projects / linux-2.6-block.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Bluetooth: use inclusive language to describe CPB
[linux-2.6-block.git] / net / bluetooth / hci_event.c
CommitLineData
8e87d142 1/*
1da177e4 2 BlueZ - Bluetooth protocol stack for Linux
2d0a0346 3 Copyright (c) 2000-2001, 2010, Code Aurora Forum. All rights reserved.
1da177e4
LT		 4
5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
8e87d142
YH		 15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
1da177e4
LT		 18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
8e87d142
YH		 20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
1da177e4
LT		 22 SOFTWARE IS DISCLAIMED.
23*/
24
25/* Bluetooth HCI event handling. */
26
1da177e4
LT		 27#include <asm/unaligned.h>
28
29#include <net/bluetooth/bluetooth.h>
30#include <net/bluetooth/hci_core.h>
f0d6a0ea 31#include <net/bluetooth/mgmt.h>
7ef9fbf0 32
0857dd3b 33#include "hci_request.h"
23b9ceb7 34#include "hci_debugfs.h"
7024728e 35#include "a2mp.h"
7ef9fbf0 36#include "amp.h"
2ceba539 37#include "smp.h"
145373cb 38#include "msft.h"
1da177e4 39
aa5b0345
MH		 40#define ZERO_KEY "\x00\x00\x00\x00\x00\x00\x00\x00" \
41 "\x00\x00\x00\x00\x00\x00\x00\x00"
42
1da177e4
LT		 43/* Handle HCI Event packets */
44
adf1d692
SS		 45static void hci_cc_inquiry_cancel(struct hci_dev *hdev, struct sk_buff *skb,
46 u8 *new_status)
1da177e4 47{
a9de9248 48 __u8 status = *((__u8 *) skb->data);
1da177e4 49
9f1db00c 50 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1da177e4 51
adf1d692
SS		 52 /* It is possible that we receive Inquiry Complete event right
53 * before we receive Inquiry Cancel Command Complete event, in
54 * which case the latter event should have status of Command
55 * Disallowed (0x0c). This should not be treated as error, since
56 * we actually achieve what Inquiry Cancel wants to achieve,
57 * which is to end the last Inquiry session.
58 */
59 if (status == 0x0c && !test_bit(HCI_INQUIRY, &hdev->flags)) {
60 bt_dev_warn(hdev, "Ignoring error of Inquiry Cancel command");
61 status = 0x00;
62 }
63
64 *new_status = status;
65
82f4785c 66 if (status)
a9de9248 67 return;
1da177e4 68
89352e7d 69 clear_bit(HCI_INQUIRY, &hdev->flags);
4e857c58 70 smp_mb__after_atomic(); /* wake_up_bit advises about this barrier */
3e13fa1e 71 wake_up_bit(&hdev->flags, HCI_INQUIRY);
89352e7d 72
50143a43 73 hci_dev_lock(hdev);
168b8a25
JP		 74 /* Set discovery state to stopped if we're not doing LE active
75 * scanning.
76 */
77 if (!hci_dev_test_flag(hdev, HCI_LE_SCAN) ||
78 hdev->le_scan_type != LE_SCAN_ACTIVE)
79 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
50143a43
JH		 80 hci_dev_unlock(hdev);
81
a9de9248
MH		 82 hci_conn_check_pending(hdev);
83}
6bd57416 84
4d93483b
AG		 85static void hci_cc_periodic_inq(struct hci_dev *hdev, struct sk_buff *skb)
86{
87 __u8 status = *((__u8 *) skb->data);
88
9f1db00c 89 BT_DBG("%s status 0x%2.2x", hdev->name, status);
ae854a70
AG		 90
91 if (status)
92 return;
93
a1536da2 94 hci_dev_set_flag(hdev, HCI_PERIODIC_INQ);
4d93483b
AG		 95}
96
a9de9248
MH		 97static void hci_cc_exit_periodic_inq(struct hci_dev *hdev, struct sk_buff *skb)
98{
99 __u8 status = *((__u8 *) skb->data);
6bd57416 100
9f1db00c 101 BT_DBG("%s status 0x%2.2x", hdev->name, status);
6bd57416 102
a9de9248
MH		 103 if (status)
104 return;
1da177e4 105
a358dc11 106 hci_dev_clear_flag(hdev, HCI_PERIODIC_INQ);
ae854a70 107
a9de9248
MH		 108 hci_conn_check_pending(hdev);
109}
110
807deac2
GP		 111static void hci_cc_remote_name_req_cancel(struct hci_dev *hdev,
112 struct sk_buff *skb)
a9de9248
MH		 113{
114 BT_DBG("%s", hdev->name);
115}
116
117static void hci_cc_role_discovery(struct hci_dev *hdev, struct sk_buff *skb)
118{
119 struct hci_rp_role_discovery *rp = (void *) skb->data;
120 struct hci_conn *conn;
121
9f1db00c 122 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
a9de9248
MH		 123
124 if (rp->status)
125 return;
126
127 hci_dev_lock(hdev);
128
129 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
40bef302
JH		 130 if (conn)
131 conn->role = rp->role;
a9de9248
MH		 132
133 hci_dev_unlock(hdev);
1da177e4
LT		 134}
135
e4e8e37c
MH		 136static void hci_cc_read_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
137{
138 struct hci_rp_read_link_policy *rp = (void *) skb->data;
139 struct hci_conn *conn;
140
9f1db00c 141 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
e4e8e37c
MH		 142
143 if (rp->status)
144 return;
145
146 hci_dev_lock(hdev);
147
148 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
149 if (conn)
150 conn->link_policy = __le16_to_cpu(rp->policy);
151
152 hci_dev_unlock(hdev);
153}
154
a9de9248 155static void hci_cc_write_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 156{
a9de9248 157 struct hci_rp_write_link_policy *rp = (void *) skb->data;
1da177e4 158 struct hci_conn *conn;
04837f64 159 void *sent;
1da177e4 160
9f1db00c 161 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1da177e4 162
a9de9248
MH		 163 if (rp->status)
164 return;
1da177e4 165
a9de9248
MH		 166 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LINK_POLICY);
167 if (!sent)
168 return;
1da177e4 169
a9de9248 170 hci_dev_lock(hdev);
1da177e4 171
a9de9248 172 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
e4e8e37c 173 if (conn)
83985319 174 conn->link_policy = get_unaligned_le16(sent + 2);
1da177e4 175
a9de9248
MH		 176 hci_dev_unlock(hdev);
177}
1da177e4 178
807deac2
GP		 179static void hci_cc_read_def_link_policy(struct hci_dev *hdev,
180 struct sk_buff *skb)
e4e8e37c
MH		 181{
182 struct hci_rp_read_def_link_policy *rp = (void *) skb->data;
183
9f1db00c 184 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
e4e8e37c
MH		 185
186 if (rp->status)
187 return;
188
189 hdev->link_policy = __le16_to_cpu(rp->policy);
190}
191
807deac2
GP		 192static void hci_cc_write_def_link_policy(struct hci_dev *hdev,
193 struct sk_buff *skb)
e4e8e37c
MH		 194{
195 __u8 status = *((__u8 *) skb->data);
196 void *sent;
197
9f1db00c 198 BT_DBG("%s status 0x%2.2x", hdev->name, status);
e4e8e37c 199
45296acd
MH		 200 if (status)
201 return;
202
e4e8e37c
MH		 203 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_DEF_LINK_POLICY);
204 if (!sent)
205 return;
206
45296acd 207 hdev->link_policy = get_unaligned_le16(sent);
e4e8e37c
MH		 208}
209
a9de9248
MH		 210static void hci_cc_reset(struct hci_dev *hdev, struct sk_buff *skb)
211{
212 __u8 status = *((__u8 *) skb->data);
04837f64 213
9f1db00c 214 BT_DBG("%s status 0x%2.2x", hdev->name, status);
04837f64 215
10572132
GP		 216 clear_bit(HCI_RESET, &hdev->flags);
217
8761f9d6
MH		 218 if (status)
219 return;
220
a297e97c 221 /* Reset all non-persistent flags */
eacb44df 222 hci_dev_clear_volatile_flags(hdev);
69775ff6 223
39c5d970
JH		 224 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
225
bbaf444a
JH		 226 hdev->inq_tx_power = HCI_TX_POWER_INVALID;
227 hdev->adv_tx_power = HCI_TX_POWER_INVALID;
3f0f524b
JH		 228
229 memset(hdev->adv_data, 0, sizeof(hdev->adv_data));
230 hdev->adv_data_len = 0;
f8e808bd
MH		 231
232 memset(hdev->scan_rsp_data, 0, sizeof(hdev->scan_rsp_data));
233 hdev->scan_rsp_data_len = 0;
06f5b778 234
533553f8
MH		 235 hdev->le_scan_type = LE_SCAN_PASSIVE;
236
06f5b778 237 hdev->ssp_debug_mode = 0;
a4d5504d
MH		 238
239 hci_bdaddr_list_clear(&hdev->le_white_list);
cfdb0c2d 240 hci_bdaddr_list_clear(&hdev->le_resolv_list);
a9de9248 241}
04837f64 242
c2f0f979
MH		 243static void hci_cc_read_stored_link_key(struct hci_dev *hdev,
244 struct sk_buff *skb)
245{
246 struct hci_rp_read_stored_link_key *rp = (void *)skb->data;
247 struct hci_cp_read_stored_link_key *sent;
248
249 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
250
251 sent = hci_sent_cmd_data(hdev, HCI_OP_READ_STORED_LINK_KEY);
252 if (!sent)
253 return;
254
255 if (!rp->status && sent->read_all == 0x01) {
256 hdev->stored_max_keys = rp->max_keys;
257 hdev->stored_num_keys = rp->num_keys;
258 }
259}
260
a9366120
MH		 261static void hci_cc_delete_stored_link_key(struct hci_dev *hdev,
262 struct sk_buff *skb)
263{
264 struct hci_rp_delete_stored_link_key *rp = (void *)skb->data;
265
266 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
267
268 if (rp->status)
269 return;
270
271 if (rp->num_keys <= hdev->stored_num_keys)
272 hdev->stored_num_keys -= rp->num_keys;
273 else
274 hdev->stored_num_keys = 0;
275}
276
a9de9248
MH		 277static void hci_cc_write_local_name(struct hci_dev *hdev, struct sk_buff *skb)
278{
279 __u8 status = *((__u8 *) skb->data);
280 void *sent;
04837f64 281
9f1db00c 282 BT_DBG("%s status 0x%2.2x", hdev->name, status);
04837f64 283
a9de9248
MH		 284 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LOCAL_NAME);
285 if (!sent)
286 return;
04837f64 287
56e5cb86
JH		 288 hci_dev_lock(hdev);
289
d7a5a11d 290 if (hci_dev_test_flag(hdev, HCI_MGMT))
f51d5b24 291 mgmt_set_local_name_complete(hdev, sent, status);
28cc7bde
JH		 292 else if (!status)
293 memcpy(hdev->dev_name, sent, HCI_MAX_NAME_LENGTH);
f51d5b24 294
56e5cb86 295 hci_dev_unlock(hdev);
a9de9248
MH		 296}
297
298static void hci_cc_read_local_name(struct hci_dev *hdev, struct sk_buff *skb)
299{
300 struct hci_rp_read_local_name *rp = (void *) skb->data;
301
9f1db00c 302 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
a9de9248
MH		 303
304 if (rp->status)
305 return;
306
d7a5a11d
MH		 307 if (hci_dev_test_flag(hdev, HCI_SETUP) ||
308 hci_dev_test_flag(hdev, HCI_CONFIG))
db99b5fc 309 memcpy(hdev->dev_name, rp->name, HCI_MAX_NAME_LENGTH);
a9de9248
MH		 310}
311
312static void hci_cc_write_auth_enable(struct hci_dev *hdev, struct sk_buff *skb)
313{
314 __u8 status = *((__u8 *) skb->data);
315 void *sent;
316
9f1db00c 317 BT_DBG("%s status 0x%2.2x", hdev->name, status);
a9de9248
MH		 318
319 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_AUTH_ENABLE);
320 if (!sent)
321 return;
322
5c1a4c8f
JK		 323 hci_dev_lock(hdev);
324
a9de9248
MH		 325 if (!status) {
326 __u8 param = *((__u8 *) sent);
327
328 if (param == AUTH_ENABLED)
329 set_bit(HCI_AUTH, &hdev->flags);
330 else
331 clear_bit(HCI_AUTH, &hdev->flags);
1da177e4 332 }
a9de9248 333
d7a5a11d 334 if (hci_dev_test_flag(hdev, HCI_MGMT))
33ef95ed 335 mgmt_auth_enable_complete(hdev, status);
5c1a4c8f
JK		 336
337 hci_dev_unlock(hdev);
1da177e4
LT		 338}
339
a9de9248 340static void hci_cc_write_encrypt_mode(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 341{
a9de9248 342 __u8 status = *((__u8 *) skb->data);
45296acd 343 __u8 param;
1da177e4
LT		 344 void *sent;
345
9f1db00c 346 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1da177e4 347
45296acd
MH		 348 if (status)
349 return;
350
a9de9248
MH		 351 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_ENCRYPT_MODE);
352 if (!sent)
353 return;
1da177e4 354
45296acd 355 param = *((__u8 *) sent);
a9de9248 356
45296acd
MH		 357 if (param)
358 set_bit(HCI_ENCRYPT, &hdev->flags);
359 else
360 clear_bit(HCI_ENCRYPT, &hdev->flags);
a9de9248 361}
1da177e4 362
a9de9248
MH		 363static void hci_cc_write_scan_enable(struct hci_dev *hdev, struct sk_buff *skb)
364{
45296acd
MH		 365 __u8 status = *((__u8 *) skb->data);
366 __u8 param;
a9de9248 367 void *sent;
1da177e4 368
9f1db00c 369 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1da177e4 370
a9de9248
MH		 371 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SCAN_ENABLE);
372 if (!sent)
373 return;
1da177e4 374
36f7fc7e
JH		 375 param = *((__u8 *) sent);
376
56e5cb86
JH		 377 hci_dev_lock(hdev);
378
fa1bd918 379 if (status) {
2d7cee58
JH		 380 hdev->discov_timeout = 0;
381 goto done;
382 }
383
bc6d2d04 384 if (param & SCAN_INQUIRY)
36f7fc7e 385 set_bit(HCI_ISCAN, &hdev->flags);
bc6d2d04
JH		 386 else
387 clear_bit(HCI_ISCAN, &hdev->flags);
36f7fc7e 388
031547d8 389 if (param & SCAN_PAGE)
36f7fc7e 390 set_bit(HCI_PSCAN, &hdev->flags);
bc6d2d04 391 else
204e3990 392 clear_bit(HCI_PSCAN, &hdev->flags);
1da177e4 393
36f7fc7e 394done:
56e5cb86 395 hci_dev_unlock(hdev);
a9de9248 396}
1da177e4 397
e5b0ad69
APS		 398static void hci_cc_set_event_filter(struct hci_dev *hdev, struct sk_buff *skb)
399{
400 __u8 status = *((__u8 *)skb->data);
401 struct hci_cp_set_event_filter *cp;
402 void *sent;
403
404 BT_DBG("%s status 0x%2.2x", hdev->name, status);
405
406 if (status)
407 return;
408
409 sent = hci_sent_cmd_data(hdev, HCI_OP_SET_EVENT_FLT);
410 if (!sent)
411 return;
412
413 cp = (struct hci_cp_set_event_filter *)sent;
414
415 if (cp->flt_type == HCI_FLT_CLEAR_ALL)
416 hci_dev_clear_flag(hdev, HCI_EVENT_FILTER_CONFIGURED);
417 else
418 hci_dev_set_flag(hdev, HCI_EVENT_FILTER_CONFIGURED);
419}
420
a9de9248
MH		 421static void hci_cc_read_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
422{
423 struct hci_rp_read_class_of_dev *rp = (void *) skb->data;
1da177e4 424
9f1db00c 425 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1da177e4 426
a9de9248
MH		 427 if (rp->status)
428 return;
1da177e4 429
a9de9248 430 memcpy(hdev->dev_class, rp->dev_class, 3);
1da177e4 431
a9de9248 432 BT_DBG("%s class 0x%.2x%.2x%.2x", hdev->name,
807deac2 433 hdev->dev_class[2], hdev->dev_class[1], hdev->dev_class[0]);
a9de9248 434}
1da177e4 435
a9de9248
MH		 436static void hci_cc_write_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
437{
438 __u8 status = *((__u8 *) skb->data);
439 void *sent;
1da177e4 440
9f1db00c 441 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1da177e4 442
a9de9248
MH		 443 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_CLASS_OF_DEV);
444 if (!sent)
445 return;
1da177e4 446
7f9a903c
MH		 447 hci_dev_lock(hdev);
448
449 if (status == 0)
450 memcpy(hdev->dev_class, sent, 3);
451
d7a5a11d 452 if (hci_dev_test_flag(hdev, HCI_MGMT))
7f9a903c
MH		 453 mgmt_set_class_of_dev_complete(hdev, sent, status);
454
455 hci_dev_unlock(hdev);
a9de9248 456}
1da177e4 457
a9de9248
MH		 458static void hci_cc_read_voice_setting(struct hci_dev *hdev, struct sk_buff *skb)
459{
460 struct hci_rp_read_voice_setting *rp = (void *) skb->data;
461 __u16 setting;
462
9f1db00c 463 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
a9de9248
MH		 464
465 if (rp->status)
466 return;
467
468 setting = __le16_to_cpu(rp->voice_setting);
469
f383f275 470 if (hdev->voice_setting == setting)
a9de9248
MH		 471 return;
472
473 hdev->voice_setting = setting;
474
9f1db00c 475 BT_DBG("%s voice setting 0x%4.4x", hdev->name, setting);
a9de9248 476
3c54711c 477 if (hdev->notify)
a9de9248 478 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
a9de9248
MH		 479}
480
8fc9ced3
GP		 481static void hci_cc_write_voice_setting(struct hci_dev *hdev,
482 struct sk_buff *skb)
a9de9248
MH		 483{
484 __u8 status = *((__u8 *) skb->data);
f383f275 485 __u16 setting;
a9de9248
MH		 486 void *sent;
487
9f1db00c 488 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1da177e4 489
f383f275
MH		 490 if (status)
491 return;
492
a9de9248
MH		 493 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_VOICE_SETTING);
494 if (!sent)
495 return;
1da177e4 496
f383f275 497 setting = get_unaligned_le16(sent);
1da177e4 498
f383f275
MH		 499 if (hdev->voice_setting == setting)
500 return;
501
502 hdev->voice_setting = setting;
1da177e4 503
9f1db00c 504 BT_DBG("%s voice setting 0x%4.4x", hdev->name, setting);
1da177e4 505
3c54711c 506 if (hdev->notify)
f383f275 507 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
1da177e4
LT		 508}
509
b4cb9fb2
MH		 510static void hci_cc_read_num_supported_iac(struct hci_dev *hdev,
511 struct sk_buff *skb)
512{
513 struct hci_rp_read_num_supported_iac *rp = (void *) skb->data;
514
515 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
516
517 if (rp->status)
518 return;
519
520 hdev->num_iac = rp->num_iac;
521
522 BT_DBG("%s num iac %d", hdev->name, hdev->num_iac);
523}
524
333140b5
MH		 525static void hci_cc_write_ssp_mode(struct hci_dev *hdev, struct sk_buff *skb)
526{
527 __u8 status = *((__u8 *) skb->data);
5ed8eb2f 528 struct hci_cp_write_ssp_mode *sent;
333140b5 529
9f1db00c 530 BT_DBG("%s status 0x%2.2x", hdev->name, status);
333140b5 531
333140b5
MH		 532 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SSP_MODE);
533 if (!sent)
534 return;
535
5c1a4c8f
JK		 536 hci_dev_lock(hdev);
537
5ed8eb2f
JH		 538 if (!status) {
539 if (sent->mode)
cad718ed 540 hdev->features[1][0] |= LMP_HOST_SSP;
5ed8eb2f 541 else
cad718ed 542 hdev->features[1][0] &= ~LMP_HOST_SSP;
5ed8eb2f
JH		 543 }
544
d7a5a11d 545 if (hci_dev_test_flag(hdev, HCI_MGMT))
5ed8eb2f 546 mgmt_ssp_enable_complete(hdev, sent->mode, status);
c0ecddc2 547 else if (!status) {
5ed8eb2f 548 if (sent->mode)
a1536da2 549 hci_dev_set_flag(hdev, HCI_SSP_ENABLED);
c0ecddc2 550 else
a358dc11 551 hci_dev_clear_flag(hdev, HCI_SSP_ENABLED);
c0ecddc2 552 }
5c1a4c8f
JK		 553
554 hci_dev_unlock(hdev);
333140b5
MH		 555}
556
eac83dc6
MH		 557static void hci_cc_write_sc_support(struct hci_dev *hdev, struct sk_buff *skb)
558{
559 u8 status = *((u8 *) skb->data);
560 struct hci_cp_write_sc_support *sent;
561
562 BT_DBG("%s status 0x%2.2x", hdev->name, status);
563
564 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SC_SUPPORT);
565 if (!sent)
566 return;
567
5c1a4c8f
JK		 568 hci_dev_lock(hdev);
569
eac83dc6
MH		 570 if (!status) {
571 if (sent->support)
572 hdev->features[1][0] |= LMP_HOST_SC;
573 else
574 hdev->features[1][0] &= ~LMP_HOST_SC;
575 }
576
d7a5a11d 577 if (!hci_dev_test_flag(hdev, HCI_MGMT) && !status) {
eac83dc6 578 if (sent->support)
a1536da2 579 hci_dev_set_flag(hdev, HCI_SC_ENABLED);
eac83dc6 580 else
a358dc11 581 hci_dev_clear_flag(hdev, HCI_SC_ENABLED);
eac83dc6 582 }
5c1a4c8f
JK		 583
584 hci_dev_unlock(hdev);
eac83dc6
MH		 585}
586
a9de9248
MH		 587static void hci_cc_read_local_version(struct hci_dev *hdev, struct sk_buff *skb)
588{
589 struct hci_rp_read_local_version *rp = (void *) skb->data;
1143e5a6 590
9f1db00c 591 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1143e5a6 592
a9de9248 593 if (rp->status)
42c6b129 594 return;
1143e5a6 595
d7a5a11d
MH		 596 if (hci_dev_test_flag(hdev, HCI_SETUP) ||
597 hci_dev_test_flag(hdev, HCI_CONFIG)) {
0d5551f5
MH		 598 hdev->hci_ver = rp->hci_ver;
599 hdev->hci_rev = __le16_to_cpu(rp->hci_rev);
600 hdev->lmp_ver = rp->lmp_ver;
601 hdev->manufacturer = __le16_to_cpu(rp->manufacturer);
602 hdev->lmp_subver = __le16_to_cpu(rp->lmp_subver);
603 }
d5859e22
JH		 604}
605
8fc9ced3
GP		 606static void hci_cc_read_local_commands(struct hci_dev *hdev,
607 struct sk_buff *skb)
a9de9248
MH		 608{
609 struct hci_rp_read_local_commands *rp = (void *) skb->data;
1da177e4 610
9f1db00c 611 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1da177e4 612
6a070e6e
MH		 613 if (rp->status)
614 return;
615
d7a5a11d
MH		 616 if (hci_dev_test_flag(hdev, HCI_SETUP) ||
617 hci_dev_test_flag(hdev, HCI_CONFIG))
2177bab5 618 memcpy(hdev->commands, rp->commands, sizeof(hdev->commands));
a9de9248 619}
1da177e4 620
302975cb
SRK		 621static void hci_cc_read_auth_payload_timeout(struct hci_dev *hdev,
622 struct sk_buff *skb)
623{
624 struct hci_rp_read_auth_payload_to *rp = (void *)skb->data;
625 struct hci_conn *conn;
626
627 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
628
629 if (rp->status)
630 return;
631
632 hci_dev_lock(hdev);
633
634 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
635 if (conn)
636 conn->auth_payload_timeout = __le16_to_cpu(rp->timeout);
637
638 hci_dev_unlock(hdev);
639}
640
641static void hci_cc_write_auth_payload_timeout(struct hci_dev *hdev,
642 struct sk_buff *skb)
643{
644 struct hci_rp_write_auth_payload_to *rp = (void *)skb->data;
645 struct hci_conn *conn;
646 void *sent;
647
648 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
649
650 if (rp->status)
651 return;
652
653 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_AUTH_PAYLOAD_TO);
654 if (!sent)
655 return;
656
657 hci_dev_lock(hdev);
658
659 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
660 if (conn)
661 conn->auth_payload_timeout = get_unaligned_le16(sent + 2);
662
663 hci_dev_unlock(hdev);
664}
665
8fc9ced3
GP		 666static void hci_cc_read_local_features(struct hci_dev *hdev,
667 struct sk_buff *skb)
a9de9248
MH		 668{
669 struct hci_rp_read_local_features *rp = (void *) skb->data;
5b7f9909 670
9f1db00c 671 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1da177e4 672
a9de9248
MH		 673 if (rp->status)
674 return;
5b7f9909 675
a9de9248 676 memcpy(hdev->features, rp->features, 8);
5b7f9909 677
a9de9248
MH		 678 /* Adjust default settings according to features
679 * supported by device. */
1da177e4 680
cad718ed 681 if (hdev->features[0][0] & LMP_3SLOT)
a9de9248 682 hdev->pkt_type |= (HCI_DM3 | HCI_DH3);
1da177e4 683
cad718ed 684 if (hdev->features[0][0] & LMP_5SLOT)
a9de9248 685 hdev->pkt_type |= (HCI_DM5 | HCI_DH5);
1da177e4 686
cad718ed 687 if (hdev->features[0][1] & LMP_HV2) {
a9de9248
MH		 688 hdev->pkt_type |= (HCI_HV2);
689 hdev->esco_type |= (ESCO_HV2);
690 }
1da177e4 691
cad718ed 692 if (hdev->features[0][1] & LMP_HV3) {
a9de9248
MH		 693 hdev->pkt_type |= (HCI_HV3);
694 hdev->esco_type |= (ESCO_HV3);
695 }
1da177e4 696
45db810f 697 if (lmp_esco_capable(hdev))
a9de9248 698 hdev->esco_type |= (ESCO_EV3);
da1f5198 699
cad718ed 700 if (hdev->features[0][4] & LMP_EV4)
a9de9248 701 hdev->esco_type |= (ESCO_EV4);
da1f5198 702
cad718ed 703 if (hdev->features[0][4] & LMP_EV5)
a9de9248 704 hdev->esco_type |= (ESCO_EV5);
1da177e4 705
cad718ed 706 if (hdev->features[0][5] & LMP_EDR_ESCO_2M)
efc7688b
MH		 707 hdev->esco_type |= (ESCO_2EV3);
708
cad718ed 709 if (hdev->features[0][5] & LMP_EDR_ESCO_3M)
efc7688b
MH		 710 hdev->esco_type |= (ESCO_3EV3);
711
cad718ed 712 if (hdev->features[0][5] & LMP_EDR_3S_ESCO)
efc7688b 713 hdev->esco_type |= (ESCO_2EV5 | ESCO_3EV5);
a9de9248 714}
1da177e4 715
971e3a4b 716static void hci_cc_read_local_ext_features(struct hci_dev *hdev,
807deac2 717 struct sk_buff *skb)
971e3a4b
AG		 718{
719 struct hci_rp_read_local_ext_features *rp = (void *) skb->data;
720
9f1db00c 721 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
971e3a4b
AG		 722
723 if (rp->status)
42c6b129 724 return;
971e3a4b 725
57af75a8
MH		 726 if (hdev->max_page < rp->max_page)
727 hdev->max_page = rp->max_page;
d2c5d77f 728
cad718ed
JH		 729 if (rp->page < HCI_MAX_PAGES)
730 memcpy(hdev->features[rp->page], rp->features, 8);
971e3a4b
AG		 731}
732
1e89cffb 733static void hci_cc_read_flow_control_mode(struct hci_dev *hdev,
807deac2 734 struct sk_buff *skb)
1e89cffb
AE		 735{
736 struct hci_rp_read_flow_control_mode *rp = (void *) skb->data;
737
9f1db00c 738 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1e89cffb 739
45296acd
MH		 740 if (rp->status)
741 return;
742
743 hdev->flow_ctl_mode = rp->mode;
1e89cffb
AE		 744}
745
a9de9248
MH		 746static void hci_cc_read_buffer_size(struct hci_dev *hdev, struct sk_buff *skb)
747{
748 struct hci_rp_read_buffer_size *rp = (void *) skb->data;
1da177e4 749
9f1db00c 750 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1da177e4 751
a9de9248
MH		 752 if (rp->status)
753 return;
1da177e4 754
a9de9248
MH		 755 hdev->acl_mtu = __le16_to_cpu(rp->acl_mtu);
756 hdev->sco_mtu = rp->sco_mtu;
757 hdev->acl_pkts = __le16_to_cpu(rp->acl_max_pkt);
758 hdev->sco_pkts = __le16_to_cpu(rp->sco_max_pkt);
759
760 if (test_bit(HCI_QUIRK_FIXUP_BUFFER_SIZE, &hdev->quirks)) {
761 hdev->sco_mtu = 64;
762 hdev->sco_pkts = 8;
1da177e4 763 }
a9de9248
MH		 764
765 hdev->acl_cnt = hdev->acl_pkts;
766 hdev->sco_cnt = hdev->sco_pkts;
767
807deac2
GP		 768 BT_DBG("%s acl mtu %d:%d sco mtu %d:%d", hdev->name, hdev->acl_mtu,
769 hdev->acl_pkts, hdev->sco_mtu, hdev->sco_pkts);
a9de9248
MH		 770}
771
772static void hci_cc_read_bd_addr(struct hci_dev *hdev, struct sk_buff *skb)
773{
774 struct hci_rp_read_bd_addr *rp = (void *) skb->data;
775
9f1db00c 776 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
a9de9248 777
e30d3f5f
MH		 778 if (rp->status)
779 return;
780
781 if (test_bit(HCI_INIT, &hdev->flags))
a9de9248 782 bacpy(&hdev->bdaddr, &rp->bdaddr);
e30d3f5f 783
d7a5a11d 784 if (hci_dev_test_flag(hdev, HCI_SETUP))
e30d3f5f 785 bacpy(&hdev->setup_addr, &rp->bdaddr);
23bb5763
JH		 786}
787
a4790360
MH		 788static void hci_cc_read_local_pairing_opts(struct hci_dev *hdev,
789 struct sk_buff *skb)
790{
791 struct hci_rp_read_local_pairing_opts *rp = (void *) skb->data;
792
793 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
794
795 if (rp->status)
796 return;
797
798 if (hci_dev_test_flag(hdev, HCI_SETUP) ||
799 hci_dev_test_flag(hdev, HCI_CONFIG)) {
800 hdev->pairing_opts = rp->pairing_opts;
801 hdev->max_enc_key_size = rp->max_key_size;
802 }
803}
804
f332ec66
JH		 805static void hci_cc_read_page_scan_activity(struct hci_dev *hdev,
806 struct sk_buff *skb)
807{
808 struct hci_rp_read_page_scan_activity *rp = (void *) skb->data;
809
810 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
811
45296acd
MH		 812 if (rp->status)
813 return;
814
815 if (test_bit(HCI_INIT, &hdev->flags)) {
f332ec66
JH		 816 hdev->page_scan_interval = __le16_to_cpu(rp->interval);
817 hdev->page_scan_window = __le16_to_cpu(rp->window);
818 }
819}
820
4a3ee763
JH		 821static void hci_cc_write_page_scan_activity(struct hci_dev *hdev,
822 struct sk_buff *skb)
823{
824 u8 status = *((u8 *) skb->data);
825 struct hci_cp_write_page_scan_activity *sent;
826
827 BT_DBG("%s status 0x%2.2x", hdev->name, status);
828
829 if (status)
830 return;
831
832 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY);
833 if (!sent)
834 return;
835
836 hdev->page_scan_interval = __le16_to_cpu(sent->interval);
837 hdev->page_scan_window = __le16_to_cpu(sent->window);
838}
839
f332ec66
JH		 840static void hci_cc_read_page_scan_type(struct hci_dev *hdev,
841 struct sk_buff *skb)
842{
843 struct hci_rp_read_page_scan_type *rp = (void *) skb->data;
844
845 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
846
45296acd
MH		 847 if (rp->status)
848 return;
849
850 if (test_bit(HCI_INIT, &hdev->flags))
f332ec66
JH		 851 hdev->page_scan_type = rp->type;
852}
853
4a3ee763
JH		 854static void hci_cc_write_page_scan_type(struct hci_dev *hdev,
855 struct sk_buff *skb)
856{
857 u8 status = *((u8 *) skb->data);
858 u8 *type;
859
860 BT_DBG("%s status 0x%2.2x", hdev->name, status);
861
862 if (status)
863 return;
864
865 type = hci_sent_cmd_data(hdev, HCI_OP_WRITE_PAGE_SCAN_TYPE);
866 if (type)
867 hdev->page_scan_type = *type;
868}
869
350ee4cf 870static void hci_cc_read_data_block_size(struct hci_dev *hdev,
807deac2 871 struct sk_buff *skb)
350ee4cf
AE		 872{
873 struct hci_rp_read_data_block_size *rp = (void *) skb->data;
874
9f1db00c 875 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
350ee4cf
AE		 876
877 if (rp->status)
878 return;
879
880 hdev->block_mtu = __le16_to_cpu(rp->max_acl_len);
881 hdev->block_len = __le16_to_cpu(rp->block_len);
882 hdev->num_blocks = __le16_to_cpu(rp->num_blocks);
883
884 hdev->block_cnt = hdev->num_blocks;
885
886 BT_DBG("%s blk mtu %d cnt %d len %d", hdev->name, hdev->block_mtu,
807deac2 887 hdev->block_cnt, hdev->block_len);
350ee4cf
AE		 888}
889
33f35721
JH		 890static void hci_cc_read_clock(struct hci_dev *hdev, struct sk_buff *skb)
891{
892 struct hci_rp_read_clock *rp = (void *) skb->data;
893 struct hci_cp_read_clock *cp;
894 struct hci_conn *conn;
895
896 BT_DBG("%s", hdev->name);
897
898 if (skb->len < sizeof(*rp))
899 return;
900
901 if (rp->status)
902 return;
903
904 hci_dev_lock(hdev);
905
906 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_CLOCK);
907 if (!cp)
908 goto unlock;
909
910 if (cp->which == 0x00) {
911 hdev->clock = le32_to_cpu(rp->clock);
912 goto unlock;
913 }
914
915 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
916 if (conn) {
917 conn->clock = le32_to_cpu(rp->clock);
918 conn->clock_accuracy = le16_to_cpu(rp->accuracy);
919 }
920
921unlock:
922 hci_dev_unlock(hdev);
923}
924
928abaa7 925static void hci_cc_read_local_amp_info(struct hci_dev *hdev,
807deac2 926 struct sk_buff *skb)
928abaa7
AE		 927{
928 struct hci_rp_read_local_amp_info *rp = (void *) skb->data;
929
9f1db00c 930 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
928abaa7
AE		 931
932 if (rp->status)
83927882 933 return;
928abaa7
AE		 934
935 hdev->amp_status = rp->amp_status;
936 hdev->amp_total_bw = __le32_to_cpu(rp->total_bw);
937 hdev->amp_max_bw = __le32_to_cpu(rp->max_bw);
938 hdev->amp_min_latency = __le32_to_cpu(rp->min_latency);
939 hdev->amp_max_pdu = __le32_to_cpu(rp->max_pdu);
940 hdev->amp_type = rp->amp_type;
941 hdev->amp_pal_cap = __le16_to_cpu(rp->pal_cap);
942 hdev->amp_assoc_size = __le16_to_cpu(rp->max_assoc_size);
943 hdev->amp_be_flush_to = __le32_to_cpu(rp->be_flush_to);
944 hdev->amp_max_flush_to = __le32_to_cpu(rp->max_flush_to);
928abaa7
AE		 945}
946
d5859e22 947static void hci_cc_read_inq_rsp_tx_power(struct hci_dev *hdev,
807deac2 948 struct sk_buff *skb)
d5859e22 949{
91c4e9b1 950 struct hci_rp_read_inq_rsp_tx_power *rp = (void *) skb->data;
d5859e22 951
9f1db00c 952 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
91c4e9b1 953
45296acd
MH		 954 if (rp->status)
955 return;
956
957 hdev->inq_tx_power = rp->tx_power;
d5859e22
JH		 958}
959
00bce3fb
AM		 960static void hci_cc_read_def_err_data_reporting(struct hci_dev *hdev,
961 struct sk_buff *skb)
962{
963 struct hci_rp_read_def_err_data_reporting *rp = (void *)skb->data;
964
965 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
966
967 if (rp->status)
968 return;
969
970 hdev->err_data_reporting = rp->err_data_reporting;
971}
972
973static void hci_cc_write_def_err_data_reporting(struct hci_dev *hdev,
974 struct sk_buff *skb)
975{
976 __u8 status = *((__u8 *)skb->data);
977 struct hci_cp_write_def_err_data_reporting *cp;
978
979 BT_DBG("%s status 0x%2.2x", hdev->name, status);
980
981 if (status)
982 return;
983
984 cp = hci_sent_cmd_data(hdev, HCI_OP_WRITE_DEF_ERR_DATA_REPORTING);
985 if (!cp)
986 return;
987
988 hdev->err_data_reporting = cp->err_data_reporting;
989}
990
980e1a53
JH		 991static void hci_cc_pin_code_reply(struct hci_dev *hdev, struct sk_buff *skb)
992{
993 struct hci_rp_pin_code_reply *rp = (void *) skb->data;
994 struct hci_cp_pin_code_reply *cp;
995 struct hci_conn *conn;
996
9f1db00c 997 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
980e1a53 998
56e5cb86
JH		 999 hci_dev_lock(hdev);
1000
d7a5a11d 1001 if (hci_dev_test_flag(hdev, HCI_MGMT))
744cf19e 1002 mgmt_pin_code_reply_complete(hdev, &rp->bdaddr, rp->status);
980e1a53 1003
fa1bd918 1004 if (rp->status)
56e5cb86 1005 goto unlock;
980e1a53
JH		 1006
1007 cp = hci_sent_cmd_data(hdev, HCI_OP_PIN_CODE_REPLY);
1008 if (!cp)
56e5cb86 1009 goto unlock;
980e1a53
JH		 1010
1011 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1012 if (conn)
1013 conn->pin_length = cp->pin_len;
56e5cb86
JH		 1014
1015unlock:
1016 hci_dev_unlock(hdev);
980e1a53
JH		 1017}
1018
1019static void hci_cc_pin_code_neg_reply(struct hci_dev *hdev, struct sk_buff *skb)
1020{
1021 struct hci_rp_pin_code_neg_reply *rp = (void *) skb->data;
1022
9f1db00c 1023 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
980e1a53 1024
56e5cb86
JH		 1025 hci_dev_lock(hdev);
1026
d7a5a11d 1027 if (hci_dev_test_flag(hdev, HCI_MGMT))
744cf19e 1028 mgmt_pin_code_neg_reply_complete(hdev, &rp->bdaddr,
807deac2 1029 rp->status);
56e5cb86
JH		 1030
1031 hci_dev_unlock(hdev);
980e1a53 1032}
56e5cb86 1033
6ed58ec5
VT		 1034static void hci_cc_le_read_buffer_size(struct hci_dev *hdev,
1035 struct sk_buff *skb)
1036{
1037 struct hci_rp_le_read_buffer_size *rp = (void *) skb->data;
1038
9f1db00c 1039 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
6ed58ec5
VT		 1040
1041 if (rp->status)
1042 return;
1043
1044 hdev->le_mtu = __le16_to_cpu(rp->le_mtu);
1045 hdev->le_pkts = rp->le_max_pkt;
1046
1047 hdev->le_cnt = hdev->le_pkts;
1048
1049 BT_DBG("%s le mtu %d:%d", hdev->name, hdev->le_mtu, hdev->le_pkts);
6ed58ec5 1050}
980e1a53 1051
60e77321
JH		 1052static void hci_cc_le_read_local_features(struct hci_dev *hdev,
1053 struct sk_buff *skb)
1054{
1055 struct hci_rp_le_read_local_features *rp = (void *) skb->data;
1056
1057 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1058
45296acd
MH		 1059 if (rp->status)
1060 return;
1061
1062 memcpy(hdev->le_features, rp->features, 8);
60e77321
JH		 1063}
1064
8fa19098
JH		 1065static void hci_cc_le_read_adv_tx_power(struct hci_dev *hdev,
1066 struct sk_buff *skb)
1067{
1068 struct hci_rp_le_read_adv_tx_power *rp = (void *) skb->data;
1069
1070 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1071
45296acd
MH		 1072 if (rp->status)
1073 return;
1074
1075 hdev->adv_tx_power = rp->tx_power;
8fa19098
JH		 1076}
1077
a5c29683
JH		 1078static void hci_cc_user_confirm_reply(struct hci_dev *hdev, struct sk_buff *skb)
1079{
1080 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
1081
9f1db00c 1082 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
a5c29683 1083
56e5cb86
JH		 1084 hci_dev_lock(hdev);
1085
d7a5a11d 1086 if (hci_dev_test_flag(hdev, HCI_MGMT))
04124681
GP		 1087 mgmt_user_confirm_reply_complete(hdev, &rp->bdaddr, ACL_LINK, 0,
1088 rp->status);
56e5cb86
JH		 1089
1090 hci_dev_unlock(hdev);
a5c29683
JH		 1091}
1092
1093static void hci_cc_user_confirm_neg_reply(struct hci_dev *hdev,
807deac2 1094 struct sk_buff *skb)
a5c29683
JH		 1095{
1096 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
1097
9f1db00c 1098 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
a5c29683 1099
56e5cb86
JH		 1100 hci_dev_lock(hdev);
1101
d7a5a11d 1102 if (hci_dev_test_flag(hdev, HCI_MGMT))
744cf19e 1103 mgmt_user_confirm_neg_reply_complete(hdev, &rp->bdaddr,
04124681 1104 ACL_LINK, 0, rp->status);
56e5cb86
JH		 1105
1106 hci_dev_unlock(hdev);
a5c29683
JH		 1107}
1108
1143d458
BG		 1109static void hci_cc_user_passkey_reply(struct hci_dev *hdev, struct sk_buff *skb)
1110{
1111 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
1112
9f1db00c 1113 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1143d458
BG		 1114
1115 hci_dev_lock(hdev);
1116
d7a5a11d 1117 if (hci_dev_test_flag(hdev, HCI_MGMT))
272d90df 1118 mgmt_user_passkey_reply_complete(hdev, &rp->bdaddr, ACL_LINK,
04124681 1119 0, rp->status);
1143d458
BG		 1120
1121 hci_dev_unlock(hdev);
1122}
1123
1124static void hci_cc_user_passkey_neg_reply(struct hci_dev *hdev,
807deac2 1125 struct sk_buff *skb)
1143d458
BG		 1126{
1127 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
1128
9f1db00c 1129 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1143d458
BG		 1130
1131 hci_dev_lock(hdev);
1132
d7a5a11d 1133 if (hci_dev_test_flag(hdev, HCI_MGMT))
1143d458 1134 mgmt_user_passkey_neg_reply_complete(hdev, &rp->bdaddr,
04124681 1135 ACL_LINK, 0, rp->status);
1143d458
BG		 1136
1137 hci_dev_unlock(hdev);
1138}
1139
4d2d2796
MH		 1140static void hci_cc_read_local_oob_data(struct hci_dev *hdev,
1141 struct sk_buff *skb)
c35938b2
SJ		 1142{
1143 struct hci_rp_read_local_oob_data *rp = (void *) skb->data;
1144
9f1db00c 1145 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
4d2d2796
MH		 1146}
1147
1148static void hci_cc_read_local_oob_ext_data(struct hci_dev *hdev,
1149 struct sk_buff *skb)
1150{
1151 struct hci_rp_read_local_oob_ext_data *rp = (void *) skb->data;
1152
1153 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
c35938b2
SJ		 1154}
1155
7a4cd51d
MH		 1156static void hci_cc_le_set_random_addr(struct hci_dev *hdev, struct sk_buff *skb)
1157{
1158 __u8 status = *((__u8 *) skb->data);
1159 bdaddr_t *sent;
1160
1161 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1162
45296acd
MH		 1163 if (status)
1164 return;
1165
7a4cd51d
MH		 1166 sent = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_RANDOM_ADDR);
1167 if (!sent)
1168 return;
1169
1170 hci_dev_lock(hdev);
1171
45296acd 1172 bacpy(&hdev->random_addr, sent);
7a4cd51d
MH		 1173
1174 hci_dev_unlock(hdev);
1175}
1176
0314f286
JK		 1177static void hci_cc_le_set_default_phy(struct hci_dev *hdev, struct sk_buff *skb)
1178{
1179 __u8 status = *((__u8 *) skb->data);
1180 struct hci_cp_le_set_default_phy *cp;
1181
1182 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1183
1184 if (status)
1185 return;
1186
1187 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_DEFAULT_PHY);
1188 if (!cp)
1189 return;
1190
1191 hci_dev_lock(hdev);
1192
1193 hdev->le_tx_def_phys = cp->tx_phys;
1194 hdev->le_rx_def_phys = cp->rx_phys;
1195
1196 hci_dev_unlock(hdev);
1197}
1198
a73c046a
JK		 1199static void hci_cc_le_set_adv_set_random_addr(struct hci_dev *hdev,
1200 struct sk_buff *skb)
1201{
1202 __u8 status = *((__u8 *) skb->data);
1203 struct hci_cp_le_set_adv_set_rand_addr *cp;
1204 struct adv_info *adv_instance;
1205
1206 if (status)
1207 return;
1208
1209 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_ADV_SET_RAND_ADDR);
1210 if (!cp)
1211 return;
1212
1213 hci_dev_lock(hdev);
1214
25e70886 1215 if (!cp->handle) {
a73c046a
JK		 1216 /* Store in hdev for instance 0 (Set adv and Directed advs) */
1217 bacpy(&hdev->random_addr, &cp->bdaddr);
1218 } else {
25e70886 1219 adv_instance = hci_find_adv_instance(hdev, cp->handle);
a73c046a
JK		 1220 if (adv_instance)
1221 bacpy(&adv_instance->random_addr, &cp->bdaddr);
1222 }
1223
1224 hci_dev_unlock(hdev);
1225}
1226
7c395ea5
DW		 1227static void hci_cc_le_read_transmit_power(struct hci_dev *hdev,
1228 struct sk_buff *skb)
1229{
1230 struct hci_rp_le_read_transmit_power *rp = (void *)skb->data;
1231
1232 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1233
1234 if (rp->status)
1235 return;
1236
1237 hdev->min_le_tx_power = rp->min_le_tx_power;
1238 hdev->max_le_tx_power = rp->max_le_tx_power;
1239}
1240
c1d5dc4a
JH		 1241static void hci_cc_le_set_adv_enable(struct hci_dev *hdev, struct sk_buff *skb)
1242{
1243 __u8 *sent, status = *((__u8 *) skb->data);
1244
1245 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1246
45296acd 1247 if (status)
c1d5dc4a
JH		 1248 return;
1249
45296acd
MH		 1250 sent = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_ADV_ENABLE);
1251 if (!sent)
3c857757
JH		 1252 return;
1253
c1d5dc4a
JH		 1254 hci_dev_lock(hdev);
1255
49c922bb 1256 /* If we're doing connection initiation as peripheral. Set a
3c857757
JH		 1257 * timeout in case something goes wrong.
1258 */
1259 if (*sent) {
1260 struct hci_conn *conn;
1261
a1536da2 1262 hci_dev_set_flag(hdev, HCI_LE_ADV);
66c417c1 1263
e7d9ab73 1264 conn = hci_lookup_le_connect(hdev);
3c857757
JH		 1265 if (conn)
1266 queue_delayed_work(hdev->workqueue,
1267 &conn->le_conn_timeout,
09ae260b 1268 conn->conn_timeout);
66c417c1 1269 } else {
a358dc11 1270 hci_dev_clear_flag(hdev, HCI_LE_ADV);
3c857757
JH		 1271 }
1272
04b4edcb 1273 hci_dev_unlock(hdev);
c1d5dc4a
JH		 1274}
1275
de181e88
JK		 1276static void hci_cc_le_set_ext_adv_enable(struct hci_dev *hdev,
1277 struct sk_buff *skb)
1278{
1279 struct hci_cp_le_set_ext_adv_enable *cp;
de181e88
JK		 1280 __u8 status = *((__u8 *) skb->data);
1281
1282 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1283
1284 if (status)
1285 return;
1286
1287 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_EXT_ADV_ENABLE);
1288 if (!cp)
1289 return;
1290
de181e88
JK		 1291 hci_dev_lock(hdev);
1292
1293 if (cp->enable) {
1294 struct hci_conn *conn;
1295
1296 hci_dev_set_flag(hdev, HCI_LE_ADV);
1297
1298 conn = hci_lookup_le_connect(hdev);
1299 if (conn)
1300 queue_delayed_work(hdev->workqueue,
1301 &conn->le_conn_timeout,
1302 conn->conn_timeout);
45b7749f
JK		 1303 } else {
1304 hci_dev_clear_flag(hdev, HCI_LE_ADV);
de181e88
JK		 1305 }
1306
1307 hci_dev_unlock(hdev);
1308}
1309
533553f8
MH		 1310static void hci_cc_le_set_scan_param(struct hci_dev *hdev, struct sk_buff *skb)
1311{
1312 struct hci_cp_le_set_scan_param *cp;
1313 __u8 status = *((__u8 *) skb->data);
1314
1315 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1316
45296acd
MH		 1317 if (status)
1318 return;
1319
533553f8
MH		 1320 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_SCAN_PARAM);
1321 if (!cp)
1322 return;
1323
1324 hci_dev_lock(hdev);
1325
45296acd 1326 hdev->le_scan_type = cp->type;
533553f8
MH		 1327
1328 hci_dev_unlock(hdev);
1329}
1330
a2344b9e
JK		 1331static void hci_cc_le_set_ext_scan_param(struct hci_dev *hdev,
1332 struct sk_buff *skb)
1333{
1334 struct hci_cp_le_set_ext_scan_params *cp;
1335 __u8 status = *((__u8 *) skb->data);
1336 struct hci_cp_le_scan_phy_params *phy_param;
1337
1338 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1339
1340 if (status)
1341 return;
1342
1343 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_EXT_SCAN_PARAMS);
1344 if (!cp)
1345 return;
1346
1347 phy_param = (void *)cp->data;
1348
1349 hci_dev_lock(hdev);
1350
1351 hdev->le_scan_type = phy_param->type;
1352
1353 hci_dev_unlock(hdev);
1354}
1355
b9a6328f
JH		 1356static bool has_pending_adv_report(struct hci_dev *hdev)
1357{
1358 struct discovery_state *d = &hdev->discovery;
1359
1360 return bacmp(&d->last_adv_addr, BDADDR_ANY);
1361}
1362
1363static void clear_pending_adv_report(struct hci_dev *hdev)
1364{
1365 struct discovery_state *d = &hdev->discovery;
1366
1367 bacpy(&d->last_adv_addr, BDADDR_ANY);
1368 d->last_adv_data_len = 0;
1369}
1370
1371static void store_pending_adv_report(struct hci_dev *hdev, bdaddr_t *bdaddr,
c70a7e4c
MH		 1372 u8 bdaddr_type, s8 rssi, u32 flags,
1373 u8 *data, u8 len)
b9a6328f
JH		 1374{
1375 struct discovery_state *d = &hdev->discovery;
1376
a2ec905d
AM		 1377 if (len > HCI_MAX_AD_LENGTH)
1378 return;
1379
b9a6328f
JH		 1380 bacpy(&d->last_adv_addr, bdaddr);
1381 d->last_adv_addr_type = bdaddr_type;
ff5cd29f 1382 d->last_adv_rssi = rssi;
c70a7e4c 1383 d->last_adv_flags = flags;
b9a6328f
JH		 1384 memcpy(d->last_adv_data, data, len);
1385 d->last_adv_data_len = len;
1386}
1387
3baef810 1388static void le_set_scan_enable_complete(struct hci_dev *hdev, u8 enable)
eb9d91f5 1389{
5c1a4c8f
JK		 1390 hci_dev_lock(hdev);
1391
3baef810 1392 switch (enable) {
76a388be 1393 case LE_SCAN_ENABLE:
a1536da2 1394 hci_dev_set_flag(hdev, HCI_LE_SCAN);
b9a6328f
JH		 1395 if (hdev->le_scan_type == LE_SCAN_ACTIVE)
1396 clear_pending_adv_report(hdev);
68a8aea4
AE		 1397 break;
1398
76a388be 1399 case LE_SCAN_DISABLE:
b9a6328f
JH		 1400 /* We do this here instead of when setting DISCOVERY_STOPPED
1401 * since the latter would potentially require waiting for
1402 * inquiry to stop too.
1403 */
1404 if (has_pending_adv_report(hdev)) {
1405 struct discovery_state *d = &hdev->discovery;
1406
1407 mgmt_device_found(hdev, &d->last_adv_addr, LE_LINK,
ab0aa433 1408 d->last_adv_addr_type, NULL,
c70a7e4c 1409 d->last_adv_rssi, d->last_adv_flags,
ab0aa433 1410 d->last_adv_data,
b9a6328f
JH		 1411 d->last_adv_data_len, NULL, 0);
1412 }
1413
317ac8cb
JH		 1414 /* Cancel this timer so that we don't try to disable scanning
1415 * when it's already disabled.
1416 */
1417 cancel_delayed_work(&hdev->le_scan_disable);
1418
a358dc11 1419 hci_dev_clear_flag(hdev, HCI_LE_SCAN);
e8bb6b97 1420
81ad6fd9
JH		 1421 /* The HCI_LE_SCAN_INTERRUPTED flag indicates that we
1422 * interrupted scanning due to a connect request. Mark
e8bb6b97
JH		 1423 * therefore discovery as stopped. If this was not
1424 * because of a connect request advertising might have
1425 * been disabled because of active scanning, so
1426 * re-enable it again if necessary.
81ad6fd9 1427 */
a69d8927 1428 if (hci_dev_test_and_clear_flag(hdev, HCI_LE_SCAN_INTERRUPTED))
81ad6fd9 1429 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
d7a5a11d 1430 else if (!hci_dev_test_flag(hdev, HCI_LE_ADV) &&
34722277 1431 hdev->discovery.state == DISCOVERY_FINDING)
f2252570 1432 hci_req_reenable_advertising(hdev);
e8bb6b97 1433
68a8aea4
AE		 1434 break;
1435
1436 default:
2064ee33 1437 bt_dev_err(hdev, "use of reserved LE_Scan_Enable param %d",
3baef810 1438 enable);
68a8aea4 1439 break;
35815085 1440 }
5c1a4c8f
JK		 1441
1442 hci_dev_unlock(hdev);
eb9d91f5
AG		 1443}
1444
3baef810
JK		 1445static void hci_cc_le_set_scan_enable(struct hci_dev *hdev,
1446 struct sk_buff *skb)
1447{
1448 struct hci_cp_le_set_scan_enable *cp;
1449 __u8 status = *((__u8 *) skb->data);
1450
1451 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1452
1453 if (status)
1454 return;
1455
1456 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_SCAN_ENABLE);
1457 if (!cp)
1458 return;
1459
1460 le_set_scan_enable_complete(hdev, cp->enable);
1461}
1462
a2344b9e
JK		 1463static void hci_cc_le_set_ext_scan_enable(struct hci_dev *hdev,
1464 struct sk_buff *skb)
1465{
1466 struct hci_cp_le_set_ext_scan_enable *cp;
1467 __u8 status = *((__u8 *) skb->data);
1468
1469 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1470
1471 if (status)
1472 return;
1473
1474 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_EXT_SCAN_ENABLE);
1475 if (!cp)
1476 return;
1477
1478 le_set_scan_enable_complete(hdev, cp->enable);
1479}
1480
6b49bcb4
JK		 1481static void hci_cc_le_read_num_adv_sets(struct hci_dev *hdev,
1482 struct sk_buff *skb)
1483{
1484 struct hci_rp_le_read_num_supported_adv_sets *rp = (void *) skb->data;
1485
1486 BT_DBG("%s status 0x%2.2x No of Adv sets %u", hdev->name, rp->status,
1487 rp->num_of_sets);
1488
1489 if (rp->status)
1490 return;
1491
1492 hdev->le_num_of_adv_sets = rp->num_of_sets;
1493}
1494
cf1d081f
JH		 1495static void hci_cc_le_read_white_list_size(struct hci_dev *hdev,
1496 struct sk_buff *skb)
1497{
1498 struct hci_rp_le_read_white_list_size *rp = (void *) skb->data;
1499
1500 BT_DBG("%s status 0x%2.2x size %u", hdev->name, rp->status, rp->size);
1501
45296acd
MH		 1502 if (rp->status)
1503 return;
1504
1505 hdev->le_white_list_size = rp->size;
cf1d081f
JH		 1506}
1507
0f36b589
MH		 1508static void hci_cc_le_clear_white_list(struct hci_dev *hdev,
1509 struct sk_buff *skb)
1510{
1511 __u8 status = *((__u8 *) skb->data);
1512
1513 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1514
45296acd
MH		 1515 if (status)
1516 return;
1517
dcc36c16 1518 hci_bdaddr_list_clear(&hdev->le_white_list);
0f36b589
MH		 1519}
1520
1521static void hci_cc_le_add_to_white_list(struct hci_dev *hdev,
1522 struct sk_buff *skb)
1523{
1524 struct hci_cp_le_add_to_white_list *sent;
1525 __u8 status = *((__u8 *) skb->data);
1526
1527 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1528
45296acd
MH		 1529 if (status)
1530 return;
1531
0f36b589
MH		 1532 sent = hci_sent_cmd_data(hdev, HCI_OP_LE_ADD_TO_WHITE_LIST);
1533 if (!sent)
1534 return;
1535
dcc36c16
JH		 1536 hci_bdaddr_list_add(&hdev->le_white_list, &sent->bdaddr,
1537 sent->bdaddr_type);
0f36b589
MH		 1538}
1539
1540static void hci_cc_le_del_from_white_list(struct hci_dev *hdev,
1541 struct sk_buff *skb)
1542{
1543 struct hci_cp_le_del_from_white_list *sent;
1544 __u8 status = *((__u8 *) skb->data);
1545
1546 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1547
45296acd
MH		 1548 if (status)
1549 return;
1550
0f36b589
MH		 1551 sent = hci_sent_cmd_data(hdev, HCI_OP_LE_DEL_FROM_WHITE_LIST);
1552 if (!sent)
1553 return;
1554
dcc36c16
JH		 1555 hci_bdaddr_list_del(&hdev->le_white_list, &sent->bdaddr,
1556 sent->bdaddr_type);
0f36b589
MH		 1557}
1558
9b008c04
JH		 1559static void hci_cc_le_read_supported_states(struct hci_dev *hdev,
1560 struct sk_buff *skb)
1561{
1562 struct hci_rp_le_read_supported_states *rp = (void *) skb->data;
1563
1564 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1565
45296acd
MH		 1566 if (rp->status)
1567 return;
1568
1569 memcpy(hdev->le_states, rp->le_states, 8);
9b008c04
JH		 1570}
1571
a8e1bfaa
MH		 1572static void hci_cc_le_read_def_data_len(struct hci_dev *hdev,
1573 struct sk_buff *skb)
1574{
1575 struct hci_rp_le_read_def_data_len *rp = (void *) skb->data;
1576
1577 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1578
1579 if (rp->status)
1580 return;
1581
1582 hdev->le_def_tx_len = le16_to_cpu(rp->tx_len);
1583 hdev->le_def_tx_time = le16_to_cpu(rp->tx_time);
1584}
1585
1586static void hci_cc_le_write_def_data_len(struct hci_dev *hdev,
1587 struct sk_buff *skb)
1588{
1589 struct hci_cp_le_write_def_data_len *sent;
1590 __u8 status = *((__u8 *) skb->data);
1591
1592 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1593
1594 if (status)
1595 return;
1596
1597 sent = hci_sent_cmd_data(hdev, HCI_OP_LE_WRITE_DEF_DATA_LEN);
1598 if (!sent)
1599 return;
1600
1601 hdev->le_def_tx_len = le16_to_cpu(sent->tx_len);
1602 hdev->le_def_tx_time = le16_to_cpu(sent->tx_time);
1603}
1604
b950aa88
AN		 1605static void hci_cc_le_add_to_resolv_list(struct hci_dev *hdev,
1606 struct sk_buff *skb)
1607{
1608 struct hci_cp_le_add_to_resolv_list *sent;
1609 __u8 status = *((__u8 *) skb->data);
1610
1611 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1612
1613 if (status)
1614 return;
1615
1616 sent = hci_sent_cmd_data(hdev, HCI_OP_LE_ADD_TO_RESOLV_LIST);
1617 if (!sent)
1618 return;
1619
1620 hci_bdaddr_list_add_with_irk(&hdev->le_resolv_list, &sent->bdaddr,
1621 sent->bdaddr_type, sent->peer_irk,
1622 sent->local_irk);
1623}
1624
1625static void hci_cc_le_del_from_resolv_list(struct hci_dev *hdev,
1626 struct sk_buff *skb)
1627{
1628 struct hci_cp_le_del_from_resolv_list *sent;
1629 __u8 status = *((__u8 *) skb->data);
1630
1631 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1632
1633 if (status)
1634 return;
1635
1636 sent = hci_sent_cmd_data(hdev, HCI_OP_LE_DEL_FROM_RESOLV_LIST);
1637 if (!sent)
1638 return;
1639
1640 hci_bdaddr_list_del_with_irk(&hdev->le_resolv_list, &sent->bdaddr,
1641 sent->bdaddr_type);
1642}
1643
545f2596
AN		 1644static void hci_cc_le_clear_resolv_list(struct hci_dev *hdev,
1645 struct sk_buff *skb)
1646{
1647 __u8 status = *((__u8 *) skb->data);
1648
1649 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1650
1651 if (status)
1652 return;
1653
1654 hci_bdaddr_list_clear(&hdev->le_resolv_list);
1655}
1656
cfdb0c2d
AN		 1657static void hci_cc_le_read_resolv_list_size(struct hci_dev *hdev,
1658 struct sk_buff *skb)
1659{
1660 struct hci_rp_le_read_resolv_list_size *rp = (void *) skb->data;
1661
1662 BT_DBG("%s status 0x%2.2x size %u", hdev->name, rp->status, rp->size);
1663
1664 if (rp->status)
1665 return;
1666
1667 hdev->le_resolv_list_size = rp->size;
1668}
1669
aa12af77
AN		 1670static void hci_cc_le_set_addr_resolution_enable(struct hci_dev *hdev,
1671 struct sk_buff *skb)
1672{
1673 __u8 *sent, status = *((__u8 *) skb->data);
1674
1675 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1676
1677 if (status)
1678 return;
1679
1680 sent = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_ADDR_RESOLV_ENABLE);
1681 if (!sent)
1682 return;
1683
1684 hci_dev_lock(hdev);
1685
1686 if (*sent)
1687 hci_dev_set_flag(hdev, HCI_LL_RPA_RESOLUTION);
1688 else
1689 hci_dev_clear_flag(hdev, HCI_LL_RPA_RESOLUTION);
1690
1691 hci_dev_unlock(hdev);
1692}
1693
a8e1bfaa
MH		 1694static void hci_cc_le_read_max_data_len(struct hci_dev *hdev,
1695 struct sk_buff *skb)
1696{
1697 struct hci_rp_le_read_max_data_len *rp = (void *) skb->data;
1698
1699 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1700
1701 if (rp->status)
1702 return;
1703
1704 hdev->le_max_tx_len = le16_to_cpu(rp->tx_len);
1705 hdev->le_max_tx_time = le16_to_cpu(rp->tx_time);
1706 hdev->le_max_rx_len = le16_to_cpu(rp->rx_len);
1707 hdev->le_max_rx_time = le16_to_cpu(rp->rx_time);
1708}
1709
6039aa73
GP		 1710static void hci_cc_write_le_host_supported(struct hci_dev *hdev,
1711 struct sk_buff *skb)
f9b49306 1712{
06199cf8 1713 struct hci_cp_write_le_host_supported *sent;
f9b49306
AG		 1714 __u8 status = *((__u8 *) skb->data);
1715
9f1db00c 1716 BT_DBG("%s status 0x%2.2x", hdev->name, status);
f9b49306 1717
45296acd
MH		 1718 if (status)
1719 return;
1720
06199cf8 1721 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED);
8f984dfa 1722 if (!sent)
f9b49306
AG		 1723 return;
1724
5c1a4c8f
JK		 1725 hci_dev_lock(hdev);
1726
45296acd
MH		 1727 if (sent->le) {
1728 hdev->features[1][0] |= LMP_HOST_LE;
a1536da2 1729 hci_dev_set_flag(hdev, HCI_LE_ENABLED);
45296acd
MH		 1730 } else {
1731 hdev->features[1][0] &= ~LMP_HOST_LE;
a358dc11
MH		 1732 hci_dev_clear_flag(hdev, HCI_LE_ENABLED);
1733 hci_dev_clear_flag(hdev, HCI_ADVERTISING);
8f984dfa 1734 }
45296acd
MH		 1735
1736 if (sent->simul)
1737 hdev->features[1][0] |= LMP_HOST_LE_BREDR;
1738 else
1739 hdev->features[1][0] &= ~LMP_HOST_LE_BREDR;
5c1a4c8f
JK		 1740
1741 hci_dev_unlock(hdev);
f9b49306
AG		 1742}
1743
56ed2cb8
JH		 1744static void hci_cc_set_adv_param(struct hci_dev *hdev, struct sk_buff *skb)
1745{
1746 struct hci_cp_le_set_adv_param *cp;
1747 u8 status = *((u8 *) skb->data);
1748
1749 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1750
1751 if (status)
1752 return;
1753
1754 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_ADV_PARAM);
1755 if (!cp)
1756 return;
1757
1758 hci_dev_lock(hdev);
1759 hdev->adv_addr_type = cp->own_address_type;
1760 hci_dev_unlock(hdev);
1761}
1762
de181e88
JK		 1763static void hci_cc_set_ext_adv_param(struct hci_dev *hdev, struct sk_buff *skb)
1764{
1765 struct hci_rp_le_set_ext_adv_params *rp = (void *) skb->data;
1766 struct hci_cp_le_set_ext_adv_params *cp;
1767 struct adv_info *adv_instance;
1768
1769 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1770
1771 if (rp->status)
1772 return;
1773
1774 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_EXT_ADV_PARAMS);
1775 if (!cp)
1776 return;
1777
1778 hci_dev_lock(hdev);
1779 hdev->adv_addr_type = cp->own_addr_type;
25e70886 1780 if (!cp->handle) {
de181e88
JK		 1781 /* Store in hdev for instance 0 */
1782 hdev->adv_tx_power = rp->tx_power;
1783 } else {
25e70886 1784 adv_instance = hci_find_adv_instance(hdev, cp->handle);
de181e88
JK		 1785 if (adv_instance)
1786 adv_instance->tx_power = rp->tx_power;
1787 }
a0fb3726 1788 /* Update adv data as tx power is known now */
25e70886 1789 hci_req_update_adv_data(hdev, cp->handle);
12410572 1790
de181e88
JK		 1791 hci_dev_unlock(hdev);
1792}
1793
5ae76a94
AK		 1794static void hci_cc_read_rssi(struct hci_dev *hdev, struct sk_buff *skb)
1795{
1796 struct hci_rp_read_rssi *rp = (void *) skb->data;
1797 struct hci_conn *conn;
1798
1799 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1800
1801 if (rp->status)
1802 return;
1803
1804 hci_dev_lock(hdev);
1805
1806 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
1807 if (conn)
1808 conn->rssi = rp->rssi;
1809
1810 hci_dev_unlock(hdev);
1811}
1812
5a134fae
AK		 1813static void hci_cc_read_tx_power(struct hci_dev *hdev, struct sk_buff *skb)
1814{
1815 struct hci_cp_read_tx_power *sent;
1816 struct hci_rp_read_tx_power *rp = (void *) skb->data;
1817 struct hci_conn *conn;
1818
1819 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1820
1821 if (rp->status)
1822 return;
1823
1824 sent = hci_sent_cmd_data(hdev, HCI_OP_READ_TX_POWER);
1825 if (!sent)
1826 return;
1827
1828 hci_dev_lock(hdev);
1829
1830 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
d0455ed9
AK		 1831 if (!conn)
1832 goto unlock;
1833
1834 switch (sent->type) {
1835 case 0x00:
5a134fae 1836 conn->tx_power = rp->tx_power;
d0455ed9
AK		 1837 break;
1838 case 0x01:
1839 conn->max_tx_power = rp->tx_power;
1840 break;
1841 }
5a134fae 1842
d0455ed9 1843unlock:
5a134fae
AK		 1844 hci_dev_unlock(hdev);
1845}
1846
c50b33c8
MH		 1847static void hci_cc_write_ssp_debug_mode(struct hci_dev *hdev, struct sk_buff *skb)
1848{
1849 u8 status = *((u8 *) skb->data);
1850 u8 *mode;
1851
1852 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1853
1854 if (status)
1855 return;
1856
1857 mode = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SSP_DEBUG_MODE);
1858 if (mode)
1859 hdev->ssp_debug_mode = *mode;
1860}
1861
6039aa73 1862static void hci_cs_inquiry(struct hci_dev *hdev, __u8 status)
a9de9248 1863{
9f1db00c 1864 BT_DBG("%s status 0x%2.2x", hdev->name, status);
a9de9248
MH		 1865
1866 if (status) {
a9de9248 1867 hci_conn_check_pending(hdev);
314b2381
JH		 1868 return;
1869 }
1870
89352e7d 1871 set_bit(HCI_INQUIRY, &hdev->flags);
1da177e4
LT		 1872}
1873
6039aa73 1874static void hci_cs_create_conn(struct hci_dev *hdev, __u8 status)
1da177e4 1875{
a9de9248 1876 struct hci_cp_create_conn *cp;
1da177e4 1877 struct hci_conn *conn;
1da177e4 1878
9f1db00c 1879 BT_DBG("%s status 0x%2.2x", hdev->name, status);
a9de9248
MH		 1880
1881 cp = hci_sent_cmd_data(hdev, HCI_OP_CREATE_CONN);
1da177e4
LT		 1882 if (!cp)
1883 return;
1884
1885 hci_dev_lock(hdev);
1886
1887 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1888
6ed93dc6 1889 BT_DBG("%s bdaddr %pMR hcon %p", hdev->name, &cp->bdaddr, conn);
1da177e4
LT		 1890
1891 if (status) {
1892 if (conn && conn->state == BT_CONNECT) {
4c67bc74
MH		 1893 if (status != 0x0c || conn->attempt > 2) {
1894 conn->state = BT_CLOSED;
539c496d 1895 hci_connect_cfm(conn, status);
4c67bc74
MH		 1896 hci_conn_del(conn);
1897 } else
1898 conn->state = BT_CONNECT2;
1da177e4
LT		 1899 }
1900 } else {
1901 if (!conn) {
a5c4e309
JH		 1902 conn = hci_conn_add(hdev, ACL_LINK, &cp->bdaddr,
1903 HCI_ROLE_MASTER);
1904 if (!conn)
2064ee33 1905 bt_dev_err(hdev, "no memory for new connection");
1da177e4
LT		 1906 }
1907 }
1908
1909 hci_dev_unlock(hdev);
1910}
1911
a9de9248 1912static void hci_cs_add_sco(struct hci_dev *hdev, __u8 status)
1da177e4 1913{
a9de9248
MH		 1914 struct hci_cp_add_sco *cp;
1915 struct hci_conn *acl, *sco;
1916 __u16 handle;
1da177e4 1917
9f1db00c 1918 BT_DBG("%s status 0x%2.2x", hdev->name, status);
b6a0dc82 1919
a9de9248
MH		 1920 if (!status)
1921 return;
1da177e4 1922
a9de9248
MH		 1923 cp = hci_sent_cmd_data(hdev, HCI_OP_ADD_SCO);
1924 if (!cp)
1925 return;
1da177e4 1926
a9de9248 1927 handle = __le16_to_cpu(cp->handle);
1da177e4 1928
9f1db00c 1929 BT_DBG("%s handle 0x%4.4x", hdev->name, handle);
1da177e4 1930
a9de9248 1931 hci_dev_lock(hdev);
1da177e4 1932
a9de9248 1933 acl = hci_conn_hash_lookup_handle(hdev, handle);
5a08ecce
AE		 1934 if (acl) {
1935 sco = acl->link;
1936 if (sco) {
1937 sco->state = BT_CLOSED;
1da177e4 1938
539c496d 1939 hci_connect_cfm(sco, status);
5a08ecce
AE		 1940 hci_conn_del(sco);
1941 }
a9de9248 1942 }
1da177e4 1943
a9de9248
MH		 1944 hci_dev_unlock(hdev);
1945}
1da177e4 1946
f8558555
MH		 1947static void hci_cs_auth_requested(struct hci_dev *hdev, __u8 status)
1948{
1949 struct hci_cp_auth_requested *cp;
1950 struct hci_conn *conn;
1951
9f1db00c 1952 BT_DBG("%s status 0x%2.2x", hdev->name, status);
f8558555
MH		 1953
1954 if (!status)
1955 return;
1956
1957 cp = hci_sent_cmd_data(hdev, HCI_OP_AUTH_REQUESTED);
1958 if (!cp)
1959 return;
1960
1961 hci_dev_lock(hdev);
1962
1963 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1964 if (conn) {
1965 if (conn->state == BT_CONFIG) {
539c496d 1966 hci_connect_cfm(conn, status);
76a68ba0 1967 hci_conn_drop(conn);
f8558555
MH		 1968 }
1969 }
1970
1971 hci_dev_unlock(hdev);
1972}
1973
1974static void hci_cs_set_conn_encrypt(struct hci_dev *hdev, __u8 status)
1975{
1976 struct hci_cp_set_conn_encrypt *cp;
1977 struct hci_conn *conn;
1978
9f1db00c 1979 BT_DBG("%s status 0x%2.2x", hdev->name, status);
f8558555
MH		 1980
1981 if (!status)
1982 return;
1983
1984 cp = hci_sent_cmd_data(hdev, HCI_OP_SET_CONN_ENCRYPT);
1985 if (!cp)
1986 return;
1987
1988 hci_dev_lock(hdev);
1989
1990 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1991 if (conn) {
1992 if (conn->state == BT_CONFIG) {
539c496d 1993 hci_connect_cfm(conn, status);
76a68ba0 1994 hci_conn_drop(conn);
f8558555
MH		 1995 }
1996 }
1997
1998 hci_dev_unlock(hdev);
1999}
2000
127178d2 2001static int hci_outgoing_auth_needed(struct hci_dev *hdev,
807deac2 2002 struct hci_conn *conn)
392599b9 2003{
392599b9
JH		 2004 if (conn->state != BT_CONFIG || !conn->out)
2005 return 0;
2006
765c2a96 2007 if (conn->pending_sec_level == BT_SECURITY_SDP)
392599b9
JH		 2008 return 0;
2009
2010 /* Only request authentication for SSP connections or non-SSP
264b8b4e
JH		 2011 * devices with sec_level MEDIUM or HIGH or if MITM protection
2012 * is requested.
2013 */
807deac2 2014 if (!hci_conn_ssp_enabled(conn) && !(conn->auth_type & 0x01) &&
7e3691e1 2015 conn->pending_sec_level != BT_SECURITY_FIPS &&
264b8b4e
JH		 2016 conn->pending_sec_level != BT_SECURITY_HIGH &&
2017 conn->pending_sec_level != BT_SECURITY_MEDIUM)
392599b9
JH		 2018 return 0;
2019
392599b9
JH		 2020 return 1;
2021}
2022
6039aa73 2023static int hci_resolve_name(struct hci_dev *hdev,
04124681 2024 struct inquiry_entry *e)
30dc78e1
JH		 2025{
2026 struct hci_cp_remote_name_req cp;
2027
2028 memset(&cp, 0, sizeof(cp));
2029
2030 bacpy(&cp.bdaddr, &e->data.bdaddr);
2031 cp.pscan_rep_mode = e->data.pscan_rep_mode;
2032 cp.pscan_mode = e->data.pscan_mode;
2033 cp.clock_offset = e->data.clock_offset;
2034
2035 return hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
2036}
2037
b644ba33 2038static bool hci_resolve_next_name(struct hci_dev *hdev)
30dc78e1
JH		 2039{
2040 struct discovery_state *discov = &hdev->discovery;
2041 struct inquiry_entry *e;
2042
b644ba33
JH		 2043 if (list_empty(&discov->resolve))
2044 return false;
2045
2046 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_NEEDED);
c810089c
RM		 2047 if (!e)
2048 return false;
2049
b644ba33
JH		 2050 if (hci_resolve_name(hdev, e) == 0) {
2051 e->name_state = NAME_PENDING;
2052 return true;
2053 }
2054
2055 return false;
2056}
2057
2058static void hci_check_pending_name(struct hci_dev *hdev, struct hci_conn *conn,
04124681 2059 bdaddr_t *bdaddr, u8 *name, u8 name_len)
b644ba33
JH		 2060{
2061 struct discovery_state *discov = &hdev->discovery;
2062 struct inquiry_entry *e;
2063
60cb49d2
JH		 2064 /* Update the mgmt connected state if necessary. Be careful with
2065 * conn objects that exist but are not (yet) connected however.
2066 * Only those in BT_CONFIG or BT_CONNECTED states can be
2067 * considered connected.
2068 */
2069 if (conn &&
2070 (conn->state == BT_CONFIG || conn->state == BT_CONNECTED) &&
cb77c3ec 2071 !test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
1c6ed31b 2072 mgmt_device_connected(hdev, conn, name, name_len);
b644ba33
JH		 2073
2074 if (discov->state == DISCOVERY_STOPPED)
2075 return;
2076
30dc78e1
JH		 2077 if (discov->state == DISCOVERY_STOPPING)
2078 goto discov_complete;
2079
2080 if (discov->state != DISCOVERY_RESOLVING)
2081 return;
2082
2083 e = hci_inquiry_cache_lookup_resolve(hdev, bdaddr, NAME_PENDING);
7cc8380e
RM		 2084 /* If the device was not found in a list of found devices names of which
2085 * are pending. there is no need to continue resolving a next name as it
2086 * will be done upon receiving another Remote Name Request Complete
2087 * Event */
2088 if (!e)
2089 return;
2090
2091 list_del(&e->list);
2092 if (name) {
30dc78e1 2093 e->name_state = NAME_KNOWN;
7cc8380e
RM		 2094 mgmt_remote_name(hdev, bdaddr, ACL_LINK, 0x00,
2095 e->data.rssi, name, name_len);
c3e7c0d9
RM		 2096 } else {
2097 e->name_state = NAME_NOT_KNOWN;
30dc78e1
JH		 2098 }
2099
b644ba33 2100 if (hci_resolve_next_name(hdev))
30dc78e1 2101 return;
30dc78e1
JH		 2102
2103discov_complete:
2104 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
2105}
2106
a9de9248
MH		 2107static void hci_cs_remote_name_req(struct hci_dev *hdev, __u8 status)
2108{
127178d2
JH		 2109 struct hci_cp_remote_name_req *cp;
2110 struct hci_conn *conn;
2111
9f1db00c 2112 BT_DBG("%s status 0x%2.2x", hdev->name, status);
127178d2
JH		 2113
2114 /* If successful wait for the name req complete event before
2115 * checking for the need to do authentication */
2116 if (!status)
2117 return;
2118
2119 cp = hci_sent_cmd_data(hdev, HCI_OP_REMOTE_NAME_REQ);
2120 if (!cp)
2121 return;
2122
2123 hci_dev_lock(hdev);
2124
b644ba33
JH		 2125 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
2126
d7a5a11d 2127 if (hci_dev_test_flag(hdev, HCI_MGMT))
b644ba33 2128 hci_check_pending_name(hdev, conn, &cp->bdaddr, NULL, 0);
30dc78e1 2129
79c6c70c
JH		 2130 if (!conn)
2131 goto unlock;
2132
2133 if (!hci_outgoing_auth_needed(hdev, conn))
2134 goto unlock;
2135
51a8efd7 2136 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
c1f23a2b
JB		 2137 struct hci_cp_auth_requested auth_cp;
2138
977f8fce
JH		 2139 set_bit(HCI_CONN_AUTH_INITIATOR, &conn->flags);
2140
c1f23a2b
JB		 2141 auth_cp.handle = __cpu_to_le16(conn->handle);
2142 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED,
2143 sizeof(auth_cp), &auth_cp);
127178d2
JH		 2144 }
2145
79c6c70c 2146unlock:
127178d2 2147 hci_dev_unlock(hdev);
a9de9248 2148}
1da177e4 2149
769be974
MH		 2150static void hci_cs_read_remote_features(struct hci_dev *hdev, __u8 status)
2151{
2152 struct hci_cp_read_remote_features *cp;
2153 struct hci_conn *conn;
2154
9f1db00c 2155 BT_DBG("%s status 0x%2.2x", hdev->name, status);
769be974
MH		 2156
2157 if (!status)
2158 return;
2159
2160 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_FEATURES);
2161 if (!cp)
2162 return;
2163
2164 hci_dev_lock(hdev);
2165
2166 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
2167 if (conn) {
2168 if (conn->state == BT_CONFIG) {
539c496d 2169 hci_connect_cfm(conn, status);
76a68ba0 2170 hci_conn_drop(conn);
769be974
MH		 2171 }
2172 }
2173
2174 hci_dev_unlock(hdev);
2175}
2176
2177static void hci_cs_read_remote_ext_features(struct hci_dev *hdev, __u8 status)
2178{
2179 struct hci_cp_read_remote_ext_features *cp;
2180 struct hci_conn *conn;
2181
9f1db00c 2182 BT_DBG("%s status 0x%2.2x", hdev->name, status);
769be974
MH		 2183
2184 if (!status)
2185 return;
2186
2187 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES);
2188 if (!cp)
2189 return;
2190
2191 hci_dev_lock(hdev);
2192
2193 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
2194 if (conn) {
2195 if (conn->state == BT_CONFIG) {
539c496d 2196 hci_connect_cfm(conn, status);
76a68ba0 2197 hci_conn_drop(conn);
769be974
MH		 2198 }
2199 }
2200
2201 hci_dev_unlock(hdev);
2202}
2203
a9de9248
MH		 2204static void hci_cs_setup_sync_conn(struct hci_dev *hdev, __u8 status)
2205{
b6a0dc82
MH		 2206 struct hci_cp_setup_sync_conn *cp;
2207 struct hci_conn *acl, *sco;
2208 __u16 handle;
2209
9f1db00c 2210 BT_DBG("%s status 0x%2.2x", hdev->name, status);
b6a0dc82
MH		 2211
2212 if (!status)
2213 return;
2214
2215 cp = hci_sent_cmd_data(hdev, HCI_OP_SETUP_SYNC_CONN);
2216 if (!cp)
2217 return;
2218
2219 handle = __le16_to_cpu(cp->handle);
2220
9f1db00c 2221 BT_DBG("%s handle 0x%4.4x", hdev->name, handle);
b6a0dc82
MH		 2222
2223 hci_dev_lock(hdev);
2224
2225 acl = hci_conn_hash_lookup_handle(hdev, handle);
5a08ecce
AE		 2226 if (acl) {
2227 sco = acl->link;
2228 if (sco) {
2229 sco->state = BT_CLOSED;
b6a0dc82 2230
539c496d 2231 hci_connect_cfm(sco, status);
5a08ecce
AE		 2232 hci_conn_del(sco);
2233 }
b6a0dc82
MH		 2234 }
2235
2236 hci_dev_unlock(hdev);
1da177e4
LT		 2237}
2238
a9de9248 2239static void hci_cs_sniff_mode(struct hci_dev *hdev, __u8 status)
1da177e4 2240{
a9de9248
MH		 2241 struct hci_cp_sniff_mode *cp;
2242 struct hci_conn *conn;
1da177e4 2243
9f1db00c 2244 BT_DBG("%s status 0x%2.2x", hdev->name, status);
04837f64 2245
a9de9248
MH		 2246 if (!status)
2247 return;
04837f64 2248
a9de9248
MH		 2249 cp = hci_sent_cmd_data(hdev, HCI_OP_SNIFF_MODE);
2250 if (!cp)
2251 return;
04837f64 2252
a9de9248 2253 hci_dev_lock(hdev);
04837f64 2254
a9de9248 2255 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
e73439d8 2256 if (conn) {
51a8efd7 2257 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags);
04837f64 2258
51a8efd7 2259 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
e73439d8
MH		 2260 hci_sco_setup(conn, status);
2261 }
2262
a9de9248
MH		 2263 hci_dev_unlock(hdev);
2264}
04837f64 2265
a9de9248
MH		 2266static void hci_cs_exit_sniff_mode(struct hci_dev *hdev, __u8 status)
2267{
2268 struct hci_cp_exit_sniff_mode *cp;
2269 struct hci_conn *conn;
04837f64 2270
9f1db00c 2271 BT_DBG("%s status 0x%2.2x", hdev->name, status);
04837f64 2272
a9de9248
MH		 2273 if (!status)
2274 return;
04837f64 2275
a9de9248
MH		 2276 cp = hci_sent_cmd_data(hdev, HCI_OP_EXIT_SNIFF_MODE);
2277 if (!cp)
2278 return;
04837f64 2279
a9de9248 2280 hci_dev_lock(hdev);
1da177e4 2281
a9de9248 2282 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
e73439d8 2283 if (conn) {
51a8efd7 2284 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags);
1da177e4 2285
51a8efd7 2286 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
e73439d8
MH		 2287 hci_sco_setup(conn, status);
2288 }
2289
a9de9248 2290 hci_dev_unlock(hdev);
1da177e4
LT		 2291}
2292
88c3df13
JH		 2293static void hci_cs_disconnect(struct hci_dev *hdev, u8 status)
2294{
2295 struct hci_cp_disconnect *cp;
2296 struct hci_conn *conn;
2297
2298 if (!status)
2299 return;
2300
2301 cp = hci_sent_cmd_data(hdev, HCI_OP_DISCONNECT);
2302 if (!cp)
2303 return;
2304
2305 hci_dev_lock(hdev);
2306
2307 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
b8d29052
JH		 2308 if (conn) {
2309 u8 type = conn->type;
2310
88c3df13 2311 mgmt_disconnect_failed(hdev, &conn->dst, conn->type,
04124681 2312 conn->dst_type, status);
88c3df13 2313
b8d29052
JH		 2314 /* If the disconnection failed for any reason, the upper layer
2315 * does not retry to disconnect in current implementation.
2316 * Hence, we need to do some basic cleanup here and re-enable
2317 * advertising if necessary.
2318 */
2319 hci_conn_del(conn);
2320 if (type == LE_LINK)
2321 hci_req_reenable_advertising(hdev);
2322 }
2323
88c3df13
JH		 2324 hci_dev_unlock(hdev);
2325}
2326
d12fb056
JK		 2327static void cs_le_create_conn(struct hci_dev *hdev, bdaddr_t *peer_addr,
2328 u8 peer_addr_type, u8 own_address_type,
2329 u8 filter_policy)
cb1d68f7 2330{
cb1d68f7
JH		 2331 struct hci_conn *conn;
2332
d12fb056
JK		 2333 conn = hci_conn_hash_lookup_le(hdev, peer_addr,
2334 peer_addr_type);
cb1d68f7 2335 if (!conn)
d12fb056 2336 return;
cb1d68f7 2337
b31bc00b
SN		 2338 /* When using controller based address resolution, then the new
2339 * address types 0x02 and 0x03 are used. These types need to be
2340 * converted back into either public address or random address type
2341 */
2342 if (use_ll_privacy(hdev) &&
2343 hci_dev_test_flag(hdev, HCI_LL_RPA_RESOLUTION)) {
2344 switch (own_address_type) {
2345 case ADDR_LE_DEV_PUBLIC_RESOLVED:
2346 own_address_type = ADDR_LE_DEV_PUBLIC;
2347 break;
2348 case ADDR_LE_DEV_RANDOM_RESOLVED:
2349 own_address_type = ADDR_LE_DEV_RANDOM;
2350 break;
2351 }
2352 }
2353
cb1d68f7
JH		 2354 /* Store the initiator and responder address information which
2355 * is needed for SMP. These values will not change during the
2356 * lifetime of the connection.
2357 */
d12fb056
JK		 2358 conn->init_addr_type = own_address_type;
2359 if (own_address_type == ADDR_LE_DEV_RANDOM)
cb1d68f7
JH		 2360 bacpy(&conn->init_addr, &hdev->random_addr);
2361 else
2362 bacpy(&conn->init_addr, &hdev->bdaddr);
2363
d12fb056
JK		 2364 conn->resp_addr_type = peer_addr_type;
2365 bacpy(&conn->resp_addr, peer_addr);
cb1d68f7 2366
9489eca4
JH		 2367 /* We don't want the connection attempt to stick around
2368 * indefinitely since LE doesn't have a page timeout concept
2369 * like BR/EDR. Set a timer for any connection that doesn't use
2370 * the white list for connecting.
2371 */
d12fb056 2372 if (filter_policy == HCI_LE_USE_PEER_ADDR)
9489eca4
JH		 2373 queue_delayed_work(conn->hdev->workqueue,
2374 &conn->le_conn_timeout,
09ae260b 2375 conn->conn_timeout);
d12fb056
JK		 2376}
2377
2378static void hci_cs_le_create_conn(struct hci_dev *hdev, u8 status)
2379{
2380 struct hci_cp_le_create_conn *cp;
2381
2382 BT_DBG("%s status 0x%2.2x", hdev->name, status);
2383
2384 /* All connection failure handling is taken care of by the
2385 * hci_le_conn_failed function which is triggered by the HCI
2386 * request completion callbacks used for connecting.
2387 */
2388 if (status)
2389 return;
2390
2391 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_CREATE_CONN);
2392 if (!cp)
2393 return;
2394
2395 hci_dev_lock(hdev);
2396
2397 cs_le_create_conn(hdev, &cp->peer_addr, cp->peer_addr_type,
2398 cp->own_address_type, cp->filter_policy);
9489eca4 2399
cb1d68f7
JH		 2400 hci_dev_unlock(hdev);
2401}
2402
4d94f95d
JK		 2403static void hci_cs_le_ext_create_conn(struct hci_dev *hdev, u8 status)
2404{
2405 struct hci_cp_le_ext_create_conn *cp;
2406
2407 BT_DBG("%s status 0x%2.2x", hdev->name, status);
2408
2409 /* All connection failure handling is taken care of by the
2410 * hci_le_conn_failed function which is triggered by the HCI
2411 * request completion callbacks used for connecting.
2412 */
2413 if (status)
2414 return;
2415
2416 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_EXT_CREATE_CONN);
2417 if (!cp)
2418 return;
2419
2420 hci_dev_lock(hdev);
2421
2422 cs_le_create_conn(hdev, &cp->peer_addr, cp->peer_addr_type,
2423 cp->own_addr_type, cp->filter_policy);
2424
2425 hci_dev_unlock(hdev);
2426}
2427
0fe29fd1
MH		 2428static void hci_cs_le_read_remote_features(struct hci_dev *hdev, u8 status)
2429{
2430 struct hci_cp_le_read_remote_features *cp;
2431 struct hci_conn *conn;
2432
2433 BT_DBG("%s status 0x%2.2x", hdev->name, status);
2434
2435 if (!status)
2436 return;
2437
2438 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_READ_REMOTE_FEATURES);
2439 if (!cp)
2440 return;
2441
2442 hci_dev_lock(hdev);
2443
2444 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
2445 if (conn) {
2446 if (conn->state == BT_CONFIG) {
2447 hci_connect_cfm(conn, status);
2448 hci_conn_drop(conn);
2449 }
2450 }
2451
2452 hci_dev_unlock(hdev);
2453}
2454
81d0c8ad
JH		 2455static void hci_cs_le_start_enc(struct hci_dev *hdev, u8 status)
2456{
2457 struct hci_cp_le_start_enc *cp;
2458 struct hci_conn *conn;
2459
2460 BT_DBG("%s status 0x%2.2x", hdev->name, status);
2461
2462 if (!status)
2463 return;
2464
2465 hci_dev_lock(hdev);
2466
2467 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_START_ENC);
2468 if (!cp)
2469 goto unlock;
2470
2471 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
2472 if (!conn)
2473 goto unlock;
2474
2475 if (conn->state != BT_CONNECTED)
2476 goto unlock;
2477
2478 hci_disconnect(conn, HCI_ERROR_AUTH_FAILURE);
2479 hci_conn_drop(conn);
2480
2481unlock:
2482 hci_dev_unlock(hdev);
2483}
2484
50fc85f1
KP		 2485static void hci_cs_switch_role(struct hci_dev *hdev, u8 status)
2486{
2487 struct hci_cp_switch_role *cp;
2488 struct hci_conn *conn;
2489
2490 BT_DBG("%s status 0x%2.2x", hdev->name, status);
2491
2492 if (!status)
2493 return;
2494
2495 cp = hci_sent_cmd_data(hdev, HCI_OP_SWITCH_ROLE);
2496 if (!cp)
2497 return;
2498
2499 hci_dev_lock(hdev);
2500
2501 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
2502 if (conn)
2503 clear_bit(HCI_CONN_RSWITCH_PEND, &conn->flags);
2504
2505 hci_dev_unlock(hdev);
2506}
2507
6039aa73 2508static void hci_inquiry_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4
LT		 2509{
2510 __u8 status = *((__u8 *) skb->data);
30dc78e1
JH		 2511 struct discovery_state *discov = &hdev->discovery;
2512 struct inquiry_entry *e;
1da177e4 2513
9f1db00c 2514 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1da177e4 2515
a9de9248 2516 hci_conn_check_pending(hdev);
89352e7d
AG		 2517
2518 if (!test_and_clear_bit(HCI_INQUIRY, &hdev->flags))
2519 return;
2520
4e857c58 2521 smp_mb__after_atomic(); /* wake_up_bit advises about this barrier */
3e13fa1e
AG		 2522 wake_up_bit(&hdev->flags, HCI_INQUIRY);
2523
d7a5a11d 2524 if (!hci_dev_test_flag(hdev, HCI_MGMT))
30dc78e1
JH		 2525 return;
2526
56e5cb86 2527 hci_dev_lock(hdev);
30dc78e1 2528
343f935b 2529 if (discov->state != DISCOVERY_FINDING)
30dc78e1
JH		 2530 goto unlock;
2531
2532 if (list_empty(&discov->resolve)) {
07d2334a
JP		 2533 /* When BR/EDR inquiry is active and no LE scanning is in
2534 * progress, then change discovery state to indicate completion.
2535 *
2536 * When running LE scanning and BR/EDR inquiry simultaneously
2537 * and the LE scan already finished, then change the discovery
2538 * state to indicate completion.
2539 */
2540 if (!hci_dev_test_flag(hdev, HCI_LE_SCAN) ||
2541 !test_bit(HCI_QUIRK_SIMULTANEOUS_DISCOVERY, &hdev->quirks))
2542 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
30dc78e1
JH		 2543 goto unlock;
2544 }
2545
2546 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_NEEDED);
2547 if (e && hci_resolve_name(hdev, e) == 0) {
2548 e->name_state = NAME_PENDING;
2549 hci_discovery_set_state(hdev, DISCOVERY_RESOLVING);
2550 } else {
07d2334a
JP		 2551 /* When BR/EDR inquiry is active and no LE scanning is in
2552 * progress, then change discovery state to indicate completion.
2553 *
2554 * When running LE scanning and BR/EDR inquiry simultaneously
2555 * and the LE scan already finished, then change the discovery
2556 * state to indicate completion.
2557 */
2558 if (!hci_dev_test_flag(hdev, HCI_LE_SCAN) ||
2559 !test_bit(HCI_QUIRK_SIMULTANEOUS_DISCOVERY, &hdev->quirks))
2560 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
30dc78e1
JH		 2561 }
2562
2563unlock:
56e5cb86 2564 hci_dev_unlock(hdev);
1da177e4
LT		 2565}
2566
6039aa73 2567static void hci_inquiry_result_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 2568{
45bb4bf0 2569 struct inquiry_data data;
a9de9248 2570 struct inquiry_info *info = (void *) (skb->data + 1);
1da177e4
LT		 2571 int num_rsp = *((__u8 *) skb->data);
2572
2573 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
2574
75bbd2ea 2575 if (!num_rsp || skb->len < num_rsp * sizeof(*info) + 1)
45bb4bf0
MH		 2576 return;
2577
d7a5a11d 2578 if (hci_dev_test_flag(hdev, HCI_PERIODIC_INQ))
1519cc17
AG		 2579 return;
2580
1da177e4 2581 hci_dev_lock(hdev);
45bb4bf0 2582
e17acd40 2583 for (; num_rsp; num_rsp--, info++) {
af58925c 2584 u32 flags;
3175405b 2585
1da177e4
LT		 2586 bacpy(&data.bdaddr, &info->bdaddr);
2587 data.pscan_rep_mode = info->pscan_rep_mode;
2588 data.pscan_period_mode = info->pscan_period_mode;
2589 data.pscan_mode = info->pscan_mode;
2590 memcpy(data.dev_class, info->dev_class, 3);
2591 data.clock_offset = info->clock_offset;
efb2513f 2592 data.rssi = HCI_RSSI_INVALID;
41a96212 2593 data.ssp_mode = 0x00;
3175405b 2594
af58925c
MH		 2595 flags = hci_inquiry_cache_update(hdev, &data, false);
2596
48264f06 2597 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
efb2513f
MH		 2598 info->dev_class, HCI_RSSI_INVALID,
2599 flags, NULL, 0, NULL, 0);
1da177e4 2600 }
45bb4bf0 2601
1da177e4
LT		 2602 hci_dev_unlock(hdev);
2603}
2604
6039aa73 2605static void hci_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 2606{
a9de9248
MH		 2607 struct hci_ev_conn_complete *ev = (void *) skb->data;
2608 struct hci_conn *conn;
1da177e4
LT		 2609
2610 BT_DBG("%s", hdev->name);
2611
2612 hci_dev_lock(hdev);
2613
2614 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
9499237a 2615 if (!conn) {
a46b7ed4
SS		 2616 /* Connection may not exist if auto-connected. Check the bredr
2617 * allowlist to see if this device is allowed to auto connect.
2618 * If link is an ACL type, create a connection class
4f40afc6 2619 * automatically.
a46b7ed4
SS		 2620 *
2621 * Auto-connect will only occur if the event filter is
2622 * programmed with a given address. Right now, event filter is
2623 * only used during suspend.
4f40afc6 2624 */
a46b7ed4
SS		 2625 if (ev->link_type == ACL_LINK &&
2626 hci_bdaddr_list_lookup_with_flags(&hdev->whitelist,
2627 &ev->bdaddr,
2628 BDADDR_BREDR)) {
4f40afc6
APS		 2629 conn = hci_conn_add(hdev, ev->link_type, &ev->bdaddr,
2630 HCI_ROLE_SLAVE);
2631 if (!conn) {
2632 bt_dev_err(hdev, "no memory for new conn");
2633 goto unlock;
2634 }
2d186fcd
APS		 2635 } else {
2636 if (ev->link_type != SCO_LINK)
2637 goto unlock;
9499237a 2638
2d186fcd
APS		 2639 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK,
2640 &ev->bdaddr);
2641 if (!conn)
2642 goto unlock;
9499237a 2643
2d186fcd
APS		 2644 conn->type = SCO_LINK;
2645 }
9499237a 2646 }
1da177e4
LT		 2647
2648 if (!ev->status) {
2649 conn->handle = __le16_to_cpu(ev->handle);
769be974
MH		 2650
2651 if (conn->type == ACL_LINK) {
2652 conn->state = BT_CONFIG;
2653 hci_conn_hold(conn);
a9ea3ed9
SJ		 2654
2655 if (!conn->out && !hci_conn_ssp_enabled(conn) &&
2656 !hci_find_link_key(hdev, &ev->bdaddr))
2657 conn->disc_timeout = HCI_PAIRING_TIMEOUT;
2658 else
2659 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
769be974
MH		 2660 } else
2661 conn->state = BT_CONNECTED;
1da177e4 2662
23b9ceb7 2663 hci_debugfs_create_conn(conn);
7d0db0a3
MH		 2664 hci_conn_add_sysfs(conn);
2665
1da177e4 2666 if (test_bit(HCI_AUTH, &hdev->flags))
4dae2798 2667 set_bit(HCI_CONN_AUTH, &conn->flags);
1da177e4
LT		 2668
2669 if (test_bit(HCI_ENCRYPT, &hdev->flags))
4dae2798 2670 set_bit(HCI_CONN_ENCRYPT, &conn->flags);
1da177e4 2671
04837f64
MH		 2672 /* Get remote features */
2673 if (conn->type == ACL_LINK) {
2674 struct hci_cp_read_remote_features cp;
2675 cp.handle = ev->handle;
769be974 2676 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_FEATURES,
04124681 2677 sizeof(cp), &cp);
22f433dc 2678
01b1cb87 2679 hci_req_update_scan(hdev);
04837f64
MH		 2680 }
2681
1da177e4 2682 /* Set packet type for incoming connection */
d095c1eb 2683 if (!conn->out && hdev->hci_ver < BLUETOOTH_VER_2_0) {
1da177e4
LT		 2684 struct hci_cp_change_conn_ptype cp;
2685 cp.handle = ev->handle;
a8746417 2686 cp.pkt_type = cpu_to_le16(conn->pkt_type);
04124681
GP		 2687 hci_send_cmd(hdev, HCI_OP_CHANGE_CONN_PTYPE, sizeof(cp),
2688 &cp);
1da177e4 2689 }
17d5c04c 2690 } else {
1da177e4 2691 conn->state = BT_CLOSED;
17d5c04c 2692 if (conn->type == ACL_LINK)
64c7b77c 2693 mgmt_connect_failed(hdev, &conn->dst, conn->type,
04124681 2694 conn->dst_type, ev->status);
17d5c04c 2695 }
1da177e4 2696
e73439d8
MH		 2697 if (conn->type == ACL_LINK)
2698 hci_sco_setup(conn, ev->status);
1da177e4 2699
769be974 2700 if (ev->status) {
539c496d 2701 hci_connect_cfm(conn, ev->status);
1da177e4 2702 hci_conn_del(conn);
1f8330ea
SN		 2703 } else if (ev->link_type == SCO_LINK) {
2704 switch (conn->setting & SCO_AIRMODE_MASK) {
2705 case SCO_AIRMODE_CVSD:
2706 if (hdev->notify)
2707 hdev->notify(hdev, HCI_NOTIFY_ENABLE_SCO_CVSD);
2708 break;
2709 }
2710
539c496d 2711 hci_connect_cfm(conn, ev->status);
1f8330ea 2712 }
1da177e4 2713
a9de9248 2714unlock:
1da177e4 2715 hci_dev_unlock(hdev);
1da177e4 2716
a9de9248 2717 hci_conn_check_pending(hdev);
1da177e4
LT		 2718}
2719
70c46425
JH		 2720static void hci_reject_conn(struct hci_dev *hdev, bdaddr_t *bdaddr)
2721{
2722 struct hci_cp_reject_conn_req cp;
2723
2724 bacpy(&cp.bdaddr, bdaddr);
2725 cp.reason = HCI_ERROR_REJ_BAD_ADDR;
2726 hci_send_cmd(hdev, HCI_OP_REJECT_CONN_REQ, sizeof(cp), &cp);
2727}
2728
6039aa73 2729static void hci_conn_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 2730{
a9de9248
MH		 2731 struct hci_ev_conn_request *ev = (void *) skb->data;
2732 int mask = hdev->link_mode;
70c46425
JH		 2733 struct inquiry_entry *ie;
2734 struct hci_conn *conn;
20714bfe 2735 __u8 flags = 0;
1da177e4 2736
6ed93dc6 2737 BT_DBG("%s bdaddr %pMR type 0x%x", hdev->name, &ev->bdaddr,
807deac2 2738 ev->link_type);
1da177e4 2739
20714bfe
FD		 2740 mask |= hci_proto_connect_ind(hdev, &ev->bdaddr, ev->link_type,
2741 &flags);
1da177e4 2742
70c46425
JH		 2743 if (!(mask & HCI_LM_ACCEPT)) {
2744 hci_reject_conn(hdev, &ev->bdaddr);
2745 return;
2746 }
2747
46c4c941
JH		 2748 if (hci_bdaddr_list_lookup(&hdev->blacklist, &ev->bdaddr,
2749 BDADDR_BREDR)) {
2750 hci_reject_conn(hdev, &ev->bdaddr);
2751 return;
2752 }
2753
6a8fc95c
JH		 2754 /* Require HCI_CONNECTABLE or a whitelist entry to accept the
2755 * connection. These features are only touched through mgmt so
2756 * only do the checks if HCI_MGMT is set.
2757 */
d7a5a11d
MH		 2758 if (hci_dev_test_flag(hdev, HCI_MGMT) &&
2759 !hci_dev_test_flag(hdev, HCI_CONNECTABLE) &&
8baaa403
APS		 2760 !hci_bdaddr_list_lookup_with_flags(&hdev->whitelist, &ev->bdaddr,
2761 BDADDR_BREDR)) {
2762 hci_reject_conn(hdev, &ev->bdaddr);
2763 return;
70c46425 2764 }
1da177e4 2765
70c46425 2766 /* Connection accepted */
b6a0dc82 2767
70c46425
JH		 2768 hci_dev_lock(hdev);
2769
2770 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
2771 if (ie)
2772 memcpy(ie->data.dev_class, ev->dev_class, 3);
c7bdd502 2773
70c46425
JH		 2774 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type,
2775 &ev->bdaddr);
2776 if (!conn) {
a5c4e309
JH		 2777 conn = hci_conn_add(hdev, ev->link_type, &ev->bdaddr,
2778 HCI_ROLE_SLAVE);
a9de9248 2779 if (!conn) {
2064ee33 2780 bt_dev_err(hdev, "no memory for new connection");
70c46425
JH		 2781 hci_dev_unlock(hdev);
2782 return;
1da177e4 2783 }
70c46425 2784 }
b6a0dc82 2785
70c46425 2786 memcpy(conn->dev_class, ev->dev_class, 3);
b6a0dc82 2787
70c46425 2788 hci_dev_unlock(hdev);
1da177e4 2789
70c46425
JH		 2790 if (ev->link_type == ACL_LINK ||
2791 (!(flags & HCI_PROTO_DEFER) && !lmp_esco_capable(hdev))) {
2792 struct hci_cp_accept_conn_req cp;
2793 conn->state = BT_CONNECT;
1da177e4 2794
70c46425 2795 bacpy(&cp.bdaddr, &ev->bdaddr);
b6a0dc82 2796
70c46425
JH		 2797 if (lmp_rswitch_capable(hdev) && (mask & HCI_LM_MASTER))
2798 cp.role = 0x00; /* Become master */
2799 else
2800 cp.role = 0x01; /* Remain slave */
b6a0dc82 2801
70c46425
JH		 2802 hci_send_cmd(hdev, HCI_OP_ACCEPT_CONN_REQ, sizeof(cp), &cp);
2803 } else if (!(flags & HCI_PROTO_DEFER)) {
2804 struct hci_cp_accept_sync_conn_req cp;
2805 conn->state = BT_CONNECT;
b6a0dc82 2806
70c46425
JH		 2807 bacpy(&cp.bdaddr, &ev->bdaddr);
2808 cp.pkt_type = cpu_to_le16(conn->pkt_type);
b6a0dc82 2809
70c46425
JH		 2810 cp.tx_bandwidth = cpu_to_le32(0x00001f40);
2811 cp.rx_bandwidth = cpu_to_le32(0x00001f40);
2812 cp.max_latency = cpu_to_le16(0xffff);
2813 cp.content_format = cpu_to_le16(hdev->voice_setting);
2814 cp.retrans_effort = 0xff;
1da177e4 2815
70c46425
JH		 2816 hci_send_cmd(hdev, HCI_OP_ACCEPT_SYNC_CONN_REQ, sizeof(cp),
2817 &cp);
a9de9248 2818 } else {
70c46425 2819 conn->state = BT_CONNECT2;
539c496d 2820 hci_connect_cfm(conn, 0);
1da177e4 2821 }
1da177e4
LT		 2822}
2823
f0d6a0ea
MA		 2824static u8 hci_to_mgmt_reason(u8 err)
2825{
2826 switch (err) {
2827 case HCI_ERROR_CONNECTION_TIMEOUT:
2828 return MGMT_DEV_DISCONN_TIMEOUT;
2829 case HCI_ERROR_REMOTE_USER_TERM:
2830 case HCI_ERROR_REMOTE_LOW_RESOURCES:
2831 case HCI_ERROR_REMOTE_POWER_OFF:
2832 return MGMT_DEV_DISCONN_REMOTE;
2833 case HCI_ERROR_LOCAL_HOST_TERM:
2834 return MGMT_DEV_DISCONN_LOCAL_HOST;
2835 default:
2836 return MGMT_DEV_DISCONN_UNKNOWN;
2837 }
2838}
2839
6039aa73 2840static void hci_disconn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
04837f64 2841{
a9de9248 2842 struct hci_ev_disconn_complete *ev = (void *) skb->data;
160b9251 2843 u8 reason;
9fcb18ef 2844 struct hci_conn_params *params;
04837f64 2845 struct hci_conn *conn;
12d4a3b2 2846 bool mgmt_connected;
3846220b 2847 u8 type;
04837f64 2848
9f1db00c 2849 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
04837f64
MH		 2850
2851 hci_dev_lock(hdev);
2852
2853 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
f7520543
JH		 2854 if (!conn)
2855 goto unlock;
7d0db0a3 2856
abf54a50
AG		 2857 if (ev->status) {
2858 mgmt_disconnect_failed(hdev, &conn->dst, conn->type,
2859 conn->dst_type, ev->status);
2860 goto unlock;
37d9ef76 2861 }
f7520543 2862
3846220b
AG		 2863 conn->state = BT_CLOSED;
2864
12d4a3b2 2865 mgmt_connected = test_and_clear_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags);
160b9251
SJ		 2866
2867 if (test_bit(HCI_CONN_AUTH_FAILURE, &conn->flags))
2868 reason = MGMT_DEV_DISCONN_AUTH_FAILURE;
2869 else
2870 reason = hci_to_mgmt_reason(ev->reason);
2871
12d4a3b2
JH		 2872 mgmt_device_disconnected(hdev, &conn->dst, conn->type, conn->dst_type,
2873 reason, mgmt_connected);
abf54a50 2874
22f433dc
JH		 2875 if (conn->type == ACL_LINK) {
2876 if (test_bit(HCI_CONN_FLUSH_KEY, &conn->flags))
2877 hci_remove_link_key(hdev, &conn->dst);
2878
01b1cb87 2879 hci_req_update_scan(hdev);
22f433dc 2880 }
2210246c 2881
9fcb18ef
AG		 2882 params = hci_conn_params_lookup(hdev, &conn->dst, conn->dst_type);
2883 if (params) {
2884 switch (params->auto_connect) {
2885 case HCI_AUTO_CONN_LINK_LOSS:
2886 if (ev->reason != HCI_ERROR_CONNECTION_TIMEOUT)
2887 break;
19186c7b 2888 fallthrough;
9fcb18ef 2889
4b9e7e75 2890 case HCI_AUTO_CONN_DIRECT:
9fcb18ef 2891 case HCI_AUTO_CONN_ALWAYS:
418025d1
JH		 2892 list_del_init(&params->action);
2893 list_add(&params->action, &hdev->pend_le_conns);
2894 hci_update_background_scan(hdev);
9fcb18ef
AG		 2895 break;
2896
2897 default:
2898 break;
2899 }
2900 }
2901
3846220b 2902 type = conn->type;
2210246c 2903
3a6d576b 2904 hci_disconn_cfm(conn, ev->reason);
3846220b
AG		 2905 hci_conn_del(conn);
2906
4f40afc6
APS		 2907 /* The suspend notifier is waiting for all devices to disconnect so
2908 * clear the bit from pending tasks and inform the wait queue.
2909 */
2910 if (list_empty(&hdev->conn_hash.list) &&
2911 test_and_clear_bit(SUSPEND_DISCONNECTING, hdev->suspend_tasks)) {
2912 wake_up(&hdev->suspend_wait_q);
2913 }
2914
3846220b
AG		 2915 /* Re-enable advertising if necessary, since it might
2916 * have been disabled by the connection. From the
2917 * HCI_LE_Set_Advertise_Enable command description in
2918 * the core specification (v4.0):
2919 * "The Controller shall continue advertising until the Host
2920 * issues an LE_Set_Advertise_Enable command with
2921 * Advertising_Enable set to 0x00 (Advertising is disabled)
2922 * or until a connection is created or until the Advertising
2923 * is timed out due to Directed Advertising."
2924 */
2925 if (type == LE_LINK)
f2252570 2926 hci_req_reenable_advertising(hdev);
f7520543
JH		 2927
2928unlock:
04837f64
MH		 2929 hci_dev_unlock(hdev);
2930}
2931
6039aa73 2932static void hci_auth_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 2933{
a9de9248 2934 struct hci_ev_auth_complete *ev = (void *) skb->data;
04837f64 2935 struct hci_conn *conn;
1da177e4 2936
9f1db00c 2937 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
1da177e4
LT		 2938
2939 hci_dev_lock(hdev);
2940
04837f64 2941 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
d7556e20
WR		 2942 if (!conn)
2943 goto unlock;
2944
2945 if (!ev->status) {
160b9251
SJ		 2946 clear_bit(HCI_CONN_AUTH_FAILURE, &conn->flags);
2947
aa64a8b5 2948 if (!hci_conn_ssp_enabled(conn) &&
807deac2 2949 test_bit(HCI_CONN_REAUTH_PEND, &conn->flags)) {
2064ee33 2950 bt_dev_info(hdev, "re-auth of legacy device is not possible.");
2a611692 2951 } else {
4dae2798 2952 set_bit(HCI_CONN_AUTH, &conn->flags);
d7556e20 2953 conn->sec_level = conn->pending_sec_level;
2a611692 2954 }
d7556e20 2955 } else {
160b9251
SJ		 2956 if (ev->status == HCI_ERROR_PIN_OR_KEY_MISSING)
2957 set_bit(HCI_CONN_AUTH_FAILURE, &conn->flags);
2958
e1e930f5 2959 mgmt_auth_failed(conn, ev->status);
d7556e20 2960 }
1da177e4 2961
51a8efd7
JH		 2962 clear_bit(HCI_CONN_AUTH_PEND, &conn->flags);
2963 clear_bit(HCI_CONN_REAUTH_PEND, &conn->flags);
1da177e4 2964
d7556e20 2965 if (conn->state == BT_CONFIG) {
aa64a8b5 2966 if (!ev->status && hci_conn_ssp_enabled(conn)) {
d7556e20
WR		 2967 struct hci_cp_set_conn_encrypt cp;
2968 cp.handle = ev->handle;
2969 cp.encrypt = 0x01;
2970 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
807deac2 2971 &cp);
052b30b0 2972 } else {
d7556e20 2973 conn->state = BT_CONNECTED;
539c496d 2974 hci_connect_cfm(conn, ev->status);
76a68ba0 2975 hci_conn_drop(conn);
052b30b0 2976 }
d7556e20
WR		 2977 } else {
2978 hci_auth_cfm(conn, ev->status);
052b30b0 2979
d7556e20
WR		 2980 hci_conn_hold(conn);
2981 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
76a68ba0 2982 hci_conn_drop(conn);
d7556e20
WR		 2983 }
2984
51a8efd7 2985 if (test_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags)) {
d7556e20
WR		 2986 if (!ev->status) {
2987 struct hci_cp_set_conn_encrypt cp;
2988 cp.handle = ev->handle;
2989 cp.encrypt = 0x01;
2990 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
807deac2 2991 &cp);
d7556e20 2992 } else {
51a8efd7 2993 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
3ca44c16 2994 hci_encrypt_cfm(conn, ev->status);
1da177e4
LT		 2995 }
2996 }
2997
d7556e20 2998unlock:
1da177e4
LT		 2999 hci_dev_unlock(hdev);
3000}
3001
6039aa73 3002static void hci_remote_name_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 3003{
127178d2
JH		 3004 struct hci_ev_remote_name *ev = (void *) skb->data;
3005 struct hci_conn *conn;
3006
a9de9248 3007 BT_DBG("%s", hdev->name);
1da177e4 3008
a9de9248 3009 hci_conn_check_pending(hdev);
127178d2
JH		 3010
3011 hci_dev_lock(hdev);
3012
b644ba33 3013 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
30dc78e1 3014
d7a5a11d 3015 if (!hci_dev_test_flag(hdev, HCI_MGMT))
b644ba33 3016 goto check_auth;
a88a9652 3017
b644ba33
JH		 3018 if (ev->status == 0)
3019 hci_check_pending_name(hdev, conn, &ev->bdaddr, ev->name,
04124681 3020 strnlen(ev->name, HCI_MAX_NAME_LENGTH));
b644ba33
JH		 3021 else
3022 hci_check_pending_name(hdev, conn, &ev->bdaddr, NULL, 0);
3023
3024check_auth:
79c6c70c
JH		 3025 if (!conn)
3026 goto unlock;
3027
3028 if (!hci_outgoing_auth_needed(hdev, conn))
3029 goto unlock;
3030
51a8efd7 3031 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
127178d2 3032 struct hci_cp_auth_requested cp;
977f8fce
JH		 3033
3034 set_bit(HCI_CONN_AUTH_INITIATOR, &conn->flags);
3035
127178d2
JH		 3036 cp.handle = __cpu_to_le16(conn->handle);
3037 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp);
3038 }
3039
79c6c70c 3040unlock:
127178d2 3041 hci_dev_unlock(hdev);
a9de9248
MH		 3042}
3043
821f3766
JH		 3044static void read_enc_key_size_complete(struct hci_dev *hdev, u8 status,
3045 u16 opcode, struct sk_buff *skb)
3046{
3047 const struct hci_rp_read_enc_key_size *rp;
3048 struct hci_conn *conn;
3049 u16 handle;
3050
3051 BT_DBG("%s status 0x%02x", hdev->name, status);
3052
3053 if (!skb || skb->len < sizeof(*rp)) {
2064ee33 3054 bt_dev_err(hdev, "invalid read key size response");
821f3766
JH		 3055 return;
3056 }
3057
3058 rp = (void *)skb->data;
3059 handle = le16_to_cpu(rp->handle);
3060
3061 hci_dev_lock(hdev);
3062
3063 conn = hci_conn_hash_lookup_handle(hdev, handle);
3064 if (!conn)
3065 goto unlock;
3066
32b50729
AM		 3067 /* While unexpected, the read_enc_key_size command may fail. The most
3068 * secure approach is to then assume the key size is 0 to force a
3069 * disconnection.
821f3766
JH		 3070 */
3071 if (rp->status) {
2064ee33
MH		 3072 bt_dev_err(hdev, "failed to read key size for handle %u",
3073 handle);
32b50729 3074 conn->enc_key_size = 0;
821f3766
JH		 3075 } else {
3076 conn->enc_key_size = rp->key_size;
3077 }
3078
3ca44c16 3079 hci_encrypt_cfm(conn, 0);
821f3766
JH		 3080
3081unlock:
3082 hci_dev_unlock(hdev);
3083}
3084
6039aa73 3085static void hci_encrypt_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248
MH		 3086{
3087 struct hci_ev_encrypt_change *ev = (void *) skb->data;
3088 struct hci_conn *conn;
3089
9f1db00c 3090 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
1da177e4
LT		 3091
3092 hci_dev_lock(hdev);
3093
04837f64 3094 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
dc8357cc
MH		 3095 if (!conn)
3096 goto unlock;
1da177e4 3097
dc8357cc
MH		 3098 if (!ev->status) {
3099 if (ev->encrypt) {
3100 /* Encryption implies authentication */
4dae2798
JH		 3101 set_bit(HCI_CONN_AUTH, &conn->flags);
3102 set_bit(HCI_CONN_ENCRYPT, &conn->flags);
dc8357cc 3103 conn->sec_level = conn->pending_sec_level;
abf76bad 3104
914a6ffe
MH		 3105 /* P-256 authentication key implies FIPS */
3106 if (conn->key_type == HCI_LK_AUTH_COMBINATION_P256)
4dae2798 3107 set_bit(HCI_CONN_FIPS, &conn->flags);
914a6ffe 3108
abf76bad
MH		 3109 if ((conn->type == ACL_LINK && ev->encrypt == 0x02) ||
3110 conn->type == LE_LINK)
3111 set_bit(HCI_CONN_AES_CCM, &conn->flags);
3112 } else {
4dae2798 3113 clear_bit(HCI_CONN_ENCRYPT, &conn->flags);
abf76bad
MH		 3114 clear_bit(HCI_CONN_AES_CCM, &conn->flags);
3115 }
dc8357cc 3116 }
a7d7723a 3117
7ed3fa20
JH		 3118 /* We should disregard the current RPA and generate a new one
3119 * whenever the encryption procedure fails.
3120 */
a73c046a 3121 if (ev->status && conn->type == LE_LINK) {
a1536da2 3122 hci_dev_set_flag(hdev, HCI_RPA_EXPIRED);
a73c046a
JK		 3123 hci_adv_instances_set_rpa_expired(hdev, true);
3124 }
7ed3fa20 3125
dc8357cc 3126 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
f8558555 3127
8746f135
LAD		 3128 /* Check link security requirements are met */
3129 if (!hci_conn_check_link_mode(conn))
3130 ev->status = HCI_ERROR_AUTH_FAILURE;
3131
dc8357cc 3132 if (ev->status && conn->state == BT_CONNECTED) {
160b9251
SJ		 3133 if (ev->status == HCI_ERROR_PIN_OR_KEY_MISSING)
3134 set_bit(HCI_CONN_AUTH_FAILURE, &conn->flags);
3135
8746f135
LAD		 3136 /* Notify upper layers so they can cleanup before
3137 * disconnecting.
3138 */
3139 hci_encrypt_cfm(conn, ev->status);
dc8357cc
MH		 3140 hci_disconnect(conn, HCI_ERROR_AUTH_FAILURE);
3141 hci_conn_drop(conn);
3142 goto unlock;
1da177e4
LT		 3143 }
3144
821f3766
JH		 3145 /* Try reading the encryption key size for encrypted ACL links */
3146 if (!ev->status && ev->encrypt && conn->type == ACL_LINK) {
3147 struct hci_cp_read_enc_key_size cp;
3148 struct hci_request req;
3149
3150 /* Only send HCI_Read_Encryption_Key_Size if the
3151 * controller really supports it. If it doesn't, assume
3152 * the default size (16).
3153 */
3154 if (!(hdev->commands[20] & 0x10)) {
3155 conn->enc_key_size = HCI_LINK_KEY_SIZE;
3156 goto notify;
3157 }
3158
3159 hci_req_init(&req, hdev);
3160
3161 cp.handle = cpu_to_le16(conn->handle);
3162 hci_req_add(&req, HCI_OP_READ_ENC_KEY_SIZE, sizeof(cp), &cp);
3163
3164 if (hci_req_run_skb(&req, read_enc_key_size_complete)) {
2064ee33 3165 bt_dev_err(hdev, "sending read key size failed");
821f3766
JH		 3166 conn->enc_key_size = HCI_LINK_KEY_SIZE;
3167 goto notify;
3168 }
3169
3170 goto unlock;
3171 }
3172
302975cb
SRK		 3173 /* Set the default Authenticated Payload Timeout after
3174 * an LE Link is established. As per Core Spec v5.0, Vol 2, Part B
3175 * Section 3.3, the HCI command WRITE_AUTH_PAYLOAD_TIMEOUT should be
3176 * sent when the link is active and Encryption is enabled, the conn
3177 * type can be either LE or ACL and controller must support LMP Ping.
3178 * Ensure for AES-CCM encryption as well.
3179 */
3180 if (test_bit(HCI_CONN_ENCRYPT, &conn->flags) &&
3181 test_bit(HCI_CONN_AES_CCM, &conn->flags) &&
3182 ((conn->type == ACL_LINK && lmp_ping_capable(hdev)) ||
3183 (conn->type == LE_LINK && (hdev->le_features[0] & HCI_LE_PING)))) {
3184 struct hci_cp_write_auth_payload_to cp;
3185
3186 cp.handle = cpu_to_le16(conn->handle);
3187 cp.timeout = cpu_to_le16(hdev->auth_payload_timeout);
3188 hci_send_cmd(conn->hdev, HCI_OP_WRITE_AUTH_PAYLOAD_TO,
3189 sizeof(cp), &cp);
3190 }
3191
821f3766 3192notify:
3ca44c16 3193 hci_encrypt_cfm(conn, ev->status);
dc8357cc 3194
a7d7723a 3195unlock:
1da177e4
LT		 3196 hci_dev_unlock(hdev);
3197}
3198
6039aa73
GP		 3199static void hci_change_link_key_complete_evt(struct hci_dev *hdev,
3200 struct sk_buff *skb)
1da177e4 3201{
a9de9248 3202 struct hci_ev_change_link_key_complete *ev = (void *) skb->data;
04837f64 3203 struct hci_conn *conn;
1da177e4 3204
9f1db00c 3205 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
1da177e4
LT		 3206
3207 hci_dev_lock(hdev);
3208
04837f64 3209 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1da177e4
LT		 3210 if (conn) {
3211 if (!ev->status)
4dae2798 3212 set_bit(HCI_CONN_SECURE, &conn->flags);
1da177e4 3213
51a8efd7 3214 clear_bit(HCI_CONN_AUTH_PEND, &conn->flags);
1da177e4
LT		 3215
3216 hci_key_change_cfm(conn, ev->status);
3217 }
3218
3219 hci_dev_unlock(hdev);
3220}
3221
6039aa73
GP		 3222static void hci_remote_features_evt(struct hci_dev *hdev,
3223 struct sk_buff *skb)
1da177e4 3224{
a9de9248
MH		 3225 struct hci_ev_remote_features *ev = (void *) skb->data;
3226 struct hci_conn *conn;
3227
9f1db00c 3228 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
a9de9248 3229
a9de9248
MH		 3230 hci_dev_lock(hdev);
3231
3232 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
ccd556fe
JH		 3233 if (!conn)
3234 goto unlock;
769be974 3235
ccd556fe 3236 if (!ev->status)
cad718ed 3237 memcpy(conn->features[0], ev->features, 8);
ccd556fe
JH		 3238
3239 if (conn->state != BT_CONFIG)
3240 goto unlock;
3241
ac363cf9
SJ		 3242 if (!ev->status && lmp_ext_feat_capable(hdev) &&
3243 lmp_ext_feat_capable(conn)) {
ccd556fe
JH		 3244 struct hci_cp_read_remote_ext_features cp;
3245 cp.handle = ev->handle;
3246 cp.page = 0x01;
3247 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES,
807deac2 3248 sizeof(cp), &cp);
392599b9
JH		 3249 goto unlock;
3250 }
3251
671267bf 3252 if (!ev->status && !test_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags)) {
127178d2
JH		 3253 struct hci_cp_remote_name_req cp;
3254 memset(&cp, 0, sizeof(cp));
3255 bacpy(&cp.bdaddr, &conn->dst);
3256 cp.pscan_rep_mode = 0x02;
3257 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
b644ba33 3258 } else if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
1c6ed31b 3259 mgmt_device_connected(hdev, conn, NULL, 0);
392599b9 3260
127178d2 3261 if (!hci_outgoing_auth_needed(hdev, conn)) {
ccd556fe 3262 conn->state = BT_CONNECTED;
539c496d 3263 hci_connect_cfm(conn, ev->status);
76a68ba0 3264 hci_conn_drop(conn);
769be974 3265 }
a9de9248 3266
ccd556fe 3267unlock:
a9de9248 3268 hci_dev_unlock(hdev);
1da177e4
LT		 3269}
3270
de75cd0d
MM		 3271static inline void handle_cmd_cnt_and_timer(struct hci_dev *hdev,
3272 u16 opcode, u8 ncmd)
3273{
3274 if (opcode != HCI_OP_NOP)
3275 cancel_delayed_work(&hdev->cmd_timer);
3276
3277 if (!test_bit(HCI_RESET, &hdev->flags)) {
3278 if (ncmd) {
3279 cancel_delayed_work(&hdev->ncmd_timer);
3280 atomic_set(&hdev->cmd_cnt, 1);
3281 } else {
3282 schedule_delayed_work(&hdev->ncmd_timer,
3283 HCI_NCMD_TIMEOUT);
3284 }
3285 }
3286}
3287
e6214487
JH		 3288static void hci_cmd_complete_evt(struct hci_dev *hdev, struct sk_buff *skb,
3289 u16 *opcode, u8 *status,
3290 hci_req_complete_t *req_complete,
3291 hci_req_complete_skb_t *req_complete_skb)
a9de9248
MH		 3292{
3293 struct hci_ev_cmd_complete *ev = (void *) skb->data;
a9de9248 3294
e6214487
JH		 3295 *opcode = __le16_to_cpu(ev->opcode);
3296 *status = skb->data[sizeof(*ev)];
a9de9248 3297
e6214487 3298 skb_pull(skb, sizeof(*ev));
a9de9248 3299
e6214487 3300 switch (*opcode) {
a9de9248 3301 case HCI_OP_INQUIRY_CANCEL:
adf1d692 3302 hci_cc_inquiry_cancel(hdev, skb, status);
a9de9248
MH		 3303 break;
3304
4d93483b
AG		 3305 case HCI_OP_PERIODIC_INQ:
3306 hci_cc_periodic_inq(hdev, skb);
3307 break;
3308
a9de9248
MH		 3309 case HCI_OP_EXIT_PERIODIC_INQ:
3310 hci_cc_exit_periodic_inq(hdev, skb);
3311 break;
3312
3313 case HCI_OP_REMOTE_NAME_REQ_CANCEL:
3314 hci_cc_remote_name_req_cancel(hdev, skb);
3315 break;
3316
3317 case HCI_OP_ROLE_DISCOVERY:
3318 hci_cc_role_discovery(hdev, skb);
3319 break;
3320
e4e8e37c
MH		 3321 case HCI_OP_READ_LINK_POLICY:
3322 hci_cc_read_link_policy(hdev, skb);
3323 break;
3324
a9de9248
MH		 3325 case HCI_OP_WRITE_LINK_POLICY:
3326 hci_cc_write_link_policy(hdev, skb);
3327 break;
3328
e4e8e37c
MH		 3329 case HCI_OP_READ_DEF_LINK_POLICY:
3330 hci_cc_read_def_link_policy(hdev, skb);
3331 break;
3332
3333 case HCI_OP_WRITE_DEF_LINK_POLICY:
3334 hci_cc_write_def_link_policy(hdev, skb);
3335 break;
3336
a9de9248
MH		 3337 case HCI_OP_RESET:
3338 hci_cc_reset(hdev, skb);
3339 break;
3340
c2f0f979
MH		 3341 case HCI_OP_READ_STORED_LINK_KEY:
3342 hci_cc_read_stored_link_key(hdev, skb);
3343 break;
3344
a9366120
MH		 3345 case HCI_OP_DELETE_STORED_LINK_KEY:
3346 hci_cc_delete_stored_link_key(hdev, skb);
3347 break;
3348
a9de9248
MH		 3349 case HCI_OP_WRITE_LOCAL_NAME:
3350 hci_cc_write_local_name(hdev, skb);
3351 break;
3352
3353 case HCI_OP_READ_LOCAL_NAME:
3354 hci_cc_read_local_name(hdev, skb);
3355 break;
3356
3357 case HCI_OP_WRITE_AUTH_ENABLE:
3358 hci_cc_write_auth_enable(hdev, skb);
3359 break;
3360
3361 case HCI_OP_WRITE_ENCRYPT_MODE:
3362 hci_cc_write_encrypt_mode(hdev, skb);
3363 break;
3364
3365 case HCI_OP_WRITE_SCAN_ENABLE:
3366 hci_cc_write_scan_enable(hdev, skb);
3367 break;
3368
e5b0ad69
APS		 3369 case HCI_OP_SET_EVENT_FLT:
3370 hci_cc_set_event_filter(hdev, skb);
3371 break;
3372
a9de9248
MH		 3373 case HCI_OP_READ_CLASS_OF_DEV:
3374 hci_cc_read_class_of_dev(hdev, skb);
3375 break;
3376
3377 case HCI_OP_WRITE_CLASS_OF_DEV:
3378 hci_cc_write_class_of_dev(hdev, skb);
3379 break;
3380
3381 case HCI_OP_READ_VOICE_SETTING:
3382 hci_cc_read_voice_setting(hdev, skb);
3383 break;
3384
3385 case HCI_OP_WRITE_VOICE_SETTING:
3386 hci_cc_write_voice_setting(hdev, skb);
3387 break;
3388
b4cb9fb2
MH		 3389 case HCI_OP_READ_NUM_SUPPORTED_IAC:
3390 hci_cc_read_num_supported_iac(hdev, skb);
3391 break;
3392
333140b5
MH		 3393 case HCI_OP_WRITE_SSP_MODE:
3394 hci_cc_write_ssp_mode(hdev, skb);
3395 break;
3396
eac83dc6
MH		 3397 case HCI_OP_WRITE_SC_SUPPORT:
3398 hci_cc_write_sc_support(hdev, skb);
3399 break;
3400
302975cb
SRK		 3401 case HCI_OP_READ_AUTH_PAYLOAD_TO:
3402 hci_cc_read_auth_payload_timeout(hdev, skb);
3403 break;
3404
3405 case HCI_OP_WRITE_AUTH_PAYLOAD_TO:
3406 hci_cc_write_auth_payload_timeout(hdev, skb);
3407 break;
3408
a9de9248
MH		 3409 case HCI_OP_READ_LOCAL_VERSION:
3410 hci_cc_read_local_version(hdev, skb);
3411 break;
3412
3413 case HCI_OP_READ_LOCAL_COMMANDS:
3414 hci_cc_read_local_commands(hdev, skb);
3415 break;
3416
3417 case HCI_OP_READ_LOCAL_FEATURES:
3418 hci_cc_read_local_features(hdev, skb);
3419 break;
3420
971e3a4b
AG		 3421 case HCI_OP_READ_LOCAL_EXT_FEATURES:
3422 hci_cc_read_local_ext_features(hdev, skb);
3423 break;
3424
a9de9248
MH		 3425 case HCI_OP_READ_BUFFER_SIZE:
3426 hci_cc_read_buffer_size(hdev, skb);
3427 break;
3428
3429 case HCI_OP_READ_BD_ADDR:
3430 hci_cc_read_bd_addr(hdev, skb);
3431 break;
3432
a4790360
MH		 3433 case HCI_OP_READ_LOCAL_PAIRING_OPTS:
3434 hci_cc_read_local_pairing_opts(hdev, skb);
3435 break;
3436
f332ec66
JH		 3437 case HCI_OP_READ_PAGE_SCAN_ACTIVITY:
3438 hci_cc_read_page_scan_activity(hdev, skb);
3439 break;
3440
4a3ee763
JH		 3441 case HCI_OP_WRITE_PAGE_SCAN_ACTIVITY:
3442 hci_cc_write_page_scan_activity(hdev, skb);
3443 break;
3444
f332ec66
JH		 3445 case HCI_OP_READ_PAGE_SCAN_TYPE:
3446 hci_cc_read_page_scan_type(hdev, skb);
3447 break;
3448
4a3ee763
JH		 3449 case HCI_OP_WRITE_PAGE_SCAN_TYPE:
3450 hci_cc_write_page_scan_type(hdev, skb);
3451 break;
3452
350ee4cf
AE		 3453 case HCI_OP_READ_DATA_BLOCK_SIZE:
3454 hci_cc_read_data_block_size(hdev, skb);
3455 break;
3456
1e89cffb
AE		 3457 case HCI_OP_READ_FLOW_CONTROL_MODE:
3458 hci_cc_read_flow_control_mode(hdev, skb);
3459 break;
3460
928abaa7
AE		 3461 case HCI_OP_READ_LOCAL_AMP_INFO:
3462 hci_cc_read_local_amp_info(hdev, skb);
3463 break;
3464
33f35721
JH		 3465 case HCI_OP_READ_CLOCK:
3466 hci_cc_read_clock(hdev, skb);
3467 break;
3468
d5859e22
JH		 3469 case HCI_OP_READ_INQ_RSP_TX_POWER:
3470 hci_cc_read_inq_rsp_tx_power(hdev, skb);
3471 break;
3472
00bce3fb
AM		 3473 case HCI_OP_READ_DEF_ERR_DATA_REPORTING:
3474 hci_cc_read_def_err_data_reporting(hdev, skb);
3475 break;
3476
3477 case HCI_OP_WRITE_DEF_ERR_DATA_REPORTING:
3478 hci_cc_write_def_err_data_reporting(hdev, skb);
3479 break;
3480
980e1a53
JH		 3481 case HCI_OP_PIN_CODE_REPLY:
3482 hci_cc_pin_code_reply(hdev, skb);
3483 break;
3484
3485 case HCI_OP_PIN_CODE_NEG_REPLY:
3486 hci_cc_pin_code_neg_reply(hdev, skb);
3487 break;
3488
c35938b2 3489 case HCI_OP_READ_LOCAL_OOB_DATA:
4d2d2796
MH		 3490 hci_cc_read_local_oob_data(hdev, skb);
3491 break;
3492
3493 case HCI_OP_READ_LOCAL_OOB_EXT_DATA:
3494 hci_cc_read_local_oob_ext_data(hdev, skb);
c35938b2
SJ		 3495 break;
3496
6ed58ec5
VT		 3497 case HCI_OP_LE_READ_BUFFER_SIZE:
3498 hci_cc_le_read_buffer_size(hdev, skb);
3499 break;
3500
60e77321
JH		 3501 case HCI_OP_LE_READ_LOCAL_FEATURES:
3502 hci_cc_le_read_local_features(hdev, skb);
3503 break;
3504
8fa19098
JH		 3505 case HCI_OP_LE_READ_ADV_TX_POWER:
3506 hci_cc_le_read_adv_tx_power(hdev, skb);
3507 break;
3508
a5c29683
JH		 3509 case HCI_OP_USER_CONFIRM_REPLY:
3510 hci_cc_user_confirm_reply(hdev, skb);
3511 break;
3512
3513 case HCI_OP_USER_CONFIRM_NEG_REPLY:
3514 hci_cc_user_confirm_neg_reply(hdev, skb);
3515 break;
3516
1143d458
BG		 3517 case HCI_OP_USER_PASSKEY_REPLY:
3518 hci_cc_user_passkey_reply(hdev, skb);
3519 break;
3520
3521 case HCI_OP_USER_PASSKEY_NEG_REPLY:
3522 hci_cc_user_passkey_neg_reply(hdev, skb);
16cde993 3523 break;
07f7fa5d 3524
7a4cd51d
MH		 3525 case HCI_OP_LE_SET_RANDOM_ADDR:
3526 hci_cc_le_set_random_addr(hdev, skb);
3527 break;
3528
c1d5dc4a
JH		 3529 case HCI_OP_LE_SET_ADV_ENABLE:
3530 hci_cc_le_set_adv_enable(hdev, skb);
3531 break;
3532
533553f8
MH		 3533 case HCI_OP_LE_SET_SCAN_PARAM:
3534 hci_cc_le_set_scan_param(hdev, skb);
3535 break;
3536
eb9d91f5
AG		 3537 case HCI_OP_LE_SET_SCAN_ENABLE:
3538 hci_cc_le_set_scan_enable(hdev, skb);
3539 break;
3540
cf1d081f
JH		 3541 case HCI_OP_LE_READ_WHITE_LIST_SIZE:
3542 hci_cc_le_read_white_list_size(hdev, skb);
3543 break;
3544
0f36b589
MH		 3545 case HCI_OP_LE_CLEAR_WHITE_LIST:
3546 hci_cc_le_clear_white_list(hdev, skb);
3547 break;
3548
3549 case HCI_OP_LE_ADD_TO_WHITE_LIST:
3550 hci_cc_le_add_to_white_list(hdev, skb);
3551 break;
3552
3553 case HCI_OP_LE_DEL_FROM_WHITE_LIST:
3554 hci_cc_le_del_from_white_list(hdev, skb);
3555 break;
3556
9b008c04
JH		 3557 case HCI_OP_LE_READ_SUPPORTED_STATES:
3558 hci_cc_le_read_supported_states(hdev, skb);
3559 break;
3560
a8e1bfaa
MH		 3561 case HCI_OP_LE_READ_DEF_DATA_LEN:
3562 hci_cc_le_read_def_data_len(hdev, skb);
3563 break;
3564
3565 case HCI_OP_LE_WRITE_DEF_DATA_LEN:
3566 hci_cc_le_write_def_data_len(hdev, skb);
3567 break;
3568
b950aa88
AN		 3569 case HCI_OP_LE_ADD_TO_RESOLV_LIST:
3570 hci_cc_le_add_to_resolv_list(hdev, skb);
3571 break;
3572
3573 case HCI_OP_LE_DEL_FROM_RESOLV_LIST:
3574 hci_cc_le_del_from_resolv_list(hdev, skb);
3575 break;
3576
545f2596
AN		 3577 case HCI_OP_LE_CLEAR_RESOLV_LIST:
3578 hci_cc_le_clear_resolv_list(hdev, skb);
3579 break;
3580
cfdb0c2d
AN		 3581 case HCI_OP_LE_READ_RESOLV_LIST_SIZE:
3582 hci_cc_le_read_resolv_list_size(hdev, skb);
3583 break;
3584
aa12af77
AN		 3585 case HCI_OP_LE_SET_ADDR_RESOLV_ENABLE:
3586 hci_cc_le_set_addr_resolution_enable(hdev, skb);
3587 break;
3588
a8e1bfaa
MH		 3589 case HCI_OP_LE_READ_MAX_DATA_LEN:
3590 hci_cc_le_read_max_data_len(hdev, skb);
3591 break;
3592
f9b49306
AG		 3593 case HCI_OP_WRITE_LE_HOST_SUPPORTED:
3594 hci_cc_write_le_host_supported(hdev, skb);
3595 break;
3596
56ed2cb8
JH		 3597 case HCI_OP_LE_SET_ADV_PARAM:
3598 hci_cc_set_adv_param(hdev, skb);
3599 break;
3600
5ae76a94
AK		 3601 case HCI_OP_READ_RSSI:
3602 hci_cc_read_rssi(hdev, skb);
3603 break;
3604
5a134fae
AK		 3605 case HCI_OP_READ_TX_POWER:
3606 hci_cc_read_tx_power(hdev, skb);
3607 break;
3608
c50b33c8
MH		 3609 case HCI_OP_WRITE_SSP_DEBUG_MODE:
3610 hci_cc_write_ssp_debug_mode(hdev, skb);
3611 break;
3612
a2344b9e
JK		 3613 case HCI_OP_LE_SET_EXT_SCAN_PARAMS:
3614 hci_cc_le_set_ext_scan_param(hdev, skb);
3615 break;
3616
3617 case HCI_OP_LE_SET_EXT_SCAN_ENABLE:
3618 hci_cc_le_set_ext_scan_enable(hdev, skb);
3619 break;
3620
0314f286
JK		 3621 case HCI_OP_LE_SET_DEFAULT_PHY:
3622 hci_cc_le_set_default_phy(hdev, skb);
3623 break;
3624
6b49bcb4
JK		 3625 case HCI_OP_LE_READ_NUM_SUPPORTED_ADV_SETS:
3626 hci_cc_le_read_num_adv_sets(hdev, skb);
3627 break;
3628
de181e88
JK		 3629 case HCI_OP_LE_SET_EXT_ADV_PARAMS:
3630 hci_cc_set_ext_adv_param(hdev, skb);
3631 break;
3632
3633 case HCI_OP_LE_SET_EXT_ADV_ENABLE:
3634 hci_cc_le_set_ext_adv_enable(hdev, skb);
3635 break;
3636
a73c046a
JK		 3637 case HCI_OP_LE_SET_ADV_SET_RAND_ADDR:
3638 hci_cc_le_set_adv_set_random_addr(hdev, skb);
3639 break;
3640
7c395ea5
DW		 3641 case HCI_OP_LE_READ_TRANSMIT_POWER:
3642 hci_cc_le_read_transmit_power(hdev, skb);
3643 break;
3644
a9de9248 3645 default:
e6214487 3646 BT_DBG("%s opcode 0x%4.4x", hdev->name, *opcode);
a9de9248
MH		 3647 break;
3648 }
3649
de75cd0d 3650 handle_cmd_cnt_and_timer(hdev, *opcode, ev->ncmd);
600b2150 3651
e6214487
JH		 3652 hci_req_cmd_complete(hdev, *opcode, *status, req_complete,
3653 req_complete_skb);
9238f36a 3654
f80c5dad
JPRV		 3655 if (hci_dev_test_flag(hdev, HCI_CMD_PENDING)) {
3656 bt_dev_err(hdev,
3657 "unexpected event for opcode 0x%4.4x", *opcode);
3658 return;
3659 }
3660
600b2150
JH		 3661 if (atomic_read(&hdev->cmd_cnt) && !skb_queue_empty(&hdev->cmd_q))
3662 queue_work(hdev->workqueue, &hdev->cmd_work);
a9de9248
MH		 3663}
3664
e6214487
JH		 3665static void hci_cmd_status_evt(struct hci_dev *hdev, struct sk_buff *skb,
3666 u16 *opcode, u8 *status,
3667 hci_req_complete_t *req_complete,
3668 hci_req_complete_skb_t *req_complete_skb)
a9de9248
MH		 3669{
3670 struct hci_ev_cmd_status *ev = (void *) skb->data;
a9de9248
MH		 3671
3672 skb_pull(skb, sizeof(*ev));
3673
e6214487
JH		 3674 *opcode = __le16_to_cpu(ev->opcode);
3675 *status = ev->status;
a9de9248 3676
e6214487 3677 switch (*opcode) {
a9de9248
MH		 3678 case HCI_OP_INQUIRY:
3679 hci_cs_inquiry(hdev, ev->status);
3680 break;
3681
3682 case HCI_OP_CREATE_CONN:
3683 hci_cs_create_conn(hdev, ev->status);
3684 break;
3685
9645c76c
KP		 3686 case HCI_OP_DISCONNECT:
3687 hci_cs_disconnect(hdev, ev->status);
3688 break;
3689
a9de9248
MH		 3690 case HCI_OP_ADD_SCO:
3691 hci_cs_add_sco(hdev, ev->status);
3692 break;
3693
f8558555
MH		 3694 case HCI_OP_AUTH_REQUESTED:
3695 hci_cs_auth_requested(hdev, ev->status);
3696 break;
3697
3698 case HCI_OP_SET_CONN_ENCRYPT:
3699 hci_cs_set_conn_encrypt(hdev, ev->status);
3700 break;
3701
a9de9248
MH		 3702 case HCI_OP_REMOTE_NAME_REQ:
3703 hci_cs_remote_name_req(hdev, ev->status);
3704 break;
3705
769be974
MH		 3706 case HCI_OP_READ_REMOTE_FEATURES:
3707 hci_cs_read_remote_features(hdev, ev->status);
3708 break;
3709
3710 case HCI_OP_READ_REMOTE_EXT_FEATURES:
3711 hci_cs_read_remote_ext_features(hdev, ev->status);
3712 break;
3713
a9de9248
MH		 3714 case HCI_OP_SETUP_SYNC_CONN:
3715 hci_cs_setup_sync_conn(hdev, ev->status);
3716 break;
3717
3718 case HCI_OP_SNIFF_MODE:
3719 hci_cs_sniff_mode(hdev, ev->status);
3720 break;
3721
3722 case HCI_OP_EXIT_SNIFF_MODE:
3723 hci_cs_exit_sniff_mode(hdev, ev->status);
3724 break;
3725
50fc85f1
KP		 3726 case HCI_OP_SWITCH_ROLE:
3727 hci_cs_switch_role(hdev, ev->status);
3728 break;
3729
cb1d68f7
JH		 3730 case HCI_OP_LE_CREATE_CONN:
3731 hci_cs_le_create_conn(hdev, ev->status);
3732 break;
3733
0fe29fd1
MH		 3734 case HCI_OP_LE_READ_REMOTE_FEATURES:
3735 hci_cs_le_read_remote_features(hdev, ev->status);
3736 break;
3737
81d0c8ad
JH		 3738 case HCI_OP_LE_START_ENC:
3739 hci_cs_le_start_enc(hdev, ev->status);
3740 break;
3741
4d94f95d
JK		 3742 case HCI_OP_LE_EXT_CREATE_CONN:
3743 hci_cs_le_ext_create_conn(hdev, ev->status);
3744 break;
3745
a9de9248 3746 default:
e6214487 3747 BT_DBG("%s opcode 0x%4.4x", hdev->name, *opcode);
a9de9248
MH		 3748 break;
3749 }
3750
de75cd0d 3751 handle_cmd_cnt_and_timer(hdev, *opcode, ev->ncmd);
600b2150 3752
444c6dd5
JH		 3753 /* Indicate request completion if the command failed. Also, if
3754 * we're not waiting for a special event and we get a success
3755 * command status we should try to flag the request as completed
3756 * (since for this kind of commands there will not be a command
3757 * complete event).
3758 */
02350a72 3759 if (ev->status ||
242c0ebd 3760 (hdev->sent_cmd && !bt_cb(hdev->sent_cmd)->hci.req_event))
e6214487
JH		 3761 hci_req_cmd_complete(hdev, *opcode, ev->status, req_complete,
3762 req_complete_skb);
9238f36a 3763
f80c5dad
JPRV		 3764 if (hci_dev_test_flag(hdev, HCI_CMD_PENDING)) {
3765 bt_dev_err(hdev,
3766 "unexpected event for opcode 0x%4.4x", *opcode);
3767 return;
3768 }
3769
600b2150
JH		 3770 if (atomic_read(&hdev->cmd_cnt) && !skb_queue_empty(&hdev->cmd_q))
3771 queue_work(hdev->workqueue, &hdev->cmd_work);
a9de9248
MH		 3772}
3773
24dfa343
MH		 3774static void hci_hardware_error_evt(struct hci_dev *hdev, struct sk_buff *skb)
3775{
3776 struct hci_ev_hardware_error *ev = (void *) skb->data;
3777
c7741d16
MH		 3778 hdev->hw_error_code = ev->code;
3779
3780 queue_work(hdev->req_workqueue, &hdev->error_reset);
24dfa343
MH		 3781}
3782
6039aa73 3783static void hci_role_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248
MH		 3784{
3785 struct hci_ev_role_change *ev = (void *) skb->data;
3786 struct hci_conn *conn;
3787
9f1db00c 3788 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
a9de9248
MH		 3789
3790 hci_dev_lock(hdev);
3791
3792 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3793 if (conn) {
40bef302
JH		 3794 if (!ev->status)
3795 conn->role = ev->role;
a9de9248 3796
51a8efd7 3797 clear_bit(HCI_CONN_RSWITCH_PEND, &conn->flags);
a9de9248
MH		 3798
3799 hci_role_switch_cfm(conn, ev->status, ev->role);
3800 }
3801
3802 hci_dev_unlock(hdev);
3803}
3804
6039aa73 3805static void hci_num_comp_pkts_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248
MH		 3806{
3807 struct hci_ev_num_comp_pkts *ev = (void *) skb->data;
a9de9248
MH		 3808 int i;
3809
32ac5b9b 3810 if (hdev->flow_ctl_mode != HCI_FLOW_CTL_MODE_PACKET_BASED) {
2064ee33 3811 bt_dev_err(hdev, "wrong event for mode %d", hdev->flow_ctl_mode);
32ac5b9b
AE		 3812 return;
3813 }
3814
16e18342
GS		 3815 if (skb->len < sizeof(*ev) ||
3816 skb->len < struct_size(ev, handles, ev->num_hndl)) {
a9de9248
MH		 3817 BT_DBG("%s bad parameters", hdev->name);
3818 return;
3819 }
3820
c5993de8
AE		 3821 BT_DBG("%s num_hndl %d", hdev->name, ev->num_hndl);
3822
613a1c0c
AE		 3823 for (i = 0; i < ev->num_hndl; i++) {
3824 struct hci_comp_pkts_info *info = &ev->handles[i];
a9de9248
MH		 3825 struct hci_conn *conn;
3826 __u16 handle, count;
3827
613a1c0c
AE		 3828 handle = __le16_to_cpu(info->handle);
3829 count = __le16_to_cpu(info->count);
a9de9248
MH		 3830
3831 conn = hci_conn_hash_lookup_handle(hdev, handle);
f4280918
AE		 3832 if (!conn)
3833 continue;
3834
3835 conn->sent -= count;
3836
3837 switch (conn->type) {
3838 case ACL_LINK:
3839 hdev->acl_cnt += count;
3840 if (hdev->acl_cnt > hdev->acl_pkts)
3841 hdev->acl_cnt = hdev->acl_pkts;
3842 break;
3843
3844 case LE_LINK:
3845 if (hdev->le_pkts) {
3846 hdev->le_cnt += count;
3847 if (hdev->le_cnt > hdev->le_pkts)
3848 hdev->le_cnt = hdev->le_pkts;
3849 } else {
70f23020
AE		 3850 hdev->acl_cnt += count;
3851 if (hdev->acl_cnt > hdev->acl_pkts)
a9de9248 3852 hdev->acl_cnt = hdev->acl_pkts;
a9de9248 3853 }
f4280918
AE		 3854 break;
3855
3856 case SCO_LINK:
3857 hdev->sco_cnt += count;
3858 if (hdev->sco_cnt > hdev->sco_pkts)
3859 hdev->sco_cnt = hdev->sco_pkts;
3860 break;
3861
3862 default:
2064ee33
MH		 3863 bt_dev_err(hdev, "unknown type %d conn %p",
3864 conn->type, conn);
f4280918 3865 break;
a9de9248
MH		 3866 }
3867 }
3868
3eff45ea 3869 queue_work(hdev->workqueue, &hdev->tx_work);
a9de9248
MH		 3870}
3871
76ef7cf7
AE		 3872static struct hci_conn *__hci_conn_lookup_handle(struct hci_dev *hdev,
3873 __u16 handle)
3874{
3875 struct hci_chan *chan;
3876
3877 switch (hdev->dev_type) {
ca8bee5d 3878 case HCI_PRIMARY:
76ef7cf7
AE		 3879 return hci_conn_hash_lookup_handle(hdev, handle);
3880 case HCI_AMP:
3881 chan = hci_chan_lookup_handle(hdev, handle);
3882 if (chan)
3883 return chan->conn;
3884 break;
3885 default:
2064ee33 3886 bt_dev_err(hdev, "unknown dev_type %d", hdev->dev_type);
76ef7cf7
AE		 3887 break;
3888 }
3889
3890 return NULL;
3891}
3892
6039aa73 3893static void hci_num_comp_blocks_evt(struct hci_dev *hdev, struct sk_buff *skb)
25e89e99
AE		 3894{
3895 struct hci_ev_num_comp_blocks *ev = (void *) skb->data;
3896 int i;
3897
3898 if (hdev->flow_ctl_mode != HCI_FLOW_CTL_MODE_BLOCK_BASED) {
2064ee33 3899 bt_dev_err(hdev, "wrong event for mode %d", hdev->flow_ctl_mode);
25e89e99
AE		 3900 return;
3901 }
3902
16e18342
GS		 3903 if (skb->len < sizeof(*ev) ||
3904 skb->len < struct_size(ev, handles, ev->num_hndl)) {
25e89e99
AE		 3905 BT_DBG("%s bad parameters", hdev->name);
3906 return;
3907 }
3908
3909 BT_DBG("%s num_blocks %d num_hndl %d", hdev->name, ev->num_blocks,
807deac2 3910 ev->num_hndl);
25e89e99
AE		 3911
3912 for (i = 0; i < ev->num_hndl; i++) {
3913 struct hci_comp_blocks_info *info = &ev->handles[i];
76ef7cf7 3914 struct hci_conn *conn = NULL;
25e89e99
AE		 3915 __u16 handle, block_count;
3916
3917 handle = __le16_to_cpu(info->handle);
3918 block_count = __le16_to_cpu(info->blocks);
3919
76ef7cf7 3920 conn = __hci_conn_lookup_handle(hdev, handle);
25e89e99
AE		 3921 if (!conn)
3922 continue;
3923
3924 conn->sent -= block_count;
3925
3926 switch (conn->type) {
3927 case ACL_LINK:
bd1eb66b 3928 case AMP_LINK:
25e89e99
AE		 3929 hdev->block_cnt += block_count;
3930 if (hdev->block_cnt > hdev->num_blocks)
3931 hdev->block_cnt = hdev->num_blocks;
3932 break;
3933
3934 default:
2064ee33
MH		 3935 bt_dev_err(hdev, "unknown type %d conn %p",
3936 conn->type, conn);
25e89e99
AE		 3937 break;
3938 }
3939 }
3940
3941 queue_work(hdev->workqueue, &hdev->tx_work);
3942}
3943
6039aa73 3944static void hci_mode_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
04837f64 3945{
a9de9248 3946 struct hci_ev_mode_change *ev = (void *) skb->data;
04837f64
MH		 3947 struct hci_conn *conn;
3948
9f1db00c 3949 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
04837f64
MH		 3950
3951 hci_dev_lock(hdev);
3952
3953 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
a9de9248
MH		 3954 if (conn) {
3955 conn->mode = ev->mode;
a9de9248 3956
8fc9ced3
GP		 3957 if (!test_and_clear_bit(HCI_CONN_MODE_CHANGE_PEND,
3958 &conn->flags)) {
a9de9248 3959 if (conn->mode == HCI_CM_ACTIVE)
58a681ef 3960 set_bit(HCI_CONN_POWER_SAVE, &conn->flags);
a9de9248 3961 else
58a681ef 3962 clear_bit(HCI_CONN_POWER_SAVE, &conn->flags);
a9de9248 3963 }
e73439d8 3964
51a8efd7 3965 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
e73439d8 3966 hci_sco_setup(conn, ev->status);
04837f64
MH		 3967 }
3968
3969 hci_dev_unlock(hdev);
3970}
3971
6039aa73 3972static void hci_pin_code_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248 3973{
052b30b0
MH		 3974 struct hci_ev_pin_code_req *ev = (void *) skb->data;
3975 struct hci_conn *conn;
3976
a9de9248 3977 BT_DBG("%s", hdev->name);
052b30b0
MH		 3978
3979 hci_dev_lock(hdev);
3980
3981 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
b6f98044
WR		 3982 if (!conn)
3983 goto unlock;
3984
3985 if (conn->state == BT_CONNECTED) {
052b30b0
MH		 3986 hci_conn_hold(conn);
3987 conn->disc_timeout = HCI_PAIRING_TIMEOUT;
76a68ba0 3988 hci_conn_drop(conn);
052b30b0
MH		 3989 }
3990
d7a5a11d 3991 if (!hci_dev_test_flag(hdev, HCI_BONDABLE) &&
2f407f0a 3992 !test_bit(HCI_CONN_AUTH_INITIATOR, &conn->flags)) {
03b555e1 3993 hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
807deac2 3994 sizeof(ev->bdaddr), &ev->bdaddr);
d7a5a11d 3995 } else if (hci_dev_test_flag(hdev, HCI_MGMT)) {
a770bb5a
WR		 3996 u8 secure;
3997
3998 if (conn->pending_sec_level == BT_SECURITY_HIGH)
3999 secure = 1;
4000 else
4001 secure = 0;
4002
744cf19e 4003 mgmt_pin_code_request(hdev, &ev->bdaddr, secure);
a770bb5a 4004 }
980e1a53 4005
b6f98044 4006unlock:
052b30b0 4007 hci_dev_unlock(hdev);
a9de9248
MH		 4008}
4009
cb6f3f7a
JH		 4010static void conn_set_key(struct hci_conn *conn, u8 key_type, u8 pin_len)
4011{
4012 if (key_type == HCI_LK_CHANGED_COMBINATION)
4013 return;
4014
4015 conn->pin_length = pin_len;
4016 conn->key_type = key_type;
4017
4018 switch (key_type) {
4019 case HCI_LK_LOCAL_UNIT:
4020 case HCI_LK_REMOTE_UNIT:
4021 case HCI_LK_DEBUG_COMBINATION:
4022 return;
4023 case HCI_LK_COMBINATION:
4024 if (pin_len == 16)
4025 conn->pending_sec_level = BT_SECURITY_HIGH;
4026 else
4027 conn->pending_sec_level = BT_SECURITY_MEDIUM;
4028 break;
4029 case HCI_LK_UNAUTH_COMBINATION_P192:
4030 case HCI_LK_UNAUTH_COMBINATION_P256:
4031 conn->pending_sec_level = BT_SECURITY_MEDIUM;
4032 break;
4033 case HCI_LK_AUTH_COMBINATION_P192:
4034 conn->pending_sec_level = BT_SECURITY_HIGH;
4035 break;
4036 case HCI_LK_AUTH_COMBINATION_P256:
4037 conn->pending_sec_level = BT_SECURITY_FIPS;
4038 break;
4039 }
4040}
4041
6039aa73 4042static void hci_link_key_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248 4043{
55ed8ca1
JH		 4044 struct hci_ev_link_key_req *ev = (void *) skb->data;
4045 struct hci_cp_link_key_reply cp;
4046 struct hci_conn *conn;
4047 struct link_key *key;
4048
a9de9248 4049 BT_DBG("%s", hdev->name);
55ed8ca1 4050
d7a5a11d 4051 if (!hci_dev_test_flag(hdev, HCI_MGMT))
55ed8ca1
JH		 4052 return;
4053
4054 hci_dev_lock(hdev);
4055
4056 key = hci_find_link_key(hdev, &ev->bdaddr);
4057 if (!key) {
6ed93dc6
AE		 4058 BT_DBG("%s link key not found for %pMR", hdev->name,
4059 &ev->bdaddr);
55ed8ca1
JH		 4060 goto not_found;
4061 }
4062
6ed93dc6
AE		 4063 BT_DBG("%s found key type %u for %pMR", hdev->name, key->type,
4064 &ev->bdaddr);
55ed8ca1 4065
55ed8ca1 4066 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
60b83f57 4067 if (conn) {
fe8bc5ac
JH		 4068 clear_bit(HCI_CONN_NEW_LINK_KEY, &conn->flags);
4069
66138ce8
MH		 4070 if ((key->type == HCI_LK_UNAUTH_COMBINATION_P192 ||
4071 key->type == HCI_LK_UNAUTH_COMBINATION_P256) &&
807deac2 4072 conn->auth_type != 0xff && (conn->auth_type & 0x01)) {
60b83f57
WR		 4073 BT_DBG("%s ignoring unauthenticated key", hdev->name);
4074 goto not_found;
4075 }
55ed8ca1 4076
60b83f57 4077 if (key->type == HCI_LK_COMBINATION && key->pin_len < 16 &&
f3fb0b58
JH		 4078 (conn->pending_sec_level == BT_SECURITY_HIGH ||
4079 conn->pending_sec_level == BT_SECURITY_FIPS)) {
8fc9ced3
GP		 4080 BT_DBG("%s ignoring key unauthenticated for high security",
4081 hdev->name);
60b83f57
WR		 4082 goto not_found;
4083 }
4084
cb6f3f7a 4085 conn_set_key(conn, key->type, key->pin_len);
55ed8ca1
JH		 4086 }
4087
4088 bacpy(&cp.bdaddr, &ev->bdaddr);
9b3b4460 4089 memcpy(cp.link_key, key->val, HCI_LINK_KEY_SIZE);
55ed8ca1
JH		 4090
4091 hci_send_cmd(hdev, HCI_OP_LINK_KEY_REPLY, sizeof(cp), &cp);
4092
4093 hci_dev_unlock(hdev);
4094
4095 return;
4096
4097not_found:
4098 hci_send_cmd(hdev, HCI_OP_LINK_KEY_NEG_REPLY, 6, &ev->bdaddr);
4099 hci_dev_unlock(hdev);
a9de9248
MH		 4100}
4101
6039aa73 4102static void hci_link_key_notify_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248 4103{
052b30b0
MH		 4104 struct hci_ev_link_key_notify *ev = (void *) skb->data;
4105 struct hci_conn *conn;
7652ff6a
JH		 4106 struct link_key *key;
4107 bool persistent;
55ed8ca1 4108 u8 pin_len = 0;
052b30b0 4109
a9de9248 4110 BT_DBG("%s", hdev->name);
052b30b0
MH		 4111
4112 hci_dev_lock(hdev);
4113
4114 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
82c13d42
JH		 4115 if (!conn)
4116 goto unlock;
4117
4118 hci_conn_hold(conn);
4119 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
4120 hci_conn_drop(conn);
4121
fe8bc5ac 4122 set_bit(HCI_CONN_NEW_LINK_KEY, &conn->flags);
82c13d42 4123 conn_set_key(conn, ev->key_type, conn->pin_length);
052b30b0 4124
d7a5a11d 4125 if (!hci_dev_test_flag(hdev, HCI_MGMT))
7652ff6a
JH		 4126 goto unlock;
4127
4128 key = hci_add_link_key(hdev, conn, &ev->bdaddr, ev->link_key,
4129 ev->key_type, pin_len, &persistent);
4130 if (!key)
4131 goto unlock;
4132
cb6f3f7a
JH		 4133 /* Update connection information since adding the key will have
4134 * fixed up the type in the case of changed combination keys.
4135 */
4136 if (ev->key_type == HCI_LK_CHANGED_COMBINATION)
4137 conn_set_key(conn, key->type, key->pin_len);
4138
7652ff6a 4139 mgmt_new_link_key(hdev, key, persistent);
55ed8ca1 4140
6d5650c4
JH		 4141 /* Keep debug keys around only if the HCI_KEEP_DEBUG_KEYS flag
4142 * is set. If it's not set simply remove the key from the kernel
4143 * list (we've still notified user space about it but with
4144 * store_hint being 0).
4145 */
4146 if (key->type == HCI_LK_DEBUG_COMBINATION &&
d7a5a11d 4147 !hci_dev_test_flag(hdev, HCI_KEEP_DEBUG_KEYS)) {
0378b597
JH		 4148 list_del_rcu(&key->list);
4149 kfree_rcu(key, rcu);
82c13d42 4150 goto unlock;
6d5650c4 4151 }
7652ff6a 4152
82c13d42
JH		 4153 if (persistent)
4154 clear_bit(HCI_CONN_FLUSH_KEY, &conn->flags);
4155 else
4156 set_bit(HCI_CONN_FLUSH_KEY, &conn->flags);
4157
7652ff6a 4158unlock:
052b30b0 4159 hci_dev_unlock(hdev);
a9de9248
MH		 4160}
4161
6039aa73 4162static void hci_clock_offset_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 4163{
a9de9248 4164 struct hci_ev_clock_offset *ev = (void *) skb->data;
04837f64 4165 struct hci_conn *conn;
1da177e4 4166
9f1db00c 4167 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
1da177e4
LT		 4168
4169 hci_dev_lock(hdev);
4170
04837f64 4171 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1da177e4
LT		 4172 if (conn && !ev->status) {
4173 struct inquiry_entry *ie;
4174
cc11b9c1
AE		 4175 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
4176 if (ie) {
1da177e4
LT		 4177 ie->data.clock_offset = ev->clock_offset;
4178 ie->timestamp = jiffies;
4179 }
4180 }
4181
4182 hci_dev_unlock(hdev);
4183}
4184
6039aa73 4185static void hci_pkt_type_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
a8746417
MH		 4186{
4187 struct hci_ev_pkt_type_change *ev = (void *) skb->data;
4188 struct hci_conn *conn;
4189
9f1db00c 4190 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
a8746417
MH		 4191
4192 hci_dev_lock(hdev);
4193
4194 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
4195 if (conn && !ev->status)
4196 conn->pkt_type = __le16_to_cpu(ev->pkt_type);
4197
4198 hci_dev_unlock(hdev);
4199}
4200
6039aa73 4201static void hci_pscan_rep_mode_evt(struct hci_dev *hdev, struct sk_buff *skb)
85a1e930 4202{
a9de9248 4203 struct hci_ev_pscan_rep_mode *ev = (void *) skb->data;
85a1e930
MH		 4204 struct inquiry_entry *ie;
4205
4206 BT_DBG("%s", hdev->name);
4207
4208 hci_dev_lock(hdev);
4209
cc11b9c1
AE		 4210 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
4211 if (ie) {
85a1e930
MH		 4212 ie->data.pscan_rep_mode = ev->pscan_rep_mode;
4213 ie->timestamp = jiffies;
4214 }
4215
4216 hci_dev_unlock(hdev);
4217}
4218
6039aa73
GP		 4219static void hci_inquiry_result_with_rssi_evt(struct hci_dev *hdev,
4220 struct sk_buff *skb)
a9de9248
MH		 4221{
4222 struct inquiry_data data;
4223 int num_rsp = *((__u8 *) skb->data);
4224
4225 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
4226
4227 if (!num_rsp)
4228 return;
4229
d7a5a11d 4230 if (hci_dev_test_flag(hdev, HCI_PERIODIC_INQ))
1519cc17
AG		 4231 return;
4232
a9de9248
MH		 4233 hci_dev_lock(hdev);
4234
4235 if ((skb->len - 1) / num_rsp != sizeof(struct inquiry_info_with_rssi)) {
138d22ef
SJ		 4236 struct inquiry_info_with_rssi_and_pscan_mode *info;
4237 info = (void *) (skb->data + 1);
a9de9248 4238
629b49c8
PY		 4239 if (skb->len < num_rsp * sizeof(*info) + 1)
4240 goto unlock;
4241
e17acd40 4242 for (; num_rsp; num_rsp--, info++) {
af58925c
MH		 4243 u32 flags;
4244
a9de9248
MH		 4245 bacpy(&data.bdaddr, &info->bdaddr);
4246 data.pscan_rep_mode = info->pscan_rep_mode;
4247 data.pscan_period_mode = info->pscan_period_mode;
4248 data.pscan_mode = info->pscan_mode;
4249 memcpy(data.dev_class, info->dev_class, 3);
4250 data.clock_offset = info->clock_offset;
4251 data.rssi = info->rssi;
41a96212 4252 data.ssp_mode = 0x00;
3175405b 4253
af58925c
MH		 4254 flags = hci_inquiry_cache_update(hdev, &data, false);
4255
48264f06 4256 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
04124681 4257 info->dev_class, info->rssi,
af58925c 4258 flags, NULL, 0, NULL, 0);
a9de9248
MH		 4259 }
4260 } else {
4261 struct inquiry_info_with_rssi *info = (void *) (skb->data + 1);
4262
629b49c8
PY		 4263 if (skb->len < num_rsp * sizeof(*info) + 1)
4264 goto unlock;
4265
e17acd40 4266 for (; num_rsp; num_rsp--, info++) {
af58925c
MH		 4267 u32 flags;
4268
a9de9248
MH		 4269 bacpy(&data.bdaddr, &info->bdaddr);
4270 data.pscan_rep_mode = info->pscan_rep_mode;
4271 data.pscan_period_mode = info->pscan_period_mode;
4272 data.pscan_mode = 0x00;
4273 memcpy(data.dev_class, info->dev_class, 3);
4274 data.clock_offset = info->clock_offset;
4275 data.rssi = info->rssi;
41a96212 4276 data.ssp_mode = 0x00;
af58925c
MH		 4277
4278 flags = hci_inquiry_cache_update(hdev, &data, false);
4279
48264f06 4280 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
04124681 4281 info->dev_class, info->rssi,
af58925c 4282 flags, NULL, 0, NULL, 0);
a9de9248
MH		 4283 }
4284 }
4285
629b49c8 4286unlock:
a9de9248
MH		 4287 hci_dev_unlock(hdev);
4288}
4289
6039aa73
GP		 4290static void hci_remote_ext_features_evt(struct hci_dev *hdev,
4291 struct sk_buff *skb)
a9de9248 4292{
41a96212
MH		 4293 struct hci_ev_remote_ext_features *ev = (void *) skb->data;
4294 struct hci_conn *conn;
4295
a9de9248 4296 BT_DBG("%s", hdev->name);
41a96212 4297
41a96212
MH		 4298 hci_dev_lock(hdev);
4299
4300 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
ccd556fe
JH		 4301 if (!conn)
4302 goto unlock;
41a96212 4303
cad718ed
JH		 4304 if (ev->page < HCI_MAX_PAGES)
4305 memcpy(conn->features[ev->page], ev->features, 8);
4306
ccd556fe
JH		 4307 if (!ev->status && ev->page == 0x01) {
4308 struct inquiry_entry *ie;
41a96212 4309
cc11b9c1
AE		 4310 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
4311 if (ie)
02b7cc62 4312 ie->data.ssp_mode = (ev->features[0] & LMP_HOST_SSP);
769be974 4313
bbb0eada 4314 if (ev->features[0] & LMP_HOST_SSP) {
58a681ef 4315 set_bit(HCI_CONN_SSP_ENABLED, &conn->flags);
bbb0eada
JK		 4316 } else {
4317 /* It is mandatory by the Bluetooth specification that
4318 * Extended Inquiry Results are only used when Secure
4319 * Simple Pairing is enabled, but some devices violate
4320 * this.
4321 *
4322 * To make these devices work, the internal SSP
4323 * enabled flag needs to be cleared if the remote host
4324 * features do not indicate SSP support */
4325 clear_bit(HCI_CONN_SSP_ENABLED, &conn->flags);
4326 }
eb9a8f3f
MH		 4327
4328 if (ev->features[0] & LMP_HOST_SC)
4329 set_bit(HCI_CONN_SC_ENABLED, &conn->flags);
ccd556fe
JH		 4330 }
4331
4332 if (conn->state != BT_CONFIG)
4333 goto unlock;
4334
671267bf 4335 if (!ev->status && !test_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags)) {
127178d2
JH		 4336 struct hci_cp_remote_name_req cp;
4337 memset(&cp, 0, sizeof(cp));
4338 bacpy(&cp.bdaddr, &conn->dst);
4339 cp.pscan_rep_mode = 0x02;
4340 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
b644ba33 4341 } else if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
1c6ed31b 4342 mgmt_device_connected(hdev, conn, NULL, 0);
392599b9 4343
127178d2 4344 if (!hci_outgoing_auth_needed(hdev, conn)) {
ccd556fe 4345 conn->state = BT_CONNECTED;
539c496d 4346 hci_connect_cfm(conn, ev->status);
76a68ba0 4347 hci_conn_drop(conn);
41a96212
MH		 4348 }
4349
ccd556fe 4350unlock:
41a96212 4351 hci_dev_unlock(hdev);
a9de9248
MH		 4352}
4353
6039aa73
GP		 4354static void hci_sync_conn_complete_evt(struct hci_dev *hdev,
4355 struct sk_buff *skb)
a9de9248 4356{
b6a0dc82
MH		 4357 struct hci_ev_sync_conn_complete *ev = (void *) skb->data;
4358 struct hci_conn *conn;
4359
9f1db00c 4360 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
b6a0dc82
MH		 4361
4362 hci_dev_lock(hdev);
4363
4364 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
9dc0a3af
MH		 4365 if (!conn) {
4366 if (ev->link_type == ESCO_LINK)
4367 goto unlock;
4368
618353b1
KP		 4369 /* When the link type in the event indicates SCO connection
4370 * and lookup of the connection object fails, then check
4371 * if an eSCO connection object exists.
4372 *
4373 * The core limits the synchronous connections to either
4374 * SCO or eSCO. The eSCO connection is preferred and tried
4375 * to be setup first and until successfully established,
4376 * the link type will be hinted as eSCO.
4377 */
9dc0a3af
MH		 4378 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
4379 if (!conn)
4380 goto unlock;
9dc0a3af 4381 }
b6a0dc82 4382
732547f9
MH		 4383 switch (ev->status) {
4384 case 0x00:
b6a0dc82
MH		 4385 conn->handle = __le16_to_cpu(ev->handle);
4386 conn->state = BT_CONNECTED;
618353b1 4387 conn->type = ev->link_type;
7d0db0a3 4388
23b9ceb7 4389 hci_debugfs_create_conn(conn);
7d0db0a3 4390 hci_conn_add_sysfs(conn);
732547f9
MH		 4391 break;
4392
81218d20 4393 case 0x10: /* Connection Accept Timeout */
1a4c958c 4394 case 0x0d: /* Connection Rejected due to Limited Resources */
705e5711 4395 case 0x11: /* Unsupported Feature or Parameter Value */
732547f9 4396 case 0x1c: /* SCO interval rejected */
1038a00b 4397 case 0x1a: /* Unsupported Remote Feature */
56b5453a 4398 case 0x1e: /* Invalid LMP Parameters */
732547f9 4399 case 0x1f: /* Unspecified error */
27539bc4 4400 case 0x20: /* Unsupported LMP Parameter value */
2dea632f 4401 if (conn->out) {
732547f9
MH		 4402 conn->pkt_type = (hdev->esco_type & SCO_ESCO_MASK) |
4403 (hdev->esco_type & EDR_ESCO_MASK);
2dea632f
FD		 4404 if (hci_setup_sync(conn, conn->link->handle))
4405 goto unlock;
732547f9 4406 }
19186c7b 4407 fallthrough;
732547f9
MH		 4408
4409 default:
b6a0dc82 4410 conn->state = BT_CLOSED;
732547f9
MH		 4411 break;
4412 }
b6a0dc82 4413
1f8330ea
SN		 4414 bt_dev_dbg(hdev, "SCO connected with air mode: %02x", ev->air_mode);
4415
06d213d8
K		 4416 switch (ev->air_mode) {
4417 case 0x02:
1f8330ea
SN		 4418 if (hdev->notify)
4419 hdev->notify(hdev, HCI_NOTIFY_ENABLE_SCO_CVSD);
4420 break;
06d213d8 4421 case 0x03:
1f8330ea
SN		 4422 if (hdev->notify)
4423 hdev->notify(hdev, HCI_NOTIFY_ENABLE_SCO_TRANSP);
4424 break;
4425 }
4426
539c496d 4427 hci_connect_cfm(conn, ev->status);
b6a0dc82
MH		 4428 if (ev->status)
4429 hci_conn_del(conn);
4430
4431unlock:
4432 hci_dev_unlock(hdev);
a9de9248
MH		 4433}
4434
efdcf8e3
MH		 4435static inline size_t eir_get_length(u8 *eir, size_t eir_len)
4436{
4437 size_t parsed = 0;
4438
4439 while (parsed < eir_len) {
4440 u8 field_len = eir[0];
4441
4442 if (field_len == 0)
4443 return parsed;
4444
4445 parsed += field_len + 1;
4446 eir += field_len + 1;
4447 }
4448
4449 return eir_len;
4450}
4451
6039aa73
GP		 4452static void hci_extended_inquiry_result_evt(struct hci_dev *hdev,
4453 struct sk_buff *skb)
1da177e4 4454{
a9de9248
MH		 4455 struct inquiry_data data;
4456 struct extended_inquiry_info *info = (void *) (skb->data + 1);
4457 int num_rsp = *((__u8 *) skb->data);
9d939d94 4458 size_t eir_len;
1da177e4 4459
a9de9248 4460 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
1da177e4 4461
51c19bf3 4462 if (!num_rsp || skb->len < num_rsp * sizeof(*info) + 1)
a9de9248 4463 return;
1da177e4 4464
d7a5a11d 4465 if (hci_dev_test_flag(hdev, HCI_PERIODIC_INQ))
1519cc17
AG		 4466 return;
4467
a9de9248
MH		 4468 hci_dev_lock(hdev);
4469
e17acd40 4470 for (; num_rsp; num_rsp--, info++) {
af58925c
MH		 4471 u32 flags;
4472 bool name_known;
561aafbc 4473
a9de9248 4474 bacpy(&data.bdaddr, &info->bdaddr);
138d22ef
SJ		 4475 data.pscan_rep_mode = info->pscan_rep_mode;
4476 data.pscan_period_mode = info->pscan_period_mode;
4477 data.pscan_mode = 0x00;
a9de9248 4478 memcpy(data.dev_class, info->dev_class, 3);
138d22ef
SJ		 4479 data.clock_offset = info->clock_offset;
4480 data.rssi = info->rssi;
41a96212 4481 data.ssp_mode = 0x01;
561aafbc 4482
d7a5a11d 4483 if (hci_dev_test_flag(hdev, HCI_MGMT))
0d3b7f64
JH		 4484 name_known = eir_get_data(info->data,
4485 sizeof(info->data),
4486 EIR_NAME_COMPLETE, NULL);
561aafbc
JH		 4487 else
4488 name_known = true;
4489
af58925c
MH		 4490 flags = hci_inquiry_cache_update(hdev, &data, name_known);
4491
9d939d94 4492 eir_len = eir_get_length(info->data, sizeof(info->data));
af58925c 4493
48264f06 4494 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
af58925c
MH		 4495 info->dev_class, info->rssi,
4496 flags, info->data, eir_len, NULL, 0);
a9de9248
MH		 4497 }
4498
4499 hci_dev_unlock(hdev);
4500}
1da177e4 4501
1c2e0041
JH		 4502static void hci_key_refresh_complete_evt(struct hci_dev *hdev,
4503 struct sk_buff *skb)
4504{
4505 struct hci_ev_key_refresh_complete *ev = (void *) skb->data;
4506 struct hci_conn *conn;
4507
9f1db00c 4508 BT_DBG("%s status 0x%2.2x handle 0x%4.4x", hdev->name, ev->status,
1c2e0041
JH		 4509 __le16_to_cpu(ev->handle));
4510
4511 hci_dev_lock(hdev);
4512
4513 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
4514 if (!conn)
4515 goto unlock;
4516
9eb1fbfa
JH		 4517 /* For BR/EDR the necessary steps are taken through the
4518 * auth_complete event.
4519 */
4520 if (conn->type != LE_LINK)
4521 goto unlock;
4522
1c2e0041
JH		 4523 if (!ev->status)
4524 conn->sec_level = conn->pending_sec_level;
4525
4526 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
4527
4528 if (ev->status && conn->state == BT_CONNECTED) {
bed71748 4529 hci_disconnect(conn, HCI_ERROR_AUTH_FAILURE);
76a68ba0 4530 hci_conn_drop(conn);
1c2e0041
JH		 4531 goto unlock;
4532 }
4533
4534 if (conn->state == BT_CONFIG) {
4535 if (!ev->status)
4536 conn->state = BT_CONNECTED;
4537
539c496d 4538 hci_connect_cfm(conn, ev->status);
76a68ba0 4539 hci_conn_drop(conn);
1c2e0041
JH		 4540 } else {
4541 hci_auth_cfm(conn, ev->status);
4542
4543 hci_conn_hold(conn);
4544 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
76a68ba0 4545 hci_conn_drop(conn);
1c2e0041
JH		 4546 }
4547
4548unlock:
4549 hci_dev_unlock(hdev);
4550}
4551
6039aa73 4552static u8 hci_get_auth_req(struct hci_conn *conn)
17fa4b9d 4553{
17fa4b9d 4554 /* If remote requests no-bonding follow that lead */
acabae96
MA		 4555 if (conn->remote_auth == HCI_AT_NO_BONDING ||
4556 conn->remote_auth == HCI_AT_NO_BONDING_MITM)
58797bf7 4557 return conn->remote_auth | (conn->auth_type & 0x01);
17fa4b9d 4558
b7f94c88
MA		 4559 /* If both remote and local have enough IO capabilities, require
4560 * MITM protection
4561 */
4562 if (conn->remote_cap != HCI_IO_NO_INPUT_OUTPUT &&
4563 conn->io_capability != HCI_IO_NO_INPUT_OUTPUT)
4564 return conn->remote_auth | 0x01;
4565
7e74170a
TM		 4566 /* No MITM protection possible so ignore remote requirement */
4567 return (conn->remote_auth & ~0x01) | (conn->auth_type & 0x01);
17fa4b9d
JH		 4568}
4569
a83ed81e
MH		 4570static u8 bredr_oob_data_present(struct hci_conn *conn)
4571{
4572 struct hci_dev *hdev = conn->hdev;
4573 struct oob_data *data;
4574
4575 data = hci_find_remote_oob_data(hdev, &conn->dst, BDADDR_BREDR);
4576 if (!data)
4577 return 0x00;
4578
455c2ff0
MH		 4579 if (bredr_sc_enabled(hdev)) {
4580 /* When Secure Connections is enabled, then just
4581 * return the present value stored with the OOB
4582 * data. The stored value contains the right present
4583 * information. However it can only be trusted when
4584 * not in Secure Connection Only mode.
4585 */
4586 if (!hci_dev_test_flag(hdev, HCI_SC_ONLY))
4587 return data->present;
659c7fb0 4588
455c2ff0
MH		 4589 /* When Secure Connections Only mode is enabled, then
4590 * the P-256 values are required. If they are not
4591 * available, then do not declare that OOB data is
4592 * present.
659c7fb0 4593 */
455c2ff0
MH		 4594 if (!memcmp(data->rand256, ZERO_KEY, 16) ||
4595 !memcmp(data->hash256, ZERO_KEY, 16))
659c7fb0
MH		 4596 return 0x00;
4597
455c2ff0 4598 return 0x02;
659c7fb0 4599 }
a83ed81e 4600
455c2ff0
MH		 4601 /* When Secure Connections is not enabled or actually
4602 * not supported by the hardware, then check that if
4603 * P-192 data values are present.
4604 */
4605 if (!memcmp(data->rand192, ZERO_KEY, 16) ||
4606 !memcmp(data->hash192, ZERO_KEY, 16))
4607 return 0x00;
4608
4609 return 0x01;
a83ed81e
MH		 4610}
4611
6039aa73 4612static void hci_io_capa_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
0493684e
MH		 4613{
4614 struct hci_ev_io_capa_request *ev = (void *) skb->data;
4615 struct hci_conn *conn;
4616
4617 BT_DBG("%s", hdev->name);
4618
4619 hci_dev_lock(hdev);
4620
4621 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
03b555e1
JH		 4622 if (!conn)
4623 goto unlock;
4624
4625 hci_conn_hold(conn);
4626
d7a5a11d 4627 if (!hci_dev_test_flag(hdev, HCI_MGMT))
03b555e1
JH		 4628 goto unlock;
4629
2f407f0a
JH		 4630 /* Allow pairing if we're pairable, the initiators of the
4631 * pairing or if the remote is not requesting bonding.
4632 */
d7a5a11d 4633 if (hci_dev_test_flag(hdev, HCI_BONDABLE) ||
2f407f0a 4634 test_bit(HCI_CONN_AUTH_INITIATOR, &conn->flags) ||
807deac2 4635 (conn->remote_auth & ~0x01) == HCI_AT_NO_BONDING) {
17fa4b9d
JH		 4636 struct hci_cp_io_capability_reply cp;
4637
4638 bacpy(&cp.bdaddr, &ev->bdaddr);
7a7f1e7c
HG		 4639 /* Change the IO capability from KeyboardDisplay
4640 * to DisplayYesNo as it is not supported by BT spec. */
4641 cp.capability = (conn->io_capability == 0x04) ?
a767631a 4642 HCI_IO_DISPLAY_YESNO : conn->io_capability;
b7f94c88
MA		 4643
4644 /* If we are initiators, there is no remote information yet */
4645 if (conn->remote_auth == 0xff) {
b16c6604 4646 /* Request MITM protection if our IO caps allow it
4ad51a75 4647 * except for the no-bonding case.
b16c6604 4648 */
6fd6b915 4649 if (conn->io_capability != HCI_IO_NO_INPUT_OUTPUT &&
9f743d74 4650 conn->auth_type != HCI_AT_NO_BONDING)
6c53823a 4651 conn->auth_type |= 0x01;
b7f94c88
MA		 4652 } else {
4653 conn->auth_type = hci_get_auth_req(conn);
b7f94c88 4654 }
17fa4b9d 4655
82c295b1
JH		 4656 /* If we're not bondable, force one of the non-bondable
4657 * authentication requirement values.
4658 */
d7a5a11d 4659 if (!hci_dev_test_flag(hdev, HCI_BONDABLE))
82c295b1
JH		 4660 conn->auth_type &= HCI_AT_NO_BONDING_MITM;
4661
4662 cp.authentication = conn->auth_type;
a83ed81e 4663 cp.oob_data = bredr_oob_data_present(conn);
ce85ee13 4664
17fa4b9d 4665 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_REPLY,
807deac2 4666 sizeof(cp), &cp);
03b555e1
JH		 4667 } else {
4668 struct hci_cp_io_capability_neg_reply cp;
4669
4670 bacpy(&cp.bdaddr, &ev->bdaddr);
9f5a0d7b 4671 cp.reason = HCI_ERROR_PAIRING_NOT_ALLOWED;
0493684e 4672
03b555e1 4673 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_NEG_REPLY,
807deac2 4674 sizeof(cp), &cp);
03b555e1
JH		 4675 }
4676
4677unlock:
4678 hci_dev_unlock(hdev);
4679}
4680
6039aa73 4681static void hci_io_capa_reply_evt(struct hci_dev *hdev, struct sk_buff *skb)
03b555e1
JH		 4682{
4683 struct hci_ev_io_capa_reply *ev = (void *) skb->data;
4684 struct hci_conn *conn;
4685
4686 BT_DBG("%s", hdev->name);
4687
4688 hci_dev_lock(hdev);
4689
4690 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
4691 if (!conn)
4692 goto unlock;
4693
03b555e1 4694 conn->remote_cap = ev->capability;
03b555e1
JH		 4695 conn->remote_auth = ev->authentication;
4696
4697unlock:
0493684e
MH		 4698 hci_dev_unlock(hdev);
4699}
4700
6039aa73
GP		 4701static void hci_user_confirm_request_evt(struct hci_dev *hdev,
4702 struct sk_buff *skb)
a5c29683
JH		 4703{
4704 struct hci_ev_user_confirm_req *ev = (void *) skb->data;
55bc1a37 4705 int loc_mitm, rem_mitm, confirm_hint = 0;
7a828908 4706 struct hci_conn *conn;
a5c29683
JH		 4707
4708 BT_DBG("%s", hdev->name);
4709
4710 hci_dev_lock(hdev);
4711
d7a5a11d 4712 if (!hci_dev_test_flag(hdev, HCI_MGMT))
7a828908 4713 goto unlock;
a5c29683 4714
7a828908
JH		 4715 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
4716 if (!conn)
4717 goto unlock;
4718
4719 loc_mitm = (conn->auth_type & 0x01);
4720 rem_mitm = (conn->remote_auth & 0x01);
4721
4722 /* If we require MITM but the remote device can't provide that
6c53823a
JH		 4723 * (it has NoInputNoOutput) then reject the confirmation
4724 * request. We check the security level here since it doesn't
4725 * necessarily match conn->auth_type.
6fd6b915 4726 */
6c53823a
JH		 4727 if (conn->pending_sec_level > BT_SECURITY_MEDIUM &&
4728 conn->remote_cap == HCI_IO_NO_INPUT_OUTPUT) {
7a828908
JH		 4729 BT_DBG("Rejecting request: remote device can't provide MITM");
4730 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_NEG_REPLY,
807deac2 4731 sizeof(ev->bdaddr), &ev->bdaddr);
7a828908
JH		 4732 goto unlock;
4733 }
4734
4735 /* If no side requires MITM protection; auto-accept */
a767631a
MA		 4736 if ((!loc_mitm || conn->remote_cap == HCI_IO_NO_INPUT_OUTPUT) &&
4737 (!rem_mitm || conn->io_capability == HCI_IO_NO_INPUT_OUTPUT)) {
55bc1a37
JH		 4738
4739 /* If we're not the initiators request authorization to
4740 * proceed from user space (mgmt_user_confirm with
ba15a58b 4741 * confirm_hint set to 1). The exception is if neither
02f3e254
JH		 4742 * side had MITM or if the local IO capability is
4743 * NoInputNoOutput, in which case we do auto-accept
ba15a58b
JH		 4744 */
4745 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->flags) &&
02f3e254 4746 conn->io_capability != HCI_IO_NO_INPUT_OUTPUT &&
ba15a58b 4747 (loc_mitm || rem_mitm)) {
55bc1a37
JH		 4748 BT_DBG("Confirming auto-accept as acceptor");
4749 confirm_hint = 1;
4750 goto confirm;
4751 }
4752
cee5f20f
HC		 4753 /* If there already exists link key in local host, leave the
4754 * decision to user space since the remote device could be
4755 * legitimate or malicious.
4756 */
4757 if (hci_find_link_key(hdev, &ev->bdaddr)) {
4758 bt_dev_dbg(hdev, "Local host already has link key");
4759 confirm_hint = 1;
4760 goto confirm;
4761 }
4762
9f61656a 4763 BT_DBG("Auto-accept of user confirmation with %ums delay",
807deac2 4764 hdev->auto_accept_delay);
9f61656a
JH		 4765
4766 if (hdev->auto_accept_delay > 0) {
4767 int delay = msecs_to_jiffies(hdev->auto_accept_delay);
7bc18d9d
JH		 4768 queue_delayed_work(conn->hdev->workqueue,
4769 &conn->auto_accept_work, delay);
9f61656a
JH		 4770 goto unlock;
4771 }
4772
7a828908 4773 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_REPLY,
807deac2 4774 sizeof(ev->bdaddr), &ev->bdaddr);
7a828908
JH		 4775 goto unlock;
4776 }
4777
55bc1a37 4778confirm:
39adbffe
JH		 4779 mgmt_user_confirm_request(hdev, &ev->bdaddr, ACL_LINK, 0,
4780 le32_to_cpu(ev->passkey), confirm_hint);
7a828908
JH		 4781
4782unlock:
a5c29683
JH		 4783 hci_dev_unlock(hdev);
4784}
4785
6039aa73
GP		 4786static void hci_user_passkey_request_evt(struct hci_dev *hdev,
4787 struct sk_buff *skb)
1143d458
BG		 4788{
4789 struct hci_ev_user_passkey_req *ev = (void *) skb->data;
4790
4791 BT_DBG("%s", hdev->name);
4792
d7a5a11d 4793 if (hci_dev_test_flag(hdev, HCI_MGMT))
272d90df 4794 mgmt_user_passkey_request(hdev, &ev->bdaddr, ACL_LINK, 0);
1143d458
BG		 4795}
4796
92a25256
JH		 4797static void hci_user_passkey_notify_evt(struct hci_dev *hdev,
4798 struct sk_buff *skb)
4799{
4800 struct hci_ev_user_passkey_notify *ev = (void *) skb->data;
4801 struct hci_conn *conn;
4802
4803 BT_DBG("%s", hdev->name);
4804
4805 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
4806 if (!conn)
4807 return;
4808
4809 conn->passkey_notify = __le32_to_cpu(ev->passkey);
4810 conn->passkey_entered = 0;
4811
d7a5a11d 4812 if (hci_dev_test_flag(hdev, HCI_MGMT))
92a25256
JH		 4813 mgmt_user_passkey_notify(hdev, &conn->dst, conn->type,
4814 conn->dst_type, conn->passkey_notify,
4815 conn->passkey_entered);
4816}
4817
4818static void hci_keypress_notify_evt(struct hci_dev *hdev, struct sk_buff *skb)
4819{
4820 struct hci_ev_keypress_notify *ev = (void *) skb->data;
4821 struct hci_conn *conn;
4822
4823 BT_DBG("%s", hdev->name);
4824
4825 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
4826 if (!conn)
4827 return;
4828
4829 switch (ev->type) {
4830 case HCI_KEYPRESS_STARTED:
4831 conn->passkey_entered = 0;
4832 return;
4833
4834 case HCI_KEYPRESS_ENTERED:
4835 conn->passkey_entered++;
4836 break;
4837
4838 case HCI_KEYPRESS_ERASED:
4839 conn->passkey_entered--;
4840 break;
4841
4842 case HCI_KEYPRESS_CLEARED:
4843 conn->passkey_entered = 0;
4844 break;
4845
4846 case HCI_KEYPRESS_COMPLETED:
4847 return;
4848 }
4849
d7a5a11d 4850 if (hci_dev_test_flag(hdev, HCI_MGMT))
92a25256
JH		 4851 mgmt_user_passkey_notify(hdev, &conn->dst, conn->type,
4852 conn->dst_type, conn->passkey_notify,
4853 conn->passkey_entered);
4854}
4855
6039aa73
GP		 4856static void hci_simple_pair_complete_evt(struct hci_dev *hdev,
4857 struct sk_buff *skb)
0493684e
MH		 4858{
4859 struct hci_ev_simple_pair_complete *ev = (void *) skb->data;
4860 struct hci_conn *conn;
4861
4862 BT_DBG("%s", hdev->name);
4863
4864 hci_dev_lock(hdev);
4865
4866 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2a611692
JH		 4867 if (!conn)
4868 goto unlock;
4869
c1d4fa7a
JH		 4870 /* Reset the authentication requirement to unknown */
4871 conn->remote_auth = 0xff;
4872
2a611692
JH		 4873 /* To avoid duplicate auth_failed events to user space we check
4874 * the HCI_CONN_AUTH_PEND flag which will be set if we
4875 * initiated the authentication. A traditional auth_complete
4876 * event gets always produced as initiator and is also mapped to
4877 * the mgmt_auth_failed event */
fa1bd918 4878 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->flags) && ev->status)
e1e930f5 4879 mgmt_auth_failed(conn, ev->status);
0493684e 4880
76a68ba0 4881 hci_conn_drop(conn);
2a611692
JH		 4882
4883unlock:
0493684e
MH		 4884 hci_dev_unlock(hdev);
4885}
4886
6039aa73
GP		 4887static void hci_remote_host_features_evt(struct hci_dev *hdev,
4888 struct sk_buff *skb)
41a96212
MH		 4889{
4890 struct hci_ev_remote_host_features *ev = (void *) skb->data;
4891 struct inquiry_entry *ie;
cad718ed 4892 struct hci_conn *conn;
41a96212
MH		 4893
4894 BT_DBG("%s", hdev->name);
4895
4896 hci_dev_lock(hdev);
4897
cad718ed
JH		 4898 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
4899 if (conn)
4900 memcpy(conn->features[1], ev->features, 8);
4901
cc11b9c1
AE		 4902 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
4903 if (ie)
02b7cc62 4904 ie->data.ssp_mode = (ev->features[0] & LMP_HOST_SSP);
41a96212
MH		 4905
4906 hci_dev_unlock(hdev);
4907}
4908
6039aa73
GP		 4909static void hci_remote_oob_data_request_evt(struct hci_dev *hdev,
4910 struct sk_buff *skb)
2763eda6
SJ		 4911{
4912 struct hci_ev_remote_oob_data_request *ev = (void *) skb->data;
4913 struct oob_data *data;
4914
4915 BT_DBG("%s", hdev->name);
4916
4917 hci_dev_lock(hdev);
4918
d7a5a11d 4919 if (!hci_dev_test_flag(hdev, HCI_MGMT))
e1ba1f15
SJ		 4920 goto unlock;
4921
6928a924 4922 data = hci_find_remote_oob_data(hdev, &ev->bdaddr, BDADDR_BREDR);
6665d057
MH		 4923 if (!data) {
4924 struct hci_cp_remote_oob_data_neg_reply cp;
519ca9d0 4925
6665d057
MH		 4926 bacpy(&cp.bdaddr, &ev->bdaddr);
4927 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_NEG_REPLY,
4928 sizeof(cp), &cp);
4929 goto unlock;
4930 }
2763eda6 4931
6665d057
MH		 4932 if (bredr_sc_enabled(hdev)) {
4933 struct hci_cp_remote_oob_ext_data_reply cp;
519ca9d0 4934
6665d057 4935 bacpy(&cp.bdaddr, &ev->bdaddr);
d7a5a11d 4936 if (hci_dev_test_flag(hdev, HCI_SC_ONLY)) {
6665d057
MH		 4937 memset(cp.hash192, 0, sizeof(cp.hash192));
4938 memset(cp.rand192, 0, sizeof(cp.rand192));
4939 } else {
4940 memcpy(cp.hash192, data->hash192, sizeof(cp.hash192));
4941 memcpy(cp.rand192, data->rand192, sizeof(cp.rand192));
519ca9d0 4942 }
6665d057
MH		 4943 memcpy(cp.hash256, data->hash256, sizeof(cp.hash256));
4944 memcpy(cp.rand256, data->rand256, sizeof(cp.rand256));
4945
4946 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_EXT_DATA_REPLY,
4947 sizeof(cp), &cp);
2763eda6 4948 } else {
6665d057 4949 struct hci_cp_remote_oob_data_reply cp;
2763eda6
SJ		 4950
4951 bacpy(&cp.bdaddr, &ev->bdaddr);
6665d057
MH		 4952 memcpy(cp.hash, data->hash192, sizeof(cp.hash));
4953 memcpy(cp.rand, data->rand192, sizeof(cp.rand));
4954
4955 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_REPLY,
519ca9d0 4956 sizeof(cp), &cp);
2763eda6
SJ		 4957 }
4958
e1ba1f15 4959unlock:
2763eda6
SJ		 4960 hci_dev_unlock(hdev);
4961}
4962
a77a6a14
AW		 4963#if IS_ENABLED(CONFIG_BT_HS)
4964static void hci_chan_selected_evt(struct hci_dev *hdev, struct sk_buff *skb)
4965{
4966 struct hci_ev_channel_selected *ev = (void *)skb->data;
4967 struct hci_conn *hcon;
4968
4969 BT_DBG("%s handle 0x%2.2x", hdev->name, ev->phy_handle);
4970
4971 skb_pull(skb, sizeof(*ev));
4972
4973 hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
4974 if (!hcon)
4975 return;
4976
4977 amp_read_loc_assoc_final_data(hdev, hcon);
4978}
4979
d5e91192
AE		 4980static void hci_phy_link_complete_evt(struct hci_dev *hdev,
4981 struct sk_buff *skb)
4982{
4983 struct hci_ev_phy_link_complete *ev = (void *) skb->data;
4984 struct hci_conn *hcon, *bredr_hcon;
4985
4986 BT_DBG("%s handle 0x%2.2x status 0x%2.2x", hdev->name, ev->phy_handle,
4987 ev->status);
4988
4989 hci_dev_lock(hdev);
4990
4991 hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
3ae1dc75
SS		 4992 if (!hcon)
4993 goto unlock;
d5e91192 4994
3ae1dc75
SS		 4995 if (!hcon->amp_mgr)
4996 goto unlock;
6dfccd13 4997
d5e91192
AE		 4998 if (ev->status) {
4999 hci_conn_del(hcon);
3ae1dc75 5000 goto unlock;
d5e91192
AE		 5001 }
5002
5003 bredr_hcon = hcon->amp_mgr->l2cap_conn->hcon;
5004
5005 hcon->state = BT_CONNECTED;
5006 bacpy(&hcon->dst, &bredr_hcon->dst);
5007
5008 hci_conn_hold(hcon);
5009 hcon->disc_timeout = HCI_DISCONN_TIMEOUT;
76a68ba0 5010 hci_conn_drop(hcon);
d5e91192 5011
23b9ceb7 5012 hci_debugfs_create_conn(hcon);
d5e91192
AE		 5013 hci_conn_add_sysfs(hcon);
5014
cf70ff22 5015 amp_physical_cfm(bredr_hcon, hcon);
d5e91192 5016
3ae1dc75 5017unlock:
cf70ff22 5018 hci_dev_unlock(hdev);
d5e91192
AE		 5019}
5020
27695fb4
AE		 5021static void hci_loglink_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
5022{
5023 struct hci_ev_logical_link_complete *ev = (void *) skb->data;
5024 struct hci_conn *hcon;
5025 struct hci_chan *hchan;
5026 struct amp_mgr *mgr;
5027
5028 BT_DBG("%s log_handle 0x%4.4x phy_handle 0x%2.2x status 0x%2.2x",
5029 hdev->name, le16_to_cpu(ev->handle), ev->phy_handle,
5030 ev->status);
5031
5032 hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
5033 if (!hcon)
5034 return;
5035
5036 /* Create AMP hchan */
5037 hchan = hci_chan_create(hcon);
5038 if (!hchan)
5039 return;
5040
5041 hchan->handle = le16_to_cpu(ev->handle);
5c4c8c95 5042 hchan->amp = true;
27695fb4
AE		 5043
5044 BT_DBG("hcon %p mgr %p hchan %p", hcon, hcon->amp_mgr, hchan);
5045
5046 mgr = hcon->amp_mgr;
5047 if (mgr && mgr->bredr_chan) {
5048 struct l2cap_chan *bredr_chan = mgr->bredr_chan;
5049
5050 l2cap_chan_lock(bredr_chan);
5051
5052 bredr_chan->conn->mtu = hdev->block_mtu;
5053 l2cap_logical_cfm(bredr_chan, hchan, 0);
5054 hci_conn_hold(hcon);
5055
5056 l2cap_chan_unlock(bredr_chan);
5057 }
5058}
5059
606e2a10
AE		 5060static void hci_disconn_loglink_complete_evt(struct hci_dev *hdev,
5061 struct sk_buff *skb)
5062{
5063 struct hci_ev_disconn_logical_link_complete *ev = (void *) skb->data;
5064 struct hci_chan *hchan;
5065
5066 BT_DBG("%s log handle 0x%4.4x status 0x%2.2x", hdev->name,
5067 le16_to_cpu(ev->handle), ev->status);
5068
5069 if (ev->status)
5070 return;
5071
5072 hci_dev_lock(hdev);
5073
5074 hchan = hci_chan_lookup_handle(hdev, le16_to_cpu(ev->handle));
5c4c8c95 5075 if (!hchan || !hchan->amp)
606e2a10
AE		 5076 goto unlock;
5077
5078 amp_destroy_logical_link(hchan, ev->reason);
5079
5080unlock:
5081 hci_dev_unlock(hdev);
5082}
5083
9eef6b3a
AE		 5084static void hci_disconn_phylink_complete_evt(struct hci_dev *hdev,
5085 struct sk_buff *skb)
5086{
5087 struct hci_ev_disconn_phy_link_complete *ev = (void *) skb->data;
5088 struct hci_conn *hcon;
5089
5090 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
5091
5092 if (ev->status)
5093 return;
5094
5095 hci_dev_lock(hdev);
5096
5097 hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
5098 if (hcon) {
5099 hcon->state = BT_CLOSED;
5100 hci_conn_del(hcon);
5101 }
5102
5103 hci_dev_unlock(hdev);
5104}
a77a6a14 5105#endif
9eef6b3a 5106
d12fb056
JK		 5107static void le_conn_complete_evt(struct hci_dev *hdev, u8 status,
5108 bdaddr_t *bdaddr, u8 bdaddr_type, u8 role, u16 handle,
5109 u16 interval, u16 latency, u16 supervision_timeout)
fcd89c09 5110{
912b42ef 5111 struct hci_conn_params *params;
fcd89c09 5112 struct hci_conn *conn;
68d6f6de 5113 struct smp_irk *irk;
837d502e 5114 u8 addr_type;
fcd89c09 5115
fcd89c09
VT		 5116 hci_dev_lock(hdev);
5117
fbd96c15
JH		 5118 /* All controllers implicitly stop advertising in the event of a
5119 * connection, so ensure that the state bit is cleared.
5120 */
a358dc11 5121 hci_dev_clear_flag(hdev, HCI_LE_ADV);
fbd96c15 5122
e7d9ab73 5123 conn = hci_lookup_le_connect(hdev);
b62f328b 5124 if (!conn) {
d12fb056 5125 conn = hci_conn_add(hdev, LE_LINK, bdaddr, role);
b62f328b 5126 if (!conn) {
2064ee33 5127 bt_dev_err(hdev, "no memory for new connection");
230fd16a 5128 goto unlock;
b62f328b 5129 }
29b7988a 5130
d12fb056 5131 conn->dst_type = bdaddr_type;
b9b343d2 5132
cb1d68f7
JH		 5133 /* If we didn't have a hci_conn object previously
5134 * but we're in master role this must be something
5135 * initiated using a white list. Since white list based
5136 * connections are not "first class citizens" we don't
5137 * have full tracking of them. Therefore, we go ahead
5138 * with a "best effort" approach of determining the
5139 * initiator address based on the HCI_PRIVACY flag.
5140 */
5141 if (conn->out) {
d12fb056
JK		 5142 conn->resp_addr_type = bdaddr_type;
5143 bacpy(&conn->resp_addr, bdaddr);
d7a5a11d 5144 if (hci_dev_test_flag(hdev, HCI_PRIVACY)) {
cb1d68f7
JH		 5145 conn->init_addr_type = ADDR_LE_DEV_RANDOM;
5146 bacpy(&conn->init_addr, &hdev->rpa);
5147 } else {
5148 hci_copy_identity_address(hdev,
5149 &conn->init_addr,
5150 &conn->init_addr_type);
5151 }
cb1d68f7 5152 }
9489eca4
JH		 5153 } else {
5154 cancel_delayed_work(&conn->le_conn_timeout);
b62f328b 5155 }
fcd89c09 5156
80c24ab8
JH		 5157 if (!conn->out) {
5158 /* Set the responder (our side) address type based on
5159 * the advertising address type.
5160 */
5161 conn->resp_addr_type = hdev->adv_addr_type;
acf0aeae
JK		 5162 if (hdev->adv_addr_type == ADDR_LE_DEV_RANDOM) {
5163 /* In case of ext adv, resp_addr will be updated in
5164 * Adv Terminated event.
5165 */
5166 if (!ext_adv_capable(hdev))
5167 bacpy(&conn->resp_addr, &hdev->random_addr);
5168 } else {
80c24ab8 5169 bacpy(&conn->resp_addr, &hdev->bdaddr);
acf0aeae 5170 }
80c24ab8 5171
d12fb056
JK		 5172 conn->init_addr_type = bdaddr_type;
5173 bacpy(&conn->init_addr, bdaddr);
a720d735
MH		 5174
5175 /* For incoming connections, set the default minimum
5176 * and maximum connection interval. They will be used
5177 * to check if the parameters are in range and if not
5178 * trigger the connection update procedure.
5179 */
5180 conn->le_conn_min_interval = hdev->le_conn_min_interval;
5181 conn->le_conn_max_interval = hdev->le_conn_max_interval;
80c24ab8 5182 }
7be2edbb 5183
edb4b466
MH		 5184 /* Lookup the identity address from the stored connection
5185 * address and address type.
5186 *
5187 * When establishing connections to an identity address, the
5188 * connection procedure will store the resolvable random
5189 * address first. Now if it can be converted back into the
5190 * identity address, start using the identity address from
5191 * now on.
5192 */
5193 irk = hci_get_irk(hdev, &conn->dst, conn->dst_type);
68d6f6de
JH		 5194 if (irk) {
5195 bacpy(&conn->dst, &irk->bdaddr);
5196 conn->dst_type = irk->addr_type;
5197 }
5198
79699a70
SN		 5199 /* When using controller based address resolution, then the new
5200 * address types 0x02 and 0x03 are used. These types need to be
5201 * converted back into either public address or random address type
5202 */
5203 if (use_ll_privacy(hdev) &&
5204 hci_dev_test_flag(hdev, HCI_ENABLE_LL_PRIVACY) &&
5205 hci_dev_test_flag(hdev, HCI_LL_RPA_RESOLUTION)) {
5206 switch (conn->dst_type) {
5207 case ADDR_LE_DEV_PUBLIC_RESOLVED:
5208 conn->dst_type = ADDR_LE_DEV_PUBLIC;
5209 break;
5210 case ADDR_LE_DEV_RANDOM_RESOLVED:
5211 conn->dst_type = ADDR_LE_DEV_RANDOM;
5212 break;
5213 }
5214 }
5215
d12fb056
JK		 5216 if (status) {
5217 hci_le_conn_failed(conn, status);
837d502e
JH		 5218 goto unlock;
5219 }
5220
08853f18
JH		 5221 if (conn->dst_type == ADDR_LE_DEV_PUBLIC)
5222 addr_type = BDADDR_LE_PUBLIC;
5223 else
5224 addr_type = BDADDR_LE_RANDOM;
5225
2d3c2260
JH		 5226 /* Drop the connection if the device is blocked */
5227 if (hci_bdaddr_list_lookup(&hdev->blacklist, &conn->dst, addr_type)) {
5228 hci_conn_drop(conn);
cd17decb
AG		 5229 goto unlock;
5230 }
5231
b644ba33 5232 if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
1c6ed31b 5233 mgmt_device_connected(hdev, conn, NULL, 0);
83bc71b4 5234
7b5c0d52 5235 conn->sec_level = BT_SECURITY_LOW;
d12fb056 5236 conn->handle = handle;
0fe29fd1 5237 conn->state = BT_CONFIG;
fcd89c09 5238
d12fb056
JK		 5239 conn->le_conn_interval = interval;
5240 conn->le_conn_latency = latency;
5241 conn->le_supv_timeout = supervision_timeout;
e04fde60 5242
23b9ceb7 5243 hci_debugfs_create_conn(conn);
fcd89c09
VT		 5244 hci_conn_add_sysfs(conn);
5245
d17010bf
CIK		 5246 /* The remote features procedure is defined for master
5247 * role only. So only in case of an initiated connection
5248 * request the remote features.
5249 *
5250 * If the local controller supports slave-initiated features
5251 * exchange, then requesting the remote features in slave
5252 * role is possible. Otherwise just transition into the
5253 * connected state without requesting the remote features.
5254 */
5255 if (conn->out ||
5256 (hdev->le_features[0] & HCI_LE_SLAVE_FEATURES)) {
5257 struct hci_cp_le_read_remote_features cp;
0fe29fd1 5258
d17010bf 5259 cp.handle = __cpu_to_le16(conn->handle);
0fe29fd1 5260
d17010bf
CIK		 5261 hci_send_cmd(hdev, HCI_OP_LE_READ_REMOTE_FEATURES,
5262 sizeof(cp), &cp);
0fe29fd1 5263
d17010bf 5264 hci_conn_hold(conn);
0fe29fd1 5265 } else {
d17010bf 5266 conn->state = BT_CONNECTED;
d12fb056 5267 hci_connect_cfm(conn, status);
0fe29fd1 5268 }
fcd89c09 5269
5477610f
JH		 5270 params = hci_pend_le_action_lookup(&hdev->pend_le_conns, &conn->dst,
5271 conn->dst_type);
f161dd41 5272 if (params) {
95305baa 5273 list_del_init(&params->action);
f161dd41
JH		 5274 if (params->conn) {
5275 hci_conn_drop(params->conn);
f8aaf9b6 5276 hci_conn_put(params->conn);
f161dd41
JH		 5277 params->conn = NULL;
5278 }
5279 }
a4790dbd 5280
fcd89c09 5281unlock:
223683a5 5282 hci_update_background_scan(hdev);
fcd89c09
VT		 5283 hci_dev_unlock(hdev);
5284}
5285
d12fb056
JK		 5286static void hci_le_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
5287{
5288 struct hci_ev_le_conn_complete *ev = (void *) skb->data;
5289
5290 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
5291
5292 le_conn_complete_evt(hdev, ev->status, &ev->bdaddr, ev->bdaddr_type,
5293 ev->role, le16_to_cpu(ev->handle),
5294 le16_to_cpu(ev->interval),
5295 le16_to_cpu(ev->latency),
5296 le16_to_cpu(ev->supervision_timeout));
5297}
5298
4d94f95d
JK		 5299static void hci_le_enh_conn_complete_evt(struct hci_dev *hdev,
5300 struct sk_buff *skb)
5301{
5302 struct hci_ev_le_enh_conn_complete *ev = (void *) skb->data;
5303
5304 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
5305
5306 le_conn_complete_evt(hdev, ev->status, &ev->bdaddr, ev->bdaddr_type,
5307 ev->role, le16_to_cpu(ev->handle),
5308 le16_to_cpu(ev->interval),
5309 le16_to_cpu(ev->latency),
5310 le16_to_cpu(ev->supervision_timeout));
5c49bcce
SN		 5311
5312 if (use_ll_privacy(hdev) &&
cbbdfa6f 5313 hci_dev_test_flag(hdev, HCI_ENABLE_LL_PRIVACY) &&
5c49bcce
SN		 5314 hci_dev_test_flag(hdev, HCI_LL_RPA_RESOLUTION))
5315 hci_req_disable_address_resolution(hdev);
4d94f95d
JK		 5316}
5317
acf0aeae
JK		 5318static void hci_le_ext_adv_term_evt(struct hci_dev *hdev, struct sk_buff *skb)
5319{
5320 struct hci_evt_le_ext_adv_set_term *ev = (void *) skb->data;
5321 struct hci_conn *conn;
5322
5323 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
5324
5325 if (ev->status)
5326 return;
5327
5328 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->conn_handle));
5329 if (conn) {
5330 struct adv_info *adv_instance;
5331
5332 if (hdev->adv_addr_type != ADDR_LE_DEV_RANDOM)
5333 return;
5334
25e70886 5335 if (!ev->handle) {
acf0aeae
JK		 5336 bacpy(&conn->resp_addr, &hdev->random_addr);
5337 return;
5338 }
5339
25e70886 5340 adv_instance = hci_find_adv_instance(hdev, ev->handle);
acf0aeae
JK		 5341 if (adv_instance)
5342 bacpy(&conn->resp_addr, &adv_instance->random_addr);
5343 }
5344}
5345
1855d92d
MH		 5346static void hci_le_conn_update_complete_evt(struct hci_dev *hdev,
5347 struct sk_buff *skb)
5348{
5349 struct hci_ev_le_conn_update_complete *ev = (void *) skb->data;
5350 struct hci_conn *conn;
5351
5352 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
5353
5354 if (ev->status)
5355 return;
5356
5357 hci_dev_lock(hdev);
5358
5359 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
5360 if (conn) {
5361 conn->le_conn_interval = le16_to_cpu(ev->interval);
5362 conn->le_conn_latency = le16_to_cpu(ev->latency);
5363 conn->le_supv_timeout = le16_to_cpu(ev->supervision_timeout);
5364 }
5365
5366 hci_dev_unlock(hdev);
5367}
5368
a4790dbd 5369/* This function requires the caller holds hdev->lock */
fd45ada9
AA		 5370static struct hci_conn *check_pending_le_conn(struct hci_dev *hdev,
5371 bdaddr_t *addr,
082f2300
SJ		 5372 u8 addr_type, u8 adv_type,
5373 bdaddr_t *direct_rpa)
a4790dbd
AG		 5374{
5375 struct hci_conn *conn;
4b9e7e75 5376 struct hci_conn_params *params;
a4790dbd 5377
1c1abcab
JH		 5378 /* If the event is not connectable don't proceed further */
5379 if (adv_type != LE_ADV_IND && adv_type != LE_ADV_DIRECT_IND)
fd45ada9 5380 return NULL;
1c1abcab
JH		 5381
5382 /* Ignore if the device is blocked */
dcc36c16 5383 if (hci_bdaddr_list_lookup(&hdev->blacklist, addr, addr_type))
fd45ada9 5384 return NULL;
1c1abcab 5385
f99353cf
JH		 5386 /* Most controller will fail if we try to create new connections
5387 * while we have an existing one in slave role.
5388 */
4364f2e9
AM		 5389 if (hdev->conn_hash.le_num_slave > 0 &&
5390 (!test_bit(HCI_QUIRK_VALID_LE_STATES, &hdev->quirks) ||
5391 !(hdev->le_states[3] & 0x10)))
fd45ada9 5392 return NULL;
f99353cf 5393
1c1abcab
JH		 5394 /* If we're not connectable only connect devices that we have in
5395 * our pend_le_conns list.
5396 */
49c50922
JH		 5397 params = hci_pend_le_action_lookup(&hdev->pend_le_conns, addr,
5398 addr_type);
4b9e7e75 5399 if (!params)
fd45ada9 5400 return NULL;
4b9e7e75 5401
28a667c9
JP		 5402 if (!params->explicit_connect) {
5403 switch (params->auto_connect) {
5404 case HCI_AUTO_CONN_DIRECT:
5405 /* Only devices advertising with ADV_DIRECT_IND are
5406 * triggering a connection attempt. This is allowing
5407 * incoming connections from slave devices.
5408 */
5409 if (adv_type != LE_ADV_DIRECT_IND)
5410 return NULL;
5411 break;
5412 case HCI_AUTO_CONN_ALWAYS:
5413 /* Devices advertising with ADV_IND or ADV_DIRECT_IND
5414 * are triggering a connection attempt. This means
1e5479be 5415 * that incoming connections from slave device are
28a667c9
JP		 5416 * accepted and also outgoing connections to slave
5417 * devices are established when found.
5418 */
5419 break;
5420 default:
fd45ada9 5421 return NULL;
28a667c9 5422 }
4b9e7e75 5423 }
a4790dbd
AG		 5424
5425 conn = hci_connect_le(hdev, addr, addr_type, BT_SECURITY_LOW,
49b020c1 5426 hdev->def_le_autoconnect_timeout, HCI_ROLE_MASTER,
082f2300 5427 direct_rpa);
f161dd41 5428 if (!IS_ERR(conn)) {
28a667c9
JP		 5429 /* If HCI_AUTO_CONN_EXPLICIT is set, conn is already owned
5430 * by higher layer that tried to connect, if no then
5431 * store the pointer since we don't really have any
f161dd41
JH		 5432 * other owner of the object besides the params that
5433 * triggered it. This way we can abort the connection if
5434 * the parameters get removed and keep the reference
5435 * count consistent once the connection is established.
5436 */
28a667c9
JP		 5437
5438 if (!params->explicit_connect)
5439 params->conn = hci_conn_get(conn);
5440
fd45ada9 5441 return conn;
f161dd41 5442 }
a4790dbd
AG		 5443
5444 switch (PTR_ERR(conn)) {
5445 case -EBUSY:
5446 /* If hci_connect() returns -EBUSY it means there is already
5447 * an LE connection attempt going on. Since controllers don't
5448 * support more than one connection attempt at the time, we
5449 * don't consider this an error case.
5450 */
5451 break;
5452 default:
5453 BT_DBG("Failed to connect: err %ld", PTR_ERR(conn));
fd45ada9 5454 return NULL;
a4790dbd 5455 }
fd45ada9
AA		 5456
5457 return NULL;
a4790dbd
AG		 5458}
5459
4af605d8 5460static void process_adv_report(struct hci_dev *hdev, u8 type, bdaddr_t *bdaddr,
2f010b55 5461 u8 bdaddr_type, bdaddr_t *direct_addr,
a2ec905d
AM		 5462 u8 direct_addr_type, s8 rssi, u8 *data, u8 len,
5463 bool ext_adv)
4af605d8 5464{
b9a6328f 5465 struct discovery_state *d = &hdev->discovery;
1c1abcab 5466 struct smp_irk *irk;
fd45ada9 5467 struct hci_conn *conn;
474ee066 5468 bool match;
c70a7e4c 5469 u32 flags;
1c58e933 5470 u8 *ptr;
6818375e 5471
56b40fbf
JH		 5472 switch (type) {
5473 case LE_ADV_IND:
5474 case LE_ADV_DIRECT_IND:
5475 case LE_ADV_SCAN_IND:
5476 case LE_ADV_NONCONN_IND:
5477 case LE_ADV_SCAN_RSP:
5478 break;
5479 default:
2064ee33
MH		 5480 bt_dev_err_ratelimited(hdev, "unknown advertising packet "
5481 "type: 0x%02x", type);
56b40fbf
JH		 5482 return;
5483 }
5484
a2ec905d
AM		 5485 if (!ext_adv && len > HCI_MAX_AD_LENGTH) {
5486 bt_dev_err_ratelimited(hdev, "legacy adv larger than 31 bytes");
5487 return;
5488 }
5489
6818375e
SJ		 5490 /* Find the end of the data in case the report contains padded zero
5491 * bytes at the end causing an invalid length value.
5492 *
5493 * When data is NULL, len is 0 so there is no need for extra ptr
5494 * check as 'ptr < data + 0' is already false in such case.
5495 */
5496 for (ptr = data; ptr < data + len && *ptr; ptr += *ptr + 1) {
5497 if (ptr + 1 + *ptr > data + len)
5498 break;
5499 }
5500
1c58e933
SJ		 5501 /* Adjust for actual length. This handles the case when remote
5502 * device is advertising with incorrect data length.
5503 */
5504 len = ptr - data;
b9a6328f 5505
2f010b55
MH		 5506 /* If the direct address is present, then this report is from
5507 * a LE Direct Advertising Report event. In that case it is
5508 * important to see if the address is matching the local
5509 * controller address.
5510 */
5511 if (direct_addr) {
5512 /* Only resolvable random addresses are valid for these
5513 * kind of reports and others can be ignored.
5514 */
5515 if (!hci_bdaddr_is_rpa(direct_addr, direct_addr_type))
5516 return;
5517
5518 /* If the controller is not using resolvable random
5519 * addresses, then this report can be ignored.
5520 */
d7a5a11d 5521 if (!hci_dev_test_flag(hdev, HCI_PRIVACY))
2f010b55
MH		 5522 return;
5523
5524 /* If the local IRK of the controller does not match
5525 * with the resolvable random address provided, then
5526 * this report can be ignored.
5527 */
5528 if (!smp_irk_matches(hdev, hdev->irk, direct_addr))
5529 return;
5530 }
5531
1c1abcab
JH		 5532 /* Check if we need to convert to identity address */
5533 irk = hci_get_irk(hdev, bdaddr, bdaddr_type);
5534 if (irk) {
5535 bdaddr = &irk->bdaddr;
5536 bdaddr_type = irk->addr_type;
5537 }
5538
082f2300
SJ		 5539 /* Check if we have been requested to connect to this device.
5540 *
5541 * direct_addr is set only for directed advertising reports (it is NULL
5542 * for advertising reports) and is already verified to be RPA above.
5543 */
5544 conn = check_pending_le_conn(hdev, bdaddr, bdaddr_type, type,
5545 direct_addr);
a2ec905d 5546 if (!ext_adv && conn && type == LE_ADV_IND && len <= HCI_MAX_AD_LENGTH) {
fd45ada9
AA		 5547 /* Store report for later inclusion by
5548 * mgmt_device_connected
5549 */
5550 memcpy(conn->le_adv_data, data, len);
5551 conn->le_adv_data_len = len;
5552 }
1c1abcab 5553
0d2bf134
JH		 5554 /* Passive scanning shouldn't trigger any device found events,
5555 * except for devices marked as CONN_REPORT for which we do send
8208f5a9 5556 * device found events, or advertisement monitoring requested.
0d2bf134 5557 */
ca5c4be7 5558 if (hdev->le_scan_type == LE_SCAN_PASSIVE) {
0d2bf134
JH		 5559 if (type == LE_ADV_DIRECT_IND)
5560 return;
5561
3a19b6fe 5562 if (!hci_pend_le_action_lookup(&hdev->pend_le_reports,
8208f5a9
MC		 5563 bdaddr, bdaddr_type) &&
5564 idr_is_empty(&hdev->adv_monitors_idr))
0d2bf134
JH		 5565 return;
5566
5567 if (type == LE_ADV_NONCONN_IND || type == LE_ADV_SCAN_IND)
5568 flags = MGMT_DEV_FOUND_NOT_CONNECTABLE;
5569 else
5570 flags = 0;
5571 mgmt_device_found(hdev, bdaddr, LE_LINK, bdaddr_type, NULL,
5572 rssi, flags, data, len, NULL, 0);
97bf2e99 5573 return;
ca5c4be7 5574 }
4af605d8 5575
c70a7e4c
MH		 5576 /* When receiving non-connectable or scannable undirected
5577 * advertising reports, this means that the remote device is
5578 * not connectable and then clearly indicate this in the
5579 * device found event.
5580 *
5581 * When receiving a scan response, then there is no way to
5582 * know if the remote device is connectable or not. However
5583 * since scan responses are merged with a previously seen
5584 * advertising report, the flags field from that report
5585 * will be used.
5586 *
5587 * In the really unlikely case that a controller get confused
5588 * and just sends a scan response event, then it is marked as
5589 * not connectable as well.
5590 */
5591 if (type == LE_ADV_NONCONN_IND || type == LE_ADV_SCAN_IND ||
5592 type == LE_ADV_SCAN_RSP)
5593 flags = MGMT_DEV_FOUND_NOT_CONNECTABLE;
5594 else
5595 flags = 0;
5596
b9a6328f
JH		 5597 /* If there's nothing pending either store the data from this
5598 * event or send an immediate device found event if the data
5599 * should not be stored for later.
5600 */
a2ec905d 5601 if (!ext_adv && !has_pending_adv_report(hdev)) {
b9a6328f
JH		 5602 /* If the report will trigger a SCAN_REQ store it for
5603 * later merging.
5604 */
5605 if (type == LE_ADV_IND || type == LE_ADV_SCAN_IND) {
5606 store_pending_adv_report(hdev, bdaddr, bdaddr_type,
c70a7e4c 5607 rssi, flags, data, len);
b9a6328f
JH		 5608 return;
5609 }
5610
5611 mgmt_device_found(hdev, bdaddr, LE_LINK, bdaddr_type, NULL,
c70a7e4c 5612 rssi, flags, data, len, NULL, 0);
b9a6328f
JH		 5613 return;
5614 }
5615
474ee066
JH		 5616 /* Check if the pending report is for the same device as the new one */
5617 match = (!bacmp(bdaddr, &d->last_adv_addr) &&
5618 bdaddr_type == d->last_adv_addr_type);
5619
b9a6328f
JH		 5620 /* If the pending data doesn't match this report or this isn't a
5621 * scan response (e.g. we got a duplicate ADV_IND) then force
5622 * sending of the pending data.
5623 */
474ee066
JH		 5624 if (type != LE_ADV_SCAN_RSP || !match) {
5625 /* Send out whatever is in the cache, but skip duplicates */
5626 if (!match)
5627 mgmt_device_found(hdev, &d->last_adv_addr, LE_LINK,
ff5cd29f 5628 d->last_adv_addr_type, NULL,
c70a7e4c 5629 d->last_adv_rssi, d->last_adv_flags,
ff5cd29f 5630 d->last_adv_data,
474ee066 5631 d->last_adv_data_len, NULL, 0);
b9a6328f
JH		 5632
5633 /* If the new report will trigger a SCAN_REQ store it for
5634 * later merging.
5635 */
a2ec905d
AM		 5636 if (!ext_adv && (type == LE_ADV_IND ||
5637 type == LE_ADV_SCAN_IND)) {
b9a6328f 5638 store_pending_adv_report(hdev, bdaddr, bdaddr_type,
c70a7e4c 5639 rssi, flags, data, len);
b9a6328f
JH		 5640 return;
5641 }
5642
5643 /* The advertising reports cannot be merged, so clear
5644 * the pending report and send out a device found event.
5645 */
5646 clear_pending_adv_report(hdev);
5c5b93e4 5647 mgmt_device_found(hdev, bdaddr, LE_LINK, bdaddr_type, NULL,
c70a7e4c 5648 rssi, flags, data, len, NULL, 0);
b9a6328f
JH		 5649 return;
5650 }
5651
5652 /* If we get here we've got a pending ADV_IND or ADV_SCAN_IND and
5653 * the new event is a SCAN_RSP. We can therefore proceed with
5654 * sending a merged device found event.
5655 */
5656 mgmt_device_found(hdev, &d->last_adv_addr, LE_LINK,
c70a7e4c 5657 d->last_adv_addr_type, NULL, rssi, d->last_adv_flags,
42bd6a56 5658 d->last_adv_data, d->last_adv_data_len, data, len);
b9a6328f 5659 clear_pending_adv_report(hdev);
4af605d8
JH		 5660}
5661
6039aa73 5662static void hci_le_adv_report_evt(struct hci_dev *hdev, struct sk_buff *skb)
9aa04c91 5663{
e95beb41
AG		 5664 u8 num_reports = skb->data[0];
5665 void *ptr = &skb->data[1];
9aa04c91 5666
a4790dbd
AG		 5667 hci_dev_lock(hdev);
5668
e95beb41
AG		 5669 while (num_reports--) {
5670 struct hci_ev_le_advertising_info *ev = ptr;
4af605d8 5671 s8 rssi;
a4790dbd 5672
ee649346
CC		 5673 if (ev->length <= HCI_MAX_AD_LENGTH) {
5674 rssi = ev->data[ev->length];
5675 process_adv_report(hdev, ev->evt_type, &ev->bdaddr,
5676 ev->bdaddr_type, NULL, 0, rssi,
a2ec905d 5677 ev->data, ev->length, false);
ee649346
CC		 5678 } else {
5679 bt_dev_err(hdev, "Dropping invalid advertising data");
5680 }
3c9e9195 5681
e95beb41 5682 ptr += sizeof(*ev) + ev->length + 1;
9aa04c91 5683 }
a4790dbd
AG		 5684
5685 hci_dev_unlock(hdev);
9aa04c91
AG		 5686}
5687
657cc646 5688static u8 ext_evt_type_to_legacy(struct hci_dev *hdev, u16 evt_type)
b2cc9761
JK		 5689{
5690 if (evt_type & LE_EXT_ADV_LEGACY_PDU) {
5691 switch (evt_type) {
5692 case LE_LEGACY_ADV_IND:
5693 return LE_ADV_IND;
5694 case LE_LEGACY_ADV_DIRECT_IND:
5695 return LE_ADV_DIRECT_IND;
5696 case LE_LEGACY_ADV_SCAN_IND:
5697 return LE_ADV_SCAN_IND;
5698 case LE_LEGACY_NONCONN_IND:
5699 return LE_ADV_NONCONN_IND;
5700 case LE_LEGACY_SCAN_RSP_ADV:
5701 case LE_LEGACY_SCAN_RSP_ADV_SCAN:
5702 return LE_ADV_SCAN_RSP;
5703 }
5704
657cc646 5705 goto invalid;
b2cc9761
JK		 5706 }
5707
5708 if (evt_type & LE_EXT_ADV_CONN_IND) {
5709 if (evt_type & LE_EXT_ADV_DIRECT_IND)
5710 return LE_ADV_DIRECT_IND;
5711
c215e939 5712 return LE_ADV_IND;
b2cc9761
JK		 5713 }
5714
5715 if (evt_type & LE_EXT_ADV_SCAN_RSP)
5716 return LE_ADV_SCAN_RSP;
5717
5718 if (evt_type & LE_EXT_ADV_SCAN_IND)
c215e939 5719 return LE_ADV_SCAN_IND;
b2cc9761
JK		 5720
5721 if (evt_type == LE_EXT_ADV_NON_CONN_IND ||
5722 evt_type & LE_EXT_ADV_DIRECT_IND)
c215e939 5723 return LE_ADV_NONCONN_IND;
c215e939 5724
657cc646
MH		 5725invalid:
5726 bt_dev_err_ratelimited(hdev, "Unknown advertising packet type: 0x%02x",
5727 evt_type);
c215e939
JK		 5728
5729 return LE_ADV_INVALID;
5730}
5731
5732static void hci_le_ext_adv_report_evt(struct hci_dev *hdev, struct sk_buff *skb)
5733{
5734 u8 num_reports = skb->data[0];
5735 void *ptr = &skb->data[1];
5736
5737 hci_dev_lock(hdev);
5738
5739 while (num_reports--) {
5740 struct hci_ev_le_ext_adv_report *ev = ptr;
5741 u8 legacy_evt_type;
5742 u16 evt_type;
5743
5744 evt_type = __le16_to_cpu(ev->evt_type);
657cc646 5745 legacy_evt_type = ext_evt_type_to_legacy(hdev, evt_type);
c215e939
JK		 5746 if (legacy_evt_type != LE_ADV_INVALID) {
5747 process_adv_report(hdev, legacy_evt_type, &ev->bdaddr,
5748 ev->bdaddr_type, NULL, 0, ev->rssi,
a2ec905d
AM		 5749 ev->data, ev->length,
5750 !(evt_type & LE_EXT_ADV_LEGACY_PDU));
c215e939
JK		 5751 }
5752
cd9151b6 5753 ptr += sizeof(*ev) + ev->length;
c215e939
JK		 5754 }
5755
5756 hci_dev_unlock(hdev);
5757}
5758
0fe29fd1
MH		 5759static void hci_le_remote_feat_complete_evt(struct hci_dev *hdev,
5760 struct sk_buff *skb)
5761{
5762 struct hci_ev_le_remote_feat_complete *ev = (void *)skb->data;
5763 struct hci_conn *conn;
5764
5765 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
5766
5767 hci_dev_lock(hdev);
5768
5769 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
5770 if (conn) {
5771 if (!ev->status)
5772 memcpy(conn->features[0], ev->features, 8);
5773
5774 if (conn->state == BT_CONFIG) {
5775 __u8 status;
5776
5777 /* If the local controller supports slave-initiated
5778 * features exchange, but the remote controller does
5779 * not, then it is possible that the error code 0x1a
5780 * for unsupported remote feature gets returned.
5781 *
5782 * In this specific case, allow the connection to
5783 * transition into connected state and mark it as
5784 * successful.
5785 */
5786 if ((hdev->le_features[0] & HCI_LE_SLAVE_FEATURES) &&
5787 !conn->out && ev->status == 0x1a)
5788 status = 0x00;
5789 else
5790 status = ev->status;
5791
5792 conn->state = BT_CONNECTED;
5793 hci_connect_cfm(conn, status);
5794 hci_conn_drop(conn);
5795 }
5796 }
5797
5798 hci_dev_unlock(hdev);
5799}
5800
6039aa73 5801static void hci_le_ltk_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
a7a595f6
VCG		 5802{
5803 struct hci_ev_le_ltk_req *ev = (void *) skb->data;
5804 struct hci_cp_le_ltk_reply cp;
bea710fe 5805 struct hci_cp_le_ltk_neg_reply neg;
a7a595f6 5806 struct hci_conn *conn;
c9839a11 5807 struct smp_ltk *ltk;
a7a595f6 5808
9f1db00c 5809 BT_DBG("%s handle 0x%4.4x", hdev->name, __le16_to_cpu(ev->handle));
a7a595f6
VCG		 5810
5811 hci_dev_lock(hdev);
5812
5813 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
bea710fe
VCG		 5814 if (conn == NULL)
5815 goto not_found;
a7a595f6 5816
f3a73d97 5817 ltk = hci_find_ltk(hdev, &conn->dst, conn->dst_type, conn->role);
5378bc56 5818 if (!ltk)
bea710fe
VCG		 5819 goto not_found;
5820
5378bc56
JH		 5821 if (smp_ltk_is_sc(ltk)) {
5822 /* With SC both EDiv and Rand are set to zero */
5823 if (ev->ediv || ev->rand)
5824 goto not_found;
5825 } else {
5826 /* For non-SC keys check that EDiv and Rand match */
5827 if (ev->ediv != ltk->ediv || ev->rand != ltk->rand)
5828 goto not_found;
5829 }
5830
8b76ce34
JH		 5831 memcpy(cp.ltk, ltk->val, ltk->enc_size);
5832 memset(cp.ltk + ltk->enc_size, 0, sizeof(cp.ltk) - ltk->enc_size);
a7a595f6 5833 cp.handle = cpu_to_le16(conn->handle);
c9839a11 5834
a6f7833c 5835 conn->pending_sec_level = smp_ltk_sec_level(ltk);
a7a595f6 5836
89cbb4da 5837 conn->enc_key_size = ltk->enc_size;
a7a595f6
VCG		 5838
5839 hci_send_cmd(hdev, HCI_OP_LE_LTK_REPLY, sizeof(cp), &cp);
5840
5981a882
CT		 5841 /* Ref. Bluetooth Core SPEC pages 1975 and 2004. STK is a
5842 * temporary key used to encrypt a connection following
5843 * pairing. It is used during the Encrypted Session Setup to
5844 * distribute the keys. Later, security can be re-established
5845 * using a distributed LTK.
5846 */
2ceba539 5847 if (ltk->type == SMP_STK) {
fe59a05f 5848 set_bit(HCI_CONN_STK_ENCRYPT, &conn->flags);
970d0f1b
JH		 5849 list_del_rcu(&ltk->list);
5850 kfree_rcu(ltk, rcu);
fe59a05f
JH		 5851 } else {
5852 clear_bit(HCI_CONN_STK_ENCRYPT, &conn->flags);
c9839a11
VCG		 5853 }
5854
a7a595f6 5855 hci_dev_unlock(hdev);
bea710fe
VCG		 5856
5857 return;
5858
5859not_found:
5860 neg.handle = ev->handle;
5861 hci_send_cmd(hdev, HCI_OP_LE_LTK_NEG_REPLY, sizeof(neg), &neg);
5862 hci_dev_unlock(hdev);
a7a595f6
VCG		 5863}
5864
8e75b46a
AG		 5865static void send_conn_param_neg_reply(struct hci_dev *hdev, u16 handle,
5866 u8 reason)
5867{
5868 struct hci_cp_le_conn_param_req_neg_reply cp;
5869
5870 cp.handle = cpu_to_le16(handle);
5871 cp.reason = reason;
5872
5873 hci_send_cmd(hdev, HCI_OP_LE_CONN_PARAM_REQ_NEG_REPLY, sizeof(cp),
5874 &cp);
5875}
5876
5877static void hci_le_remote_conn_param_req_evt(struct hci_dev *hdev,
5878 struct sk_buff *skb)
5879{
5880 struct hci_ev_le_remote_conn_param_req *ev = (void *) skb->data;
5881 struct hci_cp_le_conn_param_req_reply cp;
5882 struct hci_conn *hcon;
5883 u16 handle, min, max, latency, timeout;
5884
5885 handle = le16_to_cpu(ev->handle);
5886 min = le16_to_cpu(ev->interval_min);
5887 max = le16_to_cpu(ev->interval_max);
5888 latency = le16_to_cpu(ev->latency);
5889 timeout = le16_to_cpu(ev->timeout);
5890
5891 hcon = hci_conn_hash_lookup_handle(hdev, handle);
5892 if (!hcon || hcon->state != BT_CONNECTED)
5893 return send_conn_param_neg_reply(hdev, handle,
5894 HCI_ERROR_UNKNOWN_CONN_ID);
5895
5896 if (hci_check_conn_params(min, max, latency, timeout))
5897 return send_conn_param_neg_reply(hdev, handle,
5898 HCI_ERROR_INVALID_LL_PARAMS);
5899
40bef302 5900 if (hcon->role == HCI_ROLE_MASTER) {
348d50b8 5901 struct hci_conn_params *params;
f4869e2a 5902 u8 store_hint;
348d50b8
JH		 5903
5904 hci_dev_lock(hdev);
5905
5906 params = hci_conn_params_lookup(hdev, &hcon->dst,
5907 hcon->dst_type);
5908 if (params) {
5909 params->conn_min_interval = min;
5910 params->conn_max_interval = max;
5911 params->conn_latency = latency;
5912 params->supervision_timeout = timeout;
f4869e2a 5913 store_hint = 0x01;
149b3f13 5914 } else {
f4869e2a 5915 store_hint = 0x00;
348d50b8
JH		 5916 }
5917
5918 hci_dev_unlock(hdev);
5919
f4869e2a
JH		 5920 mgmt_new_conn_param(hdev, &hcon->dst, hcon->dst_type,
5921 store_hint, min, max, latency, timeout);
348d50b8 5922 }
ffb5a827 5923
8e75b46a
AG		 5924 cp.handle = ev->handle;
5925 cp.interval_min = ev->interval_min;
5926 cp.interval_max = ev->interval_max;
5927 cp.latency = ev->latency;
5928 cp.timeout = ev->timeout;
5929 cp.min_ce_len = 0;
5930 cp.max_ce_len = 0;
5931
5932 hci_send_cmd(hdev, HCI_OP_LE_CONN_PARAM_REQ_REPLY, sizeof(cp), &cp);
5933}
5934
2f010b55
MH		 5935static void hci_le_direct_adv_report_evt(struct hci_dev *hdev,
5936 struct sk_buff *skb)
5937{
5938 u8 num_reports = skb->data[0];
f7e0e8b2 5939 struct hci_ev_le_direct_adv_info *ev = (void *)&skb->data[1];
2f010b55 5940
f7e0e8b2
PY		 5941 if (!num_reports || skb->len < num_reports * sizeof(*ev) + 1)
5942 return;
2f010b55 5943
f7e0e8b2 5944 hci_dev_lock(hdev);
2f010b55 5945
f7e0e8b2 5946 for (; num_reports; num_reports--, ev++)
2f010b55
MH		 5947 process_adv_report(hdev, ev->evt_type, &ev->bdaddr,
5948 ev->bdaddr_type, &ev->direct_addr,
a2ec905d
AM		 5949 ev->direct_addr_type, ev->rssi, NULL, 0,
5950 false);
2f010b55 5951
2f010b55
MH		 5952 hci_dev_unlock(hdev);
5953}
5954
1efd927d
LAD		 5955static void hci_le_phy_update_evt(struct hci_dev *hdev, struct sk_buff *skb)
5956{
5957 struct hci_ev_le_phy_update_complete *ev = (void *) skb->data;
5958 struct hci_conn *conn;
5959
5960 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
5961
87df8bcc 5962 if (ev->status)
1efd927d
LAD		 5963 return;
5964
5965 hci_dev_lock(hdev);
5966
5967 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
5968 if (!conn)
5969 goto unlock;
5970
5971 conn->le_tx_phy = ev->tx_phy;
5972 conn->le_rx_phy = ev->rx_phy;
5973
5974unlock:
5975 hci_dev_unlock(hdev);
5976}
5977
6039aa73 5978static void hci_le_meta_evt(struct hci_dev *hdev, struct sk_buff *skb)
fcd89c09
VT		 5979{
5980 struct hci_ev_le_meta *le_ev = (void *) skb->data;
5981
5982 skb_pull(skb, sizeof(*le_ev));
5983
5984 switch (le_ev->subevent) {
5985 case HCI_EV_LE_CONN_COMPLETE:
5986 hci_le_conn_complete_evt(hdev, skb);
5987 break;
5988
1855d92d
MH		 5989 case HCI_EV_LE_CONN_UPDATE_COMPLETE:
5990 hci_le_conn_update_complete_evt(hdev, skb);
5991 break;
5992
9aa04c91
AG		 5993 case HCI_EV_LE_ADVERTISING_REPORT:
5994 hci_le_adv_report_evt(hdev, skb);
5995 break;
5996
0fe29fd1
MH		 5997 case HCI_EV_LE_REMOTE_FEAT_COMPLETE:
5998 hci_le_remote_feat_complete_evt(hdev, skb);
5999 break;
6000
a7a595f6
VCG		 6001 case HCI_EV_LE_LTK_REQ:
6002 hci_le_ltk_request_evt(hdev, skb);
6003 break;
6004
8e75b46a
AG		 6005 case HCI_EV_LE_REMOTE_CONN_PARAM_REQ:
6006 hci_le_remote_conn_param_req_evt(hdev, skb);
6007 break;
6008
2f010b55
MH		 6009 case HCI_EV_LE_DIRECT_ADV_REPORT:
6010 hci_le_direct_adv_report_evt(hdev, skb);
6011 break;
6012
1efd927d
LAD		 6013 case HCI_EV_LE_PHY_UPDATE_COMPLETE:
6014 hci_le_phy_update_evt(hdev, skb);
6015 break;
6016
c215e939
JK		 6017 case HCI_EV_LE_EXT_ADV_REPORT:
6018 hci_le_ext_adv_report_evt(hdev, skb);
6019 break;
6020
4d94f95d
JK		 6021 case HCI_EV_LE_ENHANCED_CONN_COMPLETE:
6022 hci_le_enh_conn_complete_evt(hdev, skb);
6023 break;
6024
acf0aeae
JK		 6025 case HCI_EV_LE_EXT_ADV_SET_TERM:
6026 hci_le_ext_adv_term_evt(hdev, skb);
6027 break;
6028
fcd89c09
VT		 6029 default:
6030 break;
6031 }
6032}
6033
757aa0b5
JH		 6034static bool hci_get_cmd_complete(struct hci_dev *hdev, u16 opcode,
6035 u8 event, struct sk_buff *skb)
6036{
6037 struct hci_ev_cmd_complete *ev;
6038 struct hci_event_hdr *hdr;
6039
6040 if (!skb)
6041 return false;
6042
6043 if (skb->len < sizeof(*hdr)) {
2064ee33 6044 bt_dev_err(hdev, "too short HCI event");
757aa0b5
JH		 6045 return false;
6046 }
6047
6048 hdr = (void *) skb->data;
6049 skb_pull(skb, HCI_EVENT_HDR_SIZE);
6050
6051 if (event) {
6052 if (hdr->evt != event)
6053 return false;
6054 return true;
6055 }
6056
91641b79 6057 /* Check if request ended in Command Status - no way to retrieve
1629db9c
JH		 6058 * any extra parameters in this case.
6059 */
6060 if (hdr->evt == HCI_EV_CMD_STATUS)
6061 return false;
6062
757aa0b5 6063 if (hdr->evt != HCI_EV_CMD_COMPLETE) {
2064ee33
MH		 6064 bt_dev_err(hdev, "last event is not cmd complete (0x%2.2x)",
6065 hdr->evt);
757aa0b5
JH		 6066 return false;
6067 }
6068
6069 if (skb->len < sizeof(*ev)) {
2064ee33 6070 bt_dev_err(hdev, "too short cmd_complete event");
757aa0b5
JH		 6071 return false;
6072 }
6073
6074 ev = (void *) skb->data;
6075 skb_pull(skb, sizeof(*ev));
6076
6077 if (opcode != __le16_to_cpu(ev->opcode)) {
6078 BT_DBG("opcode doesn't match (0x%2.2x != 0x%2.2x)", opcode,
6079 __le16_to_cpu(ev->opcode));
6080 return false;
6081 }
6082
6083 return true;
6084}
6085
2f20216c
APS		 6086static void hci_store_wake_reason(struct hci_dev *hdev, u8 event,
6087 struct sk_buff *skb)
6088{
6089 struct hci_ev_le_advertising_info *adv;
6090 struct hci_ev_le_direct_adv_info *direct_adv;
6091 struct hci_ev_le_ext_adv_report *ext_adv;
6092 const struct hci_ev_conn_complete *conn_complete = (void *)skb->data;
6093 const struct hci_ev_conn_request *conn_request = (void *)skb->data;
6094
6095 hci_dev_lock(hdev);
6096
6097 /* If we are currently suspended and this is the first BT event seen,
6098 * save the wake reason associated with the event.
6099 */
6100 if (!hdev->suspended || hdev->wake_reason)
6101 goto unlock;
6102
6103 /* Default to remote wake. Values for wake_reason are documented in the
6104 * Bluez mgmt api docs.
6105 */
6106 hdev->wake_reason = MGMT_WAKE_REASON_REMOTE_WAKE;
6107
6108 /* Once configured for remote wakeup, we should only wake up for
6109 * reconnections. It's useful to see which device is waking us up so
6110 * keep track of the bdaddr of the connection event that woke us up.
6111 */
6112 if (event == HCI_EV_CONN_REQUEST) {
6113 bacpy(&hdev->wake_addr, &conn_complete->bdaddr);
6114 hdev->wake_addr_type = BDADDR_BREDR;
6115 } else if (event == HCI_EV_CONN_COMPLETE) {
6116 bacpy(&hdev->wake_addr, &conn_request->bdaddr);
6117 hdev->wake_addr_type = BDADDR_BREDR;
6118 } else if (event == HCI_EV_LE_META) {
6119 struct hci_ev_le_meta *le_ev = (void *)skb->data;
6120 u8 subevent = le_ev->subevent;
6121 u8 *ptr = &skb->data[sizeof(*le_ev)];
6122 u8 num_reports = *ptr;
6123
6124 if ((subevent == HCI_EV_LE_ADVERTISING_REPORT ||
6125 subevent == HCI_EV_LE_DIRECT_ADV_REPORT ||
6126 subevent == HCI_EV_LE_EXT_ADV_REPORT) &&
6127 num_reports) {
6128 adv = (void *)(ptr + 1);
6129 direct_adv = (void *)(ptr + 1);
6130 ext_adv = (void *)(ptr + 1);
6131
6132 switch (subevent) {
6133 case HCI_EV_LE_ADVERTISING_REPORT:
6134 bacpy(&hdev->wake_addr, &adv->bdaddr);
6135 hdev->wake_addr_type = adv->bdaddr_type;
6136 break;
6137 case HCI_EV_LE_DIRECT_ADV_REPORT:
6138 bacpy(&hdev->wake_addr, &direct_adv->bdaddr);
6139 hdev->wake_addr_type = direct_adv->bdaddr_type;
6140 break;
6141 case HCI_EV_LE_EXT_ADV_REPORT:
6142 bacpy(&hdev->wake_addr, &ext_adv->bdaddr);
6143 hdev->wake_addr_type = ext_adv->bdaddr_type;
6144 break;
6145 }
6146 }
6147 } else {
6148 hdev->wake_reason = MGMT_WAKE_REASON_UNEXPECTED;
6149 }
6150
6151unlock:
6152 hci_dev_unlock(hdev);
6153}
6154
a9de9248
MH		 6155void hci_event_packet(struct hci_dev *hdev, struct sk_buff *skb)
6156{
6157 struct hci_event_hdr *hdr = (void *) skb->data;
e6214487
JH		 6158 hci_req_complete_t req_complete = NULL;
6159 hci_req_complete_skb_t req_complete_skb = NULL;
6160 struct sk_buff *orig_skb = NULL;
757aa0b5 6161 u8 status = 0, event = hdr->evt, req_evt = 0;
e6214487 6162 u16 opcode = HCI_OP_NOP;
a9de9248 6163
08bb4da9
AM		 6164 if (!event) {
6165 bt_dev_warn(hdev, "Received unexpected HCI Event 00000000");
6166 goto done;
6167 }
6168
242c0ebd 6169 if (hdev->sent_cmd && bt_cb(hdev->sent_cmd)->hci.req_event == event) {
c1f23a2b 6170 struct hci_command_hdr *cmd_hdr = (void *) hdev->sent_cmd->data;
e6214487
JH		 6171 opcode = __le16_to_cpu(cmd_hdr->opcode);
6172 hci_req_cmd_complete(hdev, opcode, status, &req_complete,
6173 &req_complete_skb);
757aa0b5 6174 req_evt = event;
02350a72
JH		 6175 }
6176
e6214487
JH		 6177 /* If it looks like we might end up having to call
6178 * req_complete_skb, store a pristine copy of the skb since the
6179 * various handlers may modify the original one through
6180 * skb_pull() calls, etc.
6181 */
6182 if (req_complete_skb || event == HCI_EV_CMD_STATUS ||
6183 event == HCI_EV_CMD_COMPLETE)
6184 orig_skb = skb_clone(skb, GFP_KERNEL);
6185
6186 skb_pull(skb, HCI_EVENT_HDR_SIZE);
6187
2f20216c
APS		 6188 /* Store wake reason if we're suspended */
6189 hci_store_wake_reason(hdev, event, skb);
6190
a9de9248 6191 switch (event) {
1da177e4
LT		 6192 case HCI_EV_INQUIRY_COMPLETE:
6193 hci_inquiry_complete_evt(hdev, skb);
6194 break;
6195
6196 case HCI_EV_INQUIRY_RESULT:
6197 hci_inquiry_result_evt(hdev, skb);
6198 break;
6199
a9de9248
MH		 6200 case HCI_EV_CONN_COMPLETE:
6201 hci_conn_complete_evt(hdev, skb);
21d9e30e
MH		 6202 break;
6203
1da177e4
LT		 6204 case HCI_EV_CONN_REQUEST:
6205 hci_conn_request_evt(hdev, skb);
6206 break;
6207
1da177e4
LT		 6208 case HCI_EV_DISCONN_COMPLETE:
6209 hci_disconn_complete_evt(hdev, skb);
6210 break;
6211
1da177e4
LT		 6212 case HCI_EV_AUTH_COMPLETE:
6213 hci_auth_complete_evt(hdev, skb);
6214 break;
6215
a9de9248
MH		 6216 case HCI_EV_REMOTE_NAME:
6217 hci_remote_name_evt(hdev, skb);
6218 break;
6219
1da177e4
LT		 6220 case HCI_EV_ENCRYPT_CHANGE:
6221 hci_encrypt_change_evt(hdev, skb);
6222 break;
6223
a9de9248
MH		 6224 case HCI_EV_CHANGE_LINK_KEY_COMPLETE:
6225 hci_change_link_key_complete_evt(hdev, skb);
6226 break;
6227
6228 case HCI_EV_REMOTE_FEATURES:
6229 hci_remote_features_evt(hdev, skb);
6230 break;
6231
a9de9248 6232 case HCI_EV_CMD_COMPLETE:
e6214487
JH		 6233 hci_cmd_complete_evt(hdev, skb, &opcode, &status,
6234 &req_complete, &req_complete_skb);
a9de9248
MH		 6235 break;
6236
6237 case HCI_EV_CMD_STATUS:
e6214487
JH		 6238 hci_cmd_status_evt(hdev, skb, &opcode, &status, &req_complete,
6239 &req_complete_skb);
a9de9248
MH		 6240 break;
6241
24dfa343
MH		 6242 case HCI_EV_HARDWARE_ERROR:
6243 hci_hardware_error_evt(hdev, skb);
6244 break;
6245
a9de9248
MH		 6246 case HCI_EV_ROLE_CHANGE:
6247 hci_role_change_evt(hdev, skb);
6248 break;
6249
6250 case HCI_EV_NUM_COMP_PKTS:
6251 hci_num_comp_pkts_evt(hdev, skb);
6252 break;
6253
6254 case HCI_EV_MODE_CHANGE:
6255 hci_mode_change_evt(hdev, skb);
1da177e4
LT		 6256 break;
6257
6258 case HCI_EV_PIN_CODE_REQ:
6259 hci_pin_code_request_evt(hdev, skb);
6260 break;
6261
6262 case HCI_EV_LINK_KEY_REQ:
6263 hci_link_key_request_evt(hdev, skb);
6264 break;
6265
6266 case HCI_EV_LINK_KEY_NOTIFY:
6267 hci_link_key_notify_evt(hdev, skb);
6268 break;
6269
6270 case HCI_EV_CLOCK_OFFSET:
6271 hci_clock_offset_evt(hdev, skb);
6272 break;
6273
a8746417
MH		 6274 case HCI_EV_PKT_TYPE_CHANGE:
6275 hci_pkt_type_change_evt(hdev, skb);
6276 break;
6277
85a1e930
MH		 6278 case HCI_EV_PSCAN_REP_MODE:
6279 hci_pscan_rep_mode_evt(hdev, skb);
6280 break;
6281
a9de9248
MH		 6282 case HCI_EV_INQUIRY_RESULT_WITH_RSSI:
6283 hci_inquiry_result_with_rssi_evt(hdev, skb);
04837f64
MH		 6284 break;
6285
a9de9248
MH		 6286 case HCI_EV_REMOTE_EXT_FEATURES:
6287 hci_remote_ext_features_evt(hdev, skb);
1da177e4
LT		 6288 break;
6289
a9de9248
MH		 6290 case HCI_EV_SYNC_CONN_COMPLETE:
6291 hci_sync_conn_complete_evt(hdev, skb);
6292 break;
1da177e4 6293
a9de9248
MH		 6294 case HCI_EV_EXTENDED_INQUIRY_RESULT:
6295 hci_extended_inquiry_result_evt(hdev, skb);
6296 break;
1da177e4 6297
1c2e0041
JH		 6298 case HCI_EV_KEY_REFRESH_COMPLETE:
6299 hci_key_refresh_complete_evt(hdev, skb);
6300 break;
6301
0493684e
MH		 6302 case HCI_EV_IO_CAPA_REQUEST:
6303 hci_io_capa_request_evt(hdev, skb);
6304 break;
6305
03b555e1
JH		 6306 case HCI_EV_IO_CAPA_REPLY:
6307 hci_io_capa_reply_evt(hdev, skb);
6308 break;
6309
a5c29683
JH		 6310 case HCI_EV_USER_CONFIRM_REQUEST:
6311 hci_user_confirm_request_evt(hdev, skb);
6312 break;
6313
1143d458
BG		 6314 case HCI_EV_USER_PASSKEY_REQUEST:
6315 hci_user_passkey_request_evt(hdev, skb);
6316 break;
6317
92a25256
JH		 6318 case HCI_EV_USER_PASSKEY_NOTIFY:
6319 hci_user_passkey_notify_evt(hdev, skb);
6320 break;
6321
6322 case HCI_EV_KEYPRESS_NOTIFY:
6323 hci_keypress_notify_evt(hdev, skb);
6324 break;
6325
0493684e
MH		 6326 case HCI_EV_SIMPLE_PAIR_COMPLETE:
6327 hci_simple_pair_complete_evt(hdev, skb);
6328 break;
6329
41a96212
MH		 6330 case HCI_EV_REMOTE_HOST_FEATURES:
6331 hci_remote_host_features_evt(hdev, skb);
6332 break;
6333
fcd89c09
VT		 6334 case HCI_EV_LE_META:
6335 hci_le_meta_evt(hdev, skb);
6336 break;
6337
2763eda6
SJ		 6338 case HCI_EV_REMOTE_OOB_DATA_REQUEST:
6339 hci_remote_oob_data_request_evt(hdev, skb);
6340 break;
6341
a77a6a14
AW		 6342#if IS_ENABLED(CONFIG_BT_HS)
6343 case HCI_EV_CHANNEL_SELECTED:
6344 hci_chan_selected_evt(hdev, skb);
6345 break;
6346
d5e91192
AE		 6347 case HCI_EV_PHY_LINK_COMPLETE:
6348 hci_phy_link_complete_evt(hdev, skb);
6349 break;
6350
27695fb4
AE		 6351 case HCI_EV_LOGICAL_LINK_COMPLETE:
6352 hci_loglink_complete_evt(hdev, skb);
6353 break;
6354
606e2a10
AE		 6355 case HCI_EV_DISCONN_LOGICAL_LINK_COMPLETE:
6356 hci_disconn_loglink_complete_evt(hdev, skb);
6357 break;
6358
9eef6b3a
AE		 6359 case HCI_EV_DISCONN_PHY_LINK_COMPLETE:
6360 hci_disconn_phylink_complete_evt(hdev, skb);
6361 break;
a77a6a14 6362#endif
9eef6b3a 6363
25e89e99
AE		 6364 case HCI_EV_NUM_COMP_BLOCKS:
6365 hci_num_comp_blocks_evt(hdev, skb);
6366 break;
6367
145373cb
MC		 6368 case HCI_EV_VENDOR:
6369 msft_vendor_evt(hdev, skb);
6370 break;
6371
a9de9248 6372 default:
9f1db00c 6373 BT_DBG("%s event 0x%2.2x", hdev->name, event);
1da177e4
LT		 6374 break;
6375 }
6376
757aa0b5 6377 if (req_complete) {
e6214487 6378 req_complete(hdev, status, opcode);
757aa0b5
JH		 6379 } else if (req_complete_skb) {
6380 if (!hci_get_cmd_complete(hdev, opcode, req_evt, orig_skb)) {
6381 kfree_skb(orig_skb);
6382 orig_skb = NULL;
6383 }
e6214487 6384 req_complete_skb(hdev, status, opcode, orig_skb);
757aa0b5 6385 }
e6214487 6386
08bb4da9 6387done:
e6214487 6388 kfree_skb(orig_skb);
1da177e4
LT		 6389 kfree_skb(skb);
6390 hdev->stat.evt_rx++;
6391}
Linux 6.x block layer and io_uring tree(s)