projects / deliverable / linux.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Bluetooth: Fix response on confirm_name
[deliverable/linux.git] / net / bluetooth / hci_event.c
CommitLineData
8e87d142 1/*
1da177e4 2 BlueZ - Bluetooth protocol stack for Linux
2d0a0346 3 Copyright (c) 2000-2001, 2010, Code Aurora Forum. All rights reserved.
1da177e4
LT		 4
5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
8e87d142
YH		 15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
1da177e4
LT		 18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
8e87d142
YH		 20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
1da177e4
LT		 22 SOFTWARE IS DISCLAIMED.
23*/
24
25/* Bluetooth HCI event handling. */
26
1da177e4
LT		 27#include <asm/unaligned.h>
28
29#include <net/bluetooth/bluetooth.h>
30#include <net/bluetooth/hci_core.h>
f0d6a0ea 31#include <net/bluetooth/mgmt.h>
7ef9fbf0 32
7024728e 33#include "a2mp.h"
7ef9fbf0 34#include "amp.h"
1da177e4 35
1da177e4
LT		 36/* Handle HCI Event packets */
37
a9de9248 38static void hci_cc_inquiry_cancel(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 39{
a9de9248 40 __u8 status = *((__u8 *) skb->data);
1da177e4 41
9f1db00c 42 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1da177e4 43
82f4785c 44 if (status)
a9de9248 45 return;
1da177e4 46
89352e7d 47 clear_bit(HCI_INQUIRY, &hdev->flags);
3e13fa1e
AG		 48 smp_mb__after_clear_bit(); /* wake_up_bit advises about this barrier */
49 wake_up_bit(&hdev->flags, HCI_INQUIRY);
89352e7d 50
a9de9248
MH		 51 hci_conn_check_pending(hdev);
52}
6bd57416 53
4d93483b
AG		 54static void hci_cc_periodic_inq(struct hci_dev *hdev, struct sk_buff *skb)
55{
56 __u8 status = *((__u8 *) skb->data);
57
9f1db00c 58 BT_DBG("%s status 0x%2.2x", hdev->name, status);
ae854a70
AG		 59
60 if (status)
61 return;
62
63 set_bit(HCI_PERIODIC_INQ, &hdev->dev_flags);
4d93483b
AG		 64}
65
a9de9248
MH		 66static void hci_cc_exit_periodic_inq(struct hci_dev *hdev, struct sk_buff *skb)
67{
68 __u8 status = *((__u8 *) skb->data);
6bd57416 69
9f1db00c 70 BT_DBG("%s status 0x%2.2x", hdev->name, status);
6bd57416 71
a9de9248
MH		 72 if (status)
73 return;
1da177e4 74
ae854a70
AG		 75 clear_bit(HCI_PERIODIC_INQ, &hdev->dev_flags);
76
a9de9248
MH		 77 hci_conn_check_pending(hdev);
78}
79
807deac2
GP		 80static void hci_cc_remote_name_req_cancel(struct hci_dev *hdev,
81 struct sk_buff *skb)
a9de9248
MH		 82{
83 BT_DBG("%s", hdev->name);
84}
85
86static void hci_cc_role_discovery(struct hci_dev *hdev, struct sk_buff *skb)
87{
88 struct hci_rp_role_discovery *rp = (void *) skb->data;
89 struct hci_conn *conn;
90
9f1db00c 91 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
a9de9248
MH		 92
93 if (rp->status)
94 return;
95
96 hci_dev_lock(hdev);
97
98 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
99 if (conn) {
100 if (rp->role)
101 conn->link_mode &= ~HCI_LM_MASTER;
102 else
103 conn->link_mode |= HCI_LM_MASTER;
1da177e4 104 }
a9de9248
MH		 105
106 hci_dev_unlock(hdev);
1da177e4
LT		 107}
108
e4e8e37c
MH		 109static void hci_cc_read_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
110{
111 struct hci_rp_read_link_policy *rp = (void *) skb->data;
112 struct hci_conn *conn;
113
9f1db00c 114 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
e4e8e37c
MH		 115
116 if (rp->status)
117 return;
118
119 hci_dev_lock(hdev);
120
121 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
122 if (conn)
123 conn->link_policy = __le16_to_cpu(rp->policy);
124
125 hci_dev_unlock(hdev);
126}
127
a9de9248 128static void hci_cc_write_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 129{
a9de9248 130 struct hci_rp_write_link_policy *rp = (void *) skb->data;
1da177e4 131 struct hci_conn *conn;
04837f64 132 void *sent;
1da177e4 133
9f1db00c 134 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1da177e4 135
a9de9248
MH		 136 if (rp->status)
137 return;
1da177e4 138
a9de9248
MH		 139 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LINK_POLICY);
140 if (!sent)
141 return;
1da177e4 142
a9de9248 143 hci_dev_lock(hdev);
1da177e4 144
a9de9248 145 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
e4e8e37c 146 if (conn)
83985319 147 conn->link_policy = get_unaligned_le16(sent + 2);
1da177e4 148
a9de9248
MH		 149 hci_dev_unlock(hdev);
150}
1da177e4 151
807deac2
GP		 152static void hci_cc_read_def_link_policy(struct hci_dev *hdev,
153 struct sk_buff *skb)
e4e8e37c
MH		 154{
155 struct hci_rp_read_def_link_policy *rp = (void *) skb->data;
156
9f1db00c 157 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
e4e8e37c
MH		 158
159 if (rp->status)
160 return;
161
162 hdev->link_policy = __le16_to_cpu(rp->policy);
163}
164
807deac2
GP		 165static void hci_cc_write_def_link_policy(struct hci_dev *hdev,
166 struct sk_buff *skb)
e4e8e37c
MH		 167{
168 __u8 status = *((__u8 *) skb->data);
169 void *sent;
170
9f1db00c 171 BT_DBG("%s status 0x%2.2x", hdev->name, status);
e4e8e37c
MH		 172
173 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_DEF_LINK_POLICY);
174 if (!sent)
175 return;
176
177 if (!status)
178 hdev->link_policy = get_unaligned_le16(sent);
e4e8e37c
MH		 179}
180
a9de9248
MH		 181static void hci_cc_reset(struct hci_dev *hdev, struct sk_buff *skb)
182{
183 __u8 status = *((__u8 *) skb->data);
04837f64 184
9f1db00c 185 BT_DBG("%s status 0x%2.2x", hdev->name, status);
04837f64 186
10572132
GP		 187 clear_bit(HCI_RESET, &hdev->flags);
188
a297e97c 189 /* Reset all non-persistent flags */
2cc6fb00 190 hdev->dev_flags &= ~HCI_PERSISTENT_MASK;
69775ff6
AG		 191
192 hdev->discovery.state = DISCOVERY_STOPPED;
bbaf444a
JH		 193 hdev->inq_tx_power = HCI_TX_POWER_INVALID;
194 hdev->adv_tx_power = HCI_TX_POWER_INVALID;
3f0f524b
JH		 195
196 memset(hdev->adv_data, 0, sizeof(hdev->adv_data));
197 hdev->adv_data_len = 0;
f8e808bd
MH		 198
199 memset(hdev->scan_rsp_data, 0, sizeof(hdev->scan_rsp_data));
200 hdev->scan_rsp_data_len = 0;
06f5b778
MH		 201
202 hdev->ssp_debug_mode = 0;
a9de9248 203}
04837f64 204
a9de9248
MH		 205static void hci_cc_write_local_name(struct hci_dev *hdev, struct sk_buff *skb)
206{
207 __u8 status = *((__u8 *) skb->data);
208 void *sent;
04837f64 209
9f1db00c 210 BT_DBG("%s status 0x%2.2x", hdev->name, status);
04837f64 211
a9de9248
MH		 212 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LOCAL_NAME);
213 if (!sent)
214 return;
04837f64 215
56e5cb86
JH		 216 hci_dev_lock(hdev);
217
f51d5b24
JH		 218 if (test_bit(HCI_MGMT, &hdev->dev_flags))
219 mgmt_set_local_name_complete(hdev, sent, status);
28cc7bde
JH		 220 else if (!status)
221 memcpy(hdev->dev_name, sent, HCI_MAX_NAME_LENGTH);
f51d5b24 222
56e5cb86 223 hci_dev_unlock(hdev);
a9de9248
MH		 224}
225
226static void hci_cc_read_local_name(struct hci_dev *hdev, struct sk_buff *skb)
227{
228 struct hci_rp_read_local_name *rp = (void *) skb->data;
229
9f1db00c 230 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
a9de9248
MH		 231
232 if (rp->status)
233 return;
234
db99b5fc
JH		 235 if (test_bit(HCI_SETUP, &hdev->dev_flags))
236 memcpy(hdev->dev_name, rp->name, HCI_MAX_NAME_LENGTH);
a9de9248
MH		 237}
238
239static void hci_cc_write_auth_enable(struct hci_dev *hdev, struct sk_buff *skb)
240{
241 __u8 status = *((__u8 *) skb->data);
242 void *sent;
243
9f1db00c 244 BT_DBG("%s status 0x%2.2x", hdev->name, status);
a9de9248
MH		 245
246 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_AUTH_ENABLE);
247 if (!sent)
248 return;
249
250 if (!status) {
251 __u8 param = *((__u8 *) sent);
252
253 if (param == AUTH_ENABLED)
254 set_bit(HCI_AUTH, &hdev->flags);
255 else
256 clear_bit(HCI_AUTH, &hdev->flags);
1da177e4 257 }
a9de9248 258
33ef95ed
JH		 259 if (test_bit(HCI_MGMT, &hdev->dev_flags))
260 mgmt_auth_enable_complete(hdev, status);
1da177e4
LT		 261}
262
a9de9248 263static void hci_cc_write_encrypt_mode(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 264{
a9de9248 265 __u8 status = *((__u8 *) skb->data);
1da177e4
LT		 266 void *sent;
267
9f1db00c 268 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1da177e4 269
a9de9248
MH		 270 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_ENCRYPT_MODE);
271 if (!sent)
272 return;
1da177e4 273
a9de9248
MH		 274 if (!status) {
275 __u8 param = *((__u8 *) sent);
276
277 if (param)
278 set_bit(HCI_ENCRYPT, &hdev->flags);
279 else
280 clear_bit(HCI_ENCRYPT, &hdev->flags);
281 }
a9de9248 282}
1da177e4 283
a9de9248
MH		 284static void hci_cc_write_scan_enable(struct hci_dev *hdev, struct sk_buff *skb)
285{
36f7fc7e
JH		 286 __u8 param, status = *((__u8 *) skb->data);
287 int old_pscan, old_iscan;
a9de9248 288 void *sent;
1da177e4 289
9f1db00c 290 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1da177e4 291
a9de9248
MH		 292 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SCAN_ENABLE);
293 if (!sent)
294 return;
1da177e4 295
36f7fc7e
JH		 296 param = *((__u8 *) sent);
297
56e5cb86
JH		 298 hci_dev_lock(hdev);
299
fa1bd918 300 if (status) {
744cf19e 301 mgmt_write_scan_failed(hdev, param, status);
2d7cee58
JH		 302 hdev->discov_timeout = 0;
303 goto done;
304 }
305
0663ca2a
JH		 306 /* We need to ensure that we set this back on if someone changed
307 * the scan mode through a raw HCI socket.
308 */
309 set_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
310
36f7fc7e
JH		 311 old_pscan = test_and_clear_bit(HCI_PSCAN, &hdev->flags);
312 old_iscan = test_and_clear_bit(HCI_ISCAN, &hdev->flags);
313
314 if (param & SCAN_INQUIRY) {
315 set_bit(HCI_ISCAN, &hdev->flags);
316 if (!old_iscan)
744cf19e 317 mgmt_discoverable(hdev, 1);
36f7fc7e 318 } else if (old_iscan)
744cf19e 319 mgmt_discoverable(hdev, 0);
36f7fc7e
JH		 320
321 if (param & SCAN_PAGE) {
322 set_bit(HCI_PSCAN, &hdev->flags);
323 if (!old_pscan)
744cf19e 324 mgmt_connectable(hdev, 1);
36f7fc7e 325 } else if (old_pscan)
744cf19e 326 mgmt_connectable(hdev, 0);
1da177e4 327
36f7fc7e 328done:
56e5cb86 329 hci_dev_unlock(hdev);
a9de9248 330}
1da177e4 331
a9de9248
MH		 332static void hci_cc_read_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
333{
334 struct hci_rp_read_class_of_dev *rp = (void *) skb->data;
1da177e4 335
9f1db00c 336 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1da177e4 337
a9de9248
MH		 338 if (rp->status)
339 return;
1da177e4 340
a9de9248 341 memcpy(hdev->dev_class, rp->dev_class, 3);
1da177e4 342
a9de9248 343 BT_DBG("%s class 0x%.2x%.2x%.2x", hdev->name,
807deac2 344 hdev->dev_class[2], hdev->dev_class[1], hdev->dev_class[0]);
a9de9248 345}
1da177e4 346
a9de9248
MH		 347static void hci_cc_write_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
348{
349 __u8 status = *((__u8 *) skb->data);
350 void *sent;
1da177e4 351
9f1db00c 352 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1da177e4 353
a9de9248
MH		 354 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_CLASS_OF_DEV);
355 if (!sent)
356 return;
1da177e4 357
7f9a903c
MH		 358 hci_dev_lock(hdev);
359
360 if (status == 0)
361 memcpy(hdev->dev_class, sent, 3);
362
363 if (test_bit(HCI_MGMT, &hdev->dev_flags))
364 mgmt_set_class_of_dev_complete(hdev, sent, status);
365
366 hci_dev_unlock(hdev);
a9de9248 367}
1da177e4 368
a9de9248
MH		 369static void hci_cc_read_voice_setting(struct hci_dev *hdev, struct sk_buff *skb)
370{
371 struct hci_rp_read_voice_setting *rp = (void *) skb->data;
372 __u16 setting;
373
9f1db00c 374 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
a9de9248
MH		 375
376 if (rp->status)
377 return;
378
379 setting = __le16_to_cpu(rp->voice_setting);
380
f383f275 381 if (hdev->voice_setting == setting)
a9de9248
MH		 382 return;
383
384 hdev->voice_setting = setting;
385
9f1db00c 386 BT_DBG("%s voice setting 0x%4.4x", hdev->name, setting);
a9de9248 387
3c54711c 388 if (hdev->notify)
a9de9248 389 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
a9de9248
MH		 390}
391
8fc9ced3
GP		 392static void hci_cc_write_voice_setting(struct hci_dev *hdev,
393 struct sk_buff *skb)
a9de9248
MH		 394{
395 __u8 status = *((__u8 *) skb->data);
f383f275 396 __u16 setting;
a9de9248
MH		 397 void *sent;
398
9f1db00c 399 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1da177e4 400
f383f275
MH		 401 if (status)
402 return;
403
a9de9248
MH		 404 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_VOICE_SETTING);
405 if (!sent)
406 return;
1da177e4 407
f383f275 408 setting = get_unaligned_le16(sent);
1da177e4 409
f383f275
MH		 410 if (hdev->voice_setting == setting)
411 return;
412
413 hdev->voice_setting = setting;
1da177e4 414
9f1db00c 415 BT_DBG("%s voice setting 0x%4.4x", hdev->name, setting);
1da177e4 416
3c54711c 417 if (hdev->notify)
f383f275 418 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
1da177e4
LT		 419}
420
b4cb9fb2
MH		 421static void hci_cc_read_num_supported_iac(struct hci_dev *hdev,
422 struct sk_buff *skb)
423{
424 struct hci_rp_read_num_supported_iac *rp = (void *) skb->data;
425
426 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
427
428 if (rp->status)
429 return;
430
431 hdev->num_iac = rp->num_iac;
432
433 BT_DBG("%s num iac %d", hdev->name, hdev->num_iac);
434}
435
333140b5
MH		 436static void hci_cc_write_ssp_mode(struct hci_dev *hdev, struct sk_buff *skb)
437{
438 __u8 status = *((__u8 *) skb->data);
5ed8eb2f 439 struct hci_cp_write_ssp_mode *sent;
333140b5 440
9f1db00c 441 BT_DBG("%s status 0x%2.2x", hdev->name, status);
333140b5 442
333140b5
MH		 443 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SSP_MODE);
444 if (!sent)
445 return;
446
5ed8eb2f
JH		 447 if (!status) {
448 if (sent->mode)
cad718ed 449 hdev->features[1][0] |= LMP_HOST_SSP;
5ed8eb2f 450 else
cad718ed 451 hdev->features[1][0] &= ~LMP_HOST_SSP;
5ed8eb2f
JH		 452 }
453
ed2c4ee3 454 if (test_bit(HCI_MGMT, &hdev->dev_flags))
5ed8eb2f 455 mgmt_ssp_enable_complete(hdev, sent->mode, status);
c0ecddc2 456 else if (!status) {
5ed8eb2f 457 if (sent->mode)
c0ecddc2
JH		 458 set_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
459 else
460 clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
461 }
333140b5
MH		 462}
463
eac83dc6
MH		 464static void hci_cc_write_sc_support(struct hci_dev *hdev, struct sk_buff *skb)
465{
466 u8 status = *((u8 *) skb->data);
467 struct hci_cp_write_sc_support *sent;
468
469 BT_DBG("%s status 0x%2.2x", hdev->name, status);
470
471 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SC_SUPPORT);
472 if (!sent)
473 return;
474
475 if (!status) {
476 if (sent->support)
477 hdev->features[1][0] |= LMP_HOST_SC;
478 else
479 hdev->features[1][0] &= ~LMP_HOST_SC;
480 }
481
482 if (test_bit(HCI_MGMT, &hdev->dev_flags))
483 mgmt_sc_enable_complete(hdev, sent->support, status);
484 else if (!status) {
485 if (sent->support)
486 set_bit(HCI_SC_ENABLED, &hdev->dev_flags);
487 else
488 clear_bit(HCI_SC_ENABLED, &hdev->dev_flags);
489 }
490}
491
a9de9248
MH		 492static void hci_cc_read_local_version(struct hci_dev *hdev, struct sk_buff *skb)
493{
494 struct hci_rp_read_local_version *rp = (void *) skb->data;
1143e5a6 495
9f1db00c 496 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1143e5a6 497
a9de9248 498 if (rp->status)
42c6b129 499 return;
1143e5a6 500
0d5551f5
MH		 501 if (test_bit(HCI_SETUP, &hdev->dev_flags)) {
502 hdev->hci_ver = rp->hci_ver;
503 hdev->hci_rev = __le16_to_cpu(rp->hci_rev);
504 hdev->lmp_ver = rp->lmp_ver;
505 hdev->manufacturer = __le16_to_cpu(rp->manufacturer);
506 hdev->lmp_subver = __le16_to_cpu(rp->lmp_subver);
507 }
d5859e22
JH		 508}
509
8fc9ced3
GP		 510static void hci_cc_read_local_commands(struct hci_dev *hdev,
511 struct sk_buff *skb)
a9de9248
MH		 512{
513 struct hci_rp_read_local_commands *rp = (void *) skb->data;
1da177e4 514
9f1db00c 515 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1da177e4 516
6a070e6e
MH		 517 if (rp->status)
518 return;
519
520 if (test_bit(HCI_SETUP, &hdev->dev_flags))
2177bab5 521 memcpy(hdev->commands, rp->commands, sizeof(hdev->commands));
a9de9248 522}
1da177e4 523
8fc9ced3
GP		 524static void hci_cc_read_local_features(struct hci_dev *hdev,
525 struct sk_buff *skb)
a9de9248
MH		 526{
527 struct hci_rp_read_local_features *rp = (void *) skb->data;
5b7f9909 528
9f1db00c 529 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1da177e4 530
a9de9248
MH		 531 if (rp->status)
532 return;
5b7f9909 533
a9de9248 534 memcpy(hdev->features, rp->features, 8);
5b7f9909 535
a9de9248
MH		 536 /* Adjust default settings according to features
537 * supported by device. */
1da177e4 538
cad718ed 539 if (hdev->features[0][0] & LMP_3SLOT)
a9de9248 540 hdev->pkt_type |= (HCI_DM3 | HCI_DH3);
1da177e4 541
cad718ed 542 if (hdev->features[0][0] & LMP_5SLOT)
a9de9248 543 hdev->pkt_type |= (HCI_DM5 | HCI_DH5);
1da177e4 544
cad718ed 545 if (hdev->features[0][1] & LMP_HV2) {
a9de9248
MH		 546 hdev->pkt_type |= (HCI_HV2);
547 hdev->esco_type |= (ESCO_HV2);
548 }
1da177e4 549
cad718ed 550 if (hdev->features[0][1] & LMP_HV3) {
a9de9248
MH		 551 hdev->pkt_type |= (HCI_HV3);
552 hdev->esco_type |= (ESCO_HV3);
553 }
1da177e4 554
45db810f 555 if (lmp_esco_capable(hdev))
a9de9248 556 hdev->esco_type |= (ESCO_EV3);
da1f5198 557
cad718ed 558 if (hdev->features[0][4] & LMP_EV4)
a9de9248 559 hdev->esco_type |= (ESCO_EV4);
da1f5198 560
cad718ed 561 if (hdev->features[0][4] & LMP_EV5)
a9de9248 562 hdev->esco_type |= (ESCO_EV5);
1da177e4 563
cad718ed 564 if (hdev->features[0][5] & LMP_EDR_ESCO_2M)
efc7688b
MH		 565 hdev->esco_type |= (ESCO_2EV3);
566
cad718ed 567 if (hdev->features[0][5] & LMP_EDR_ESCO_3M)
efc7688b
MH		 568 hdev->esco_type |= (ESCO_3EV3);
569
cad718ed 570 if (hdev->features[0][5] & LMP_EDR_3S_ESCO)
efc7688b 571 hdev->esco_type |= (ESCO_2EV5 | ESCO_3EV5);
a9de9248 572}
1da177e4 573
971e3a4b 574static void hci_cc_read_local_ext_features(struct hci_dev *hdev,
807deac2 575 struct sk_buff *skb)
971e3a4b
AG		 576{
577 struct hci_rp_read_local_ext_features *rp = (void *) skb->data;
578
9f1db00c 579 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
971e3a4b
AG		 580
581 if (rp->status)
42c6b129 582 return;
971e3a4b 583
57af75a8
MH		 584 if (hdev->max_page < rp->max_page)
585 hdev->max_page = rp->max_page;
d2c5d77f 586
cad718ed
JH		 587 if (rp->page < HCI_MAX_PAGES)
588 memcpy(hdev->features[rp->page], rp->features, 8);
971e3a4b
AG		 589}
590
1e89cffb 591static void hci_cc_read_flow_control_mode(struct hci_dev *hdev,
807deac2 592 struct sk_buff *skb)
1e89cffb
AE		 593{
594 struct hci_rp_read_flow_control_mode *rp = (void *) skb->data;
595
9f1db00c 596 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1e89cffb 597
42c6b129
JH		 598 if (!rp->status)
599 hdev->flow_ctl_mode = rp->mode;
1e89cffb
AE		 600}
601
a9de9248
MH		 602static void hci_cc_read_buffer_size(struct hci_dev *hdev, struct sk_buff *skb)
603{
604 struct hci_rp_read_buffer_size *rp = (void *) skb->data;
1da177e4 605
9f1db00c 606 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1da177e4 607
a9de9248
MH		 608 if (rp->status)
609 return;
1da177e4 610
a9de9248
MH		 611 hdev->acl_mtu = __le16_to_cpu(rp->acl_mtu);
612 hdev->sco_mtu = rp->sco_mtu;
613 hdev->acl_pkts = __le16_to_cpu(rp->acl_max_pkt);
614 hdev->sco_pkts = __le16_to_cpu(rp->sco_max_pkt);
615
616 if (test_bit(HCI_QUIRK_FIXUP_BUFFER_SIZE, &hdev->quirks)) {
617 hdev->sco_mtu = 64;
618 hdev->sco_pkts = 8;
1da177e4 619 }
a9de9248
MH		 620
621 hdev->acl_cnt = hdev->acl_pkts;
622 hdev->sco_cnt = hdev->sco_pkts;
623
807deac2
GP		 624 BT_DBG("%s acl mtu %d:%d sco mtu %d:%d", hdev->name, hdev->acl_mtu,
625 hdev->acl_pkts, hdev->sco_mtu, hdev->sco_pkts);
a9de9248
MH		 626}
627
628static void hci_cc_read_bd_addr(struct hci_dev *hdev, struct sk_buff *skb)
629{
630 struct hci_rp_read_bd_addr *rp = (void *) skb->data;
631
9f1db00c 632 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
a9de9248
MH		 633
634 if (!rp->status)
635 bacpy(&hdev->bdaddr, &rp->bdaddr);
23bb5763
JH		 636}
637
f332ec66
JH		 638static void hci_cc_read_page_scan_activity(struct hci_dev *hdev,
639 struct sk_buff *skb)
640{
641 struct hci_rp_read_page_scan_activity *rp = (void *) skb->data;
642
643 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
644
645 if (test_bit(HCI_INIT, &hdev->flags) && !rp->status) {
646 hdev->page_scan_interval = __le16_to_cpu(rp->interval);
647 hdev->page_scan_window = __le16_to_cpu(rp->window);
648 }
649}
650
4a3ee763
JH		 651static void hci_cc_write_page_scan_activity(struct hci_dev *hdev,
652 struct sk_buff *skb)
653{
654 u8 status = *((u8 *) skb->data);
655 struct hci_cp_write_page_scan_activity *sent;
656
657 BT_DBG("%s status 0x%2.2x", hdev->name, status);
658
659 if (status)
660 return;
661
662 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY);
663 if (!sent)
664 return;
665
666 hdev->page_scan_interval = __le16_to_cpu(sent->interval);
667 hdev->page_scan_window = __le16_to_cpu(sent->window);
668}
669
f332ec66
JH		 670static void hci_cc_read_page_scan_type(struct hci_dev *hdev,
671 struct sk_buff *skb)
672{
673 struct hci_rp_read_page_scan_type *rp = (void *) skb->data;
674
675 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
676
677 if (test_bit(HCI_INIT, &hdev->flags) && !rp->status)
678 hdev->page_scan_type = rp->type;
679}
680
4a3ee763
JH		 681static void hci_cc_write_page_scan_type(struct hci_dev *hdev,
682 struct sk_buff *skb)
683{
684 u8 status = *((u8 *) skb->data);
685 u8 *type;
686
687 BT_DBG("%s status 0x%2.2x", hdev->name, status);
688
689 if (status)
690 return;
691
692 type = hci_sent_cmd_data(hdev, HCI_OP_WRITE_PAGE_SCAN_TYPE);
693 if (type)
694 hdev->page_scan_type = *type;
695}
696
350ee4cf 697static void hci_cc_read_data_block_size(struct hci_dev *hdev,
807deac2 698 struct sk_buff *skb)
350ee4cf
AE		 699{
700 struct hci_rp_read_data_block_size *rp = (void *) skb->data;
701
9f1db00c 702 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
350ee4cf
AE		 703
704 if (rp->status)
705 return;
706
707 hdev->block_mtu = __le16_to_cpu(rp->max_acl_len);
708 hdev->block_len = __le16_to_cpu(rp->block_len);
709 hdev->num_blocks = __le16_to_cpu(rp->num_blocks);
710
711 hdev->block_cnt = hdev->num_blocks;
712
713 BT_DBG("%s blk mtu %d cnt %d len %d", hdev->name, hdev->block_mtu,
807deac2 714 hdev->block_cnt, hdev->block_len);
350ee4cf
AE		 715}
716
928abaa7 717static void hci_cc_read_local_amp_info(struct hci_dev *hdev,
807deac2 718 struct sk_buff *skb)
928abaa7
AE		 719{
720 struct hci_rp_read_local_amp_info *rp = (void *) skb->data;
721
9f1db00c 722 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
928abaa7
AE		 723
724 if (rp->status)
8e2a0d92 725 goto a2mp_rsp;
928abaa7
AE		 726
727 hdev->amp_status = rp->amp_status;
728 hdev->amp_total_bw = __le32_to_cpu(rp->total_bw);
729 hdev->amp_max_bw = __le32_to_cpu(rp->max_bw);
730 hdev->amp_min_latency = __le32_to_cpu(rp->min_latency);
731 hdev->amp_max_pdu = __le32_to_cpu(rp->max_pdu);
732 hdev->amp_type = rp->amp_type;
733 hdev->amp_pal_cap = __le16_to_cpu(rp->pal_cap);
734 hdev->amp_assoc_size = __le16_to_cpu(rp->max_assoc_size);
735 hdev->amp_be_flush_to = __le32_to_cpu(rp->be_flush_to);
736 hdev->amp_max_flush_to = __le32_to_cpu(rp->max_flush_to);
737
8e2a0d92
AE		 738a2mp_rsp:
739 a2mp_send_getinfo_rsp(hdev);
928abaa7
AE		 740}
741
903e4541
AE		 742static void hci_cc_read_local_amp_assoc(struct hci_dev *hdev,
743 struct sk_buff *skb)
744{
745 struct hci_rp_read_local_amp_assoc *rp = (void *) skb->data;
746 struct amp_assoc *assoc = &hdev->loc_assoc;
747 size_t rem_len, frag_len;
748
749 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
750
751 if (rp->status)
752 goto a2mp_rsp;
753
754 frag_len = skb->len - sizeof(*rp);
755 rem_len = __le16_to_cpu(rp->rem_len);
756
757 if (rem_len > frag_len) {
2e430be3 758 BT_DBG("frag_len %zu rem_len %zu", frag_len, rem_len);
903e4541
AE		 759
760 memcpy(assoc->data + assoc->offset, rp->frag, frag_len);
761 assoc->offset += frag_len;
762
763 /* Read other fragments */
764 amp_read_loc_assoc_frag(hdev, rp->phy_handle);
765
766 return;
767 }
768
769 memcpy(assoc->data + assoc->offset, rp->frag, rem_len);
770 assoc->len = assoc->offset + rem_len;
771 assoc->offset = 0;
772
773a2mp_rsp:
774 /* Send A2MP Rsp when all fragments are received */
775 a2mp_send_getampassoc_rsp(hdev, rp->status);
9495b2ee 776 a2mp_send_create_phy_link_req(hdev, rp->status);
903e4541
AE		 777}
778
d5859e22 779static void hci_cc_read_inq_rsp_tx_power(struct hci_dev *hdev,
807deac2 780 struct sk_buff *skb)
d5859e22 781{
91c4e9b1 782 struct hci_rp_read_inq_rsp_tx_power *rp = (void *) skb->data;
d5859e22 783
9f1db00c 784 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
91c4e9b1
MH		 785
786 if (!rp->status)
787 hdev->inq_tx_power = rp->tx_power;
d5859e22
JH		 788}
789
980e1a53
JH		 790static void hci_cc_pin_code_reply(struct hci_dev *hdev, struct sk_buff *skb)
791{
792 struct hci_rp_pin_code_reply *rp = (void *) skb->data;
793 struct hci_cp_pin_code_reply *cp;
794 struct hci_conn *conn;
795
9f1db00c 796 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
980e1a53 797
56e5cb86
JH		 798 hci_dev_lock(hdev);
799
a8b2d5c2 800 if (test_bit(HCI_MGMT, &hdev->dev_flags))
744cf19e 801 mgmt_pin_code_reply_complete(hdev, &rp->bdaddr, rp->status);
980e1a53 802
fa1bd918 803 if (rp->status)
56e5cb86 804 goto unlock;
980e1a53
JH		 805
806 cp = hci_sent_cmd_data(hdev, HCI_OP_PIN_CODE_REPLY);
807 if (!cp)
56e5cb86 808 goto unlock;
980e1a53
JH		 809
810 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
811 if (conn)
812 conn->pin_length = cp->pin_len;
56e5cb86
JH		 813
814unlock:
815 hci_dev_unlock(hdev);
980e1a53
JH		 816}
817
818static void hci_cc_pin_code_neg_reply(struct hci_dev *hdev, struct sk_buff *skb)
819{
820 struct hci_rp_pin_code_neg_reply *rp = (void *) skb->data;
821
9f1db00c 822 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
980e1a53 823
56e5cb86
JH		 824 hci_dev_lock(hdev);
825
a8b2d5c2 826 if (test_bit(HCI_MGMT, &hdev->dev_flags))
744cf19e 827 mgmt_pin_code_neg_reply_complete(hdev, &rp->bdaddr,
807deac2 828 rp->status);
56e5cb86
JH		 829
830 hci_dev_unlock(hdev);
980e1a53 831}
56e5cb86 832
6ed58ec5
VT		 833static void hci_cc_le_read_buffer_size(struct hci_dev *hdev,
834 struct sk_buff *skb)
835{
836 struct hci_rp_le_read_buffer_size *rp = (void *) skb->data;
837
9f1db00c 838 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
6ed58ec5
VT		 839
840 if (rp->status)
841 return;
842
843 hdev->le_mtu = __le16_to_cpu(rp->le_mtu);
844 hdev->le_pkts = rp->le_max_pkt;
845
846 hdev->le_cnt = hdev->le_pkts;
847
848 BT_DBG("%s le mtu %d:%d", hdev->name, hdev->le_mtu, hdev->le_pkts);
6ed58ec5 849}
980e1a53 850
60e77321
JH		 851static void hci_cc_le_read_local_features(struct hci_dev *hdev,
852 struct sk_buff *skb)
853{
854 struct hci_rp_le_read_local_features *rp = (void *) skb->data;
855
856 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
857
858 if (!rp->status)
859 memcpy(hdev->le_features, rp->features, 8);
60e77321
JH		 860}
861
8fa19098
JH		 862static void hci_cc_le_read_adv_tx_power(struct hci_dev *hdev,
863 struct sk_buff *skb)
864{
865 struct hci_rp_le_read_adv_tx_power *rp = (void *) skb->data;
866
867 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
868
04b4edcb 869 if (!rp->status)
8fa19098 870 hdev->adv_tx_power = rp->tx_power;
8fa19098
JH		 871}
872
a5c29683
JH		 873static void hci_cc_user_confirm_reply(struct hci_dev *hdev, struct sk_buff *skb)
874{
875 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
876
9f1db00c 877 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
a5c29683 878
56e5cb86
JH		 879 hci_dev_lock(hdev);
880
a8b2d5c2 881 if (test_bit(HCI_MGMT, &hdev->dev_flags))
04124681
GP		 882 mgmt_user_confirm_reply_complete(hdev, &rp->bdaddr, ACL_LINK, 0,
883 rp->status);
56e5cb86
JH		 884
885 hci_dev_unlock(hdev);
a5c29683
JH		 886}
887
888static void hci_cc_user_confirm_neg_reply(struct hci_dev *hdev,
807deac2 889 struct sk_buff *skb)
a5c29683
JH		 890{
891 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
892
9f1db00c 893 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
a5c29683 894
56e5cb86
JH		 895 hci_dev_lock(hdev);
896
a8b2d5c2 897 if (test_bit(HCI_MGMT, &hdev->dev_flags))
744cf19e 898 mgmt_user_confirm_neg_reply_complete(hdev, &rp->bdaddr,
04124681 899 ACL_LINK, 0, rp->status);
56e5cb86
JH		 900
901 hci_dev_unlock(hdev);
a5c29683
JH		 902}
903
1143d458
BG		 904static void hci_cc_user_passkey_reply(struct hci_dev *hdev, struct sk_buff *skb)
905{
906 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
907
9f1db00c 908 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1143d458
BG		 909
910 hci_dev_lock(hdev);
911
a8b2d5c2 912 if (test_bit(HCI_MGMT, &hdev->dev_flags))
272d90df 913 mgmt_user_passkey_reply_complete(hdev, &rp->bdaddr, ACL_LINK,
04124681 914 0, rp->status);
1143d458
BG		 915
916 hci_dev_unlock(hdev);
917}
918
919static void hci_cc_user_passkey_neg_reply(struct hci_dev *hdev,
807deac2 920 struct sk_buff *skb)
1143d458
BG		 921{
922 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
923
9f1db00c 924 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1143d458
BG		 925
926 hci_dev_lock(hdev);
927
a8b2d5c2 928 if (test_bit(HCI_MGMT, &hdev->dev_flags))
1143d458 929 mgmt_user_passkey_neg_reply_complete(hdev, &rp->bdaddr,
04124681 930 ACL_LINK, 0, rp->status);
1143d458
BG		 931
932 hci_dev_unlock(hdev);
933}
934
4d2d2796
MH		 935static void hci_cc_read_local_oob_data(struct hci_dev *hdev,
936 struct sk_buff *skb)
c35938b2
SJ		 937{
938 struct hci_rp_read_local_oob_data *rp = (void *) skb->data;
939
9f1db00c 940 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
c35938b2 941
56e5cb86 942 hci_dev_lock(hdev);
4d2d2796
MH		 943 mgmt_read_local_oob_data_complete(hdev, rp->hash, rp->randomizer,
944 NULL, NULL, rp->status);
945 hci_dev_unlock(hdev);
946}
947
948static void hci_cc_read_local_oob_ext_data(struct hci_dev *hdev,
949 struct sk_buff *skb)
950{
951 struct hci_rp_read_local_oob_ext_data *rp = (void *) skb->data;
952
953 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
954
955 hci_dev_lock(hdev);
956 mgmt_read_local_oob_data_complete(hdev, rp->hash192, rp->randomizer192,
957 rp->hash256, rp->randomizer256,
958 rp->status);
56e5cb86 959 hci_dev_unlock(hdev);
c35938b2
SJ		 960}
961
7a4cd51d
MH		 962
963static void hci_cc_le_set_random_addr(struct hci_dev *hdev, struct sk_buff *skb)
964{
965 __u8 status = *((__u8 *) skb->data);
966 bdaddr_t *sent;
967
968 BT_DBG("%s status 0x%2.2x", hdev->name, status);
969
970 sent = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_RANDOM_ADDR);
971 if (!sent)
972 return;
973
974 hci_dev_lock(hdev);
975
976 if (!status)
977 bacpy(&hdev->random_addr, sent);
978
979 hci_dev_unlock(hdev);
980}
981
c1d5dc4a
JH		 982static void hci_cc_le_set_adv_enable(struct hci_dev *hdev, struct sk_buff *skb)
983{
984 __u8 *sent, status = *((__u8 *) skb->data);
985
986 BT_DBG("%s status 0x%2.2x", hdev->name, status);
987
988 sent = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_ADV_ENABLE);
989 if (!sent)
990 return;
991
992 hci_dev_lock(hdev);
993
778b235a
JH		 994 if (!status)
995 mgmt_advertising(hdev, *sent);
c1d5dc4a 996
04b4edcb 997 hci_dev_unlock(hdev);
c1d5dc4a
JH		 998}
999
eb9d91f5 1000static void hci_cc_le_set_scan_enable(struct hci_dev *hdev,
807deac2 1001 struct sk_buff *skb)
eb9d91f5
AG		 1002{
1003 struct hci_cp_le_set_scan_enable *cp;
1004 __u8 status = *((__u8 *) skb->data);
1005
9f1db00c 1006 BT_DBG("%s status 0x%2.2x", hdev->name, status);
eb9d91f5 1007
eb9d91f5
AG		 1008 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_SCAN_ENABLE);
1009 if (!cp)
1010 return;
1011
3fd319b8
AG		 1012 if (status)
1013 return;
1014
68a8aea4 1015 switch (cp->enable) {
76a388be 1016 case LE_SCAN_ENABLE:
d23264a8 1017 set_bit(HCI_LE_SCAN, &hdev->dev_flags);
68a8aea4
AE		 1018 break;
1019
76a388be 1020 case LE_SCAN_DISABLE:
d23264a8 1021 clear_bit(HCI_LE_SCAN, &hdev->dev_flags);
68a8aea4
AE		 1022 break;
1023
1024 default:
1025 BT_ERR("Used reserved LE_Scan_Enable param %d", cp->enable);
1026 break;
35815085 1027 }
eb9d91f5
AG		 1028}
1029
cf1d081f
JH		 1030static void hci_cc_le_read_white_list_size(struct hci_dev *hdev,
1031 struct sk_buff *skb)
1032{
1033 struct hci_rp_le_read_white_list_size *rp = (void *) skb->data;
1034
1035 BT_DBG("%s status 0x%2.2x size %u", hdev->name, rp->status, rp->size);
1036
1037 if (!rp->status)
1038 hdev->le_white_list_size = rp->size;
cf1d081f
JH		 1039}
1040
9b008c04
JH		 1041static void hci_cc_le_read_supported_states(struct hci_dev *hdev,
1042 struct sk_buff *skb)
1043{
1044 struct hci_rp_le_read_supported_states *rp = (void *) skb->data;
1045
1046 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1047
1048 if (!rp->status)
1049 memcpy(hdev->le_states, rp->le_states, 8);
9b008c04
JH		 1050}
1051
6039aa73
GP		 1052static void hci_cc_write_le_host_supported(struct hci_dev *hdev,
1053 struct sk_buff *skb)
f9b49306 1054{
06199cf8 1055 struct hci_cp_write_le_host_supported *sent;
f9b49306
AG		 1056 __u8 status = *((__u8 *) skb->data);
1057
9f1db00c 1058 BT_DBG("%s status 0x%2.2x", hdev->name, status);
f9b49306 1059
06199cf8 1060 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED);
8f984dfa 1061 if (!sent)
f9b49306
AG		 1062 return;
1063
8f984dfa 1064 if (!status) {
416a4ae5 1065 if (sent->le) {
cad718ed 1066 hdev->features[1][0] |= LMP_HOST_LE;
416a4ae5
JH		 1067 set_bit(HCI_LE_ENABLED, &hdev->dev_flags);
1068 } else {
cad718ed 1069 hdev->features[1][0] &= ~LMP_HOST_LE;
416a4ae5 1070 clear_bit(HCI_LE_ENABLED, &hdev->dev_flags);
f3d3444a 1071 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
416a4ae5 1072 }
53b2caab
JH		 1073
1074 if (sent->simul)
cad718ed 1075 hdev->features[1][0] |= LMP_HOST_LE_BREDR;
53b2caab 1076 else
cad718ed 1077 hdev->features[1][0] &= ~LMP_HOST_LE_BREDR;
8f984dfa 1078 }
f9b49306
AG		 1079}
1080
93c284ee
AE		 1081static void hci_cc_write_remote_amp_assoc(struct hci_dev *hdev,
1082 struct sk_buff *skb)
1083{
1084 struct hci_rp_write_remote_amp_assoc *rp = (void *) skb->data;
1085
1086 BT_DBG("%s status 0x%2.2x phy_handle 0x%2.2x",
1087 hdev->name, rp->status, rp->phy_handle);
1088
1089 if (rp->status)
1090 return;
1091
1092 amp_write_rem_assoc_continue(hdev, rp->phy_handle);
1093}
1094
6039aa73 1095static void hci_cs_inquiry(struct hci_dev *hdev, __u8 status)
a9de9248 1096{
9f1db00c 1097 BT_DBG("%s status 0x%2.2x", hdev->name, status);
a9de9248
MH		 1098
1099 if (status) {
a9de9248 1100 hci_conn_check_pending(hdev);
314b2381
JH		 1101 return;
1102 }
1103
89352e7d 1104 set_bit(HCI_INQUIRY, &hdev->flags);
1da177e4
LT		 1105}
1106
6039aa73 1107static void hci_cs_create_conn(struct hci_dev *hdev, __u8 status)
1da177e4 1108{
a9de9248 1109 struct hci_cp_create_conn *cp;
1da177e4 1110 struct hci_conn *conn;
1da177e4 1111
9f1db00c 1112 BT_DBG("%s status 0x%2.2x", hdev->name, status);
a9de9248
MH		 1113
1114 cp = hci_sent_cmd_data(hdev, HCI_OP_CREATE_CONN);
1da177e4
LT		 1115 if (!cp)
1116 return;
1117
1118 hci_dev_lock(hdev);
1119
1120 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1121
6ed93dc6 1122 BT_DBG("%s bdaddr %pMR hcon %p", hdev->name, &cp->bdaddr, conn);
1da177e4
LT		 1123
1124 if (status) {
1125 if (conn && conn->state == BT_CONNECT) {
4c67bc74
MH		 1126 if (status != 0x0c || conn->attempt > 2) {
1127 conn->state = BT_CLOSED;
1128 hci_proto_connect_cfm(conn, status);
1129 hci_conn_del(conn);
1130 } else
1131 conn->state = BT_CONNECT2;
1da177e4
LT		 1132 }
1133 } else {
1134 if (!conn) {
1135 conn = hci_conn_add(hdev, ACL_LINK, &cp->bdaddr);
1136 if (conn) {
a0c808b3 1137 conn->out = true;
1da177e4
LT		 1138 conn->link_mode |= HCI_LM_MASTER;
1139 } else
893ef971 1140 BT_ERR("No memory for new connection");
1da177e4
LT		 1141 }
1142 }
1143
1144 hci_dev_unlock(hdev);
1145}
1146
a9de9248 1147static void hci_cs_add_sco(struct hci_dev *hdev, __u8 status)
1da177e4 1148{
a9de9248
MH		 1149 struct hci_cp_add_sco *cp;
1150 struct hci_conn *acl, *sco;
1151 __u16 handle;
1da177e4 1152
9f1db00c 1153 BT_DBG("%s status 0x%2.2x", hdev->name, status);
b6a0dc82 1154
a9de9248
MH		 1155 if (!status)
1156 return;
1da177e4 1157
a9de9248
MH		 1158 cp = hci_sent_cmd_data(hdev, HCI_OP_ADD_SCO);
1159 if (!cp)
1160 return;
1da177e4 1161
a9de9248 1162 handle = __le16_to_cpu(cp->handle);
1da177e4 1163
9f1db00c 1164 BT_DBG("%s handle 0x%4.4x", hdev->name, handle);
1da177e4 1165
a9de9248 1166 hci_dev_lock(hdev);
1da177e4 1167
a9de9248 1168 acl = hci_conn_hash_lookup_handle(hdev, handle);
5a08ecce
AE		 1169 if (acl) {
1170 sco = acl->link;
1171 if (sco) {
1172 sco->state = BT_CLOSED;
1da177e4 1173
5a08ecce
AE		 1174 hci_proto_connect_cfm(sco, status);
1175 hci_conn_del(sco);
1176 }
a9de9248 1177 }
1da177e4 1178
a9de9248
MH		 1179 hci_dev_unlock(hdev);
1180}
1da177e4 1181
f8558555
MH		 1182static void hci_cs_auth_requested(struct hci_dev *hdev, __u8 status)
1183{
1184 struct hci_cp_auth_requested *cp;
1185 struct hci_conn *conn;
1186
9f1db00c 1187 BT_DBG("%s status 0x%2.2x", hdev->name, status);
f8558555
MH		 1188
1189 if (!status)
1190 return;
1191
1192 cp = hci_sent_cmd_data(hdev, HCI_OP_AUTH_REQUESTED);
1193 if (!cp)
1194 return;
1195
1196 hci_dev_lock(hdev);
1197
1198 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1199 if (conn) {
1200 if (conn->state == BT_CONFIG) {
1201 hci_proto_connect_cfm(conn, status);
76a68ba0 1202 hci_conn_drop(conn);
f8558555
MH		 1203 }
1204 }
1205
1206 hci_dev_unlock(hdev);
1207}
1208
1209static void hci_cs_set_conn_encrypt(struct hci_dev *hdev, __u8 status)
1210{
1211 struct hci_cp_set_conn_encrypt *cp;
1212 struct hci_conn *conn;
1213
9f1db00c 1214 BT_DBG("%s status 0x%2.2x", hdev->name, status);
f8558555
MH		 1215
1216 if (!status)
1217 return;
1218
1219 cp = hci_sent_cmd_data(hdev, HCI_OP_SET_CONN_ENCRYPT);
1220 if (!cp)
1221 return;
1222
1223 hci_dev_lock(hdev);
1224
1225 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1226 if (conn) {
1227 if (conn->state == BT_CONFIG) {
1228 hci_proto_connect_cfm(conn, status);
76a68ba0 1229 hci_conn_drop(conn);
f8558555
MH		 1230 }
1231 }
1232
1233 hci_dev_unlock(hdev);
1234}
1235
127178d2 1236static int hci_outgoing_auth_needed(struct hci_dev *hdev,
807deac2 1237 struct hci_conn *conn)
392599b9 1238{
392599b9
JH		 1239 if (conn->state != BT_CONFIG || !conn->out)
1240 return 0;
1241
765c2a96 1242 if (conn->pending_sec_level == BT_SECURITY_SDP)
392599b9
JH		 1243 return 0;
1244
1245 /* Only request authentication for SSP connections or non-SSP
264b8b4e
JH		 1246 * devices with sec_level MEDIUM or HIGH or if MITM protection
1247 * is requested.
1248 */
807deac2 1249 if (!hci_conn_ssp_enabled(conn) && !(conn->auth_type & 0x01) &&
264b8b4e
JH		 1250 conn->pending_sec_level != BT_SECURITY_HIGH &&
1251 conn->pending_sec_level != BT_SECURITY_MEDIUM)
392599b9
JH		 1252 return 0;
1253
392599b9
JH		 1254 return 1;
1255}
1256
6039aa73 1257static int hci_resolve_name(struct hci_dev *hdev,
04124681 1258 struct inquiry_entry *e)
30dc78e1
JH		 1259{
1260 struct hci_cp_remote_name_req cp;
1261
1262 memset(&cp, 0, sizeof(cp));
1263
1264 bacpy(&cp.bdaddr, &e->data.bdaddr);
1265 cp.pscan_rep_mode = e->data.pscan_rep_mode;
1266 cp.pscan_mode = e->data.pscan_mode;
1267 cp.clock_offset = e->data.clock_offset;
1268
1269 return hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
1270}
1271
b644ba33 1272static bool hci_resolve_next_name(struct hci_dev *hdev)
30dc78e1
JH		 1273{
1274 struct discovery_state *discov = &hdev->discovery;
1275 struct inquiry_entry *e;
1276
b644ba33
JH		 1277 if (list_empty(&discov->resolve))
1278 return false;
1279
1280 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_NEEDED);
c810089c
RM		 1281 if (!e)
1282 return false;
1283
b644ba33
JH		 1284 if (hci_resolve_name(hdev, e) == 0) {
1285 e->name_state = NAME_PENDING;
1286 return true;
1287 }
1288
1289 return false;
1290}
1291
1292static void hci_check_pending_name(struct hci_dev *hdev, struct hci_conn *conn,
04124681 1293 bdaddr_t *bdaddr, u8 *name, u8 name_len)
b644ba33
JH		 1294{
1295 struct discovery_state *discov = &hdev->discovery;
1296 struct inquiry_entry *e;
1297
1298 if (conn && !test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
04124681
GP		 1299 mgmt_device_connected(hdev, bdaddr, ACL_LINK, 0x00, 0, name,
1300 name_len, conn->dev_class);
b644ba33
JH		 1301
1302 if (discov->state == DISCOVERY_STOPPED)
1303 return;
1304
30dc78e1
JH		 1305 if (discov->state == DISCOVERY_STOPPING)
1306 goto discov_complete;
1307
1308 if (discov->state != DISCOVERY_RESOLVING)
1309 return;
1310
1311 e = hci_inquiry_cache_lookup_resolve(hdev, bdaddr, NAME_PENDING);
7cc8380e
RM		 1312 /* If the device was not found in a list of found devices names of which
1313 * are pending. there is no need to continue resolving a next name as it
1314 * will be done upon receiving another Remote Name Request Complete
1315 * Event */
1316 if (!e)
1317 return;
1318
1319 list_del(&e->list);
1320 if (name) {
30dc78e1 1321 e->name_state = NAME_KNOWN;
7cc8380e
RM		 1322 mgmt_remote_name(hdev, bdaddr, ACL_LINK, 0x00,
1323 e->data.rssi, name, name_len);
c3e7c0d9
RM		 1324 } else {
1325 e->name_state = NAME_NOT_KNOWN;
30dc78e1
JH		 1326 }
1327
b644ba33 1328 if (hci_resolve_next_name(hdev))
30dc78e1 1329 return;
30dc78e1
JH		 1330
1331discov_complete:
1332 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1333}
1334
a9de9248
MH		 1335static void hci_cs_remote_name_req(struct hci_dev *hdev, __u8 status)
1336{
127178d2
JH		 1337 struct hci_cp_remote_name_req *cp;
1338 struct hci_conn *conn;
1339
9f1db00c 1340 BT_DBG("%s status 0x%2.2x", hdev->name, status);
127178d2
JH		 1341
1342 /* If successful wait for the name req complete event before
1343 * checking for the need to do authentication */
1344 if (!status)
1345 return;
1346
1347 cp = hci_sent_cmd_data(hdev, HCI_OP_REMOTE_NAME_REQ);
1348 if (!cp)
1349 return;
1350
1351 hci_dev_lock(hdev);
1352
b644ba33
JH		 1353 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1354
a8b2d5c2 1355 if (test_bit(HCI_MGMT, &hdev->dev_flags))
b644ba33 1356 hci_check_pending_name(hdev, conn, &cp->bdaddr, NULL, 0);
30dc78e1 1357
79c6c70c
JH		 1358 if (!conn)
1359 goto unlock;
1360
1361 if (!hci_outgoing_auth_needed(hdev, conn))
1362 goto unlock;
1363
51a8efd7 1364 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
c1f23a2b
JB		 1365 struct hci_cp_auth_requested auth_cp;
1366
1367 auth_cp.handle = __cpu_to_le16(conn->handle);
1368 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED,
1369 sizeof(auth_cp), &auth_cp);
127178d2
JH		 1370 }
1371
79c6c70c 1372unlock:
127178d2 1373 hci_dev_unlock(hdev);
a9de9248 1374}
1da177e4 1375
769be974
MH		 1376static void hci_cs_read_remote_features(struct hci_dev *hdev, __u8 status)
1377{
1378 struct hci_cp_read_remote_features *cp;
1379 struct hci_conn *conn;
1380
9f1db00c 1381 BT_DBG("%s status 0x%2.2x", hdev->name, status);
769be974
MH		 1382
1383 if (!status)
1384 return;
1385
1386 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_FEATURES);
1387 if (!cp)
1388 return;
1389
1390 hci_dev_lock(hdev);
1391
1392 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1393 if (conn) {
1394 if (conn->state == BT_CONFIG) {
769be974 1395 hci_proto_connect_cfm(conn, status);
76a68ba0 1396 hci_conn_drop(conn);
769be974
MH		 1397 }
1398 }
1399
1400 hci_dev_unlock(hdev);
1401}
1402
1403static void hci_cs_read_remote_ext_features(struct hci_dev *hdev, __u8 status)
1404{
1405 struct hci_cp_read_remote_ext_features *cp;
1406 struct hci_conn *conn;
1407
9f1db00c 1408 BT_DBG("%s status 0x%2.2x", hdev->name, status);
769be974
MH		 1409
1410 if (!status)
1411 return;
1412
1413 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES);
1414 if (!cp)
1415 return;
1416
1417 hci_dev_lock(hdev);
1418
1419 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1420 if (conn) {
1421 if (conn->state == BT_CONFIG) {
769be974 1422 hci_proto_connect_cfm(conn, status);
76a68ba0 1423 hci_conn_drop(conn);
769be974
MH		 1424 }
1425 }
1426
1427 hci_dev_unlock(hdev);
1428}
1429
a9de9248
MH		 1430static void hci_cs_setup_sync_conn(struct hci_dev *hdev, __u8 status)
1431{
b6a0dc82
MH		 1432 struct hci_cp_setup_sync_conn *cp;
1433 struct hci_conn *acl, *sco;
1434 __u16 handle;
1435
9f1db00c 1436 BT_DBG("%s status 0x%2.2x", hdev->name, status);
b6a0dc82
MH		 1437
1438 if (!status)
1439 return;
1440
1441 cp = hci_sent_cmd_data(hdev, HCI_OP_SETUP_SYNC_CONN);
1442 if (!cp)
1443 return;
1444
1445 handle = __le16_to_cpu(cp->handle);
1446
9f1db00c 1447 BT_DBG("%s handle 0x%4.4x", hdev->name, handle);
b6a0dc82
MH		 1448
1449 hci_dev_lock(hdev);
1450
1451 acl = hci_conn_hash_lookup_handle(hdev, handle);
5a08ecce
AE		 1452 if (acl) {
1453 sco = acl->link;
1454 if (sco) {
1455 sco->state = BT_CLOSED;
b6a0dc82 1456
5a08ecce
AE		 1457 hci_proto_connect_cfm(sco, status);
1458 hci_conn_del(sco);
1459 }
b6a0dc82
MH		 1460 }
1461
1462 hci_dev_unlock(hdev);
1da177e4
LT		 1463}
1464
a9de9248 1465static void hci_cs_sniff_mode(struct hci_dev *hdev, __u8 status)
1da177e4 1466{
a9de9248
MH		 1467 struct hci_cp_sniff_mode *cp;
1468 struct hci_conn *conn;
1da177e4 1469
9f1db00c 1470 BT_DBG("%s status 0x%2.2x", hdev->name, status);
04837f64 1471
a9de9248
MH		 1472 if (!status)
1473 return;
04837f64 1474
a9de9248
MH		 1475 cp = hci_sent_cmd_data(hdev, HCI_OP_SNIFF_MODE);
1476 if (!cp)
1477 return;
04837f64 1478
a9de9248 1479 hci_dev_lock(hdev);
04837f64 1480
a9de9248 1481 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
e73439d8 1482 if (conn) {
51a8efd7 1483 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags);
04837f64 1484
51a8efd7 1485 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
e73439d8
MH		 1486 hci_sco_setup(conn, status);
1487 }
1488
a9de9248
MH		 1489 hci_dev_unlock(hdev);
1490}
04837f64 1491
a9de9248
MH		 1492static void hci_cs_exit_sniff_mode(struct hci_dev *hdev, __u8 status)
1493{
1494 struct hci_cp_exit_sniff_mode *cp;
1495 struct hci_conn *conn;
04837f64 1496
9f1db00c 1497 BT_DBG("%s status 0x%2.2x", hdev->name, status);
04837f64 1498
a9de9248
MH		 1499 if (!status)
1500 return;
04837f64 1501
a9de9248
MH		 1502 cp = hci_sent_cmd_data(hdev, HCI_OP_EXIT_SNIFF_MODE);
1503 if (!cp)
1504 return;
04837f64 1505
a9de9248 1506 hci_dev_lock(hdev);
1da177e4 1507
a9de9248 1508 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
e73439d8 1509 if (conn) {
51a8efd7 1510 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags);
1da177e4 1511
51a8efd7 1512 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
e73439d8
MH		 1513 hci_sco_setup(conn, status);
1514 }
1515
a9de9248 1516 hci_dev_unlock(hdev);
1da177e4
LT		 1517}
1518
88c3df13
JH		 1519static void hci_cs_disconnect(struct hci_dev *hdev, u8 status)
1520{
1521 struct hci_cp_disconnect *cp;
1522 struct hci_conn *conn;
1523
1524 if (!status)
1525 return;
1526
1527 cp = hci_sent_cmd_data(hdev, HCI_OP_DISCONNECT);
1528 if (!cp)
1529 return;
1530
1531 hci_dev_lock(hdev);
1532
1533 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1534 if (conn)
1535 mgmt_disconnect_failed(hdev, &conn->dst, conn->type,
04124681 1536 conn->dst_type, status);
88c3df13
JH		 1537
1538 hci_dev_unlock(hdev);
1539}
1540
a02226d6
AE		 1541static void hci_cs_create_phylink(struct hci_dev *hdev, u8 status)
1542{
93c284ee
AE		 1543 struct hci_cp_create_phy_link *cp;
1544
a02226d6 1545 BT_DBG("%s status 0x%2.2x", hdev->name, status);
93c284ee 1546
93c284ee
AE		 1547 cp = hci_sent_cmd_data(hdev, HCI_OP_CREATE_PHY_LINK);
1548 if (!cp)
1549 return;
1550
e58917b9
AE		 1551 hci_dev_lock(hdev);
1552
1553 if (status) {
1554 struct hci_conn *hcon;
1555
1556 hcon = hci_conn_hash_lookup_handle(hdev, cp->phy_handle);
1557 if (hcon)
1558 hci_conn_del(hcon);
1559 } else {
1560 amp_write_remote_assoc(hdev, cp->phy_handle);
1561 }
1562
1563 hci_dev_unlock(hdev);
a02226d6
AE		 1564}
1565
0b26ab9d
AE		 1566static void hci_cs_accept_phylink(struct hci_dev *hdev, u8 status)
1567{
1568 struct hci_cp_accept_phy_link *cp;
1569
1570 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1571
1572 if (status)
1573 return;
1574
1575 cp = hci_sent_cmd_data(hdev, HCI_OP_ACCEPT_PHY_LINK);
1576 if (!cp)
1577 return;
1578
1579 amp_write_remote_assoc(hdev, cp->phy_handle);
1580}
1581
6039aa73 1582static void hci_inquiry_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4
LT		 1583{
1584 __u8 status = *((__u8 *) skb->data);
30dc78e1
JH		 1585 struct discovery_state *discov = &hdev->discovery;
1586 struct inquiry_entry *e;
1da177e4 1587
9f1db00c 1588 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1da177e4 1589
a9de9248 1590 hci_conn_check_pending(hdev);
89352e7d
AG		 1591
1592 if (!test_and_clear_bit(HCI_INQUIRY, &hdev->flags))
1593 return;
1594
3e13fa1e
AG		 1595 smp_mb__after_clear_bit(); /* wake_up_bit advises about this barrier */
1596 wake_up_bit(&hdev->flags, HCI_INQUIRY);
1597
a8b2d5c2 1598 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
30dc78e1
JH		 1599 return;
1600
56e5cb86 1601 hci_dev_lock(hdev);
30dc78e1 1602
343f935b 1603 if (discov->state != DISCOVERY_FINDING)
30dc78e1
JH		 1604 goto unlock;
1605
1606 if (list_empty(&discov->resolve)) {
1607 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1608 goto unlock;
1609 }
1610
1611 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_NEEDED);
1612 if (e && hci_resolve_name(hdev, e) == 0) {
1613 e->name_state = NAME_PENDING;
1614 hci_discovery_set_state(hdev, DISCOVERY_RESOLVING);
1615 } else {
1616 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1617 }
1618
1619unlock:
56e5cb86 1620 hci_dev_unlock(hdev);
1da177e4
LT		 1621}
1622
6039aa73 1623static void hci_inquiry_result_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 1624{
45bb4bf0 1625 struct inquiry_data data;
a9de9248 1626 struct inquiry_info *info = (void *) (skb->data + 1);
1da177e4
LT		 1627 int num_rsp = *((__u8 *) skb->data);
1628
1629 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
1630
45bb4bf0
MH		 1631 if (!num_rsp)
1632 return;
1633
1519cc17
AG		 1634 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags))
1635 return;
1636
1da177e4 1637 hci_dev_lock(hdev);
45bb4bf0 1638
e17acd40 1639 for (; num_rsp; num_rsp--, info++) {
388fc8fa 1640 bool name_known, ssp;
3175405b 1641
1da177e4
LT		 1642 bacpy(&data.bdaddr, &info->bdaddr);
1643 data.pscan_rep_mode = info->pscan_rep_mode;
1644 data.pscan_period_mode = info->pscan_period_mode;
1645 data.pscan_mode = info->pscan_mode;
1646 memcpy(data.dev_class, info->dev_class, 3);
1647 data.clock_offset = info->clock_offset;
1648 data.rssi = 0x00;
41a96212 1649 data.ssp_mode = 0x00;
3175405b 1650
388fc8fa 1651 name_known = hci_inquiry_cache_update(hdev, &data, false, &ssp);
48264f06 1652 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
04124681
GP		 1653 info->dev_class, 0, !name_known, ssp, NULL,
1654 0);
1da177e4 1655 }
45bb4bf0 1656
1da177e4
LT		 1657 hci_dev_unlock(hdev);
1658}
1659
6039aa73 1660static void hci_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 1661{
a9de9248
MH		 1662 struct hci_ev_conn_complete *ev = (void *) skb->data;
1663 struct hci_conn *conn;
1da177e4
LT		 1664
1665 BT_DBG("%s", hdev->name);
1666
1667 hci_dev_lock(hdev);
1668
1669 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
9499237a
MH		 1670 if (!conn) {
1671 if (ev->link_type != SCO_LINK)
1672 goto unlock;
1673
1674 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
1675 if (!conn)
1676 goto unlock;
1677
1678 conn->type = SCO_LINK;
1679 }
1da177e4
LT		 1680
1681 if (!ev->status) {
1682 conn->handle = __le16_to_cpu(ev->handle);
769be974
MH		 1683
1684 if (conn->type == ACL_LINK) {
1685 conn->state = BT_CONFIG;
1686 hci_conn_hold(conn);
a9ea3ed9
SJ		 1687
1688 if (!conn->out && !hci_conn_ssp_enabled(conn) &&
1689 !hci_find_link_key(hdev, &ev->bdaddr))
1690 conn->disc_timeout = HCI_PAIRING_TIMEOUT;
1691 else
1692 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
769be974
MH		 1693 } else
1694 conn->state = BT_CONNECTED;
1da177e4 1695
7d0db0a3
MH		 1696 hci_conn_add_sysfs(conn);
1697
1da177e4
LT		 1698 if (test_bit(HCI_AUTH, &hdev->flags))
1699 conn->link_mode |= HCI_LM_AUTH;
1700
1701 if (test_bit(HCI_ENCRYPT, &hdev->flags))
1702 conn->link_mode |= HCI_LM_ENCRYPT;
1703
04837f64
MH		 1704 /* Get remote features */
1705 if (conn->type == ACL_LINK) {
1706 struct hci_cp_read_remote_features cp;
1707 cp.handle = ev->handle;
769be974 1708 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_FEATURES,
04124681 1709 sizeof(cp), &cp);
04837f64
MH		 1710 }
1711
1da177e4 1712 /* Set packet type for incoming connection */
d095c1eb 1713 if (!conn->out && hdev->hci_ver < BLUETOOTH_VER_2_0) {
1da177e4
LT		 1714 struct hci_cp_change_conn_ptype cp;
1715 cp.handle = ev->handle;
a8746417 1716 cp.pkt_type = cpu_to_le16(conn->pkt_type);
04124681
GP		 1717 hci_send_cmd(hdev, HCI_OP_CHANGE_CONN_PTYPE, sizeof(cp),
1718 &cp);
1da177e4 1719 }
17d5c04c 1720 } else {
1da177e4 1721 conn->state = BT_CLOSED;
17d5c04c 1722 if (conn->type == ACL_LINK)
64c7b77c 1723 mgmt_connect_failed(hdev, &conn->dst, conn->type,
04124681 1724 conn->dst_type, ev->status);
17d5c04c 1725 }
1da177e4 1726
e73439d8
MH		 1727 if (conn->type == ACL_LINK)
1728 hci_sco_setup(conn, ev->status);
1da177e4 1729
769be974
MH		 1730 if (ev->status) {
1731 hci_proto_connect_cfm(conn, ev->status);
1da177e4 1732 hci_conn_del(conn);
c89b6e6b
MH		 1733 } else if (ev->link_type != ACL_LINK)
1734 hci_proto_connect_cfm(conn, ev->status);
1da177e4 1735
a9de9248 1736unlock:
1da177e4 1737 hci_dev_unlock(hdev);
1da177e4 1738
a9de9248 1739 hci_conn_check_pending(hdev);
1da177e4
LT		 1740}
1741
6039aa73 1742static void hci_conn_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 1743{
a9de9248
MH		 1744 struct hci_ev_conn_request *ev = (void *) skb->data;
1745 int mask = hdev->link_mode;
20714bfe 1746 __u8 flags = 0;
1da177e4 1747
6ed93dc6 1748 BT_DBG("%s bdaddr %pMR type 0x%x", hdev->name, &ev->bdaddr,
807deac2 1749 ev->link_type);
1da177e4 1750
20714bfe
FD		 1751 mask |= hci_proto_connect_ind(hdev, &ev->bdaddr, ev->link_type,
1752 &flags);
1da177e4 1753
138d22ef 1754 if ((mask & HCI_LM_ACCEPT) &&
b9ee0a78 1755 !hci_blacklist_lookup(hdev, &ev->bdaddr, BDADDR_BREDR)) {
a9de9248 1756 /* Connection accepted */
c7bdd502 1757 struct inquiry_entry *ie;
1da177e4 1758 struct hci_conn *conn;
1da177e4 1759
a9de9248 1760 hci_dev_lock(hdev);
b6a0dc82 1761
cc11b9c1
AE		 1762 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
1763 if (ie)
c7bdd502
MH		 1764 memcpy(ie->data.dev_class, ev->dev_class, 3);
1765
8fc9ced3
GP		 1766 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type,
1767 &ev->bdaddr);
a9de9248 1768 if (!conn) {
cc11b9c1
AE		 1769 conn = hci_conn_add(hdev, ev->link_type, &ev->bdaddr);
1770 if (!conn) {
893ef971 1771 BT_ERR("No memory for new connection");
a9de9248
MH		 1772 hci_dev_unlock(hdev);
1773 return;
1da177e4
LT		 1774 }
1775 }
b6a0dc82 1776
a9de9248 1777 memcpy(conn->dev_class, ev->dev_class, 3);
b6a0dc82 1778
a9de9248 1779 hci_dev_unlock(hdev);
1da177e4 1780
20714bfe
FD		 1781 if (ev->link_type == ACL_LINK ||
1782 (!(flags & HCI_PROTO_DEFER) && !lmp_esco_capable(hdev))) {
b6a0dc82 1783 struct hci_cp_accept_conn_req cp;
20714bfe 1784 conn->state = BT_CONNECT;
1da177e4 1785
b6a0dc82
MH		 1786 bacpy(&cp.bdaddr, &ev->bdaddr);
1787
1788 if (lmp_rswitch_capable(hdev) && (mask & HCI_LM_MASTER))
1789 cp.role = 0x00; /* Become master */
1790 else
1791 cp.role = 0x01; /* Remain slave */
1792
04124681
GP		 1793 hci_send_cmd(hdev, HCI_OP_ACCEPT_CONN_REQ, sizeof(cp),
1794 &cp);
20714bfe 1795 } else if (!(flags & HCI_PROTO_DEFER)) {
b6a0dc82 1796 struct hci_cp_accept_sync_conn_req cp;
20714bfe 1797 conn->state = BT_CONNECT;
b6a0dc82
MH		 1798
1799 bacpy(&cp.bdaddr, &ev->bdaddr);
a8746417 1800 cp.pkt_type = cpu_to_le16(conn->pkt_type);
b6a0dc82 1801
82781e63
AE		 1802 cp.tx_bandwidth = __constant_cpu_to_le32(0x00001f40);
1803 cp.rx_bandwidth = __constant_cpu_to_le32(0x00001f40);
1804 cp.max_latency = __constant_cpu_to_le16(0xffff);
b6a0dc82
MH		 1805 cp.content_format = cpu_to_le16(hdev->voice_setting);
1806 cp.retrans_effort = 0xff;
1da177e4 1807
b6a0dc82 1808 hci_send_cmd(hdev, HCI_OP_ACCEPT_SYNC_CONN_REQ,
04124681 1809 sizeof(cp), &cp);
20714bfe
FD		 1810 } else {
1811 conn->state = BT_CONNECT2;
1812 hci_proto_connect_cfm(conn, 0);
b6a0dc82 1813 }
a9de9248
MH		 1814 } else {
1815 /* Connection rejected */
1816 struct hci_cp_reject_conn_req cp;
1da177e4 1817
a9de9248 1818 bacpy(&cp.bdaddr, &ev->bdaddr);
9f5a0d7b 1819 cp.reason = HCI_ERROR_REJ_BAD_ADDR;
a9de9248 1820 hci_send_cmd(hdev, HCI_OP_REJECT_CONN_REQ, sizeof(cp), &cp);
1da177e4 1821 }
1da177e4
LT		 1822}
1823
f0d6a0ea
MA		 1824static u8 hci_to_mgmt_reason(u8 err)
1825{
1826 switch (err) {
1827 case HCI_ERROR_CONNECTION_TIMEOUT:
1828 return MGMT_DEV_DISCONN_TIMEOUT;
1829 case HCI_ERROR_REMOTE_USER_TERM:
1830 case HCI_ERROR_REMOTE_LOW_RESOURCES:
1831 case HCI_ERROR_REMOTE_POWER_OFF:
1832 return MGMT_DEV_DISCONN_REMOTE;
1833 case HCI_ERROR_LOCAL_HOST_TERM:
1834 return MGMT_DEV_DISCONN_LOCAL_HOST;
1835 default:
1836 return MGMT_DEV_DISCONN_UNKNOWN;
1837 }
1838}
1839
6039aa73 1840static void hci_disconn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
04837f64 1841{
a9de9248 1842 struct hci_ev_disconn_complete *ev = (void *) skb->data;
abf54a50 1843 u8 reason = hci_to_mgmt_reason(ev->reason);
9fcb18ef 1844 struct hci_conn_params *params;
04837f64 1845 struct hci_conn *conn;
12d4a3b2 1846 bool mgmt_connected;
3846220b 1847 u8 type;
04837f64 1848
9f1db00c 1849 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
04837f64
MH		 1850
1851 hci_dev_lock(hdev);
1852
1853 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
f7520543
JH		 1854 if (!conn)
1855 goto unlock;
7d0db0a3 1856
abf54a50
AG		 1857 if (ev->status) {
1858 mgmt_disconnect_failed(hdev, &conn->dst, conn->type,
1859 conn->dst_type, ev->status);
1860 goto unlock;
37d9ef76 1861 }
f7520543 1862
3846220b
AG		 1863 conn->state = BT_CLOSED;
1864
12d4a3b2
JH		 1865 mgmt_connected = test_and_clear_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags);
1866 mgmt_device_disconnected(hdev, &conn->dst, conn->type, conn->dst_type,
1867 reason, mgmt_connected);
abf54a50 1868
3846220b
AG		 1869 if (conn->type == ACL_LINK && conn->flush_key)
1870 hci_remove_link_key(hdev, &conn->dst);
2210246c 1871
9fcb18ef
AG		 1872 params = hci_conn_params_lookup(hdev, &conn->dst, conn->dst_type);
1873 if (params) {
1874 switch (params->auto_connect) {
1875 case HCI_AUTO_CONN_LINK_LOSS:
1876 if (ev->reason != HCI_ERROR_CONNECTION_TIMEOUT)
1877 break;
1878 /* Fall through */
1879
1880 case HCI_AUTO_CONN_ALWAYS:
1881 hci_pend_le_conn_add(hdev, &conn->dst, conn->dst_type);
1882 break;
1883
1884 default:
1885 break;
1886 }
1887 }
1888
3846220b 1889 type = conn->type;
2210246c 1890
3846220b
AG		 1891 hci_proto_disconn_cfm(conn, ev->reason);
1892 hci_conn_del(conn);
1893
1894 /* Re-enable advertising if necessary, since it might
1895 * have been disabled by the connection. From the
1896 * HCI_LE_Set_Advertise_Enable command description in
1897 * the core specification (v4.0):
1898 * "The Controller shall continue advertising until the Host
1899 * issues an LE_Set_Advertise_Enable command with
1900 * Advertising_Enable set to 0x00 (Advertising is disabled)
1901 * or until a connection is created or until the Advertising
1902 * is timed out due to Directed Advertising."
1903 */
1904 if (type == LE_LINK)
1905 mgmt_reenable_advertising(hdev);
f7520543
JH		 1906
1907unlock:
04837f64
MH		 1908 hci_dev_unlock(hdev);
1909}
1910
6039aa73 1911static void hci_auth_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 1912{
a9de9248 1913 struct hci_ev_auth_complete *ev = (void *) skb->data;
04837f64 1914 struct hci_conn *conn;
1da177e4 1915
9f1db00c 1916 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
1da177e4
LT		 1917
1918 hci_dev_lock(hdev);
1919
04837f64 1920 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
d7556e20
WR		 1921 if (!conn)
1922 goto unlock;
1923
1924 if (!ev->status) {
aa64a8b5 1925 if (!hci_conn_ssp_enabled(conn) &&
807deac2 1926 test_bit(HCI_CONN_REAUTH_PEND, &conn->flags)) {
d7556e20 1927 BT_INFO("re-auth of legacy device is not possible.");
2a611692 1928 } else {
d7556e20
WR		 1929 conn->link_mode |= HCI_LM_AUTH;
1930 conn->sec_level = conn->pending_sec_level;
2a611692 1931 }
d7556e20 1932 } else {
bab73cb6 1933 mgmt_auth_failed(hdev, &conn->dst, conn->type, conn->dst_type,
04124681 1934 ev->status);
d7556e20 1935 }
1da177e4 1936
51a8efd7
JH		 1937 clear_bit(HCI_CONN_AUTH_PEND, &conn->flags);
1938 clear_bit(HCI_CONN_REAUTH_PEND, &conn->flags);
1da177e4 1939
d7556e20 1940 if (conn->state == BT_CONFIG) {
aa64a8b5 1941 if (!ev->status && hci_conn_ssp_enabled(conn)) {
d7556e20
WR		 1942 struct hci_cp_set_conn_encrypt cp;
1943 cp.handle = ev->handle;
1944 cp.encrypt = 0x01;
1945 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
807deac2 1946 &cp);
052b30b0 1947 } else {
d7556e20
WR		 1948 conn->state = BT_CONNECTED;
1949 hci_proto_connect_cfm(conn, ev->status);
76a68ba0 1950 hci_conn_drop(conn);
052b30b0 1951 }
d7556e20
WR		 1952 } else {
1953 hci_auth_cfm(conn, ev->status);
052b30b0 1954
d7556e20
WR		 1955 hci_conn_hold(conn);
1956 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
76a68ba0 1957 hci_conn_drop(conn);
d7556e20
WR		 1958 }
1959
51a8efd7 1960 if (test_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags)) {
d7556e20
WR		 1961 if (!ev->status) {
1962 struct hci_cp_set_conn_encrypt cp;
1963 cp.handle = ev->handle;
1964 cp.encrypt = 0x01;
1965 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
807deac2 1966 &cp);
d7556e20 1967 } else {
51a8efd7 1968 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
d7556e20 1969 hci_encrypt_cfm(conn, ev->status, 0x00);
1da177e4
LT		 1970 }
1971 }
1972
d7556e20 1973unlock:
1da177e4
LT		 1974 hci_dev_unlock(hdev);
1975}
1976
6039aa73 1977static void hci_remote_name_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 1978{
127178d2
JH		 1979 struct hci_ev_remote_name *ev = (void *) skb->data;
1980 struct hci_conn *conn;
1981
a9de9248 1982 BT_DBG("%s", hdev->name);
1da177e4 1983
a9de9248 1984 hci_conn_check_pending(hdev);
127178d2
JH		 1985
1986 hci_dev_lock(hdev);
1987
b644ba33 1988 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
30dc78e1 1989
b644ba33
JH		 1990 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
1991 goto check_auth;
a88a9652 1992
b644ba33
JH		 1993 if (ev->status == 0)
1994 hci_check_pending_name(hdev, conn, &ev->bdaddr, ev->name,
04124681 1995 strnlen(ev->name, HCI_MAX_NAME_LENGTH));
b644ba33
JH		 1996 else
1997 hci_check_pending_name(hdev, conn, &ev->bdaddr, NULL, 0);
1998
1999check_auth:
79c6c70c
JH		 2000 if (!conn)
2001 goto unlock;
2002
2003 if (!hci_outgoing_auth_needed(hdev, conn))
2004 goto unlock;
2005
51a8efd7 2006 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
127178d2
JH		 2007 struct hci_cp_auth_requested cp;
2008 cp.handle = __cpu_to_le16(conn->handle);
2009 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp);
2010 }
2011
79c6c70c 2012unlock:
127178d2 2013 hci_dev_unlock(hdev);
a9de9248
MH		 2014}
2015
6039aa73 2016static void hci_encrypt_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248
MH		 2017{
2018 struct hci_ev_encrypt_change *ev = (void *) skb->data;
2019 struct hci_conn *conn;
2020
9f1db00c 2021 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
1da177e4
LT		 2022
2023 hci_dev_lock(hdev);
2024
04837f64 2025 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
dc8357cc
MH		 2026 if (!conn)
2027 goto unlock;
1da177e4 2028
dc8357cc
MH		 2029 if (!ev->status) {
2030 if (ev->encrypt) {
2031 /* Encryption implies authentication */
2032 conn->link_mode |= HCI_LM_AUTH;
2033 conn->link_mode |= HCI_LM_ENCRYPT;
2034 conn->sec_level = conn->pending_sec_level;
abf76bad 2035
914a6ffe
MH		 2036 /* P-256 authentication key implies FIPS */
2037 if (conn->key_type == HCI_LK_AUTH_COMBINATION_P256)
2038 conn->link_mode |= HCI_LM_FIPS;
2039
abf76bad
MH		 2040 if ((conn->type == ACL_LINK && ev->encrypt == 0x02) ||
2041 conn->type == LE_LINK)
2042 set_bit(HCI_CONN_AES_CCM, &conn->flags);
2043 } else {
dc8357cc 2044 conn->link_mode &= ~HCI_LM_ENCRYPT;
abf76bad
MH		 2045 clear_bit(HCI_CONN_AES_CCM, &conn->flags);
2046 }
dc8357cc 2047 }
a7d7723a 2048
dc8357cc 2049 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
f8558555 2050
dc8357cc
MH		 2051 if (ev->status && conn->state == BT_CONNECTED) {
2052 hci_disconnect(conn, HCI_ERROR_AUTH_FAILURE);
2053 hci_conn_drop(conn);
2054 goto unlock;
1da177e4
LT		 2055 }
2056
dc8357cc
MH		 2057 if (conn->state == BT_CONFIG) {
2058 if (!ev->status)
2059 conn->state = BT_CONNECTED;
2060
2061 hci_proto_connect_cfm(conn, ev->status);
2062 hci_conn_drop(conn);
2063 } else
2064 hci_encrypt_cfm(conn, ev->status, ev->encrypt);
2065
a7d7723a 2066unlock:
1da177e4
LT		 2067 hci_dev_unlock(hdev);
2068}
2069
6039aa73
GP		 2070static void hci_change_link_key_complete_evt(struct hci_dev *hdev,
2071 struct sk_buff *skb)
1da177e4 2072{
a9de9248 2073 struct hci_ev_change_link_key_complete *ev = (void *) skb->data;
04837f64 2074 struct hci_conn *conn;
1da177e4 2075
9f1db00c 2076 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
1da177e4
LT		 2077
2078 hci_dev_lock(hdev);
2079
04837f64 2080 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1da177e4
LT		 2081 if (conn) {
2082 if (!ev->status)
2083 conn->link_mode |= HCI_LM_SECURE;
2084
51a8efd7 2085 clear_bit(HCI_CONN_AUTH_PEND, &conn->flags);
1da177e4
LT		 2086
2087 hci_key_change_cfm(conn, ev->status);
2088 }
2089
2090 hci_dev_unlock(hdev);
2091}
2092
6039aa73
GP		 2093static void hci_remote_features_evt(struct hci_dev *hdev,
2094 struct sk_buff *skb)
1da177e4 2095{
a9de9248
MH		 2096 struct hci_ev_remote_features *ev = (void *) skb->data;
2097 struct hci_conn *conn;
2098
9f1db00c 2099 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
a9de9248 2100
a9de9248
MH		 2101 hci_dev_lock(hdev);
2102
2103 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
ccd556fe
JH		 2104 if (!conn)
2105 goto unlock;
769be974 2106
ccd556fe 2107 if (!ev->status)
cad718ed 2108 memcpy(conn->features[0], ev->features, 8);
ccd556fe
JH		 2109
2110 if (conn->state != BT_CONFIG)
2111 goto unlock;
2112
2113 if (!ev->status && lmp_ssp_capable(hdev) && lmp_ssp_capable(conn)) {
2114 struct hci_cp_read_remote_ext_features cp;
2115 cp.handle = ev->handle;
2116 cp.page = 0x01;
2117 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES,
807deac2 2118 sizeof(cp), &cp);
392599b9
JH		 2119 goto unlock;
2120 }
2121
671267bf 2122 if (!ev->status && !test_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags)) {
127178d2
JH		 2123 struct hci_cp_remote_name_req cp;
2124 memset(&cp, 0, sizeof(cp));
2125 bacpy(&cp.bdaddr, &conn->dst);
2126 cp.pscan_rep_mode = 0x02;
2127 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
b644ba33
JH		 2128 } else if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
2129 mgmt_device_connected(hdev, &conn->dst, conn->type,
04124681
GP		 2130 conn->dst_type, 0, NULL, 0,
2131 conn->dev_class);
392599b9 2132
127178d2 2133 if (!hci_outgoing_auth_needed(hdev, conn)) {
ccd556fe
JH		 2134 conn->state = BT_CONNECTED;
2135 hci_proto_connect_cfm(conn, ev->status);
76a68ba0 2136 hci_conn_drop(conn);
769be974 2137 }
a9de9248 2138
ccd556fe 2139unlock:
a9de9248 2140 hci_dev_unlock(hdev);
1da177e4
LT		 2141}
2142
6039aa73 2143static void hci_cmd_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248
MH		 2144{
2145 struct hci_ev_cmd_complete *ev = (void *) skb->data;
9238f36a 2146 u8 status = skb->data[sizeof(*ev)];
a9de9248
MH		 2147 __u16 opcode;
2148
2149 skb_pull(skb, sizeof(*ev));
2150
2151 opcode = __le16_to_cpu(ev->opcode);
2152
2153 switch (opcode) {
2154 case HCI_OP_INQUIRY_CANCEL:
2155 hci_cc_inquiry_cancel(hdev, skb);
2156 break;
2157
4d93483b
AG		 2158 case HCI_OP_PERIODIC_INQ:
2159 hci_cc_periodic_inq(hdev, skb);
2160 break;
2161
a9de9248
MH		 2162 case HCI_OP_EXIT_PERIODIC_INQ:
2163 hci_cc_exit_periodic_inq(hdev, skb);
2164 break;
2165
2166 case HCI_OP_REMOTE_NAME_REQ_CANCEL:
2167 hci_cc_remote_name_req_cancel(hdev, skb);
2168 break;
2169
2170 case HCI_OP_ROLE_DISCOVERY:
2171 hci_cc_role_discovery(hdev, skb);
2172 break;
2173
e4e8e37c
MH		 2174 case HCI_OP_READ_LINK_POLICY:
2175 hci_cc_read_link_policy(hdev, skb);
2176 break;
2177
a9de9248
MH		 2178 case HCI_OP_WRITE_LINK_POLICY:
2179 hci_cc_write_link_policy(hdev, skb);
2180 break;
2181
e4e8e37c
MH		 2182 case HCI_OP_READ_DEF_LINK_POLICY:
2183 hci_cc_read_def_link_policy(hdev, skb);
2184 break;
2185
2186 case HCI_OP_WRITE_DEF_LINK_POLICY:
2187 hci_cc_write_def_link_policy(hdev, skb);
2188 break;
2189
a9de9248
MH		 2190 case HCI_OP_RESET:
2191 hci_cc_reset(hdev, skb);
2192 break;
2193
2194 case HCI_OP_WRITE_LOCAL_NAME:
2195 hci_cc_write_local_name(hdev, skb);
2196 break;
2197
2198 case HCI_OP_READ_LOCAL_NAME:
2199 hci_cc_read_local_name(hdev, skb);
2200 break;
2201
2202 case HCI_OP_WRITE_AUTH_ENABLE:
2203 hci_cc_write_auth_enable(hdev, skb);
2204 break;
2205
2206 case HCI_OP_WRITE_ENCRYPT_MODE:
2207 hci_cc_write_encrypt_mode(hdev, skb);
2208 break;
2209
2210 case HCI_OP_WRITE_SCAN_ENABLE:
2211 hci_cc_write_scan_enable(hdev, skb);
2212 break;
2213
2214 case HCI_OP_READ_CLASS_OF_DEV:
2215 hci_cc_read_class_of_dev(hdev, skb);
2216 break;
2217
2218 case HCI_OP_WRITE_CLASS_OF_DEV:
2219 hci_cc_write_class_of_dev(hdev, skb);
2220 break;
2221
2222 case HCI_OP_READ_VOICE_SETTING:
2223 hci_cc_read_voice_setting(hdev, skb);
2224 break;
2225
2226 case HCI_OP_WRITE_VOICE_SETTING:
2227 hci_cc_write_voice_setting(hdev, skb);
2228 break;
2229
b4cb9fb2
MH		 2230 case HCI_OP_READ_NUM_SUPPORTED_IAC:
2231 hci_cc_read_num_supported_iac(hdev, skb);
2232 break;
2233
333140b5
MH		 2234 case HCI_OP_WRITE_SSP_MODE:
2235 hci_cc_write_ssp_mode(hdev, skb);
2236 break;
2237
eac83dc6
MH		 2238 case HCI_OP_WRITE_SC_SUPPORT:
2239 hci_cc_write_sc_support(hdev, skb);
2240 break;
2241
a9de9248
MH		 2242 case HCI_OP_READ_LOCAL_VERSION:
2243 hci_cc_read_local_version(hdev, skb);
2244 break;
2245
2246 case HCI_OP_READ_LOCAL_COMMANDS:
2247 hci_cc_read_local_commands(hdev, skb);
2248 break;
2249
2250 case HCI_OP_READ_LOCAL_FEATURES:
2251 hci_cc_read_local_features(hdev, skb);
2252 break;
2253
971e3a4b
AG		 2254 case HCI_OP_READ_LOCAL_EXT_FEATURES:
2255 hci_cc_read_local_ext_features(hdev, skb);
2256 break;
2257
a9de9248
MH		 2258 case HCI_OP_READ_BUFFER_SIZE:
2259 hci_cc_read_buffer_size(hdev, skb);
2260 break;
2261
2262 case HCI_OP_READ_BD_ADDR:
2263 hci_cc_read_bd_addr(hdev, skb);
2264 break;
2265
f332ec66
JH		 2266 case HCI_OP_READ_PAGE_SCAN_ACTIVITY:
2267 hci_cc_read_page_scan_activity(hdev, skb);
2268 break;
2269
4a3ee763
JH		 2270 case HCI_OP_WRITE_PAGE_SCAN_ACTIVITY:
2271 hci_cc_write_page_scan_activity(hdev, skb);
2272 break;
2273
f332ec66
JH		 2274 case HCI_OP_READ_PAGE_SCAN_TYPE:
2275 hci_cc_read_page_scan_type(hdev, skb);
2276 break;
2277
4a3ee763
JH		 2278 case HCI_OP_WRITE_PAGE_SCAN_TYPE:
2279 hci_cc_write_page_scan_type(hdev, skb);
2280 break;
2281
350ee4cf
AE		 2282 case HCI_OP_READ_DATA_BLOCK_SIZE:
2283 hci_cc_read_data_block_size(hdev, skb);
2284 break;
2285
1e89cffb
AE		 2286 case HCI_OP_READ_FLOW_CONTROL_MODE:
2287 hci_cc_read_flow_control_mode(hdev, skb);
2288 break;
2289
928abaa7
AE		 2290 case HCI_OP_READ_LOCAL_AMP_INFO:
2291 hci_cc_read_local_amp_info(hdev, skb);
2292 break;
2293
903e4541
AE		 2294 case HCI_OP_READ_LOCAL_AMP_ASSOC:
2295 hci_cc_read_local_amp_assoc(hdev, skb);
2296 break;
2297
d5859e22
JH		 2298 case HCI_OP_READ_INQ_RSP_TX_POWER:
2299 hci_cc_read_inq_rsp_tx_power(hdev, skb);
2300 break;
2301
980e1a53
JH		 2302 case HCI_OP_PIN_CODE_REPLY:
2303 hci_cc_pin_code_reply(hdev, skb);
2304 break;
2305
2306 case HCI_OP_PIN_CODE_NEG_REPLY:
2307 hci_cc_pin_code_neg_reply(hdev, skb);
2308 break;
2309
c35938b2 2310 case HCI_OP_READ_LOCAL_OOB_DATA:
4d2d2796
MH		 2311 hci_cc_read_local_oob_data(hdev, skb);
2312 break;
2313
2314 case HCI_OP_READ_LOCAL_OOB_EXT_DATA:
2315 hci_cc_read_local_oob_ext_data(hdev, skb);
c35938b2
SJ		 2316 break;
2317
6ed58ec5
VT		 2318 case HCI_OP_LE_READ_BUFFER_SIZE:
2319 hci_cc_le_read_buffer_size(hdev, skb);
2320 break;
2321
60e77321
JH		 2322 case HCI_OP_LE_READ_LOCAL_FEATURES:
2323 hci_cc_le_read_local_features(hdev, skb);
2324 break;
2325
8fa19098
JH		 2326 case HCI_OP_LE_READ_ADV_TX_POWER:
2327 hci_cc_le_read_adv_tx_power(hdev, skb);
2328 break;
2329
a5c29683
JH		 2330 case HCI_OP_USER_CONFIRM_REPLY:
2331 hci_cc_user_confirm_reply(hdev, skb);
2332 break;
2333
2334 case HCI_OP_USER_CONFIRM_NEG_REPLY:
2335 hci_cc_user_confirm_neg_reply(hdev, skb);
2336 break;
2337
1143d458
BG		 2338 case HCI_OP_USER_PASSKEY_REPLY:
2339 hci_cc_user_passkey_reply(hdev, skb);
2340 break;
2341
2342 case HCI_OP_USER_PASSKEY_NEG_REPLY:
2343 hci_cc_user_passkey_neg_reply(hdev, skb);
16cde993 2344 break;
07f7fa5d 2345
7a4cd51d
MH		 2346 case HCI_OP_LE_SET_RANDOM_ADDR:
2347 hci_cc_le_set_random_addr(hdev, skb);
2348 break;
2349
c1d5dc4a
JH		 2350 case HCI_OP_LE_SET_ADV_ENABLE:
2351 hci_cc_le_set_adv_enable(hdev, skb);
2352 break;
2353
eb9d91f5
AG		 2354 case HCI_OP_LE_SET_SCAN_ENABLE:
2355 hci_cc_le_set_scan_enable(hdev, skb);
2356 break;
2357
cf1d081f
JH		 2358 case HCI_OP_LE_READ_WHITE_LIST_SIZE:
2359 hci_cc_le_read_white_list_size(hdev, skb);
2360 break;
2361
9b008c04
JH		 2362 case HCI_OP_LE_READ_SUPPORTED_STATES:
2363 hci_cc_le_read_supported_states(hdev, skb);
2364 break;
2365
f9b49306
AG		 2366 case HCI_OP_WRITE_LE_HOST_SUPPORTED:
2367 hci_cc_write_le_host_supported(hdev, skb);
2368 break;
2369
93c284ee
AE		 2370 case HCI_OP_WRITE_REMOTE_AMP_ASSOC:
2371 hci_cc_write_remote_amp_assoc(hdev, skb);
2372 break;
2373
a9de9248 2374 default:
9f1db00c 2375 BT_DBG("%s opcode 0x%4.4x", hdev->name, opcode);
a9de9248
MH		 2376 break;
2377 }
2378
ad82cdd1 2379 if (opcode != HCI_OP_NOP)
6bd32326
VT		 2380 del_timer(&hdev->cmd_timer);
2381
ad82cdd1 2382 hci_req_cmd_complete(hdev, opcode, status);
9238f36a 2383
dbccd791 2384 if (ev->ncmd && !test_bit(HCI_RESET, &hdev->flags)) {
a9de9248
MH		 2385 atomic_set(&hdev->cmd_cnt, 1);
2386 if (!skb_queue_empty(&hdev->cmd_q))
c347b765 2387 queue_work(hdev->workqueue, &hdev->cmd_work);
a9de9248
MH		 2388 }
2389}
2390
6039aa73 2391static void hci_cmd_status_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248
MH		 2392{
2393 struct hci_ev_cmd_status *ev = (void *) skb->data;
2394 __u16 opcode;
2395
2396 skb_pull(skb, sizeof(*ev));
2397
2398 opcode = __le16_to_cpu(ev->opcode);
2399
2400 switch (opcode) {
2401 case HCI_OP_INQUIRY:
2402 hci_cs_inquiry(hdev, ev->status);
2403 break;
2404
2405 case HCI_OP_CREATE_CONN:
2406 hci_cs_create_conn(hdev, ev->status);
2407 break;
2408
2409 case HCI_OP_ADD_SCO:
2410 hci_cs_add_sco(hdev, ev->status);
2411 break;
2412
f8558555
MH		 2413 case HCI_OP_AUTH_REQUESTED:
2414 hci_cs_auth_requested(hdev, ev->status);
2415 break;
2416
2417 case HCI_OP_SET_CONN_ENCRYPT:
2418 hci_cs_set_conn_encrypt(hdev, ev->status);
2419 break;
2420
a9de9248
MH		 2421 case HCI_OP_REMOTE_NAME_REQ:
2422 hci_cs_remote_name_req(hdev, ev->status);
2423 break;
2424
769be974
MH		 2425 case HCI_OP_READ_REMOTE_FEATURES:
2426 hci_cs_read_remote_features(hdev, ev->status);
2427 break;
2428
2429 case HCI_OP_READ_REMOTE_EXT_FEATURES:
2430 hci_cs_read_remote_ext_features(hdev, ev->status);
2431 break;
2432
a9de9248
MH		 2433 case HCI_OP_SETUP_SYNC_CONN:
2434 hci_cs_setup_sync_conn(hdev, ev->status);
2435 break;
2436
2437 case HCI_OP_SNIFF_MODE:
2438 hci_cs_sniff_mode(hdev, ev->status);
2439 break;
2440
2441 case HCI_OP_EXIT_SNIFF_MODE:
2442 hci_cs_exit_sniff_mode(hdev, ev->status);
2443 break;
2444
8962ee74 2445 case HCI_OP_DISCONNECT:
88c3df13 2446 hci_cs_disconnect(hdev, ev->status);
8962ee74
JH		 2447 break;
2448
a02226d6
AE		 2449 case HCI_OP_CREATE_PHY_LINK:
2450 hci_cs_create_phylink(hdev, ev->status);
2451 break;
2452
0b26ab9d
AE		 2453 case HCI_OP_ACCEPT_PHY_LINK:
2454 hci_cs_accept_phylink(hdev, ev->status);
2455 break;
2456
a9de9248 2457 default:
9f1db00c 2458 BT_DBG("%s opcode 0x%4.4x", hdev->name, opcode);
a9de9248
MH		 2459 break;
2460 }
2461
ad82cdd1 2462 if (opcode != HCI_OP_NOP)
6bd32326
VT		 2463 del_timer(&hdev->cmd_timer);
2464
02350a72
JH		 2465 if (ev->status ||
2466 (hdev->sent_cmd && !bt_cb(hdev->sent_cmd)->req.event))
2467 hci_req_cmd_complete(hdev, opcode, ev->status);
9238f36a 2468
10572132 2469 if (ev->ncmd && !test_bit(HCI_RESET, &hdev->flags)) {
a9de9248
MH		 2470 atomic_set(&hdev->cmd_cnt, 1);
2471 if (!skb_queue_empty(&hdev->cmd_q))
c347b765 2472 queue_work(hdev->workqueue, &hdev->cmd_work);
a9de9248
MH		 2473 }
2474}
2475
6039aa73 2476static void hci_role_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248
MH		 2477{
2478 struct hci_ev_role_change *ev = (void *) skb->data;
2479 struct hci_conn *conn;
2480
9f1db00c 2481 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
a9de9248
MH		 2482
2483 hci_dev_lock(hdev);
2484
2485 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2486 if (conn) {
2487 if (!ev->status) {
2488 if (ev->role)
2489 conn->link_mode &= ~HCI_LM_MASTER;
2490 else
2491 conn->link_mode |= HCI_LM_MASTER;
2492 }
2493
51a8efd7 2494 clear_bit(HCI_CONN_RSWITCH_PEND, &conn->flags);
a9de9248
MH		 2495
2496 hci_role_switch_cfm(conn, ev->status, ev->role);
2497 }
2498
2499 hci_dev_unlock(hdev);
2500}
2501
6039aa73 2502static void hci_num_comp_pkts_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248
MH		 2503{
2504 struct hci_ev_num_comp_pkts *ev = (void *) skb->data;
a9de9248
MH		 2505 int i;
2506
32ac5b9b
AE		 2507 if (hdev->flow_ctl_mode != HCI_FLOW_CTL_MODE_PACKET_BASED) {
2508 BT_ERR("Wrong event for mode %d", hdev->flow_ctl_mode);
2509 return;
2510 }
2511
c5993de8 2512 if (skb->len < sizeof(*ev) || skb->len < sizeof(*ev) +
807deac2 2513 ev->num_hndl * sizeof(struct hci_comp_pkts_info)) {
a9de9248
MH		 2514 BT_DBG("%s bad parameters", hdev->name);
2515 return;
2516 }
2517
c5993de8
AE		 2518 BT_DBG("%s num_hndl %d", hdev->name, ev->num_hndl);
2519
613a1c0c
AE		 2520 for (i = 0; i < ev->num_hndl; i++) {
2521 struct hci_comp_pkts_info *info = &ev->handles[i];
a9de9248
MH		 2522 struct hci_conn *conn;
2523 __u16 handle, count;
2524
613a1c0c
AE		 2525 handle = __le16_to_cpu(info->handle);
2526 count = __le16_to_cpu(info->count);
a9de9248
MH		 2527
2528 conn = hci_conn_hash_lookup_handle(hdev, handle);
f4280918
AE		 2529 if (!conn)
2530 continue;
2531
2532 conn->sent -= count;
2533
2534 switch (conn->type) {
2535 case ACL_LINK:
2536 hdev->acl_cnt += count;
2537 if (hdev->acl_cnt > hdev->acl_pkts)
2538 hdev->acl_cnt = hdev->acl_pkts;
2539 break;
2540
2541 case LE_LINK:
2542 if (hdev->le_pkts) {
2543 hdev->le_cnt += count;
2544 if (hdev->le_cnt > hdev->le_pkts)
2545 hdev->le_cnt = hdev->le_pkts;
2546 } else {
70f23020
AE		 2547 hdev->acl_cnt += count;
2548 if (hdev->acl_cnt > hdev->acl_pkts)
a9de9248 2549 hdev->acl_cnt = hdev->acl_pkts;
a9de9248 2550 }
f4280918
AE		 2551 break;
2552
2553 case SCO_LINK:
2554 hdev->sco_cnt += count;
2555 if (hdev->sco_cnt > hdev->sco_pkts)
2556 hdev->sco_cnt = hdev->sco_pkts;
2557 break;
2558
2559 default:
2560 BT_ERR("Unknown type %d conn %p", conn->type, conn);
2561 break;
a9de9248
MH		 2562 }
2563 }
2564
3eff45ea 2565 queue_work(hdev->workqueue, &hdev->tx_work);
a9de9248
MH		 2566}
2567
76ef7cf7
AE		 2568static struct hci_conn *__hci_conn_lookup_handle(struct hci_dev *hdev,
2569 __u16 handle)
2570{
2571 struct hci_chan *chan;
2572
2573 switch (hdev->dev_type) {
2574 case HCI_BREDR:
2575 return hci_conn_hash_lookup_handle(hdev, handle);
2576 case HCI_AMP:
2577 chan = hci_chan_lookup_handle(hdev, handle);
2578 if (chan)
2579 return chan->conn;
2580 break;
2581 default:
2582 BT_ERR("%s unknown dev_type %d", hdev->name, hdev->dev_type);
2583 break;
2584 }
2585
2586 return NULL;
2587}
2588
6039aa73 2589static void hci_num_comp_blocks_evt(struct hci_dev *hdev, struct sk_buff *skb)
25e89e99
AE		 2590{
2591 struct hci_ev_num_comp_blocks *ev = (void *) skb->data;
2592 int i;
2593
2594 if (hdev->flow_ctl_mode != HCI_FLOW_CTL_MODE_BLOCK_BASED) {
2595 BT_ERR("Wrong event for mode %d", hdev->flow_ctl_mode);
2596 return;
2597 }
2598
2599 if (skb->len < sizeof(*ev) || skb->len < sizeof(*ev) +
807deac2 2600 ev->num_hndl * sizeof(struct hci_comp_blocks_info)) {
25e89e99
AE		 2601 BT_DBG("%s bad parameters", hdev->name);
2602 return;
2603 }
2604
2605 BT_DBG("%s num_blocks %d num_hndl %d", hdev->name, ev->num_blocks,
807deac2 2606 ev->num_hndl);
25e89e99
AE		 2607
2608 for (i = 0; i < ev->num_hndl; i++) {
2609 struct hci_comp_blocks_info *info = &ev->handles[i];
76ef7cf7 2610 struct hci_conn *conn = NULL;
25e89e99
AE		 2611 __u16 handle, block_count;
2612
2613 handle = __le16_to_cpu(info->handle);
2614 block_count = __le16_to_cpu(info->blocks);
2615
76ef7cf7 2616 conn = __hci_conn_lookup_handle(hdev, handle);
25e89e99
AE		 2617 if (!conn)
2618 continue;
2619
2620 conn->sent -= block_count;
2621
2622 switch (conn->type) {
2623 case ACL_LINK:
bd1eb66b 2624 case AMP_LINK:
25e89e99
AE		 2625 hdev->block_cnt += block_count;
2626 if (hdev->block_cnt > hdev->num_blocks)
2627 hdev->block_cnt = hdev->num_blocks;
2628 break;
2629
2630 default:
2631 BT_ERR("Unknown type %d conn %p", conn->type, conn);
2632 break;
2633 }
2634 }
2635
2636 queue_work(hdev->workqueue, &hdev->tx_work);
2637}
2638
6039aa73 2639static void hci_mode_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
04837f64 2640{
a9de9248 2641 struct hci_ev_mode_change *ev = (void *) skb->data;
04837f64
MH		 2642 struct hci_conn *conn;
2643
9f1db00c 2644 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
04837f64
MH		 2645
2646 hci_dev_lock(hdev);
2647
2648 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
a9de9248
MH		 2649 if (conn) {
2650 conn->mode = ev->mode;
a9de9248 2651
8fc9ced3
GP		 2652 if (!test_and_clear_bit(HCI_CONN_MODE_CHANGE_PEND,
2653 &conn->flags)) {
a9de9248 2654 if (conn->mode == HCI_CM_ACTIVE)
58a681ef 2655 set_bit(HCI_CONN_POWER_SAVE, &conn->flags);
a9de9248 2656 else
58a681ef 2657 clear_bit(HCI_CONN_POWER_SAVE, &conn->flags);
a9de9248 2658 }
e73439d8 2659
51a8efd7 2660 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
e73439d8 2661 hci_sco_setup(conn, ev->status);
04837f64
MH		 2662 }
2663
2664 hci_dev_unlock(hdev);
2665}
2666
6039aa73 2667static void hci_pin_code_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248 2668{
052b30b0
MH		 2669 struct hci_ev_pin_code_req *ev = (void *) skb->data;
2670 struct hci_conn *conn;
2671
a9de9248 2672 BT_DBG("%s", hdev->name);
052b30b0
MH		 2673
2674 hci_dev_lock(hdev);
2675
2676 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
b6f98044
WR		 2677 if (!conn)
2678 goto unlock;
2679
2680 if (conn->state == BT_CONNECTED) {
052b30b0
MH		 2681 hci_conn_hold(conn);
2682 conn->disc_timeout = HCI_PAIRING_TIMEOUT;
76a68ba0 2683 hci_conn_drop(conn);
052b30b0
MH		 2684 }
2685
a8b2d5c2 2686 if (!test_bit(HCI_PAIRABLE, &hdev->dev_flags))
03b555e1 2687 hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
807deac2 2688 sizeof(ev->bdaddr), &ev->bdaddr);
a8b2d5c2 2689 else if (test_bit(HCI_MGMT, &hdev->dev_flags)) {
a770bb5a
WR		 2690 u8 secure;
2691
2692 if (conn->pending_sec_level == BT_SECURITY_HIGH)
2693 secure = 1;
2694 else
2695 secure = 0;
2696
744cf19e 2697 mgmt_pin_code_request(hdev, &ev->bdaddr, secure);
a770bb5a 2698 }
980e1a53 2699
b6f98044 2700unlock:
052b30b0 2701 hci_dev_unlock(hdev);
a9de9248
MH		 2702}
2703
6039aa73 2704static void hci_link_key_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248 2705{
55ed8ca1
JH		 2706 struct hci_ev_link_key_req *ev = (void *) skb->data;
2707 struct hci_cp_link_key_reply cp;
2708 struct hci_conn *conn;
2709 struct link_key *key;
2710
a9de9248 2711 BT_DBG("%s", hdev->name);
55ed8ca1 2712
034cbea0 2713 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
55ed8ca1
JH		 2714 return;
2715
2716 hci_dev_lock(hdev);
2717
2718 key = hci_find_link_key(hdev, &ev->bdaddr);
2719 if (!key) {
6ed93dc6
AE		 2720 BT_DBG("%s link key not found for %pMR", hdev->name,
2721 &ev->bdaddr);
55ed8ca1
JH		 2722 goto not_found;
2723 }
2724
6ed93dc6
AE		 2725 BT_DBG("%s found key type %u for %pMR", hdev->name, key->type,
2726 &ev->bdaddr);
55ed8ca1 2727
a8b2d5c2 2728 if (!test_bit(HCI_DEBUG_KEYS, &hdev->dev_flags) &&
807deac2 2729 key->type == HCI_LK_DEBUG_COMBINATION) {
55ed8ca1
JH		 2730 BT_DBG("%s ignoring debug key", hdev->name);
2731 goto not_found;
2732 }
2733
2734 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
60b83f57 2735 if (conn) {
66138ce8
MH		 2736 if ((key->type == HCI_LK_UNAUTH_COMBINATION_P192 ||
2737 key->type == HCI_LK_UNAUTH_COMBINATION_P256) &&
807deac2 2738 conn->auth_type != 0xff && (conn->auth_type & 0x01)) {
60b83f57
WR		 2739 BT_DBG("%s ignoring unauthenticated key", hdev->name);
2740 goto not_found;
2741 }
55ed8ca1 2742
60b83f57 2743 if (key->type == HCI_LK_COMBINATION && key->pin_len < 16 &&
807deac2 2744 conn->pending_sec_level == BT_SECURITY_HIGH) {
8fc9ced3
GP		 2745 BT_DBG("%s ignoring key unauthenticated for high security",
2746 hdev->name);
60b83f57
WR		 2747 goto not_found;
2748 }
2749
2750 conn->key_type = key->type;
2751 conn->pin_length = key->pin_len;
55ed8ca1
JH		 2752 }
2753
2754 bacpy(&cp.bdaddr, &ev->bdaddr);
9b3b4460 2755 memcpy(cp.link_key, key->val, HCI_LINK_KEY_SIZE);
55ed8ca1
JH		 2756
2757 hci_send_cmd(hdev, HCI_OP_LINK_KEY_REPLY, sizeof(cp), &cp);
2758
2759 hci_dev_unlock(hdev);
2760
2761 return;
2762
2763not_found:
2764 hci_send_cmd(hdev, HCI_OP_LINK_KEY_NEG_REPLY, 6, &ev->bdaddr);
2765 hci_dev_unlock(hdev);
a9de9248
MH		 2766}
2767
6039aa73 2768static void hci_link_key_notify_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248 2769{
052b30b0
MH		 2770 struct hci_ev_link_key_notify *ev = (void *) skb->data;
2771 struct hci_conn *conn;
55ed8ca1 2772 u8 pin_len = 0;
052b30b0 2773
a9de9248 2774 BT_DBG("%s", hdev->name);
052b30b0
MH		 2775
2776 hci_dev_lock(hdev);
2777
2778 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2779 if (conn) {
2780 hci_conn_hold(conn);
2781 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
980e1a53 2782 pin_len = conn->pin_length;
13d39315
WR		 2783
2784 if (ev->key_type != HCI_LK_CHANGED_COMBINATION)
2785 conn->key_type = ev->key_type;
2786
76a68ba0 2787 hci_conn_drop(conn);
052b30b0
MH		 2788 }
2789
034cbea0 2790 if (test_bit(HCI_MGMT, &hdev->dev_flags))
d25e28ab 2791 hci_add_link_key(hdev, conn, 1, &ev->bdaddr, ev->link_key,
807deac2 2792 ev->key_type, pin_len);
55ed8ca1 2793
052b30b0 2794 hci_dev_unlock(hdev);
a9de9248
MH		 2795}
2796
6039aa73 2797static void hci_clock_offset_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 2798{
a9de9248 2799 struct hci_ev_clock_offset *ev = (void *) skb->data;
04837f64 2800 struct hci_conn *conn;
1da177e4 2801
9f1db00c 2802 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
1da177e4
LT		 2803
2804 hci_dev_lock(hdev);
2805
04837f64 2806 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1da177e4
LT		 2807 if (conn && !ev->status) {
2808 struct inquiry_entry *ie;
2809
cc11b9c1
AE		 2810 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
2811 if (ie) {
1da177e4
LT		 2812 ie->data.clock_offset = ev->clock_offset;
2813 ie->timestamp = jiffies;
2814 }
2815 }
2816
2817 hci_dev_unlock(hdev);
2818}
2819
6039aa73 2820static void hci_pkt_type_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
a8746417
MH		 2821{
2822 struct hci_ev_pkt_type_change *ev = (void *) skb->data;
2823 struct hci_conn *conn;
2824
9f1db00c 2825 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
a8746417
MH		 2826
2827 hci_dev_lock(hdev);
2828
2829 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2830 if (conn && !ev->status)
2831 conn->pkt_type = __le16_to_cpu(ev->pkt_type);
2832
2833 hci_dev_unlock(hdev);
2834}
2835
6039aa73 2836static void hci_pscan_rep_mode_evt(struct hci_dev *hdev, struct sk_buff *skb)
85a1e930 2837{
a9de9248 2838 struct hci_ev_pscan_rep_mode *ev = (void *) skb->data;
85a1e930
MH		 2839 struct inquiry_entry *ie;
2840
2841 BT_DBG("%s", hdev->name);
2842
2843 hci_dev_lock(hdev);
2844
cc11b9c1
AE		 2845 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
2846 if (ie) {
85a1e930
MH		 2847 ie->data.pscan_rep_mode = ev->pscan_rep_mode;
2848 ie->timestamp = jiffies;
2849 }
2850
2851 hci_dev_unlock(hdev);
2852}
2853
6039aa73
GP		 2854static void hci_inquiry_result_with_rssi_evt(struct hci_dev *hdev,
2855 struct sk_buff *skb)
a9de9248
MH		 2856{
2857 struct inquiry_data data;
2858 int num_rsp = *((__u8 *) skb->data);
388fc8fa 2859 bool name_known, ssp;
a9de9248
MH		 2860
2861 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
2862
2863 if (!num_rsp)
2864 return;
2865
1519cc17
AG		 2866 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags))
2867 return;
2868
a9de9248
MH		 2869 hci_dev_lock(hdev);
2870
2871 if ((skb->len - 1) / num_rsp != sizeof(struct inquiry_info_with_rssi)) {
138d22ef
SJ		 2872 struct inquiry_info_with_rssi_and_pscan_mode *info;
2873 info = (void *) (skb->data + 1);
a9de9248 2874
e17acd40 2875 for (; num_rsp; num_rsp--, info++) {
a9de9248
MH		 2876 bacpy(&data.bdaddr, &info->bdaddr);
2877 data.pscan_rep_mode = info->pscan_rep_mode;
2878 data.pscan_period_mode = info->pscan_period_mode;
2879 data.pscan_mode = info->pscan_mode;
2880 memcpy(data.dev_class, info->dev_class, 3);
2881 data.clock_offset = info->clock_offset;
2882 data.rssi = info->rssi;
41a96212 2883 data.ssp_mode = 0x00;
3175405b
JH		 2884
2885 name_known = hci_inquiry_cache_update(hdev, &data,
04124681 2886 false, &ssp);
48264f06 2887 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
04124681
GP		 2888 info->dev_class, info->rssi,
2889 !name_known, ssp, NULL, 0);
a9de9248
MH		 2890 }
2891 } else {
2892 struct inquiry_info_with_rssi *info = (void *) (skb->data + 1);
2893
e17acd40 2894 for (; num_rsp; num_rsp--, info++) {
a9de9248
MH		 2895 bacpy(&data.bdaddr, &info->bdaddr);
2896 data.pscan_rep_mode = info->pscan_rep_mode;
2897 data.pscan_period_mode = info->pscan_period_mode;
2898 data.pscan_mode = 0x00;
2899 memcpy(data.dev_class, info->dev_class, 3);
2900 data.clock_offset = info->clock_offset;
2901 data.rssi = info->rssi;
41a96212 2902 data.ssp_mode = 0x00;
3175405b 2903 name_known = hci_inquiry_cache_update(hdev, &data,
04124681 2904 false, &ssp);
48264f06 2905 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
04124681
GP		 2906 info->dev_class, info->rssi,
2907 !name_known, ssp, NULL, 0);
a9de9248
MH		 2908 }
2909 }
2910
2911 hci_dev_unlock(hdev);
2912}
2913
6039aa73
GP		 2914static void hci_remote_ext_features_evt(struct hci_dev *hdev,
2915 struct sk_buff *skb)
a9de9248 2916{
41a96212
MH		 2917 struct hci_ev_remote_ext_features *ev = (void *) skb->data;
2918 struct hci_conn *conn;
2919
a9de9248 2920 BT_DBG("%s", hdev->name);
41a96212 2921
41a96212
MH		 2922 hci_dev_lock(hdev);
2923
2924 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
ccd556fe
JH		 2925 if (!conn)
2926 goto unlock;
41a96212 2927
cad718ed
JH		 2928 if (ev->page < HCI_MAX_PAGES)
2929 memcpy(conn->features[ev->page], ev->features, 8);
2930
ccd556fe
JH		 2931 if (!ev->status && ev->page == 0x01) {
2932 struct inquiry_entry *ie;
41a96212 2933
cc11b9c1
AE		 2934 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
2935 if (ie)
02b7cc62 2936 ie->data.ssp_mode = (ev->features[0] & LMP_HOST_SSP);
769be974 2937
bbb0eada 2938 if (ev->features[0] & LMP_HOST_SSP) {
58a681ef 2939 set_bit(HCI_CONN_SSP_ENABLED, &conn->flags);
bbb0eada
JK		 2940 } else {
2941 /* It is mandatory by the Bluetooth specification that
2942 * Extended Inquiry Results are only used when Secure
2943 * Simple Pairing is enabled, but some devices violate
2944 * this.
2945 *
2946 * To make these devices work, the internal SSP
2947 * enabled flag needs to be cleared if the remote host
2948 * features do not indicate SSP support */
2949 clear_bit(HCI_CONN_SSP_ENABLED, &conn->flags);
2950 }
eb9a8f3f
MH		 2951
2952 if (ev->features[0] & LMP_HOST_SC)
2953 set_bit(HCI_CONN_SC_ENABLED, &conn->flags);
ccd556fe
JH		 2954 }
2955
2956 if (conn->state != BT_CONFIG)
2957 goto unlock;
2958
671267bf 2959 if (!ev->status && !test_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags)) {
127178d2
JH		 2960 struct hci_cp_remote_name_req cp;
2961 memset(&cp, 0, sizeof(cp));
2962 bacpy(&cp.bdaddr, &conn->dst);
2963 cp.pscan_rep_mode = 0x02;
2964 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
b644ba33
JH		 2965 } else if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
2966 mgmt_device_connected(hdev, &conn->dst, conn->type,
04124681
GP		 2967 conn->dst_type, 0, NULL, 0,
2968 conn->dev_class);
392599b9 2969
127178d2 2970 if (!hci_outgoing_auth_needed(hdev, conn)) {
ccd556fe
JH		 2971 conn->state = BT_CONNECTED;
2972 hci_proto_connect_cfm(conn, ev->status);
76a68ba0 2973 hci_conn_drop(conn);
41a96212
MH		 2974 }
2975
ccd556fe 2976unlock:
41a96212 2977 hci_dev_unlock(hdev);
a9de9248
MH		 2978}
2979
6039aa73
GP		 2980static void hci_sync_conn_complete_evt(struct hci_dev *hdev,
2981 struct sk_buff *skb)
a9de9248 2982{
b6a0dc82
MH		 2983 struct hci_ev_sync_conn_complete *ev = (void *) skb->data;
2984 struct hci_conn *conn;
2985
9f1db00c 2986 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
b6a0dc82
MH		 2987
2988 hci_dev_lock(hdev);
2989
2990 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
9dc0a3af
MH		 2991 if (!conn) {
2992 if (ev->link_type == ESCO_LINK)
2993 goto unlock;
2994
2995 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
2996 if (!conn)
2997 goto unlock;
2998
2999 conn->type = SCO_LINK;
3000 }
b6a0dc82 3001
732547f9
MH		 3002 switch (ev->status) {
3003 case 0x00:
b6a0dc82
MH		 3004 conn->handle = __le16_to_cpu(ev->handle);
3005 conn->state = BT_CONNECTED;
7d0db0a3
MH		 3006
3007 hci_conn_add_sysfs(conn);
732547f9
MH		 3008 break;
3009
1a4c958c 3010 case 0x0d: /* Connection Rejected due to Limited Resources */
705e5711 3011 case 0x11: /* Unsupported Feature or Parameter Value */
732547f9 3012 case 0x1c: /* SCO interval rejected */
1038a00b 3013 case 0x1a: /* Unsupported Remote Feature */
732547f9 3014 case 0x1f: /* Unspecified error */
2dea632f 3015 if (conn->out) {
732547f9
MH		 3016 conn->pkt_type = (hdev->esco_type & SCO_ESCO_MASK) |
3017 (hdev->esco_type & EDR_ESCO_MASK);
2dea632f
FD		 3018 if (hci_setup_sync(conn, conn->link->handle))
3019 goto unlock;
732547f9
MH		 3020 }
3021 /* fall through */
3022
3023 default:
b6a0dc82 3024 conn->state = BT_CLOSED;
732547f9
MH		 3025 break;
3026 }
b6a0dc82
MH		 3027
3028 hci_proto_connect_cfm(conn, ev->status);
3029 if (ev->status)
3030 hci_conn_del(conn);
3031
3032unlock:
3033 hci_dev_unlock(hdev);
a9de9248
MH		 3034}
3035
efdcf8e3
MH		 3036static inline size_t eir_get_length(u8 *eir, size_t eir_len)
3037{
3038 size_t parsed = 0;
3039
3040 while (parsed < eir_len) {
3041 u8 field_len = eir[0];
3042
3043 if (field_len == 0)
3044 return parsed;
3045
3046 parsed += field_len + 1;
3047 eir += field_len + 1;
3048 }
3049
3050 return eir_len;
3051}
3052
6039aa73
GP		 3053static void hci_extended_inquiry_result_evt(struct hci_dev *hdev,
3054 struct sk_buff *skb)
1da177e4 3055{
a9de9248
MH		 3056 struct inquiry_data data;
3057 struct extended_inquiry_info *info = (void *) (skb->data + 1);
3058 int num_rsp = *((__u8 *) skb->data);
9d939d94 3059 size_t eir_len;
1da177e4 3060
a9de9248 3061 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
1da177e4 3062
a9de9248
MH		 3063 if (!num_rsp)
3064 return;
1da177e4 3065
1519cc17
AG		 3066 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags))
3067 return;
3068
a9de9248
MH		 3069 hci_dev_lock(hdev);
3070
e17acd40 3071 for (; num_rsp; num_rsp--, info++) {
388fc8fa 3072 bool name_known, ssp;
561aafbc 3073
a9de9248 3074 bacpy(&data.bdaddr, &info->bdaddr);
138d22ef
SJ		 3075 data.pscan_rep_mode = info->pscan_rep_mode;
3076 data.pscan_period_mode = info->pscan_period_mode;
3077 data.pscan_mode = 0x00;
a9de9248 3078 memcpy(data.dev_class, info->dev_class, 3);
138d22ef
SJ		 3079 data.clock_offset = info->clock_offset;
3080 data.rssi = info->rssi;
41a96212 3081 data.ssp_mode = 0x01;
561aafbc 3082
a8b2d5c2 3083 if (test_bit(HCI_MGMT, &hdev->dev_flags))
4ddb1930 3084 name_known = eir_has_data_type(info->data,
04124681
GP		 3085 sizeof(info->data),
3086 EIR_NAME_COMPLETE);
561aafbc
JH		 3087 else
3088 name_known = true;
3089
388fc8fa 3090 name_known = hci_inquiry_cache_update(hdev, &data, name_known,
04124681 3091 &ssp);
9d939d94 3092 eir_len = eir_get_length(info->data, sizeof(info->data));
48264f06 3093 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
04124681 3094 info->dev_class, info->rssi, !name_known,
9d939d94 3095 ssp, info->data, eir_len);
a9de9248
MH		 3096 }
3097
3098 hci_dev_unlock(hdev);
3099}
1da177e4 3100
1c2e0041
JH		 3101static void hci_key_refresh_complete_evt(struct hci_dev *hdev,
3102 struct sk_buff *skb)
3103{
3104 struct hci_ev_key_refresh_complete *ev = (void *) skb->data;
3105 struct hci_conn *conn;
3106
9f1db00c 3107 BT_DBG("%s status 0x%2.2x handle 0x%4.4x", hdev->name, ev->status,
1c2e0041
JH		 3108 __le16_to_cpu(ev->handle));
3109
3110 hci_dev_lock(hdev);
3111
3112 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
3113 if (!conn)
3114 goto unlock;
3115
3116 if (!ev->status)
3117 conn->sec_level = conn->pending_sec_level;
3118
3119 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
3120
3121 if (ev->status && conn->state == BT_CONNECTED) {
bed71748 3122 hci_disconnect(conn, HCI_ERROR_AUTH_FAILURE);
76a68ba0 3123 hci_conn_drop(conn);
1c2e0041
JH		 3124 goto unlock;
3125 }
3126
3127 if (conn->state == BT_CONFIG) {
3128 if (!ev->status)
3129 conn->state = BT_CONNECTED;
3130
3131 hci_proto_connect_cfm(conn, ev->status);
76a68ba0 3132 hci_conn_drop(conn);
1c2e0041
JH		 3133 } else {
3134 hci_auth_cfm(conn, ev->status);
3135
3136 hci_conn_hold(conn);
3137 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
76a68ba0 3138 hci_conn_drop(conn);
1c2e0041
JH		 3139 }
3140
3141unlock:
3142 hci_dev_unlock(hdev);
3143}
3144
6039aa73 3145static u8 hci_get_auth_req(struct hci_conn *conn)
17fa4b9d
JH		 3146{
3147 /* If remote requests dedicated bonding follow that lead */
acabae96
MA		 3148 if (conn->remote_auth == HCI_AT_DEDICATED_BONDING ||
3149 conn->remote_auth == HCI_AT_DEDICATED_BONDING_MITM) {
17fa4b9d
JH		 3150 /* If both remote and local IO capabilities allow MITM
3151 * protection then require it, otherwise don't */
acabae96
MA		 3152 if (conn->remote_cap == HCI_IO_NO_INPUT_OUTPUT ||
3153 conn->io_capability == HCI_IO_NO_INPUT_OUTPUT)
3154 return HCI_AT_DEDICATED_BONDING;
17fa4b9d 3155 else
acabae96 3156 return HCI_AT_DEDICATED_BONDING_MITM;
17fa4b9d
JH		 3157 }
3158
3159 /* If remote requests no-bonding follow that lead */
acabae96
MA		 3160 if (conn->remote_auth == HCI_AT_NO_BONDING ||
3161 conn->remote_auth == HCI_AT_NO_BONDING_MITM)
58797bf7 3162 return conn->remote_auth | (conn->auth_type & 0x01);
17fa4b9d
JH		 3163
3164 return conn->auth_type;
3165}
3166
6039aa73 3167static void hci_io_capa_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
0493684e
MH		 3168{
3169 struct hci_ev_io_capa_request *ev = (void *) skb->data;
3170 struct hci_conn *conn;
3171
3172 BT_DBG("%s", hdev->name);
3173
3174 hci_dev_lock(hdev);
3175
3176 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
03b555e1
JH		 3177 if (!conn)
3178 goto unlock;
3179
3180 hci_conn_hold(conn);
3181
a8b2d5c2 3182 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
03b555e1
JH		 3183 goto unlock;
3184
a8b2d5c2 3185 if (test_bit(HCI_PAIRABLE, &hdev->dev_flags) ||
807deac2 3186 (conn->remote_auth & ~0x01) == HCI_AT_NO_BONDING) {
17fa4b9d
JH		 3187 struct hci_cp_io_capability_reply cp;
3188
3189 bacpy(&cp.bdaddr, &ev->bdaddr);
7a7f1e7c
HG		 3190 /* Change the IO capability from KeyboardDisplay
3191 * to DisplayYesNo as it is not supported by BT spec. */
3192 cp.capability = (conn->io_capability == 0x04) ?
a767631a 3193 HCI_IO_DISPLAY_YESNO : conn->io_capability;
7cbc9bd9
JH		 3194 conn->auth_type = hci_get_auth_req(conn);
3195 cp.authentication = conn->auth_type;
17fa4b9d 3196
8fc9ced3
GP		 3197 if (hci_find_remote_oob_data(hdev, &conn->dst) &&
3198 (conn->out || test_bit(HCI_CONN_REMOTE_OOB, &conn->flags)))
ce85ee13
SJ		 3199 cp.oob_data = 0x01;
3200 else
3201 cp.oob_data = 0x00;
3202
17fa4b9d 3203 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_REPLY,
807deac2 3204 sizeof(cp), &cp);
03b555e1
JH		 3205 } else {
3206 struct hci_cp_io_capability_neg_reply cp;
3207
3208 bacpy(&cp.bdaddr, &ev->bdaddr);
9f5a0d7b 3209 cp.reason = HCI_ERROR_PAIRING_NOT_ALLOWED;
0493684e 3210
03b555e1 3211 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_NEG_REPLY,
807deac2 3212 sizeof(cp), &cp);
03b555e1
JH		 3213 }
3214
3215unlock:
3216 hci_dev_unlock(hdev);
3217}
3218
6039aa73 3219static void hci_io_capa_reply_evt(struct hci_dev *hdev, struct sk_buff *skb)
03b555e1
JH		 3220{
3221 struct hci_ev_io_capa_reply *ev = (void *) skb->data;
3222 struct hci_conn *conn;
3223
3224 BT_DBG("%s", hdev->name);
3225
3226 hci_dev_lock(hdev);
3227
3228 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3229 if (!conn)
3230 goto unlock;
3231
03b555e1 3232 conn->remote_cap = ev->capability;
03b555e1 3233 conn->remote_auth = ev->authentication;
58a681ef
JH		 3234 if (ev->oob_data)
3235 set_bit(HCI_CONN_REMOTE_OOB, &conn->flags);
03b555e1
JH		 3236
3237unlock:
0493684e
MH		 3238 hci_dev_unlock(hdev);
3239}
3240
6039aa73
GP		 3241static void hci_user_confirm_request_evt(struct hci_dev *hdev,
3242 struct sk_buff *skb)
a5c29683
JH		 3243{
3244 struct hci_ev_user_confirm_req *ev = (void *) skb->data;
55bc1a37 3245 int loc_mitm, rem_mitm, confirm_hint = 0;
7a828908 3246 struct hci_conn *conn;
a5c29683
JH		 3247
3248 BT_DBG("%s", hdev->name);
3249
3250 hci_dev_lock(hdev);
3251
a8b2d5c2 3252 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
7a828908 3253 goto unlock;
a5c29683 3254
7a828908
JH		 3255 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3256 if (!conn)
3257 goto unlock;
3258
3259 loc_mitm = (conn->auth_type & 0x01);
3260 rem_mitm = (conn->remote_auth & 0x01);
3261
3262 /* If we require MITM but the remote device can't provide that
3263 * (it has NoInputNoOutput) then reject the confirmation
3264 * request. The only exception is when we're dedicated bonding
3265 * initiators (connect_cfm_cb set) since then we always have the MITM
3266 * bit set. */
a767631a
MA		 3267 if (!conn->connect_cfm_cb && loc_mitm &&
3268 conn->remote_cap == HCI_IO_NO_INPUT_OUTPUT) {
7a828908
JH		 3269 BT_DBG("Rejecting request: remote device can't provide MITM");
3270 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_NEG_REPLY,
807deac2 3271 sizeof(ev->bdaddr), &ev->bdaddr);
7a828908
JH		 3272 goto unlock;
3273 }
3274
3275 /* If no side requires MITM protection; auto-accept */
a767631a
MA		 3276 if ((!loc_mitm || conn->remote_cap == HCI_IO_NO_INPUT_OUTPUT) &&
3277 (!rem_mitm || conn->io_capability == HCI_IO_NO_INPUT_OUTPUT)) {
55bc1a37
JH		 3278
3279 /* If we're not the initiators request authorization to
3280 * proceed from user space (mgmt_user_confirm with
3281 * confirm_hint set to 1). */
51a8efd7 3282 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
55bc1a37
JH		 3283 BT_DBG("Confirming auto-accept as acceptor");
3284 confirm_hint = 1;
3285 goto confirm;
3286 }
3287
9f61656a 3288 BT_DBG("Auto-accept of user confirmation with %ums delay",
807deac2 3289 hdev->auto_accept_delay);
9f61656a
JH		 3290
3291 if (hdev->auto_accept_delay > 0) {
3292 int delay = msecs_to_jiffies(hdev->auto_accept_delay);
7bc18d9d
JH		 3293 queue_delayed_work(conn->hdev->workqueue,
3294 &conn->auto_accept_work, delay);
9f61656a
JH		 3295 goto unlock;
3296 }
3297
7a828908 3298 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_REPLY,
807deac2 3299 sizeof(ev->bdaddr), &ev->bdaddr);
7a828908
JH		 3300 goto unlock;
3301 }
3302
55bc1a37 3303confirm:
272d90df 3304 mgmt_user_confirm_request(hdev, &ev->bdaddr, ACL_LINK, 0, ev->passkey,
04124681 3305 confirm_hint);
7a828908
JH		 3306
3307unlock:
a5c29683
JH		 3308 hci_dev_unlock(hdev);
3309}
3310
6039aa73
GP		 3311static void hci_user_passkey_request_evt(struct hci_dev *hdev,
3312 struct sk_buff *skb)
1143d458
BG		 3313{
3314 struct hci_ev_user_passkey_req *ev = (void *) skb->data;
3315
3316 BT_DBG("%s", hdev->name);
3317
a8b2d5c2 3318 if (test_bit(HCI_MGMT, &hdev->dev_flags))
272d90df 3319 mgmt_user_passkey_request(hdev, &ev->bdaddr, ACL_LINK, 0);
1143d458
BG		 3320}
3321
92a25256
JH		 3322static void hci_user_passkey_notify_evt(struct hci_dev *hdev,
3323 struct sk_buff *skb)
3324{
3325 struct hci_ev_user_passkey_notify *ev = (void *) skb->data;
3326 struct hci_conn *conn;
3327
3328 BT_DBG("%s", hdev->name);
3329
3330 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3331 if (!conn)
3332 return;
3333
3334 conn->passkey_notify = __le32_to_cpu(ev->passkey);
3335 conn->passkey_entered = 0;
3336
3337 if (test_bit(HCI_MGMT, &hdev->dev_flags))
3338 mgmt_user_passkey_notify(hdev, &conn->dst, conn->type,
3339 conn->dst_type, conn->passkey_notify,
3340 conn->passkey_entered);
3341}
3342
3343static void hci_keypress_notify_evt(struct hci_dev *hdev, struct sk_buff *skb)
3344{
3345 struct hci_ev_keypress_notify *ev = (void *) skb->data;
3346 struct hci_conn *conn;
3347
3348 BT_DBG("%s", hdev->name);
3349
3350 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3351 if (!conn)
3352 return;
3353
3354 switch (ev->type) {
3355 case HCI_KEYPRESS_STARTED:
3356 conn->passkey_entered = 0;
3357 return;
3358
3359 case HCI_KEYPRESS_ENTERED:
3360 conn->passkey_entered++;
3361 break;
3362
3363 case HCI_KEYPRESS_ERASED:
3364 conn->passkey_entered--;
3365 break;
3366
3367 case HCI_KEYPRESS_CLEARED:
3368 conn->passkey_entered = 0;
3369 break;
3370
3371 case HCI_KEYPRESS_COMPLETED:
3372 return;
3373 }
3374
3375 if (test_bit(HCI_MGMT, &hdev->dev_flags))
3376 mgmt_user_passkey_notify(hdev, &conn->dst, conn->type,
3377 conn->dst_type, conn->passkey_notify,
3378 conn->passkey_entered);
3379}
3380
6039aa73
GP		 3381static void hci_simple_pair_complete_evt(struct hci_dev *hdev,
3382 struct sk_buff *skb)
0493684e
MH		 3383{
3384 struct hci_ev_simple_pair_complete *ev = (void *) skb->data;
3385 struct hci_conn *conn;
3386
3387 BT_DBG("%s", hdev->name);
3388
3389 hci_dev_lock(hdev);
3390
3391 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2a611692
JH		 3392 if (!conn)
3393 goto unlock;
3394
3395 /* To avoid duplicate auth_failed events to user space we check
3396 * the HCI_CONN_AUTH_PEND flag which will be set if we
3397 * initiated the authentication. A traditional auth_complete
3398 * event gets always produced as initiator and is also mapped to
3399 * the mgmt_auth_failed event */
fa1bd918 3400 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->flags) && ev->status)
bab73cb6 3401 mgmt_auth_failed(hdev, &conn->dst, conn->type, conn->dst_type,
04124681 3402 ev->status);
0493684e 3403
76a68ba0 3404 hci_conn_drop(conn);
2a611692
JH		 3405
3406unlock:
0493684e
MH		 3407 hci_dev_unlock(hdev);
3408}
3409
6039aa73
GP		 3410static void hci_remote_host_features_evt(struct hci_dev *hdev,
3411 struct sk_buff *skb)
41a96212
MH		 3412{
3413 struct hci_ev_remote_host_features *ev = (void *) skb->data;
3414 struct inquiry_entry *ie;
cad718ed 3415 struct hci_conn *conn;
41a96212
MH		 3416
3417 BT_DBG("%s", hdev->name);
3418
3419 hci_dev_lock(hdev);
3420
cad718ed
JH		 3421 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3422 if (conn)
3423 memcpy(conn->features[1], ev->features, 8);
3424
cc11b9c1
AE		 3425 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
3426 if (ie)
02b7cc62 3427 ie->data.ssp_mode = (ev->features[0] & LMP_HOST_SSP);
41a96212
MH		 3428
3429 hci_dev_unlock(hdev);
3430}
3431
6039aa73
GP		 3432static void hci_remote_oob_data_request_evt(struct hci_dev *hdev,
3433 struct sk_buff *skb)
2763eda6
SJ		 3434{
3435 struct hci_ev_remote_oob_data_request *ev = (void *) skb->data;
3436 struct oob_data *data;
3437
3438 BT_DBG("%s", hdev->name);
3439
3440 hci_dev_lock(hdev);
3441
a8b2d5c2 3442 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
e1ba1f15
SJ		 3443 goto unlock;
3444
2763eda6
SJ		 3445 data = hci_find_remote_oob_data(hdev, &ev->bdaddr);
3446 if (data) {
519ca9d0
MH		 3447 if (test_bit(HCI_SC_ENABLED, &hdev->dev_flags)) {
3448 struct hci_cp_remote_oob_ext_data_reply cp;
2763eda6 3449
519ca9d0
MH		 3450 bacpy(&cp.bdaddr, &ev->bdaddr);
3451 memcpy(cp.hash192, data->hash192, sizeof(cp.hash192));
3452 memcpy(cp.randomizer192, data->randomizer192,
3453 sizeof(cp.randomizer192));
3454 memcpy(cp.hash256, data->hash256, sizeof(cp.hash256));
3455 memcpy(cp.randomizer256, data->randomizer256,
3456 sizeof(cp.randomizer256));
3457
3458 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_EXT_DATA_REPLY,
3459 sizeof(cp), &cp);
3460 } else {
3461 struct hci_cp_remote_oob_data_reply cp;
2763eda6 3462
519ca9d0
MH		 3463 bacpy(&cp.bdaddr, &ev->bdaddr);
3464 memcpy(cp.hash, data->hash192, sizeof(cp.hash));
3465 memcpy(cp.randomizer, data->randomizer192,
3466 sizeof(cp.randomizer));
3467
3468 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_REPLY,
3469 sizeof(cp), &cp);
3470 }
2763eda6
SJ		 3471 } else {
3472 struct hci_cp_remote_oob_data_neg_reply cp;
3473
3474 bacpy(&cp.bdaddr, &ev->bdaddr);
519ca9d0
MH		 3475 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_NEG_REPLY,
3476 sizeof(cp), &cp);
2763eda6
SJ		 3477 }
3478
e1ba1f15 3479unlock:
2763eda6
SJ		 3480 hci_dev_unlock(hdev);
3481}
3482
d5e91192
AE		 3483static void hci_phy_link_complete_evt(struct hci_dev *hdev,
3484 struct sk_buff *skb)
3485{
3486 struct hci_ev_phy_link_complete *ev = (void *) skb->data;
3487 struct hci_conn *hcon, *bredr_hcon;
3488
3489 BT_DBG("%s handle 0x%2.2x status 0x%2.2x", hdev->name, ev->phy_handle,
3490 ev->status);
3491
3492 hci_dev_lock(hdev);
3493
3494 hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
3495 if (!hcon) {
3496 hci_dev_unlock(hdev);
3497 return;
3498 }
3499
3500 if (ev->status) {
3501 hci_conn_del(hcon);
3502 hci_dev_unlock(hdev);
3503 return;
3504 }
3505
3506 bredr_hcon = hcon->amp_mgr->l2cap_conn->hcon;
3507
3508 hcon->state = BT_CONNECTED;
3509 bacpy(&hcon->dst, &bredr_hcon->dst);
3510
3511 hci_conn_hold(hcon);
3512 hcon->disc_timeout = HCI_DISCONN_TIMEOUT;
76a68ba0 3513 hci_conn_drop(hcon);
d5e91192 3514
d5e91192
AE		 3515 hci_conn_add_sysfs(hcon);
3516
cf70ff22 3517 amp_physical_cfm(bredr_hcon, hcon);
d5e91192 3518
cf70ff22 3519 hci_dev_unlock(hdev);
d5e91192
AE		 3520}
3521
27695fb4
AE		 3522static void hci_loglink_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
3523{
3524 struct hci_ev_logical_link_complete *ev = (void *) skb->data;
3525 struct hci_conn *hcon;
3526 struct hci_chan *hchan;
3527 struct amp_mgr *mgr;
3528
3529 BT_DBG("%s log_handle 0x%4.4x phy_handle 0x%2.2x status 0x%2.2x",
3530 hdev->name, le16_to_cpu(ev->handle), ev->phy_handle,
3531 ev->status);
3532
3533 hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
3534 if (!hcon)
3535 return;
3536
3537 /* Create AMP hchan */
3538 hchan = hci_chan_create(hcon);
3539 if (!hchan)
3540 return;
3541
3542 hchan->handle = le16_to_cpu(ev->handle);
3543
3544 BT_DBG("hcon %p mgr %p hchan %p", hcon, hcon->amp_mgr, hchan);
3545
3546 mgr = hcon->amp_mgr;
3547 if (mgr && mgr->bredr_chan) {
3548 struct l2cap_chan *bredr_chan = mgr->bredr_chan;
3549
3550 l2cap_chan_lock(bredr_chan);
3551
3552 bredr_chan->conn->mtu = hdev->block_mtu;
3553 l2cap_logical_cfm(bredr_chan, hchan, 0);
3554 hci_conn_hold(hcon);
3555
3556 l2cap_chan_unlock(bredr_chan);
3557 }
3558}
3559
606e2a10
AE		 3560static void hci_disconn_loglink_complete_evt(struct hci_dev *hdev,
3561 struct sk_buff *skb)
3562{
3563 struct hci_ev_disconn_logical_link_complete *ev = (void *) skb->data;
3564 struct hci_chan *hchan;
3565
3566 BT_DBG("%s log handle 0x%4.4x status 0x%2.2x", hdev->name,
3567 le16_to_cpu(ev->handle), ev->status);
3568
3569 if (ev->status)
3570 return;
3571
3572 hci_dev_lock(hdev);
3573
3574 hchan = hci_chan_lookup_handle(hdev, le16_to_cpu(ev->handle));
3575 if (!hchan)
3576 goto unlock;
3577
3578 amp_destroy_logical_link(hchan, ev->reason);
3579
3580unlock:
3581 hci_dev_unlock(hdev);
3582}
3583
9eef6b3a
AE		 3584static void hci_disconn_phylink_complete_evt(struct hci_dev *hdev,
3585 struct sk_buff *skb)
3586{
3587 struct hci_ev_disconn_phy_link_complete *ev = (void *) skb->data;
3588 struct hci_conn *hcon;
3589
3590 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
3591
3592 if (ev->status)
3593 return;
3594
3595 hci_dev_lock(hdev);
3596
3597 hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
3598 if (hcon) {
3599 hcon->state = BT_CLOSED;
3600 hci_conn_del(hcon);
3601 }
3602
3603 hci_dev_unlock(hdev);
3604}
3605
6039aa73 3606static void hci_le_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
fcd89c09
VT		 3607{
3608 struct hci_ev_le_conn_complete *ev = (void *) skb->data;
3609 struct hci_conn *conn;
68d6f6de 3610 struct smp_irk *irk;
fcd89c09 3611
9f1db00c 3612 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
fcd89c09
VT		 3613
3614 hci_dev_lock(hdev);
3615
b47a09b3 3616 conn = hci_conn_hash_lookup_state(hdev, LE_LINK, BT_CONNECT);
b62f328b
VT		 3617 if (!conn) {
3618 conn = hci_conn_add(hdev, LE_LINK, &ev->bdaddr);
3619 if (!conn) {
3620 BT_ERR("No memory for new connection");
230fd16a 3621 goto unlock;
b62f328b 3622 }
29b7988a
AG		 3623
3624 conn->dst_type = ev->bdaddr_type;
b9b343d2 3625
880be4e8
MH		 3626 /* The advertising parameters for own address type
3627 * define which source address and source address
3628 * type this connections has.
3629 */
3630 if (bacmp(&conn->src, BDADDR_ANY)) {
3631 conn->src_type = ADDR_LE_DEV_PUBLIC;
3632 } else {
3633 bacpy(&conn->src, &hdev->static_addr);
3634 conn->src_type = ADDR_LE_DEV_RANDOM;
3635 }
3636
b9b343d2
AG		 3637 if (ev->role == LE_CONN_ROLE_MASTER) {
3638 conn->out = true;
3639 conn->link_mode |= HCI_LM_MASTER;
3640 }
b62f328b 3641 }
fcd89c09 3642
7be2edbb
JH		 3643 /* Ensure that the hci_conn contains the identity address type
3644 * regardless of which address the connection was made with.
3645 *
3646 * If the controller has a public BD_ADDR, then by default
3647 * use that one. If this is a LE only controller without
3648 * a public address, default to the static random address.
3649 *
3650 * For debugging purposes it is possible to force
3651 * controllers with a public address to use the static
3652 * random address instead.
3653 */
3654 if (test_bit(HCI_FORCE_STATIC_ADDR, &hdev->dev_flags) ||
3655 !bacmp(&hdev->bdaddr, BDADDR_ANY)) {
3656 bacpy(&conn->src, &hdev->static_addr);
3657 conn->src_type = ADDR_LE_DEV_RANDOM;
3658 } else {
3659 bacpy(&conn->src, &hdev->bdaddr);
3660 conn->src_type = ADDR_LE_DEV_PUBLIC;
3661 }
3662
edb4b466
MH		 3663 /* Lookup the identity address from the stored connection
3664 * address and address type.
3665 *
3666 * When establishing connections to an identity address, the
3667 * connection procedure will store the resolvable random
3668 * address first. Now if it can be converted back into the
3669 * identity address, start using the identity address from
3670 * now on.
3671 */
3672 irk = hci_get_irk(hdev, &conn->dst, conn->dst_type);
68d6f6de
JH		 3673 if (irk) {
3674 bacpy(&conn->dst, &irk->bdaddr);
3675 conn->dst_type = irk->addr_type;
3676 }
3677
cd17decb 3678 if (ev->status) {
06c053fb 3679 hci_le_conn_failed(conn, ev->status);
cd17decb
AG		 3680 goto unlock;
3681 }
3682
b644ba33 3683 if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
01fdb0fc 3684 mgmt_device_connected(hdev, &conn->dst, conn->type,
04124681 3685 conn->dst_type, 0, NULL, 0, NULL);
83bc71b4 3686
7b5c0d52 3687 conn->sec_level = BT_SECURITY_LOW;
fcd89c09
VT		 3688 conn->handle = __le16_to_cpu(ev->handle);
3689 conn->state = BT_CONNECTED;
3690
18722c24
JR		 3691 if (test_bit(HCI_6LOWPAN_ENABLED, &hdev->dev_flags))
3692 set_bit(HCI_CONN_6LOWPAN, &conn->flags);
3693
fcd89c09
VT		 3694 hci_conn_add_sysfs(conn);
3695
3696 hci_proto_connect_cfm(conn, ev->status);
3697
a4790dbd
AG		 3698 hci_pend_le_conn_del(hdev, &conn->dst, conn->dst_type);
3699
fcd89c09
VT		 3700unlock:
3701 hci_dev_unlock(hdev);
3702}
3703
a4790dbd
AG		 3704/* This function requires the caller holds hdev->lock */
3705static void check_pending_le_conn(struct hci_dev *hdev, bdaddr_t *addr,
3706 u8 addr_type)
3707{
3708 struct hci_conn *conn;
5b906a84
AG		 3709 struct smp_irk *irk;
3710
3711 /* If this is a resolvable address, we should resolve it and then
3712 * update address and address type variables.
3713 */
3714 irk = hci_get_irk(hdev, addr, addr_type);
3715 if (irk) {
3716 addr = &irk->bdaddr;
3717 addr_type = irk->addr_type;
3718 }
a4790dbd
AG		 3719
3720 if (!hci_pend_le_conn_lookup(hdev, addr, addr_type))
3721 return;
3722
3723 conn = hci_connect_le(hdev, addr, addr_type, BT_SECURITY_LOW,
3724 HCI_AT_NO_BONDING);
3725 if (!IS_ERR(conn))
3726 return;
3727
3728 switch (PTR_ERR(conn)) {
3729 case -EBUSY:
3730 /* If hci_connect() returns -EBUSY it means there is already
3731 * an LE connection attempt going on. Since controllers don't
3732 * support more than one connection attempt at the time, we
3733 * don't consider this an error case.
3734 */
3735 break;
3736 default:
3737 BT_DBG("Failed to connect: err %ld", PTR_ERR(conn));
3738 }
3739}
3740
6039aa73 3741static void hci_le_adv_report_evt(struct hci_dev *hdev, struct sk_buff *skb)
9aa04c91 3742{
e95beb41
AG		 3743 u8 num_reports = skb->data[0];
3744 void *ptr = &skb->data[1];
3c9e9195 3745 s8 rssi;
9aa04c91 3746
a4790dbd
AG		 3747 hci_dev_lock(hdev);
3748
e95beb41
AG		 3749 while (num_reports--) {
3750 struct hci_ev_le_advertising_info *ev = ptr;
9aa04c91 3751
a4790dbd
AG		 3752 if (ev->evt_type == LE_ADV_IND ||
3753 ev->evt_type == LE_ADV_DIRECT_IND)
3754 check_pending_le_conn(hdev, &ev->bdaddr,
3755 ev->bdaddr_type);
3756
3c9e9195
AG		 3757 rssi = ev->data[ev->length];
3758 mgmt_device_found(hdev, &ev->bdaddr, LE_LINK, ev->bdaddr_type,
04124681 3759 NULL, rssi, 0, 1, ev->data, ev->length);
3c9e9195 3760
e95beb41 3761 ptr += sizeof(*ev) + ev->length + 1;
9aa04c91 3762 }
a4790dbd
AG		 3763
3764 hci_dev_unlock(hdev);
9aa04c91
AG		 3765}
3766
6039aa73 3767static void hci_le_ltk_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
a7a595f6
VCG		 3768{
3769 struct hci_ev_le_ltk_req *ev = (void *) skb->data;
3770 struct hci_cp_le_ltk_reply cp;
bea710fe 3771 struct hci_cp_le_ltk_neg_reply neg;
a7a595f6 3772 struct hci_conn *conn;
c9839a11 3773 struct smp_ltk *ltk;
a7a595f6 3774
9f1db00c 3775 BT_DBG("%s handle 0x%4.4x", hdev->name, __le16_to_cpu(ev->handle));
a7a595f6
VCG		 3776
3777 hci_dev_lock(hdev);
3778
3779 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
bea710fe
VCG		 3780 if (conn == NULL)
3781 goto not_found;
a7a595f6 3782
98a0b845 3783 ltk = hci_find_ltk(hdev, ev->ediv, ev->random, conn->out);
bea710fe
VCG		 3784 if (ltk == NULL)
3785 goto not_found;
3786
3787 memcpy(cp.ltk, ltk->val, sizeof(ltk->val));
a7a595f6 3788 cp.handle = cpu_to_le16(conn->handle);
c9839a11
VCG		 3789
3790 if (ltk->authenticated)
f8776218
AG		 3791 conn->pending_sec_level = BT_SECURITY_HIGH;
3792 else
3793 conn->pending_sec_level = BT_SECURITY_MEDIUM;
a7a595f6 3794
89cbb4da 3795 conn->enc_key_size = ltk->enc_size;
a7a595f6
VCG		 3796
3797 hci_send_cmd(hdev, HCI_OP_LE_LTK_REPLY, sizeof(cp), &cp);
3798
c9839a11
VCG		 3799 if (ltk->type & HCI_SMP_STK) {
3800 list_del(&ltk->list);
3801 kfree(ltk);
3802 }
3803
a7a595f6 3804 hci_dev_unlock(hdev);
bea710fe
VCG		 3805
3806 return;
3807
3808not_found:
3809 neg.handle = ev->handle;
3810 hci_send_cmd(hdev, HCI_OP_LE_LTK_NEG_REPLY, sizeof(neg), &neg);
3811 hci_dev_unlock(hdev);
a7a595f6
VCG		 3812}
3813
6039aa73 3814static void hci_le_meta_evt(struct hci_dev *hdev, struct sk_buff *skb)
fcd89c09
VT		 3815{
3816 struct hci_ev_le_meta *le_ev = (void *) skb->data;
3817
3818 skb_pull(skb, sizeof(*le_ev));
3819
3820 switch (le_ev->subevent) {
3821 case HCI_EV_LE_CONN_COMPLETE:
3822 hci_le_conn_complete_evt(hdev, skb);
3823 break;
3824
9aa04c91
AG		 3825 case HCI_EV_LE_ADVERTISING_REPORT:
3826 hci_le_adv_report_evt(hdev, skb);
3827 break;
3828
a7a595f6
VCG		 3829 case HCI_EV_LE_LTK_REQ:
3830 hci_le_ltk_request_evt(hdev, skb);
3831 break;
3832
fcd89c09
VT		 3833 default:
3834 break;
3835 }
3836}
3837
9495b2ee
AE		 3838static void hci_chan_selected_evt(struct hci_dev *hdev, struct sk_buff *skb)
3839{
3840 struct hci_ev_channel_selected *ev = (void *) skb->data;
3841 struct hci_conn *hcon;
3842
3843 BT_DBG("%s handle 0x%2.2x", hdev->name, ev->phy_handle);
3844
3845 skb_pull(skb, sizeof(*ev));
3846
3847 hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
3848 if (!hcon)
3849 return;
3850
3851 amp_read_loc_assoc_final_data(hdev, hcon);
3852}
3853
a9de9248
MH		 3854void hci_event_packet(struct hci_dev *hdev, struct sk_buff *skb)
3855{
3856 struct hci_event_hdr *hdr = (void *) skb->data;
3857 __u8 event = hdr->evt;
3858
b6ddb638
JH		 3859 hci_dev_lock(hdev);
3860
3861 /* Received events are (currently) only needed when a request is
3862 * ongoing so avoid unnecessary memory allocation.
3863 */
3864 if (hdev->req_status == HCI_REQ_PEND) {
3865 kfree_skb(hdev->recv_evt);
3866 hdev->recv_evt = skb_clone(skb, GFP_KERNEL);
3867 }
3868
3869 hci_dev_unlock(hdev);
3870
a9de9248
MH		 3871 skb_pull(skb, HCI_EVENT_HDR_SIZE);
3872
02350a72 3873 if (hdev->sent_cmd && bt_cb(hdev->sent_cmd)->req.event == event) {
c1f23a2b
JB		 3874 struct hci_command_hdr *cmd_hdr = (void *) hdev->sent_cmd->data;
3875 u16 opcode = __le16_to_cpu(cmd_hdr->opcode);
02350a72
JH		 3876
3877 hci_req_cmd_complete(hdev, opcode, 0);
3878 }
3879
a9de9248 3880 switch (event) {
1da177e4
LT		 3881 case HCI_EV_INQUIRY_COMPLETE:
3882 hci_inquiry_complete_evt(hdev, skb);
3883 break;
3884
3885 case HCI_EV_INQUIRY_RESULT:
3886 hci_inquiry_result_evt(hdev, skb);
3887 break;
3888
a9de9248
MH		 3889 case HCI_EV_CONN_COMPLETE:
3890 hci_conn_complete_evt(hdev, skb);
21d9e30e
MH		 3891 break;
3892
1da177e4
LT		 3893 case HCI_EV_CONN_REQUEST:
3894 hci_conn_request_evt(hdev, skb);
3895 break;
3896
1da177e4
LT		 3897 case HCI_EV_DISCONN_COMPLETE:
3898 hci_disconn_complete_evt(hdev, skb);
3899 break;
3900
1da177e4
LT		 3901 case HCI_EV_AUTH_COMPLETE:
3902 hci_auth_complete_evt(hdev, skb);
3903 break;
3904
a9de9248
MH		 3905 case HCI_EV_REMOTE_NAME:
3906 hci_remote_name_evt(hdev, skb);
3907 break;
3908
1da177e4
LT		 3909 case HCI_EV_ENCRYPT_CHANGE:
3910 hci_encrypt_change_evt(hdev, skb);
3911 break;
3912
a9de9248
MH		 3913 case HCI_EV_CHANGE_LINK_KEY_COMPLETE:
3914 hci_change_link_key_complete_evt(hdev, skb);
3915 break;
3916
3917 case HCI_EV_REMOTE_FEATURES:
3918 hci_remote_features_evt(hdev, skb);
3919 break;
3920
a9de9248
MH		 3921 case HCI_EV_CMD_COMPLETE:
3922 hci_cmd_complete_evt(hdev, skb);
3923 break;
3924
3925 case HCI_EV_CMD_STATUS:
3926 hci_cmd_status_evt(hdev, skb);
3927 break;
3928
3929 case HCI_EV_ROLE_CHANGE:
3930 hci_role_change_evt(hdev, skb);
3931 break;
3932
3933 case HCI_EV_NUM_COMP_PKTS:
3934 hci_num_comp_pkts_evt(hdev, skb);
3935 break;
3936
3937 case HCI_EV_MODE_CHANGE:
3938 hci_mode_change_evt(hdev, skb);
1da177e4
LT		 3939 break;
3940
3941 case HCI_EV_PIN_CODE_REQ:
3942 hci_pin_code_request_evt(hdev, skb);
3943 break;
3944
3945 case HCI_EV_LINK_KEY_REQ:
3946 hci_link_key_request_evt(hdev, skb);
3947 break;
3948
3949 case HCI_EV_LINK_KEY_NOTIFY:
3950 hci_link_key_notify_evt(hdev, skb);
3951 break;
3952
3953 case HCI_EV_CLOCK_OFFSET:
3954 hci_clock_offset_evt(hdev, skb);
3955 break;
3956
a8746417
MH		 3957 case HCI_EV_PKT_TYPE_CHANGE:
3958 hci_pkt_type_change_evt(hdev, skb);
3959 break;
3960
85a1e930
MH		 3961 case HCI_EV_PSCAN_REP_MODE:
3962 hci_pscan_rep_mode_evt(hdev, skb);
3963 break;
3964
a9de9248
MH		 3965 case HCI_EV_INQUIRY_RESULT_WITH_RSSI:
3966 hci_inquiry_result_with_rssi_evt(hdev, skb);
04837f64
MH		 3967 break;
3968
a9de9248
MH		 3969 case HCI_EV_REMOTE_EXT_FEATURES:
3970 hci_remote_ext_features_evt(hdev, skb);
1da177e4
LT		 3971 break;
3972
a9de9248
MH		 3973 case HCI_EV_SYNC_CONN_COMPLETE:
3974 hci_sync_conn_complete_evt(hdev, skb);
3975 break;
1da177e4 3976
a9de9248
MH		 3977 case HCI_EV_EXTENDED_INQUIRY_RESULT:
3978 hci_extended_inquiry_result_evt(hdev, skb);
3979 break;
1da177e4 3980
1c2e0041
JH		 3981 case HCI_EV_KEY_REFRESH_COMPLETE:
3982 hci_key_refresh_complete_evt(hdev, skb);
3983 break;
3984
0493684e
MH		 3985 case HCI_EV_IO_CAPA_REQUEST:
3986 hci_io_capa_request_evt(hdev, skb);
3987 break;
3988
03b555e1
JH		 3989 case HCI_EV_IO_CAPA_REPLY:
3990 hci_io_capa_reply_evt(hdev, skb);
3991 break;
3992
a5c29683
JH		 3993 case HCI_EV_USER_CONFIRM_REQUEST:
3994 hci_user_confirm_request_evt(hdev, skb);
3995 break;
3996
1143d458
BG		 3997 case HCI_EV_USER_PASSKEY_REQUEST:
3998 hci_user_passkey_request_evt(hdev, skb);
3999 break;
4000
92a25256
JH		 4001 case HCI_EV_USER_PASSKEY_NOTIFY:
4002 hci_user_passkey_notify_evt(hdev, skb);
4003 break;
4004
4005 case HCI_EV_KEYPRESS_NOTIFY:
4006 hci_keypress_notify_evt(hdev, skb);
4007 break;
4008
0493684e
MH		 4009 case HCI_EV_SIMPLE_PAIR_COMPLETE:
4010 hci_simple_pair_complete_evt(hdev, skb);
4011 break;
4012
41a96212
MH		 4013 case HCI_EV_REMOTE_HOST_FEATURES:
4014 hci_remote_host_features_evt(hdev, skb);
4015 break;
4016
fcd89c09
VT		 4017 case HCI_EV_LE_META:
4018 hci_le_meta_evt(hdev, skb);
4019 break;
4020
9495b2ee
AE		 4021 case HCI_EV_CHANNEL_SELECTED:
4022 hci_chan_selected_evt(hdev, skb);
4023 break;
4024
2763eda6
SJ		 4025 case HCI_EV_REMOTE_OOB_DATA_REQUEST:
4026 hci_remote_oob_data_request_evt(hdev, skb);
4027 break;
4028
d5e91192
AE		 4029 case HCI_EV_PHY_LINK_COMPLETE:
4030 hci_phy_link_complete_evt(hdev, skb);
4031 break;
4032
27695fb4
AE		 4033 case HCI_EV_LOGICAL_LINK_COMPLETE:
4034 hci_loglink_complete_evt(hdev, skb);
4035 break;
4036
606e2a10
AE		 4037 case HCI_EV_DISCONN_LOGICAL_LINK_COMPLETE:
4038 hci_disconn_loglink_complete_evt(hdev, skb);
4039 break;
4040
9eef6b3a
AE		 4041 case HCI_EV_DISCONN_PHY_LINK_COMPLETE:
4042 hci_disconn_phylink_complete_evt(hdev, skb);
4043 break;
4044
25e89e99
AE		 4045 case HCI_EV_NUM_COMP_BLOCKS:
4046 hci_num_comp_blocks_evt(hdev, skb);
4047 break;
4048
a9de9248 4049 default:
9f1db00c 4050 BT_DBG("%s event 0x%2.2x", hdev->name, event);
1da177e4
LT		 4051 break;
4052 }
4053
4054 kfree_skb(skb);
4055 hdev->stat.evt_rx++;
4056}
Linux kernel - Deliverables
This page took 0.961473 seconds and 5 git commands to generate.