 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
99 if (conn) {
100 if (rp->role)
101 conn->link_mode &= ~HCI_LM_MASTER;
102 else
103 conn->link_mode |= HCI_LM_MASTER;
1da177e4 104 }
a9de9248
MH		 105
106 hci_dev_unlock(hdev);
1da177e4
LT		 107}
108
e4e8e37c
MH		 109static void hci_cc_read_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
110{
111 struct hci_rp_read_link_policy *rp = (void *) skb->data;
112 struct hci_conn *conn;
113
9f1db00c 114 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
e4e8e37c
MH		 115
116 if (rp->status)
117 return;
118
119 hci_dev_lock(hdev);
120
121 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
122 if (conn)
123 conn->link_policy = __le16_to_cpu(rp->policy);
124
125 hci_dev_unlock(hdev);
126}
127
a9de9248 128static void hci_cc_write_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 129{
a9de9248 130 struct hci_rp_write_link_policy *rp = (void *) skb->data;
1da177e4 131 struct hci_conn *conn;
04837f64 132 void *sent;
1da177e4 133
9f1db00c 134 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1da177e4 135
a9de9248
MH		 136 if (rp->status)
137 return;
1da177e4 138
a9de9248
MH		 139 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LINK_POLICY);
140 if (!sent)
141 return;
1da177e4 142
a9de9248 143 hci_dev_lock(hdev);
1da177e4 144
a9de9248 145 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
e4e8e37c 146 if (conn)
83985319 147 conn->link_policy = get_unaligned_le16(sent + 2);
1da177e4 148
a9de9248
MH		 149 hci_dev_unlock(hdev);
150}
1da177e4 151
807deac2
GP		 152static void hci_cc_read_def_link_policy(struct hci_dev *hdev,
153 struct sk_buff *skb)
e4e8e37c
MH		 154{
155 struct hci_rp_read_def_link_policy *rp = (void *) skb->data;
156
9f1db00c 157 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
e4e8e37c
MH		 158
159 if (rp->status)
160 return;
161
162 hdev->link_policy = __le16_to_cpu(rp->policy);
163}
164
807deac2
GP		 165static void hci_cc_write_def_link_policy(struct hci_dev *hdev,
166 struct sk_buff *skb)
e4e8e37c
MH		 167{
168 __u8 status = *((__u8 *) skb->data);
169 void *sent;
170
9f1db00c 171 BT_DBG("%s status 0x%2.2x", hdev->name, status);
e4e8e37c
MH		 172
173 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_DEF_LINK_POLICY);
174 if (!sent)
175 return;
176
177 if (!status)
178 hdev->link_policy = get_unaligned_le16(sent);
e4e8e37c
MH		 179}
180
a9de9248
MH		 181static void hci_cc_reset(struct hci_dev *hdev, struct sk_buff *skb)
182{
183 __u8 status = *((__u8 *) skb->data);
04837f64 184
9f1db00c 185 BT_DBG("%s status 0x%2.2x", hdev->name, status);
04837f64 186
10572132
GP		 187 clear_bit(HCI_RESET, &hdev->flags);
188
a297e97c 189 /* Reset all non-persistent flags */
2cc6fb00 190 hdev->dev_flags &= ~HCI_PERSISTENT_MASK;
69775ff6
AG		 191
192 hdev->discovery.state = DISCOVERY_STOPPED;
bbaf444a
JH		 193 hdev->inq_tx_power = HCI_TX_POWER_INVALID;
194 hdev->adv_tx_power = HCI_TX_POWER_INVALID;
3f0f524b
JH		 195
196 memset(hdev->adv_data, 0, sizeof(hdev->adv_data));
197 hdev->adv_data_len = 0;
f8e808bd
MH		 198
199 memset(hdev->scan_rsp_data, 0, sizeof(hdev->scan_rsp_data));
200 hdev->scan_rsp_data_len = 0;
06f5b778
MH		 201
202 hdev->ssp_debug_mode = 0;
a9de9248 203}
04837f64 204
a9de9248
MH		 205static void hci_cc_write_local_name(struct hci_dev *hdev, struct sk_buff *skb)
206{
207 __u8 status = *((__u8 *) skb->data);
208 void *sent;
04837f64 209
9f1db00c 210 BT_DBG("%s status 0x%2.2x", hdev->name, status);
04837f64 211
a9de9248
MH		 212 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LOCAL_NAME);
213 if (!sent)
214 return;
04837f64 215
56e5cb86
JH		 216 hci_dev_lock(hdev);
217
f51d5b24
JH		 218 if (test_bit(HCI_MGMT, &hdev->dev_flags))
219 mgmt_set_local_name_complete(hdev, sent, status);
28cc7bde
JH		 220 else if (!status)
221 memcpy(hdev->dev_name, sent, HCI_MAX_NAME_LENGTH);
f51d5b24 222
56e5cb86 223 hci_dev_unlock(hdev);
a9de9248
MH		 224}
225
226static void hci_cc_read_local_name(struct hci_dev *hdev, struct sk_buff *skb)
227{
228 struct hci_rp_read_local_name *rp = (void *) skb->data;
229
9f1db00c 230 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
a9de9248
MH		 231
232 if (rp->status)
233 return;
234
db99b5fc
JH		 235 if (test_bit(HCI_SETUP, &hdev->dev_flags))
236 memcpy(hdev->dev_name, rp->name, HCI_MAX_NAME_LENGTH);
a9de9248
MH		 237}
238
239static void hci_cc_write_auth_enable(struct hci_dev *hdev, struct sk_buff *skb)
240{
241 __u8 status = *((__u8 *) skb->data);
242 void *sent;
243
9f1db00c 244 BT_DBG("%s status 0x%2.2x", hdev->name, status);
a9de9248
MH		 245
246 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_AUTH_ENABLE);
247 if (!sent)
248 return;
249
250 if (!status) {
251 __u8 param = *((__u8 *) sent);
252
253 if (param == AUTH_ENABLED)
254 set_bit(HCI_AUTH, &hdev->flags);
255 else
256 clear_bit(HCI_AUTH, &hdev->flags);
1da177e4 257 }
a9de9248 258
33ef95ed
JH		 259 if (test_bit(HCI_MGMT, &hdev->dev_flags))
260 mgmt_auth_enable_complete(hdev, status);
1da177e4
LT		 261}
262
a9de9248 263static void hci_cc_write_encrypt_mode(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 264{
a9de9248 265 __u8 status = *((__u8 *) skb->data);
1da177e4
LT		 266 void *sent;
267
9f1db00c 268 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1da177e4 269
a9de9248
MH		 270 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_ENCRYPT_MODE);
271 if (!sent)
272 return;
1da177e4 273
a9de9248
MH		 274 if (!status) {
275 __u8 param = *((__u8 *) sent);
276
277 if (param)
278 set_bit(HCI_ENCRYPT, &hdev->flags);
279 else
280 clear_bit(HCI_ENCRYPT, &hdev->flags);
281 }
a9de9248 282}
1da177e4 283
a9de9248
MH		 284static void hci_cc_write_scan_enable(struct hci_dev *hdev, struct sk_buff *skb)
285{
36f7fc7e
JH		 286 __u8 param, status = *((__u8 *) skb->data);
287 int old_pscan, old_iscan;
a9de9248 288 void *sent;
1da177e4 289
9f1db00c 290 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1da177e4 291
a9de9248
MH		 292 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SCAN_ENABLE);
293 if (!sent)
294 return;
1da177e4 295
36f7fc7e
JH		 296 param = *((__u8 *) sent);
297
56e5cb86
JH		 298 hci_dev_lock(hdev);
299
fa1bd918 300 if (status) {
744cf19e 301 mgmt_write_scan_failed(hdev, param, status);
2d7cee58
JH		 302 hdev->discov_timeout = 0;
303 goto done;
304 }
305
0663ca2a
JH		 306 /* We need to ensure that we set this back on if someone changed
307 * the scan mode through a raw HCI socket.
308 */
309 set_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
310
36f7fc7e
JH		 311 old_pscan = test_and_clear_bit(HCI_PSCAN, &hdev->flags);
312 old_iscan = test_and_clear_bit(HCI_ISCAN, &hdev->flags);
313
314 if (param & SCAN_INQUIRY) {
315 set_bit(HCI_ISCAN, &hdev->flags);
316 if (!old_iscan)
744cf19e 317 mgmt_discoverable(hdev, 1);
36f7fc7e 318 } else if (old_iscan)
744cf19e 319 mgmt_discoverable(hdev, 0);
36f7fc7e
JH		 320
321 if (param & SCAN_PAGE) {
322 set_bit(HCI_PSCAN, &hdev->flags);
323 if (!old_pscan)
744cf19e 324 mgmt_connectable(hdev, 1);
36f7fc7e 325 } else if (old_pscan)
744cf19e 326 mgmt_connectable(hdev, 0);
1da177e4 327
36f7fc7e 328done:
56e5cb86 329 hci_dev_unlock(hdev);
a9de9248 330}
1da177e4 331
a9de9248
MH		 332static void hci_cc_read_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
333{
334 struct hci_rp_read_class_of_dev *rp = (void *) skb->data;
1da177e4 335
9f1db00c 336 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1da177e4 337
a9de9248
MH		 338 if (rp->status)
339 return;
1da177e4 340
a9de9248 341 memcpy(hdev->dev_class, rp->dev_class, 3);
1da177e4 342
a9de9248 343 BT_DBG("%s class 0x%.2x%.2x%.2x", hdev->name,
807deac2 344 hdev->dev_class[2], hdev->dev_class[1], hdev->dev_class[0]);
a9de9248 345}
1da177e4 346
a9de9248
MH		 347static void hci_cc_write_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
348{
349 __u8 status = *((__u8 *) skb->data);
350 void *sent;
1da177e4 351
9f1db00c 352 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1da177e4 353
a9de9248
MH		 354 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_CLASS_OF_DEV);
355 if (!sent)
356 return;
1da177e4 357
7f9a903c
MH		 358 hci_dev_lock(hdev);
359
360 if (status == 0)
361 memcpy(hdev->dev_class, sent, 3);
362
363 if (test_bit(HCI_MGMT, &hdev->dev_flags))
364 mgmt_set_class_of_dev_complete(hdev, sent, status);
365
366 hci_dev_unlock(hdev);
a9de9248 367}
1da177e4 368
a9de9248
MH		 369static void hci_cc_read_voice_setting(struct hci_dev *hdev, struct sk_buff *skb)
370{
371 struct hci_rp_read_voice_setting *rp = (void *) skb->data;
372 __u16 setting;
373
9f1db00c 374 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
a9de9248
MH		 375
376 if (rp->status)
377 return;
378
379 setting = __le16_to_cpu(rp->voice_setting);
380
f383f275 381 if (hdev->voice_setting == setting)
a9de9248
MH		 382 return;
383
384 hdev->voice_setting = setting;
385
9f1db00c 386 BT_DBG("%s voice setting 0x%4.4x", hdev->name, setting);
a9de9248 387
3c54711c 388 if (hdev->notify)
a9de9248 389 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
a9de9248
MH		 390}
391
8fc9ced3
GP		 392static void hci_cc_write_voice_setting(struct hci_dev *hdev,
393 struct sk_buff *skb)
a9de9248
MH		 394{
395 __u8 status = *((__u8 *) skb->data);
f383f275 396 __u16 setting;
a9de9248
MH		 397 void *sent;
398
9f1db00c 399 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1da177e4 400
f383f275
MH		 401 if (status)
402 return;
403
a9de9248
MH		 404 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_VOICE_SETTING);
405 if (!sent)
406 return;
1da177e4 407
f383f275 408 setting = get_unaligned_le16(sent);
1da177e4 409
f383f275
MH		 410 if (hdev->voice_setting == setting)
411 return;
412
413 hdev->voice_setting = setting;
1da177e4 414
9f1db00c 415 BT_DBG("%s voice setting 0x%4.4x", hdev->name, setting);
1da177e4 416
3c54711c 417 if (hdev->notify)
f383f275 418 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
1da177e4
LT		 419}
420
b4cb9fb2
MH		 421static void hci_cc_read_num_supported_iac(struct hci_dev *hdev,
422 struct sk_buff *skb)
423{
424 struct hci_rp_read_num_supported_iac *rp = (void *) skb->data;
425
426 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
427
428 if (rp->status)
429 return;
430
431 hdev->num_iac = rp->num_iac;
432
433 BT_DBG("%s num iac %d", hdev->name, hdev->num_iac);
434}
435
333140b5
MH		 436static void hci_cc_write_ssp_mode(struct hci_dev *hdev, struct sk_buff *skb)
437{
438 __u8 status = *((__u8 *) skb->data);
5ed8eb2f 439 struct hci_cp_write_ssp_mode *sent;
333140b5 440
9f1db00c 441 BT_DBG("%s status 0x%2.2x", hdev->name, status);
333140b5 442
333140b5
MH		 443 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SSP_MODE);
444 if (!sent)
445 return;
446
5ed8eb2f
JH		 447 if (!status) {
448 if (sent->mode)
cad718ed 449 hdev->features[1][0] |= LMP_HOST_SSP;
5ed8eb2f 450 else
cad718ed 451 hdev->features[1][0] &= ~LMP_HOST_SSP;
5ed8eb2f
JH		 452 }
453
ed2c4ee3 454 if (test_bit(HCI_MGMT, &hdev->dev_flags))
5ed8eb2f 455 mgmt_ssp_enable_complete(hdev, sent->mode, status);
c0ecddc2 456 else if (!status) {
5ed8eb2f 457 if (sent->mode)
c0ecddc2
JH		 458 set_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
459 else
460 clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
461 }
333140b5
MH		 462}
463
eac83dc6
MH		 464static void hci_cc_write_sc_support(struct hci_dev *hdev, struct sk_buff *skb)
465{
466 u8 status = *((u8 *) skb->data);
467 struct hci_cp_write_sc_support *sent;
468
469 BT_DBG("%s status 0x%2.2x", hdev->name, status);
470
471 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SC_SUPPORT);
472 if (!sent)
473 return;
474
475 if (!status) {
476 if (sent->support)
477 hdev->features[1][0] |= LMP_HOST_SC;
478 else
479 hdev->features[1][0] &= ~LMP_HOST_SC;
480 }
481
482 if (test_bit(HCI_MGMT, &hdev->dev_flags))
483 mgmt_sc_enable_complete(hdev, sent->support, status);
484 else if (!status) {
485 if (sent->support)
486 set_bit(HCI_SC_ENABLED, &hdev->dev_flags);
487 else
488 clear_bit(HCI_SC_ENABLED, &hdev->dev_flags);
489 }
490}
491
a9de9248
MH		 492static void hci_cc_read_local_version(struct hci_dev *hdev, struct sk_buff *skb)
493{
494 struct hci_rp_read_local_version *rp = (void *) skb->data;
1143e5a6 495
9f1db00c 496 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1143e5a6 497
a9de9248 498 if (rp->status)
42c6b129 499 return;
1143e5a6 500
0d5551f5
MH		 501 if (test_bit(HCI_SETUP, &hdev->dev_flags)) {
502 hdev->hci_ver = rp->hci_ver;
503 hdev->hci_rev = __le16_to_cpu(rp->hci_rev);
504 hdev->lmp_ver = rp->lmp_ver;
505 hdev->manufacturer = __le16_to_cpu(rp->manufacturer);
506 hdev->lmp_subver = __le16_to_cpu(rp->lmp_subver);
507 }
d5859e22
JH		 508}
509
8fc9ced3
GP		 510static void hci_cc_read_local_commands(struct hci_dev *hdev,
511 struct sk_buff *skb)
a9de9248
MH		 512{
513 struct hci_rp_read_local_commands *rp = (void *) skb->data;
1da177e4 514
9f1db00c 515 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1da177e4 516
6a070e6e
MH		 517 if (rp->status)
518 return;
519
520 if (test_bit(HCI_SETUP, &hdev->dev_flags))
2177bab5 521 memcpy(hdev->commands, rp->commands, sizeof(hdev->commands));
a9de9248 522}
1da177e4 523
8fc9ced3
GP		 524static void hci_cc_read_local_features(struct hci_dev *hdev,
525 struct sk_buff *skb)
a9de9248
MH		 526{
527 struct hci_rp_read_local_features *rp = (void *) skb->data;
5b7f9909 528
9f1db00c 529 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1da177e4 530
a9de9248
MH		 531 if (rp->status)
532 return;
5b7f9909 533
a9de9248 534 memcpy(hdev->features, rp->features, 8);
5b7f9909 535
a9de9248
MH		 536 /* Adjust default settings according to features
537 * supported by device. */
1da177e4 538
cad718ed 539 if (hdev->features[0][0] & LMP_3SLOT)
a9de9248 540 hdev->pkt_type |= (HCI_DM3 | HCI_DH3);
1da177e4 541
cad718ed 542 if (hdev->features[0][0] & LMP_5SLOT)
a9de9248 543 hdev->pkt_type |= (HCI_DM5 | HCI_DH5);
1da177e4 544
cad718ed 545 if (hdev->features[0][1] & LMP_HV2) {
a9de9248
MH		 546 hdev->pkt_type |= (HCI_HV2);
547 hdev->esco_type |= (ESCO_HV2);
548 }
1da177e4 549
cad718ed 550 if (hdev->features[0][1] & LMP_HV3) {
a9de9248
MH		 551 hdev->pkt_type |= (HCI_HV3);
552 hdev->esco_type |= (ESCO_HV3);
553 }
1da177e4 554
45db810f 555 if (lmp_esco_capable(hdev))
a9de9248 556 hdev->esco_type |= (ESCO_EV3);
da1f5198 557
cad718ed 558 if (hdev->features[0][4] & LMP_EV4)
a9de9248 559 hdev->esco_type |= (ESCO_EV4);
da1f5198 560
cad718ed 561 if (hdev->features[0][4] & LMP_EV5)
a9de9248 562 hdev->esco_type |= (ESCO_EV5);
1da177e4 563
cad718ed 564 if (hdev->features[0][5] & LMP_EDR_ESCO_2M)
efc7688b
MH		 565 hdev->esco_type |= (ESCO_2EV3);
566
cad718ed 567 if (hdev->features[0][5] & LMP_EDR_ESCO_3M)
efc7688b
MH		 568 hdev->esco_type |= (ESCO_3EV3);
569
cad718ed 570 if (hdev->features[0][5] & LMP_EDR_3S_ESCO)
efc7688b 571 hdev->esco_type |= (ESCO_2EV5 | ESCO_3EV5);
a9de9248 572}
1da177e4 573
971e3a4b 574static void hci_cc_read_local_ext_features(struct hci_dev *hdev,
807deac2 575 struct sk_buff *skb)
971e3a4b
AG		 576{
577 struct hci_rp_read_local_ext_features *rp = (void *) skb->data;
578
9f1db00c 579 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
971e3a4b
AG		 580
581 if (rp->status)
42c6b129 582 return;
971e3a4b 583
57af75a8
MH		 584 if (hdev->max_page < rp->max_page)
585 hdev->max_page = rp->max_page;
d2c5d77f 586
cad718ed
JH		 587 if (rp->page < HCI_MAX_PAGES)
588 memcpy(hdev->features[rp->page], rp->features, 8);
971e3a4b
AG		 589}
590
1e89cffb 591static void hci_cc_read_flow_control_mode(struct hci_dev *hdev,
807deac2 592 struct sk_buff *skb)
1e89cffb
AE		 593{
594 struct hci_rp_read_flow_control_mode *rp = (void *) skb->data;
595
9f1db00c 596 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1e89cffb 597
42c6b129
JH		 598 if (!rp->status)
599 hdev->flow_ctl_mode = rp->mode;
1e89cffb
AE		 600}
601
a9de9248
MH		 602static void hci_cc_read_buffer_size(struct hci_dev *hdev, struct sk_buff *skb)
603{
604 struct hci_rp_read_buffer_size *rp = (void *) skb->data;
1da177e4 605
9f1db00c 606 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1da177e4 607
a9de9248
MH		 608 if (rp->status)
609 return;
1da177e4 610
a9de9248
MH		 611 hdev->acl_mtu = __le16_to_cpu(rp->acl_mtu);
612 hdev->sco_mtu = rp->sco_mtu;
613 hdev->acl_pkts = __le16_to_cpu(rp->acl_max_pkt);
614 hdev->sco_pkts = __le16_to_cpu(rp->sco_max_pkt);
615
616 if (test_bit(HCI_QUIRK_FIXUP_BUFFER_SIZE, &hdev->quirks)) {
617 hdev->sco_mtu = 64;
618 hdev->sco_pkts = 8;
1da177e4 619 }
a9de9248
MH		 620
621 hdev->acl_cnt = hdev->acl_pkts;
622 hdev->sco_cnt = hdev->sco_pkts;
623
807deac2
GP		 624 BT_DBG("%s acl mtu %d:%d sco mtu %d:%d", hdev->name, hdev->acl_mtu,
625 hdev->acl_pkts, hdev->sco_mtu, hdev->sco_pkts);
a9de9248
MH		 626}
627
628static void hci_cc_read_bd_addr(struct hci_dev *hdev, struct sk_buff *skb)
629{
630 struct hci_rp_read_bd_addr *rp = (void *) skb->data;
631
9f1db00c 632 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
a9de9248
MH		 633
634 if (!rp->status)
635 bacpy(&hdev->bdaddr, &rp->bdaddr);
23bb5763
JH		 636}
637
f332ec66
JH		 638static void hci_cc_read_page_scan_activity(struct hci_dev *hdev,
639 struct sk_buff *skb)
640{
641 struct hci_rp_read_page_scan_activity *rp = (void *) skb->data;
642
643 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
644
645 if (test_bit(HCI_INIT, &hdev->flags) && !rp->status) {
646 hdev->page_scan_interval = __le16_to_cpu(rp->interval);
647 hdev->page_scan_window = __le16_to_cpu(rp->window);
648 }
649}
650
4a3ee763
JH		 651static void hci_cc_write_page_scan_activity(struct hci_dev *hdev,
652 struct sk_buff *skb)
653{
654 u8 status = *((u8 *) skb->data);
655 struct hci_cp_write_page_scan_activity *sent;
656
657 BT_DBG("%s status 0x%2.2x", hdev->name, status);
658
659 if (status)
660 return;
661
662 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY);
663 if (!sent)
664 return;
665
666 hdev->page_scan_interval = __le16_to_cpu(sent->interval);
667 hdev->page_scan_window = __le16_to_cpu(sent->window);
668}
669
f332ec66
JH		 670static void hci_cc_read_page_scan_type(struct hci_dev *hdev,
671 struct sk_buff *skb)
672{
673 struct hci_rp_read_page_scan_type *rp = (void *) skb->data;
674
675 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
676
677 if (test_bit(HCI_INIT, &hdev->flags) && !rp->status)
678 hdev->page_scan_type = rp->type;
679}
680
4a3ee763
JH		 681static void hci_cc_write_page_scan_type(struct hci_dev *hdev,
682 struct sk_buff *skb)
683{
684 u8 status = *((u8 *) skb->data);
685 u8 *type;
686
687 BT_DBG("%s status 0x%2.2x", hdev->name, status);
688
689 if (status)
690 return;
691
692 type = hci_sent_cmd_data(hdev, HCI_OP_WRITE_PAGE_SCAN_TYPE);
693 if (type)
694 hdev->page_scan_type = *type;
695}
696
350ee4cf 697static void hci_cc_read_data_block_size(struct hci_dev *hdev,
807deac2 698 struct sk_buff *skb)
350ee4cf
AE		 699{
700 struct hci_rp_read_data_block_size *rp = (void *) skb->data;
701
9f1db00c 702 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
350ee4cf
AE		 703
704 if (rp->status)
705 return;
706
707 hdev->block_mtu = __le16_to_cpu(rp->max_acl_len);
708 hdev->block_len = __le16_to_cpu(rp->block_len);
709 hdev->num_blocks = __le16_to_cpu(rp->num_blocks);
710
711 hdev->block_cnt = hdev->num_blocks;
712
713 BT_DBG("%s blk mtu %d cnt %d len %d", hdev->name, hdev->block_mtu,
807deac2 714 hdev->block_cnt, hdev->block_len);
350ee4cf
AE		 715}
716
928abaa7 717static void hci_cc_read_local_amp_info(struct hci_dev *hdev,
807deac2 718 struct sk_buff *skb)
928abaa7
AE		 719{
720 struct hci_rp_read_local_amp_info *rp = (void *) skb->data;
721
9f1db00c 722 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
928abaa7
AE		 723
724 if (rp->status)
8e2a0d92 725 goto a2mp_rsp;
928abaa7
AE		 726
727 hdev->amp_status = rp->amp_status;
728 hdev->amp_total_bw = __le32_to_cpu(rp->total_bw);
729 hdev->amp_max_bw = __le32_to_cpu(rp->max_bw);
730 hdev->amp_min_latency = __le32_to_cpu(rp->min_latency);
731 hdev->amp_max_pdu = __le32_to_cpu(rp->max_pdu);
732 hdev->amp_type = rp->amp_type;
733 hdev->amp_pal_cap = __le16_to_cpu(rp->pal_cap);
734 hdev->amp_assoc_size = __le16_to_cpu(rp->max_assoc_size);
735 hdev->amp_be_flush_to = __le32_to_cpu(rp->be_flush_to);
736 hdev->amp_max_flush_to = __le32_to_cpu(rp->max_flush_to);
737
8e2a0d92
AE		 738a2mp_rsp:
739 a2mp_send_getinfo_rsp(hdev);
928abaa7
AE		 740}
741
903e4541
AE		 742static void hci_cc_read_local_amp_assoc(struct hci_dev *hdev,
743 struct sk_buff *skb)
744{
745 struct hci_rp_read_local_amp_assoc *rp = (void *) skb->data;
746 struct amp_assoc *assoc = &hdev->loc_assoc;
747 size_t rem_len, frag_len;
748
749 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
750
751 if (rp->status)
752 goto a2mp_rsp;
753
754 frag_len = skb->len - sizeof(*rp);
755 rem_len = __le16_to_cpu(rp->rem_len);
756
757 if (rem_len > frag_len) {
2e430be3 758 BT_DBG("frag_len %zu rem_len %zu", frag_len, rem_len);
903e4541
AE		 759
760 memcpy(assoc->data + assoc->offset, rp->frag, frag_len);
761 assoc->offset += frag_len;
762
763 /* Read other fragments */
764 amp_read_loc_assoc_frag(hdev, rp->phy_handle);
765
766 return;
767 }
768
769 memcpy(assoc->data + assoc->offset, rp->frag, rem_len);
770 assoc->len = assoc->offset + rem_len;
771 assoc->offset = 0;
772
773a2mp_rsp:
774 /* Send A2MP Rsp when all fragments are received */
775 a2mp_send_getampassoc_rsp(hdev, rp->status);
9495b2ee 776 a2mp_send_create_phy_link_req(hdev, rp->status);
903e4541
AE		 777}
778
d5859e22 779static void hci_cc_read_inq_rsp_tx_power(struct hci_dev *hdev,
807deac2 780 struct sk_buff *skb)
d5859e22 781{
91c4e9b1 782 struct hci_rp_read_inq_rsp_tx_power *rp = (void *) skb->data;
d5859e22 783
9f1db00c 784 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
91c4e9b1
MH		 785
786 if (!rp->status)
787 hdev->inq_tx_power = rp->tx_power;
d5859e22
JH		 788}
789
980e1a53
JH		 790static void hci_cc_pin_code_reply(struct hci_dev *hdev, struct sk_buff *skb)
791{
792 struct hci_rp_pin_code_reply *rp = (void *) skb->data;
793 struct hci_cp_pin_code_reply *cp;
794 struct hci_conn *conn;
795
9f1db00c 796 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
980e1a53 797
56e5cb86
JH		 798 hci_dev_lock(hdev);
799
a8b2d5c2 800 if (test_bit(HCI_MGMT, &hdev->dev_flags))
744cf19e 801 mgmt_pin_code_reply_complete(hdev, &rp->bdaddr, rp->status);
980e1a53 802
fa1bd918 803 if (rp->status)
56e5cb86 804 goto unlock;
980e1a53
JH		 805
806 cp = hci_sent_cmd_data(hdev, HCI_OP_PIN_CODE_REPLY);
807 if (!cp)
56e5cb86 808 goto unlock;
980e1a53
JH		 809
810 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
811 if (conn)
812 conn->pin_length = cp->pin_len;
56e5cb86
JH		 813
814unlock:
815 hci_dev_unlock(hdev);
980e1a53
JH		 816}
817
818static void hci_cc_pin_code_neg_reply(struct hci_dev *hdev, struct sk_buff *skb)
819{
820 struct hci_rp_pin_code_neg_reply *rp = (void *) skb->data;
821
9f1db00c 822 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
980e1a53 823
56e5cb86
JH		 824 hci_dev_lock(hdev);
825
a8b2d5c2 826 if (test_bit(HCI_MGMT, &hdev->dev_flags))
744cf19e 827 mgmt_pin_code_neg_reply_complete(hdev, &rp->bdaddr,
807deac2 828 rp->status);
56e5cb86
JH		 829
830 hci_dev_unlock(hdev);
980e1a53 831}
56e5cb86 832
6ed58ec5
VT		 833static void hci_cc_le_read_buffer_size(struct hci_dev *hdev,
834 struct sk_buff *skb)
835{
836 struct hci_rp_le_read_buffer_size *rp = (void *) skb->data;
837
9f1db00c 838 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
6ed58ec5
VT		 839
840 if (rp->status)
841 return;
842
843 hdev->le_mtu = __le16_to_cpu(rp->le_mtu);
844 hdev->le_pkts = rp->le_max_pkt;
845
846 hdev->le_cnt = hdev->le_pkts;
847
848 BT_DBG("%s le mtu %d:%d", hdev->name, hdev->le_mtu, hdev->le_pkts);
6ed58ec5 849}
980e1a53 850
60e77321
JH		 851static void hci_cc_le_read_local_features(struct hci_dev *hdev,
852 struct sk_buff *skb)
853{
854 struct hci_rp_le_read_local_features *rp = (void *) skb->data;
855
856 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
857
858 if (!rp->status)
859 memcpy(hdev->le_features, rp->features, 8);
60e77321
JH		 860}
861
8fa19098
JH		 862static void hci_cc_le_read_adv_tx_power(struct hci_dev *hdev,
863 struct sk_buff *skb)
864{
865 struct hci_rp_le_read_adv_tx_power *rp = (void *) skb->data;
866
867 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
868
04b4edcb 869 if (!rp->status)
8fa19098 870 hdev->adv_tx_power = rp->tx_power;
8fa19098
JH		 871}
872
a5c29683
JH		 873static void hci_cc_user_confirm_reply(struct hci_dev *hdev, struct sk_buff *skb)
874{
875 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
876
9f1db00c 877 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
a5c29683 878
56e5cb86
JH		 879 hci_dev_lock(hdev);
880
a8b2d5c2 881 if (test_bit(HCI_MGMT, &hdev->dev_flags))
04124681
GP		 882 mgmt_user_confirm_reply_complete(hdev, &rp->bdaddr, ACL_LINK, 0,
883 rp->status);
56e5cb86
JH		 884
885 hci_dev_unlock(hdev);
a5c29683
JH		 886}
887
888static void hci_cc_user_confirm_neg_reply(struct hci_dev *hdev,
807deac2 889 struct sk_buff *skb)
a5c29683
JH		 890{
891 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
892
9f1db00c 893 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
a5c29683 894
56e5cb86
JH		 895 hci_dev_lock(hdev);
896
a8b2d5c2 897 if (test_bit(HCI_MGMT, &hdev->dev_flags))
744cf19e 898 mgmt_user_confirm_neg_reply_complete(hdev, &rp->bdaddr,
04124681 899 ACL_LINK, 0, rp->status);
56e5cb86
JH		 900
901 hci_dev_unlock(hdev);
a5c29683
JH		 902}
903
1143d458
BG		 904static void hci_cc_user_passkey_reply(struct hci_dev *hdev, struct sk_buff *skb)
905{
906 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
907
9f1db00c 908 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1143d458
BG		 909
910 hci_dev_lock(hdev);
911
a8b2d5c2 912 if (test_bit(HCI_MGMT, &hdev->dev_flags))
272d90df 913 mgmt_user_passkey_reply_complete(hdev, &rp->bdaddr, ACL_LINK,
04124681 914 0, rp->status);
1143d458
BG		 915
916 hci_dev_unlock(hdev);
917}
918
919static void hci_cc_user_passkey_neg_reply(struct hci_dev *hdev,
807deac2 920 struct sk_buff *skb)
1143d458
BG		 921{
922 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
923
9f1db00c 924 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1143d458
BG		 925
926 hci_dev_lock(hdev);
927
a8b2d5c2 928 if (test_bit(HCI_MGMT, &hdev->dev_flags))
1143d458 929 mgmt_user_passkey_neg_reply_complete(hdev, &rp->bdaddr,
04124681 930 ACL_LINK, 0, rp->status);
1143d458
BG		 931
932 hci_dev_unlock(hdev);
933}
934
4d2d2796
MH		 935static void hci_cc_read_local_oob_data(struct hci_dev *hdev,
936 struct sk_buff *skb)
c35938b2
SJ		 937{
938 struct hci_rp_read_local_oob_data *rp = (void *) skb->data;
939
9f1db00c 940 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
c35938b2 941
56e5cb86 942 hci_dev_lock(hdev);
4d2d2796
MH		 943 mgmt_read_local_oob_data_complete(hdev, rp->hash, rp->randomizer,
944 NULL, NULL, rp->status);
945 hci_dev_unlock(hdev);
946}
947
948static void hci_cc_read_local_oob_ext_data(struct hci_dev *hdev,
949 struct sk_buff *skb)
950{
951 struct hci_rp_read_local_oob_ext_data *rp = (void *) skb->data;
952
953 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
954
955 hci_dev_lock(hdev);
956 mgmt_read_local_oob_data_complete(hdev, rp->hash192, rp->randomizer192,
957 rp->hash256, rp->randomizer256,
958 rp->status);
56e5cb86 959 hci_dev_unlock(hdev);
c35938b2
SJ		 960}
961
7a4cd51d
MH		 962
963static void hci_cc_le_set_random_addr(struct hci_dev *hdev, struct sk_buff *skb)
964{
965 __u8 status = *((__u8 *) skb->data);
966 bdaddr_t *sent;
967
968 BT_DBG("%s status 0x%2.2x", hdev->name, status);
969
970 sent = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_RANDOM_ADDR);
971 if (!sent)
972 return;
973
974 hci_dev_lock(hdev);
975
976 if (!status)
977 bacpy(&hdev->random_addr, sent);
978
979 hci_dev_unlock(hdev);
980}
981
c1d5dc4a
JH		 982static void hci_cc_le_set_adv_enable(struct hci_dev *hdev, struct sk_buff *skb)
983{
984 __u8 *sent, status = *((__u8 *) skb->data);
985
986 BT_DBG("%s status 0x%2.2x", hdev->name, status);
987
988 sent = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_ADV_ENABLE);
989 if (!sent)
990 return;
991
992 hci_dev_lock(hdev);
993
778b235a
JH		 994 if (!status)
995 mgmt_advertising(hdev, *sent);
c1d5dc4a 996
04b4edcb 997 hci_dev_unlock(hdev);
c1d5dc4a
JH		 998}
999
eb9d91f5 1000static void hci_cc_le_set_scan_enable(struct hci_dev *hdev,
807deac2 1001 struct sk_buff *skb)
eb9d91f5
AG		 1002{
1003 struct hci_cp_le_set_scan_enable *cp;
1004 __u8 status = *((__u8 *) skb->data);
1005
9f1db00c 1006 BT_DBG("%s status 0x%2.2x", hdev->name, status);
eb9d91f5 1007
eb9d91f5
AG		 1008 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_SCAN_ENABLE);
1009 if (!cp)
1010 return;
1011
3fd319b8
AG		 1012 if (status)
1013 return;
1014
68a8aea4 1015 switch (cp->enable) {
76a388be 1016 case LE_SCAN_ENABLE:
d23264a8 1017 set_bit(HCI_LE_SCAN, &hdev->dev_flags);
68a8aea4
AE		 1018 break;
1019
76a388be 1020 case LE_SCAN_DISABLE:
317ac8cb
JH		 1021 /* Cancel this timer so that we don't try to disable scanning
1022 * when it's already disabled.
1023 */
1024 cancel_delayed_work(&hdev->le_scan_disable);
1025
d23264a8 1026 clear_bit(HCI_LE_SCAN, &hdev->dev_flags);
81ad6fd9
JH		 1027 /* The HCI_LE_SCAN_INTERRUPTED flag indicates that we
1028 * interrupted scanning due to a connect request. Mark
1029 * therefore discovery as stopped.
1030 */
1031 if (test_and_clear_bit(HCI_LE_SCAN_INTERRUPTED,
1032 &hdev->dev_flags))
1033 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
68a8aea4
AE		 1034 break;
1035
1036 default:
1037 BT_ERR("Used reserved LE_Scan_Enable param %d", cp->enable);
1038 break;
35815085 1039 }
eb9d91f5
AG		 1040}
1041
cf1d081f
JH		 1042static void hci_cc_le_read_white_list_size(struct hci_dev *hdev,
1043 struct sk_buff *skb)
1044{
1045 struct hci_rp_le_read_white_list_size *rp = (void *) skb->data;
1046
1047 BT_DBG("%s status 0x%2.2x size %u", hdev->name, rp->status, rp->size);
1048
1049 if (!rp->status)
1050 hdev->le_white_list_size = rp->size;
cf1d081f
JH		 1051}
1052
0f36b589
MH		 1053static void hci_cc_le_clear_white_list(struct hci_dev *hdev,
1054 struct sk_buff *skb)
1055{
1056 __u8 status = *((__u8 *) skb->data);
1057
1058 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1059
1060 if (!status)
1061 hci_white_list_clear(hdev);
1062}
1063
1064static void hci_cc_le_add_to_white_list(struct hci_dev *hdev,
1065 struct sk_buff *skb)
1066{
1067 struct hci_cp_le_add_to_white_list *sent;
1068 __u8 status = *((__u8 *) skb->data);
1069
1070 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1071
1072 sent = hci_sent_cmd_data(hdev, HCI_OP_LE_ADD_TO_WHITE_LIST);
1073 if (!sent)
1074 return;
1075
1076 if (!status)
1077 hci_white_list_add(hdev, &sent->bdaddr, sent->bdaddr_type);
1078}
1079
1080static void hci_cc_le_del_from_white_list(struct hci_dev *hdev,
1081 struct sk_buff *skb)
1082{
1083 struct hci_cp_le_del_from_white_list *sent;
1084 __u8 status = *((__u8 *) skb->data);
1085
1086 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1087
1088 sent = hci_sent_cmd_data(hdev, HCI_OP_LE_DEL_FROM_WHITE_LIST);
1089 if (!sent)
1090 return;
1091
1092 if (!status)
1093 hci_white_list_del(hdev, &sent->bdaddr, sent->bdaddr_type);
1094}
1095
9b008c04
JH		 1096static void hci_cc_le_read_supported_states(struct hci_dev *hdev,
1097 struct sk_buff *skb)
1098{
1099 struct hci_rp_le_read_supported_states *rp = (void *) skb->data;
1100
1101 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1102
1103 if (!rp->status)
1104 memcpy(hdev->le_states, rp->le_states, 8);
9b008c04
JH		 1105}
1106
6039aa73
GP		 1107static void hci_cc_write_le_host_supported(struct hci_dev *hdev,
1108 struct sk_buff *skb)
f9b49306 1109{
06199cf8 1110 struct hci_cp_write_le_host_supported *sent;
f9b49306
AG		 1111 __u8 status = *((__u8 *) skb->data);
1112
9f1db00c 1113 BT_DBG("%s status 0x%2.2x", hdev->name, status);
f9b49306 1114
06199cf8 1115 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED);
8f984dfa 1116 if (!sent)
f9b49306
AG		 1117 return;
1118
8f984dfa 1119 if (!status) {
416a4ae5 1120 if (sent->le) {
cad718ed 1121 hdev->features[1][0] |= LMP_HOST_LE;
416a4ae5
JH		 1122 set_bit(HCI_LE_ENABLED, &hdev->dev_flags);
1123 } else {
cad718ed 1124 hdev->features[1][0] &= ~LMP_HOST_LE;
416a4ae5 1125 clear_bit(HCI_LE_ENABLED, &hdev->dev_flags);
f3d3444a 1126 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
416a4ae5 1127 }
53b2caab
JH		 1128
1129 if (sent->simul)
cad718ed 1130 hdev->features[1][0] |= LMP_HOST_LE_BREDR;
53b2caab 1131 else
cad718ed 1132 hdev->features[1][0] &= ~LMP_HOST_LE_BREDR;
8f984dfa 1133 }
f9b49306
AG		 1134}
1135
56ed2cb8
JH		 1136static void hci_cc_set_adv_param(struct hci_dev *hdev, struct sk_buff *skb)
1137{
1138 struct hci_cp_le_set_adv_param *cp;
1139 u8 status = *((u8 *) skb->data);
1140
1141 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1142
1143 if (status)
1144 return;
1145
1146 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_ADV_PARAM);
1147 if (!cp)
1148 return;
1149
1150 hci_dev_lock(hdev);
1151 hdev->adv_addr_type = cp->own_address_type;
1152 hci_dev_unlock(hdev);
1153}
1154
93c284ee
AE		 1155static void hci_cc_write_remote_amp_assoc(struct hci_dev *hdev,
1156 struct sk_buff *skb)
1157{
1158 struct hci_rp_write_remote_amp_assoc *rp = (void *) skb->data;
1159
1160 BT_DBG("%s status 0x%2.2x phy_handle 0x%2.2x",
1161 hdev->name, rp->status, rp->phy_handle);
1162
1163 if (rp->status)
1164 return;
1165
1166 amp_write_rem_assoc_continue(hdev, rp->phy_handle);
1167}
1168
6039aa73 1169static void hci_cs_inquiry(struct hci_dev *hdev, __u8 status)
a9de9248 1170{
9f1db00c 1171 BT_DBG("%s status 0x%2.2x", hdev->name, status);
a9de9248
MH		 1172
1173 if (status) {
a9de9248 1174 hci_conn_check_pending(hdev);
314b2381
JH		 1175 return;
1176 }
1177
89352e7d 1178 set_bit(HCI_INQUIRY, &hdev->flags);
1da177e4
LT		 1179}
1180
6039aa73 1181static void hci_cs_create_conn(struct hci_dev *hdev, __u8 status)
1da177e4 1182{
a9de9248 1183 struct hci_cp_create_conn *cp;
1da177e4 1184 struct hci_conn *conn;
1da177e4 1185
9f1db00c 1186 BT_DBG("%s status 0x%2.2x", hdev->name, status);
a9de9248
MH		 1187
1188 cp = hci_sent_cmd_data(hdev, HCI_OP_CREATE_CONN);
1da177e4
LT		 1189 if (!cp)
1190 return;
1191
1192 hci_dev_lock(hdev);
1193
1194 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1195
6ed93dc6 1196 BT_DBG("%s bdaddr %pMR hcon %p", hdev->name, &cp->bdaddr, conn);
1da177e4
LT		 1197
1198 if (status) {
1199 if (conn && conn->state == BT_CONNECT) {
4c67bc74
MH		 1200 if (status != 0x0c || conn->attempt > 2) {
1201 conn->state = BT_CLOSED;
1202 hci_proto_connect_cfm(conn, status);
1203 hci_conn_del(conn);
1204 } else
1205 conn->state = BT_CONNECT2;
1da177e4
LT		 1206 }
1207 } else {
1208 if (!conn) {
1209 conn = hci_conn_add(hdev, ACL_LINK, &cp->bdaddr);
1210 if (conn) {
a0c808b3 1211 conn->out = true;
1da177e4
LT		 1212 conn->link_mode |= HCI_LM_MASTER;
1213 } else
893ef971 1214 BT_ERR("No memory for new connection");
1da177e4
LT		 1215 }
1216 }
1217
1218 hci_dev_unlock(hdev);
1219}
1220
a9de9248 1221static void hci_cs_add_sco(struct hci_dev *hdev, __u8 status)
1da177e4 1222{
a9de9248
MH		 1223 struct hci_cp_add_sco *cp;
1224 struct hci_conn *acl, *sco;
1225 __u16 handle;
1da177e4 1226
9f1db00c 1227 BT_DBG("%s status 0x%2.2x", hdev->name, status);
b6a0dc82 1228
a9de9248
MH		 1229 if (!status)
1230 return;
1da177e4 1231
a9de9248
MH		 1232 cp = hci_sent_cmd_data(hdev, HCI_OP_ADD_SCO);
1233 if (!cp)
1234 return;
1da177e4 1235
a9de9248 1236 handle = __le16_to_cpu(cp->handle);
1da177e4 1237
9f1db00c 1238 BT_DBG("%s handle 0x%4.4x", hdev->name, handle);
1da177e4 1239
a9de9248 1240 hci_dev_lock(hdev);
1da177e4 1241
a9de9248 1242 acl = hci_conn_hash_lookup_handle(hdev, handle);
5a08ecce
AE		 1243 if (acl) {
1244 sco = acl->link;
1245 if (sco) {
1246 sco->state = BT_CLOSED;
1da177e4 1247
5a08ecce
AE		 1248 hci_proto_connect_cfm(sco, status);
1249 hci_conn_del(sco);
1250 }
a9de9248 1251 }
1da177e4 1252
a9de9248
MH		 1253 hci_dev_unlock(hdev);
1254}
1da177e4 1255
f8558555
MH		 1256static void hci_cs_auth_requested(struct hci_dev *hdev, __u8 status)
1257{
1258 struct hci_cp_auth_requested *cp;
1259 struct hci_conn *conn;
1260
9f1db00c 1261 BT_DBG("%s status 0x%2.2x", hdev->name, status);
f8558555
MH		 1262
1263 if (!status)
1264 return;
1265
1266 cp = hci_sent_cmd_data(hdev, HCI_OP_AUTH_REQUESTED);
1267 if (!cp)
1268 return;
1269
1270 hci_dev_lock(hdev);
1271
1272 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1273 if (conn) {
1274 if (conn->state == BT_CONFIG) {
1275 hci_proto_connect_cfm(conn, status);
76a68ba0 1276 hci_conn_drop(conn);
f8558555
MH		 1277 }
1278 }
1279
1280 hci_dev_unlock(hdev);
1281}
1282
1283static void hci_cs_set_conn_encrypt(struct hci_dev *hdev, __u8 status)
1284{
1285 struct hci_cp_set_conn_encrypt *cp;
1286 struct hci_conn *conn;
1287
9f1db00c 1288 BT_DBG("%s status 0x%2.2x", hdev->name, status);
f8558555
MH		 1289
1290 if (!status)
1291 return;
1292
1293 cp = hci_sent_cmd_data(hdev, HCI_OP_SET_CONN_ENCRYPT);
1294 if (!cp)
1295 return;
1296
1297 hci_dev_lock(hdev);
1298
1299 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1300 if (conn) {
1301 if (conn->state == BT_CONFIG) {
1302 hci_proto_connect_cfm(conn, status);
76a68ba0 1303 hci_conn_drop(conn);
f8558555
MH		 1304 }
1305 }
1306
1307 hci_dev_unlock(hdev);
1308}
1309
127178d2 1310static int hci_outgoing_auth_needed(struct hci_dev *hdev,
807deac2 1311 struct hci_conn *conn)
392599b9 1312{
392599b9
JH		 1313 if (conn->state != BT_CONFIG || !conn->out)
1314 return 0;
1315
765c2a96 1316 if (conn->pending_sec_level == BT_SECURITY_SDP)
392599b9
JH		 1317 return 0;
1318
1319 /* Only request authentication for SSP connections or non-SSP
264b8b4e
JH		 1320 * devices with sec_level MEDIUM or HIGH or if MITM protection
1321 * is requested.
1322 */
807deac2 1323 if (!hci_conn_ssp_enabled(conn) && !(conn->auth_type & 0x01) &&
264b8b4e
JH		 1324 conn->pending_sec_level != BT_SECURITY_HIGH &&
1325 conn->pending_sec_level != BT_SECURITY_MEDIUM)
392599b9
JH		 1326 return 0;
1327
392599b9
JH		 1328 return 1;
1329}
1330
6039aa73 1331static int hci_resolve_name(struct hci_dev *hdev,
04124681 1332 struct inquiry_entry *e)
30dc78e1
JH		 1333{
1334 struct hci_cp_remote_name_req cp;
1335
1336 memset(&cp, 0, sizeof(cp));
1337
1338 bacpy(&cp.bdaddr, &e->data.bdaddr);
1339 cp.pscan_rep_mode = e->data.pscan_rep_mode;
1340 cp.pscan_mode = e->data.pscan_mode;
1341 cp.clock_offset = e->data.clock_offset;
1342
1343 return hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
1344}
1345
b644ba33 1346static bool hci_resolve_next_name(struct hci_dev *hdev)
30dc78e1
JH		 1347{
1348 struct discovery_state *discov = &hdev->discovery;
1349 struct inquiry_entry *e;
1350
b644ba33
JH		 1351 if (list_empty(&discov->resolve))
1352 return false;
1353
1354 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_NEEDED);
c810089c
RM		 1355 if (!e)
1356 return false;
1357
b644ba33
JH		 1358 if (hci_resolve_name(hdev, e) == 0) {
1359 e->name_state = NAME_PENDING;
1360 return true;
1361 }
1362
1363 return false;
1364}
1365
1366static void hci_check_pending_name(struct hci_dev *hdev, struct hci_conn *conn,
04124681 1367 bdaddr_t *bdaddr, u8 *name, u8 name_len)
b644ba33
JH		 1368{
1369 struct discovery_state *discov = &hdev->discovery;
1370 struct inquiry_entry *e;
1371
1372 if (conn && !test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
04124681
GP		 1373 mgmt_device_connected(hdev, bdaddr, ACL_LINK, 0x00, 0, name,
1374 name_len, conn->dev_class);
b644ba33
JH		 1375
1376 if (discov->state == DISCOVERY_STOPPED)
1377 return;
1378
30dc78e1
JH		 1379 if (discov->state == DISCOVERY_STOPPING)
1380 goto discov_complete;
1381
1382 if (discov->state != DISCOVERY_RESOLVING)
1383 return;
1384
1385 e = hci_inquiry_cache_lookup_resolve(hdev, bdaddr, NAME_PENDING);
7cc8380e
RM		 1386 /* If the device was not found in a list of found devices names of which
1387 * are pending. there is no need to continue resolving a next name as it
1388 * will be done upon receiving another Remote Name Request Complete
1389 * Event */
1390 if (!e)
1391 return;
1392
1393 list_del(&e->list);
1394 if (name) {
30dc78e1 1395 e->name_state = NAME_KNOWN;
7cc8380e
RM		 1396 mgmt_remote_name(hdev, bdaddr, ACL_LINK, 0x00,
1397 e->data.rssi, name, name_len);
c3e7c0d9
RM		 1398 } else {
1399 e->name_state = NAME_NOT_KNOWN;
30dc78e1
JH		 1400 }
1401
b644ba33 1402 if (hci_resolve_next_name(hdev))
30dc78e1 1403 return;
30dc78e1
JH		 1404
1405discov_complete:
1406 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1407}
1408
a9de9248
MH		 1409static void hci_cs_remote_name_req(struct hci_dev *hdev, __u8 status)
1410{
127178d2
JH		 1411 struct hci_cp_remote_name_req *cp;
1412 struct hci_conn *conn;
1413
9f1db00c 1414 BT_DBG("%s status 0x%2.2x", hdev->name, status);
127178d2
JH		 1415
1416 /* If successful wait for the name req complete event before
1417 * checking for the need to do authentication */
1418 if (!status)
1419 return;
1420
1421 cp = hci_sent_cmd_data(hdev, HCI_OP_REMOTE_NAME_REQ);
1422 if (!cp)
1423 return;
1424
1425 hci_dev_lock(hdev);
1426
b644ba33
JH		 1427 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1428
a8b2d5c2 1429 if (test_bit(HCI_MGMT, &hdev->dev_flags))
b644ba33 1430 hci_check_pending_name(hdev, conn, &cp->bdaddr, NULL, 0);
30dc78e1 1431
79c6c70c
JH		 1432 if (!conn)
1433 goto unlock;
1434
1435 if (!hci_outgoing_auth_needed(hdev, conn))
1436 goto unlock;
1437
51a8efd7 1438 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
c1f23a2b
JB		 1439 struct hci_cp_auth_requested auth_cp;
1440
1441 auth_cp.handle = __cpu_to_le16(conn->handle);
1442 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED,
1443 sizeof(auth_cp), &auth_cp);
127178d2
JH		 1444 }
1445
79c6c70c 1446unlock:
127178d2 1447 hci_dev_unlock(hdev);
a9de9248 1448}
1da177e4 1449
769be974
MH		 1450static void hci_cs_read_remote_features(struct hci_dev *hdev, __u8 status)
1451{
1452 struct hci_cp_read_remote_features *cp;
1453 struct hci_conn *conn;
1454
9f1db00c 1455 BT_DBG("%s status 0x%2.2x", hdev->name, status);
769be974
MH		 1456
1457 if (!status)
1458 return;
1459
1460 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_FEATURES);
1461 if (!cp)
1462 return;
1463
1464 hci_dev_lock(hdev);
1465
1466 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1467 if (conn) {
1468 if (conn->state == BT_CONFIG) {
769be974 1469 hci_proto_connect_cfm(conn, status);
76a68ba0 1470 hci_conn_drop(conn);
769be974
MH		 1471 }
1472 }
1473
1474 hci_dev_unlock(hdev);
1475}
1476
1477static void hci_cs_read_remote_ext_features(struct hci_dev *hdev, __u8 status)
1478{
1479 struct hci_cp_read_remote_ext_features *cp;
1480 struct hci_conn *conn;
1481
9f1db00c 1482 BT_DBG("%s status 0x%2.2x", hdev->name, status);
769be974
MH		 1483
1484 if (!status)
1485 return;
1486
1487 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES);
1488 if (!cp)
1489 return;
1490
1491 hci_dev_lock(hdev);
1492
1493 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1494 if (conn) {
1495 if (conn->state == BT_CONFIG) {
769be974 1496 hci_proto_connect_cfm(conn, status);
76a68ba0 1497 hci_conn_drop(conn);
769be974
MH		 1498 }
1499 }
1500
1501 hci_dev_unlock(hdev);
1502}
1503
a9de9248
MH		 1504static void hci_cs_setup_sync_conn(struct hci_dev *hdev, __u8 status)
1505{
b6a0dc82
MH		 1506 struct hci_cp_setup_sync_conn *cp;
1507 struct hci_conn *acl, *sco;
1508 __u16 handle;
1509
9f1db00c 1510 BT_DBG("%s status 0x%2.2x", hdev->name, status);
b6a0dc82
MH		 1511
1512 if (!status)
1513 return;
1514
1515 cp = hci_sent_cmd_data(hdev, HCI_OP_SETUP_SYNC_CONN);
1516 if (!cp)
1517 return;
1518
1519 handle = __le16_to_cpu(cp->handle);
1520
9f1db00c 1521 BT_DBG("%s handle 0x%4.4x", hdev->name, handle);
b6a0dc82
MH		 1522
1523 hci_dev_lock(hdev);
1524
1525 acl = hci_conn_hash_lookup_handle(hdev, handle);
5a08ecce
AE		 1526 if (acl) {
1527 sco = acl->link;
1528 if (sco) {
1529 sco->state = BT_CLOSED;
b6a0dc82 1530
5a08ecce
AE		 1531 hci_proto_connect_cfm(sco, status);
1532 hci_conn_del(sco);
1533 }
b6a0dc82
MH		 1534 }
1535
1536 hci_dev_unlock(hdev);
1da177e4
LT		 1537}
1538
a9de9248 1539static void hci_cs_sniff_mode(struct hci_dev *hdev, __u8 status)
1da177e4 1540{
a9de9248
MH		 1541 struct hci_cp_sniff_mode *cp;
1542 struct hci_conn *conn;
1da177e4 1543
9f1db00c 1544 BT_DBG("%s status 0x%2.2x", hdev->name, status);
04837f64 1545
a9de9248
MH		 1546 if (!status)
1547 return;
04837f64 1548
a9de9248
MH		 1549 cp = hci_sent_cmd_data(hdev, HCI_OP_SNIFF_MODE);
1550 if (!cp)
1551 return;
04837f64 1552
a9de9248 1553 hci_dev_lock(hdev);
04837f64 1554
a9de9248 1555 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
e73439d8 1556 if (conn) {
51a8efd7 1557 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags);
04837f64 1558
51a8efd7 1559 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
e73439d8
MH		 1560 hci_sco_setup(conn, status);
1561 }
1562
a9de9248
MH		 1563 hci_dev_unlock(hdev);
1564}
04837f64 1565
a9de9248
MH		 1566static void hci_cs_exit_sniff_mode(struct hci_dev *hdev, __u8 status)
1567{
1568 struct hci_cp_exit_sniff_mode *cp;
1569 struct hci_conn *conn;
04837f64 1570
9f1db00c 1571 BT_DBG("%s status 0x%2.2x", hdev->name, status);
04837f64 1572
a9de9248
MH		 1573 if (!status)
1574 return;
04837f64 1575
a9de9248
MH		 1576 cp = hci_sent_cmd_data(hdev, HCI_OP_EXIT_SNIFF_MODE);
1577 if (!cp)
1578 return;
04837f64 1579
a9de9248 1580 hci_dev_lock(hdev);
1da177e4 1581
a9de9248 1582 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
e73439d8 1583 if (conn) {
51a8efd7 1584 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags);
1da177e4 1585
51a8efd7 1586 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
e73439d8
MH		 1587 hci_sco_setup(conn, status);
1588 }
1589
a9de9248 1590 hci_dev_unlock(hdev);
1da177e4
LT		 1591}
1592
88c3df13
JH		 1593static void hci_cs_disconnect(struct hci_dev *hdev, u8 status)
1594{
1595 struct hci_cp_disconnect *cp;
1596 struct hci_conn *conn;
1597
1598 if (!status)
1599 return;
1600
1601 cp = hci_sent_cmd_data(hdev, HCI_OP_DISCONNECT);
1602 if (!cp)
1603 return;
1604
1605 hci_dev_lock(hdev);
1606
1607 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1608 if (conn)
1609 mgmt_disconnect_failed(hdev, &conn->dst, conn->type,
04124681 1610 conn->dst_type, status);
88c3df13
JH		 1611
1612 hci_dev_unlock(hdev);
1613}
1614
a02226d6
AE		 1615static void hci_cs_create_phylink(struct hci_dev *hdev, u8 status)
1616{
93c284ee
AE		 1617 struct hci_cp_create_phy_link *cp;
1618
a02226d6 1619 BT_DBG("%s status 0x%2.2x", hdev->name, status);
93c284ee 1620
93c284ee
AE		 1621 cp = hci_sent_cmd_data(hdev, HCI_OP_CREATE_PHY_LINK);
1622 if (!cp)
1623 return;
1624
e58917b9
AE		 1625 hci_dev_lock(hdev);
1626
1627 if (status) {
1628 struct hci_conn *hcon;
1629
1630 hcon = hci_conn_hash_lookup_handle(hdev, cp->phy_handle);
1631 if (hcon)
1632 hci_conn_del(hcon);
1633 } else {
1634 amp_write_remote_assoc(hdev, cp->phy_handle);
1635 }
1636
1637 hci_dev_unlock(hdev);
a02226d6
AE		 1638}
1639
0b26ab9d
AE		 1640static void hci_cs_accept_phylink(struct hci_dev *hdev, u8 status)
1641{
1642 struct hci_cp_accept_phy_link *cp;
1643
1644 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1645
1646 if (status)
1647 return;
1648
1649 cp = hci_sent_cmd_data(hdev, HCI_OP_ACCEPT_PHY_LINK);
1650 if (!cp)
1651 return;
1652
1653 amp_write_remote_assoc(hdev, cp->phy_handle);
1654}
1655
cb1d68f7
JH		 1656static void hci_cs_le_create_conn(struct hci_dev *hdev, u8 status)
1657{
1658 struct hci_cp_le_create_conn *cp;
1659 struct hci_conn *conn;
1660
1661 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1662
1663 /* All connection failure handling is taken care of by the
1664 * hci_le_conn_failed function which is triggered by the HCI
1665 * request completion callbacks used for connecting.
1666 */
1667 if (status)
1668 return;
1669
1670 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_CREATE_CONN);
1671 if (!cp)
1672 return;
1673
1674 hci_dev_lock(hdev);
1675
1676 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->peer_addr);
1677 if (!conn)
1678 goto unlock;
1679
1680 /* Store the initiator and responder address information which
1681 * is needed for SMP. These values will not change during the
1682 * lifetime of the connection.
1683 */
1684 conn->init_addr_type = cp->own_address_type;
1685 if (cp->own_address_type == ADDR_LE_DEV_RANDOM)
1686 bacpy(&conn->init_addr, &hdev->random_addr);
1687 else
1688 bacpy(&conn->init_addr, &hdev->bdaddr);
1689
1690 conn->resp_addr_type = cp->peer_addr_type;
1691 bacpy(&conn->resp_addr, &cp->peer_addr);
1692
9489eca4
JH		 1693 /* We don't want the connection attempt to stick around
1694 * indefinitely since LE doesn't have a page timeout concept
1695 * like BR/EDR. Set a timer for any connection that doesn't use
1696 * the white list for connecting.
1697 */
1698 if (cp->filter_policy == HCI_LE_USE_PEER_ADDR)
1699 queue_delayed_work(conn->hdev->workqueue,
1700 &conn->le_conn_timeout,
1701 HCI_LE_CONN_TIMEOUT);
1702
cb1d68f7
JH		 1703unlock:
1704 hci_dev_unlock(hdev);
1705}
1706
6039aa73 1707static void hci_inquiry_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4
LT		 1708{
1709 __u8 status = *((__u8 *) skb->data);
30dc78e1
JH		 1710 struct discovery_state *discov = &hdev->discovery;
1711 struct inquiry_entry *e;
1da177e4 1712
9f1db00c 1713 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1da177e4 1714
a9de9248 1715 hci_conn_check_pending(hdev);
89352e7d
AG		 1716
1717 if (!test_and_clear_bit(HCI_INQUIRY, &hdev->flags))
1718 return;
1719
3e13fa1e
AG		 1720 smp_mb__after_clear_bit(); /* wake_up_bit advises about this barrier */
1721 wake_up_bit(&hdev->flags, HCI_INQUIRY);
1722
a8b2d5c2 1723 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
30dc78e1
JH		 1724 return;
1725
56e5cb86 1726 hci_dev_lock(hdev);
30dc78e1 1727
343f935b 1728 if (discov->state != DISCOVERY_FINDING)
30dc78e1
JH		 1729 goto unlock;
1730
1731 if (list_empty(&discov->resolve)) {
1732 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1733 goto unlock;
1734 }
1735
1736 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_NEEDED);
1737 if (e && hci_resolve_name(hdev, e) == 0) {
1738 e->name_state = NAME_PENDING;
1739 hci_discovery_set_state(hdev, DISCOVERY_RESOLVING);
1740 } else {
1741 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1742 }
1743
1744unlock:
56e5cb86 1745 hci_dev_unlock(hdev);
1da177e4
LT		 1746}
1747
6039aa73 1748static void hci_inquiry_result_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 1749{
45bb4bf0 1750 struct inquiry_data data;
a9de9248 1751 struct inquiry_info *info = (void *) (skb->data + 1);
1da177e4
LT		 1752 int num_rsp = *((__u8 *) skb->data);
1753
1754 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
1755
45bb4bf0
MH		 1756 if (!num_rsp)
1757 return;
1758
1519cc17
AG		 1759 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags))
1760 return;
1761
1da177e4 1762 hci_dev_lock(hdev);
45bb4bf0 1763
e17acd40 1764 for (; num_rsp; num_rsp--, info++) {
388fc8fa 1765 bool name_known, ssp;
3175405b 1766
1da177e4
LT		 1767 bacpy(&data.bdaddr, &info->bdaddr);
1768 data.pscan_rep_mode = info->pscan_rep_mode;
1769 data.pscan_period_mode = info->pscan_period_mode;
1770 data.pscan_mode = info->pscan_mode;
1771 memcpy(data.dev_class, info->dev_class, 3);
1772 data.clock_offset = info->clock_offset;
1773 data.rssi = 0x00;
41a96212 1774 data.ssp_mode = 0x00;
3175405b 1775
388fc8fa 1776 name_known = hci_inquiry_cache_update(hdev, &data, false, &ssp);
48264f06 1777 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
04124681
GP		 1778 info->dev_class, 0, !name_known, ssp, NULL,
1779 0);
1da177e4 1780 }
45bb4bf0 1781
1da177e4
LT		 1782 hci_dev_unlock(hdev);
1783}
1784
6039aa73 1785static void hci_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 1786{
a9de9248
MH		 1787 struct hci_ev_conn_complete *ev = (void *) skb->data;
1788 struct hci_conn *conn;
1da177e4
LT		 1789
1790 BT_DBG("%s", hdev->name);
1791
1792 hci_dev_lock(hdev);
1793
1794 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
9499237a
MH		 1795 if (!conn) {
1796 if (ev->link_type != SCO_LINK)
1797 goto unlock;
1798
1799 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
1800 if (!conn)
1801 goto unlock;
1802
1803 conn->type = SCO_LINK;
1804 }
1da177e4
LT		 1805
1806 if (!ev->status) {
1807 conn->handle = __le16_to_cpu(ev->handle);
769be974
MH		 1808
1809 if (conn->type == ACL_LINK) {
1810 conn->state = BT_CONFIG;
1811 hci_conn_hold(conn);
a9ea3ed9
SJ		 1812
1813 if (!conn->out && !hci_conn_ssp_enabled(conn) &&
1814 !hci_find_link_key(hdev, &ev->bdaddr))
1815 conn->disc_timeout = HCI_PAIRING_TIMEOUT;
1816 else
1817 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
769be974
MH		 1818 } else
1819 conn->state = BT_CONNECTED;
1da177e4 1820
7d0db0a3
MH		 1821 hci_conn_add_sysfs(conn);
1822
1da177e4
LT		 1823 if (test_bit(HCI_AUTH, &hdev->flags))
1824 conn->link_mode |= HCI_LM_AUTH;
1825
1826 if (test_bit(HCI_ENCRYPT, &hdev->flags))
1827 conn->link_mode |= HCI_LM_ENCRYPT;
1828
04837f64
MH		 1829 /* Get remote features */
1830 if (conn->type == ACL_LINK) {
1831 struct hci_cp_read_remote_features cp;
1832 cp.handle = ev->handle;
769be974 1833 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_FEATURES,
04124681 1834 sizeof(cp), &cp);
04837f64
MH		 1835 }
1836
1da177e4 1837 /* Set packet type for incoming connection */
d095c1eb 1838 if (!conn->out && hdev->hci_ver < BLUETOOTH_VER_2_0) {
1da177e4
LT		 1839 struct hci_cp_change_conn_ptype cp;
1840 cp.handle = ev->handle;
a8746417 1841 cp.pkt_type = cpu_to_le16(conn->pkt_type);
04124681
GP		 1842 hci_send_cmd(hdev, HCI_OP_CHANGE_CONN_PTYPE, sizeof(cp),
1843 &cp);
1da177e4 1844 }
17d5c04c 1845 } else {
1da177e4 1846 conn->state = BT_CLOSED;
17d5c04c 1847 if (conn->type == ACL_LINK)
64c7b77c 1848 mgmt_connect_failed(hdev, &conn->dst, conn->type,
04124681 1849 conn->dst_type, ev->status);
17d5c04c 1850 }
1da177e4 1851
e73439d8
MH		 1852 if (conn->type == ACL_LINK)
1853 hci_sco_setup(conn, ev->status);
1da177e4 1854
769be974
MH		 1855 if (ev->status) {
1856 hci_proto_connect_cfm(conn, ev->status);
1da177e4 1857 hci_conn_del(conn);
c89b6e6b
MH		 1858 } else if (ev->link_type != ACL_LINK)
1859 hci_proto_connect_cfm(conn, ev->status);
1da177e4 1860
a9de9248 1861unlock:
1da177e4 1862 hci_dev_unlock(hdev);
1da177e4 1863
a9de9248 1864 hci_conn_check_pending(hdev);
1da177e4
LT		 1865}
1866
6039aa73 1867static void hci_conn_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 1868{
a9de9248
MH		 1869 struct hci_ev_conn_request *ev = (void *) skb->data;
1870 int mask = hdev->link_mode;
20714bfe 1871 __u8 flags = 0;
1da177e4 1872
6ed93dc6 1873 BT_DBG("%s bdaddr %pMR type 0x%x", hdev->name, &ev->bdaddr,
807deac2 1874 ev->link_type);
1da177e4 1875
20714bfe
FD		 1876 mask |= hci_proto_connect_ind(hdev, &ev->bdaddr, ev->link_type,
1877 &flags);
1da177e4 1878
138d22ef 1879 if ((mask & HCI_LM_ACCEPT) &&
b9ee0a78 1880 !hci_blacklist_lookup(hdev, &ev->bdaddr, BDADDR_BREDR)) {
a9de9248 1881 /* Connection accepted */
c7bdd502 1882 struct inquiry_entry *ie;
1da177e4 1883 struct hci_conn *conn;
1da177e4 1884
a9de9248 1885 hci_dev_lock(hdev);
b6a0dc82 1886
cc11b9c1
AE		 1887 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
1888 if (ie)
c7bdd502
MH		 1889 memcpy(ie->data.dev_class, ev->dev_class, 3);
1890
8fc9ced3
GP		 1891 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type,
1892 &ev->bdaddr);
a9de9248 1893 if (!conn) {
cc11b9c1
AE		 1894 conn = hci_conn_add(hdev, ev->link_type, &ev->bdaddr);
1895 if (!conn) {
893ef971 1896 BT_ERR("No memory for new connection");
a9de9248
MH		 1897 hci_dev_unlock(hdev);
1898 return;
1da177e4
LT		 1899 }
1900 }
b6a0dc82 1901
a9de9248 1902 memcpy(conn->dev_class, ev->dev_class, 3);
b6a0dc82 1903
a9de9248 1904 hci_dev_unlock(hdev);
1da177e4 1905
20714bfe
FD		 1906 if (ev->link_type == ACL_LINK ||
1907 (!(flags & HCI_PROTO_DEFER) && !lmp_esco_capable(hdev))) {
b6a0dc82 1908 struct hci_cp_accept_conn_req cp;
20714bfe 1909 conn->state = BT_CONNECT;
1da177e4 1910
b6a0dc82
MH		 1911 bacpy(&cp.bdaddr, &ev->bdaddr);
1912
1913 if (lmp_rswitch_capable(hdev) && (mask & HCI_LM_MASTER))
1914 cp.role = 0x00; /* Become master */
1915 else
1916 cp.role = 0x01; /* Remain slave */
1917
04124681
GP		 1918 hci_send_cmd(hdev, HCI_OP_ACCEPT_CONN_REQ, sizeof(cp),
1919 &cp);
20714bfe 1920 } else if (!(flags & HCI_PROTO_DEFER)) {
b6a0dc82 1921 struct hci_cp_accept_sync_conn_req cp;
20714bfe 1922 conn->state = BT_CONNECT;
b6a0dc82
MH		 1923
1924 bacpy(&cp.bdaddr, &ev->bdaddr);
a8746417 1925 cp.pkt_type = cpu_to_le16(conn->pkt_type);
b6a0dc82 1926
82781e63
AE		 1927 cp.tx_bandwidth = __constant_cpu_to_le32(0x00001f40);
1928 cp.rx_bandwidth = __constant_cpu_to_le32(0x00001f40);
1929 cp.max_latency = __constant_cpu_to_le16(0xffff);
b6a0dc82
MH		 1930 cp.content_format = cpu_to_le16(hdev->voice_setting);
1931 cp.retrans_effort = 0xff;
1da177e4 1932
b6a0dc82 1933 hci_send_cmd(hdev, HCI_OP_ACCEPT_SYNC_CONN_REQ,
04124681 1934 sizeof(cp), &cp);
20714bfe
FD		 1935 } else {
1936 conn->state = BT_CONNECT2;
1937 hci_proto_connect_cfm(conn, 0);
b6a0dc82 1938 }
a9de9248
MH		 1939 } else {
1940 /* Connection rejected */
1941 struct hci_cp_reject_conn_req cp;
1da177e4 1942
a9de9248 1943 bacpy(&cp.bdaddr, &ev->bdaddr);
9f5a0d7b 1944 cp.reason = HCI_ERROR_REJ_BAD_ADDR;
a9de9248 1945 hci_send_cmd(hdev, HCI_OP_REJECT_CONN_REQ, sizeof(cp), &cp);
1da177e4 1946 }
1da177e4
LT		 1947}
1948
f0d6a0ea
MA		 1949static u8 hci_to_mgmt_reason(u8 err)
1950{
1951 switch (err) {
1952 case HCI_ERROR_CONNECTION_TIMEOUT:
1953 return MGMT_DEV_DISCONN_TIMEOUT;
1954 case HCI_ERROR_REMOTE_USER_TERM:
1955 case HCI_ERROR_REMOTE_LOW_RESOURCES:
1956 case HCI_ERROR_REMOTE_POWER_OFF:
1957 return MGMT_DEV_DISCONN_REMOTE;
1958 case HCI_ERROR_LOCAL_HOST_TERM:
1959 return MGMT_DEV_DISCONN_LOCAL_HOST;
1960 default:
1961 return MGMT_DEV_DISCONN_UNKNOWN;
1962 }
1963}
1964
6039aa73 1965static void hci_disconn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
04837f64 1966{
a9de9248 1967 struct hci_ev_disconn_complete *ev = (void *) skb->data;
abf54a50 1968 u8 reason = hci_to_mgmt_reason(ev->reason);
9fcb18ef 1969 struct hci_conn_params *params;
04837f64 1970 struct hci_conn *conn;
12d4a3b2 1971 bool mgmt_connected;
3846220b 1972 u8 type;
04837f64 1973
9f1db00c 1974 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
04837f64
MH		 1975
1976 hci_dev_lock(hdev);
1977
1978 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
f7520543
JH		 1979 if (!conn)
1980 goto unlock;
7d0db0a3 1981
abf54a50
AG		 1982 if (ev->status) {
1983 mgmt_disconnect_failed(hdev, &conn->dst, conn->type,
1984 conn->dst_type, ev->status);
1985 goto unlock;
37d9ef76 1986 }
f7520543 1987
3846220b
AG		 1988 conn->state = BT_CLOSED;
1989
12d4a3b2
JH		 1990 mgmt_connected = test_and_clear_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags);
1991 mgmt_device_disconnected(hdev, &conn->dst, conn->type, conn->dst_type,
1992 reason, mgmt_connected);
abf54a50 1993
3846220b
AG		 1994 if (conn->type == ACL_LINK && conn->flush_key)
1995 hci_remove_link_key(hdev, &conn->dst);
2210246c 1996
9fcb18ef
AG		 1997 params = hci_conn_params_lookup(hdev, &conn->dst, conn->dst_type);
1998 if (params) {
1999 switch (params->auto_connect) {
2000 case HCI_AUTO_CONN_LINK_LOSS:
2001 if (ev->reason != HCI_ERROR_CONNECTION_TIMEOUT)
2002 break;
2003 /* Fall through */
2004
2005 case HCI_AUTO_CONN_ALWAYS:
2006 hci_pend_le_conn_add(hdev, &conn->dst, conn->dst_type);
2007 break;
2008
2009 default:
2010 break;
2011 }
2012 }
2013
3846220b 2014 type = conn->type;
2210246c 2015
3846220b
AG		 2016 hci_proto_disconn_cfm(conn, ev->reason);
2017 hci_conn_del(conn);
2018
2019 /* Re-enable advertising if necessary, since it might
2020 * have been disabled by the connection. From the
2021 * HCI_LE_Set_Advertise_Enable command description in
2022 * the core specification (v4.0):
2023 * "The Controller shall continue advertising until the Host
2024 * issues an LE_Set_Advertise_Enable command with
2025 * Advertising_Enable set to 0x00 (Advertising is disabled)
2026 * or until a connection is created or until the Advertising
2027 * is timed out due to Directed Advertising."
2028 */
2029 if (type == LE_LINK)
2030 mgmt_reenable_advertising(hdev);
f7520543
JH		 2031
2032unlock:
04837f64
MH		 2033 hci_dev_unlock(hdev);
2034}
2035
6039aa73 2036static void hci_auth_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 2037{
a9de9248 2038 struct hci_ev_auth_complete *ev = (void *) skb->data;
04837f64 2039 struct hci_conn *conn;
1da177e4 2040
9f1db00c 2041 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
1da177e4
LT		 2042
2043 hci_dev_lock(hdev);
2044
04837f64 2045 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
d7556e20
WR		 2046 if (!conn)
2047 goto unlock;
2048
2049 if (!ev->status) {
aa64a8b5 2050 if (!hci_conn_ssp_enabled(conn) &&
807deac2 2051 test_bit(HCI_CONN_REAUTH_PEND, &conn->flags)) {
d7556e20 2052 BT_INFO("re-auth of legacy device is not possible.");
2a611692 2053 } else {
d7556e20
WR		 2054 conn->link_mode |= HCI_LM_AUTH;
2055 conn->sec_level = conn->pending_sec_level;
2a611692 2056 }
d7556e20 2057 } else {
bab73cb6 2058 mgmt_auth_failed(hdev, &conn->dst, conn->type, conn->dst_type,
04124681 2059 ev->status);
d7556e20 2060 }
1da177e4 2061
51a8efd7
JH		 2062 clear_bit(HCI_CONN_AUTH_PEND, &conn->flags);
2063 clear_bit(HCI_CONN_REAUTH_PEND, &conn->flags);
1da177e4 2064
d7556e20 2065 if (conn->state == BT_CONFIG) {
aa64a8b5 2066 if (!ev->status && hci_conn_ssp_enabled(conn)) {
d7556e20
WR		 2067 struct hci_cp_set_conn_encrypt cp;
2068 cp.handle = ev->handle;
2069 cp.encrypt = 0x01;
2070 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
807deac2 2071 &cp);
052b30b0 2072 } else {
d7556e20
WR		 2073 conn->state = BT_CONNECTED;
2074 hci_proto_connect_cfm(conn, ev->status);
76a68ba0 2075 hci_conn_drop(conn);
052b30b0 2076 }
d7556e20
WR		 2077 } else {
2078 hci_auth_cfm(conn, ev->status);
052b30b0 2079
d7556e20
WR		 2080 hci_conn_hold(conn);
2081 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
76a68ba0 2082 hci_conn_drop(conn);
d7556e20
WR		 2083 }
2084
51a8efd7 2085 if (test_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags)) {
d7556e20
WR		 2086 if (!ev->status) {
2087 struct hci_cp_set_conn_encrypt cp;
2088 cp.handle = ev->handle;
2089 cp.encrypt = 0x01;
2090 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
807deac2 2091 &cp);
d7556e20 2092 } else {
51a8efd7 2093 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
d7556e20 2094 hci_encrypt_cfm(conn, ev->status, 0x00);
1da177e4
LT		 2095 }
2096 }
2097
d7556e20 2098unlock:
1da177e4
LT		 2099 hci_dev_unlock(hdev);
2100}
2101
6039aa73 2102static void hci_remote_name_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 2103{
127178d2
JH		 2104 struct hci_ev_remote_name *ev = (void *) skb->data;
2105 struct hci_conn *conn;
2106
a9de9248 2107 BT_DBG("%s", hdev->name);
1da177e4 2108
a9de9248 2109 hci_conn_check_pending(hdev);
127178d2
JH		 2110
2111 hci_dev_lock(hdev);
2112
b644ba33 2113 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
30dc78e1 2114
b644ba33
JH		 2115 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
2116 goto check_auth;
a88a9652 2117
b644ba33
JH		 2118 if (ev->status == 0)
2119 hci_check_pending_name(hdev, conn, &ev->bdaddr, ev->name,
04124681 2120 strnlen(ev->name, HCI_MAX_NAME_LENGTH));
b644ba33
JH		 2121 else
2122 hci_check_pending_name(hdev, conn, &ev->bdaddr, NULL, 0);
2123
2124check_auth:
79c6c70c
JH		 2125 if (!conn)
2126 goto unlock;
2127
2128 if (!hci_outgoing_auth_needed(hdev, conn))
2129 goto unlock;
2130
51a8efd7 2131 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
127178d2
JH		 2132 struct hci_cp_auth_requested cp;
2133 cp.handle = __cpu_to_le16(conn->handle);
2134 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp);
2135 }
2136
79c6c70c 2137unlock:
127178d2 2138 hci_dev_unlock(hdev);
a9de9248
MH		 2139}
2140
6039aa73 2141static void hci_encrypt_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248
MH		 2142{
2143 struct hci_ev_encrypt_change *ev = (void *) skb->data;
2144 struct hci_conn *conn;
2145
9f1db00c 2146 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
1da177e4
LT		 2147
2148 hci_dev_lock(hdev);
2149
04837f64 2150 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
dc8357cc
MH		 2151 if (!conn)
2152 goto unlock;
1da177e4 2153
dc8357cc
MH		 2154 if (!ev->status) {
2155 if (ev->encrypt) {
2156 /* Encryption implies authentication */
2157 conn->link_mode |= HCI_LM_AUTH;
2158 conn->link_mode |= HCI_LM_ENCRYPT;
2159 conn->sec_level = conn->pending_sec_level;
abf76bad 2160
914a6ffe
MH		 2161 /* P-256 authentication key implies FIPS */
2162 if (conn->key_type == HCI_LK_AUTH_COMBINATION_P256)
2163 conn->link_mode |= HCI_LM_FIPS;
2164
abf76bad
MH		 2165 if ((conn->type == ACL_LINK && ev->encrypt == 0x02) ||
2166 conn->type == LE_LINK)
2167 set_bit(HCI_CONN_AES_CCM, &conn->flags);
2168 } else {
dc8357cc 2169 conn->link_mode &= ~HCI_LM_ENCRYPT;
abf76bad
MH		 2170 clear_bit(HCI_CONN_AES_CCM, &conn->flags);
2171 }
dc8357cc 2172 }
a7d7723a 2173
dc8357cc 2174 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
f8558555 2175
dc8357cc
MH		 2176 if (ev->status && conn->state == BT_CONNECTED) {
2177 hci_disconnect(conn, HCI_ERROR_AUTH_FAILURE);
2178 hci_conn_drop(conn);
2179 goto unlock;
1da177e4
LT		 2180 }
2181
dc8357cc
MH		 2182 if (conn->state == BT_CONFIG) {
2183 if (!ev->status)
2184 conn->state = BT_CONNECTED;
2185
2186 hci_proto_connect_cfm(conn, ev->status);
2187 hci_conn_drop(conn);
2188 } else
2189 hci_encrypt_cfm(conn, ev->status, ev->encrypt);
2190
a7d7723a 2191unlock:
1da177e4
LT		 2192 hci_dev_unlock(hdev);
2193}
2194
6039aa73
GP		 2195static void hci_change_link_key_complete_evt(struct hci_dev *hdev,
2196 struct sk_buff *skb)
1da177e4 2197{
a9de9248 2198 struct hci_ev_change_link_key_complete *ev = (void *) skb->data;
04837f64 2199 struct hci_conn *conn;
1da177e4 2200
9f1db00c 2201 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
1da177e4
LT		 2202
2203 hci_dev_lock(hdev);
2204
04837f64 2205 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1da177e4
LT		 2206 if (conn) {
2207 if (!ev->status)
2208 conn->link_mode |= HCI_LM_SECURE;
2209
51a8efd7 2210 clear_bit(HCI_CONN_AUTH_PEND, &conn->flags);
1da177e4
LT		 2211
2212 hci_key_change_cfm(conn, ev->status);
2213 }
2214
2215 hci_dev_unlock(hdev);
2216}
2217
6039aa73
GP		 2218static void hci_remote_features_evt(struct hci_dev *hdev,
2219 struct sk_buff *skb)
1da177e4 2220{
a9de9248
MH		 2221 struct hci_ev_remote_features *ev = (void *) skb->data;
2222 struct hci_conn *conn;
2223
9f1db00c 2224 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
a9de9248 2225
a9de9248
MH		 2226 hci_dev_lock(hdev);
2227
2228 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
ccd556fe
JH		 2229 if (!conn)
2230 goto unlock;
769be974 2231
ccd556fe 2232 if (!ev->status)
cad718ed 2233 memcpy(conn->features[0], ev->features, 8);
ccd556fe
JH		 2234
2235 if (conn->state != BT_CONFIG)
2236 goto unlock;
2237
2238 if (!ev->status && lmp_ssp_capable(hdev) && lmp_ssp_capable(conn)) {
2239 struct hci_cp_read_remote_ext_features cp;
2240 cp.handle = ev->handle;
2241 cp.page = 0x01;
2242 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES,
807deac2 2243 sizeof(cp), &cp);
392599b9
JH		 2244 goto unlock;
2245 }
2246
671267bf 2247 if (!ev->status && !test_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags)) {
127178d2
JH		 2248 struct hci_cp_remote_name_req cp;
2249 memset(&cp, 0, sizeof(cp));
2250 bacpy(&cp.bdaddr, &conn->dst);
2251 cp.pscan_rep_mode = 0x02;
2252 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
b644ba33
JH		 2253 } else if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
2254 mgmt_device_connected(hdev, &conn->dst, conn->type,
04124681
GP		 2255 conn->dst_type, 0, NULL, 0,
2256 conn->dev_class);
392599b9 2257
127178d2 2258 if (!hci_outgoing_auth_needed(hdev, conn)) {
ccd556fe
JH		 2259 conn->state = BT_CONNECTED;
2260 hci_proto_connect_cfm(conn, ev->status);
76a68ba0 2261 hci_conn_drop(conn);
769be974 2262 }
a9de9248 2263
ccd556fe 2264unlock:
a9de9248 2265 hci_dev_unlock(hdev);
1da177e4
LT		 2266}
2267
6039aa73 2268static void hci_cmd_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248
MH		 2269{
2270 struct hci_ev_cmd_complete *ev = (void *) skb->data;
9238f36a 2271 u8 status = skb->data[sizeof(*ev)];
a9de9248
MH		 2272 __u16 opcode;
2273
2274 skb_pull(skb, sizeof(*ev));
2275
2276 opcode = __le16_to_cpu(ev->opcode);
2277
2278 switch (opcode) {
2279 case HCI_OP_INQUIRY_CANCEL:
2280 hci_cc_inquiry_cancel(hdev, skb);
2281 break;
2282
4d93483b
AG		 2283 case HCI_OP_PERIODIC_INQ:
2284 hci_cc_periodic_inq(hdev, skb);
2285 break;
2286
a9de9248
MH		 2287 case HCI_OP_EXIT_PERIODIC_INQ:
2288 hci_cc_exit_periodic_inq(hdev, skb);
2289 break;
2290
2291 case HCI_OP_REMOTE_NAME_REQ_CANCEL:
2292 hci_cc_remote_name_req_cancel(hdev, skb);
2293 break;
2294
2295 case HCI_OP_ROLE_DISCOVERY:
2296 hci_cc_role_discovery(hdev, skb);
2297 break;
2298
e4e8e37c
MH		 2299 case HCI_OP_READ_LINK_POLICY:
2300 hci_cc_read_link_policy(hdev, skb);
2301 break;
2302
a9de9248
MH		 2303 case HCI_OP_WRITE_LINK_POLICY:
2304 hci_cc_write_link_policy(hdev, skb);
2305 break;
2306
e4e8e37c
MH		 2307 case HCI_OP_READ_DEF_LINK_POLICY:
2308 hci_cc_read_def_link_policy(hdev, skb);
2309 break;
2310
2311 case HCI_OP_WRITE_DEF_LINK_POLICY:
2312 hci_cc_write_def_link_policy(hdev, skb);
2313 break;
2314
a9de9248
MH		 2315 case HCI_OP_RESET:
2316 hci_cc_reset(hdev, skb);
2317 break;
2318
2319 case HCI_OP_WRITE_LOCAL_NAME:
2320 hci_cc_write_local_name(hdev, skb);
2321 break;
2322
2323 case HCI_OP_READ_LOCAL_NAME:
2324 hci_cc_read_local_name(hdev, skb);
2325 break;
2326
2327 case HCI_OP_WRITE_AUTH_ENABLE:
2328 hci_cc_write_auth_enable(hdev, skb);
2329 break;
2330
2331 case HCI_OP_WRITE_ENCRYPT_MODE:
2332 hci_cc_write_encrypt_mode(hdev, skb);
2333 break;
2334
2335 case HCI_OP_WRITE_SCAN_ENABLE:
2336 hci_cc_write_scan_enable(hdev, skb);
2337 break;
2338
2339 case HCI_OP_READ_CLASS_OF_DEV:
2340 hci_cc_read_class_of_dev(hdev, skb);
2341 break;
2342
2343 case HCI_OP_WRITE_CLASS_OF_DEV:
2344 hci_cc_write_class_of_dev(hdev, skb);
2345 break;
2346
2347 case HCI_OP_READ_VOICE_SETTING:
2348 hci_cc_read_voice_setting(hdev, skb);
2349 break;
2350
2351 case HCI_OP_WRITE_VOICE_SETTING:
2352 hci_cc_write_voice_setting(hdev, skb);
2353 break;
2354
b4cb9fb2
MH		 2355 case HCI_OP_READ_NUM_SUPPORTED_IAC:
2356 hci_cc_read_num_supported_iac(hdev, skb);
2357 break;
2358
333140b5
MH		 2359 case HCI_OP_WRITE_SSP_MODE:
2360 hci_cc_write_ssp_mode(hdev, skb);
2361 break;
2362
eac83dc6
MH		 2363 case HCI_OP_WRITE_SC_SUPPORT:
2364 hci_cc_write_sc_support(hdev, skb);
2365 break;
2366
a9de9248
MH		 2367 case HCI_OP_READ_LOCAL_VERSION:
2368 hci_cc_read_local_version(hdev, skb);
2369 break;
2370
2371 case HCI_OP_READ_LOCAL_COMMANDS:
2372 hci_cc_read_local_commands(hdev, skb);
2373 break;
2374
2375 case HCI_OP_READ_LOCAL_FEATURES:
2376 hci_cc_read_local_features(hdev, skb);
2377 break;
2378
971e3a4b
AG		 2379 case HCI_OP_READ_LOCAL_EXT_FEATURES:
2380 hci_cc_read_local_ext_features(hdev, skb);
2381 break;
2382
a9de9248
MH		 2383 case HCI_OP_READ_BUFFER_SIZE:
2384 hci_cc_read_buffer_size(hdev, skb);
2385 break;
2386
2387 case HCI_OP_READ_BD_ADDR:
2388 hci_cc_read_bd_addr(hdev, skb);
2389 break;
2390
f332ec66
JH		 2391 case HCI_OP_READ_PAGE_SCAN_ACTIVITY:
2392 hci_cc_read_page_scan_activity(hdev, skb);
2393 break;
2394
4a3ee763
JH		 2395 case HCI_OP_WRITE_PAGE_SCAN_ACTIVITY:
2396 hci_cc_write_page_scan_activity(hdev, skb);
2397 break;
2398
f332ec66
JH		 2399 case HCI_OP_READ_PAGE_SCAN_TYPE:
2400 hci_cc_read_page_scan_type(hdev, skb);
2401 break;
2402
4a3ee763
JH		 2403 case HCI_OP_WRITE_PAGE_SCAN_TYPE:
2404 hci_cc_write_page_scan_type(hdev, skb);
2405 break;
2406
350ee4cf
AE		 2407 case HCI_OP_READ_DATA_BLOCK_SIZE:
2408 hci_cc_read_data_block_size(hdev, skb);
2409 break;
2410
1e89cffb
AE		 2411 case HCI_OP_READ_FLOW_CONTROL_MODE:
2412 hci_cc_read_flow_control_mode(hdev, skb);
2413 break;
2414
928abaa7
AE		 2415 case HCI_OP_READ_LOCAL_AMP_INFO:
2416 hci_cc_read_local_amp_info(hdev, skb);
2417 break;
2418
903e4541
AE		 2419 case HCI_OP_READ_LOCAL_AMP_ASSOC:
2420 hci_cc_read_local_amp_assoc(hdev, skb);
2421 break;
2422
d5859e22
JH		 2423 case HCI_OP_READ_INQ_RSP_TX_POWER:
2424 hci_cc_read_inq_rsp_tx_power(hdev, skb);
2425 break;
2426
980e1a53
JH		 2427 case HCI_OP_PIN_CODE_REPLY:
2428 hci_cc_pin_code_reply(hdev, skb);
2429 break;
2430
2431 case HCI_OP_PIN_CODE_NEG_REPLY:
2432 hci_cc_pin_code_neg_reply(hdev, skb);
2433 break;
2434
c35938b2 2435 case HCI_OP_READ_LOCAL_OOB_DATA:
4d2d2796
MH		 2436 hci_cc_read_local_oob_data(hdev, skb);
2437 break;
2438
2439 case HCI_OP_READ_LOCAL_OOB_EXT_DATA:
2440 hci_cc_read_local_oob_ext_data(hdev, skb);
c35938b2
SJ		 2441 break;
2442
6ed58ec5
VT		 2443 case HCI_OP_LE_READ_BUFFER_SIZE:
2444 hci_cc_le_read_buffer_size(hdev, skb);
2445 break;
2446
60e77321
JH		 2447 case HCI_OP_LE_READ_LOCAL_FEATURES:
2448 hci_cc_le_read_local_features(hdev, skb);
2449 break;
2450
8fa19098
JH		 2451 case HCI_OP_LE_READ_ADV_TX_POWER:
2452 hci_cc_le_read_adv_tx_power(hdev, skb);
2453 break;
2454
a5c29683
JH		 2455 case HCI_OP_USER_CONFIRM_REPLY:
2456 hci_cc_user_confirm_reply(hdev, skb);
2457 break;
2458
2459 case HCI_OP_USER_CONFIRM_NEG_REPLY:
2460 hci_cc_user_confirm_neg_reply(hdev, skb);
2461 break;
2462
1143d458
BG		 2463 case HCI_OP_USER_PASSKEY_REPLY:
2464 hci_cc_user_passkey_reply(hdev, skb);
2465 break;
2466
2467 case HCI_OP_USER_PASSKEY_NEG_REPLY:
2468 hci_cc_user_passkey_neg_reply(hdev, skb);
16cde993 2469 break;
07f7fa5d 2470
7a4cd51d
MH		 2471 case HCI_OP_LE_SET_RANDOM_ADDR:
2472 hci_cc_le_set_random_addr(hdev, skb);
2473 break;
2474
c1d5dc4a
JH		 2475 case HCI_OP_LE_SET_ADV_ENABLE:
2476 hci_cc_le_set_adv_enable(hdev, skb);
2477 break;
2478
eb9d91f5
AG		 2479 case HCI_OP_LE_SET_SCAN_ENABLE:
2480 hci_cc_le_set_scan_enable(hdev, skb);
2481 break;
2482
cf1d081f
JH		 2483 case HCI_OP_LE_READ_WHITE_LIST_SIZE:
2484 hci_cc_le_read_white_list_size(hdev, skb);
2485 break;
2486
0f36b589
MH		 2487 case HCI_OP_LE_CLEAR_WHITE_LIST:
2488 hci_cc_le_clear_white_list(hdev, skb);
2489 break;
2490
2491 case HCI_OP_LE_ADD_TO_WHITE_LIST:
2492 hci_cc_le_add_to_white_list(hdev, skb);
2493 break;
2494
2495 case HCI_OP_LE_DEL_FROM_WHITE_LIST:
2496 hci_cc_le_del_from_white_list(hdev, skb);
2497 break;
2498
9b008c04
JH		 2499 case HCI_OP_LE_READ_SUPPORTED_STATES:
2500 hci_cc_le_read_supported_states(hdev, skb);
2501 break;
2502
f9b49306
AG		 2503 case HCI_OP_WRITE_LE_HOST_SUPPORTED:
2504 hci_cc_write_le_host_supported(hdev, skb);
2505 break;
2506
56ed2cb8
JH		 2507 case HCI_OP_LE_SET_ADV_PARAM:
2508 hci_cc_set_adv_param(hdev, skb);
2509 break;
2510
93c284ee
AE		 2511 case HCI_OP_WRITE_REMOTE_AMP_ASSOC:
2512 hci_cc_write_remote_amp_assoc(hdev, skb);
2513 break;
2514
a9de9248 2515 default:
9f1db00c 2516 BT_DBG("%s opcode 0x%4.4x", hdev->name, opcode);
a9de9248
MH		 2517 break;
2518 }
2519
ad82cdd1 2520 if (opcode != HCI_OP_NOP)
6bd32326
VT		 2521 del_timer(&hdev->cmd_timer);
2522
ad82cdd1 2523 hci_req_cmd_complete(hdev, opcode, status);
9238f36a 2524
dbccd791 2525 if (ev->ncmd && !test_bit(HCI_RESET, &hdev->flags)) {
a9de9248
MH		 2526 atomic_set(&hdev->cmd_cnt, 1);
2527 if (!skb_queue_empty(&hdev->cmd_q))
c347b765 2528 queue_work(hdev->workqueue, &hdev->cmd_work);
a9de9248
MH		 2529 }
2530}
2531
6039aa73 2532static void hci_cmd_status_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248
MH		 2533{
2534 struct hci_ev_cmd_status *ev = (void *) skb->data;
2535 __u16 opcode;
2536
2537 skb_pull(skb, sizeof(*ev));
2538
2539 opcode = __le16_to_cpu(ev->opcode);
2540
2541 switch (opcode) {
2542 case HCI_OP_INQUIRY:
2543 hci_cs_inquiry(hdev, ev->status);
2544 break;
2545
2546 case HCI_OP_CREATE_CONN:
2547 hci_cs_create_conn(hdev, ev->status);
2548 break;
2549
2550 case HCI_OP_ADD_SCO:
2551 hci_cs_add_sco(hdev, ev->status);
2552 break;
2553
f8558555
MH		 2554 case HCI_OP_AUTH_REQUESTED:
2555 hci_cs_auth_requested(hdev, ev->status);
2556 break;
2557
2558 case HCI_OP_SET_CONN_ENCRYPT:
2559 hci_cs_set_conn_encrypt(hdev, ev->status);
2560 break;
2561
a9de9248
MH		 2562 case HCI_OP_REMOTE_NAME_REQ:
2563 hci_cs_remote_name_req(hdev, ev->status);
2564 break;
2565
769be974
MH		 2566 case HCI_OP_READ_REMOTE_FEATURES:
2567 hci_cs_read_remote_features(hdev, ev->status);
2568 break;
2569
2570 case HCI_OP_READ_REMOTE_EXT_FEATURES:
2571 hci_cs_read_remote_ext_features(hdev, ev->status);
2572 break;
2573
a9de9248
MH		 2574 case HCI_OP_SETUP_SYNC_CONN:
2575 hci_cs_setup_sync_conn(hdev, ev->status);
2576 break;
2577
2578 case HCI_OP_SNIFF_MODE:
2579 hci_cs_sniff_mode(hdev, ev->status);
2580 break;
2581
2582 case HCI_OP_EXIT_SNIFF_MODE:
2583 hci_cs_exit_sniff_mode(hdev, ev->status);
2584 break;
2585
8962ee74 2586 case HCI_OP_DISCONNECT:
88c3df13 2587 hci_cs_disconnect(hdev, ev->status);
8962ee74
JH		 2588 break;
2589
a02226d6
AE		 2590 case HCI_OP_CREATE_PHY_LINK:
2591 hci_cs_create_phylink(hdev, ev->status);
2592 break;
2593
0b26ab9d
AE		 2594 case HCI_OP_ACCEPT_PHY_LINK:
2595 hci_cs_accept_phylink(hdev, ev->status);
2596 break;
2597
cb1d68f7
JH		 2598 case HCI_OP_LE_CREATE_CONN:
2599 hci_cs_le_create_conn(hdev, ev->status);
2600 break;
2601
a9de9248 2602 default:
9f1db00c 2603 BT_DBG("%s opcode 0x%4.4x", hdev->name, opcode);
a9de9248
MH		 2604 break;
2605 }
2606
ad82cdd1 2607 if (opcode != HCI_OP_NOP)
6bd32326
VT		 2608 del_timer(&hdev->cmd_timer);
2609
02350a72
JH		 2610 if (ev->status ||
2611 (hdev->sent_cmd && !bt_cb(hdev->sent_cmd)->req.event))
2612 hci_req_cmd_complete(hdev, opcode, ev->status);
9238f36a 2613
10572132 2614 if (ev->ncmd && !test_bit(HCI_RESET, &hdev->flags)) {
a9de9248
MH		 2615 atomic_set(&hdev->cmd_cnt, 1);
2616 if (!skb_queue_empty(&hdev->cmd_q))
c347b765 2617 queue_work(hdev->workqueue, &hdev->cmd_work);
a9de9248
MH		 2618 }
2619}
2620
6039aa73 2621static void hci_role_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248
MH		 2622{
2623 struct hci_ev_role_change *ev = (void *) skb->data;
2624 struct hci_conn *conn;
2625
9f1db00c 2626 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
a9de9248
MH		 2627
2628 hci_dev_lock(hdev);
2629
2630 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2631 if (conn) {
2632 if (!ev->status) {
2633 if (ev->role)
2634 conn->link_mode &= ~HCI_LM_MASTER;
2635 else
2636 conn->link_mode |= HCI_LM_MASTER;
2637 }
2638
51a8efd7 2639 clear_bit(HCI_CONN_RSWITCH_PEND, &conn->flags);
a9de9248
MH		 2640
2641 hci_role_switch_cfm(conn, ev->status, ev->role);
2642 }
2643
2644 hci_dev_unlock(hdev);
2645}
2646
6039aa73 2647static void hci_num_comp_pkts_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248
MH		 2648{
2649 struct hci_ev_num_comp_pkts *ev = (void *) skb->data;
a9de9248
MH		 2650 int i;
2651
32ac5b9b
AE		 2652 if (hdev->flow_ctl_mode != HCI_FLOW_CTL_MODE_PACKET_BASED) {
2653 BT_ERR("Wrong event for mode %d", hdev->flow_ctl_mode);
2654 return;
2655 }
2656
c5993de8 2657 if (skb->len < sizeof(*ev) || skb->len < sizeof(*ev) +
807deac2 2658 ev->num_hndl * sizeof(struct hci_comp_pkts_info)) {
a9de9248
MH		 2659 BT_DBG("%s bad parameters", hdev->name);
2660 return;
2661 }
2662
c5993de8
AE		 2663 BT_DBG("%s num_hndl %d", hdev->name, ev->num_hndl);
2664
613a1c0c
AE		 2665 for (i = 0; i < ev->num_hndl; i++) {
2666 struct hci_comp_pkts_info *info = &ev->handles[i];
a9de9248
MH		 2667 struct hci_conn *conn;
2668 __u16 handle, count;
2669
613a1c0c
AE		 2670 handle = __le16_to_cpu(info->handle);
2671 count = __le16_to_cpu(info->count);
a9de9248
MH		 2672
2673 conn = hci_conn_hash_lookup_handle(hdev, handle);
f4280918
AE		 2674 if (!conn)
2675 continue;
2676
2677 conn->sent -= count;
2678
2679 switch (conn->type) {
2680 case ACL_LINK:
2681 hdev->acl_cnt += count;
2682 if (hdev->acl_cnt > hdev->acl_pkts)
2683 hdev->acl_cnt = hdev->acl_pkts;
2684 break;
2685
2686 case LE_LINK:
2687 if (hdev->le_pkts) {
2688 hdev->le_cnt += count;
2689 if (hdev->le_cnt > hdev->le_pkts)
2690 hdev->le_cnt = hdev->le_pkts;
2691 } else {
70f23020
AE		 2692 hdev->acl_cnt += count;
2693 if (hdev->acl_cnt > hdev->acl_pkts)
a9de9248 2694 hdev->acl_cnt = hdev->acl_pkts;
a9de9248 2695 }
f4280918
AE		 2696 break;
2697
2698 case SCO_LINK:
2699 hdev->sco_cnt += count;
2700 if (hdev->sco_cnt > hdev->sco_pkts)
2701 hdev->sco_cnt = hdev->sco_pkts;
2702 break;
2703
2704 default:
2705 BT_ERR("Unknown type %d conn %p", conn->type, conn);
2706 break;
a9de9248
MH		 2707 }
2708 }
2709
3eff45ea 2710 queue_work(hdev->workqueue, &hdev->tx_work);
a9de9248
MH		 2711}
2712
76ef7cf7
AE		 2713static struct hci_conn *__hci_conn_lookup_handle(struct hci_dev *hdev,
2714 __u16 handle)
2715{
2716 struct hci_chan *chan;
2717
2718 switch (hdev->dev_type) {
2719 case HCI_BREDR:
2720 return hci_conn_hash_lookup_handle(hdev, handle);
2721 case HCI_AMP:
2722 chan = hci_chan_lookup_handle(hdev, handle);
2723 if (chan)
2724 return chan->conn;
2725 break;
2726 default:
2727 BT_ERR("%s unknown dev_type %d", hdev->name, hdev->dev_type);
2728 break;
2729 }
2730
2731 return NULL;
2732}
2733
6039aa73 2734static void hci_num_comp_blocks_evt(struct hci_dev *hdev, struct sk_buff *skb)
25e89e99
AE		 2735{
2736 struct hci_ev_num_comp_blocks *ev = (void *) skb->data;
2737 int i;
2738
2739 if (hdev->flow_ctl_mode != HCI_FLOW_CTL_MODE_BLOCK_BASED) {
2740 BT_ERR("Wrong event for mode %d", hdev->flow_ctl_mode);
2741 return;
2742 }
2743
2744 if (skb->len < sizeof(*ev) || skb->len < sizeof(*ev) +
807deac2 2745 ev->num_hndl * sizeof(struct hci_comp_blocks_info)) {
25e89e99
AE		 2746 BT_DBG("%s bad parameters", hdev->name);
2747 return;
2748 }
2749
2750 BT_DBG("%s num_blocks %d num_hndl %d", hdev->name, ev->num_blocks,
807deac2 2751 ev->num_hndl);
25e89e99
AE		 2752
2753 for (i = 0; i < ev->num_hndl; i++) {
2754 struct hci_comp_blocks_info *info = &ev->handles[i];
76ef7cf7 2755 struct hci_conn *conn = NULL;
25e89e99
AE		 2756 __u16 handle, block_count;
2757
2758 handle = __le16_to_cpu(info->handle);
2759 block_count = __le16_to_cpu(info->blocks);
2760
76ef7cf7 2761 conn = __hci_conn_lookup_handle(hdev, handle);
25e89e99
AE		 2762 if (!conn)
2763 continue;
2764
2765 conn->sent -= block_count;
2766
2767 switch (conn->type) {
2768 case ACL_LINK:
bd1eb66b 2769 case AMP_LINK:
25e89e99
AE		 2770 hdev->block_cnt += block_count;
2771 if (hdev->block_cnt > hdev->num_blocks)
2772 hdev->block_cnt = hdev->num_blocks;
2773 break;
2774
2775 default:
2776 BT_ERR("Unknown type %d conn %p", conn->type, conn);
2777 break;
2778 }
2779 }
2780
2781 queue_work(hdev->workqueue, &hdev->tx_work);
2782}
2783
6039aa73 2784static void hci_mode_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
04837f64 2785{
a9de9248 2786 struct hci_ev_mode_change *ev = (void *) skb->data;
04837f64
MH		 2787 struct hci_conn *conn;
2788
9f1db00c 2789 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
04837f64
MH		 2790
2791 hci_dev_lock(hdev);
2792
2793 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
a9de9248
MH		 2794 if (conn) {
2795 conn->mode = ev->mode;
a9de9248 2796
8fc9ced3
GP		 2797 if (!test_and_clear_bit(HCI_CONN_MODE_CHANGE_PEND,
2798 &conn->flags)) {
a9de9248 2799 if (conn->mode == HCI_CM_ACTIVE)
58a681ef 2800 set_bit(HCI_CONN_POWER_SAVE, &conn->flags);
a9de9248 2801 else
58a681ef 2802 clear_bit(HCI_CONN_POWER_SAVE, &conn->flags);
a9de9248 2803 }
e73439d8 2804
51a8efd7 2805 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
e73439d8 2806 hci_sco_setup(conn, ev->status);
04837f64
MH		 2807 }
2808
2809 hci_dev_unlock(hdev);
2810}
2811
6039aa73 2812static void hci_pin_code_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248 2813{
052b30b0
MH		 2814 struct hci_ev_pin_code_req *ev = (void *) skb->data;
2815 struct hci_conn *conn;
2816
a9de9248 2817 BT_DBG("%s", hdev->name);
052b30b0
MH		 2818
2819 hci_dev_lock(hdev);
2820
2821 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
b6f98044
WR		 2822 if (!conn)
2823 goto unlock;
2824
2825 if (conn->state == BT_CONNECTED) {
052b30b0
MH		 2826 hci_conn_hold(conn);
2827 conn->disc_timeout = HCI_PAIRING_TIMEOUT;
76a68ba0 2828 hci_conn_drop(conn);
052b30b0
MH		 2829 }
2830
a8b2d5c2 2831 if (!test_bit(HCI_PAIRABLE, &hdev->dev_flags))
03b555e1 2832 hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
807deac2 2833 sizeof(ev->bdaddr), &ev->bdaddr);
a8b2d5c2 2834 else if (test_bit(HCI_MGMT, &hdev->dev_flags)) {
a770bb5a
WR		 2835 u8 secure;
2836
2837 if (conn->pending_sec_level == BT_SECURITY_HIGH)
2838 secure = 1;
2839 else
2840 secure = 0;
2841
744cf19e 2842 mgmt_pin_code_request(hdev, &ev->bdaddr, secure);
a770bb5a 2843 }
980e1a53 2844
b6f98044 2845unlock:
052b30b0 2846 hci_dev_unlock(hdev);
a9de9248
MH		 2847}
2848
6039aa73 2849static void hci_link_key_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248 2850{
55ed8ca1
JH		 2851 struct hci_ev_link_key_req *ev = (void *) skb->data;
2852 struct hci_cp_link_key_reply cp;
2853 struct hci_conn *conn;
2854 struct link_key *key;
2855
a9de9248 2856 BT_DBG("%s", hdev->name);
55ed8ca1 2857
034cbea0 2858 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
55ed8ca1
JH		 2859 return;
2860
2861 hci_dev_lock(hdev);
2862
2863 key = hci_find_link_key(hdev, &ev->bdaddr);
2864 if (!key) {
6ed93dc6
AE		 2865 BT_DBG("%s link key not found for %pMR", hdev->name,
2866 &ev->bdaddr);
55ed8ca1
JH		 2867 goto not_found;
2868 }
2869
6ed93dc6
AE		 2870 BT_DBG("%s found key type %u for %pMR", hdev->name, key->type,
2871 &ev->bdaddr);
55ed8ca1 2872
a8b2d5c2 2873 if (!test_bit(HCI_DEBUG_KEYS, &hdev->dev_flags) &&
807deac2 2874 key->type == HCI_LK_DEBUG_COMBINATION) {
55ed8ca1
JH		 2875 BT_DBG("%s ignoring debug key", hdev->name);
2876 goto not_found;
2877 }
2878
2879 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
60b83f57 2880 if (conn) {
66138ce8
MH		 2881 if ((key->type == HCI_LK_UNAUTH_COMBINATION_P192 ||
2882 key->type == HCI_LK_UNAUTH_COMBINATION_P256) &&
807deac2 2883 conn->auth_type != 0xff && (conn->auth_type & 0x01)) {
60b83f57
WR		 2884 BT_DBG("%s ignoring unauthenticated key", hdev->name);
2885 goto not_found;
2886 }
55ed8ca1 2887
60b83f57 2888 if (key->type == HCI_LK_COMBINATION && key->pin_len < 16 &&
807deac2 2889 conn->pending_sec_level == BT_SECURITY_HIGH) {
8fc9ced3
GP		 2890 BT_DBG("%s ignoring key unauthenticated for high security",
2891 hdev->name);
60b83f57
WR		 2892 goto not_found;
2893 }
2894
2895 conn->key_type = key->type;
2896 conn->pin_length = key->pin_len;
55ed8ca1
JH		 2897 }
2898
2899 bacpy(&cp.bdaddr, &ev->bdaddr);
9b3b4460 2900 memcpy(cp.link_key, key->val, HCI_LINK_KEY_SIZE);
55ed8ca1
JH		 2901
2902 hci_send_cmd(hdev, HCI_OP_LINK_KEY_REPLY, sizeof(cp), &cp);
2903
2904 hci_dev_unlock(hdev);
2905
2906 return;
2907
2908not_found:
2909 hci_send_cmd(hdev, HCI_OP_LINK_KEY_NEG_REPLY, 6, &ev->bdaddr);
2910 hci_dev_unlock(hdev);
a9de9248
MH		 2911}
2912
6039aa73 2913static void hci_link_key_notify_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248 2914{
052b30b0
MH		 2915 struct hci_ev_link_key_notify *ev = (void *) skb->data;
2916 struct hci_conn *conn;
55ed8ca1 2917 u8 pin_len = 0;
052b30b0 2918
a9de9248 2919 BT_DBG("%s", hdev->name);
052b30b0
MH		 2920
2921 hci_dev_lock(hdev);
2922
2923 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2924 if (conn) {
2925 hci_conn_hold(conn);
2926 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
980e1a53 2927 pin_len = conn->pin_length;
13d39315
WR		 2928
2929 if (ev->key_type != HCI_LK_CHANGED_COMBINATION)
2930 conn->key_type = ev->key_type;
2931
76a68ba0 2932 hci_conn_drop(conn);
052b30b0
MH		 2933 }
2934
034cbea0 2935 if (test_bit(HCI_MGMT, &hdev->dev_flags))
d25e28ab 2936 hci_add_link_key(hdev, conn, 1, &ev->bdaddr, ev->link_key,
807deac2 2937 ev->key_type, pin_len);
55ed8ca1 2938
052b30b0 2939 hci_dev_unlock(hdev);
a9de9248
MH		 2940}
2941
6039aa73 2942static void hci_clock_offset_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 2943{
a9de9248 2944 struct hci_ev_clock_offset *ev = (void *) skb->data;
04837f64 2945 struct hci_conn *conn;
1da177e4 2946
9f1db00c 2947 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
1da177e4
LT		 2948
2949 hci_dev_lock(hdev);
2950
04837f64 2951 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1da177e4
LT		 2952 if (conn && !ev->status) {
2953 struct inquiry_entry *ie;
2954
cc11b9c1
AE		 2955 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
2956 if (ie) {
1da177e4
LT		 2957 ie->data.clock_offset = ev->clock_offset;
2958 ie->timestamp = jiffies;
2959 }
2960 }
2961
2962 hci_dev_unlock(hdev);
2963}
2964
6039aa73 2965static void hci_pkt_type_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
a8746417
MH		 2966{
2967 struct hci_ev_pkt_type_change *ev = (void *) skb->data;
2968 struct hci_conn *conn;
2969
9f1db00c 2970 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
a8746417
MH		 2971
2972 hci_dev_lock(hdev);
2973
2974 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2975 if (conn && !ev->status)
2976 conn->pkt_type = __le16_to_cpu(ev->pkt_type);
2977
2978 hci_dev_unlock(hdev);
2979}
2980
6039aa73 2981static void hci_pscan_rep_mode_evt(struct hci_dev *hdev, struct sk_buff *skb)
85a1e930 2982{
a9de9248 2983 struct hci_ev_pscan_rep_mode *ev = (void *) skb->data;
85a1e930
MH		 2984 struct inquiry_entry *ie;
2985
2986 BT_DBG("%s", hdev->name);
2987
2988 hci_dev_lock(hdev);
2989
cc11b9c1
AE		 2990 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
2991 if (ie) {
85a1e930
MH		 2992 ie->data.pscan_rep_mode = ev->pscan_rep_mode;
2993 ie->timestamp = jiffies;
2994 }
2995
2996 hci_dev_unlock(hdev);
2997}
2998
6039aa73
GP		 2999static void hci_inquiry_result_with_rssi_evt(struct hci_dev *hdev,
3000 struct sk_buff *skb)
a9de9248
MH		 3001{
3002 struct inquiry_data data;
3003 int num_rsp = *((__u8 *) skb->data);
388fc8fa 3004 bool name_known, ssp;
a9de9248
MH		 3005
3006 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
3007
3008 if (!num_rsp)
3009 return;
3010
1519cc17
AG		 3011 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags))
3012 return;
3013
a9de9248
MH		 3014 hci_dev_lock(hdev);
3015
3016 if ((skb->len - 1) / num_rsp != sizeof(struct inquiry_info_with_rssi)) {
138d22ef
SJ		 3017 struct inquiry_info_with_rssi_and_pscan_mode *info;
3018 info = (void *) (skb->data + 1);
a9de9248 3019
e17acd40 3020 for (; num_rsp; num_rsp--, info++) {
a9de9248
MH		 3021 bacpy(&data.bdaddr, &info->bdaddr);
3022 data.pscan_rep_mode = info->pscan_rep_mode;
3023 data.pscan_period_mode = info->pscan_period_mode;
3024 data.pscan_mode = info->pscan_mode;
3025 memcpy(data.dev_class, info->dev_class, 3);
3026 data.clock_offset = info->clock_offset;
3027 data.rssi = info->rssi;
41a96212 3028 data.ssp_mode = 0x00;
3175405b
JH		 3029
3030 name_known = hci_inquiry_cache_update(hdev, &data,
04124681 3031 false, &ssp);
48264f06 3032 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
04124681
GP		 3033 info->dev_class, info->rssi,
3034 !name_known, ssp, NULL, 0);
a9de9248
MH		 3035 }
3036 } else {
3037 struct inquiry_info_with_rssi *info = (void *) (skb->data + 1);
3038
e17acd40 3039 for (; num_rsp; num_rsp--, info++) {
a9de9248
MH		 3040 bacpy(&data.bdaddr, &info->bdaddr);
3041 data.pscan_rep_mode = info->pscan_rep_mode;
3042 data.pscan_period_mode = info->pscan_period_mode;
3043 data.pscan_mode = 0x00;
3044 memcpy(data.dev_class, info->dev_class, 3);
3045 data.clock_offset = info->clock_offset;
3046 data.rssi = info->rssi;
41a96212 3047 data.ssp_mode = 0x00;
3175405b 3048 name_known = hci_inquiry_cache_update(hdev, &data,
04124681 3049 false, &ssp);
48264f06 3050 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
04124681
GP		 3051 info->dev_class, info->rssi,
3052 !name_known, ssp, NULL, 0);
a9de9248
MH		 3053 }
3054 }
3055
3056 hci_dev_unlock(hdev);
3057}
3058
6039aa73
GP		 3059static void hci_remote_ext_features_evt(struct hci_dev *hdev,
3060 struct sk_buff *skb)
a9de9248 3061{
41a96212
MH		 3062 struct hci_ev_remote_ext_features *ev = (void *) skb->data;
3063 struct hci_conn *conn;
3064
a9de9248 3065 BT_DBG("%s", hdev->name);
41a96212 3066
41a96212
MH		 3067 hci_dev_lock(hdev);
3068
3069 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
ccd556fe
JH		 3070 if (!conn)
3071 goto unlock;
41a96212 3072
cad718ed
JH		 3073 if (ev->page < HCI_MAX_PAGES)
3074 memcpy(conn->features[ev->page], ev->features, 8);
3075
ccd556fe
JH		 3076 if (!ev->status && ev->page == 0x01) {
3077 struct inquiry_entry *ie;
41a96212 3078
cc11b9c1
AE		 3079 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
3080 if (ie)
02b7cc62 3081 ie->data.ssp_mode = (ev->features[0] & LMP_HOST_SSP);
769be974 3082
bbb0eada 3083 if (ev->features[0] & LMP_HOST_SSP) {
58a681ef 3084 set_bit(HCI_CONN_SSP_ENABLED, &conn->flags);
bbb0eada
JK		 3085 } else {
3086 /* It is mandatory by the Bluetooth specification that
3087 * Extended Inquiry Results are only used when Secure
3088 * Simple Pairing is enabled, but some devices violate
3089 * this.
3090 *
3091 * To make these devices work, the internal SSP
3092 * enabled flag needs to be cleared if the remote host
3093 * features do not indicate SSP support */
3094 clear_bit(HCI_CONN_SSP_ENABLED, &conn->flags);
3095 }
eb9a8f3f
MH		 3096
3097 if (ev->features[0] & LMP_HOST_SC)
3098 set_bit(HCI_CONN_SC_ENABLED, &conn->flags);
ccd556fe
JH		 3099 }
3100
3101 if (conn->state != BT_CONFIG)
3102 goto unlock;
3103
671267bf 3104 if (!ev->status && !test_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags)) {
127178d2
JH		 3105 struct hci_cp_remote_name_req cp;
3106 memset(&cp, 0, sizeof(cp));
3107 bacpy(&cp.bdaddr, &conn->dst);
3108 cp.pscan_rep_mode = 0x02;
3109 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
b644ba33
JH		 3110 } else if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
3111 mgmt_device_connected(hdev, &conn->dst, conn->type,
04124681
GP		 3112 conn->dst_type, 0, NULL, 0,
3113 conn->dev_class);
392599b9 3114
127178d2 3115 if (!hci_outgoing_auth_needed(hdev, conn)) {
ccd556fe
JH		 3116 conn->state = BT_CONNECTED;
3117 hci_proto_connect_cfm(conn, ev->status);
76a68ba0 3118 hci_conn_drop(conn);
41a96212
MH		 3119 }
3120
ccd556fe 3121unlock:
41a96212 3122 hci_dev_unlock(hdev);
a9de9248
MH		 3123}
3124
6039aa73
GP		 3125static void hci_sync_conn_complete_evt(struct hci_dev *hdev,
3126 struct sk_buff *skb)
a9de9248 3127{
b6a0dc82
MH		 3128 struct hci_ev_sync_conn_complete *ev = (void *) skb->data;
3129 struct hci_conn *conn;
3130
9f1db00c 3131 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
b6a0dc82
MH		 3132
3133 hci_dev_lock(hdev);
3134
3135 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
9dc0a3af
MH		 3136 if (!conn) {
3137 if (ev->link_type == ESCO_LINK)
3138 goto unlock;
3139
3140 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
3141 if (!conn)
3142 goto unlock;
3143
3144 conn->type = SCO_LINK;
3145 }
b6a0dc82 3146
732547f9
MH		 3147 switch (ev->status) {
3148 case 0x00:
b6a0dc82
MH		 3149 conn->handle = __le16_to_cpu(ev->handle);
3150 conn->state = BT_CONNECTED;
7d0db0a3
MH		 3151
3152 hci_conn_add_sysfs(conn);
732547f9
MH		 3153 break;
3154
1a4c958c 3155 case 0x0d: /* Connection Rejected due to Limited Resources */
705e5711 3156 case 0x11: /* Unsupported Feature or Parameter Value */
732547f9 3157 case 0x1c: /* SCO interval rejected */
1038a00b 3158 case 0x1a: /* Unsupported Remote Feature */
732547f9 3159 case 0x1f: /* Unspecified error */
2dea632f 3160 if (conn->out) {
732547f9
MH		 3161 conn->pkt_type = (hdev->esco_type & SCO_ESCO_MASK) |
3162 (hdev->esco_type & EDR_ESCO_MASK);
2dea632f
FD		 3163 if (hci_setup_sync(conn, conn->link->handle))
3164 goto unlock;
732547f9
MH		 3165 }
3166 /* fall through */
3167
3168 default:
b6a0dc82 3169 conn->state = BT_CLOSED;
732547f9
MH		 3170 break;
3171 }
b6a0dc82
MH		 3172
3173 hci_proto_connect_cfm(conn, ev->status);
3174 if (ev->status)
3175 hci_conn_del(conn);
3176
3177unlock:
3178 hci_dev_unlock(hdev);
a9de9248
MH		 3179}
3180
efdcf8e3
MH		 3181static inline size_t eir_get_length(u8 *eir, size_t eir_len)
3182{
3183 size_t parsed = 0;
3184
3185 while (parsed < eir_len) {
3186 u8 field_len = eir[0];
3187
3188 if (field_len == 0)
3189 return parsed;
3190
3191 parsed += field_len + 1;
3192 eir += field_len + 1;
3193 }
3194
3195 return eir_len;
3196}
3197
6039aa73
GP		 3198static void hci_extended_inquiry_result_evt(struct hci_dev *hdev,
3199 struct sk_buff *skb)
1da177e4 3200{
a9de9248
MH		 3201 struct inquiry_data data;
3202 struct extended_inquiry_info *info = (void *) (skb->data + 1);
3203 int num_rsp = *((__u8 *) skb->data);
9d939d94 3204 size_t eir_len;
1da177e4 3205
a9de9248 3206 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
1da177e4 3207
a9de9248
MH		 3208 if (!num_rsp)
3209 return;
1da177e4 3210
1519cc17
AG		 3211 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags))
3212 return;
3213
a9de9248
MH		 3214 hci_dev_lock(hdev);
3215
e17acd40 3216 for (; num_rsp; num_rsp--, info++) {
388fc8fa 3217 bool name_known, ssp;
561aafbc 3218
a9de9248 3219 bacpy(&data.bdaddr, &info->bdaddr);
138d22ef
SJ		 3220 data.pscan_rep_mode = info->pscan_rep_mode;
3221 data.pscan_period_mode = info->pscan_period_mode;
3222 data.pscan_mode = 0x00;
a9de9248 3223 memcpy(data.dev_class, info->dev_class, 3);
138d22ef
SJ		 3224 data.clock_offset = info->clock_offset;
3225 data.rssi = info->rssi;
41a96212 3226 data.ssp_mode = 0x01;
561aafbc 3227
a8b2d5c2 3228 if (test_bit(HCI_MGMT, &hdev->dev_flags))
4ddb1930 3229 name_known = eir_has_data_type(info->data,
04124681
GP		 3230 sizeof(info->data),
3231 EIR_NAME_COMPLETE);
561aafbc
JH		 3232 else
3233 name_known = true;
3234
388fc8fa 3235 name_known = hci_inquiry_cache_update(hdev, &data, name_known,
04124681 3236 &ssp);
9d939d94 3237 eir_len = eir_get_length(info->data, sizeof(info->data));
48264f06 3238 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
04124681 3239 info->dev_class, info->rssi, !name_known,
9d939d94 3240 ssp, info->data, eir_len);
a9de9248
MH		 3241 }
3242
3243 hci_dev_unlock(hdev);
3244}
1da177e4 3245
1c2e0041
JH		 3246static void hci_key_refresh_complete_evt(struct hci_dev *hdev,
3247 struct sk_buff *skb)
3248{
3249 struct hci_ev_key_refresh_complete *ev = (void *) skb->data;
3250 struct hci_conn *conn;
3251
9f1db00c 3252 BT_DBG("%s status 0x%2.2x handle 0x%4.4x", hdev->name, ev->status,
1c2e0041
JH		 3253 __le16_to_cpu(ev->handle));
3254
3255 hci_dev_lock(hdev);
3256
3257 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
3258 if (!conn)
3259 goto unlock;
3260
3261 if (!ev->status)
3262 conn->sec_level = conn->pending_sec_level;
3263
3264 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
3265
3266 if (ev->status && conn->state == BT_CONNECTED) {
bed71748 3267 hci_disconnect(conn, HCI_ERROR_AUTH_FAILURE);
76a68ba0 3268 hci_conn_drop(conn);
1c2e0041
JH		 3269 goto unlock;
3270 }
3271
3272 if (conn->state == BT_CONFIG) {
3273 if (!ev->status)
3274 conn->state = BT_CONNECTED;
3275
3276 hci_proto_connect_cfm(conn, ev->status);
76a68ba0 3277 hci_conn_drop(conn);
1c2e0041
JH		 3278 } else {
3279 hci_auth_cfm(conn, ev->status);
3280
3281 hci_conn_hold(conn);
3282 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
76a68ba0 3283 hci_conn_drop(conn);
1c2e0041
JH		 3284 }
3285
3286unlock:
3287 hci_dev_unlock(hdev);
3288}
3289
6039aa73 3290static u8 hci_get_auth_req(struct hci_conn *conn)
17fa4b9d
JH		 3291{
3292 /* If remote requests dedicated bonding follow that lead */
acabae96
MA		 3293 if (conn->remote_auth == HCI_AT_DEDICATED_BONDING ||
3294 conn->remote_auth == HCI_AT_DEDICATED_BONDING_MITM) {
17fa4b9d
JH		 3295 /* If both remote and local IO capabilities allow MITM
3296 * protection then require it, otherwise don't */
acabae96
MA		 3297 if (conn->remote_cap == HCI_IO_NO_INPUT_OUTPUT ||
3298 conn->io_capability == HCI_IO_NO_INPUT_OUTPUT)
3299 return HCI_AT_DEDICATED_BONDING;
17fa4b9d 3300 else
acabae96 3301 return HCI_AT_DEDICATED_BONDING_MITM;
17fa4b9d
JH		 3302 }
3303
3304 /* If remote requests no-bonding follow that lead */
acabae96
MA		 3305 if (conn->remote_auth == HCI_AT_NO_BONDING ||
3306 conn->remote_auth == HCI_AT_NO_BONDING_MITM)
58797bf7 3307 return conn->remote_auth | (conn->auth_type & 0x01);
17fa4b9d
JH		 3308
3309 return conn->auth_type;
3310}
3311
6039aa73 3312static void hci_io_capa_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
0493684e
MH		 3313{
3314 struct hci_ev_io_capa_request *ev = (void *) skb->data;
3315 struct hci_conn *conn;
3316
3317 BT_DBG("%s", hdev->name);
3318
3319 hci_dev_lock(hdev);
3320
3321 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
03b555e1
JH		 3322 if (!conn)
3323 goto unlock;
3324
3325 hci_conn_hold(conn);
3326
a8b2d5c2 3327 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
03b555e1
JH		 3328 goto unlock;
3329
a8b2d5c2 3330 if (test_bit(HCI_PAIRABLE, &hdev->dev_flags) ||
807deac2 3331 (conn->remote_auth & ~0x01) == HCI_AT_NO_BONDING) {
17fa4b9d
JH		 3332 struct hci_cp_io_capability_reply cp;
3333
3334 bacpy(&cp.bdaddr, &ev->bdaddr);
7a7f1e7c
HG		 3335 /* Change the IO capability from KeyboardDisplay
3336 * to DisplayYesNo as it is not supported by BT spec. */
3337 cp.capability = (conn->io_capability == 0x04) ?
a767631a 3338 HCI_IO_DISPLAY_YESNO : conn->io_capability;
7cbc9bd9
JH		 3339 conn->auth_type = hci_get_auth_req(conn);
3340 cp.authentication = conn->auth_type;
17fa4b9d 3341
8fc9ced3
GP		 3342 if (hci_find_remote_oob_data(hdev, &conn->dst) &&
3343 (conn->out || test_bit(HCI_CONN_REMOTE_OOB, &conn->flags)))
ce85ee13
SJ		 3344 cp.oob_data = 0x01;
3345 else
3346 cp.oob_data = 0x00;
3347
17fa4b9d 3348 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_REPLY,
807deac2 3349 sizeof(cp), &cp);
03b555e1
JH		 3350 } else {
3351 struct hci_cp_io_capability_neg_reply cp;
3352
3353 bacpy(&cp.bdaddr, &ev->bdaddr);
9f5a0d7b 3354 cp.reason = HCI_ERROR_PAIRING_NOT_ALLOWED;
0493684e 3355
03b555e1 3356 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_NEG_REPLY,
807deac2 3357 sizeof(cp), &cp);
03b555e1
JH		 3358 }
3359
3360unlock:
3361 hci_dev_unlock(hdev);
3362}
3363
6039aa73 3364static void hci_io_capa_reply_evt(struct hci_dev *hdev, struct sk_buff *skb)
03b555e1
JH		 3365{
3366 struct hci_ev_io_capa_reply *ev = (void *) skb->data;
3367 struct hci_conn *conn;
3368
3369 BT_DBG("%s", hdev->name);
3370
3371 hci_dev_lock(hdev);
3372
3373 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3374 if (!conn)
3375 goto unlock;
3376
03b555e1 3377 conn->remote_cap = ev->capability;
03b555e1 3378 conn->remote_auth = ev->authentication;
58a681ef
JH		 3379 if (ev->oob_data)
3380 set_bit(HCI_CONN_REMOTE_OOB, &conn->flags);
03b555e1
JH		 3381
3382unlock:
0493684e
MH		 3383 hci_dev_unlock(hdev);
3384}
3385
6039aa73
GP		 3386static void hci_user_confirm_request_evt(struct hci_dev *hdev,
3387 struct sk_buff *skb)
a5c29683
JH		 3388{
3389 struct hci_ev_user_confirm_req *ev = (void *) skb->data;
55bc1a37 3390 int loc_mitm, rem_mitm, confirm_hint = 0;
7a828908 3391 struct hci_conn *conn;
a5c29683
JH		 3392
3393 BT_DBG("%s", hdev->name);
3394
3395 hci_dev_lock(hdev);
3396
a8b2d5c2 3397 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
7a828908 3398 goto unlock;
a5c29683 3399
7a828908
JH		 3400 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3401 if (!conn)
3402 goto unlock;
3403
3404 loc_mitm = (conn->auth_type & 0x01);
3405 rem_mitm = (conn->remote_auth & 0x01);
3406
3407 /* If we require MITM but the remote device can't provide that
3408 * (it has NoInputNoOutput) then reject the confirmation
3409 * request. The only exception is when we're dedicated bonding
3410 * initiators (connect_cfm_cb set) since then we always have the MITM
3411 * bit set. */
a767631a
MA		 3412 if (!conn->connect_cfm_cb && loc_mitm &&
3413 conn->remote_cap == HCI_IO_NO_INPUT_OUTPUT) {
7a828908
JH		 3414 BT_DBG("Rejecting request: remote device can't provide MITM");
3415 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_NEG_REPLY,
807deac2 3416 sizeof(ev->bdaddr), &ev->bdaddr);
7a828908
JH		 3417 goto unlock;
3418 }
3419
3420 /* If no side requires MITM protection; auto-accept */
a767631a
MA		 3421 if ((!loc_mitm || conn->remote_cap == HCI_IO_NO_INPUT_OUTPUT) &&
3422 (!rem_mitm || conn->io_capability == HCI_IO_NO_INPUT_OUTPUT)) {
55bc1a37
JH		 3423
3424 /* If we're not the initiators request authorization to
3425 * proceed from user space (mgmt_user_confirm with
3426 * confirm_hint set to 1). */
51a8efd7 3427 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
55bc1a37
JH		 3428 BT_DBG("Confirming auto-accept as acceptor");
3429 confirm_hint = 1;
3430 goto confirm;
3431 }
3432
9f61656a 3433 BT_DBG("Auto-accept of user confirmation with %ums delay",
807deac2 3434 hdev->auto_accept_delay);
9f61656a
JH		 3435
3436 if (hdev->auto_accept_delay > 0) {
3437 int delay = msecs_to_jiffies(hdev->auto_accept_delay);
7bc18d9d
JH		 3438 queue_delayed_work(conn->hdev->workqueue,
3439 &conn->auto_accept_work, delay);
9f61656a
JH		 3440 goto unlock;
3441 }
3442
7a828908 3443 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_REPLY,
807deac2 3444 sizeof(ev->bdaddr), &ev->bdaddr);
7a828908
JH		 3445 goto unlock;
3446 }
3447
55bc1a37 3448confirm:
272d90df 3449 mgmt_user_confirm_request(hdev, &ev->bdaddr, ACL_LINK, 0, ev->passkey,
04124681 3450 confirm_hint);
7a828908
JH		 3451
3452unlock:
a5c29683
JH		 3453 hci_dev_unlock(hdev);
3454}
3455
6039aa73
GP		 3456static void hci_user_passkey_request_evt(struct hci_dev *hdev,
3457 struct sk_buff *skb)
1143d458
BG		 3458{
3459 struct hci_ev_user_passkey_req *ev = (void *) skb->data;
3460
3461 BT_DBG("%s", hdev->name);
3462
a8b2d5c2 3463 if (test_bit(HCI_MGMT, &hdev->dev_flags))
272d90df 3464 mgmt_user_passkey_request(hdev, &ev->bdaddr, ACL_LINK, 0);
1143d458
BG		 3465}
3466
92a25256
JH		 3467static void hci_user_passkey_notify_evt(struct hci_dev *hdev,
3468 struct sk_buff *skb)
3469{
3470 struct hci_ev_user_passkey_notify *ev = (void *) skb->data;
3471 struct hci_conn *conn;
3472
3473 BT_DBG("%s", hdev->name);
3474
3475 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3476 if (!conn)
3477 return;
3478
3479 conn->passkey_notify = __le32_to_cpu(ev->passkey);
3480 conn->passkey_entered = 0;
3481
3482 if (test_bit(HCI_MGMT, &hdev->dev_flags))
3483 mgmt_user_passkey_notify(hdev, &conn->dst, conn->type,
3484 conn->dst_type, conn->passkey_notify,
3485 conn->passkey_entered);
3486}
3487
3488static void hci_keypress_notify_evt(struct hci_dev *hdev, struct sk_buff *skb)
3489{
3490 struct hci_ev_keypress_notify *ev = (void *) skb->data;
3491 struct hci_conn *conn;
3492
3493 BT_DBG("%s", hdev->name);
3494
3495 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3496 if (!conn)
3497 return;
3498
3499 switch (ev->type) {
3500 case HCI_KEYPRESS_STARTED:
3501 conn->passkey_entered = 0;
3502 return;
3503
3504 case HCI_KEYPRESS_ENTERED:
3505 conn->passkey_entered++;
3506 break;
3507
3508 case HCI_KEYPRESS_ERASED:
3509 conn->passkey_entered--;
3510 break;
3511
3512 case HCI_KEYPRESS_CLEARED:
3513 conn->passkey_entered = 0;
3514 break;
3515
3516 case HCI_KEYPRESS_COMPLETED:
3517 return;
3518 }
3519
3520 if (test_bit(HCI_MGMT, &hdev->dev_flags))
3521 mgmt_user_passkey_notify(hdev, &conn->dst, conn->type,
3522 conn->dst_type, conn->passkey_notify,
3523 conn->passkey_entered);
3524}
3525
6039aa73
GP		 3526static void hci_simple_pair_complete_evt(struct hci_dev *hdev,
3527 struct sk_buff *skb)
0493684e
MH		 3528{
3529 struct hci_ev_simple_pair_complete *ev = (void *) skb->data;
3530 struct hci_conn *conn;
3531
3532 BT_DBG("%s", hdev->name);
3533
3534 hci_dev_lock(hdev);
3535
3536 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2a611692
JH		 3537 if (!conn)
3538 goto unlock;
3539
3540 /* To avoid duplicate auth_failed events to user space we check
3541 * the HCI_CONN_AUTH_PEND flag which will be set if we
3542 * initiated the authentication. A traditional auth_complete
3543 * event gets always produced as initiator and is also mapped to
3544 * the mgmt_auth_failed event */
fa1bd918 3545 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->flags) && ev->status)
bab73cb6 3546 mgmt_auth_failed(hdev, &conn->dst, conn->type, conn->dst_type,
04124681 3547 ev->status);
0493684e 3548
76a68ba0 3549 hci_conn_drop(conn);
2a611692
JH		 3550
3551unlock:
0493684e
MH		 3552 hci_dev_unlock(hdev);
3553}
3554
6039aa73
GP		 3555static void hci_remote_host_features_evt(struct hci_dev *hdev,
3556 struct sk_buff *skb)
41a96212
MH		 3557{
3558 struct hci_ev_remote_host_features *ev = (void *) skb->data;
3559 struct inquiry_entry *ie;
cad718ed 3560 struct hci_conn *conn;
41a96212
MH		 3561
3562 BT_DBG("%s", hdev->name);
3563
3564 hci_dev_lock(hdev);
3565
cad718ed
JH		 3566 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3567 if (conn)
3568 memcpy(conn->features[1], ev->features, 8);
3569
cc11b9c1
AE		 3570 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
3571 if (ie)
02b7cc62 3572 ie->data.ssp_mode = (ev->features[0] & LMP_HOST_SSP);
41a96212
MH		 3573
3574 hci_dev_unlock(hdev);
3575}
3576
6039aa73
GP		 3577static void hci_remote_oob_data_request_evt(struct hci_dev *hdev,
3578 struct sk_buff *skb)
2763eda6
SJ		 3579{
3580 struct hci_ev_remote_oob_data_request *ev = (void *) skb->data;
3581 struct oob_data *data;
3582
3583 BT_DBG("%s", hdev->name);
3584
3585 hci_dev_lock(hdev);
3586
a8b2d5c2 3587 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
e1ba1f15
SJ		 3588 goto unlock;
3589
2763eda6
SJ		 3590 data = hci_find_remote_oob_data(hdev, &ev->bdaddr);
3591 if (data) {
519ca9d0
MH		 3592 if (test_bit(HCI_SC_ENABLED, &hdev->dev_flags)) {
3593 struct hci_cp_remote_oob_ext_data_reply cp;
2763eda6 3594
519ca9d0
MH		 3595 bacpy(&cp.bdaddr, &ev->bdaddr);
3596 memcpy(cp.hash192, data->hash192, sizeof(cp.hash192));
3597 memcpy(cp.randomizer192, data->randomizer192,
3598 sizeof(cp.randomizer192));
3599 memcpy(cp.hash256, data->hash256, sizeof(cp.hash256));
3600 memcpy(cp.randomizer256, data->randomizer256,
3601 sizeof(cp.randomizer256));
3602
3603 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_EXT_DATA_REPLY,
3604 sizeof(cp), &cp);
3605 } else {
3606 struct hci_cp_remote_oob_data_reply cp;
2763eda6 3607
519ca9d0
MH		 3608 bacpy(&cp.bdaddr, &ev->bdaddr);
3609 memcpy(cp.hash, data->hash192, sizeof(cp.hash));
3610 memcpy(cp.randomizer, data->randomizer192,
3611 sizeof(cp.randomizer));
3612
3613 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_REPLY,
3614 sizeof(cp), &cp);
3615 }
2763eda6
SJ		 3616 } else {
3617 struct hci_cp_remote_oob_data_neg_reply cp;
3618
3619 bacpy(&cp.bdaddr, &ev->bdaddr);
519ca9d0
MH		 3620 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_NEG_REPLY,
3621 sizeof(cp), &cp);
2763eda6
SJ		 3622 }
3623
e1ba1f15 3624unlock:
2763eda6
SJ		 3625 hci_dev_unlock(hdev);
3626}
3627
d5e91192
AE		 3628static void hci_phy_link_complete_evt(struct hci_dev *hdev,
3629 struct sk_buff *skb)
3630{
3631 struct hci_ev_phy_link_complete *ev = (void *) skb->data;
3632 struct hci_conn *hcon, *bredr_hcon;
3633
3634 BT_DBG("%s handle 0x%2.2x status 0x%2.2x", hdev->name, ev->phy_handle,
3635 ev->status);
3636
3637 hci_dev_lock(hdev);
3638
3639 hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
3640 if (!hcon) {
3641 hci_dev_unlock(hdev);
3642 return;
3643 }
3644
3645 if (ev->status) {
3646 hci_conn_del(hcon);
3647 hci_dev_unlock(hdev);
3648 return;
3649 }
3650
3651 bredr_hcon = hcon->amp_mgr->l2cap_conn->hcon;
3652
3653 hcon->state = BT_CONNECTED;
3654 bacpy(&hcon->dst, &bredr_hcon->dst);
3655
3656 hci_conn_hold(hcon);
3657 hcon->disc_timeout = HCI_DISCONN_TIMEOUT;
76a68ba0 3658 hci_conn_drop(hcon);
d5e91192 3659
d5e91192
AE		 3660 hci_conn_add_sysfs(hcon);
3661
cf70ff22 3662 amp_physical_cfm(bredr_hcon, hcon);
d5e91192 3663
cf70ff22 3664 hci_dev_unlock(hdev);
d5e91192
AE		 3665}
3666
27695fb4
AE		 3667static void hci_loglink_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
3668{
3669 struct hci_ev_logical_link_complete *ev = (void *) skb->data;
3670 struct hci_conn *hcon;
3671 struct hci_chan *hchan;
3672 struct amp_mgr *mgr;
3673
3674 BT_DBG("%s log_handle 0x%4.4x phy_handle 0x%2.2x status 0x%2.2x",
3675 hdev->name, le16_to_cpu(ev->handle), ev->phy_handle,
3676 ev->status);
3677
3678 hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
3679 if (!hcon)
3680 return;
3681
3682 /* Create AMP hchan */
3683 hchan = hci_chan_create(hcon);
3684 if (!hchan)
3685 return;
3686
3687 hchan->handle = le16_to_cpu(ev->handle);
3688
3689 BT_DBG("hcon %p mgr %p hchan %p", hcon, hcon->amp_mgr, hchan);
3690
3691 mgr = hcon->amp_mgr;
3692 if (mgr && mgr->bredr_chan) {
3693 struct l2cap_chan *bredr_chan = mgr->bredr_chan;
3694
3695 l2cap_chan_lock(bredr_chan);
3696
3697 bredr_chan->conn->mtu = hdev->block_mtu;
3698 l2cap_logical_cfm(bredr_chan, hchan, 0);
3699 hci_conn_hold(hcon);
3700
3701 l2cap_chan_unlock(bredr_chan);
3702 }
3703}
3704
606e2a10
AE		 3705static void hci_disconn_loglink_complete_evt(struct hci_dev *hdev,
3706 struct sk_buff *skb)
3707{
3708 struct hci_ev_disconn_logical_link_complete *ev = (void *) skb->data;
3709 struct hci_chan *hchan;
3710
3711 BT_DBG("%s log handle 0x%4.4x status 0x%2.2x", hdev->name,
3712 le16_to_cpu(ev->handle), ev->status);
3713
3714 if (ev->status)
3715 return;
3716
3717 hci_dev_lock(hdev);
3718
3719 hchan = hci_chan_lookup_handle(hdev, le16_to_cpu(ev->handle));
3720 if (!hchan)
3721 goto unlock;
3722
3723 amp_destroy_logical_link(hchan, ev->reason);
3724
3725unlock:
3726 hci_dev_unlock(hdev);
3727}
3728
9eef6b3a
AE		 3729static void hci_disconn_phylink_complete_evt(struct hci_dev *hdev,
3730 struct sk_buff *skb)
3731{
3732 struct hci_ev_disconn_phy_link_complete *ev = (void *) skb->data;
3733 struct hci_conn *hcon;
3734
3735 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
3736
3737 if (ev->status)
3738 return;
3739
3740 hci_dev_lock(hdev);
3741
3742 hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
3743 if (hcon) {
3744 hcon->state = BT_CLOSED;
3745 hci_conn_del(hcon);
3746 }
3747
3748 hci_dev_unlock(hdev);
3749}
3750
6039aa73 3751static void hci_le_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
fcd89c09
VT		 3752{
3753 struct hci_ev_le_conn_complete *ev = (void *) skb->data;
3754 struct hci_conn *conn;
68d6f6de 3755 struct smp_irk *irk;
fcd89c09 3756
9f1db00c 3757 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
fcd89c09
VT		 3758
3759 hci_dev_lock(hdev);
3760
b47a09b3 3761 conn = hci_conn_hash_lookup_state(hdev, LE_LINK, BT_CONNECT);
b62f328b
VT		 3762 if (!conn) {
3763 conn = hci_conn_add(hdev, LE_LINK, &ev->bdaddr);
3764 if (!conn) {
3765 BT_ERR("No memory for new connection");
230fd16a 3766 goto unlock;
b62f328b 3767 }
29b7988a
AG		 3768
3769 conn->dst_type = ev->bdaddr_type;
b9b343d2 3770
880be4e8
MH		 3771 /* The advertising parameters for own address type
3772 * define which source address and source address
3773 * type this connections has.
3774 */
3775 if (bacmp(&conn->src, BDADDR_ANY)) {
3776 conn->src_type = ADDR_LE_DEV_PUBLIC;
3777 } else {
3778 bacpy(&conn->src, &hdev->static_addr);
3779 conn->src_type = ADDR_LE_DEV_RANDOM;
3780 }
3781
b9b343d2
AG		 3782 if (ev->role == LE_CONN_ROLE_MASTER) {
3783 conn->out = true;
3784 conn->link_mode |= HCI_LM_MASTER;
3785 }
cb1d68f7
JH		 3786
3787 /* If we didn't have a hci_conn object previously
3788 * but we're in master role this must be something
3789 * initiated using a white list. Since white list based
3790 * connections are not "first class citizens" we don't
3791 * have full tracking of them. Therefore, we go ahead
3792 * with a "best effort" approach of determining the
3793 * initiator address based on the HCI_PRIVACY flag.
3794 */
3795 if (conn->out) {
3796 conn->resp_addr_type = ev->bdaddr_type;
3797 bacpy(&conn->resp_addr, &ev->bdaddr);
3798 if (test_bit(HCI_PRIVACY, &hdev->dev_flags)) {
3799 conn->init_addr_type = ADDR_LE_DEV_RANDOM;
3800 bacpy(&conn->init_addr, &hdev->rpa);
3801 } else {
3802 hci_copy_identity_address(hdev,
3803 &conn->init_addr,
3804 &conn->init_addr_type);
3805 }
3806 } else {
3807 /* Set the responder (our side) address type based on
3808 * the advertising address type.
3809 */
3810 conn->resp_addr_type = hdev->adv_addr_type;
3811 if (hdev->adv_addr_type == ADDR_LE_DEV_RANDOM)
3812 bacpy(&conn->resp_addr, &hdev->random_addr);
3813 else
3814 bacpy(&conn->resp_addr, &hdev->bdaddr);
3815
3816 conn->init_addr_type = ev->bdaddr_type;
3817 bacpy(&conn->init_addr, &ev->bdaddr);
3818 }
9489eca4
JH		 3819 } else {
3820 cancel_delayed_work(&conn->le_conn_timeout);
b62f328b 3821 }
fcd89c09 3822
7be2edbb
JH		 3823 /* Ensure that the hci_conn contains the identity address type
3824 * regardless of which address the connection was made with.
7be2edbb 3825 */
a1f4c318 3826 hci_copy_identity_address(hdev, &conn->src, &conn->src_type);
7be2edbb 3827
edb4b466
MH		 3828 /* Lookup the identity address from the stored connection
3829 * address and address type.
3830 *
3831 * When establishing connections to an identity address, the
3832 * connection procedure will store the resolvable random
3833 * address first. Now if it can be converted back into the
3834 * identity address, start using the identity address from
3835 * now on.
3836 */
3837 irk = hci_get_irk(hdev, &conn->dst, conn->dst_type);
68d6f6de
JH		 3838 if (irk) {
3839 bacpy(&conn->dst, &irk->bdaddr);
3840 conn->dst_type = irk->addr_type;
3841 }
3842
cd17decb 3843 if (ev->status) {
06c053fb 3844 hci_le_conn_failed(conn, ev->status);
cd17decb
AG		 3845 goto unlock;
3846 }
3847
b644ba33 3848 if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
01fdb0fc 3849 mgmt_device_connected(hdev, &conn->dst, conn->type,
04124681 3850 conn->dst_type, 0, NULL, 0, NULL);
83bc71b4 3851
7b5c0d52 3852 conn->sec_level = BT_SECURITY_LOW;
fcd89c09
VT		 3853 conn->handle = __le16_to_cpu(ev->handle);
3854 conn->state = BT_CONNECTED;
3855
18722c24
JR		 3856 if (test_bit(HCI_6LOWPAN_ENABLED, &hdev->dev_flags))
3857 set_bit(HCI_CONN_6LOWPAN, &conn->flags);
3858
fcd89c09
VT		 3859 hci_conn_add_sysfs(conn);
3860
3861 hci_proto_connect_cfm(conn, ev->status);
3862
a4790dbd
AG		 3863 hci_pend_le_conn_del(hdev, &conn->dst, conn->dst_type);
3864
fcd89c09
VT		 3865unlock:
3866 hci_dev_unlock(hdev);
3867}
3868
a4790dbd
AG		 3869/* This function requires the caller holds hdev->lock */
3870static void check_pending_le_conn(struct hci_dev *hdev, bdaddr_t *addr,
3871 u8 addr_type)
3872{
3873 struct hci_conn *conn;
5b906a84
AG		 3874 struct smp_irk *irk;
3875
3876 /* If this is a resolvable address, we should resolve it and then
3877 * update address and address type variables.
3878 */
3879 irk = hci_get_irk(hdev, addr, addr_type);
3880 if (irk) {
3881 addr = &irk->bdaddr;
3882 addr_type = irk->addr_type;
3883 }
a4790dbd
AG		 3884
3885 if (!hci_pend_le_conn_lookup(hdev, addr, addr_type))
3886 return;
3887
3888 conn = hci_connect_le(hdev, addr, addr_type, BT_SECURITY_LOW,
3889 HCI_AT_NO_BONDING);
3890 if (!IS_ERR(conn))
3891 return;
3892
3893 switch (PTR_ERR(conn)) {
3894 case -EBUSY:
3895 /* If hci_connect() returns -EBUSY it means there is already
3896 * an LE connection attempt going on. Since controllers don't
3897 * support more than one connection attempt at the time, we
3898 * don't consider this an error case.
3899 */
3900 break;
3901 default:
3902 BT_DBG("Failed to connect: err %ld", PTR_ERR(conn));
3903 }
3904}
3905
6039aa73 3906static void hci_le_adv_report_evt(struct hci_dev *hdev, struct sk_buff *skb)
9aa04c91 3907{
e95beb41
AG		 3908 u8 num_reports = skb->data[0];
3909 void *ptr = &skb->data[1];
3c9e9195 3910 s8 rssi;
9aa04c91 3911
a4790dbd
AG		 3912 hci_dev_lock(hdev);
3913
e95beb41
AG		 3914 while (num_reports--) {
3915 struct hci_ev_le_advertising_info *ev = ptr;
9aa04c91 3916
a4790dbd
AG		 3917 if (ev->evt_type == LE_ADV_IND ||
3918 ev->evt_type == LE_ADV_DIRECT_IND)
3919 check_pending_le_conn(hdev, &ev->bdaddr,
3920 ev->bdaddr_type);
3921
3c9e9195
AG		 3922 rssi = ev->data[ev->length];
3923 mgmt_device_found(hdev, &ev->bdaddr, LE_LINK, ev->bdaddr_type,
04124681 3924 NULL, rssi, 0, 1, ev->data, ev->length);
3c9e9195 3925
e95beb41 3926 ptr += sizeof(*ev) + ev->length + 1;
9aa04c91 3927 }
a4790dbd
AG		 3928
3929 hci_dev_unlock(hdev);
9aa04c91
AG		 3930}
3931
6039aa73 3932static void hci_le_ltk_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
a7a595f6
VCG		 3933{
3934 struct hci_ev_le_ltk_req *ev = (void *) skb->data;
3935 struct hci_cp_le_ltk_reply cp;
bea710fe 3936 struct hci_cp_le_ltk_neg_reply neg;
a7a595f6 3937 struct hci_conn *conn;
c9839a11 3938 struct smp_ltk *ltk;
a7a595f6 3939
9f1db00c 3940 BT_DBG("%s handle 0x%4.4x", hdev->name, __le16_to_cpu(ev->handle));
a7a595f6
VCG		 3941
3942 hci_dev_lock(hdev);
3943
3944 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
bea710fe
VCG		 3945 if (conn == NULL)
3946 goto not_found;
a7a595f6 3947
fe39c7b2 3948 ltk = hci_find_ltk(hdev, ev->ediv, ev->rand, conn->out);
bea710fe
VCG		 3949 if (ltk == NULL)
3950 goto not_found;
3951
3952 memcpy(cp.ltk, ltk->val, sizeof(ltk->val));
a7a595f6 3953 cp.handle = cpu_to_le16(conn->handle);
c9839a11
VCG		 3954
3955 if (ltk->authenticated)
f8776218
AG		 3956 conn->pending_sec_level = BT_SECURITY_HIGH;
3957 else
3958 conn->pending_sec_level = BT_SECURITY_MEDIUM;
a7a595f6 3959
89cbb4da 3960 conn->enc_key_size = ltk->enc_size;
a7a595f6
VCG		 3961
3962 hci_send_cmd(hdev, HCI_OP_LE_LTK_REPLY, sizeof(cp), &cp);
3963
c9839a11
VCG		 3964 if (ltk->type & HCI_SMP_STK) {
3965 list_del(&ltk->list);
3966 kfree(ltk);
3967 }
3968
a7a595f6 3969 hci_dev_unlock(hdev);
bea710fe
VCG		 3970
3971 return;
3972
3973not_found:
3974 neg.handle = ev->handle;
3975 hci_send_cmd(hdev, HCI_OP_LE_LTK_NEG_REPLY, sizeof(neg), &neg);
3976 hci_dev_unlock(hdev);
a7a595f6
VCG		 3977}
3978
6039aa73 3979static void hci_le_meta_evt(struct hci_dev *hdev, struct sk_buff *skb)
fcd89c09
VT		 3980{
3981 struct hci_ev_le_meta *le_ev = (void *) skb->data;
3982
3983 skb_pull(skb, sizeof(*le_ev));
3984
3985 switch (le_ev->subevent) {
3986 case HCI_EV_LE_CONN_COMPLETE:
3987 hci_le_conn_complete_evt(hdev, skb);
3988 break;
3989
9aa04c91
AG		 3990 case HCI_EV_LE_ADVERTISING_REPORT:
3991 hci_le_adv_report_evt(hdev, skb);
3992 break;
3993
a7a595f6
VCG		 3994 case HCI_EV_LE_LTK_REQ:
3995 hci_le_ltk_request_evt(hdev, skb);
3996 break;
3997
fcd89c09
VT		 3998 default:
3999 break;
4000 }
4001}
4002
9495b2ee
AE		 4003static void hci_chan_selected_evt(struct hci_dev *hdev, struct sk_buff *skb)
4004{
4005 struct hci_ev_channel_selected *ev = (void *) skb->data;
4006 struct hci_conn *hcon;
4007
4008 BT_DBG("%s handle 0x%2.2x", hdev->name, ev->phy_handle);
4009
4010 skb_pull(skb, sizeof(*ev));
4011
4012 hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
4013 if (!hcon)
4014 return;
4015
4016 amp_read_loc_assoc_final_data(hdev, hcon);
4017}
4018
a9de9248
MH		 4019void hci_event_packet(struct hci_dev *hdev, struct sk_buff *skb)
4020{
4021 struct hci_event_hdr *hdr = (void *) skb->data;
4022 __u8 event = hdr->evt;
4023
b6ddb638
JH		 4024 hci_dev_lock(hdev);
4025
4026 /* Received events are (currently) only needed when a request is
4027 * ongoing so avoid unnecessary memory allocation.
4028 */
4029 if (hdev->req_status == HCI_REQ_PEND) {
4030 kfree_skb(hdev->recv_evt);
4031 hdev->recv_evt = skb_clone(skb, GFP_KERNEL);
4032 }
4033
4034 hci_dev_unlock(hdev);
4035
a9de9248
MH		 4036 skb_pull(skb, HCI_EVENT_HDR_SIZE);
4037
02350a72 4038 if (hdev->sent_cmd && bt_cb(hdev->sent_cmd)->req.event == event) {
c1f23a2b
JB		 4039 struct hci_command_hdr *cmd_hdr = (void *) hdev->sent_cmd->data;
4040 u16 opcode = __le16_to_cpu(cmd_hdr->opcode);
02350a72
JH		 4041
4042 hci_req_cmd_complete(hdev, opcode, 0);
4043 }
4044
a9de9248 4045 switch (event) {
1da177e4
LT		 4046 case HCI_EV_INQUIRY_COMPLETE:
4047 hci_inquiry_complete_evt(hdev, skb);
4048 break;
4049
4050 case HCI_EV_INQUIRY_RESULT:
4051 hci_inquiry_result_evt(hdev, skb);
4052 break;
4053
a9de9248
MH		 4054 case HCI_EV_CONN_COMPLETE:
4055 hci_conn_complete_evt(hdev, skb);
21d9e30e
MH		 4056 break;
4057
1da177e4
LT		 4058 case HCI_EV_CONN_REQUEST:
4059 hci_conn_request_evt(hdev, skb);
4060 break;
4061
1da177e4
LT		 4062 case HCI_EV_DISCONN_COMPLETE:
4063 hci_disconn_complete_evt(hdev, skb);
4064 break;
4065
1da177e4
LT		 4066 case HCI_EV_AUTH_COMPLETE:
4067 hci_auth_complete_evt(hdev, skb);
4068 break;
4069
a9de9248
MH		 4070 case HCI_EV_REMOTE_NAME:
4071 hci_remote_name_evt(hdev, skb);
4072 break;
4073
1da177e4
LT		 4074 case HCI_EV_ENCRYPT_CHANGE:
4075 hci_encrypt_change_evt(hdev, skb);
4076 break;
4077
a9de9248
MH		 4078 case HCI_EV_CHANGE_LINK_KEY_COMPLETE:
4079 hci_change_link_key_complete_evt(hdev, skb);
4080 break;
4081
4082 case HCI_EV_REMOTE_FEATURES:
4083 hci_remote_features_evt(hdev, skb);
4084 break;
4085
a9de9248
MH		 4086 case HCI_EV_CMD_COMPLETE:
4087 hci_cmd_complete_evt(hdev, skb);
4088 break;
4089
4090 case HCI_EV_CMD_STATUS:
4091 hci_cmd_status_evt(hdev, skb);
4092 break;
4093
4094 case HCI_EV_ROLE_CHANGE:
4095 hci_role_change_evt(hdev, skb);
4096 break;
4097
4098 case HCI_EV_NUM_COMP_PKTS:
4099 hci_num_comp_pkts_evt(hdev, skb);
4100 break;
4101
4102 case HCI_EV_MODE_CHANGE:
4103 hci_mode_change_evt(hdev, skb);
1da177e4
LT		 4104 break;
4105
4106 case HCI_EV_PIN_CODE_REQ:
4107 hci_pin_code_request_evt(hdev, skb);
4108 break;
4109
4110 case HCI_EV_LINK_KEY_REQ:
4111 hci_link_key_request_evt(hdev, skb);
4112 break;
4113
4114 case HCI_EV_LINK_KEY_NOTIFY:
4115 hci_link_key_notify_evt(hdev, skb);
4116 break;
4117
4118 case HCI_EV_CLOCK_OFFSET:
4119 hci_clock_offset_evt(hdev, skb);
4120 break;
4121
a8746417
MH		 4122 case HCI_EV_PKT_TYPE_CHANGE:
4123 hci_pkt_type_change_evt(hdev, skb);
4124 break;
4125
85a1e930
MH		 4126 case HCI_EV_PSCAN_REP_MODE:
4127 hci_pscan_rep_mode_evt(hdev, skb);
4128 break;
4129
a9de9248
MH		 4130 case HCI_EV_INQUIRY_RESULT_WITH_RSSI:
4131 hci_inquiry_result_with_rssi_evt(hdev, skb);
04837f64
MH		 4132 break;
4133
a9de9248
MH		 4134 case HCI_EV_REMOTE_EXT_FEATURES:
4135 hci_remote_ext_features_evt(hdev, skb);
1da177e4
LT		 4136 break;
4137
a9de9248
MH		 4138 case HCI_EV_SYNC_CONN_COMPLETE:
4139 hci_sync_conn_complete_evt(hdev, skb);
4140 break;
1da177e4 4141
a9de9248
MH		 4142 case HCI_EV_EXTENDED_INQUIRY_RESULT:
4143 hci_extended_inquiry_result_evt(hdev, skb);
4144 break;
1da177e4 4145
1c2e0041
JH		 4146 case HCI_EV_KEY_REFRESH_COMPLETE:
4147 hci_key_refresh_complete_evt(hdev, skb);
4148 break;
4149
0493684e
MH		 4150 case HCI_EV_IO_CAPA_REQUEST:
4151 hci_io_capa_request_evt(hdev, skb);
4152 break;
4153
03b555e1
JH		 4154 case HCI_EV_IO_CAPA_REPLY:
4155 hci_io_capa_reply_evt(hdev, skb);
4156 break;
4157
a5c29683
JH		 4158 case HCI_EV_USER_CONFIRM_REQUEST:
4159 hci_user_confirm_request_evt(hdev, skb);
4160 break;
4161
1143d458
BG		 4162 case HCI_EV_USER_PASSKEY_REQUEST:
4163 hci_user_passkey_request_evt(hdev, skb);
4164 break;
4165
92a25256
JH		 4166 case HCI_EV_USER_PASSKEY_NOTIFY:
4167 hci_user_passkey_notify_evt(hdev, skb);
4168 break;
4169
4170 case HCI_EV_KEYPRESS_NOTIFY:
4171 hci_keypress_notify_evt(hdev, skb);
4172 break;
4173
0493684e
MH		 4174 case HCI_EV_SIMPLE_PAIR_COMPLETE:
4175 hci_simple_pair_complete_evt(hdev, skb);
4176 break;
4177
41a96212
MH		 4178 case HCI_EV_REMOTE_HOST_FEATURES:
4179 hci_remote_host_features_evt(hdev, skb);
4180 break;
4181
fcd89c09
VT		 4182 case HCI_EV_LE_META:
4183 hci_le_meta_evt(hdev, skb);
4184 break;
4185
9495b2ee
AE		 4186 case HCI_EV_CHANNEL_SELECTED:
4187 hci_chan_selected_evt(hdev, skb);
4188 break;
4189
2763eda6
SJ		 4190 case HCI_EV_REMOTE_OOB_DATA_REQUEST:
4191 hci_remote_oob_data_request_evt(hdev, skb);
4192 break;
4193
d5e91192
AE		 4194 case HCI_EV_PHY_LINK_COMPLETE:
4195 hci_phy_link_complete_evt(hdev, skb);
4196 break;
4197
27695fb4
AE		 4198 case HCI_EV_LOGICAL_LINK_COMPLETE:
4199 hci_loglink_complete_evt(hdev, skb);
4200 break;
4201
606e2a10
AE		 4202 case HCI_EV_DISCONN_LOGICAL_LINK_COMPLETE:
4203 hci_disconn_loglink_complete_evt(hdev, skb);
4204 break;
4205
9eef6b3a
AE		 4206 case HCI_EV_DISCONN_PHY_LINK_COMPLETE:
4207 hci_disconn_phylink_complete_evt(hdev, skb);
4208 break;
4209
25e89e99
AE		 4210 case HCI_EV_NUM_COMP_BLOCKS:
4211 hci_num_comp_blocks_evt(hdev, skb);
4212 break;
4213
a9de9248 4214 default:
9f1db00c 4215 BT_DBG("%s event 0x%2.2x", hdev->name, event);
1da177e4
LT		 4216 break;
4217 }
4218
4219 kfree_skb(skb);
4220 hdev->stat.evt_rx++;
4221}
Linux kernel - Deliverables
This page took 1.675689 seconds and 5 git commands to generate.