projects / linux-2.6-block.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
dt-bindings: net: bluetooth: realtek: Fix uart-has-rtscts example
[linux-2.6-block.git] / net / bluetooth / hci_event.c
CommitLineData
8e87d142 1/*
1da177e4 2 BlueZ - Bluetooth protocol stack for Linux
2d0a0346 3 Copyright (c) 2000-2001, 2010, Code Aurora Forum. All rights reserved.
1da177e4
LT		 4
5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
8e87d142
YH		 15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
1da177e4
LT		 18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
8e87d142
YH		 20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
1da177e4
LT		 22 SOFTWARE IS DISCLAIMED.
23*/
24
25/* Bluetooth HCI event handling. */
26
1da177e4
LT		 27#include <asm/unaligned.h>
28
29#include <net/bluetooth/bluetooth.h>
30#include <net/bluetooth/hci_core.h>
f0d6a0ea 31#include <net/bluetooth/mgmt.h>
7ef9fbf0 32
0857dd3b 33#include "hci_request.h"
23b9ceb7 34#include "hci_debugfs.h"
7024728e 35#include "a2mp.h"
7ef9fbf0 36#include "amp.h"
2ceba539 37#include "smp.h"
145373cb 38#include "msft.h"
1da177e4 39
aa5b0345
MH		 40#define ZERO_KEY "\x00\x00\x00\x00\x00\x00\x00\x00" \
41 "\x00\x00\x00\x00\x00\x00\x00\x00"
42
1da177e4
LT		 43/* Handle HCI Event packets */
44
adf1d692
SS		 45static void hci_cc_inquiry_cancel(struct hci_dev *hdev, struct sk_buff *skb,
46 u8 *new_status)
1da177e4 47{
a9de9248 48 __u8 status = *((__u8 *) skb->data);
1da177e4 49
9f1db00c 50 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1da177e4 51
adf1d692
SS		 52 /* It is possible that we receive Inquiry Complete event right
53 * before we receive Inquiry Cancel Command Complete event, in
54 * which case the latter event should have status of Command
55 * Disallowed (0x0c). This should not be treated as error, since
56 * we actually achieve what Inquiry Cancel wants to achieve,
57 * which is to end the last Inquiry session.
58 */
59 if (status == 0x0c && !test_bit(HCI_INQUIRY, &hdev->flags)) {
60 bt_dev_warn(hdev, "Ignoring error of Inquiry Cancel command");
61 status = 0x00;
62 }
63
64 *new_status = status;
65
82f4785c 66 if (status)
a9de9248 67 return;
1da177e4 68
89352e7d 69 clear_bit(HCI_INQUIRY, &hdev->flags);
4e857c58 70 smp_mb__after_atomic(); /* wake_up_bit advises about this barrier */
3e13fa1e 71 wake_up_bit(&hdev->flags, HCI_INQUIRY);
89352e7d 72
50143a43 73 hci_dev_lock(hdev);
168b8a25
JP		 74 /* Set discovery state to stopped if we're not doing LE active
75 * scanning.
76 */
77 if (!hci_dev_test_flag(hdev, HCI_LE_SCAN) ||
78 hdev->le_scan_type != LE_SCAN_ACTIVE)
79 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
50143a43
JH		 80 hci_dev_unlock(hdev);
81
a9de9248
MH		 82 hci_conn_check_pending(hdev);
83}
6bd57416 84
4d93483b
AG		 85static void hci_cc_periodic_inq(struct hci_dev *hdev, struct sk_buff *skb)
86{
87 __u8 status = *((__u8 *) skb->data);
88
9f1db00c 89 BT_DBG("%s status 0x%2.2x", hdev->name, status);
ae854a70
AG		 90
91 if (status)
92 return;
93
a1536da2 94 hci_dev_set_flag(hdev, HCI_PERIODIC_INQ);
4d93483b
AG		 95}
96
a9de9248
MH		 97static void hci_cc_exit_periodic_inq(struct hci_dev *hdev, struct sk_buff *skb)
98{
99 __u8 status = *((__u8 *) skb->data);
6bd57416 100
9f1db00c 101 BT_DBG("%s status 0x%2.2x", hdev->name, status);
6bd57416 102
a9de9248
MH		 103 if (status)
104 return;
1da177e4 105
a358dc11 106 hci_dev_clear_flag(hdev, HCI_PERIODIC_INQ);
ae854a70 107
a9de9248
MH		 108 hci_conn_check_pending(hdev);
109}
110
807deac2
GP		 111static void hci_cc_remote_name_req_cancel(struct hci_dev *hdev,
112 struct sk_buff *skb)
a9de9248
MH		 113{
114 BT_DBG("%s", hdev->name);
115}
116
117static void hci_cc_role_discovery(struct hci_dev *hdev, struct sk_buff *skb)
118{
119 struct hci_rp_role_discovery *rp = (void *) skb->data;
120 struct hci_conn *conn;
121
9f1db00c 122 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
a9de9248
MH		 123
124 if (rp->status)
125 return;
126
127 hci_dev_lock(hdev);
128
129 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
40bef302
JH		 130 if (conn)
131 conn->role = rp->role;
a9de9248
MH		 132
133 hci_dev_unlock(hdev);
1da177e4
LT		 134}
135
e4e8e37c
MH		 136static void hci_cc_read_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
137{
138 struct hci_rp_read_link_policy *rp = (void *) skb->data;
139 struct hci_conn *conn;
140
9f1db00c 141 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
e4e8e37c
MH		 142
143 if (rp->status)
144 return;
145
146 hci_dev_lock(hdev);
147
148 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
149 if (conn)
150 conn->link_policy = __le16_to_cpu(rp->policy);
151
152 hci_dev_unlock(hdev);
153}
154
a9de9248 155static void hci_cc_write_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 156{
a9de9248 157 struct hci_rp_write_link_policy *rp = (void *) skb->data;
1da177e4 158 struct hci_conn *conn;
04837f64 159 void *sent;
1da177e4 160
9f1db00c 161 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1da177e4 162
a9de9248
MH		 163 if (rp->status)
164 return;
1da177e4 165
a9de9248
MH		 166 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LINK_POLICY);
167 if (!sent)
168 return;
1da177e4 169
a9de9248 170 hci_dev_lock(hdev);
1da177e4 171
a9de9248 172 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
e4e8e37c 173 if (conn)
83985319 174 conn->link_policy = get_unaligned_le16(sent + 2);
1da177e4 175
a9de9248
MH		 176 hci_dev_unlock(hdev);
177}
1da177e4 178
807deac2
GP		 179static void hci_cc_read_def_link_policy(struct hci_dev *hdev,
180 struct sk_buff *skb)
e4e8e37c
MH		 181{
182 struct hci_rp_read_def_link_policy *rp = (void *) skb->data;
183
9f1db00c 184 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
e4e8e37c
MH		 185
186 if (rp->status)
187 return;
188
189 hdev->link_policy = __le16_to_cpu(rp->policy);
190}
191
807deac2
GP		 192static void hci_cc_write_def_link_policy(struct hci_dev *hdev,
193 struct sk_buff *skb)
e4e8e37c
MH		 194{
195 __u8 status = *((__u8 *) skb->data);
196 void *sent;
197
9f1db00c 198 BT_DBG("%s status 0x%2.2x", hdev->name, status);
e4e8e37c 199
45296acd
MH		 200 if (status)
201 return;
202
e4e8e37c
MH		 203 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_DEF_LINK_POLICY);
204 if (!sent)
205 return;
206
45296acd 207 hdev->link_policy = get_unaligned_le16(sent);
e4e8e37c
MH		 208}
209
a9de9248
MH		 210static void hci_cc_reset(struct hci_dev *hdev, struct sk_buff *skb)
211{
212 __u8 status = *((__u8 *) skb->data);
04837f64 213
9f1db00c 214 BT_DBG("%s status 0x%2.2x", hdev->name, status);
04837f64 215
10572132
GP		 216 clear_bit(HCI_RESET, &hdev->flags);
217
8761f9d6
MH		 218 if (status)
219 return;
220
a297e97c 221 /* Reset all non-persistent flags */
eacb44df 222 hci_dev_clear_volatile_flags(hdev);
69775ff6 223
39c5d970
JH		 224 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
225
bbaf444a
JH		 226 hdev->inq_tx_power = HCI_TX_POWER_INVALID;
227 hdev->adv_tx_power = HCI_TX_POWER_INVALID;
3f0f524b
JH		 228
229 memset(hdev->adv_data, 0, sizeof(hdev->adv_data));
230 hdev->adv_data_len = 0;
f8e808bd
MH		 231
232 memset(hdev->scan_rsp_data, 0, sizeof(hdev->scan_rsp_data));
233 hdev->scan_rsp_data_len = 0;
06f5b778 234
533553f8
MH		 235 hdev->le_scan_type = LE_SCAN_PASSIVE;
236
06f5b778 237 hdev->ssp_debug_mode = 0;
a4d5504d
MH		 238
239 hci_bdaddr_list_clear(&hdev->le_white_list);
cfdb0c2d 240 hci_bdaddr_list_clear(&hdev->le_resolv_list);
a9de9248 241}
04837f64 242
c2f0f979
MH		 243static void hci_cc_read_stored_link_key(struct hci_dev *hdev,
244 struct sk_buff *skb)
245{
246 struct hci_rp_read_stored_link_key *rp = (void *)skb->data;
247 struct hci_cp_read_stored_link_key *sent;
248
249 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
250
251 sent = hci_sent_cmd_data(hdev, HCI_OP_READ_STORED_LINK_KEY);
252 if (!sent)
253 return;
254
255 if (!rp->status && sent->read_all == 0x01) {
256 hdev->stored_max_keys = rp->max_keys;
257 hdev->stored_num_keys = rp->num_keys;
258 }
259}
260
a9366120
MH		 261static void hci_cc_delete_stored_link_key(struct hci_dev *hdev,
262 struct sk_buff *skb)
263{
264 struct hci_rp_delete_stored_link_key *rp = (void *)skb->data;
265
266 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
267
268 if (rp->status)
269 return;
270
271 if (rp->num_keys <= hdev->stored_num_keys)
272 hdev->stored_num_keys -= rp->num_keys;
273 else
274 hdev->stored_num_keys = 0;
275}
276
a9de9248
MH		 277static void hci_cc_write_local_name(struct hci_dev *hdev, struct sk_buff *skb)
278{
279 __u8 status = *((__u8 *) skb->data);
280 void *sent;
04837f64 281
9f1db00c 282 BT_DBG("%s status 0x%2.2x", hdev->name, status);
04837f64 283
a9de9248
MH		 284 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LOCAL_NAME);
285 if (!sent)
286 return;
04837f64 287
56e5cb86
JH		 288 hci_dev_lock(hdev);
289
d7a5a11d 290 if (hci_dev_test_flag(hdev, HCI_MGMT))
f51d5b24 291 mgmt_set_local_name_complete(hdev, sent, status);
28cc7bde
JH		 292 else if (!status)
293 memcpy(hdev->dev_name, sent, HCI_MAX_NAME_LENGTH);
f51d5b24 294
56e5cb86 295 hci_dev_unlock(hdev);
a9de9248
MH		 296}
297
298static void hci_cc_read_local_name(struct hci_dev *hdev, struct sk_buff *skb)
299{
300 struct hci_rp_read_local_name *rp = (void *) skb->data;
301
9f1db00c 302 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
a9de9248
MH		 303
304 if (rp->status)
305 return;
306
d7a5a11d
MH		 307 if (hci_dev_test_flag(hdev, HCI_SETUP) ||
308 hci_dev_test_flag(hdev, HCI_CONFIG))
db99b5fc 309 memcpy(hdev->dev_name, rp->name, HCI_MAX_NAME_LENGTH);
a9de9248
MH		 310}
311
312static void hci_cc_write_auth_enable(struct hci_dev *hdev, struct sk_buff *skb)
313{
314 __u8 status = *((__u8 *) skb->data);
315 void *sent;
316
9f1db00c 317 BT_DBG("%s status 0x%2.2x", hdev->name, status);
a9de9248
MH		 318
319 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_AUTH_ENABLE);
320 if (!sent)
321 return;
322
5c1a4c8f
JK		 323 hci_dev_lock(hdev);
324
a9de9248
MH		 325 if (!status) {
326 __u8 param = *((__u8 *) sent);
327
328 if (param == AUTH_ENABLED)
329 set_bit(HCI_AUTH, &hdev->flags);
330 else
331 clear_bit(HCI_AUTH, &hdev->flags);
1da177e4 332 }
a9de9248 333
d7a5a11d 334 if (hci_dev_test_flag(hdev, HCI_MGMT))
33ef95ed 335 mgmt_auth_enable_complete(hdev, status);
5c1a4c8f
JK		 336
337 hci_dev_unlock(hdev);
1da177e4
LT		 338}
339
a9de9248 340static void hci_cc_write_encrypt_mode(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 341{
a9de9248 342 __u8 status = *((__u8 *) skb->data);
45296acd 343 __u8 param;
1da177e4
LT		 344 void *sent;
345
9f1db00c 346 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1da177e4 347
45296acd
MH		 348 if (status)
349 return;
350
a9de9248
MH		 351 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_ENCRYPT_MODE);
352 if (!sent)
353 return;
1da177e4 354
45296acd 355 param = *((__u8 *) sent);
a9de9248 356
45296acd
MH		 357 if (param)
358 set_bit(HCI_ENCRYPT, &hdev->flags);
359 else
360 clear_bit(HCI_ENCRYPT, &hdev->flags);
a9de9248 361}
1da177e4 362
a9de9248
MH		 363static void hci_cc_write_scan_enable(struct hci_dev *hdev, struct sk_buff *skb)
364{
45296acd
MH		 365 __u8 status = *((__u8 *) skb->data);
366 __u8 param;
a9de9248 367 void *sent;
1da177e4 368
9f1db00c 369 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1da177e4 370
a9de9248
MH		 371 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SCAN_ENABLE);
372 if (!sent)
373 return;
1da177e4 374
36f7fc7e
JH		 375 param = *((__u8 *) sent);
376
56e5cb86
JH		 377 hci_dev_lock(hdev);
378
fa1bd918 379 if (status) {
2d7cee58
JH		 380 hdev->discov_timeout = 0;
381 goto done;
382 }
383
bc6d2d04 384 if (param & SCAN_INQUIRY)
36f7fc7e 385 set_bit(HCI_ISCAN, &hdev->flags);
bc6d2d04
JH		 386 else
387 clear_bit(HCI_ISCAN, &hdev->flags);
36f7fc7e 388
031547d8 389 if (param & SCAN_PAGE)
36f7fc7e 390 set_bit(HCI_PSCAN, &hdev->flags);
bc6d2d04 391 else
204e3990 392 clear_bit(HCI_PSCAN, &hdev->flags);
1da177e4 393
36f7fc7e 394done:
56e5cb86 395 hci_dev_unlock(hdev);
a9de9248 396}
1da177e4 397
a9de9248
MH		 398static void hci_cc_read_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
399{
400 struct hci_rp_read_class_of_dev *rp = (void *) skb->data;
1da177e4 401
9f1db00c 402 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1da177e4 403
a9de9248
MH		 404 if (rp->status)
405 return;
1da177e4 406
a9de9248 407 memcpy(hdev->dev_class, rp->dev_class, 3);
1da177e4 408
a9de9248 409 BT_DBG("%s class 0x%.2x%.2x%.2x", hdev->name,
807deac2 410 hdev->dev_class[2], hdev->dev_class[1], hdev->dev_class[0]);
a9de9248 411}
1da177e4 412
a9de9248
MH		 413static void hci_cc_write_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
414{
415 __u8 status = *((__u8 *) skb->data);
416 void *sent;
1da177e4 417
9f1db00c 418 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1da177e4 419
a9de9248
MH		 420 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_CLASS_OF_DEV);
421 if (!sent)
422 return;
1da177e4 423
7f9a903c
MH		 424 hci_dev_lock(hdev);
425
426 if (status == 0)
427 memcpy(hdev->dev_class, sent, 3);
428
d7a5a11d 429 if (hci_dev_test_flag(hdev, HCI_MGMT))
7f9a903c
MH		 430 mgmt_set_class_of_dev_complete(hdev, sent, status);
431
432 hci_dev_unlock(hdev);
a9de9248 433}
1da177e4 434
a9de9248
MH		 435static void hci_cc_read_voice_setting(struct hci_dev *hdev, struct sk_buff *skb)
436{
437 struct hci_rp_read_voice_setting *rp = (void *) skb->data;
438 __u16 setting;
439
9f1db00c 440 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
a9de9248
MH		 441
442 if (rp->status)
443 return;
444
445 setting = __le16_to_cpu(rp->voice_setting);
446
f383f275 447 if (hdev->voice_setting == setting)
a9de9248
MH		 448 return;
449
450 hdev->voice_setting = setting;
451
9f1db00c 452 BT_DBG("%s voice setting 0x%4.4x", hdev->name, setting);
a9de9248 453
3c54711c 454 if (hdev->notify)
a9de9248 455 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
a9de9248
MH		 456}
457
8fc9ced3
GP		 458static void hci_cc_write_voice_setting(struct hci_dev *hdev,
459 struct sk_buff *skb)
a9de9248
MH		 460{
461 __u8 status = *((__u8 *) skb->data);
f383f275 462 __u16 setting;
a9de9248
MH		 463 void *sent;
464
9f1db00c 465 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1da177e4 466
f383f275
MH		 467 if (status)
468 return;
469
a9de9248
MH		 470 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_VOICE_SETTING);
471 if (!sent)
472 return;
1da177e4 473
f383f275 474 setting = get_unaligned_le16(sent);
1da177e4 475
f383f275
MH		 476 if (hdev->voice_setting == setting)
477 return;
478
479 hdev->voice_setting = setting;
1da177e4 480
9f1db00c 481 BT_DBG("%s voice setting 0x%4.4x", hdev->name, setting);
1da177e4 482
3c54711c 483 if (hdev->notify)
f383f275 484 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
1da177e4
LT		 485}
486
b4cb9fb2
MH		 487static void hci_cc_read_num_supported_iac(struct hci_dev *hdev,
488 struct sk_buff *skb)
489{
490 struct hci_rp_read_num_supported_iac *rp = (void *) skb->data;
491
492 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
493
494 if (rp->status)
495 return;
496
497 hdev->num_iac = rp->num_iac;
498
499 BT_DBG("%s num iac %d", hdev->name, hdev->num_iac);
500}
501
333140b5
MH		 502static void hci_cc_write_ssp_mode(struct hci_dev *hdev, struct sk_buff *skb)
503{
504 __u8 status = *((__u8 *) skb->data);
5ed8eb2f 505 struct hci_cp_write_ssp_mode *sent;
333140b5 506
9f1db00c 507 BT_DBG("%s status 0x%2.2x", hdev->name, status);
333140b5 508
333140b5
MH		 509 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SSP_MODE);
510 if (!sent)
511 return;
512
5c1a4c8f
JK		 513 hci_dev_lock(hdev);
514
5ed8eb2f
JH		 515 if (!status) {
516 if (sent->mode)
cad718ed 517 hdev->features[1][0] |= LMP_HOST_SSP;
5ed8eb2f 518 else
cad718ed 519 hdev->features[1][0] &= ~LMP_HOST_SSP;
5ed8eb2f
JH		 520 }
521
d7a5a11d 522 if (hci_dev_test_flag(hdev, HCI_MGMT))
5ed8eb2f 523 mgmt_ssp_enable_complete(hdev, sent->mode, status);
c0ecddc2 524 else if (!status) {
5ed8eb2f 525 if (sent->mode)
a1536da2 526 hci_dev_set_flag(hdev, HCI_SSP_ENABLED);
c0ecddc2 527 else
a358dc11 528 hci_dev_clear_flag(hdev, HCI_SSP_ENABLED);
c0ecddc2 529 }
5c1a4c8f
JK		 530
531 hci_dev_unlock(hdev);
333140b5
MH		 532}
533
eac83dc6
MH		 534static void hci_cc_write_sc_support(struct hci_dev *hdev, struct sk_buff *skb)
535{
536 u8 status = *((u8 *) skb->data);
537 struct hci_cp_write_sc_support *sent;
538
539 BT_DBG("%s status 0x%2.2x", hdev->name, status);
540
541 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SC_SUPPORT);
542 if (!sent)
543 return;
544
5c1a4c8f
JK		 545 hci_dev_lock(hdev);
546
eac83dc6
MH		 547 if (!status) {
548 if (sent->support)
549 hdev->features[1][0] |= LMP_HOST_SC;
550 else
551 hdev->features[1][0] &= ~LMP_HOST_SC;
552 }
553
d7a5a11d 554 if (!hci_dev_test_flag(hdev, HCI_MGMT) && !status) {
eac83dc6 555 if (sent->support)
a1536da2 556 hci_dev_set_flag(hdev, HCI_SC_ENABLED);
eac83dc6 557 else
a358dc11 558 hci_dev_clear_flag(hdev, HCI_SC_ENABLED);
eac83dc6 559 }
5c1a4c8f
JK		 560
561 hci_dev_unlock(hdev);
eac83dc6
MH		 562}
563
a9de9248
MH		 564static void hci_cc_read_local_version(struct hci_dev *hdev, struct sk_buff *skb)
565{
566 struct hci_rp_read_local_version *rp = (void *) skb->data;
1143e5a6 567
9f1db00c 568 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1143e5a6 569
a9de9248 570 if (rp->status)
42c6b129 571 return;
1143e5a6 572
d7a5a11d
MH		 573 if (hci_dev_test_flag(hdev, HCI_SETUP) ||
574 hci_dev_test_flag(hdev, HCI_CONFIG)) {
0d5551f5
MH		 575 hdev->hci_ver = rp->hci_ver;
576 hdev->hci_rev = __le16_to_cpu(rp->hci_rev);
577 hdev->lmp_ver = rp->lmp_ver;
578 hdev->manufacturer = __le16_to_cpu(rp->manufacturer);
579 hdev->lmp_subver = __le16_to_cpu(rp->lmp_subver);
580 }
d5859e22
JH		 581}
582
8fc9ced3
GP		 583static void hci_cc_read_local_commands(struct hci_dev *hdev,
584 struct sk_buff *skb)
a9de9248
MH		 585{
586 struct hci_rp_read_local_commands *rp = (void *) skb->data;
1da177e4 587
9f1db00c 588 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1da177e4 589
6a070e6e
MH		 590 if (rp->status)
591 return;
592
d7a5a11d
MH		 593 if (hci_dev_test_flag(hdev, HCI_SETUP) ||
594 hci_dev_test_flag(hdev, HCI_CONFIG))
2177bab5 595 memcpy(hdev->commands, rp->commands, sizeof(hdev->commands));
a9de9248 596}
1da177e4 597
302975cb
SRK		 598static void hci_cc_read_auth_payload_timeout(struct hci_dev *hdev,
599 struct sk_buff *skb)
600{
601 struct hci_rp_read_auth_payload_to *rp = (void *)skb->data;
602 struct hci_conn *conn;
603
604 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
605
606 if (rp->status)
607 return;
608
609 hci_dev_lock(hdev);
610
611 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
612 if (conn)
613 conn->auth_payload_timeout = __le16_to_cpu(rp->timeout);
614
615 hci_dev_unlock(hdev);
616}
617
618static void hci_cc_write_auth_payload_timeout(struct hci_dev *hdev,
619 struct sk_buff *skb)
620{
621 struct hci_rp_write_auth_payload_to *rp = (void *)skb->data;
622 struct hci_conn *conn;
623 void *sent;
624
625 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
626
627 if (rp->status)
628 return;
629
630 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_AUTH_PAYLOAD_TO);
631 if (!sent)
632 return;
633
634 hci_dev_lock(hdev);
635
636 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
637 if (conn)
638 conn->auth_payload_timeout = get_unaligned_le16(sent + 2);
639
640 hci_dev_unlock(hdev);
641}
642
8fc9ced3
GP		 643static void hci_cc_read_local_features(struct hci_dev *hdev,
644 struct sk_buff *skb)
a9de9248
MH		 645{
646 struct hci_rp_read_local_features *rp = (void *) skb->data;
5b7f9909 647
9f1db00c 648 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1da177e4 649
a9de9248
MH		 650 if (rp->status)
651 return;
5b7f9909 652
a9de9248 653 memcpy(hdev->features, rp->features, 8);
5b7f9909 654
a9de9248
MH		 655 /* Adjust default settings according to features
656 * supported by device. */
1da177e4 657
cad718ed 658 if (hdev->features[0][0] & LMP_3SLOT)
a9de9248 659 hdev->pkt_type |= (HCI_DM3 | HCI_DH3);
1da177e4 660
cad718ed 661 if (hdev->features[0][0] & LMP_5SLOT)
a9de9248 662 hdev->pkt_type |= (HCI_DM5 | HCI_DH5);
1da177e4 663
cad718ed 664 if (hdev->features[0][1] & LMP_HV2) {
a9de9248
MH		 665 hdev->pkt_type |= (HCI_HV2);
666 hdev->esco_type |= (ESCO_HV2);
667 }
1da177e4 668
cad718ed 669 if (hdev->features[0][1] & LMP_HV3) {
a9de9248
MH		 670 hdev->pkt_type |= (HCI_HV3);
671 hdev->esco_type |= (ESCO_HV3);
672 }
1da177e4 673
45db810f 674 if (lmp_esco_capable(hdev))
a9de9248 675 hdev->esco_type |= (ESCO_EV3);
da1f5198 676
cad718ed 677 if (hdev->features[0][4] & LMP_EV4)
a9de9248 678 hdev->esco_type |= (ESCO_EV4);
da1f5198 679
cad718ed 680 if (hdev->features[0][4] & LMP_EV5)
a9de9248 681 hdev->esco_type |= (ESCO_EV5);
1da177e4 682
cad718ed 683 if (hdev->features[0][5] & LMP_EDR_ESCO_2M)
efc7688b
MH		 684 hdev->esco_type |= (ESCO_2EV3);
685
cad718ed 686 if (hdev->features[0][5] & LMP_EDR_ESCO_3M)
efc7688b
MH		 687 hdev->esco_type |= (ESCO_3EV3);
688
cad718ed 689 if (hdev->features[0][5] & LMP_EDR_3S_ESCO)
efc7688b 690 hdev->esco_type |= (ESCO_2EV5 | ESCO_3EV5);
a9de9248 691}
1da177e4 692
971e3a4b 693static void hci_cc_read_local_ext_features(struct hci_dev *hdev,
807deac2 694 struct sk_buff *skb)
971e3a4b
AG		 695{
696 struct hci_rp_read_local_ext_features *rp = (void *) skb->data;
697
9f1db00c 698 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
971e3a4b
AG		 699
700 if (rp->status)
42c6b129 701 return;
971e3a4b 702
57af75a8
MH		 703 if (hdev->max_page < rp->max_page)
704 hdev->max_page = rp->max_page;
d2c5d77f 705
cad718ed
JH		 706 if (rp->page < HCI_MAX_PAGES)
707 memcpy(hdev->features[rp->page], rp->features, 8);
971e3a4b
AG		 708}
709
1e89cffb 710static void hci_cc_read_flow_control_mode(struct hci_dev *hdev,
807deac2 711 struct sk_buff *skb)
1e89cffb
AE		 712{
713 struct hci_rp_read_flow_control_mode *rp = (void *) skb->data;
714
9f1db00c 715 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1e89cffb 716
45296acd
MH		 717 if (rp->status)
718 return;
719
720 hdev->flow_ctl_mode = rp->mode;
1e89cffb
AE		 721}
722
a9de9248
MH		 723static void hci_cc_read_buffer_size(struct hci_dev *hdev, struct sk_buff *skb)
724{
725 struct hci_rp_read_buffer_size *rp = (void *) skb->data;
1da177e4 726
9f1db00c 727 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1da177e4 728
a9de9248
MH		 729 if (rp->status)
730 return;
1da177e4 731
a9de9248
MH		 732 hdev->acl_mtu = __le16_to_cpu(rp->acl_mtu);
733 hdev->sco_mtu = rp->sco_mtu;
734 hdev->acl_pkts = __le16_to_cpu(rp->acl_max_pkt);
735 hdev->sco_pkts = __le16_to_cpu(rp->sco_max_pkt);
736
737 if (test_bit(HCI_QUIRK_FIXUP_BUFFER_SIZE, &hdev->quirks)) {
738 hdev->sco_mtu = 64;
739 hdev->sco_pkts = 8;
1da177e4 740 }
a9de9248
MH		 741
742 hdev->acl_cnt = hdev->acl_pkts;
743 hdev->sco_cnt = hdev->sco_pkts;
744
807deac2
GP		 745 BT_DBG("%s acl mtu %d:%d sco mtu %d:%d", hdev->name, hdev->acl_mtu,
746 hdev->acl_pkts, hdev->sco_mtu, hdev->sco_pkts);
a9de9248
MH		 747}
748
749static void hci_cc_read_bd_addr(struct hci_dev *hdev, struct sk_buff *skb)
750{
751 struct hci_rp_read_bd_addr *rp = (void *) skb->data;
752
9f1db00c 753 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
a9de9248 754
e30d3f5f
MH		 755 if (rp->status)
756 return;
757
758 if (test_bit(HCI_INIT, &hdev->flags))
a9de9248 759 bacpy(&hdev->bdaddr, &rp->bdaddr);
e30d3f5f 760
d7a5a11d 761 if (hci_dev_test_flag(hdev, HCI_SETUP))
e30d3f5f 762 bacpy(&hdev->setup_addr, &rp->bdaddr);
23bb5763
JH		 763}
764
a4790360
MH		 765static void hci_cc_read_local_pairing_opts(struct hci_dev *hdev,
766 struct sk_buff *skb)
767{
768 struct hci_rp_read_local_pairing_opts *rp = (void *) skb->data;
769
770 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
771
772 if (rp->status)
773 return;
774
775 if (hci_dev_test_flag(hdev, HCI_SETUP) ||
776 hci_dev_test_flag(hdev, HCI_CONFIG)) {
777 hdev->pairing_opts = rp->pairing_opts;
778 hdev->max_enc_key_size = rp->max_key_size;
779 }
780}
781
f332ec66
JH		 782static void hci_cc_read_page_scan_activity(struct hci_dev *hdev,
783 struct sk_buff *skb)
784{
785 struct hci_rp_read_page_scan_activity *rp = (void *) skb->data;
786
787 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
788
45296acd
MH		 789 if (rp->status)
790 return;
791
792 if (test_bit(HCI_INIT, &hdev->flags)) {
f332ec66
JH		 793 hdev->page_scan_interval = __le16_to_cpu(rp->interval);
794 hdev->page_scan_window = __le16_to_cpu(rp->window);
795 }
796}
797
4a3ee763
JH		 798static void hci_cc_write_page_scan_activity(struct hci_dev *hdev,
799 struct sk_buff *skb)
800{
801 u8 status = *((u8 *) skb->data);
802 struct hci_cp_write_page_scan_activity *sent;
803
804 BT_DBG("%s status 0x%2.2x", hdev->name, status);
805
806 if (status)
807 return;
808
809 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY);
810 if (!sent)
811 return;
812
813 hdev->page_scan_interval = __le16_to_cpu(sent->interval);
814 hdev->page_scan_window = __le16_to_cpu(sent->window);
815}
816
f332ec66
JH		 817static void hci_cc_read_page_scan_type(struct hci_dev *hdev,
818 struct sk_buff *skb)
819{
820 struct hci_rp_read_page_scan_type *rp = (void *) skb->data;
821
822 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
823
45296acd
MH		 824 if (rp->status)
825 return;
826
827 if (test_bit(HCI_INIT, &hdev->flags))
f332ec66
JH		 828 hdev->page_scan_type = rp->type;
829}
830
4a3ee763
JH		 831static void hci_cc_write_page_scan_type(struct hci_dev *hdev,
832 struct sk_buff *skb)
833{
834 u8 status = *((u8 *) skb->data);
835 u8 *type;
836
837 BT_DBG("%s status 0x%2.2x", hdev->name, status);
838
839 if (status)
840 return;
841
842 type = hci_sent_cmd_data(hdev, HCI_OP_WRITE_PAGE_SCAN_TYPE);
843 if (type)
844 hdev->page_scan_type = *type;
845}
846
350ee4cf 847static void hci_cc_read_data_block_size(struct hci_dev *hdev,
807deac2 848 struct sk_buff *skb)
350ee4cf
AE		 849{
850 struct hci_rp_read_data_block_size *rp = (void *) skb->data;
851
9f1db00c 852 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
350ee4cf
AE		 853
854 if (rp->status)
855 return;
856
857 hdev->block_mtu = __le16_to_cpu(rp->max_acl_len);
858 hdev->block_len = __le16_to_cpu(rp->block_len);
859 hdev->num_blocks = __le16_to_cpu(rp->num_blocks);
860
861 hdev->block_cnt = hdev->num_blocks;
862
863 BT_DBG("%s blk mtu %d cnt %d len %d", hdev->name, hdev->block_mtu,
807deac2 864 hdev->block_cnt, hdev->block_len);
350ee4cf
AE		 865}
866
33f35721
JH		 867static void hci_cc_read_clock(struct hci_dev *hdev, struct sk_buff *skb)
868{
869 struct hci_rp_read_clock *rp = (void *) skb->data;
870 struct hci_cp_read_clock *cp;
871 struct hci_conn *conn;
872
873 BT_DBG("%s", hdev->name);
874
875 if (skb->len < sizeof(*rp))
876 return;
877
878 if (rp->status)
879 return;
880
881 hci_dev_lock(hdev);
882
883 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_CLOCK);
884 if (!cp)
885 goto unlock;
886
887 if (cp->which == 0x00) {
888 hdev->clock = le32_to_cpu(rp->clock);
889 goto unlock;
890 }
891
892 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
893 if (conn) {
894 conn->clock = le32_to_cpu(rp->clock);
895 conn->clock_accuracy = le16_to_cpu(rp->accuracy);
896 }
897
898unlock:
899 hci_dev_unlock(hdev);
900}
901
928abaa7 902static void hci_cc_read_local_amp_info(struct hci_dev *hdev,
807deac2 903 struct sk_buff *skb)
928abaa7
AE		 904{
905 struct hci_rp_read_local_amp_info *rp = (void *) skb->data;
906
9f1db00c 907 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
928abaa7
AE		 908
909 if (rp->status)
83927882 910 return;
928abaa7
AE		 911
912 hdev->amp_status = rp->amp_status;
913 hdev->amp_total_bw = __le32_to_cpu(rp->total_bw);
914 hdev->amp_max_bw = __le32_to_cpu(rp->max_bw);
915 hdev->amp_min_latency = __le32_to_cpu(rp->min_latency);
916 hdev->amp_max_pdu = __le32_to_cpu(rp->max_pdu);
917 hdev->amp_type = rp->amp_type;
918 hdev->amp_pal_cap = __le16_to_cpu(rp->pal_cap);
919 hdev->amp_assoc_size = __le16_to_cpu(rp->max_assoc_size);
920 hdev->amp_be_flush_to = __le32_to_cpu(rp->be_flush_to);
921 hdev->amp_max_flush_to = __le32_to_cpu(rp->max_flush_to);
928abaa7
AE		 922}
923
d5859e22 924static void hci_cc_read_inq_rsp_tx_power(struct hci_dev *hdev,
807deac2 925 struct sk_buff *skb)
d5859e22 926{
91c4e9b1 927 struct hci_rp_read_inq_rsp_tx_power *rp = (void *) skb->data;
d5859e22 928
9f1db00c 929 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
91c4e9b1 930
45296acd
MH		 931 if (rp->status)
932 return;
933
934 hdev->inq_tx_power = rp->tx_power;
d5859e22
JH		 935}
936
00bce3fb
AM		 937static void hci_cc_read_def_err_data_reporting(struct hci_dev *hdev,
938 struct sk_buff *skb)
939{
940 struct hci_rp_read_def_err_data_reporting *rp = (void *)skb->data;
941
942 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
943
944 if (rp->status)
945 return;
946
947 hdev->err_data_reporting = rp->err_data_reporting;
948}
949
950static void hci_cc_write_def_err_data_reporting(struct hci_dev *hdev,
951 struct sk_buff *skb)
952{
953 __u8 status = *((__u8 *)skb->data);
954 struct hci_cp_write_def_err_data_reporting *cp;
955
956 BT_DBG("%s status 0x%2.2x", hdev->name, status);
957
958 if (status)
959 return;
960
961 cp = hci_sent_cmd_data(hdev, HCI_OP_WRITE_DEF_ERR_DATA_REPORTING);
962 if (!cp)
963 return;
964
965 hdev->err_data_reporting = cp->err_data_reporting;
966}
967
980e1a53
JH		 968static void hci_cc_pin_code_reply(struct hci_dev *hdev, struct sk_buff *skb)
969{
970 struct hci_rp_pin_code_reply *rp = (void *) skb->data;
971 struct hci_cp_pin_code_reply *cp;
972 struct hci_conn *conn;
973
9f1db00c 974 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
980e1a53 975
56e5cb86
JH		 976 hci_dev_lock(hdev);
977
d7a5a11d 978 if (hci_dev_test_flag(hdev, HCI_MGMT))
744cf19e 979 mgmt_pin_code_reply_complete(hdev, &rp->bdaddr, rp->status);
980e1a53 980
fa1bd918 981 if (rp->status)
56e5cb86 982 goto unlock;
980e1a53
JH		 983
984 cp = hci_sent_cmd_data(hdev, HCI_OP_PIN_CODE_REPLY);
985 if (!cp)
56e5cb86 986 goto unlock;
980e1a53
JH		 987
988 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
989 if (conn)
990 conn->pin_length = cp->pin_len;
56e5cb86
JH		 991
992unlock:
993 hci_dev_unlock(hdev);
980e1a53
JH		 994}
995
996static void hci_cc_pin_code_neg_reply(struct hci_dev *hdev, struct sk_buff *skb)
997{
998 struct hci_rp_pin_code_neg_reply *rp = (void *) skb->data;
999
9f1db00c 1000 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
980e1a53 1001
56e5cb86
JH		 1002 hci_dev_lock(hdev);
1003
d7a5a11d 1004 if (hci_dev_test_flag(hdev, HCI_MGMT))
744cf19e 1005 mgmt_pin_code_neg_reply_complete(hdev, &rp->bdaddr,
807deac2 1006 rp->status);
56e5cb86
JH		 1007
1008 hci_dev_unlock(hdev);
980e1a53 1009}
56e5cb86 1010
6ed58ec5
VT		 1011static void hci_cc_le_read_buffer_size(struct hci_dev *hdev,
1012 struct sk_buff *skb)
1013{
1014 struct hci_rp_le_read_buffer_size *rp = (void *) skb->data;
1015
9f1db00c 1016 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
6ed58ec5
VT		 1017
1018 if (rp->status)
1019 return;
1020
1021 hdev->le_mtu = __le16_to_cpu(rp->le_mtu);
1022 hdev->le_pkts = rp->le_max_pkt;
1023
1024 hdev->le_cnt = hdev->le_pkts;
1025
1026 BT_DBG("%s le mtu %d:%d", hdev->name, hdev->le_mtu, hdev->le_pkts);
6ed58ec5 1027}
980e1a53 1028
60e77321
JH		 1029static void hci_cc_le_read_local_features(struct hci_dev *hdev,
1030 struct sk_buff *skb)
1031{
1032 struct hci_rp_le_read_local_features *rp = (void *) skb->data;
1033
1034 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1035
45296acd
MH		 1036 if (rp->status)
1037 return;
1038
1039 memcpy(hdev->le_features, rp->features, 8);
60e77321
JH		 1040}
1041
8fa19098
JH		 1042static void hci_cc_le_read_adv_tx_power(struct hci_dev *hdev,
1043 struct sk_buff *skb)
1044{
1045 struct hci_rp_le_read_adv_tx_power *rp = (void *) skb->data;
1046
1047 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1048
45296acd
MH		 1049 if (rp->status)
1050 return;
1051
1052 hdev->adv_tx_power = rp->tx_power;
8fa19098
JH		 1053}
1054
a5c29683
JH		 1055static void hci_cc_user_confirm_reply(struct hci_dev *hdev, struct sk_buff *skb)
1056{
1057 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
1058
9f1db00c 1059 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
a5c29683 1060
56e5cb86
JH		 1061 hci_dev_lock(hdev);
1062
d7a5a11d 1063 if (hci_dev_test_flag(hdev, HCI_MGMT))
04124681
GP		 1064 mgmt_user_confirm_reply_complete(hdev, &rp->bdaddr, ACL_LINK, 0,
1065 rp->status);
56e5cb86
JH		 1066
1067 hci_dev_unlock(hdev);
a5c29683
JH		 1068}
1069
1070static void hci_cc_user_confirm_neg_reply(struct hci_dev *hdev,
807deac2 1071 struct sk_buff *skb)
a5c29683
JH		 1072{
1073 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
1074
9f1db00c 1075 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
a5c29683 1076
56e5cb86
JH		 1077 hci_dev_lock(hdev);
1078
d7a5a11d 1079 if (hci_dev_test_flag(hdev, HCI_MGMT))
744cf19e 1080 mgmt_user_confirm_neg_reply_complete(hdev, &rp->bdaddr,
04124681 1081 ACL_LINK, 0, rp->status);
56e5cb86
JH		 1082
1083 hci_dev_unlock(hdev);
a5c29683
JH		 1084}
1085
1143d458
BG		 1086static void hci_cc_user_passkey_reply(struct hci_dev *hdev, struct sk_buff *skb)
1087{
1088 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
1089
9f1db00c 1090 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1143d458
BG		 1091
1092 hci_dev_lock(hdev);
1093
d7a5a11d 1094 if (hci_dev_test_flag(hdev, HCI_MGMT))
272d90df 1095 mgmt_user_passkey_reply_complete(hdev, &rp->bdaddr, ACL_LINK,
04124681 1096 0, rp->status);
1143d458
BG		 1097
1098 hci_dev_unlock(hdev);
1099}
1100
1101static void hci_cc_user_passkey_neg_reply(struct hci_dev *hdev,
807deac2 1102 struct sk_buff *skb)
1143d458
BG		 1103{
1104 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
1105
9f1db00c 1106 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1143d458
BG		 1107
1108 hci_dev_lock(hdev);
1109
d7a5a11d 1110 if (hci_dev_test_flag(hdev, HCI_MGMT))
1143d458 1111 mgmt_user_passkey_neg_reply_complete(hdev, &rp->bdaddr,
04124681 1112 ACL_LINK, 0, rp->status);
1143d458
BG		 1113
1114 hci_dev_unlock(hdev);
1115}
1116
4d2d2796
MH		 1117static void hci_cc_read_local_oob_data(struct hci_dev *hdev,
1118 struct sk_buff *skb)
c35938b2
SJ		 1119{
1120 struct hci_rp_read_local_oob_data *rp = (void *) skb->data;
1121
9f1db00c 1122 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
4d2d2796
MH		 1123}
1124
1125static void hci_cc_read_local_oob_ext_data(struct hci_dev *hdev,
1126 struct sk_buff *skb)
1127{
1128 struct hci_rp_read_local_oob_ext_data *rp = (void *) skb->data;
1129
1130 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
c35938b2
SJ		 1131}
1132
7a4cd51d
MH		 1133static void hci_cc_le_set_random_addr(struct hci_dev *hdev, struct sk_buff *skb)
1134{
1135 __u8 status = *((__u8 *) skb->data);
1136 bdaddr_t *sent;
1137
1138 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1139
45296acd
MH		 1140 if (status)
1141 return;
1142
7a4cd51d
MH		 1143 sent = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_RANDOM_ADDR);
1144 if (!sent)
1145 return;
1146
1147 hci_dev_lock(hdev);
1148
45296acd 1149 bacpy(&hdev->random_addr, sent);
7a4cd51d
MH		 1150
1151 hci_dev_unlock(hdev);
1152}
1153
0314f286
JK		 1154static void hci_cc_le_set_default_phy(struct hci_dev *hdev, struct sk_buff *skb)
1155{
1156 __u8 status = *((__u8 *) skb->data);
1157 struct hci_cp_le_set_default_phy *cp;
1158
1159 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1160
1161 if (status)
1162 return;
1163
1164 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_DEFAULT_PHY);
1165 if (!cp)
1166 return;
1167
1168 hci_dev_lock(hdev);
1169
1170 hdev->le_tx_def_phys = cp->tx_phys;
1171 hdev->le_rx_def_phys = cp->rx_phys;
1172
1173 hci_dev_unlock(hdev);
1174}
1175
a73c046a
JK		 1176static void hci_cc_le_set_adv_set_random_addr(struct hci_dev *hdev,
1177 struct sk_buff *skb)
1178{
1179 __u8 status = *((__u8 *) skb->data);
1180 struct hci_cp_le_set_adv_set_rand_addr *cp;
1181 struct adv_info *adv_instance;
1182
1183 if (status)
1184 return;
1185
1186 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_ADV_SET_RAND_ADDR);
1187 if (!cp)
1188 return;
1189
1190 hci_dev_lock(hdev);
1191
1192 if (!hdev->cur_adv_instance) {
1193 /* Store in hdev for instance 0 (Set adv and Directed advs) */
1194 bacpy(&hdev->random_addr, &cp->bdaddr);
1195 } else {
1196 adv_instance = hci_find_adv_instance(hdev,
1197 hdev->cur_adv_instance);
1198 if (adv_instance)
1199 bacpy(&adv_instance->random_addr, &cp->bdaddr);
1200 }
1201
1202 hci_dev_unlock(hdev);
1203}
1204
c1d5dc4a
JH		 1205static void hci_cc_le_set_adv_enable(struct hci_dev *hdev, struct sk_buff *skb)
1206{
1207 __u8 *sent, status = *((__u8 *) skb->data);
1208
1209 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1210
45296acd 1211 if (status)
c1d5dc4a
JH		 1212 return;
1213
45296acd
MH		 1214 sent = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_ADV_ENABLE);
1215 if (!sent)
3c857757
JH		 1216 return;
1217
c1d5dc4a
JH		 1218 hci_dev_lock(hdev);
1219
49c922bb 1220 /* If we're doing connection initiation as peripheral. Set a
3c857757
JH		 1221 * timeout in case something goes wrong.
1222 */
1223 if (*sent) {
1224 struct hci_conn *conn;
1225
a1536da2 1226 hci_dev_set_flag(hdev, HCI_LE_ADV);
66c417c1 1227
e7d9ab73 1228 conn = hci_lookup_le_connect(hdev);
3c857757
JH		 1229 if (conn)
1230 queue_delayed_work(hdev->workqueue,
1231 &conn->le_conn_timeout,
09ae260b 1232 conn->conn_timeout);
66c417c1 1233 } else {
a358dc11 1234 hci_dev_clear_flag(hdev, HCI_LE_ADV);
3c857757
JH		 1235 }
1236
04b4edcb 1237 hci_dev_unlock(hdev);
c1d5dc4a
JH		 1238}
1239
de181e88
JK		 1240static void hci_cc_le_set_ext_adv_enable(struct hci_dev *hdev,
1241 struct sk_buff *skb)
1242{
1243 struct hci_cp_le_set_ext_adv_enable *cp;
de181e88
JK		 1244 __u8 status = *((__u8 *) skb->data);
1245
1246 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1247
1248 if (status)
1249 return;
1250
1251 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_EXT_ADV_ENABLE);
1252 if (!cp)
1253 return;
1254
de181e88
JK		 1255 hci_dev_lock(hdev);
1256
1257 if (cp->enable) {
1258 struct hci_conn *conn;
1259
1260 hci_dev_set_flag(hdev, HCI_LE_ADV);
1261
1262 conn = hci_lookup_le_connect(hdev);
1263 if (conn)
1264 queue_delayed_work(hdev->workqueue,
1265 &conn->le_conn_timeout,
1266 conn->conn_timeout);
45b7749f
JK		 1267 } else {
1268 hci_dev_clear_flag(hdev, HCI_LE_ADV);
de181e88
JK		 1269 }
1270
1271 hci_dev_unlock(hdev);
1272}
1273
533553f8
MH		 1274static void hci_cc_le_set_scan_param(struct hci_dev *hdev, struct sk_buff *skb)
1275{
1276 struct hci_cp_le_set_scan_param *cp;
1277 __u8 status = *((__u8 *) skb->data);
1278
1279 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1280
45296acd
MH		 1281 if (status)
1282 return;
1283
533553f8
MH		 1284 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_SCAN_PARAM);
1285 if (!cp)
1286 return;
1287
1288 hci_dev_lock(hdev);
1289
45296acd 1290 hdev->le_scan_type = cp->type;
533553f8
MH		 1291
1292 hci_dev_unlock(hdev);
1293}
1294
a2344b9e
JK		 1295static void hci_cc_le_set_ext_scan_param(struct hci_dev *hdev,
1296 struct sk_buff *skb)
1297{
1298 struct hci_cp_le_set_ext_scan_params *cp;
1299 __u8 status = *((__u8 *) skb->data);
1300 struct hci_cp_le_scan_phy_params *phy_param;
1301
1302 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1303
1304 if (status)
1305 return;
1306
1307 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_EXT_SCAN_PARAMS);
1308 if (!cp)
1309 return;
1310
1311 phy_param = (void *)cp->data;
1312
1313 hci_dev_lock(hdev);
1314
1315 hdev->le_scan_type = phy_param->type;
1316
1317 hci_dev_unlock(hdev);
1318}
1319
b9a6328f
JH		 1320static bool has_pending_adv_report(struct hci_dev *hdev)
1321{
1322 struct discovery_state *d = &hdev->discovery;
1323
1324 return bacmp(&d->last_adv_addr, BDADDR_ANY);
1325}
1326
1327static void clear_pending_adv_report(struct hci_dev *hdev)
1328{
1329 struct discovery_state *d = &hdev->discovery;
1330
1331 bacpy(&d->last_adv_addr, BDADDR_ANY);
1332 d->last_adv_data_len = 0;
1333}
1334
1335static void store_pending_adv_report(struct hci_dev *hdev, bdaddr_t *bdaddr,
c70a7e4c
MH		 1336 u8 bdaddr_type, s8 rssi, u32 flags,
1337 u8 *data, u8 len)
b9a6328f
JH		 1338{
1339 struct discovery_state *d = &hdev->discovery;
1340
1341 bacpy(&d->last_adv_addr, bdaddr);
1342 d->last_adv_addr_type = bdaddr_type;
ff5cd29f 1343 d->last_adv_rssi = rssi;
c70a7e4c 1344 d->last_adv_flags = flags;
b9a6328f
JH		 1345 memcpy(d->last_adv_data, data, len);
1346 d->last_adv_data_len = len;
1347}
1348
3baef810 1349static void le_set_scan_enable_complete(struct hci_dev *hdev, u8 enable)
eb9d91f5 1350{
5c1a4c8f
JK		 1351 hci_dev_lock(hdev);
1352
3baef810 1353 switch (enable) {
76a388be 1354 case LE_SCAN_ENABLE:
a1536da2 1355 hci_dev_set_flag(hdev, HCI_LE_SCAN);
b9a6328f
JH		 1356 if (hdev->le_scan_type == LE_SCAN_ACTIVE)
1357 clear_pending_adv_report(hdev);
68a8aea4
AE		 1358 break;
1359
76a388be 1360 case LE_SCAN_DISABLE:
b9a6328f
JH		 1361 /* We do this here instead of when setting DISCOVERY_STOPPED
1362 * since the latter would potentially require waiting for
1363 * inquiry to stop too.
1364 */
1365 if (has_pending_adv_report(hdev)) {
1366 struct discovery_state *d = &hdev->discovery;
1367
1368 mgmt_device_found(hdev, &d->last_adv_addr, LE_LINK,
ab0aa433 1369 d->last_adv_addr_type, NULL,
c70a7e4c 1370 d->last_adv_rssi, d->last_adv_flags,
ab0aa433 1371 d->last_adv_data,
b9a6328f
JH		 1372 d->last_adv_data_len, NULL, 0);
1373 }
1374
317ac8cb
JH		 1375 /* Cancel this timer so that we don't try to disable scanning
1376 * when it's already disabled.
1377 */
1378 cancel_delayed_work(&hdev->le_scan_disable);
1379
a358dc11 1380 hci_dev_clear_flag(hdev, HCI_LE_SCAN);
e8bb6b97 1381
81ad6fd9
JH		 1382 /* The HCI_LE_SCAN_INTERRUPTED flag indicates that we
1383 * interrupted scanning due to a connect request. Mark
e8bb6b97
JH		 1384 * therefore discovery as stopped. If this was not
1385 * because of a connect request advertising might have
1386 * been disabled because of active scanning, so
1387 * re-enable it again if necessary.
81ad6fd9 1388 */
a69d8927 1389 if (hci_dev_test_and_clear_flag(hdev, HCI_LE_SCAN_INTERRUPTED))
81ad6fd9 1390 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
d7a5a11d 1391 else if (!hci_dev_test_flag(hdev, HCI_LE_ADV) &&
34722277 1392 hdev->discovery.state == DISCOVERY_FINDING)
f2252570 1393 hci_req_reenable_advertising(hdev);
e8bb6b97 1394
68a8aea4
AE		 1395 break;
1396
1397 default:
2064ee33 1398 bt_dev_err(hdev, "use of reserved LE_Scan_Enable param %d",
3baef810 1399 enable);
68a8aea4 1400 break;
35815085 1401 }
5c1a4c8f
JK		 1402
1403 hci_dev_unlock(hdev);
eb9d91f5
AG		 1404}
1405
3baef810
JK		 1406static void hci_cc_le_set_scan_enable(struct hci_dev *hdev,
1407 struct sk_buff *skb)
1408{
1409 struct hci_cp_le_set_scan_enable *cp;
1410 __u8 status = *((__u8 *) skb->data);
1411
1412 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1413
1414 if (status)
1415 return;
1416
1417 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_SCAN_ENABLE);
1418 if (!cp)
1419 return;
1420
1421 le_set_scan_enable_complete(hdev, cp->enable);
1422}
1423
a2344b9e
JK		 1424static void hci_cc_le_set_ext_scan_enable(struct hci_dev *hdev,
1425 struct sk_buff *skb)
1426{
1427 struct hci_cp_le_set_ext_scan_enable *cp;
1428 __u8 status = *((__u8 *) skb->data);
1429
1430 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1431
1432 if (status)
1433 return;
1434
1435 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_EXT_SCAN_ENABLE);
1436 if (!cp)
1437 return;
1438
1439 le_set_scan_enable_complete(hdev, cp->enable);
1440}
1441
6b49bcb4
JK		 1442static void hci_cc_le_read_num_adv_sets(struct hci_dev *hdev,
1443 struct sk_buff *skb)
1444{
1445 struct hci_rp_le_read_num_supported_adv_sets *rp = (void *) skb->data;
1446
1447 BT_DBG("%s status 0x%2.2x No of Adv sets %u", hdev->name, rp->status,
1448 rp->num_of_sets);
1449
1450 if (rp->status)
1451 return;
1452
1453 hdev->le_num_of_adv_sets = rp->num_of_sets;
1454}
1455
cf1d081f
JH		 1456static void hci_cc_le_read_white_list_size(struct hci_dev *hdev,
1457 struct sk_buff *skb)
1458{
1459 struct hci_rp_le_read_white_list_size *rp = (void *) skb->data;
1460
1461 BT_DBG("%s status 0x%2.2x size %u", hdev->name, rp->status, rp->size);
1462
45296acd
MH		 1463 if (rp->status)
1464 return;
1465
1466 hdev->le_white_list_size = rp->size;
cf1d081f
JH		 1467}
1468
0f36b589
MH		 1469static void hci_cc_le_clear_white_list(struct hci_dev *hdev,
1470 struct sk_buff *skb)
1471{
1472 __u8 status = *((__u8 *) skb->data);
1473
1474 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1475
45296acd
MH		 1476 if (status)
1477 return;
1478
dcc36c16 1479 hci_bdaddr_list_clear(&hdev->le_white_list);
0f36b589
MH		 1480}
1481
1482static void hci_cc_le_add_to_white_list(struct hci_dev *hdev,
1483 struct sk_buff *skb)
1484{
1485 struct hci_cp_le_add_to_white_list *sent;
1486 __u8 status = *((__u8 *) skb->data);
1487
1488 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1489
45296acd
MH		 1490 if (status)
1491 return;
1492
0f36b589
MH		 1493 sent = hci_sent_cmd_data(hdev, HCI_OP_LE_ADD_TO_WHITE_LIST);
1494 if (!sent)
1495 return;
1496
dcc36c16
JH		 1497 hci_bdaddr_list_add(&hdev->le_white_list, &sent->bdaddr,
1498 sent->bdaddr_type);
0f36b589
MH		 1499}
1500
1501static void hci_cc_le_del_from_white_list(struct hci_dev *hdev,
1502 struct sk_buff *skb)
1503{
1504 struct hci_cp_le_del_from_white_list *sent;
1505 __u8 status = *((__u8 *) skb->data);
1506
1507 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1508
45296acd
MH		 1509 if (status)
1510 return;
1511
0f36b589
MH		 1512 sent = hci_sent_cmd_data(hdev, HCI_OP_LE_DEL_FROM_WHITE_LIST);
1513 if (!sent)
1514 return;
1515
dcc36c16
JH		 1516 hci_bdaddr_list_del(&hdev->le_white_list, &sent->bdaddr,
1517 sent->bdaddr_type);
0f36b589
MH		 1518}
1519
9b008c04
JH		 1520static void hci_cc_le_read_supported_states(struct hci_dev *hdev,
1521 struct sk_buff *skb)
1522{
1523 struct hci_rp_le_read_supported_states *rp = (void *) skb->data;
1524
1525 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1526
45296acd
MH		 1527 if (rp->status)
1528 return;
1529
1530 memcpy(hdev->le_states, rp->le_states, 8);
9b008c04
JH		 1531}
1532
a8e1bfaa
MH		 1533static void hci_cc_le_read_def_data_len(struct hci_dev *hdev,
1534 struct sk_buff *skb)
1535{
1536 struct hci_rp_le_read_def_data_len *rp = (void *) skb->data;
1537
1538 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1539
1540 if (rp->status)
1541 return;
1542
1543 hdev->le_def_tx_len = le16_to_cpu(rp->tx_len);
1544 hdev->le_def_tx_time = le16_to_cpu(rp->tx_time);
1545}
1546
1547static void hci_cc_le_write_def_data_len(struct hci_dev *hdev,
1548 struct sk_buff *skb)
1549{
1550 struct hci_cp_le_write_def_data_len *sent;
1551 __u8 status = *((__u8 *) skb->data);
1552
1553 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1554
1555 if (status)
1556 return;
1557
1558 sent = hci_sent_cmd_data(hdev, HCI_OP_LE_WRITE_DEF_DATA_LEN);
1559 if (!sent)
1560 return;
1561
1562 hdev->le_def_tx_len = le16_to_cpu(sent->tx_len);
1563 hdev->le_def_tx_time = le16_to_cpu(sent->tx_time);
1564}
1565
b950aa88
AN		 1566static void hci_cc_le_add_to_resolv_list(struct hci_dev *hdev,
1567 struct sk_buff *skb)
1568{
1569 struct hci_cp_le_add_to_resolv_list *sent;
1570 __u8 status = *((__u8 *) skb->data);
1571
1572 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1573
1574 if (status)
1575 return;
1576
1577 sent = hci_sent_cmd_data(hdev, HCI_OP_LE_ADD_TO_RESOLV_LIST);
1578 if (!sent)
1579 return;
1580
1581 hci_bdaddr_list_add_with_irk(&hdev->le_resolv_list, &sent->bdaddr,
1582 sent->bdaddr_type, sent->peer_irk,
1583 sent->local_irk);
1584}
1585
1586static void hci_cc_le_del_from_resolv_list(struct hci_dev *hdev,
1587 struct sk_buff *skb)
1588{
1589 struct hci_cp_le_del_from_resolv_list *sent;
1590 __u8 status = *((__u8 *) skb->data);
1591
1592 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1593
1594 if (status)
1595 return;
1596
1597 sent = hci_sent_cmd_data(hdev, HCI_OP_LE_DEL_FROM_RESOLV_LIST);
1598 if (!sent)
1599 return;
1600
1601 hci_bdaddr_list_del_with_irk(&hdev->le_resolv_list, &sent->bdaddr,
1602 sent->bdaddr_type);
1603}
1604
545f2596
AN		 1605static void hci_cc_le_clear_resolv_list(struct hci_dev *hdev,
1606 struct sk_buff *skb)
1607{
1608 __u8 status = *((__u8 *) skb->data);
1609
1610 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1611
1612 if (status)
1613 return;
1614
1615 hci_bdaddr_list_clear(&hdev->le_resolv_list);
1616}
1617
cfdb0c2d
AN		 1618static void hci_cc_le_read_resolv_list_size(struct hci_dev *hdev,
1619 struct sk_buff *skb)
1620{
1621 struct hci_rp_le_read_resolv_list_size *rp = (void *) skb->data;
1622
1623 BT_DBG("%s status 0x%2.2x size %u", hdev->name, rp->status, rp->size);
1624
1625 if (rp->status)
1626 return;
1627
1628 hdev->le_resolv_list_size = rp->size;
1629}
1630
aa12af77
AN		 1631static void hci_cc_le_set_addr_resolution_enable(struct hci_dev *hdev,
1632 struct sk_buff *skb)
1633{
1634 __u8 *sent, status = *((__u8 *) skb->data);
1635
1636 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1637
1638 if (status)
1639 return;
1640
1641 sent = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_ADDR_RESOLV_ENABLE);
1642 if (!sent)
1643 return;
1644
1645 hci_dev_lock(hdev);
1646
1647 if (*sent)
1648 hci_dev_set_flag(hdev, HCI_LL_RPA_RESOLUTION);
1649 else
1650 hci_dev_clear_flag(hdev, HCI_LL_RPA_RESOLUTION);
1651
1652 hci_dev_unlock(hdev);
1653}
1654
a8e1bfaa
MH		 1655static void hci_cc_le_read_max_data_len(struct hci_dev *hdev,
1656 struct sk_buff *skb)
1657{
1658 struct hci_rp_le_read_max_data_len *rp = (void *) skb->data;
1659
1660 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1661
1662 if (rp->status)
1663 return;
1664
1665 hdev->le_max_tx_len = le16_to_cpu(rp->tx_len);
1666 hdev->le_max_tx_time = le16_to_cpu(rp->tx_time);
1667 hdev->le_max_rx_len = le16_to_cpu(rp->rx_len);
1668 hdev->le_max_rx_time = le16_to_cpu(rp->rx_time);
1669}
1670
6039aa73
GP		 1671static void hci_cc_write_le_host_supported(struct hci_dev *hdev,
1672 struct sk_buff *skb)
f9b49306 1673{
06199cf8 1674 struct hci_cp_write_le_host_supported *sent;
f9b49306
AG		 1675 __u8 status = *((__u8 *) skb->data);
1676
9f1db00c 1677 BT_DBG("%s status 0x%2.2x", hdev->name, status);
f9b49306 1678
45296acd
MH		 1679 if (status)
1680 return;
1681
06199cf8 1682 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED);
8f984dfa 1683 if (!sent)
f9b49306
AG		 1684 return;
1685
5c1a4c8f
JK		 1686 hci_dev_lock(hdev);
1687
45296acd
MH		 1688 if (sent->le) {
1689 hdev->features[1][0] |= LMP_HOST_LE;
a1536da2 1690 hci_dev_set_flag(hdev, HCI_LE_ENABLED);
45296acd
MH		 1691 } else {
1692 hdev->features[1][0] &= ~LMP_HOST_LE;
a358dc11
MH		 1693 hci_dev_clear_flag(hdev, HCI_LE_ENABLED);
1694 hci_dev_clear_flag(hdev, HCI_ADVERTISING);
8f984dfa 1695 }
45296acd
MH		 1696
1697 if (sent->simul)
1698 hdev->features[1][0] |= LMP_HOST_LE_BREDR;
1699 else
1700 hdev->features[1][0] &= ~LMP_HOST_LE_BREDR;
5c1a4c8f
JK		 1701
1702 hci_dev_unlock(hdev);
f9b49306
AG		 1703}
1704
56ed2cb8
JH		 1705static void hci_cc_set_adv_param(struct hci_dev *hdev, struct sk_buff *skb)
1706{
1707 struct hci_cp_le_set_adv_param *cp;
1708 u8 status = *((u8 *) skb->data);
1709
1710 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1711
1712 if (status)
1713 return;
1714
1715 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_ADV_PARAM);
1716 if (!cp)
1717 return;
1718
1719 hci_dev_lock(hdev);
1720 hdev->adv_addr_type = cp->own_address_type;
1721 hci_dev_unlock(hdev);
1722}
1723
de181e88
JK		 1724static void hci_cc_set_ext_adv_param(struct hci_dev *hdev, struct sk_buff *skb)
1725{
1726 struct hci_rp_le_set_ext_adv_params *rp = (void *) skb->data;
1727 struct hci_cp_le_set_ext_adv_params *cp;
1728 struct adv_info *adv_instance;
1729
1730 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1731
1732 if (rp->status)
1733 return;
1734
1735 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_EXT_ADV_PARAMS);
1736 if (!cp)
1737 return;
1738
1739 hci_dev_lock(hdev);
1740 hdev->adv_addr_type = cp->own_addr_type;
1741 if (!hdev->cur_adv_instance) {
1742 /* Store in hdev for instance 0 */
1743 hdev->adv_tx_power = rp->tx_power;
1744 } else {
1745 adv_instance = hci_find_adv_instance(hdev,
1746 hdev->cur_adv_instance);
1747 if (adv_instance)
1748 adv_instance->tx_power = rp->tx_power;
1749 }
a0fb3726
JK		 1750 /* Update adv data as tx power is known now */
1751 hci_req_update_adv_data(hdev, hdev->cur_adv_instance);
de181e88
JK		 1752 hci_dev_unlock(hdev);
1753}
1754
5ae76a94
AK		 1755static void hci_cc_read_rssi(struct hci_dev *hdev, struct sk_buff *skb)
1756{
1757 struct hci_rp_read_rssi *rp = (void *) skb->data;
1758 struct hci_conn *conn;
1759
1760 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1761
1762 if (rp->status)
1763 return;
1764
1765 hci_dev_lock(hdev);
1766
1767 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
1768 if (conn)
1769 conn->rssi = rp->rssi;
1770
1771 hci_dev_unlock(hdev);
1772}
1773
5a134fae
AK		 1774static void hci_cc_read_tx_power(struct hci_dev *hdev, struct sk_buff *skb)
1775{
1776 struct hci_cp_read_tx_power *sent;
1777 struct hci_rp_read_tx_power *rp = (void *) skb->data;
1778 struct hci_conn *conn;
1779
1780 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1781
1782 if (rp->status)
1783 return;
1784
1785 sent = hci_sent_cmd_data(hdev, HCI_OP_READ_TX_POWER);
1786 if (!sent)
1787 return;
1788
1789 hci_dev_lock(hdev);
1790
1791 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
d0455ed9
AK		 1792 if (!conn)
1793 goto unlock;
1794
1795 switch (sent->type) {
1796 case 0x00:
5a134fae 1797 conn->tx_power = rp->tx_power;
d0455ed9
AK		 1798 break;
1799 case 0x01:
1800 conn->max_tx_power = rp->tx_power;
1801 break;
1802 }
5a134fae 1803
d0455ed9 1804unlock:
5a134fae
AK		 1805 hci_dev_unlock(hdev);
1806}
1807
c50b33c8
MH		 1808static void hci_cc_write_ssp_debug_mode(struct hci_dev *hdev, struct sk_buff *skb)
1809{
1810 u8 status = *((u8 *) skb->data);
1811 u8 *mode;
1812
1813 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1814
1815 if (status)
1816 return;
1817
1818 mode = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SSP_DEBUG_MODE);
1819 if (mode)
1820 hdev->ssp_debug_mode = *mode;
1821}
1822
6039aa73 1823static void hci_cs_inquiry(struct hci_dev *hdev, __u8 status)
a9de9248 1824{
9f1db00c 1825 BT_DBG("%s status 0x%2.2x", hdev->name, status);
a9de9248
MH		 1826
1827 if (status) {
a9de9248 1828 hci_conn_check_pending(hdev);
314b2381
JH		 1829 return;
1830 }
1831
89352e7d 1832 set_bit(HCI_INQUIRY, &hdev->flags);
1da177e4
LT		 1833}
1834
6039aa73 1835static void hci_cs_create_conn(struct hci_dev *hdev, __u8 status)
1da177e4 1836{
a9de9248 1837 struct hci_cp_create_conn *cp;
1da177e4 1838 struct hci_conn *conn;
1da177e4 1839
9f1db00c 1840 BT_DBG("%s status 0x%2.2x", hdev->name, status);
a9de9248
MH		 1841
1842 cp = hci_sent_cmd_data(hdev, HCI_OP_CREATE_CONN);
1da177e4
LT		 1843 if (!cp)
1844 return;
1845
1846 hci_dev_lock(hdev);
1847
1848 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1849
6ed93dc6 1850 BT_DBG("%s bdaddr %pMR hcon %p", hdev->name, &cp->bdaddr, conn);
1da177e4
LT		 1851
1852 if (status) {
1853 if (conn && conn->state == BT_CONNECT) {
4c67bc74
MH		 1854 if (status != 0x0c || conn->attempt > 2) {
1855 conn->state = BT_CLOSED;
539c496d 1856 hci_connect_cfm(conn, status);
4c67bc74
MH		 1857 hci_conn_del(conn);
1858 } else
1859 conn->state = BT_CONNECT2;
1da177e4
LT		 1860 }
1861 } else {
1862 if (!conn) {
a5c4e309
JH		 1863 conn = hci_conn_add(hdev, ACL_LINK, &cp->bdaddr,
1864 HCI_ROLE_MASTER);
1865 if (!conn)
2064ee33 1866 bt_dev_err(hdev, "no memory for new connection");
1da177e4
LT		 1867 }
1868 }
1869
1870 hci_dev_unlock(hdev);
1871}
1872
a9de9248 1873static void hci_cs_add_sco(struct hci_dev *hdev, __u8 status)
1da177e4 1874{
a9de9248
MH		 1875 struct hci_cp_add_sco *cp;
1876 struct hci_conn *acl, *sco;
1877 __u16 handle;
1da177e4 1878
9f1db00c 1879 BT_DBG("%s status 0x%2.2x", hdev->name, status);
b6a0dc82 1880
a9de9248
MH		 1881 if (!status)
1882 return;
1da177e4 1883
a9de9248
MH		 1884 cp = hci_sent_cmd_data(hdev, HCI_OP_ADD_SCO);
1885 if (!cp)
1886 return;
1da177e4 1887
a9de9248 1888 handle = __le16_to_cpu(cp->handle);
1da177e4 1889
9f1db00c 1890 BT_DBG("%s handle 0x%4.4x", hdev->name, handle);
1da177e4 1891
a9de9248 1892 hci_dev_lock(hdev);
1da177e4 1893
a9de9248 1894 acl = hci_conn_hash_lookup_handle(hdev, handle);
5a08ecce
AE		 1895 if (acl) {
1896 sco = acl->link;
1897 if (sco) {
1898 sco->state = BT_CLOSED;
1da177e4 1899
539c496d 1900 hci_connect_cfm(sco, status);
5a08ecce
AE		 1901 hci_conn_del(sco);
1902 }
a9de9248 1903 }
1da177e4 1904
a9de9248
MH		 1905 hci_dev_unlock(hdev);
1906}
1da177e4 1907
f8558555
MH		 1908static void hci_cs_auth_requested(struct hci_dev *hdev, __u8 status)
1909{
1910 struct hci_cp_auth_requested *cp;
1911 struct hci_conn *conn;
1912
9f1db00c 1913 BT_DBG("%s status 0x%2.2x", hdev->name, status);
f8558555
MH		 1914
1915 if (!status)
1916 return;
1917
1918 cp = hci_sent_cmd_data(hdev, HCI_OP_AUTH_REQUESTED);
1919 if (!cp)
1920 return;
1921
1922 hci_dev_lock(hdev);
1923
1924 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1925 if (conn) {
1926 if (conn->state == BT_CONFIG) {
539c496d 1927 hci_connect_cfm(conn, status);
76a68ba0 1928 hci_conn_drop(conn);
f8558555
MH		 1929 }
1930 }
1931
1932 hci_dev_unlock(hdev);
1933}
1934
1935static void hci_cs_set_conn_encrypt(struct hci_dev *hdev, __u8 status)
1936{
1937 struct hci_cp_set_conn_encrypt *cp;
1938 struct hci_conn *conn;
1939
9f1db00c 1940 BT_DBG("%s status 0x%2.2x", hdev->name, status);
f8558555
MH		 1941
1942 if (!status)
1943 return;
1944
1945 cp = hci_sent_cmd_data(hdev, HCI_OP_SET_CONN_ENCRYPT);
1946 if (!cp)
1947 return;
1948
1949 hci_dev_lock(hdev);
1950
1951 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1952 if (conn) {
1953 if (conn->state == BT_CONFIG) {
539c496d 1954 hci_connect_cfm(conn, status);
76a68ba0 1955 hci_conn_drop(conn);
f8558555
MH		 1956 }
1957 }
1958
1959 hci_dev_unlock(hdev);
1960}
1961
127178d2 1962static int hci_outgoing_auth_needed(struct hci_dev *hdev,
807deac2 1963 struct hci_conn *conn)
392599b9 1964{
392599b9
JH		 1965 if (conn->state != BT_CONFIG || !conn->out)
1966 return 0;
1967
765c2a96 1968 if (conn->pending_sec_level == BT_SECURITY_SDP)
392599b9
JH		 1969 return 0;
1970
1971 /* Only request authentication for SSP connections or non-SSP
264b8b4e
JH		 1972 * devices with sec_level MEDIUM or HIGH or if MITM protection
1973 * is requested.
1974 */
807deac2 1975 if (!hci_conn_ssp_enabled(conn) && !(conn->auth_type & 0x01) &&
7e3691e1 1976 conn->pending_sec_level != BT_SECURITY_FIPS &&
264b8b4e
JH		 1977 conn->pending_sec_level != BT_SECURITY_HIGH &&
1978 conn->pending_sec_level != BT_SECURITY_MEDIUM)
392599b9
JH		 1979 return 0;
1980
392599b9
JH		 1981 return 1;
1982}
1983
6039aa73 1984static int hci_resolve_name(struct hci_dev *hdev,
04124681 1985 struct inquiry_entry *e)
30dc78e1
JH		 1986{
1987 struct hci_cp_remote_name_req cp;
1988
1989 memset(&cp, 0, sizeof(cp));
1990
1991 bacpy(&cp.bdaddr, &e->data.bdaddr);
1992 cp.pscan_rep_mode = e->data.pscan_rep_mode;
1993 cp.pscan_mode = e->data.pscan_mode;
1994 cp.clock_offset = e->data.clock_offset;
1995
1996 return hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
1997}
1998
b644ba33 1999static bool hci_resolve_next_name(struct hci_dev *hdev)
30dc78e1
JH		 2000{
2001 struct discovery_state *discov = &hdev->discovery;
2002 struct inquiry_entry *e;
2003
b644ba33
JH		 2004 if (list_empty(&discov->resolve))
2005 return false;
2006
2007 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_NEEDED);
c810089c
RM		 2008 if (!e)
2009 return false;
2010
b644ba33
JH		 2011 if (hci_resolve_name(hdev, e) == 0) {
2012 e->name_state = NAME_PENDING;
2013 return true;
2014 }
2015
2016 return false;
2017}
2018
2019static void hci_check_pending_name(struct hci_dev *hdev, struct hci_conn *conn,
04124681 2020 bdaddr_t *bdaddr, u8 *name, u8 name_len)
b644ba33
JH		 2021{
2022 struct discovery_state *discov = &hdev->discovery;
2023 struct inquiry_entry *e;
2024
60cb49d2
JH		 2025 /* Update the mgmt connected state if necessary. Be careful with
2026 * conn objects that exist but are not (yet) connected however.
2027 * Only those in BT_CONFIG or BT_CONNECTED states can be
2028 * considered connected.
2029 */
2030 if (conn &&
2031 (conn->state == BT_CONFIG || conn->state == BT_CONNECTED) &&
cb77c3ec 2032 !test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
48ec92fa 2033 mgmt_device_connected(hdev, conn, 0, name, name_len);
b644ba33
JH		 2034
2035 if (discov->state == DISCOVERY_STOPPED)
2036 return;
2037
30dc78e1
JH		 2038 if (discov->state == DISCOVERY_STOPPING)
2039 goto discov_complete;
2040
2041 if (discov->state != DISCOVERY_RESOLVING)
2042 return;
2043
2044 e = hci_inquiry_cache_lookup_resolve(hdev, bdaddr, NAME_PENDING);
7cc8380e
RM		 2045 /* If the device was not found in a list of found devices names of which
2046 * are pending. there is no need to continue resolving a next name as it
2047 * will be done upon receiving another Remote Name Request Complete
2048 * Event */
2049 if (!e)
2050 return;
2051
2052 list_del(&e->list);
2053 if (name) {
30dc78e1 2054 e->name_state = NAME_KNOWN;
7cc8380e
RM		 2055 mgmt_remote_name(hdev, bdaddr, ACL_LINK, 0x00,
2056 e->data.rssi, name, name_len);
c3e7c0d9
RM		 2057 } else {
2058 e->name_state = NAME_NOT_KNOWN;
30dc78e1
JH		 2059 }
2060
b644ba33 2061 if (hci_resolve_next_name(hdev))
30dc78e1 2062 return;
30dc78e1
JH		 2063
2064discov_complete:
2065 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
2066}
2067
a9de9248
MH		 2068static void hci_cs_remote_name_req(struct hci_dev *hdev, __u8 status)
2069{
127178d2
JH		 2070 struct hci_cp_remote_name_req *cp;
2071 struct hci_conn *conn;
2072
9f1db00c 2073 BT_DBG("%s status 0x%2.2x", hdev->name, status);
127178d2
JH		 2074
2075 /* If successful wait for the name req complete event before
2076 * checking for the need to do authentication */
2077 if (!status)
2078 return;
2079
2080 cp = hci_sent_cmd_data(hdev, HCI_OP_REMOTE_NAME_REQ);
2081 if (!cp)
2082 return;
2083
2084 hci_dev_lock(hdev);
2085
b644ba33
JH		 2086 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
2087
d7a5a11d 2088 if (hci_dev_test_flag(hdev, HCI_MGMT))
b644ba33 2089 hci_check_pending_name(hdev, conn, &cp->bdaddr, NULL, 0);
30dc78e1 2090
79c6c70c
JH		 2091 if (!conn)
2092 goto unlock;
2093
2094 if (!hci_outgoing_auth_needed(hdev, conn))
2095 goto unlock;
2096
51a8efd7 2097 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
c1f23a2b
JB		 2098 struct hci_cp_auth_requested auth_cp;
2099
977f8fce
JH		 2100 set_bit(HCI_CONN_AUTH_INITIATOR, &conn->flags);
2101
c1f23a2b
JB		 2102 auth_cp.handle = __cpu_to_le16(conn->handle);
2103 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED,
2104 sizeof(auth_cp), &auth_cp);
127178d2
JH		 2105 }
2106
79c6c70c 2107unlock:
127178d2 2108 hci_dev_unlock(hdev);
a9de9248 2109}
1da177e4 2110
769be974
MH		 2111static void hci_cs_read_remote_features(struct hci_dev *hdev, __u8 status)
2112{
2113 struct hci_cp_read_remote_features *cp;
2114 struct hci_conn *conn;
2115
9f1db00c 2116 BT_DBG("%s status 0x%2.2x", hdev->name, status);
769be974
MH		 2117
2118 if (!status)
2119 return;
2120
2121 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_FEATURES);
2122 if (!cp)
2123 return;
2124
2125 hci_dev_lock(hdev);
2126
2127 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
2128 if (conn) {
2129 if (conn->state == BT_CONFIG) {
539c496d 2130 hci_connect_cfm(conn, status);
76a68ba0 2131 hci_conn_drop(conn);
769be974
MH		 2132 }
2133 }
2134
2135 hci_dev_unlock(hdev);
2136}
2137
2138static void hci_cs_read_remote_ext_features(struct hci_dev *hdev, __u8 status)
2139{
2140 struct hci_cp_read_remote_ext_features *cp;
2141 struct hci_conn *conn;
2142
9f1db00c 2143 BT_DBG("%s status 0x%2.2x", hdev->name, status);
769be974
MH		 2144
2145 if (!status)
2146 return;
2147
2148 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES);
2149 if (!cp)
2150 return;
2151
2152 hci_dev_lock(hdev);
2153
2154 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
2155 if (conn) {
2156 if (conn->state == BT_CONFIG) {
539c496d 2157 hci_connect_cfm(conn, status);
76a68ba0 2158 hci_conn_drop(conn);
769be974
MH		 2159 }
2160 }
2161
2162 hci_dev_unlock(hdev);
2163}
2164
a9de9248
MH		 2165static void hci_cs_setup_sync_conn(struct hci_dev *hdev, __u8 status)
2166{
b6a0dc82
MH		 2167 struct hci_cp_setup_sync_conn *cp;
2168 struct hci_conn *acl, *sco;
2169 __u16 handle;
2170
9f1db00c 2171 BT_DBG("%s status 0x%2.2x", hdev->name, status);
b6a0dc82
MH		 2172
2173 if (!status)
2174 return;
2175
2176 cp = hci_sent_cmd_data(hdev, HCI_OP_SETUP_SYNC_CONN);
2177 if (!cp)
2178 return;
2179
2180 handle = __le16_to_cpu(cp->handle);
2181
9f1db00c 2182 BT_DBG("%s handle 0x%4.4x", hdev->name, handle);
b6a0dc82
MH		 2183
2184 hci_dev_lock(hdev);
2185
2186 acl = hci_conn_hash_lookup_handle(hdev, handle);
5a08ecce
AE		 2187 if (acl) {
2188 sco = acl->link;
2189 if (sco) {
2190 sco->state = BT_CLOSED;
b6a0dc82 2191
539c496d 2192 hci_connect_cfm(sco, status);
5a08ecce
AE		 2193 hci_conn_del(sco);
2194 }
b6a0dc82
MH		 2195 }
2196
2197 hci_dev_unlock(hdev);
1da177e4
LT		 2198}
2199
a9de9248 2200static void hci_cs_sniff_mode(struct hci_dev *hdev, __u8 status)
1da177e4 2201{
a9de9248
MH		 2202 struct hci_cp_sniff_mode *cp;
2203 struct hci_conn *conn;
1da177e4 2204
9f1db00c 2205 BT_DBG("%s status 0x%2.2x", hdev->name, status);
04837f64 2206
a9de9248
MH		 2207 if (!status)
2208 return;
04837f64 2209
a9de9248
MH		 2210 cp = hci_sent_cmd_data(hdev, HCI_OP_SNIFF_MODE);
2211 if (!cp)
2212 return;
04837f64 2213
a9de9248 2214 hci_dev_lock(hdev);
04837f64 2215
a9de9248 2216 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
e73439d8 2217 if (conn) {
51a8efd7 2218 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags);
04837f64 2219
51a8efd7 2220 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
e73439d8
MH		 2221 hci_sco_setup(conn, status);
2222 }
2223
a9de9248
MH		 2224 hci_dev_unlock(hdev);
2225}
04837f64 2226
a9de9248
MH		 2227static void hci_cs_exit_sniff_mode(struct hci_dev *hdev, __u8 status)
2228{
2229 struct hci_cp_exit_sniff_mode *cp;
2230 struct hci_conn *conn;
04837f64 2231
9f1db00c 2232 BT_DBG("%s status 0x%2.2x", hdev->name, status);
04837f64 2233
a9de9248
MH		 2234 if (!status)
2235 return;
04837f64 2236
a9de9248
MH		 2237 cp = hci_sent_cmd_data(hdev, HCI_OP_EXIT_SNIFF_MODE);
2238 if (!cp)
2239 return;
04837f64 2240
a9de9248 2241 hci_dev_lock(hdev);
1da177e4 2242
a9de9248 2243 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
e73439d8 2244 if (conn) {
51a8efd7 2245 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags);
1da177e4 2246
51a8efd7 2247 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
e73439d8
MH		 2248 hci_sco_setup(conn, status);
2249 }
2250
a9de9248 2251 hci_dev_unlock(hdev);
1da177e4
LT		 2252}
2253
88c3df13
JH		 2254static void hci_cs_disconnect(struct hci_dev *hdev, u8 status)
2255{
2256 struct hci_cp_disconnect *cp;
2257 struct hci_conn *conn;
2258
2259 if (!status)
2260 return;
2261
2262 cp = hci_sent_cmd_data(hdev, HCI_OP_DISCONNECT);
2263 if (!cp)
2264 return;
2265
2266 hci_dev_lock(hdev);
2267
2268 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
b8d29052
JH		 2269 if (conn) {
2270 u8 type = conn->type;
2271
88c3df13 2272 mgmt_disconnect_failed(hdev, &conn->dst, conn->type,
04124681 2273 conn->dst_type, status);
88c3df13 2274
b8d29052
JH		 2275 /* If the disconnection failed for any reason, the upper layer
2276 * does not retry to disconnect in current implementation.
2277 * Hence, we need to do some basic cleanup here and re-enable
2278 * advertising if necessary.
2279 */
2280 hci_conn_del(conn);
2281 if (type == LE_LINK)
2282 hci_req_reenable_advertising(hdev);
2283 }
2284
88c3df13
JH		 2285 hci_dev_unlock(hdev);
2286}
2287
d12fb056
JK		 2288static void cs_le_create_conn(struct hci_dev *hdev, bdaddr_t *peer_addr,
2289 u8 peer_addr_type, u8 own_address_type,
2290 u8 filter_policy)
cb1d68f7 2291{
cb1d68f7
JH		 2292 struct hci_conn *conn;
2293
d12fb056
JK		 2294 conn = hci_conn_hash_lookup_le(hdev, peer_addr,
2295 peer_addr_type);
cb1d68f7 2296 if (!conn)
d12fb056 2297 return;
cb1d68f7
JH		 2298
2299 /* Store the initiator and responder address information which
2300 * is needed for SMP. These values will not change during the
2301 * lifetime of the connection.
2302 */
d12fb056
JK		 2303 conn->init_addr_type = own_address_type;
2304 if (own_address_type == ADDR_LE_DEV_RANDOM)
cb1d68f7
JH		 2305 bacpy(&conn->init_addr, &hdev->random_addr);
2306 else
2307 bacpy(&conn->init_addr, &hdev->bdaddr);
2308
d12fb056
JK		 2309 conn->resp_addr_type = peer_addr_type;
2310 bacpy(&conn->resp_addr, peer_addr);
cb1d68f7 2311
9489eca4
JH		 2312 /* We don't want the connection attempt to stick around
2313 * indefinitely since LE doesn't have a page timeout concept
2314 * like BR/EDR. Set a timer for any connection that doesn't use
2315 * the white list for connecting.
2316 */
d12fb056 2317 if (filter_policy == HCI_LE_USE_PEER_ADDR)
9489eca4
JH		 2318 queue_delayed_work(conn->hdev->workqueue,
2319 &conn->le_conn_timeout,
09ae260b 2320 conn->conn_timeout);
d12fb056
JK		 2321}
2322
2323static void hci_cs_le_create_conn(struct hci_dev *hdev, u8 status)
2324{
2325 struct hci_cp_le_create_conn *cp;
2326
2327 BT_DBG("%s status 0x%2.2x", hdev->name, status);
2328
2329 /* All connection failure handling is taken care of by the
2330 * hci_le_conn_failed function which is triggered by the HCI
2331 * request completion callbacks used for connecting.
2332 */
2333 if (status)
2334 return;
2335
2336 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_CREATE_CONN);
2337 if (!cp)
2338 return;
2339
2340 hci_dev_lock(hdev);
2341
2342 cs_le_create_conn(hdev, &cp->peer_addr, cp->peer_addr_type,
2343 cp->own_address_type, cp->filter_policy);
9489eca4 2344
cb1d68f7
JH		 2345 hci_dev_unlock(hdev);
2346}
2347
4d94f95d
JK		 2348static void hci_cs_le_ext_create_conn(struct hci_dev *hdev, u8 status)
2349{
2350 struct hci_cp_le_ext_create_conn *cp;
2351
2352 BT_DBG("%s status 0x%2.2x", hdev->name, status);
2353
2354 /* All connection failure handling is taken care of by the
2355 * hci_le_conn_failed function which is triggered by the HCI
2356 * request completion callbacks used for connecting.
2357 */
2358 if (status)
2359 return;
2360
2361 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_EXT_CREATE_CONN);
2362 if (!cp)
2363 return;
2364
2365 hci_dev_lock(hdev);
2366
2367 cs_le_create_conn(hdev, &cp->peer_addr, cp->peer_addr_type,
2368 cp->own_addr_type, cp->filter_policy);
2369
2370 hci_dev_unlock(hdev);
2371}
2372
0fe29fd1
MH		 2373static void hci_cs_le_read_remote_features(struct hci_dev *hdev, u8 status)
2374{
2375 struct hci_cp_le_read_remote_features *cp;
2376 struct hci_conn *conn;
2377
2378 BT_DBG("%s status 0x%2.2x", hdev->name, status);
2379
2380 if (!status)
2381 return;
2382
2383 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_READ_REMOTE_FEATURES);
2384 if (!cp)
2385 return;
2386
2387 hci_dev_lock(hdev);
2388
2389 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
2390 if (conn) {
2391 if (conn->state == BT_CONFIG) {
2392 hci_connect_cfm(conn, status);
2393 hci_conn_drop(conn);
2394 }
2395 }
2396
2397 hci_dev_unlock(hdev);
2398}
2399
81d0c8ad
JH		 2400static void hci_cs_le_start_enc(struct hci_dev *hdev, u8 status)
2401{
2402 struct hci_cp_le_start_enc *cp;
2403 struct hci_conn *conn;
2404
2405 BT_DBG("%s status 0x%2.2x", hdev->name, status);
2406
2407 if (!status)
2408 return;
2409
2410 hci_dev_lock(hdev);
2411
2412 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_START_ENC);
2413 if (!cp)
2414 goto unlock;
2415
2416 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
2417 if (!conn)
2418 goto unlock;
2419
2420 if (conn->state != BT_CONNECTED)
2421 goto unlock;
2422
2423 hci_disconnect(conn, HCI_ERROR_AUTH_FAILURE);
2424 hci_conn_drop(conn);
2425
2426unlock:
2427 hci_dev_unlock(hdev);
2428}
2429
50fc85f1
KP		 2430static void hci_cs_switch_role(struct hci_dev *hdev, u8 status)
2431{
2432 struct hci_cp_switch_role *cp;
2433 struct hci_conn *conn;
2434
2435 BT_DBG("%s status 0x%2.2x", hdev->name, status);
2436
2437 if (!status)
2438 return;
2439
2440 cp = hci_sent_cmd_data(hdev, HCI_OP_SWITCH_ROLE);
2441 if (!cp)
2442 return;
2443
2444 hci_dev_lock(hdev);
2445
2446 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
2447 if (conn)
2448 clear_bit(HCI_CONN_RSWITCH_PEND, &conn->flags);
2449
2450 hci_dev_unlock(hdev);
2451}
2452
6039aa73 2453static void hci_inquiry_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4
LT		 2454{
2455 __u8 status = *((__u8 *) skb->data);
30dc78e1
JH		 2456 struct discovery_state *discov = &hdev->discovery;
2457 struct inquiry_entry *e;
1da177e4 2458
9f1db00c 2459 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1da177e4 2460
a9de9248 2461 hci_conn_check_pending(hdev);
89352e7d
AG		 2462
2463 if (!test_and_clear_bit(HCI_INQUIRY, &hdev->flags))
2464 return;
2465
4e857c58 2466 smp_mb__after_atomic(); /* wake_up_bit advises about this barrier */
3e13fa1e
AG		 2467 wake_up_bit(&hdev->flags, HCI_INQUIRY);
2468
d7a5a11d 2469 if (!hci_dev_test_flag(hdev, HCI_MGMT))
30dc78e1
JH		 2470 return;
2471
56e5cb86 2472 hci_dev_lock(hdev);
30dc78e1 2473
343f935b 2474 if (discov->state != DISCOVERY_FINDING)
30dc78e1
JH		 2475 goto unlock;
2476
2477 if (list_empty(&discov->resolve)) {
07d2334a
JP		 2478 /* When BR/EDR inquiry is active and no LE scanning is in
2479 * progress, then change discovery state to indicate completion.
2480 *
2481 * When running LE scanning and BR/EDR inquiry simultaneously
2482 * and the LE scan already finished, then change the discovery
2483 * state to indicate completion.
2484 */
2485 if (!hci_dev_test_flag(hdev, HCI_LE_SCAN) ||
2486 !test_bit(HCI_QUIRK_SIMULTANEOUS_DISCOVERY, &hdev->quirks))
2487 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
30dc78e1
JH		 2488 goto unlock;
2489 }
2490
2491 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_NEEDED);
2492 if (e && hci_resolve_name(hdev, e) == 0) {
2493 e->name_state = NAME_PENDING;
2494 hci_discovery_set_state(hdev, DISCOVERY_RESOLVING);
2495 } else {
07d2334a
JP		 2496 /* When BR/EDR inquiry is active and no LE scanning is in
2497 * progress, then change discovery state to indicate completion.
2498 *
2499 * When running LE scanning and BR/EDR inquiry simultaneously
2500 * and the LE scan already finished, then change the discovery
2501 * state to indicate completion.
2502 */
2503 if (!hci_dev_test_flag(hdev, HCI_LE_SCAN) ||
2504 !test_bit(HCI_QUIRK_SIMULTANEOUS_DISCOVERY, &hdev->quirks))
2505 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
30dc78e1
JH		 2506 }
2507
2508unlock:
56e5cb86 2509 hci_dev_unlock(hdev);
1da177e4
LT		 2510}
2511
6039aa73 2512static void hci_inquiry_result_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 2513{
45bb4bf0 2514 struct inquiry_data data;
a9de9248 2515 struct inquiry_info *info = (void *) (skb->data + 1);
1da177e4
LT		 2516 int num_rsp = *((__u8 *) skb->data);
2517
2518 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
2519
45bb4bf0
MH		 2520 if (!num_rsp)
2521 return;
2522
d7a5a11d 2523 if (hci_dev_test_flag(hdev, HCI_PERIODIC_INQ))
1519cc17
AG		 2524 return;
2525
1da177e4 2526 hci_dev_lock(hdev);
45bb4bf0 2527
e17acd40 2528 for (; num_rsp; num_rsp--, info++) {
af58925c 2529 u32 flags;
3175405b 2530
1da177e4
LT		 2531 bacpy(&data.bdaddr, &info->bdaddr);
2532 data.pscan_rep_mode = info->pscan_rep_mode;
2533 data.pscan_period_mode = info->pscan_period_mode;
2534 data.pscan_mode = info->pscan_mode;
2535 memcpy(data.dev_class, info->dev_class, 3);
2536 data.clock_offset = info->clock_offset;
efb2513f 2537 data.rssi = HCI_RSSI_INVALID;
41a96212 2538 data.ssp_mode = 0x00;
3175405b 2539
af58925c
MH		 2540 flags = hci_inquiry_cache_update(hdev, &data, false);
2541
48264f06 2542 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
efb2513f
MH		 2543 info->dev_class, HCI_RSSI_INVALID,
2544 flags, NULL, 0, NULL, 0);
1da177e4 2545 }
45bb4bf0 2546
1da177e4
LT		 2547 hci_dev_unlock(hdev);
2548}
2549
6039aa73 2550static void hci_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 2551{
a9de9248 2552 struct hci_ev_conn_complete *ev = (void *) skb->data;
4f40afc6 2553 struct inquiry_entry *ie;
a9de9248 2554 struct hci_conn *conn;
1da177e4
LT		 2555
2556 BT_DBG("%s", hdev->name);
2557
2558 hci_dev_lock(hdev);
2559
2560 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
9499237a 2561 if (!conn) {
4f40afc6
APS		 2562 /* Connection may not exist if auto-connected. Check the inquiry
2563 * cache to see if we've already discovered this bdaddr before.
2564 * If found and link is an ACL type, create a connection class
2565 * automatically.
2566 */
2567 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
2568 if (ie && ev->link_type == ACL_LINK) {
2569 conn = hci_conn_add(hdev, ev->link_type, &ev->bdaddr,
2570 HCI_ROLE_SLAVE);
2571 if (!conn) {
2572 bt_dev_err(hdev, "no memory for new conn");
2573 goto unlock;
2574 }
2d186fcd
APS		 2575 } else {
2576 if (ev->link_type != SCO_LINK)
2577 goto unlock;
9499237a 2578
2d186fcd
APS		 2579 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK,
2580 &ev->bdaddr);
2581 if (!conn)
2582 goto unlock;
9499237a 2583
2d186fcd
APS		 2584 conn->type = SCO_LINK;
2585 }
9499237a 2586 }
1da177e4
LT		 2587
2588 if (!ev->status) {
2589 conn->handle = __le16_to_cpu(ev->handle);
769be974
MH		 2590
2591 if (conn->type == ACL_LINK) {
2592 conn->state = BT_CONFIG;
2593 hci_conn_hold(conn);
a9ea3ed9
SJ		 2594
2595 if (!conn->out && !hci_conn_ssp_enabled(conn) &&
2596 !hci_find_link_key(hdev, &ev->bdaddr))
2597 conn->disc_timeout = HCI_PAIRING_TIMEOUT;
2598 else
2599 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
769be974
MH		 2600 } else
2601 conn->state = BT_CONNECTED;
1da177e4 2602
23b9ceb7 2603 hci_debugfs_create_conn(conn);
7d0db0a3
MH		 2604 hci_conn_add_sysfs(conn);
2605
1da177e4 2606 if (test_bit(HCI_AUTH, &hdev->flags))
4dae2798 2607 set_bit(HCI_CONN_AUTH, &conn->flags);
1da177e4
LT		 2608
2609 if (test_bit(HCI_ENCRYPT, &hdev->flags))
4dae2798 2610 set_bit(HCI_CONN_ENCRYPT, &conn->flags);
1da177e4 2611
04837f64
MH		 2612 /* Get remote features */
2613 if (conn->type == ACL_LINK) {
2614 struct hci_cp_read_remote_features cp;
2615 cp.handle = ev->handle;
769be974 2616 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_FEATURES,
04124681 2617 sizeof(cp), &cp);
22f433dc 2618
01b1cb87 2619 hci_req_update_scan(hdev);
04837f64
MH		 2620 }
2621
1da177e4 2622 /* Set packet type for incoming connection */
d095c1eb 2623 if (!conn->out && hdev->hci_ver < BLUETOOTH_VER_2_0) {
1da177e4
LT		 2624 struct hci_cp_change_conn_ptype cp;
2625 cp.handle = ev->handle;
a8746417 2626 cp.pkt_type = cpu_to_le16(conn->pkt_type);
04124681
GP		 2627 hci_send_cmd(hdev, HCI_OP_CHANGE_CONN_PTYPE, sizeof(cp),
2628 &cp);
1da177e4 2629 }
17d5c04c 2630 } else {
1da177e4 2631 conn->state = BT_CLOSED;
17d5c04c 2632 if (conn->type == ACL_LINK)
64c7b77c 2633 mgmt_connect_failed(hdev, &conn->dst, conn->type,
04124681 2634 conn->dst_type, ev->status);
17d5c04c 2635 }
1da177e4 2636
e73439d8
MH		 2637 if (conn->type == ACL_LINK)
2638 hci_sco_setup(conn, ev->status);
1da177e4 2639
769be974 2640 if (ev->status) {
539c496d 2641 hci_connect_cfm(conn, ev->status);
1da177e4 2642 hci_conn_del(conn);
1f8330ea
SN		 2643 } else if (ev->link_type == SCO_LINK) {
2644 switch (conn->setting & SCO_AIRMODE_MASK) {
2645 case SCO_AIRMODE_CVSD:
2646 if (hdev->notify)
2647 hdev->notify(hdev, HCI_NOTIFY_ENABLE_SCO_CVSD);
2648 break;
2649 }
2650
539c496d 2651 hci_connect_cfm(conn, ev->status);
1f8330ea 2652 }
1da177e4 2653
a9de9248 2654unlock:
1da177e4 2655 hci_dev_unlock(hdev);
1da177e4 2656
a9de9248 2657 hci_conn_check_pending(hdev);
1da177e4
LT		 2658}
2659
70c46425
JH		 2660static void hci_reject_conn(struct hci_dev *hdev, bdaddr_t *bdaddr)
2661{
2662 struct hci_cp_reject_conn_req cp;
2663
2664 bacpy(&cp.bdaddr, bdaddr);
2665 cp.reason = HCI_ERROR_REJ_BAD_ADDR;
2666 hci_send_cmd(hdev, HCI_OP_REJECT_CONN_REQ, sizeof(cp), &cp);
2667}
2668
6039aa73 2669static void hci_conn_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 2670{
a9de9248
MH		 2671 struct hci_ev_conn_request *ev = (void *) skb->data;
2672 int mask = hdev->link_mode;
70c46425
JH		 2673 struct inquiry_entry *ie;
2674 struct hci_conn *conn;
20714bfe 2675 __u8 flags = 0;
1da177e4 2676
6ed93dc6 2677 BT_DBG("%s bdaddr %pMR type 0x%x", hdev->name, &ev->bdaddr,
807deac2 2678 ev->link_type);
1da177e4 2679
20714bfe
FD		 2680 mask |= hci_proto_connect_ind(hdev, &ev->bdaddr, ev->link_type,
2681 &flags);
1da177e4 2682
70c46425
JH		 2683 if (!(mask & HCI_LM_ACCEPT)) {
2684 hci_reject_conn(hdev, &ev->bdaddr);
2685 return;
2686 }
2687
46c4c941
JH		 2688 if (hci_bdaddr_list_lookup(&hdev->blacklist, &ev->bdaddr,
2689 BDADDR_BREDR)) {
2690 hci_reject_conn(hdev, &ev->bdaddr);
2691 return;
2692 }
2693
6a8fc95c
JH		 2694 /* Require HCI_CONNECTABLE or a whitelist entry to accept the
2695 * connection. These features are only touched through mgmt so
2696 * only do the checks if HCI_MGMT is set.
2697 */
d7a5a11d
MH		 2698 if (hci_dev_test_flag(hdev, HCI_MGMT) &&
2699 !hci_dev_test_flag(hdev, HCI_CONNECTABLE) &&
8baaa403
APS		 2700 !hci_bdaddr_list_lookup_with_flags(&hdev->whitelist, &ev->bdaddr,
2701 BDADDR_BREDR)) {
2702 hci_reject_conn(hdev, &ev->bdaddr);
2703 return;
70c46425 2704 }
1da177e4 2705
70c46425 2706 /* Connection accepted */
b6a0dc82 2707
70c46425
JH		 2708 hci_dev_lock(hdev);
2709
2710 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
2711 if (ie)
2712 memcpy(ie->data.dev_class, ev->dev_class, 3);
c7bdd502 2713
70c46425
JH		 2714 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type,
2715 &ev->bdaddr);
2716 if (!conn) {
a5c4e309
JH		 2717 conn = hci_conn_add(hdev, ev->link_type, &ev->bdaddr,
2718 HCI_ROLE_SLAVE);
a9de9248 2719 if (!conn) {
2064ee33 2720 bt_dev_err(hdev, "no memory for new connection");
70c46425
JH		 2721 hci_dev_unlock(hdev);
2722 return;
1da177e4 2723 }
70c46425 2724 }
b6a0dc82 2725
70c46425 2726 memcpy(conn->dev_class, ev->dev_class, 3);
b6a0dc82 2727
70c46425 2728 hci_dev_unlock(hdev);
1da177e4 2729
70c46425
JH		 2730 if (ev->link_type == ACL_LINK ||
2731 (!(flags & HCI_PROTO_DEFER) && !lmp_esco_capable(hdev))) {
2732 struct hci_cp_accept_conn_req cp;
2733 conn->state = BT_CONNECT;
1da177e4 2734
70c46425 2735 bacpy(&cp.bdaddr, &ev->bdaddr);
b6a0dc82 2736
70c46425
JH		 2737 if (lmp_rswitch_capable(hdev) && (mask & HCI_LM_MASTER))
2738 cp.role = 0x00; /* Become master */
2739 else
2740 cp.role = 0x01; /* Remain slave */
b6a0dc82 2741
70c46425
JH		 2742 hci_send_cmd(hdev, HCI_OP_ACCEPT_CONN_REQ, sizeof(cp), &cp);
2743 } else if (!(flags & HCI_PROTO_DEFER)) {
2744 struct hci_cp_accept_sync_conn_req cp;
2745 conn->state = BT_CONNECT;
b6a0dc82 2746
70c46425
JH		 2747 bacpy(&cp.bdaddr, &ev->bdaddr);
2748 cp.pkt_type = cpu_to_le16(conn->pkt_type);
b6a0dc82 2749
70c46425
JH		 2750 cp.tx_bandwidth = cpu_to_le32(0x00001f40);
2751 cp.rx_bandwidth = cpu_to_le32(0x00001f40);
2752 cp.max_latency = cpu_to_le16(0xffff);
2753 cp.content_format = cpu_to_le16(hdev->voice_setting);
2754 cp.retrans_effort = 0xff;
1da177e4 2755
70c46425
JH		 2756 hci_send_cmd(hdev, HCI_OP_ACCEPT_SYNC_CONN_REQ, sizeof(cp),
2757 &cp);
a9de9248 2758 } else {
70c46425 2759 conn->state = BT_CONNECT2;
539c496d 2760 hci_connect_cfm(conn, 0);
1da177e4 2761 }
1da177e4
LT		 2762}
2763
f0d6a0ea
MA		 2764static u8 hci_to_mgmt_reason(u8 err)
2765{
2766 switch (err) {
2767 case HCI_ERROR_CONNECTION_TIMEOUT:
2768 return MGMT_DEV_DISCONN_TIMEOUT;
2769 case HCI_ERROR_REMOTE_USER_TERM:
2770 case HCI_ERROR_REMOTE_LOW_RESOURCES:
2771 case HCI_ERROR_REMOTE_POWER_OFF:
2772 return MGMT_DEV_DISCONN_REMOTE;
2773 case HCI_ERROR_LOCAL_HOST_TERM:
2774 return MGMT_DEV_DISCONN_LOCAL_HOST;
2775 default:
2776 return MGMT_DEV_DISCONN_UNKNOWN;
2777 }
2778}
2779
6039aa73 2780static void hci_disconn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
04837f64 2781{
a9de9248 2782 struct hci_ev_disconn_complete *ev = (void *) skb->data;
160b9251 2783 u8 reason;
9fcb18ef 2784 struct hci_conn_params *params;
04837f64 2785 struct hci_conn *conn;
12d4a3b2 2786 bool mgmt_connected;
3846220b 2787 u8 type;
04837f64 2788
9f1db00c 2789 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
04837f64
MH		 2790
2791 hci_dev_lock(hdev);
2792
2793 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
f7520543
JH		 2794 if (!conn)
2795 goto unlock;
7d0db0a3 2796
abf54a50
AG		 2797 if (ev->status) {
2798 mgmt_disconnect_failed(hdev, &conn->dst, conn->type,
2799 conn->dst_type, ev->status);
2800 goto unlock;
37d9ef76 2801 }
f7520543 2802
3846220b
AG		 2803 conn->state = BT_CLOSED;
2804
12d4a3b2 2805 mgmt_connected = test_and_clear_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags);
160b9251
SJ		 2806
2807 if (test_bit(HCI_CONN_AUTH_FAILURE, &conn->flags))
2808 reason = MGMT_DEV_DISCONN_AUTH_FAILURE;
2809 else
2810 reason = hci_to_mgmt_reason(ev->reason);
2811
12d4a3b2
JH		 2812 mgmt_device_disconnected(hdev, &conn->dst, conn->type, conn->dst_type,
2813 reason, mgmt_connected);
abf54a50 2814
22f433dc
JH		 2815 if (conn->type == ACL_LINK) {
2816 if (test_bit(HCI_CONN_FLUSH_KEY, &conn->flags))
2817 hci_remove_link_key(hdev, &conn->dst);
2818
01b1cb87 2819 hci_req_update_scan(hdev);
22f433dc 2820 }
2210246c 2821
9fcb18ef
AG		 2822 params = hci_conn_params_lookup(hdev, &conn->dst, conn->dst_type);
2823 if (params) {
2824 switch (params->auto_connect) {
2825 case HCI_AUTO_CONN_LINK_LOSS:
2826 if (ev->reason != HCI_ERROR_CONNECTION_TIMEOUT)
2827 break;
2828 /* Fall through */
2829
4b9e7e75 2830 case HCI_AUTO_CONN_DIRECT:
9fcb18ef 2831 case HCI_AUTO_CONN_ALWAYS:
418025d1
JH		 2832 list_del_init(&params->action);
2833 list_add(&params->action, &hdev->pend_le_conns);
2834 hci_update_background_scan(hdev);
9fcb18ef
AG		 2835 break;
2836
2837 default:
2838 break;
2839 }
2840 }
2841
3846220b 2842 type = conn->type;
2210246c 2843
3a6d576b 2844 hci_disconn_cfm(conn, ev->reason);
3846220b
AG		 2845 hci_conn_del(conn);
2846
4f40afc6
APS		 2847 /* The suspend notifier is waiting for all devices to disconnect so
2848 * clear the bit from pending tasks and inform the wait queue.
2849 */
2850 if (list_empty(&hdev->conn_hash.list) &&
2851 test_and_clear_bit(SUSPEND_DISCONNECTING, hdev->suspend_tasks)) {
2852 wake_up(&hdev->suspend_wait_q);
2853 }
2854
3846220b
AG		 2855 /* Re-enable advertising if necessary, since it might
2856 * have been disabled by the connection. From the
2857 * HCI_LE_Set_Advertise_Enable command description in
2858 * the core specification (v4.0):
2859 * "The Controller shall continue advertising until the Host
2860 * issues an LE_Set_Advertise_Enable command with
2861 * Advertising_Enable set to 0x00 (Advertising is disabled)
2862 * or until a connection is created or until the Advertising
2863 * is timed out due to Directed Advertising."
2864 */
2865 if (type == LE_LINK)
f2252570 2866 hci_req_reenable_advertising(hdev);
f7520543
JH		 2867
2868unlock:
04837f64
MH		 2869 hci_dev_unlock(hdev);
2870}
2871
6039aa73 2872static void hci_auth_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 2873{
a9de9248 2874 struct hci_ev_auth_complete *ev = (void *) skb->data;
04837f64 2875 struct hci_conn *conn;
1da177e4 2876
9f1db00c 2877 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
1da177e4
LT		 2878
2879 hci_dev_lock(hdev);
2880
04837f64 2881 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
d7556e20
WR		 2882 if (!conn)
2883 goto unlock;
2884
2885 if (!ev->status) {
160b9251
SJ		 2886 clear_bit(HCI_CONN_AUTH_FAILURE, &conn->flags);
2887
aa64a8b5 2888 if (!hci_conn_ssp_enabled(conn) &&
807deac2 2889 test_bit(HCI_CONN_REAUTH_PEND, &conn->flags)) {
2064ee33 2890 bt_dev_info(hdev, "re-auth of legacy device is not possible.");
2a611692 2891 } else {
4dae2798 2892 set_bit(HCI_CONN_AUTH, &conn->flags);
d7556e20 2893 conn->sec_level = conn->pending_sec_level;
2a611692 2894 }
d7556e20 2895 } else {
160b9251
SJ		 2896 if (ev->status == HCI_ERROR_PIN_OR_KEY_MISSING)
2897 set_bit(HCI_CONN_AUTH_FAILURE, &conn->flags);
2898
e1e930f5 2899 mgmt_auth_failed(conn, ev->status);
d7556e20 2900 }
1da177e4 2901
51a8efd7
JH		 2902 clear_bit(HCI_CONN_AUTH_PEND, &conn->flags);
2903 clear_bit(HCI_CONN_REAUTH_PEND, &conn->flags);
1da177e4 2904
d7556e20 2905 if (conn->state == BT_CONFIG) {
aa64a8b5 2906 if (!ev->status && hci_conn_ssp_enabled(conn)) {
d7556e20
WR		 2907 struct hci_cp_set_conn_encrypt cp;
2908 cp.handle = ev->handle;
2909 cp.encrypt = 0x01;
2910 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
807deac2 2911 &cp);
052b30b0 2912 } else {
d7556e20 2913 conn->state = BT_CONNECTED;
539c496d 2914 hci_connect_cfm(conn, ev->status);
76a68ba0 2915 hci_conn_drop(conn);
052b30b0 2916 }
d7556e20
WR		 2917 } else {
2918 hci_auth_cfm(conn, ev->status);
052b30b0 2919
d7556e20
WR		 2920 hci_conn_hold(conn);
2921 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
76a68ba0 2922 hci_conn_drop(conn);
d7556e20
WR		 2923 }
2924
51a8efd7 2925 if (test_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags)) {
d7556e20
WR		 2926 if (!ev->status) {
2927 struct hci_cp_set_conn_encrypt cp;
2928 cp.handle = ev->handle;
2929 cp.encrypt = 0x01;
2930 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
807deac2 2931 &cp);
d7556e20 2932 } else {
51a8efd7 2933 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
3ca44c16 2934 hci_encrypt_cfm(conn, ev->status);
1da177e4
LT		 2935 }
2936 }
2937
d7556e20 2938unlock:
1da177e4
LT		 2939 hci_dev_unlock(hdev);
2940}
2941
6039aa73 2942static void hci_remote_name_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 2943{
127178d2
JH		 2944 struct hci_ev_remote_name *ev = (void *) skb->data;
2945 struct hci_conn *conn;
2946
a9de9248 2947 BT_DBG("%s", hdev->name);
1da177e4 2948
a9de9248 2949 hci_conn_check_pending(hdev);
127178d2
JH		 2950
2951 hci_dev_lock(hdev);
2952
b644ba33 2953 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
30dc78e1 2954
d7a5a11d 2955 if (!hci_dev_test_flag(hdev, HCI_MGMT))
b644ba33 2956 goto check_auth;
a88a9652 2957
b644ba33
JH		 2958 if (ev->status == 0)
2959 hci_check_pending_name(hdev, conn, &ev->bdaddr, ev->name,
04124681 2960 strnlen(ev->name, HCI_MAX_NAME_LENGTH));
b644ba33
JH		 2961 else
2962 hci_check_pending_name(hdev, conn, &ev->bdaddr, NULL, 0);
2963
2964check_auth:
79c6c70c
JH		 2965 if (!conn)
2966 goto unlock;
2967
2968 if (!hci_outgoing_auth_needed(hdev, conn))
2969 goto unlock;
2970
51a8efd7 2971 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
127178d2 2972 struct hci_cp_auth_requested cp;
977f8fce
JH		 2973
2974 set_bit(HCI_CONN_AUTH_INITIATOR, &conn->flags);
2975
127178d2
JH		 2976 cp.handle = __cpu_to_le16(conn->handle);
2977 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp);
2978 }
2979
79c6c70c 2980unlock:
127178d2 2981 hci_dev_unlock(hdev);
a9de9248
MH		 2982}
2983
821f3766
JH		 2984static void read_enc_key_size_complete(struct hci_dev *hdev, u8 status,
2985 u16 opcode, struct sk_buff *skb)
2986{
2987 const struct hci_rp_read_enc_key_size *rp;
2988 struct hci_conn *conn;
2989 u16 handle;
2990
2991 BT_DBG("%s status 0x%02x", hdev->name, status);
2992
2993 if (!skb || skb->len < sizeof(*rp)) {
2064ee33 2994 bt_dev_err(hdev, "invalid read key size response");
821f3766
JH		 2995 return;
2996 }
2997
2998 rp = (void *)skb->data;
2999 handle = le16_to_cpu(rp->handle);
3000
3001 hci_dev_lock(hdev);
3002
3003 conn = hci_conn_hash_lookup_handle(hdev, handle);
3004 if (!conn)
3005 goto unlock;
3006
32b50729
AM		 3007 /* While unexpected, the read_enc_key_size command may fail. The most
3008 * secure approach is to then assume the key size is 0 to force a
3009 * disconnection.
821f3766
JH		 3010 */
3011 if (rp->status) {
2064ee33
MH		 3012 bt_dev_err(hdev, "failed to read key size for handle %u",
3013 handle);
32b50729 3014 conn->enc_key_size = 0;
821f3766
JH		 3015 } else {
3016 conn->enc_key_size = rp->key_size;
3017 }
3018
3ca44c16 3019 hci_encrypt_cfm(conn, 0);
821f3766
JH		 3020
3021unlock:
3022 hci_dev_unlock(hdev);
3023}
3024
6039aa73 3025static void hci_encrypt_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248
MH		 3026{
3027 struct hci_ev_encrypt_change *ev = (void *) skb->data;
3028 struct hci_conn *conn;
3029
9f1db00c 3030 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
1da177e4
LT		 3031
3032 hci_dev_lock(hdev);
3033
04837f64 3034 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
dc8357cc
MH		 3035 if (!conn)
3036 goto unlock;
1da177e4 3037
dc8357cc
MH		 3038 if (!ev->status) {
3039 if (ev->encrypt) {
3040 /* Encryption implies authentication */
4dae2798
JH		 3041 set_bit(HCI_CONN_AUTH, &conn->flags);
3042 set_bit(HCI_CONN_ENCRYPT, &conn->flags);
dc8357cc 3043 conn->sec_level = conn->pending_sec_level;
abf76bad 3044
914a6ffe
MH		 3045 /* P-256 authentication key implies FIPS */
3046 if (conn->key_type == HCI_LK_AUTH_COMBINATION_P256)
4dae2798 3047 set_bit(HCI_CONN_FIPS, &conn->flags);
914a6ffe 3048
abf76bad
MH		 3049 if ((conn->type == ACL_LINK && ev->encrypt == 0x02) ||
3050 conn->type == LE_LINK)
3051 set_bit(HCI_CONN_AES_CCM, &conn->flags);
3052 } else {
4dae2798 3053 clear_bit(HCI_CONN_ENCRYPT, &conn->flags);
abf76bad
MH		 3054 clear_bit(HCI_CONN_AES_CCM, &conn->flags);
3055 }
dc8357cc 3056 }
a7d7723a 3057
7ed3fa20
JH		 3058 /* We should disregard the current RPA and generate a new one
3059 * whenever the encryption procedure fails.
3060 */
a73c046a 3061 if (ev->status && conn->type == LE_LINK) {
a1536da2 3062 hci_dev_set_flag(hdev, HCI_RPA_EXPIRED);
a73c046a
JK		 3063 hci_adv_instances_set_rpa_expired(hdev, true);
3064 }
7ed3fa20 3065
dc8357cc 3066 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
f8558555 3067
8746f135
LAD		 3068 /* Check link security requirements are met */
3069 if (!hci_conn_check_link_mode(conn))
3070 ev->status = HCI_ERROR_AUTH_FAILURE;
3071
dc8357cc 3072 if (ev->status && conn->state == BT_CONNECTED) {
160b9251
SJ		 3073 if (ev->status == HCI_ERROR_PIN_OR_KEY_MISSING)
3074 set_bit(HCI_CONN_AUTH_FAILURE, &conn->flags);
3075
8746f135
LAD		 3076 /* Notify upper layers so they can cleanup before
3077 * disconnecting.
3078 */
3079 hci_encrypt_cfm(conn, ev->status);
dc8357cc
MH		 3080 hci_disconnect(conn, HCI_ERROR_AUTH_FAILURE);
3081 hci_conn_drop(conn);
3082 goto unlock;
1da177e4
LT		 3083 }
3084
821f3766
JH		 3085 /* Try reading the encryption key size for encrypted ACL links */
3086 if (!ev->status && ev->encrypt && conn->type == ACL_LINK) {
3087 struct hci_cp_read_enc_key_size cp;
3088 struct hci_request req;
3089
3090 /* Only send HCI_Read_Encryption_Key_Size if the
3091 * controller really supports it. If it doesn't, assume
3092 * the default size (16).
3093 */
3094 if (!(hdev->commands[20] & 0x10)) {
3095 conn->enc_key_size = HCI_LINK_KEY_SIZE;
3096 goto notify;
3097 }
3098
3099 hci_req_init(&req, hdev);
3100
3101 cp.handle = cpu_to_le16(conn->handle);
3102 hci_req_add(&req, HCI_OP_READ_ENC_KEY_SIZE, sizeof(cp), &cp);
3103
3104 if (hci_req_run_skb(&req, read_enc_key_size_complete)) {
2064ee33 3105 bt_dev_err(hdev, "sending read key size failed");
821f3766
JH		 3106 conn->enc_key_size = HCI_LINK_KEY_SIZE;
3107 goto notify;
3108 }
3109
3110 goto unlock;
3111 }
3112
302975cb
SRK		 3113 /* Set the default Authenticated Payload Timeout after
3114 * an LE Link is established. As per Core Spec v5.0, Vol 2, Part B
3115 * Section 3.3, the HCI command WRITE_AUTH_PAYLOAD_TIMEOUT should be
3116 * sent when the link is active and Encryption is enabled, the conn
3117 * type can be either LE or ACL and controller must support LMP Ping.
3118 * Ensure for AES-CCM encryption as well.
3119 */
3120 if (test_bit(HCI_CONN_ENCRYPT, &conn->flags) &&
3121 test_bit(HCI_CONN_AES_CCM, &conn->flags) &&
3122 ((conn->type == ACL_LINK && lmp_ping_capable(hdev)) ||
3123 (conn->type == LE_LINK && (hdev->le_features[0] & HCI_LE_PING)))) {
3124 struct hci_cp_write_auth_payload_to cp;
3125
3126 cp.handle = cpu_to_le16(conn->handle);
3127 cp.timeout = cpu_to_le16(hdev->auth_payload_timeout);
3128 hci_send_cmd(conn->hdev, HCI_OP_WRITE_AUTH_PAYLOAD_TO,
3129 sizeof(cp), &cp);
3130 }
3131
821f3766 3132notify:
3ca44c16 3133 hci_encrypt_cfm(conn, ev->status);
dc8357cc 3134
a7d7723a 3135unlock:
1da177e4
LT		 3136 hci_dev_unlock(hdev);
3137}
3138
6039aa73
GP		 3139static void hci_change_link_key_complete_evt(struct hci_dev *hdev,
3140 struct sk_buff *skb)
1da177e4 3141{
a9de9248 3142 struct hci_ev_change_link_key_complete *ev = (void *) skb->data;
04837f64 3143 struct hci_conn *conn;
1da177e4 3144
9f1db00c 3145 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
1da177e4
LT		 3146
3147 hci_dev_lock(hdev);
3148
04837f64 3149 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1da177e4
LT		 3150 if (conn) {
3151 if (!ev->status)
4dae2798 3152 set_bit(HCI_CONN_SECURE, &conn->flags);
1da177e4 3153
51a8efd7 3154 clear_bit(HCI_CONN_AUTH_PEND, &conn->flags);
1da177e4
LT		 3155
3156 hci_key_change_cfm(conn, ev->status);
3157 }
3158
3159 hci_dev_unlock(hdev);
3160}
3161
6039aa73
GP		 3162static void hci_remote_features_evt(struct hci_dev *hdev,
3163 struct sk_buff *skb)
1da177e4 3164{
a9de9248
MH		 3165 struct hci_ev_remote_features *ev = (void *) skb->data;
3166 struct hci_conn *conn;
3167
9f1db00c 3168 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
a9de9248 3169
a9de9248
MH		 3170 hci_dev_lock(hdev);
3171
3172 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
ccd556fe
JH		 3173 if (!conn)
3174 goto unlock;
769be974 3175
ccd556fe 3176 if (!ev->status)
cad718ed 3177 memcpy(conn->features[0], ev->features, 8);
ccd556fe
JH		 3178
3179 if (conn->state != BT_CONFIG)
3180 goto unlock;
3181
ac363cf9
SJ		 3182 if (!ev->status && lmp_ext_feat_capable(hdev) &&
3183 lmp_ext_feat_capable(conn)) {
ccd556fe
JH		 3184 struct hci_cp_read_remote_ext_features cp;
3185 cp.handle = ev->handle;
3186 cp.page = 0x01;
3187 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES,
807deac2 3188 sizeof(cp), &cp);
392599b9
JH		 3189 goto unlock;
3190 }
3191
671267bf 3192 if (!ev->status && !test_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags)) {
127178d2
JH		 3193 struct hci_cp_remote_name_req cp;
3194 memset(&cp, 0, sizeof(cp));
3195 bacpy(&cp.bdaddr, &conn->dst);
3196 cp.pscan_rep_mode = 0x02;
3197 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
b644ba33 3198 } else if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
48ec92fa 3199 mgmt_device_connected(hdev, conn, 0, NULL, 0);
392599b9 3200
127178d2 3201 if (!hci_outgoing_auth_needed(hdev, conn)) {
ccd556fe 3202 conn->state = BT_CONNECTED;
539c496d 3203 hci_connect_cfm(conn, ev->status);
76a68ba0 3204 hci_conn_drop(conn);
769be974 3205 }
a9de9248 3206
ccd556fe 3207unlock:
a9de9248 3208 hci_dev_unlock(hdev);
1da177e4
LT		 3209}
3210
e6214487
JH		 3211static void hci_cmd_complete_evt(struct hci_dev *hdev, struct sk_buff *skb,
3212 u16 *opcode, u8 *status,
3213 hci_req_complete_t *req_complete,
3214 hci_req_complete_skb_t *req_complete_skb)
a9de9248
MH		 3215{
3216 struct hci_ev_cmd_complete *ev = (void *) skb->data;
a9de9248 3217
e6214487
JH		 3218 *opcode = __le16_to_cpu(ev->opcode);
3219 *status = skb->data[sizeof(*ev)];
a9de9248 3220
e6214487 3221 skb_pull(skb, sizeof(*ev));
a9de9248 3222
e6214487 3223 switch (*opcode) {
a9de9248 3224 case HCI_OP_INQUIRY_CANCEL:
adf1d692 3225 hci_cc_inquiry_cancel(hdev, skb, status);
a9de9248
MH		 3226 break;
3227
4d93483b
AG		 3228 case HCI_OP_PERIODIC_INQ:
3229 hci_cc_periodic_inq(hdev, skb);
3230 break;
3231
a9de9248
MH		 3232 case HCI_OP_EXIT_PERIODIC_INQ:
3233 hci_cc_exit_periodic_inq(hdev, skb);
3234 break;
3235
3236 case HCI_OP_REMOTE_NAME_REQ_CANCEL:
3237 hci_cc_remote_name_req_cancel(hdev, skb);
3238 break;
3239
3240 case HCI_OP_ROLE_DISCOVERY:
3241 hci_cc_role_discovery(hdev, skb);
3242 break;
3243
e4e8e37c
MH		 3244 case HCI_OP_READ_LINK_POLICY:
3245 hci_cc_read_link_policy(hdev, skb);
3246 break;
3247
a9de9248
MH		 3248 case HCI_OP_WRITE_LINK_POLICY:
3249 hci_cc_write_link_policy(hdev, skb);
3250 break;
3251
e4e8e37c
MH		 3252 case HCI_OP_READ_DEF_LINK_POLICY:
3253 hci_cc_read_def_link_policy(hdev, skb);
3254 break;
3255
3256 case HCI_OP_WRITE_DEF_LINK_POLICY:
3257 hci_cc_write_def_link_policy(hdev, skb);
3258 break;
3259
a9de9248
MH		 3260 case HCI_OP_RESET:
3261 hci_cc_reset(hdev, skb);
3262 break;
3263
c2f0f979
MH		 3264 case HCI_OP_READ_STORED_LINK_KEY:
3265 hci_cc_read_stored_link_key(hdev, skb);
3266 break;
3267
a9366120
MH		 3268 case HCI_OP_DELETE_STORED_LINK_KEY:
3269 hci_cc_delete_stored_link_key(hdev, skb);
3270 break;
3271
a9de9248
MH		 3272 case HCI_OP_WRITE_LOCAL_NAME:
3273 hci_cc_write_local_name(hdev, skb);
3274 break;
3275
3276 case HCI_OP_READ_LOCAL_NAME:
3277 hci_cc_read_local_name(hdev, skb);
3278 break;
3279
3280 case HCI_OP_WRITE_AUTH_ENABLE:
3281 hci_cc_write_auth_enable(hdev, skb);
3282 break;
3283
3284 case HCI_OP_WRITE_ENCRYPT_MODE:
3285 hci_cc_write_encrypt_mode(hdev, skb);
3286 break;
3287
3288 case HCI_OP_WRITE_SCAN_ENABLE:
3289 hci_cc_write_scan_enable(hdev, skb);
3290 break;
3291
3292 case HCI_OP_READ_CLASS_OF_DEV:
3293 hci_cc_read_class_of_dev(hdev, skb);
3294 break;
3295
3296 case HCI_OP_WRITE_CLASS_OF_DEV:
3297 hci_cc_write_class_of_dev(hdev, skb);
3298 break;
3299
3300 case HCI_OP_READ_VOICE_SETTING:
3301 hci_cc_read_voice_setting(hdev, skb);
3302 break;
3303
3304 case HCI_OP_WRITE_VOICE_SETTING:
3305 hci_cc_write_voice_setting(hdev, skb);
3306 break;
3307
b4cb9fb2
MH		 3308 case HCI_OP_READ_NUM_SUPPORTED_IAC:
3309 hci_cc_read_num_supported_iac(hdev, skb);
3310 break;
3311
333140b5
MH		 3312 case HCI_OP_WRITE_SSP_MODE:
3313 hci_cc_write_ssp_mode(hdev, skb);
3314 break;
3315
eac83dc6
MH		 3316 case HCI_OP_WRITE_SC_SUPPORT:
3317 hci_cc_write_sc_support(hdev, skb);
3318 break;
3319
302975cb
SRK		 3320 case HCI_OP_READ_AUTH_PAYLOAD_TO:
3321 hci_cc_read_auth_payload_timeout(hdev, skb);
3322 break;
3323
3324 case HCI_OP_WRITE_AUTH_PAYLOAD_TO:
3325 hci_cc_write_auth_payload_timeout(hdev, skb);
3326 break;
3327
a9de9248
MH		 3328 case HCI_OP_READ_LOCAL_VERSION:
3329 hci_cc_read_local_version(hdev, skb);
3330 break;
3331
3332 case HCI_OP_READ_LOCAL_COMMANDS:
3333 hci_cc_read_local_commands(hdev, skb);
3334 break;
3335
3336 case HCI_OP_READ_LOCAL_FEATURES:
3337 hci_cc_read_local_features(hdev, skb);
3338 break;
3339
971e3a4b
AG		 3340 case HCI_OP_READ_LOCAL_EXT_FEATURES:
3341 hci_cc_read_local_ext_features(hdev, skb);
3342 break;
3343
a9de9248
MH		 3344 case HCI_OP_READ_BUFFER_SIZE:
3345 hci_cc_read_buffer_size(hdev, skb);
3346 break;
3347
3348 case HCI_OP_READ_BD_ADDR:
3349 hci_cc_read_bd_addr(hdev, skb);
3350 break;
3351
a4790360
MH		 3352 case HCI_OP_READ_LOCAL_PAIRING_OPTS:
3353 hci_cc_read_local_pairing_opts(hdev, skb);
3354 break;
3355
f332ec66
JH		 3356 case HCI_OP_READ_PAGE_SCAN_ACTIVITY:
3357 hci_cc_read_page_scan_activity(hdev, skb);
3358 break;
3359
4a3ee763
JH		 3360 case HCI_OP_WRITE_PAGE_SCAN_ACTIVITY:
3361 hci_cc_write_page_scan_activity(hdev, skb);
3362 break;
3363
f332ec66
JH		 3364 case HCI_OP_READ_PAGE_SCAN_TYPE:
3365 hci_cc_read_page_scan_type(hdev, skb);
3366 break;
3367
4a3ee763
JH		 3368 case HCI_OP_WRITE_PAGE_SCAN_TYPE:
3369 hci_cc_write_page_scan_type(hdev, skb);
3370 break;
3371
350ee4cf
AE		 3372 case HCI_OP_READ_DATA_BLOCK_SIZE:
3373 hci_cc_read_data_block_size(hdev, skb);
3374 break;
3375
1e89cffb
AE		 3376 case HCI_OP_READ_FLOW_CONTROL_MODE:
3377 hci_cc_read_flow_control_mode(hdev, skb);
3378 break;
3379
928abaa7
AE		 3380 case HCI_OP_READ_LOCAL_AMP_INFO:
3381 hci_cc_read_local_amp_info(hdev, skb);
3382 break;
3383
33f35721
JH		 3384 case HCI_OP_READ_CLOCK:
3385 hci_cc_read_clock(hdev, skb);
3386 break;
3387
d5859e22
JH		 3388 case HCI_OP_READ_INQ_RSP_TX_POWER:
3389 hci_cc_read_inq_rsp_tx_power(hdev, skb);
3390 break;
3391
00bce3fb
AM		 3392 case HCI_OP_READ_DEF_ERR_DATA_REPORTING:
3393 hci_cc_read_def_err_data_reporting(hdev, skb);
3394 break;
3395
3396 case HCI_OP_WRITE_DEF_ERR_DATA_REPORTING:
3397 hci_cc_write_def_err_data_reporting(hdev, skb);
3398 break;
3399
980e1a53
JH		 3400 case HCI_OP_PIN_CODE_REPLY:
3401 hci_cc_pin_code_reply(hdev, skb);
3402 break;
3403
3404 case HCI_OP_PIN_CODE_NEG_REPLY:
3405 hci_cc_pin_code_neg_reply(hdev, skb);
3406 break;
3407
c35938b2 3408 case HCI_OP_READ_LOCAL_OOB_DATA:
4d2d2796
MH		 3409 hci_cc_read_local_oob_data(hdev, skb);
3410 break;
3411
3412 case HCI_OP_READ_LOCAL_OOB_EXT_DATA:
3413 hci_cc_read_local_oob_ext_data(hdev, skb);
c35938b2
SJ		 3414 break;
3415
6ed58ec5
VT		 3416 case HCI_OP_LE_READ_BUFFER_SIZE:
3417 hci_cc_le_read_buffer_size(hdev, skb);
3418 break;
3419
60e77321
JH		 3420 case HCI_OP_LE_READ_LOCAL_FEATURES:
3421 hci_cc_le_read_local_features(hdev, skb);
3422 break;
3423
8fa19098
JH		 3424 case HCI_OP_LE_READ_ADV_TX_POWER:
3425 hci_cc_le_read_adv_tx_power(hdev, skb);
3426 break;
3427
a5c29683
JH		 3428 case HCI_OP_USER_CONFIRM_REPLY:
3429 hci_cc_user_confirm_reply(hdev, skb);
3430 break;
3431
3432 case HCI_OP_USER_CONFIRM_NEG_REPLY:
3433 hci_cc_user_confirm_neg_reply(hdev, skb);
3434 break;
3435
1143d458
BG		 3436 case HCI_OP_USER_PASSKEY_REPLY:
3437 hci_cc_user_passkey_reply(hdev, skb);
3438 break;
3439
3440 case HCI_OP_USER_PASSKEY_NEG_REPLY:
3441 hci_cc_user_passkey_neg_reply(hdev, skb);
16cde993 3442 break;
07f7fa5d 3443
7a4cd51d
MH		 3444 case HCI_OP_LE_SET_RANDOM_ADDR:
3445 hci_cc_le_set_random_addr(hdev, skb);
3446 break;
3447
c1d5dc4a
JH		 3448 case HCI_OP_LE_SET_ADV_ENABLE:
3449 hci_cc_le_set_adv_enable(hdev, skb);
3450 break;
3451
533553f8
MH		 3452 case HCI_OP_LE_SET_SCAN_PARAM:
3453 hci_cc_le_set_scan_param(hdev, skb);
3454 break;
3455
eb9d91f5
AG		 3456 case HCI_OP_LE_SET_SCAN_ENABLE:
3457 hci_cc_le_set_scan_enable(hdev, skb);
3458 break;
3459
cf1d081f
JH		 3460 case HCI_OP_LE_READ_WHITE_LIST_SIZE:
3461 hci_cc_le_read_white_list_size(hdev, skb);
3462 break;
3463
0f36b589
MH		 3464 case HCI_OP_LE_CLEAR_WHITE_LIST:
3465 hci_cc_le_clear_white_list(hdev, skb);
3466 break;
3467
3468 case HCI_OP_LE_ADD_TO_WHITE_LIST:
3469 hci_cc_le_add_to_white_list(hdev, skb);
3470 break;
3471
3472 case HCI_OP_LE_DEL_FROM_WHITE_LIST:
3473 hci_cc_le_del_from_white_list(hdev, skb);
3474 break;
3475
9b008c04
JH		 3476 case HCI_OP_LE_READ_SUPPORTED_STATES:
3477 hci_cc_le_read_supported_states(hdev, skb);
3478 break;
3479
a8e1bfaa
MH		 3480 case HCI_OP_LE_READ_DEF_DATA_LEN:
3481 hci_cc_le_read_def_data_len(hdev, skb);
3482 break;
3483
3484 case HCI_OP_LE_WRITE_DEF_DATA_LEN:
3485 hci_cc_le_write_def_data_len(hdev, skb);
3486 break;
3487
b950aa88
AN		 3488 case HCI_OP_LE_ADD_TO_RESOLV_LIST:
3489 hci_cc_le_add_to_resolv_list(hdev, skb);
3490 break;
3491
3492 case HCI_OP_LE_DEL_FROM_RESOLV_LIST:
3493 hci_cc_le_del_from_resolv_list(hdev, skb);
3494 break;
3495
545f2596
AN		 3496 case HCI_OP_LE_CLEAR_RESOLV_LIST:
3497 hci_cc_le_clear_resolv_list(hdev, skb);
3498 break;
3499
cfdb0c2d
AN		 3500 case HCI_OP_LE_READ_RESOLV_LIST_SIZE:
3501 hci_cc_le_read_resolv_list_size(hdev, skb);
3502 break;
3503
aa12af77
AN		 3504 case HCI_OP_LE_SET_ADDR_RESOLV_ENABLE:
3505 hci_cc_le_set_addr_resolution_enable(hdev, skb);
3506 break;
3507
a8e1bfaa
MH		 3508 case HCI_OP_LE_READ_MAX_DATA_LEN:
3509 hci_cc_le_read_max_data_len(hdev, skb);
3510 break;
3511
f9b49306
AG		 3512 case HCI_OP_WRITE_LE_HOST_SUPPORTED:
3513 hci_cc_write_le_host_supported(hdev, skb);
3514 break;
3515
56ed2cb8
JH		 3516 case HCI_OP_LE_SET_ADV_PARAM:
3517 hci_cc_set_adv_param(hdev, skb);
3518 break;
3519
5ae76a94
AK		 3520 case HCI_OP_READ_RSSI:
3521 hci_cc_read_rssi(hdev, skb);
3522 break;
3523
5a134fae
AK		 3524 case HCI_OP_READ_TX_POWER:
3525 hci_cc_read_tx_power(hdev, skb);
3526 break;
3527
c50b33c8
MH		 3528 case HCI_OP_WRITE_SSP_DEBUG_MODE:
3529 hci_cc_write_ssp_debug_mode(hdev, skb);
3530 break;
3531
a2344b9e
JK		 3532 case HCI_OP_LE_SET_EXT_SCAN_PARAMS:
3533 hci_cc_le_set_ext_scan_param(hdev, skb);
3534 break;
3535
3536 case HCI_OP_LE_SET_EXT_SCAN_ENABLE:
3537 hci_cc_le_set_ext_scan_enable(hdev, skb);
3538 break;
3539
0314f286
JK		 3540 case HCI_OP_LE_SET_DEFAULT_PHY:
3541 hci_cc_le_set_default_phy(hdev, skb);
3542 break;
3543
6b49bcb4
JK		 3544 case HCI_OP_LE_READ_NUM_SUPPORTED_ADV_SETS:
3545 hci_cc_le_read_num_adv_sets(hdev, skb);
3546 break;
3547
de181e88
JK		 3548 case HCI_OP_LE_SET_EXT_ADV_PARAMS:
3549 hci_cc_set_ext_adv_param(hdev, skb);
3550 break;
3551
3552 case HCI_OP_LE_SET_EXT_ADV_ENABLE:
3553 hci_cc_le_set_ext_adv_enable(hdev, skb);
3554 break;
3555
a73c046a
JK		 3556 case HCI_OP_LE_SET_ADV_SET_RAND_ADDR:
3557 hci_cc_le_set_adv_set_random_addr(hdev, skb);
3558 break;
3559
a9de9248 3560 default:
e6214487 3561 BT_DBG("%s opcode 0x%4.4x", hdev->name, *opcode);
a9de9248
MH		 3562 break;
3563 }
3564
e6214487 3565 if (*opcode != HCI_OP_NOP)
65cc2b49 3566 cancel_delayed_work(&hdev->cmd_timer);
6bd32326 3567
600b2150
JH		 3568 if (ev->ncmd && !test_bit(HCI_RESET, &hdev->flags))
3569 atomic_set(&hdev->cmd_cnt, 1);
3570
e6214487
JH		 3571 hci_req_cmd_complete(hdev, *opcode, *status, req_complete,
3572 req_complete_skb);
9238f36a 3573
f80c5dad
JPRV		 3574 if (hci_dev_test_flag(hdev, HCI_CMD_PENDING)) {
3575 bt_dev_err(hdev,
3576 "unexpected event for opcode 0x%4.4x", *opcode);
3577 return;
3578 }
3579
600b2150
JH		 3580 if (atomic_read(&hdev->cmd_cnt) && !skb_queue_empty(&hdev->cmd_q))
3581 queue_work(hdev->workqueue, &hdev->cmd_work);
a9de9248
MH		 3582}
3583
e6214487
JH		 3584static void hci_cmd_status_evt(struct hci_dev *hdev, struct sk_buff *skb,
3585 u16 *opcode, u8 *status,
3586 hci_req_complete_t *req_complete,
3587 hci_req_complete_skb_t *req_complete_skb)
a9de9248
MH		 3588{
3589 struct hci_ev_cmd_status *ev = (void *) skb->data;
a9de9248
MH		 3590
3591 skb_pull(skb, sizeof(*ev));
3592
e6214487
JH		 3593 *opcode = __le16_to_cpu(ev->opcode);
3594 *status = ev->status;
a9de9248 3595
e6214487 3596 switch (*opcode) {
a9de9248
MH		 3597 case HCI_OP_INQUIRY:
3598 hci_cs_inquiry(hdev, ev->status);
3599 break;
3600
3601 case HCI_OP_CREATE_CONN:
3602 hci_cs_create_conn(hdev, ev->status);
3603 break;
3604
9645c76c
KP		 3605 case HCI_OP_DISCONNECT:
3606 hci_cs_disconnect(hdev, ev->status);
3607 break;
3608
a9de9248
MH		 3609 case HCI_OP_ADD_SCO:
3610 hci_cs_add_sco(hdev, ev->status);
3611 break;
3612
f8558555
MH		 3613 case HCI_OP_AUTH_REQUESTED:
3614 hci_cs_auth_requested(hdev, ev->status);
3615 break;
3616
3617 case HCI_OP_SET_CONN_ENCRYPT:
3618 hci_cs_set_conn_encrypt(hdev, ev->status);
3619 break;
3620
a9de9248
MH		 3621 case HCI_OP_REMOTE_NAME_REQ:
3622 hci_cs_remote_name_req(hdev, ev->status);
3623 break;
3624
769be974
MH		 3625 case HCI_OP_READ_REMOTE_FEATURES:
3626 hci_cs_read_remote_features(hdev, ev->status);
3627 break;
3628
3629 case HCI_OP_READ_REMOTE_EXT_FEATURES:
3630 hci_cs_read_remote_ext_features(hdev, ev->status);
3631 break;
3632
a9de9248
MH		 3633 case HCI_OP_SETUP_SYNC_CONN:
3634 hci_cs_setup_sync_conn(hdev, ev->status);
3635 break;
3636
3637 case HCI_OP_SNIFF_MODE:
3638 hci_cs_sniff_mode(hdev, ev->status);
3639 break;
3640
3641 case HCI_OP_EXIT_SNIFF_MODE:
3642 hci_cs_exit_sniff_mode(hdev, ev->status);
3643 break;
3644
50fc85f1
KP		 3645 case HCI_OP_SWITCH_ROLE:
3646 hci_cs_switch_role(hdev, ev->status);
3647 break;
3648
cb1d68f7
JH		 3649 case HCI_OP_LE_CREATE_CONN:
3650 hci_cs_le_create_conn(hdev, ev->status);
3651 break;
3652
0fe29fd1
MH		 3653 case HCI_OP_LE_READ_REMOTE_FEATURES:
3654 hci_cs_le_read_remote_features(hdev, ev->status);
3655 break;
3656
81d0c8ad
JH		 3657 case HCI_OP_LE_START_ENC:
3658 hci_cs_le_start_enc(hdev, ev->status);
3659 break;
3660
4d94f95d
JK		 3661 case HCI_OP_LE_EXT_CREATE_CONN:
3662 hci_cs_le_ext_create_conn(hdev, ev->status);
3663 break;
3664
a9de9248 3665 default:
e6214487 3666 BT_DBG("%s opcode 0x%4.4x", hdev->name, *opcode);
a9de9248
MH		 3667 break;
3668 }
3669
e6214487 3670 if (*opcode != HCI_OP_NOP)
65cc2b49 3671 cancel_delayed_work(&hdev->cmd_timer);
6bd32326 3672
600b2150
JH		 3673 if (ev->ncmd && !test_bit(HCI_RESET, &hdev->flags))
3674 atomic_set(&hdev->cmd_cnt, 1);
3675
444c6dd5
JH		 3676 /* Indicate request completion if the command failed. Also, if
3677 * we're not waiting for a special event and we get a success
3678 * command status we should try to flag the request as completed
3679 * (since for this kind of commands there will not be a command
3680 * complete event).
3681 */
02350a72 3682 if (ev->status ||
242c0ebd 3683 (hdev->sent_cmd && !bt_cb(hdev->sent_cmd)->hci.req_event))
e6214487
JH		 3684 hci_req_cmd_complete(hdev, *opcode, ev->status, req_complete,
3685 req_complete_skb);
9238f36a 3686
f80c5dad
JPRV		 3687 if (hci_dev_test_flag(hdev, HCI_CMD_PENDING)) {
3688 bt_dev_err(hdev,
3689 "unexpected event for opcode 0x%4.4x", *opcode);
3690 return;
3691 }
3692
600b2150
JH		 3693 if (atomic_read(&hdev->cmd_cnt) && !skb_queue_empty(&hdev->cmd_q))
3694 queue_work(hdev->workqueue, &hdev->cmd_work);
a9de9248
MH		 3695}
3696
24dfa343
MH		 3697static void hci_hardware_error_evt(struct hci_dev *hdev, struct sk_buff *skb)
3698{
3699 struct hci_ev_hardware_error *ev = (void *) skb->data;
3700
c7741d16
MH		 3701 hdev->hw_error_code = ev->code;
3702
3703 queue_work(hdev->req_workqueue, &hdev->error_reset);
24dfa343
MH		 3704}
3705
6039aa73 3706static void hci_role_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248
MH		 3707{
3708 struct hci_ev_role_change *ev = (void *) skb->data;
3709 struct hci_conn *conn;
3710
9f1db00c 3711 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
a9de9248
MH		 3712
3713 hci_dev_lock(hdev);
3714
3715 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3716 if (conn) {
40bef302
JH		 3717 if (!ev->status)
3718 conn->role = ev->role;
a9de9248 3719
51a8efd7 3720 clear_bit(HCI_CONN_RSWITCH_PEND, &conn->flags);
a9de9248
MH		 3721
3722 hci_role_switch_cfm(conn, ev->status, ev->role);
3723 }
3724
3725 hci_dev_unlock(hdev);
3726}
3727
6039aa73 3728static void hci_num_comp_pkts_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248
MH		 3729{
3730 struct hci_ev_num_comp_pkts *ev = (void *) skb->data;
a9de9248
MH		 3731 int i;
3732
32ac5b9b 3733 if (hdev->flow_ctl_mode != HCI_FLOW_CTL_MODE_PACKET_BASED) {
2064ee33 3734 bt_dev_err(hdev, "wrong event for mode %d", hdev->flow_ctl_mode);
32ac5b9b
AE		 3735 return;
3736 }
3737
16e18342
GS		 3738 if (skb->len < sizeof(*ev) ||
3739 skb->len < struct_size(ev, handles, ev->num_hndl)) {
a9de9248
MH		 3740 BT_DBG("%s bad parameters", hdev->name);
3741 return;
3742 }
3743
c5993de8
AE		 3744 BT_DBG("%s num_hndl %d", hdev->name, ev->num_hndl);
3745
613a1c0c
AE		 3746 for (i = 0; i < ev->num_hndl; i++) {
3747 struct hci_comp_pkts_info *info = &ev->handles[i];
a9de9248
MH		 3748 struct hci_conn *conn;
3749 __u16 handle, count;
3750
613a1c0c
AE		 3751 handle = __le16_to_cpu(info->handle);
3752 count = __le16_to_cpu(info->count);
a9de9248
MH		 3753
3754 conn = hci_conn_hash_lookup_handle(hdev, handle);
f4280918
AE		 3755 if (!conn)
3756 continue;
3757
3758 conn->sent -= count;
3759
3760 switch (conn->type) {
3761 case ACL_LINK:
3762 hdev->acl_cnt += count;
3763 if (hdev->acl_cnt > hdev->acl_pkts)
3764 hdev->acl_cnt = hdev->acl_pkts;
3765 break;
3766
3767 case LE_LINK:
3768 if (hdev->le_pkts) {
3769 hdev->le_cnt += count;
3770 if (hdev->le_cnt > hdev->le_pkts)
3771 hdev->le_cnt = hdev->le_pkts;
3772 } else {
70f23020
AE		 3773 hdev->acl_cnt += count;
3774 if (hdev->acl_cnt > hdev->acl_pkts)
a9de9248 3775 hdev->acl_cnt = hdev->acl_pkts;
a9de9248 3776 }
f4280918
AE		 3777 break;
3778
3779 case SCO_LINK:
3780 hdev->sco_cnt += count;
3781 if (hdev->sco_cnt > hdev->sco_pkts)
3782 hdev->sco_cnt = hdev->sco_pkts;
3783 break;
3784
3785 default:
2064ee33
MH		 3786 bt_dev_err(hdev, "unknown type %d conn %p",
3787 conn->type, conn);
f4280918 3788 break;
a9de9248
MH		 3789 }
3790 }
3791
3eff45ea 3792 queue_work(hdev->workqueue, &hdev->tx_work);
a9de9248
MH		 3793}
3794
76ef7cf7
AE		 3795static struct hci_conn *__hci_conn_lookup_handle(struct hci_dev *hdev,
3796 __u16 handle)
3797{
3798 struct hci_chan *chan;
3799
3800 switch (hdev->dev_type) {
ca8bee5d 3801 case HCI_PRIMARY:
76ef7cf7
AE		 3802 return hci_conn_hash_lookup_handle(hdev, handle);
3803 case HCI_AMP:
3804 chan = hci_chan_lookup_handle(hdev, handle);
3805 if (chan)
3806 return chan->conn;
3807 break;
3808 default:
2064ee33 3809 bt_dev_err(hdev, "unknown dev_type %d", hdev->dev_type);
76ef7cf7
AE		 3810 break;
3811 }
3812
3813 return NULL;
3814}
3815
6039aa73 3816static void hci_num_comp_blocks_evt(struct hci_dev *hdev, struct sk_buff *skb)
25e89e99
AE		 3817{
3818 struct hci_ev_num_comp_blocks *ev = (void *) skb->data;
3819 int i;
3820
3821 if (hdev->flow_ctl_mode != HCI_FLOW_CTL_MODE_BLOCK_BASED) {
2064ee33 3822 bt_dev_err(hdev, "wrong event for mode %d", hdev->flow_ctl_mode);
25e89e99
AE		 3823 return;
3824 }
3825
16e18342
GS		 3826 if (skb->len < sizeof(*ev) ||
3827 skb->len < struct_size(ev, handles, ev->num_hndl)) {
25e89e99
AE		 3828 BT_DBG("%s bad parameters", hdev->name);
3829 return;
3830 }
3831
3832 BT_DBG("%s num_blocks %d num_hndl %d", hdev->name, ev->num_blocks,
807deac2 3833 ev->num_hndl);
25e89e99
AE		 3834
3835 for (i = 0; i < ev->num_hndl; i++) {
3836 struct hci_comp_blocks_info *info = &ev->handles[i];
76ef7cf7 3837 struct hci_conn *conn = NULL;
25e89e99
AE		 3838 __u16 handle, block_count;
3839
3840 handle = __le16_to_cpu(info->handle);
3841 block_count = __le16_to_cpu(info->blocks);
3842
76ef7cf7 3843 conn = __hci_conn_lookup_handle(hdev, handle);
25e89e99
AE		 3844 if (!conn)
3845 continue;
3846
3847 conn->sent -= block_count;
3848
3849 switch (conn->type) {
3850 case ACL_LINK:
bd1eb66b 3851 case AMP_LINK:
25e89e99
AE		 3852 hdev->block_cnt += block_count;
3853 if (hdev->block_cnt > hdev->num_blocks)
3854 hdev->block_cnt = hdev->num_blocks;
3855 break;
3856
3857 default:
2064ee33
MH		 3858 bt_dev_err(hdev, "unknown type %d conn %p",
3859 conn->type, conn);
25e89e99
AE		 3860 break;
3861 }
3862 }
3863
3864 queue_work(hdev->workqueue, &hdev->tx_work);
3865}
3866
6039aa73 3867static void hci_mode_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
04837f64 3868{
a9de9248 3869 struct hci_ev_mode_change *ev = (void *) skb->data;
04837f64
MH		 3870 struct hci_conn *conn;
3871
9f1db00c 3872 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
04837f64
MH		 3873
3874 hci_dev_lock(hdev);
3875
3876 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
a9de9248
MH		 3877 if (conn) {
3878 conn->mode = ev->mode;
a9de9248 3879
8fc9ced3
GP		 3880 if (!test_and_clear_bit(HCI_CONN_MODE_CHANGE_PEND,
3881 &conn->flags)) {
a9de9248 3882 if (conn->mode == HCI_CM_ACTIVE)
58a681ef 3883 set_bit(HCI_CONN_POWER_SAVE, &conn->flags);
a9de9248 3884 else
58a681ef 3885 clear_bit(HCI_CONN_POWER_SAVE, &conn->flags);
a9de9248 3886 }
e73439d8 3887
51a8efd7 3888 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
e73439d8 3889 hci_sco_setup(conn, ev->status);
04837f64
MH		 3890 }
3891
3892 hci_dev_unlock(hdev);
3893}
3894
6039aa73 3895static void hci_pin_code_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248 3896{
052b30b0
MH		 3897 struct hci_ev_pin_code_req *ev = (void *) skb->data;
3898 struct hci_conn *conn;
3899
a9de9248 3900 BT_DBG("%s", hdev->name);
052b30b0
MH		 3901
3902 hci_dev_lock(hdev);
3903
3904 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
b6f98044
WR		 3905 if (!conn)
3906 goto unlock;
3907
3908 if (conn->state == BT_CONNECTED) {
052b30b0
MH		 3909 hci_conn_hold(conn);
3910 conn->disc_timeout = HCI_PAIRING_TIMEOUT;
76a68ba0 3911 hci_conn_drop(conn);
052b30b0
MH		 3912 }
3913
d7a5a11d 3914 if (!hci_dev_test_flag(hdev, HCI_BONDABLE) &&
2f407f0a 3915 !test_bit(HCI_CONN_AUTH_INITIATOR, &conn->flags)) {
03b555e1 3916 hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
807deac2 3917 sizeof(ev->bdaddr), &ev->bdaddr);
d7a5a11d 3918 } else if (hci_dev_test_flag(hdev, HCI_MGMT)) {
a770bb5a
WR		 3919 u8 secure;
3920
3921 if (conn->pending_sec_level == BT_SECURITY_HIGH)
3922 secure = 1;
3923 else
3924 secure = 0;
3925
744cf19e 3926 mgmt_pin_code_request(hdev, &ev->bdaddr, secure);
a770bb5a 3927 }
980e1a53 3928
b6f98044 3929unlock:
052b30b0 3930 hci_dev_unlock(hdev);
a9de9248
MH		 3931}
3932
cb6f3f7a
JH		 3933static void conn_set_key(struct hci_conn *conn, u8 key_type, u8 pin_len)
3934{
3935 if (key_type == HCI_LK_CHANGED_COMBINATION)
3936 return;
3937
3938 conn->pin_length = pin_len;
3939 conn->key_type = key_type;
3940
3941 switch (key_type) {
3942 case HCI_LK_LOCAL_UNIT:
3943 case HCI_LK_REMOTE_UNIT:
3944 case HCI_LK_DEBUG_COMBINATION:
3945 return;
3946 case HCI_LK_COMBINATION:
3947 if (pin_len == 16)
3948 conn->pending_sec_level = BT_SECURITY_HIGH;
3949 else
3950 conn->pending_sec_level = BT_SECURITY_MEDIUM;
3951 break;
3952 case HCI_LK_UNAUTH_COMBINATION_P192:
3953 case HCI_LK_UNAUTH_COMBINATION_P256:
3954 conn->pending_sec_level = BT_SECURITY_MEDIUM;
3955 break;
3956 case HCI_LK_AUTH_COMBINATION_P192:
3957 conn->pending_sec_level = BT_SECURITY_HIGH;
3958 break;
3959 case HCI_LK_AUTH_COMBINATION_P256:
3960 conn->pending_sec_level = BT_SECURITY_FIPS;
3961 break;
3962 }
3963}
3964
6039aa73 3965static void hci_link_key_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248 3966{
55ed8ca1
JH		 3967 struct hci_ev_link_key_req *ev = (void *) skb->data;
3968 struct hci_cp_link_key_reply cp;
3969 struct hci_conn *conn;
3970 struct link_key *key;
3971
a9de9248 3972 BT_DBG("%s", hdev->name);
55ed8ca1 3973
d7a5a11d 3974 if (!hci_dev_test_flag(hdev, HCI_MGMT))
55ed8ca1
JH		 3975 return;
3976
3977 hci_dev_lock(hdev);
3978
3979 key = hci_find_link_key(hdev, &ev->bdaddr);
3980 if (!key) {
6ed93dc6
AE		 3981 BT_DBG("%s link key not found for %pMR", hdev->name,
3982 &ev->bdaddr);
55ed8ca1
JH		 3983 goto not_found;
3984 }
3985
6ed93dc6
AE		 3986 BT_DBG("%s found key type %u for %pMR", hdev->name, key->type,
3987 &ev->bdaddr);
55ed8ca1 3988
55ed8ca1 3989 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
60b83f57 3990 if (conn) {
fe8bc5ac
JH		 3991 clear_bit(HCI_CONN_NEW_LINK_KEY, &conn->flags);
3992
66138ce8
MH		 3993 if ((key->type == HCI_LK_UNAUTH_COMBINATION_P192 ||
3994 key->type == HCI_LK_UNAUTH_COMBINATION_P256) &&
807deac2 3995 conn->auth_type != 0xff && (conn->auth_type & 0x01)) {
60b83f57
WR		 3996 BT_DBG("%s ignoring unauthenticated key", hdev->name);
3997 goto not_found;
3998 }
55ed8ca1 3999
60b83f57 4000 if (key->type == HCI_LK_COMBINATION && key->pin_len < 16 &&
f3fb0b58
JH		 4001 (conn->pending_sec_level == BT_SECURITY_HIGH ||
4002 conn->pending_sec_level == BT_SECURITY_FIPS)) {
8fc9ced3
GP		 4003 BT_DBG("%s ignoring key unauthenticated for high security",
4004 hdev->name);
60b83f57
WR		 4005 goto not_found;
4006 }
4007
cb6f3f7a 4008 conn_set_key(conn, key->type, key->pin_len);
55ed8ca1
JH		 4009 }
4010
4011 bacpy(&cp.bdaddr, &ev->bdaddr);
9b3b4460 4012 memcpy(cp.link_key, key->val, HCI_LINK_KEY_SIZE);
55ed8ca1
JH		 4013
4014 hci_send_cmd(hdev, HCI_OP_LINK_KEY_REPLY, sizeof(cp), &cp);
4015
4016 hci_dev_unlock(hdev);
4017
4018 return;
4019
4020not_found:
4021 hci_send_cmd(hdev, HCI_OP_LINK_KEY_NEG_REPLY, 6, &ev->bdaddr);
4022 hci_dev_unlock(hdev);
a9de9248
MH		 4023}
4024
6039aa73 4025static void hci_link_key_notify_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248 4026{
052b30b0
MH		 4027 struct hci_ev_link_key_notify *ev = (void *) skb->data;
4028 struct hci_conn *conn;
7652ff6a
JH		 4029 struct link_key *key;
4030 bool persistent;
55ed8ca1 4031 u8 pin_len = 0;
052b30b0 4032
a9de9248 4033 BT_DBG("%s", hdev->name);
052b30b0
MH		 4034
4035 hci_dev_lock(hdev);
4036
4037 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
82c13d42
JH		 4038 if (!conn)
4039 goto unlock;
4040
4041 hci_conn_hold(conn);
4042 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
4043 hci_conn_drop(conn);
4044
fe8bc5ac 4045 set_bit(HCI_CONN_NEW_LINK_KEY, &conn->flags);
82c13d42 4046 conn_set_key(conn, ev->key_type, conn->pin_length);
052b30b0 4047
d7a5a11d 4048 if (!hci_dev_test_flag(hdev, HCI_MGMT))
7652ff6a
JH		 4049 goto unlock;
4050
4051 key = hci_add_link_key(hdev, conn, &ev->bdaddr, ev->link_key,
4052 ev->key_type, pin_len, &persistent);
4053 if (!key)
4054 goto unlock;
4055
cb6f3f7a
JH		 4056 /* Update connection information since adding the key will have
4057 * fixed up the type in the case of changed combination keys.
4058 */
4059 if (ev->key_type == HCI_LK_CHANGED_COMBINATION)
4060 conn_set_key(conn, key->type, key->pin_len);
4061
7652ff6a 4062 mgmt_new_link_key(hdev, key, persistent);
55ed8ca1 4063
6d5650c4
JH		 4064 /* Keep debug keys around only if the HCI_KEEP_DEBUG_KEYS flag
4065 * is set. If it's not set simply remove the key from the kernel
4066 * list (we've still notified user space about it but with
4067 * store_hint being 0).
4068 */
4069 if (key->type == HCI_LK_DEBUG_COMBINATION &&
d7a5a11d 4070 !hci_dev_test_flag(hdev, HCI_KEEP_DEBUG_KEYS)) {
0378b597
JH		 4071 list_del_rcu(&key->list);
4072 kfree_rcu(key, rcu);
82c13d42 4073 goto unlock;
6d5650c4 4074 }
7652ff6a 4075
82c13d42
JH		 4076 if (persistent)
4077 clear_bit(HCI_CONN_FLUSH_KEY, &conn->flags);
4078 else
4079 set_bit(HCI_CONN_FLUSH_KEY, &conn->flags);
4080
7652ff6a 4081unlock:
052b30b0 4082 hci_dev_unlock(hdev);
a9de9248
MH		 4083}
4084
6039aa73 4085static void hci_clock_offset_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 4086{
a9de9248 4087 struct hci_ev_clock_offset *ev = (void *) skb->data;
04837f64 4088 struct hci_conn *conn;
1da177e4 4089
9f1db00c 4090 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
1da177e4
LT		 4091
4092 hci_dev_lock(hdev);
4093
04837f64 4094 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1da177e4
LT		 4095 if (conn && !ev->status) {
4096 struct inquiry_entry *ie;
4097
cc11b9c1
AE		 4098 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
4099 if (ie) {
1da177e4
LT		 4100 ie->data.clock_offset = ev->clock_offset;
4101 ie->timestamp = jiffies;
4102 }
4103 }
4104
4105 hci_dev_unlock(hdev);
4106}
4107
6039aa73 4108static void hci_pkt_type_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
a8746417
MH		 4109{
4110 struct hci_ev_pkt_type_change *ev = (void *) skb->data;
4111 struct hci_conn *conn;
4112
9f1db00c 4113 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
a8746417
MH		 4114
4115 hci_dev_lock(hdev);
4116
4117 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
4118 if (conn && !ev->status)
4119 conn->pkt_type = __le16_to_cpu(ev->pkt_type);
4120
4121 hci_dev_unlock(hdev);
4122}
4123
6039aa73 4124static void hci_pscan_rep_mode_evt(struct hci_dev *hdev, struct sk_buff *skb)
85a1e930 4125{
a9de9248 4126 struct hci_ev_pscan_rep_mode *ev = (void *) skb->data;
85a1e930
MH		 4127 struct inquiry_entry *ie;
4128
4129 BT_DBG("%s", hdev->name);
4130
4131 hci_dev_lock(hdev);
4132
cc11b9c1
AE		 4133 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
4134 if (ie) {
85a1e930
MH		 4135 ie->data.pscan_rep_mode = ev->pscan_rep_mode;
4136 ie->timestamp = jiffies;
4137 }
4138
4139 hci_dev_unlock(hdev);
4140}
4141
6039aa73
GP		 4142static void hci_inquiry_result_with_rssi_evt(struct hci_dev *hdev,
4143 struct sk_buff *skb)
a9de9248
MH		 4144{
4145 struct inquiry_data data;
4146 int num_rsp = *((__u8 *) skb->data);
4147
4148 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
4149
4150 if (!num_rsp)
4151 return;
4152
d7a5a11d 4153 if (hci_dev_test_flag(hdev, HCI_PERIODIC_INQ))
1519cc17
AG		 4154 return;
4155
a9de9248
MH		 4156 hci_dev_lock(hdev);
4157
4158 if ((skb->len - 1) / num_rsp != sizeof(struct inquiry_info_with_rssi)) {
138d22ef
SJ		 4159 struct inquiry_info_with_rssi_and_pscan_mode *info;
4160 info = (void *) (skb->data + 1);
a9de9248 4161
e17acd40 4162 for (; num_rsp; num_rsp--, info++) {
af58925c
MH		 4163 u32 flags;
4164
a9de9248
MH		 4165 bacpy(&data.bdaddr, &info->bdaddr);
4166 data.pscan_rep_mode = info->pscan_rep_mode;
4167 data.pscan_period_mode = info->pscan_period_mode;
4168 data.pscan_mode = info->pscan_mode;
4169 memcpy(data.dev_class, info->dev_class, 3);
4170 data.clock_offset = info->clock_offset;
4171 data.rssi = info->rssi;
41a96212 4172 data.ssp_mode = 0x00;
3175405b 4173
af58925c
MH		 4174 flags = hci_inquiry_cache_update(hdev, &data, false);
4175
48264f06 4176 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
04124681 4177 info->dev_class, info->rssi,
af58925c 4178 flags, NULL, 0, NULL, 0);
a9de9248
MH		 4179 }
4180 } else {
4181 struct inquiry_info_with_rssi *info = (void *) (skb->data + 1);
4182
e17acd40 4183 for (; num_rsp; num_rsp--, info++) {
af58925c
MH		 4184 u32 flags;
4185
a9de9248
MH		 4186 bacpy(&data.bdaddr, &info->bdaddr);
4187 data.pscan_rep_mode = info->pscan_rep_mode;
4188 data.pscan_period_mode = info->pscan_period_mode;
4189 data.pscan_mode = 0x00;
4190 memcpy(data.dev_class, info->dev_class, 3);
4191 data.clock_offset = info->clock_offset;
4192 data.rssi = info->rssi;
41a96212 4193 data.ssp_mode = 0x00;
af58925c
MH		 4194
4195 flags = hci_inquiry_cache_update(hdev, &data, false);
4196
48264f06 4197 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
04124681 4198 info->dev_class, info->rssi,
af58925c 4199 flags, NULL, 0, NULL, 0);
a9de9248
MH		 4200 }
4201 }
4202
4203 hci_dev_unlock(hdev);
4204}
4205
6039aa73
GP		 4206static void hci_remote_ext_features_evt(struct hci_dev *hdev,
4207 struct sk_buff *skb)
a9de9248 4208{
41a96212
MH		 4209 struct hci_ev_remote_ext_features *ev = (void *) skb->data;
4210 struct hci_conn *conn;
4211
a9de9248 4212 BT_DBG("%s", hdev->name);
41a96212 4213
41a96212
MH		 4214 hci_dev_lock(hdev);
4215
4216 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
ccd556fe
JH		 4217 if (!conn)
4218 goto unlock;
41a96212 4219
cad718ed
JH		 4220 if (ev->page < HCI_MAX_PAGES)
4221 memcpy(conn->features[ev->page], ev->features, 8);
4222
ccd556fe
JH		 4223 if (!ev->status && ev->page == 0x01) {
4224 struct inquiry_entry *ie;
41a96212 4225
cc11b9c1
AE		 4226 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
4227 if (ie)
02b7cc62 4228 ie->data.ssp_mode = (ev->features[0] & LMP_HOST_SSP);
769be974 4229
bbb0eada 4230 if (ev->features[0] & LMP_HOST_SSP) {
58a681ef 4231 set_bit(HCI_CONN_SSP_ENABLED, &conn->flags);
bbb0eada
JK		 4232 } else {
4233 /* It is mandatory by the Bluetooth specification that
4234 * Extended Inquiry Results are only used when Secure
4235 * Simple Pairing is enabled, but some devices violate
4236 * this.
4237 *
4238 * To make these devices work, the internal SSP
4239 * enabled flag needs to be cleared if the remote host
4240 * features do not indicate SSP support */
4241 clear_bit(HCI_CONN_SSP_ENABLED, &conn->flags);
4242 }
eb9a8f3f
MH		 4243
4244 if (ev->features[0] & LMP_HOST_SC)
4245 set_bit(HCI_CONN_SC_ENABLED, &conn->flags);
ccd556fe
JH		 4246 }
4247
4248 if (conn->state != BT_CONFIG)
4249 goto unlock;
4250
671267bf 4251 if (!ev->status && !test_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags)) {
127178d2
JH		 4252 struct hci_cp_remote_name_req cp;
4253 memset(&cp, 0, sizeof(cp));
4254 bacpy(&cp.bdaddr, &conn->dst);
4255 cp.pscan_rep_mode = 0x02;
4256 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
b644ba33 4257 } else if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
48ec92fa 4258 mgmt_device_connected(hdev, conn, 0, NULL, 0);
392599b9 4259
127178d2 4260 if (!hci_outgoing_auth_needed(hdev, conn)) {
ccd556fe 4261 conn->state = BT_CONNECTED;
539c496d 4262 hci_connect_cfm(conn, ev->status);
76a68ba0 4263 hci_conn_drop(conn);
41a96212
MH		 4264 }
4265
ccd556fe 4266unlock:
41a96212 4267 hci_dev_unlock(hdev);
a9de9248
MH		 4268}
4269
6039aa73
GP		 4270static void hci_sync_conn_complete_evt(struct hci_dev *hdev,
4271 struct sk_buff *skb)
a9de9248 4272{
b6a0dc82
MH		 4273 struct hci_ev_sync_conn_complete *ev = (void *) skb->data;
4274 struct hci_conn *conn;
4275
9f1db00c 4276 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
b6a0dc82
MH		 4277
4278 hci_dev_lock(hdev);
4279
4280 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
9dc0a3af
MH		 4281 if (!conn) {
4282 if (ev->link_type == ESCO_LINK)
4283 goto unlock;
4284
618353b1
KP		 4285 /* When the link type in the event indicates SCO connection
4286 * and lookup of the connection object fails, then check
4287 * if an eSCO connection object exists.
4288 *
4289 * The core limits the synchronous connections to either
4290 * SCO or eSCO. The eSCO connection is preferred and tried
4291 * to be setup first and until successfully established,
4292 * the link type will be hinted as eSCO.
4293 */
9dc0a3af
MH		 4294 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
4295 if (!conn)
4296 goto unlock;
9dc0a3af 4297 }
b6a0dc82 4298
732547f9
MH		 4299 switch (ev->status) {
4300 case 0x00:
b6a0dc82
MH		 4301 conn->handle = __le16_to_cpu(ev->handle);
4302 conn->state = BT_CONNECTED;
618353b1 4303 conn->type = ev->link_type;
7d0db0a3 4304
23b9ceb7 4305 hci_debugfs_create_conn(conn);
7d0db0a3 4306 hci_conn_add_sysfs(conn);
732547f9
MH		 4307 break;
4308
81218d20 4309 case 0x10: /* Connection Accept Timeout */
1a4c958c 4310 case 0x0d: /* Connection Rejected due to Limited Resources */
705e5711 4311 case 0x11: /* Unsupported Feature or Parameter Value */
732547f9 4312 case 0x1c: /* SCO interval rejected */
1038a00b 4313 case 0x1a: /* Unsupported Remote Feature */
56b5453a 4314 case 0x1e: /* Invalid LMP Parameters */
732547f9 4315 case 0x1f: /* Unspecified error */
27539bc4 4316 case 0x20: /* Unsupported LMP Parameter value */
2dea632f 4317 if (conn->out) {
732547f9
MH		 4318 conn->pkt_type = (hdev->esco_type & SCO_ESCO_MASK) |
4319 (hdev->esco_type & EDR_ESCO_MASK);
2dea632f
FD		 4320 if (hci_setup_sync(conn, conn->link->handle))
4321 goto unlock;
732547f9
MH		 4322 }
4323 /* fall through */
4324
4325 default:
b6a0dc82 4326 conn->state = BT_CLOSED;
732547f9
MH		 4327 break;
4328 }
b6a0dc82 4329
1f8330ea
SN		 4330 bt_dev_dbg(hdev, "SCO connected with air mode: %02x", ev->air_mode);
4331
4332 switch (conn->setting & SCO_AIRMODE_MASK) {
4333 case SCO_AIRMODE_CVSD:
4334 if (hdev->notify)
4335 hdev->notify(hdev, HCI_NOTIFY_ENABLE_SCO_CVSD);
4336 break;
4337 case SCO_AIRMODE_TRANSP:
4338 if (hdev->notify)
4339 hdev->notify(hdev, HCI_NOTIFY_ENABLE_SCO_TRANSP);
4340 break;
4341 }
4342
539c496d 4343 hci_connect_cfm(conn, ev->status);
b6a0dc82
MH		 4344 if (ev->status)
4345 hci_conn_del(conn);
4346
4347unlock:
4348 hci_dev_unlock(hdev);
a9de9248
MH		 4349}
4350
efdcf8e3
MH		 4351static inline size_t eir_get_length(u8 *eir, size_t eir_len)
4352{
4353 size_t parsed = 0;
4354
4355 while (parsed < eir_len) {
4356 u8 field_len = eir[0];
4357
4358 if (field_len == 0)
4359 return parsed;
4360
4361 parsed += field_len + 1;
4362 eir += field_len + 1;
4363 }
4364
4365 return eir_len;
4366}
4367
6039aa73
GP		 4368static void hci_extended_inquiry_result_evt(struct hci_dev *hdev,
4369 struct sk_buff *skb)
1da177e4 4370{
a9de9248
MH		 4371 struct inquiry_data data;
4372 struct extended_inquiry_info *info = (void *) (skb->data + 1);
4373 int num_rsp = *((__u8 *) skb->data);
9d939d94 4374 size_t eir_len;
1da177e4 4375
a9de9248 4376 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
1da177e4 4377
a9de9248
MH		 4378 if (!num_rsp)
4379 return;
1da177e4 4380
d7a5a11d 4381 if (hci_dev_test_flag(hdev, HCI_PERIODIC_INQ))
1519cc17
AG		 4382 return;
4383
a9de9248
MH		 4384 hci_dev_lock(hdev);
4385
e17acd40 4386 for (; num_rsp; num_rsp--, info++) {
af58925c
MH		 4387 u32 flags;
4388 bool name_known;
561aafbc 4389
a9de9248 4390 bacpy(&data.bdaddr, &info->bdaddr);
138d22ef
SJ		 4391 data.pscan_rep_mode = info->pscan_rep_mode;
4392 data.pscan_period_mode = info->pscan_period_mode;
4393 data.pscan_mode = 0x00;
a9de9248 4394 memcpy(data.dev_class, info->dev_class, 3);
138d22ef
SJ		 4395 data.clock_offset = info->clock_offset;
4396 data.rssi = info->rssi;
41a96212 4397 data.ssp_mode = 0x01;
561aafbc 4398
d7a5a11d 4399 if (hci_dev_test_flag(hdev, HCI_MGMT))
0d3b7f64
JH		 4400 name_known = eir_get_data(info->data,
4401 sizeof(info->data),
4402 EIR_NAME_COMPLETE, NULL);
561aafbc
JH		 4403 else
4404 name_known = true;
4405
af58925c
MH		 4406 flags = hci_inquiry_cache_update(hdev, &data, name_known);
4407
9d939d94 4408 eir_len = eir_get_length(info->data, sizeof(info->data));
af58925c 4409
48264f06 4410 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
af58925c
MH		 4411 info->dev_class, info->rssi,
4412 flags, info->data, eir_len, NULL, 0);
a9de9248
MH		 4413 }
4414
4415 hci_dev_unlock(hdev);
4416}
1da177e4 4417
1c2e0041
JH		 4418static void hci_key_refresh_complete_evt(struct hci_dev *hdev,
4419 struct sk_buff *skb)
4420{
4421 struct hci_ev_key_refresh_complete *ev = (void *) skb->data;
4422 struct hci_conn *conn;
4423
9f1db00c 4424 BT_DBG("%s status 0x%2.2x handle 0x%4.4x", hdev->name, ev->status,
1c2e0041
JH		 4425 __le16_to_cpu(ev->handle));
4426
4427 hci_dev_lock(hdev);
4428
4429 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
4430 if (!conn)
4431 goto unlock;
4432
9eb1fbfa
JH		 4433 /* For BR/EDR the necessary steps are taken through the
4434 * auth_complete event.
4435 */
4436 if (conn->type != LE_LINK)
4437 goto unlock;
4438
1c2e0041
JH		 4439 if (!ev->status)
4440 conn->sec_level = conn->pending_sec_level;
4441
4442 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
4443
4444 if (ev->status && conn->state == BT_CONNECTED) {
bed71748 4445 hci_disconnect(conn, HCI_ERROR_AUTH_FAILURE);
76a68ba0 4446 hci_conn_drop(conn);
1c2e0041
JH		 4447 goto unlock;
4448 }
4449
4450 if (conn->state == BT_CONFIG) {
4451 if (!ev->status)
4452 conn->state = BT_CONNECTED;
4453
539c496d 4454 hci_connect_cfm(conn, ev->status);
76a68ba0 4455 hci_conn_drop(conn);
1c2e0041
JH		 4456 } else {
4457 hci_auth_cfm(conn, ev->status);
4458
4459 hci_conn_hold(conn);
4460 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
76a68ba0 4461 hci_conn_drop(conn);
1c2e0041
JH		 4462 }
4463
4464unlock:
4465 hci_dev_unlock(hdev);
4466}
4467
6039aa73 4468static u8 hci_get_auth_req(struct hci_conn *conn)
17fa4b9d 4469{
17fa4b9d 4470 /* If remote requests no-bonding follow that lead */
acabae96
MA		 4471 if (conn->remote_auth == HCI_AT_NO_BONDING ||
4472 conn->remote_auth == HCI_AT_NO_BONDING_MITM)
58797bf7 4473 return conn->remote_auth | (conn->auth_type & 0x01);
17fa4b9d 4474
b7f94c88
MA		 4475 /* If both remote and local have enough IO capabilities, require
4476 * MITM protection
4477 */
4478 if (conn->remote_cap != HCI_IO_NO_INPUT_OUTPUT &&
4479 conn->io_capability != HCI_IO_NO_INPUT_OUTPUT)
4480 return conn->remote_auth | 0x01;
4481
7e74170a
TM		 4482 /* No MITM protection possible so ignore remote requirement */
4483 return (conn->remote_auth & ~0x01) | (conn->auth_type & 0x01);
17fa4b9d
JH		 4484}
4485
a83ed81e
MH		 4486static u8 bredr_oob_data_present(struct hci_conn *conn)
4487{
4488 struct hci_dev *hdev = conn->hdev;
4489 struct oob_data *data;
4490
4491 data = hci_find_remote_oob_data(hdev, &conn->dst, BDADDR_BREDR);
4492 if (!data)
4493 return 0x00;
4494
455c2ff0
MH		 4495 if (bredr_sc_enabled(hdev)) {
4496 /* When Secure Connections is enabled, then just
4497 * return the present value stored with the OOB
4498 * data. The stored value contains the right present
4499 * information. However it can only be trusted when
4500 * not in Secure Connection Only mode.
4501 */
4502 if (!hci_dev_test_flag(hdev, HCI_SC_ONLY))
4503 return data->present;
659c7fb0 4504
455c2ff0
MH		 4505 /* When Secure Connections Only mode is enabled, then
4506 * the P-256 values are required. If they are not
4507 * available, then do not declare that OOB data is
4508 * present.
659c7fb0 4509 */
455c2ff0
MH		 4510 if (!memcmp(data->rand256, ZERO_KEY, 16) ||
4511 !memcmp(data->hash256, ZERO_KEY, 16))
659c7fb0
MH		 4512 return 0x00;
4513
455c2ff0 4514 return 0x02;
659c7fb0 4515 }
a83ed81e 4516
455c2ff0
MH		 4517 /* When Secure Connections is not enabled or actually
4518 * not supported by the hardware, then check that if
4519 * P-192 data values are present.
4520 */
4521 if (!memcmp(data->rand192, ZERO_KEY, 16) ||
4522 !memcmp(data->hash192, ZERO_KEY, 16))
4523 return 0x00;
4524
4525 return 0x01;
a83ed81e
MH		 4526}
4527
6039aa73 4528static void hci_io_capa_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
0493684e
MH		 4529{
4530 struct hci_ev_io_capa_request *ev = (void *) skb->data;
4531 struct hci_conn *conn;
4532
4533 BT_DBG("%s", hdev->name);
4534
4535 hci_dev_lock(hdev);
4536
4537 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
03b555e1
JH		 4538 if (!conn)
4539 goto unlock;
4540
4541 hci_conn_hold(conn);
4542
d7a5a11d 4543 if (!hci_dev_test_flag(hdev, HCI_MGMT))
03b555e1
JH		 4544 goto unlock;
4545
2f407f0a
JH		 4546 /* Allow pairing if we're pairable, the initiators of the
4547 * pairing or if the remote is not requesting bonding.
4548 */
d7a5a11d 4549 if (hci_dev_test_flag(hdev, HCI_BONDABLE) ||
2f407f0a 4550 test_bit(HCI_CONN_AUTH_INITIATOR, &conn->flags) ||
807deac2 4551 (conn->remote_auth & ~0x01) == HCI_AT_NO_BONDING) {
17fa4b9d
JH		 4552 struct hci_cp_io_capability_reply cp;
4553
4554 bacpy(&cp.bdaddr, &ev->bdaddr);
7a7f1e7c
HG		 4555 /* Change the IO capability from KeyboardDisplay
4556 * to DisplayYesNo as it is not supported by BT spec. */
4557 cp.capability = (conn->io_capability == 0x04) ?
a767631a 4558 HCI_IO_DISPLAY_YESNO : conn->io_capability;
b7f94c88
MA		 4559
4560 /* If we are initiators, there is no remote information yet */
4561 if (conn->remote_auth == 0xff) {
b16c6604 4562 /* Request MITM protection if our IO caps allow it
4ad51a75 4563 * except for the no-bonding case.
b16c6604 4564 */
6fd6b915 4565 if (conn->io_capability != HCI_IO_NO_INPUT_OUTPUT &&
9f743d74 4566 conn->auth_type != HCI_AT_NO_BONDING)
6c53823a 4567 conn->auth_type |= 0x01;
b7f94c88
MA		 4568 } else {
4569 conn->auth_type = hci_get_auth_req(conn);
b7f94c88 4570 }
17fa4b9d 4571
82c295b1
JH		 4572 /* If we're not bondable, force one of the non-bondable
4573 * authentication requirement values.
4574 */
d7a5a11d 4575 if (!hci_dev_test_flag(hdev, HCI_BONDABLE))
82c295b1
JH		 4576 conn->auth_type &= HCI_AT_NO_BONDING_MITM;
4577
4578 cp.authentication = conn->auth_type;
a83ed81e 4579 cp.oob_data = bredr_oob_data_present(conn);
ce85ee13 4580
17fa4b9d 4581 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_REPLY,
807deac2 4582 sizeof(cp), &cp);
03b555e1
JH		 4583 } else {
4584 struct hci_cp_io_capability_neg_reply cp;
4585
4586 bacpy(&cp.bdaddr, &ev->bdaddr);
9f5a0d7b 4587 cp.reason = HCI_ERROR_PAIRING_NOT_ALLOWED;
0493684e 4588
03b555e1 4589 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_NEG_REPLY,
807deac2 4590 sizeof(cp), &cp);
03b555e1
JH		 4591 }
4592
4593unlock:
4594 hci_dev_unlock(hdev);
4595}
4596
6039aa73 4597static void hci_io_capa_reply_evt(struct hci_dev *hdev, struct sk_buff *skb)
03b555e1
JH		 4598{
4599 struct hci_ev_io_capa_reply *ev = (void *) skb->data;
4600 struct hci_conn *conn;
4601
4602 BT_DBG("%s", hdev->name);
4603
4604 hci_dev_lock(hdev);
4605
4606 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
4607 if (!conn)
4608 goto unlock;
4609
03b555e1 4610 conn->remote_cap = ev->capability;
03b555e1
JH		 4611 conn->remote_auth = ev->authentication;
4612
4613unlock:
0493684e
MH		 4614 hci_dev_unlock(hdev);
4615}
4616
6039aa73
GP		 4617static void hci_user_confirm_request_evt(struct hci_dev *hdev,
4618 struct sk_buff *skb)
a5c29683
JH		 4619{
4620 struct hci_ev_user_confirm_req *ev = (void *) skb->data;
55bc1a37 4621 int loc_mitm, rem_mitm, confirm_hint = 0;
7a828908 4622 struct hci_conn *conn;
a5c29683
JH		 4623
4624 BT_DBG("%s", hdev->name);
4625
4626 hci_dev_lock(hdev);
4627
d7a5a11d 4628 if (!hci_dev_test_flag(hdev, HCI_MGMT))
7a828908 4629 goto unlock;
a5c29683 4630
7a828908
JH		 4631 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
4632 if (!conn)
4633 goto unlock;
4634
4635 loc_mitm = (conn->auth_type & 0x01);
4636 rem_mitm = (conn->remote_auth & 0x01);
4637
4638 /* If we require MITM but the remote device can't provide that
6c53823a
JH		 4639 * (it has NoInputNoOutput) then reject the confirmation
4640 * request. We check the security level here since it doesn't
4641 * necessarily match conn->auth_type.
6fd6b915 4642 */
6c53823a
JH		 4643 if (conn->pending_sec_level > BT_SECURITY_MEDIUM &&
4644 conn->remote_cap == HCI_IO_NO_INPUT_OUTPUT) {
7a828908
JH		 4645 BT_DBG("Rejecting request: remote device can't provide MITM");
4646 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_NEG_REPLY,
807deac2 4647 sizeof(ev->bdaddr), &ev->bdaddr);
7a828908
JH		 4648 goto unlock;
4649 }
4650
4651 /* If no side requires MITM protection; auto-accept */
a767631a
MA		 4652 if ((!loc_mitm || conn->remote_cap == HCI_IO_NO_INPUT_OUTPUT) &&
4653 (!rem_mitm || conn->io_capability == HCI_IO_NO_INPUT_OUTPUT)) {
55bc1a37
JH		 4654
4655 /* If we're not the initiators request authorization to
4656 * proceed from user space (mgmt_user_confirm with
ba15a58b 4657 * confirm_hint set to 1). The exception is if neither
02f3e254
JH		 4658 * side had MITM or if the local IO capability is
4659 * NoInputNoOutput, in which case we do auto-accept
ba15a58b
JH		 4660 */
4661 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->flags) &&
02f3e254 4662 conn->io_capability != HCI_IO_NO_INPUT_OUTPUT &&
ba15a58b 4663 (loc_mitm || rem_mitm)) {
55bc1a37
JH		 4664 BT_DBG("Confirming auto-accept as acceptor");
4665 confirm_hint = 1;
4666 goto confirm;
4667 }
4668
cee5f20f
HC		 4669 /* If there already exists link key in local host, leave the
4670 * decision to user space since the remote device could be
4671 * legitimate or malicious.
4672 */
4673 if (hci_find_link_key(hdev, &ev->bdaddr)) {
4674 bt_dev_dbg(hdev, "Local host already has link key");
4675 confirm_hint = 1;
4676 goto confirm;
4677 }
4678
9f61656a 4679 BT_DBG("Auto-accept of user confirmation with %ums delay",
807deac2 4680 hdev->auto_accept_delay);
9f61656a
JH		 4681
4682 if (hdev->auto_accept_delay > 0) {
4683 int delay = msecs_to_jiffies(hdev->auto_accept_delay);
7bc18d9d
JH		 4684 queue_delayed_work(conn->hdev->workqueue,
4685 &conn->auto_accept_work, delay);
9f61656a
JH		 4686 goto unlock;
4687 }
4688
7a828908 4689 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_REPLY,
807deac2 4690 sizeof(ev->bdaddr), &ev->bdaddr);
7a828908
JH		 4691 goto unlock;
4692 }
4693
55bc1a37 4694confirm:
39adbffe
JH		 4695 mgmt_user_confirm_request(hdev, &ev->bdaddr, ACL_LINK, 0,
4696 le32_to_cpu(ev->passkey), confirm_hint);
7a828908
JH		 4697
4698unlock:
a5c29683
JH		 4699 hci_dev_unlock(hdev);
4700}
4701
6039aa73
GP		 4702static void hci_user_passkey_request_evt(struct hci_dev *hdev,
4703 struct sk_buff *skb)
1143d458
BG		 4704{
4705 struct hci_ev_user_passkey_req *ev = (void *) skb->data;
4706
4707 BT_DBG("%s", hdev->name);
4708
d7a5a11d 4709 if (hci_dev_test_flag(hdev, HCI_MGMT))
272d90df 4710 mgmt_user_passkey_request(hdev, &ev->bdaddr, ACL_LINK, 0);
1143d458
BG		 4711}
4712
92a25256
JH		 4713static void hci_user_passkey_notify_evt(struct hci_dev *hdev,
4714 struct sk_buff *skb)
4715{
4716 struct hci_ev_user_passkey_notify *ev = (void *) skb->data;
4717 struct hci_conn *conn;
4718
4719 BT_DBG("%s", hdev->name);
4720
4721 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
4722 if (!conn)
4723 return;
4724
4725 conn->passkey_notify = __le32_to_cpu(ev->passkey);
4726 conn->passkey_entered = 0;
4727
d7a5a11d 4728 if (hci_dev_test_flag(hdev, HCI_MGMT))
92a25256
JH		 4729 mgmt_user_passkey_notify(hdev, &conn->dst, conn->type,
4730 conn->dst_type, conn->passkey_notify,
4731 conn->passkey_entered);
4732}
4733
4734static void hci_keypress_notify_evt(struct hci_dev *hdev, struct sk_buff *skb)
4735{
4736 struct hci_ev_keypress_notify *ev = (void *) skb->data;
4737 struct hci_conn *conn;
4738
4739 BT_DBG("%s", hdev->name);
4740
4741 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
4742 if (!conn)
4743 return;
4744
4745 switch (ev->type) {
4746 case HCI_KEYPRESS_STARTED:
4747 conn->passkey_entered = 0;
4748 return;
4749
4750 case HCI_KEYPRESS_ENTERED:
4751 conn->passkey_entered++;
4752 break;
4753
4754 case HCI_KEYPRESS_ERASED:
4755 conn->passkey_entered--;
4756 break;
4757
4758 case HCI_KEYPRESS_CLEARED:
4759 conn->passkey_entered = 0;
4760 break;
4761
4762 case HCI_KEYPRESS_COMPLETED:
4763 return;
4764 }
4765
d7a5a11d 4766 if (hci_dev_test_flag(hdev, HCI_MGMT))
92a25256
JH		 4767 mgmt_user_passkey_notify(hdev, &conn->dst, conn->type,
4768 conn->dst_type, conn->passkey_notify,
4769 conn->passkey_entered);
4770}
4771
6039aa73
GP		 4772static void hci_simple_pair_complete_evt(struct hci_dev *hdev,
4773 struct sk_buff *skb)
0493684e
MH		 4774{
4775 struct hci_ev_simple_pair_complete *ev = (void *) skb->data;
4776 struct hci_conn *conn;
4777
4778 BT_DBG("%s", hdev->name);
4779
4780 hci_dev_lock(hdev);
4781
4782 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2a611692
JH		 4783 if (!conn)
4784 goto unlock;
4785
c1d4fa7a
JH		 4786 /* Reset the authentication requirement to unknown */
4787 conn->remote_auth = 0xff;
4788
2a611692
JH		 4789 /* To avoid duplicate auth_failed events to user space we check
4790 * the HCI_CONN_AUTH_PEND flag which will be set if we
4791 * initiated the authentication. A traditional auth_complete
4792 * event gets always produced as initiator and is also mapped to
4793 * the mgmt_auth_failed event */
fa1bd918 4794 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->flags) && ev->status)
e1e930f5 4795 mgmt_auth_failed(conn, ev->status);
0493684e 4796
76a68ba0 4797 hci_conn_drop(conn);
2a611692
JH		 4798
4799unlock:
0493684e
MH		 4800 hci_dev_unlock(hdev);
4801}
4802
6039aa73
GP		 4803static void hci_remote_host_features_evt(struct hci_dev *hdev,
4804 struct sk_buff *skb)
41a96212
MH		 4805{
4806 struct hci_ev_remote_host_features *ev = (void *) skb->data;
4807 struct inquiry_entry *ie;
cad718ed 4808 struct hci_conn *conn;
41a96212
MH		 4809
4810 BT_DBG("%s", hdev->name);
4811
4812 hci_dev_lock(hdev);
4813
cad718ed
JH		 4814 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
4815 if (conn)
4816 memcpy(conn->features[1], ev->features, 8);
4817
cc11b9c1
AE		 4818 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
4819 if (ie)
02b7cc62 4820 ie->data.ssp_mode = (ev->features[0] & LMP_HOST_SSP);
41a96212
MH		 4821
4822 hci_dev_unlock(hdev);
4823}
4824
6039aa73
GP		 4825static void hci_remote_oob_data_request_evt(struct hci_dev *hdev,
4826 struct sk_buff *skb)
2763eda6
SJ		 4827{
4828 struct hci_ev_remote_oob_data_request *ev = (void *) skb->data;
4829 struct oob_data *data;
4830
4831 BT_DBG("%s", hdev->name);
4832
4833 hci_dev_lock(hdev);
4834
d7a5a11d 4835 if (!hci_dev_test_flag(hdev, HCI_MGMT))
e1ba1f15
SJ		 4836 goto unlock;
4837
6928a924 4838 data = hci_find_remote_oob_data(hdev, &ev->bdaddr, BDADDR_BREDR);
6665d057
MH		 4839 if (!data) {
4840 struct hci_cp_remote_oob_data_neg_reply cp;
519ca9d0 4841
6665d057
MH		 4842 bacpy(&cp.bdaddr, &ev->bdaddr);
4843 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_NEG_REPLY,
4844 sizeof(cp), &cp);
4845 goto unlock;
4846 }
2763eda6 4847
6665d057
MH		 4848 if (bredr_sc_enabled(hdev)) {
4849 struct hci_cp_remote_oob_ext_data_reply cp;
519ca9d0 4850
6665d057 4851 bacpy(&cp.bdaddr, &ev->bdaddr);
d7a5a11d 4852 if (hci_dev_test_flag(hdev, HCI_SC_ONLY)) {
6665d057
MH		 4853 memset(cp.hash192, 0, sizeof(cp.hash192));
4854 memset(cp.rand192, 0, sizeof(cp.rand192));
4855 } else {
4856 memcpy(cp.hash192, data->hash192, sizeof(cp.hash192));
4857 memcpy(cp.rand192, data->rand192, sizeof(cp.rand192));
519ca9d0 4858 }
6665d057
MH		 4859 memcpy(cp.hash256, data->hash256, sizeof(cp.hash256));
4860 memcpy(cp.rand256, data->rand256, sizeof(cp.rand256));
4861
4862 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_EXT_DATA_REPLY,
4863 sizeof(cp), &cp);
2763eda6 4864 } else {
6665d057 4865 struct hci_cp_remote_oob_data_reply cp;
2763eda6
SJ		 4866
4867 bacpy(&cp.bdaddr, &ev->bdaddr);
6665d057
MH		 4868 memcpy(cp.hash, data->hash192, sizeof(cp.hash));
4869 memcpy(cp.rand, data->rand192, sizeof(cp.rand));
4870
4871 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_REPLY,
519ca9d0 4872 sizeof(cp), &cp);
2763eda6
SJ		 4873 }
4874
e1ba1f15 4875unlock:
2763eda6
SJ		 4876 hci_dev_unlock(hdev);
4877}
4878
a77a6a14
AW		 4879#if IS_ENABLED(CONFIG_BT_HS)
4880static void hci_chan_selected_evt(struct hci_dev *hdev, struct sk_buff *skb)
4881{
4882 struct hci_ev_channel_selected *ev = (void *)skb->data;
4883 struct hci_conn *hcon;
4884
4885 BT_DBG("%s handle 0x%2.2x", hdev->name, ev->phy_handle);
4886
4887 skb_pull(skb, sizeof(*ev));
4888
4889 hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
4890 if (!hcon)
4891 return;
4892
4893 amp_read_loc_assoc_final_data(hdev, hcon);
4894}
4895
d5e91192
AE		 4896static void hci_phy_link_complete_evt(struct hci_dev *hdev,
4897 struct sk_buff *skb)
4898{
4899 struct hci_ev_phy_link_complete *ev = (void *) skb->data;
4900 struct hci_conn *hcon, *bredr_hcon;
4901
4902 BT_DBG("%s handle 0x%2.2x status 0x%2.2x", hdev->name, ev->phy_handle,
4903 ev->status);
4904
4905 hci_dev_lock(hdev);
4906
4907 hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
4908 if (!hcon) {
4909 hci_dev_unlock(hdev);
4910 return;
4911 }
4912
4913 if (ev->status) {
4914 hci_conn_del(hcon);
4915 hci_dev_unlock(hdev);
4916 return;
4917 }
4918
4919 bredr_hcon = hcon->amp_mgr->l2cap_conn->hcon;
4920
4921 hcon->state = BT_CONNECTED;
4922 bacpy(&hcon->dst, &bredr_hcon->dst);
4923
4924 hci_conn_hold(hcon);
4925 hcon->disc_timeout = HCI_DISCONN_TIMEOUT;
76a68ba0 4926 hci_conn_drop(hcon);
d5e91192 4927
23b9ceb7 4928 hci_debugfs_create_conn(hcon);
d5e91192
AE		 4929 hci_conn_add_sysfs(hcon);
4930
cf70ff22 4931 amp_physical_cfm(bredr_hcon, hcon);
d5e91192 4932
cf70ff22 4933 hci_dev_unlock(hdev);
d5e91192
AE		 4934}
4935
27695fb4
AE		 4936static void hci_loglink_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
4937{
4938 struct hci_ev_logical_link_complete *ev = (void *) skb->data;
4939 struct hci_conn *hcon;
4940 struct hci_chan *hchan;
4941 struct amp_mgr *mgr;
4942
4943 BT_DBG("%s log_handle 0x%4.4x phy_handle 0x%2.2x status 0x%2.2x",
4944 hdev->name, le16_to_cpu(ev->handle), ev->phy_handle,
4945 ev->status);
4946
4947 hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
4948 if (!hcon)
4949 return;
4950
4951 /* Create AMP hchan */
4952 hchan = hci_chan_create(hcon);
4953 if (!hchan)
4954 return;
4955
4956 hchan->handle = le16_to_cpu(ev->handle);
4957
4958 BT_DBG("hcon %p mgr %p hchan %p", hcon, hcon->amp_mgr, hchan);
4959
4960 mgr = hcon->amp_mgr;
4961 if (mgr && mgr->bredr_chan) {
4962 struct l2cap_chan *bredr_chan = mgr->bredr_chan;
4963
4964 l2cap_chan_lock(bredr_chan);
4965
4966 bredr_chan->conn->mtu = hdev->block_mtu;
4967 l2cap_logical_cfm(bredr_chan, hchan, 0);
4968 hci_conn_hold(hcon);
4969
4970 l2cap_chan_unlock(bredr_chan);
4971 }
4972}
4973
606e2a10
AE		 4974static void hci_disconn_loglink_complete_evt(struct hci_dev *hdev,
4975 struct sk_buff *skb)
4976{
4977 struct hci_ev_disconn_logical_link_complete *ev = (void *) skb->data;
4978 struct hci_chan *hchan;
4979
4980 BT_DBG("%s log handle 0x%4.4x status 0x%2.2x", hdev->name,
4981 le16_to_cpu(ev->handle), ev->status);
4982
4983 if (ev->status)
4984 return;
4985
4986 hci_dev_lock(hdev);
4987
4988 hchan = hci_chan_lookup_handle(hdev, le16_to_cpu(ev->handle));
4989 if (!hchan)
4990 goto unlock;
4991
4992 amp_destroy_logical_link(hchan, ev->reason);
4993
4994unlock:
4995 hci_dev_unlock(hdev);
4996}
4997
9eef6b3a
AE		 4998static void hci_disconn_phylink_complete_evt(struct hci_dev *hdev,
4999 struct sk_buff *skb)
5000{
5001 struct hci_ev_disconn_phy_link_complete *ev = (void *) skb->data;
5002 struct hci_conn *hcon;
5003
5004 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
5005
5006 if (ev->status)
5007 return;
5008
5009 hci_dev_lock(hdev);
5010
5011 hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
5012 if (hcon) {
5013 hcon->state = BT_CLOSED;
5014 hci_conn_del(hcon);
5015 }
5016
5017 hci_dev_unlock(hdev);
5018}
a77a6a14 5019#endif
9eef6b3a 5020
d12fb056
JK		 5021static void le_conn_complete_evt(struct hci_dev *hdev, u8 status,
5022 bdaddr_t *bdaddr, u8 bdaddr_type, u8 role, u16 handle,
5023 u16 interval, u16 latency, u16 supervision_timeout)
fcd89c09 5024{
912b42ef 5025 struct hci_conn_params *params;
fcd89c09 5026 struct hci_conn *conn;
68d6f6de 5027 struct smp_irk *irk;
837d502e 5028 u8 addr_type;
fcd89c09 5029
fcd89c09
VT		 5030 hci_dev_lock(hdev);
5031
fbd96c15
JH		 5032 /* All controllers implicitly stop advertising in the event of a
5033 * connection, so ensure that the state bit is cleared.
5034 */
a358dc11 5035 hci_dev_clear_flag(hdev, HCI_LE_ADV);
fbd96c15 5036
e7d9ab73 5037 conn = hci_lookup_le_connect(hdev);
b62f328b 5038 if (!conn) {
d12fb056 5039 conn = hci_conn_add(hdev, LE_LINK, bdaddr, role);
b62f328b 5040 if (!conn) {
2064ee33 5041 bt_dev_err(hdev, "no memory for new connection");
230fd16a 5042 goto unlock;
b62f328b 5043 }
29b7988a 5044
d12fb056 5045 conn->dst_type = bdaddr_type;
b9b343d2 5046
cb1d68f7
JH		 5047 /* If we didn't have a hci_conn object previously
5048 * but we're in master role this must be something
5049 * initiated using a white list. Since white list based
5050 * connections are not "first class citizens" we don't
5051 * have full tracking of them. Therefore, we go ahead
5052 * with a "best effort" approach of determining the
5053 * initiator address based on the HCI_PRIVACY flag.
5054 */
5055 if (conn->out) {
d12fb056
JK		 5056 conn->resp_addr_type = bdaddr_type;
5057 bacpy(&conn->resp_addr, bdaddr);
d7a5a11d 5058 if (hci_dev_test_flag(hdev, HCI_PRIVACY)) {
cb1d68f7
JH		 5059 conn->init_addr_type = ADDR_LE_DEV_RANDOM;
5060 bacpy(&conn->init_addr, &hdev->rpa);
5061 } else {
5062 hci_copy_identity_address(hdev,
5063 &conn->init_addr,
5064 &conn->init_addr_type);
5065 }
cb1d68f7 5066 }
9489eca4
JH		 5067 } else {
5068 cancel_delayed_work(&conn->le_conn_timeout);
b62f328b 5069 }
fcd89c09 5070
80c24ab8
JH		 5071 if (!conn->out) {
5072 /* Set the responder (our side) address type based on
5073 * the advertising address type.
5074 */
5075 conn->resp_addr_type = hdev->adv_addr_type;
acf0aeae
JK		 5076 if (hdev->adv_addr_type == ADDR_LE_DEV_RANDOM) {
5077 /* In case of ext adv, resp_addr will be updated in
5078 * Adv Terminated event.
5079 */
5080 if (!ext_adv_capable(hdev))
5081 bacpy(&conn->resp_addr, &hdev->random_addr);
5082 } else {
80c24ab8 5083 bacpy(&conn->resp_addr, &hdev->bdaddr);
acf0aeae 5084 }
80c24ab8 5085
d12fb056
JK		 5086 conn->init_addr_type = bdaddr_type;
5087 bacpy(&conn->init_addr, bdaddr);
a720d735
MH		 5088
5089 /* For incoming connections, set the default minimum
5090 * and maximum connection interval. They will be used
5091 * to check if the parameters are in range and if not
5092 * trigger the connection update procedure.
5093 */
5094 conn->le_conn_min_interval = hdev->le_conn_min_interval;
5095 conn->le_conn_max_interval = hdev->le_conn_max_interval;
80c24ab8 5096 }
7be2edbb 5097
edb4b466
MH		 5098 /* Lookup the identity address from the stored connection
5099 * address and address type.
5100 *
5101 * When establishing connections to an identity address, the
5102 * connection procedure will store the resolvable random
5103 * address first. Now if it can be converted back into the
5104 * identity address, start using the identity address from
5105 * now on.
5106 */
5107 irk = hci_get_irk(hdev, &conn->dst, conn->dst_type);
68d6f6de
JH		 5108 if (irk) {
5109 bacpy(&conn->dst, &irk->bdaddr);
5110 conn->dst_type = irk->addr_type;
5111 }
5112
d12fb056
JK		 5113 if (status) {
5114 hci_le_conn_failed(conn, status);
837d502e
JH		 5115 goto unlock;
5116 }
5117
08853f18
JH		 5118 if (conn->dst_type == ADDR_LE_DEV_PUBLIC)
5119 addr_type = BDADDR_LE_PUBLIC;
5120 else
5121 addr_type = BDADDR_LE_RANDOM;
5122
2d3c2260
JH		 5123 /* Drop the connection if the device is blocked */
5124 if (hci_bdaddr_list_lookup(&hdev->blacklist, &conn->dst, addr_type)) {
5125 hci_conn_drop(conn);
cd17decb
AG		 5126 goto unlock;
5127 }
5128
b644ba33 5129 if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
48ec92fa 5130 mgmt_device_connected(hdev, conn, 0, NULL, 0);
83bc71b4 5131
7b5c0d52 5132 conn->sec_level = BT_SECURITY_LOW;
d12fb056 5133 conn->handle = handle;
0fe29fd1 5134 conn->state = BT_CONFIG;
fcd89c09 5135
d12fb056
JK		 5136 conn->le_conn_interval = interval;
5137 conn->le_conn_latency = latency;
5138 conn->le_supv_timeout = supervision_timeout;
e04fde60 5139
23b9ceb7 5140 hci_debugfs_create_conn(conn);
fcd89c09
VT		 5141 hci_conn_add_sysfs(conn);
5142
d17010bf
CIK		 5143 /* The remote features procedure is defined for master
5144 * role only. So only in case of an initiated connection
5145 * request the remote features.
5146 *
5147 * If the local controller supports slave-initiated features
5148 * exchange, then requesting the remote features in slave
5149 * role is possible. Otherwise just transition into the
5150 * connected state without requesting the remote features.
5151 */
5152 if (conn->out ||
5153 (hdev->le_features[0] & HCI_LE_SLAVE_FEATURES)) {
5154 struct hci_cp_le_read_remote_features cp;
0fe29fd1 5155
d17010bf 5156 cp.handle = __cpu_to_le16(conn->handle);
0fe29fd1 5157
d17010bf
CIK		 5158 hci_send_cmd(hdev, HCI_OP_LE_READ_REMOTE_FEATURES,
5159 sizeof(cp), &cp);
0fe29fd1 5160
d17010bf 5161 hci_conn_hold(conn);
0fe29fd1 5162 } else {
d17010bf 5163 conn->state = BT_CONNECTED;
d12fb056 5164 hci_connect_cfm(conn, status);
0fe29fd1 5165 }
fcd89c09 5166
5477610f
JH		 5167 params = hci_pend_le_action_lookup(&hdev->pend_le_conns, &conn->dst,
5168 conn->dst_type);
f161dd41 5169 if (params) {
95305baa 5170 list_del_init(&params->action);
f161dd41
JH		 5171 if (params->conn) {
5172 hci_conn_drop(params->conn);
f8aaf9b6 5173 hci_conn_put(params->conn);
f161dd41
JH		 5174 params->conn = NULL;
5175 }
5176 }
a4790dbd 5177
fcd89c09 5178unlock:
223683a5 5179 hci_update_background_scan(hdev);
fcd89c09
VT		 5180 hci_dev_unlock(hdev);
5181}
5182
d12fb056
JK		 5183static void hci_le_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
5184{
5185 struct hci_ev_le_conn_complete *ev = (void *) skb->data;
5186
5187 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
5188
5189 le_conn_complete_evt(hdev, ev->status, &ev->bdaddr, ev->bdaddr_type,
5190 ev->role, le16_to_cpu(ev->handle),
5191 le16_to_cpu(ev->interval),
5192 le16_to_cpu(ev->latency),
5193 le16_to_cpu(ev->supervision_timeout));
5194}
5195
4d94f95d
JK		 5196static void hci_le_enh_conn_complete_evt(struct hci_dev *hdev,
5197 struct sk_buff *skb)
5198{
5199 struct hci_ev_le_enh_conn_complete *ev = (void *) skb->data;
5200
5201 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
5202
5203 le_conn_complete_evt(hdev, ev->status, &ev->bdaddr, ev->bdaddr_type,
5204 ev->role, le16_to_cpu(ev->handle),
5205 le16_to_cpu(ev->interval),
5206 le16_to_cpu(ev->latency),
5207 le16_to_cpu(ev->supervision_timeout));
5208}
5209
acf0aeae
JK		 5210static void hci_le_ext_adv_term_evt(struct hci_dev *hdev, struct sk_buff *skb)
5211{
5212 struct hci_evt_le_ext_adv_set_term *ev = (void *) skb->data;
5213 struct hci_conn *conn;
5214
5215 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
5216
5217 if (ev->status)
5218 return;
5219
5220 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->conn_handle));
5221 if (conn) {
5222 struct adv_info *adv_instance;
5223
5224 if (hdev->adv_addr_type != ADDR_LE_DEV_RANDOM)
5225 return;
5226
5227 if (!hdev->cur_adv_instance) {
5228 bacpy(&conn->resp_addr, &hdev->random_addr);
5229 return;
5230 }
5231
5232 adv_instance = hci_find_adv_instance(hdev, hdev->cur_adv_instance);
5233 if (adv_instance)
5234 bacpy(&conn->resp_addr, &adv_instance->random_addr);
5235 }
5236}
5237
1855d92d
MH		 5238static void hci_le_conn_update_complete_evt(struct hci_dev *hdev,
5239 struct sk_buff *skb)
5240{
5241 struct hci_ev_le_conn_update_complete *ev = (void *) skb->data;
5242 struct hci_conn *conn;
5243
5244 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
5245
5246 if (ev->status)
5247 return;
5248
5249 hci_dev_lock(hdev);
5250
5251 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
5252 if (conn) {
5253 conn->le_conn_interval = le16_to_cpu(ev->interval);
5254 conn->le_conn_latency = le16_to_cpu(ev->latency);
5255 conn->le_supv_timeout = le16_to_cpu(ev->supervision_timeout);
5256 }
5257
5258 hci_dev_unlock(hdev);
5259}
5260
a4790dbd 5261/* This function requires the caller holds hdev->lock */
fd45ada9
AA		 5262static struct hci_conn *check_pending_le_conn(struct hci_dev *hdev,
5263 bdaddr_t *addr,
082f2300
SJ		 5264 u8 addr_type, u8 adv_type,
5265 bdaddr_t *direct_rpa)
a4790dbd
AG		 5266{
5267 struct hci_conn *conn;
4b9e7e75 5268 struct hci_conn_params *params;
a4790dbd 5269
1c1abcab
JH		 5270 /* If the event is not connectable don't proceed further */
5271 if (adv_type != LE_ADV_IND && adv_type != LE_ADV_DIRECT_IND)
fd45ada9 5272 return NULL;
1c1abcab
JH		 5273
5274 /* Ignore if the device is blocked */
dcc36c16 5275 if (hci_bdaddr_list_lookup(&hdev->blacklist, addr, addr_type))
fd45ada9 5276 return NULL;
1c1abcab 5277
f99353cf
JH		 5278 /* Most controller will fail if we try to create new connections
5279 * while we have an existing one in slave role.
5280 */
4364f2e9
AM		 5281 if (hdev->conn_hash.le_num_slave > 0 &&
5282 (!test_bit(HCI_QUIRK_VALID_LE_STATES, &hdev->quirks) ||
5283 !(hdev->le_states[3] & 0x10)))
fd45ada9 5284 return NULL;
f99353cf 5285
1c1abcab
JH		 5286 /* If we're not connectable only connect devices that we have in
5287 * our pend_le_conns list.
5288 */
49c50922
JH		 5289 params = hci_pend_le_action_lookup(&hdev->pend_le_conns, addr,
5290 addr_type);
4b9e7e75 5291 if (!params)
fd45ada9 5292 return NULL;
4b9e7e75 5293
28a667c9
JP		 5294 if (!params->explicit_connect) {
5295 switch (params->auto_connect) {
5296 case HCI_AUTO_CONN_DIRECT:
5297 /* Only devices advertising with ADV_DIRECT_IND are
5298 * triggering a connection attempt. This is allowing
5299 * incoming connections from slave devices.
5300 */
5301 if (adv_type != LE_ADV_DIRECT_IND)
5302 return NULL;
5303 break;
5304 case HCI_AUTO_CONN_ALWAYS:
5305 /* Devices advertising with ADV_IND or ADV_DIRECT_IND
5306 * are triggering a connection attempt. This means
1e5479be 5307 * that incoming connections from slave device are
28a667c9
JP		 5308 * accepted and also outgoing connections to slave
5309 * devices are established when found.
5310 */
5311 break;
5312 default:
fd45ada9 5313 return NULL;
28a667c9 5314 }
4b9e7e75 5315 }
a4790dbd
AG		 5316
5317 conn = hci_connect_le(hdev, addr, addr_type, BT_SECURITY_LOW,
082f2300
SJ		 5318 HCI_LE_AUTOCONN_TIMEOUT, HCI_ROLE_MASTER,
5319 direct_rpa);
f161dd41 5320 if (!IS_ERR(conn)) {
28a667c9
JP		 5321 /* If HCI_AUTO_CONN_EXPLICIT is set, conn is already owned
5322 * by higher layer that tried to connect, if no then
5323 * store the pointer since we don't really have any
f161dd41
JH		 5324 * other owner of the object besides the params that
5325 * triggered it. This way we can abort the connection if
5326 * the parameters get removed and keep the reference
5327 * count consistent once the connection is established.
5328 */
28a667c9
JP		 5329
5330 if (!params->explicit_connect)
5331 params->conn = hci_conn_get(conn);
5332
fd45ada9 5333 return conn;
f161dd41 5334 }
a4790dbd
AG		 5335
5336 switch (PTR_ERR(conn)) {
5337 case -EBUSY:
5338 /* If hci_connect() returns -EBUSY it means there is already
5339 * an LE connection attempt going on. Since controllers don't
5340 * support more than one connection attempt at the time, we
5341 * don't consider this an error case.
5342 */
5343 break;
5344 default:
5345 BT_DBG("Failed to connect: err %ld", PTR_ERR(conn));
fd45ada9 5346 return NULL;
a4790dbd 5347 }
fd45ada9
AA		 5348
5349 return NULL;
a4790dbd
AG		 5350}
5351
4af605d8 5352static void process_adv_report(struct hci_dev *hdev, u8 type, bdaddr_t *bdaddr,
2f010b55
MH		 5353 u8 bdaddr_type, bdaddr_t *direct_addr,
5354 u8 direct_addr_type, s8 rssi, u8 *data, u8 len)
4af605d8 5355{
b9a6328f 5356 struct discovery_state *d = &hdev->discovery;
1c1abcab 5357 struct smp_irk *irk;
fd45ada9 5358 struct hci_conn *conn;
474ee066 5359 bool match;
c70a7e4c 5360 u32 flags;
6818375e
SJ		 5361 u8 *ptr, real_len;
5362
56b40fbf
JH		 5363 switch (type) {
5364 case LE_ADV_IND:
5365 case LE_ADV_DIRECT_IND:
5366 case LE_ADV_SCAN_IND:
5367 case LE_ADV_NONCONN_IND:
5368 case LE_ADV_SCAN_RSP:
5369 break;
5370 default:
2064ee33
MH		 5371 bt_dev_err_ratelimited(hdev, "unknown advertising packet "
5372 "type: 0x%02x", type);
56b40fbf
JH		 5373 return;
5374 }
5375
6818375e
SJ		 5376 /* Find the end of the data in case the report contains padded zero
5377 * bytes at the end causing an invalid length value.
5378 *
5379 * When data is NULL, len is 0 so there is no need for extra ptr
5380 * check as 'ptr < data + 0' is already false in such case.
5381 */
5382 for (ptr = data; ptr < data + len && *ptr; ptr += *ptr + 1) {
5383 if (ptr + 1 + *ptr > data + len)
5384 break;
5385 }
5386
5387 real_len = ptr - data;
5388
5389 /* Adjust for actual length */
5390 if (len != real_len) {
943d5d92
DU		 5391 bt_dev_err_ratelimited(hdev, "advertising data len corrected %u -> %u",
5392 len, real_len);
6818375e
SJ		 5393 len = real_len;
5394 }
b9a6328f 5395
2f010b55
MH		 5396 /* If the direct address is present, then this report is from
5397 * a LE Direct Advertising Report event. In that case it is
5398 * important to see if the address is matching the local
5399 * controller address.
5400 */
5401 if (direct_addr) {
5402 /* Only resolvable random addresses are valid for these
5403 * kind of reports and others can be ignored.
5404 */
5405 if (!hci_bdaddr_is_rpa(direct_addr, direct_addr_type))
5406 return;
5407
5408 /* If the controller is not using resolvable random
5409 * addresses, then this report can be ignored.
5410 */
d7a5a11d 5411 if (!hci_dev_test_flag(hdev, HCI_PRIVACY))
2f010b55
MH		 5412 return;
5413
5414 /* If the local IRK of the controller does not match
5415 * with the resolvable random address provided, then
5416 * this report can be ignored.
5417 */
5418 if (!smp_irk_matches(hdev, hdev->irk, direct_addr))
5419 return;
5420 }
5421
1c1abcab
JH		 5422 /* Check if we need to convert to identity address */
5423 irk = hci_get_irk(hdev, bdaddr, bdaddr_type);
5424 if (irk) {
5425 bdaddr = &irk->bdaddr;
5426 bdaddr_type = irk->addr_type;
5427 }
5428
082f2300
SJ		 5429 /* Check if we have been requested to connect to this device.
5430 *
5431 * direct_addr is set only for directed advertising reports (it is NULL
5432 * for advertising reports) and is already verified to be RPA above.
5433 */
5434 conn = check_pending_le_conn(hdev, bdaddr, bdaddr_type, type,
5435 direct_addr);
fd45ada9
AA		 5436 if (conn && type == LE_ADV_IND) {
5437 /* Store report for later inclusion by
5438 * mgmt_device_connected
5439 */
5440 memcpy(conn->le_adv_data, data, len);
5441 conn->le_adv_data_len = len;
5442 }
1c1abcab 5443
0d2bf134
JH		 5444 /* Passive scanning shouldn't trigger any device found events,
5445 * except for devices marked as CONN_REPORT for which we do send
8208f5a9 5446 * device found events, or advertisement monitoring requested.
0d2bf134 5447 */
ca5c4be7 5448 if (hdev->le_scan_type == LE_SCAN_PASSIVE) {
0d2bf134
JH		 5449 if (type == LE_ADV_DIRECT_IND)
5450 return;
5451
3a19b6fe 5452 if (!hci_pend_le_action_lookup(&hdev->pend_le_reports,
8208f5a9
MC		 5453 bdaddr, bdaddr_type) &&
5454 idr_is_empty(&hdev->adv_monitors_idr))
0d2bf134
JH		 5455 return;
5456
5457 if (type == LE_ADV_NONCONN_IND || type == LE_ADV_SCAN_IND)
5458 flags = MGMT_DEV_FOUND_NOT_CONNECTABLE;
5459 else
5460 flags = 0;
5461 mgmt_device_found(hdev, bdaddr, LE_LINK, bdaddr_type, NULL,
5462 rssi, flags, data, len, NULL, 0);
97bf2e99 5463 return;
ca5c4be7 5464 }
4af605d8 5465
c70a7e4c
MH		 5466 /* When receiving non-connectable or scannable undirected
5467 * advertising reports, this means that the remote device is
5468 * not connectable and then clearly indicate this in the
5469 * device found event.
5470 *
5471 * When receiving a scan response, then there is no way to
5472 * know if the remote device is connectable or not. However
5473 * since scan responses are merged with a previously seen
5474 * advertising report, the flags field from that report
5475 * will be used.
5476 *
5477 * In the really unlikely case that a controller get confused
5478 * and just sends a scan response event, then it is marked as
5479 * not connectable as well.
5480 */
5481 if (type == LE_ADV_NONCONN_IND || type == LE_ADV_SCAN_IND ||
5482 type == LE_ADV_SCAN_RSP)
5483 flags = MGMT_DEV_FOUND_NOT_CONNECTABLE;
5484 else
5485 flags = 0;
5486
b9a6328f
JH		 5487 /* If there's nothing pending either store the data from this
5488 * event or send an immediate device found event if the data
5489 * should not be stored for later.
5490 */
5491 if (!has_pending_adv_report(hdev)) {
5492 /* If the report will trigger a SCAN_REQ store it for
5493 * later merging.
5494 */
5495 if (type == LE_ADV_IND || type == LE_ADV_SCAN_IND) {
5496 store_pending_adv_report(hdev, bdaddr, bdaddr_type,
c70a7e4c 5497 rssi, flags, data, len);
b9a6328f
JH		 5498 return;
5499 }
5500
5501 mgmt_device_found(hdev, bdaddr, LE_LINK, bdaddr_type, NULL,
c70a7e4c 5502 rssi, flags, data, len, NULL, 0);
b9a6328f
JH		 5503 return;
5504 }
5505
474ee066
JH		 5506 /* Check if the pending report is for the same device as the new one */
5507 match = (!bacmp(bdaddr, &d->last_adv_addr) &&
5508 bdaddr_type == d->last_adv_addr_type);
5509
b9a6328f
JH		 5510 /* If the pending data doesn't match this report or this isn't a
5511 * scan response (e.g. we got a duplicate ADV_IND) then force
5512 * sending of the pending data.
5513 */
474ee066
JH		 5514 if (type != LE_ADV_SCAN_RSP || !match) {
5515 /* Send out whatever is in the cache, but skip duplicates */
5516 if (!match)
5517 mgmt_device_found(hdev, &d->last_adv_addr, LE_LINK,
ff5cd29f 5518 d->last_adv_addr_type, NULL,
c70a7e4c 5519 d->last_adv_rssi, d->last_adv_flags,
ff5cd29f 5520 d->last_adv_data,
474ee066 5521 d->last_adv_data_len, NULL, 0);
b9a6328f
JH		 5522
5523 /* If the new report will trigger a SCAN_REQ store it for
5524 * later merging.
5525 */
5526 if (type == LE_ADV_IND || type == LE_ADV_SCAN_IND) {
5527 store_pending_adv_report(hdev, bdaddr, bdaddr_type,
c70a7e4c 5528 rssi, flags, data, len);
b9a6328f
JH		 5529 return;
5530 }
5531
5532 /* The advertising reports cannot be merged, so clear
5533 * the pending report and send out a device found event.
5534 */
5535 clear_pending_adv_report(hdev);
5c5b93e4 5536 mgmt_device_found(hdev, bdaddr, LE_LINK, bdaddr_type, NULL,
c70a7e4c 5537 rssi, flags, data, len, NULL, 0);
b9a6328f
JH		 5538 return;
5539 }
5540
5541 /* If we get here we've got a pending ADV_IND or ADV_SCAN_IND and
5542 * the new event is a SCAN_RSP. We can therefore proceed with
5543 * sending a merged device found event.
5544 */
5545 mgmt_device_found(hdev, &d->last_adv_addr, LE_LINK,
c70a7e4c 5546 d->last_adv_addr_type, NULL, rssi, d->last_adv_flags,
42bd6a56 5547 d->last_adv_data, d->last_adv_data_len, data, len);
b9a6328f 5548 clear_pending_adv_report(hdev);
4af605d8
JH		 5549}
5550
6039aa73 5551static void hci_le_adv_report_evt(struct hci_dev *hdev, struct sk_buff *skb)
9aa04c91 5552{
e95beb41
AG		 5553 u8 num_reports = skb->data[0];
5554 void *ptr = &skb->data[1];
9aa04c91 5555
a4790dbd
AG		 5556 hci_dev_lock(hdev);
5557
e95beb41
AG		 5558 while (num_reports--) {
5559 struct hci_ev_le_advertising_info *ev = ptr;
4af605d8 5560 s8 rssi;
a4790dbd 5561
ee649346
CC		 5562 if (ev->length <= HCI_MAX_AD_LENGTH) {
5563 rssi = ev->data[ev->length];
5564 process_adv_report(hdev, ev->evt_type, &ev->bdaddr,
5565 ev->bdaddr_type, NULL, 0, rssi,
5566 ev->data, ev->length);
5567 } else {
5568 bt_dev_err(hdev, "Dropping invalid advertising data");
5569 }
3c9e9195 5570
e95beb41 5571 ptr += sizeof(*ev) + ev->length + 1;
9aa04c91 5572 }
a4790dbd
AG		 5573
5574 hci_dev_unlock(hdev);
9aa04c91
AG		 5575}
5576
657cc646 5577static u8 ext_evt_type_to_legacy(struct hci_dev *hdev, u16 evt_type)
b2cc9761
JK		 5578{
5579 if (evt_type & LE_EXT_ADV_LEGACY_PDU) {
5580 switch (evt_type) {
5581 case LE_LEGACY_ADV_IND:
5582 return LE_ADV_IND;
5583 case LE_LEGACY_ADV_DIRECT_IND:
5584 return LE_ADV_DIRECT_IND;
5585 case LE_LEGACY_ADV_SCAN_IND:
5586 return LE_ADV_SCAN_IND;
5587 case LE_LEGACY_NONCONN_IND:
5588 return LE_ADV_NONCONN_IND;
5589 case LE_LEGACY_SCAN_RSP_ADV:
5590 case LE_LEGACY_SCAN_RSP_ADV_SCAN:
5591 return LE_ADV_SCAN_RSP;
5592 }
5593
657cc646 5594 goto invalid;
b2cc9761
JK		 5595 }
5596
5597 if (evt_type & LE_EXT_ADV_CONN_IND) {
5598 if (evt_type & LE_EXT_ADV_DIRECT_IND)
5599 return LE_ADV_DIRECT_IND;
5600
c215e939 5601 return LE_ADV_IND;
b2cc9761
JK		 5602 }
5603
5604 if (evt_type & LE_EXT_ADV_SCAN_RSP)
5605 return LE_ADV_SCAN_RSP;
5606
5607 if (evt_type & LE_EXT_ADV_SCAN_IND)
c215e939 5608 return LE_ADV_SCAN_IND;
b2cc9761
JK		 5609
5610 if (evt_type == LE_EXT_ADV_NON_CONN_IND ||
5611 evt_type & LE_EXT_ADV_DIRECT_IND)
c215e939 5612 return LE_ADV_NONCONN_IND;
c215e939 5613
657cc646
MH		 5614invalid:
5615 bt_dev_err_ratelimited(hdev, "Unknown advertising packet type: 0x%02x",
5616 evt_type);
c215e939
JK		 5617
5618 return LE_ADV_INVALID;
5619}
5620
5621static void hci_le_ext_adv_report_evt(struct hci_dev *hdev, struct sk_buff *skb)
5622{
5623 u8 num_reports = skb->data[0];
5624 void *ptr = &skb->data[1];
5625
5626 hci_dev_lock(hdev);
5627
5628 while (num_reports--) {
5629 struct hci_ev_le_ext_adv_report *ev = ptr;
5630 u8 legacy_evt_type;
5631 u16 evt_type;
5632
5633 evt_type = __le16_to_cpu(ev->evt_type);
657cc646 5634 legacy_evt_type = ext_evt_type_to_legacy(hdev, evt_type);
c215e939
JK		 5635 if (legacy_evt_type != LE_ADV_INVALID) {
5636 process_adv_report(hdev, legacy_evt_type, &ev->bdaddr,
5637 ev->bdaddr_type, NULL, 0, ev->rssi,
5638 ev->data, ev->length);
5639 }
5640
cd9151b6 5641 ptr += sizeof(*ev) + ev->length;
c215e939
JK		 5642 }
5643
5644 hci_dev_unlock(hdev);
5645}
5646
0fe29fd1
MH		 5647static void hci_le_remote_feat_complete_evt(struct hci_dev *hdev,
5648 struct sk_buff *skb)
5649{
5650 struct hci_ev_le_remote_feat_complete *ev = (void *)skb->data;
5651 struct hci_conn *conn;
5652
5653 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
5654
5655 hci_dev_lock(hdev);
5656
5657 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
5658 if (conn) {
5659 if (!ev->status)
5660 memcpy(conn->features[0], ev->features, 8);
5661
5662 if (conn->state == BT_CONFIG) {
5663 __u8 status;
5664
5665 /* If the local controller supports slave-initiated
5666 * features exchange, but the remote controller does
5667 * not, then it is possible that the error code 0x1a
5668 * for unsupported remote feature gets returned.
5669 *
5670 * In this specific case, allow the connection to
5671 * transition into connected state and mark it as
5672 * successful.
5673 */
5674 if ((hdev->le_features[0] & HCI_LE_SLAVE_FEATURES) &&
5675 !conn->out && ev->status == 0x1a)
5676 status = 0x00;
5677 else
5678 status = ev->status;
5679
5680 conn->state = BT_CONNECTED;
5681 hci_connect_cfm(conn, status);
5682 hci_conn_drop(conn);
5683 }
5684 }
5685
5686 hci_dev_unlock(hdev);
5687}
5688
6039aa73 5689static void hci_le_ltk_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
a7a595f6
VCG		 5690{
5691 struct hci_ev_le_ltk_req *ev = (void *) skb->data;
5692 struct hci_cp_le_ltk_reply cp;
bea710fe 5693 struct hci_cp_le_ltk_neg_reply neg;
a7a595f6 5694 struct hci_conn *conn;
c9839a11 5695 struct smp_ltk *ltk;
a7a595f6 5696
9f1db00c 5697 BT_DBG("%s handle 0x%4.4x", hdev->name, __le16_to_cpu(ev->handle));
a7a595f6
VCG		 5698
5699 hci_dev_lock(hdev);
5700
5701 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
bea710fe
VCG		 5702 if (conn == NULL)
5703 goto not_found;
a7a595f6 5704
f3a73d97 5705 ltk = hci_find_ltk(hdev, &conn->dst, conn->dst_type, conn->role);
5378bc56 5706 if (!ltk)
bea710fe
VCG		 5707 goto not_found;
5708
5378bc56
JH		 5709 if (smp_ltk_is_sc(ltk)) {
5710 /* With SC both EDiv and Rand are set to zero */
5711 if (ev->ediv || ev->rand)
5712 goto not_found;
5713 } else {
5714 /* For non-SC keys check that EDiv and Rand match */
5715 if (ev->ediv != ltk->ediv || ev->rand != ltk->rand)
5716 goto not_found;
5717 }
5718
8b76ce34
JH		 5719 memcpy(cp.ltk, ltk->val, ltk->enc_size);
5720 memset(cp.ltk + ltk->enc_size, 0, sizeof(cp.ltk) - ltk->enc_size);
a7a595f6 5721 cp.handle = cpu_to_le16(conn->handle);
c9839a11 5722
a6f7833c 5723 conn->pending_sec_level = smp_ltk_sec_level(ltk);
a7a595f6 5724
89cbb4da 5725 conn->enc_key_size = ltk->enc_size;
a7a595f6
VCG		 5726
5727 hci_send_cmd(hdev, HCI_OP_LE_LTK_REPLY, sizeof(cp), &cp);
5728
5981a882
CT		 5729 /* Ref. Bluetooth Core SPEC pages 1975 and 2004. STK is a
5730 * temporary key used to encrypt a connection following
5731 * pairing. It is used during the Encrypted Session Setup to
5732 * distribute the keys. Later, security can be re-established
5733 * using a distributed LTK.
5734 */
2ceba539 5735 if (ltk->type == SMP_STK) {
fe59a05f 5736 set_bit(HCI_CONN_STK_ENCRYPT, &conn->flags);
970d0f1b
JH		 5737 list_del_rcu(&ltk->list);
5738 kfree_rcu(ltk, rcu);
fe59a05f
JH		 5739 } else {
5740 clear_bit(HCI_CONN_STK_ENCRYPT, &conn->flags);
c9839a11
VCG		 5741 }
5742
a7a595f6 5743 hci_dev_unlock(hdev);
bea710fe
VCG		 5744
5745 return;
5746
5747not_found:
5748 neg.handle = ev->handle;
5749 hci_send_cmd(hdev, HCI_OP_LE_LTK_NEG_REPLY, sizeof(neg), &neg);
5750 hci_dev_unlock(hdev);
a7a595f6
VCG		 5751}
5752
8e75b46a
AG		 5753static void send_conn_param_neg_reply(struct hci_dev *hdev, u16 handle,
5754 u8 reason)
5755{
5756 struct hci_cp_le_conn_param_req_neg_reply cp;
5757
5758 cp.handle = cpu_to_le16(handle);
5759 cp.reason = reason;
5760
5761 hci_send_cmd(hdev, HCI_OP_LE_CONN_PARAM_REQ_NEG_REPLY, sizeof(cp),
5762 &cp);
5763}
5764
5765static void hci_le_remote_conn_param_req_evt(struct hci_dev *hdev,
5766 struct sk_buff *skb)
5767{
5768 struct hci_ev_le_remote_conn_param_req *ev = (void *) skb->data;
5769 struct hci_cp_le_conn_param_req_reply cp;
5770 struct hci_conn *hcon;
5771 u16 handle, min, max, latency, timeout;
5772
5773 handle = le16_to_cpu(ev->handle);
5774 min = le16_to_cpu(ev->interval_min);
5775 max = le16_to_cpu(ev->interval_max);
5776 latency = le16_to_cpu(ev->latency);
5777 timeout = le16_to_cpu(ev->timeout);
5778
5779 hcon = hci_conn_hash_lookup_handle(hdev, handle);
5780 if (!hcon || hcon->state != BT_CONNECTED)
5781 return send_conn_param_neg_reply(hdev, handle,
5782 HCI_ERROR_UNKNOWN_CONN_ID);
5783
5784 if (hci_check_conn_params(min, max, latency, timeout))
5785 return send_conn_param_neg_reply(hdev, handle,
5786 HCI_ERROR_INVALID_LL_PARAMS);
5787
40bef302 5788 if (hcon->role == HCI_ROLE_MASTER) {
348d50b8 5789 struct hci_conn_params *params;
f4869e2a 5790 u8 store_hint;
348d50b8
JH		 5791
5792 hci_dev_lock(hdev);
5793
5794 params = hci_conn_params_lookup(hdev, &hcon->dst,
5795 hcon->dst_type);
5796 if (params) {
5797 params->conn_min_interval = min;
5798 params->conn_max_interval = max;
5799 params->conn_latency = latency;
5800 params->supervision_timeout = timeout;
f4869e2a
JH		 5801 store_hint = 0x01;
5802 } else{
5803 store_hint = 0x00;
348d50b8
JH		 5804 }
5805
5806 hci_dev_unlock(hdev);
5807
f4869e2a
JH		 5808 mgmt_new_conn_param(hdev, &hcon->dst, hcon->dst_type,
5809 store_hint, min, max, latency, timeout);
348d50b8 5810 }
ffb5a827 5811
8e75b46a
AG		 5812 cp.handle = ev->handle;
5813 cp.interval_min = ev->interval_min;
5814 cp.interval_max = ev->interval_max;
5815 cp.latency = ev->latency;
5816 cp.timeout = ev->timeout;
5817 cp.min_ce_len = 0;
5818 cp.max_ce_len = 0;
5819
5820 hci_send_cmd(hdev, HCI_OP_LE_CONN_PARAM_REQ_REPLY, sizeof(cp), &cp);
5821}
5822
2f010b55
MH		 5823static void hci_le_direct_adv_report_evt(struct hci_dev *hdev,
5824 struct sk_buff *skb)
5825{
5826 u8 num_reports = skb->data[0];
5827 void *ptr = &skb->data[1];
5828
5829 hci_dev_lock(hdev);
5830
5831 while (num_reports--) {
5832 struct hci_ev_le_direct_adv_info *ev = ptr;
5833
5834 process_adv_report(hdev, ev->evt_type, &ev->bdaddr,
5835 ev->bdaddr_type, &ev->direct_addr,
5836 ev->direct_addr_type, ev->rssi, NULL, 0);
5837
5838 ptr += sizeof(*ev);
5839 }
5840
5841 hci_dev_unlock(hdev);
5842}
5843
1efd927d
LAD		 5844static void hci_le_phy_update_evt(struct hci_dev *hdev, struct sk_buff *skb)
5845{
5846 struct hci_ev_le_phy_update_complete *ev = (void *) skb->data;
5847 struct hci_conn *conn;
5848
5849 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
5850
5851 if (!ev->status)
5852 return;
5853
5854 hci_dev_lock(hdev);
5855
5856 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
5857 if (!conn)
5858 goto unlock;
5859
5860 conn->le_tx_phy = ev->tx_phy;
5861 conn->le_rx_phy = ev->rx_phy;
5862
5863unlock:
5864 hci_dev_unlock(hdev);
5865}
5866
6039aa73 5867static void hci_le_meta_evt(struct hci_dev *hdev, struct sk_buff *skb)
fcd89c09
VT		 5868{
5869 struct hci_ev_le_meta *le_ev = (void *) skb->data;
5870
5871 skb_pull(skb, sizeof(*le_ev));
5872
5873 switch (le_ev->subevent) {
5874 case HCI_EV_LE_CONN_COMPLETE:
5875 hci_le_conn_complete_evt(hdev, skb);
5876 break;
5877
1855d92d
MH		 5878 case HCI_EV_LE_CONN_UPDATE_COMPLETE:
5879 hci_le_conn_update_complete_evt(hdev, skb);
5880 break;
5881
9aa04c91
AG		 5882 case HCI_EV_LE_ADVERTISING_REPORT:
5883 hci_le_adv_report_evt(hdev, skb);
5884 break;
5885
0fe29fd1
MH		 5886 case HCI_EV_LE_REMOTE_FEAT_COMPLETE:
5887 hci_le_remote_feat_complete_evt(hdev, skb);
5888 break;
5889
a7a595f6
VCG		 5890 case HCI_EV_LE_LTK_REQ:
5891 hci_le_ltk_request_evt(hdev, skb);
5892 break;
5893
8e75b46a
AG		 5894 case HCI_EV_LE_REMOTE_CONN_PARAM_REQ:
5895 hci_le_remote_conn_param_req_evt(hdev, skb);
5896 break;
5897
2f010b55
MH		 5898 case HCI_EV_LE_DIRECT_ADV_REPORT:
5899 hci_le_direct_adv_report_evt(hdev, skb);
5900 break;
5901
1efd927d
LAD		 5902 case HCI_EV_LE_PHY_UPDATE_COMPLETE:
5903 hci_le_phy_update_evt(hdev, skb);
5904 break;
5905
c215e939
JK		 5906 case HCI_EV_LE_EXT_ADV_REPORT:
5907 hci_le_ext_adv_report_evt(hdev, skb);
5908 break;
5909
4d94f95d
JK		 5910 case HCI_EV_LE_ENHANCED_CONN_COMPLETE:
5911 hci_le_enh_conn_complete_evt(hdev, skb);
5912 break;
5913
acf0aeae
JK		 5914 case HCI_EV_LE_EXT_ADV_SET_TERM:
5915 hci_le_ext_adv_term_evt(hdev, skb);
5916 break;
5917
fcd89c09
VT		 5918 default:
5919 break;
5920 }
5921}
5922
757aa0b5
JH		 5923static bool hci_get_cmd_complete(struct hci_dev *hdev, u16 opcode,
5924 u8 event, struct sk_buff *skb)
5925{
5926 struct hci_ev_cmd_complete *ev;
5927 struct hci_event_hdr *hdr;
5928
5929 if (!skb)
5930 return false;
5931
5932 if (skb->len < sizeof(*hdr)) {
2064ee33 5933 bt_dev_err(hdev, "too short HCI event");
757aa0b5
JH		 5934 return false;
5935 }
5936
5937 hdr = (void *) skb->data;
5938 skb_pull(skb, HCI_EVENT_HDR_SIZE);
5939
5940 if (event) {
5941 if (hdr->evt != event)
5942 return false;
5943 return true;
5944 }
5945
1629db9c
JH		 5946 /* Check if request ended in Command Status - no way to retreive
5947 * any extra parameters in this case.
5948 */
5949 if (hdr->evt == HCI_EV_CMD_STATUS)
5950 return false;
5951
757aa0b5 5952 if (hdr->evt != HCI_EV_CMD_COMPLETE) {
2064ee33
MH		 5953 bt_dev_err(hdev, "last event is not cmd complete (0x%2.2x)",
5954 hdr->evt);
757aa0b5
JH		 5955 return false;
5956 }
5957
5958 if (skb->len < sizeof(*ev)) {
2064ee33 5959 bt_dev_err(hdev, "too short cmd_complete event");
757aa0b5
JH		 5960 return false;
5961 }
5962
5963 ev = (void *) skb->data;
5964 skb_pull(skb, sizeof(*ev));
5965
5966 if (opcode != __le16_to_cpu(ev->opcode)) {
5967 BT_DBG("opcode doesn't match (0x%2.2x != 0x%2.2x)", opcode,
5968 __le16_to_cpu(ev->opcode));
5969 return false;
5970 }
5971
5972 return true;
5973}
5974
a9de9248
MH		 5975void hci_event_packet(struct hci_dev *hdev, struct sk_buff *skb)
5976{
5977 struct hci_event_hdr *hdr = (void *) skb->data;
e6214487
JH		 5978 hci_req_complete_t req_complete = NULL;
5979 hci_req_complete_skb_t req_complete_skb = NULL;
5980 struct sk_buff *orig_skb = NULL;
757aa0b5 5981 u8 status = 0, event = hdr->evt, req_evt = 0;
e6214487 5982 u16 opcode = HCI_OP_NOP;
a9de9248 5983
08bb4da9
AM		 5984 if (!event) {
5985 bt_dev_warn(hdev, "Received unexpected HCI Event 00000000");
5986 goto done;
5987 }
5988
242c0ebd 5989 if (hdev->sent_cmd && bt_cb(hdev->sent_cmd)->hci.req_event == event) {
c1f23a2b 5990 struct hci_command_hdr *cmd_hdr = (void *) hdev->sent_cmd->data;
e6214487
JH		 5991 opcode = __le16_to_cpu(cmd_hdr->opcode);
5992 hci_req_cmd_complete(hdev, opcode, status, &req_complete,
5993 &req_complete_skb);
757aa0b5 5994 req_evt = event;
02350a72
JH		 5995 }
5996
e6214487
JH		 5997 /* If it looks like we might end up having to call
5998 * req_complete_skb, store a pristine copy of the skb since the
5999 * various handlers may modify the original one through
6000 * skb_pull() calls, etc.
6001 */
6002 if (req_complete_skb || event == HCI_EV_CMD_STATUS ||
6003 event == HCI_EV_CMD_COMPLETE)
6004 orig_skb = skb_clone(skb, GFP_KERNEL);
6005
6006 skb_pull(skb, HCI_EVENT_HDR_SIZE);
6007
a9de9248 6008 switch (event) {
1da177e4
LT		 6009 case HCI_EV_INQUIRY_COMPLETE:
6010 hci_inquiry_complete_evt(hdev, skb);
6011 break;
6012
6013 case HCI_EV_INQUIRY_RESULT:
6014 hci_inquiry_result_evt(hdev, skb);
6015 break;
6016
a9de9248
MH		 6017 case HCI_EV_CONN_COMPLETE:
6018 hci_conn_complete_evt(hdev, skb);
21d9e30e
MH		 6019 break;
6020
1da177e4
LT		 6021 case HCI_EV_CONN_REQUEST:
6022 hci_conn_request_evt(hdev, skb);
6023 break;
6024
1da177e4
LT		 6025 case HCI_EV_DISCONN_COMPLETE:
6026 hci_disconn_complete_evt(hdev, skb);
6027 break;
6028
1da177e4
LT		 6029 case HCI_EV_AUTH_COMPLETE:
6030 hci_auth_complete_evt(hdev, skb);
6031 break;
6032
a9de9248
MH		 6033 case HCI_EV_REMOTE_NAME:
6034 hci_remote_name_evt(hdev, skb);
6035 break;
6036
1da177e4
LT		 6037 case HCI_EV_ENCRYPT_CHANGE:
6038 hci_encrypt_change_evt(hdev, skb);
6039 break;
6040
a9de9248
MH		 6041 case HCI_EV_CHANGE_LINK_KEY_COMPLETE:
6042 hci_change_link_key_complete_evt(hdev, skb);
6043 break;
6044
6045 case HCI_EV_REMOTE_FEATURES:
6046 hci_remote_features_evt(hdev, skb);
6047 break;
6048
a9de9248 6049 case HCI_EV_CMD_COMPLETE:
e6214487
JH		 6050 hci_cmd_complete_evt(hdev, skb, &opcode, &status,
6051 &req_complete, &req_complete_skb);
a9de9248
MH		 6052 break;
6053
6054 case HCI_EV_CMD_STATUS:
e6214487
JH		 6055 hci_cmd_status_evt(hdev, skb, &opcode, &status, &req_complete,
6056 &req_complete_skb);
a9de9248
MH		 6057 break;
6058
24dfa343
MH		 6059 case HCI_EV_HARDWARE_ERROR:
6060 hci_hardware_error_evt(hdev, skb);
6061 break;
6062
a9de9248
MH		 6063 case HCI_EV_ROLE_CHANGE:
6064 hci_role_change_evt(hdev, skb);
6065 break;
6066
6067 case HCI_EV_NUM_COMP_PKTS:
6068 hci_num_comp_pkts_evt(hdev, skb);
6069 break;
6070
6071 case HCI_EV_MODE_CHANGE:
6072 hci_mode_change_evt(hdev, skb);
1da177e4
LT		 6073 break;
6074
6075 case HCI_EV_PIN_CODE_REQ:
6076 hci_pin_code_request_evt(hdev, skb);
6077 break;
6078
6079 case HCI_EV_LINK_KEY_REQ:
6080 hci_link_key_request_evt(hdev, skb);
6081 break;
6082
6083 case HCI_EV_LINK_KEY_NOTIFY:
6084 hci_link_key_notify_evt(hdev, skb);
6085 break;
6086
6087 case HCI_EV_CLOCK_OFFSET:
6088 hci_clock_offset_evt(hdev, skb);
6089 break;
6090
a8746417
MH		 6091 case HCI_EV_PKT_TYPE_CHANGE:
6092 hci_pkt_type_change_evt(hdev, skb);
6093 break;
6094
85a1e930
MH		 6095 case HCI_EV_PSCAN_REP_MODE:
6096 hci_pscan_rep_mode_evt(hdev, skb);
6097 break;
6098
a9de9248
MH		 6099 case HCI_EV_INQUIRY_RESULT_WITH_RSSI:
6100 hci_inquiry_result_with_rssi_evt(hdev, skb);
04837f64
MH		 6101 break;
6102
a9de9248
MH		 6103 case HCI_EV_REMOTE_EXT_FEATURES:
6104 hci_remote_ext_features_evt(hdev, skb);
1da177e4
LT		 6105 break;
6106
a9de9248
MH		 6107 case HCI_EV_SYNC_CONN_COMPLETE:
6108 hci_sync_conn_complete_evt(hdev, skb);
6109 break;
1da177e4 6110
a9de9248
MH		 6111 case HCI_EV_EXTENDED_INQUIRY_RESULT:
6112 hci_extended_inquiry_result_evt(hdev, skb);
6113 break;
1da177e4 6114
1c2e0041
JH		 6115 case HCI_EV_KEY_REFRESH_COMPLETE:
6116 hci_key_refresh_complete_evt(hdev, skb);
6117 break;
6118
0493684e
MH		 6119 case HCI_EV_IO_CAPA_REQUEST:
6120 hci_io_capa_request_evt(hdev, skb);
6121 break;
6122
03b555e1
JH		 6123 case HCI_EV_IO_CAPA_REPLY:
6124 hci_io_capa_reply_evt(hdev, skb);
6125 break;
6126
a5c29683
JH		 6127 case HCI_EV_USER_CONFIRM_REQUEST:
6128 hci_user_confirm_request_evt(hdev, skb);
6129 break;
6130
1143d458
BG		 6131 case HCI_EV_USER_PASSKEY_REQUEST:
6132 hci_user_passkey_request_evt(hdev, skb);
6133 break;
6134
92a25256
JH		 6135 case HCI_EV_USER_PASSKEY_NOTIFY:
6136 hci_user_passkey_notify_evt(hdev, skb);
6137 break;
6138
6139 case HCI_EV_KEYPRESS_NOTIFY:
6140 hci_keypress_notify_evt(hdev, skb);
6141 break;
6142
0493684e
MH		 6143 case HCI_EV_SIMPLE_PAIR_COMPLETE:
6144 hci_simple_pair_complete_evt(hdev, skb);
6145 break;
6146
41a96212
MH		 6147 case HCI_EV_REMOTE_HOST_FEATURES:
6148 hci_remote_host_features_evt(hdev, skb);
6149 break;
6150
fcd89c09
VT		 6151 case HCI_EV_LE_META:
6152 hci_le_meta_evt(hdev, skb);
6153 break;
6154
2763eda6
SJ		 6155 case HCI_EV_REMOTE_OOB_DATA_REQUEST:
6156 hci_remote_oob_data_request_evt(hdev, skb);
6157 break;
6158
a77a6a14
AW		 6159#if IS_ENABLED(CONFIG_BT_HS)
6160 case HCI_EV_CHANNEL_SELECTED:
6161 hci_chan_selected_evt(hdev, skb);
6162 break;
6163
d5e91192
AE		 6164 case HCI_EV_PHY_LINK_COMPLETE:
6165 hci_phy_link_complete_evt(hdev, skb);
6166 break;
6167
27695fb4
AE		 6168 case HCI_EV_LOGICAL_LINK_COMPLETE:
6169 hci_loglink_complete_evt(hdev, skb);
6170 break;
6171
606e2a10
AE		 6172 case HCI_EV_DISCONN_LOGICAL_LINK_COMPLETE:
6173 hci_disconn_loglink_complete_evt(hdev, skb);
6174 break;
6175
9eef6b3a
AE		 6176 case HCI_EV_DISCONN_PHY_LINK_COMPLETE:
6177 hci_disconn_phylink_complete_evt(hdev, skb);
6178 break;
a77a6a14 6179#endif
9eef6b3a 6180
25e89e99
AE		 6181 case HCI_EV_NUM_COMP_BLOCKS:
6182 hci_num_comp_blocks_evt(hdev, skb);
6183 break;
6184
145373cb
MC		 6185 case HCI_EV_VENDOR:
6186 msft_vendor_evt(hdev, skb);
6187 break;
6188
a9de9248 6189 default:
9f1db00c 6190 BT_DBG("%s event 0x%2.2x", hdev->name, event);
1da177e4
LT		 6191 break;
6192 }
6193
757aa0b5 6194 if (req_complete) {
e6214487 6195 req_complete(hdev, status, opcode);
757aa0b5
JH		 6196 } else if (req_complete_skb) {
6197 if (!hci_get_cmd_complete(hdev, opcode, req_evt, orig_skb)) {
6198 kfree_skb(orig_skb);
6199 orig_skb = NULL;
6200 }
e6214487 6201 req_complete_skb(hdev, status, opcode, orig_skb);
757aa0b5 6202 }
e6214487 6203
08bb4da9 6204done:
e6214487 6205 kfree_skb(orig_skb);
1da177e4
LT		 6206 kfree_skb(skb);
6207 hdev->stat.evt_rx++;
6208}
Linux 6.x block layer and io_uring tree(s)