projects / deliverable / linux.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Bluetooth: Fix setting correct authentication information for SMP STK
[deliverable/linux.git] / net / bluetooth / hci_event.c
CommitLineData
8e87d142 1/*
1da177e4 2 BlueZ - Bluetooth protocol stack for Linux
2d0a0346 3 Copyright (c) 2000-2001, 2010, Code Aurora Forum. All rights reserved.
1da177e4
LT		 4
5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
8e87d142
YH		 15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
1da177e4
LT		 18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
8e87d142
YH		 20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
1da177e4
LT		 22 SOFTWARE IS DISCLAIMED.
23*/
24
25/* Bluetooth HCI event handling. */
26
1da177e4
LT		 27#include <asm/unaligned.h>
28
29#include <net/bluetooth/bluetooth.h>
30#include <net/bluetooth/hci_core.h>
f0d6a0ea 31#include <net/bluetooth/mgmt.h>
7ef9fbf0 32
7024728e 33#include "a2mp.h"
7ef9fbf0 34#include "amp.h"
1da177e4 35
1da177e4
LT		 36/* Handle HCI Event packets */
37
a9de9248 38static void hci_cc_inquiry_cancel(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 39{
a9de9248 40 __u8 status = *((__u8 *) skb->data);
1da177e4 41
9f1db00c 42 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1da177e4 43
82f4785c 44 if (status)
a9de9248 45 return;
1da177e4 46
89352e7d 47 clear_bit(HCI_INQUIRY, &hdev->flags);
4e857c58 48 smp_mb__after_atomic(); /* wake_up_bit advises about this barrier */
3e13fa1e 49 wake_up_bit(&hdev->flags, HCI_INQUIRY);
89352e7d 50
a9de9248
MH		 51 hci_conn_check_pending(hdev);
52}
6bd57416 53
4d93483b
AG		 54static void hci_cc_periodic_inq(struct hci_dev *hdev, struct sk_buff *skb)
55{
56 __u8 status = *((__u8 *) skb->data);
57
9f1db00c 58 BT_DBG("%s status 0x%2.2x", hdev->name, status);
ae854a70
AG		 59
60 if (status)
61 return;
62
63 set_bit(HCI_PERIODIC_INQ, &hdev->dev_flags);
4d93483b
AG		 64}
65
a9de9248
MH		 66static void hci_cc_exit_periodic_inq(struct hci_dev *hdev, struct sk_buff *skb)
67{
68 __u8 status = *((__u8 *) skb->data);
6bd57416 69
9f1db00c 70 BT_DBG("%s status 0x%2.2x", hdev->name, status);
6bd57416 71
a9de9248
MH		 72 if (status)
73 return;
1da177e4 74
ae854a70
AG		 75 clear_bit(HCI_PERIODIC_INQ, &hdev->dev_flags);
76
a9de9248
MH		 77 hci_conn_check_pending(hdev);
78}
79
807deac2
GP		 80static void hci_cc_remote_name_req_cancel(struct hci_dev *hdev,
81 struct sk_buff *skb)
a9de9248
MH		 82{
83 BT_DBG("%s", hdev->name);
84}
85
86static void hci_cc_role_discovery(struct hci_dev *hdev, struct sk_buff *skb)
87{
88 struct hci_rp_role_discovery *rp = (void *) skb->data;
89 struct hci_conn *conn;
90
9f1db00c 91 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
a9de9248
MH		 92
93 if (rp->status)
94 return;
95
96 hci_dev_lock(hdev);
97
98 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
99 if (conn) {
100 if (rp->role)
101 conn->link_mode &= ~HCI_LM_MASTER;
102 else
103 conn->link_mode |= HCI_LM_MASTER;
1da177e4 104 }
a9de9248
MH		 105
106 hci_dev_unlock(hdev);
1da177e4
LT		 107}
108
e4e8e37c
MH		 109static void hci_cc_read_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
110{
111 struct hci_rp_read_link_policy *rp = (void *) skb->data;
112 struct hci_conn *conn;
113
9f1db00c 114 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
e4e8e37c
MH		 115
116 if (rp->status)
117 return;
118
119 hci_dev_lock(hdev);
120
121 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
122 if (conn)
123 conn->link_policy = __le16_to_cpu(rp->policy);
124
125 hci_dev_unlock(hdev);
126}
127
a9de9248 128static void hci_cc_write_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 129{
a9de9248 130 struct hci_rp_write_link_policy *rp = (void *) skb->data;
1da177e4 131 struct hci_conn *conn;
04837f64 132 void *sent;
1da177e4 133
9f1db00c 134 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1da177e4 135
a9de9248
MH		 136 if (rp->status)
137 return;
1da177e4 138
a9de9248
MH		 139 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LINK_POLICY);
140 if (!sent)
141 return;
1da177e4 142
a9de9248 143 hci_dev_lock(hdev);
1da177e4 144
a9de9248 145 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
e4e8e37c 146 if (conn)
83985319 147 conn->link_policy = get_unaligned_le16(sent + 2);
1da177e4 148
a9de9248
MH		 149 hci_dev_unlock(hdev);
150}
1da177e4 151
807deac2
GP		 152static void hci_cc_read_def_link_policy(struct hci_dev *hdev,
153 struct sk_buff *skb)
e4e8e37c
MH		 154{
155 struct hci_rp_read_def_link_policy *rp = (void *) skb->data;
156
9f1db00c 157 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
e4e8e37c
MH		 158
159 if (rp->status)
160 return;
161
162 hdev->link_policy = __le16_to_cpu(rp->policy);
163}
164
807deac2
GP		 165static void hci_cc_write_def_link_policy(struct hci_dev *hdev,
166 struct sk_buff *skb)
e4e8e37c
MH		 167{
168 __u8 status = *((__u8 *) skb->data);
169 void *sent;
170
9f1db00c 171 BT_DBG("%s status 0x%2.2x", hdev->name, status);
e4e8e37c
MH		 172
173 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_DEF_LINK_POLICY);
174 if (!sent)
175 return;
176
177 if (!status)
178 hdev->link_policy = get_unaligned_le16(sent);
e4e8e37c
MH		 179}
180
a9de9248
MH		 181static void hci_cc_reset(struct hci_dev *hdev, struct sk_buff *skb)
182{
183 __u8 status = *((__u8 *) skb->data);
04837f64 184
9f1db00c 185 BT_DBG("%s status 0x%2.2x", hdev->name, status);
04837f64 186
10572132
GP		 187 clear_bit(HCI_RESET, &hdev->flags);
188
a297e97c 189 /* Reset all non-persistent flags */
2cc6fb00 190 hdev->dev_flags &= ~HCI_PERSISTENT_MASK;
69775ff6
AG		 191
192 hdev->discovery.state = DISCOVERY_STOPPED;
bbaf444a
JH		 193 hdev->inq_tx_power = HCI_TX_POWER_INVALID;
194 hdev->adv_tx_power = HCI_TX_POWER_INVALID;
3f0f524b
JH		 195
196 memset(hdev->adv_data, 0, sizeof(hdev->adv_data));
197 hdev->adv_data_len = 0;
f8e808bd
MH		 198
199 memset(hdev->scan_rsp_data, 0, sizeof(hdev->scan_rsp_data));
200 hdev->scan_rsp_data_len = 0;
06f5b778 201
533553f8
MH		 202 hdev->le_scan_type = LE_SCAN_PASSIVE;
203
06f5b778 204 hdev->ssp_debug_mode = 0;
a9de9248 205}
04837f64 206
a9de9248
MH		 207static void hci_cc_write_local_name(struct hci_dev *hdev, struct sk_buff *skb)
208{
209 __u8 status = *((__u8 *) skb->data);
210 void *sent;
04837f64 211
9f1db00c 212 BT_DBG("%s status 0x%2.2x", hdev->name, status);
04837f64 213
a9de9248
MH		 214 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LOCAL_NAME);
215 if (!sent)
216 return;
04837f64 217
56e5cb86
JH		 218 hci_dev_lock(hdev);
219
f51d5b24
JH		 220 if (test_bit(HCI_MGMT, &hdev->dev_flags))
221 mgmt_set_local_name_complete(hdev, sent, status);
28cc7bde
JH		 222 else if (!status)
223 memcpy(hdev->dev_name, sent, HCI_MAX_NAME_LENGTH);
f51d5b24 224
56e5cb86 225 hci_dev_unlock(hdev);
a9de9248
MH		 226}
227
228static void hci_cc_read_local_name(struct hci_dev *hdev, struct sk_buff *skb)
229{
230 struct hci_rp_read_local_name *rp = (void *) skb->data;
231
9f1db00c 232 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
a9de9248
MH		 233
234 if (rp->status)
235 return;
236
db99b5fc
JH		 237 if (test_bit(HCI_SETUP, &hdev->dev_flags))
238 memcpy(hdev->dev_name, rp->name, HCI_MAX_NAME_LENGTH);
a9de9248
MH		 239}
240
241static void hci_cc_write_auth_enable(struct hci_dev *hdev, struct sk_buff *skb)
242{
243 __u8 status = *((__u8 *) skb->data);
244 void *sent;
245
9f1db00c 246 BT_DBG("%s status 0x%2.2x", hdev->name, status);
a9de9248
MH		 247
248 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_AUTH_ENABLE);
249 if (!sent)
250 return;
251
252 if (!status) {
253 __u8 param = *((__u8 *) sent);
254
255 if (param == AUTH_ENABLED)
256 set_bit(HCI_AUTH, &hdev->flags);
257 else
258 clear_bit(HCI_AUTH, &hdev->flags);
1da177e4 259 }
a9de9248 260
33ef95ed
JH		 261 if (test_bit(HCI_MGMT, &hdev->dev_flags))
262 mgmt_auth_enable_complete(hdev, status);
1da177e4
LT		 263}
264
a9de9248 265static void hci_cc_write_encrypt_mode(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 266{
a9de9248 267 __u8 status = *((__u8 *) skb->data);
1da177e4
LT		 268 void *sent;
269
9f1db00c 270 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1da177e4 271
a9de9248
MH		 272 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_ENCRYPT_MODE);
273 if (!sent)
274 return;
1da177e4 275
a9de9248
MH		 276 if (!status) {
277 __u8 param = *((__u8 *) sent);
278
279 if (param)
280 set_bit(HCI_ENCRYPT, &hdev->flags);
281 else
282 clear_bit(HCI_ENCRYPT, &hdev->flags);
283 }
a9de9248 284}
1da177e4 285
a9de9248
MH		 286static void hci_cc_write_scan_enable(struct hci_dev *hdev, struct sk_buff *skb)
287{
36f7fc7e
JH		 288 __u8 param, status = *((__u8 *) skb->data);
289 int old_pscan, old_iscan;
a9de9248 290 void *sent;
1da177e4 291
9f1db00c 292 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1da177e4 293
a9de9248
MH		 294 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SCAN_ENABLE);
295 if (!sent)
296 return;
1da177e4 297
36f7fc7e
JH		 298 param = *((__u8 *) sent);
299
56e5cb86
JH		 300 hci_dev_lock(hdev);
301
fa1bd918 302 if (status) {
744cf19e 303 mgmt_write_scan_failed(hdev, param, status);
2d7cee58
JH		 304 hdev->discov_timeout = 0;
305 goto done;
306 }
307
0663ca2a
JH		 308 /* We need to ensure that we set this back on if someone changed
309 * the scan mode through a raw HCI socket.
310 */
311 set_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
312
36f7fc7e
JH		 313 old_pscan = test_and_clear_bit(HCI_PSCAN, &hdev->flags);
314 old_iscan = test_and_clear_bit(HCI_ISCAN, &hdev->flags);
315
316 if (param & SCAN_INQUIRY) {
317 set_bit(HCI_ISCAN, &hdev->flags);
318 if (!old_iscan)
744cf19e 319 mgmt_discoverable(hdev, 1);
36f7fc7e 320 } else if (old_iscan)
744cf19e 321 mgmt_discoverable(hdev, 0);
36f7fc7e
JH		 322
323 if (param & SCAN_PAGE) {
324 set_bit(HCI_PSCAN, &hdev->flags);
325 if (!old_pscan)
744cf19e 326 mgmt_connectable(hdev, 1);
36f7fc7e 327 } else if (old_pscan)
744cf19e 328 mgmt_connectable(hdev, 0);
1da177e4 329
36f7fc7e 330done:
56e5cb86 331 hci_dev_unlock(hdev);
a9de9248 332}
1da177e4 333
a9de9248
MH		 334static void hci_cc_read_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
335{
336 struct hci_rp_read_class_of_dev *rp = (void *) skb->data;
1da177e4 337
9f1db00c 338 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1da177e4 339
a9de9248
MH		 340 if (rp->status)
341 return;
1da177e4 342
a9de9248 343 memcpy(hdev->dev_class, rp->dev_class, 3);
1da177e4 344
a9de9248 345 BT_DBG("%s class 0x%.2x%.2x%.2x", hdev->name,
807deac2 346 hdev->dev_class[2], hdev->dev_class[1], hdev->dev_class[0]);
a9de9248 347}
1da177e4 348
a9de9248
MH		 349static void hci_cc_write_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
350{
351 __u8 status = *((__u8 *) skb->data);
352 void *sent;
1da177e4 353
9f1db00c 354 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1da177e4 355
a9de9248
MH		 356 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_CLASS_OF_DEV);
357 if (!sent)
358 return;
1da177e4 359
7f9a903c
MH		 360 hci_dev_lock(hdev);
361
362 if (status == 0)
363 memcpy(hdev->dev_class, sent, 3);
364
365 if (test_bit(HCI_MGMT, &hdev->dev_flags))
366 mgmt_set_class_of_dev_complete(hdev, sent, status);
367
368 hci_dev_unlock(hdev);
a9de9248 369}
1da177e4 370
a9de9248
MH		 371static void hci_cc_read_voice_setting(struct hci_dev *hdev, struct sk_buff *skb)
372{
373 struct hci_rp_read_voice_setting *rp = (void *) skb->data;
374 __u16 setting;
375
9f1db00c 376 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
a9de9248
MH		 377
378 if (rp->status)
379 return;
380
381 setting = __le16_to_cpu(rp->voice_setting);
382
f383f275 383 if (hdev->voice_setting == setting)
a9de9248
MH		 384 return;
385
386 hdev->voice_setting = setting;
387
9f1db00c 388 BT_DBG("%s voice setting 0x%4.4x", hdev->name, setting);
a9de9248 389
3c54711c 390 if (hdev->notify)
a9de9248 391 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
a9de9248
MH		 392}
393
8fc9ced3
GP		 394static void hci_cc_write_voice_setting(struct hci_dev *hdev,
395 struct sk_buff *skb)
a9de9248
MH		 396{
397 __u8 status = *((__u8 *) skb->data);
f383f275 398 __u16 setting;
a9de9248
MH		 399 void *sent;
400
9f1db00c 401 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1da177e4 402
f383f275
MH		 403 if (status)
404 return;
405
a9de9248
MH		 406 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_VOICE_SETTING);
407 if (!sent)
408 return;
1da177e4 409
f383f275 410 setting = get_unaligned_le16(sent);
1da177e4 411
f383f275
MH		 412 if (hdev->voice_setting == setting)
413 return;
414
415 hdev->voice_setting = setting;
1da177e4 416
9f1db00c 417 BT_DBG("%s voice setting 0x%4.4x", hdev->name, setting);
1da177e4 418
3c54711c 419 if (hdev->notify)
f383f275 420 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
1da177e4
LT		 421}
422
b4cb9fb2
MH		 423static void hci_cc_read_num_supported_iac(struct hci_dev *hdev,
424 struct sk_buff *skb)
425{
426 struct hci_rp_read_num_supported_iac *rp = (void *) skb->data;
427
428 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
429
430 if (rp->status)
431 return;
432
433 hdev->num_iac = rp->num_iac;
434
435 BT_DBG("%s num iac %d", hdev->name, hdev->num_iac);
436}
437
333140b5
MH		 438static void hci_cc_write_ssp_mode(struct hci_dev *hdev, struct sk_buff *skb)
439{
440 __u8 status = *((__u8 *) skb->data);
5ed8eb2f 441 struct hci_cp_write_ssp_mode *sent;
333140b5 442
9f1db00c 443 BT_DBG("%s status 0x%2.2x", hdev->name, status);
333140b5 444
333140b5
MH		 445 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SSP_MODE);
446 if (!sent)
447 return;
448
5ed8eb2f
JH		 449 if (!status) {
450 if (sent->mode)
cad718ed 451 hdev->features[1][0] |= LMP_HOST_SSP;
5ed8eb2f 452 else
cad718ed 453 hdev->features[1][0] &= ~LMP_HOST_SSP;
5ed8eb2f
JH		 454 }
455
ed2c4ee3 456 if (test_bit(HCI_MGMT, &hdev->dev_flags))
5ed8eb2f 457 mgmt_ssp_enable_complete(hdev, sent->mode, status);
c0ecddc2 458 else if (!status) {
5ed8eb2f 459 if (sent->mode)
c0ecddc2
JH		 460 set_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
461 else
462 clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
463 }
333140b5
MH		 464}
465
eac83dc6
MH		 466static void hci_cc_write_sc_support(struct hci_dev *hdev, struct sk_buff *skb)
467{
468 u8 status = *((u8 *) skb->data);
469 struct hci_cp_write_sc_support *sent;
470
471 BT_DBG("%s status 0x%2.2x", hdev->name, status);
472
473 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SC_SUPPORT);
474 if (!sent)
475 return;
476
477 if (!status) {
478 if (sent->support)
479 hdev->features[1][0] |= LMP_HOST_SC;
480 else
481 hdev->features[1][0] &= ~LMP_HOST_SC;
482 }
483
484 if (test_bit(HCI_MGMT, &hdev->dev_flags))
485 mgmt_sc_enable_complete(hdev, sent->support, status);
486 else if (!status) {
487 if (sent->support)
488 set_bit(HCI_SC_ENABLED, &hdev->dev_flags);
489 else
490 clear_bit(HCI_SC_ENABLED, &hdev->dev_flags);
491 }
492}
493
a9de9248
MH		 494static void hci_cc_read_local_version(struct hci_dev *hdev, struct sk_buff *skb)
495{
496 struct hci_rp_read_local_version *rp = (void *) skb->data;
1143e5a6 497
9f1db00c 498 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1143e5a6 499
a9de9248 500 if (rp->status)
42c6b129 501 return;
1143e5a6 502
0d5551f5
MH		 503 if (test_bit(HCI_SETUP, &hdev->dev_flags)) {
504 hdev->hci_ver = rp->hci_ver;
505 hdev->hci_rev = __le16_to_cpu(rp->hci_rev);
506 hdev->lmp_ver = rp->lmp_ver;
507 hdev->manufacturer = __le16_to_cpu(rp->manufacturer);
508 hdev->lmp_subver = __le16_to_cpu(rp->lmp_subver);
509 }
d5859e22
JH		 510}
511
8fc9ced3
GP		 512static void hci_cc_read_local_commands(struct hci_dev *hdev,
513 struct sk_buff *skb)
a9de9248
MH		 514{
515 struct hci_rp_read_local_commands *rp = (void *) skb->data;
1da177e4 516
9f1db00c 517 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1da177e4 518
6a070e6e
MH		 519 if (rp->status)
520 return;
521
522 if (test_bit(HCI_SETUP, &hdev->dev_flags))
2177bab5 523 memcpy(hdev->commands, rp->commands, sizeof(hdev->commands));
a9de9248 524}
1da177e4 525
8fc9ced3
GP		 526static void hci_cc_read_local_features(struct hci_dev *hdev,
527 struct sk_buff *skb)
a9de9248
MH		 528{
529 struct hci_rp_read_local_features *rp = (void *) skb->data;
5b7f9909 530
9f1db00c 531 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1da177e4 532
a9de9248
MH		 533 if (rp->status)
534 return;
5b7f9909 535
a9de9248 536 memcpy(hdev->features, rp->features, 8);
5b7f9909 537
a9de9248
MH		 538 /* Adjust default settings according to features
539 * supported by device. */
1da177e4 540
cad718ed 541 if (hdev->features[0][0] & LMP_3SLOT)
a9de9248 542 hdev->pkt_type |= (HCI_DM3 | HCI_DH3);
1da177e4 543
cad718ed 544 if (hdev->features[0][0] & LMP_5SLOT)
a9de9248 545 hdev->pkt_type |= (HCI_DM5 | HCI_DH5);
1da177e4 546
cad718ed 547 if (hdev->features[0][1] & LMP_HV2) {
a9de9248
MH		 548 hdev->pkt_type |= (HCI_HV2);
549 hdev->esco_type |= (ESCO_HV2);
550 }
1da177e4 551
cad718ed 552 if (hdev->features[0][1] & LMP_HV3) {
a9de9248
MH		 553 hdev->pkt_type |= (HCI_HV3);
554 hdev->esco_type |= (ESCO_HV3);
555 }
1da177e4 556
45db810f 557 if (lmp_esco_capable(hdev))
a9de9248 558 hdev->esco_type |= (ESCO_EV3);
da1f5198 559
cad718ed 560 if (hdev->features[0][4] & LMP_EV4)
a9de9248 561 hdev->esco_type |= (ESCO_EV4);
da1f5198 562
cad718ed 563 if (hdev->features[0][4] & LMP_EV5)
a9de9248 564 hdev->esco_type |= (ESCO_EV5);
1da177e4 565
cad718ed 566 if (hdev->features[0][5] & LMP_EDR_ESCO_2M)
efc7688b
MH		 567 hdev->esco_type |= (ESCO_2EV3);
568
cad718ed 569 if (hdev->features[0][5] & LMP_EDR_ESCO_3M)
efc7688b
MH		 570 hdev->esco_type |= (ESCO_3EV3);
571
cad718ed 572 if (hdev->features[0][5] & LMP_EDR_3S_ESCO)
efc7688b 573 hdev->esco_type |= (ESCO_2EV5 | ESCO_3EV5);
a9de9248 574}
1da177e4 575
971e3a4b 576static void hci_cc_read_local_ext_features(struct hci_dev *hdev,
807deac2 577 struct sk_buff *skb)
971e3a4b
AG		 578{
579 struct hci_rp_read_local_ext_features *rp = (void *) skb->data;
580
9f1db00c 581 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
971e3a4b
AG		 582
583 if (rp->status)
42c6b129 584 return;
971e3a4b 585
57af75a8
MH		 586 if (hdev->max_page < rp->max_page)
587 hdev->max_page = rp->max_page;
d2c5d77f 588
cad718ed
JH		 589 if (rp->page < HCI_MAX_PAGES)
590 memcpy(hdev->features[rp->page], rp->features, 8);
971e3a4b
AG		 591}
592
1e89cffb 593static void hci_cc_read_flow_control_mode(struct hci_dev *hdev,
807deac2 594 struct sk_buff *skb)
1e89cffb
AE		 595{
596 struct hci_rp_read_flow_control_mode *rp = (void *) skb->data;
597
9f1db00c 598 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1e89cffb 599
42c6b129
JH		 600 if (!rp->status)
601 hdev->flow_ctl_mode = rp->mode;
1e89cffb
AE		 602}
603
a9de9248
MH		 604static void hci_cc_read_buffer_size(struct hci_dev *hdev, struct sk_buff *skb)
605{
606 struct hci_rp_read_buffer_size *rp = (void *) skb->data;
1da177e4 607
9f1db00c 608 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1da177e4 609
a9de9248
MH		 610 if (rp->status)
611 return;
1da177e4 612
a9de9248
MH		 613 hdev->acl_mtu = __le16_to_cpu(rp->acl_mtu);
614 hdev->sco_mtu = rp->sco_mtu;
615 hdev->acl_pkts = __le16_to_cpu(rp->acl_max_pkt);
616 hdev->sco_pkts = __le16_to_cpu(rp->sco_max_pkt);
617
618 if (test_bit(HCI_QUIRK_FIXUP_BUFFER_SIZE, &hdev->quirks)) {
619 hdev->sco_mtu = 64;
620 hdev->sco_pkts = 8;
1da177e4 621 }
a9de9248
MH		 622
623 hdev->acl_cnt = hdev->acl_pkts;
624 hdev->sco_cnt = hdev->sco_pkts;
625
807deac2
GP		 626 BT_DBG("%s acl mtu %d:%d sco mtu %d:%d", hdev->name, hdev->acl_mtu,
627 hdev->acl_pkts, hdev->sco_mtu, hdev->sco_pkts);
a9de9248
MH		 628}
629
630static void hci_cc_read_bd_addr(struct hci_dev *hdev, struct sk_buff *skb)
631{
632 struct hci_rp_read_bd_addr *rp = (void *) skb->data;
633
9f1db00c 634 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
a9de9248
MH		 635
636 if (!rp->status)
637 bacpy(&hdev->bdaddr, &rp->bdaddr);
23bb5763
JH		 638}
639
f332ec66
JH		 640static void hci_cc_read_page_scan_activity(struct hci_dev *hdev,
641 struct sk_buff *skb)
642{
643 struct hci_rp_read_page_scan_activity *rp = (void *) skb->data;
644
645 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
646
647 if (test_bit(HCI_INIT, &hdev->flags) && !rp->status) {
648 hdev->page_scan_interval = __le16_to_cpu(rp->interval);
649 hdev->page_scan_window = __le16_to_cpu(rp->window);
650 }
651}
652
4a3ee763
JH		 653static void hci_cc_write_page_scan_activity(struct hci_dev *hdev,
654 struct sk_buff *skb)
655{
656 u8 status = *((u8 *) skb->data);
657 struct hci_cp_write_page_scan_activity *sent;
658
659 BT_DBG("%s status 0x%2.2x", hdev->name, status);
660
661 if (status)
662 return;
663
664 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY);
665 if (!sent)
666 return;
667
668 hdev->page_scan_interval = __le16_to_cpu(sent->interval);
669 hdev->page_scan_window = __le16_to_cpu(sent->window);
670}
671
f332ec66
JH		 672static void hci_cc_read_page_scan_type(struct hci_dev *hdev,
673 struct sk_buff *skb)
674{
675 struct hci_rp_read_page_scan_type *rp = (void *) skb->data;
676
677 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
678
679 if (test_bit(HCI_INIT, &hdev->flags) && !rp->status)
680 hdev->page_scan_type = rp->type;
681}
682
4a3ee763
JH		 683static void hci_cc_write_page_scan_type(struct hci_dev *hdev,
684 struct sk_buff *skb)
685{
686 u8 status = *((u8 *) skb->data);
687 u8 *type;
688
689 BT_DBG("%s status 0x%2.2x", hdev->name, status);
690
691 if (status)
692 return;
693
694 type = hci_sent_cmd_data(hdev, HCI_OP_WRITE_PAGE_SCAN_TYPE);
695 if (type)
696 hdev->page_scan_type = *type;
697}
698
350ee4cf 699static void hci_cc_read_data_block_size(struct hci_dev *hdev,
807deac2 700 struct sk_buff *skb)
350ee4cf
AE		 701{
702 struct hci_rp_read_data_block_size *rp = (void *) skb->data;
703
9f1db00c 704 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
350ee4cf
AE		 705
706 if (rp->status)
707 return;
708
709 hdev->block_mtu = __le16_to_cpu(rp->max_acl_len);
710 hdev->block_len = __le16_to_cpu(rp->block_len);
711 hdev->num_blocks = __le16_to_cpu(rp->num_blocks);
712
713 hdev->block_cnt = hdev->num_blocks;
714
715 BT_DBG("%s blk mtu %d cnt %d len %d", hdev->name, hdev->block_mtu,
807deac2 716 hdev->block_cnt, hdev->block_len);
350ee4cf
AE		 717}
718
928abaa7 719static void hci_cc_read_local_amp_info(struct hci_dev *hdev,
807deac2 720 struct sk_buff *skb)
928abaa7
AE		 721{
722 struct hci_rp_read_local_amp_info *rp = (void *) skb->data;
723
9f1db00c 724 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
928abaa7
AE		 725
726 if (rp->status)
8e2a0d92 727 goto a2mp_rsp;
928abaa7
AE		 728
729 hdev->amp_status = rp->amp_status;
730 hdev->amp_total_bw = __le32_to_cpu(rp->total_bw);
731 hdev->amp_max_bw = __le32_to_cpu(rp->max_bw);
732 hdev->amp_min_latency = __le32_to_cpu(rp->min_latency);
733 hdev->amp_max_pdu = __le32_to_cpu(rp->max_pdu);
734 hdev->amp_type = rp->amp_type;
735 hdev->amp_pal_cap = __le16_to_cpu(rp->pal_cap);
736 hdev->amp_assoc_size = __le16_to_cpu(rp->max_assoc_size);
737 hdev->amp_be_flush_to = __le32_to_cpu(rp->be_flush_to);
738 hdev->amp_max_flush_to = __le32_to_cpu(rp->max_flush_to);
739
8e2a0d92
AE		 740a2mp_rsp:
741 a2mp_send_getinfo_rsp(hdev);
928abaa7
AE		 742}
743
903e4541
AE		 744static void hci_cc_read_local_amp_assoc(struct hci_dev *hdev,
745 struct sk_buff *skb)
746{
747 struct hci_rp_read_local_amp_assoc *rp = (void *) skb->data;
748 struct amp_assoc *assoc = &hdev->loc_assoc;
749 size_t rem_len, frag_len;
750
751 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
752
753 if (rp->status)
754 goto a2mp_rsp;
755
756 frag_len = skb->len - sizeof(*rp);
757 rem_len = __le16_to_cpu(rp->rem_len);
758
759 if (rem_len > frag_len) {
2e430be3 760 BT_DBG("frag_len %zu rem_len %zu", frag_len, rem_len);
903e4541
AE		 761
762 memcpy(assoc->data + assoc->offset, rp->frag, frag_len);
763 assoc->offset += frag_len;
764
765 /* Read other fragments */
766 amp_read_loc_assoc_frag(hdev, rp->phy_handle);
767
768 return;
769 }
770
771 memcpy(assoc->data + assoc->offset, rp->frag, rem_len);
772 assoc->len = assoc->offset + rem_len;
773 assoc->offset = 0;
774
775a2mp_rsp:
776 /* Send A2MP Rsp when all fragments are received */
777 a2mp_send_getampassoc_rsp(hdev, rp->status);
9495b2ee 778 a2mp_send_create_phy_link_req(hdev, rp->status);
903e4541
AE		 779}
780
d5859e22 781static void hci_cc_read_inq_rsp_tx_power(struct hci_dev *hdev,
807deac2 782 struct sk_buff *skb)
d5859e22 783{
91c4e9b1 784 struct hci_rp_read_inq_rsp_tx_power *rp = (void *) skb->data;
d5859e22 785
9f1db00c 786 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
91c4e9b1
MH		 787
788 if (!rp->status)
789 hdev->inq_tx_power = rp->tx_power;
d5859e22
JH		 790}
791
980e1a53
JH		 792static void hci_cc_pin_code_reply(struct hci_dev *hdev, struct sk_buff *skb)
793{
794 struct hci_rp_pin_code_reply *rp = (void *) skb->data;
795 struct hci_cp_pin_code_reply *cp;
796 struct hci_conn *conn;
797
9f1db00c 798 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
980e1a53 799
56e5cb86
JH		 800 hci_dev_lock(hdev);
801
a8b2d5c2 802 if (test_bit(HCI_MGMT, &hdev->dev_flags))
744cf19e 803 mgmt_pin_code_reply_complete(hdev, &rp->bdaddr, rp->status);
980e1a53 804
fa1bd918 805 if (rp->status)
56e5cb86 806 goto unlock;
980e1a53
JH		 807
808 cp = hci_sent_cmd_data(hdev, HCI_OP_PIN_CODE_REPLY);
809 if (!cp)
56e5cb86 810 goto unlock;
980e1a53
JH		 811
812 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
813 if (conn)
814 conn->pin_length = cp->pin_len;
56e5cb86
JH		 815
816unlock:
817 hci_dev_unlock(hdev);
980e1a53
JH		 818}
819
820static void hci_cc_pin_code_neg_reply(struct hci_dev *hdev, struct sk_buff *skb)
821{
822 struct hci_rp_pin_code_neg_reply *rp = (void *) skb->data;
823
9f1db00c 824 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
980e1a53 825
56e5cb86
JH		 826 hci_dev_lock(hdev);
827
a8b2d5c2 828 if (test_bit(HCI_MGMT, &hdev->dev_flags))
744cf19e 829 mgmt_pin_code_neg_reply_complete(hdev, &rp->bdaddr,
807deac2 830 rp->status);
56e5cb86
JH		 831
832 hci_dev_unlock(hdev);
980e1a53 833}
56e5cb86 834
6ed58ec5
VT		 835static void hci_cc_le_read_buffer_size(struct hci_dev *hdev,
836 struct sk_buff *skb)
837{
838 struct hci_rp_le_read_buffer_size *rp = (void *) skb->data;
839
9f1db00c 840 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
6ed58ec5
VT		 841
842 if (rp->status)
843 return;
844
845 hdev->le_mtu = __le16_to_cpu(rp->le_mtu);
846 hdev->le_pkts = rp->le_max_pkt;
847
848 hdev->le_cnt = hdev->le_pkts;
849
850 BT_DBG("%s le mtu %d:%d", hdev->name, hdev->le_mtu, hdev->le_pkts);
6ed58ec5 851}
980e1a53 852
60e77321
JH		 853static void hci_cc_le_read_local_features(struct hci_dev *hdev,
854 struct sk_buff *skb)
855{
856 struct hci_rp_le_read_local_features *rp = (void *) skb->data;
857
858 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
859
860 if (!rp->status)
861 memcpy(hdev->le_features, rp->features, 8);
60e77321
JH		 862}
863
8fa19098
JH		 864static void hci_cc_le_read_adv_tx_power(struct hci_dev *hdev,
865 struct sk_buff *skb)
866{
867 struct hci_rp_le_read_adv_tx_power *rp = (void *) skb->data;
868
869 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
870
04b4edcb 871 if (!rp->status)
8fa19098 872 hdev->adv_tx_power = rp->tx_power;
8fa19098
JH		 873}
874
a5c29683
JH		 875static void hci_cc_user_confirm_reply(struct hci_dev *hdev, struct sk_buff *skb)
876{
877 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
878
9f1db00c 879 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
a5c29683 880
56e5cb86
JH		 881 hci_dev_lock(hdev);
882
a8b2d5c2 883 if (test_bit(HCI_MGMT, &hdev->dev_flags))
04124681
GP		 884 mgmt_user_confirm_reply_complete(hdev, &rp->bdaddr, ACL_LINK, 0,
885 rp->status);
56e5cb86
JH		 886
887 hci_dev_unlock(hdev);
a5c29683
JH		 888}
889
890static void hci_cc_user_confirm_neg_reply(struct hci_dev *hdev,
807deac2 891 struct sk_buff *skb)
a5c29683
JH		 892{
893 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
894
9f1db00c 895 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
a5c29683 896
56e5cb86
JH		 897 hci_dev_lock(hdev);
898
a8b2d5c2 899 if (test_bit(HCI_MGMT, &hdev->dev_flags))
744cf19e 900 mgmt_user_confirm_neg_reply_complete(hdev, &rp->bdaddr,
04124681 901 ACL_LINK, 0, rp->status);
56e5cb86
JH		 902
903 hci_dev_unlock(hdev);
a5c29683
JH		 904}
905
1143d458
BG		 906static void hci_cc_user_passkey_reply(struct hci_dev *hdev, struct sk_buff *skb)
907{
908 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
909
9f1db00c 910 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1143d458
BG		 911
912 hci_dev_lock(hdev);
913
a8b2d5c2 914 if (test_bit(HCI_MGMT, &hdev->dev_flags))
272d90df 915 mgmt_user_passkey_reply_complete(hdev, &rp->bdaddr, ACL_LINK,
04124681 916 0, rp->status);
1143d458
BG		 917
918 hci_dev_unlock(hdev);
919}
920
921static void hci_cc_user_passkey_neg_reply(struct hci_dev *hdev,
807deac2 922 struct sk_buff *skb)
1143d458
BG		 923{
924 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
925
9f1db00c 926 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1143d458
BG		 927
928 hci_dev_lock(hdev);
929
a8b2d5c2 930 if (test_bit(HCI_MGMT, &hdev->dev_flags))
1143d458 931 mgmt_user_passkey_neg_reply_complete(hdev, &rp->bdaddr,
04124681 932 ACL_LINK, 0, rp->status);
1143d458
BG		 933
934 hci_dev_unlock(hdev);
935}
936
4d2d2796
MH		 937static void hci_cc_read_local_oob_data(struct hci_dev *hdev,
938 struct sk_buff *skb)
c35938b2
SJ		 939{
940 struct hci_rp_read_local_oob_data *rp = (void *) skb->data;
941
9f1db00c 942 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
c35938b2 943
56e5cb86 944 hci_dev_lock(hdev);
4d2d2796
MH		 945 mgmt_read_local_oob_data_complete(hdev, rp->hash, rp->randomizer,
946 NULL, NULL, rp->status);
947 hci_dev_unlock(hdev);
948}
949
950static void hci_cc_read_local_oob_ext_data(struct hci_dev *hdev,
951 struct sk_buff *skb)
952{
953 struct hci_rp_read_local_oob_ext_data *rp = (void *) skb->data;
954
955 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
956
957 hci_dev_lock(hdev);
958 mgmt_read_local_oob_data_complete(hdev, rp->hash192, rp->randomizer192,
959 rp->hash256, rp->randomizer256,
960 rp->status);
56e5cb86 961 hci_dev_unlock(hdev);
c35938b2
SJ		 962}
963
7a4cd51d
MH		 964
965static void hci_cc_le_set_random_addr(struct hci_dev *hdev, struct sk_buff *skb)
966{
967 __u8 status = *((__u8 *) skb->data);
968 bdaddr_t *sent;
969
970 BT_DBG("%s status 0x%2.2x", hdev->name, status);
971
972 sent = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_RANDOM_ADDR);
973 if (!sent)
974 return;
975
976 hci_dev_lock(hdev);
977
978 if (!status)
979 bacpy(&hdev->random_addr, sent);
980
981 hci_dev_unlock(hdev);
982}
983
c1d5dc4a
JH		 984static void hci_cc_le_set_adv_enable(struct hci_dev *hdev, struct sk_buff *skb)
985{
986 __u8 *sent, status = *((__u8 *) skb->data);
987
988 BT_DBG("%s status 0x%2.2x", hdev->name, status);
989
990 sent = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_ADV_ENABLE);
991 if (!sent)
992 return;
993
3c857757
JH		 994 if (status)
995 return;
996
c1d5dc4a
JH		 997 hci_dev_lock(hdev);
998
3c857757
JH		 999 /* If we're doing connection initation as peripheral. Set a
1000 * timeout in case something goes wrong.
1001 */
1002 if (*sent) {
1003 struct hci_conn *conn;
1004
1005 conn = hci_conn_hash_lookup_state(hdev, LE_LINK, BT_CONNECT);
1006 if (conn)
1007 queue_delayed_work(hdev->workqueue,
1008 &conn->le_conn_timeout,
1009 HCI_LE_CONN_TIMEOUT);
1010 }
1011
1012 mgmt_advertising(hdev, *sent);
c1d5dc4a 1013
04b4edcb 1014 hci_dev_unlock(hdev);
c1d5dc4a
JH		 1015}
1016
533553f8
MH		 1017static void hci_cc_le_set_scan_param(struct hci_dev *hdev, struct sk_buff *skb)
1018{
1019 struct hci_cp_le_set_scan_param *cp;
1020 __u8 status = *((__u8 *) skb->data);
1021
1022 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1023
1024 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_SCAN_PARAM);
1025 if (!cp)
1026 return;
1027
1028 hci_dev_lock(hdev);
1029
1030 if (!status)
1031 hdev->le_scan_type = cp->type;
1032
1033 hci_dev_unlock(hdev);
1034}
1035
b9a6328f
JH		 1036static bool has_pending_adv_report(struct hci_dev *hdev)
1037{
1038 struct discovery_state *d = &hdev->discovery;
1039
1040 return bacmp(&d->last_adv_addr, BDADDR_ANY);
1041}
1042
1043static void clear_pending_adv_report(struct hci_dev *hdev)
1044{
1045 struct discovery_state *d = &hdev->discovery;
1046
1047 bacpy(&d->last_adv_addr, BDADDR_ANY);
1048 d->last_adv_data_len = 0;
1049}
1050
1051static void store_pending_adv_report(struct hci_dev *hdev, bdaddr_t *bdaddr,
ff5cd29f 1052 u8 bdaddr_type, s8 rssi, u8 *data, u8 len)
b9a6328f
JH		 1053{
1054 struct discovery_state *d = &hdev->discovery;
1055
1056 bacpy(&d->last_adv_addr, bdaddr);
1057 d->last_adv_addr_type = bdaddr_type;
ff5cd29f 1058 d->last_adv_rssi = rssi;
b9a6328f
JH		 1059 memcpy(d->last_adv_data, data, len);
1060 d->last_adv_data_len = len;
1061}
1062
eb9d91f5 1063static void hci_cc_le_set_scan_enable(struct hci_dev *hdev,
807deac2 1064 struct sk_buff *skb)
eb9d91f5
AG		 1065{
1066 struct hci_cp_le_set_scan_enable *cp;
1067 __u8 status = *((__u8 *) skb->data);
1068
9f1db00c 1069 BT_DBG("%s status 0x%2.2x", hdev->name, status);
eb9d91f5 1070
eb9d91f5
AG		 1071 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_SCAN_ENABLE);
1072 if (!cp)
1073 return;
1074
3fd319b8
AG		 1075 if (status)
1076 return;
1077
68a8aea4 1078 switch (cp->enable) {
76a388be 1079 case LE_SCAN_ENABLE:
d23264a8 1080 set_bit(HCI_LE_SCAN, &hdev->dev_flags);
b9a6328f
JH		 1081 if (hdev->le_scan_type == LE_SCAN_ACTIVE)
1082 clear_pending_adv_report(hdev);
68a8aea4
AE		 1083 break;
1084
76a388be 1085 case LE_SCAN_DISABLE:
b9a6328f
JH		 1086 /* We do this here instead of when setting DISCOVERY_STOPPED
1087 * since the latter would potentially require waiting for
1088 * inquiry to stop too.
1089 */
1090 if (has_pending_adv_report(hdev)) {
1091 struct discovery_state *d = &hdev->discovery;
1092
1093 mgmt_device_found(hdev, &d->last_adv_addr, LE_LINK,
ab0aa433
JH		 1094 d->last_adv_addr_type, NULL,
1095 d->last_adv_rssi, 0, 1,
1096 d->last_adv_data,
b9a6328f
JH		 1097 d->last_adv_data_len, NULL, 0);
1098 }
1099
317ac8cb
JH		 1100 /* Cancel this timer so that we don't try to disable scanning
1101 * when it's already disabled.
1102 */
1103 cancel_delayed_work(&hdev->le_scan_disable);
1104
d23264a8 1105 clear_bit(HCI_LE_SCAN, &hdev->dev_flags);
81ad6fd9
JH		 1106 /* The HCI_LE_SCAN_INTERRUPTED flag indicates that we
1107 * interrupted scanning due to a connect request. Mark
1108 * therefore discovery as stopped.
1109 */
1110 if (test_and_clear_bit(HCI_LE_SCAN_INTERRUPTED,
1111 &hdev->dev_flags))
1112 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
68a8aea4
AE		 1113 break;
1114
1115 default:
1116 BT_ERR("Used reserved LE_Scan_Enable param %d", cp->enable);
1117 break;
35815085 1118 }
eb9d91f5
AG		 1119}
1120
cf1d081f
JH		 1121static void hci_cc_le_read_white_list_size(struct hci_dev *hdev,
1122 struct sk_buff *skb)
1123{
1124 struct hci_rp_le_read_white_list_size *rp = (void *) skb->data;
1125
1126 BT_DBG("%s status 0x%2.2x size %u", hdev->name, rp->status, rp->size);
1127
1128 if (!rp->status)
1129 hdev->le_white_list_size = rp->size;
cf1d081f
JH		 1130}
1131
0f36b589
MH		 1132static void hci_cc_le_clear_white_list(struct hci_dev *hdev,
1133 struct sk_buff *skb)
1134{
1135 __u8 status = *((__u8 *) skb->data);
1136
1137 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1138
1139 if (!status)
1140 hci_white_list_clear(hdev);
1141}
1142
1143static void hci_cc_le_add_to_white_list(struct hci_dev *hdev,
1144 struct sk_buff *skb)
1145{
1146 struct hci_cp_le_add_to_white_list *sent;
1147 __u8 status = *((__u8 *) skb->data);
1148
1149 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1150
1151 sent = hci_sent_cmd_data(hdev, HCI_OP_LE_ADD_TO_WHITE_LIST);
1152 if (!sent)
1153 return;
1154
1155 if (!status)
1156 hci_white_list_add(hdev, &sent->bdaddr, sent->bdaddr_type);
1157}
1158
1159static void hci_cc_le_del_from_white_list(struct hci_dev *hdev,
1160 struct sk_buff *skb)
1161{
1162 struct hci_cp_le_del_from_white_list *sent;
1163 __u8 status = *((__u8 *) skb->data);
1164
1165 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1166
1167 sent = hci_sent_cmd_data(hdev, HCI_OP_LE_DEL_FROM_WHITE_LIST);
1168 if (!sent)
1169 return;
1170
1171 if (!status)
1172 hci_white_list_del(hdev, &sent->bdaddr, sent->bdaddr_type);
1173}
1174
9b008c04
JH		 1175static void hci_cc_le_read_supported_states(struct hci_dev *hdev,
1176 struct sk_buff *skb)
1177{
1178 struct hci_rp_le_read_supported_states *rp = (void *) skb->data;
1179
1180 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1181
1182 if (!rp->status)
1183 memcpy(hdev->le_states, rp->le_states, 8);
9b008c04
JH		 1184}
1185
6039aa73
GP		 1186static void hci_cc_write_le_host_supported(struct hci_dev *hdev,
1187 struct sk_buff *skb)
f9b49306 1188{
06199cf8 1189 struct hci_cp_write_le_host_supported *sent;
f9b49306
AG		 1190 __u8 status = *((__u8 *) skb->data);
1191
9f1db00c 1192 BT_DBG("%s status 0x%2.2x", hdev->name, status);
f9b49306 1193
06199cf8 1194 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED);
8f984dfa 1195 if (!sent)
f9b49306
AG		 1196 return;
1197
8f984dfa 1198 if (!status) {
416a4ae5 1199 if (sent->le) {
cad718ed 1200 hdev->features[1][0] |= LMP_HOST_LE;
416a4ae5
JH		 1201 set_bit(HCI_LE_ENABLED, &hdev->dev_flags);
1202 } else {
cad718ed 1203 hdev->features[1][0] &= ~LMP_HOST_LE;
416a4ae5 1204 clear_bit(HCI_LE_ENABLED, &hdev->dev_flags);
f3d3444a 1205 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
416a4ae5 1206 }
53b2caab
JH		 1207
1208 if (sent->simul)
cad718ed 1209 hdev->features[1][0] |= LMP_HOST_LE_BREDR;
53b2caab 1210 else
cad718ed 1211 hdev->features[1][0] &= ~LMP_HOST_LE_BREDR;
8f984dfa 1212 }
f9b49306
AG		 1213}
1214
56ed2cb8
JH		 1215static void hci_cc_set_adv_param(struct hci_dev *hdev, struct sk_buff *skb)
1216{
1217 struct hci_cp_le_set_adv_param *cp;
1218 u8 status = *((u8 *) skb->data);
1219
1220 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1221
1222 if (status)
1223 return;
1224
1225 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_ADV_PARAM);
1226 if (!cp)
1227 return;
1228
1229 hci_dev_lock(hdev);
1230 hdev->adv_addr_type = cp->own_address_type;
1231 hci_dev_unlock(hdev);
1232}
1233
93c284ee
AE		 1234static void hci_cc_write_remote_amp_assoc(struct hci_dev *hdev,
1235 struct sk_buff *skb)
1236{
1237 struct hci_rp_write_remote_amp_assoc *rp = (void *) skb->data;
1238
1239 BT_DBG("%s status 0x%2.2x phy_handle 0x%2.2x",
1240 hdev->name, rp->status, rp->phy_handle);
1241
1242 if (rp->status)
1243 return;
1244
1245 amp_write_rem_assoc_continue(hdev, rp->phy_handle);
1246}
1247
5ae76a94
AK		 1248static void hci_cc_read_rssi(struct hci_dev *hdev, struct sk_buff *skb)
1249{
1250 struct hci_rp_read_rssi *rp = (void *) skb->data;
1251 struct hci_conn *conn;
1252
1253 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1254
1255 if (rp->status)
1256 return;
1257
1258 hci_dev_lock(hdev);
1259
1260 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
1261 if (conn)
1262 conn->rssi = rp->rssi;
1263
1264 hci_dev_unlock(hdev);
1265}
1266
5a134fae
AK		 1267static void hci_cc_read_tx_power(struct hci_dev *hdev, struct sk_buff *skb)
1268{
1269 struct hci_cp_read_tx_power *sent;
1270 struct hci_rp_read_tx_power *rp = (void *) skb->data;
1271 struct hci_conn *conn;
1272
1273 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1274
1275 if (rp->status)
1276 return;
1277
1278 sent = hci_sent_cmd_data(hdev, HCI_OP_READ_TX_POWER);
1279 if (!sent)
1280 return;
1281
1282 hci_dev_lock(hdev);
1283
1284 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
d0455ed9
AK		 1285 if (!conn)
1286 goto unlock;
1287
1288 switch (sent->type) {
1289 case 0x00:
5a134fae 1290 conn->tx_power = rp->tx_power;
d0455ed9
AK		 1291 break;
1292 case 0x01:
1293 conn->max_tx_power = rp->tx_power;
1294 break;
1295 }
5a134fae 1296
d0455ed9 1297unlock:
5a134fae
AK		 1298 hci_dev_unlock(hdev);
1299}
1300
6039aa73 1301static void hci_cs_inquiry(struct hci_dev *hdev, __u8 status)
a9de9248 1302{
9f1db00c 1303 BT_DBG("%s status 0x%2.2x", hdev->name, status);
a9de9248
MH		 1304
1305 if (status) {
a9de9248 1306 hci_conn_check_pending(hdev);
314b2381
JH		 1307 return;
1308 }
1309
89352e7d 1310 set_bit(HCI_INQUIRY, &hdev->flags);
1da177e4
LT		 1311}
1312
6039aa73 1313static void hci_cs_create_conn(struct hci_dev *hdev, __u8 status)
1da177e4 1314{
a9de9248 1315 struct hci_cp_create_conn *cp;
1da177e4 1316 struct hci_conn *conn;
1da177e4 1317
9f1db00c 1318 BT_DBG("%s status 0x%2.2x", hdev->name, status);
a9de9248
MH		 1319
1320 cp = hci_sent_cmd_data(hdev, HCI_OP_CREATE_CONN);
1da177e4
LT		 1321 if (!cp)
1322 return;
1323
1324 hci_dev_lock(hdev);
1325
1326 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1327
6ed93dc6 1328 BT_DBG("%s bdaddr %pMR hcon %p", hdev->name, &cp->bdaddr, conn);
1da177e4
LT		 1329
1330 if (status) {
1331 if (conn && conn->state == BT_CONNECT) {
4c67bc74
MH		 1332 if (status != 0x0c || conn->attempt > 2) {
1333 conn->state = BT_CLOSED;
1334 hci_proto_connect_cfm(conn, status);
1335 hci_conn_del(conn);
1336 } else
1337 conn->state = BT_CONNECT2;
1da177e4
LT		 1338 }
1339 } else {
1340 if (!conn) {
1341 conn = hci_conn_add(hdev, ACL_LINK, &cp->bdaddr);
1342 if (conn) {
a0c808b3 1343 conn->out = true;
1da177e4
LT		 1344 conn->link_mode |= HCI_LM_MASTER;
1345 } else
893ef971 1346 BT_ERR("No memory for new connection");
1da177e4
LT		 1347 }
1348 }
1349
1350 hci_dev_unlock(hdev);
1351}
1352
a9de9248 1353static void hci_cs_add_sco(struct hci_dev *hdev, __u8 status)
1da177e4 1354{
a9de9248
MH		 1355 struct hci_cp_add_sco *cp;
1356 struct hci_conn *acl, *sco;
1357 __u16 handle;
1da177e4 1358
9f1db00c 1359 BT_DBG("%s status 0x%2.2x", hdev->name, status);
b6a0dc82 1360
a9de9248
MH		 1361 if (!status)
1362 return;
1da177e4 1363
a9de9248
MH		 1364 cp = hci_sent_cmd_data(hdev, HCI_OP_ADD_SCO);
1365 if (!cp)
1366 return;
1da177e4 1367
a9de9248 1368 handle = __le16_to_cpu(cp->handle);
1da177e4 1369
9f1db00c 1370 BT_DBG("%s handle 0x%4.4x", hdev->name, handle);
1da177e4 1371
a9de9248 1372 hci_dev_lock(hdev);
1da177e4 1373
a9de9248 1374 acl = hci_conn_hash_lookup_handle(hdev, handle);
5a08ecce
AE		 1375 if (acl) {
1376 sco = acl->link;
1377 if (sco) {
1378 sco->state = BT_CLOSED;
1da177e4 1379
5a08ecce
AE		 1380 hci_proto_connect_cfm(sco, status);
1381 hci_conn_del(sco);
1382 }
a9de9248 1383 }
1da177e4 1384
a9de9248
MH		 1385 hci_dev_unlock(hdev);
1386}
1da177e4 1387
f8558555
MH		 1388static void hci_cs_auth_requested(struct hci_dev *hdev, __u8 status)
1389{
1390 struct hci_cp_auth_requested *cp;
1391 struct hci_conn *conn;
1392
9f1db00c 1393 BT_DBG("%s status 0x%2.2x", hdev->name, status);
f8558555
MH		 1394
1395 if (!status)
1396 return;
1397
1398 cp = hci_sent_cmd_data(hdev, HCI_OP_AUTH_REQUESTED);
1399 if (!cp)
1400 return;
1401
1402 hci_dev_lock(hdev);
1403
1404 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1405 if (conn) {
1406 if (conn->state == BT_CONFIG) {
1407 hci_proto_connect_cfm(conn, status);
76a68ba0 1408 hci_conn_drop(conn);
f8558555
MH		 1409 }
1410 }
1411
1412 hci_dev_unlock(hdev);
1413}
1414
1415static void hci_cs_set_conn_encrypt(struct hci_dev *hdev, __u8 status)
1416{
1417 struct hci_cp_set_conn_encrypt *cp;
1418 struct hci_conn *conn;
1419
9f1db00c 1420 BT_DBG("%s status 0x%2.2x", hdev->name, status);
f8558555
MH		 1421
1422 if (!status)
1423 return;
1424
1425 cp = hci_sent_cmd_data(hdev, HCI_OP_SET_CONN_ENCRYPT);
1426 if (!cp)
1427 return;
1428
1429 hci_dev_lock(hdev);
1430
1431 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1432 if (conn) {
1433 if (conn->state == BT_CONFIG) {
1434 hci_proto_connect_cfm(conn, status);
76a68ba0 1435 hci_conn_drop(conn);
f8558555
MH		 1436 }
1437 }
1438
1439 hci_dev_unlock(hdev);
1440}
1441
127178d2 1442static int hci_outgoing_auth_needed(struct hci_dev *hdev,
807deac2 1443 struct hci_conn *conn)
392599b9 1444{
392599b9
JH		 1445 if (conn->state != BT_CONFIG || !conn->out)
1446 return 0;
1447
765c2a96 1448 if (conn->pending_sec_level == BT_SECURITY_SDP)
392599b9
JH		 1449 return 0;
1450
1451 /* Only request authentication for SSP connections or non-SSP
264b8b4e
JH		 1452 * devices with sec_level MEDIUM or HIGH or if MITM protection
1453 * is requested.
1454 */
807deac2 1455 if (!hci_conn_ssp_enabled(conn) && !(conn->auth_type & 0x01) &&
7e3691e1 1456 conn->pending_sec_level != BT_SECURITY_FIPS &&
264b8b4e
JH		 1457 conn->pending_sec_level != BT_SECURITY_HIGH &&
1458 conn->pending_sec_level != BT_SECURITY_MEDIUM)
392599b9
JH		 1459 return 0;
1460
392599b9
JH		 1461 return 1;
1462}
1463
6039aa73 1464static int hci_resolve_name(struct hci_dev *hdev,
04124681 1465 struct inquiry_entry *e)
30dc78e1
JH		 1466{
1467 struct hci_cp_remote_name_req cp;
1468
1469 memset(&cp, 0, sizeof(cp));
1470
1471 bacpy(&cp.bdaddr, &e->data.bdaddr);
1472 cp.pscan_rep_mode = e->data.pscan_rep_mode;
1473 cp.pscan_mode = e->data.pscan_mode;
1474 cp.clock_offset = e->data.clock_offset;
1475
1476 return hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
1477}
1478
b644ba33 1479static bool hci_resolve_next_name(struct hci_dev *hdev)
30dc78e1
JH		 1480{
1481 struct discovery_state *discov = &hdev->discovery;
1482 struct inquiry_entry *e;
1483
b644ba33
JH		 1484 if (list_empty(&discov->resolve))
1485 return false;
1486
1487 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_NEEDED);
c810089c
RM		 1488 if (!e)
1489 return false;
1490
b644ba33
JH		 1491 if (hci_resolve_name(hdev, e) == 0) {
1492 e->name_state = NAME_PENDING;
1493 return true;
1494 }
1495
1496 return false;
1497}
1498
1499static void hci_check_pending_name(struct hci_dev *hdev, struct hci_conn *conn,
04124681 1500 bdaddr_t *bdaddr, u8 *name, u8 name_len)
b644ba33
JH		 1501{
1502 struct discovery_state *discov = &hdev->discovery;
1503 struct inquiry_entry *e;
1504
1505 if (conn && !test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
04124681
GP		 1506 mgmt_device_connected(hdev, bdaddr, ACL_LINK, 0x00, 0, name,
1507 name_len, conn->dev_class);
b644ba33
JH		 1508
1509 if (discov->state == DISCOVERY_STOPPED)
1510 return;
1511
30dc78e1
JH		 1512 if (discov->state == DISCOVERY_STOPPING)
1513 goto discov_complete;
1514
1515 if (discov->state != DISCOVERY_RESOLVING)
1516 return;
1517
1518 e = hci_inquiry_cache_lookup_resolve(hdev, bdaddr, NAME_PENDING);
7cc8380e
RM		 1519 /* If the device was not found in a list of found devices names of which
1520 * are pending. there is no need to continue resolving a next name as it
1521 * will be done upon receiving another Remote Name Request Complete
1522 * Event */
1523 if (!e)
1524 return;
1525
1526 list_del(&e->list);
1527 if (name) {
30dc78e1 1528 e->name_state = NAME_KNOWN;
7cc8380e
RM		 1529 mgmt_remote_name(hdev, bdaddr, ACL_LINK, 0x00,
1530 e->data.rssi, name, name_len);
c3e7c0d9
RM		 1531 } else {
1532 e->name_state = NAME_NOT_KNOWN;
30dc78e1
JH		 1533 }
1534
b644ba33 1535 if (hci_resolve_next_name(hdev))
30dc78e1 1536 return;
30dc78e1
JH		 1537
1538discov_complete:
1539 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1540}
1541
a9de9248
MH		 1542static void hci_cs_remote_name_req(struct hci_dev *hdev, __u8 status)
1543{
127178d2
JH		 1544 struct hci_cp_remote_name_req *cp;
1545 struct hci_conn *conn;
1546
9f1db00c 1547 BT_DBG("%s status 0x%2.2x", hdev->name, status);
127178d2
JH		 1548
1549 /* If successful wait for the name req complete event before
1550 * checking for the need to do authentication */
1551 if (!status)
1552 return;
1553
1554 cp = hci_sent_cmd_data(hdev, HCI_OP_REMOTE_NAME_REQ);
1555 if (!cp)
1556 return;
1557
1558 hci_dev_lock(hdev);
1559
b644ba33
JH		 1560 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1561
a8b2d5c2 1562 if (test_bit(HCI_MGMT, &hdev->dev_flags))
b644ba33 1563 hci_check_pending_name(hdev, conn, &cp->bdaddr, NULL, 0);
30dc78e1 1564
79c6c70c
JH		 1565 if (!conn)
1566 goto unlock;
1567
1568 if (!hci_outgoing_auth_needed(hdev, conn))
1569 goto unlock;
1570
51a8efd7 1571 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
c1f23a2b
JB		 1572 struct hci_cp_auth_requested auth_cp;
1573
1574 auth_cp.handle = __cpu_to_le16(conn->handle);
1575 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED,
1576 sizeof(auth_cp), &auth_cp);
127178d2
JH		 1577 }
1578
79c6c70c 1579unlock:
127178d2 1580 hci_dev_unlock(hdev);
a9de9248 1581}
1da177e4 1582
769be974
MH		 1583static void hci_cs_read_remote_features(struct hci_dev *hdev, __u8 status)
1584{
1585 struct hci_cp_read_remote_features *cp;
1586 struct hci_conn *conn;
1587
9f1db00c 1588 BT_DBG("%s status 0x%2.2x", hdev->name, status);
769be974
MH		 1589
1590 if (!status)
1591 return;
1592
1593 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_FEATURES);
1594 if (!cp)
1595 return;
1596
1597 hci_dev_lock(hdev);
1598
1599 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1600 if (conn) {
1601 if (conn->state == BT_CONFIG) {
769be974 1602 hci_proto_connect_cfm(conn, status);
76a68ba0 1603 hci_conn_drop(conn);
769be974
MH		 1604 }
1605 }
1606
1607 hci_dev_unlock(hdev);
1608}
1609
1610static void hci_cs_read_remote_ext_features(struct hci_dev *hdev, __u8 status)
1611{
1612 struct hci_cp_read_remote_ext_features *cp;
1613 struct hci_conn *conn;
1614
9f1db00c 1615 BT_DBG("%s status 0x%2.2x", hdev->name, status);
769be974
MH		 1616
1617 if (!status)
1618 return;
1619
1620 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES);
1621 if (!cp)
1622 return;
1623
1624 hci_dev_lock(hdev);
1625
1626 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1627 if (conn) {
1628 if (conn->state == BT_CONFIG) {
769be974 1629 hci_proto_connect_cfm(conn, status);
76a68ba0 1630 hci_conn_drop(conn);
769be974
MH		 1631 }
1632 }
1633
1634 hci_dev_unlock(hdev);
1635}
1636
a9de9248
MH		 1637static void hci_cs_setup_sync_conn(struct hci_dev *hdev, __u8 status)
1638{
b6a0dc82
MH		 1639 struct hci_cp_setup_sync_conn *cp;
1640 struct hci_conn *acl, *sco;
1641 __u16 handle;
1642
9f1db00c 1643 BT_DBG("%s status 0x%2.2x", hdev->name, status);
b6a0dc82
MH		 1644
1645 if (!status)
1646 return;
1647
1648 cp = hci_sent_cmd_data(hdev, HCI_OP_SETUP_SYNC_CONN);
1649 if (!cp)
1650 return;
1651
1652 handle = __le16_to_cpu(cp->handle);
1653
9f1db00c 1654 BT_DBG("%s handle 0x%4.4x", hdev->name, handle);
b6a0dc82
MH		 1655
1656 hci_dev_lock(hdev);
1657
1658 acl = hci_conn_hash_lookup_handle(hdev, handle);
5a08ecce
AE		 1659 if (acl) {
1660 sco = acl->link;
1661 if (sco) {
1662 sco->state = BT_CLOSED;
b6a0dc82 1663
5a08ecce
AE		 1664 hci_proto_connect_cfm(sco, status);
1665 hci_conn_del(sco);
1666 }
b6a0dc82
MH		 1667 }
1668
1669 hci_dev_unlock(hdev);
1da177e4
LT		 1670}
1671
a9de9248 1672static void hci_cs_sniff_mode(struct hci_dev *hdev, __u8 status)
1da177e4 1673{
a9de9248
MH		 1674 struct hci_cp_sniff_mode *cp;
1675 struct hci_conn *conn;
1da177e4 1676
9f1db00c 1677 BT_DBG("%s status 0x%2.2x", hdev->name, status);
04837f64 1678
a9de9248
MH		 1679 if (!status)
1680 return;
04837f64 1681
a9de9248
MH		 1682 cp = hci_sent_cmd_data(hdev, HCI_OP_SNIFF_MODE);
1683 if (!cp)
1684 return;
04837f64 1685
a9de9248 1686 hci_dev_lock(hdev);
04837f64 1687
a9de9248 1688 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
e73439d8 1689 if (conn) {
51a8efd7 1690 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags);
04837f64 1691
51a8efd7 1692 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
e73439d8
MH		 1693 hci_sco_setup(conn, status);
1694 }
1695
a9de9248
MH		 1696 hci_dev_unlock(hdev);
1697}
04837f64 1698
a9de9248
MH		 1699static void hci_cs_exit_sniff_mode(struct hci_dev *hdev, __u8 status)
1700{
1701 struct hci_cp_exit_sniff_mode *cp;
1702 struct hci_conn *conn;
04837f64 1703
9f1db00c 1704 BT_DBG("%s status 0x%2.2x", hdev->name, status);
04837f64 1705
a9de9248
MH		 1706 if (!status)
1707 return;
04837f64 1708
a9de9248
MH		 1709 cp = hci_sent_cmd_data(hdev, HCI_OP_EXIT_SNIFF_MODE);
1710 if (!cp)
1711 return;
04837f64 1712
a9de9248 1713 hci_dev_lock(hdev);
1da177e4 1714
a9de9248 1715 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
e73439d8 1716 if (conn) {
51a8efd7 1717 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags);
1da177e4 1718
51a8efd7 1719 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
e73439d8
MH		 1720 hci_sco_setup(conn, status);
1721 }
1722
a9de9248 1723 hci_dev_unlock(hdev);
1da177e4
LT		 1724}
1725
88c3df13
JH		 1726static void hci_cs_disconnect(struct hci_dev *hdev, u8 status)
1727{
1728 struct hci_cp_disconnect *cp;
1729 struct hci_conn *conn;
1730
1731 if (!status)
1732 return;
1733
1734 cp = hci_sent_cmd_data(hdev, HCI_OP_DISCONNECT);
1735 if (!cp)
1736 return;
1737
1738 hci_dev_lock(hdev);
1739
1740 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1741 if (conn)
1742 mgmt_disconnect_failed(hdev, &conn->dst, conn->type,
04124681 1743 conn->dst_type, status);
88c3df13
JH		 1744
1745 hci_dev_unlock(hdev);
1746}
1747
a02226d6
AE		 1748static void hci_cs_create_phylink(struct hci_dev *hdev, u8 status)
1749{
93c284ee
AE		 1750 struct hci_cp_create_phy_link *cp;
1751
a02226d6 1752 BT_DBG("%s status 0x%2.2x", hdev->name, status);
93c284ee 1753
93c284ee
AE		 1754 cp = hci_sent_cmd_data(hdev, HCI_OP_CREATE_PHY_LINK);
1755 if (!cp)
1756 return;
1757
e58917b9
AE		 1758 hci_dev_lock(hdev);
1759
1760 if (status) {
1761 struct hci_conn *hcon;
1762
1763 hcon = hci_conn_hash_lookup_handle(hdev, cp->phy_handle);
1764 if (hcon)
1765 hci_conn_del(hcon);
1766 } else {
1767 amp_write_remote_assoc(hdev, cp->phy_handle);
1768 }
1769
1770 hci_dev_unlock(hdev);
a02226d6
AE		 1771}
1772
0b26ab9d
AE		 1773static void hci_cs_accept_phylink(struct hci_dev *hdev, u8 status)
1774{
1775 struct hci_cp_accept_phy_link *cp;
1776
1777 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1778
1779 if (status)
1780 return;
1781
1782 cp = hci_sent_cmd_data(hdev, HCI_OP_ACCEPT_PHY_LINK);
1783 if (!cp)
1784 return;
1785
1786 amp_write_remote_assoc(hdev, cp->phy_handle);
1787}
1788
cb1d68f7
JH		 1789static void hci_cs_le_create_conn(struct hci_dev *hdev, u8 status)
1790{
1791 struct hci_cp_le_create_conn *cp;
1792 struct hci_conn *conn;
1793
1794 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1795
1796 /* All connection failure handling is taken care of by the
1797 * hci_le_conn_failed function which is triggered by the HCI
1798 * request completion callbacks used for connecting.
1799 */
1800 if (status)
1801 return;
1802
1803 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_CREATE_CONN);
1804 if (!cp)
1805 return;
1806
1807 hci_dev_lock(hdev);
1808
1809 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->peer_addr);
1810 if (!conn)
1811 goto unlock;
1812
1813 /* Store the initiator and responder address information which
1814 * is needed for SMP. These values will not change during the
1815 * lifetime of the connection.
1816 */
1817 conn->init_addr_type = cp->own_address_type;
1818 if (cp->own_address_type == ADDR_LE_DEV_RANDOM)
1819 bacpy(&conn->init_addr, &hdev->random_addr);
1820 else
1821 bacpy(&conn->init_addr, &hdev->bdaddr);
1822
1823 conn->resp_addr_type = cp->peer_addr_type;
1824 bacpy(&conn->resp_addr, &cp->peer_addr);
1825
9489eca4
JH		 1826 /* We don't want the connection attempt to stick around
1827 * indefinitely since LE doesn't have a page timeout concept
1828 * like BR/EDR. Set a timer for any connection that doesn't use
1829 * the white list for connecting.
1830 */
1831 if (cp->filter_policy == HCI_LE_USE_PEER_ADDR)
1832 queue_delayed_work(conn->hdev->workqueue,
1833 &conn->le_conn_timeout,
1834 HCI_LE_CONN_TIMEOUT);
1835
cb1d68f7
JH		 1836unlock:
1837 hci_dev_unlock(hdev);
1838}
1839
81d0c8ad
JH		 1840static void hci_cs_le_start_enc(struct hci_dev *hdev, u8 status)
1841{
1842 struct hci_cp_le_start_enc *cp;
1843 struct hci_conn *conn;
1844
1845 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1846
1847 if (!status)
1848 return;
1849
1850 hci_dev_lock(hdev);
1851
1852 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_START_ENC);
1853 if (!cp)
1854 goto unlock;
1855
1856 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1857 if (!conn)
1858 goto unlock;
1859
1860 if (conn->state != BT_CONNECTED)
1861 goto unlock;
1862
1863 hci_disconnect(conn, HCI_ERROR_AUTH_FAILURE);
1864 hci_conn_drop(conn);
1865
1866unlock:
1867 hci_dev_unlock(hdev);
1868}
1869
6039aa73 1870static void hci_inquiry_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4
LT		 1871{
1872 __u8 status = *((__u8 *) skb->data);
30dc78e1
JH		 1873 struct discovery_state *discov = &hdev->discovery;
1874 struct inquiry_entry *e;
1da177e4 1875
9f1db00c 1876 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1da177e4 1877
a9de9248 1878 hci_conn_check_pending(hdev);
89352e7d
AG		 1879
1880 if (!test_and_clear_bit(HCI_INQUIRY, &hdev->flags))
1881 return;
1882
4e857c58 1883 smp_mb__after_atomic(); /* wake_up_bit advises about this barrier */
3e13fa1e
AG		 1884 wake_up_bit(&hdev->flags, HCI_INQUIRY);
1885
a8b2d5c2 1886 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
30dc78e1
JH		 1887 return;
1888
56e5cb86 1889 hci_dev_lock(hdev);
30dc78e1 1890
343f935b 1891 if (discov->state != DISCOVERY_FINDING)
30dc78e1
JH		 1892 goto unlock;
1893
1894 if (list_empty(&discov->resolve)) {
1895 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1896 goto unlock;
1897 }
1898
1899 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_NEEDED);
1900 if (e && hci_resolve_name(hdev, e) == 0) {
1901 e->name_state = NAME_PENDING;
1902 hci_discovery_set_state(hdev, DISCOVERY_RESOLVING);
1903 } else {
1904 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1905 }
1906
1907unlock:
56e5cb86 1908 hci_dev_unlock(hdev);
1da177e4
LT		 1909}
1910
6039aa73 1911static void hci_inquiry_result_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 1912{
45bb4bf0 1913 struct inquiry_data data;
a9de9248 1914 struct inquiry_info *info = (void *) (skb->data + 1);
1da177e4
LT		 1915 int num_rsp = *((__u8 *) skb->data);
1916
1917 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
1918
45bb4bf0
MH		 1919 if (!num_rsp)
1920 return;
1921
1519cc17
AG		 1922 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags))
1923 return;
1924
1da177e4 1925 hci_dev_lock(hdev);
45bb4bf0 1926
e17acd40 1927 for (; num_rsp; num_rsp--, info++) {
388fc8fa 1928 bool name_known, ssp;
3175405b 1929
1da177e4
LT		 1930 bacpy(&data.bdaddr, &info->bdaddr);
1931 data.pscan_rep_mode = info->pscan_rep_mode;
1932 data.pscan_period_mode = info->pscan_period_mode;
1933 data.pscan_mode = info->pscan_mode;
1934 memcpy(data.dev_class, info->dev_class, 3);
1935 data.clock_offset = info->clock_offset;
1936 data.rssi = 0x00;
41a96212 1937 data.ssp_mode = 0x00;
3175405b 1938
388fc8fa 1939 name_known = hci_inquiry_cache_update(hdev, &data, false, &ssp);
48264f06 1940 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
04124681 1941 info->dev_class, 0, !name_known, ssp, NULL,
5d2e9fad 1942 0, NULL, 0);
1da177e4 1943 }
45bb4bf0 1944
1da177e4
LT		 1945 hci_dev_unlock(hdev);
1946}
1947
6039aa73 1948static void hci_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 1949{
a9de9248
MH		 1950 struct hci_ev_conn_complete *ev = (void *) skb->data;
1951 struct hci_conn *conn;
1da177e4
LT		 1952
1953 BT_DBG("%s", hdev->name);
1954
1955 hci_dev_lock(hdev);
1956
1957 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
9499237a
MH		 1958 if (!conn) {
1959 if (ev->link_type != SCO_LINK)
1960 goto unlock;
1961
1962 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
1963 if (!conn)
1964 goto unlock;
1965
1966 conn->type = SCO_LINK;
1967 }
1da177e4
LT		 1968
1969 if (!ev->status) {
1970 conn->handle = __le16_to_cpu(ev->handle);
769be974
MH		 1971
1972 if (conn->type == ACL_LINK) {
1973 conn->state = BT_CONFIG;
1974 hci_conn_hold(conn);
a9ea3ed9
SJ		 1975
1976 if (!conn->out && !hci_conn_ssp_enabled(conn) &&
1977 !hci_find_link_key(hdev, &ev->bdaddr))
1978 conn->disc_timeout = HCI_PAIRING_TIMEOUT;
1979 else
1980 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
769be974
MH		 1981 } else
1982 conn->state = BT_CONNECTED;
1da177e4 1983
7d0db0a3
MH		 1984 hci_conn_add_sysfs(conn);
1985
1da177e4
LT		 1986 if (test_bit(HCI_AUTH, &hdev->flags))
1987 conn->link_mode |= HCI_LM_AUTH;
1988
1989 if (test_bit(HCI_ENCRYPT, &hdev->flags))
1990 conn->link_mode |= HCI_LM_ENCRYPT;
1991
04837f64
MH		 1992 /* Get remote features */
1993 if (conn->type == ACL_LINK) {
1994 struct hci_cp_read_remote_features cp;
1995 cp.handle = ev->handle;
769be974 1996 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_FEATURES,
04124681 1997 sizeof(cp), &cp);
04837f64
MH		 1998 }
1999
1da177e4 2000 /* Set packet type for incoming connection */
d095c1eb 2001 if (!conn->out && hdev->hci_ver < BLUETOOTH_VER_2_0) {
1da177e4
LT		 2002 struct hci_cp_change_conn_ptype cp;
2003 cp.handle = ev->handle;
a8746417 2004 cp.pkt_type = cpu_to_le16(conn->pkt_type);
04124681
GP		 2005 hci_send_cmd(hdev, HCI_OP_CHANGE_CONN_PTYPE, sizeof(cp),
2006 &cp);
1da177e4 2007 }
17d5c04c 2008 } else {
1da177e4 2009 conn->state = BT_CLOSED;
17d5c04c 2010 if (conn->type == ACL_LINK)
64c7b77c 2011 mgmt_connect_failed(hdev, &conn->dst, conn->type,
04124681 2012 conn->dst_type, ev->status);
17d5c04c 2013 }
1da177e4 2014
e73439d8
MH		 2015 if (conn->type == ACL_LINK)
2016 hci_sco_setup(conn, ev->status);
1da177e4 2017
769be974
MH		 2018 if (ev->status) {
2019 hci_proto_connect_cfm(conn, ev->status);
1da177e4 2020 hci_conn_del(conn);
c89b6e6b
MH		 2021 } else if (ev->link_type != ACL_LINK)
2022 hci_proto_connect_cfm(conn, ev->status);
1da177e4 2023
a9de9248 2024unlock:
1da177e4 2025 hci_dev_unlock(hdev);
1da177e4 2026
a9de9248 2027 hci_conn_check_pending(hdev);
1da177e4
LT		 2028}
2029
6039aa73 2030static void hci_conn_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 2031{
a9de9248
MH		 2032 struct hci_ev_conn_request *ev = (void *) skb->data;
2033 int mask = hdev->link_mode;
20714bfe 2034 __u8 flags = 0;
1da177e4 2035
6ed93dc6 2036 BT_DBG("%s bdaddr %pMR type 0x%x", hdev->name, &ev->bdaddr,
807deac2 2037 ev->link_type);
1da177e4 2038
20714bfe
FD		 2039 mask |= hci_proto_connect_ind(hdev, &ev->bdaddr, ev->link_type,
2040 &flags);
1da177e4 2041
138d22ef 2042 if ((mask & HCI_LM_ACCEPT) &&
b9ee0a78 2043 !hci_blacklist_lookup(hdev, &ev->bdaddr, BDADDR_BREDR)) {
a9de9248 2044 /* Connection accepted */
c7bdd502 2045 struct inquiry_entry *ie;
1da177e4 2046 struct hci_conn *conn;
1da177e4 2047
a9de9248 2048 hci_dev_lock(hdev);
b6a0dc82 2049
cc11b9c1
AE		 2050 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
2051 if (ie)
c7bdd502
MH		 2052 memcpy(ie->data.dev_class, ev->dev_class, 3);
2053
8fc9ced3
GP		 2054 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type,
2055 &ev->bdaddr);
a9de9248 2056 if (!conn) {
cc11b9c1
AE		 2057 conn = hci_conn_add(hdev, ev->link_type, &ev->bdaddr);
2058 if (!conn) {
893ef971 2059 BT_ERR("No memory for new connection");
a9de9248
MH		 2060 hci_dev_unlock(hdev);
2061 return;
1da177e4
LT		 2062 }
2063 }
b6a0dc82 2064
a9de9248 2065 memcpy(conn->dev_class, ev->dev_class, 3);
b6a0dc82 2066
a9de9248 2067 hci_dev_unlock(hdev);
1da177e4 2068
20714bfe
FD		 2069 if (ev->link_type == ACL_LINK ||
2070 (!(flags & HCI_PROTO_DEFER) && !lmp_esco_capable(hdev))) {
b6a0dc82 2071 struct hci_cp_accept_conn_req cp;
20714bfe 2072 conn->state = BT_CONNECT;
1da177e4 2073
b6a0dc82
MH		 2074 bacpy(&cp.bdaddr, &ev->bdaddr);
2075
2076 if (lmp_rswitch_capable(hdev) && (mask & HCI_LM_MASTER))
2077 cp.role = 0x00; /* Become master */
2078 else
2079 cp.role = 0x01; /* Remain slave */
2080
04124681
GP		 2081 hci_send_cmd(hdev, HCI_OP_ACCEPT_CONN_REQ, sizeof(cp),
2082 &cp);
20714bfe 2083 } else if (!(flags & HCI_PROTO_DEFER)) {
b6a0dc82 2084 struct hci_cp_accept_sync_conn_req cp;
20714bfe 2085 conn->state = BT_CONNECT;
b6a0dc82
MH		 2086
2087 bacpy(&cp.bdaddr, &ev->bdaddr);
a8746417 2088 cp.pkt_type = cpu_to_le16(conn->pkt_type);
b6a0dc82 2089
dcf4adbf
JP		 2090 cp.tx_bandwidth = cpu_to_le32(0x00001f40);
2091 cp.rx_bandwidth = cpu_to_le32(0x00001f40);
2092 cp.max_latency = cpu_to_le16(0xffff);
b6a0dc82
MH		 2093 cp.content_format = cpu_to_le16(hdev->voice_setting);
2094 cp.retrans_effort = 0xff;
1da177e4 2095
b6a0dc82 2096 hci_send_cmd(hdev, HCI_OP_ACCEPT_SYNC_CONN_REQ,
04124681 2097 sizeof(cp), &cp);
20714bfe
FD		 2098 } else {
2099 conn->state = BT_CONNECT2;
2100 hci_proto_connect_cfm(conn, 0);
b6a0dc82 2101 }
a9de9248
MH		 2102 } else {
2103 /* Connection rejected */
2104 struct hci_cp_reject_conn_req cp;
1da177e4 2105
a9de9248 2106 bacpy(&cp.bdaddr, &ev->bdaddr);
9f5a0d7b 2107 cp.reason = HCI_ERROR_REJ_BAD_ADDR;
a9de9248 2108 hci_send_cmd(hdev, HCI_OP_REJECT_CONN_REQ, sizeof(cp), &cp);
1da177e4 2109 }
1da177e4
LT		 2110}
2111
f0d6a0ea
MA		 2112static u8 hci_to_mgmt_reason(u8 err)
2113{
2114 switch (err) {
2115 case HCI_ERROR_CONNECTION_TIMEOUT:
2116 return MGMT_DEV_DISCONN_TIMEOUT;
2117 case HCI_ERROR_REMOTE_USER_TERM:
2118 case HCI_ERROR_REMOTE_LOW_RESOURCES:
2119 case HCI_ERROR_REMOTE_POWER_OFF:
2120 return MGMT_DEV_DISCONN_REMOTE;
2121 case HCI_ERROR_LOCAL_HOST_TERM:
2122 return MGMT_DEV_DISCONN_LOCAL_HOST;
2123 default:
2124 return MGMT_DEV_DISCONN_UNKNOWN;
2125 }
2126}
2127
6039aa73 2128static void hci_disconn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
04837f64 2129{
a9de9248 2130 struct hci_ev_disconn_complete *ev = (void *) skb->data;
abf54a50 2131 u8 reason = hci_to_mgmt_reason(ev->reason);
9fcb18ef 2132 struct hci_conn_params *params;
04837f64 2133 struct hci_conn *conn;
12d4a3b2 2134 bool mgmt_connected;
3846220b 2135 u8 type;
04837f64 2136
9f1db00c 2137 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
04837f64
MH		 2138
2139 hci_dev_lock(hdev);
2140
2141 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
f7520543
JH		 2142 if (!conn)
2143 goto unlock;
7d0db0a3 2144
abf54a50
AG		 2145 if (ev->status) {
2146 mgmt_disconnect_failed(hdev, &conn->dst, conn->type,
2147 conn->dst_type, ev->status);
2148 goto unlock;
37d9ef76 2149 }
f7520543 2150
3846220b
AG		 2151 conn->state = BT_CLOSED;
2152
12d4a3b2
JH		 2153 mgmt_connected = test_and_clear_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags);
2154 mgmt_device_disconnected(hdev, &conn->dst, conn->type, conn->dst_type,
2155 reason, mgmt_connected);
abf54a50 2156
3846220b
AG		 2157 if (conn->type == ACL_LINK && conn->flush_key)
2158 hci_remove_link_key(hdev, &conn->dst);
2210246c 2159
9fcb18ef
AG		 2160 params = hci_conn_params_lookup(hdev, &conn->dst, conn->dst_type);
2161 if (params) {
2162 switch (params->auto_connect) {
2163 case HCI_AUTO_CONN_LINK_LOSS:
2164 if (ev->reason != HCI_ERROR_CONNECTION_TIMEOUT)
2165 break;
2166 /* Fall through */
2167
2168 case HCI_AUTO_CONN_ALWAYS:
2169 hci_pend_le_conn_add(hdev, &conn->dst, conn->dst_type);
2170 break;
2171
2172 default:
2173 break;
2174 }
2175 }
2176
3846220b 2177 type = conn->type;
2210246c 2178
3846220b
AG		 2179 hci_proto_disconn_cfm(conn, ev->reason);
2180 hci_conn_del(conn);
2181
2182 /* Re-enable advertising if necessary, since it might
2183 * have been disabled by the connection. From the
2184 * HCI_LE_Set_Advertise_Enable command description in
2185 * the core specification (v4.0):
2186 * "The Controller shall continue advertising until the Host
2187 * issues an LE_Set_Advertise_Enable command with
2188 * Advertising_Enable set to 0x00 (Advertising is disabled)
2189 * or until a connection is created or until the Advertising
2190 * is timed out due to Directed Advertising."
2191 */
2192 if (type == LE_LINK)
2193 mgmt_reenable_advertising(hdev);
f7520543
JH		 2194
2195unlock:
04837f64
MH		 2196 hci_dev_unlock(hdev);
2197}
2198
6039aa73 2199static void hci_auth_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 2200{
a9de9248 2201 struct hci_ev_auth_complete *ev = (void *) skb->data;
04837f64 2202 struct hci_conn *conn;
1da177e4 2203
9f1db00c 2204 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
1da177e4
LT		 2205
2206 hci_dev_lock(hdev);
2207
04837f64 2208 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
d7556e20
WR		 2209 if (!conn)
2210 goto unlock;
2211
2212 if (!ev->status) {
aa64a8b5 2213 if (!hci_conn_ssp_enabled(conn) &&
807deac2 2214 test_bit(HCI_CONN_REAUTH_PEND, &conn->flags)) {
d7556e20 2215 BT_INFO("re-auth of legacy device is not possible.");
2a611692 2216 } else {
d7556e20
WR		 2217 conn->link_mode |= HCI_LM_AUTH;
2218 conn->sec_level = conn->pending_sec_level;
2a611692 2219 }
d7556e20 2220 } else {
bab73cb6 2221 mgmt_auth_failed(hdev, &conn->dst, conn->type, conn->dst_type,
04124681 2222 ev->status);
d7556e20 2223 }
1da177e4 2224
51a8efd7
JH		 2225 clear_bit(HCI_CONN_AUTH_PEND, &conn->flags);
2226 clear_bit(HCI_CONN_REAUTH_PEND, &conn->flags);
1da177e4 2227
d7556e20 2228 if (conn->state == BT_CONFIG) {
aa64a8b5 2229 if (!ev->status && hci_conn_ssp_enabled(conn)) {
d7556e20
WR		 2230 struct hci_cp_set_conn_encrypt cp;
2231 cp.handle = ev->handle;
2232 cp.encrypt = 0x01;
2233 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
807deac2 2234 &cp);
052b30b0 2235 } else {
d7556e20
WR		 2236 conn->state = BT_CONNECTED;
2237 hci_proto_connect_cfm(conn, ev->status);
76a68ba0 2238 hci_conn_drop(conn);
052b30b0 2239 }
d7556e20
WR		 2240 } else {
2241 hci_auth_cfm(conn, ev->status);
052b30b0 2242
d7556e20
WR		 2243 hci_conn_hold(conn);
2244 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
76a68ba0 2245 hci_conn_drop(conn);
d7556e20
WR		 2246 }
2247
51a8efd7 2248 if (test_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags)) {
d7556e20
WR		 2249 if (!ev->status) {
2250 struct hci_cp_set_conn_encrypt cp;
2251 cp.handle = ev->handle;
2252 cp.encrypt = 0x01;
2253 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
807deac2 2254 &cp);
d7556e20 2255 } else {
51a8efd7 2256 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
d7556e20 2257 hci_encrypt_cfm(conn, ev->status, 0x00);
1da177e4
LT		 2258 }
2259 }
2260
d7556e20 2261unlock:
1da177e4
LT		 2262 hci_dev_unlock(hdev);
2263}
2264
6039aa73 2265static void hci_remote_name_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 2266{
127178d2
JH		 2267 struct hci_ev_remote_name *ev = (void *) skb->data;
2268 struct hci_conn *conn;
2269
a9de9248 2270 BT_DBG("%s", hdev->name);
1da177e4 2271
a9de9248 2272 hci_conn_check_pending(hdev);
127178d2
JH		 2273
2274 hci_dev_lock(hdev);
2275
b644ba33 2276 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
30dc78e1 2277
b644ba33
JH		 2278 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
2279 goto check_auth;
a88a9652 2280
b644ba33
JH		 2281 if (ev->status == 0)
2282 hci_check_pending_name(hdev, conn, &ev->bdaddr, ev->name,
04124681 2283 strnlen(ev->name, HCI_MAX_NAME_LENGTH));
b644ba33
JH		 2284 else
2285 hci_check_pending_name(hdev, conn, &ev->bdaddr, NULL, 0);
2286
2287check_auth:
79c6c70c
JH		 2288 if (!conn)
2289 goto unlock;
2290
2291 if (!hci_outgoing_auth_needed(hdev, conn))
2292 goto unlock;
2293
51a8efd7 2294 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
127178d2
JH		 2295 struct hci_cp_auth_requested cp;
2296 cp.handle = __cpu_to_le16(conn->handle);
2297 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp);
2298 }
2299
79c6c70c 2300unlock:
127178d2 2301 hci_dev_unlock(hdev);
a9de9248
MH		 2302}
2303
6039aa73 2304static void hci_encrypt_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248
MH		 2305{
2306 struct hci_ev_encrypt_change *ev = (void *) skb->data;
2307 struct hci_conn *conn;
2308
9f1db00c 2309 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
1da177e4
LT		 2310
2311 hci_dev_lock(hdev);
2312
04837f64 2313 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
dc8357cc
MH		 2314 if (!conn)
2315 goto unlock;
1da177e4 2316
dc8357cc
MH		 2317 if (!ev->status) {
2318 if (ev->encrypt) {
2319 /* Encryption implies authentication */
2320 conn->link_mode |= HCI_LM_AUTH;
2321 conn->link_mode |= HCI_LM_ENCRYPT;
2322 conn->sec_level = conn->pending_sec_level;
abf76bad 2323
914a6ffe
MH		 2324 /* P-256 authentication key implies FIPS */
2325 if (conn->key_type == HCI_LK_AUTH_COMBINATION_P256)
2326 conn->link_mode |= HCI_LM_FIPS;
2327
abf76bad
MH		 2328 if ((conn->type == ACL_LINK && ev->encrypt == 0x02) ||
2329 conn->type == LE_LINK)
2330 set_bit(HCI_CONN_AES_CCM, &conn->flags);
2331 } else {
dc8357cc 2332 conn->link_mode &= ~HCI_LM_ENCRYPT;
abf76bad
MH		 2333 clear_bit(HCI_CONN_AES_CCM, &conn->flags);
2334 }
dc8357cc 2335 }
a7d7723a 2336
dc8357cc 2337 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
f8558555 2338
dc8357cc
MH		 2339 if (ev->status && conn->state == BT_CONNECTED) {
2340 hci_disconnect(conn, HCI_ERROR_AUTH_FAILURE);
2341 hci_conn_drop(conn);
2342 goto unlock;
1da177e4
LT		 2343 }
2344
dc8357cc
MH		 2345 if (conn->state == BT_CONFIG) {
2346 if (!ev->status)
2347 conn->state = BT_CONNECTED;
2348
40b552aa
MH		 2349 /* In Secure Connections Only mode, do not allow any
2350 * connections that are not encrypted with AES-CCM
2351 * using a P-256 authenticated combination key.
2352 */
2353 if (test_bit(HCI_SC_ONLY, &hdev->dev_flags) &&
2354 (!test_bit(HCI_CONN_AES_CCM, &conn->flags) ||
2355 conn->key_type != HCI_LK_AUTH_COMBINATION_P256)) {
2356 hci_proto_connect_cfm(conn, HCI_ERROR_AUTH_FAILURE);
2357 hci_conn_drop(conn);
2358 goto unlock;
2359 }
2360
dc8357cc
MH		 2361 hci_proto_connect_cfm(conn, ev->status);
2362 hci_conn_drop(conn);
2363 } else
2364 hci_encrypt_cfm(conn, ev->status, ev->encrypt);
2365
a7d7723a 2366unlock:
1da177e4
LT		 2367 hci_dev_unlock(hdev);
2368}
2369
6039aa73
GP		 2370static void hci_change_link_key_complete_evt(struct hci_dev *hdev,
2371 struct sk_buff *skb)
1da177e4 2372{
a9de9248 2373 struct hci_ev_change_link_key_complete *ev = (void *) skb->data;
04837f64 2374 struct hci_conn *conn;
1da177e4 2375
9f1db00c 2376 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
1da177e4
LT		 2377
2378 hci_dev_lock(hdev);
2379
04837f64 2380 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1da177e4
LT		 2381 if (conn) {
2382 if (!ev->status)
2383 conn->link_mode |= HCI_LM_SECURE;
2384
51a8efd7 2385 clear_bit(HCI_CONN_AUTH_PEND, &conn->flags);
1da177e4
LT		 2386
2387 hci_key_change_cfm(conn, ev->status);
2388 }
2389
2390 hci_dev_unlock(hdev);
2391}
2392
6039aa73
GP		 2393static void hci_remote_features_evt(struct hci_dev *hdev,
2394 struct sk_buff *skb)
1da177e4 2395{
a9de9248
MH		 2396 struct hci_ev_remote_features *ev = (void *) skb->data;
2397 struct hci_conn *conn;
2398
9f1db00c 2399 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
a9de9248 2400
a9de9248
MH		 2401 hci_dev_lock(hdev);
2402
2403 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
ccd556fe
JH		 2404 if (!conn)
2405 goto unlock;
769be974 2406
ccd556fe 2407 if (!ev->status)
cad718ed 2408 memcpy(conn->features[0], ev->features, 8);
ccd556fe
JH		 2409
2410 if (conn->state != BT_CONFIG)
2411 goto unlock;
2412
2413 if (!ev->status && lmp_ssp_capable(hdev) && lmp_ssp_capable(conn)) {
2414 struct hci_cp_read_remote_ext_features cp;
2415 cp.handle = ev->handle;
2416 cp.page = 0x01;
2417 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES,
807deac2 2418 sizeof(cp), &cp);
392599b9
JH		 2419 goto unlock;
2420 }
2421
671267bf 2422 if (!ev->status && !test_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags)) {
127178d2
JH		 2423 struct hci_cp_remote_name_req cp;
2424 memset(&cp, 0, sizeof(cp));
2425 bacpy(&cp.bdaddr, &conn->dst);
2426 cp.pscan_rep_mode = 0x02;
2427 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
b644ba33
JH		 2428 } else if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
2429 mgmt_device_connected(hdev, &conn->dst, conn->type,
04124681
GP		 2430 conn->dst_type, 0, NULL, 0,
2431 conn->dev_class);
392599b9 2432
127178d2 2433 if (!hci_outgoing_auth_needed(hdev, conn)) {
ccd556fe
JH		 2434 conn->state = BT_CONNECTED;
2435 hci_proto_connect_cfm(conn, ev->status);
76a68ba0 2436 hci_conn_drop(conn);
769be974 2437 }
a9de9248 2438
ccd556fe 2439unlock:
a9de9248 2440 hci_dev_unlock(hdev);
1da177e4
LT		 2441}
2442
6039aa73 2443static void hci_cmd_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248
MH		 2444{
2445 struct hci_ev_cmd_complete *ev = (void *) skb->data;
9238f36a 2446 u8 status = skb->data[sizeof(*ev)];
a9de9248
MH		 2447 __u16 opcode;
2448
2449 skb_pull(skb, sizeof(*ev));
2450
2451 opcode = __le16_to_cpu(ev->opcode);
2452
2453 switch (opcode) {
2454 case HCI_OP_INQUIRY_CANCEL:
2455 hci_cc_inquiry_cancel(hdev, skb);
2456 break;
2457
4d93483b
AG		 2458 case HCI_OP_PERIODIC_INQ:
2459 hci_cc_periodic_inq(hdev, skb);
2460 break;
2461
a9de9248
MH		 2462 case HCI_OP_EXIT_PERIODIC_INQ:
2463 hci_cc_exit_periodic_inq(hdev, skb);
2464 break;
2465
2466 case HCI_OP_REMOTE_NAME_REQ_CANCEL:
2467 hci_cc_remote_name_req_cancel(hdev, skb);
2468 break;
2469
2470 case HCI_OP_ROLE_DISCOVERY:
2471 hci_cc_role_discovery(hdev, skb);
2472 break;
2473
e4e8e37c
MH		 2474 case HCI_OP_READ_LINK_POLICY:
2475 hci_cc_read_link_policy(hdev, skb);
2476 break;
2477
a9de9248
MH		 2478 case HCI_OP_WRITE_LINK_POLICY:
2479 hci_cc_write_link_policy(hdev, skb);
2480 break;
2481
e4e8e37c
MH		 2482 case HCI_OP_READ_DEF_LINK_POLICY:
2483 hci_cc_read_def_link_policy(hdev, skb);
2484 break;
2485
2486 case HCI_OP_WRITE_DEF_LINK_POLICY:
2487 hci_cc_write_def_link_policy(hdev, skb);
2488 break;
2489
a9de9248
MH		 2490 case HCI_OP_RESET:
2491 hci_cc_reset(hdev, skb);
2492 break;
2493
2494 case HCI_OP_WRITE_LOCAL_NAME:
2495 hci_cc_write_local_name(hdev, skb);
2496 break;
2497
2498 case HCI_OP_READ_LOCAL_NAME:
2499 hci_cc_read_local_name(hdev, skb);
2500 break;
2501
2502 case HCI_OP_WRITE_AUTH_ENABLE:
2503 hci_cc_write_auth_enable(hdev, skb);
2504 break;
2505
2506 case HCI_OP_WRITE_ENCRYPT_MODE:
2507 hci_cc_write_encrypt_mode(hdev, skb);
2508 break;
2509
2510 case HCI_OP_WRITE_SCAN_ENABLE:
2511 hci_cc_write_scan_enable(hdev, skb);
2512 break;
2513
2514 case HCI_OP_READ_CLASS_OF_DEV:
2515 hci_cc_read_class_of_dev(hdev, skb);
2516 break;
2517
2518 case HCI_OP_WRITE_CLASS_OF_DEV:
2519 hci_cc_write_class_of_dev(hdev, skb);
2520 break;
2521
2522 case HCI_OP_READ_VOICE_SETTING:
2523 hci_cc_read_voice_setting(hdev, skb);
2524 break;
2525
2526 case HCI_OP_WRITE_VOICE_SETTING:
2527 hci_cc_write_voice_setting(hdev, skb);
2528 break;
2529
b4cb9fb2
MH		 2530 case HCI_OP_READ_NUM_SUPPORTED_IAC:
2531 hci_cc_read_num_supported_iac(hdev, skb);
2532 break;
2533
333140b5
MH		 2534 case HCI_OP_WRITE_SSP_MODE:
2535 hci_cc_write_ssp_mode(hdev, skb);
2536 break;
2537
eac83dc6
MH		 2538 case HCI_OP_WRITE_SC_SUPPORT:
2539 hci_cc_write_sc_support(hdev, skb);
2540 break;
2541
a9de9248
MH		 2542 case HCI_OP_READ_LOCAL_VERSION:
2543 hci_cc_read_local_version(hdev, skb);
2544 break;
2545
2546 case HCI_OP_READ_LOCAL_COMMANDS:
2547 hci_cc_read_local_commands(hdev, skb);
2548 break;
2549
2550 case HCI_OP_READ_LOCAL_FEATURES:
2551 hci_cc_read_local_features(hdev, skb);
2552 break;
2553
971e3a4b
AG		 2554 case HCI_OP_READ_LOCAL_EXT_FEATURES:
2555 hci_cc_read_local_ext_features(hdev, skb);
2556 break;
2557
a9de9248
MH		 2558 case HCI_OP_READ_BUFFER_SIZE:
2559 hci_cc_read_buffer_size(hdev, skb);
2560 break;
2561
2562 case HCI_OP_READ_BD_ADDR:
2563 hci_cc_read_bd_addr(hdev, skb);
2564 break;
2565
f332ec66
JH		 2566 case HCI_OP_READ_PAGE_SCAN_ACTIVITY:
2567 hci_cc_read_page_scan_activity(hdev, skb);
2568 break;
2569
4a3ee763
JH		 2570 case HCI_OP_WRITE_PAGE_SCAN_ACTIVITY:
2571 hci_cc_write_page_scan_activity(hdev, skb);
2572 break;
2573
f332ec66
JH		 2574 case HCI_OP_READ_PAGE_SCAN_TYPE:
2575 hci_cc_read_page_scan_type(hdev, skb);
2576 break;
2577
4a3ee763
JH		 2578 case HCI_OP_WRITE_PAGE_SCAN_TYPE:
2579 hci_cc_write_page_scan_type(hdev, skb);
2580 break;
2581
350ee4cf
AE		 2582 case HCI_OP_READ_DATA_BLOCK_SIZE:
2583 hci_cc_read_data_block_size(hdev, skb);
2584 break;
2585
1e89cffb
AE		 2586 case HCI_OP_READ_FLOW_CONTROL_MODE:
2587 hci_cc_read_flow_control_mode(hdev, skb);
2588 break;
2589
928abaa7
AE		 2590 case HCI_OP_READ_LOCAL_AMP_INFO:
2591 hci_cc_read_local_amp_info(hdev, skb);
2592 break;
2593
903e4541
AE		 2594 case HCI_OP_READ_LOCAL_AMP_ASSOC:
2595 hci_cc_read_local_amp_assoc(hdev, skb);
2596 break;
2597
d5859e22
JH		 2598 case HCI_OP_READ_INQ_RSP_TX_POWER:
2599 hci_cc_read_inq_rsp_tx_power(hdev, skb);
2600 break;
2601
980e1a53
JH		 2602 case HCI_OP_PIN_CODE_REPLY:
2603 hci_cc_pin_code_reply(hdev, skb);
2604 break;
2605
2606 case HCI_OP_PIN_CODE_NEG_REPLY:
2607 hci_cc_pin_code_neg_reply(hdev, skb);
2608 break;
2609
c35938b2 2610 case HCI_OP_READ_LOCAL_OOB_DATA:
4d2d2796
MH		 2611 hci_cc_read_local_oob_data(hdev, skb);
2612 break;
2613
2614 case HCI_OP_READ_LOCAL_OOB_EXT_DATA:
2615 hci_cc_read_local_oob_ext_data(hdev, skb);
c35938b2
SJ		 2616 break;
2617
6ed58ec5
VT		 2618 case HCI_OP_LE_READ_BUFFER_SIZE:
2619 hci_cc_le_read_buffer_size(hdev, skb);
2620 break;
2621
60e77321
JH		 2622 case HCI_OP_LE_READ_LOCAL_FEATURES:
2623 hci_cc_le_read_local_features(hdev, skb);
2624 break;
2625
8fa19098
JH		 2626 case HCI_OP_LE_READ_ADV_TX_POWER:
2627 hci_cc_le_read_adv_tx_power(hdev, skb);
2628 break;
2629
a5c29683
JH		 2630 case HCI_OP_USER_CONFIRM_REPLY:
2631 hci_cc_user_confirm_reply(hdev, skb);
2632 break;
2633
2634 case HCI_OP_USER_CONFIRM_NEG_REPLY:
2635 hci_cc_user_confirm_neg_reply(hdev, skb);
2636 break;
2637
1143d458
BG		 2638 case HCI_OP_USER_PASSKEY_REPLY:
2639 hci_cc_user_passkey_reply(hdev, skb);
2640 break;
2641
2642 case HCI_OP_USER_PASSKEY_NEG_REPLY:
2643 hci_cc_user_passkey_neg_reply(hdev, skb);
16cde993 2644 break;
07f7fa5d 2645
7a4cd51d
MH		 2646 case HCI_OP_LE_SET_RANDOM_ADDR:
2647 hci_cc_le_set_random_addr(hdev, skb);
2648 break;
2649
c1d5dc4a
JH		 2650 case HCI_OP_LE_SET_ADV_ENABLE:
2651 hci_cc_le_set_adv_enable(hdev, skb);
2652 break;
2653
533553f8
MH		 2654 case HCI_OP_LE_SET_SCAN_PARAM:
2655 hci_cc_le_set_scan_param(hdev, skb);
2656 break;
2657
eb9d91f5
AG		 2658 case HCI_OP_LE_SET_SCAN_ENABLE:
2659 hci_cc_le_set_scan_enable(hdev, skb);
2660 break;
2661
cf1d081f
JH		 2662 case HCI_OP_LE_READ_WHITE_LIST_SIZE:
2663 hci_cc_le_read_white_list_size(hdev, skb);
2664 break;
2665
0f36b589
MH		 2666 case HCI_OP_LE_CLEAR_WHITE_LIST:
2667 hci_cc_le_clear_white_list(hdev, skb);
2668 break;
2669
2670 case HCI_OP_LE_ADD_TO_WHITE_LIST:
2671 hci_cc_le_add_to_white_list(hdev, skb);
2672 break;
2673
2674 case HCI_OP_LE_DEL_FROM_WHITE_LIST:
2675 hci_cc_le_del_from_white_list(hdev, skb);
2676 break;
2677
9b008c04
JH		 2678 case HCI_OP_LE_READ_SUPPORTED_STATES:
2679 hci_cc_le_read_supported_states(hdev, skb);
2680 break;
2681
f9b49306
AG		 2682 case HCI_OP_WRITE_LE_HOST_SUPPORTED:
2683 hci_cc_write_le_host_supported(hdev, skb);
2684 break;
2685
56ed2cb8
JH		 2686 case HCI_OP_LE_SET_ADV_PARAM:
2687 hci_cc_set_adv_param(hdev, skb);
2688 break;
2689
93c284ee
AE		 2690 case HCI_OP_WRITE_REMOTE_AMP_ASSOC:
2691 hci_cc_write_remote_amp_assoc(hdev, skb);
2692 break;
2693
5ae76a94
AK		 2694 case HCI_OP_READ_RSSI:
2695 hci_cc_read_rssi(hdev, skb);
2696 break;
2697
5a134fae
AK		 2698 case HCI_OP_READ_TX_POWER:
2699 hci_cc_read_tx_power(hdev, skb);
2700 break;
2701
a9de9248 2702 default:
9f1db00c 2703 BT_DBG("%s opcode 0x%4.4x", hdev->name, opcode);
a9de9248
MH		 2704 break;
2705 }
2706
ad82cdd1 2707 if (opcode != HCI_OP_NOP)
6bd32326
VT		 2708 del_timer(&hdev->cmd_timer);
2709
ad82cdd1 2710 hci_req_cmd_complete(hdev, opcode, status);
9238f36a 2711
dbccd791 2712 if (ev->ncmd && !test_bit(HCI_RESET, &hdev->flags)) {
a9de9248
MH		 2713 atomic_set(&hdev->cmd_cnt, 1);
2714 if (!skb_queue_empty(&hdev->cmd_q))
c347b765 2715 queue_work(hdev->workqueue, &hdev->cmd_work);
a9de9248
MH		 2716 }
2717}
2718
6039aa73 2719static void hci_cmd_status_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248
MH		 2720{
2721 struct hci_ev_cmd_status *ev = (void *) skb->data;
2722 __u16 opcode;
2723
2724 skb_pull(skb, sizeof(*ev));
2725
2726 opcode = __le16_to_cpu(ev->opcode);
2727
2728 switch (opcode) {
2729 case HCI_OP_INQUIRY:
2730 hci_cs_inquiry(hdev, ev->status);
2731 break;
2732
2733 case HCI_OP_CREATE_CONN:
2734 hci_cs_create_conn(hdev, ev->status);
2735 break;
2736
2737 case HCI_OP_ADD_SCO:
2738 hci_cs_add_sco(hdev, ev->status);
2739 break;
2740
f8558555
MH		 2741 case HCI_OP_AUTH_REQUESTED:
2742 hci_cs_auth_requested(hdev, ev->status);
2743 break;
2744
2745 case HCI_OP_SET_CONN_ENCRYPT:
2746 hci_cs_set_conn_encrypt(hdev, ev->status);
2747 break;
2748
a9de9248
MH		 2749 case HCI_OP_REMOTE_NAME_REQ:
2750 hci_cs_remote_name_req(hdev, ev->status);
2751 break;
2752
769be974
MH		 2753 case HCI_OP_READ_REMOTE_FEATURES:
2754 hci_cs_read_remote_features(hdev, ev->status);
2755 break;
2756
2757 case HCI_OP_READ_REMOTE_EXT_FEATURES:
2758 hci_cs_read_remote_ext_features(hdev, ev->status);
2759 break;
2760
a9de9248
MH		 2761 case HCI_OP_SETUP_SYNC_CONN:
2762 hci_cs_setup_sync_conn(hdev, ev->status);
2763 break;
2764
2765 case HCI_OP_SNIFF_MODE:
2766 hci_cs_sniff_mode(hdev, ev->status);
2767 break;
2768
2769 case HCI_OP_EXIT_SNIFF_MODE:
2770 hci_cs_exit_sniff_mode(hdev, ev->status);
2771 break;
2772
8962ee74 2773 case HCI_OP_DISCONNECT:
88c3df13 2774 hci_cs_disconnect(hdev, ev->status);
8962ee74
JH		 2775 break;
2776
a02226d6
AE		 2777 case HCI_OP_CREATE_PHY_LINK:
2778 hci_cs_create_phylink(hdev, ev->status);
2779 break;
2780
0b26ab9d
AE		 2781 case HCI_OP_ACCEPT_PHY_LINK:
2782 hci_cs_accept_phylink(hdev, ev->status);
2783 break;
2784
cb1d68f7
JH		 2785 case HCI_OP_LE_CREATE_CONN:
2786 hci_cs_le_create_conn(hdev, ev->status);
2787 break;
2788
81d0c8ad
JH		 2789 case HCI_OP_LE_START_ENC:
2790 hci_cs_le_start_enc(hdev, ev->status);
2791 break;
2792
a9de9248 2793 default:
9f1db00c 2794 BT_DBG("%s opcode 0x%4.4x", hdev->name, opcode);
a9de9248
MH		 2795 break;
2796 }
2797
ad82cdd1 2798 if (opcode != HCI_OP_NOP)
6bd32326
VT		 2799 del_timer(&hdev->cmd_timer);
2800
02350a72
JH		 2801 if (ev->status ||
2802 (hdev->sent_cmd && !bt_cb(hdev->sent_cmd)->req.event))
2803 hci_req_cmd_complete(hdev, opcode, ev->status);
9238f36a 2804
10572132 2805 if (ev->ncmd && !test_bit(HCI_RESET, &hdev->flags)) {
a9de9248
MH		 2806 atomic_set(&hdev->cmd_cnt, 1);
2807 if (!skb_queue_empty(&hdev->cmd_q))
c347b765 2808 queue_work(hdev->workqueue, &hdev->cmd_work);
a9de9248
MH		 2809 }
2810}
2811
6039aa73 2812static void hci_role_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248
MH		 2813{
2814 struct hci_ev_role_change *ev = (void *) skb->data;
2815 struct hci_conn *conn;
2816
9f1db00c 2817 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
a9de9248
MH		 2818
2819 hci_dev_lock(hdev);
2820
2821 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2822 if (conn) {
2823 if (!ev->status) {
2824 if (ev->role)
2825 conn->link_mode &= ~HCI_LM_MASTER;
2826 else
2827 conn->link_mode |= HCI_LM_MASTER;
2828 }
2829
51a8efd7 2830 clear_bit(HCI_CONN_RSWITCH_PEND, &conn->flags);
a9de9248
MH		 2831
2832 hci_role_switch_cfm(conn, ev->status, ev->role);
2833 }
2834
2835 hci_dev_unlock(hdev);
2836}
2837
6039aa73 2838static void hci_num_comp_pkts_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248
MH		 2839{
2840 struct hci_ev_num_comp_pkts *ev = (void *) skb->data;
a9de9248
MH		 2841 int i;
2842
32ac5b9b
AE		 2843 if (hdev->flow_ctl_mode != HCI_FLOW_CTL_MODE_PACKET_BASED) {
2844 BT_ERR("Wrong event for mode %d", hdev->flow_ctl_mode);
2845 return;
2846 }
2847
c5993de8 2848 if (skb->len < sizeof(*ev) || skb->len < sizeof(*ev) +
807deac2 2849 ev->num_hndl * sizeof(struct hci_comp_pkts_info)) {
a9de9248
MH		 2850 BT_DBG("%s bad parameters", hdev->name);
2851 return;
2852 }
2853
c5993de8
AE		 2854 BT_DBG("%s num_hndl %d", hdev->name, ev->num_hndl);
2855
613a1c0c
AE		 2856 for (i = 0; i < ev->num_hndl; i++) {
2857 struct hci_comp_pkts_info *info = &ev->handles[i];
a9de9248
MH		 2858 struct hci_conn *conn;
2859 __u16 handle, count;
2860
613a1c0c
AE		 2861 handle = __le16_to_cpu(info->handle);
2862 count = __le16_to_cpu(info->count);
a9de9248
MH		 2863
2864 conn = hci_conn_hash_lookup_handle(hdev, handle);
f4280918
AE		 2865 if (!conn)
2866 continue;
2867
2868 conn->sent -= count;
2869
2870 switch (conn->type) {
2871 case ACL_LINK:
2872 hdev->acl_cnt += count;
2873 if (hdev->acl_cnt > hdev->acl_pkts)
2874 hdev->acl_cnt = hdev->acl_pkts;
2875 break;
2876
2877 case LE_LINK:
2878 if (hdev->le_pkts) {
2879 hdev->le_cnt += count;
2880 if (hdev->le_cnt > hdev->le_pkts)
2881 hdev->le_cnt = hdev->le_pkts;
2882 } else {
70f23020
AE		 2883 hdev->acl_cnt += count;
2884 if (hdev->acl_cnt > hdev->acl_pkts)
a9de9248 2885 hdev->acl_cnt = hdev->acl_pkts;
a9de9248 2886 }
f4280918
AE		 2887 break;
2888
2889 case SCO_LINK:
2890 hdev->sco_cnt += count;
2891 if (hdev->sco_cnt > hdev->sco_pkts)
2892 hdev->sco_cnt = hdev->sco_pkts;
2893 break;
2894
2895 default:
2896 BT_ERR("Unknown type %d conn %p", conn->type, conn);
2897 break;
a9de9248
MH		 2898 }
2899 }
2900
3eff45ea 2901 queue_work(hdev->workqueue, &hdev->tx_work);
a9de9248
MH		 2902}
2903
76ef7cf7
AE		 2904static struct hci_conn *__hci_conn_lookup_handle(struct hci_dev *hdev,
2905 __u16 handle)
2906{
2907 struct hci_chan *chan;
2908
2909 switch (hdev->dev_type) {
2910 case HCI_BREDR:
2911 return hci_conn_hash_lookup_handle(hdev, handle);
2912 case HCI_AMP:
2913 chan = hci_chan_lookup_handle(hdev, handle);
2914 if (chan)
2915 return chan->conn;
2916 break;
2917 default:
2918 BT_ERR("%s unknown dev_type %d", hdev->name, hdev->dev_type);
2919 break;
2920 }
2921
2922 return NULL;
2923}
2924
6039aa73 2925static void hci_num_comp_blocks_evt(struct hci_dev *hdev, struct sk_buff *skb)
25e89e99
AE		 2926{
2927 struct hci_ev_num_comp_blocks *ev = (void *) skb->data;
2928 int i;
2929
2930 if (hdev->flow_ctl_mode != HCI_FLOW_CTL_MODE_BLOCK_BASED) {
2931 BT_ERR("Wrong event for mode %d", hdev->flow_ctl_mode);
2932 return;
2933 }
2934
2935 if (skb->len < sizeof(*ev) || skb->len < sizeof(*ev) +
807deac2 2936 ev->num_hndl * sizeof(struct hci_comp_blocks_info)) {
25e89e99
AE		 2937 BT_DBG("%s bad parameters", hdev->name);
2938 return;
2939 }
2940
2941 BT_DBG("%s num_blocks %d num_hndl %d", hdev->name, ev->num_blocks,
807deac2 2942 ev->num_hndl);
25e89e99
AE		 2943
2944 for (i = 0; i < ev->num_hndl; i++) {
2945 struct hci_comp_blocks_info *info = &ev->handles[i];
76ef7cf7 2946 struct hci_conn *conn = NULL;
25e89e99
AE		 2947 __u16 handle, block_count;
2948
2949 handle = __le16_to_cpu(info->handle);
2950 block_count = __le16_to_cpu(info->blocks);
2951
76ef7cf7 2952 conn = __hci_conn_lookup_handle(hdev, handle);
25e89e99
AE		 2953 if (!conn)
2954 continue;
2955
2956 conn->sent -= block_count;
2957
2958 switch (conn->type) {
2959 case ACL_LINK:
bd1eb66b 2960 case AMP_LINK:
25e89e99
AE		 2961 hdev->block_cnt += block_count;
2962 if (hdev->block_cnt > hdev->num_blocks)
2963 hdev->block_cnt = hdev->num_blocks;
2964 break;
2965
2966 default:
2967 BT_ERR("Unknown type %d conn %p", conn->type, conn);
2968 break;
2969 }
2970 }
2971
2972 queue_work(hdev->workqueue, &hdev->tx_work);
2973}
2974
6039aa73 2975static void hci_mode_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
04837f64 2976{
a9de9248 2977 struct hci_ev_mode_change *ev = (void *) skb->data;
04837f64
MH		 2978 struct hci_conn *conn;
2979
9f1db00c 2980 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
04837f64
MH		 2981
2982 hci_dev_lock(hdev);
2983
2984 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
a9de9248
MH		 2985 if (conn) {
2986 conn->mode = ev->mode;
a9de9248 2987
8fc9ced3
GP		 2988 if (!test_and_clear_bit(HCI_CONN_MODE_CHANGE_PEND,
2989 &conn->flags)) {
a9de9248 2990 if (conn->mode == HCI_CM_ACTIVE)
58a681ef 2991 set_bit(HCI_CONN_POWER_SAVE, &conn->flags);
a9de9248 2992 else
58a681ef 2993 clear_bit(HCI_CONN_POWER_SAVE, &conn->flags);
a9de9248 2994 }
e73439d8 2995
51a8efd7 2996 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
e73439d8 2997 hci_sco_setup(conn, ev->status);
04837f64
MH		 2998 }
2999
3000 hci_dev_unlock(hdev);
3001}
3002
6039aa73 3003static void hci_pin_code_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248 3004{
052b30b0
MH		 3005 struct hci_ev_pin_code_req *ev = (void *) skb->data;
3006 struct hci_conn *conn;
3007
a9de9248 3008 BT_DBG("%s", hdev->name);
052b30b0
MH		 3009
3010 hci_dev_lock(hdev);
3011
3012 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
b6f98044
WR		 3013 if (!conn)
3014 goto unlock;
3015
3016 if (conn->state == BT_CONNECTED) {
052b30b0
MH		 3017 hci_conn_hold(conn);
3018 conn->disc_timeout = HCI_PAIRING_TIMEOUT;
76a68ba0 3019 hci_conn_drop(conn);
052b30b0
MH		 3020 }
3021
a8b2d5c2 3022 if (!test_bit(HCI_PAIRABLE, &hdev->dev_flags))
03b555e1 3023 hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
807deac2 3024 sizeof(ev->bdaddr), &ev->bdaddr);
a8b2d5c2 3025 else if (test_bit(HCI_MGMT, &hdev->dev_flags)) {
a770bb5a
WR		 3026 u8 secure;
3027
3028 if (conn->pending_sec_level == BT_SECURITY_HIGH)
3029 secure = 1;
3030 else
3031 secure = 0;
3032
744cf19e 3033 mgmt_pin_code_request(hdev, &ev->bdaddr, secure);
a770bb5a 3034 }
980e1a53 3035
b6f98044 3036unlock:
052b30b0 3037 hci_dev_unlock(hdev);
a9de9248
MH		 3038}
3039
6039aa73 3040static void hci_link_key_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248 3041{
55ed8ca1
JH		 3042 struct hci_ev_link_key_req *ev = (void *) skb->data;
3043 struct hci_cp_link_key_reply cp;
3044 struct hci_conn *conn;
3045 struct link_key *key;
3046
a9de9248 3047 BT_DBG("%s", hdev->name);
55ed8ca1 3048
034cbea0 3049 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
55ed8ca1
JH		 3050 return;
3051
3052 hci_dev_lock(hdev);
3053
3054 key = hci_find_link_key(hdev, &ev->bdaddr);
3055 if (!key) {
6ed93dc6
AE		 3056 BT_DBG("%s link key not found for %pMR", hdev->name,
3057 &ev->bdaddr);
55ed8ca1
JH		 3058 goto not_found;
3059 }
3060
6ed93dc6
AE		 3061 BT_DBG("%s found key type %u for %pMR", hdev->name, key->type,
3062 &ev->bdaddr);
55ed8ca1 3063
a8b2d5c2 3064 if (!test_bit(HCI_DEBUG_KEYS, &hdev->dev_flags) &&
807deac2 3065 key->type == HCI_LK_DEBUG_COMBINATION) {
55ed8ca1
JH		 3066 BT_DBG("%s ignoring debug key", hdev->name);
3067 goto not_found;
3068 }
3069
3070 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
60b83f57 3071 if (conn) {
66138ce8
MH		 3072 if ((key->type == HCI_LK_UNAUTH_COMBINATION_P192 ||
3073 key->type == HCI_LK_UNAUTH_COMBINATION_P256) &&
807deac2 3074 conn->auth_type != 0xff && (conn->auth_type & 0x01)) {
60b83f57
WR		 3075 BT_DBG("%s ignoring unauthenticated key", hdev->name);
3076 goto not_found;
3077 }
55ed8ca1 3078
60b83f57 3079 if (key->type == HCI_LK_COMBINATION && key->pin_len < 16 &&
f3fb0b58
JH		 3080 (conn->pending_sec_level == BT_SECURITY_HIGH ||
3081 conn->pending_sec_level == BT_SECURITY_FIPS)) {
8fc9ced3
GP		 3082 BT_DBG("%s ignoring key unauthenticated for high security",
3083 hdev->name);
60b83f57
WR		 3084 goto not_found;
3085 }
3086
3087 conn->key_type = key->type;
3088 conn->pin_length = key->pin_len;
55ed8ca1
JH		 3089 }
3090
3091 bacpy(&cp.bdaddr, &ev->bdaddr);
9b3b4460 3092 memcpy(cp.link_key, key->val, HCI_LINK_KEY_SIZE);
55ed8ca1
JH		 3093
3094 hci_send_cmd(hdev, HCI_OP_LINK_KEY_REPLY, sizeof(cp), &cp);
3095
3096 hci_dev_unlock(hdev);
3097
3098 return;
3099
3100not_found:
3101 hci_send_cmd(hdev, HCI_OP_LINK_KEY_NEG_REPLY, 6, &ev->bdaddr);
3102 hci_dev_unlock(hdev);
a9de9248
MH		 3103}
3104
6039aa73 3105static void hci_link_key_notify_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248 3106{
052b30b0
MH		 3107 struct hci_ev_link_key_notify *ev = (void *) skb->data;
3108 struct hci_conn *conn;
55ed8ca1 3109 u8 pin_len = 0;
052b30b0 3110
a9de9248 3111 BT_DBG("%s", hdev->name);
052b30b0
MH		 3112
3113 hci_dev_lock(hdev);
3114
3115 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3116 if (conn) {
3117 hci_conn_hold(conn);
3118 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
980e1a53 3119 pin_len = conn->pin_length;
13d39315
WR		 3120
3121 if (ev->key_type != HCI_LK_CHANGED_COMBINATION)
3122 conn->key_type = ev->key_type;
3123
76a68ba0 3124 hci_conn_drop(conn);
052b30b0
MH		 3125 }
3126
034cbea0 3127 if (test_bit(HCI_MGMT, &hdev->dev_flags))
d25e28ab 3128 hci_add_link_key(hdev, conn, 1, &ev->bdaddr, ev->link_key,
807deac2 3129 ev->key_type, pin_len);
55ed8ca1 3130
052b30b0 3131 hci_dev_unlock(hdev);
a9de9248
MH		 3132}
3133
6039aa73 3134static void hci_clock_offset_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 3135{
a9de9248 3136 struct hci_ev_clock_offset *ev = (void *) skb->data;
04837f64 3137 struct hci_conn *conn;
1da177e4 3138
9f1db00c 3139 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
1da177e4
LT		 3140
3141 hci_dev_lock(hdev);
3142
04837f64 3143 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1da177e4
LT		 3144 if (conn && !ev->status) {
3145 struct inquiry_entry *ie;
3146
cc11b9c1
AE		 3147 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
3148 if (ie) {
1da177e4
LT		 3149 ie->data.clock_offset = ev->clock_offset;
3150 ie->timestamp = jiffies;
3151 }
3152 }
3153
3154 hci_dev_unlock(hdev);
3155}
3156
6039aa73 3157static void hci_pkt_type_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
a8746417
MH		 3158{
3159 struct hci_ev_pkt_type_change *ev = (void *) skb->data;
3160 struct hci_conn *conn;
3161
9f1db00c 3162 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
a8746417
MH		 3163
3164 hci_dev_lock(hdev);
3165
3166 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
3167 if (conn && !ev->status)
3168 conn->pkt_type = __le16_to_cpu(ev->pkt_type);
3169
3170 hci_dev_unlock(hdev);
3171}
3172
6039aa73 3173static void hci_pscan_rep_mode_evt(struct hci_dev *hdev, struct sk_buff *skb)
85a1e930 3174{
a9de9248 3175 struct hci_ev_pscan_rep_mode *ev = (void *) skb->data;
85a1e930
MH		 3176 struct inquiry_entry *ie;
3177
3178 BT_DBG("%s", hdev->name);
3179
3180 hci_dev_lock(hdev);
3181
cc11b9c1
AE		 3182 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
3183 if (ie) {
85a1e930
MH		 3184 ie->data.pscan_rep_mode = ev->pscan_rep_mode;
3185 ie->timestamp = jiffies;
3186 }
3187
3188 hci_dev_unlock(hdev);
3189}
3190
6039aa73
GP		 3191static void hci_inquiry_result_with_rssi_evt(struct hci_dev *hdev,
3192 struct sk_buff *skb)
a9de9248
MH		 3193{
3194 struct inquiry_data data;
3195 int num_rsp = *((__u8 *) skb->data);
388fc8fa 3196 bool name_known, ssp;
a9de9248
MH		 3197
3198 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
3199
3200 if (!num_rsp)
3201 return;
3202
1519cc17
AG		 3203 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags))
3204 return;
3205
a9de9248
MH		 3206 hci_dev_lock(hdev);
3207
3208 if ((skb->len - 1) / num_rsp != sizeof(struct inquiry_info_with_rssi)) {
138d22ef
SJ		 3209 struct inquiry_info_with_rssi_and_pscan_mode *info;
3210 info = (void *) (skb->data + 1);
a9de9248 3211
e17acd40 3212 for (; num_rsp; num_rsp--, info++) {
a9de9248
MH		 3213 bacpy(&data.bdaddr, &info->bdaddr);
3214 data.pscan_rep_mode = info->pscan_rep_mode;
3215 data.pscan_period_mode = info->pscan_period_mode;
3216 data.pscan_mode = info->pscan_mode;
3217 memcpy(data.dev_class, info->dev_class, 3);
3218 data.clock_offset = info->clock_offset;
3219 data.rssi = info->rssi;
41a96212 3220 data.ssp_mode = 0x00;
3175405b
JH		 3221
3222 name_known = hci_inquiry_cache_update(hdev, &data,
04124681 3223 false, &ssp);
48264f06 3224 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
04124681 3225 info->dev_class, info->rssi,
5d2e9fad 3226 !name_known, ssp, NULL, 0, NULL, 0);
a9de9248
MH		 3227 }
3228 } else {
3229 struct inquiry_info_with_rssi *info = (void *) (skb->data + 1);
3230
e17acd40 3231 for (; num_rsp; num_rsp--, info++) {
a9de9248
MH		 3232 bacpy(&data.bdaddr, &info->bdaddr);
3233 data.pscan_rep_mode = info->pscan_rep_mode;
3234 data.pscan_period_mode = info->pscan_period_mode;
3235 data.pscan_mode = 0x00;
3236 memcpy(data.dev_class, info->dev_class, 3);
3237 data.clock_offset = info->clock_offset;
3238 data.rssi = info->rssi;
41a96212 3239 data.ssp_mode = 0x00;
3175405b 3240 name_known = hci_inquiry_cache_update(hdev, &data,
04124681 3241 false, &ssp);
48264f06 3242 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
04124681 3243 info->dev_class, info->rssi,
5d2e9fad 3244 !name_known, ssp, NULL, 0, NULL, 0);
a9de9248
MH		 3245 }
3246 }
3247
3248 hci_dev_unlock(hdev);
3249}
3250
6039aa73
GP		 3251static void hci_remote_ext_features_evt(struct hci_dev *hdev,
3252 struct sk_buff *skb)
a9de9248 3253{
41a96212
MH		 3254 struct hci_ev_remote_ext_features *ev = (void *) skb->data;
3255 struct hci_conn *conn;
3256
a9de9248 3257 BT_DBG("%s", hdev->name);
41a96212 3258
41a96212
MH		 3259 hci_dev_lock(hdev);
3260
3261 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
ccd556fe
JH		 3262 if (!conn)
3263 goto unlock;
41a96212 3264
cad718ed
JH		 3265 if (ev->page < HCI_MAX_PAGES)
3266 memcpy(conn->features[ev->page], ev->features, 8);
3267
ccd556fe
JH		 3268 if (!ev->status && ev->page == 0x01) {
3269 struct inquiry_entry *ie;
41a96212 3270
cc11b9c1
AE		 3271 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
3272 if (ie)
02b7cc62 3273 ie->data.ssp_mode = (ev->features[0] & LMP_HOST_SSP);
769be974 3274
bbb0eada 3275 if (ev->features[0] & LMP_HOST_SSP) {
58a681ef 3276 set_bit(HCI_CONN_SSP_ENABLED, &conn->flags);
bbb0eada
JK		 3277 } else {
3278 /* It is mandatory by the Bluetooth specification that
3279 * Extended Inquiry Results are only used when Secure
3280 * Simple Pairing is enabled, but some devices violate
3281 * this.
3282 *
3283 * To make these devices work, the internal SSP
3284 * enabled flag needs to be cleared if the remote host
3285 * features do not indicate SSP support */
3286 clear_bit(HCI_CONN_SSP_ENABLED, &conn->flags);
3287 }
eb9a8f3f
MH		 3288
3289 if (ev->features[0] & LMP_HOST_SC)
3290 set_bit(HCI_CONN_SC_ENABLED, &conn->flags);
ccd556fe
JH		 3291 }
3292
3293 if (conn->state != BT_CONFIG)
3294 goto unlock;
3295
671267bf 3296 if (!ev->status && !test_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags)) {
127178d2
JH		 3297 struct hci_cp_remote_name_req cp;
3298 memset(&cp, 0, sizeof(cp));
3299 bacpy(&cp.bdaddr, &conn->dst);
3300 cp.pscan_rep_mode = 0x02;
3301 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
b644ba33
JH		 3302 } else if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
3303 mgmt_device_connected(hdev, &conn->dst, conn->type,
04124681
GP		 3304 conn->dst_type, 0, NULL, 0,
3305 conn->dev_class);
392599b9 3306
127178d2 3307 if (!hci_outgoing_auth_needed(hdev, conn)) {
ccd556fe
JH		 3308 conn->state = BT_CONNECTED;
3309 hci_proto_connect_cfm(conn, ev->status);
76a68ba0 3310 hci_conn_drop(conn);
41a96212
MH		 3311 }
3312
ccd556fe 3313unlock:
41a96212 3314 hci_dev_unlock(hdev);
a9de9248
MH		 3315}
3316
6039aa73
GP		 3317static void hci_sync_conn_complete_evt(struct hci_dev *hdev,
3318 struct sk_buff *skb)
a9de9248 3319{
b6a0dc82
MH		 3320 struct hci_ev_sync_conn_complete *ev = (void *) skb->data;
3321 struct hci_conn *conn;
3322
9f1db00c 3323 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
b6a0dc82
MH		 3324
3325 hci_dev_lock(hdev);
3326
3327 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
9dc0a3af
MH		 3328 if (!conn) {
3329 if (ev->link_type == ESCO_LINK)
3330 goto unlock;
3331
3332 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
3333 if (!conn)
3334 goto unlock;
3335
3336 conn->type = SCO_LINK;
3337 }
b6a0dc82 3338
732547f9
MH		 3339 switch (ev->status) {
3340 case 0x00:
b6a0dc82
MH		 3341 conn->handle = __le16_to_cpu(ev->handle);
3342 conn->state = BT_CONNECTED;
7d0db0a3
MH		 3343
3344 hci_conn_add_sysfs(conn);
732547f9
MH		 3345 break;
3346
1a4c958c 3347 case 0x0d: /* Connection Rejected due to Limited Resources */
705e5711 3348 case 0x11: /* Unsupported Feature or Parameter Value */
732547f9 3349 case 0x1c: /* SCO interval rejected */
1038a00b 3350 case 0x1a: /* Unsupported Remote Feature */
732547f9 3351 case 0x1f: /* Unspecified error */
27539bc4 3352 case 0x20: /* Unsupported LMP Parameter value */
2dea632f 3353 if (conn->out) {
732547f9
MH		 3354 conn->pkt_type = (hdev->esco_type & SCO_ESCO_MASK) |
3355 (hdev->esco_type & EDR_ESCO_MASK);
2dea632f
FD		 3356 if (hci_setup_sync(conn, conn->link->handle))
3357 goto unlock;
732547f9
MH		 3358 }
3359 /* fall through */
3360
3361 default:
b6a0dc82 3362 conn->state = BT_CLOSED;
732547f9
MH		 3363 break;
3364 }
b6a0dc82
MH		 3365
3366 hci_proto_connect_cfm(conn, ev->status);
3367 if (ev->status)
3368 hci_conn_del(conn);
3369
3370unlock:
3371 hci_dev_unlock(hdev);
a9de9248
MH		 3372}
3373
efdcf8e3
MH		 3374static inline size_t eir_get_length(u8 *eir, size_t eir_len)
3375{
3376 size_t parsed = 0;
3377
3378 while (parsed < eir_len) {
3379 u8 field_len = eir[0];
3380
3381 if (field_len == 0)
3382 return parsed;
3383
3384 parsed += field_len + 1;
3385 eir += field_len + 1;
3386 }
3387
3388 return eir_len;
3389}
3390
6039aa73
GP		 3391static void hci_extended_inquiry_result_evt(struct hci_dev *hdev,
3392 struct sk_buff *skb)
1da177e4 3393{
a9de9248
MH		 3394 struct inquiry_data data;
3395 struct extended_inquiry_info *info = (void *) (skb->data + 1);
3396 int num_rsp = *((__u8 *) skb->data);
9d939d94 3397 size_t eir_len;
1da177e4 3398
a9de9248 3399 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
1da177e4 3400
a9de9248
MH		 3401 if (!num_rsp)
3402 return;
1da177e4 3403
1519cc17
AG		 3404 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags))
3405 return;
3406
a9de9248
MH		 3407 hci_dev_lock(hdev);
3408
e17acd40 3409 for (; num_rsp; num_rsp--, info++) {
388fc8fa 3410 bool name_known, ssp;
561aafbc 3411
a9de9248 3412 bacpy(&data.bdaddr, &info->bdaddr);
138d22ef
SJ		 3413 data.pscan_rep_mode = info->pscan_rep_mode;
3414 data.pscan_period_mode = info->pscan_period_mode;
3415 data.pscan_mode = 0x00;
a9de9248 3416 memcpy(data.dev_class, info->dev_class, 3);
138d22ef
SJ		 3417 data.clock_offset = info->clock_offset;
3418 data.rssi = info->rssi;
41a96212 3419 data.ssp_mode = 0x01;
561aafbc 3420
a8b2d5c2 3421 if (test_bit(HCI_MGMT, &hdev->dev_flags))
4ddb1930 3422 name_known = eir_has_data_type(info->data,
04124681
GP		 3423 sizeof(info->data),
3424 EIR_NAME_COMPLETE);
561aafbc
JH		 3425 else
3426 name_known = true;
3427
388fc8fa 3428 name_known = hci_inquiry_cache_update(hdev, &data, name_known,
04124681 3429 &ssp);
9d939d94 3430 eir_len = eir_get_length(info->data, sizeof(info->data));
48264f06 3431 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
04124681 3432 info->dev_class, info->rssi, !name_known,
5d2e9fad 3433 ssp, info->data, eir_len, NULL, 0);
a9de9248
MH		 3434 }
3435
3436 hci_dev_unlock(hdev);
3437}
1da177e4 3438
1c2e0041
JH		 3439static void hci_key_refresh_complete_evt(struct hci_dev *hdev,
3440 struct sk_buff *skb)
3441{
3442 struct hci_ev_key_refresh_complete *ev = (void *) skb->data;
3443 struct hci_conn *conn;
3444
9f1db00c 3445 BT_DBG("%s status 0x%2.2x handle 0x%4.4x", hdev->name, ev->status,
1c2e0041
JH		 3446 __le16_to_cpu(ev->handle));
3447
3448 hci_dev_lock(hdev);
3449
3450 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
3451 if (!conn)
3452 goto unlock;
3453
9eb1fbfa
JH		 3454 /* For BR/EDR the necessary steps are taken through the
3455 * auth_complete event.
3456 */
3457 if (conn->type != LE_LINK)
3458 goto unlock;
3459
1c2e0041
JH		 3460 if (!ev->status)
3461 conn->sec_level = conn->pending_sec_level;
3462
3463 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
3464
3465 if (ev->status && conn->state == BT_CONNECTED) {
bed71748 3466 hci_disconnect(conn, HCI_ERROR_AUTH_FAILURE);
76a68ba0 3467 hci_conn_drop(conn);
1c2e0041
JH		 3468 goto unlock;
3469 }
3470
3471 if (conn->state == BT_CONFIG) {
3472 if (!ev->status)
3473 conn->state = BT_CONNECTED;
3474
3475 hci_proto_connect_cfm(conn, ev->status);
76a68ba0 3476 hci_conn_drop(conn);
1c2e0041
JH		 3477 } else {
3478 hci_auth_cfm(conn, ev->status);
3479
3480 hci_conn_hold(conn);
3481 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
76a68ba0 3482 hci_conn_drop(conn);
1c2e0041
JH		 3483 }
3484
3485unlock:
3486 hci_dev_unlock(hdev);
3487}
3488
6039aa73 3489static u8 hci_get_auth_req(struct hci_conn *conn)
17fa4b9d 3490{
17fa4b9d 3491 /* If remote requests no-bonding follow that lead */
acabae96
MA		 3492 if (conn->remote_auth == HCI_AT_NO_BONDING ||
3493 conn->remote_auth == HCI_AT_NO_BONDING_MITM)
58797bf7 3494 return conn->remote_auth | (conn->auth_type & 0x01);
17fa4b9d 3495
b7f94c88
MA		 3496 /* If both remote and local have enough IO capabilities, require
3497 * MITM protection
3498 */
3499 if (conn->remote_cap != HCI_IO_NO_INPUT_OUTPUT &&
3500 conn->io_capability != HCI_IO_NO_INPUT_OUTPUT)
3501 return conn->remote_auth | 0x01;
3502
7e74170a
TM		 3503 /* No MITM protection possible so ignore remote requirement */
3504 return (conn->remote_auth & ~0x01) | (conn->auth_type & 0x01);
17fa4b9d
JH		 3505}
3506
6039aa73 3507static void hci_io_capa_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
0493684e
MH		 3508{
3509 struct hci_ev_io_capa_request *ev = (void *) skb->data;
3510 struct hci_conn *conn;
3511
3512 BT_DBG("%s", hdev->name);
3513
3514 hci_dev_lock(hdev);
3515
3516 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
03b555e1
JH		 3517 if (!conn)
3518 goto unlock;
3519
3520 hci_conn_hold(conn);
3521
a8b2d5c2 3522 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
03b555e1
JH		 3523 goto unlock;
3524
a8b2d5c2 3525 if (test_bit(HCI_PAIRABLE, &hdev->dev_flags) ||
807deac2 3526 (conn->remote_auth & ~0x01) == HCI_AT_NO_BONDING) {
17fa4b9d
JH		 3527 struct hci_cp_io_capability_reply cp;
3528
3529 bacpy(&cp.bdaddr, &ev->bdaddr);
7a7f1e7c
HG		 3530 /* Change the IO capability from KeyboardDisplay
3531 * to DisplayYesNo as it is not supported by BT spec. */
3532 cp.capability = (conn->io_capability == 0x04) ?
a767631a 3533 HCI_IO_DISPLAY_YESNO : conn->io_capability;
b7f94c88
MA		 3534
3535 /* If we are initiators, there is no remote information yet */
3536 if (conn->remote_auth == 0xff) {
3537 cp.authentication = conn->auth_type;
6fd6b915 3538
b16c6604 3539 /* Request MITM protection if our IO caps allow it
4ad51a75
JH		 3540 * except for the no-bonding case.
3541 * conn->auth_type is not updated here since
3542 * that might cause the user confirmation to be
3543 * rejected in case the remote doesn't have the
3544 * IO capabilities for MITM.
b16c6604 3545 */
6fd6b915 3546 if (conn->io_capability != HCI_IO_NO_INPUT_OUTPUT &&
b16c6604 3547 cp.authentication != HCI_AT_NO_BONDING)
6fd6b915 3548 cp.authentication |= 0x01;
b7f94c88
MA		 3549 } else {
3550 conn->auth_type = hci_get_auth_req(conn);
3551 cp.authentication = conn->auth_type;
3552 }
17fa4b9d 3553
8fc9ced3
GP		 3554 if (hci_find_remote_oob_data(hdev, &conn->dst) &&
3555 (conn->out || test_bit(HCI_CONN_REMOTE_OOB, &conn->flags)))
ce85ee13
SJ		 3556 cp.oob_data = 0x01;
3557 else
3558 cp.oob_data = 0x00;
3559
17fa4b9d 3560 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_REPLY,
807deac2 3561 sizeof(cp), &cp);
03b555e1
JH		 3562 } else {
3563 struct hci_cp_io_capability_neg_reply cp;
3564
3565 bacpy(&cp.bdaddr, &ev->bdaddr);
9f5a0d7b 3566 cp.reason = HCI_ERROR_PAIRING_NOT_ALLOWED;
0493684e 3567
03b555e1 3568 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_NEG_REPLY,
807deac2 3569 sizeof(cp), &cp);
03b555e1
JH		 3570 }
3571
3572unlock:
3573 hci_dev_unlock(hdev);
3574}
3575
6039aa73 3576static void hci_io_capa_reply_evt(struct hci_dev *hdev, struct sk_buff *skb)
03b555e1
JH		 3577{
3578 struct hci_ev_io_capa_reply *ev = (void *) skb->data;
3579 struct hci_conn *conn;
3580
3581 BT_DBG("%s", hdev->name);
3582
3583 hci_dev_lock(hdev);
3584
3585 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3586 if (!conn)
3587 goto unlock;
3588
03b555e1 3589 conn->remote_cap = ev->capability;
03b555e1 3590 conn->remote_auth = ev->authentication;
58a681ef
JH		 3591 if (ev->oob_data)
3592 set_bit(HCI_CONN_REMOTE_OOB, &conn->flags);
03b555e1
JH		 3593
3594unlock:
0493684e
MH		 3595 hci_dev_unlock(hdev);
3596}
3597
6039aa73
GP		 3598static void hci_user_confirm_request_evt(struct hci_dev *hdev,
3599 struct sk_buff *skb)
a5c29683
JH		 3600{
3601 struct hci_ev_user_confirm_req *ev = (void *) skb->data;
55bc1a37 3602 int loc_mitm, rem_mitm, confirm_hint = 0;
7a828908 3603 struct hci_conn *conn;
a5c29683
JH		 3604
3605 BT_DBG("%s", hdev->name);
3606
3607 hci_dev_lock(hdev);
3608
a8b2d5c2 3609 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
7a828908 3610 goto unlock;
a5c29683 3611
7a828908
JH		 3612 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3613 if (!conn)
3614 goto unlock;
3615
3616 loc_mitm = (conn->auth_type & 0x01);
3617 rem_mitm = (conn->remote_auth & 0x01);
3618
3619 /* If we require MITM but the remote device can't provide that
6fd6b915
MA		 3620 * (it has NoInputNoOutput) then reject the confirmation request
3621 */
3622 if (loc_mitm && conn->remote_cap == HCI_IO_NO_INPUT_OUTPUT) {
7a828908
JH		 3623 BT_DBG("Rejecting request: remote device can't provide MITM");
3624 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_NEG_REPLY,
807deac2 3625 sizeof(ev->bdaddr), &ev->bdaddr);
7a828908
JH		 3626 goto unlock;
3627 }
3628
3629 /* If no side requires MITM protection; auto-accept */
a767631a
MA		 3630 if ((!loc_mitm || conn->remote_cap == HCI_IO_NO_INPUT_OUTPUT) &&
3631 (!rem_mitm || conn->io_capability == HCI_IO_NO_INPUT_OUTPUT)) {
55bc1a37
JH		 3632
3633 /* If we're not the initiators request authorization to
3634 * proceed from user space (mgmt_user_confirm with
ba15a58b
JH		 3635 * confirm_hint set to 1). The exception is if neither
3636 * side had MITM in which case we do auto-accept.
3637 */
3638 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->flags) &&
3639 (loc_mitm || rem_mitm)) {
55bc1a37
JH		 3640 BT_DBG("Confirming auto-accept as acceptor");
3641 confirm_hint = 1;
3642 goto confirm;
3643 }
3644
9f61656a 3645 BT_DBG("Auto-accept of user confirmation with %ums delay",
807deac2 3646 hdev->auto_accept_delay);
9f61656a
JH		 3647
3648 if (hdev->auto_accept_delay > 0) {
3649 int delay = msecs_to_jiffies(hdev->auto_accept_delay);
7bc18d9d
JH		 3650 queue_delayed_work(conn->hdev->workqueue,
3651 &conn->auto_accept_work, delay);
9f61656a
JH		 3652 goto unlock;
3653 }
3654
7a828908 3655 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_REPLY,
807deac2 3656 sizeof(ev->bdaddr), &ev->bdaddr);
7a828908
JH		 3657 goto unlock;
3658 }
3659
55bc1a37 3660confirm:
39adbffe
JH		 3661 mgmt_user_confirm_request(hdev, &ev->bdaddr, ACL_LINK, 0,
3662 le32_to_cpu(ev->passkey), confirm_hint);
7a828908
JH		 3663
3664unlock:
a5c29683
JH		 3665 hci_dev_unlock(hdev);
3666}
3667
6039aa73
GP		 3668static void hci_user_passkey_request_evt(struct hci_dev *hdev,
3669 struct sk_buff *skb)
1143d458
BG		 3670{
3671 struct hci_ev_user_passkey_req *ev = (void *) skb->data;
3672
3673 BT_DBG("%s", hdev->name);
3674
a8b2d5c2 3675 if (test_bit(HCI_MGMT, &hdev->dev_flags))
272d90df 3676 mgmt_user_passkey_request(hdev, &ev->bdaddr, ACL_LINK, 0);
1143d458
BG		 3677}
3678
92a25256
JH		 3679static void hci_user_passkey_notify_evt(struct hci_dev *hdev,
3680 struct sk_buff *skb)
3681{
3682 struct hci_ev_user_passkey_notify *ev = (void *) skb->data;
3683 struct hci_conn *conn;
3684
3685 BT_DBG("%s", hdev->name);
3686
3687 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3688 if (!conn)
3689 return;
3690
3691 conn->passkey_notify = __le32_to_cpu(ev->passkey);
3692 conn->passkey_entered = 0;
3693
3694 if (test_bit(HCI_MGMT, &hdev->dev_flags))
3695 mgmt_user_passkey_notify(hdev, &conn->dst, conn->type,
3696 conn->dst_type, conn->passkey_notify,
3697 conn->passkey_entered);
3698}
3699
3700static void hci_keypress_notify_evt(struct hci_dev *hdev, struct sk_buff *skb)
3701{
3702 struct hci_ev_keypress_notify *ev = (void *) skb->data;
3703 struct hci_conn *conn;
3704
3705 BT_DBG("%s", hdev->name);
3706
3707 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3708 if (!conn)
3709 return;
3710
3711 switch (ev->type) {
3712 case HCI_KEYPRESS_STARTED:
3713 conn->passkey_entered = 0;
3714 return;
3715
3716 case HCI_KEYPRESS_ENTERED:
3717 conn->passkey_entered++;
3718 break;
3719
3720 case HCI_KEYPRESS_ERASED:
3721 conn->passkey_entered--;
3722 break;
3723
3724 case HCI_KEYPRESS_CLEARED:
3725 conn->passkey_entered = 0;
3726 break;
3727
3728 case HCI_KEYPRESS_COMPLETED:
3729 return;
3730 }
3731
3732 if (test_bit(HCI_MGMT, &hdev->dev_flags))
3733 mgmt_user_passkey_notify(hdev, &conn->dst, conn->type,
3734 conn->dst_type, conn->passkey_notify,
3735 conn->passkey_entered);
3736}
3737
6039aa73
GP		 3738static void hci_simple_pair_complete_evt(struct hci_dev *hdev,
3739 struct sk_buff *skb)
0493684e
MH		 3740{
3741 struct hci_ev_simple_pair_complete *ev = (void *) skb->data;
3742 struct hci_conn *conn;
3743
3744 BT_DBG("%s", hdev->name);
3745
3746 hci_dev_lock(hdev);
3747
3748 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2a611692
JH		 3749 if (!conn)
3750 goto unlock;
3751
3752 /* To avoid duplicate auth_failed events to user space we check
3753 * the HCI_CONN_AUTH_PEND flag which will be set if we
3754 * initiated the authentication. A traditional auth_complete
3755 * event gets always produced as initiator and is also mapped to
3756 * the mgmt_auth_failed event */
fa1bd918 3757 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->flags) && ev->status)
bab73cb6 3758 mgmt_auth_failed(hdev, &conn->dst, conn->type, conn->dst_type,
04124681 3759 ev->status);
0493684e 3760
76a68ba0 3761 hci_conn_drop(conn);
2a611692
JH		 3762
3763unlock:
0493684e
MH		 3764 hci_dev_unlock(hdev);
3765}
3766
6039aa73
GP		 3767static void hci_remote_host_features_evt(struct hci_dev *hdev,
3768 struct sk_buff *skb)
41a96212
MH		 3769{
3770 struct hci_ev_remote_host_features *ev = (void *) skb->data;
3771 struct inquiry_entry *ie;
cad718ed 3772 struct hci_conn *conn;
41a96212
MH		 3773
3774 BT_DBG("%s", hdev->name);
3775
3776 hci_dev_lock(hdev);
3777
cad718ed
JH		 3778 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3779 if (conn)
3780 memcpy(conn->features[1], ev->features, 8);
3781
cc11b9c1
AE		 3782 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
3783 if (ie)
02b7cc62 3784 ie->data.ssp_mode = (ev->features[0] & LMP_HOST_SSP);
41a96212
MH		 3785
3786 hci_dev_unlock(hdev);
3787}
3788
6039aa73
GP		 3789static void hci_remote_oob_data_request_evt(struct hci_dev *hdev,
3790 struct sk_buff *skb)
2763eda6
SJ		 3791{
3792 struct hci_ev_remote_oob_data_request *ev = (void *) skb->data;
3793 struct oob_data *data;
3794
3795 BT_DBG("%s", hdev->name);
3796
3797 hci_dev_lock(hdev);
3798
a8b2d5c2 3799 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
e1ba1f15
SJ		 3800 goto unlock;
3801
2763eda6
SJ		 3802 data = hci_find_remote_oob_data(hdev, &ev->bdaddr);
3803 if (data) {
519ca9d0
MH		 3804 if (test_bit(HCI_SC_ENABLED, &hdev->dev_flags)) {
3805 struct hci_cp_remote_oob_ext_data_reply cp;
2763eda6 3806
519ca9d0
MH		 3807 bacpy(&cp.bdaddr, &ev->bdaddr);
3808 memcpy(cp.hash192, data->hash192, sizeof(cp.hash192));
3809 memcpy(cp.randomizer192, data->randomizer192,
3810 sizeof(cp.randomizer192));
3811 memcpy(cp.hash256, data->hash256, sizeof(cp.hash256));
3812 memcpy(cp.randomizer256, data->randomizer256,
3813 sizeof(cp.randomizer256));
3814
3815 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_EXT_DATA_REPLY,
3816 sizeof(cp), &cp);
3817 } else {
3818 struct hci_cp_remote_oob_data_reply cp;
2763eda6 3819
519ca9d0
MH		 3820 bacpy(&cp.bdaddr, &ev->bdaddr);
3821 memcpy(cp.hash, data->hash192, sizeof(cp.hash));
3822 memcpy(cp.randomizer, data->randomizer192,
3823 sizeof(cp.randomizer));
3824
3825 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_REPLY,
3826 sizeof(cp), &cp);
3827 }
2763eda6
SJ		 3828 } else {
3829 struct hci_cp_remote_oob_data_neg_reply cp;
3830
3831 bacpy(&cp.bdaddr, &ev->bdaddr);
519ca9d0
MH		 3832 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_NEG_REPLY,
3833 sizeof(cp), &cp);
2763eda6
SJ		 3834 }
3835
e1ba1f15 3836unlock:
2763eda6
SJ		 3837 hci_dev_unlock(hdev);
3838}
3839
d5e91192
AE		 3840static void hci_phy_link_complete_evt(struct hci_dev *hdev,
3841 struct sk_buff *skb)
3842{
3843 struct hci_ev_phy_link_complete *ev = (void *) skb->data;
3844 struct hci_conn *hcon, *bredr_hcon;
3845
3846 BT_DBG("%s handle 0x%2.2x status 0x%2.2x", hdev->name, ev->phy_handle,
3847 ev->status);
3848
3849 hci_dev_lock(hdev);
3850
3851 hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
3852 if (!hcon) {
3853 hci_dev_unlock(hdev);
3854 return;
3855 }
3856
3857 if (ev->status) {
3858 hci_conn_del(hcon);
3859 hci_dev_unlock(hdev);
3860 return;
3861 }
3862
3863 bredr_hcon = hcon->amp_mgr->l2cap_conn->hcon;
3864
3865 hcon->state = BT_CONNECTED;
3866 bacpy(&hcon->dst, &bredr_hcon->dst);
3867
3868 hci_conn_hold(hcon);
3869 hcon->disc_timeout = HCI_DISCONN_TIMEOUT;
76a68ba0 3870 hci_conn_drop(hcon);
d5e91192 3871
d5e91192
AE		 3872 hci_conn_add_sysfs(hcon);
3873
cf70ff22 3874 amp_physical_cfm(bredr_hcon, hcon);
d5e91192 3875
cf70ff22 3876 hci_dev_unlock(hdev);
d5e91192
AE		 3877}
3878
27695fb4
AE		 3879static void hci_loglink_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
3880{
3881 struct hci_ev_logical_link_complete *ev = (void *) skb->data;
3882 struct hci_conn *hcon;
3883 struct hci_chan *hchan;
3884 struct amp_mgr *mgr;
3885
3886 BT_DBG("%s log_handle 0x%4.4x phy_handle 0x%2.2x status 0x%2.2x",
3887 hdev->name, le16_to_cpu(ev->handle), ev->phy_handle,
3888 ev->status);
3889
3890 hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
3891 if (!hcon)
3892 return;
3893
3894 /* Create AMP hchan */
3895 hchan = hci_chan_create(hcon);
3896 if (!hchan)
3897 return;
3898
3899 hchan->handle = le16_to_cpu(ev->handle);
3900
3901 BT_DBG("hcon %p mgr %p hchan %p", hcon, hcon->amp_mgr, hchan);
3902
3903 mgr = hcon->amp_mgr;
3904 if (mgr && mgr->bredr_chan) {
3905 struct l2cap_chan *bredr_chan = mgr->bredr_chan;
3906
3907 l2cap_chan_lock(bredr_chan);
3908
3909 bredr_chan->conn->mtu = hdev->block_mtu;
3910 l2cap_logical_cfm(bredr_chan, hchan, 0);
3911 hci_conn_hold(hcon);
3912
3913 l2cap_chan_unlock(bredr_chan);
3914 }
3915}
3916
606e2a10
AE		 3917static void hci_disconn_loglink_complete_evt(struct hci_dev *hdev,
3918 struct sk_buff *skb)
3919{
3920 struct hci_ev_disconn_logical_link_complete *ev = (void *) skb->data;
3921 struct hci_chan *hchan;
3922
3923 BT_DBG("%s log handle 0x%4.4x status 0x%2.2x", hdev->name,
3924 le16_to_cpu(ev->handle), ev->status);
3925
3926 if (ev->status)
3927 return;
3928
3929 hci_dev_lock(hdev);
3930
3931 hchan = hci_chan_lookup_handle(hdev, le16_to_cpu(ev->handle));
3932 if (!hchan)
3933 goto unlock;
3934
3935 amp_destroy_logical_link(hchan, ev->reason);
3936
3937unlock:
3938 hci_dev_unlock(hdev);
3939}
3940
9eef6b3a
AE		 3941static void hci_disconn_phylink_complete_evt(struct hci_dev *hdev,
3942 struct sk_buff *skb)
3943{
3944 struct hci_ev_disconn_phy_link_complete *ev = (void *) skb->data;
3945 struct hci_conn *hcon;
3946
3947 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
3948
3949 if (ev->status)
3950 return;
3951
3952 hci_dev_lock(hdev);
3953
3954 hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
3955 if (hcon) {
3956 hcon->state = BT_CLOSED;
3957 hci_conn_del(hcon);
3958 }
3959
3960 hci_dev_unlock(hdev);
3961}
3962
6039aa73 3963static void hci_le_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
fcd89c09
VT		 3964{
3965 struct hci_ev_le_conn_complete *ev = (void *) skb->data;
3966 struct hci_conn *conn;
68d6f6de 3967 struct smp_irk *irk;
fcd89c09 3968
9f1db00c 3969 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
fcd89c09
VT		 3970
3971 hci_dev_lock(hdev);
3972
b47a09b3 3973 conn = hci_conn_hash_lookup_state(hdev, LE_LINK, BT_CONNECT);
b62f328b
VT		 3974 if (!conn) {
3975 conn = hci_conn_add(hdev, LE_LINK, &ev->bdaddr);
3976 if (!conn) {
3977 BT_ERR("No memory for new connection");
230fd16a 3978 goto unlock;
b62f328b 3979 }
29b7988a
AG		 3980
3981 conn->dst_type = ev->bdaddr_type;
b9b343d2
AG		 3982
3983 if (ev->role == LE_CONN_ROLE_MASTER) {
3984 conn->out = true;
3985 conn->link_mode |= HCI_LM_MASTER;
3986 }
cb1d68f7
JH		 3987
3988 /* If we didn't have a hci_conn object previously
3989 * but we're in master role this must be something
3990 * initiated using a white list. Since white list based
3991 * connections are not "first class citizens" we don't
3992 * have full tracking of them. Therefore, we go ahead
3993 * with a "best effort" approach of determining the
3994 * initiator address based on the HCI_PRIVACY flag.
3995 */
3996 if (conn->out) {
3997 conn->resp_addr_type = ev->bdaddr_type;
3998 bacpy(&conn->resp_addr, &ev->bdaddr);
3999 if (test_bit(HCI_PRIVACY, &hdev->dev_flags)) {
4000 conn->init_addr_type = ADDR_LE_DEV_RANDOM;
4001 bacpy(&conn->init_addr, &hdev->rpa);
4002 } else {
4003 hci_copy_identity_address(hdev,
4004 &conn->init_addr,
4005 &conn->init_addr_type);
4006 }
cb1d68f7 4007 }
9489eca4
JH		 4008 } else {
4009 cancel_delayed_work(&conn->le_conn_timeout);
b62f328b 4010 }
fcd89c09 4011
80c24ab8
JH		 4012 if (!conn->out) {
4013 /* Set the responder (our side) address type based on
4014 * the advertising address type.
4015 */
4016 conn->resp_addr_type = hdev->adv_addr_type;
4017 if (hdev->adv_addr_type == ADDR_LE_DEV_RANDOM)
4018 bacpy(&conn->resp_addr, &hdev->random_addr);
4019 else
4020 bacpy(&conn->resp_addr, &hdev->bdaddr);
4021
4022 conn->init_addr_type = ev->bdaddr_type;
4023 bacpy(&conn->init_addr, &ev->bdaddr);
4024 }
7be2edbb 4025
edb4b466
MH		 4026 /* Lookup the identity address from the stored connection
4027 * address and address type.
4028 *
4029 * When establishing connections to an identity address, the
4030 * connection procedure will store the resolvable random
4031 * address first. Now if it can be converted back into the
4032 * identity address, start using the identity address from
4033 * now on.
4034 */
4035 irk = hci_get_irk(hdev, &conn->dst, conn->dst_type);
68d6f6de
JH		 4036 if (irk) {
4037 bacpy(&conn->dst, &irk->bdaddr);
4038 conn->dst_type = irk->addr_type;
4039 }
4040
cd17decb 4041 if (ev->status) {
06c053fb 4042 hci_le_conn_failed(conn, ev->status);
cd17decb
AG		 4043 goto unlock;
4044 }
4045
b644ba33 4046 if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
01fdb0fc 4047 mgmt_device_connected(hdev, &conn->dst, conn->type,
04124681 4048 conn->dst_type, 0, NULL, 0, NULL);
83bc71b4 4049
7b5c0d52 4050 conn->sec_level = BT_SECURITY_LOW;
fcd89c09
VT		 4051 conn->handle = __le16_to_cpu(ev->handle);
4052 conn->state = BT_CONNECTED;
4053
18722c24
JR		 4054 if (test_bit(HCI_6LOWPAN_ENABLED, &hdev->dev_flags))
4055 set_bit(HCI_CONN_6LOWPAN, &conn->flags);
4056
fcd89c09
VT		 4057 hci_conn_add_sysfs(conn);
4058
4059 hci_proto_connect_cfm(conn, ev->status);
4060
a4790dbd
AG		 4061 hci_pend_le_conn_del(hdev, &conn->dst, conn->dst_type);
4062
fcd89c09
VT		 4063unlock:
4064 hci_dev_unlock(hdev);
4065}
4066
a4790dbd
AG		 4067/* This function requires the caller holds hdev->lock */
4068static void check_pending_le_conn(struct hci_dev *hdev, bdaddr_t *addr,
4069 u8 addr_type)
4070{
4071 struct hci_conn *conn;
5b906a84
AG		 4072 struct smp_irk *irk;
4073
4074 /* If this is a resolvable address, we should resolve it and then
4075 * update address and address type variables.
4076 */
4077 irk = hci_get_irk(hdev, addr, addr_type);
4078 if (irk) {
4079 addr = &irk->bdaddr;
4080 addr_type = irk->addr_type;
4081 }
a4790dbd
AG		 4082
4083 if (!hci_pend_le_conn_lookup(hdev, addr, addr_type))
4084 return;
4085
4086 conn = hci_connect_le(hdev, addr, addr_type, BT_SECURITY_LOW,
4087 HCI_AT_NO_BONDING);
4088 if (!IS_ERR(conn))
4089 return;
4090
4091 switch (PTR_ERR(conn)) {
4092 case -EBUSY:
4093 /* If hci_connect() returns -EBUSY it means there is already
4094 * an LE connection attempt going on. Since controllers don't
4095 * support more than one connection attempt at the time, we
4096 * don't consider this an error case.
4097 */
4098 break;
4099 default:
4100 BT_DBG("Failed to connect: err %ld", PTR_ERR(conn));
4101 }
4102}
4103
4af605d8
JH		 4104static void process_adv_report(struct hci_dev *hdev, u8 type, bdaddr_t *bdaddr,
4105 u8 bdaddr_type, s8 rssi, u8 *data, u8 len)
4106{
b9a6328f 4107 struct discovery_state *d = &hdev->discovery;
474ee066 4108 bool match;
b9a6328f 4109
ca5c4be7
JH		 4110 /* Passive scanning shouldn't trigger any device found events */
4111 if (hdev->le_scan_type == LE_SCAN_PASSIVE) {
4112 if (type == LE_ADV_IND || type == LE_ADV_DIRECT_IND)
4113 check_pending_le_conn(hdev, bdaddr, bdaddr_type);
4114 return;
4115 }
4af605d8 4116
b9a6328f
JH		 4117 /* If there's nothing pending either store the data from this
4118 * event or send an immediate device found event if the data
4119 * should not be stored for later.
4120 */
4121 if (!has_pending_adv_report(hdev)) {
4122 /* If the report will trigger a SCAN_REQ store it for
4123 * later merging.
4124 */
4125 if (type == LE_ADV_IND || type == LE_ADV_SCAN_IND) {
4126 store_pending_adv_report(hdev, bdaddr, bdaddr_type,
ff5cd29f 4127 rssi, data, len);
b9a6328f
JH		 4128 return;
4129 }
4130
4131 mgmt_device_found(hdev, bdaddr, LE_LINK, bdaddr_type, NULL,
4132 rssi, 0, 1, data, len, NULL, 0);
4133 return;
4134 }
4135
474ee066
JH		 4136 /* Check if the pending report is for the same device as the new one */
4137 match = (!bacmp(bdaddr, &d->last_adv_addr) &&
4138 bdaddr_type == d->last_adv_addr_type);
4139
b9a6328f
JH		 4140 /* If the pending data doesn't match this report or this isn't a
4141 * scan response (e.g. we got a duplicate ADV_IND) then force
4142 * sending of the pending data.
4143 */
474ee066
JH		 4144 if (type != LE_ADV_SCAN_RSP || !match) {
4145 /* Send out whatever is in the cache, but skip duplicates */
4146 if (!match)
4147 mgmt_device_found(hdev, &d->last_adv_addr, LE_LINK,
ff5cd29f
JH		 4148 d->last_adv_addr_type, NULL,
4149 d->last_adv_rssi, 0, 1,
4150 d->last_adv_data,
474ee066 4151 d->last_adv_data_len, NULL, 0);
b9a6328f
JH		 4152
4153 /* If the new report will trigger a SCAN_REQ store it for
4154 * later merging.
4155 */
4156 if (type == LE_ADV_IND || type == LE_ADV_SCAN_IND) {
4157 store_pending_adv_report(hdev, bdaddr, bdaddr_type,
ff5cd29f 4158 rssi, data, len);
b9a6328f
JH		 4159 return;
4160 }
4161
4162 /* The advertising reports cannot be merged, so clear
4163 * the pending report and send out a device found event.
4164 */
4165 clear_pending_adv_report(hdev);
5c5b93e4
JH		 4166 mgmt_device_found(hdev, bdaddr, LE_LINK, bdaddr_type, NULL,
4167 rssi, 0, 1, data, len, NULL, 0);
b9a6328f
JH		 4168 return;
4169 }
4170
4171 /* If we get here we've got a pending ADV_IND or ADV_SCAN_IND and
4172 * the new event is a SCAN_RSP. We can therefore proceed with
4173 * sending a merged device found event.
4174 */
4175 mgmt_device_found(hdev, &d->last_adv_addr, LE_LINK,
4176 d->last_adv_addr_type, NULL, rssi, 0, 1, data, len,
4177 d->last_adv_data, d->last_adv_data_len);
4178 clear_pending_adv_report(hdev);
4af605d8
JH		 4179}
4180
6039aa73 4181static void hci_le_adv_report_evt(struct hci_dev *hdev, struct sk_buff *skb)
9aa04c91 4182{
e95beb41
AG		 4183 u8 num_reports = skb->data[0];
4184 void *ptr = &skb->data[1];
9aa04c91 4185
a4790dbd
AG		 4186 hci_dev_lock(hdev);
4187
e95beb41
AG		 4188 while (num_reports--) {
4189 struct hci_ev_le_advertising_info *ev = ptr;
4af605d8 4190 s8 rssi;
a4790dbd 4191
3c9e9195 4192 rssi = ev->data[ev->length];
4af605d8
JH		 4193 process_adv_report(hdev, ev->evt_type, &ev->bdaddr,
4194 ev->bdaddr_type, rssi, ev->data, ev->length);
3c9e9195 4195
e95beb41 4196 ptr += sizeof(*ev) + ev->length + 1;
9aa04c91 4197 }
a4790dbd
AG		 4198
4199 hci_dev_unlock(hdev);
9aa04c91
AG		 4200}
4201
6039aa73 4202static void hci_le_ltk_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
a7a595f6
VCG		 4203{
4204 struct hci_ev_le_ltk_req *ev = (void *) skb->data;
4205 struct hci_cp_le_ltk_reply cp;
bea710fe 4206 struct hci_cp_le_ltk_neg_reply neg;
a7a595f6 4207 struct hci_conn *conn;
c9839a11 4208 struct smp_ltk *ltk;
a7a595f6 4209
9f1db00c 4210 BT_DBG("%s handle 0x%4.4x", hdev->name, __le16_to_cpu(ev->handle));
a7a595f6
VCG		 4211
4212 hci_dev_lock(hdev);
4213
4214 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
bea710fe
VCG		 4215 if (conn == NULL)
4216 goto not_found;
a7a595f6 4217
fe39c7b2 4218 ltk = hci_find_ltk(hdev, ev->ediv, ev->rand, conn->out);
bea710fe
VCG		 4219 if (ltk == NULL)
4220 goto not_found;
4221
4222 memcpy(cp.ltk, ltk->val, sizeof(ltk->val));
a7a595f6 4223 cp.handle = cpu_to_le16(conn->handle);
c9839a11
VCG		 4224
4225 if (ltk->authenticated)
f8776218
AG		 4226 conn->pending_sec_level = BT_SECURITY_HIGH;
4227 else
4228 conn->pending_sec_level = BT_SECURITY_MEDIUM;
a7a595f6 4229
89cbb4da 4230 conn->enc_key_size = ltk->enc_size;
a7a595f6
VCG		 4231
4232 hci_send_cmd(hdev, HCI_OP_LE_LTK_REPLY, sizeof(cp), &cp);
4233
5981a882
CT		 4234 /* Ref. Bluetooth Core SPEC pages 1975 and 2004. STK is a
4235 * temporary key used to encrypt a connection following
4236 * pairing. It is used during the Encrypted Session Setup to
4237 * distribute the keys. Later, security can be re-established
4238 * using a distributed LTK.
4239 */
4240 if (ltk->type == HCI_SMP_STK_SLAVE) {
c9839a11
VCG		 4241 list_del(&ltk->list);
4242 kfree(ltk);
4243 }
4244
a7a595f6 4245 hci_dev_unlock(hdev);
bea710fe
VCG		 4246
4247 return;
4248
4249not_found:
4250 neg.handle = ev->handle;
4251 hci_send_cmd(hdev, HCI_OP_LE_LTK_NEG_REPLY, sizeof(neg), &neg);
4252 hci_dev_unlock(hdev);
a7a595f6
VCG		 4253}
4254
6039aa73 4255static void hci_le_meta_evt(struct hci_dev *hdev, struct sk_buff *skb)
fcd89c09
VT		 4256{
4257 struct hci_ev_le_meta *le_ev = (void *) skb->data;
4258
4259 skb_pull(skb, sizeof(*le_ev));
4260
4261 switch (le_ev->subevent) {
4262 case HCI_EV_LE_CONN_COMPLETE:
4263 hci_le_conn_complete_evt(hdev, skb);
4264 break;
4265
9aa04c91
AG		 4266 case HCI_EV_LE_ADVERTISING_REPORT:
4267 hci_le_adv_report_evt(hdev, skb);
4268 break;
4269
a7a595f6
VCG		 4270 case HCI_EV_LE_LTK_REQ:
4271 hci_le_ltk_request_evt(hdev, skb);
4272 break;
4273
fcd89c09
VT		 4274 default:
4275 break;
4276 }
4277}
4278
9495b2ee
AE		 4279static void hci_chan_selected_evt(struct hci_dev *hdev, struct sk_buff *skb)
4280{
4281 struct hci_ev_channel_selected *ev = (void *) skb->data;
4282 struct hci_conn *hcon;
4283
4284 BT_DBG("%s handle 0x%2.2x", hdev->name, ev->phy_handle);
4285
4286 skb_pull(skb, sizeof(*ev));
4287
4288 hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
4289 if (!hcon)
4290 return;
4291
4292 amp_read_loc_assoc_final_data(hdev, hcon);
4293}
4294
a9de9248
MH		 4295void hci_event_packet(struct hci_dev *hdev, struct sk_buff *skb)
4296{
4297 struct hci_event_hdr *hdr = (void *) skb->data;
4298 __u8 event = hdr->evt;
4299
b6ddb638
JH		 4300 hci_dev_lock(hdev);
4301
4302 /* Received events are (currently) only needed when a request is
4303 * ongoing so avoid unnecessary memory allocation.
4304 */
4305 if (hdev->req_status == HCI_REQ_PEND) {
4306 kfree_skb(hdev->recv_evt);
4307 hdev->recv_evt = skb_clone(skb, GFP_KERNEL);
4308 }
4309
4310 hci_dev_unlock(hdev);
4311
a9de9248
MH		 4312 skb_pull(skb, HCI_EVENT_HDR_SIZE);
4313
02350a72 4314 if (hdev->sent_cmd && bt_cb(hdev->sent_cmd)->req.event == event) {
c1f23a2b
JB		 4315 struct hci_command_hdr *cmd_hdr = (void *) hdev->sent_cmd->data;
4316 u16 opcode = __le16_to_cpu(cmd_hdr->opcode);
02350a72
JH		 4317
4318 hci_req_cmd_complete(hdev, opcode, 0);
4319 }
4320
a9de9248 4321 switch (event) {
1da177e4
LT		 4322 case HCI_EV_INQUIRY_COMPLETE:
4323 hci_inquiry_complete_evt(hdev, skb);
4324 break;
4325
4326 case HCI_EV_INQUIRY_RESULT:
4327 hci_inquiry_result_evt(hdev, skb);
4328 break;
4329
a9de9248
MH		 4330 case HCI_EV_CONN_COMPLETE:
4331 hci_conn_complete_evt(hdev, skb);
21d9e30e
MH		 4332 break;
4333
1da177e4
LT		 4334 case HCI_EV_CONN_REQUEST:
4335 hci_conn_request_evt(hdev, skb);
4336 break;
4337
1da177e4
LT		 4338 case HCI_EV_DISCONN_COMPLETE:
4339 hci_disconn_complete_evt(hdev, skb);
4340 break;
4341
1da177e4
LT		 4342 case HCI_EV_AUTH_COMPLETE:
4343 hci_auth_complete_evt(hdev, skb);
4344 break;
4345
a9de9248
MH		 4346 case HCI_EV_REMOTE_NAME:
4347 hci_remote_name_evt(hdev, skb);
4348 break;
4349
1da177e4
LT		 4350 case HCI_EV_ENCRYPT_CHANGE:
4351 hci_encrypt_change_evt(hdev, skb);
4352 break;
4353
a9de9248
MH		 4354 case HCI_EV_CHANGE_LINK_KEY_COMPLETE:
4355 hci_change_link_key_complete_evt(hdev, skb);
4356 break;
4357
4358 case HCI_EV_REMOTE_FEATURES:
4359 hci_remote_features_evt(hdev, skb);
4360 break;
4361
a9de9248
MH		 4362 case HCI_EV_CMD_COMPLETE:
4363 hci_cmd_complete_evt(hdev, skb);
4364 break;
4365
4366 case HCI_EV_CMD_STATUS:
4367 hci_cmd_status_evt(hdev, skb);
4368 break;
4369
4370 case HCI_EV_ROLE_CHANGE:
4371 hci_role_change_evt(hdev, skb);
4372 break;
4373
4374 case HCI_EV_NUM_COMP_PKTS:
4375 hci_num_comp_pkts_evt(hdev, skb);
4376 break;
4377
4378 case HCI_EV_MODE_CHANGE:
4379 hci_mode_change_evt(hdev, skb);
1da177e4
LT		 4380 break;
4381
4382 case HCI_EV_PIN_CODE_REQ:
4383 hci_pin_code_request_evt(hdev, skb);
4384 break;
4385
4386 case HCI_EV_LINK_KEY_REQ:
4387 hci_link_key_request_evt(hdev, skb);
4388 break;
4389
4390 case HCI_EV_LINK_KEY_NOTIFY:
4391 hci_link_key_notify_evt(hdev, skb);
4392 break;
4393
4394 case HCI_EV_CLOCK_OFFSET:
4395 hci_clock_offset_evt(hdev, skb);
4396 break;
4397
a8746417
MH		 4398 case HCI_EV_PKT_TYPE_CHANGE:
4399 hci_pkt_type_change_evt(hdev, skb);
4400 break;
4401
85a1e930
MH		 4402 case HCI_EV_PSCAN_REP_MODE:
4403 hci_pscan_rep_mode_evt(hdev, skb);
4404 break;
4405
a9de9248
MH		 4406 case HCI_EV_INQUIRY_RESULT_WITH_RSSI:
4407 hci_inquiry_result_with_rssi_evt(hdev, skb);
04837f64
MH		 4408 break;
4409
a9de9248
MH		 4410 case HCI_EV_REMOTE_EXT_FEATURES:
4411 hci_remote_ext_features_evt(hdev, skb);
1da177e4
LT		 4412 break;
4413
a9de9248
MH		 4414 case HCI_EV_SYNC_CONN_COMPLETE:
4415 hci_sync_conn_complete_evt(hdev, skb);
4416 break;
1da177e4 4417
a9de9248
MH		 4418 case HCI_EV_EXTENDED_INQUIRY_RESULT:
4419 hci_extended_inquiry_result_evt(hdev, skb);
4420 break;
1da177e4 4421
1c2e0041
JH		 4422 case HCI_EV_KEY_REFRESH_COMPLETE:
4423 hci_key_refresh_complete_evt(hdev, skb);
4424 break;
4425
0493684e
MH		 4426 case HCI_EV_IO_CAPA_REQUEST:
4427 hci_io_capa_request_evt(hdev, skb);
4428 break;
4429
03b555e1
JH		 4430 case HCI_EV_IO_CAPA_REPLY:
4431 hci_io_capa_reply_evt(hdev, skb);
4432 break;
4433
a5c29683
JH		 4434 case HCI_EV_USER_CONFIRM_REQUEST:
4435 hci_user_confirm_request_evt(hdev, skb);
4436 break;
4437
1143d458
BG		 4438 case HCI_EV_USER_PASSKEY_REQUEST:
4439 hci_user_passkey_request_evt(hdev, skb);
4440 break;
4441
92a25256
JH		 4442 case HCI_EV_USER_PASSKEY_NOTIFY:
4443 hci_user_passkey_notify_evt(hdev, skb);
4444 break;
4445
4446 case HCI_EV_KEYPRESS_NOTIFY:
4447 hci_keypress_notify_evt(hdev, skb);
4448 break;
4449
0493684e
MH		 4450 case HCI_EV_SIMPLE_PAIR_COMPLETE:
4451 hci_simple_pair_complete_evt(hdev, skb);
4452 break;
4453
41a96212
MH		 4454 case HCI_EV_REMOTE_HOST_FEATURES:
4455 hci_remote_host_features_evt(hdev, skb);
4456 break;
4457
fcd89c09
VT		 4458 case HCI_EV_LE_META:
4459 hci_le_meta_evt(hdev, skb);
4460 break;
4461
9495b2ee
AE		 4462 case HCI_EV_CHANNEL_SELECTED:
4463 hci_chan_selected_evt(hdev, skb);
4464 break;
4465
2763eda6
SJ		 4466 case HCI_EV_REMOTE_OOB_DATA_REQUEST:
4467 hci_remote_oob_data_request_evt(hdev, skb);
4468 break;
4469
d5e91192
AE		 4470 case HCI_EV_PHY_LINK_COMPLETE:
4471 hci_phy_link_complete_evt(hdev, skb);
4472 break;
4473
27695fb4
AE		 4474 case HCI_EV_LOGICAL_LINK_COMPLETE:
4475 hci_loglink_complete_evt(hdev, skb);
4476 break;
4477
606e2a10
AE		 4478 case HCI_EV_DISCONN_LOGICAL_LINK_COMPLETE:
4479 hci_disconn_loglink_complete_evt(hdev, skb);
4480 break;
4481
9eef6b3a
AE		 4482 case HCI_EV_DISCONN_PHY_LINK_COMPLETE:
4483 hci_disconn_phylink_complete_evt(hdev, skb);
4484 break;
4485
25e89e99
AE		 4486 case HCI_EV_NUM_COMP_BLOCKS:
4487 hci_num_comp_blocks_evt(hdev, skb);
4488 break;
4489
a9de9248 4490 default:
9f1db00c 4491 BT_DBG("%s event 0x%2.2x", hdev->name, event);
1da177e4
LT		 4492 break;
4493 }
4494
4495 kfree_skb(skb);
4496 hdev->stat.evt_rx++;
4497}
Linux kernel - Deliverables
This page took 0.97561 seconds and 5 git commands to generate.