projects / deliverable / linux.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Bluetooth: Add support for New Configuration Options management event
[deliverable/linux.git] / net / bluetooth / hci_event.c
CommitLineData
8e87d142 1/*
1da177e4 2 BlueZ - Bluetooth protocol stack for Linux
2d0a0346 3 Copyright (c) 2000-2001, 2010, Code Aurora Forum. All rights reserved.
1da177e4
LT		 4
5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
8e87d142
YH		 15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
1da177e4
LT		 18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
8e87d142
YH		 20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
1da177e4
LT		 22 SOFTWARE IS DISCLAIMED.
23*/
24
25/* Bluetooth HCI event handling. */
26
1da177e4
LT		 27#include <asm/unaligned.h>
28
29#include <net/bluetooth/bluetooth.h>
30#include <net/bluetooth/hci_core.h>
f0d6a0ea 31#include <net/bluetooth/mgmt.h>
7ef9fbf0 32
7024728e 33#include "a2mp.h"
7ef9fbf0 34#include "amp.h"
2ceba539 35#include "smp.h"
1da177e4 36
1da177e4
LT		 37/* Handle HCI Event packets */
38
a9de9248 39static void hci_cc_inquiry_cancel(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 40{
a9de9248 41 __u8 status = *((__u8 *) skb->data);
1da177e4 42
9f1db00c 43 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1da177e4 44
82f4785c 45 if (status)
a9de9248 46 return;
1da177e4 47
89352e7d 48 clear_bit(HCI_INQUIRY, &hdev->flags);
4e857c58 49 smp_mb__after_atomic(); /* wake_up_bit advises about this barrier */
3e13fa1e 50 wake_up_bit(&hdev->flags, HCI_INQUIRY);
89352e7d 51
50143a43
JH		 52 hci_dev_lock(hdev);
53 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
54 hci_dev_unlock(hdev);
55
a9de9248
MH		 56 hci_conn_check_pending(hdev);
57}
6bd57416 58
4d93483b
AG		 59static void hci_cc_periodic_inq(struct hci_dev *hdev, struct sk_buff *skb)
60{
61 __u8 status = *((__u8 *) skb->data);
62
9f1db00c 63 BT_DBG("%s status 0x%2.2x", hdev->name, status);
ae854a70
AG		 64
65 if (status)
66 return;
67
68 set_bit(HCI_PERIODIC_INQ, &hdev->dev_flags);
4d93483b
AG		 69}
70
a9de9248
MH		 71static void hci_cc_exit_periodic_inq(struct hci_dev *hdev, struct sk_buff *skb)
72{
73 __u8 status = *((__u8 *) skb->data);
6bd57416 74
9f1db00c 75 BT_DBG("%s status 0x%2.2x", hdev->name, status);
6bd57416 76
a9de9248
MH		 77 if (status)
78 return;
1da177e4 79
ae854a70
AG		 80 clear_bit(HCI_PERIODIC_INQ, &hdev->dev_flags);
81
a9de9248
MH		 82 hci_conn_check_pending(hdev);
83}
84
807deac2
GP		 85static void hci_cc_remote_name_req_cancel(struct hci_dev *hdev,
86 struct sk_buff *skb)
a9de9248
MH		 87{
88 BT_DBG("%s", hdev->name);
89}
90
91static void hci_cc_role_discovery(struct hci_dev *hdev, struct sk_buff *skb)
92{
93 struct hci_rp_role_discovery *rp = (void *) skb->data;
94 struct hci_conn *conn;
95
9f1db00c 96 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
a9de9248
MH		 97
98 if (rp->status)
99 return;
100
101 hci_dev_lock(hdev);
102
103 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
104 if (conn) {
105 if (rp->role)
4dae2798 106 clear_bit(HCI_CONN_MASTER, &conn->flags);
a9de9248 107 else
4dae2798 108 set_bit(HCI_CONN_MASTER, &conn->flags);
1da177e4 109 }
a9de9248
MH		 110
111 hci_dev_unlock(hdev);
1da177e4
LT		 112}
113
e4e8e37c
MH		 114static void hci_cc_read_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
115{
116 struct hci_rp_read_link_policy *rp = (void *) skb->data;
117 struct hci_conn *conn;
118
9f1db00c 119 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
e4e8e37c
MH		 120
121 if (rp->status)
122 return;
123
124 hci_dev_lock(hdev);
125
126 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
127 if (conn)
128 conn->link_policy = __le16_to_cpu(rp->policy);
129
130 hci_dev_unlock(hdev);
131}
132
a9de9248 133static void hci_cc_write_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 134{
a9de9248 135 struct hci_rp_write_link_policy *rp = (void *) skb->data;
1da177e4 136 struct hci_conn *conn;
04837f64 137 void *sent;
1da177e4 138
9f1db00c 139 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1da177e4 140
a9de9248
MH		 141 if (rp->status)
142 return;
1da177e4 143
a9de9248
MH		 144 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LINK_POLICY);
145 if (!sent)
146 return;
1da177e4 147
a9de9248 148 hci_dev_lock(hdev);
1da177e4 149
a9de9248 150 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
e4e8e37c 151 if (conn)
83985319 152 conn->link_policy = get_unaligned_le16(sent + 2);
1da177e4 153
a9de9248
MH		 154 hci_dev_unlock(hdev);
155}
1da177e4 156
807deac2
GP		 157static void hci_cc_read_def_link_policy(struct hci_dev *hdev,
158 struct sk_buff *skb)
e4e8e37c
MH		 159{
160 struct hci_rp_read_def_link_policy *rp = (void *) skb->data;
161
9f1db00c 162 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
e4e8e37c
MH		 163
164 if (rp->status)
165 return;
166
167 hdev->link_policy = __le16_to_cpu(rp->policy);
168}
169
807deac2
GP		 170static void hci_cc_write_def_link_policy(struct hci_dev *hdev,
171 struct sk_buff *skb)
e4e8e37c
MH		 172{
173 __u8 status = *((__u8 *) skb->data);
174 void *sent;
175
9f1db00c 176 BT_DBG("%s status 0x%2.2x", hdev->name, status);
e4e8e37c
MH		 177
178 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_DEF_LINK_POLICY);
179 if (!sent)
180 return;
181
182 if (!status)
183 hdev->link_policy = get_unaligned_le16(sent);
e4e8e37c
MH		 184}
185
a9de9248
MH		 186static void hci_cc_reset(struct hci_dev *hdev, struct sk_buff *skb)
187{
188 __u8 status = *((__u8 *) skb->data);
04837f64 189
9f1db00c 190 BT_DBG("%s status 0x%2.2x", hdev->name, status);
04837f64 191
10572132
GP		 192 clear_bit(HCI_RESET, &hdev->flags);
193
a297e97c 194 /* Reset all non-persistent flags */
2cc6fb00 195 hdev->dev_flags &= ~HCI_PERSISTENT_MASK;
69775ff6
AG		 196
197 hdev->discovery.state = DISCOVERY_STOPPED;
bbaf444a
JH		 198 hdev->inq_tx_power = HCI_TX_POWER_INVALID;
199 hdev->adv_tx_power = HCI_TX_POWER_INVALID;
3f0f524b
JH		 200
201 memset(hdev->adv_data, 0, sizeof(hdev->adv_data));
202 hdev->adv_data_len = 0;
f8e808bd
MH		 203
204 memset(hdev->scan_rsp_data, 0, sizeof(hdev->scan_rsp_data));
205 hdev->scan_rsp_data_len = 0;
06f5b778 206
533553f8
MH		 207 hdev->le_scan_type = LE_SCAN_PASSIVE;
208
06f5b778 209 hdev->ssp_debug_mode = 0;
a9de9248 210}
04837f64 211
a9de9248
MH		 212static void hci_cc_write_local_name(struct hci_dev *hdev, struct sk_buff *skb)
213{
214 __u8 status = *((__u8 *) skb->data);
215 void *sent;
04837f64 216
9f1db00c 217 BT_DBG("%s status 0x%2.2x", hdev->name, status);
04837f64 218
a9de9248
MH		 219 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LOCAL_NAME);
220 if (!sent)
221 return;
04837f64 222
56e5cb86
JH		 223 hci_dev_lock(hdev);
224
f51d5b24
JH		 225 if (test_bit(HCI_MGMT, &hdev->dev_flags))
226 mgmt_set_local_name_complete(hdev, sent, status);
28cc7bde
JH		 227 else if (!status)
228 memcpy(hdev->dev_name, sent, HCI_MAX_NAME_LENGTH);
f51d5b24 229
56e5cb86 230 hci_dev_unlock(hdev);
a9de9248
MH		 231}
232
233static void hci_cc_read_local_name(struct hci_dev *hdev, struct sk_buff *skb)
234{
235 struct hci_rp_read_local_name *rp = (void *) skb->data;
236
9f1db00c 237 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
a9de9248
MH		 238
239 if (rp->status)
240 return;
241
db99b5fc
JH		 242 if (test_bit(HCI_SETUP, &hdev->dev_flags))
243 memcpy(hdev->dev_name, rp->name, HCI_MAX_NAME_LENGTH);
a9de9248
MH		 244}
245
246static void hci_cc_write_auth_enable(struct hci_dev *hdev, struct sk_buff *skb)
247{
248 __u8 status = *((__u8 *) skb->data);
249 void *sent;
250
9f1db00c 251 BT_DBG("%s status 0x%2.2x", hdev->name, status);
a9de9248
MH		 252
253 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_AUTH_ENABLE);
254 if (!sent)
255 return;
256
257 if (!status) {
258 __u8 param = *((__u8 *) sent);
259
260 if (param == AUTH_ENABLED)
261 set_bit(HCI_AUTH, &hdev->flags);
262 else
263 clear_bit(HCI_AUTH, &hdev->flags);
1da177e4 264 }
a9de9248 265
33ef95ed
JH		 266 if (test_bit(HCI_MGMT, &hdev->dev_flags))
267 mgmt_auth_enable_complete(hdev, status);
1da177e4
LT		 268}
269
a9de9248 270static void hci_cc_write_encrypt_mode(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 271{
a9de9248 272 __u8 status = *((__u8 *) skb->data);
1da177e4
LT		 273 void *sent;
274
9f1db00c 275 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1da177e4 276
a9de9248
MH		 277 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_ENCRYPT_MODE);
278 if (!sent)
279 return;
1da177e4 280
a9de9248
MH		 281 if (!status) {
282 __u8 param = *((__u8 *) sent);
283
284 if (param)
285 set_bit(HCI_ENCRYPT, &hdev->flags);
286 else
287 clear_bit(HCI_ENCRYPT, &hdev->flags);
288 }
a9de9248 289}
1da177e4 290
a9de9248
MH		 291static void hci_cc_write_scan_enable(struct hci_dev *hdev, struct sk_buff *skb)
292{
36f7fc7e
JH		 293 __u8 param, status = *((__u8 *) skb->data);
294 int old_pscan, old_iscan;
a9de9248 295 void *sent;
1da177e4 296
9f1db00c 297 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1da177e4 298
a9de9248
MH		 299 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SCAN_ENABLE);
300 if (!sent)
301 return;
1da177e4 302
36f7fc7e
JH		 303 param = *((__u8 *) sent);
304
56e5cb86
JH		 305 hci_dev_lock(hdev);
306
fa1bd918 307 if (status) {
744cf19e 308 mgmt_write_scan_failed(hdev, param, status);
2d7cee58
JH		 309 hdev->discov_timeout = 0;
310 goto done;
311 }
312
0663ca2a
JH		 313 /* We need to ensure that we set this back on if someone changed
314 * the scan mode through a raw HCI socket.
315 */
316 set_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
317
36f7fc7e
JH		 318 old_pscan = test_and_clear_bit(HCI_PSCAN, &hdev->flags);
319 old_iscan = test_and_clear_bit(HCI_ISCAN, &hdev->flags);
320
321 if (param & SCAN_INQUIRY) {
322 set_bit(HCI_ISCAN, &hdev->flags);
323 if (!old_iscan)
744cf19e 324 mgmt_discoverable(hdev, 1);
36f7fc7e 325 } else if (old_iscan)
744cf19e 326 mgmt_discoverable(hdev, 0);
36f7fc7e
JH		 327
328 if (param & SCAN_PAGE) {
329 set_bit(HCI_PSCAN, &hdev->flags);
330 if (!old_pscan)
744cf19e 331 mgmt_connectable(hdev, 1);
36f7fc7e 332 } else if (old_pscan)
744cf19e 333 mgmt_connectable(hdev, 0);
1da177e4 334
36f7fc7e 335done:
56e5cb86 336 hci_dev_unlock(hdev);
a9de9248 337}
1da177e4 338
a9de9248
MH		 339static void hci_cc_read_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
340{
341 struct hci_rp_read_class_of_dev *rp = (void *) skb->data;
1da177e4 342
9f1db00c 343 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1da177e4 344
a9de9248
MH		 345 if (rp->status)
346 return;
1da177e4 347
a9de9248 348 memcpy(hdev->dev_class, rp->dev_class, 3);
1da177e4 349
a9de9248 350 BT_DBG("%s class 0x%.2x%.2x%.2x", hdev->name,
807deac2 351 hdev->dev_class[2], hdev->dev_class[1], hdev->dev_class[0]);
a9de9248 352}
1da177e4 353
a9de9248
MH		 354static void hci_cc_write_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
355{
356 __u8 status = *((__u8 *) skb->data);
357 void *sent;
1da177e4 358
9f1db00c 359 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1da177e4 360
a9de9248
MH		 361 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_CLASS_OF_DEV);
362 if (!sent)
363 return;
1da177e4 364
7f9a903c
MH		 365 hci_dev_lock(hdev);
366
367 if (status == 0)
368 memcpy(hdev->dev_class, sent, 3);
369
370 if (test_bit(HCI_MGMT, &hdev->dev_flags))
371 mgmt_set_class_of_dev_complete(hdev, sent, status);
372
373 hci_dev_unlock(hdev);
a9de9248 374}
1da177e4 375
a9de9248
MH		 376static void hci_cc_read_voice_setting(struct hci_dev *hdev, struct sk_buff *skb)
377{
378 struct hci_rp_read_voice_setting *rp = (void *) skb->data;
379 __u16 setting;
380
9f1db00c 381 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
a9de9248
MH		 382
383 if (rp->status)
384 return;
385
386 setting = __le16_to_cpu(rp->voice_setting);
387
f383f275 388 if (hdev->voice_setting == setting)
a9de9248
MH		 389 return;
390
391 hdev->voice_setting = setting;
392
9f1db00c 393 BT_DBG("%s voice setting 0x%4.4x", hdev->name, setting);
a9de9248 394
3c54711c 395 if (hdev->notify)
a9de9248 396 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
a9de9248
MH		 397}
398
8fc9ced3
GP		 399static void hci_cc_write_voice_setting(struct hci_dev *hdev,
400 struct sk_buff *skb)
a9de9248
MH		 401{
402 __u8 status = *((__u8 *) skb->data);
f383f275 403 __u16 setting;
a9de9248
MH		 404 void *sent;
405
9f1db00c 406 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1da177e4 407
f383f275
MH		 408 if (status)
409 return;
410
a9de9248
MH		 411 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_VOICE_SETTING);
412 if (!sent)
413 return;
1da177e4 414
f383f275 415 setting = get_unaligned_le16(sent);
1da177e4 416
f383f275
MH		 417 if (hdev->voice_setting == setting)
418 return;
419
420 hdev->voice_setting = setting;
1da177e4 421
9f1db00c 422 BT_DBG("%s voice setting 0x%4.4x", hdev->name, setting);
1da177e4 423
3c54711c 424 if (hdev->notify)
f383f275 425 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
1da177e4
LT		 426}
427
b4cb9fb2
MH		 428static void hci_cc_read_num_supported_iac(struct hci_dev *hdev,
429 struct sk_buff *skb)
430{
431 struct hci_rp_read_num_supported_iac *rp = (void *) skb->data;
432
433 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
434
435 if (rp->status)
436 return;
437
438 hdev->num_iac = rp->num_iac;
439
440 BT_DBG("%s num iac %d", hdev->name, hdev->num_iac);
441}
442
333140b5
MH		 443static void hci_cc_write_ssp_mode(struct hci_dev *hdev, struct sk_buff *skb)
444{
445 __u8 status = *((__u8 *) skb->data);
5ed8eb2f 446 struct hci_cp_write_ssp_mode *sent;
333140b5 447
9f1db00c 448 BT_DBG("%s status 0x%2.2x", hdev->name, status);
333140b5 449
333140b5
MH		 450 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SSP_MODE);
451 if (!sent)
452 return;
453
5ed8eb2f
JH		 454 if (!status) {
455 if (sent->mode)
cad718ed 456 hdev->features[1][0] |= LMP_HOST_SSP;
5ed8eb2f 457 else
cad718ed 458 hdev->features[1][0] &= ~LMP_HOST_SSP;
5ed8eb2f
JH		 459 }
460
ed2c4ee3 461 if (test_bit(HCI_MGMT, &hdev->dev_flags))
5ed8eb2f 462 mgmt_ssp_enable_complete(hdev, sent->mode, status);
c0ecddc2 463 else if (!status) {
5ed8eb2f 464 if (sent->mode)
c0ecddc2
JH		 465 set_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
466 else
467 clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
468 }
333140b5
MH		 469}
470
eac83dc6
MH		 471static void hci_cc_write_sc_support(struct hci_dev *hdev, struct sk_buff *skb)
472{
473 u8 status = *((u8 *) skb->data);
474 struct hci_cp_write_sc_support *sent;
475
476 BT_DBG("%s status 0x%2.2x", hdev->name, status);
477
478 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SC_SUPPORT);
479 if (!sent)
480 return;
481
482 if (!status) {
483 if (sent->support)
484 hdev->features[1][0] |= LMP_HOST_SC;
485 else
486 hdev->features[1][0] &= ~LMP_HOST_SC;
487 }
488
489 if (test_bit(HCI_MGMT, &hdev->dev_flags))
490 mgmt_sc_enable_complete(hdev, sent->support, status);
491 else if (!status) {
492 if (sent->support)
493 set_bit(HCI_SC_ENABLED, &hdev->dev_flags);
494 else
495 clear_bit(HCI_SC_ENABLED, &hdev->dev_flags);
496 }
497}
498
a9de9248
MH		 499static void hci_cc_read_local_version(struct hci_dev *hdev, struct sk_buff *skb)
500{
501 struct hci_rp_read_local_version *rp = (void *) skb->data;
1143e5a6 502
9f1db00c 503 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1143e5a6 504
a9de9248 505 if (rp->status)
42c6b129 506 return;
1143e5a6 507
0d5551f5
MH		 508 if (test_bit(HCI_SETUP, &hdev->dev_flags)) {
509 hdev->hci_ver = rp->hci_ver;
510 hdev->hci_rev = __le16_to_cpu(rp->hci_rev);
511 hdev->lmp_ver = rp->lmp_ver;
512 hdev->manufacturer = __le16_to_cpu(rp->manufacturer);
513 hdev->lmp_subver = __le16_to_cpu(rp->lmp_subver);
514 }
d5859e22
JH		 515}
516
8fc9ced3
GP		 517static void hci_cc_read_local_commands(struct hci_dev *hdev,
518 struct sk_buff *skb)
a9de9248
MH		 519{
520 struct hci_rp_read_local_commands *rp = (void *) skb->data;
1da177e4 521
9f1db00c 522 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1da177e4 523
6a070e6e
MH		 524 if (rp->status)
525 return;
526
527 if (test_bit(HCI_SETUP, &hdev->dev_flags))
2177bab5 528 memcpy(hdev->commands, rp->commands, sizeof(hdev->commands));
a9de9248 529}
1da177e4 530
8fc9ced3
GP		 531static void hci_cc_read_local_features(struct hci_dev *hdev,
532 struct sk_buff *skb)
a9de9248
MH		 533{
534 struct hci_rp_read_local_features *rp = (void *) skb->data;
5b7f9909 535
9f1db00c 536 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1da177e4 537
a9de9248
MH		 538 if (rp->status)
539 return;
5b7f9909 540
a9de9248 541 memcpy(hdev->features, rp->features, 8);
5b7f9909 542
a9de9248
MH		 543 /* Adjust default settings according to features
544 * supported by device. */
1da177e4 545
cad718ed 546 if (hdev->features[0][0] & LMP_3SLOT)
a9de9248 547 hdev->pkt_type |= (HCI_DM3 | HCI_DH3);
1da177e4 548
cad718ed 549 if (hdev->features[0][0] & LMP_5SLOT)
a9de9248 550 hdev->pkt_type |= (HCI_DM5 | HCI_DH5);
1da177e4 551
cad718ed 552 if (hdev->features[0][1] & LMP_HV2) {
a9de9248
MH		 553 hdev->pkt_type |= (HCI_HV2);
554 hdev->esco_type |= (ESCO_HV2);
555 }
1da177e4 556
cad718ed 557 if (hdev->features[0][1] & LMP_HV3) {
a9de9248
MH		 558 hdev->pkt_type |= (HCI_HV3);
559 hdev->esco_type |= (ESCO_HV3);
560 }
1da177e4 561
45db810f 562 if (lmp_esco_capable(hdev))
a9de9248 563 hdev->esco_type |= (ESCO_EV3);
da1f5198 564
cad718ed 565 if (hdev->features[0][4] & LMP_EV4)
a9de9248 566 hdev->esco_type |= (ESCO_EV4);
da1f5198 567
cad718ed 568 if (hdev->features[0][4] & LMP_EV5)
a9de9248 569 hdev->esco_type |= (ESCO_EV5);
1da177e4 570
cad718ed 571 if (hdev->features[0][5] & LMP_EDR_ESCO_2M)
efc7688b
MH		 572 hdev->esco_type |= (ESCO_2EV3);
573
cad718ed 574 if (hdev->features[0][5] & LMP_EDR_ESCO_3M)
efc7688b
MH		 575 hdev->esco_type |= (ESCO_3EV3);
576
cad718ed 577 if (hdev->features[0][5] & LMP_EDR_3S_ESCO)
efc7688b 578 hdev->esco_type |= (ESCO_2EV5 | ESCO_3EV5);
a9de9248 579}
1da177e4 580
971e3a4b 581static void hci_cc_read_local_ext_features(struct hci_dev *hdev,
807deac2 582 struct sk_buff *skb)
971e3a4b
AG		 583{
584 struct hci_rp_read_local_ext_features *rp = (void *) skb->data;
585
9f1db00c 586 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
971e3a4b
AG		 587
588 if (rp->status)
42c6b129 589 return;
971e3a4b 590
57af75a8
MH		 591 if (hdev->max_page < rp->max_page)
592 hdev->max_page = rp->max_page;
d2c5d77f 593
cad718ed
JH		 594 if (rp->page < HCI_MAX_PAGES)
595 memcpy(hdev->features[rp->page], rp->features, 8);
971e3a4b
AG		 596}
597
1e89cffb 598static void hci_cc_read_flow_control_mode(struct hci_dev *hdev,
807deac2 599 struct sk_buff *skb)
1e89cffb
AE		 600{
601 struct hci_rp_read_flow_control_mode *rp = (void *) skb->data;
602
9f1db00c 603 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1e89cffb 604
42c6b129
JH		 605 if (!rp->status)
606 hdev->flow_ctl_mode = rp->mode;
1e89cffb
AE		 607}
608
a9de9248
MH		 609static void hci_cc_read_buffer_size(struct hci_dev *hdev, struct sk_buff *skb)
610{
611 struct hci_rp_read_buffer_size *rp = (void *) skb->data;
1da177e4 612
9f1db00c 613 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1da177e4 614
a9de9248
MH		 615 if (rp->status)
616 return;
1da177e4 617
a9de9248
MH		 618 hdev->acl_mtu = __le16_to_cpu(rp->acl_mtu);
619 hdev->sco_mtu = rp->sco_mtu;
620 hdev->acl_pkts = __le16_to_cpu(rp->acl_max_pkt);
621 hdev->sco_pkts = __le16_to_cpu(rp->sco_max_pkt);
622
623 if (test_bit(HCI_QUIRK_FIXUP_BUFFER_SIZE, &hdev->quirks)) {
624 hdev->sco_mtu = 64;
625 hdev->sco_pkts = 8;
1da177e4 626 }
a9de9248
MH		 627
628 hdev->acl_cnt = hdev->acl_pkts;
629 hdev->sco_cnt = hdev->sco_pkts;
630
807deac2
GP		 631 BT_DBG("%s acl mtu %d:%d sco mtu %d:%d", hdev->name, hdev->acl_mtu,
632 hdev->acl_pkts, hdev->sco_mtu, hdev->sco_pkts);
a9de9248
MH		 633}
634
635static void hci_cc_read_bd_addr(struct hci_dev *hdev, struct sk_buff *skb)
636{
637 struct hci_rp_read_bd_addr *rp = (void *) skb->data;
638
9f1db00c 639 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
a9de9248
MH		 640
641 if (!rp->status)
642 bacpy(&hdev->bdaddr, &rp->bdaddr);
23bb5763
JH		 643}
644
f332ec66
JH		 645static void hci_cc_read_page_scan_activity(struct hci_dev *hdev,
646 struct sk_buff *skb)
647{
648 struct hci_rp_read_page_scan_activity *rp = (void *) skb->data;
649
650 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
651
652 if (test_bit(HCI_INIT, &hdev->flags) && !rp->status) {
653 hdev->page_scan_interval = __le16_to_cpu(rp->interval);
654 hdev->page_scan_window = __le16_to_cpu(rp->window);
655 }
656}
657
4a3ee763
JH		 658static void hci_cc_write_page_scan_activity(struct hci_dev *hdev,
659 struct sk_buff *skb)
660{
661 u8 status = *((u8 *) skb->data);
662 struct hci_cp_write_page_scan_activity *sent;
663
664 BT_DBG("%s status 0x%2.2x", hdev->name, status);
665
666 if (status)
667 return;
668
669 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY);
670 if (!sent)
671 return;
672
673 hdev->page_scan_interval = __le16_to_cpu(sent->interval);
674 hdev->page_scan_window = __le16_to_cpu(sent->window);
675}
676
f332ec66
JH		 677static void hci_cc_read_page_scan_type(struct hci_dev *hdev,
678 struct sk_buff *skb)
679{
680 struct hci_rp_read_page_scan_type *rp = (void *) skb->data;
681
682 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
683
684 if (test_bit(HCI_INIT, &hdev->flags) && !rp->status)
685 hdev->page_scan_type = rp->type;
686}
687
4a3ee763
JH		 688static void hci_cc_write_page_scan_type(struct hci_dev *hdev,
689 struct sk_buff *skb)
690{
691 u8 status = *((u8 *) skb->data);
692 u8 *type;
693
694 BT_DBG("%s status 0x%2.2x", hdev->name, status);
695
696 if (status)
697 return;
698
699 type = hci_sent_cmd_data(hdev, HCI_OP_WRITE_PAGE_SCAN_TYPE);
700 if (type)
701 hdev->page_scan_type = *type;
702}
703
350ee4cf 704static void hci_cc_read_data_block_size(struct hci_dev *hdev,
807deac2 705 struct sk_buff *skb)
350ee4cf
AE		 706{
707 struct hci_rp_read_data_block_size *rp = (void *) skb->data;
708
9f1db00c 709 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
350ee4cf
AE		 710
711 if (rp->status)
712 return;
713
714 hdev->block_mtu = __le16_to_cpu(rp->max_acl_len);
715 hdev->block_len = __le16_to_cpu(rp->block_len);
716 hdev->num_blocks = __le16_to_cpu(rp->num_blocks);
717
718 hdev->block_cnt = hdev->num_blocks;
719
720 BT_DBG("%s blk mtu %d cnt %d len %d", hdev->name, hdev->block_mtu,
807deac2 721 hdev->block_cnt, hdev->block_len);
350ee4cf
AE		 722}
723
33f35721
JH		 724static void hci_cc_read_clock(struct hci_dev *hdev, struct sk_buff *skb)
725{
726 struct hci_rp_read_clock *rp = (void *) skb->data;
727 struct hci_cp_read_clock *cp;
728 struct hci_conn *conn;
729
730 BT_DBG("%s", hdev->name);
731
732 if (skb->len < sizeof(*rp))
733 return;
734
735 if (rp->status)
736 return;
737
738 hci_dev_lock(hdev);
739
740 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_CLOCK);
741 if (!cp)
742 goto unlock;
743
744 if (cp->which == 0x00) {
745 hdev->clock = le32_to_cpu(rp->clock);
746 goto unlock;
747 }
748
749 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
750 if (conn) {
751 conn->clock = le32_to_cpu(rp->clock);
752 conn->clock_accuracy = le16_to_cpu(rp->accuracy);
753 }
754
755unlock:
756 hci_dev_unlock(hdev);
757}
758
928abaa7 759static void hci_cc_read_local_amp_info(struct hci_dev *hdev,
807deac2 760 struct sk_buff *skb)
928abaa7
AE		 761{
762 struct hci_rp_read_local_amp_info *rp = (void *) skb->data;
763
9f1db00c 764 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
928abaa7
AE		 765
766 if (rp->status)
8e2a0d92 767 goto a2mp_rsp;
928abaa7
AE		 768
769 hdev->amp_status = rp->amp_status;
770 hdev->amp_total_bw = __le32_to_cpu(rp->total_bw);
771 hdev->amp_max_bw = __le32_to_cpu(rp->max_bw);
772 hdev->amp_min_latency = __le32_to_cpu(rp->min_latency);
773 hdev->amp_max_pdu = __le32_to_cpu(rp->max_pdu);
774 hdev->amp_type = rp->amp_type;
775 hdev->amp_pal_cap = __le16_to_cpu(rp->pal_cap);
776 hdev->amp_assoc_size = __le16_to_cpu(rp->max_assoc_size);
777 hdev->amp_be_flush_to = __le32_to_cpu(rp->be_flush_to);
778 hdev->amp_max_flush_to = __le32_to_cpu(rp->max_flush_to);
779
8e2a0d92
AE		 780a2mp_rsp:
781 a2mp_send_getinfo_rsp(hdev);
928abaa7
AE		 782}
783
903e4541
AE		 784static void hci_cc_read_local_amp_assoc(struct hci_dev *hdev,
785 struct sk_buff *skb)
786{
787 struct hci_rp_read_local_amp_assoc *rp = (void *) skb->data;
788 struct amp_assoc *assoc = &hdev->loc_assoc;
789 size_t rem_len, frag_len;
790
791 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
792
793 if (rp->status)
794 goto a2mp_rsp;
795
796 frag_len = skb->len - sizeof(*rp);
797 rem_len = __le16_to_cpu(rp->rem_len);
798
799 if (rem_len > frag_len) {
2e430be3 800 BT_DBG("frag_len %zu rem_len %zu", frag_len, rem_len);
903e4541
AE		 801
802 memcpy(assoc->data + assoc->offset, rp->frag, frag_len);
803 assoc->offset += frag_len;
804
805 /* Read other fragments */
806 amp_read_loc_assoc_frag(hdev, rp->phy_handle);
807
808 return;
809 }
810
811 memcpy(assoc->data + assoc->offset, rp->frag, rem_len);
812 assoc->len = assoc->offset + rem_len;
813 assoc->offset = 0;
814
815a2mp_rsp:
816 /* Send A2MP Rsp when all fragments are received */
817 a2mp_send_getampassoc_rsp(hdev, rp->status);
9495b2ee 818 a2mp_send_create_phy_link_req(hdev, rp->status);
903e4541
AE		 819}
820
d5859e22 821static void hci_cc_read_inq_rsp_tx_power(struct hci_dev *hdev,
807deac2 822 struct sk_buff *skb)
d5859e22 823{
91c4e9b1 824 struct hci_rp_read_inq_rsp_tx_power *rp = (void *) skb->data;
d5859e22 825
9f1db00c 826 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
91c4e9b1
MH		 827
828 if (!rp->status)
829 hdev->inq_tx_power = rp->tx_power;
d5859e22
JH		 830}
831
980e1a53
JH		 832static void hci_cc_pin_code_reply(struct hci_dev *hdev, struct sk_buff *skb)
833{
834 struct hci_rp_pin_code_reply *rp = (void *) skb->data;
835 struct hci_cp_pin_code_reply *cp;
836 struct hci_conn *conn;
837
9f1db00c 838 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
980e1a53 839
56e5cb86
JH		 840 hci_dev_lock(hdev);
841
a8b2d5c2 842 if (test_bit(HCI_MGMT, &hdev->dev_flags))
744cf19e 843 mgmt_pin_code_reply_complete(hdev, &rp->bdaddr, rp->status);
980e1a53 844
fa1bd918 845 if (rp->status)
56e5cb86 846 goto unlock;
980e1a53
JH		 847
848 cp = hci_sent_cmd_data(hdev, HCI_OP_PIN_CODE_REPLY);
849 if (!cp)
56e5cb86 850 goto unlock;
980e1a53
JH		 851
852 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
853 if (conn)
854 conn->pin_length = cp->pin_len;
56e5cb86
JH		 855
856unlock:
857 hci_dev_unlock(hdev);
980e1a53
JH		 858}
859
860static void hci_cc_pin_code_neg_reply(struct hci_dev *hdev, struct sk_buff *skb)
861{
862 struct hci_rp_pin_code_neg_reply *rp = (void *) skb->data;
863
9f1db00c 864 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
980e1a53 865
56e5cb86
JH		 866 hci_dev_lock(hdev);
867
a8b2d5c2 868 if (test_bit(HCI_MGMT, &hdev->dev_flags))
744cf19e 869 mgmt_pin_code_neg_reply_complete(hdev, &rp->bdaddr,
807deac2 870 rp->status);
56e5cb86
JH		 871
872 hci_dev_unlock(hdev);
980e1a53 873}
56e5cb86 874
6ed58ec5
VT		 875static void hci_cc_le_read_buffer_size(struct hci_dev *hdev,
876 struct sk_buff *skb)
877{
878 struct hci_rp_le_read_buffer_size *rp = (void *) skb->data;
879
9f1db00c 880 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
6ed58ec5
VT		 881
882 if (rp->status)
883 return;
884
885 hdev->le_mtu = __le16_to_cpu(rp->le_mtu);
886 hdev->le_pkts = rp->le_max_pkt;
887
888 hdev->le_cnt = hdev->le_pkts;
889
890 BT_DBG("%s le mtu %d:%d", hdev->name, hdev->le_mtu, hdev->le_pkts);
6ed58ec5 891}
980e1a53 892
60e77321
JH		 893static void hci_cc_le_read_local_features(struct hci_dev *hdev,
894 struct sk_buff *skb)
895{
896 struct hci_rp_le_read_local_features *rp = (void *) skb->data;
897
898 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
899
900 if (!rp->status)
901 memcpy(hdev->le_features, rp->features, 8);
60e77321
JH		 902}
903
8fa19098
JH		 904static void hci_cc_le_read_adv_tx_power(struct hci_dev *hdev,
905 struct sk_buff *skb)
906{
907 struct hci_rp_le_read_adv_tx_power *rp = (void *) skb->data;
908
909 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
910
04b4edcb 911 if (!rp->status)
8fa19098 912 hdev->adv_tx_power = rp->tx_power;
8fa19098
JH		 913}
914
a5c29683
JH		 915static void hci_cc_user_confirm_reply(struct hci_dev *hdev, struct sk_buff *skb)
916{
917 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
918
9f1db00c 919 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
a5c29683 920
56e5cb86
JH		 921 hci_dev_lock(hdev);
922
a8b2d5c2 923 if (test_bit(HCI_MGMT, &hdev->dev_flags))
04124681
GP		 924 mgmt_user_confirm_reply_complete(hdev, &rp->bdaddr, ACL_LINK, 0,
925 rp->status);
56e5cb86
JH		 926
927 hci_dev_unlock(hdev);
a5c29683
JH		 928}
929
930static void hci_cc_user_confirm_neg_reply(struct hci_dev *hdev,
807deac2 931 struct sk_buff *skb)
a5c29683
JH		 932{
933 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
934
9f1db00c 935 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
a5c29683 936
56e5cb86
JH		 937 hci_dev_lock(hdev);
938
a8b2d5c2 939 if (test_bit(HCI_MGMT, &hdev->dev_flags))
744cf19e 940 mgmt_user_confirm_neg_reply_complete(hdev, &rp->bdaddr,
04124681 941 ACL_LINK, 0, rp->status);
56e5cb86
JH		 942
943 hci_dev_unlock(hdev);
a5c29683
JH		 944}
945
1143d458
BG		 946static void hci_cc_user_passkey_reply(struct hci_dev *hdev, struct sk_buff *skb)
947{
948 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
949
9f1db00c 950 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1143d458
BG		 951
952 hci_dev_lock(hdev);
953
a8b2d5c2 954 if (test_bit(HCI_MGMT, &hdev->dev_flags))
272d90df 955 mgmt_user_passkey_reply_complete(hdev, &rp->bdaddr, ACL_LINK,
04124681 956 0, rp->status);
1143d458
BG		 957
958 hci_dev_unlock(hdev);
959}
960
961static void hci_cc_user_passkey_neg_reply(struct hci_dev *hdev,
807deac2 962 struct sk_buff *skb)
1143d458
BG		 963{
964 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
965
9f1db00c 966 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1143d458
BG		 967
968 hci_dev_lock(hdev);
969
a8b2d5c2 970 if (test_bit(HCI_MGMT, &hdev->dev_flags))
1143d458 971 mgmt_user_passkey_neg_reply_complete(hdev, &rp->bdaddr,
04124681 972 ACL_LINK, 0, rp->status);
1143d458
BG		 973
974 hci_dev_unlock(hdev);
975}
976
4d2d2796
MH		 977static void hci_cc_read_local_oob_data(struct hci_dev *hdev,
978 struct sk_buff *skb)
c35938b2
SJ		 979{
980 struct hci_rp_read_local_oob_data *rp = (void *) skb->data;
981
9f1db00c 982 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
c35938b2 983
56e5cb86 984 hci_dev_lock(hdev);
4d2d2796
MH		 985 mgmt_read_local_oob_data_complete(hdev, rp->hash, rp->randomizer,
986 NULL, NULL, rp->status);
987 hci_dev_unlock(hdev);
988}
989
990static void hci_cc_read_local_oob_ext_data(struct hci_dev *hdev,
991 struct sk_buff *skb)
992{
993 struct hci_rp_read_local_oob_ext_data *rp = (void *) skb->data;
994
995 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
996
997 hci_dev_lock(hdev);
998 mgmt_read_local_oob_data_complete(hdev, rp->hash192, rp->randomizer192,
999 rp->hash256, rp->randomizer256,
1000 rp->status);
56e5cb86 1001 hci_dev_unlock(hdev);
c35938b2
SJ		 1002}
1003
7a4cd51d
MH		 1004
1005static void hci_cc_le_set_random_addr(struct hci_dev *hdev, struct sk_buff *skb)
1006{
1007 __u8 status = *((__u8 *) skb->data);
1008 bdaddr_t *sent;
1009
1010 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1011
1012 sent = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_RANDOM_ADDR);
1013 if (!sent)
1014 return;
1015
1016 hci_dev_lock(hdev);
1017
1018 if (!status)
1019 bacpy(&hdev->random_addr, sent);
1020
1021 hci_dev_unlock(hdev);
1022}
1023
c1d5dc4a
JH		 1024static void hci_cc_le_set_adv_enable(struct hci_dev *hdev, struct sk_buff *skb)
1025{
1026 __u8 *sent, status = *((__u8 *) skb->data);
1027
1028 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1029
1030 sent = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_ADV_ENABLE);
1031 if (!sent)
1032 return;
1033
3c857757
JH		 1034 if (status)
1035 return;
1036
c1d5dc4a
JH		 1037 hci_dev_lock(hdev);
1038
3c857757
JH		 1039 /* If we're doing connection initation as peripheral. Set a
1040 * timeout in case something goes wrong.
1041 */
1042 if (*sent) {
1043 struct hci_conn *conn;
1044
1045 conn = hci_conn_hash_lookup_state(hdev, LE_LINK, BT_CONNECT);
1046 if (conn)
1047 queue_delayed_work(hdev->workqueue,
1048 &conn->le_conn_timeout,
1049 HCI_LE_CONN_TIMEOUT);
1050 }
1051
1052 mgmt_advertising(hdev, *sent);
c1d5dc4a 1053
04b4edcb 1054 hci_dev_unlock(hdev);
c1d5dc4a
JH		 1055}
1056
533553f8
MH		 1057static void hci_cc_le_set_scan_param(struct hci_dev *hdev, struct sk_buff *skb)
1058{
1059 struct hci_cp_le_set_scan_param *cp;
1060 __u8 status = *((__u8 *) skb->data);
1061
1062 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1063
1064 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_SCAN_PARAM);
1065 if (!cp)
1066 return;
1067
1068 hci_dev_lock(hdev);
1069
1070 if (!status)
1071 hdev->le_scan_type = cp->type;
1072
1073 hci_dev_unlock(hdev);
1074}
1075
b9a6328f
JH		 1076static bool has_pending_adv_report(struct hci_dev *hdev)
1077{
1078 struct discovery_state *d = &hdev->discovery;
1079
1080 return bacmp(&d->last_adv_addr, BDADDR_ANY);
1081}
1082
1083static void clear_pending_adv_report(struct hci_dev *hdev)
1084{
1085 struct discovery_state *d = &hdev->discovery;
1086
1087 bacpy(&d->last_adv_addr, BDADDR_ANY);
1088 d->last_adv_data_len = 0;
1089}
1090
1091static void store_pending_adv_report(struct hci_dev *hdev, bdaddr_t *bdaddr,
c70a7e4c
MH		 1092 u8 bdaddr_type, s8 rssi, u32 flags,
1093 u8 *data, u8 len)
b9a6328f
JH		 1094{
1095 struct discovery_state *d = &hdev->discovery;
1096
1097 bacpy(&d->last_adv_addr, bdaddr);
1098 d->last_adv_addr_type = bdaddr_type;
ff5cd29f 1099 d->last_adv_rssi = rssi;
c70a7e4c 1100 d->last_adv_flags = flags;
b9a6328f
JH		 1101 memcpy(d->last_adv_data, data, len);
1102 d->last_adv_data_len = len;
1103}
1104
eb9d91f5 1105static void hci_cc_le_set_scan_enable(struct hci_dev *hdev,
807deac2 1106 struct sk_buff *skb)
eb9d91f5
AG		 1107{
1108 struct hci_cp_le_set_scan_enable *cp;
1109 __u8 status = *((__u8 *) skb->data);
1110
9f1db00c 1111 BT_DBG("%s status 0x%2.2x", hdev->name, status);
eb9d91f5 1112
eb9d91f5
AG		 1113 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_SCAN_ENABLE);
1114 if (!cp)
1115 return;
1116
3fd319b8
AG		 1117 if (status)
1118 return;
1119
68a8aea4 1120 switch (cp->enable) {
76a388be 1121 case LE_SCAN_ENABLE:
d23264a8 1122 set_bit(HCI_LE_SCAN, &hdev->dev_flags);
b9a6328f
JH		 1123 if (hdev->le_scan_type == LE_SCAN_ACTIVE)
1124 clear_pending_adv_report(hdev);
68a8aea4
AE		 1125 break;
1126
76a388be 1127 case LE_SCAN_DISABLE:
b9a6328f
JH		 1128 /* We do this here instead of when setting DISCOVERY_STOPPED
1129 * since the latter would potentially require waiting for
1130 * inquiry to stop too.
1131 */
1132 if (has_pending_adv_report(hdev)) {
1133 struct discovery_state *d = &hdev->discovery;
1134
1135 mgmt_device_found(hdev, &d->last_adv_addr, LE_LINK,
ab0aa433 1136 d->last_adv_addr_type, NULL,
c70a7e4c 1137 d->last_adv_rssi, d->last_adv_flags,
ab0aa433 1138 d->last_adv_data,
b9a6328f
JH		 1139 d->last_adv_data_len, NULL, 0);
1140 }
1141
317ac8cb
JH		 1142 /* Cancel this timer so that we don't try to disable scanning
1143 * when it's already disabled.
1144 */
1145 cancel_delayed_work(&hdev->le_scan_disable);
1146
d23264a8 1147 clear_bit(HCI_LE_SCAN, &hdev->dev_flags);
81ad6fd9
JH		 1148 /* The HCI_LE_SCAN_INTERRUPTED flag indicates that we
1149 * interrupted scanning due to a connect request. Mark
1150 * therefore discovery as stopped.
1151 */
1152 if (test_and_clear_bit(HCI_LE_SCAN_INTERRUPTED,
1153 &hdev->dev_flags))
1154 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
68a8aea4
AE		 1155 break;
1156
1157 default:
1158 BT_ERR("Used reserved LE_Scan_Enable param %d", cp->enable);
1159 break;
35815085 1160 }
eb9d91f5
AG		 1161}
1162
cf1d081f
JH		 1163static void hci_cc_le_read_white_list_size(struct hci_dev *hdev,
1164 struct sk_buff *skb)
1165{
1166 struct hci_rp_le_read_white_list_size *rp = (void *) skb->data;
1167
1168 BT_DBG("%s status 0x%2.2x size %u", hdev->name, rp->status, rp->size);
1169
1170 if (!rp->status)
1171 hdev->le_white_list_size = rp->size;
cf1d081f
JH		 1172}
1173
0f36b589
MH		 1174static void hci_cc_le_clear_white_list(struct hci_dev *hdev,
1175 struct sk_buff *skb)
1176{
1177 __u8 status = *((__u8 *) skb->data);
1178
1179 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1180
1181 if (!status)
1182 hci_white_list_clear(hdev);
1183}
1184
1185static void hci_cc_le_add_to_white_list(struct hci_dev *hdev,
1186 struct sk_buff *skb)
1187{
1188 struct hci_cp_le_add_to_white_list *sent;
1189 __u8 status = *((__u8 *) skb->data);
1190
1191 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1192
1193 sent = hci_sent_cmd_data(hdev, HCI_OP_LE_ADD_TO_WHITE_LIST);
1194 if (!sent)
1195 return;
1196
1197 if (!status)
1198 hci_white_list_add(hdev, &sent->bdaddr, sent->bdaddr_type);
1199}
1200
1201static void hci_cc_le_del_from_white_list(struct hci_dev *hdev,
1202 struct sk_buff *skb)
1203{
1204 struct hci_cp_le_del_from_white_list *sent;
1205 __u8 status = *((__u8 *) skb->data);
1206
1207 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1208
1209 sent = hci_sent_cmd_data(hdev, HCI_OP_LE_DEL_FROM_WHITE_LIST);
1210 if (!sent)
1211 return;
1212
1213 if (!status)
1214 hci_white_list_del(hdev, &sent->bdaddr, sent->bdaddr_type);
1215}
1216
9b008c04
JH		 1217static void hci_cc_le_read_supported_states(struct hci_dev *hdev,
1218 struct sk_buff *skb)
1219{
1220 struct hci_rp_le_read_supported_states *rp = (void *) skb->data;
1221
1222 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1223
1224 if (!rp->status)
1225 memcpy(hdev->le_states, rp->le_states, 8);
9b008c04
JH		 1226}
1227
6039aa73
GP		 1228static void hci_cc_write_le_host_supported(struct hci_dev *hdev,
1229 struct sk_buff *skb)
f9b49306 1230{
06199cf8 1231 struct hci_cp_write_le_host_supported *sent;
f9b49306
AG		 1232 __u8 status = *((__u8 *) skb->data);
1233
9f1db00c 1234 BT_DBG("%s status 0x%2.2x", hdev->name, status);
f9b49306 1235
06199cf8 1236 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED);
8f984dfa 1237 if (!sent)
f9b49306
AG		 1238 return;
1239
8f984dfa 1240 if (!status) {
416a4ae5 1241 if (sent->le) {
cad718ed 1242 hdev->features[1][0] |= LMP_HOST_LE;
416a4ae5
JH		 1243 set_bit(HCI_LE_ENABLED, &hdev->dev_flags);
1244 } else {
cad718ed 1245 hdev->features[1][0] &= ~LMP_HOST_LE;
416a4ae5 1246 clear_bit(HCI_LE_ENABLED, &hdev->dev_flags);
f3d3444a 1247 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
416a4ae5 1248 }
53b2caab
JH		 1249
1250 if (sent->simul)
cad718ed 1251 hdev->features[1][0] |= LMP_HOST_LE_BREDR;
53b2caab 1252 else
cad718ed 1253 hdev->features[1][0] &= ~LMP_HOST_LE_BREDR;
8f984dfa 1254 }
f9b49306
AG		 1255}
1256
56ed2cb8
JH		 1257static void hci_cc_set_adv_param(struct hci_dev *hdev, struct sk_buff *skb)
1258{
1259 struct hci_cp_le_set_adv_param *cp;
1260 u8 status = *((u8 *) skb->data);
1261
1262 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1263
1264 if (status)
1265 return;
1266
1267 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_ADV_PARAM);
1268 if (!cp)
1269 return;
1270
1271 hci_dev_lock(hdev);
1272 hdev->adv_addr_type = cp->own_address_type;
1273 hci_dev_unlock(hdev);
1274}
1275
93c284ee
AE		 1276static void hci_cc_write_remote_amp_assoc(struct hci_dev *hdev,
1277 struct sk_buff *skb)
1278{
1279 struct hci_rp_write_remote_amp_assoc *rp = (void *) skb->data;
1280
1281 BT_DBG("%s status 0x%2.2x phy_handle 0x%2.2x",
1282 hdev->name, rp->status, rp->phy_handle);
1283
1284 if (rp->status)
1285 return;
1286
1287 amp_write_rem_assoc_continue(hdev, rp->phy_handle);
1288}
1289
5ae76a94
AK		 1290static void hci_cc_read_rssi(struct hci_dev *hdev, struct sk_buff *skb)
1291{
1292 struct hci_rp_read_rssi *rp = (void *) skb->data;
1293 struct hci_conn *conn;
1294
1295 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1296
1297 if (rp->status)
1298 return;
1299
1300 hci_dev_lock(hdev);
1301
1302 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
1303 if (conn)
1304 conn->rssi = rp->rssi;
1305
1306 hci_dev_unlock(hdev);
1307}
1308
5a134fae
AK		 1309static void hci_cc_read_tx_power(struct hci_dev *hdev, struct sk_buff *skb)
1310{
1311 struct hci_cp_read_tx_power *sent;
1312 struct hci_rp_read_tx_power *rp = (void *) skb->data;
1313 struct hci_conn *conn;
1314
1315 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1316
1317 if (rp->status)
1318 return;
1319
1320 sent = hci_sent_cmd_data(hdev, HCI_OP_READ_TX_POWER);
1321 if (!sent)
1322 return;
1323
1324 hci_dev_lock(hdev);
1325
1326 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
d0455ed9
AK		 1327 if (!conn)
1328 goto unlock;
1329
1330 switch (sent->type) {
1331 case 0x00:
5a134fae 1332 conn->tx_power = rp->tx_power;
d0455ed9
AK		 1333 break;
1334 case 0x01:
1335 conn->max_tx_power = rp->tx_power;
1336 break;
1337 }
5a134fae 1338
d0455ed9 1339unlock:
5a134fae
AK		 1340 hci_dev_unlock(hdev);
1341}
1342
6039aa73 1343static void hci_cs_inquiry(struct hci_dev *hdev, __u8 status)
a9de9248 1344{
9f1db00c 1345 BT_DBG("%s status 0x%2.2x", hdev->name, status);
a9de9248
MH		 1346
1347 if (status) {
a9de9248 1348 hci_conn_check_pending(hdev);
314b2381
JH		 1349 return;
1350 }
1351
89352e7d 1352 set_bit(HCI_INQUIRY, &hdev->flags);
1da177e4
LT		 1353}
1354
6039aa73 1355static void hci_cs_create_conn(struct hci_dev *hdev, __u8 status)
1da177e4 1356{
a9de9248 1357 struct hci_cp_create_conn *cp;
1da177e4 1358 struct hci_conn *conn;
1da177e4 1359
9f1db00c 1360 BT_DBG("%s status 0x%2.2x", hdev->name, status);
a9de9248
MH		 1361
1362 cp = hci_sent_cmd_data(hdev, HCI_OP_CREATE_CONN);
1da177e4
LT		 1363 if (!cp)
1364 return;
1365
1366 hci_dev_lock(hdev);
1367
1368 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1369
6ed93dc6 1370 BT_DBG("%s bdaddr %pMR hcon %p", hdev->name, &cp->bdaddr, conn);
1da177e4
LT		 1371
1372 if (status) {
1373 if (conn && conn->state == BT_CONNECT) {
4c67bc74
MH		 1374 if (status != 0x0c || conn->attempt > 2) {
1375 conn->state = BT_CLOSED;
1376 hci_proto_connect_cfm(conn, status);
1377 hci_conn_del(conn);
1378 } else
1379 conn->state = BT_CONNECT2;
1da177e4
LT		 1380 }
1381 } else {
1382 if (!conn) {
1383 conn = hci_conn_add(hdev, ACL_LINK, &cp->bdaddr);
1384 if (conn) {
a0c808b3 1385 conn->out = true;
4dae2798 1386 set_bit(HCI_CONN_MASTER, &conn->flags);
1da177e4 1387 } else
893ef971 1388 BT_ERR("No memory for new connection");
1da177e4
LT		 1389 }
1390 }
1391
1392 hci_dev_unlock(hdev);
1393}
1394
a9de9248 1395static void hci_cs_add_sco(struct hci_dev *hdev, __u8 status)
1da177e4 1396{
a9de9248
MH		 1397 struct hci_cp_add_sco *cp;
1398 struct hci_conn *acl, *sco;
1399 __u16 handle;
1da177e4 1400
9f1db00c 1401 BT_DBG("%s status 0x%2.2x", hdev->name, status);
b6a0dc82 1402
a9de9248
MH		 1403 if (!status)
1404 return;
1da177e4 1405
a9de9248
MH		 1406 cp = hci_sent_cmd_data(hdev, HCI_OP_ADD_SCO);
1407 if (!cp)
1408 return;
1da177e4 1409
a9de9248 1410 handle = __le16_to_cpu(cp->handle);
1da177e4 1411
9f1db00c 1412 BT_DBG("%s handle 0x%4.4x", hdev->name, handle);
1da177e4 1413
a9de9248 1414 hci_dev_lock(hdev);
1da177e4 1415
a9de9248 1416 acl = hci_conn_hash_lookup_handle(hdev, handle);
5a08ecce
AE		 1417 if (acl) {
1418 sco = acl->link;
1419 if (sco) {
1420 sco->state = BT_CLOSED;
1da177e4 1421
5a08ecce
AE		 1422 hci_proto_connect_cfm(sco, status);
1423 hci_conn_del(sco);
1424 }
a9de9248 1425 }
1da177e4 1426
a9de9248
MH		 1427 hci_dev_unlock(hdev);
1428}
1da177e4 1429
f8558555
MH		 1430static void hci_cs_auth_requested(struct hci_dev *hdev, __u8 status)
1431{
1432 struct hci_cp_auth_requested *cp;
1433 struct hci_conn *conn;
1434
9f1db00c 1435 BT_DBG("%s status 0x%2.2x", hdev->name, status);
f8558555
MH		 1436
1437 if (!status)
1438 return;
1439
1440 cp = hci_sent_cmd_data(hdev, HCI_OP_AUTH_REQUESTED);
1441 if (!cp)
1442 return;
1443
1444 hci_dev_lock(hdev);
1445
1446 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1447 if (conn) {
1448 if (conn->state == BT_CONFIG) {
1449 hci_proto_connect_cfm(conn, status);
76a68ba0 1450 hci_conn_drop(conn);
f8558555
MH		 1451 }
1452 }
1453
1454 hci_dev_unlock(hdev);
1455}
1456
1457static void hci_cs_set_conn_encrypt(struct hci_dev *hdev, __u8 status)
1458{
1459 struct hci_cp_set_conn_encrypt *cp;
1460 struct hci_conn *conn;
1461
9f1db00c 1462 BT_DBG("%s status 0x%2.2x", hdev->name, status);
f8558555
MH		 1463
1464 if (!status)
1465 return;
1466
1467 cp = hci_sent_cmd_data(hdev, HCI_OP_SET_CONN_ENCRYPT);
1468 if (!cp)
1469 return;
1470
1471 hci_dev_lock(hdev);
1472
1473 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1474 if (conn) {
1475 if (conn->state == BT_CONFIG) {
1476 hci_proto_connect_cfm(conn, status);
76a68ba0 1477 hci_conn_drop(conn);
f8558555
MH		 1478 }
1479 }
1480
1481 hci_dev_unlock(hdev);
1482}
1483
127178d2 1484static int hci_outgoing_auth_needed(struct hci_dev *hdev,
807deac2 1485 struct hci_conn *conn)
392599b9 1486{
392599b9
JH		 1487 if (conn->state != BT_CONFIG || !conn->out)
1488 return 0;
1489
765c2a96 1490 if (conn->pending_sec_level == BT_SECURITY_SDP)
392599b9
JH		 1491 return 0;
1492
1493 /* Only request authentication for SSP connections or non-SSP
264b8b4e
JH		 1494 * devices with sec_level MEDIUM or HIGH or if MITM protection
1495 * is requested.
1496 */
807deac2 1497 if (!hci_conn_ssp_enabled(conn) && !(conn->auth_type & 0x01) &&
7e3691e1 1498 conn->pending_sec_level != BT_SECURITY_FIPS &&
264b8b4e
JH		 1499 conn->pending_sec_level != BT_SECURITY_HIGH &&
1500 conn->pending_sec_level != BT_SECURITY_MEDIUM)
392599b9
JH		 1501 return 0;
1502
392599b9
JH		 1503 return 1;
1504}
1505
6039aa73 1506static int hci_resolve_name(struct hci_dev *hdev,
04124681 1507 struct inquiry_entry *e)
30dc78e1
JH		 1508{
1509 struct hci_cp_remote_name_req cp;
1510
1511 memset(&cp, 0, sizeof(cp));
1512
1513 bacpy(&cp.bdaddr, &e->data.bdaddr);
1514 cp.pscan_rep_mode = e->data.pscan_rep_mode;
1515 cp.pscan_mode = e->data.pscan_mode;
1516 cp.clock_offset = e->data.clock_offset;
1517
1518 return hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
1519}
1520
b644ba33 1521static bool hci_resolve_next_name(struct hci_dev *hdev)
30dc78e1
JH		 1522{
1523 struct discovery_state *discov = &hdev->discovery;
1524 struct inquiry_entry *e;
1525
b644ba33
JH		 1526 if (list_empty(&discov->resolve))
1527 return false;
1528
1529 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_NEEDED);
c810089c
RM		 1530 if (!e)
1531 return false;
1532
b644ba33
JH		 1533 if (hci_resolve_name(hdev, e) == 0) {
1534 e->name_state = NAME_PENDING;
1535 return true;
1536 }
1537
1538 return false;
1539}
1540
1541static void hci_check_pending_name(struct hci_dev *hdev, struct hci_conn *conn,
04124681 1542 bdaddr_t *bdaddr, u8 *name, u8 name_len)
b644ba33
JH		 1543{
1544 struct discovery_state *discov = &hdev->discovery;
1545 struct inquiry_entry *e;
1546
1547 if (conn && !test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
04124681
GP		 1548 mgmt_device_connected(hdev, bdaddr, ACL_LINK, 0x00, 0, name,
1549 name_len, conn->dev_class);
b644ba33
JH		 1550
1551 if (discov->state == DISCOVERY_STOPPED)
1552 return;
1553
30dc78e1
JH		 1554 if (discov->state == DISCOVERY_STOPPING)
1555 goto discov_complete;
1556
1557 if (discov->state != DISCOVERY_RESOLVING)
1558 return;
1559
1560 e = hci_inquiry_cache_lookup_resolve(hdev, bdaddr, NAME_PENDING);
7cc8380e
RM		 1561 /* If the device was not found in a list of found devices names of which
1562 * are pending. there is no need to continue resolving a next name as it
1563 * will be done upon receiving another Remote Name Request Complete
1564 * Event */
1565 if (!e)
1566 return;
1567
1568 list_del(&e->list);
1569 if (name) {
30dc78e1 1570 e->name_state = NAME_KNOWN;
7cc8380e
RM		 1571 mgmt_remote_name(hdev, bdaddr, ACL_LINK, 0x00,
1572 e->data.rssi, name, name_len);
c3e7c0d9
RM		 1573 } else {
1574 e->name_state = NAME_NOT_KNOWN;
30dc78e1
JH		 1575 }
1576
b644ba33 1577 if (hci_resolve_next_name(hdev))
30dc78e1 1578 return;
30dc78e1
JH		 1579
1580discov_complete:
1581 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1582}
1583
a9de9248
MH		 1584static void hci_cs_remote_name_req(struct hci_dev *hdev, __u8 status)
1585{
127178d2
JH		 1586 struct hci_cp_remote_name_req *cp;
1587 struct hci_conn *conn;
1588
9f1db00c 1589 BT_DBG("%s status 0x%2.2x", hdev->name, status);
127178d2
JH		 1590
1591 /* If successful wait for the name req complete event before
1592 * checking for the need to do authentication */
1593 if (!status)
1594 return;
1595
1596 cp = hci_sent_cmd_data(hdev, HCI_OP_REMOTE_NAME_REQ);
1597 if (!cp)
1598 return;
1599
1600 hci_dev_lock(hdev);
1601
b644ba33
JH		 1602 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1603
a8b2d5c2 1604 if (test_bit(HCI_MGMT, &hdev->dev_flags))
b644ba33 1605 hci_check_pending_name(hdev, conn, &cp->bdaddr, NULL, 0);
30dc78e1 1606
79c6c70c
JH		 1607 if (!conn)
1608 goto unlock;
1609
1610 if (!hci_outgoing_auth_needed(hdev, conn))
1611 goto unlock;
1612
51a8efd7 1613 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
c1f23a2b
JB		 1614 struct hci_cp_auth_requested auth_cp;
1615
1616 auth_cp.handle = __cpu_to_le16(conn->handle);
1617 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED,
1618 sizeof(auth_cp), &auth_cp);
127178d2
JH		 1619 }
1620
79c6c70c 1621unlock:
127178d2 1622 hci_dev_unlock(hdev);
a9de9248 1623}
1da177e4 1624
769be974
MH		 1625static void hci_cs_read_remote_features(struct hci_dev *hdev, __u8 status)
1626{
1627 struct hci_cp_read_remote_features *cp;
1628 struct hci_conn *conn;
1629
9f1db00c 1630 BT_DBG("%s status 0x%2.2x", hdev->name, status);
769be974
MH		 1631
1632 if (!status)
1633 return;
1634
1635 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_FEATURES);
1636 if (!cp)
1637 return;
1638
1639 hci_dev_lock(hdev);
1640
1641 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1642 if (conn) {
1643 if (conn->state == BT_CONFIG) {
769be974 1644 hci_proto_connect_cfm(conn, status);
76a68ba0 1645 hci_conn_drop(conn);
769be974
MH		 1646 }
1647 }
1648
1649 hci_dev_unlock(hdev);
1650}
1651
1652static void hci_cs_read_remote_ext_features(struct hci_dev *hdev, __u8 status)
1653{
1654 struct hci_cp_read_remote_ext_features *cp;
1655 struct hci_conn *conn;
1656
9f1db00c 1657 BT_DBG("%s status 0x%2.2x", hdev->name, status);
769be974
MH		 1658
1659 if (!status)
1660 return;
1661
1662 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES);
1663 if (!cp)
1664 return;
1665
1666 hci_dev_lock(hdev);
1667
1668 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1669 if (conn) {
1670 if (conn->state == BT_CONFIG) {
769be974 1671 hci_proto_connect_cfm(conn, status);
76a68ba0 1672 hci_conn_drop(conn);
769be974
MH		 1673 }
1674 }
1675
1676 hci_dev_unlock(hdev);
1677}
1678
a9de9248
MH		 1679static void hci_cs_setup_sync_conn(struct hci_dev *hdev, __u8 status)
1680{
b6a0dc82
MH		 1681 struct hci_cp_setup_sync_conn *cp;
1682 struct hci_conn *acl, *sco;
1683 __u16 handle;
1684
9f1db00c 1685 BT_DBG("%s status 0x%2.2x", hdev->name, status);
b6a0dc82
MH		 1686
1687 if (!status)
1688 return;
1689
1690 cp = hci_sent_cmd_data(hdev, HCI_OP_SETUP_SYNC_CONN);
1691 if (!cp)
1692 return;
1693
1694 handle = __le16_to_cpu(cp->handle);
1695
9f1db00c 1696 BT_DBG("%s handle 0x%4.4x", hdev->name, handle);
b6a0dc82
MH		 1697
1698 hci_dev_lock(hdev);
1699
1700 acl = hci_conn_hash_lookup_handle(hdev, handle);
5a08ecce
AE		 1701 if (acl) {
1702 sco = acl->link;
1703 if (sco) {
1704 sco->state = BT_CLOSED;
b6a0dc82 1705
5a08ecce
AE		 1706 hci_proto_connect_cfm(sco, status);
1707 hci_conn_del(sco);
1708 }
b6a0dc82
MH		 1709 }
1710
1711 hci_dev_unlock(hdev);
1da177e4
LT		 1712}
1713
a9de9248 1714static void hci_cs_sniff_mode(struct hci_dev *hdev, __u8 status)
1da177e4 1715{
a9de9248
MH		 1716 struct hci_cp_sniff_mode *cp;
1717 struct hci_conn *conn;
1da177e4 1718
9f1db00c 1719 BT_DBG("%s status 0x%2.2x", hdev->name, status);
04837f64 1720
a9de9248
MH		 1721 if (!status)
1722 return;
04837f64 1723
a9de9248
MH		 1724 cp = hci_sent_cmd_data(hdev, HCI_OP_SNIFF_MODE);
1725 if (!cp)
1726 return;
04837f64 1727
a9de9248 1728 hci_dev_lock(hdev);
04837f64 1729
a9de9248 1730 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
e73439d8 1731 if (conn) {
51a8efd7 1732 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags);
04837f64 1733
51a8efd7 1734 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
e73439d8
MH		 1735 hci_sco_setup(conn, status);
1736 }
1737
a9de9248
MH		 1738 hci_dev_unlock(hdev);
1739}
04837f64 1740
a9de9248
MH		 1741static void hci_cs_exit_sniff_mode(struct hci_dev *hdev, __u8 status)
1742{
1743 struct hci_cp_exit_sniff_mode *cp;
1744 struct hci_conn *conn;
04837f64 1745
9f1db00c 1746 BT_DBG("%s status 0x%2.2x", hdev->name, status);
04837f64 1747
a9de9248
MH		 1748 if (!status)
1749 return;
04837f64 1750
a9de9248
MH		 1751 cp = hci_sent_cmd_data(hdev, HCI_OP_EXIT_SNIFF_MODE);
1752 if (!cp)
1753 return;
04837f64 1754
a9de9248 1755 hci_dev_lock(hdev);
1da177e4 1756
a9de9248 1757 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
e73439d8 1758 if (conn) {
51a8efd7 1759 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags);
1da177e4 1760
51a8efd7 1761 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
e73439d8
MH		 1762 hci_sco_setup(conn, status);
1763 }
1764
a9de9248 1765 hci_dev_unlock(hdev);
1da177e4
LT		 1766}
1767
88c3df13
JH		 1768static void hci_cs_disconnect(struct hci_dev *hdev, u8 status)
1769{
1770 struct hci_cp_disconnect *cp;
1771 struct hci_conn *conn;
1772
1773 if (!status)
1774 return;
1775
1776 cp = hci_sent_cmd_data(hdev, HCI_OP_DISCONNECT);
1777 if (!cp)
1778 return;
1779
1780 hci_dev_lock(hdev);
1781
1782 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1783 if (conn)
1784 mgmt_disconnect_failed(hdev, &conn->dst, conn->type,
04124681 1785 conn->dst_type, status);
88c3df13
JH		 1786
1787 hci_dev_unlock(hdev);
1788}
1789
a02226d6
AE		 1790static void hci_cs_create_phylink(struct hci_dev *hdev, u8 status)
1791{
93c284ee
AE		 1792 struct hci_cp_create_phy_link *cp;
1793
a02226d6 1794 BT_DBG("%s status 0x%2.2x", hdev->name, status);
93c284ee 1795
93c284ee
AE		 1796 cp = hci_sent_cmd_data(hdev, HCI_OP_CREATE_PHY_LINK);
1797 if (!cp)
1798 return;
1799
e58917b9
AE		 1800 hci_dev_lock(hdev);
1801
1802 if (status) {
1803 struct hci_conn *hcon;
1804
1805 hcon = hci_conn_hash_lookup_handle(hdev, cp->phy_handle);
1806 if (hcon)
1807 hci_conn_del(hcon);
1808 } else {
1809 amp_write_remote_assoc(hdev, cp->phy_handle);
1810 }
1811
1812 hci_dev_unlock(hdev);
a02226d6
AE		 1813}
1814
0b26ab9d
AE		 1815static void hci_cs_accept_phylink(struct hci_dev *hdev, u8 status)
1816{
1817 struct hci_cp_accept_phy_link *cp;
1818
1819 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1820
1821 if (status)
1822 return;
1823
1824 cp = hci_sent_cmd_data(hdev, HCI_OP_ACCEPT_PHY_LINK);
1825 if (!cp)
1826 return;
1827
1828 amp_write_remote_assoc(hdev, cp->phy_handle);
1829}
1830
cb1d68f7
JH		 1831static void hci_cs_le_create_conn(struct hci_dev *hdev, u8 status)
1832{
1833 struct hci_cp_le_create_conn *cp;
1834 struct hci_conn *conn;
1835
1836 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1837
1838 /* All connection failure handling is taken care of by the
1839 * hci_le_conn_failed function which is triggered by the HCI
1840 * request completion callbacks used for connecting.
1841 */
1842 if (status)
1843 return;
1844
1845 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_CREATE_CONN);
1846 if (!cp)
1847 return;
1848
1849 hci_dev_lock(hdev);
1850
1851 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->peer_addr);
1852 if (!conn)
1853 goto unlock;
1854
1855 /* Store the initiator and responder address information which
1856 * is needed for SMP. These values will not change during the
1857 * lifetime of the connection.
1858 */
1859 conn->init_addr_type = cp->own_address_type;
1860 if (cp->own_address_type == ADDR_LE_DEV_RANDOM)
1861 bacpy(&conn->init_addr, &hdev->random_addr);
1862 else
1863 bacpy(&conn->init_addr, &hdev->bdaddr);
1864
1865 conn->resp_addr_type = cp->peer_addr_type;
1866 bacpy(&conn->resp_addr, &cp->peer_addr);
1867
9489eca4
JH		 1868 /* We don't want the connection attempt to stick around
1869 * indefinitely since LE doesn't have a page timeout concept
1870 * like BR/EDR. Set a timer for any connection that doesn't use
1871 * the white list for connecting.
1872 */
1873 if (cp->filter_policy == HCI_LE_USE_PEER_ADDR)
1874 queue_delayed_work(conn->hdev->workqueue,
1875 &conn->le_conn_timeout,
1876 HCI_LE_CONN_TIMEOUT);
1877
cb1d68f7
JH		 1878unlock:
1879 hci_dev_unlock(hdev);
1880}
1881
81d0c8ad
JH		 1882static void hci_cs_le_start_enc(struct hci_dev *hdev, u8 status)
1883{
1884 struct hci_cp_le_start_enc *cp;
1885 struct hci_conn *conn;
1886
1887 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1888
1889 if (!status)
1890 return;
1891
1892 hci_dev_lock(hdev);
1893
1894 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_START_ENC);
1895 if (!cp)
1896 goto unlock;
1897
1898 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1899 if (!conn)
1900 goto unlock;
1901
1902 if (conn->state != BT_CONNECTED)
1903 goto unlock;
1904
1905 hci_disconnect(conn, HCI_ERROR_AUTH_FAILURE);
1906 hci_conn_drop(conn);
1907
1908unlock:
1909 hci_dev_unlock(hdev);
1910}
1911
6039aa73 1912static void hci_inquiry_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4
LT		 1913{
1914 __u8 status = *((__u8 *) skb->data);
30dc78e1
JH		 1915 struct discovery_state *discov = &hdev->discovery;
1916 struct inquiry_entry *e;
1da177e4 1917
9f1db00c 1918 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1da177e4 1919
a9de9248 1920 hci_conn_check_pending(hdev);
89352e7d
AG		 1921
1922 if (!test_and_clear_bit(HCI_INQUIRY, &hdev->flags))
1923 return;
1924
4e857c58 1925 smp_mb__after_atomic(); /* wake_up_bit advises about this barrier */
3e13fa1e
AG		 1926 wake_up_bit(&hdev->flags, HCI_INQUIRY);
1927
a8b2d5c2 1928 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
30dc78e1
JH		 1929 return;
1930
56e5cb86 1931 hci_dev_lock(hdev);
30dc78e1 1932
343f935b 1933 if (discov->state != DISCOVERY_FINDING)
30dc78e1
JH		 1934 goto unlock;
1935
1936 if (list_empty(&discov->resolve)) {
1937 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1938 goto unlock;
1939 }
1940
1941 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_NEEDED);
1942 if (e && hci_resolve_name(hdev, e) == 0) {
1943 e->name_state = NAME_PENDING;
1944 hci_discovery_set_state(hdev, DISCOVERY_RESOLVING);
1945 } else {
1946 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1947 }
1948
1949unlock:
56e5cb86 1950 hci_dev_unlock(hdev);
1da177e4
LT		 1951}
1952
6039aa73 1953static void hci_inquiry_result_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 1954{
45bb4bf0 1955 struct inquiry_data data;
a9de9248 1956 struct inquiry_info *info = (void *) (skb->data + 1);
1da177e4
LT		 1957 int num_rsp = *((__u8 *) skb->data);
1958
1959 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
1960
45bb4bf0
MH		 1961 if (!num_rsp)
1962 return;
1963
1519cc17
AG		 1964 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags))
1965 return;
1966
1da177e4 1967 hci_dev_lock(hdev);
45bb4bf0 1968
e17acd40 1969 for (; num_rsp; num_rsp--, info++) {
af58925c 1970 u32 flags;
3175405b 1971
1da177e4
LT		 1972 bacpy(&data.bdaddr, &info->bdaddr);
1973 data.pscan_rep_mode = info->pscan_rep_mode;
1974 data.pscan_period_mode = info->pscan_period_mode;
1975 data.pscan_mode = info->pscan_mode;
1976 memcpy(data.dev_class, info->dev_class, 3);
1977 data.clock_offset = info->clock_offset;
1978 data.rssi = 0x00;
41a96212 1979 data.ssp_mode = 0x00;
3175405b 1980
af58925c
MH		 1981 flags = hci_inquiry_cache_update(hdev, &data, false);
1982
48264f06 1983 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
af58925c 1984 info->dev_class, 0, flags, NULL, 0, NULL, 0);
1da177e4 1985 }
45bb4bf0 1986
1da177e4
LT		 1987 hci_dev_unlock(hdev);
1988}
1989
6039aa73 1990static void hci_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 1991{
a9de9248
MH		 1992 struct hci_ev_conn_complete *ev = (void *) skb->data;
1993 struct hci_conn *conn;
1da177e4
LT		 1994
1995 BT_DBG("%s", hdev->name);
1996
1997 hci_dev_lock(hdev);
1998
1999 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
9499237a
MH		 2000 if (!conn) {
2001 if (ev->link_type != SCO_LINK)
2002 goto unlock;
2003
2004 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
2005 if (!conn)
2006 goto unlock;
2007
2008 conn->type = SCO_LINK;
2009 }
1da177e4
LT		 2010
2011 if (!ev->status) {
2012 conn->handle = __le16_to_cpu(ev->handle);
769be974
MH		 2013
2014 if (conn->type == ACL_LINK) {
2015 conn->state = BT_CONFIG;
2016 hci_conn_hold(conn);
a9ea3ed9
SJ		 2017
2018 if (!conn->out && !hci_conn_ssp_enabled(conn) &&
2019 !hci_find_link_key(hdev, &ev->bdaddr))
2020 conn->disc_timeout = HCI_PAIRING_TIMEOUT;
2021 else
2022 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
769be974
MH		 2023 } else
2024 conn->state = BT_CONNECTED;
1da177e4 2025
7d0db0a3
MH		 2026 hci_conn_add_sysfs(conn);
2027
1da177e4 2028 if (test_bit(HCI_AUTH, &hdev->flags))
4dae2798 2029 set_bit(HCI_CONN_AUTH, &conn->flags);
1da177e4
LT		 2030
2031 if (test_bit(HCI_ENCRYPT, &hdev->flags))
4dae2798 2032 set_bit(HCI_CONN_ENCRYPT, &conn->flags);
1da177e4 2033
04837f64
MH		 2034 /* Get remote features */
2035 if (conn->type == ACL_LINK) {
2036 struct hci_cp_read_remote_features cp;
2037 cp.handle = ev->handle;
769be974 2038 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_FEATURES,
04124681 2039 sizeof(cp), &cp);
04837f64
MH		 2040 }
2041
1da177e4 2042 /* Set packet type for incoming connection */
d095c1eb 2043 if (!conn->out && hdev->hci_ver < BLUETOOTH_VER_2_0) {
1da177e4
LT		 2044 struct hci_cp_change_conn_ptype cp;
2045 cp.handle = ev->handle;
a8746417 2046 cp.pkt_type = cpu_to_le16(conn->pkt_type);
04124681
GP		 2047 hci_send_cmd(hdev, HCI_OP_CHANGE_CONN_PTYPE, sizeof(cp),
2048 &cp);
1da177e4 2049 }
17d5c04c 2050 } else {
1da177e4 2051 conn->state = BT_CLOSED;
17d5c04c 2052 if (conn->type == ACL_LINK)
64c7b77c 2053 mgmt_connect_failed(hdev, &conn->dst, conn->type,
04124681 2054 conn->dst_type, ev->status);
17d5c04c 2055 }
1da177e4 2056
e73439d8
MH		 2057 if (conn->type == ACL_LINK)
2058 hci_sco_setup(conn, ev->status);
1da177e4 2059
769be974
MH		 2060 if (ev->status) {
2061 hci_proto_connect_cfm(conn, ev->status);
1da177e4 2062 hci_conn_del(conn);
c89b6e6b
MH		 2063 } else if (ev->link_type != ACL_LINK)
2064 hci_proto_connect_cfm(conn, ev->status);
1da177e4 2065
a9de9248 2066unlock:
1da177e4 2067 hci_dev_unlock(hdev);
1da177e4 2068
a9de9248 2069 hci_conn_check_pending(hdev);
1da177e4
LT		 2070}
2071
6039aa73 2072static void hci_conn_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 2073{
a9de9248
MH		 2074 struct hci_ev_conn_request *ev = (void *) skb->data;
2075 int mask = hdev->link_mode;
20714bfe 2076 __u8 flags = 0;
1da177e4 2077
6ed93dc6 2078 BT_DBG("%s bdaddr %pMR type 0x%x", hdev->name, &ev->bdaddr,
807deac2 2079 ev->link_type);
1da177e4 2080
20714bfe
FD		 2081 mask |= hci_proto_connect_ind(hdev, &ev->bdaddr, ev->link_type,
2082 &flags);
1da177e4 2083
138d22ef 2084 if ((mask & HCI_LM_ACCEPT) &&
b9ee0a78 2085 !hci_blacklist_lookup(hdev, &ev->bdaddr, BDADDR_BREDR)) {
a9de9248 2086 /* Connection accepted */
c7bdd502 2087 struct inquiry_entry *ie;
1da177e4 2088 struct hci_conn *conn;
1da177e4 2089
a9de9248 2090 hci_dev_lock(hdev);
b6a0dc82 2091
cc11b9c1
AE		 2092 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
2093 if (ie)
c7bdd502
MH		 2094 memcpy(ie->data.dev_class, ev->dev_class, 3);
2095
8fc9ced3
GP		 2096 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type,
2097 &ev->bdaddr);
a9de9248 2098 if (!conn) {
cc11b9c1
AE		 2099 conn = hci_conn_add(hdev, ev->link_type, &ev->bdaddr);
2100 if (!conn) {
893ef971 2101 BT_ERR("No memory for new connection");
a9de9248
MH		 2102 hci_dev_unlock(hdev);
2103 return;
1da177e4
LT		 2104 }
2105 }
b6a0dc82 2106
a9de9248 2107 memcpy(conn->dev_class, ev->dev_class, 3);
b6a0dc82 2108
a9de9248 2109 hci_dev_unlock(hdev);
1da177e4 2110
20714bfe
FD		 2111 if (ev->link_type == ACL_LINK ||
2112 (!(flags & HCI_PROTO_DEFER) && !lmp_esco_capable(hdev))) {
b6a0dc82 2113 struct hci_cp_accept_conn_req cp;
20714bfe 2114 conn->state = BT_CONNECT;
1da177e4 2115
b6a0dc82
MH		 2116 bacpy(&cp.bdaddr, &ev->bdaddr);
2117
2118 if (lmp_rswitch_capable(hdev) && (mask & HCI_LM_MASTER))
2119 cp.role = 0x00; /* Become master */
2120 else
2121 cp.role = 0x01; /* Remain slave */
2122
04124681
GP		 2123 hci_send_cmd(hdev, HCI_OP_ACCEPT_CONN_REQ, sizeof(cp),
2124 &cp);
20714bfe 2125 } else if (!(flags & HCI_PROTO_DEFER)) {
b6a0dc82 2126 struct hci_cp_accept_sync_conn_req cp;
20714bfe 2127 conn->state = BT_CONNECT;
b6a0dc82
MH		 2128
2129 bacpy(&cp.bdaddr, &ev->bdaddr);
a8746417 2130 cp.pkt_type = cpu_to_le16(conn->pkt_type);
b6a0dc82 2131
dcf4adbf
JP		 2132 cp.tx_bandwidth = cpu_to_le32(0x00001f40);
2133 cp.rx_bandwidth = cpu_to_le32(0x00001f40);
2134 cp.max_latency = cpu_to_le16(0xffff);
b6a0dc82
MH		 2135 cp.content_format = cpu_to_le16(hdev->voice_setting);
2136 cp.retrans_effort = 0xff;
1da177e4 2137
b6a0dc82 2138 hci_send_cmd(hdev, HCI_OP_ACCEPT_SYNC_CONN_REQ,
04124681 2139 sizeof(cp), &cp);
20714bfe
FD		 2140 } else {
2141 conn->state = BT_CONNECT2;
2142 hci_proto_connect_cfm(conn, 0);
b6a0dc82 2143 }
a9de9248
MH		 2144 } else {
2145 /* Connection rejected */
2146 struct hci_cp_reject_conn_req cp;
1da177e4 2147
a9de9248 2148 bacpy(&cp.bdaddr, &ev->bdaddr);
9f5a0d7b 2149 cp.reason = HCI_ERROR_REJ_BAD_ADDR;
a9de9248 2150 hci_send_cmd(hdev, HCI_OP_REJECT_CONN_REQ, sizeof(cp), &cp);
1da177e4 2151 }
1da177e4
LT		 2152}
2153
f0d6a0ea
MA		 2154static u8 hci_to_mgmt_reason(u8 err)
2155{
2156 switch (err) {
2157 case HCI_ERROR_CONNECTION_TIMEOUT:
2158 return MGMT_DEV_DISCONN_TIMEOUT;
2159 case HCI_ERROR_REMOTE_USER_TERM:
2160 case HCI_ERROR_REMOTE_LOW_RESOURCES:
2161 case HCI_ERROR_REMOTE_POWER_OFF:
2162 return MGMT_DEV_DISCONN_REMOTE;
2163 case HCI_ERROR_LOCAL_HOST_TERM:
2164 return MGMT_DEV_DISCONN_LOCAL_HOST;
2165 default:
2166 return MGMT_DEV_DISCONN_UNKNOWN;
2167 }
2168}
2169
6039aa73 2170static void hci_disconn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
04837f64 2171{
a9de9248 2172 struct hci_ev_disconn_complete *ev = (void *) skb->data;
abf54a50 2173 u8 reason = hci_to_mgmt_reason(ev->reason);
9fcb18ef 2174 struct hci_conn_params *params;
04837f64 2175 struct hci_conn *conn;
12d4a3b2 2176 bool mgmt_connected;
3846220b 2177 u8 type;
04837f64 2178
9f1db00c 2179 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
04837f64
MH		 2180
2181 hci_dev_lock(hdev);
2182
2183 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
f7520543
JH		 2184 if (!conn)
2185 goto unlock;
7d0db0a3 2186
abf54a50
AG		 2187 if (ev->status) {
2188 mgmt_disconnect_failed(hdev, &conn->dst, conn->type,
2189 conn->dst_type, ev->status);
2190 goto unlock;
37d9ef76 2191 }
f7520543 2192
3846220b
AG		 2193 conn->state = BT_CLOSED;
2194
12d4a3b2
JH		 2195 mgmt_connected = test_and_clear_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags);
2196 mgmt_device_disconnected(hdev, &conn->dst, conn->type, conn->dst_type,
2197 reason, mgmt_connected);
abf54a50 2198
af6a9c32
JH		 2199 if (conn->type == ACL_LINK &&
2200 test_bit(HCI_CONN_FLUSH_KEY, &conn->flags))
3846220b 2201 hci_remove_link_key(hdev, &conn->dst);
2210246c 2202
9fcb18ef
AG		 2203 params = hci_conn_params_lookup(hdev, &conn->dst, conn->dst_type);
2204 if (params) {
2205 switch (params->auto_connect) {
2206 case HCI_AUTO_CONN_LINK_LOSS:
2207 if (ev->reason != HCI_ERROR_CONNECTION_TIMEOUT)
2208 break;
2209 /* Fall through */
2210
2211 case HCI_AUTO_CONN_ALWAYS:
418025d1
JH		 2212 list_del_init(&params->action);
2213 list_add(&params->action, &hdev->pend_le_conns);
2214 hci_update_background_scan(hdev);
9fcb18ef
AG		 2215 break;
2216
2217 default:
2218 break;
2219 }
2220 }
2221
3846220b 2222 type = conn->type;
2210246c 2223
3846220b
AG		 2224 hci_proto_disconn_cfm(conn, ev->reason);
2225 hci_conn_del(conn);
2226
2227 /* Re-enable advertising if necessary, since it might
2228 * have been disabled by the connection. From the
2229 * HCI_LE_Set_Advertise_Enable command description in
2230 * the core specification (v4.0):
2231 * "The Controller shall continue advertising until the Host
2232 * issues an LE_Set_Advertise_Enable command with
2233 * Advertising_Enable set to 0x00 (Advertising is disabled)
2234 * or until a connection is created or until the Advertising
2235 * is timed out due to Directed Advertising."
2236 */
2237 if (type == LE_LINK)
2238 mgmt_reenable_advertising(hdev);
f7520543
JH		 2239
2240unlock:
04837f64
MH		 2241 hci_dev_unlock(hdev);
2242}
2243
6039aa73 2244static void hci_auth_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 2245{
a9de9248 2246 struct hci_ev_auth_complete *ev = (void *) skb->data;
04837f64 2247 struct hci_conn *conn;
1da177e4 2248
9f1db00c 2249 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
1da177e4
LT		 2250
2251 hci_dev_lock(hdev);
2252
04837f64 2253 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
d7556e20
WR		 2254 if (!conn)
2255 goto unlock;
2256
2257 if (!ev->status) {
aa64a8b5 2258 if (!hci_conn_ssp_enabled(conn) &&
807deac2 2259 test_bit(HCI_CONN_REAUTH_PEND, &conn->flags)) {
d7556e20 2260 BT_INFO("re-auth of legacy device is not possible.");
2a611692 2261 } else {
4dae2798 2262 set_bit(HCI_CONN_AUTH, &conn->flags);
d7556e20 2263 conn->sec_level = conn->pending_sec_level;
2a611692 2264 }
d7556e20 2265 } else {
bab73cb6 2266 mgmt_auth_failed(hdev, &conn->dst, conn->type, conn->dst_type,
04124681 2267 ev->status);
d7556e20 2268 }
1da177e4 2269
51a8efd7
JH		 2270 clear_bit(HCI_CONN_AUTH_PEND, &conn->flags);
2271 clear_bit(HCI_CONN_REAUTH_PEND, &conn->flags);
1da177e4 2272
d7556e20 2273 if (conn->state == BT_CONFIG) {
aa64a8b5 2274 if (!ev->status && hci_conn_ssp_enabled(conn)) {
d7556e20
WR		 2275 struct hci_cp_set_conn_encrypt cp;
2276 cp.handle = ev->handle;
2277 cp.encrypt = 0x01;
2278 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
807deac2 2279 &cp);
052b30b0 2280 } else {
d7556e20
WR		 2281 conn->state = BT_CONNECTED;
2282 hci_proto_connect_cfm(conn, ev->status);
76a68ba0 2283 hci_conn_drop(conn);
052b30b0 2284 }
d7556e20
WR		 2285 } else {
2286 hci_auth_cfm(conn, ev->status);
052b30b0 2287
d7556e20
WR		 2288 hci_conn_hold(conn);
2289 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
76a68ba0 2290 hci_conn_drop(conn);
d7556e20
WR		 2291 }
2292
51a8efd7 2293 if (test_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags)) {
d7556e20
WR		 2294 if (!ev->status) {
2295 struct hci_cp_set_conn_encrypt cp;
2296 cp.handle = ev->handle;
2297 cp.encrypt = 0x01;
2298 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
807deac2 2299 &cp);
d7556e20 2300 } else {
51a8efd7 2301 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
d7556e20 2302 hci_encrypt_cfm(conn, ev->status, 0x00);
1da177e4
LT		 2303 }
2304 }
2305
d7556e20 2306unlock:
1da177e4
LT		 2307 hci_dev_unlock(hdev);
2308}
2309
6039aa73 2310static void hci_remote_name_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 2311{
127178d2
JH		 2312 struct hci_ev_remote_name *ev = (void *) skb->data;
2313 struct hci_conn *conn;
2314
a9de9248 2315 BT_DBG("%s", hdev->name);
1da177e4 2316
a9de9248 2317 hci_conn_check_pending(hdev);
127178d2
JH		 2318
2319 hci_dev_lock(hdev);
2320
b644ba33 2321 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
30dc78e1 2322
b644ba33
JH		 2323 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
2324 goto check_auth;
a88a9652 2325
b644ba33
JH		 2326 if (ev->status == 0)
2327 hci_check_pending_name(hdev, conn, &ev->bdaddr, ev->name,
04124681 2328 strnlen(ev->name, HCI_MAX_NAME_LENGTH));
b644ba33
JH		 2329 else
2330 hci_check_pending_name(hdev, conn, &ev->bdaddr, NULL, 0);
2331
2332check_auth:
79c6c70c
JH		 2333 if (!conn)
2334 goto unlock;
2335
2336 if (!hci_outgoing_auth_needed(hdev, conn))
2337 goto unlock;
2338
51a8efd7 2339 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
127178d2
JH		 2340 struct hci_cp_auth_requested cp;
2341 cp.handle = __cpu_to_le16(conn->handle);
2342 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp);
2343 }
2344
79c6c70c 2345unlock:
127178d2 2346 hci_dev_unlock(hdev);
a9de9248
MH		 2347}
2348
6039aa73 2349static void hci_encrypt_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248
MH		 2350{
2351 struct hci_ev_encrypt_change *ev = (void *) skb->data;
2352 struct hci_conn *conn;
2353
9f1db00c 2354 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
1da177e4
LT		 2355
2356 hci_dev_lock(hdev);
2357
04837f64 2358 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
dc8357cc
MH		 2359 if (!conn)
2360 goto unlock;
1da177e4 2361
dc8357cc
MH		 2362 if (!ev->status) {
2363 if (ev->encrypt) {
2364 /* Encryption implies authentication */
4dae2798
JH		 2365 set_bit(HCI_CONN_AUTH, &conn->flags);
2366 set_bit(HCI_CONN_ENCRYPT, &conn->flags);
dc8357cc 2367 conn->sec_level = conn->pending_sec_level;
abf76bad 2368
914a6ffe
MH		 2369 /* P-256 authentication key implies FIPS */
2370 if (conn->key_type == HCI_LK_AUTH_COMBINATION_P256)
4dae2798 2371 set_bit(HCI_CONN_FIPS, &conn->flags);
914a6ffe 2372
abf76bad
MH		 2373 if ((conn->type == ACL_LINK && ev->encrypt == 0x02) ||
2374 conn->type == LE_LINK)
2375 set_bit(HCI_CONN_AES_CCM, &conn->flags);
2376 } else {
4dae2798 2377 clear_bit(HCI_CONN_ENCRYPT, &conn->flags);
abf76bad
MH		 2378 clear_bit(HCI_CONN_AES_CCM, &conn->flags);
2379 }
dc8357cc 2380 }
a7d7723a 2381
dc8357cc 2382 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
f8558555 2383
dc8357cc
MH		 2384 if (ev->status && conn->state == BT_CONNECTED) {
2385 hci_disconnect(conn, HCI_ERROR_AUTH_FAILURE);
2386 hci_conn_drop(conn);
2387 goto unlock;
1da177e4
LT		 2388 }
2389
dc8357cc
MH		 2390 if (conn->state == BT_CONFIG) {
2391 if (!ev->status)
2392 conn->state = BT_CONNECTED;
2393
40b552aa
MH		 2394 /* In Secure Connections Only mode, do not allow any
2395 * connections that are not encrypted with AES-CCM
2396 * using a P-256 authenticated combination key.
2397 */
2398 if (test_bit(HCI_SC_ONLY, &hdev->dev_flags) &&
2399 (!test_bit(HCI_CONN_AES_CCM, &conn->flags) ||
2400 conn->key_type != HCI_LK_AUTH_COMBINATION_P256)) {
2401 hci_proto_connect_cfm(conn, HCI_ERROR_AUTH_FAILURE);
2402 hci_conn_drop(conn);
2403 goto unlock;
2404 }
2405
dc8357cc
MH		 2406 hci_proto_connect_cfm(conn, ev->status);
2407 hci_conn_drop(conn);
2408 } else
2409 hci_encrypt_cfm(conn, ev->status, ev->encrypt);
2410
a7d7723a 2411unlock:
1da177e4
LT		 2412 hci_dev_unlock(hdev);
2413}
2414
6039aa73
GP		 2415static void hci_change_link_key_complete_evt(struct hci_dev *hdev,
2416 struct sk_buff *skb)
1da177e4 2417{
a9de9248 2418 struct hci_ev_change_link_key_complete *ev = (void *) skb->data;
04837f64 2419 struct hci_conn *conn;
1da177e4 2420
9f1db00c 2421 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
1da177e4
LT		 2422
2423 hci_dev_lock(hdev);
2424
04837f64 2425 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1da177e4
LT		 2426 if (conn) {
2427 if (!ev->status)
4dae2798 2428 set_bit(HCI_CONN_SECURE, &conn->flags);
1da177e4 2429
51a8efd7 2430 clear_bit(HCI_CONN_AUTH_PEND, &conn->flags);
1da177e4
LT		 2431
2432 hci_key_change_cfm(conn, ev->status);
2433 }
2434
2435 hci_dev_unlock(hdev);
2436}
2437
6039aa73
GP		 2438static void hci_remote_features_evt(struct hci_dev *hdev,
2439 struct sk_buff *skb)
1da177e4 2440{
a9de9248
MH		 2441 struct hci_ev_remote_features *ev = (void *) skb->data;
2442 struct hci_conn *conn;
2443
9f1db00c 2444 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
a9de9248 2445
a9de9248
MH		 2446 hci_dev_lock(hdev);
2447
2448 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
ccd556fe
JH		 2449 if (!conn)
2450 goto unlock;
769be974 2451
ccd556fe 2452 if (!ev->status)
cad718ed 2453 memcpy(conn->features[0], ev->features, 8);
ccd556fe
JH		 2454
2455 if (conn->state != BT_CONFIG)
2456 goto unlock;
2457
2458 if (!ev->status && lmp_ssp_capable(hdev) && lmp_ssp_capable(conn)) {
2459 struct hci_cp_read_remote_ext_features cp;
2460 cp.handle = ev->handle;
2461 cp.page = 0x01;
2462 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES,
807deac2 2463 sizeof(cp), &cp);
392599b9
JH		 2464 goto unlock;
2465 }
2466
671267bf 2467 if (!ev->status && !test_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags)) {
127178d2
JH		 2468 struct hci_cp_remote_name_req cp;
2469 memset(&cp, 0, sizeof(cp));
2470 bacpy(&cp.bdaddr, &conn->dst);
2471 cp.pscan_rep_mode = 0x02;
2472 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
b644ba33
JH		 2473 } else if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
2474 mgmt_device_connected(hdev, &conn->dst, conn->type,
04124681
GP		 2475 conn->dst_type, 0, NULL, 0,
2476 conn->dev_class);
392599b9 2477
127178d2 2478 if (!hci_outgoing_auth_needed(hdev, conn)) {
ccd556fe
JH		 2479 conn->state = BT_CONNECTED;
2480 hci_proto_connect_cfm(conn, ev->status);
76a68ba0 2481 hci_conn_drop(conn);
769be974 2482 }
a9de9248 2483
ccd556fe 2484unlock:
a9de9248 2485 hci_dev_unlock(hdev);
1da177e4
LT		 2486}
2487
6039aa73 2488static void hci_cmd_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248
MH		 2489{
2490 struct hci_ev_cmd_complete *ev = (void *) skb->data;
9238f36a 2491 u8 status = skb->data[sizeof(*ev)];
a9de9248
MH		 2492 __u16 opcode;
2493
2494 skb_pull(skb, sizeof(*ev));
2495
2496 opcode = __le16_to_cpu(ev->opcode);
2497
2498 switch (opcode) {
2499 case HCI_OP_INQUIRY_CANCEL:
2500 hci_cc_inquiry_cancel(hdev, skb);
2501 break;
2502
4d93483b
AG		 2503 case HCI_OP_PERIODIC_INQ:
2504 hci_cc_periodic_inq(hdev, skb);
2505 break;
2506
a9de9248
MH		 2507 case HCI_OP_EXIT_PERIODIC_INQ:
2508 hci_cc_exit_periodic_inq(hdev, skb);
2509 break;
2510
2511 case HCI_OP_REMOTE_NAME_REQ_CANCEL:
2512 hci_cc_remote_name_req_cancel(hdev, skb);
2513 break;
2514
2515 case HCI_OP_ROLE_DISCOVERY:
2516 hci_cc_role_discovery(hdev, skb);
2517 break;
2518
e4e8e37c
MH		 2519 case HCI_OP_READ_LINK_POLICY:
2520 hci_cc_read_link_policy(hdev, skb);
2521 break;
2522
a9de9248
MH		 2523 case HCI_OP_WRITE_LINK_POLICY:
2524 hci_cc_write_link_policy(hdev, skb);
2525 break;
2526
e4e8e37c
MH		 2527 case HCI_OP_READ_DEF_LINK_POLICY:
2528 hci_cc_read_def_link_policy(hdev, skb);
2529 break;
2530
2531 case HCI_OP_WRITE_DEF_LINK_POLICY:
2532 hci_cc_write_def_link_policy(hdev, skb);
2533 break;
2534
a9de9248
MH		 2535 case HCI_OP_RESET:
2536 hci_cc_reset(hdev, skb);
2537 break;
2538
2539 case HCI_OP_WRITE_LOCAL_NAME:
2540 hci_cc_write_local_name(hdev, skb);
2541 break;
2542
2543 case HCI_OP_READ_LOCAL_NAME:
2544 hci_cc_read_local_name(hdev, skb);
2545 break;
2546
2547 case HCI_OP_WRITE_AUTH_ENABLE:
2548 hci_cc_write_auth_enable(hdev, skb);
2549 break;
2550
2551 case HCI_OP_WRITE_ENCRYPT_MODE:
2552 hci_cc_write_encrypt_mode(hdev, skb);
2553 break;
2554
2555 case HCI_OP_WRITE_SCAN_ENABLE:
2556 hci_cc_write_scan_enable(hdev, skb);
2557 break;
2558
2559 case HCI_OP_READ_CLASS_OF_DEV:
2560 hci_cc_read_class_of_dev(hdev, skb);
2561 break;
2562
2563 case HCI_OP_WRITE_CLASS_OF_DEV:
2564 hci_cc_write_class_of_dev(hdev, skb);
2565 break;
2566
2567 case HCI_OP_READ_VOICE_SETTING:
2568 hci_cc_read_voice_setting(hdev, skb);
2569 break;
2570
2571 case HCI_OP_WRITE_VOICE_SETTING:
2572 hci_cc_write_voice_setting(hdev, skb);
2573 break;
2574
b4cb9fb2
MH		 2575 case HCI_OP_READ_NUM_SUPPORTED_IAC:
2576 hci_cc_read_num_supported_iac(hdev, skb);
2577 break;
2578
333140b5
MH		 2579 case HCI_OP_WRITE_SSP_MODE:
2580 hci_cc_write_ssp_mode(hdev, skb);
2581 break;
2582
eac83dc6
MH		 2583 case HCI_OP_WRITE_SC_SUPPORT:
2584 hci_cc_write_sc_support(hdev, skb);
2585 break;
2586
a9de9248
MH		 2587 case HCI_OP_READ_LOCAL_VERSION:
2588 hci_cc_read_local_version(hdev, skb);
2589 break;
2590
2591 case HCI_OP_READ_LOCAL_COMMANDS:
2592 hci_cc_read_local_commands(hdev, skb);
2593 break;
2594
2595 case HCI_OP_READ_LOCAL_FEATURES:
2596 hci_cc_read_local_features(hdev, skb);
2597 break;
2598
971e3a4b
AG		 2599 case HCI_OP_READ_LOCAL_EXT_FEATURES:
2600 hci_cc_read_local_ext_features(hdev, skb);
2601 break;
2602
a9de9248
MH		 2603 case HCI_OP_READ_BUFFER_SIZE:
2604 hci_cc_read_buffer_size(hdev, skb);
2605 break;
2606
2607 case HCI_OP_READ_BD_ADDR:
2608 hci_cc_read_bd_addr(hdev, skb);
2609 break;
2610
f332ec66
JH		 2611 case HCI_OP_READ_PAGE_SCAN_ACTIVITY:
2612 hci_cc_read_page_scan_activity(hdev, skb);
2613 break;
2614
4a3ee763
JH		 2615 case HCI_OP_WRITE_PAGE_SCAN_ACTIVITY:
2616 hci_cc_write_page_scan_activity(hdev, skb);
2617 break;
2618
f332ec66
JH		 2619 case HCI_OP_READ_PAGE_SCAN_TYPE:
2620 hci_cc_read_page_scan_type(hdev, skb);
2621 break;
2622
4a3ee763
JH		 2623 case HCI_OP_WRITE_PAGE_SCAN_TYPE:
2624 hci_cc_write_page_scan_type(hdev, skb);
2625 break;
2626
350ee4cf
AE		 2627 case HCI_OP_READ_DATA_BLOCK_SIZE:
2628 hci_cc_read_data_block_size(hdev, skb);
2629 break;
2630
1e89cffb
AE		 2631 case HCI_OP_READ_FLOW_CONTROL_MODE:
2632 hci_cc_read_flow_control_mode(hdev, skb);
2633 break;
2634
928abaa7
AE		 2635 case HCI_OP_READ_LOCAL_AMP_INFO:
2636 hci_cc_read_local_amp_info(hdev, skb);
2637 break;
2638
33f35721
JH		 2639 case HCI_OP_READ_CLOCK:
2640 hci_cc_read_clock(hdev, skb);
2641 break;
2642
903e4541
AE		 2643 case HCI_OP_READ_LOCAL_AMP_ASSOC:
2644 hci_cc_read_local_amp_assoc(hdev, skb);
2645 break;
2646
d5859e22
JH		 2647 case HCI_OP_READ_INQ_RSP_TX_POWER:
2648 hci_cc_read_inq_rsp_tx_power(hdev, skb);
2649 break;
2650
980e1a53
JH		 2651 case HCI_OP_PIN_CODE_REPLY:
2652 hci_cc_pin_code_reply(hdev, skb);
2653 break;
2654
2655 case HCI_OP_PIN_CODE_NEG_REPLY:
2656 hci_cc_pin_code_neg_reply(hdev, skb);
2657 break;
2658
c35938b2 2659 case HCI_OP_READ_LOCAL_OOB_DATA:
4d2d2796
MH		 2660 hci_cc_read_local_oob_data(hdev, skb);
2661 break;
2662
2663 case HCI_OP_READ_LOCAL_OOB_EXT_DATA:
2664 hci_cc_read_local_oob_ext_data(hdev, skb);
c35938b2
SJ		 2665 break;
2666
6ed58ec5
VT		 2667 case HCI_OP_LE_READ_BUFFER_SIZE:
2668 hci_cc_le_read_buffer_size(hdev, skb);
2669 break;
2670
60e77321
JH		 2671 case HCI_OP_LE_READ_LOCAL_FEATURES:
2672 hci_cc_le_read_local_features(hdev, skb);
2673 break;
2674
8fa19098
JH		 2675 case HCI_OP_LE_READ_ADV_TX_POWER:
2676 hci_cc_le_read_adv_tx_power(hdev, skb);
2677 break;
2678
a5c29683
JH		 2679 case HCI_OP_USER_CONFIRM_REPLY:
2680 hci_cc_user_confirm_reply(hdev, skb);
2681 break;
2682
2683 case HCI_OP_USER_CONFIRM_NEG_REPLY:
2684 hci_cc_user_confirm_neg_reply(hdev, skb);
2685 break;
2686
1143d458
BG		 2687 case HCI_OP_USER_PASSKEY_REPLY:
2688 hci_cc_user_passkey_reply(hdev, skb);
2689 break;
2690
2691 case HCI_OP_USER_PASSKEY_NEG_REPLY:
2692 hci_cc_user_passkey_neg_reply(hdev, skb);
16cde993 2693 break;
07f7fa5d 2694
7a4cd51d
MH		 2695 case HCI_OP_LE_SET_RANDOM_ADDR:
2696 hci_cc_le_set_random_addr(hdev, skb);
2697 break;
2698
c1d5dc4a
JH		 2699 case HCI_OP_LE_SET_ADV_ENABLE:
2700 hci_cc_le_set_adv_enable(hdev, skb);
2701 break;
2702
533553f8
MH		 2703 case HCI_OP_LE_SET_SCAN_PARAM:
2704 hci_cc_le_set_scan_param(hdev, skb);
2705 break;
2706
eb9d91f5
AG		 2707 case HCI_OP_LE_SET_SCAN_ENABLE:
2708 hci_cc_le_set_scan_enable(hdev, skb);
2709 break;
2710
cf1d081f
JH		 2711 case HCI_OP_LE_READ_WHITE_LIST_SIZE:
2712 hci_cc_le_read_white_list_size(hdev, skb);
2713 break;
2714
0f36b589
MH		 2715 case HCI_OP_LE_CLEAR_WHITE_LIST:
2716 hci_cc_le_clear_white_list(hdev, skb);
2717 break;
2718
2719 case HCI_OP_LE_ADD_TO_WHITE_LIST:
2720 hci_cc_le_add_to_white_list(hdev, skb);
2721 break;
2722
2723 case HCI_OP_LE_DEL_FROM_WHITE_LIST:
2724 hci_cc_le_del_from_white_list(hdev, skb);
2725 break;
2726
9b008c04
JH		 2727 case HCI_OP_LE_READ_SUPPORTED_STATES:
2728 hci_cc_le_read_supported_states(hdev, skb);
2729 break;
2730
f9b49306
AG		 2731 case HCI_OP_WRITE_LE_HOST_SUPPORTED:
2732 hci_cc_write_le_host_supported(hdev, skb);
2733 break;
2734
56ed2cb8
JH		 2735 case HCI_OP_LE_SET_ADV_PARAM:
2736 hci_cc_set_adv_param(hdev, skb);
2737 break;
2738
93c284ee
AE		 2739 case HCI_OP_WRITE_REMOTE_AMP_ASSOC:
2740 hci_cc_write_remote_amp_assoc(hdev, skb);
2741 break;
2742
5ae76a94
AK		 2743 case HCI_OP_READ_RSSI:
2744 hci_cc_read_rssi(hdev, skb);
2745 break;
2746
5a134fae
AK		 2747 case HCI_OP_READ_TX_POWER:
2748 hci_cc_read_tx_power(hdev, skb);
2749 break;
2750
a9de9248 2751 default:
9f1db00c 2752 BT_DBG("%s opcode 0x%4.4x", hdev->name, opcode);
a9de9248
MH		 2753 break;
2754 }
2755
ad82cdd1 2756 if (opcode != HCI_OP_NOP)
65cc2b49 2757 cancel_delayed_work(&hdev->cmd_timer);
6bd32326 2758
ad82cdd1 2759 hci_req_cmd_complete(hdev, opcode, status);
9238f36a 2760
dbccd791 2761 if (ev->ncmd && !test_bit(HCI_RESET, &hdev->flags)) {
a9de9248
MH		 2762 atomic_set(&hdev->cmd_cnt, 1);
2763 if (!skb_queue_empty(&hdev->cmd_q))
c347b765 2764 queue_work(hdev->workqueue, &hdev->cmd_work);
a9de9248
MH		 2765 }
2766}
2767
6039aa73 2768static void hci_cmd_status_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248
MH		 2769{
2770 struct hci_ev_cmd_status *ev = (void *) skb->data;
2771 __u16 opcode;
2772
2773 skb_pull(skb, sizeof(*ev));
2774
2775 opcode = __le16_to_cpu(ev->opcode);
2776
2777 switch (opcode) {
2778 case HCI_OP_INQUIRY:
2779 hci_cs_inquiry(hdev, ev->status);
2780 break;
2781
2782 case HCI_OP_CREATE_CONN:
2783 hci_cs_create_conn(hdev, ev->status);
2784 break;
2785
2786 case HCI_OP_ADD_SCO:
2787 hci_cs_add_sco(hdev, ev->status);
2788 break;
2789
f8558555
MH		 2790 case HCI_OP_AUTH_REQUESTED:
2791 hci_cs_auth_requested(hdev, ev->status);
2792 break;
2793
2794 case HCI_OP_SET_CONN_ENCRYPT:
2795 hci_cs_set_conn_encrypt(hdev, ev->status);
2796 break;
2797
a9de9248
MH		 2798 case HCI_OP_REMOTE_NAME_REQ:
2799 hci_cs_remote_name_req(hdev, ev->status);
2800 break;
2801
769be974
MH		 2802 case HCI_OP_READ_REMOTE_FEATURES:
2803 hci_cs_read_remote_features(hdev, ev->status);
2804 break;
2805
2806 case HCI_OP_READ_REMOTE_EXT_FEATURES:
2807 hci_cs_read_remote_ext_features(hdev, ev->status);
2808 break;
2809
a9de9248
MH		 2810 case HCI_OP_SETUP_SYNC_CONN:
2811 hci_cs_setup_sync_conn(hdev, ev->status);
2812 break;
2813
2814 case HCI_OP_SNIFF_MODE:
2815 hci_cs_sniff_mode(hdev, ev->status);
2816 break;
2817
2818 case HCI_OP_EXIT_SNIFF_MODE:
2819 hci_cs_exit_sniff_mode(hdev, ev->status);
2820 break;
2821
8962ee74 2822 case HCI_OP_DISCONNECT:
88c3df13 2823 hci_cs_disconnect(hdev, ev->status);
8962ee74
JH		 2824 break;
2825
a02226d6
AE		 2826 case HCI_OP_CREATE_PHY_LINK:
2827 hci_cs_create_phylink(hdev, ev->status);
2828 break;
2829
0b26ab9d
AE		 2830 case HCI_OP_ACCEPT_PHY_LINK:
2831 hci_cs_accept_phylink(hdev, ev->status);
2832 break;
2833
cb1d68f7
JH		 2834 case HCI_OP_LE_CREATE_CONN:
2835 hci_cs_le_create_conn(hdev, ev->status);
2836 break;
2837
81d0c8ad
JH		 2838 case HCI_OP_LE_START_ENC:
2839 hci_cs_le_start_enc(hdev, ev->status);
2840 break;
2841
a9de9248 2842 default:
9f1db00c 2843 BT_DBG("%s opcode 0x%4.4x", hdev->name, opcode);
a9de9248
MH		 2844 break;
2845 }
2846
ad82cdd1 2847 if (opcode != HCI_OP_NOP)
65cc2b49 2848 cancel_delayed_work(&hdev->cmd_timer);
6bd32326 2849
02350a72
JH		 2850 if (ev->status ||
2851 (hdev->sent_cmd && !bt_cb(hdev->sent_cmd)->req.event))
2852 hci_req_cmd_complete(hdev, opcode, ev->status);
9238f36a 2853
10572132 2854 if (ev->ncmd && !test_bit(HCI_RESET, &hdev->flags)) {
a9de9248
MH		 2855 atomic_set(&hdev->cmd_cnt, 1);
2856 if (!skb_queue_empty(&hdev->cmd_q))
c347b765 2857 queue_work(hdev->workqueue, &hdev->cmd_work);
a9de9248
MH		 2858 }
2859}
2860
6039aa73 2861static void hci_role_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248
MH		 2862{
2863 struct hci_ev_role_change *ev = (void *) skb->data;
2864 struct hci_conn *conn;
2865
9f1db00c 2866 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
a9de9248
MH		 2867
2868 hci_dev_lock(hdev);
2869
2870 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2871 if (conn) {
2872 if (!ev->status) {
2873 if (ev->role)
4dae2798 2874 clear_bit(HCI_CONN_MASTER, &conn->flags);
a9de9248 2875 else
4dae2798 2876 set_bit(HCI_CONN_MASTER, &conn->flags);
a9de9248
MH		 2877 }
2878
51a8efd7 2879 clear_bit(HCI_CONN_RSWITCH_PEND, &conn->flags);
a9de9248
MH		 2880
2881 hci_role_switch_cfm(conn, ev->status, ev->role);
2882 }
2883
2884 hci_dev_unlock(hdev);
2885}
2886
6039aa73 2887static void hci_num_comp_pkts_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248
MH		 2888{
2889 struct hci_ev_num_comp_pkts *ev = (void *) skb->data;
a9de9248
MH		 2890 int i;
2891
32ac5b9b
AE		 2892 if (hdev->flow_ctl_mode != HCI_FLOW_CTL_MODE_PACKET_BASED) {
2893 BT_ERR("Wrong event for mode %d", hdev->flow_ctl_mode);
2894 return;
2895 }
2896
c5993de8 2897 if (skb->len < sizeof(*ev) || skb->len < sizeof(*ev) +
807deac2 2898 ev->num_hndl * sizeof(struct hci_comp_pkts_info)) {
a9de9248
MH		 2899 BT_DBG("%s bad parameters", hdev->name);
2900 return;
2901 }
2902
c5993de8
AE		 2903 BT_DBG("%s num_hndl %d", hdev->name, ev->num_hndl);
2904
613a1c0c
AE		 2905 for (i = 0; i < ev->num_hndl; i++) {
2906 struct hci_comp_pkts_info *info = &ev->handles[i];
a9de9248
MH		 2907 struct hci_conn *conn;
2908 __u16 handle, count;
2909
613a1c0c
AE		 2910 handle = __le16_to_cpu(info->handle);
2911 count = __le16_to_cpu(info->count);
a9de9248
MH		 2912
2913 conn = hci_conn_hash_lookup_handle(hdev, handle);
f4280918
AE		 2914 if (!conn)
2915 continue;
2916
2917 conn->sent -= count;
2918
2919 switch (conn->type) {
2920 case ACL_LINK:
2921 hdev->acl_cnt += count;
2922 if (hdev->acl_cnt > hdev->acl_pkts)
2923 hdev->acl_cnt = hdev->acl_pkts;
2924 break;
2925
2926 case LE_LINK:
2927 if (hdev->le_pkts) {
2928 hdev->le_cnt += count;
2929 if (hdev->le_cnt > hdev->le_pkts)
2930 hdev->le_cnt = hdev->le_pkts;
2931 } else {
70f23020
AE		 2932 hdev->acl_cnt += count;
2933 if (hdev->acl_cnt > hdev->acl_pkts)
a9de9248 2934 hdev->acl_cnt = hdev->acl_pkts;
a9de9248 2935 }
f4280918
AE		 2936 break;
2937
2938 case SCO_LINK:
2939 hdev->sco_cnt += count;
2940 if (hdev->sco_cnt > hdev->sco_pkts)
2941 hdev->sco_cnt = hdev->sco_pkts;
2942 break;
2943
2944 default:
2945 BT_ERR("Unknown type %d conn %p", conn->type, conn);
2946 break;
a9de9248
MH		 2947 }
2948 }
2949
3eff45ea 2950 queue_work(hdev->workqueue, &hdev->tx_work);
a9de9248
MH		 2951}
2952
76ef7cf7
AE		 2953static struct hci_conn *__hci_conn_lookup_handle(struct hci_dev *hdev,
2954 __u16 handle)
2955{
2956 struct hci_chan *chan;
2957
2958 switch (hdev->dev_type) {
2959 case HCI_BREDR:
2960 return hci_conn_hash_lookup_handle(hdev, handle);
2961 case HCI_AMP:
2962 chan = hci_chan_lookup_handle(hdev, handle);
2963 if (chan)
2964 return chan->conn;
2965 break;
2966 default:
2967 BT_ERR("%s unknown dev_type %d", hdev->name, hdev->dev_type);
2968 break;
2969 }
2970
2971 return NULL;
2972}
2973
6039aa73 2974static void hci_num_comp_blocks_evt(struct hci_dev *hdev, struct sk_buff *skb)
25e89e99
AE		 2975{
2976 struct hci_ev_num_comp_blocks *ev = (void *) skb->data;
2977 int i;
2978
2979 if (hdev->flow_ctl_mode != HCI_FLOW_CTL_MODE_BLOCK_BASED) {
2980 BT_ERR("Wrong event for mode %d", hdev->flow_ctl_mode);
2981 return;
2982 }
2983
2984 if (skb->len < sizeof(*ev) || skb->len < sizeof(*ev) +
807deac2 2985 ev->num_hndl * sizeof(struct hci_comp_blocks_info)) {
25e89e99
AE		 2986 BT_DBG("%s bad parameters", hdev->name);
2987 return;
2988 }
2989
2990 BT_DBG("%s num_blocks %d num_hndl %d", hdev->name, ev->num_blocks,
807deac2 2991 ev->num_hndl);
25e89e99
AE		 2992
2993 for (i = 0; i < ev->num_hndl; i++) {
2994 struct hci_comp_blocks_info *info = &ev->handles[i];
76ef7cf7 2995 struct hci_conn *conn = NULL;
25e89e99
AE		 2996 __u16 handle, block_count;
2997
2998 handle = __le16_to_cpu(info->handle);
2999 block_count = __le16_to_cpu(info->blocks);
3000
76ef7cf7 3001 conn = __hci_conn_lookup_handle(hdev, handle);
25e89e99
AE		 3002 if (!conn)
3003 continue;
3004
3005 conn->sent -= block_count;
3006
3007 switch (conn->type) {
3008 case ACL_LINK:
bd1eb66b 3009 case AMP_LINK:
25e89e99
AE		 3010 hdev->block_cnt += block_count;
3011 if (hdev->block_cnt > hdev->num_blocks)
3012 hdev->block_cnt = hdev->num_blocks;
3013 break;
3014
3015 default:
3016 BT_ERR("Unknown type %d conn %p", conn->type, conn);
3017 break;
3018 }
3019 }
3020
3021 queue_work(hdev->workqueue, &hdev->tx_work);
3022}
3023
6039aa73 3024static void hci_mode_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
04837f64 3025{
a9de9248 3026 struct hci_ev_mode_change *ev = (void *) skb->data;
04837f64
MH		 3027 struct hci_conn *conn;
3028
9f1db00c 3029 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
04837f64
MH		 3030
3031 hci_dev_lock(hdev);
3032
3033 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
a9de9248
MH		 3034 if (conn) {
3035 conn->mode = ev->mode;
a9de9248 3036
8fc9ced3
GP		 3037 if (!test_and_clear_bit(HCI_CONN_MODE_CHANGE_PEND,
3038 &conn->flags)) {
a9de9248 3039 if (conn->mode == HCI_CM_ACTIVE)
58a681ef 3040 set_bit(HCI_CONN_POWER_SAVE, &conn->flags);
a9de9248 3041 else
58a681ef 3042 clear_bit(HCI_CONN_POWER_SAVE, &conn->flags);
a9de9248 3043 }
e73439d8 3044
51a8efd7 3045 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
e73439d8 3046 hci_sco_setup(conn, ev->status);
04837f64
MH		 3047 }
3048
3049 hci_dev_unlock(hdev);
3050}
3051
6039aa73 3052static void hci_pin_code_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248 3053{
052b30b0
MH		 3054 struct hci_ev_pin_code_req *ev = (void *) skb->data;
3055 struct hci_conn *conn;
3056
a9de9248 3057 BT_DBG("%s", hdev->name);
052b30b0
MH		 3058
3059 hci_dev_lock(hdev);
3060
3061 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
b6f98044
WR		 3062 if (!conn)
3063 goto unlock;
3064
3065 if (conn->state == BT_CONNECTED) {
052b30b0
MH		 3066 hci_conn_hold(conn);
3067 conn->disc_timeout = HCI_PAIRING_TIMEOUT;
76a68ba0 3068 hci_conn_drop(conn);
052b30b0
MH		 3069 }
3070
a8b2d5c2 3071 if (!test_bit(HCI_PAIRABLE, &hdev->dev_flags))
03b555e1 3072 hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
807deac2 3073 sizeof(ev->bdaddr), &ev->bdaddr);
a8b2d5c2 3074 else if (test_bit(HCI_MGMT, &hdev->dev_flags)) {
a770bb5a
WR		 3075 u8 secure;
3076
3077 if (conn->pending_sec_level == BT_SECURITY_HIGH)
3078 secure = 1;
3079 else
3080 secure = 0;
3081
744cf19e 3082 mgmt_pin_code_request(hdev, &ev->bdaddr, secure);
a770bb5a 3083 }
980e1a53 3084
b6f98044 3085unlock:
052b30b0 3086 hci_dev_unlock(hdev);
a9de9248
MH		 3087}
3088
6039aa73 3089static void hci_link_key_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248 3090{
55ed8ca1
JH		 3091 struct hci_ev_link_key_req *ev = (void *) skb->data;
3092 struct hci_cp_link_key_reply cp;
3093 struct hci_conn *conn;
3094 struct link_key *key;
3095
a9de9248 3096 BT_DBG("%s", hdev->name);
55ed8ca1 3097
034cbea0 3098 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
55ed8ca1
JH		 3099 return;
3100
3101 hci_dev_lock(hdev);
3102
3103 key = hci_find_link_key(hdev, &ev->bdaddr);
3104 if (!key) {
6ed93dc6
AE		 3105 BT_DBG("%s link key not found for %pMR", hdev->name,
3106 &ev->bdaddr);
55ed8ca1
JH		 3107 goto not_found;
3108 }
3109
6ed93dc6
AE		 3110 BT_DBG("%s found key type %u for %pMR", hdev->name, key->type,
3111 &ev->bdaddr);
55ed8ca1 3112
55ed8ca1 3113 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
60b83f57 3114 if (conn) {
66138ce8
MH		 3115 if ((key->type == HCI_LK_UNAUTH_COMBINATION_P192 ||
3116 key->type == HCI_LK_UNAUTH_COMBINATION_P256) &&
807deac2 3117 conn->auth_type != 0xff && (conn->auth_type & 0x01)) {
60b83f57
WR		 3118 BT_DBG("%s ignoring unauthenticated key", hdev->name);
3119 goto not_found;
3120 }
55ed8ca1 3121
60b83f57 3122 if (key->type == HCI_LK_COMBINATION && key->pin_len < 16 &&
f3fb0b58
JH		 3123 (conn->pending_sec_level == BT_SECURITY_HIGH ||
3124 conn->pending_sec_level == BT_SECURITY_FIPS)) {
8fc9ced3
GP		 3125 BT_DBG("%s ignoring key unauthenticated for high security",
3126 hdev->name);
60b83f57
WR		 3127 goto not_found;
3128 }
3129
3130 conn->key_type = key->type;
3131 conn->pin_length = key->pin_len;
55ed8ca1
JH		 3132 }
3133
3134 bacpy(&cp.bdaddr, &ev->bdaddr);
9b3b4460 3135 memcpy(cp.link_key, key->val, HCI_LINK_KEY_SIZE);
55ed8ca1
JH		 3136
3137 hci_send_cmd(hdev, HCI_OP_LINK_KEY_REPLY, sizeof(cp), &cp);
3138
3139 hci_dev_unlock(hdev);
3140
3141 return;
3142
3143not_found:
3144 hci_send_cmd(hdev, HCI_OP_LINK_KEY_NEG_REPLY, 6, &ev->bdaddr);
3145 hci_dev_unlock(hdev);
a9de9248
MH		 3146}
3147
6039aa73 3148static void hci_link_key_notify_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248 3149{
052b30b0
MH		 3150 struct hci_ev_link_key_notify *ev = (void *) skb->data;
3151 struct hci_conn *conn;
7652ff6a
JH		 3152 struct link_key *key;
3153 bool persistent;
55ed8ca1 3154 u8 pin_len = 0;
052b30b0 3155
a9de9248 3156 BT_DBG("%s", hdev->name);
052b30b0
MH		 3157
3158 hci_dev_lock(hdev);
3159
3160 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3161 if (conn) {
3162 hci_conn_hold(conn);
3163 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
980e1a53 3164 pin_len = conn->pin_length;
13d39315
WR		 3165
3166 if (ev->key_type != HCI_LK_CHANGED_COMBINATION)
3167 conn->key_type = ev->key_type;
3168
76a68ba0 3169 hci_conn_drop(conn);
052b30b0
MH		 3170 }
3171
7652ff6a
JH		 3172 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
3173 goto unlock;
3174
3175 key = hci_add_link_key(hdev, conn, &ev->bdaddr, ev->link_key,
3176 ev->key_type, pin_len, &persistent);
3177 if (!key)
3178 goto unlock;
3179
3180 mgmt_new_link_key(hdev, key, persistent);
55ed8ca1 3181
6d5650c4
JH		 3182 /* Keep debug keys around only if the HCI_KEEP_DEBUG_KEYS flag
3183 * is set. If it's not set simply remove the key from the kernel
3184 * list (we've still notified user space about it but with
3185 * store_hint being 0).
3186 */
3187 if (key->type == HCI_LK_DEBUG_COMBINATION &&
3188 !test_bit(HCI_KEEP_DEBUG_KEYS, &hdev->dev_flags)) {
3189 list_del(&key->list);
3190 kfree(key);
3191 } else if (conn) {
af6a9c32
JH		 3192 if (persistent)
3193 clear_bit(HCI_CONN_FLUSH_KEY, &conn->flags);
3194 else
3195 set_bit(HCI_CONN_FLUSH_KEY, &conn->flags);
6d5650c4 3196 }
7652ff6a
JH		 3197
3198unlock:
052b30b0 3199 hci_dev_unlock(hdev);
a9de9248
MH		 3200}
3201
6039aa73 3202static void hci_clock_offset_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 3203{
a9de9248 3204 struct hci_ev_clock_offset *ev = (void *) skb->data;
04837f64 3205 struct hci_conn *conn;
1da177e4 3206
9f1db00c 3207 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
1da177e4
LT		 3208
3209 hci_dev_lock(hdev);
3210
04837f64 3211 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1da177e4
LT		 3212 if (conn && !ev->status) {
3213 struct inquiry_entry *ie;
3214
cc11b9c1
AE		 3215 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
3216 if (ie) {
1da177e4
LT		 3217 ie->data.clock_offset = ev->clock_offset;
3218 ie->timestamp = jiffies;
3219 }
3220 }
3221
3222 hci_dev_unlock(hdev);
3223}
3224
6039aa73 3225static void hci_pkt_type_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
a8746417
MH		 3226{
3227 struct hci_ev_pkt_type_change *ev = (void *) skb->data;
3228 struct hci_conn *conn;
3229
9f1db00c 3230 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
a8746417
MH		 3231
3232 hci_dev_lock(hdev);
3233
3234 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
3235 if (conn && !ev->status)
3236 conn->pkt_type = __le16_to_cpu(ev->pkt_type);
3237
3238 hci_dev_unlock(hdev);
3239}
3240
6039aa73 3241static void hci_pscan_rep_mode_evt(struct hci_dev *hdev, struct sk_buff *skb)
85a1e930 3242{
a9de9248 3243 struct hci_ev_pscan_rep_mode *ev = (void *) skb->data;
85a1e930
MH		 3244 struct inquiry_entry *ie;
3245
3246 BT_DBG("%s", hdev->name);
3247
3248 hci_dev_lock(hdev);
3249
cc11b9c1
AE		 3250 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
3251 if (ie) {
85a1e930
MH		 3252 ie->data.pscan_rep_mode = ev->pscan_rep_mode;
3253 ie->timestamp = jiffies;
3254 }
3255
3256 hci_dev_unlock(hdev);
3257}
3258
6039aa73
GP		 3259static void hci_inquiry_result_with_rssi_evt(struct hci_dev *hdev,
3260 struct sk_buff *skb)
a9de9248
MH		 3261{
3262 struct inquiry_data data;
3263 int num_rsp = *((__u8 *) skb->data);
3264
3265 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
3266
3267 if (!num_rsp)
3268 return;
3269
1519cc17
AG		 3270 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags))
3271 return;
3272
a9de9248
MH		 3273 hci_dev_lock(hdev);
3274
3275 if ((skb->len - 1) / num_rsp != sizeof(struct inquiry_info_with_rssi)) {
138d22ef
SJ		 3276 struct inquiry_info_with_rssi_and_pscan_mode *info;
3277 info = (void *) (skb->data + 1);
a9de9248 3278
e17acd40 3279 for (; num_rsp; num_rsp--, info++) {
af58925c
MH		 3280 u32 flags;
3281
a9de9248
MH		 3282 bacpy(&data.bdaddr, &info->bdaddr);
3283 data.pscan_rep_mode = info->pscan_rep_mode;
3284 data.pscan_period_mode = info->pscan_period_mode;
3285 data.pscan_mode = info->pscan_mode;
3286 memcpy(data.dev_class, info->dev_class, 3);
3287 data.clock_offset = info->clock_offset;
3288 data.rssi = info->rssi;
41a96212 3289 data.ssp_mode = 0x00;
3175405b 3290
af58925c
MH		 3291 flags = hci_inquiry_cache_update(hdev, &data, false);
3292
48264f06 3293 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
04124681 3294 info->dev_class, info->rssi,
af58925c 3295 flags, NULL, 0, NULL, 0);
a9de9248
MH		 3296 }
3297 } else {
3298 struct inquiry_info_with_rssi *info = (void *) (skb->data + 1);
3299
e17acd40 3300 for (; num_rsp; num_rsp--, info++) {
af58925c
MH		 3301 u32 flags;
3302
a9de9248
MH		 3303 bacpy(&data.bdaddr, &info->bdaddr);
3304 data.pscan_rep_mode = info->pscan_rep_mode;
3305 data.pscan_period_mode = info->pscan_period_mode;
3306 data.pscan_mode = 0x00;
3307 memcpy(data.dev_class, info->dev_class, 3);
3308 data.clock_offset = info->clock_offset;
3309 data.rssi = info->rssi;
41a96212 3310 data.ssp_mode = 0x00;
af58925c
MH		 3311
3312 flags = hci_inquiry_cache_update(hdev, &data, false);
3313
48264f06 3314 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
04124681 3315 info->dev_class, info->rssi,
af58925c 3316 flags, NULL, 0, NULL, 0);
a9de9248
MH		 3317 }
3318 }
3319
3320 hci_dev_unlock(hdev);
3321}
3322
6039aa73
GP		 3323static void hci_remote_ext_features_evt(struct hci_dev *hdev,
3324 struct sk_buff *skb)
a9de9248 3325{
41a96212
MH		 3326 struct hci_ev_remote_ext_features *ev = (void *) skb->data;
3327 struct hci_conn *conn;
3328
a9de9248 3329 BT_DBG("%s", hdev->name);
41a96212 3330
41a96212
MH		 3331 hci_dev_lock(hdev);
3332
3333 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
ccd556fe
JH		 3334 if (!conn)
3335 goto unlock;
41a96212 3336
cad718ed
JH		 3337 if (ev->page < HCI_MAX_PAGES)
3338 memcpy(conn->features[ev->page], ev->features, 8);
3339
ccd556fe
JH		 3340 if (!ev->status && ev->page == 0x01) {
3341 struct inquiry_entry *ie;
41a96212 3342
cc11b9c1
AE		 3343 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
3344 if (ie)
02b7cc62 3345 ie->data.ssp_mode = (ev->features[0] & LMP_HOST_SSP);
769be974 3346
bbb0eada 3347 if (ev->features[0] & LMP_HOST_SSP) {
58a681ef 3348 set_bit(HCI_CONN_SSP_ENABLED, &conn->flags);
bbb0eada
JK		 3349 } else {
3350 /* It is mandatory by the Bluetooth specification that
3351 * Extended Inquiry Results are only used when Secure
3352 * Simple Pairing is enabled, but some devices violate
3353 * this.
3354 *
3355 * To make these devices work, the internal SSP
3356 * enabled flag needs to be cleared if the remote host
3357 * features do not indicate SSP support */
3358 clear_bit(HCI_CONN_SSP_ENABLED, &conn->flags);
3359 }
eb9a8f3f
MH		 3360
3361 if (ev->features[0] & LMP_HOST_SC)
3362 set_bit(HCI_CONN_SC_ENABLED, &conn->flags);
ccd556fe
JH		 3363 }
3364
3365 if (conn->state != BT_CONFIG)
3366 goto unlock;
3367
671267bf 3368 if (!ev->status && !test_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags)) {
127178d2
JH		 3369 struct hci_cp_remote_name_req cp;
3370 memset(&cp, 0, sizeof(cp));
3371 bacpy(&cp.bdaddr, &conn->dst);
3372 cp.pscan_rep_mode = 0x02;
3373 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
b644ba33
JH		 3374 } else if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
3375 mgmt_device_connected(hdev, &conn->dst, conn->type,
04124681
GP		 3376 conn->dst_type, 0, NULL, 0,
3377 conn->dev_class);
392599b9 3378
127178d2 3379 if (!hci_outgoing_auth_needed(hdev, conn)) {
ccd556fe
JH		 3380 conn->state = BT_CONNECTED;
3381 hci_proto_connect_cfm(conn, ev->status);
76a68ba0 3382 hci_conn_drop(conn);
41a96212
MH		 3383 }
3384
ccd556fe 3385unlock:
41a96212 3386 hci_dev_unlock(hdev);
a9de9248
MH		 3387}
3388
6039aa73
GP		 3389static void hci_sync_conn_complete_evt(struct hci_dev *hdev,
3390 struct sk_buff *skb)
a9de9248 3391{
b6a0dc82
MH		 3392 struct hci_ev_sync_conn_complete *ev = (void *) skb->data;
3393 struct hci_conn *conn;
3394
9f1db00c 3395 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
b6a0dc82
MH		 3396
3397 hci_dev_lock(hdev);
3398
3399 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
9dc0a3af
MH		 3400 if (!conn) {
3401 if (ev->link_type == ESCO_LINK)
3402 goto unlock;
3403
3404 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
3405 if (!conn)
3406 goto unlock;
3407
3408 conn->type = SCO_LINK;
3409 }
b6a0dc82 3410
732547f9
MH		 3411 switch (ev->status) {
3412 case 0x00:
b6a0dc82
MH		 3413 conn->handle = __le16_to_cpu(ev->handle);
3414 conn->state = BT_CONNECTED;
7d0db0a3
MH		 3415
3416 hci_conn_add_sysfs(conn);
732547f9
MH		 3417 break;
3418
81218d20 3419 case 0x10: /* Connection Accept Timeout */
1a4c958c 3420 case 0x0d: /* Connection Rejected due to Limited Resources */
705e5711 3421 case 0x11: /* Unsupported Feature or Parameter Value */
732547f9 3422 case 0x1c: /* SCO interval rejected */
1038a00b 3423 case 0x1a: /* Unsupported Remote Feature */
732547f9 3424 case 0x1f: /* Unspecified error */
27539bc4 3425 case 0x20: /* Unsupported LMP Parameter value */
2dea632f 3426 if (conn->out) {
732547f9
MH		 3427 conn->pkt_type = (hdev->esco_type & SCO_ESCO_MASK) |
3428 (hdev->esco_type & EDR_ESCO_MASK);
2dea632f
FD		 3429 if (hci_setup_sync(conn, conn->link->handle))
3430 goto unlock;
732547f9
MH		 3431 }
3432 /* fall through */
3433
3434 default:
b6a0dc82 3435 conn->state = BT_CLOSED;
732547f9
MH		 3436 break;
3437 }
b6a0dc82
MH		 3438
3439 hci_proto_connect_cfm(conn, ev->status);
3440 if (ev->status)
3441 hci_conn_del(conn);
3442
3443unlock:
3444 hci_dev_unlock(hdev);
a9de9248
MH		 3445}
3446
efdcf8e3
MH		 3447static inline size_t eir_get_length(u8 *eir, size_t eir_len)
3448{
3449 size_t parsed = 0;
3450
3451 while (parsed < eir_len) {
3452 u8 field_len = eir[0];
3453
3454 if (field_len == 0)
3455 return parsed;
3456
3457 parsed += field_len + 1;
3458 eir += field_len + 1;
3459 }
3460
3461 return eir_len;
3462}
3463
6039aa73
GP		 3464static void hci_extended_inquiry_result_evt(struct hci_dev *hdev,
3465 struct sk_buff *skb)
1da177e4 3466{
a9de9248
MH		 3467 struct inquiry_data data;
3468 struct extended_inquiry_info *info = (void *) (skb->data + 1);
3469 int num_rsp = *((__u8 *) skb->data);
9d939d94 3470 size_t eir_len;
1da177e4 3471
a9de9248 3472 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
1da177e4 3473
a9de9248
MH		 3474 if (!num_rsp)
3475 return;
1da177e4 3476
1519cc17
AG		 3477 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags))
3478 return;
3479
a9de9248
MH		 3480 hci_dev_lock(hdev);
3481
e17acd40 3482 for (; num_rsp; num_rsp--, info++) {
af58925c
MH		 3483 u32 flags;
3484 bool name_known;
561aafbc 3485
a9de9248 3486 bacpy(&data.bdaddr, &info->bdaddr);
138d22ef
SJ		 3487 data.pscan_rep_mode = info->pscan_rep_mode;
3488 data.pscan_period_mode = info->pscan_period_mode;
3489 data.pscan_mode = 0x00;
a9de9248 3490 memcpy(data.dev_class, info->dev_class, 3);
138d22ef
SJ		 3491 data.clock_offset = info->clock_offset;
3492 data.rssi = info->rssi;
41a96212 3493 data.ssp_mode = 0x01;
561aafbc 3494
a8b2d5c2 3495 if (test_bit(HCI_MGMT, &hdev->dev_flags))
4ddb1930 3496 name_known = eir_has_data_type(info->data,
04124681
GP		 3497 sizeof(info->data),
3498 EIR_NAME_COMPLETE);
561aafbc
JH		 3499 else
3500 name_known = true;
3501
af58925c
MH		 3502 flags = hci_inquiry_cache_update(hdev, &data, name_known);
3503
9d939d94 3504 eir_len = eir_get_length(info->data, sizeof(info->data));
af58925c 3505
48264f06 3506 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
af58925c
MH		 3507 info->dev_class, info->rssi,
3508 flags, info->data, eir_len, NULL, 0);
a9de9248
MH		 3509 }
3510
3511 hci_dev_unlock(hdev);
3512}
1da177e4 3513
1c2e0041
JH		 3514static void hci_key_refresh_complete_evt(struct hci_dev *hdev,
3515 struct sk_buff *skb)
3516{
3517 struct hci_ev_key_refresh_complete *ev = (void *) skb->data;
3518 struct hci_conn *conn;
3519
9f1db00c 3520 BT_DBG("%s status 0x%2.2x handle 0x%4.4x", hdev->name, ev->status,
1c2e0041
JH		 3521 __le16_to_cpu(ev->handle));
3522
3523 hci_dev_lock(hdev);
3524
3525 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
3526 if (!conn)
3527 goto unlock;
3528
9eb1fbfa
JH		 3529 /* For BR/EDR the necessary steps are taken through the
3530 * auth_complete event.
3531 */
3532 if (conn->type != LE_LINK)
3533 goto unlock;
3534
1c2e0041
JH		 3535 if (!ev->status)
3536 conn->sec_level = conn->pending_sec_level;
3537
3538 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
3539
3540 if (ev->status && conn->state == BT_CONNECTED) {
bed71748 3541 hci_disconnect(conn, HCI_ERROR_AUTH_FAILURE);
76a68ba0 3542 hci_conn_drop(conn);
1c2e0041
JH		 3543 goto unlock;
3544 }
3545
3546 if (conn->state == BT_CONFIG) {
3547 if (!ev->status)
3548 conn->state = BT_CONNECTED;
3549
3550 hci_proto_connect_cfm(conn, ev->status);
76a68ba0 3551 hci_conn_drop(conn);
1c2e0041
JH		 3552 } else {
3553 hci_auth_cfm(conn, ev->status);
3554
3555 hci_conn_hold(conn);
3556 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
76a68ba0 3557 hci_conn_drop(conn);
1c2e0041
JH		 3558 }
3559
3560unlock:
3561 hci_dev_unlock(hdev);
3562}
3563
6039aa73 3564static u8 hci_get_auth_req(struct hci_conn *conn)
17fa4b9d 3565{
17fa4b9d 3566 /* If remote requests no-bonding follow that lead */
acabae96
MA		 3567 if (conn->remote_auth == HCI_AT_NO_BONDING ||
3568 conn->remote_auth == HCI_AT_NO_BONDING_MITM)
58797bf7 3569 return conn->remote_auth | (conn->auth_type & 0x01);
17fa4b9d 3570
b7f94c88
MA		 3571 /* If both remote and local have enough IO capabilities, require
3572 * MITM protection
3573 */
3574 if (conn->remote_cap != HCI_IO_NO_INPUT_OUTPUT &&
3575 conn->io_capability != HCI_IO_NO_INPUT_OUTPUT)
3576 return conn->remote_auth | 0x01;
3577
7e74170a
TM		 3578 /* No MITM protection possible so ignore remote requirement */
3579 return (conn->remote_auth & ~0x01) | (conn->auth_type & 0x01);
17fa4b9d
JH		 3580}
3581
6039aa73 3582static void hci_io_capa_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
0493684e
MH		 3583{
3584 struct hci_ev_io_capa_request *ev = (void *) skb->data;
3585 struct hci_conn *conn;
3586
3587 BT_DBG("%s", hdev->name);
3588
3589 hci_dev_lock(hdev);
3590
3591 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
03b555e1
JH		 3592 if (!conn)
3593 goto unlock;
3594
3595 hci_conn_hold(conn);
3596
a8b2d5c2 3597 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
03b555e1
JH		 3598 goto unlock;
3599
a8b2d5c2 3600 if (test_bit(HCI_PAIRABLE, &hdev->dev_flags) ||
807deac2 3601 (conn->remote_auth & ~0x01) == HCI_AT_NO_BONDING) {
17fa4b9d
JH		 3602 struct hci_cp_io_capability_reply cp;
3603
3604 bacpy(&cp.bdaddr, &ev->bdaddr);
7a7f1e7c
HG		 3605 /* Change the IO capability from KeyboardDisplay
3606 * to DisplayYesNo as it is not supported by BT spec. */
3607 cp.capability = (conn->io_capability == 0x04) ?
a767631a 3608 HCI_IO_DISPLAY_YESNO : conn->io_capability;
b7f94c88
MA		 3609
3610 /* If we are initiators, there is no remote information yet */
3611 if (conn->remote_auth == 0xff) {
3612 cp.authentication = conn->auth_type;
6fd6b915 3613
b16c6604 3614 /* Request MITM protection if our IO caps allow it
4ad51a75
JH		 3615 * except for the no-bonding case.
3616 * conn->auth_type is not updated here since
3617 * that might cause the user confirmation to be
3618 * rejected in case the remote doesn't have the
3619 * IO capabilities for MITM.
b16c6604 3620 */
6fd6b915 3621 if (conn->io_capability != HCI_IO_NO_INPUT_OUTPUT &&
b16c6604 3622 cp.authentication != HCI_AT_NO_BONDING)
6fd6b915 3623 cp.authentication |= 0x01;
b7f94c88
MA		 3624 } else {
3625 conn->auth_type = hci_get_auth_req(conn);
3626 cp.authentication = conn->auth_type;
3627 }
17fa4b9d 3628
8fc9ced3
GP		 3629 if (hci_find_remote_oob_data(hdev, &conn->dst) &&
3630 (conn->out || test_bit(HCI_CONN_REMOTE_OOB, &conn->flags)))
ce85ee13
SJ		 3631 cp.oob_data = 0x01;
3632 else
3633 cp.oob_data = 0x00;
3634
17fa4b9d 3635 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_REPLY,
807deac2 3636 sizeof(cp), &cp);
03b555e1
JH		 3637 } else {
3638 struct hci_cp_io_capability_neg_reply cp;
3639
3640 bacpy(&cp.bdaddr, &ev->bdaddr);
9f5a0d7b 3641 cp.reason = HCI_ERROR_PAIRING_NOT_ALLOWED;
0493684e 3642
03b555e1 3643 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_NEG_REPLY,
807deac2 3644 sizeof(cp), &cp);
03b555e1
JH		 3645 }
3646
3647unlock:
3648 hci_dev_unlock(hdev);
3649}
3650
6039aa73 3651static void hci_io_capa_reply_evt(struct hci_dev *hdev, struct sk_buff *skb)
03b555e1
JH		 3652{
3653 struct hci_ev_io_capa_reply *ev = (void *) skb->data;
3654 struct hci_conn *conn;
3655
3656 BT_DBG("%s", hdev->name);
3657
3658 hci_dev_lock(hdev);
3659
3660 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3661 if (!conn)
3662 goto unlock;
3663
03b555e1 3664 conn->remote_cap = ev->capability;
03b555e1 3665 conn->remote_auth = ev->authentication;
58a681ef
JH		 3666 if (ev->oob_data)
3667 set_bit(HCI_CONN_REMOTE_OOB, &conn->flags);
03b555e1
JH		 3668
3669unlock:
0493684e
MH		 3670 hci_dev_unlock(hdev);
3671}
3672
6039aa73
GP		 3673static void hci_user_confirm_request_evt(struct hci_dev *hdev,
3674 struct sk_buff *skb)
a5c29683
JH		 3675{
3676 struct hci_ev_user_confirm_req *ev = (void *) skb->data;
55bc1a37 3677 int loc_mitm, rem_mitm, confirm_hint = 0;
7a828908 3678 struct hci_conn *conn;
a5c29683
JH		 3679
3680 BT_DBG("%s", hdev->name);
3681
3682 hci_dev_lock(hdev);
3683
a8b2d5c2 3684 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
7a828908 3685 goto unlock;
a5c29683 3686
7a828908
JH		 3687 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3688 if (!conn)
3689 goto unlock;
3690
3691 loc_mitm = (conn->auth_type & 0x01);
3692 rem_mitm = (conn->remote_auth & 0x01);
3693
3694 /* If we require MITM but the remote device can't provide that
6fd6b915
MA		 3695 * (it has NoInputNoOutput) then reject the confirmation request
3696 */
3697 if (loc_mitm && conn->remote_cap == HCI_IO_NO_INPUT_OUTPUT) {
7a828908
JH		 3698 BT_DBG("Rejecting request: remote device can't provide MITM");
3699 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_NEG_REPLY,
807deac2 3700 sizeof(ev->bdaddr), &ev->bdaddr);
7a828908
JH		 3701 goto unlock;
3702 }
3703
3704 /* If no side requires MITM protection; auto-accept */
a767631a
MA		 3705 if ((!loc_mitm || conn->remote_cap == HCI_IO_NO_INPUT_OUTPUT) &&
3706 (!rem_mitm || conn->io_capability == HCI_IO_NO_INPUT_OUTPUT)) {
55bc1a37
JH		 3707
3708 /* If we're not the initiators request authorization to
3709 * proceed from user space (mgmt_user_confirm with
ba15a58b
JH		 3710 * confirm_hint set to 1). The exception is if neither
3711 * side had MITM in which case we do auto-accept.
3712 */
3713 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->flags) &&
3714 (loc_mitm || rem_mitm)) {
55bc1a37
JH		 3715 BT_DBG("Confirming auto-accept as acceptor");
3716 confirm_hint = 1;
3717 goto confirm;
3718 }
3719
9f61656a 3720 BT_DBG("Auto-accept of user confirmation with %ums delay",
807deac2 3721 hdev->auto_accept_delay);
9f61656a
JH		 3722
3723 if (hdev->auto_accept_delay > 0) {
3724 int delay = msecs_to_jiffies(hdev->auto_accept_delay);
7bc18d9d
JH		 3725 queue_delayed_work(conn->hdev->workqueue,
3726 &conn->auto_accept_work, delay);
9f61656a
JH		 3727 goto unlock;
3728 }
3729
7a828908 3730 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_REPLY,
807deac2 3731 sizeof(ev->bdaddr), &ev->bdaddr);
7a828908
JH		 3732 goto unlock;
3733 }
3734
55bc1a37 3735confirm:
39adbffe
JH		 3736 mgmt_user_confirm_request(hdev, &ev->bdaddr, ACL_LINK, 0,
3737 le32_to_cpu(ev->passkey), confirm_hint);
7a828908
JH		 3738
3739unlock:
a5c29683
JH		 3740 hci_dev_unlock(hdev);
3741}
3742
6039aa73
GP		 3743static void hci_user_passkey_request_evt(struct hci_dev *hdev,
3744 struct sk_buff *skb)
1143d458
BG		 3745{
3746 struct hci_ev_user_passkey_req *ev = (void *) skb->data;
3747
3748 BT_DBG("%s", hdev->name);
3749
a8b2d5c2 3750 if (test_bit(HCI_MGMT, &hdev->dev_flags))
272d90df 3751 mgmt_user_passkey_request(hdev, &ev->bdaddr, ACL_LINK, 0);
1143d458
BG		 3752}
3753
92a25256
JH		 3754static void hci_user_passkey_notify_evt(struct hci_dev *hdev,
3755 struct sk_buff *skb)
3756{
3757 struct hci_ev_user_passkey_notify *ev = (void *) skb->data;
3758 struct hci_conn *conn;
3759
3760 BT_DBG("%s", hdev->name);
3761
3762 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3763 if (!conn)
3764 return;
3765
3766 conn->passkey_notify = __le32_to_cpu(ev->passkey);
3767 conn->passkey_entered = 0;
3768
3769 if (test_bit(HCI_MGMT, &hdev->dev_flags))
3770 mgmt_user_passkey_notify(hdev, &conn->dst, conn->type,
3771 conn->dst_type, conn->passkey_notify,
3772 conn->passkey_entered);
3773}
3774
3775static void hci_keypress_notify_evt(struct hci_dev *hdev, struct sk_buff *skb)
3776{
3777 struct hci_ev_keypress_notify *ev = (void *) skb->data;
3778 struct hci_conn *conn;
3779
3780 BT_DBG("%s", hdev->name);
3781
3782 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3783 if (!conn)
3784 return;
3785
3786 switch (ev->type) {
3787 case HCI_KEYPRESS_STARTED:
3788 conn->passkey_entered = 0;
3789 return;
3790
3791 case HCI_KEYPRESS_ENTERED:
3792 conn->passkey_entered++;
3793 break;
3794
3795 case HCI_KEYPRESS_ERASED:
3796 conn->passkey_entered--;
3797 break;
3798
3799 case HCI_KEYPRESS_CLEARED:
3800 conn->passkey_entered = 0;
3801 break;
3802
3803 case HCI_KEYPRESS_COMPLETED:
3804 return;
3805 }
3806
3807 if (test_bit(HCI_MGMT, &hdev->dev_flags))
3808 mgmt_user_passkey_notify(hdev, &conn->dst, conn->type,
3809 conn->dst_type, conn->passkey_notify,
3810 conn->passkey_entered);
3811}
3812
6039aa73
GP		 3813static void hci_simple_pair_complete_evt(struct hci_dev *hdev,
3814 struct sk_buff *skb)
0493684e
MH		 3815{
3816 struct hci_ev_simple_pair_complete *ev = (void *) skb->data;
3817 struct hci_conn *conn;
3818
3819 BT_DBG("%s", hdev->name);
3820
3821 hci_dev_lock(hdev);
3822
3823 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2a611692
JH		 3824 if (!conn)
3825 goto unlock;
3826
3827 /* To avoid duplicate auth_failed events to user space we check
3828 * the HCI_CONN_AUTH_PEND flag which will be set if we
3829 * initiated the authentication. A traditional auth_complete
3830 * event gets always produced as initiator and is also mapped to
3831 * the mgmt_auth_failed event */
fa1bd918 3832 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->flags) && ev->status)
bab73cb6 3833 mgmt_auth_failed(hdev, &conn->dst, conn->type, conn->dst_type,
04124681 3834 ev->status);
0493684e 3835
76a68ba0 3836 hci_conn_drop(conn);
2a611692
JH		 3837
3838unlock:
0493684e
MH		 3839 hci_dev_unlock(hdev);
3840}
3841
6039aa73
GP		 3842static void hci_remote_host_features_evt(struct hci_dev *hdev,
3843 struct sk_buff *skb)
41a96212
MH		 3844{
3845 struct hci_ev_remote_host_features *ev = (void *) skb->data;
3846 struct inquiry_entry *ie;
cad718ed 3847 struct hci_conn *conn;
41a96212
MH		 3848
3849 BT_DBG("%s", hdev->name);
3850
3851 hci_dev_lock(hdev);
3852
cad718ed
JH		 3853 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3854 if (conn)
3855 memcpy(conn->features[1], ev->features, 8);
3856
cc11b9c1
AE		 3857 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
3858 if (ie)
02b7cc62 3859 ie->data.ssp_mode = (ev->features[0] & LMP_HOST_SSP);
41a96212
MH		 3860
3861 hci_dev_unlock(hdev);
3862}
3863
6039aa73
GP		 3864static void hci_remote_oob_data_request_evt(struct hci_dev *hdev,
3865 struct sk_buff *skb)
2763eda6
SJ		 3866{
3867 struct hci_ev_remote_oob_data_request *ev = (void *) skb->data;
3868 struct oob_data *data;
3869
3870 BT_DBG("%s", hdev->name);
3871
3872 hci_dev_lock(hdev);
3873
a8b2d5c2 3874 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
e1ba1f15
SJ		 3875 goto unlock;
3876
2763eda6
SJ		 3877 data = hci_find_remote_oob_data(hdev, &ev->bdaddr);
3878 if (data) {
519ca9d0
MH		 3879 if (test_bit(HCI_SC_ENABLED, &hdev->dev_flags)) {
3880 struct hci_cp_remote_oob_ext_data_reply cp;
2763eda6 3881
519ca9d0
MH		 3882 bacpy(&cp.bdaddr, &ev->bdaddr);
3883 memcpy(cp.hash192, data->hash192, sizeof(cp.hash192));
3884 memcpy(cp.randomizer192, data->randomizer192,
3885 sizeof(cp.randomizer192));
3886 memcpy(cp.hash256, data->hash256, sizeof(cp.hash256));
3887 memcpy(cp.randomizer256, data->randomizer256,
3888 sizeof(cp.randomizer256));
3889
3890 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_EXT_DATA_REPLY,
3891 sizeof(cp), &cp);
3892 } else {
3893 struct hci_cp_remote_oob_data_reply cp;
2763eda6 3894
519ca9d0
MH		 3895 bacpy(&cp.bdaddr, &ev->bdaddr);
3896 memcpy(cp.hash, data->hash192, sizeof(cp.hash));
3897 memcpy(cp.randomizer, data->randomizer192,
3898 sizeof(cp.randomizer));
3899
3900 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_REPLY,
3901 sizeof(cp), &cp);
3902 }
2763eda6
SJ		 3903 } else {
3904 struct hci_cp_remote_oob_data_neg_reply cp;
3905
3906 bacpy(&cp.bdaddr, &ev->bdaddr);
519ca9d0
MH		 3907 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_NEG_REPLY,
3908 sizeof(cp), &cp);
2763eda6
SJ		 3909 }
3910
e1ba1f15 3911unlock:
2763eda6
SJ		 3912 hci_dev_unlock(hdev);
3913}
3914
d5e91192
AE		 3915static void hci_phy_link_complete_evt(struct hci_dev *hdev,
3916 struct sk_buff *skb)
3917{
3918 struct hci_ev_phy_link_complete *ev = (void *) skb->data;
3919 struct hci_conn *hcon, *bredr_hcon;
3920
3921 BT_DBG("%s handle 0x%2.2x status 0x%2.2x", hdev->name, ev->phy_handle,
3922 ev->status);
3923
3924 hci_dev_lock(hdev);
3925
3926 hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
3927 if (!hcon) {
3928 hci_dev_unlock(hdev);
3929 return;
3930 }
3931
3932 if (ev->status) {
3933 hci_conn_del(hcon);
3934 hci_dev_unlock(hdev);
3935 return;
3936 }
3937
3938 bredr_hcon = hcon->amp_mgr->l2cap_conn->hcon;
3939
3940 hcon->state = BT_CONNECTED;
3941 bacpy(&hcon->dst, &bredr_hcon->dst);
3942
3943 hci_conn_hold(hcon);
3944 hcon->disc_timeout = HCI_DISCONN_TIMEOUT;
76a68ba0 3945 hci_conn_drop(hcon);
d5e91192 3946
d5e91192
AE		 3947 hci_conn_add_sysfs(hcon);
3948
cf70ff22 3949 amp_physical_cfm(bredr_hcon, hcon);
d5e91192 3950
cf70ff22 3951 hci_dev_unlock(hdev);
d5e91192
AE		 3952}
3953
27695fb4
AE		 3954static void hci_loglink_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
3955{
3956 struct hci_ev_logical_link_complete *ev = (void *) skb->data;
3957 struct hci_conn *hcon;
3958 struct hci_chan *hchan;
3959 struct amp_mgr *mgr;
3960
3961 BT_DBG("%s log_handle 0x%4.4x phy_handle 0x%2.2x status 0x%2.2x",
3962 hdev->name, le16_to_cpu(ev->handle), ev->phy_handle,
3963 ev->status);
3964
3965 hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
3966 if (!hcon)
3967 return;
3968
3969 /* Create AMP hchan */
3970 hchan = hci_chan_create(hcon);
3971 if (!hchan)
3972 return;
3973
3974 hchan->handle = le16_to_cpu(ev->handle);
3975
3976 BT_DBG("hcon %p mgr %p hchan %p", hcon, hcon->amp_mgr, hchan);
3977
3978 mgr = hcon->amp_mgr;
3979 if (mgr && mgr->bredr_chan) {
3980 struct l2cap_chan *bredr_chan = mgr->bredr_chan;
3981
3982 l2cap_chan_lock(bredr_chan);
3983
3984 bredr_chan->conn->mtu = hdev->block_mtu;
3985 l2cap_logical_cfm(bredr_chan, hchan, 0);
3986 hci_conn_hold(hcon);
3987
3988 l2cap_chan_unlock(bredr_chan);
3989 }
3990}
3991
606e2a10
AE		 3992static void hci_disconn_loglink_complete_evt(struct hci_dev *hdev,
3993 struct sk_buff *skb)
3994{
3995 struct hci_ev_disconn_logical_link_complete *ev = (void *) skb->data;
3996 struct hci_chan *hchan;
3997
3998 BT_DBG("%s log handle 0x%4.4x status 0x%2.2x", hdev->name,
3999 le16_to_cpu(ev->handle), ev->status);
4000
4001 if (ev->status)
4002 return;
4003
4004 hci_dev_lock(hdev);
4005
4006 hchan = hci_chan_lookup_handle(hdev, le16_to_cpu(ev->handle));
4007 if (!hchan)
4008 goto unlock;
4009
4010 amp_destroy_logical_link(hchan, ev->reason);
4011
4012unlock:
4013 hci_dev_unlock(hdev);
4014}
4015
9eef6b3a
AE		 4016static void hci_disconn_phylink_complete_evt(struct hci_dev *hdev,
4017 struct sk_buff *skb)
4018{
4019 struct hci_ev_disconn_phy_link_complete *ev = (void *) skb->data;
4020 struct hci_conn *hcon;
4021
4022 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
4023
4024 if (ev->status)
4025 return;
4026
4027 hci_dev_lock(hdev);
4028
4029 hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
4030 if (hcon) {
4031 hcon->state = BT_CLOSED;
4032 hci_conn_del(hcon);
4033 }
4034
4035 hci_dev_unlock(hdev);
4036}
4037
6039aa73 4038static void hci_le_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
fcd89c09
VT		 4039{
4040 struct hci_ev_le_conn_complete *ev = (void *) skb->data;
912b42ef 4041 struct hci_conn_params *params;
fcd89c09 4042 struct hci_conn *conn;
68d6f6de 4043 struct smp_irk *irk;
837d502e 4044 u8 addr_type;
fcd89c09 4045
9f1db00c 4046 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
fcd89c09
VT		 4047
4048 hci_dev_lock(hdev);
4049
b47a09b3 4050 conn = hci_conn_hash_lookup_state(hdev, LE_LINK, BT_CONNECT);
b62f328b
VT		 4051 if (!conn) {
4052 conn = hci_conn_add(hdev, LE_LINK, &ev->bdaddr);
4053 if (!conn) {
4054 BT_ERR("No memory for new connection");
230fd16a 4055 goto unlock;
b62f328b 4056 }
29b7988a
AG		 4057
4058 conn->dst_type = ev->bdaddr_type;
b9b343d2
AG		 4059
4060 if (ev->role == LE_CONN_ROLE_MASTER) {
4061 conn->out = true;
4dae2798 4062 set_bit(HCI_CONN_MASTER, &conn->flags);
b9b343d2 4063 }
cb1d68f7
JH		 4064
4065 /* If we didn't have a hci_conn object previously
4066 * but we're in master role this must be something
4067 * initiated using a white list. Since white list based
4068 * connections are not "first class citizens" we don't
4069 * have full tracking of them. Therefore, we go ahead
4070 * with a "best effort" approach of determining the
4071 * initiator address based on the HCI_PRIVACY flag.
4072 */
4073 if (conn->out) {
4074 conn->resp_addr_type = ev->bdaddr_type;
4075 bacpy(&conn->resp_addr, &ev->bdaddr);
4076 if (test_bit(HCI_PRIVACY, &hdev->dev_flags)) {
4077 conn->init_addr_type = ADDR_LE_DEV_RANDOM;
4078 bacpy(&conn->init_addr, &hdev->rpa);
4079 } else {
4080 hci_copy_identity_address(hdev,
4081 &conn->init_addr,
4082 &conn->init_addr_type);
4083 }
cb1d68f7 4084 }
9489eca4
JH		 4085 } else {
4086 cancel_delayed_work(&conn->le_conn_timeout);
b62f328b 4087 }
fcd89c09 4088
80c24ab8
JH		 4089 if (!conn->out) {
4090 /* Set the responder (our side) address type based on
4091 * the advertising address type.
4092 */
4093 conn->resp_addr_type = hdev->adv_addr_type;
4094 if (hdev->adv_addr_type == ADDR_LE_DEV_RANDOM)
4095 bacpy(&conn->resp_addr, &hdev->random_addr);
4096 else
4097 bacpy(&conn->resp_addr, &hdev->bdaddr);
4098
4099 conn->init_addr_type = ev->bdaddr_type;
4100 bacpy(&conn->init_addr, &ev->bdaddr);
a720d735
MH		 4101
4102 /* For incoming connections, set the default minimum
4103 * and maximum connection interval. They will be used
4104 * to check if the parameters are in range and if not
4105 * trigger the connection update procedure.
4106 */
4107 conn->le_conn_min_interval = hdev->le_conn_min_interval;
4108 conn->le_conn_max_interval = hdev->le_conn_max_interval;
80c24ab8 4109 }
7be2edbb 4110
edb4b466
MH		 4111 /* Lookup the identity address from the stored connection
4112 * address and address type.
4113 *
4114 * When establishing connections to an identity address, the
4115 * connection procedure will store the resolvable random
4116 * address first. Now if it can be converted back into the
4117 * identity address, start using the identity address from
4118 * now on.
4119 */
4120 irk = hci_get_irk(hdev, &conn->dst, conn->dst_type);
68d6f6de
JH		 4121 if (irk) {
4122 bacpy(&conn->dst, &irk->bdaddr);
4123 conn->dst_type = irk->addr_type;
4124 }
4125
837d502e
JH		 4126 if (conn->dst_type == ADDR_LE_DEV_PUBLIC)
4127 addr_type = BDADDR_LE_PUBLIC;
4128 else
4129 addr_type = BDADDR_LE_RANDOM;
4130
4131 /* Drop the connection if he device is blocked */
4132 if (hci_blacklist_lookup(hdev, &conn->dst, addr_type)) {
4133 hci_conn_drop(conn);
4134 goto unlock;
4135 }
4136
cd17decb 4137 if (ev->status) {
06c053fb 4138 hci_le_conn_failed(conn, ev->status);
cd17decb
AG		 4139 goto unlock;
4140 }
4141
b644ba33 4142 if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
01fdb0fc 4143 mgmt_device_connected(hdev, &conn->dst, conn->type,
04124681 4144 conn->dst_type, 0, NULL, 0, NULL);
83bc71b4 4145
7b5c0d52 4146 conn->sec_level = BT_SECURITY_LOW;
fcd89c09
VT		 4147 conn->handle = __le16_to_cpu(ev->handle);
4148 conn->state = BT_CONNECTED;
4149
e04fde60
MH		 4150 conn->le_conn_interval = le16_to_cpu(ev->interval);
4151 conn->le_conn_latency = le16_to_cpu(ev->latency);
4152 conn->le_supv_timeout = le16_to_cpu(ev->supervision_timeout);
4153
fcd89c09
VT		 4154 hci_conn_add_sysfs(conn);
4155
4156 hci_proto_connect_cfm(conn, ev->status);
4157
912b42ef 4158 params = hci_conn_params_lookup(hdev, &conn->dst, conn->dst_type);
95305baa
JH		 4159 if (params) {
4160 list_del_init(&params->action);
4161 hci_update_background_scan(hdev);
4162 }
a4790dbd 4163
fcd89c09
VT		 4164unlock:
4165 hci_dev_unlock(hdev);
4166}
4167
1855d92d
MH		 4168static void hci_le_conn_update_complete_evt(struct hci_dev *hdev,
4169 struct sk_buff *skb)
4170{
4171 struct hci_ev_le_conn_update_complete *ev = (void *) skb->data;
4172 struct hci_conn *conn;
4173
4174 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
4175
4176 if (ev->status)
4177 return;
4178
4179 hci_dev_lock(hdev);
4180
4181 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
4182 if (conn) {
4183 conn->le_conn_interval = le16_to_cpu(ev->interval);
4184 conn->le_conn_latency = le16_to_cpu(ev->latency);
4185 conn->le_supv_timeout = le16_to_cpu(ev->supervision_timeout);
4186 }
4187
4188 hci_dev_unlock(hdev);
4189}
4190
a4790dbd 4191/* This function requires the caller holds hdev->lock */
bb5ce4d0 4192static bool check_pending_le_conn(struct hci_dev *hdev, bdaddr_t *addr,
a4790dbd
AG		 4193 u8 addr_type)
4194{
4195 struct hci_conn *conn;
4196
501f8827 4197 if (!hci_pend_le_action_lookup(&hdev->pend_le_conns, addr, addr_type))
bb5ce4d0 4198 return false;
a4790dbd
AG		 4199
4200 conn = hci_connect_le(hdev, addr, addr_type, BT_SECURITY_LOW,
4201 HCI_AT_NO_BONDING);
4202 if (!IS_ERR(conn))
bb5ce4d0 4203 return true;
a4790dbd
AG		 4204
4205 switch (PTR_ERR(conn)) {
4206 case -EBUSY:
4207 /* If hci_connect() returns -EBUSY it means there is already
4208 * an LE connection attempt going on. Since controllers don't
4209 * support more than one connection attempt at the time, we
4210 * don't consider this an error case.
4211 */
4212 break;
4213 default:
4214 BT_DBG("Failed to connect: err %ld", PTR_ERR(conn));
4215 }
bb5ce4d0
JH		 4216
4217 return true;
a4790dbd
AG		 4218}
4219
4af605d8
JH		 4220static void process_adv_report(struct hci_dev *hdev, u8 type, bdaddr_t *bdaddr,
4221 u8 bdaddr_type, s8 rssi, u8 *data, u8 len)
4222{
b9a6328f 4223 struct discovery_state *d = &hdev->discovery;
474ee066 4224 bool match;
c70a7e4c 4225 u32 flags;
b9a6328f 4226
0d2bf134
JH		 4227 /* Passive scanning shouldn't trigger any device found events,
4228 * except for devices marked as CONN_REPORT for which we do send
4229 * device found events.
4230 */
ca5c4be7 4231 if (hdev->le_scan_type == LE_SCAN_PASSIVE) {
0d2bf134 4232 struct hci_conn_params *param;
079446c8 4233 struct smp_irk *irk;
0d2bf134 4234
435a13d8
JH		 4235 /* Check if we need to convert to identity address */
4236 irk = hci_get_irk(hdev, bdaddr, bdaddr_type);
4237 if (irk) {
4238 bdaddr = &irk->bdaddr;
4239 bdaddr_type = irk->addr_type;
4240 }
4241
99a6768e
JH		 4242 /* Ignore if the device is blocked */
4243 if (hci_blacklist_lookup(hdev, bdaddr, bdaddr_type))
4244 return;
4245
bb5ce4d0
JH		 4246 if (type == LE_ADV_IND || type == LE_ADV_DIRECT_IND) {
4247 if (check_pending_le_conn(hdev, bdaddr, bdaddr_type))
4248 return;
4249 }
0d2bf134 4250
0d2bf134
JH		 4251 if (type == LE_ADV_DIRECT_IND)
4252 return;
4253
a7545f2a
JH		 4254 param = hci_pend_le_action_lookup(&hdev->pend_le_reports,
4255 bdaddr, bdaddr_type);
4256 if (!param)
0d2bf134
JH		 4257 return;
4258
4259 if (type == LE_ADV_NONCONN_IND || type == LE_ADV_SCAN_IND)
4260 flags = MGMT_DEV_FOUND_NOT_CONNECTABLE;
4261 else
4262 flags = 0;
4263 mgmt_device_found(hdev, bdaddr, LE_LINK, bdaddr_type, NULL,
4264 rssi, flags, data, len, NULL, 0);
97bf2e99 4265 return;
ca5c4be7 4266 }
4af605d8 4267
c70a7e4c
MH		 4268 /* When receiving non-connectable or scannable undirected
4269 * advertising reports, this means that the remote device is
4270 * not connectable and then clearly indicate this in the
4271 * device found event.
4272 *
4273 * When receiving a scan response, then there is no way to
4274 * know if the remote device is connectable or not. However
4275 * since scan responses are merged with a previously seen
4276 * advertising report, the flags field from that report
4277 * will be used.
4278 *
4279 * In the really unlikely case that a controller get confused
4280 * and just sends a scan response event, then it is marked as
4281 * not connectable as well.
4282 */
4283 if (type == LE_ADV_NONCONN_IND || type == LE_ADV_SCAN_IND ||
4284 type == LE_ADV_SCAN_RSP)
4285 flags = MGMT_DEV_FOUND_NOT_CONNECTABLE;
4286 else
4287 flags = 0;
4288
b9a6328f
JH		 4289 /* If there's nothing pending either store the data from this
4290 * event or send an immediate device found event if the data
4291 * should not be stored for later.
4292 */
4293 if (!has_pending_adv_report(hdev)) {
4294 /* If the report will trigger a SCAN_REQ store it for
4295 * later merging.
4296 */
4297 if (type == LE_ADV_IND || type == LE_ADV_SCAN_IND) {
4298 store_pending_adv_report(hdev, bdaddr, bdaddr_type,
c70a7e4c 4299 rssi, flags, data, len);
b9a6328f
JH		 4300 return;
4301 }
4302
4303 mgmt_device_found(hdev, bdaddr, LE_LINK, bdaddr_type, NULL,
c70a7e4c 4304 rssi, flags, data, len, NULL, 0);
b9a6328f
JH		 4305 return;
4306 }
4307
474ee066
JH		 4308 /* Check if the pending report is for the same device as the new one */
4309 match = (!bacmp(bdaddr, &d->last_adv_addr) &&
4310 bdaddr_type == d->last_adv_addr_type);
4311
b9a6328f
JH		 4312 /* If the pending data doesn't match this report or this isn't a
4313 * scan response (e.g. we got a duplicate ADV_IND) then force
4314 * sending of the pending data.
4315 */
474ee066
JH		 4316 if (type != LE_ADV_SCAN_RSP || !match) {
4317 /* Send out whatever is in the cache, but skip duplicates */
4318 if (!match)
4319 mgmt_device_found(hdev, &d->last_adv_addr, LE_LINK,
ff5cd29f 4320 d->last_adv_addr_type, NULL,
c70a7e4c 4321 d->last_adv_rssi, d->last_adv_flags,
ff5cd29f 4322 d->last_adv_data,
474ee066 4323 d->last_adv_data_len, NULL, 0);
b9a6328f
JH		 4324
4325 /* If the new report will trigger a SCAN_REQ store it for
4326 * later merging.
4327 */
4328 if (type == LE_ADV_IND || type == LE_ADV_SCAN_IND) {
4329 store_pending_adv_report(hdev, bdaddr, bdaddr_type,
c70a7e4c 4330 rssi, flags, data, len);
b9a6328f
JH		 4331 return;
4332 }
4333
4334 /* The advertising reports cannot be merged, so clear
4335 * the pending report and send out a device found event.
4336 */
4337 clear_pending_adv_report(hdev);
5c5b93e4 4338 mgmt_device_found(hdev, bdaddr, LE_LINK, bdaddr_type, NULL,
c70a7e4c 4339 rssi, flags, data, len, NULL, 0);
b9a6328f
JH		 4340 return;
4341 }
4342
4343 /* If we get here we've got a pending ADV_IND or ADV_SCAN_IND and
4344 * the new event is a SCAN_RSP. We can therefore proceed with
4345 * sending a merged device found event.
4346 */
4347 mgmt_device_found(hdev, &d->last_adv_addr, LE_LINK,
c70a7e4c 4348 d->last_adv_addr_type, NULL, rssi, d->last_adv_flags,
42bd6a56 4349 d->last_adv_data, d->last_adv_data_len, data, len);
b9a6328f 4350 clear_pending_adv_report(hdev);
4af605d8
JH		 4351}
4352
6039aa73 4353static void hci_le_adv_report_evt(struct hci_dev *hdev, struct sk_buff *skb)
9aa04c91 4354{
e95beb41
AG		 4355 u8 num_reports = skb->data[0];
4356 void *ptr = &skb->data[1];
9aa04c91 4357
a4790dbd
AG		 4358 hci_dev_lock(hdev);
4359
e95beb41
AG		 4360 while (num_reports--) {
4361 struct hci_ev_le_advertising_info *ev = ptr;
4af605d8 4362 s8 rssi;
a4790dbd 4363
3c9e9195 4364 rssi = ev->data[ev->length];
4af605d8
JH		 4365 process_adv_report(hdev, ev->evt_type, &ev->bdaddr,
4366 ev->bdaddr_type, rssi, ev->data, ev->length);
3c9e9195 4367
e95beb41 4368 ptr += sizeof(*ev) + ev->length + 1;
9aa04c91 4369 }
a4790dbd
AG		 4370
4371 hci_dev_unlock(hdev);
9aa04c91
AG		 4372}
4373
6039aa73 4374static void hci_le_ltk_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
a7a595f6
VCG		 4375{
4376 struct hci_ev_le_ltk_req *ev = (void *) skb->data;
4377 struct hci_cp_le_ltk_reply cp;
bea710fe 4378 struct hci_cp_le_ltk_neg_reply neg;
a7a595f6 4379 struct hci_conn *conn;
c9839a11 4380 struct smp_ltk *ltk;
a7a595f6 4381
9f1db00c 4382 BT_DBG("%s handle 0x%4.4x", hdev->name, __le16_to_cpu(ev->handle));
a7a595f6
VCG		 4383
4384 hci_dev_lock(hdev);
4385
4386 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
bea710fe
VCG		 4387 if (conn == NULL)
4388 goto not_found;
a7a595f6 4389
fe39c7b2 4390 ltk = hci_find_ltk(hdev, ev->ediv, ev->rand, conn->out);
bea710fe
VCG		 4391 if (ltk == NULL)
4392 goto not_found;
4393
4394 memcpy(cp.ltk, ltk->val, sizeof(ltk->val));
a7a595f6 4395 cp.handle = cpu_to_le16(conn->handle);
c9839a11
VCG		 4396
4397 if (ltk->authenticated)
f8776218
AG		 4398 conn->pending_sec_level = BT_SECURITY_HIGH;
4399 else
4400 conn->pending_sec_level = BT_SECURITY_MEDIUM;
a7a595f6 4401
89cbb4da 4402 conn->enc_key_size = ltk->enc_size;
a7a595f6
VCG		 4403
4404 hci_send_cmd(hdev, HCI_OP_LE_LTK_REPLY, sizeof(cp), &cp);
4405
5981a882
CT		 4406 /* Ref. Bluetooth Core SPEC pages 1975 and 2004. STK is a
4407 * temporary key used to encrypt a connection following
4408 * pairing. It is used during the Encrypted Session Setup to
4409 * distribute the keys. Later, security can be re-established
4410 * using a distributed LTK.
4411 */
2ceba539 4412 if (ltk->type == SMP_STK) {
fe59a05f 4413 set_bit(HCI_CONN_STK_ENCRYPT, &conn->flags);
c9839a11
VCG		 4414 list_del(&ltk->list);
4415 kfree(ltk);
fe59a05f
JH		 4416 } else {
4417 clear_bit(HCI_CONN_STK_ENCRYPT, &conn->flags);
c9839a11
VCG		 4418 }
4419
a7a595f6 4420 hci_dev_unlock(hdev);
bea710fe
VCG		 4421
4422 return;
4423
4424not_found:
4425 neg.handle = ev->handle;
4426 hci_send_cmd(hdev, HCI_OP_LE_LTK_NEG_REPLY, sizeof(neg), &neg);
4427 hci_dev_unlock(hdev);
a7a595f6
VCG		 4428}
4429
8e75b46a
AG		 4430static void send_conn_param_neg_reply(struct hci_dev *hdev, u16 handle,
4431 u8 reason)
4432{
4433 struct hci_cp_le_conn_param_req_neg_reply cp;
4434
4435 cp.handle = cpu_to_le16(handle);
4436 cp.reason = reason;
4437
4438 hci_send_cmd(hdev, HCI_OP_LE_CONN_PARAM_REQ_NEG_REPLY, sizeof(cp),
4439 &cp);
4440}
4441
4442static void hci_le_remote_conn_param_req_evt(struct hci_dev *hdev,
4443 struct sk_buff *skb)
4444{
4445 struct hci_ev_le_remote_conn_param_req *ev = (void *) skb->data;
4446 struct hci_cp_le_conn_param_req_reply cp;
4447 struct hci_conn *hcon;
4448 u16 handle, min, max, latency, timeout;
4449
4450 handle = le16_to_cpu(ev->handle);
4451 min = le16_to_cpu(ev->interval_min);
4452 max = le16_to_cpu(ev->interval_max);
4453 latency = le16_to_cpu(ev->latency);
4454 timeout = le16_to_cpu(ev->timeout);
4455
4456 hcon = hci_conn_hash_lookup_handle(hdev, handle);
4457 if (!hcon || hcon->state != BT_CONNECTED)
4458 return send_conn_param_neg_reply(hdev, handle,
4459 HCI_ERROR_UNKNOWN_CONN_ID);
4460
4461 if (hci_check_conn_params(min, max, latency, timeout))
4462 return send_conn_param_neg_reply(hdev, handle,
4463 HCI_ERROR_INVALID_LL_PARAMS);
4464
348d50b8
JH		 4465 if (test_bit(HCI_CONN_MASTER, &hcon->flags)) {
4466 struct hci_conn_params *params;
f4869e2a 4467 u8 store_hint;
348d50b8
JH		 4468
4469 hci_dev_lock(hdev);
4470
4471 params = hci_conn_params_lookup(hdev, &hcon->dst,
4472 hcon->dst_type);
4473 if (params) {
4474 params->conn_min_interval = min;
4475 params->conn_max_interval = max;
4476 params->conn_latency = latency;
4477 params->supervision_timeout = timeout;
f4869e2a
JH		 4478 store_hint = 0x01;
4479 } else{
4480 store_hint = 0x00;
348d50b8
JH		 4481 }
4482
4483 hci_dev_unlock(hdev);
4484
f4869e2a
JH		 4485 mgmt_new_conn_param(hdev, &hcon->dst, hcon->dst_type,
4486 store_hint, min, max, latency, timeout);
348d50b8 4487 }
ffb5a827 4488
8e75b46a
AG		 4489 cp.handle = ev->handle;
4490 cp.interval_min = ev->interval_min;
4491 cp.interval_max = ev->interval_max;
4492 cp.latency = ev->latency;
4493 cp.timeout = ev->timeout;
4494 cp.min_ce_len = 0;
4495 cp.max_ce_len = 0;
4496
4497 hci_send_cmd(hdev, HCI_OP_LE_CONN_PARAM_REQ_REPLY, sizeof(cp), &cp);
4498}
4499
6039aa73 4500static void hci_le_meta_evt(struct hci_dev *hdev, struct sk_buff *skb)
fcd89c09
VT		 4501{
4502 struct hci_ev_le_meta *le_ev = (void *) skb->data;
4503
4504 skb_pull(skb, sizeof(*le_ev));
4505
4506 switch (le_ev->subevent) {
4507 case HCI_EV_LE_CONN_COMPLETE:
4508 hci_le_conn_complete_evt(hdev, skb);
4509 break;
4510
1855d92d
MH		 4511 case HCI_EV_LE_CONN_UPDATE_COMPLETE:
4512 hci_le_conn_update_complete_evt(hdev, skb);
4513 break;
4514
9aa04c91
AG		 4515 case HCI_EV_LE_ADVERTISING_REPORT:
4516 hci_le_adv_report_evt(hdev, skb);
4517 break;
4518
a7a595f6
VCG		 4519 case HCI_EV_LE_LTK_REQ:
4520 hci_le_ltk_request_evt(hdev, skb);
4521 break;
4522
8e75b46a
AG		 4523 case HCI_EV_LE_REMOTE_CONN_PARAM_REQ:
4524 hci_le_remote_conn_param_req_evt(hdev, skb);
4525 break;
4526
fcd89c09
VT		 4527 default:
4528 break;
4529 }
4530}
4531
9495b2ee
AE		 4532static void hci_chan_selected_evt(struct hci_dev *hdev, struct sk_buff *skb)
4533{
4534 struct hci_ev_channel_selected *ev = (void *) skb->data;
4535 struct hci_conn *hcon;
4536
4537 BT_DBG("%s handle 0x%2.2x", hdev->name, ev->phy_handle);
4538
4539 skb_pull(skb, sizeof(*ev));
4540
4541 hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
4542 if (!hcon)
4543 return;
4544
4545 amp_read_loc_assoc_final_data(hdev, hcon);
4546}
4547
a9de9248
MH		 4548void hci_event_packet(struct hci_dev *hdev, struct sk_buff *skb)
4549{
4550 struct hci_event_hdr *hdr = (void *) skb->data;
4551 __u8 event = hdr->evt;
4552
b6ddb638
JH		 4553 hci_dev_lock(hdev);
4554
4555 /* Received events are (currently) only needed when a request is
4556 * ongoing so avoid unnecessary memory allocation.
4557 */
4558 if (hdev->req_status == HCI_REQ_PEND) {
4559 kfree_skb(hdev->recv_evt);
4560 hdev->recv_evt = skb_clone(skb, GFP_KERNEL);
4561 }
4562
4563 hci_dev_unlock(hdev);
4564
a9de9248
MH		 4565 skb_pull(skb, HCI_EVENT_HDR_SIZE);
4566
02350a72 4567 if (hdev->sent_cmd && bt_cb(hdev->sent_cmd)->req.event == event) {
c1f23a2b
JB		 4568 struct hci_command_hdr *cmd_hdr = (void *) hdev->sent_cmd->data;
4569 u16 opcode = __le16_to_cpu(cmd_hdr->opcode);
02350a72
JH		 4570
4571 hci_req_cmd_complete(hdev, opcode, 0);
4572 }
4573
a9de9248 4574 switch (event) {
1da177e4
LT		 4575 case HCI_EV_INQUIRY_COMPLETE:
4576 hci_inquiry_complete_evt(hdev, skb);
4577 break;
4578
4579 case HCI_EV_INQUIRY_RESULT:
4580 hci_inquiry_result_evt(hdev, skb);
4581 break;
4582
a9de9248
MH		 4583 case HCI_EV_CONN_COMPLETE:
4584 hci_conn_complete_evt(hdev, skb);
21d9e30e
MH		 4585 break;
4586
1da177e4
LT		 4587 case HCI_EV_CONN_REQUEST:
4588 hci_conn_request_evt(hdev, skb);
4589 break;
4590
1da177e4
LT		 4591 case HCI_EV_DISCONN_COMPLETE:
4592 hci_disconn_complete_evt(hdev, skb);
4593 break;
4594
1da177e4
LT		 4595 case HCI_EV_AUTH_COMPLETE:
4596 hci_auth_complete_evt(hdev, skb);
4597 break;
4598
a9de9248
MH		 4599 case HCI_EV_REMOTE_NAME:
4600 hci_remote_name_evt(hdev, skb);
4601 break;
4602
1da177e4
LT		 4603 case HCI_EV_ENCRYPT_CHANGE:
4604 hci_encrypt_change_evt(hdev, skb);
4605 break;
4606
a9de9248
MH		 4607 case HCI_EV_CHANGE_LINK_KEY_COMPLETE:
4608 hci_change_link_key_complete_evt(hdev, skb);
4609 break;
4610
4611 case HCI_EV_REMOTE_FEATURES:
4612 hci_remote_features_evt(hdev, skb);
4613 break;
4614
a9de9248
MH		 4615 case HCI_EV_CMD_COMPLETE:
4616 hci_cmd_complete_evt(hdev, skb);
4617 break;
4618
4619 case HCI_EV_CMD_STATUS:
4620 hci_cmd_status_evt(hdev, skb);
4621 break;
4622
4623 case HCI_EV_ROLE_CHANGE:
4624 hci_role_change_evt(hdev, skb);
4625 break;
4626
4627 case HCI_EV_NUM_COMP_PKTS:
4628 hci_num_comp_pkts_evt(hdev, skb);
4629 break;
4630
4631 case HCI_EV_MODE_CHANGE:
4632 hci_mode_change_evt(hdev, skb);
1da177e4
LT		 4633 break;
4634
4635 case HCI_EV_PIN_CODE_REQ:
4636 hci_pin_code_request_evt(hdev, skb);
4637 break;
4638
4639 case HCI_EV_LINK_KEY_REQ:
4640 hci_link_key_request_evt(hdev, skb);
4641 break;
4642
4643 case HCI_EV_LINK_KEY_NOTIFY:
4644 hci_link_key_notify_evt(hdev, skb);
4645 break;
4646
4647 case HCI_EV_CLOCK_OFFSET:
4648 hci_clock_offset_evt(hdev, skb);
4649 break;
4650
a8746417
MH		 4651 case HCI_EV_PKT_TYPE_CHANGE:
4652 hci_pkt_type_change_evt(hdev, skb);
4653 break;
4654
85a1e930
MH		 4655 case HCI_EV_PSCAN_REP_MODE:
4656 hci_pscan_rep_mode_evt(hdev, skb);
4657 break;
4658
a9de9248
MH		 4659 case HCI_EV_INQUIRY_RESULT_WITH_RSSI:
4660 hci_inquiry_result_with_rssi_evt(hdev, skb);
04837f64
MH		 4661 break;
4662
a9de9248
MH		 4663 case HCI_EV_REMOTE_EXT_FEATURES:
4664 hci_remote_ext_features_evt(hdev, skb);
1da177e4
LT		 4665 break;
4666
a9de9248
MH		 4667 case HCI_EV_SYNC_CONN_COMPLETE:
4668 hci_sync_conn_complete_evt(hdev, skb);
4669 break;
1da177e4 4670
a9de9248
MH		 4671 case HCI_EV_EXTENDED_INQUIRY_RESULT:
4672 hci_extended_inquiry_result_evt(hdev, skb);
4673 break;
1da177e4 4674
1c2e0041
JH		 4675 case HCI_EV_KEY_REFRESH_COMPLETE:
4676 hci_key_refresh_complete_evt(hdev, skb);
4677 break;
4678
0493684e
MH		 4679 case HCI_EV_IO_CAPA_REQUEST:
4680 hci_io_capa_request_evt(hdev, skb);
4681 break;
4682
03b555e1
JH		 4683 case HCI_EV_IO_CAPA_REPLY:
4684 hci_io_capa_reply_evt(hdev, skb);
4685 break;
4686
a5c29683
JH		 4687 case HCI_EV_USER_CONFIRM_REQUEST:
4688 hci_user_confirm_request_evt(hdev, skb);
4689 break;
4690
1143d458
BG		 4691 case HCI_EV_USER_PASSKEY_REQUEST:
4692 hci_user_passkey_request_evt(hdev, skb);
4693 break;
4694
92a25256
JH		 4695 case HCI_EV_USER_PASSKEY_NOTIFY:
4696 hci_user_passkey_notify_evt(hdev, skb);
4697 break;
4698
4699 case HCI_EV_KEYPRESS_NOTIFY:
4700 hci_keypress_notify_evt(hdev, skb);
4701 break;
4702
0493684e
MH		 4703 case HCI_EV_SIMPLE_PAIR_COMPLETE:
4704 hci_simple_pair_complete_evt(hdev, skb);
4705 break;
4706
41a96212
MH		 4707 case HCI_EV_REMOTE_HOST_FEATURES:
4708 hci_remote_host_features_evt(hdev, skb);
4709 break;
4710
fcd89c09
VT		 4711 case HCI_EV_LE_META:
4712 hci_le_meta_evt(hdev, skb);
4713 break;
4714
9495b2ee
AE		 4715 case HCI_EV_CHANNEL_SELECTED:
4716 hci_chan_selected_evt(hdev, skb);
4717 break;
4718
2763eda6
SJ		 4719 case HCI_EV_REMOTE_OOB_DATA_REQUEST:
4720 hci_remote_oob_data_request_evt(hdev, skb);
4721 break;
4722
d5e91192
AE		 4723 case HCI_EV_PHY_LINK_COMPLETE:
4724 hci_phy_link_complete_evt(hdev, skb);
4725 break;
4726
27695fb4
AE		 4727 case HCI_EV_LOGICAL_LINK_COMPLETE:
4728 hci_loglink_complete_evt(hdev, skb);
4729 break;
4730
606e2a10
AE		 4731 case HCI_EV_DISCONN_LOGICAL_LINK_COMPLETE:
4732 hci_disconn_loglink_complete_evt(hdev, skb);
4733 break;
4734
9eef6b3a
AE		 4735 case HCI_EV_DISCONN_PHY_LINK_COMPLETE:
4736 hci_disconn_phylink_complete_evt(hdev, skb);
4737 break;
4738
25e89e99
AE		 4739 case HCI_EV_NUM_COMP_BLOCKS:
4740 hci_num_comp_blocks_evt(hdev, skb);
4741 break;
4742
a9de9248 4743 default:
9f1db00c 4744 BT_DBG("%s event 0x%2.2x", hdev->name, event);
1da177e4
LT		 4745 break;
4746 }
4747
4748 kfree_skb(skb);
4749 hdev->stat.evt_rx++;
4750}
Linux kernel - Deliverables
This page took 1.011897 seconds and 5 git commands to generate.