projects / linux-2.6-block.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Bluetooth: hci_h5: close serdev device and free hu in h5_close
[linux-2.6-block.git] / net / bluetooth / hci_event.c
CommitLineData
8e87d142 1/*
1da177e4 2 BlueZ - Bluetooth protocol stack for Linux
2d0a0346 3 Copyright (c) 2000-2001, 2010, Code Aurora Forum. All rights reserved.
1da177e4
LT		 4
5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
8e87d142
YH		 15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
1da177e4
LT		 18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
8e87d142
YH		 20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
1da177e4
LT		 22 SOFTWARE IS DISCLAIMED.
23*/
24
25/* Bluetooth HCI event handling. */
26
1da177e4
LT		 27#include <asm/unaligned.h>
28
29#include <net/bluetooth/bluetooth.h>
30#include <net/bluetooth/hci_core.h>
f0d6a0ea 31#include <net/bluetooth/mgmt.h>
7ef9fbf0 32
0857dd3b 33#include "hci_request.h"
23b9ceb7 34#include "hci_debugfs.h"
7024728e 35#include "a2mp.h"
7ef9fbf0 36#include "amp.h"
2ceba539 37#include "smp.h"
145373cb 38#include "msft.h"
1da177e4 39
aa5b0345
MH		 40#define ZERO_KEY "\x00\x00\x00\x00\x00\x00\x00\x00" \
41 "\x00\x00\x00\x00\x00\x00\x00\x00"
42
1da177e4
LT		 43/* Handle HCI Event packets */
44
adf1d692
SS		 45static void hci_cc_inquiry_cancel(struct hci_dev *hdev, struct sk_buff *skb,
46 u8 *new_status)
1da177e4 47{
a9de9248 48 __u8 status = *((__u8 *) skb->data);
1da177e4 49
9f1db00c 50 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1da177e4 51
adf1d692
SS		 52 /* It is possible that we receive Inquiry Complete event right
53 * before we receive Inquiry Cancel Command Complete event, in
54 * which case the latter event should have status of Command
55 * Disallowed (0x0c). This should not be treated as error, since
56 * we actually achieve what Inquiry Cancel wants to achieve,
57 * which is to end the last Inquiry session.
58 */
59 if (status == 0x0c && !test_bit(HCI_INQUIRY, &hdev->flags)) {
60 bt_dev_warn(hdev, "Ignoring error of Inquiry Cancel command");
61 status = 0x00;
62 }
63
64 *new_status = status;
65
82f4785c 66 if (status)
a9de9248 67 return;
1da177e4 68
89352e7d 69 clear_bit(HCI_INQUIRY, &hdev->flags);
4e857c58 70 smp_mb__after_atomic(); /* wake_up_bit advises about this barrier */
3e13fa1e 71 wake_up_bit(&hdev->flags, HCI_INQUIRY);
89352e7d 72
50143a43 73 hci_dev_lock(hdev);
168b8a25
JP		 74 /* Set discovery state to stopped if we're not doing LE active
75 * scanning.
76 */
77 if (!hci_dev_test_flag(hdev, HCI_LE_SCAN) ||
78 hdev->le_scan_type != LE_SCAN_ACTIVE)
79 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
50143a43
JH		 80 hci_dev_unlock(hdev);
81
a9de9248
MH		 82 hci_conn_check_pending(hdev);
83}
6bd57416 84
4d93483b
AG		 85static void hci_cc_periodic_inq(struct hci_dev *hdev, struct sk_buff *skb)
86{
87 __u8 status = *((__u8 *) skb->data);
88
9f1db00c 89 BT_DBG("%s status 0x%2.2x", hdev->name, status);
ae854a70
AG		 90
91 if (status)
92 return;
93
a1536da2 94 hci_dev_set_flag(hdev, HCI_PERIODIC_INQ);
4d93483b
AG		 95}
96
a9de9248
MH		 97static void hci_cc_exit_periodic_inq(struct hci_dev *hdev, struct sk_buff *skb)
98{
99 __u8 status = *((__u8 *) skb->data);
6bd57416 100
9f1db00c 101 BT_DBG("%s status 0x%2.2x", hdev->name, status);
6bd57416 102
a9de9248
MH		 103 if (status)
104 return;
1da177e4 105
a358dc11 106 hci_dev_clear_flag(hdev, HCI_PERIODIC_INQ);
ae854a70 107
a9de9248
MH		 108 hci_conn_check_pending(hdev);
109}
110
807deac2
GP		 111static void hci_cc_remote_name_req_cancel(struct hci_dev *hdev,
112 struct sk_buff *skb)
a9de9248
MH		 113{
114 BT_DBG("%s", hdev->name);
115}
116
117static void hci_cc_role_discovery(struct hci_dev *hdev, struct sk_buff *skb)
118{
119 struct hci_rp_role_discovery *rp = (void *) skb->data;
120 struct hci_conn *conn;
121
9f1db00c 122 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
a9de9248
MH		 123
124 if (rp->status)
125 return;
126
127 hci_dev_lock(hdev);
128
129 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
40bef302
JH		 130 if (conn)
131 conn->role = rp->role;
a9de9248
MH		 132
133 hci_dev_unlock(hdev);
1da177e4
LT		 134}
135
e4e8e37c
MH		 136static void hci_cc_read_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
137{
138 struct hci_rp_read_link_policy *rp = (void *) skb->data;
139 struct hci_conn *conn;
140
9f1db00c 141 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
e4e8e37c
MH		 142
143 if (rp->status)
144 return;
145
146 hci_dev_lock(hdev);
147
148 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
149 if (conn)
150 conn->link_policy = __le16_to_cpu(rp->policy);
151
152 hci_dev_unlock(hdev);
153}
154
a9de9248 155static void hci_cc_write_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 156{
a9de9248 157 struct hci_rp_write_link_policy *rp = (void *) skb->data;
1da177e4 158 struct hci_conn *conn;
04837f64 159 void *sent;
1da177e4 160
9f1db00c 161 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1da177e4 162
a9de9248
MH		 163 if (rp->status)
164 return;
1da177e4 165
a9de9248
MH		 166 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LINK_POLICY);
167 if (!sent)
168 return;
1da177e4 169
a9de9248 170 hci_dev_lock(hdev);
1da177e4 171
a9de9248 172 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
e4e8e37c 173 if (conn)
83985319 174 conn->link_policy = get_unaligned_le16(sent + 2);
1da177e4 175
a9de9248
MH		 176 hci_dev_unlock(hdev);
177}
1da177e4 178
807deac2
GP		 179static void hci_cc_read_def_link_policy(struct hci_dev *hdev,
180 struct sk_buff *skb)
e4e8e37c
MH		 181{
182 struct hci_rp_read_def_link_policy *rp = (void *) skb->data;
183
9f1db00c 184 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
e4e8e37c
MH		 185
186 if (rp->status)
187 return;
188
189 hdev->link_policy = __le16_to_cpu(rp->policy);
190}
191
807deac2
GP		 192static void hci_cc_write_def_link_policy(struct hci_dev *hdev,
193 struct sk_buff *skb)
e4e8e37c
MH		 194{
195 __u8 status = *((__u8 *) skb->data);
196 void *sent;
197
9f1db00c 198 BT_DBG("%s status 0x%2.2x", hdev->name, status);
e4e8e37c 199
45296acd
MH		 200 if (status)
201 return;
202
e4e8e37c
MH		 203 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_DEF_LINK_POLICY);
204 if (!sent)
205 return;
206
45296acd 207 hdev->link_policy = get_unaligned_le16(sent);
e4e8e37c
MH		 208}
209
a9de9248
MH		 210static void hci_cc_reset(struct hci_dev *hdev, struct sk_buff *skb)
211{
212 __u8 status = *((__u8 *) skb->data);
04837f64 213
9f1db00c 214 BT_DBG("%s status 0x%2.2x", hdev->name, status);
04837f64 215
10572132
GP		 216 clear_bit(HCI_RESET, &hdev->flags);
217
8761f9d6
MH		 218 if (status)
219 return;
220
a297e97c 221 /* Reset all non-persistent flags */
eacb44df 222 hci_dev_clear_volatile_flags(hdev);
69775ff6 223
39c5d970
JH		 224 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
225
bbaf444a
JH		 226 hdev->inq_tx_power = HCI_TX_POWER_INVALID;
227 hdev->adv_tx_power = HCI_TX_POWER_INVALID;
3f0f524b
JH		 228
229 memset(hdev->adv_data, 0, sizeof(hdev->adv_data));
230 hdev->adv_data_len = 0;
f8e808bd
MH		 231
232 memset(hdev->scan_rsp_data, 0, sizeof(hdev->scan_rsp_data));
233 hdev->scan_rsp_data_len = 0;
06f5b778 234
533553f8
MH		 235 hdev->le_scan_type = LE_SCAN_PASSIVE;
236
06f5b778 237 hdev->ssp_debug_mode = 0;
a4d5504d
MH		 238
239 hci_bdaddr_list_clear(&hdev->le_white_list);
cfdb0c2d 240 hci_bdaddr_list_clear(&hdev->le_resolv_list);
a9de9248 241}
04837f64 242
c2f0f979
MH		 243static void hci_cc_read_stored_link_key(struct hci_dev *hdev,
244 struct sk_buff *skb)
245{
246 struct hci_rp_read_stored_link_key *rp = (void *)skb->data;
247 struct hci_cp_read_stored_link_key *sent;
248
249 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
250
251 sent = hci_sent_cmd_data(hdev, HCI_OP_READ_STORED_LINK_KEY);
252 if (!sent)
253 return;
254
255 if (!rp->status && sent->read_all == 0x01) {
256 hdev->stored_max_keys = rp->max_keys;
257 hdev->stored_num_keys = rp->num_keys;
258 }
259}
260
a9366120
MH		 261static void hci_cc_delete_stored_link_key(struct hci_dev *hdev,
262 struct sk_buff *skb)
263{
264 struct hci_rp_delete_stored_link_key *rp = (void *)skb->data;
265
266 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
267
268 if (rp->status)
269 return;
270
271 if (rp->num_keys <= hdev->stored_num_keys)
272 hdev->stored_num_keys -= rp->num_keys;
273 else
274 hdev->stored_num_keys = 0;
275}
276
a9de9248
MH		 277static void hci_cc_write_local_name(struct hci_dev *hdev, struct sk_buff *skb)
278{
279 __u8 status = *((__u8 *) skb->data);
280 void *sent;
04837f64 281
9f1db00c 282 BT_DBG("%s status 0x%2.2x", hdev->name, status);
04837f64 283
a9de9248
MH		 284 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LOCAL_NAME);
285 if (!sent)
286 return;
04837f64 287
56e5cb86
JH		 288 hci_dev_lock(hdev);
289
d7a5a11d 290 if (hci_dev_test_flag(hdev, HCI_MGMT))
f51d5b24 291 mgmt_set_local_name_complete(hdev, sent, status);
28cc7bde
JH		 292 else if (!status)
293 memcpy(hdev->dev_name, sent, HCI_MAX_NAME_LENGTH);
f51d5b24 294
56e5cb86 295 hci_dev_unlock(hdev);
a9de9248
MH		 296}
297
298static void hci_cc_read_local_name(struct hci_dev *hdev, struct sk_buff *skb)
299{
300 struct hci_rp_read_local_name *rp = (void *) skb->data;
301
9f1db00c 302 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
a9de9248
MH		 303
304 if (rp->status)
305 return;
306
d7a5a11d
MH		 307 if (hci_dev_test_flag(hdev, HCI_SETUP) ||
308 hci_dev_test_flag(hdev, HCI_CONFIG))
db99b5fc 309 memcpy(hdev->dev_name, rp->name, HCI_MAX_NAME_LENGTH);
a9de9248
MH		 310}
311
312static void hci_cc_write_auth_enable(struct hci_dev *hdev, struct sk_buff *skb)
313{
314 __u8 status = *((__u8 *) skb->data);
315 void *sent;
316
9f1db00c 317 BT_DBG("%s status 0x%2.2x", hdev->name, status);
a9de9248
MH		 318
319 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_AUTH_ENABLE);
320 if (!sent)
321 return;
322
5c1a4c8f
JK		 323 hci_dev_lock(hdev);
324
a9de9248
MH		 325 if (!status) {
326 __u8 param = *((__u8 *) sent);
327
328 if (param == AUTH_ENABLED)
329 set_bit(HCI_AUTH, &hdev->flags);
330 else
331 clear_bit(HCI_AUTH, &hdev->flags);
1da177e4 332 }
a9de9248 333
d7a5a11d 334 if (hci_dev_test_flag(hdev, HCI_MGMT))
33ef95ed 335 mgmt_auth_enable_complete(hdev, status);
5c1a4c8f
JK		 336
337 hci_dev_unlock(hdev);
1da177e4
LT		 338}
339
a9de9248 340static void hci_cc_write_encrypt_mode(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 341{
a9de9248 342 __u8 status = *((__u8 *) skb->data);
45296acd 343 __u8 param;
1da177e4
LT		 344 void *sent;
345
9f1db00c 346 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1da177e4 347
45296acd
MH		 348 if (status)
349 return;
350
a9de9248
MH		 351 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_ENCRYPT_MODE);
352 if (!sent)
353 return;
1da177e4 354
45296acd 355 param = *((__u8 *) sent);
a9de9248 356
45296acd
MH		 357 if (param)
358 set_bit(HCI_ENCRYPT, &hdev->flags);
359 else
360 clear_bit(HCI_ENCRYPT, &hdev->flags);
a9de9248 361}
1da177e4 362
a9de9248
MH		 363static void hci_cc_write_scan_enable(struct hci_dev *hdev, struct sk_buff *skb)
364{
45296acd
MH		 365 __u8 status = *((__u8 *) skb->data);
366 __u8 param;
a9de9248 367 void *sent;
1da177e4 368
9f1db00c 369 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1da177e4 370
a9de9248
MH		 371 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SCAN_ENABLE);
372 if (!sent)
373 return;
1da177e4 374
36f7fc7e
JH		 375 param = *((__u8 *) sent);
376
56e5cb86
JH		 377 hci_dev_lock(hdev);
378
fa1bd918 379 if (status) {
2d7cee58
JH		 380 hdev->discov_timeout = 0;
381 goto done;
382 }
383
bc6d2d04 384 if (param & SCAN_INQUIRY)
36f7fc7e 385 set_bit(HCI_ISCAN, &hdev->flags);
bc6d2d04
JH		 386 else
387 clear_bit(HCI_ISCAN, &hdev->flags);
36f7fc7e 388
031547d8 389 if (param & SCAN_PAGE)
36f7fc7e 390 set_bit(HCI_PSCAN, &hdev->flags);
bc6d2d04 391 else
204e3990 392 clear_bit(HCI_PSCAN, &hdev->flags);
1da177e4 393
36f7fc7e 394done:
56e5cb86 395 hci_dev_unlock(hdev);
a9de9248 396}
1da177e4 397
a9de9248
MH		 398static void hci_cc_read_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
399{
400 struct hci_rp_read_class_of_dev *rp = (void *) skb->data;
1da177e4 401
9f1db00c 402 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1da177e4 403
a9de9248
MH		 404 if (rp->status)
405 return;
1da177e4 406
a9de9248 407 memcpy(hdev->dev_class, rp->dev_class, 3);
1da177e4 408
a9de9248 409 BT_DBG("%s class 0x%.2x%.2x%.2x", hdev->name,
807deac2 410 hdev->dev_class[2], hdev->dev_class[1], hdev->dev_class[0]);
a9de9248 411}
1da177e4 412
a9de9248
MH		 413static void hci_cc_write_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
414{
415 __u8 status = *((__u8 *) skb->data);
416 void *sent;
1da177e4 417
9f1db00c 418 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1da177e4 419
a9de9248
MH		 420 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_CLASS_OF_DEV);
421 if (!sent)
422 return;
1da177e4 423
7f9a903c
MH		 424 hci_dev_lock(hdev);
425
426 if (status == 0)
427 memcpy(hdev->dev_class, sent, 3);
428
d7a5a11d 429 if (hci_dev_test_flag(hdev, HCI_MGMT))
7f9a903c
MH		 430 mgmt_set_class_of_dev_complete(hdev, sent, status);
431
432 hci_dev_unlock(hdev);
a9de9248 433}
1da177e4 434
a9de9248
MH		 435static void hci_cc_read_voice_setting(struct hci_dev *hdev, struct sk_buff *skb)
436{
437 struct hci_rp_read_voice_setting *rp = (void *) skb->data;
438 __u16 setting;
439
9f1db00c 440 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
a9de9248
MH		 441
442 if (rp->status)
443 return;
444
445 setting = __le16_to_cpu(rp->voice_setting);
446
f383f275 447 if (hdev->voice_setting == setting)
a9de9248
MH		 448 return;
449
450 hdev->voice_setting = setting;
451
9f1db00c 452 BT_DBG("%s voice setting 0x%4.4x", hdev->name, setting);
a9de9248 453
3c54711c 454 if (hdev->notify)
a9de9248 455 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
a9de9248
MH		 456}
457
8fc9ced3
GP		 458static void hci_cc_write_voice_setting(struct hci_dev *hdev,
459 struct sk_buff *skb)
a9de9248
MH		 460{
461 __u8 status = *((__u8 *) skb->data);
f383f275 462 __u16 setting;
a9de9248
MH		 463 void *sent;
464
9f1db00c 465 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1da177e4 466
f383f275
MH		 467 if (status)
468 return;
469
a9de9248
MH		 470 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_VOICE_SETTING);
471 if (!sent)
472 return;
1da177e4 473
f383f275 474 setting = get_unaligned_le16(sent);
1da177e4 475
f383f275
MH		 476 if (hdev->voice_setting == setting)
477 return;
478
479 hdev->voice_setting = setting;
1da177e4 480
9f1db00c 481 BT_DBG("%s voice setting 0x%4.4x", hdev->name, setting);
1da177e4 482
3c54711c 483 if (hdev->notify)
f383f275 484 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
1da177e4
LT		 485}
486
b4cb9fb2
MH		 487static void hci_cc_read_num_supported_iac(struct hci_dev *hdev,
488 struct sk_buff *skb)
489{
490 struct hci_rp_read_num_supported_iac *rp = (void *) skb->data;
491
492 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
493
494 if (rp->status)
495 return;
496
497 hdev->num_iac = rp->num_iac;
498
499 BT_DBG("%s num iac %d", hdev->name, hdev->num_iac);
500}
501
333140b5
MH		 502static void hci_cc_write_ssp_mode(struct hci_dev *hdev, struct sk_buff *skb)
503{
504 __u8 status = *((__u8 *) skb->data);
5ed8eb2f 505 struct hci_cp_write_ssp_mode *sent;
333140b5 506
9f1db00c 507 BT_DBG("%s status 0x%2.2x", hdev->name, status);
333140b5 508
333140b5
MH		 509 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SSP_MODE);
510 if (!sent)
511 return;
512
5c1a4c8f
JK		 513 hci_dev_lock(hdev);
514
5ed8eb2f
JH		 515 if (!status) {
516 if (sent->mode)
cad718ed 517 hdev->features[1][0] |= LMP_HOST_SSP;
5ed8eb2f 518 else
cad718ed 519 hdev->features[1][0] &= ~LMP_HOST_SSP;
5ed8eb2f
JH		 520 }
521
d7a5a11d 522 if (hci_dev_test_flag(hdev, HCI_MGMT))
5ed8eb2f 523 mgmt_ssp_enable_complete(hdev, sent->mode, status);
c0ecddc2 524 else if (!status) {
5ed8eb2f 525 if (sent->mode)
a1536da2 526 hci_dev_set_flag(hdev, HCI_SSP_ENABLED);
c0ecddc2 527 else
a358dc11 528 hci_dev_clear_flag(hdev, HCI_SSP_ENABLED);
c0ecddc2 529 }
5c1a4c8f
JK		 530
531 hci_dev_unlock(hdev);
333140b5
MH		 532}
533
eac83dc6
MH		 534static void hci_cc_write_sc_support(struct hci_dev *hdev, struct sk_buff *skb)
535{
536 u8 status = *((u8 *) skb->data);
537 struct hci_cp_write_sc_support *sent;
538
539 BT_DBG("%s status 0x%2.2x", hdev->name, status);
540
541 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SC_SUPPORT);
542 if (!sent)
543 return;
544
5c1a4c8f
JK		 545 hci_dev_lock(hdev);
546
eac83dc6
MH		 547 if (!status) {
548 if (sent->support)
549 hdev->features[1][0] |= LMP_HOST_SC;
550 else
551 hdev->features[1][0] &= ~LMP_HOST_SC;
552 }
553
d7a5a11d 554 if (!hci_dev_test_flag(hdev, HCI_MGMT) && !status) {
eac83dc6 555 if (sent->support)
a1536da2 556 hci_dev_set_flag(hdev, HCI_SC_ENABLED);
eac83dc6 557 else
a358dc11 558 hci_dev_clear_flag(hdev, HCI_SC_ENABLED);
eac83dc6 559 }
5c1a4c8f
JK		 560
561 hci_dev_unlock(hdev);
eac83dc6
MH		 562}
563
a9de9248
MH		 564static void hci_cc_read_local_version(struct hci_dev *hdev, struct sk_buff *skb)
565{
566 struct hci_rp_read_local_version *rp = (void *) skb->data;
1143e5a6 567
9f1db00c 568 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1143e5a6 569
a9de9248 570 if (rp->status)
42c6b129 571 return;
1143e5a6 572
d7a5a11d
MH		 573 if (hci_dev_test_flag(hdev, HCI_SETUP) ||
574 hci_dev_test_flag(hdev, HCI_CONFIG)) {
0d5551f5
MH		 575 hdev->hci_ver = rp->hci_ver;
576 hdev->hci_rev = __le16_to_cpu(rp->hci_rev);
577 hdev->lmp_ver = rp->lmp_ver;
578 hdev->manufacturer = __le16_to_cpu(rp->manufacturer);
579 hdev->lmp_subver = __le16_to_cpu(rp->lmp_subver);
580 }
d5859e22
JH		 581}
582
8fc9ced3
GP		 583static void hci_cc_read_local_commands(struct hci_dev *hdev,
584 struct sk_buff *skb)
a9de9248
MH		 585{
586 struct hci_rp_read_local_commands *rp = (void *) skb->data;
1da177e4 587
9f1db00c 588 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1da177e4 589
6a070e6e
MH		 590 if (rp->status)
591 return;
592
d7a5a11d
MH		 593 if (hci_dev_test_flag(hdev, HCI_SETUP) ||
594 hci_dev_test_flag(hdev, HCI_CONFIG))
2177bab5 595 memcpy(hdev->commands, rp->commands, sizeof(hdev->commands));
a9de9248 596}
1da177e4 597
302975cb
SRK		 598static void hci_cc_read_auth_payload_timeout(struct hci_dev *hdev,
599 struct sk_buff *skb)
600{
601 struct hci_rp_read_auth_payload_to *rp = (void *)skb->data;
602 struct hci_conn *conn;
603
604 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
605
606 if (rp->status)
607 return;
608
609 hci_dev_lock(hdev);
610
611 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
612 if (conn)
613 conn->auth_payload_timeout = __le16_to_cpu(rp->timeout);
614
615 hci_dev_unlock(hdev);
616}
617
618static void hci_cc_write_auth_payload_timeout(struct hci_dev *hdev,
619 struct sk_buff *skb)
620{
621 struct hci_rp_write_auth_payload_to *rp = (void *)skb->data;
622 struct hci_conn *conn;
623 void *sent;
624
625 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
626
627 if (rp->status)
628 return;
629
630 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_AUTH_PAYLOAD_TO);
631 if (!sent)
632 return;
633
634 hci_dev_lock(hdev);
635
636 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
637 if (conn)
638 conn->auth_payload_timeout = get_unaligned_le16(sent + 2);
639
640 hci_dev_unlock(hdev);
641}
642
8fc9ced3
GP		 643static void hci_cc_read_local_features(struct hci_dev *hdev,
644 struct sk_buff *skb)
a9de9248
MH		 645{
646 struct hci_rp_read_local_features *rp = (void *) skb->data;
5b7f9909 647
9f1db00c 648 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1da177e4 649
a9de9248
MH		 650 if (rp->status)
651 return;
5b7f9909 652
a9de9248 653 memcpy(hdev->features, rp->features, 8);
5b7f9909 654
a9de9248
MH		 655 /* Adjust default settings according to features
656 * supported by device. */
1da177e4 657
cad718ed 658 if (hdev->features[0][0] & LMP_3SLOT)
a9de9248 659 hdev->pkt_type |= (HCI_DM3 | HCI_DH3);
1da177e4 660
cad718ed 661 if (hdev->features[0][0] & LMP_5SLOT)
a9de9248 662 hdev->pkt_type |= (HCI_DM5 | HCI_DH5);
1da177e4 663
cad718ed 664 if (hdev->features[0][1] & LMP_HV2) {
a9de9248
MH		 665 hdev->pkt_type |= (HCI_HV2);
666 hdev->esco_type |= (ESCO_HV2);
667 }
1da177e4 668
cad718ed 669 if (hdev->features[0][1] & LMP_HV3) {
a9de9248
MH		 670 hdev->pkt_type |= (HCI_HV3);
671 hdev->esco_type |= (ESCO_HV3);
672 }
1da177e4 673
45db810f 674 if (lmp_esco_capable(hdev))
a9de9248 675 hdev->esco_type |= (ESCO_EV3);
da1f5198 676
cad718ed 677 if (hdev->features[0][4] & LMP_EV4)
a9de9248 678 hdev->esco_type |= (ESCO_EV4);
da1f5198 679
cad718ed 680 if (hdev->features[0][4] & LMP_EV5)
a9de9248 681 hdev->esco_type |= (ESCO_EV5);
1da177e4 682
cad718ed 683 if (hdev->features[0][5] & LMP_EDR_ESCO_2M)
efc7688b
MH		 684 hdev->esco_type |= (ESCO_2EV3);
685
cad718ed 686 if (hdev->features[0][5] & LMP_EDR_ESCO_3M)
efc7688b
MH		 687 hdev->esco_type |= (ESCO_3EV3);
688
cad718ed 689 if (hdev->features[0][5] & LMP_EDR_3S_ESCO)
efc7688b 690 hdev->esco_type |= (ESCO_2EV5 | ESCO_3EV5);
a9de9248 691}
1da177e4 692
971e3a4b 693static void hci_cc_read_local_ext_features(struct hci_dev *hdev,
807deac2 694 struct sk_buff *skb)
971e3a4b
AG		 695{
696 struct hci_rp_read_local_ext_features *rp = (void *) skb->data;
697
9f1db00c 698 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
971e3a4b
AG		 699
700 if (rp->status)
42c6b129 701 return;
971e3a4b 702
57af75a8
MH		 703 if (hdev->max_page < rp->max_page)
704 hdev->max_page = rp->max_page;
d2c5d77f 705
cad718ed
JH		 706 if (rp->page < HCI_MAX_PAGES)
707 memcpy(hdev->features[rp->page], rp->features, 8);
971e3a4b
AG		 708}
709
1e89cffb 710static void hci_cc_read_flow_control_mode(struct hci_dev *hdev,
807deac2 711 struct sk_buff *skb)
1e89cffb
AE		 712{
713 struct hci_rp_read_flow_control_mode *rp = (void *) skb->data;
714
9f1db00c 715 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1e89cffb 716
45296acd
MH		 717 if (rp->status)
718 return;
719
720 hdev->flow_ctl_mode = rp->mode;
1e89cffb
AE		 721}
722
a9de9248
MH		 723static void hci_cc_read_buffer_size(struct hci_dev *hdev, struct sk_buff *skb)
724{
725 struct hci_rp_read_buffer_size *rp = (void *) skb->data;
1da177e4 726
9f1db00c 727 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1da177e4 728
a9de9248
MH		 729 if (rp->status)
730 return;
1da177e4 731
a9de9248
MH		 732 hdev->acl_mtu = __le16_to_cpu(rp->acl_mtu);
733 hdev->sco_mtu = rp->sco_mtu;
734 hdev->acl_pkts = __le16_to_cpu(rp->acl_max_pkt);
735 hdev->sco_pkts = __le16_to_cpu(rp->sco_max_pkt);
736
737 if (test_bit(HCI_QUIRK_FIXUP_BUFFER_SIZE, &hdev->quirks)) {
738 hdev->sco_mtu = 64;
739 hdev->sco_pkts = 8;
1da177e4 740 }
a9de9248
MH		 741
742 hdev->acl_cnt = hdev->acl_pkts;
743 hdev->sco_cnt = hdev->sco_pkts;
744
807deac2
GP		 745 BT_DBG("%s acl mtu %d:%d sco mtu %d:%d", hdev->name, hdev->acl_mtu,
746 hdev->acl_pkts, hdev->sco_mtu, hdev->sco_pkts);
a9de9248
MH		 747}
748
749static void hci_cc_read_bd_addr(struct hci_dev *hdev, struct sk_buff *skb)
750{
751 struct hci_rp_read_bd_addr *rp = (void *) skb->data;
752
9f1db00c 753 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
a9de9248 754
e30d3f5f
MH		 755 if (rp->status)
756 return;
757
758 if (test_bit(HCI_INIT, &hdev->flags))
a9de9248 759 bacpy(&hdev->bdaddr, &rp->bdaddr);
e30d3f5f 760
d7a5a11d 761 if (hci_dev_test_flag(hdev, HCI_SETUP))
e30d3f5f 762 bacpy(&hdev->setup_addr, &rp->bdaddr);
23bb5763
JH		 763}
764
a4790360
MH		 765static void hci_cc_read_local_pairing_opts(struct hci_dev *hdev,
766 struct sk_buff *skb)
767{
768 struct hci_rp_read_local_pairing_opts *rp = (void *) skb->data;
769
770 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
771
772 if (rp->status)
773 return;
774
775 if (hci_dev_test_flag(hdev, HCI_SETUP) ||
776 hci_dev_test_flag(hdev, HCI_CONFIG)) {
777 hdev->pairing_opts = rp->pairing_opts;
778 hdev->max_enc_key_size = rp->max_key_size;
779 }
780}
781
f332ec66
JH		 782static void hci_cc_read_page_scan_activity(struct hci_dev *hdev,
783 struct sk_buff *skb)
784{
785 struct hci_rp_read_page_scan_activity *rp = (void *) skb->data;
786
787 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
788
45296acd
MH		 789 if (rp->status)
790 return;
791
792 if (test_bit(HCI_INIT, &hdev->flags)) {
f332ec66
JH		 793 hdev->page_scan_interval = __le16_to_cpu(rp->interval);
794 hdev->page_scan_window = __le16_to_cpu(rp->window);
795 }
796}
797
4a3ee763
JH		 798static void hci_cc_write_page_scan_activity(struct hci_dev *hdev,
799 struct sk_buff *skb)
800{
801 u8 status = *((u8 *) skb->data);
802 struct hci_cp_write_page_scan_activity *sent;
803
804 BT_DBG("%s status 0x%2.2x", hdev->name, status);
805
806 if (status)
807 return;
808
809 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY);
810 if (!sent)
811 return;
812
813 hdev->page_scan_interval = __le16_to_cpu(sent->interval);
814 hdev->page_scan_window = __le16_to_cpu(sent->window);
815}
816
f332ec66
JH		 817static void hci_cc_read_page_scan_type(struct hci_dev *hdev,
818 struct sk_buff *skb)
819{
820 struct hci_rp_read_page_scan_type *rp = (void *) skb->data;
821
822 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
823
45296acd
MH		 824 if (rp->status)
825 return;
826
827 if (test_bit(HCI_INIT, &hdev->flags))
f332ec66
JH		 828 hdev->page_scan_type = rp->type;
829}
830
4a3ee763
JH		 831static void hci_cc_write_page_scan_type(struct hci_dev *hdev,
832 struct sk_buff *skb)
833{
834 u8 status = *((u8 *) skb->data);
835 u8 *type;
836
837 BT_DBG("%s status 0x%2.2x", hdev->name, status);
838
839 if (status)
840 return;
841
842 type = hci_sent_cmd_data(hdev, HCI_OP_WRITE_PAGE_SCAN_TYPE);
843 if (type)
844 hdev->page_scan_type = *type;
845}
846
350ee4cf 847static void hci_cc_read_data_block_size(struct hci_dev *hdev,
807deac2 848 struct sk_buff *skb)
350ee4cf
AE		 849{
850 struct hci_rp_read_data_block_size *rp = (void *) skb->data;
851
9f1db00c 852 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
350ee4cf
AE		 853
854 if (rp->status)
855 return;
856
857 hdev->block_mtu = __le16_to_cpu(rp->max_acl_len);
858 hdev->block_len = __le16_to_cpu(rp->block_len);
859 hdev->num_blocks = __le16_to_cpu(rp->num_blocks);
860
861 hdev->block_cnt = hdev->num_blocks;
862
863 BT_DBG("%s blk mtu %d cnt %d len %d", hdev->name, hdev->block_mtu,
807deac2 864 hdev->block_cnt, hdev->block_len);
350ee4cf
AE		 865}
866
33f35721
JH		 867static void hci_cc_read_clock(struct hci_dev *hdev, struct sk_buff *skb)
868{
869 struct hci_rp_read_clock *rp = (void *) skb->data;
870 struct hci_cp_read_clock *cp;
871 struct hci_conn *conn;
872
873 BT_DBG("%s", hdev->name);
874
875 if (skb->len < sizeof(*rp))
876 return;
877
878 if (rp->status)
879 return;
880
881 hci_dev_lock(hdev);
882
883 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_CLOCK);
884 if (!cp)
885 goto unlock;
886
887 if (cp->which == 0x00) {
888 hdev->clock = le32_to_cpu(rp->clock);
889 goto unlock;
890 }
891
892 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
893 if (conn) {
894 conn->clock = le32_to_cpu(rp->clock);
895 conn->clock_accuracy = le16_to_cpu(rp->accuracy);
896 }
897
898unlock:
899 hci_dev_unlock(hdev);
900}
901
928abaa7 902static void hci_cc_read_local_amp_info(struct hci_dev *hdev,
807deac2 903 struct sk_buff *skb)
928abaa7
AE		 904{
905 struct hci_rp_read_local_amp_info *rp = (void *) skb->data;
906
9f1db00c 907 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
928abaa7
AE		 908
909 if (rp->status)
83927882 910 return;
928abaa7
AE		 911
912 hdev->amp_status = rp->amp_status;
913 hdev->amp_total_bw = __le32_to_cpu(rp->total_bw);
914 hdev->amp_max_bw = __le32_to_cpu(rp->max_bw);
915 hdev->amp_min_latency = __le32_to_cpu(rp->min_latency);
916 hdev->amp_max_pdu = __le32_to_cpu(rp->max_pdu);
917 hdev->amp_type = rp->amp_type;
918 hdev->amp_pal_cap = __le16_to_cpu(rp->pal_cap);
919 hdev->amp_assoc_size = __le16_to_cpu(rp->max_assoc_size);
920 hdev->amp_be_flush_to = __le32_to_cpu(rp->be_flush_to);
921 hdev->amp_max_flush_to = __le32_to_cpu(rp->max_flush_to);
928abaa7
AE		 922}
923
d5859e22 924static void hci_cc_read_inq_rsp_tx_power(struct hci_dev *hdev,
807deac2 925 struct sk_buff *skb)
d5859e22 926{
91c4e9b1 927 struct hci_rp_read_inq_rsp_tx_power *rp = (void *) skb->data;
d5859e22 928
9f1db00c 929 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
91c4e9b1 930
45296acd
MH		 931 if (rp->status)
932 return;
933
934 hdev->inq_tx_power = rp->tx_power;
d5859e22
JH		 935}
936
00bce3fb
AM		 937static void hci_cc_read_def_err_data_reporting(struct hci_dev *hdev,
938 struct sk_buff *skb)
939{
940 struct hci_rp_read_def_err_data_reporting *rp = (void *)skb->data;
941
942 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
943
944 if (rp->status)
945 return;
946
947 hdev->err_data_reporting = rp->err_data_reporting;
948}
949
950static void hci_cc_write_def_err_data_reporting(struct hci_dev *hdev,
951 struct sk_buff *skb)
952{
953 __u8 status = *((__u8 *)skb->data);
954 struct hci_cp_write_def_err_data_reporting *cp;
955
956 BT_DBG("%s status 0x%2.2x", hdev->name, status);
957
958 if (status)
959 return;
960
961 cp = hci_sent_cmd_data(hdev, HCI_OP_WRITE_DEF_ERR_DATA_REPORTING);
962 if (!cp)
963 return;
964
965 hdev->err_data_reporting = cp->err_data_reporting;
966}
967
980e1a53
JH		 968static void hci_cc_pin_code_reply(struct hci_dev *hdev, struct sk_buff *skb)
969{
970 struct hci_rp_pin_code_reply *rp = (void *) skb->data;
971 struct hci_cp_pin_code_reply *cp;
972 struct hci_conn *conn;
973
9f1db00c 974 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
980e1a53 975
56e5cb86
JH		 976 hci_dev_lock(hdev);
977
d7a5a11d 978 if (hci_dev_test_flag(hdev, HCI_MGMT))
744cf19e 979 mgmt_pin_code_reply_complete(hdev, &rp->bdaddr, rp->status);
980e1a53 980
fa1bd918 981 if (rp->status)
56e5cb86 982 goto unlock;
980e1a53
JH		 983
984 cp = hci_sent_cmd_data(hdev, HCI_OP_PIN_CODE_REPLY);
985 if (!cp)
56e5cb86 986 goto unlock;
980e1a53
JH		 987
988 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
989 if (conn)
990 conn->pin_length = cp->pin_len;
56e5cb86
JH		 991
992unlock:
993 hci_dev_unlock(hdev);
980e1a53
JH		 994}
995
996static void hci_cc_pin_code_neg_reply(struct hci_dev *hdev, struct sk_buff *skb)
997{
998 struct hci_rp_pin_code_neg_reply *rp = (void *) skb->data;
999
9f1db00c 1000 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
980e1a53 1001
56e5cb86
JH		 1002 hci_dev_lock(hdev);
1003
d7a5a11d 1004 if (hci_dev_test_flag(hdev, HCI_MGMT))
744cf19e 1005 mgmt_pin_code_neg_reply_complete(hdev, &rp->bdaddr,
807deac2 1006 rp->status);
56e5cb86
JH		 1007
1008 hci_dev_unlock(hdev);
980e1a53 1009}
56e5cb86 1010
6ed58ec5
VT		 1011static void hci_cc_le_read_buffer_size(struct hci_dev *hdev,
1012 struct sk_buff *skb)
1013{
1014 struct hci_rp_le_read_buffer_size *rp = (void *) skb->data;
1015
9f1db00c 1016 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
6ed58ec5
VT		 1017
1018 if (rp->status)
1019 return;
1020
1021 hdev->le_mtu = __le16_to_cpu(rp->le_mtu);
1022 hdev->le_pkts = rp->le_max_pkt;
1023
1024 hdev->le_cnt = hdev->le_pkts;
1025
1026 BT_DBG("%s le mtu %d:%d", hdev->name, hdev->le_mtu, hdev->le_pkts);
6ed58ec5 1027}
980e1a53 1028
60e77321
JH		 1029static void hci_cc_le_read_local_features(struct hci_dev *hdev,
1030 struct sk_buff *skb)
1031{
1032 struct hci_rp_le_read_local_features *rp = (void *) skb->data;
1033
1034 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1035
45296acd
MH		 1036 if (rp->status)
1037 return;
1038
1039 memcpy(hdev->le_features, rp->features, 8);
60e77321
JH		 1040}
1041
8fa19098
JH		 1042static void hci_cc_le_read_adv_tx_power(struct hci_dev *hdev,
1043 struct sk_buff *skb)
1044{
1045 struct hci_rp_le_read_adv_tx_power *rp = (void *) skb->data;
1046
1047 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1048
45296acd
MH		 1049 if (rp->status)
1050 return;
1051
1052 hdev->adv_tx_power = rp->tx_power;
8fa19098
JH		 1053}
1054
a5c29683
JH		 1055static void hci_cc_user_confirm_reply(struct hci_dev *hdev, struct sk_buff *skb)
1056{
1057 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
1058
9f1db00c 1059 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
a5c29683 1060
56e5cb86
JH		 1061 hci_dev_lock(hdev);
1062
d7a5a11d 1063 if (hci_dev_test_flag(hdev, HCI_MGMT))
04124681
GP		 1064 mgmt_user_confirm_reply_complete(hdev, &rp->bdaddr, ACL_LINK, 0,
1065 rp->status);
56e5cb86
JH		 1066
1067 hci_dev_unlock(hdev);
a5c29683
JH		 1068}
1069
1070static void hci_cc_user_confirm_neg_reply(struct hci_dev *hdev,
807deac2 1071 struct sk_buff *skb)
a5c29683
JH		 1072{
1073 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
1074
9f1db00c 1075 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
a5c29683 1076
56e5cb86
JH		 1077 hci_dev_lock(hdev);
1078
d7a5a11d 1079 if (hci_dev_test_flag(hdev, HCI_MGMT))
744cf19e 1080 mgmt_user_confirm_neg_reply_complete(hdev, &rp->bdaddr,
04124681 1081 ACL_LINK, 0, rp->status);
56e5cb86
JH		 1082
1083 hci_dev_unlock(hdev);
a5c29683
JH		 1084}
1085
1143d458
BG		 1086static void hci_cc_user_passkey_reply(struct hci_dev *hdev, struct sk_buff *skb)
1087{
1088 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
1089
9f1db00c 1090 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1143d458
BG		 1091
1092 hci_dev_lock(hdev);
1093
d7a5a11d 1094 if (hci_dev_test_flag(hdev, HCI_MGMT))
272d90df 1095 mgmt_user_passkey_reply_complete(hdev, &rp->bdaddr, ACL_LINK,
04124681 1096 0, rp->status);
1143d458
BG		 1097
1098 hci_dev_unlock(hdev);
1099}
1100
1101static void hci_cc_user_passkey_neg_reply(struct hci_dev *hdev,
807deac2 1102 struct sk_buff *skb)
1143d458
BG		 1103{
1104 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
1105
9f1db00c 1106 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1143d458
BG		 1107
1108 hci_dev_lock(hdev);
1109
d7a5a11d 1110 if (hci_dev_test_flag(hdev, HCI_MGMT))
1143d458 1111 mgmt_user_passkey_neg_reply_complete(hdev, &rp->bdaddr,
04124681 1112 ACL_LINK, 0, rp->status);
1143d458
BG		 1113
1114 hci_dev_unlock(hdev);
1115}
1116
4d2d2796
MH		 1117static void hci_cc_read_local_oob_data(struct hci_dev *hdev,
1118 struct sk_buff *skb)
c35938b2
SJ		 1119{
1120 struct hci_rp_read_local_oob_data *rp = (void *) skb->data;
1121
9f1db00c 1122 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
4d2d2796
MH		 1123}
1124
1125static void hci_cc_read_local_oob_ext_data(struct hci_dev *hdev,
1126 struct sk_buff *skb)
1127{
1128 struct hci_rp_read_local_oob_ext_data *rp = (void *) skb->data;
1129
1130 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
c35938b2
SJ		 1131}
1132
7a4cd51d
MH		 1133static void hci_cc_le_set_random_addr(struct hci_dev *hdev, struct sk_buff *skb)
1134{
1135 __u8 status = *((__u8 *) skb->data);
1136 bdaddr_t *sent;
1137
1138 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1139
45296acd
MH		 1140 if (status)
1141 return;
1142
7a4cd51d
MH		 1143 sent = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_RANDOM_ADDR);
1144 if (!sent)
1145 return;
1146
1147 hci_dev_lock(hdev);
1148
45296acd 1149 bacpy(&hdev->random_addr, sent);
7a4cd51d
MH		 1150
1151 hci_dev_unlock(hdev);
1152}
1153
0314f286
JK		 1154static void hci_cc_le_set_default_phy(struct hci_dev *hdev, struct sk_buff *skb)
1155{
1156 __u8 status = *((__u8 *) skb->data);
1157 struct hci_cp_le_set_default_phy *cp;
1158
1159 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1160
1161 if (status)
1162 return;
1163
1164 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_DEFAULT_PHY);
1165 if (!cp)
1166 return;
1167
1168 hci_dev_lock(hdev);
1169
1170 hdev->le_tx_def_phys = cp->tx_phys;
1171 hdev->le_rx_def_phys = cp->rx_phys;
1172
1173 hci_dev_unlock(hdev);
1174}
1175
a73c046a
JK		 1176static void hci_cc_le_set_adv_set_random_addr(struct hci_dev *hdev,
1177 struct sk_buff *skb)
1178{
1179 __u8 status = *((__u8 *) skb->data);
1180 struct hci_cp_le_set_adv_set_rand_addr *cp;
1181 struct adv_info *adv_instance;
1182
1183 if (status)
1184 return;
1185
1186 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_ADV_SET_RAND_ADDR);
1187 if (!cp)
1188 return;
1189
1190 hci_dev_lock(hdev);
1191
1192 if (!hdev->cur_adv_instance) {
1193 /* Store in hdev for instance 0 (Set adv and Directed advs) */
1194 bacpy(&hdev->random_addr, &cp->bdaddr);
1195 } else {
1196 adv_instance = hci_find_adv_instance(hdev,
1197 hdev->cur_adv_instance);
1198 if (adv_instance)
1199 bacpy(&adv_instance->random_addr, &cp->bdaddr);
1200 }
1201
1202 hci_dev_unlock(hdev);
1203}
1204
c1d5dc4a
JH		 1205static void hci_cc_le_set_adv_enable(struct hci_dev *hdev, struct sk_buff *skb)
1206{
1207 __u8 *sent, status = *((__u8 *) skb->data);
1208
1209 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1210
45296acd 1211 if (status)
c1d5dc4a
JH		 1212 return;
1213
45296acd
MH		 1214 sent = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_ADV_ENABLE);
1215 if (!sent)
3c857757
JH		 1216 return;
1217
c1d5dc4a
JH		 1218 hci_dev_lock(hdev);
1219
49c922bb 1220 /* If we're doing connection initiation as peripheral. Set a
3c857757
JH		 1221 * timeout in case something goes wrong.
1222 */
1223 if (*sent) {
1224 struct hci_conn *conn;
1225
a1536da2 1226 hci_dev_set_flag(hdev, HCI_LE_ADV);
66c417c1 1227
e7d9ab73 1228 conn = hci_lookup_le_connect(hdev);
3c857757
JH		 1229 if (conn)
1230 queue_delayed_work(hdev->workqueue,
1231 &conn->le_conn_timeout,
09ae260b 1232 conn->conn_timeout);
66c417c1 1233 } else {
a358dc11 1234 hci_dev_clear_flag(hdev, HCI_LE_ADV);
3c857757
JH		 1235 }
1236
04b4edcb 1237 hci_dev_unlock(hdev);
c1d5dc4a
JH		 1238}
1239
de181e88
JK		 1240static void hci_cc_le_set_ext_adv_enable(struct hci_dev *hdev,
1241 struct sk_buff *skb)
1242{
1243 struct hci_cp_le_set_ext_adv_enable *cp;
de181e88
JK		 1244 __u8 status = *((__u8 *) skb->data);
1245
1246 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1247
1248 if (status)
1249 return;
1250
1251 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_EXT_ADV_ENABLE);
1252 if (!cp)
1253 return;
1254
de181e88
JK		 1255 hci_dev_lock(hdev);
1256
1257 if (cp->enable) {
1258 struct hci_conn *conn;
1259
1260 hci_dev_set_flag(hdev, HCI_LE_ADV);
1261
1262 conn = hci_lookup_le_connect(hdev);
1263 if (conn)
1264 queue_delayed_work(hdev->workqueue,
1265 &conn->le_conn_timeout,
1266 conn->conn_timeout);
45b7749f
JK		 1267 } else {
1268 hci_dev_clear_flag(hdev, HCI_LE_ADV);
de181e88
JK		 1269 }
1270
1271 hci_dev_unlock(hdev);
1272}
1273
533553f8
MH		 1274static void hci_cc_le_set_scan_param(struct hci_dev *hdev, struct sk_buff *skb)
1275{
1276 struct hci_cp_le_set_scan_param *cp;
1277 __u8 status = *((__u8 *) skb->data);
1278
1279 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1280
45296acd
MH		 1281 if (status)
1282 return;
1283
533553f8
MH		 1284 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_SCAN_PARAM);
1285 if (!cp)
1286 return;
1287
1288 hci_dev_lock(hdev);
1289
45296acd 1290 hdev->le_scan_type = cp->type;
533553f8
MH		 1291
1292 hci_dev_unlock(hdev);
1293}
1294
a2344b9e
JK		 1295static void hci_cc_le_set_ext_scan_param(struct hci_dev *hdev,
1296 struct sk_buff *skb)
1297{
1298 struct hci_cp_le_set_ext_scan_params *cp;
1299 __u8 status = *((__u8 *) skb->data);
1300 struct hci_cp_le_scan_phy_params *phy_param;
1301
1302 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1303
1304 if (status)
1305 return;
1306
1307 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_EXT_SCAN_PARAMS);
1308 if (!cp)
1309 return;
1310
1311 phy_param = (void *)cp->data;
1312
1313 hci_dev_lock(hdev);
1314
1315 hdev->le_scan_type = phy_param->type;
1316
1317 hci_dev_unlock(hdev);
1318}
1319
b9a6328f
JH		 1320static bool has_pending_adv_report(struct hci_dev *hdev)
1321{
1322 struct discovery_state *d = &hdev->discovery;
1323
1324 return bacmp(&d->last_adv_addr, BDADDR_ANY);
1325}
1326
1327static void clear_pending_adv_report(struct hci_dev *hdev)
1328{
1329 struct discovery_state *d = &hdev->discovery;
1330
1331 bacpy(&d->last_adv_addr, BDADDR_ANY);
1332 d->last_adv_data_len = 0;
1333}
1334
1335static void store_pending_adv_report(struct hci_dev *hdev, bdaddr_t *bdaddr,
c70a7e4c
MH		 1336 u8 bdaddr_type, s8 rssi, u32 flags,
1337 u8 *data, u8 len)
b9a6328f
JH		 1338{
1339 struct discovery_state *d = &hdev->discovery;
1340
a2ec905d
AM		 1341 if (len > HCI_MAX_AD_LENGTH)
1342 return;
1343
b9a6328f
JH		 1344 bacpy(&d->last_adv_addr, bdaddr);
1345 d->last_adv_addr_type = bdaddr_type;
ff5cd29f 1346 d->last_adv_rssi = rssi;
c70a7e4c 1347 d->last_adv_flags = flags;
b9a6328f
JH		 1348 memcpy(d->last_adv_data, data, len);
1349 d->last_adv_data_len = len;
1350}
1351
3baef810 1352static void le_set_scan_enable_complete(struct hci_dev *hdev, u8 enable)
eb9d91f5 1353{
5c1a4c8f
JK		 1354 hci_dev_lock(hdev);
1355
3baef810 1356 switch (enable) {
76a388be 1357 case LE_SCAN_ENABLE:
a1536da2 1358 hci_dev_set_flag(hdev, HCI_LE_SCAN);
b9a6328f
JH		 1359 if (hdev->le_scan_type == LE_SCAN_ACTIVE)
1360 clear_pending_adv_report(hdev);
68a8aea4
AE		 1361 break;
1362
76a388be 1363 case LE_SCAN_DISABLE:
b9a6328f
JH		 1364 /* We do this here instead of when setting DISCOVERY_STOPPED
1365 * since the latter would potentially require waiting for
1366 * inquiry to stop too.
1367 */
1368 if (has_pending_adv_report(hdev)) {
1369 struct discovery_state *d = &hdev->discovery;
1370
1371 mgmt_device_found(hdev, &d->last_adv_addr, LE_LINK,
ab0aa433 1372 d->last_adv_addr_type, NULL,
c70a7e4c 1373 d->last_adv_rssi, d->last_adv_flags,
ab0aa433 1374 d->last_adv_data,
b9a6328f
JH		 1375 d->last_adv_data_len, NULL, 0);
1376 }
1377
317ac8cb
JH		 1378 /* Cancel this timer so that we don't try to disable scanning
1379 * when it's already disabled.
1380 */
1381 cancel_delayed_work(&hdev->le_scan_disable);
1382
a358dc11 1383 hci_dev_clear_flag(hdev, HCI_LE_SCAN);
e8bb6b97 1384
81ad6fd9
JH		 1385 /* The HCI_LE_SCAN_INTERRUPTED flag indicates that we
1386 * interrupted scanning due to a connect request. Mark
e8bb6b97
JH		 1387 * therefore discovery as stopped. If this was not
1388 * because of a connect request advertising might have
1389 * been disabled because of active scanning, so
1390 * re-enable it again if necessary.
81ad6fd9 1391 */
a69d8927 1392 if (hci_dev_test_and_clear_flag(hdev, HCI_LE_SCAN_INTERRUPTED))
81ad6fd9 1393 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
d7a5a11d 1394 else if (!hci_dev_test_flag(hdev, HCI_LE_ADV) &&
34722277 1395 hdev->discovery.state == DISCOVERY_FINDING)
f2252570 1396 hci_req_reenable_advertising(hdev);
e8bb6b97 1397
68a8aea4
AE		 1398 break;
1399
1400 default:
2064ee33 1401 bt_dev_err(hdev, "use of reserved LE_Scan_Enable param %d",
3baef810 1402 enable);
68a8aea4 1403 break;
35815085 1404 }
5c1a4c8f
JK		 1405
1406 hci_dev_unlock(hdev);
eb9d91f5
AG		 1407}
1408
3baef810
JK		 1409static void hci_cc_le_set_scan_enable(struct hci_dev *hdev,
1410 struct sk_buff *skb)
1411{
1412 struct hci_cp_le_set_scan_enable *cp;
1413 __u8 status = *((__u8 *) skb->data);
1414
1415 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1416
1417 if (status)
1418 return;
1419
1420 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_SCAN_ENABLE);
1421 if (!cp)
1422 return;
1423
1424 le_set_scan_enable_complete(hdev, cp->enable);
1425}
1426
a2344b9e
JK		 1427static void hci_cc_le_set_ext_scan_enable(struct hci_dev *hdev,
1428 struct sk_buff *skb)
1429{
1430 struct hci_cp_le_set_ext_scan_enable *cp;
1431 __u8 status = *((__u8 *) skb->data);
1432
1433 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1434
1435 if (status)
1436 return;
1437
1438 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_EXT_SCAN_ENABLE);
1439 if (!cp)
1440 return;
1441
1442 le_set_scan_enable_complete(hdev, cp->enable);
1443}
1444
6b49bcb4
JK		 1445static void hci_cc_le_read_num_adv_sets(struct hci_dev *hdev,
1446 struct sk_buff *skb)
1447{
1448 struct hci_rp_le_read_num_supported_adv_sets *rp = (void *) skb->data;
1449
1450 BT_DBG("%s status 0x%2.2x No of Adv sets %u", hdev->name, rp->status,
1451 rp->num_of_sets);
1452
1453 if (rp->status)
1454 return;
1455
1456 hdev->le_num_of_adv_sets = rp->num_of_sets;
1457}
1458
cf1d081f
JH		 1459static void hci_cc_le_read_white_list_size(struct hci_dev *hdev,
1460 struct sk_buff *skb)
1461{
1462 struct hci_rp_le_read_white_list_size *rp = (void *) skb->data;
1463
1464 BT_DBG("%s status 0x%2.2x size %u", hdev->name, rp->status, rp->size);
1465
45296acd
MH		 1466 if (rp->status)
1467 return;
1468
1469 hdev->le_white_list_size = rp->size;
cf1d081f
JH		 1470}
1471
0f36b589
MH		 1472static void hci_cc_le_clear_white_list(struct hci_dev *hdev,
1473 struct sk_buff *skb)
1474{
1475 __u8 status = *((__u8 *) skb->data);
1476
1477 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1478
45296acd
MH		 1479 if (status)
1480 return;
1481
dcc36c16 1482 hci_bdaddr_list_clear(&hdev->le_white_list);
0f36b589
MH		 1483}
1484
1485static void hci_cc_le_add_to_white_list(struct hci_dev *hdev,
1486 struct sk_buff *skb)
1487{
1488 struct hci_cp_le_add_to_white_list *sent;
1489 __u8 status = *((__u8 *) skb->data);
1490
1491 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1492
45296acd
MH		 1493 if (status)
1494 return;
1495
0f36b589
MH		 1496 sent = hci_sent_cmd_data(hdev, HCI_OP_LE_ADD_TO_WHITE_LIST);
1497 if (!sent)
1498 return;
1499
dcc36c16
JH		 1500 hci_bdaddr_list_add(&hdev->le_white_list, &sent->bdaddr,
1501 sent->bdaddr_type);
0f36b589
MH		 1502}
1503
1504static void hci_cc_le_del_from_white_list(struct hci_dev *hdev,
1505 struct sk_buff *skb)
1506{
1507 struct hci_cp_le_del_from_white_list *sent;
1508 __u8 status = *((__u8 *) skb->data);
1509
1510 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1511
45296acd
MH		 1512 if (status)
1513 return;
1514
0f36b589
MH		 1515 sent = hci_sent_cmd_data(hdev, HCI_OP_LE_DEL_FROM_WHITE_LIST);
1516 if (!sent)
1517 return;
1518
dcc36c16
JH		 1519 hci_bdaddr_list_del(&hdev->le_white_list, &sent->bdaddr,
1520 sent->bdaddr_type);
0f36b589
MH		 1521}
1522
9b008c04
JH		 1523static void hci_cc_le_read_supported_states(struct hci_dev *hdev,
1524 struct sk_buff *skb)
1525{
1526 struct hci_rp_le_read_supported_states *rp = (void *) skb->data;
1527
1528 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1529
45296acd
MH		 1530 if (rp->status)
1531 return;
1532
1533 memcpy(hdev->le_states, rp->le_states, 8);
9b008c04
JH		 1534}
1535
a8e1bfaa
MH		 1536static void hci_cc_le_read_def_data_len(struct hci_dev *hdev,
1537 struct sk_buff *skb)
1538{
1539 struct hci_rp_le_read_def_data_len *rp = (void *) skb->data;
1540
1541 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1542
1543 if (rp->status)
1544 return;
1545
1546 hdev->le_def_tx_len = le16_to_cpu(rp->tx_len);
1547 hdev->le_def_tx_time = le16_to_cpu(rp->tx_time);
1548}
1549
1550static void hci_cc_le_write_def_data_len(struct hci_dev *hdev,
1551 struct sk_buff *skb)
1552{
1553 struct hci_cp_le_write_def_data_len *sent;
1554 __u8 status = *((__u8 *) skb->data);
1555
1556 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1557
1558 if (status)
1559 return;
1560
1561 sent = hci_sent_cmd_data(hdev, HCI_OP_LE_WRITE_DEF_DATA_LEN);
1562 if (!sent)
1563 return;
1564
1565 hdev->le_def_tx_len = le16_to_cpu(sent->tx_len);
1566 hdev->le_def_tx_time = le16_to_cpu(sent->tx_time);
1567}
1568
b950aa88
AN		 1569static void hci_cc_le_add_to_resolv_list(struct hci_dev *hdev,
1570 struct sk_buff *skb)
1571{
1572 struct hci_cp_le_add_to_resolv_list *sent;
1573 __u8 status = *((__u8 *) skb->data);
1574
1575 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1576
1577 if (status)
1578 return;
1579
1580 sent = hci_sent_cmd_data(hdev, HCI_OP_LE_ADD_TO_RESOLV_LIST);
1581 if (!sent)
1582 return;
1583
1584 hci_bdaddr_list_add_with_irk(&hdev->le_resolv_list, &sent->bdaddr,
1585 sent->bdaddr_type, sent->peer_irk,
1586 sent->local_irk);
1587}
1588
1589static void hci_cc_le_del_from_resolv_list(struct hci_dev *hdev,
1590 struct sk_buff *skb)
1591{
1592 struct hci_cp_le_del_from_resolv_list *sent;
1593 __u8 status = *((__u8 *) skb->data);
1594
1595 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1596
1597 if (status)
1598 return;
1599
1600 sent = hci_sent_cmd_data(hdev, HCI_OP_LE_DEL_FROM_RESOLV_LIST);
1601 if (!sent)
1602 return;
1603
1604 hci_bdaddr_list_del_with_irk(&hdev->le_resolv_list, &sent->bdaddr,
1605 sent->bdaddr_type);
1606}
1607
545f2596
AN		 1608static void hci_cc_le_clear_resolv_list(struct hci_dev *hdev,
1609 struct sk_buff *skb)
1610{
1611 __u8 status = *((__u8 *) skb->data);
1612
1613 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1614
1615 if (status)
1616 return;
1617
1618 hci_bdaddr_list_clear(&hdev->le_resolv_list);
1619}
1620
cfdb0c2d
AN		 1621static void hci_cc_le_read_resolv_list_size(struct hci_dev *hdev,
1622 struct sk_buff *skb)
1623{
1624 struct hci_rp_le_read_resolv_list_size *rp = (void *) skb->data;
1625
1626 BT_DBG("%s status 0x%2.2x size %u", hdev->name, rp->status, rp->size);
1627
1628 if (rp->status)
1629 return;
1630
1631 hdev->le_resolv_list_size = rp->size;
1632}
1633
aa12af77
AN		 1634static void hci_cc_le_set_addr_resolution_enable(struct hci_dev *hdev,
1635 struct sk_buff *skb)
1636{
1637 __u8 *sent, status = *((__u8 *) skb->data);
1638
1639 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1640
1641 if (status)
1642 return;
1643
1644 sent = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_ADDR_RESOLV_ENABLE);
1645 if (!sent)
1646 return;
1647
1648 hci_dev_lock(hdev);
1649
1650 if (*sent)
1651 hci_dev_set_flag(hdev, HCI_LL_RPA_RESOLUTION);
1652 else
1653 hci_dev_clear_flag(hdev, HCI_LL_RPA_RESOLUTION);
1654
1655 hci_dev_unlock(hdev);
1656}
1657
a8e1bfaa
MH		 1658static void hci_cc_le_read_max_data_len(struct hci_dev *hdev,
1659 struct sk_buff *skb)
1660{
1661 struct hci_rp_le_read_max_data_len *rp = (void *) skb->data;
1662
1663 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1664
1665 if (rp->status)
1666 return;
1667
1668 hdev->le_max_tx_len = le16_to_cpu(rp->tx_len);
1669 hdev->le_max_tx_time = le16_to_cpu(rp->tx_time);
1670 hdev->le_max_rx_len = le16_to_cpu(rp->rx_len);
1671 hdev->le_max_rx_time = le16_to_cpu(rp->rx_time);
1672}
1673
6039aa73
GP		 1674static void hci_cc_write_le_host_supported(struct hci_dev *hdev,
1675 struct sk_buff *skb)
f9b49306 1676{
06199cf8 1677 struct hci_cp_write_le_host_supported *sent;
f9b49306
AG		 1678 __u8 status = *((__u8 *) skb->data);
1679
9f1db00c 1680 BT_DBG("%s status 0x%2.2x", hdev->name, status);
f9b49306 1681
45296acd
MH		 1682 if (status)
1683 return;
1684
06199cf8 1685 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED);
8f984dfa 1686 if (!sent)
f9b49306
AG		 1687 return;
1688
5c1a4c8f
JK		 1689 hci_dev_lock(hdev);
1690
45296acd
MH		 1691 if (sent->le) {
1692 hdev->features[1][0] |= LMP_HOST_LE;
a1536da2 1693 hci_dev_set_flag(hdev, HCI_LE_ENABLED);
45296acd
MH		 1694 } else {
1695 hdev->features[1][0] &= ~LMP_HOST_LE;
a358dc11
MH		 1696 hci_dev_clear_flag(hdev, HCI_LE_ENABLED);
1697 hci_dev_clear_flag(hdev, HCI_ADVERTISING);
8f984dfa 1698 }
45296acd
MH		 1699
1700 if (sent->simul)
1701 hdev->features[1][0] |= LMP_HOST_LE_BREDR;
1702 else
1703 hdev->features[1][0] &= ~LMP_HOST_LE_BREDR;
5c1a4c8f
JK		 1704
1705 hci_dev_unlock(hdev);
f9b49306
AG		 1706}
1707
56ed2cb8
JH		 1708static void hci_cc_set_adv_param(struct hci_dev *hdev, struct sk_buff *skb)
1709{
1710 struct hci_cp_le_set_adv_param *cp;
1711 u8 status = *((u8 *) skb->data);
1712
1713 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1714
1715 if (status)
1716 return;
1717
1718 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_ADV_PARAM);
1719 if (!cp)
1720 return;
1721
1722 hci_dev_lock(hdev);
1723 hdev->adv_addr_type = cp->own_address_type;
1724 hci_dev_unlock(hdev);
1725}
1726
de181e88
JK		 1727static void hci_cc_set_ext_adv_param(struct hci_dev *hdev, struct sk_buff *skb)
1728{
1729 struct hci_rp_le_set_ext_adv_params *rp = (void *) skb->data;
1730 struct hci_cp_le_set_ext_adv_params *cp;
1731 struct adv_info *adv_instance;
1732
1733 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1734
1735 if (rp->status)
1736 return;
1737
1738 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_EXT_ADV_PARAMS);
1739 if (!cp)
1740 return;
1741
1742 hci_dev_lock(hdev);
1743 hdev->adv_addr_type = cp->own_addr_type;
1744 if (!hdev->cur_adv_instance) {
1745 /* Store in hdev for instance 0 */
1746 hdev->adv_tx_power = rp->tx_power;
1747 } else {
1748 adv_instance = hci_find_adv_instance(hdev,
1749 hdev->cur_adv_instance);
1750 if (adv_instance)
1751 adv_instance->tx_power = rp->tx_power;
1752 }
a0fb3726
JK		 1753 /* Update adv data as tx power is known now */
1754 hci_req_update_adv_data(hdev, hdev->cur_adv_instance);
de181e88
JK		 1755 hci_dev_unlock(hdev);
1756}
1757
5ae76a94
AK		 1758static void hci_cc_read_rssi(struct hci_dev *hdev, struct sk_buff *skb)
1759{
1760 struct hci_rp_read_rssi *rp = (void *) skb->data;
1761 struct hci_conn *conn;
1762
1763 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1764
1765 if (rp->status)
1766 return;
1767
1768 hci_dev_lock(hdev);
1769
1770 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
1771 if (conn)
1772 conn->rssi = rp->rssi;
1773
1774 hci_dev_unlock(hdev);
1775}
1776
5a134fae
AK		 1777static void hci_cc_read_tx_power(struct hci_dev *hdev, struct sk_buff *skb)
1778{
1779 struct hci_cp_read_tx_power *sent;
1780 struct hci_rp_read_tx_power *rp = (void *) skb->data;
1781 struct hci_conn *conn;
1782
1783 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1784
1785 if (rp->status)
1786 return;
1787
1788 sent = hci_sent_cmd_data(hdev, HCI_OP_READ_TX_POWER);
1789 if (!sent)
1790 return;
1791
1792 hci_dev_lock(hdev);
1793
1794 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
d0455ed9
AK		 1795 if (!conn)
1796 goto unlock;
1797
1798 switch (sent->type) {
1799 case 0x00:
5a134fae 1800 conn->tx_power = rp->tx_power;
d0455ed9
AK		 1801 break;
1802 case 0x01:
1803 conn->max_tx_power = rp->tx_power;
1804 break;
1805 }
5a134fae 1806
d0455ed9 1807unlock:
5a134fae
AK		 1808 hci_dev_unlock(hdev);
1809}
1810
c50b33c8
MH		 1811static void hci_cc_write_ssp_debug_mode(struct hci_dev *hdev, struct sk_buff *skb)
1812{
1813 u8 status = *((u8 *) skb->data);
1814 u8 *mode;
1815
1816 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1817
1818 if (status)
1819 return;
1820
1821 mode = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SSP_DEBUG_MODE);
1822 if (mode)
1823 hdev->ssp_debug_mode = *mode;
1824}
1825
6039aa73 1826static void hci_cs_inquiry(struct hci_dev *hdev, __u8 status)
a9de9248 1827{
9f1db00c 1828 BT_DBG("%s status 0x%2.2x", hdev->name, status);
a9de9248
MH		 1829
1830 if (status) {
a9de9248 1831 hci_conn_check_pending(hdev);
314b2381
JH		 1832 return;
1833 }
1834
89352e7d 1835 set_bit(HCI_INQUIRY, &hdev->flags);
1da177e4
LT		 1836}
1837
6039aa73 1838static void hci_cs_create_conn(struct hci_dev *hdev, __u8 status)
1da177e4 1839{
a9de9248 1840 struct hci_cp_create_conn *cp;
1da177e4 1841 struct hci_conn *conn;
1da177e4 1842
9f1db00c 1843 BT_DBG("%s status 0x%2.2x", hdev->name, status);
a9de9248
MH		 1844
1845 cp = hci_sent_cmd_data(hdev, HCI_OP_CREATE_CONN);
1da177e4
LT		 1846 if (!cp)
1847 return;
1848
1849 hci_dev_lock(hdev);
1850
1851 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1852
6ed93dc6 1853 BT_DBG("%s bdaddr %pMR hcon %p", hdev->name, &cp->bdaddr, conn);
1da177e4
LT		 1854
1855 if (status) {
1856 if (conn && conn->state == BT_CONNECT) {
4c67bc74
MH		 1857 if (status != 0x0c || conn->attempt > 2) {
1858 conn->state = BT_CLOSED;
539c496d 1859 hci_connect_cfm(conn, status);
4c67bc74
MH		 1860 hci_conn_del(conn);
1861 } else
1862 conn->state = BT_CONNECT2;
1da177e4
LT		 1863 }
1864 } else {
1865 if (!conn) {
a5c4e309
JH		 1866 conn = hci_conn_add(hdev, ACL_LINK, &cp->bdaddr,
1867 HCI_ROLE_MASTER);
1868 if (!conn)
2064ee33 1869 bt_dev_err(hdev, "no memory for new connection");
1da177e4
LT		 1870 }
1871 }
1872
1873 hci_dev_unlock(hdev);
1874}
1875
a9de9248 1876static void hci_cs_add_sco(struct hci_dev *hdev, __u8 status)
1da177e4 1877{
a9de9248
MH		 1878 struct hci_cp_add_sco *cp;
1879 struct hci_conn *acl, *sco;
1880 __u16 handle;
1da177e4 1881
9f1db00c 1882 BT_DBG("%s status 0x%2.2x", hdev->name, status);
b6a0dc82 1883
a9de9248
MH		 1884 if (!status)
1885 return;
1da177e4 1886
a9de9248
MH		 1887 cp = hci_sent_cmd_data(hdev, HCI_OP_ADD_SCO);
1888 if (!cp)
1889 return;
1da177e4 1890
a9de9248 1891 handle = __le16_to_cpu(cp->handle);
1da177e4 1892
9f1db00c 1893 BT_DBG("%s handle 0x%4.4x", hdev->name, handle);
1da177e4 1894
a9de9248 1895 hci_dev_lock(hdev);
1da177e4 1896
a9de9248 1897 acl = hci_conn_hash_lookup_handle(hdev, handle);
5a08ecce
AE		 1898 if (acl) {
1899 sco = acl->link;
1900 if (sco) {
1901 sco->state = BT_CLOSED;
1da177e4 1902
539c496d 1903 hci_connect_cfm(sco, status);
5a08ecce
AE		 1904 hci_conn_del(sco);
1905 }
a9de9248 1906 }
1da177e4 1907
a9de9248
MH		 1908 hci_dev_unlock(hdev);
1909}
1da177e4 1910
f8558555
MH		 1911static void hci_cs_auth_requested(struct hci_dev *hdev, __u8 status)
1912{
1913 struct hci_cp_auth_requested *cp;
1914 struct hci_conn *conn;
1915
9f1db00c 1916 BT_DBG("%s status 0x%2.2x", hdev->name, status);
f8558555
MH		 1917
1918 if (!status)
1919 return;
1920
1921 cp = hci_sent_cmd_data(hdev, HCI_OP_AUTH_REQUESTED);
1922 if (!cp)
1923 return;
1924
1925 hci_dev_lock(hdev);
1926
1927 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1928 if (conn) {
1929 if (conn->state == BT_CONFIG) {
539c496d 1930 hci_connect_cfm(conn, status);
76a68ba0 1931 hci_conn_drop(conn);
f8558555
MH		 1932 }
1933 }
1934
1935 hci_dev_unlock(hdev);
1936}
1937
1938static void hci_cs_set_conn_encrypt(struct hci_dev *hdev, __u8 status)
1939{
1940 struct hci_cp_set_conn_encrypt *cp;
1941 struct hci_conn *conn;
1942
9f1db00c 1943 BT_DBG("%s status 0x%2.2x", hdev->name, status);
f8558555
MH		 1944
1945 if (!status)
1946 return;
1947
1948 cp = hci_sent_cmd_data(hdev, HCI_OP_SET_CONN_ENCRYPT);
1949 if (!cp)
1950 return;
1951
1952 hci_dev_lock(hdev);
1953
1954 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1955 if (conn) {
1956 if (conn->state == BT_CONFIG) {
539c496d 1957 hci_connect_cfm(conn, status);
76a68ba0 1958 hci_conn_drop(conn);
f8558555
MH		 1959 }
1960 }
1961
1962 hci_dev_unlock(hdev);
1963}
1964
127178d2 1965static int hci_outgoing_auth_needed(struct hci_dev *hdev,
807deac2 1966 struct hci_conn *conn)
392599b9 1967{
392599b9
JH		 1968 if (conn->state != BT_CONFIG || !conn->out)
1969 return 0;
1970
765c2a96 1971 if (conn->pending_sec_level == BT_SECURITY_SDP)
392599b9
JH		 1972 return 0;
1973
1974 /* Only request authentication for SSP connections or non-SSP
264b8b4e
JH		 1975 * devices with sec_level MEDIUM or HIGH or if MITM protection
1976 * is requested.
1977 */
807deac2 1978 if (!hci_conn_ssp_enabled(conn) && !(conn->auth_type & 0x01) &&
7e3691e1 1979 conn->pending_sec_level != BT_SECURITY_FIPS &&
264b8b4e
JH		 1980 conn->pending_sec_level != BT_SECURITY_HIGH &&
1981 conn->pending_sec_level != BT_SECURITY_MEDIUM)
392599b9
JH		 1982 return 0;
1983
392599b9
JH		 1984 return 1;
1985}
1986
6039aa73 1987static int hci_resolve_name(struct hci_dev *hdev,
04124681 1988 struct inquiry_entry *e)
30dc78e1
JH		 1989{
1990 struct hci_cp_remote_name_req cp;
1991
1992 memset(&cp, 0, sizeof(cp));
1993
1994 bacpy(&cp.bdaddr, &e->data.bdaddr);
1995 cp.pscan_rep_mode = e->data.pscan_rep_mode;
1996 cp.pscan_mode = e->data.pscan_mode;
1997 cp.clock_offset = e->data.clock_offset;
1998
1999 return hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
2000}
2001
b644ba33 2002static bool hci_resolve_next_name(struct hci_dev *hdev)
30dc78e1
JH		 2003{
2004 struct discovery_state *discov = &hdev->discovery;
2005 struct inquiry_entry *e;
2006
b644ba33
JH		 2007 if (list_empty(&discov->resolve))
2008 return false;
2009
2010 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_NEEDED);
c810089c
RM		 2011 if (!e)
2012 return false;
2013
b644ba33
JH		 2014 if (hci_resolve_name(hdev, e) == 0) {
2015 e->name_state = NAME_PENDING;
2016 return true;
2017 }
2018
2019 return false;
2020}
2021
2022static void hci_check_pending_name(struct hci_dev *hdev, struct hci_conn *conn,
04124681 2023 bdaddr_t *bdaddr, u8 *name, u8 name_len)
b644ba33
JH		 2024{
2025 struct discovery_state *discov = &hdev->discovery;
2026 struct inquiry_entry *e;
2027
60cb49d2
JH		 2028 /* Update the mgmt connected state if necessary. Be careful with
2029 * conn objects that exist but are not (yet) connected however.
2030 * Only those in BT_CONFIG or BT_CONNECTED states can be
2031 * considered connected.
2032 */
2033 if (conn &&
2034 (conn->state == BT_CONFIG || conn->state == BT_CONNECTED) &&
cb77c3ec 2035 !test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
48ec92fa 2036 mgmt_device_connected(hdev, conn, 0, name, name_len);
b644ba33
JH		 2037
2038 if (discov->state == DISCOVERY_STOPPED)
2039 return;
2040
30dc78e1
JH		 2041 if (discov->state == DISCOVERY_STOPPING)
2042 goto discov_complete;
2043
2044 if (discov->state != DISCOVERY_RESOLVING)
2045 return;
2046
2047 e = hci_inquiry_cache_lookup_resolve(hdev, bdaddr, NAME_PENDING);
7cc8380e
RM		 2048 /* If the device was not found in a list of found devices names of which
2049 * are pending. there is no need to continue resolving a next name as it
2050 * will be done upon receiving another Remote Name Request Complete
2051 * Event */
2052 if (!e)
2053 return;
2054
2055 list_del(&e->list);
2056 if (name) {
30dc78e1 2057 e->name_state = NAME_KNOWN;
7cc8380e
RM		 2058 mgmt_remote_name(hdev, bdaddr, ACL_LINK, 0x00,
2059 e->data.rssi, name, name_len);
c3e7c0d9
RM		 2060 } else {
2061 e->name_state = NAME_NOT_KNOWN;
30dc78e1
JH		 2062 }
2063
b644ba33 2064 if (hci_resolve_next_name(hdev))
30dc78e1 2065 return;
30dc78e1
JH		 2066
2067discov_complete:
2068 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
2069}
2070
a9de9248
MH		 2071static void hci_cs_remote_name_req(struct hci_dev *hdev, __u8 status)
2072{
127178d2
JH		 2073 struct hci_cp_remote_name_req *cp;
2074 struct hci_conn *conn;
2075
9f1db00c 2076 BT_DBG("%s status 0x%2.2x", hdev->name, status);
127178d2
JH		 2077
2078 /* If successful wait for the name req complete event before
2079 * checking for the need to do authentication */
2080 if (!status)
2081 return;
2082
2083 cp = hci_sent_cmd_data(hdev, HCI_OP_REMOTE_NAME_REQ);
2084 if (!cp)
2085 return;
2086
2087 hci_dev_lock(hdev);
2088
b644ba33
JH		 2089 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
2090
d7a5a11d 2091 if (hci_dev_test_flag(hdev, HCI_MGMT))
b644ba33 2092 hci_check_pending_name(hdev, conn, &cp->bdaddr, NULL, 0);
30dc78e1 2093
79c6c70c
JH		 2094 if (!conn)
2095 goto unlock;
2096
2097 if (!hci_outgoing_auth_needed(hdev, conn))
2098 goto unlock;
2099
51a8efd7 2100 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
c1f23a2b
JB		 2101 struct hci_cp_auth_requested auth_cp;
2102
977f8fce
JH		 2103 set_bit(HCI_CONN_AUTH_INITIATOR, &conn->flags);
2104
c1f23a2b
JB		 2105 auth_cp.handle = __cpu_to_le16(conn->handle);
2106 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED,
2107 sizeof(auth_cp), &auth_cp);
127178d2
JH		 2108 }
2109
79c6c70c 2110unlock:
127178d2 2111 hci_dev_unlock(hdev);
a9de9248 2112}
1da177e4 2113
769be974
MH		 2114static void hci_cs_read_remote_features(struct hci_dev *hdev, __u8 status)
2115{
2116 struct hci_cp_read_remote_features *cp;
2117 struct hci_conn *conn;
2118
9f1db00c 2119 BT_DBG("%s status 0x%2.2x", hdev->name, status);
769be974
MH		 2120
2121 if (!status)
2122 return;
2123
2124 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_FEATURES);
2125 if (!cp)
2126 return;
2127
2128 hci_dev_lock(hdev);
2129
2130 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
2131 if (conn) {
2132 if (conn->state == BT_CONFIG) {
539c496d 2133 hci_connect_cfm(conn, status);
76a68ba0 2134 hci_conn_drop(conn);
769be974
MH		 2135 }
2136 }
2137
2138 hci_dev_unlock(hdev);
2139}
2140
2141static void hci_cs_read_remote_ext_features(struct hci_dev *hdev, __u8 status)
2142{
2143 struct hci_cp_read_remote_ext_features *cp;
2144 struct hci_conn *conn;
2145
9f1db00c 2146 BT_DBG("%s status 0x%2.2x", hdev->name, status);
769be974
MH		 2147
2148 if (!status)
2149 return;
2150
2151 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES);
2152 if (!cp)
2153 return;
2154
2155 hci_dev_lock(hdev);
2156
2157 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
2158 if (conn) {
2159 if (conn->state == BT_CONFIG) {
539c496d 2160 hci_connect_cfm(conn, status);
76a68ba0 2161 hci_conn_drop(conn);
769be974
MH		 2162 }
2163 }
2164
2165 hci_dev_unlock(hdev);
2166}
2167
a9de9248
MH		 2168static void hci_cs_setup_sync_conn(struct hci_dev *hdev, __u8 status)
2169{
b6a0dc82
MH		 2170 struct hci_cp_setup_sync_conn *cp;
2171 struct hci_conn *acl, *sco;
2172 __u16 handle;
2173
9f1db00c 2174 BT_DBG("%s status 0x%2.2x", hdev->name, status);
b6a0dc82
MH		 2175
2176 if (!status)
2177 return;
2178
2179 cp = hci_sent_cmd_data(hdev, HCI_OP_SETUP_SYNC_CONN);
2180 if (!cp)
2181 return;
2182
2183 handle = __le16_to_cpu(cp->handle);
2184
9f1db00c 2185 BT_DBG("%s handle 0x%4.4x", hdev->name, handle);
b6a0dc82
MH		 2186
2187 hci_dev_lock(hdev);
2188
2189 acl = hci_conn_hash_lookup_handle(hdev, handle);
5a08ecce
AE		 2190 if (acl) {
2191 sco = acl->link;
2192 if (sco) {
2193 sco->state = BT_CLOSED;
b6a0dc82 2194
539c496d 2195 hci_connect_cfm(sco, status);
5a08ecce
AE		 2196 hci_conn_del(sco);
2197 }
b6a0dc82
MH		 2198 }
2199
2200 hci_dev_unlock(hdev);
1da177e4
LT		 2201}
2202
a9de9248 2203static void hci_cs_sniff_mode(struct hci_dev *hdev, __u8 status)
1da177e4 2204{
a9de9248
MH		 2205 struct hci_cp_sniff_mode *cp;
2206 struct hci_conn *conn;
1da177e4 2207
9f1db00c 2208 BT_DBG("%s status 0x%2.2x", hdev->name, status);
04837f64 2209
a9de9248
MH		 2210 if (!status)
2211 return;
04837f64 2212
a9de9248
MH		 2213 cp = hci_sent_cmd_data(hdev, HCI_OP_SNIFF_MODE);
2214 if (!cp)
2215 return;
04837f64 2216
a9de9248 2217 hci_dev_lock(hdev);
04837f64 2218
a9de9248 2219 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
e73439d8 2220 if (conn) {
51a8efd7 2221 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags);
04837f64 2222
51a8efd7 2223 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
e73439d8
MH		 2224 hci_sco_setup(conn, status);
2225 }
2226
a9de9248
MH		 2227 hci_dev_unlock(hdev);
2228}
04837f64 2229
a9de9248
MH		 2230static void hci_cs_exit_sniff_mode(struct hci_dev *hdev, __u8 status)
2231{
2232 struct hci_cp_exit_sniff_mode *cp;
2233 struct hci_conn *conn;
04837f64 2234
9f1db00c 2235 BT_DBG("%s status 0x%2.2x", hdev->name, status);
04837f64 2236
a9de9248
MH		 2237 if (!status)
2238 return;
04837f64 2239
a9de9248
MH		 2240 cp = hci_sent_cmd_data(hdev, HCI_OP_EXIT_SNIFF_MODE);
2241 if (!cp)
2242 return;
04837f64 2243
a9de9248 2244 hci_dev_lock(hdev);
1da177e4 2245
a9de9248 2246 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
e73439d8 2247 if (conn) {
51a8efd7 2248 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags);
1da177e4 2249
51a8efd7 2250 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
e73439d8
MH		 2251 hci_sco_setup(conn, status);
2252 }
2253
a9de9248 2254 hci_dev_unlock(hdev);
1da177e4
LT		 2255}
2256
88c3df13
JH		 2257static void hci_cs_disconnect(struct hci_dev *hdev, u8 status)
2258{
2259 struct hci_cp_disconnect *cp;
2260 struct hci_conn *conn;
2261
2262 if (!status)
2263 return;
2264
2265 cp = hci_sent_cmd_data(hdev, HCI_OP_DISCONNECT);
2266 if (!cp)
2267 return;
2268
2269 hci_dev_lock(hdev);
2270
2271 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
b8d29052
JH		 2272 if (conn) {
2273 u8 type = conn->type;
2274
88c3df13 2275 mgmt_disconnect_failed(hdev, &conn->dst, conn->type,
04124681 2276 conn->dst_type, status);
88c3df13 2277
b8d29052
JH		 2278 /* If the disconnection failed for any reason, the upper layer
2279 * does not retry to disconnect in current implementation.
2280 * Hence, we need to do some basic cleanup here and re-enable
2281 * advertising if necessary.
2282 */
2283 hci_conn_del(conn);
2284 if (type == LE_LINK)
2285 hci_req_reenable_advertising(hdev);
2286 }
2287
88c3df13
JH		 2288 hci_dev_unlock(hdev);
2289}
2290
d12fb056
JK		 2291static void cs_le_create_conn(struct hci_dev *hdev, bdaddr_t *peer_addr,
2292 u8 peer_addr_type, u8 own_address_type,
2293 u8 filter_policy)
cb1d68f7 2294{
cb1d68f7
JH		 2295 struct hci_conn *conn;
2296
d12fb056
JK		 2297 conn = hci_conn_hash_lookup_le(hdev, peer_addr,
2298 peer_addr_type);
cb1d68f7 2299 if (!conn)
d12fb056 2300 return;
cb1d68f7 2301
b31bc00b
SN		 2302 /* When using controller based address resolution, then the new
2303 * address types 0x02 and 0x03 are used. These types need to be
2304 * converted back into either public address or random address type
2305 */
2306 if (use_ll_privacy(hdev) &&
2307 hci_dev_test_flag(hdev, HCI_LL_RPA_RESOLUTION)) {
2308 switch (own_address_type) {
2309 case ADDR_LE_DEV_PUBLIC_RESOLVED:
2310 own_address_type = ADDR_LE_DEV_PUBLIC;
2311 break;
2312 case ADDR_LE_DEV_RANDOM_RESOLVED:
2313 own_address_type = ADDR_LE_DEV_RANDOM;
2314 break;
2315 }
2316 }
2317
cb1d68f7
JH		 2318 /* Store the initiator and responder address information which
2319 * is needed for SMP. These values will not change during the
2320 * lifetime of the connection.
2321 */
d12fb056
JK		 2322 conn->init_addr_type = own_address_type;
2323 if (own_address_type == ADDR_LE_DEV_RANDOM)
cb1d68f7
JH		 2324 bacpy(&conn->init_addr, &hdev->random_addr);
2325 else
2326 bacpy(&conn->init_addr, &hdev->bdaddr);
2327
d12fb056
JK		 2328 conn->resp_addr_type = peer_addr_type;
2329 bacpy(&conn->resp_addr, peer_addr);
cb1d68f7 2330
9489eca4
JH		 2331 /* We don't want the connection attempt to stick around
2332 * indefinitely since LE doesn't have a page timeout concept
2333 * like BR/EDR. Set a timer for any connection that doesn't use
2334 * the white list for connecting.
2335 */
d12fb056 2336 if (filter_policy == HCI_LE_USE_PEER_ADDR)
9489eca4
JH		 2337 queue_delayed_work(conn->hdev->workqueue,
2338 &conn->le_conn_timeout,
09ae260b 2339 conn->conn_timeout);
d12fb056
JK		 2340}
2341
2342static void hci_cs_le_create_conn(struct hci_dev *hdev, u8 status)
2343{
2344 struct hci_cp_le_create_conn *cp;
2345
2346 BT_DBG("%s status 0x%2.2x", hdev->name, status);
2347
2348 /* All connection failure handling is taken care of by the
2349 * hci_le_conn_failed function which is triggered by the HCI
2350 * request completion callbacks used for connecting.
2351 */
2352 if (status)
2353 return;
2354
2355 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_CREATE_CONN);
2356 if (!cp)
2357 return;
2358
2359 hci_dev_lock(hdev);
2360
2361 cs_le_create_conn(hdev, &cp->peer_addr, cp->peer_addr_type,
2362 cp->own_address_type, cp->filter_policy);
9489eca4 2363
cb1d68f7
JH		 2364 hci_dev_unlock(hdev);
2365}
2366
4d94f95d
JK		 2367static void hci_cs_le_ext_create_conn(struct hci_dev *hdev, u8 status)
2368{
2369 struct hci_cp_le_ext_create_conn *cp;
2370
2371 BT_DBG("%s status 0x%2.2x", hdev->name, status);
2372
2373 /* All connection failure handling is taken care of by the
2374 * hci_le_conn_failed function which is triggered by the HCI
2375 * request completion callbacks used for connecting.
2376 */
2377 if (status)
2378 return;
2379
2380 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_EXT_CREATE_CONN);
2381 if (!cp)
2382 return;
2383
2384 hci_dev_lock(hdev);
2385
2386 cs_le_create_conn(hdev, &cp->peer_addr, cp->peer_addr_type,
2387 cp->own_addr_type, cp->filter_policy);
2388
2389 hci_dev_unlock(hdev);
2390}
2391
0fe29fd1
MH		 2392static void hci_cs_le_read_remote_features(struct hci_dev *hdev, u8 status)
2393{
2394 struct hci_cp_le_read_remote_features *cp;
2395 struct hci_conn *conn;
2396
2397 BT_DBG("%s status 0x%2.2x", hdev->name, status);
2398
2399 if (!status)
2400 return;
2401
2402 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_READ_REMOTE_FEATURES);
2403 if (!cp)
2404 return;
2405
2406 hci_dev_lock(hdev);
2407
2408 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
2409 if (conn) {
2410 if (conn->state == BT_CONFIG) {
2411 hci_connect_cfm(conn, status);
2412 hci_conn_drop(conn);
2413 }
2414 }
2415
2416 hci_dev_unlock(hdev);
2417}
2418
81d0c8ad
JH		 2419static void hci_cs_le_start_enc(struct hci_dev *hdev, u8 status)
2420{
2421 struct hci_cp_le_start_enc *cp;
2422 struct hci_conn *conn;
2423
2424 BT_DBG("%s status 0x%2.2x", hdev->name, status);
2425
2426 if (!status)
2427 return;
2428
2429 hci_dev_lock(hdev);
2430
2431 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_START_ENC);
2432 if (!cp)
2433 goto unlock;
2434
2435 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
2436 if (!conn)
2437 goto unlock;
2438
2439 if (conn->state != BT_CONNECTED)
2440 goto unlock;
2441
2442 hci_disconnect(conn, HCI_ERROR_AUTH_FAILURE);
2443 hci_conn_drop(conn);
2444
2445unlock:
2446 hci_dev_unlock(hdev);
2447}
2448
50fc85f1
KP		 2449static void hci_cs_switch_role(struct hci_dev *hdev, u8 status)
2450{
2451 struct hci_cp_switch_role *cp;
2452 struct hci_conn *conn;
2453
2454 BT_DBG("%s status 0x%2.2x", hdev->name, status);
2455
2456 if (!status)
2457 return;
2458
2459 cp = hci_sent_cmd_data(hdev, HCI_OP_SWITCH_ROLE);
2460 if (!cp)
2461 return;
2462
2463 hci_dev_lock(hdev);
2464
2465 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
2466 if (conn)
2467 clear_bit(HCI_CONN_RSWITCH_PEND, &conn->flags);
2468
2469 hci_dev_unlock(hdev);
2470}
2471
6039aa73 2472static void hci_inquiry_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4
LT		 2473{
2474 __u8 status = *((__u8 *) skb->data);
30dc78e1
JH		 2475 struct discovery_state *discov = &hdev->discovery;
2476 struct inquiry_entry *e;
1da177e4 2477
9f1db00c 2478 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1da177e4 2479
a9de9248 2480 hci_conn_check_pending(hdev);
89352e7d
AG		 2481
2482 if (!test_and_clear_bit(HCI_INQUIRY, &hdev->flags))
2483 return;
2484
4e857c58 2485 smp_mb__after_atomic(); /* wake_up_bit advises about this barrier */
3e13fa1e
AG		 2486 wake_up_bit(&hdev->flags, HCI_INQUIRY);
2487
d7a5a11d 2488 if (!hci_dev_test_flag(hdev, HCI_MGMT))
30dc78e1
JH		 2489 return;
2490
56e5cb86 2491 hci_dev_lock(hdev);
30dc78e1 2492
343f935b 2493 if (discov->state != DISCOVERY_FINDING)
30dc78e1
JH		 2494 goto unlock;
2495
2496 if (list_empty(&discov->resolve)) {
07d2334a
JP		 2497 /* When BR/EDR inquiry is active and no LE scanning is in
2498 * progress, then change discovery state to indicate completion.
2499 *
2500 * When running LE scanning and BR/EDR inquiry simultaneously
2501 * and the LE scan already finished, then change the discovery
2502 * state to indicate completion.
2503 */
2504 if (!hci_dev_test_flag(hdev, HCI_LE_SCAN) ||
2505 !test_bit(HCI_QUIRK_SIMULTANEOUS_DISCOVERY, &hdev->quirks))
2506 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
30dc78e1
JH		 2507 goto unlock;
2508 }
2509
2510 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_NEEDED);
2511 if (e && hci_resolve_name(hdev, e) == 0) {
2512 e->name_state = NAME_PENDING;
2513 hci_discovery_set_state(hdev, DISCOVERY_RESOLVING);
2514 } else {
07d2334a
JP		 2515 /* When BR/EDR inquiry is active and no LE scanning is in
2516 * progress, then change discovery state to indicate completion.
2517 *
2518 * When running LE scanning and BR/EDR inquiry simultaneously
2519 * and the LE scan already finished, then change the discovery
2520 * state to indicate completion.
2521 */
2522 if (!hci_dev_test_flag(hdev, HCI_LE_SCAN) ||
2523 !test_bit(HCI_QUIRK_SIMULTANEOUS_DISCOVERY, &hdev->quirks))
2524 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
30dc78e1
JH		 2525 }
2526
2527unlock:
56e5cb86 2528 hci_dev_unlock(hdev);
1da177e4
LT		 2529}
2530
6039aa73 2531static void hci_inquiry_result_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 2532{
45bb4bf0 2533 struct inquiry_data data;
a9de9248 2534 struct inquiry_info *info = (void *) (skb->data + 1);
1da177e4
LT		 2535 int num_rsp = *((__u8 *) skb->data);
2536
2537 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
2538
75bbd2ea 2539 if (!num_rsp || skb->len < num_rsp * sizeof(*info) + 1)
45bb4bf0
MH		 2540 return;
2541
d7a5a11d 2542 if (hci_dev_test_flag(hdev, HCI_PERIODIC_INQ))
1519cc17
AG		 2543 return;
2544
1da177e4 2545 hci_dev_lock(hdev);
45bb4bf0 2546
e17acd40 2547 for (; num_rsp; num_rsp--, info++) {
af58925c 2548 u32 flags;
3175405b 2549
1da177e4
LT		 2550 bacpy(&data.bdaddr, &info->bdaddr);
2551 data.pscan_rep_mode = info->pscan_rep_mode;
2552 data.pscan_period_mode = info->pscan_period_mode;
2553 data.pscan_mode = info->pscan_mode;
2554 memcpy(data.dev_class, info->dev_class, 3);
2555 data.clock_offset = info->clock_offset;
efb2513f 2556 data.rssi = HCI_RSSI_INVALID;
41a96212 2557 data.ssp_mode = 0x00;
3175405b 2558
af58925c
MH		 2559 flags = hci_inquiry_cache_update(hdev, &data, false);
2560
48264f06 2561 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
efb2513f
MH		 2562 info->dev_class, HCI_RSSI_INVALID,
2563 flags, NULL, 0, NULL, 0);
1da177e4 2564 }
45bb4bf0 2565
1da177e4
LT		 2566 hci_dev_unlock(hdev);
2567}
2568
6039aa73 2569static void hci_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 2570{
a9de9248
MH		 2571 struct hci_ev_conn_complete *ev = (void *) skb->data;
2572 struct hci_conn *conn;
1da177e4
LT		 2573
2574 BT_DBG("%s", hdev->name);
2575
2576 hci_dev_lock(hdev);
2577
2578 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
9499237a 2579 if (!conn) {
a46b7ed4
SS		 2580 /* Connection may not exist if auto-connected. Check the bredr
2581 * allowlist to see if this device is allowed to auto connect.
2582 * If link is an ACL type, create a connection class
4f40afc6 2583 * automatically.
a46b7ed4
SS		 2584 *
2585 * Auto-connect will only occur if the event filter is
2586 * programmed with a given address. Right now, event filter is
2587 * only used during suspend.
4f40afc6 2588 */
a46b7ed4
SS		 2589 if (ev->link_type == ACL_LINK &&
2590 hci_bdaddr_list_lookup_with_flags(&hdev->whitelist,
2591 &ev->bdaddr,
2592 BDADDR_BREDR)) {
4f40afc6
APS		 2593 conn = hci_conn_add(hdev, ev->link_type, &ev->bdaddr,
2594 HCI_ROLE_SLAVE);
2595 if (!conn) {
2596 bt_dev_err(hdev, "no memory for new conn");
2597 goto unlock;
2598 }
2d186fcd
APS		 2599 } else {
2600 if (ev->link_type != SCO_LINK)
2601 goto unlock;
9499237a 2602
2d186fcd
APS		 2603 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK,
2604 &ev->bdaddr);
2605 if (!conn)
2606 goto unlock;
9499237a 2607
2d186fcd
APS		 2608 conn->type = SCO_LINK;
2609 }
9499237a 2610 }
1da177e4
LT		 2611
2612 if (!ev->status) {
2613 conn->handle = __le16_to_cpu(ev->handle);
769be974
MH		 2614
2615 if (conn->type == ACL_LINK) {
2616 conn->state = BT_CONFIG;
2617 hci_conn_hold(conn);
a9ea3ed9
SJ		 2618
2619 if (!conn->out && !hci_conn_ssp_enabled(conn) &&
2620 !hci_find_link_key(hdev, &ev->bdaddr))
2621 conn->disc_timeout = HCI_PAIRING_TIMEOUT;
2622 else
2623 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
769be974
MH		 2624 } else
2625 conn->state = BT_CONNECTED;
1da177e4 2626
23b9ceb7 2627 hci_debugfs_create_conn(conn);
7d0db0a3
MH		 2628 hci_conn_add_sysfs(conn);
2629
1da177e4 2630 if (test_bit(HCI_AUTH, &hdev->flags))
4dae2798 2631 set_bit(HCI_CONN_AUTH, &conn->flags);
1da177e4
LT		 2632
2633 if (test_bit(HCI_ENCRYPT, &hdev->flags))
4dae2798 2634 set_bit(HCI_CONN_ENCRYPT, &conn->flags);
1da177e4 2635
04837f64
MH		 2636 /* Get remote features */
2637 if (conn->type == ACL_LINK) {
2638 struct hci_cp_read_remote_features cp;
2639 cp.handle = ev->handle;
769be974 2640 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_FEATURES,
04124681 2641 sizeof(cp), &cp);
22f433dc 2642
01b1cb87 2643 hci_req_update_scan(hdev);
04837f64
MH		 2644 }
2645
1da177e4 2646 /* Set packet type for incoming connection */
d095c1eb 2647 if (!conn->out && hdev->hci_ver < BLUETOOTH_VER_2_0) {
1da177e4
LT		 2648 struct hci_cp_change_conn_ptype cp;
2649 cp.handle = ev->handle;
a8746417 2650 cp.pkt_type = cpu_to_le16(conn->pkt_type);
04124681
GP		 2651 hci_send_cmd(hdev, HCI_OP_CHANGE_CONN_PTYPE, sizeof(cp),
2652 &cp);
1da177e4 2653 }
17d5c04c 2654 } else {
1da177e4 2655 conn->state = BT_CLOSED;
17d5c04c 2656 if (conn->type == ACL_LINK)
64c7b77c 2657 mgmt_connect_failed(hdev, &conn->dst, conn->type,
04124681 2658 conn->dst_type, ev->status);
17d5c04c 2659 }
1da177e4 2660
e73439d8
MH		 2661 if (conn->type == ACL_LINK)
2662 hci_sco_setup(conn, ev->status);
1da177e4 2663
769be974 2664 if (ev->status) {
539c496d 2665 hci_connect_cfm(conn, ev->status);
1da177e4 2666 hci_conn_del(conn);
1f8330ea
SN		 2667 } else if (ev->link_type == SCO_LINK) {
2668 switch (conn->setting & SCO_AIRMODE_MASK) {
2669 case SCO_AIRMODE_CVSD:
2670 if (hdev->notify)
2671 hdev->notify(hdev, HCI_NOTIFY_ENABLE_SCO_CVSD);
2672 break;
2673 }
2674
539c496d 2675 hci_connect_cfm(conn, ev->status);
1f8330ea 2676 }
1da177e4 2677
a9de9248 2678unlock:
1da177e4 2679 hci_dev_unlock(hdev);
1da177e4 2680
a9de9248 2681 hci_conn_check_pending(hdev);
1da177e4
LT		 2682}
2683
70c46425
JH		 2684static void hci_reject_conn(struct hci_dev *hdev, bdaddr_t *bdaddr)
2685{
2686 struct hci_cp_reject_conn_req cp;
2687
2688 bacpy(&cp.bdaddr, bdaddr);
2689 cp.reason = HCI_ERROR_REJ_BAD_ADDR;
2690 hci_send_cmd(hdev, HCI_OP_REJECT_CONN_REQ, sizeof(cp), &cp);
2691}
2692
6039aa73 2693static void hci_conn_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 2694{
a9de9248
MH		 2695 struct hci_ev_conn_request *ev = (void *) skb->data;
2696 int mask = hdev->link_mode;
70c46425
JH		 2697 struct inquiry_entry *ie;
2698 struct hci_conn *conn;
20714bfe 2699 __u8 flags = 0;
1da177e4 2700
6ed93dc6 2701 BT_DBG("%s bdaddr %pMR type 0x%x", hdev->name, &ev->bdaddr,
807deac2 2702 ev->link_type);
1da177e4 2703
20714bfe
FD		 2704 mask |= hci_proto_connect_ind(hdev, &ev->bdaddr, ev->link_type,
2705 &flags);
1da177e4 2706
70c46425
JH		 2707 if (!(mask & HCI_LM_ACCEPT)) {
2708 hci_reject_conn(hdev, &ev->bdaddr);
2709 return;
2710 }
2711
46c4c941
JH		 2712 if (hci_bdaddr_list_lookup(&hdev->blacklist, &ev->bdaddr,
2713 BDADDR_BREDR)) {
2714 hci_reject_conn(hdev, &ev->bdaddr);
2715 return;
2716 }
2717
6a8fc95c
JH		 2718 /* Require HCI_CONNECTABLE or a whitelist entry to accept the
2719 * connection. These features are only touched through mgmt so
2720 * only do the checks if HCI_MGMT is set.
2721 */
d7a5a11d
MH		 2722 if (hci_dev_test_flag(hdev, HCI_MGMT) &&
2723 !hci_dev_test_flag(hdev, HCI_CONNECTABLE) &&
8baaa403
APS		 2724 !hci_bdaddr_list_lookup_with_flags(&hdev->whitelist, &ev->bdaddr,
2725 BDADDR_BREDR)) {
2726 hci_reject_conn(hdev, &ev->bdaddr);
2727 return;
70c46425 2728 }
1da177e4 2729
70c46425 2730 /* Connection accepted */
b6a0dc82 2731
70c46425
JH		 2732 hci_dev_lock(hdev);
2733
2734 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
2735 if (ie)
2736 memcpy(ie->data.dev_class, ev->dev_class, 3);
c7bdd502 2737
70c46425
JH		 2738 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type,
2739 &ev->bdaddr);
2740 if (!conn) {
a5c4e309
JH		 2741 conn = hci_conn_add(hdev, ev->link_type, &ev->bdaddr,
2742 HCI_ROLE_SLAVE);
a9de9248 2743 if (!conn) {
2064ee33 2744 bt_dev_err(hdev, "no memory for new connection");
70c46425
JH		 2745 hci_dev_unlock(hdev);
2746 return;
1da177e4 2747 }
70c46425 2748 }
b6a0dc82 2749
70c46425 2750 memcpy(conn->dev_class, ev->dev_class, 3);
b6a0dc82 2751
70c46425 2752 hci_dev_unlock(hdev);
1da177e4 2753
70c46425
JH		 2754 if (ev->link_type == ACL_LINK ||
2755 (!(flags & HCI_PROTO_DEFER) && !lmp_esco_capable(hdev))) {
2756 struct hci_cp_accept_conn_req cp;
2757 conn->state = BT_CONNECT;
1da177e4 2758
70c46425 2759 bacpy(&cp.bdaddr, &ev->bdaddr);
b6a0dc82 2760
70c46425
JH		 2761 if (lmp_rswitch_capable(hdev) && (mask & HCI_LM_MASTER))
2762 cp.role = 0x00; /* Become master */
2763 else
2764 cp.role = 0x01; /* Remain slave */
b6a0dc82 2765
70c46425
JH		 2766 hci_send_cmd(hdev, HCI_OP_ACCEPT_CONN_REQ, sizeof(cp), &cp);
2767 } else if (!(flags & HCI_PROTO_DEFER)) {
2768 struct hci_cp_accept_sync_conn_req cp;
2769 conn->state = BT_CONNECT;
b6a0dc82 2770
70c46425
JH		 2771 bacpy(&cp.bdaddr, &ev->bdaddr);
2772 cp.pkt_type = cpu_to_le16(conn->pkt_type);
b6a0dc82 2773
70c46425
JH		 2774 cp.tx_bandwidth = cpu_to_le32(0x00001f40);
2775 cp.rx_bandwidth = cpu_to_le32(0x00001f40);
2776 cp.max_latency = cpu_to_le16(0xffff);
2777 cp.content_format = cpu_to_le16(hdev->voice_setting);
2778 cp.retrans_effort = 0xff;
1da177e4 2779
70c46425
JH		 2780 hci_send_cmd(hdev, HCI_OP_ACCEPT_SYNC_CONN_REQ, sizeof(cp),
2781 &cp);
a9de9248 2782 } else {
70c46425 2783 conn->state = BT_CONNECT2;
539c496d 2784 hci_connect_cfm(conn, 0);
1da177e4 2785 }
1da177e4
LT		 2786}
2787
f0d6a0ea
MA		 2788static u8 hci_to_mgmt_reason(u8 err)
2789{
2790 switch (err) {
2791 case HCI_ERROR_CONNECTION_TIMEOUT:
2792 return MGMT_DEV_DISCONN_TIMEOUT;
2793 case HCI_ERROR_REMOTE_USER_TERM:
2794 case HCI_ERROR_REMOTE_LOW_RESOURCES:
2795 case HCI_ERROR_REMOTE_POWER_OFF:
2796 return MGMT_DEV_DISCONN_REMOTE;
2797 case HCI_ERROR_LOCAL_HOST_TERM:
2798 return MGMT_DEV_DISCONN_LOCAL_HOST;
2799 default:
2800 return MGMT_DEV_DISCONN_UNKNOWN;
2801 }
2802}
2803
6039aa73 2804static void hci_disconn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
04837f64 2805{
a9de9248 2806 struct hci_ev_disconn_complete *ev = (void *) skb->data;
160b9251 2807 u8 reason;
9fcb18ef 2808 struct hci_conn_params *params;
04837f64 2809 struct hci_conn *conn;
12d4a3b2 2810 bool mgmt_connected;
3846220b 2811 u8 type;
04837f64 2812
9f1db00c 2813 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
04837f64
MH		 2814
2815 hci_dev_lock(hdev);
2816
2817 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
f7520543
JH		 2818 if (!conn)
2819 goto unlock;
7d0db0a3 2820
abf54a50
AG		 2821 if (ev->status) {
2822 mgmt_disconnect_failed(hdev, &conn->dst, conn->type,
2823 conn->dst_type, ev->status);
2824 goto unlock;
37d9ef76 2825 }
f7520543 2826
3846220b
AG		 2827 conn->state = BT_CLOSED;
2828
12d4a3b2 2829 mgmt_connected = test_and_clear_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags);
160b9251
SJ		 2830
2831 if (test_bit(HCI_CONN_AUTH_FAILURE, &conn->flags))
2832 reason = MGMT_DEV_DISCONN_AUTH_FAILURE;
2833 else
2834 reason = hci_to_mgmt_reason(ev->reason);
2835
12d4a3b2
JH		 2836 mgmt_device_disconnected(hdev, &conn->dst, conn->type, conn->dst_type,
2837 reason, mgmt_connected);
abf54a50 2838
22f433dc
JH		 2839 if (conn->type == ACL_LINK) {
2840 if (test_bit(HCI_CONN_FLUSH_KEY, &conn->flags))
2841 hci_remove_link_key(hdev, &conn->dst);
2842
01b1cb87 2843 hci_req_update_scan(hdev);
22f433dc 2844 }
2210246c 2845
9fcb18ef
AG		 2846 params = hci_conn_params_lookup(hdev, &conn->dst, conn->dst_type);
2847 if (params) {
2848 switch (params->auto_connect) {
2849 case HCI_AUTO_CONN_LINK_LOSS:
2850 if (ev->reason != HCI_ERROR_CONNECTION_TIMEOUT)
2851 break;
19186c7b 2852 fallthrough;
9fcb18ef 2853
4b9e7e75 2854 case HCI_AUTO_CONN_DIRECT:
9fcb18ef 2855 case HCI_AUTO_CONN_ALWAYS:
418025d1
JH		 2856 list_del_init(&params->action);
2857 list_add(&params->action, &hdev->pend_le_conns);
2858 hci_update_background_scan(hdev);
9fcb18ef
AG		 2859 break;
2860
2861 default:
2862 break;
2863 }
2864 }
2865
3846220b 2866 type = conn->type;
2210246c 2867
3a6d576b 2868 hci_disconn_cfm(conn, ev->reason);
3846220b
AG		 2869 hci_conn_del(conn);
2870
4f40afc6
APS		 2871 /* The suspend notifier is waiting for all devices to disconnect so
2872 * clear the bit from pending tasks and inform the wait queue.
2873 */
2874 if (list_empty(&hdev->conn_hash.list) &&
2875 test_and_clear_bit(SUSPEND_DISCONNECTING, hdev->suspend_tasks)) {
2876 wake_up(&hdev->suspend_wait_q);
2877 }
2878
3846220b
AG		 2879 /* Re-enable advertising if necessary, since it might
2880 * have been disabled by the connection. From the
2881 * HCI_LE_Set_Advertise_Enable command description in
2882 * the core specification (v4.0):
2883 * "The Controller shall continue advertising until the Host
2884 * issues an LE_Set_Advertise_Enable command with
2885 * Advertising_Enable set to 0x00 (Advertising is disabled)
2886 * or until a connection is created or until the Advertising
2887 * is timed out due to Directed Advertising."
2888 */
2889 if (type == LE_LINK)
f2252570 2890 hci_req_reenable_advertising(hdev);
f7520543
JH		 2891
2892unlock:
04837f64
MH		 2893 hci_dev_unlock(hdev);
2894}
2895
6039aa73 2896static void hci_auth_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 2897{
a9de9248 2898 struct hci_ev_auth_complete *ev = (void *) skb->data;
04837f64 2899 struct hci_conn *conn;
1da177e4 2900
9f1db00c 2901 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
1da177e4
LT		 2902
2903 hci_dev_lock(hdev);
2904
04837f64 2905 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
d7556e20
WR		 2906 if (!conn)
2907 goto unlock;
2908
2909 if (!ev->status) {
160b9251
SJ		 2910 clear_bit(HCI_CONN_AUTH_FAILURE, &conn->flags);
2911
aa64a8b5 2912 if (!hci_conn_ssp_enabled(conn) &&
807deac2 2913 test_bit(HCI_CONN_REAUTH_PEND, &conn->flags)) {
2064ee33 2914 bt_dev_info(hdev, "re-auth of legacy device is not possible.");
2a611692 2915 } else {
4dae2798 2916 set_bit(HCI_CONN_AUTH, &conn->flags);
d7556e20 2917 conn->sec_level = conn->pending_sec_level;
2a611692 2918 }
d7556e20 2919 } else {
160b9251
SJ		 2920 if (ev->status == HCI_ERROR_PIN_OR_KEY_MISSING)
2921 set_bit(HCI_CONN_AUTH_FAILURE, &conn->flags);
2922
e1e930f5 2923 mgmt_auth_failed(conn, ev->status);
d7556e20 2924 }
1da177e4 2925
51a8efd7
JH		 2926 clear_bit(HCI_CONN_AUTH_PEND, &conn->flags);
2927 clear_bit(HCI_CONN_REAUTH_PEND, &conn->flags);
1da177e4 2928
d7556e20 2929 if (conn->state == BT_CONFIG) {
aa64a8b5 2930 if (!ev->status && hci_conn_ssp_enabled(conn)) {
d7556e20
WR		 2931 struct hci_cp_set_conn_encrypt cp;
2932 cp.handle = ev->handle;
2933 cp.encrypt = 0x01;
2934 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
807deac2 2935 &cp);
052b30b0 2936 } else {
d7556e20 2937 conn->state = BT_CONNECTED;
539c496d 2938 hci_connect_cfm(conn, ev->status);
76a68ba0 2939 hci_conn_drop(conn);
052b30b0 2940 }
d7556e20
WR		 2941 } else {
2942 hci_auth_cfm(conn, ev->status);
052b30b0 2943
d7556e20
WR		 2944 hci_conn_hold(conn);
2945 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
76a68ba0 2946 hci_conn_drop(conn);
d7556e20
WR		 2947 }
2948
51a8efd7 2949 if (test_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags)) {
d7556e20
WR		 2950 if (!ev->status) {
2951 struct hci_cp_set_conn_encrypt cp;
2952 cp.handle = ev->handle;
2953 cp.encrypt = 0x01;
2954 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
807deac2 2955 &cp);
d7556e20 2956 } else {
51a8efd7 2957 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
3ca44c16 2958 hci_encrypt_cfm(conn, ev->status);
1da177e4
LT		 2959 }
2960 }
2961
d7556e20 2962unlock:
1da177e4
LT		 2963 hci_dev_unlock(hdev);
2964}
2965
6039aa73 2966static void hci_remote_name_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 2967{
127178d2
JH		 2968 struct hci_ev_remote_name *ev = (void *) skb->data;
2969 struct hci_conn *conn;
2970
a9de9248 2971 BT_DBG("%s", hdev->name);
1da177e4 2972
a9de9248 2973 hci_conn_check_pending(hdev);
127178d2
JH		 2974
2975 hci_dev_lock(hdev);
2976
b644ba33 2977 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
30dc78e1 2978
d7a5a11d 2979 if (!hci_dev_test_flag(hdev, HCI_MGMT))
b644ba33 2980 goto check_auth;
a88a9652 2981
b644ba33
JH		 2982 if (ev->status == 0)
2983 hci_check_pending_name(hdev, conn, &ev->bdaddr, ev->name,
04124681 2984 strnlen(ev->name, HCI_MAX_NAME_LENGTH));
b644ba33
JH		 2985 else
2986 hci_check_pending_name(hdev, conn, &ev->bdaddr, NULL, 0);
2987
2988check_auth:
79c6c70c
JH		 2989 if (!conn)
2990 goto unlock;
2991
2992 if (!hci_outgoing_auth_needed(hdev, conn))
2993 goto unlock;
2994
51a8efd7 2995 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
127178d2 2996 struct hci_cp_auth_requested cp;
977f8fce
JH		 2997
2998 set_bit(HCI_CONN_AUTH_INITIATOR, &conn->flags);
2999
127178d2
JH		 3000 cp.handle = __cpu_to_le16(conn->handle);
3001 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp);
3002 }
3003
79c6c70c 3004unlock:
127178d2 3005 hci_dev_unlock(hdev);
a9de9248
MH		 3006}
3007
821f3766
JH		 3008static void read_enc_key_size_complete(struct hci_dev *hdev, u8 status,
3009 u16 opcode, struct sk_buff *skb)
3010{
3011 const struct hci_rp_read_enc_key_size *rp;
3012 struct hci_conn *conn;
3013 u16 handle;
3014
3015 BT_DBG("%s status 0x%02x", hdev->name, status);
3016
3017 if (!skb || skb->len < sizeof(*rp)) {
2064ee33 3018 bt_dev_err(hdev, "invalid read key size response");
821f3766
JH		 3019 return;
3020 }
3021
3022 rp = (void *)skb->data;
3023 handle = le16_to_cpu(rp->handle);
3024
3025 hci_dev_lock(hdev);
3026
3027 conn = hci_conn_hash_lookup_handle(hdev, handle);
3028 if (!conn)
3029 goto unlock;
3030
32b50729
AM		 3031 /* While unexpected, the read_enc_key_size command may fail. The most
3032 * secure approach is to then assume the key size is 0 to force a
3033 * disconnection.
821f3766
JH		 3034 */
3035 if (rp->status) {
2064ee33
MH		 3036 bt_dev_err(hdev, "failed to read key size for handle %u",
3037 handle);
32b50729 3038 conn->enc_key_size = 0;
821f3766
JH		 3039 } else {
3040 conn->enc_key_size = rp->key_size;
3041 }
3042
3ca44c16 3043 hci_encrypt_cfm(conn, 0);
821f3766
JH		 3044
3045unlock:
3046 hci_dev_unlock(hdev);
3047}
3048
6039aa73 3049static void hci_encrypt_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248
MH		 3050{
3051 struct hci_ev_encrypt_change *ev = (void *) skb->data;
3052 struct hci_conn *conn;
3053
9f1db00c 3054 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
1da177e4
LT		 3055
3056 hci_dev_lock(hdev);
3057
04837f64 3058 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
dc8357cc
MH		 3059 if (!conn)
3060 goto unlock;
1da177e4 3061
dc8357cc
MH		 3062 if (!ev->status) {
3063 if (ev->encrypt) {
3064 /* Encryption implies authentication */
4dae2798
JH		 3065 set_bit(HCI_CONN_AUTH, &conn->flags);
3066 set_bit(HCI_CONN_ENCRYPT, &conn->flags);
dc8357cc 3067 conn->sec_level = conn->pending_sec_level;
abf76bad 3068
914a6ffe
MH		 3069 /* P-256 authentication key implies FIPS */
3070 if (conn->key_type == HCI_LK_AUTH_COMBINATION_P256)
4dae2798 3071 set_bit(HCI_CONN_FIPS, &conn->flags);
914a6ffe 3072
abf76bad
MH		 3073 if ((conn->type == ACL_LINK && ev->encrypt == 0x02) ||
3074 conn->type == LE_LINK)
3075 set_bit(HCI_CONN_AES_CCM, &conn->flags);
3076 } else {
4dae2798 3077 clear_bit(HCI_CONN_ENCRYPT, &conn->flags);
abf76bad
MH		 3078 clear_bit(HCI_CONN_AES_CCM, &conn->flags);
3079 }
dc8357cc 3080 }
a7d7723a 3081
7ed3fa20
JH		 3082 /* We should disregard the current RPA and generate a new one
3083 * whenever the encryption procedure fails.
3084 */
a73c046a 3085 if (ev->status && conn->type == LE_LINK) {
a1536da2 3086 hci_dev_set_flag(hdev, HCI_RPA_EXPIRED);
a73c046a
JK		 3087 hci_adv_instances_set_rpa_expired(hdev, true);
3088 }
7ed3fa20 3089
dc8357cc 3090 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
f8558555 3091
8746f135
LAD		 3092 /* Check link security requirements are met */
3093 if (!hci_conn_check_link_mode(conn))
3094 ev->status = HCI_ERROR_AUTH_FAILURE;
3095
dc8357cc 3096 if (ev->status && conn->state == BT_CONNECTED) {
160b9251
SJ		 3097 if (ev->status == HCI_ERROR_PIN_OR_KEY_MISSING)
3098 set_bit(HCI_CONN_AUTH_FAILURE, &conn->flags);
3099
8746f135
LAD		 3100 /* Notify upper layers so they can cleanup before
3101 * disconnecting.
3102 */
3103 hci_encrypt_cfm(conn, ev->status);
dc8357cc
MH		 3104 hci_disconnect(conn, HCI_ERROR_AUTH_FAILURE);
3105 hci_conn_drop(conn);
3106 goto unlock;
1da177e4
LT		 3107 }
3108
821f3766
JH		 3109 /* Try reading the encryption key size for encrypted ACL links */
3110 if (!ev->status && ev->encrypt && conn->type == ACL_LINK) {
3111 struct hci_cp_read_enc_key_size cp;
3112 struct hci_request req;
3113
3114 /* Only send HCI_Read_Encryption_Key_Size if the
3115 * controller really supports it. If it doesn't, assume
3116 * the default size (16).
3117 */
3118 if (!(hdev->commands[20] & 0x10)) {
3119 conn->enc_key_size = HCI_LINK_KEY_SIZE;
3120 goto notify;
3121 }
3122
3123 hci_req_init(&req, hdev);
3124
3125 cp.handle = cpu_to_le16(conn->handle);
3126 hci_req_add(&req, HCI_OP_READ_ENC_KEY_SIZE, sizeof(cp), &cp);
3127
3128 if (hci_req_run_skb(&req, read_enc_key_size_complete)) {
2064ee33 3129 bt_dev_err(hdev, "sending read key size failed");
821f3766
JH		 3130 conn->enc_key_size = HCI_LINK_KEY_SIZE;
3131 goto notify;
3132 }
3133
3134 goto unlock;
3135 }
3136
302975cb
SRK		 3137 /* Set the default Authenticated Payload Timeout after
3138 * an LE Link is established. As per Core Spec v5.0, Vol 2, Part B
3139 * Section 3.3, the HCI command WRITE_AUTH_PAYLOAD_TIMEOUT should be
3140 * sent when the link is active and Encryption is enabled, the conn
3141 * type can be either LE or ACL and controller must support LMP Ping.
3142 * Ensure for AES-CCM encryption as well.
3143 */
3144 if (test_bit(HCI_CONN_ENCRYPT, &conn->flags) &&
3145 test_bit(HCI_CONN_AES_CCM, &conn->flags) &&
3146 ((conn->type == ACL_LINK && lmp_ping_capable(hdev)) ||
3147 (conn->type == LE_LINK && (hdev->le_features[0] & HCI_LE_PING)))) {
3148 struct hci_cp_write_auth_payload_to cp;
3149
3150 cp.handle = cpu_to_le16(conn->handle);
3151 cp.timeout = cpu_to_le16(hdev->auth_payload_timeout);
3152 hci_send_cmd(conn->hdev, HCI_OP_WRITE_AUTH_PAYLOAD_TO,
3153 sizeof(cp), &cp);
3154 }
3155
821f3766 3156notify:
3ca44c16 3157 hci_encrypt_cfm(conn, ev->status);
dc8357cc 3158
a7d7723a 3159unlock:
1da177e4
LT		 3160 hci_dev_unlock(hdev);
3161}
3162
6039aa73
GP		 3163static void hci_change_link_key_complete_evt(struct hci_dev *hdev,
3164 struct sk_buff *skb)
1da177e4 3165{
a9de9248 3166 struct hci_ev_change_link_key_complete *ev = (void *) skb->data;
04837f64 3167 struct hci_conn *conn;
1da177e4 3168
9f1db00c 3169 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
1da177e4
LT		 3170
3171 hci_dev_lock(hdev);
3172
04837f64 3173 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1da177e4
LT		 3174 if (conn) {
3175 if (!ev->status)
4dae2798 3176 set_bit(HCI_CONN_SECURE, &conn->flags);
1da177e4 3177
51a8efd7 3178 clear_bit(HCI_CONN_AUTH_PEND, &conn->flags);
1da177e4
LT		 3179
3180 hci_key_change_cfm(conn, ev->status);
3181 }
3182
3183 hci_dev_unlock(hdev);
3184}
3185
6039aa73
GP		 3186static void hci_remote_features_evt(struct hci_dev *hdev,
3187 struct sk_buff *skb)
1da177e4 3188{
a9de9248
MH		 3189 struct hci_ev_remote_features *ev = (void *) skb->data;
3190 struct hci_conn *conn;
3191
9f1db00c 3192 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
a9de9248 3193
a9de9248
MH		 3194 hci_dev_lock(hdev);
3195
3196 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
ccd556fe
JH		 3197 if (!conn)
3198 goto unlock;
769be974 3199
ccd556fe 3200 if (!ev->status)
cad718ed 3201 memcpy(conn->features[0], ev->features, 8);
ccd556fe
JH		 3202
3203 if (conn->state != BT_CONFIG)
3204 goto unlock;
3205
ac363cf9
SJ		 3206 if (!ev->status && lmp_ext_feat_capable(hdev) &&
3207 lmp_ext_feat_capable(conn)) {
ccd556fe
JH		 3208 struct hci_cp_read_remote_ext_features cp;
3209 cp.handle = ev->handle;
3210 cp.page = 0x01;
3211 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES,
807deac2 3212 sizeof(cp), &cp);
392599b9
JH		 3213 goto unlock;
3214 }
3215
671267bf 3216 if (!ev->status && !test_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags)) {
127178d2
JH		 3217 struct hci_cp_remote_name_req cp;
3218 memset(&cp, 0, sizeof(cp));
3219 bacpy(&cp.bdaddr, &conn->dst);
3220 cp.pscan_rep_mode = 0x02;
3221 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
b644ba33 3222 } else if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
48ec92fa 3223 mgmt_device_connected(hdev, conn, 0, NULL, 0);
392599b9 3224
127178d2 3225 if (!hci_outgoing_auth_needed(hdev, conn)) {
ccd556fe 3226 conn->state = BT_CONNECTED;
539c496d 3227 hci_connect_cfm(conn, ev->status);
76a68ba0 3228 hci_conn_drop(conn);
769be974 3229 }
a9de9248 3230
ccd556fe 3231unlock:
a9de9248 3232 hci_dev_unlock(hdev);
1da177e4
LT		 3233}
3234
e6214487
JH		 3235static void hci_cmd_complete_evt(struct hci_dev *hdev, struct sk_buff *skb,
3236 u16 *opcode, u8 *status,
3237 hci_req_complete_t *req_complete,
3238 hci_req_complete_skb_t *req_complete_skb)
a9de9248
MH		 3239{
3240 struct hci_ev_cmd_complete *ev = (void *) skb->data;
a9de9248 3241
e6214487
JH		 3242 *opcode = __le16_to_cpu(ev->opcode);
3243 *status = skb->data[sizeof(*ev)];
a9de9248 3244
e6214487 3245 skb_pull(skb, sizeof(*ev));
a9de9248 3246
e6214487 3247 switch (*opcode) {
a9de9248 3248 case HCI_OP_INQUIRY_CANCEL:
adf1d692 3249 hci_cc_inquiry_cancel(hdev, skb, status);
a9de9248
MH		 3250 break;
3251
4d93483b
AG		 3252 case HCI_OP_PERIODIC_INQ:
3253 hci_cc_periodic_inq(hdev, skb);
3254 break;
3255
a9de9248
MH		 3256 case HCI_OP_EXIT_PERIODIC_INQ:
3257 hci_cc_exit_periodic_inq(hdev, skb);
3258 break;
3259
3260 case HCI_OP_REMOTE_NAME_REQ_CANCEL:
3261 hci_cc_remote_name_req_cancel(hdev, skb);
3262 break;
3263
3264 case HCI_OP_ROLE_DISCOVERY:
3265 hci_cc_role_discovery(hdev, skb);
3266 break;
3267
e4e8e37c
MH		 3268 case HCI_OP_READ_LINK_POLICY:
3269 hci_cc_read_link_policy(hdev, skb);
3270 break;
3271
a9de9248
MH		 3272 case HCI_OP_WRITE_LINK_POLICY:
3273 hci_cc_write_link_policy(hdev, skb);
3274 break;
3275
e4e8e37c
MH		 3276 case HCI_OP_READ_DEF_LINK_POLICY:
3277 hci_cc_read_def_link_policy(hdev, skb);
3278 break;
3279
3280 case HCI_OP_WRITE_DEF_LINK_POLICY:
3281 hci_cc_write_def_link_policy(hdev, skb);
3282 break;
3283
a9de9248
MH		 3284 case HCI_OP_RESET:
3285 hci_cc_reset(hdev, skb);
3286 break;
3287
c2f0f979
MH		 3288 case HCI_OP_READ_STORED_LINK_KEY:
3289 hci_cc_read_stored_link_key(hdev, skb);
3290 break;
3291
a9366120
MH		 3292 case HCI_OP_DELETE_STORED_LINK_KEY:
3293 hci_cc_delete_stored_link_key(hdev, skb);
3294 break;
3295
a9de9248
MH		 3296 case HCI_OP_WRITE_LOCAL_NAME:
3297 hci_cc_write_local_name(hdev, skb);
3298 break;
3299
3300 case HCI_OP_READ_LOCAL_NAME:
3301 hci_cc_read_local_name(hdev, skb);
3302 break;
3303
3304 case HCI_OP_WRITE_AUTH_ENABLE:
3305 hci_cc_write_auth_enable(hdev, skb);
3306 break;
3307
3308 case HCI_OP_WRITE_ENCRYPT_MODE:
3309 hci_cc_write_encrypt_mode(hdev, skb);
3310 break;
3311
3312 case HCI_OP_WRITE_SCAN_ENABLE:
3313 hci_cc_write_scan_enable(hdev, skb);
3314 break;
3315
3316 case HCI_OP_READ_CLASS_OF_DEV:
3317 hci_cc_read_class_of_dev(hdev, skb);
3318 break;
3319
3320 case HCI_OP_WRITE_CLASS_OF_DEV:
3321 hci_cc_write_class_of_dev(hdev, skb);
3322 break;
3323
3324 case HCI_OP_READ_VOICE_SETTING:
3325 hci_cc_read_voice_setting(hdev, skb);
3326 break;
3327
3328 case HCI_OP_WRITE_VOICE_SETTING:
3329 hci_cc_write_voice_setting(hdev, skb);
3330 break;
3331
b4cb9fb2
MH		 3332 case HCI_OP_READ_NUM_SUPPORTED_IAC:
3333 hci_cc_read_num_supported_iac(hdev, skb);
3334 break;
3335
333140b5
MH		 3336 case HCI_OP_WRITE_SSP_MODE:
3337 hci_cc_write_ssp_mode(hdev, skb);
3338 break;
3339
eac83dc6
MH		 3340 case HCI_OP_WRITE_SC_SUPPORT:
3341 hci_cc_write_sc_support(hdev, skb);
3342 break;
3343
302975cb
SRK		 3344 case HCI_OP_READ_AUTH_PAYLOAD_TO:
3345 hci_cc_read_auth_payload_timeout(hdev, skb);
3346 break;
3347
3348 case HCI_OP_WRITE_AUTH_PAYLOAD_TO:
3349 hci_cc_write_auth_payload_timeout(hdev, skb);
3350 break;
3351
a9de9248
MH		 3352 case HCI_OP_READ_LOCAL_VERSION:
3353 hci_cc_read_local_version(hdev, skb);
3354 break;
3355
3356 case HCI_OP_READ_LOCAL_COMMANDS:
3357 hci_cc_read_local_commands(hdev, skb);
3358 break;
3359
3360 case HCI_OP_READ_LOCAL_FEATURES:
3361 hci_cc_read_local_features(hdev, skb);
3362 break;
3363
971e3a4b
AG		 3364 case HCI_OP_READ_LOCAL_EXT_FEATURES:
3365 hci_cc_read_local_ext_features(hdev, skb);
3366 break;
3367
a9de9248
MH		 3368 case HCI_OP_READ_BUFFER_SIZE:
3369 hci_cc_read_buffer_size(hdev, skb);
3370 break;
3371
3372 case HCI_OP_READ_BD_ADDR:
3373 hci_cc_read_bd_addr(hdev, skb);
3374 break;
3375
a4790360
MH		 3376 case HCI_OP_READ_LOCAL_PAIRING_OPTS:
3377 hci_cc_read_local_pairing_opts(hdev, skb);
3378 break;
3379
f332ec66
JH		 3380 case HCI_OP_READ_PAGE_SCAN_ACTIVITY:
3381 hci_cc_read_page_scan_activity(hdev, skb);
3382 break;
3383
4a3ee763
JH		 3384 case HCI_OP_WRITE_PAGE_SCAN_ACTIVITY:
3385 hci_cc_write_page_scan_activity(hdev, skb);
3386 break;
3387
f332ec66
JH		 3388 case HCI_OP_READ_PAGE_SCAN_TYPE:
3389 hci_cc_read_page_scan_type(hdev, skb);
3390 break;
3391
4a3ee763
JH		 3392 case HCI_OP_WRITE_PAGE_SCAN_TYPE:
3393 hci_cc_write_page_scan_type(hdev, skb);
3394 break;
3395
350ee4cf
AE		 3396 case HCI_OP_READ_DATA_BLOCK_SIZE:
3397 hci_cc_read_data_block_size(hdev, skb);
3398 break;
3399
1e89cffb
AE		 3400 case HCI_OP_READ_FLOW_CONTROL_MODE:
3401 hci_cc_read_flow_control_mode(hdev, skb);
3402 break;
3403
928abaa7
AE		 3404 case HCI_OP_READ_LOCAL_AMP_INFO:
3405 hci_cc_read_local_amp_info(hdev, skb);
3406 break;
3407
33f35721
JH		 3408 case HCI_OP_READ_CLOCK:
3409 hci_cc_read_clock(hdev, skb);
3410 break;
3411
d5859e22
JH		 3412 case HCI_OP_READ_INQ_RSP_TX_POWER:
3413 hci_cc_read_inq_rsp_tx_power(hdev, skb);
3414 break;
3415
00bce3fb
AM		 3416 case HCI_OP_READ_DEF_ERR_DATA_REPORTING:
3417 hci_cc_read_def_err_data_reporting(hdev, skb);
3418 break;
3419
3420 case HCI_OP_WRITE_DEF_ERR_DATA_REPORTING:
3421 hci_cc_write_def_err_data_reporting(hdev, skb);
3422 break;
3423
980e1a53
JH		 3424 case HCI_OP_PIN_CODE_REPLY:
3425 hci_cc_pin_code_reply(hdev, skb);
3426 break;
3427
3428 case HCI_OP_PIN_CODE_NEG_REPLY:
3429 hci_cc_pin_code_neg_reply(hdev, skb);
3430 break;
3431
c35938b2 3432 case HCI_OP_READ_LOCAL_OOB_DATA:
4d2d2796
MH		 3433 hci_cc_read_local_oob_data(hdev, skb);
3434 break;
3435
3436 case HCI_OP_READ_LOCAL_OOB_EXT_DATA:
3437 hci_cc_read_local_oob_ext_data(hdev, skb);
c35938b2
SJ		 3438 break;
3439
6ed58ec5
VT		 3440 case HCI_OP_LE_READ_BUFFER_SIZE:
3441 hci_cc_le_read_buffer_size(hdev, skb);
3442 break;
3443
60e77321
JH		 3444 case HCI_OP_LE_READ_LOCAL_FEATURES:
3445 hci_cc_le_read_local_features(hdev, skb);
3446 break;
3447
8fa19098
JH		 3448 case HCI_OP_LE_READ_ADV_TX_POWER:
3449 hci_cc_le_read_adv_tx_power(hdev, skb);
3450 break;
3451
a5c29683
JH		 3452 case HCI_OP_USER_CONFIRM_REPLY:
3453 hci_cc_user_confirm_reply(hdev, skb);
3454 break;
3455
3456 case HCI_OP_USER_CONFIRM_NEG_REPLY:
3457 hci_cc_user_confirm_neg_reply(hdev, skb);
3458 break;
3459
1143d458
BG		 3460 case HCI_OP_USER_PASSKEY_REPLY:
3461 hci_cc_user_passkey_reply(hdev, skb);
3462 break;
3463
3464 case HCI_OP_USER_PASSKEY_NEG_REPLY:
3465 hci_cc_user_passkey_neg_reply(hdev, skb);
16cde993 3466 break;
07f7fa5d 3467
7a4cd51d
MH		 3468 case HCI_OP_LE_SET_RANDOM_ADDR:
3469 hci_cc_le_set_random_addr(hdev, skb);
3470 break;
3471
c1d5dc4a
JH		 3472 case HCI_OP_LE_SET_ADV_ENABLE:
3473 hci_cc_le_set_adv_enable(hdev, skb);
3474 break;
3475
533553f8
MH		 3476 case HCI_OP_LE_SET_SCAN_PARAM:
3477 hci_cc_le_set_scan_param(hdev, skb);
3478 break;
3479
eb9d91f5
AG		 3480 case HCI_OP_LE_SET_SCAN_ENABLE:
3481 hci_cc_le_set_scan_enable(hdev, skb);
3482 break;
3483
cf1d081f
JH		 3484 case HCI_OP_LE_READ_WHITE_LIST_SIZE:
3485 hci_cc_le_read_white_list_size(hdev, skb);
3486 break;
3487
0f36b589
MH		 3488 case HCI_OP_LE_CLEAR_WHITE_LIST:
3489 hci_cc_le_clear_white_list(hdev, skb);
3490 break;
3491
3492 case HCI_OP_LE_ADD_TO_WHITE_LIST:
3493 hci_cc_le_add_to_white_list(hdev, skb);
3494 break;
3495
3496 case HCI_OP_LE_DEL_FROM_WHITE_LIST:
3497 hci_cc_le_del_from_white_list(hdev, skb);
3498 break;
3499
9b008c04
JH		 3500 case HCI_OP_LE_READ_SUPPORTED_STATES:
3501 hci_cc_le_read_supported_states(hdev, skb);
3502 break;
3503
a8e1bfaa
MH		 3504 case HCI_OP_LE_READ_DEF_DATA_LEN:
3505 hci_cc_le_read_def_data_len(hdev, skb);
3506 break;
3507
3508 case HCI_OP_LE_WRITE_DEF_DATA_LEN:
3509 hci_cc_le_write_def_data_len(hdev, skb);
3510 break;
3511
b950aa88
AN		 3512 case HCI_OP_LE_ADD_TO_RESOLV_LIST:
3513 hci_cc_le_add_to_resolv_list(hdev, skb);
3514 break;
3515
3516 case HCI_OP_LE_DEL_FROM_RESOLV_LIST:
3517 hci_cc_le_del_from_resolv_list(hdev, skb);
3518 break;
3519
545f2596
AN		 3520 case HCI_OP_LE_CLEAR_RESOLV_LIST:
3521 hci_cc_le_clear_resolv_list(hdev, skb);
3522 break;
3523
cfdb0c2d
AN		 3524 case HCI_OP_LE_READ_RESOLV_LIST_SIZE:
3525 hci_cc_le_read_resolv_list_size(hdev, skb);
3526 break;
3527
aa12af77
AN		 3528 case HCI_OP_LE_SET_ADDR_RESOLV_ENABLE:
3529 hci_cc_le_set_addr_resolution_enable(hdev, skb);
3530 break;
3531
a8e1bfaa
MH		 3532 case HCI_OP_LE_READ_MAX_DATA_LEN:
3533 hci_cc_le_read_max_data_len(hdev, skb);
3534 break;
3535
f9b49306
AG		 3536 case HCI_OP_WRITE_LE_HOST_SUPPORTED:
3537 hci_cc_write_le_host_supported(hdev, skb);
3538 break;
3539
56ed2cb8
JH		 3540 case HCI_OP_LE_SET_ADV_PARAM:
3541 hci_cc_set_adv_param(hdev, skb);
3542 break;
3543
5ae76a94
AK		 3544 case HCI_OP_READ_RSSI:
3545 hci_cc_read_rssi(hdev, skb);
3546 break;
3547
5a134fae
AK		 3548 case HCI_OP_READ_TX_POWER:
3549 hci_cc_read_tx_power(hdev, skb);
3550 break;
3551
c50b33c8
MH		 3552 case HCI_OP_WRITE_SSP_DEBUG_MODE:
3553 hci_cc_write_ssp_debug_mode(hdev, skb);
3554 break;
3555
a2344b9e
JK		 3556 case HCI_OP_LE_SET_EXT_SCAN_PARAMS:
3557 hci_cc_le_set_ext_scan_param(hdev, skb);
3558 break;
3559
3560 case HCI_OP_LE_SET_EXT_SCAN_ENABLE:
3561 hci_cc_le_set_ext_scan_enable(hdev, skb);
3562 break;
3563
0314f286
JK		 3564 case HCI_OP_LE_SET_DEFAULT_PHY:
3565 hci_cc_le_set_default_phy(hdev, skb);
3566 break;
3567
6b49bcb4
JK		 3568 case HCI_OP_LE_READ_NUM_SUPPORTED_ADV_SETS:
3569 hci_cc_le_read_num_adv_sets(hdev, skb);
3570 break;
3571
de181e88
JK		 3572 case HCI_OP_LE_SET_EXT_ADV_PARAMS:
3573 hci_cc_set_ext_adv_param(hdev, skb);
3574 break;
3575
3576 case HCI_OP_LE_SET_EXT_ADV_ENABLE:
3577 hci_cc_le_set_ext_adv_enable(hdev, skb);
3578 break;
3579
a73c046a
JK		 3580 case HCI_OP_LE_SET_ADV_SET_RAND_ADDR:
3581 hci_cc_le_set_adv_set_random_addr(hdev, skb);
3582 break;
3583
a9de9248 3584 default:
e6214487 3585 BT_DBG("%s opcode 0x%4.4x", hdev->name, *opcode);
a9de9248
MH		 3586 break;
3587 }
3588
e6214487 3589 if (*opcode != HCI_OP_NOP)
65cc2b49 3590 cancel_delayed_work(&hdev->cmd_timer);
6bd32326 3591
600b2150
JH		 3592 if (ev->ncmd && !test_bit(HCI_RESET, &hdev->flags))
3593 atomic_set(&hdev->cmd_cnt, 1);
3594
e6214487
JH		 3595 hci_req_cmd_complete(hdev, *opcode, *status, req_complete,
3596 req_complete_skb);
9238f36a 3597
f80c5dad
JPRV		 3598 if (hci_dev_test_flag(hdev, HCI_CMD_PENDING)) {
3599 bt_dev_err(hdev,
3600 "unexpected event for opcode 0x%4.4x", *opcode);
3601 return;
3602 }
3603
600b2150
JH		 3604 if (atomic_read(&hdev->cmd_cnt) && !skb_queue_empty(&hdev->cmd_q))
3605 queue_work(hdev->workqueue, &hdev->cmd_work);
a9de9248
MH		 3606}
3607
e6214487
JH		 3608static void hci_cmd_status_evt(struct hci_dev *hdev, struct sk_buff *skb,
3609 u16 *opcode, u8 *status,
3610 hci_req_complete_t *req_complete,
3611 hci_req_complete_skb_t *req_complete_skb)
a9de9248
MH		 3612{
3613 struct hci_ev_cmd_status *ev = (void *) skb->data;
a9de9248
MH		 3614
3615 skb_pull(skb, sizeof(*ev));
3616
e6214487
JH		 3617 *opcode = __le16_to_cpu(ev->opcode);
3618 *status = ev->status;
a9de9248 3619
e6214487 3620 switch (*opcode) {
a9de9248
MH		 3621 case HCI_OP_INQUIRY:
3622 hci_cs_inquiry(hdev, ev->status);
3623 break;
3624
3625 case HCI_OP_CREATE_CONN:
3626 hci_cs_create_conn(hdev, ev->status);
3627 break;
3628
9645c76c
KP		 3629 case HCI_OP_DISCONNECT:
3630 hci_cs_disconnect(hdev, ev->status);
3631 break;
3632
a9de9248
MH		 3633 case HCI_OP_ADD_SCO:
3634 hci_cs_add_sco(hdev, ev->status);
3635 break;
3636
f8558555
MH		 3637 case HCI_OP_AUTH_REQUESTED:
3638 hci_cs_auth_requested(hdev, ev->status);
3639 break;
3640
3641 case HCI_OP_SET_CONN_ENCRYPT:
3642 hci_cs_set_conn_encrypt(hdev, ev->status);
3643 break;
3644
a9de9248
MH		 3645 case HCI_OP_REMOTE_NAME_REQ:
3646 hci_cs_remote_name_req(hdev, ev->status);
3647 break;
3648
769be974
MH		 3649 case HCI_OP_READ_REMOTE_FEATURES:
3650 hci_cs_read_remote_features(hdev, ev->status);
3651 break;
3652
3653 case HCI_OP_READ_REMOTE_EXT_FEATURES:
3654 hci_cs_read_remote_ext_features(hdev, ev->status);
3655 break;
3656
a9de9248
MH		 3657 case HCI_OP_SETUP_SYNC_CONN:
3658 hci_cs_setup_sync_conn(hdev, ev->status);
3659 break;
3660
3661 case HCI_OP_SNIFF_MODE:
3662 hci_cs_sniff_mode(hdev, ev->status);
3663 break;
3664
3665 case HCI_OP_EXIT_SNIFF_MODE:
3666 hci_cs_exit_sniff_mode(hdev, ev->status);
3667 break;
3668
50fc85f1
KP		 3669 case HCI_OP_SWITCH_ROLE:
3670 hci_cs_switch_role(hdev, ev->status);
3671 break;
3672
cb1d68f7
JH		 3673 case HCI_OP_LE_CREATE_CONN:
3674 hci_cs_le_create_conn(hdev, ev->status);
3675 break;
3676
0fe29fd1
MH		 3677 case HCI_OP_LE_READ_REMOTE_FEATURES:
3678 hci_cs_le_read_remote_features(hdev, ev->status);
3679 break;
3680
81d0c8ad
JH		 3681 case HCI_OP_LE_START_ENC:
3682 hci_cs_le_start_enc(hdev, ev->status);
3683 break;
3684
4d94f95d
JK		 3685 case HCI_OP_LE_EXT_CREATE_CONN:
3686 hci_cs_le_ext_create_conn(hdev, ev->status);
3687 break;
3688
a9de9248 3689 default:
e6214487 3690 BT_DBG("%s opcode 0x%4.4x", hdev->name, *opcode);
a9de9248
MH		 3691 break;
3692 }
3693
e6214487 3694 if (*opcode != HCI_OP_NOP)
65cc2b49 3695 cancel_delayed_work(&hdev->cmd_timer);
6bd32326 3696
600b2150
JH		 3697 if (ev->ncmd && !test_bit(HCI_RESET, &hdev->flags))
3698 atomic_set(&hdev->cmd_cnt, 1);
3699
444c6dd5
JH		 3700 /* Indicate request completion if the command failed. Also, if
3701 * we're not waiting for a special event and we get a success
3702 * command status we should try to flag the request as completed
3703 * (since for this kind of commands there will not be a command
3704 * complete event).
3705 */
02350a72 3706 if (ev->status ||
242c0ebd 3707 (hdev->sent_cmd && !bt_cb(hdev->sent_cmd)->hci.req_event))
e6214487
JH		 3708 hci_req_cmd_complete(hdev, *opcode, ev->status, req_complete,
3709 req_complete_skb);
9238f36a 3710
f80c5dad
JPRV		 3711 if (hci_dev_test_flag(hdev, HCI_CMD_PENDING)) {
3712 bt_dev_err(hdev,
3713 "unexpected event for opcode 0x%4.4x", *opcode);
3714 return;
3715 }
3716
600b2150
JH		 3717 if (atomic_read(&hdev->cmd_cnt) && !skb_queue_empty(&hdev->cmd_q))
3718 queue_work(hdev->workqueue, &hdev->cmd_work);
a9de9248
MH		 3719}
3720
24dfa343
MH		 3721static void hci_hardware_error_evt(struct hci_dev *hdev, struct sk_buff *skb)
3722{
3723 struct hci_ev_hardware_error *ev = (void *) skb->data;
3724
c7741d16
MH		 3725 hdev->hw_error_code = ev->code;
3726
3727 queue_work(hdev->req_workqueue, &hdev->error_reset);
24dfa343
MH		 3728}
3729
6039aa73 3730static void hci_role_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248
MH		 3731{
3732 struct hci_ev_role_change *ev = (void *) skb->data;
3733 struct hci_conn *conn;
3734
9f1db00c 3735 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
a9de9248
MH		 3736
3737 hci_dev_lock(hdev);
3738
3739 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3740 if (conn) {
40bef302
JH		 3741 if (!ev->status)
3742 conn->role = ev->role;
a9de9248 3743
51a8efd7 3744 clear_bit(HCI_CONN_RSWITCH_PEND, &conn->flags);
a9de9248
MH		 3745
3746 hci_role_switch_cfm(conn, ev->status, ev->role);
3747 }
3748
3749 hci_dev_unlock(hdev);
3750}
3751
6039aa73 3752static void hci_num_comp_pkts_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248
MH		 3753{
3754 struct hci_ev_num_comp_pkts *ev = (void *) skb->data;
a9de9248
MH		 3755 int i;
3756
32ac5b9b 3757 if (hdev->flow_ctl_mode != HCI_FLOW_CTL_MODE_PACKET_BASED) {
2064ee33 3758 bt_dev_err(hdev, "wrong event for mode %d", hdev->flow_ctl_mode);
32ac5b9b
AE		 3759 return;
3760 }
3761
16e18342
GS		 3762 if (skb->len < sizeof(*ev) ||
3763 skb->len < struct_size(ev, handles, ev->num_hndl)) {
a9de9248
MH		 3764 BT_DBG("%s bad parameters", hdev->name);
3765 return;
3766 }
3767
c5993de8
AE		 3768 BT_DBG("%s num_hndl %d", hdev->name, ev->num_hndl);
3769
613a1c0c
AE		 3770 for (i = 0; i < ev->num_hndl; i++) {
3771 struct hci_comp_pkts_info *info = &ev->handles[i];
a9de9248
MH		 3772 struct hci_conn *conn;
3773 __u16 handle, count;
3774
613a1c0c
AE		 3775 handle = __le16_to_cpu(info->handle);
3776 count = __le16_to_cpu(info->count);
a9de9248
MH		 3777
3778 conn = hci_conn_hash_lookup_handle(hdev, handle);
f4280918
AE		 3779 if (!conn)
3780 continue;
3781
3782 conn->sent -= count;
3783
3784 switch (conn->type) {
3785 case ACL_LINK:
3786 hdev->acl_cnt += count;
3787 if (hdev->acl_cnt > hdev->acl_pkts)
3788 hdev->acl_cnt = hdev->acl_pkts;
3789 break;
3790
3791 case LE_LINK:
3792 if (hdev->le_pkts) {
3793 hdev->le_cnt += count;
3794 if (hdev->le_cnt > hdev->le_pkts)
3795 hdev->le_cnt = hdev->le_pkts;
3796 } else {
70f23020
AE		 3797 hdev->acl_cnt += count;
3798 if (hdev->acl_cnt > hdev->acl_pkts)
a9de9248 3799 hdev->acl_cnt = hdev->acl_pkts;
a9de9248 3800 }
f4280918
AE		 3801 break;
3802
3803 case SCO_LINK:
3804 hdev->sco_cnt += count;
3805 if (hdev->sco_cnt > hdev->sco_pkts)
3806 hdev->sco_cnt = hdev->sco_pkts;
3807 break;
3808
3809 default:
2064ee33
MH		 3810 bt_dev_err(hdev, "unknown type %d conn %p",
3811 conn->type, conn);
f4280918 3812 break;
a9de9248
MH		 3813 }
3814 }
3815
3eff45ea 3816 queue_work(hdev->workqueue, &hdev->tx_work);
a9de9248
MH		 3817}
3818
76ef7cf7
AE		 3819static struct hci_conn *__hci_conn_lookup_handle(struct hci_dev *hdev,
3820 __u16 handle)
3821{
3822 struct hci_chan *chan;
3823
3824 switch (hdev->dev_type) {
ca8bee5d 3825 case HCI_PRIMARY:
76ef7cf7
AE		 3826 return hci_conn_hash_lookup_handle(hdev, handle);
3827 case HCI_AMP:
3828 chan = hci_chan_lookup_handle(hdev, handle);
3829 if (chan)
3830 return chan->conn;
3831 break;
3832 default:
2064ee33 3833 bt_dev_err(hdev, "unknown dev_type %d", hdev->dev_type);
76ef7cf7
AE		 3834 break;
3835 }
3836
3837 return NULL;
3838}
3839
6039aa73 3840static void hci_num_comp_blocks_evt(struct hci_dev *hdev, struct sk_buff *skb)
25e89e99
AE		 3841{
3842 struct hci_ev_num_comp_blocks *ev = (void *) skb->data;
3843 int i;
3844
3845 if (hdev->flow_ctl_mode != HCI_FLOW_CTL_MODE_BLOCK_BASED) {
2064ee33 3846 bt_dev_err(hdev, "wrong event for mode %d", hdev->flow_ctl_mode);
25e89e99
AE		 3847 return;
3848 }
3849
16e18342
GS		 3850 if (skb->len < sizeof(*ev) ||
3851 skb->len < struct_size(ev, handles, ev->num_hndl)) {
25e89e99
AE		 3852 BT_DBG("%s bad parameters", hdev->name);
3853 return;
3854 }
3855
3856 BT_DBG("%s num_blocks %d num_hndl %d", hdev->name, ev->num_blocks,
807deac2 3857 ev->num_hndl);
25e89e99
AE		 3858
3859 for (i = 0; i < ev->num_hndl; i++) {
3860 struct hci_comp_blocks_info *info = &ev->handles[i];
76ef7cf7 3861 struct hci_conn *conn = NULL;
25e89e99
AE		 3862 __u16 handle, block_count;
3863
3864 handle = __le16_to_cpu(info->handle);
3865 block_count = __le16_to_cpu(info->blocks);
3866
76ef7cf7 3867 conn = __hci_conn_lookup_handle(hdev, handle);
25e89e99
AE		 3868 if (!conn)
3869 continue;
3870
3871 conn->sent -= block_count;
3872
3873 switch (conn->type) {
3874 case ACL_LINK:
bd1eb66b 3875 case AMP_LINK:
25e89e99
AE		 3876 hdev->block_cnt += block_count;
3877 if (hdev->block_cnt > hdev->num_blocks)
3878 hdev->block_cnt = hdev->num_blocks;
3879 break;
3880
3881 default:
2064ee33
MH		 3882 bt_dev_err(hdev, "unknown type %d conn %p",
3883 conn->type, conn);
25e89e99
AE		 3884 break;
3885 }
3886 }
3887
3888 queue_work(hdev->workqueue, &hdev->tx_work);
3889}
3890
6039aa73 3891static void hci_mode_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
04837f64 3892{
a9de9248 3893 struct hci_ev_mode_change *ev = (void *) skb->data;
04837f64
MH		 3894 struct hci_conn *conn;
3895
9f1db00c 3896 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
04837f64
MH		 3897
3898 hci_dev_lock(hdev);
3899
3900 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
a9de9248
MH		 3901 if (conn) {
3902 conn->mode = ev->mode;
a9de9248 3903
8fc9ced3
GP		 3904 if (!test_and_clear_bit(HCI_CONN_MODE_CHANGE_PEND,
3905 &conn->flags)) {
a9de9248 3906 if (conn->mode == HCI_CM_ACTIVE)
58a681ef 3907 set_bit(HCI_CONN_POWER_SAVE, &conn->flags);
a9de9248 3908 else
58a681ef 3909 clear_bit(HCI_CONN_POWER_SAVE, &conn->flags);
a9de9248 3910 }
e73439d8 3911
51a8efd7 3912 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
e73439d8 3913 hci_sco_setup(conn, ev->status);
04837f64
MH		 3914 }
3915
3916 hci_dev_unlock(hdev);
3917}
3918
6039aa73 3919static void hci_pin_code_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248 3920{
052b30b0
MH		 3921 struct hci_ev_pin_code_req *ev = (void *) skb->data;
3922 struct hci_conn *conn;
3923
a9de9248 3924 BT_DBG("%s", hdev->name);
052b30b0
MH		 3925
3926 hci_dev_lock(hdev);
3927
3928 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
b6f98044
WR		 3929 if (!conn)
3930 goto unlock;
3931
3932 if (conn->state == BT_CONNECTED) {
052b30b0
MH		 3933 hci_conn_hold(conn);
3934 conn->disc_timeout = HCI_PAIRING_TIMEOUT;
76a68ba0 3935 hci_conn_drop(conn);
052b30b0
MH		 3936 }
3937
d7a5a11d 3938 if (!hci_dev_test_flag(hdev, HCI_BONDABLE) &&
2f407f0a 3939 !test_bit(HCI_CONN_AUTH_INITIATOR, &conn->flags)) {
03b555e1 3940 hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
807deac2 3941 sizeof(ev->bdaddr), &ev->bdaddr);
d7a5a11d 3942 } else if (hci_dev_test_flag(hdev, HCI_MGMT)) {
a770bb5a
WR		 3943 u8 secure;
3944
3945 if (conn->pending_sec_level == BT_SECURITY_HIGH)
3946 secure = 1;
3947 else
3948 secure = 0;
3949
744cf19e 3950 mgmt_pin_code_request(hdev, &ev->bdaddr, secure);
a770bb5a 3951 }
980e1a53 3952
b6f98044 3953unlock:
052b30b0 3954 hci_dev_unlock(hdev);
a9de9248
MH		 3955}
3956
cb6f3f7a
JH		 3957static void conn_set_key(struct hci_conn *conn, u8 key_type, u8 pin_len)
3958{
3959 if (key_type == HCI_LK_CHANGED_COMBINATION)
3960 return;
3961
3962 conn->pin_length = pin_len;
3963 conn->key_type = key_type;
3964
3965 switch (key_type) {
3966 case HCI_LK_LOCAL_UNIT:
3967 case HCI_LK_REMOTE_UNIT:
3968 case HCI_LK_DEBUG_COMBINATION:
3969 return;
3970 case HCI_LK_COMBINATION:
3971 if (pin_len == 16)
3972 conn->pending_sec_level = BT_SECURITY_HIGH;
3973 else
3974 conn->pending_sec_level = BT_SECURITY_MEDIUM;
3975 break;
3976 case HCI_LK_UNAUTH_COMBINATION_P192:
3977 case HCI_LK_UNAUTH_COMBINATION_P256:
3978 conn->pending_sec_level = BT_SECURITY_MEDIUM;
3979 break;
3980 case HCI_LK_AUTH_COMBINATION_P192:
3981 conn->pending_sec_level = BT_SECURITY_HIGH;
3982 break;
3983 case HCI_LK_AUTH_COMBINATION_P256:
3984 conn->pending_sec_level = BT_SECURITY_FIPS;
3985 break;
3986 }
3987}
3988
6039aa73 3989static void hci_link_key_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248 3990{
55ed8ca1
JH		 3991 struct hci_ev_link_key_req *ev = (void *) skb->data;
3992 struct hci_cp_link_key_reply cp;
3993 struct hci_conn *conn;
3994 struct link_key *key;
3995
a9de9248 3996 BT_DBG("%s", hdev->name);
55ed8ca1 3997
d7a5a11d 3998 if (!hci_dev_test_flag(hdev, HCI_MGMT))
55ed8ca1
JH		 3999 return;
4000
4001 hci_dev_lock(hdev);
4002
4003 key = hci_find_link_key(hdev, &ev->bdaddr);
4004 if (!key) {
6ed93dc6
AE		 4005 BT_DBG("%s link key not found for %pMR", hdev->name,
4006 &ev->bdaddr);
55ed8ca1
JH		 4007 goto not_found;
4008 }
4009
6ed93dc6
AE		 4010 BT_DBG("%s found key type %u for %pMR", hdev->name, key->type,
4011 &ev->bdaddr);
55ed8ca1 4012
55ed8ca1 4013 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
60b83f57 4014 if (conn) {
fe8bc5ac
JH		 4015 clear_bit(HCI_CONN_NEW_LINK_KEY, &conn->flags);
4016
66138ce8
MH		 4017 if ((key->type == HCI_LK_UNAUTH_COMBINATION_P192 ||
4018 key->type == HCI_LK_UNAUTH_COMBINATION_P256) &&
807deac2 4019 conn->auth_type != 0xff && (conn->auth_type & 0x01)) {
60b83f57
WR		 4020 BT_DBG("%s ignoring unauthenticated key", hdev->name);
4021 goto not_found;
4022 }
55ed8ca1 4023
60b83f57 4024 if (key->type == HCI_LK_COMBINATION && key->pin_len < 16 &&
f3fb0b58
JH		 4025 (conn->pending_sec_level == BT_SECURITY_HIGH ||
4026 conn->pending_sec_level == BT_SECURITY_FIPS)) {
8fc9ced3
GP		 4027 BT_DBG("%s ignoring key unauthenticated for high security",
4028 hdev->name);
60b83f57
WR		 4029 goto not_found;
4030 }
4031
cb6f3f7a 4032 conn_set_key(conn, key->type, key->pin_len);
55ed8ca1
JH		 4033 }
4034
4035 bacpy(&cp.bdaddr, &ev->bdaddr);
9b3b4460 4036 memcpy(cp.link_key, key->val, HCI_LINK_KEY_SIZE);
55ed8ca1
JH		 4037
4038 hci_send_cmd(hdev, HCI_OP_LINK_KEY_REPLY, sizeof(cp), &cp);
4039
4040 hci_dev_unlock(hdev);
4041
4042 return;
4043
4044not_found:
4045 hci_send_cmd(hdev, HCI_OP_LINK_KEY_NEG_REPLY, 6, &ev->bdaddr);
4046 hci_dev_unlock(hdev);
a9de9248
MH		 4047}
4048
6039aa73 4049static void hci_link_key_notify_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248 4050{
052b30b0
MH		 4051 struct hci_ev_link_key_notify *ev = (void *) skb->data;
4052 struct hci_conn *conn;
7652ff6a
JH		 4053 struct link_key *key;
4054 bool persistent;
55ed8ca1 4055 u8 pin_len = 0;
052b30b0 4056
a9de9248 4057 BT_DBG("%s", hdev->name);
052b30b0
MH		 4058
4059 hci_dev_lock(hdev);
4060
4061 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
82c13d42
JH		 4062 if (!conn)
4063 goto unlock;
4064
4065 hci_conn_hold(conn);
4066 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
4067 hci_conn_drop(conn);
4068
fe8bc5ac 4069 set_bit(HCI_CONN_NEW_LINK_KEY, &conn->flags);
82c13d42 4070 conn_set_key(conn, ev->key_type, conn->pin_length);
052b30b0 4071
d7a5a11d 4072 if (!hci_dev_test_flag(hdev, HCI_MGMT))
7652ff6a
JH		 4073 goto unlock;
4074
4075 key = hci_add_link_key(hdev, conn, &ev->bdaddr, ev->link_key,
4076 ev->key_type, pin_len, &persistent);
4077 if (!key)
4078 goto unlock;
4079
cb6f3f7a
JH		 4080 /* Update connection information since adding the key will have
4081 * fixed up the type in the case of changed combination keys.
4082 */
4083 if (ev->key_type == HCI_LK_CHANGED_COMBINATION)
4084 conn_set_key(conn, key->type, key->pin_len);
4085
7652ff6a 4086 mgmt_new_link_key(hdev, key, persistent);
55ed8ca1 4087
6d5650c4
JH		 4088 /* Keep debug keys around only if the HCI_KEEP_DEBUG_KEYS flag
4089 * is set. If it's not set simply remove the key from the kernel
4090 * list (we've still notified user space about it but with
4091 * store_hint being 0).
4092 */
4093 if (key->type == HCI_LK_DEBUG_COMBINATION &&
d7a5a11d 4094 !hci_dev_test_flag(hdev, HCI_KEEP_DEBUG_KEYS)) {
0378b597
JH		 4095 list_del_rcu(&key->list);
4096 kfree_rcu(key, rcu);
82c13d42 4097 goto unlock;
6d5650c4 4098 }
7652ff6a 4099
82c13d42
JH		 4100 if (persistent)
4101 clear_bit(HCI_CONN_FLUSH_KEY, &conn->flags);
4102 else
4103 set_bit(HCI_CONN_FLUSH_KEY, &conn->flags);
4104
7652ff6a 4105unlock:
052b30b0 4106 hci_dev_unlock(hdev);
a9de9248
MH		 4107}
4108
6039aa73 4109static void hci_clock_offset_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 4110{
a9de9248 4111 struct hci_ev_clock_offset *ev = (void *) skb->data;
04837f64 4112 struct hci_conn *conn;
1da177e4 4113
9f1db00c 4114 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
1da177e4
LT		 4115
4116 hci_dev_lock(hdev);
4117
04837f64 4118 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1da177e4
LT		 4119 if (conn && !ev->status) {
4120 struct inquiry_entry *ie;
4121
cc11b9c1
AE		 4122 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
4123 if (ie) {
1da177e4
LT		 4124 ie->data.clock_offset = ev->clock_offset;
4125 ie->timestamp = jiffies;
4126 }
4127 }
4128
4129 hci_dev_unlock(hdev);
4130}
4131
6039aa73 4132static void hci_pkt_type_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
a8746417
MH		 4133{
4134 struct hci_ev_pkt_type_change *ev = (void *) skb->data;
4135 struct hci_conn *conn;
4136
9f1db00c 4137 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
a8746417
MH		 4138
4139 hci_dev_lock(hdev);
4140
4141 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
4142 if (conn && !ev->status)
4143 conn->pkt_type = __le16_to_cpu(ev->pkt_type);
4144
4145 hci_dev_unlock(hdev);
4146}
4147
6039aa73 4148static void hci_pscan_rep_mode_evt(struct hci_dev *hdev, struct sk_buff *skb)
85a1e930 4149{
a9de9248 4150 struct hci_ev_pscan_rep_mode *ev = (void *) skb->data;
85a1e930
MH		 4151 struct inquiry_entry *ie;
4152
4153 BT_DBG("%s", hdev->name);
4154
4155 hci_dev_lock(hdev);
4156
cc11b9c1
AE		 4157 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
4158 if (ie) {
85a1e930
MH		 4159 ie->data.pscan_rep_mode = ev->pscan_rep_mode;
4160 ie->timestamp = jiffies;
4161 }
4162
4163 hci_dev_unlock(hdev);
4164}
4165
6039aa73
GP		 4166static void hci_inquiry_result_with_rssi_evt(struct hci_dev *hdev,
4167 struct sk_buff *skb)
a9de9248
MH		 4168{
4169 struct inquiry_data data;
4170 int num_rsp = *((__u8 *) skb->data);
4171
4172 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
4173
4174 if (!num_rsp)
4175 return;
4176
d7a5a11d 4177 if (hci_dev_test_flag(hdev, HCI_PERIODIC_INQ))
1519cc17
AG		 4178 return;
4179
a9de9248
MH		 4180 hci_dev_lock(hdev);
4181
4182 if ((skb->len - 1) / num_rsp != sizeof(struct inquiry_info_with_rssi)) {
138d22ef
SJ		 4183 struct inquiry_info_with_rssi_and_pscan_mode *info;
4184 info = (void *) (skb->data + 1);
a9de9248 4185
629b49c8
PY		 4186 if (skb->len < num_rsp * sizeof(*info) + 1)
4187 goto unlock;
4188
e17acd40 4189 for (; num_rsp; num_rsp--, info++) {
af58925c
MH		 4190 u32 flags;
4191
a9de9248
MH		 4192 bacpy(&data.bdaddr, &info->bdaddr);
4193 data.pscan_rep_mode = info->pscan_rep_mode;
4194 data.pscan_period_mode = info->pscan_period_mode;
4195 data.pscan_mode = info->pscan_mode;
4196 memcpy(data.dev_class, info->dev_class, 3);
4197 data.clock_offset = info->clock_offset;
4198 data.rssi = info->rssi;
41a96212 4199 data.ssp_mode = 0x00;
3175405b 4200
af58925c
MH		 4201 flags = hci_inquiry_cache_update(hdev, &data, false);
4202
48264f06 4203 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
04124681 4204 info->dev_class, info->rssi,
af58925c 4205 flags, NULL, 0, NULL, 0);
a9de9248
MH		 4206 }
4207 } else {
4208 struct inquiry_info_with_rssi *info = (void *) (skb->data + 1);
4209
629b49c8
PY		 4210 if (skb->len < num_rsp * sizeof(*info) + 1)
4211 goto unlock;
4212
e17acd40 4213 for (; num_rsp; num_rsp--, info++) {
af58925c
MH		 4214 u32 flags;
4215
a9de9248
MH		 4216 bacpy(&data.bdaddr, &info->bdaddr);
4217 data.pscan_rep_mode = info->pscan_rep_mode;
4218 data.pscan_period_mode = info->pscan_period_mode;
4219 data.pscan_mode = 0x00;
4220 memcpy(data.dev_class, info->dev_class, 3);
4221 data.clock_offset = info->clock_offset;
4222 data.rssi = info->rssi;
41a96212 4223 data.ssp_mode = 0x00;
af58925c
MH		 4224
4225 flags = hci_inquiry_cache_update(hdev, &data, false);
4226
48264f06 4227 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
04124681 4228 info->dev_class, info->rssi,
af58925c 4229 flags, NULL, 0, NULL, 0);
a9de9248
MH		 4230 }
4231 }
4232
629b49c8 4233unlock:
a9de9248
MH		 4234 hci_dev_unlock(hdev);
4235}
4236
6039aa73
GP		 4237static void hci_remote_ext_features_evt(struct hci_dev *hdev,
4238 struct sk_buff *skb)
a9de9248 4239{
41a96212
MH		 4240 struct hci_ev_remote_ext_features *ev = (void *) skb->data;
4241 struct hci_conn *conn;
4242
a9de9248 4243 BT_DBG("%s", hdev->name);
41a96212 4244
41a96212
MH		 4245 hci_dev_lock(hdev);
4246
4247 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
ccd556fe
JH		 4248 if (!conn)
4249 goto unlock;
41a96212 4250
cad718ed
JH		 4251 if (ev->page < HCI_MAX_PAGES)
4252 memcpy(conn->features[ev->page], ev->features, 8);
4253
ccd556fe
JH		 4254 if (!ev->status && ev->page == 0x01) {
4255 struct inquiry_entry *ie;
41a96212 4256
cc11b9c1
AE		 4257 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
4258 if (ie)
02b7cc62 4259 ie->data.ssp_mode = (ev->features[0] & LMP_HOST_SSP);
769be974 4260
bbb0eada 4261 if (ev->features[0] & LMP_HOST_SSP) {
58a681ef 4262 set_bit(HCI_CONN_SSP_ENABLED, &conn->flags);
bbb0eada
JK		 4263 } else {
4264 /* It is mandatory by the Bluetooth specification that
4265 * Extended Inquiry Results are only used when Secure
4266 * Simple Pairing is enabled, but some devices violate
4267 * this.
4268 *
4269 * To make these devices work, the internal SSP
4270 * enabled flag needs to be cleared if the remote host
4271 * features do not indicate SSP support */
4272 clear_bit(HCI_CONN_SSP_ENABLED, &conn->flags);
4273 }
eb9a8f3f
MH		 4274
4275 if (ev->features[0] & LMP_HOST_SC)
4276 set_bit(HCI_CONN_SC_ENABLED, &conn->flags);
ccd556fe
JH		 4277 }
4278
4279 if (conn->state != BT_CONFIG)
4280 goto unlock;
4281
671267bf 4282 if (!ev->status && !test_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags)) {
127178d2
JH		 4283 struct hci_cp_remote_name_req cp;
4284 memset(&cp, 0, sizeof(cp));
4285 bacpy(&cp.bdaddr, &conn->dst);
4286 cp.pscan_rep_mode = 0x02;
4287 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
b644ba33 4288 } else if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
48ec92fa 4289 mgmt_device_connected(hdev, conn, 0, NULL, 0);
392599b9 4290
127178d2 4291 if (!hci_outgoing_auth_needed(hdev, conn)) {
ccd556fe 4292 conn->state = BT_CONNECTED;
539c496d 4293 hci_connect_cfm(conn, ev->status);
76a68ba0 4294 hci_conn_drop(conn);
41a96212
MH		 4295 }
4296
ccd556fe 4297unlock:
41a96212 4298 hci_dev_unlock(hdev);
a9de9248
MH		 4299}
4300
6039aa73
GP		 4301static void hci_sync_conn_complete_evt(struct hci_dev *hdev,
4302 struct sk_buff *skb)
a9de9248 4303{
b6a0dc82
MH		 4304 struct hci_ev_sync_conn_complete *ev = (void *) skb->data;
4305 struct hci_conn *conn;
4306
9f1db00c 4307 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
b6a0dc82
MH		 4308
4309 hci_dev_lock(hdev);
4310
4311 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
9dc0a3af
MH		 4312 if (!conn) {
4313 if (ev->link_type == ESCO_LINK)
4314 goto unlock;
4315
618353b1
KP		 4316 /* When the link type in the event indicates SCO connection
4317 * and lookup of the connection object fails, then check
4318 * if an eSCO connection object exists.
4319 *
4320 * The core limits the synchronous connections to either
4321 * SCO or eSCO. The eSCO connection is preferred and tried
4322 * to be setup first and until successfully established,
4323 * the link type will be hinted as eSCO.
4324 */
9dc0a3af
MH		 4325 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
4326 if (!conn)
4327 goto unlock;
9dc0a3af 4328 }
b6a0dc82 4329
732547f9
MH		 4330 switch (ev->status) {
4331 case 0x00:
b6a0dc82
MH		 4332 conn->handle = __le16_to_cpu(ev->handle);
4333 conn->state = BT_CONNECTED;
618353b1 4334 conn->type = ev->link_type;
7d0db0a3 4335
23b9ceb7 4336 hci_debugfs_create_conn(conn);
7d0db0a3 4337 hci_conn_add_sysfs(conn);
732547f9
MH		 4338 break;
4339
81218d20 4340 case 0x10: /* Connection Accept Timeout */
1a4c958c 4341 case 0x0d: /* Connection Rejected due to Limited Resources */
705e5711 4342 case 0x11: /* Unsupported Feature or Parameter Value */
732547f9 4343 case 0x1c: /* SCO interval rejected */
1038a00b 4344 case 0x1a: /* Unsupported Remote Feature */
56b5453a 4345 case 0x1e: /* Invalid LMP Parameters */
732547f9 4346 case 0x1f: /* Unspecified error */
27539bc4 4347 case 0x20: /* Unsupported LMP Parameter value */
2dea632f 4348 if (conn->out) {
732547f9
MH		 4349 conn->pkt_type = (hdev->esco_type & SCO_ESCO_MASK) |
4350 (hdev->esco_type & EDR_ESCO_MASK);
2dea632f
FD		 4351 if (hci_setup_sync(conn, conn->link->handle))
4352 goto unlock;
732547f9 4353 }
19186c7b 4354 fallthrough;
732547f9
MH		 4355
4356 default:
b6a0dc82 4357 conn->state = BT_CLOSED;
732547f9
MH		 4358 break;
4359 }
b6a0dc82 4360
1f8330ea
SN		 4361 bt_dev_dbg(hdev, "SCO connected with air mode: %02x", ev->air_mode);
4362
4363 switch (conn->setting & SCO_AIRMODE_MASK) {
4364 case SCO_AIRMODE_CVSD:
4365 if (hdev->notify)
4366 hdev->notify(hdev, HCI_NOTIFY_ENABLE_SCO_CVSD);
4367 break;
4368 case SCO_AIRMODE_TRANSP:
4369 if (hdev->notify)
4370 hdev->notify(hdev, HCI_NOTIFY_ENABLE_SCO_TRANSP);
4371 break;
4372 }
4373
539c496d 4374 hci_connect_cfm(conn, ev->status);
b6a0dc82
MH		 4375 if (ev->status)
4376 hci_conn_del(conn);
4377
4378unlock:
4379 hci_dev_unlock(hdev);
a9de9248
MH		 4380}
4381
efdcf8e3
MH		 4382static inline size_t eir_get_length(u8 *eir, size_t eir_len)
4383{
4384 size_t parsed = 0;
4385
4386 while (parsed < eir_len) {
4387 u8 field_len = eir[0];
4388
4389 if (field_len == 0)
4390 return parsed;
4391
4392 parsed += field_len + 1;
4393 eir += field_len + 1;
4394 }
4395
4396 return eir_len;
4397}
4398
6039aa73
GP		 4399static void hci_extended_inquiry_result_evt(struct hci_dev *hdev,
4400 struct sk_buff *skb)
1da177e4 4401{
a9de9248
MH		 4402 struct inquiry_data data;
4403 struct extended_inquiry_info *info = (void *) (skb->data + 1);
4404 int num_rsp = *((__u8 *) skb->data);
9d939d94 4405 size_t eir_len;
1da177e4 4406
a9de9248 4407 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
1da177e4 4408
51c19bf3 4409 if (!num_rsp || skb->len < num_rsp * sizeof(*info) + 1)
a9de9248 4410 return;
1da177e4 4411
d7a5a11d 4412 if (hci_dev_test_flag(hdev, HCI_PERIODIC_INQ))
1519cc17
AG		 4413 return;
4414
a9de9248
MH		 4415 hci_dev_lock(hdev);
4416
e17acd40 4417 for (; num_rsp; num_rsp--, info++) {
af58925c
MH		 4418 u32 flags;
4419 bool name_known;
561aafbc 4420
a9de9248 4421 bacpy(&data.bdaddr, &info->bdaddr);
138d22ef
SJ		 4422 data.pscan_rep_mode = info->pscan_rep_mode;
4423 data.pscan_period_mode = info->pscan_period_mode;
4424 data.pscan_mode = 0x00;
a9de9248 4425 memcpy(data.dev_class, info->dev_class, 3);
138d22ef
SJ		 4426 data.clock_offset = info->clock_offset;
4427 data.rssi = info->rssi;
41a96212 4428 data.ssp_mode = 0x01;
561aafbc 4429
d7a5a11d 4430 if (hci_dev_test_flag(hdev, HCI_MGMT))
0d3b7f64
JH		 4431 name_known = eir_get_data(info->data,
4432 sizeof(info->data),
4433 EIR_NAME_COMPLETE, NULL);
561aafbc
JH		 4434 else
4435 name_known = true;
4436
af58925c
MH		 4437 flags = hci_inquiry_cache_update(hdev, &data, name_known);
4438
9d939d94 4439 eir_len = eir_get_length(info->data, sizeof(info->data));
af58925c 4440
48264f06 4441 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
af58925c
MH		 4442 info->dev_class, info->rssi,
4443 flags, info->data, eir_len, NULL, 0);
a9de9248
MH		 4444 }
4445
4446 hci_dev_unlock(hdev);
4447}
1da177e4 4448
1c2e0041
JH		 4449static void hci_key_refresh_complete_evt(struct hci_dev *hdev,
4450 struct sk_buff *skb)
4451{
4452 struct hci_ev_key_refresh_complete *ev = (void *) skb->data;
4453 struct hci_conn *conn;
4454
9f1db00c 4455 BT_DBG("%s status 0x%2.2x handle 0x%4.4x", hdev->name, ev->status,
1c2e0041
JH		 4456 __le16_to_cpu(ev->handle));
4457
4458 hci_dev_lock(hdev);
4459
4460 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
4461 if (!conn)
4462 goto unlock;
4463
9eb1fbfa
JH		 4464 /* For BR/EDR the necessary steps are taken through the
4465 * auth_complete event.
4466 */
4467 if (conn->type != LE_LINK)
4468 goto unlock;
4469
1c2e0041
JH		 4470 if (!ev->status)
4471 conn->sec_level = conn->pending_sec_level;
4472
4473 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
4474
4475 if (ev->status && conn->state == BT_CONNECTED) {
bed71748 4476 hci_disconnect(conn, HCI_ERROR_AUTH_FAILURE);
76a68ba0 4477 hci_conn_drop(conn);
1c2e0041
JH		 4478 goto unlock;
4479 }
4480
4481 if (conn->state == BT_CONFIG) {
4482 if (!ev->status)
4483 conn->state = BT_CONNECTED;
4484
539c496d 4485 hci_connect_cfm(conn, ev->status);
76a68ba0 4486 hci_conn_drop(conn);
1c2e0041
JH		 4487 } else {
4488 hci_auth_cfm(conn, ev->status);
4489
4490 hci_conn_hold(conn);
4491 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
76a68ba0 4492 hci_conn_drop(conn);
1c2e0041
JH		 4493 }
4494
4495unlock:
4496 hci_dev_unlock(hdev);
4497}
4498
6039aa73 4499static u8 hci_get_auth_req(struct hci_conn *conn)
17fa4b9d 4500{
17fa4b9d 4501 /* If remote requests no-bonding follow that lead */
acabae96
MA		 4502 if (conn->remote_auth == HCI_AT_NO_BONDING ||
4503 conn->remote_auth == HCI_AT_NO_BONDING_MITM)
58797bf7 4504 return conn->remote_auth | (conn->auth_type & 0x01);
17fa4b9d 4505
b7f94c88
MA		 4506 /* If both remote and local have enough IO capabilities, require
4507 * MITM protection
4508 */
4509 if (conn->remote_cap != HCI_IO_NO_INPUT_OUTPUT &&
4510 conn->io_capability != HCI_IO_NO_INPUT_OUTPUT)
4511 return conn->remote_auth | 0x01;
4512
7e74170a
TM		 4513 /* No MITM protection possible so ignore remote requirement */
4514 return (conn->remote_auth & ~0x01) | (conn->auth_type & 0x01);
17fa4b9d
JH		 4515}
4516
a83ed81e
MH		 4517static u8 bredr_oob_data_present(struct hci_conn *conn)
4518{
4519 struct hci_dev *hdev = conn->hdev;
4520 struct oob_data *data;
4521
4522 data = hci_find_remote_oob_data(hdev, &conn->dst, BDADDR_BREDR);
4523 if (!data)
4524 return 0x00;
4525
455c2ff0
MH		 4526 if (bredr_sc_enabled(hdev)) {
4527 /* When Secure Connections is enabled, then just
4528 * return the present value stored with the OOB
4529 * data. The stored value contains the right present
4530 * information. However it can only be trusted when
4531 * not in Secure Connection Only mode.
4532 */
4533 if (!hci_dev_test_flag(hdev, HCI_SC_ONLY))
4534 return data->present;
659c7fb0 4535
455c2ff0
MH		 4536 /* When Secure Connections Only mode is enabled, then
4537 * the P-256 values are required. If they are not
4538 * available, then do not declare that OOB data is
4539 * present.
659c7fb0 4540 */
455c2ff0
MH		 4541 if (!memcmp(data->rand256, ZERO_KEY, 16) ||
4542 !memcmp(data->hash256, ZERO_KEY, 16))
659c7fb0
MH		 4543 return 0x00;
4544
455c2ff0 4545 return 0x02;
659c7fb0 4546 }
a83ed81e 4547
455c2ff0
MH		 4548 /* When Secure Connections is not enabled or actually
4549 * not supported by the hardware, then check that if
4550 * P-192 data values are present.
4551 */
4552 if (!memcmp(data->rand192, ZERO_KEY, 16) ||
4553 !memcmp(data->hash192, ZERO_KEY, 16))
4554 return 0x00;
4555
4556 return 0x01;
a83ed81e
MH		 4557}
4558
6039aa73 4559static void hci_io_capa_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
0493684e
MH		 4560{
4561 struct hci_ev_io_capa_request *ev = (void *) skb->data;
4562 struct hci_conn *conn;
4563
4564 BT_DBG("%s", hdev->name);
4565
4566 hci_dev_lock(hdev);
4567
4568 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
03b555e1
JH		 4569 if (!conn)
4570 goto unlock;
4571
4572 hci_conn_hold(conn);
4573
d7a5a11d 4574 if (!hci_dev_test_flag(hdev, HCI_MGMT))
03b555e1
JH		 4575 goto unlock;
4576
2f407f0a
JH		 4577 /* Allow pairing if we're pairable, the initiators of the
4578 * pairing or if the remote is not requesting bonding.
4579 */
d7a5a11d 4580 if (hci_dev_test_flag(hdev, HCI_BONDABLE) ||
2f407f0a 4581 test_bit(HCI_CONN_AUTH_INITIATOR, &conn->flags) ||
807deac2 4582 (conn->remote_auth & ~0x01) == HCI_AT_NO_BONDING) {
17fa4b9d
JH		 4583 struct hci_cp_io_capability_reply cp;
4584
4585 bacpy(&cp.bdaddr, &ev->bdaddr);
7a7f1e7c
HG		 4586 /* Change the IO capability from KeyboardDisplay
4587 * to DisplayYesNo as it is not supported by BT spec. */
4588 cp.capability = (conn->io_capability == 0x04) ?
a767631a 4589 HCI_IO_DISPLAY_YESNO : conn->io_capability;
b7f94c88
MA		 4590
4591 /* If we are initiators, there is no remote information yet */
4592 if (conn->remote_auth == 0xff) {
b16c6604 4593 /* Request MITM protection if our IO caps allow it
4ad51a75 4594 * except for the no-bonding case.
b16c6604 4595 */
6fd6b915 4596 if (conn->io_capability != HCI_IO_NO_INPUT_OUTPUT &&
9f743d74 4597 conn->auth_type != HCI_AT_NO_BONDING)
6c53823a 4598 conn->auth_type |= 0x01;
b7f94c88
MA		 4599 } else {
4600 conn->auth_type = hci_get_auth_req(conn);
b7f94c88 4601 }
17fa4b9d 4602
82c295b1
JH		 4603 /* If we're not bondable, force one of the non-bondable
4604 * authentication requirement values.
4605 */
d7a5a11d 4606 if (!hci_dev_test_flag(hdev, HCI_BONDABLE))
82c295b1
JH		 4607 conn->auth_type &= HCI_AT_NO_BONDING_MITM;
4608
4609 cp.authentication = conn->auth_type;
a83ed81e 4610 cp.oob_data = bredr_oob_data_present(conn);
ce85ee13 4611
17fa4b9d 4612 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_REPLY,
807deac2 4613 sizeof(cp), &cp);
03b555e1
JH		 4614 } else {
4615 struct hci_cp_io_capability_neg_reply cp;
4616
4617 bacpy(&cp.bdaddr, &ev->bdaddr);
9f5a0d7b 4618 cp.reason = HCI_ERROR_PAIRING_NOT_ALLOWED;
0493684e 4619
03b555e1 4620 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_NEG_REPLY,
807deac2 4621 sizeof(cp), &cp);
03b555e1
JH		 4622 }
4623
4624unlock:
4625 hci_dev_unlock(hdev);
4626}
4627
6039aa73 4628static void hci_io_capa_reply_evt(struct hci_dev *hdev, struct sk_buff *skb)
03b555e1
JH		 4629{
4630 struct hci_ev_io_capa_reply *ev = (void *) skb->data;
4631 struct hci_conn *conn;
4632
4633 BT_DBG("%s", hdev->name);
4634
4635 hci_dev_lock(hdev);
4636
4637 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
4638 if (!conn)
4639 goto unlock;
4640
03b555e1 4641 conn->remote_cap = ev->capability;
03b555e1
JH		 4642 conn->remote_auth = ev->authentication;
4643
4644unlock:
0493684e
MH		 4645 hci_dev_unlock(hdev);
4646}
4647
6039aa73
GP		 4648static void hci_user_confirm_request_evt(struct hci_dev *hdev,
4649 struct sk_buff *skb)
a5c29683
JH		 4650{
4651 struct hci_ev_user_confirm_req *ev = (void *) skb->data;
55bc1a37 4652 int loc_mitm, rem_mitm, confirm_hint = 0;
7a828908 4653 struct hci_conn *conn;
a5c29683
JH		 4654
4655 BT_DBG("%s", hdev->name);
4656
4657 hci_dev_lock(hdev);
4658
d7a5a11d 4659 if (!hci_dev_test_flag(hdev, HCI_MGMT))
7a828908 4660 goto unlock;
a5c29683 4661
7a828908
JH		 4662 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
4663 if (!conn)
4664 goto unlock;
4665
4666 loc_mitm = (conn->auth_type & 0x01);
4667 rem_mitm = (conn->remote_auth & 0x01);
4668
4669 /* If we require MITM but the remote device can't provide that
6c53823a
JH		 4670 * (it has NoInputNoOutput) then reject the confirmation
4671 * request. We check the security level here since it doesn't
4672 * necessarily match conn->auth_type.
6fd6b915 4673 */
6c53823a
JH		 4674 if (conn->pending_sec_level > BT_SECURITY_MEDIUM &&
4675 conn->remote_cap == HCI_IO_NO_INPUT_OUTPUT) {
7a828908
JH		 4676 BT_DBG("Rejecting request: remote device can't provide MITM");
4677 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_NEG_REPLY,
807deac2 4678 sizeof(ev->bdaddr), &ev->bdaddr);
7a828908
JH		 4679 goto unlock;
4680 }
4681
4682 /* If no side requires MITM protection; auto-accept */
a767631a
MA		 4683 if ((!loc_mitm || conn->remote_cap == HCI_IO_NO_INPUT_OUTPUT) &&
4684 (!rem_mitm || conn->io_capability == HCI_IO_NO_INPUT_OUTPUT)) {
55bc1a37
JH		 4685
4686 /* If we're not the initiators request authorization to
4687 * proceed from user space (mgmt_user_confirm with
ba15a58b 4688 * confirm_hint set to 1). The exception is if neither
02f3e254
JH		 4689 * side had MITM or if the local IO capability is
4690 * NoInputNoOutput, in which case we do auto-accept
ba15a58b
JH		 4691 */
4692 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->flags) &&
02f3e254 4693 conn->io_capability != HCI_IO_NO_INPUT_OUTPUT &&
ba15a58b 4694 (loc_mitm || rem_mitm)) {
55bc1a37
JH		 4695 BT_DBG("Confirming auto-accept as acceptor");
4696 confirm_hint = 1;
4697 goto confirm;
4698 }
4699
cee5f20f
HC		 4700 /* If there already exists link key in local host, leave the
4701 * decision to user space since the remote device could be
4702 * legitimate or malicious.
4703 */
4704 if (hci_find_link_key(hdev, &ev->bdaddr)) {
4705 bt_dev_dbg(hdev, "Local host already has link key");
4706 confirm_hint = 1;
4707 goto confirm;
4708 }
4709
9f61656a 4710 BT_DBG("Auto-accept of user confirmation with %ums delay",
807deac2 4711 hdev->auto_accept_delay);
9f61656a
JH		 4712
4713 if (hdev->auto_accept_delay > 0) {
4714 int delay = msecs_to_jiffies(hdev->auto_accept_delay);
7bc18d9d
JH		 4715 queue_delayed_work(conn->hdev->workqueue,
4716 &conn->auto_accept_work, delay);
9f61656a
JH		 4717 goto unlock;
4718 }
4719
7a828908 4720 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_REPLY,
807deac2 4721 sizeof(ev->bdaddr), &ev->bdaddr);
7a828908
JH		 4722 goto unlock;
4723 }
4724
55bc1a37 4725confirm:
39adbffe
JH		 4726 mgmt_user_confirm_request(hdev, &ev->bdaddr, ACL_LINK, 0,
4727 le32_to_cpu(ev->passkey), confirm_hint);
7a828908
JH		 4728
4729unlock:
a5c29683
JH		 4730 hci_dev_unlock(hdev);
4731}
4732
6039aa73
GP		 4733static void hci_user_passkey_request_evt(struct hci_dev *hdev,
4734 struct sk_buff *skb)
1143d458
BG		 4735{
4736 struct hci_ev_user_passkey_req *ev = (void *) skb->data;
4737
4738 BT_DBG("%s", hdev->name);
4739
d7a5a11d 4740 if (hci_dev_test_flag(hdev, HCI_MGMT))
272d90df 4741 mgmt_user_passkey_request(hdev, &ev->bdaddr, ACL_LINK, 0);
1143d458
BG		 4742}
4743
92a25256
JH		 4744static void hci_user_passkey_notify_evt(struct hci_dev *hdev,
4745 struct sk_buff *skb)
4746{
4747 struct hci_ev_user_passkey_notify *ev = (void *) skb->data;
4748 struct hci_conn *conn;
4749
4750 BT_DBG("%s", hdev->name);
4751
4752 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
4753 if (!conn)
4754 return;
4755
4756 conn->passkey_notify = __le32_to_cpu(ev->passkey);
4757 conn->passkey_entered = 0;
4758
d7a5a11d 4759 if (hci_dev_test_flag(hdev, HCI_MGMT))
92a25256
JH		 4760 mgmt_user_passkey_notify(hdev, &conn->dst, conn->type,
4761 conn->dst_type, conn->passkey_notify,
4762 conn->passkey_entered);
4763}
4764
4765static void hci_keypress_notify_evt(struct hci_dev *hdev, struct sk_buff *skb)
4766{
4767 struct hci_ev_keypress_notify *ev = (void *) skb->data;
4768 struct hci_conn *conn;
4769
4770 BT_DBG("%s", hdev->name);
4771
4772 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
4773 if (!conn)
4774 return;
4775
4776 switch (ev->type) {
4777 case HCI_KEYPRESS_STARTED:
4778 conn->passkey_entered = 0;
4779 return;
4780
4781 case HCI_KEYPRESS_ENTERED:
4782 conn->passkey_entered++;
4783 break;
4784
4785 case HCI_KEYPRESS_ERASED:
4786 conn->passkey_entered--;
4787 break;
4788
4789 case HCI_KEYPRESS_CLEARED:
4790 conn->passkey_entered = 0;
4791 break;
4792
4793 case HCI_KEYPRESS_COMPLETED:
4794 return;
4795 }
4796
d7a5a11d 4797 if (hci_dev_test_flag(hdev, HCI_MGMT))
92a25256
JH		 4798 mgmt_user_passkey_notify(hdev, &conn->dst, conn->type,
4799 conn->dst_type, conn->passkey_notify,
4800 conn->passkey_entered);
4801}
4802
6039aa73
GP		 4803static void hci_simple_pair_complete_evt(struct hci_dev *hdev,
4804 struct sk_buff *skb)
0493684e
MH		 4805{
4806 struct hci_ev_simple_pair_complete *ev = (void *) skb->data;
4807 struct hci_conn *conn;
4808
4809 BT_DBG("%s", hdev->name);
4810
4811 hci_dev_lock(hdev);
4812
4813 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2a611692
JH		 4814 if (!conn)
4815 goto unlock;
4816
c1d4fa7a
JH		 4817 /* Reset the authentication requirement to unknown */
4818 conn->remote_auth = 0xff;
4819
2a611692
JH		 4820 /* To avoid duplicate auth_failed events to user space we check
4821 * the HCI_CONN_AUTH_PEND flag which will be set if we
4822 * initiated the authentication. A traditional auth_complete
4823 * event gets always produced as initiator and is also mapped to
4824 * the mgmt_auth_failed event */
fa1bd918 4825 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->flags) && ev->status)
e1e930f5 4826 mgmt_auth_failed(conn, ev->status);
0493684e 4827
76a68ba0 4828 hci_conn_drop(conn);
2a611692
JH		 4829
4830unlock:
0493684e
MH		 4831 hci_dev_unlock(hdev);
4832}
4833
6039aa73
GP		 4834static void hci_remote_host_features_evt(struct hci_dev *hdev,
4835 struct sk_buff *skb)
41a96212
MH		 4836{
4837 struct hci_ev_remote_host_features *ev = (void *) skb->data;
4838 struct inquiry_entry *ie;
cad718ed 4839 struct hci_conn *conn;
41a96212
MH		 4840
4841 BT_DBG("%s", hdev->name);
4842
4843 hci_dev_lock(hdev);
4844
cad718ed
JH		 4845 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
4846 if (conn)
4847 memcpy(conn->features[1], ev->features, 8);
4848
cc11b9c1
AE		 4849 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
4850 if (ie)
02b7cc62 4851 ie->data.ssp_mode = (ev->features[0] & LMP_HOST_SSP);
41a96212
MH		 4852
4853 hci_dev_unlock(hdev);
4854}
4855
6039aa73
GP		 4856static void hci_remote_oob_data_request_evt(struct hci_dev *hdev,
4857 struct sk_buff *skb)
2763eda6
SJ		 4858{
4859 struct hci_ev_remote_oob_data_request *ev = (void *) skb->data;
4860 struct oob_data *data;
4861
4862 BT_DBG("%s", hdev->name);
4863
4864 hci_dev_lock(hdev);
4865
d7a5a11d 4866 if (!hci_dev_test_flag(hdev, HCI_MGMT))
e1ba1f15
SJ		 4867 goto unlock;
4868
6928a924 4869 data = hci_find_remote_oob_data(hdev, &ev->bdaddr, BDADDR_BREDR);
6665d057
MH		 4870 if (!data) {
4871 struct hci_cp_remote_oob_data_neg_reply cp;
519ca9d0 4872
6665d057
MH		 4873 bacpy(&cp.bdaddr, &ev->bdaddr);
4874 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_NEG_REPLY,
4875 sizeof(cp), &cp);
4876 goto unlock;
4877 }
2763eda6 4878
6665d057
MH		 4879 if (bredr_sc_enabled(hdev)) {
4880 struct hci_cp_remote_oob_ext_data_reply cp;
519ca9d0 4881
6665d057 4882 bacpy(&cp.bdaddr, &ev->bdaddr);
d7a5a11d 4883 if (hci_dev_test_flag(hdev, HCI_SC_ONLY)) {
6665d057
MH		 4884 memset(cp.hash192, 0, sizeof(cp.hash192));
4885 memset(cp.rand192, 0, sizeof(cp.rand192));
4886 } else {
4887 memcpy(cp.hash192, data->hash192, sizeof(cp.hash192));
4888 memcpy(cp.rand192, data->rand192, sizeof(cp.rand192));
519ca9d0 4889 }
6665d057
MH		 4890 memcpy(cp.hash256, data->hash256, sizeof(cp.hash256));
4891 memcpy(cp.rand256, data->rand256, sizeof(cp.rand256));
4892
4893 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_EXT_DATA_REPLY,
4894 sizeof(cp), &cp);
2763eda6 4895 } else {
6665d057 4896 struct hci_cp_remote_oob_data_reply cp;
2763eda6
SJ		 4897
4898 bacpy(&cp.bdaddr, &ev->bdaddr);
6665d057
MH		 4899 memcpy(cp.hash, data->hash192, sizeof(cp.hash));
4900 memcpy(cp.rand, data->rand192, sizeof(cp.rand));
4901
4902 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_REPLY,
519ca9d0 4903 sizeof(cp), &cp);
2763eda6
SJ		 4904 }
4905
e1ba1f15 4906unlock:
2763eda6
SJ		 4907 hci_dev_unlock(hdev);
4908}
4909
a77a6a14
AW		 4910#if IS_ENABLED(CONFIG_BT_HS)
4911static void hci_chan_selected_evt(struct hci_dev *hdev, struct sk_buff *skb)
4912{
4913 struct hci_ev_channel_selected *ev = (void *)skb->data;
4914 struct hci_conn *hcon;
4915
4916 BT_DBG("%s handle 0x%2.2x", hdev->name, ev->phy_handle);
4917
4918 skb_pull(skb, sizeof(*ev));
4919
4920 hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
4921 if (!hcon)
4922 return;
4923
4924 amp_read_loc_assoc_final_data(hdev, hcon);
4925}
4926
d5e91192
AE		 4927static void hci_phy_link_complete_evt(struct hci_dev *hdev,
4928 struct sk_buff *skb)
4929{
4930 struct hci_ev_phy_link_complete *ev = (void *) skb->data;
4931 struct hci_conn *hcon, *bredr_hcon;
4932
4933 BT_DBG("%s handle 0x%2.2x status 0x%2.2x", hdev->name, ev->phy_handle,
4934 ev->status);
4935
4936 hci_dev_lock(hdev);
4937
4938 hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
4939 if (!hcon) {
4940 hci_dev_unlock(hdev);
4941 return;
4942 }
4943
6dfccd13
AK		 4944 if (!hcon->amp_mgr) {
4945 hci_dev_unlock(hdev);
4946 return;
4947 }
4948
d5e91192
AE		 4949 if (ev->status) {
4950 hci_conn_del(hcon);
4951 hci_dev_unlock(hdev);
4952 return;
4953 }
4954
4955 bredr_hcon = hcon->amp_mgr->l2cap_conn->hcon;
4956
4957 hcon->state = BT_CONNECTED;
4958 bacpy(&hcon->dst, &bredr_hcon->dst);
4959
4960 hci_conn_hold(hcon);
4961 hcon->disc_timeout = HCI_DISCONN_TIMEOUT;
76a68ba0 4962 hci_conn_drop(hcon);
d5e91192 4963
23b9ceb7 4964 hci_debugfs_create_conn(hcon);
d5e91192
AE		 4965 hci_conn_add_sysfs(hcon);
4966
cf70ff22 4967 amp_physical_cfm(bredr_hcon, hcon);
d5e91192 4968
cf70ff22 4969 hci_dev_unlock(hdev);
d5e91192
AE		 4970}
4971
27695fb4
AE		 4972static void hci_loglink_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
4973{
4974 struct hci_ev_logical_link_complete *ev = (void *) skb->data;
4975 struct hci_conn *hcon;
4976 struct hci_chan *hchan;
4977 struct amp_mgr *mgr;
4978
4979 BT_DBG("%s log_handle 0x%4.4x phy_handle 0x%2.2x status 0x%2.2x",
4980 hdev->name, le16_to_cpu(ev->handle), ev->phy_handle,
4981 ev->status);
4982
4983 hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
4984 if (!hcon)
4985 return;
4986
4987 /* Create AMP hchan */
4988 hchan = hci_chan_create(hcon);
4989 if (!hchan)
4990 return;
4991
4992 hchan->handle = le16_to_cpu(ev->handle);
4993
4994 BT_DBG("hcon %p mgr %p hchan %p", hcon, hcon->amp_mgr, hchan);
4995
4996 mgr = hcon->amp_mgr;
4997 if (mgr && mgr->bredr_chan) {
4998 struct l2cap_chan *bredr_chan = mgr->bredr_chan;
4999
5000 l2cap_chan_lock(bredr_chan);
5001
5002 bredr_chan->conn->mtu = hdev->block_mtu;
5003 l2cap_logical_cfm(bredr_chan, hchan, 0);
5004 hci_conn_hold(hcon);
5005
5006 l2cap_chan_unlock(bredr_chan);
5007 }
5008}
5009
606e2a10
AE		 5010static void hci_disconn_loglink_complete_evt(struct hci_dev *hdev,
5011 struct sk_buff *skb)
5012{
5013 struct hci_ev_disconn_logical_link_complete *ev = (void *) skb->data;
5014 struct hci_chan *hchan;
5015
5016 BT_DBG("%s log handle 0x%4.4x status 0x%2.2x", hdev->name,
5017 le16_to_cpu(ev->handle), ev->status);
5018
5019 if (ev->status)
5020 return;
5021
5022 hci_dev_lock(hdev);
5023
5024 hchan = hci_chan_lookup_handle(hdev, le16_to_cpu(ev->handle));
5025 if (!hchan)
5026 goto unlock;
5027
5028 amp_destroy_logical_link(hchan, ev->reason);
5029
5030unlock:
5031 hci_dev_unlock(hdev);
5032}
5033
9eef6b3a
AE		 5034static void hci_disconn_phylink_complete_evt(struct hci_dev *hdev,
5035 struct sk_buff *skb)
5036{
5037 struct hci_ev_disconn_phy_link_complete *ev = (void *) skb->data;
5038 struct hci_conn *hcon;
5039
5040 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
5041
5042 if (ev->status)
5043 return;
5044
5045 hci_dev_lock(hdev);
5046
5047 hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
5048 if (hcon) {
5049 hcon->state = BT_CLOSED;
5050 hci_conn_del(hcon);
5051 }
5052
5053 hci_dev_unlock(hdev);
5054}
a77a6a14 5055#endif
9eef6b3a 5056
d12fb056
JK		 5057static void le_conn_complete_evt(struct hci_dev *hdev, u8 status,
5058 bdaddr_t *bdaddr, u8 bdaddr_type, u8 role, u16 handle,
5059 u16 interval, u16 latency, u16 supervision_timeout)
fcd89c09 5060{
912b42ef 5061 struct hci_conn_params *params;
fcd89c09 5062 struct hci_conn *conn;
68d6f6de 5063 struct smp_irk *irk;
837d502e 5064 u8 addr_type;
fcd89c09 5065
fcd89c09
VT		 5066 hci_dev_lock(hdev);
5067
fbd96c15
JH		 5068 /* All controllers implicitly stop advertising in the event of a
5069 * connection, so ensure that the state bit is cleared.
5070 */
a358dc11 5071 hci_dev_clear_flag(hdev, HCI_LE_ADV);
fbd96c15 5072
e7d9ab73 5073 conn = hci_lookup_le_connect(hdev);
b62f328b 5074 if (!conn) {
d12fb056 5075 conn = hci_conn_add(hdev, LE_LINK, bdaddr, role);
b62f328b 5076 if (!conn) {
2064ee33 5077 bt_dev_err(hdev, "no memory for new connection");
230fd16a 5078 goto unlock;
b62f328b 5079 }
29b7988a 5080
d12fb056 5081 conn->dst_type = bdaddr_type;
b9b343d2 5082
cb1d68f7
JH		 5083 /* If we didn't have a hci_conn object previously
5084 * but we're in master role this must be something
5085 * initiated using a white list. Since white list based
5086 * connections are not "first class citizens" we don't
5087 * have full tracking of them. Therefore, we go ahead
5088 * with a "best effort" approach of determining the
5089 * initiator address based on the HCI_PRIVACY flag.
5090 */
5091 if (conn->out) {
d12fb056
JK		 5092 conn->resp_addr_type = bdaddr_type;
5093 bacpy(&conn->resp_addr, bdaddr);
d7a5a11d 5094 if (hci_dev_test_flag(hdev, HCI_PRIVACY)) {
cb1d68f7
JH		 5095 conn->init_addr_type = ADDR_LE_DEV_RANDOM;
5096 bacpy(&conn->init_addr, &hdev->rpa);
5097 } else {
5098 hci_copy_identity_address(hdev,
5099 &conn->init_addr,
5100 &conn->init_addr_type);
5101 }
cb1d68f7 5102 }
9489eca4
JH		 5103 } else {
5104 cancel_delayed_work(&conn->le_conn_timeout);
b62f328b 5105 }
fcd89c09 5106
80c24ab8
JH		 5107 if (!conn->out) {
5108 /* Set the responder (our side) address type based on
5109 * the advertising address type.
5110 */
5111 conn->resp_addr_type = hdev->adv_addr_type;
acf0aeae
JK		 5112 if (hdev->adv_addr_type == ADDR_LE_DEV_RANDOM) {
5113 /* In case of ext adv, resp_addr will be updated in
5114 * Adv Terminated event.
5115 */
5116 if (!ext_adv_capable(hdev))
5117 bacpy(&conn->resp_addr, &hdev->random_addr);
5118 } else {
80c24ab8 5119 bacpy(&conn->resp_addr, &hdev->bdaddr);
acf0aeae 5120 }
80c24ab8 5121
d12fb056
JK		 5122 conn->init_addr_type = bdaddr_type;
5123 bacpy(&conn->init_addr, bdaddr);
a720d735
MH		 5124
5125 /* For incoming connections, set the default minimum
5126 * and maximum connection interval. They will be used
5127 * to check if the parameters are in range and if not
5128 * trigger the connection update procedure.
5129 */
5130 conn->le_conn_min_interval = hdev->le_conn_min_interval;
5131 conn->le_conn_max_interval = hdev->le_conn_max_interval;
80c24ab8 5132 }
7be2edbb 5133
edb4b466
MH		 5134 /* Lookup the identity address from the stored connection
5135 * address and address type.
5136 *
5137 * When establishing connections to an identity address, the
5138 * connection procedure will store the resolvable random
5139 * address first. Now if it can be converted back into the
5140 * identity address, start using the identity address from
5141 * now on.
5142 */
5143 irk = hci_get_irk(hdev, &conn->dst, conn->dst_type);
68d6f6de
JH		 5144 if (irk) {
5145 bacpy(&conn->dst, &irk->bdaddr);
5146 conn->dst_type = irk->addr_type;
5147 }
5148
d12fb056
JK		 5149 if (status) {
5150 hci_le_conn_failed(conn, status);
837d502e
JH		 5151 goto unlock;
5152 }
5153
08853f18
JH		 5154 if (conn->dst_type == ADDR_LE_DEV_PUBLIC)
5155 addr_type = BDADDR_LE_PUBLIC;
5156 else
5157 addr_type = BDADDR_LE_RANDOM;
5158
2d3c2260
JH		 5159 /* Drop the connection if the device is blocked */
5160 if (hci_bdaddr_list_lookup(&hdev->blacklist, &conn->dst, addr_type)) {
5161 hci_conn_drop(conn);
cd17decb
AG		 5162 goto unlock;
5163 }
5164
b644ba33 5165 if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
48ec92fa 5166 mgmt_device_connected(hdev, conn, 0, NULL, 0);
83bc71b4 5167
7b5c0d52 5168 conn->sec_level = BT_SECURITY_LOW;
d12fb056 5169 conn->handle = handle;
0fe29fd1 5170 conn->state = BT_CONFIG;
fcd89c09 5171
d12fb056
JK		 5172 conn->le_conn_interval = interval;
5173 conn->le_conn_latency = latency;
5174 conn->le_supv_timeout = supervision_timeout;
e04fde60 5175
23b9ceb7 5176 hci_debugfs_create_conn(conn);
fcd89c09
VT		 5177 hci_conn_add_sysfs(conn);
5178
d17010bf
CIK		 5179 /* The remote features procedure is defined for master
5180 * role only. So only in case of an initiated connection
5181 * request the remote features.
5182 *
5183 * If the local controller supports slave-initiated features
5184 * exchange, then requesting the remote features in slave
5185 * role is possible. Otherwise just transition into the
5186 * connected state without requesting the remote features.
5187 */
5188 if (conn->out ||
5189 (hdev->le_features[0] & HCI_LE_SLAVE_FEATURES)) {
5190 struct hci_cp_le_read_remote_features cp;
0fe29fd1 5191
d17010bf 5192 cp.handle = __cpu_to_le16(conn->handle);
0fe29fd1 5193
d17010bf
CIK		 5194 hci_send_cmd(hdev, HCI_OP_LE_READ_REMOTE_FEATURES,
5195 sizeof(cp), &cp);
0fe29fd1 5196
d17010bf 5197 hci_conn_hold(conn);
0fe29fd1 5198 } else {
d17010bf 5199 conn->state = BT_CONNECTED;
d12fb056 5200 hci_connect_cfm(conn, status);
0fe29fd1 5201 }
fcd89c09 5202
5477610f
JH		 5203 params = hci_pend_le_action_lookup(&hdev->pend_le_conns, &conn->dst,
5204 conn->dst_type);
f161dd41 5205 if (params) {
95305baa 5206 list_del_init(&params->action);
f161dd41
JH		 5207 if (params->conn) {
5208 hci_conn_drop(params->conn);
f8aaf9b6 5209 hci_conn_put(params->conn);
f161dd41
JH		 5210 params->conn = NULL;
5211 }
5212 }
a4790dbd 5213
fcd89c09 5214unlock:
223683a5 5215 hci_update_background_scan(hdev);
fcd89c09
VT		 5216 hci_dev_unlock(hdev);
5217}
5218
d12fb056
JK		 5219static void hci_le_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
5220{
5221 struct hci_ev_le_conn_complete *ev = (void *) skb->data;
5222
5223 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
5224
5225 le_conn_complete_evt(hdev, ev->status, &ev->bdaddr, ev->bdaddr_type,
5226 ev->role, le16_to_cpu(ev->handle),
5227 le16_to_cpu(ev->interval),
5228 le16_to_cpu(ev->latency),
5229 le16_to_cpu(ev->supervision_timeout));
5230}
5231
4d94f95d
JK		 5232static void hci_le_enh_conn_complete_evt(struct hci_dev *hdev,
5233 struct sk_buff *skb)
5234{
5235 struct hci_ev_le_enh_conn_complete *ev = (void *) skb->data;
5236
5237 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
5238
5239 le_conn_complete_evt(hdev, ev->status, &ev->bdaddr, ev->bdaddr_type,
5240 ev->role, le16_to_cpu(ev->handle),
5241 le16_to_cpu(ev->interval),
5242 le16_to_cpu(ev->latency),
5243 le16_to_cpu(ev->supervision_timeout));
5c49bcce
SN		 5244
5245 if (use_ll_privacy(hdev) &&
cbbdfa6f 5246 hci_dev_test_flag(hdev, HCI_ENABLE_LL_PRIVACY) &&
5c49bcce
SN		 5247 hci_dev_test_flag(hdev, HCI_LL_RPA_RESOLUTION))
5248 hci_req_disable_address_resolution(hdev);
4d94f95d
JK		 5249}
5250
acf0aeae
JK		 5251static void hci_le_ext_adv_term_evt(struct hci_dev *hdev, struct sk_buff *skb)
5252{
5253 struct hci_evt_le_ext_adv_set_term *ev = (void *) skb->data;
5254 struct hci_conn *conn;
5255
5256 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
5257
5258 if (ev->status)
5259 return;
5260
5261 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->conn_handle));
5262 if (conn) {
5263 struct adv_info *adv_instance;
5264
5265 if (hdev->adv_addr_type != ADDR_LE_DEV_RANDOM)
5266 return;
5267
5268 if (!hdev->cur_adv_instance) {
5269 bacpy(&conn->resp_addr, &hdev->random_addr);
5270 return;
5271 }
5272
5273 adv_instance = hci_find_adv_instance(hdev, hdev->cur_adv_instance);
5274 if (adv_instance)
5275 bacpy(&conn->resp_addr, &adv_instance->random_addr);
5276 }
5277}
5278
1855d92d
MH		 5279static void hci_le_conn_update_complete_evt(struct hci_dev *hdev,
5280 struct sk_buff *skb)
5281{
5282 struct hci_ev_le_conn_update_complete *ev = (void *) skb->data;
5283 struct hci_conn *conn;
5284
5285 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
5286
5287 if (ev->status)
5288 return;
5289
5290 hci_dev_lock(hdev);
5291
5292 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
5293 if (conn) {
5294 conn->le_conn_interval = le16_to_cpu(ev->interval);
5295 conn->le_conn_latency = le16_to_cpu(ev->latency);
5296 conn->le_supv_timeout = le16_to_cpu(ev->supervision_timeout);
5297 }
5298
5299 hci_dev_unlock(hdev);
5300}
5301
a4790dbd 5302/* This function requires the caller holds hdev->lock */
fd45ada9
AA		 5303static struct hci_conn *check_pending_le_conn(struct hci_dev *hdev,
5304 bdaddr_t *addr,
082f2300
SJ		 5305 u8 addr_type, u8 adv_type,
5306 bdaddr_t *direct_rpa)
a4790dbd
AG		 5307{
5308 struct hci_conn *conn;
4b9e7e75 5309 struct hci_conn_params *params;
a4790dbd 5310
1c1abcab
JH		 5311 /* If the event is not connectable don't proceed further */
5312 if (adv_type != LE_ADV_IND && adv_type != LE_ADV_DIRECT_IND)
fd45ada9 5313 return NULL;
1c1abcab
JH		 5314
5315 /* Ignore if the device is blocked */
dcc36c16 5316 if (hci_bdaddr_list_lookup(&hdev->blacklist, addr, addr_type))
fd45ada9 5317 return NULL;
1c1abcab 5318
f99353cf
JH		 5319 /* Most controller will fail if we try to create new connections
5320 * while we have an existing one in slave role.
5321 */
4364f2e9
AM		 5322 if (hdev->conn_hash.le_num_slave > 0 &&
5323 (!test_bit(HCI_QUIRK_VALID_LE_STATES, &hdev->quirks) ||
5324 !(hdev->le_states[3] & 0x10)))
fd45ada9 5325 return NULL;
f99353cf 5326
1c1abcab
JH		 5327 /* If we're not connectable only connect devices that we have in
5328 * our pend_le_conns list.
5329 */
49c50922
JH		 5330 params = hci_pend_le_action_lookup(&hdev->pend_le_conns, addr,
5331 addr_type);
4b9e7e75 5332 if (!params)
fd45ada9 5333 return NULL;
4b9e7e75 5334
28a667c9
JP		 5335 if (!params->explicit_connect) {
5336 switch (params->auto_connect) {
5337 case HCI_AUTO_CONN_DIRECT:
5338 /* Only devices advertising with ADV_DIRECT_IND are
5339 * triggering a connection attempt. This is allowing
5340 * incoming connections from slave devices.
5341 */
5342 if (adv_type != LE_ADV_DIRECT_IND)
5343 return NULL;
5344 break;
5345 case HCI_AUTO_CONN_ALWAYS:
5346 /* Devices advertising with ADV_IND or ADV_DIRECT_IND
5347 * are triggering a connection attempt. This means
1e5479be 5348 * that incoming connections from slave device are
28a667c9
JP		 5349 * accepted and also outgoing connections to slave
5350 * devices are established when found.
5351 */
5352 break;
5353 default:
fd45ada9 5354 return NULL;
28a667c9 5355 }
4b9e7e75 5356 }
a4790dbd
AG		 5357
5358 conn = hci_connect_le(hdev, addr, addr_type, BT_SECURITY_LOW,
49b020c1 5359 hdev->def_le_autoconnect_timeout, HCI_ROLE_MASTER,
082f2300 5360 direct_rpa);
f161dd41 5361 if (!IS_ERR(conn)) {
28a667c9
JP		 5362 /* If HCI_AUTO_CONN_EXPLICIT is set, conn is already owned
5363 * by higher layer that tried to connect, if no then
5364 * store the pointer since we don't really have any
f161dd41
JH		 5365 * other owner of the object besides the params that
5366 * triggered it. This way we can abort the connection if
5367 * the parameters get removed and keep the reference
5368 * count consistent once the connection is established.
5369 */
28a667c9
JP		 5370
5371 if (!params->explicit_connect)
5372 params->conn = hci_conn_get(conn);
5373
fd45ada9 5374 return conn;
f161dd41 5375 }
a4790dbd
AG		 5376
5377 switch (PTR_ERR(conn)) {
5378 case -EBUSY:
5379 /* If hci_connect() returns -EBUSY it means there is already
5380 * an LE connection attempt going on. Since controllers don't
5381 * support more than one connection attempt at the time, we
5382 * don't consider this an error case.
5383 */
5384 break;
5385 default:
5386 BT_DBG("Failed to connect: err %ld", PTR_ERR(conn));
fd45ada9 5387 return NULL;
a4790dbd 5388 }
fd45ada9
AA		 5389
5390 return NULL;
a4790dbd
AG		 5391}
5392
4af605d8 5393static void process_adv_report(struct hci_dev *hdev, u8 type, bdaddr_t *bdaddr,
2f010b55 5394 u8 bdaddr_type, bdaddr_t *direct_addr,
a2ec905d
AM		 5395 u8 direct_addr_type, s8 rssi, u8 *data, u8 len,
5396 bool ext_adv)
4af605d8 5397{
b9a6328f 5398 struct discovery_state *d = &hdev->discovery;
1c1abcab 5399 struct smp_irk *irk;
fd45ada9 5400 struct hci_conn *conn;
474ee066 5401 bool match;
c70a7e4c 5402 u32 flags;
6818375e
SJ		 5403 u8 *ptr, real_len;
5404
56b40fbf
JH		 5405 switch (type) {
5406 case LE_ADV_IND:
5407 case LE_ADV_DIRECT_IND:
5408 case LE_ADV_SCAN_IND:
5409 case LE_ADV_NONCONN_IND:
5410 case LE_ADV_SCAN_RSP:
5411 break;
5412 default:
2064ee33
MH		 5413 bt_dev_err_ratelimited(hdev, "unknown advertising packet "
5414 "type: 0x%02x", type);
56b40fbf
JH		 5415 return;
5416 }
5417
a2ec905d
AM		 5418 if (!ext_adv && len > HCI_MAX_AD_LENGTH) {
5419 bt_dev_err_ratelimited(hdev, "legacy adv larger than 31 bytes");
5420 return;
5421 }
5422
6818375e
SJ		 5423 /* Find the end of the data in case the report contains padded zero
5424 * bytes at the end causing an invalid length value.
5425 *
5426 * When data is NULL, len is 0 so there is no need for extra ptr
5427 * check as 'ptr < data + 0' is already false in such case.
5428 */
5429 for (ptr = data; ptr < data + len && *ptr; ptr += *ptr + 1) {
5430 if (ptr + 1 + *ptr > data + len)
5431 break;
5432 }
5433
5434 real_len = ptr - data;
5435
5436 /* Adjust for actual length */
5437 if (len != real_len) {
943d5d92
DU		 5438 bt_dev_err_ratelimited(hdev, "advertising data len corrected %u -> %u",
5439 len, real_len);
6818375e
SJ		 5440 len = real_len;
5441 }
b9a6328f 5442
2f010b55
MH		 5443 /* If the direct address is present, then this report is from
5444 * a LE Direct Advertising Report event. In that case it is
5445 * important to see if the address is matching the local
5446 * controller address.
5447 */
5448 if (direct_addr) {
5449 /* Only resolvable random addresses are valid for these
5450 * kind of reports and others can be ignored.
5451 */
5452 if (!hci_bdaddr_is_rpa(direct_addr, direct_addr_type))
5453 return;
5454
5455 /* If the controller is not using resolvable random
5456 * addresses, then this report can be ignored.
5457 */
d7a5a11d 5458 if (!hci_dev_test_flag(hdev, HCI_PRIVACY))
2f010b55
MH		 5459 return;
5460
5461 /* If the local IRK of the controller does not match
5462 * with the resolvable random address provided, then
5463 * this report can be ignored.
5464 */
5465 if (!smp_irk_matches(hdev, hdev->irk, direct_addr))
5466 return;
5467 }
5468
1c1abcab
JH		 5469 /* Check if we need to convert to identity address */
5470 irk = hci_get_irk(hdev, bdaddr, bdaddr_type);
5471 if (irk) {
5472 bdaddr = &irk->bdaddr;
5473 bdaddr_type = irk->addr_type;
5474 }
5475
082f2300
SJ		 5476 /* Check if we have been requested to connect to this device.
5477 *
5478 * direct_addr is set only for directed advertising reports (it is NULL
5479 * for advertising reports) and is already verified to be RPA above.
5480 */
5481 conn = check_pending_le_conn(hdev, bdaddr, bdaddr_type, type,
5482 direct_addr);
a2ec905d 5483 if (!ext_adv && conn && type == LE_ADV_IND && len <= HCI_MAX_AD_LENGTH) {
fd45ada9
AA		 5484 /* Store report for later inclusion by
5485 * mgmt_device_connected
5486 */
5487 memcpy(conn->le_adv_data, data, len);
5488 conn->le_adv_data_len = len;
5489 }
1c1abcab 5490
0d2bf134
JH		 5491 /* Passive scanning shouldn't trigger any device found events,
5492 * except for devices marked as CONN_REPORT for which we do send
8208f5a9 5493 * device found events, or advertisement monitoring requested.
0d2bf134 5494 */
ca5c4be7 5495 if (hdev->le_scan_type == LE_SCAN_PASSIVE) {
0d2bf134
JH		 5496 if (type == LE_ADV_DIRECT_IND)
5497 return;
5498
3a19b6fe 5499 if (!hci_pend_le_action_lookup(&hdev->pend_le_reports,
8208f5a9
MC		 5500 bdaddr, bdaddr_type) &&
5501 idr_is_empty(&hdev->adv_monitors_idr))
0d2bf134
JH		 5502 return;
5503
5504 if (type == LE_ADV_NONCONN_IND || type == LE_ADV_SCAN_IND)
5505 flags = MGMT_DEV_FOUND_NOT_CONNECTABLE;
5506 else
5507 flags = 0;
5508 mgmt_device_found(hdev, bdaddr, LE_LINK, bdaddr_type, NULL,
5509 rssi, flags, data, len, NULL, 0);
97bf2e99 5510 return;
ca5c4be7 5511 }
4af605d8 5512
c70a7e4c
MH		 5513 /* When receiving non-connectable or scannable undirected
5514 * advertising reports, this means that the remote device is
5515 * not connectable and then clearly indicate this in the
5516 * device found event.
5517 *
5518 * When receiving a scan response, then there is no way to
5519 * know if the remote device is connectable or not. However
5520 * since scan responses are merged with a previously seen
5521 * advertising report, the flags field from that report
5522 * will be used.
5523 *
5524 * In the really unlikely case that a controller get confused
5525 * and just sends a scan response event, then it is marked as
5526 * not connectable as well.
5527 */
5528 if (type == LE_ADV_NONCONN_IND || type == LE_ADV_SCAN_IND ||
5529 type == LE_ADV_SCAN_RSP)
5530 flags = MGMT_DEV_FOUND_NOT_CONNECTABLE;
5531 else
5532 flags = 0;
5533
b9a6328f
JH		 5534 /* If there's nothing pending either store the data from this
5535 * event or send an immediate device found event if the data
5536 * should not be stored for later.
5537 */
a2ec905d 5538 if (!ext_adv && !has_pending_adv_report(hdev)) {
b9a6328f
JH		 5539 /* If the report will trigger a SCAN_REQ store it for
5540 * later merging.
5541 */
5542 if (type == LE_ADV_IND || type == LE_ADV_SCAN_IND) {
5543 store_pending_adv_report(hdev, bdaddr, bdaddr_type,
c70a7e4c 5544 rssi, flags, data, len);
b9a6328f
JH		 5545 return;
5546 }
5547
5548 mgmt_device_found(hdev, bdaddr, LE_LINK, bdaddr_type, NULL,
c70a7e4c 5549 rssi, flags, data, len, NULL, 0);
b9a6328f
JH		 5550 return;
5551 }
5552
474ee066
JH		 5553 /* Check if the pending report is for the same device as the new one */
5554 match = (!bacmp(bdaddr, &d->last_adv_addr) &&
5555 bdaddr_type == d->last_adv_addr_type);
5556
b9a6328f
JH		 5557 /* If the pending data doesn't match this report or this isn't a
5558 * scan response (e.g. we got a duplicate ADV_IND) then force
5559 * sending of the pending data.
5560 */
474ee066
JH		 5561 if (type != LE_ADV_SCAN_RSP || !match) {
5562 /* Send out whatever is in the cache, but skip duplicates */
5563 if (!match)
5564 mgmt_device_found(hdev, &d->last_adv_addr, LE_LINK,
ff5cd29f 5565 d->last_adv_addr_type, NULL,
c70a7e4c 5566 d->last_adv_rssi, d->last_adv_flags,
ff5cd29f 5567 d->last_adv_data,
474ee066 5568 d->last_adv_data_len, NULL, 0);
b9a6328f
JH		 5569
5570 /* If the new report will trigger a SCAN_REQ store it for
5571 * later merging.
5572 */
a2ec905d
AM		 5573 if (!ext_adv && (type == LE_ADV_IND ||
5574 type == LE_ADV_SCAN_IND)) {
b9a6328f 5575 store_pending_adv_report(hdev, bdaddr, bdaddr_type,
c70a7e4c 5576 rssi, flags, data, len);
b9a6328f
JH		 5577 return;
5578 }
5579
5580 /* The advertising reports cannot be merged, so clear
5581 * the pending report and send out a device found event.
5582 */
5583 clear_pending_adv_report(hdev);
5c5b93e4 5584 mgmt_device_found(hdev, bdaddr, LE_LINK, bdaddr_type, NULL,
c70a7e4c 5585 rssi, flags, data, len, NULL, 0);
b9a6328f
JH		 5586 return;
5587 }
5588
5589 /* If we get here we've got a pending ADV_IND or ADV_SCAN_IND and
5590 * the new event is a SCAN_RSP. We can therefore proceed with
5591 * sending a merged device found event.
5592 */
5593 mgmt_device_found(hdev, &d->last_adv_addr, LE_LINK,
c70a7e4c 5594 d->last_adv_addr_type, NULL, rssi, d->last_adv_flags,
42bd6a56 5595 d->last_adv_data, d->last_adv_data_len, data, len);
b9a6328f 5596 clear_pending_adv_report(hdev);
4af605d8
JH		 5597}
5598
6039aa73 5599static void hci_le_adv_report_evt(struct hci_dev *hdev, struct sk_buff *skb)
9aa04c91 5600{
e95beb41
AG		 5601 u8 num_reports = skb->data[0];
5602 void *ptr = &skb->data[1];
9aa04c91 5603
a4790dbd
AG		 5604 hci_dev_lock(hdev);
5605
e95beb41
AG		 5606 while (num_reports--) {
5607 struct hci_ev_le_advertising_info *ev = ptr;
4af605d8 5608 s8 rssi;
a4790dbd 5609
ee649346
CC		 5610 if (ev->length <= HCI_MAX_AD_LENGTH) {
5611 rssi = ev->data[ev->length];
5612 process_adv_report(hdev, ev->evt_type, &ev->bdaddr,
5613 ev->bdaddr_type, NULL, 0, rssi,
a2ec905d 5614 ev->data, ev->length, false);
ee649346
CC		 5615 } else {
5616 bt_dev_err(hdev, "Dropping invalid advertising data");
5617 }
3c9e9195 5618
e95beb41 5619 ptr += sizeof(*ev) + ev->length + 1;
9aa04c91 5620 }
a4790dbd
AG		 5621
5622 hci_dev_unlock(hdev);
9aa04c91
AG		 5623}
5624
657cc646 5625static u8 ext_evt_type_to_legacy(struct hci_dev *hdev, u16 evt_type)
b2cc9761
JK		 5626{
5627 if (evt_type & LE_EXT_ADV_LEGACY_PDU) {
5628 switch (evt_type) {
5629 case LE_LEGACY_ADV_IND:
5630 return LE_ADV_IND;
5631 case LE_LEGACY_ADV_DIRECT_IND:
5632 return LE_ADV_DIRECT_IND;
5633 case LE_LEGACY_ADV_SCAN_IND:
5634 return LE_ADV_SCAN_IND;
5635 case LE_LEGACY_NONCONN_IND:
5636 return LE_ADV_NONCONN_IND;
5637 case LE_LEGACY_SCAN_RSP_ADV:
5638 case LE_LEGACY_SCAN_RSP_ADV_SCAN:
5639 return LE_ADV_SCAN_RSP;
5640 }
5641
657cc646 5642 goto invalid;
b2cc9761
JK		 5643 }
5644
5645 if (evt_type & LE_EXT_ADV_CONN_IND) {
5646 if (evt_type & LE_EXT_ADV_DIRECT_IND)
5647 return LE_ADV_DIRECT_IND;
5648
c215e939 5649 return LE_ADV_IND;
b2cc9761
JK		 5650 }
5651
5652 if (evt_type & LE_EXT_ADV_SCAN_RSP)
5653 return LE_ADV_SCAN_RSP;
5654
5655 if (evt_type & LE_EXT_ADV_SCAN_IND)
c215e939 5656 return LE_ADV_SCAN_IND;
b2cc9761
JK		 5657
5658 if (evt_type == LE_EXT_ADV_NON_CONN_IND ||
5659 evt_type & LE_EXT_ADV_DIRECT_IND)
c215e939 5660 return LE_ADV_NONCONN_IND;
c215e939 5661
657cc646
MH		 5662invalid:
5663 bt_dev_err_ratelimited(hdev, "Unknown advertising packet type: 0x%02x",
5664 evt_type);
c215e939
JK		 5665
5666 return LE_ADV_INVALID;
5667}
5668
5669static void hci_le_ext_adv_report_evt(struct hci_dev *hdev, struct sk_buff *skb)
5670{
5671 u8 num_reports = skb->data[0];
5672 void *ptr = &skb->data[1];
5673
5674 hci_dev_lock(hdev);
5675
5676 while (num_reports--) {
5677 struct hci_ev_le_ext_adv_report *ev = ptr;
5678 u8 legacy_evt_type;
5679 u16 evt_type;
5680
5681 evt_type = __le16_to_cpu(ev->evt_type);
657cc646 5682 legacy_evt_type = ext_evt_type_to_legacy(hdev, evt_type);
c215e939
JK		 5683 if (legacy_evt_type != LE_ADV_INVALID) {
5684 process_adv_report(hdev, legacy_evt_type, &ev->bdaddr,
5685 ev->bdaddr_type, NULL, 0, ev->rssi,
a2ec905d
AM		 5686 ev->data, ev->length,
5687 !(evt_type & LE_EXT_ADV_LEGACY_PDU));
c215e939
JK		 5688 }
5689
cd9151b6 5690 ptr += sizeof(*ev) + ev->length;
c215e939
JK		 5691 }
5692
5693 hci_dev_unlock(hdev);
5694}
5695
0fe29fd1
MH		 5696static void hci_le_remote_feat_complete_evt(struct hci_dev *hdev,
5697 struct sk_buff *skb)
5698{
5699 struct hci_ev_le_remote_feat_complete *ev = (void *)skb->data;
5700 struct hci_conn *conn;
5701
5702 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
5703
5704 hci_dev_lock(hdev);
5705
5706 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
5707 if (conn) {
5708 if (!ev->status)
5709 memcpy(conn->features[0], ev->features, 8);
5710
5711 if (conn->state == BT_CONFIG) {
5712 __u8 status;
5713
5714 /* If the local controller supports slave-initiated
5715 * features exchange, but the remote controller does
5716 * not, then it is possible that the error code 0x1a
5717 * for unsupported remote feature gets returned.
5718 *
5719 * In this specific case, allow the connection to
5720 * transition into connected state and mark it as
5721 * successful.
5722 */
5723 if ((hdev->le_features[0] & HCI_LE_SLAVE_FEATURES) &&
5724 !conn->out && ev->status == 0x1a)
5725 status = 0x00;
5726 else
5727 status = ev->status;
5728
5729 conn->state = BT_CONNECTED;
5730 hci_connect_cfm(conn, status);
5731 hci_conn_drop(conn);
5732 }
5733 }
5734
5735 hci_dev_unlock(hdev);
5736}
5737
6039aa73 5738static void hci_le_ltk_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
a7a595f6
VCG		 5739{
5740 struct hci_ev_le_ltk_req *ev = (void *) skb->data;
5741 struct hci_cp_le_ltk_reply cp;
bea710fe 5742 struct hci_cp_le_ltk_neg_reply neg;
a7a595f6 5743 struct hci_conn *conn;
c9839a11 5744 struct smp_ltk *ltk;
a7a595f6 5745
9f1db00c 5746 BT_DBG("%s handle 0x%4.4x", hdev->name, __le16_to_cpu(ev->handle));
a7a595f6
VCG		 5747
5748 hci_dev_lock(hdev);
5749
5750 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
bea710fe
VCG		 5751 if (conn == NULL)
5752 goto not_found;
a7a595f6 5753
f3a73d97 5754 ltk = hci_find_ltk(hdev, &conn->dst, conn->dst_type, conn->role);
5378bc56 5755 if (!ltk)
bea710fe
VCG		 5756 goto not_found;
5757
5378bc56
JH		 5758 if (smp_ltk_is_sc(ltk)) {
5759 /* With SC both EDiv and Rand are set to zero */
5760 if (ev->ediv || ev->rand)
5761 goto not_found;
5762 } else {
5763 /* For non-SC keys check that EDiv and Rand match */
5764 if (ev->ediv != ltk->ediv || ev->rand != ltk->rand)
5765 goto not_found;
5766 }
5767
8b76ce34
JH		 5768 memcpy(cp.ltk, ltk->val, ltk->enc_size);
5769 memset(cp.ltk + ltk->enc_size, 0, sizeof(cp.ltk) - ltk->enc_size);
a7a595f6 5770 cp.handle = cpu_to_le16(conn->handle);
c9839a11 5771
a6f7833c 5772 conn->pending_sec_level = smp_ltk_sec_level(ltk);
a7a595f6 5773
89cbb4da 5774 conn->enc_key_size = ltk->enc_size;
a7a595f6
VCG		 5775
5776 hci_send_cmd(hdev, HCI_OP_LE_LTK_REPLY, sizeof(cp), &cp);
5777
5981a882
CT		 5778 /* Ref. Bluetooth Core SPEC pages 1975 and 2004. STK is a
5779 * temporary key used to encrypt a connection following
5780 * pairing. It is used during the Encrypted Session Setup to
5781 * distribute the keys. Later, security can be re-established
5782 * using a distributed LTK.
5783 */
2ceba539 5784 if (ltk->type == SMP_STK) {
fe59a05f 5785 set_bit(HCI_CONN_STK_ENCRYPT, &conn->flags);
970d0f1b
JH		 5786 list_del_rcu(&ltk->list);
5787 kfree_rcu(ltk, rcu);
fe59a05f
JH		 5788 } else {
5789 clear_bit(HCI_CONN_STK_ENCRYPT, &conn->flags);
c9839a11
VCG		 5790 }
5791
a7a595f6 5792 hci_dev_unlock(hdev);
bea710fe
VCG		 5793
5794 return;
5795
5796not_found:
5797 neg.handle = ev->handle;
5798 hci_send_cmd(hdev, HCI_OP_LE_LTK_NEG_REPLY, sizeof(neg), &neg);
5799 hci_dev_unlock(hdev);
a7a595f6
VCG		 5800}
5801
8e75b46a
AG		 5802static void send_conn_param_neg_reply(struct hci_dev *hdev, u16 handle,
5803 u8 reason)
5804{
5805 struct hci_cp_le_conn_param_req_neg_reply cp;
5806
5807 cp.handle = cpu_to_le16(handle);
5808 cp.reason = reason;
5809
5810 hci_send_cmd(hdev, HCI_OP_LE_CONN_PARAM_REQ_NEG_REPLY, sizeof(cp),
5811 &cp);
5812}
5813
5814static void hci_le_remote_conn_param_req_evt(struct hci_dev *hdev,
5815 struct sk_buff *skb)
5816{
5817 struct hci_ev_le_remote_conn_param_req *ev = (void *) skb->data;
5818 struct hci_cp_le_conn_param_req_reply cp;
5819 struct hci_conn *hcon;
5820 u16 handle, min, max, latency, timeout;
5821
5822 handle = le16_to_cpu(ev->handle);
5823 min = le16_to_cpu(ev->interval_min);
5824 max = le16_to_cpu(ev->interval_max);
5825 latency = le16_to_cpu(ev->latency);
5826 timeout = le16_to_cpu(ev->timeout);
5827
5828 hcon = hci_conn_hash_lookup_handle(hdev, handle);
5829 if (!hcon || hcon->state != BT_CONNECTED)
5830 return send_conn_param_neg_reply(hdev, handle,
5831 HCI_ERROR_UNKNOWN_CONN_ID);
5832
5833 if (hci_check_conn_params(min, max, latency, timeout))
5834 return send_conn_param_neg_reply(hdev, handle,
5835 HCI_ERROR_INVALID_LL_PARAMS);
5836
40bef302 5837 if (hcon->role == HCI_ROLE_MASTER) {
348d50b8 5838 struct hci_conn_params *params;
f4869e2a 5839 u8 store_hint;
348d50b8
JH		 5840
5841 hci_dev_lock(hdev);
5842
5843 params = hci_conn_params_lookup(hdev, &hcon->dst,
5844 hcon->dst_type);
5845 if (params) {
5846 params->conn_min_interval = min;
5847 params->conn_max_interval = max;
5848 params->conn_latency = latency;
5849 params->supervision_timeout = timeout;
f4869e2a
JH		 5850 store_hint = 0x01;
5851 } else{
5852 store_hint = 0x00;
348d50b8
JH		 5853 }
5854
5855 hci_dev_unlock(hdev);
5856
f4869e2a
JH		 5857 mgmt_new_conn_param(hdev, &hcon->dst, hcon->dst_type,
5858 store_hint, min, max, latency, timeout);
348d50b8 5859 }
ffb5a827 5860
8e75b46a
AG		 5861 cp.handle = ev->handle;
5862 cp.interval_min = ev->interval_min;
5863 cp.interval_max = ev->interval_max;
5864 cp.latency = ev->latency;
5865 cp.timeout = ev->timeout;
5866 cp.min_ce_len = 0;
5867 cp.max_ce_len = 0;
5868
5869 hci_send_cmd(hdev, HCI_OP_LE_CONN_PARAM_REQ_REPLY, sizeof(cp), &cp);
5870}
5871
2f010b55
MH		 5872static void hci_le_direct_adv_report_evt(struct hci_dev *hdev,
5873 struct sk_buff *skb)
5874{
5875 u8 num_reports = skb->data[0];
5876 void *ptr = &skb->data[1];
5877
5878 hci_dev_lock(hdev);
5879
5880 while (num_reports--) {
5881 struct hci_ev_le_direct_adv_info *ev = ptr;
5882
5883 process_adv_report(hdev, ev->evt_type, &ev->bdaddr,
5884 ev->bdaddr_type, &ev->direct_addr,
a2ec905d
AM		 5885 ev->direct_addr_type, ev->rssi, NULL, 0,
5886 false);
2f010b55
MH		 5887
5888 ptr += sizeof(*ev);
5889 }
5890
5891 hci_dev_unlock(hdev);
5892}
5893
1efd927d
LAD		 5894static void hci_le_phy_update_evt(struct hci_dev *hdev, struct sk_buff *skb)
5895{
5896 struct hci_ev_le_phy_update_complete *ev = (void *) skb->data;
5897 struct hci_conn *conn;
5898
5899 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
5900
5901 if (!ev->status)
5902 return;
5903
5904 hci_dev_lock(hdev);
5905
5906 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
5907 if (!conn)
5908 goto unlock;
5909
5910 conn->le_tx_phy = ev->tx_phy;
5911 conn->le_rx_phy = ev->rx_phy;
5912
5913unlock:
5914 hci_dev_unlock(hdev);
5915}
5916
6039aa73 5917static void hci_le_meta_evt(struct hci_dev *hdev, struct sk_buff *skb)
fcd89c09
VT		 5918{
5919 struct hci_ev_le_meta *le_ev = (void *) skb->data;
5920
5921 skb_pull(skb, sizeof(*le_ev));
5922
5923 switch (le_ev->subevent) {
5924 case HCI_EV_LE_CONN_COMPLETE:
5925 hci_le_conn_complete_evt(hdev, skb);
5926 break;
5927
1855d92d
MH		 5928 case HCI_EV_LE_CONN_UPDATE_COMPLETE:
5929 hci_le_conn_update_complete_evt(hdev, skb);
5930 break;
5931
9aa04c91
AG		 5932 case HCI_EV_LE_ADVERTISING_REPORT:
5933 hci_le_adv_report_evt(hdev, skb);
5934 break;
5935
0fe29fd1
MH		 5936 case HCI_EV_LE_REMOTE_FEAT_COMPLETE:
5937 hci_le_remote_feat_complete_evt(hdev, skb);
5938 break;
5939
a7a595f6
VCG		 5940 case HCI_EV_LE_LTK_REQ:
5941 hci_le_ltk_request_evt(hdev, skb);
5942 break;
5943
8e75b46a
AG		 5944 case HCI_EV_LE_REMOTE_CONN_PARAM_REQ:
5945 hci_le_remote_conn_param_req_evt(hdev, skb);
5946 break;
5947
2f010b55
MH		 5948 case HCI_EV_LE_DIRECT_ADV_REPORT:
5949 hci_le_direct_adv_report_evt(hdev, skb);
5950 break;
5951
1efd927d
LAD		 5952 case HCI_EV_LE_PHY_UPDATE_COMPLETE:
5953 hci_le_phy_update_evt(hdev, skb);
5954 break;
5955
c215e939
JK		 5956 case HCI_EV_LE_EXT_ADV_REPORT:
5957 hci_le_ext_adv_report_evt(hdev, skb);
5958 break;
5959
4d94f95d
JK		 5960 case HCI_EV_LE_ENHANCED_CONN_COMPLETE:
5961 hci_le_enh_conn_complete_evt(hdev, skb);
5962 break;
5963
acf0aeae
JK		 5964 case HCI_EV_LE_EXT_ADV_SET_TERM:
5965 hci_le_ext_adv_term_evt(hdev, skb);
5966 break;
5967
fcd89c09
VT		 5968 default:
5969 break;
5970 }
5971}
5972
757aa0b5
JH		 5973static bool hci_get_cmd_complete(struct hci_dev *hdev, u16 opcode,
5974 u8 event, struct sk_buff *skb)
5975{
5976 struct hci_ev_cmd_complete *ev;
5977 struct hci_event_hdr *hdr;
5978
5979 if (!skb)
5980 return false;
5981
5982 if (skb->len < sizeof(*hdr)) {
2064ee33 5983 bt_dev_err(hdev, "too short HCI event");
757aa0b5
JH		 5984 return false;
5985 }
5986
5987 hdr = (void *) skb->data;
5988 skb_pull(skb, HCI_EVENT_HDR_SIZE);
5989
5990 if (event) {
5991 if (hdr->evt != event)
5992 return false;
5993 return true;
5994 }
5995
1629db9c
JH		 5996 /* Check if request ended in Command Status - no way to retreive
5997 * any extra parameters in this case.
5998 */
5999 if (hdr->evt == HCI_EV_CMD_STATUS)
6000 return false;
6001
757aa0b5 6002 if (hdr->evt != HCI_EV_CMD_COMPLETE) {
2064ee33
MH		 6003 bt_dev_err(hdev, "last event is not cmd complete (0x%2.2x)",
6004 hdr->evt);
757aa0b5
JH		 6005 return false;
6006 }
6007
6008 if (skb->len < sizeof(*ev)) {
2064ee33 6009 bt_dev_err(hdev, "too short cmd_complete event");
757aa0b5
JH		 6010 return false;
6011 }
6012
6013 ev = (void *) skb->data;
6014 skb_pull(skb, sizeof(*ev));
6015
6016 if (opcode != __le16_to_cpu(ev->opcode)) {
6017 BT_DBG("opcode doesn't match (0x%2.2x != 0x%2.2x)", opcode,
6018 __le16_to_cpu(ev->opcode));
6019 return false;
6020 }
6021
6022 return true;
6023}
6024
2f20216c
APS		 6025static void hci_store_wake_reason(struct hci_dev *hdev, u8 event,
6026 struct sk_buff *skb)
6027{
6028 struct hci_ev_le_advertising_info *adv;
6029 struct hci_ev_le_direct_adv_info *direct_adv;
6030 struct hci_ev_le_ext_adv_report *ext_adv;
6031 const struct hci_ev_conn_complete *conn_complete = (void *)skb->data;
6032 const struct hci_ev_conn_request *conn_request = (void *)skb->data;
6033
6034 hci_dev_lock(hdev);
6035
6036 /* If we are currently suspended and this is the first BT event seen,
6037 * save the wake reason associated with the event.
6038 */
6039 if (!hdev->suspended || hdev->wake_reason)
6040 goto unlock;
6041
6042 /* Default to remote wake. Values for wake_reason are documented in the
6043 * Bluez mgmt api docs.
6044 */
6045 hdev->wake_reason = MGMT_WAKE_REASON_REMOTE_WAKE;
6046
6047 /* Once configured for remote wakeup, we should only wake up for
6048 * reconnections. It's useful to see which device is waking us up so
6049 * keep track of the bdaddr of the connection event that woke us up.
6050 */
6051 if (event == HCI_EV_CONN_REQUEST) {
6052 bacpy(&hdev->wake_addr, &conn_complete->bdaddr);
6053 hdev->wake_addr_type = BDADDR_BREDR;
6054 } else if (event == HCI_EV_CONN_COMPLETE) {
6055 bacpy(&hdev->wake_addr, &conn_request->bdaddr);
6056 hdev->wake_addr_type = BDADDR_BREDR;
6057 } else if (event == HCI_EV_LE_META) {
6058 struct hci_ev_le_meta *le_ev = (void *)skb->data;
6059 u8 subevent = le_ev->subevent;
6060 u8 *ptr = &skb->data[sizeof(*le_ev)];
6061 u8 num_reports = *ptr;
6062
6063 if ((subevent == HCI_EV_LE_ADVERTISING_REPORT ||
6064 subevent == HCI_EV_LE_DIRECT_ADV_REPORT ||
6065 subevent == HCI_EV_LE_EXT_ADV_REPORT) &&
6066 num_reports) {
6067 adv = (void *)(ptr + 1);
6068 direct_adv = (void *)(ptr + 1);
6069 ext_adv = (void *)(ptr + 1);
6070
6071 switch (subevent) {
6072 case HCI_EV_LE_ADVERTISING_REPORT:
6073 bacpy(&hdev->wake_addr, &adv->bdaddr);
6074 hdev->wake_addr_type = adv->bdaddr_type;
6075 break;
6076 case HCI_EV_LE_DIRECT_ADV_REPORT:
6077 bacpy(&hdev->wake_addr, &direct_adv->bdaddr);
6078 hdev->wake_addr_type = direct_adv->bdaddr_type;
6079 break;
6080 case HCI_EV_LE_EXT_ADV_REPORT:
6081 bacpy(&hdev->wake_addr, &ext_adv->bdaddr);
6082 hdev->wake_addr_type = ext_adv->bdaddr_type;
6083 break;
6084 }
6085 }
6086 } else {
6087 hdev->wake_reason = MGMT_WAKE_REASON_UNEXPECTED;
6088 }
6089
6090unlock:
6091 hci_dev_unlock(hdev);
6092}
6093
a9de9248
MH		 6094void hci_event_packet(struct hci_dev *hdev, struct sk_buff *skb)
6095{
6096 struct hci_event_hdr *hdr = (void *) skb->data;
e6214487
JH		 6097 hci_req_complete_t req_complete = NULL;
6098 hci_req_complete_skb_t req_complete_skb = NULL;
6099 struct sk_buff *orig_skb = NULL;
757aa0b5 6100 u8 status = 0, event = hdr->evt, req_evt = 0;
e6214487 6101 u16 opcode = HCI_OP_NOP;
a9de9248 6102
08bb4da9
AM		 6103 if (!event) {
6104 bt_dev_warn(hdev, "Received unexpected HCI Event 00000000");
6105 goto done;
6106 }
6107
242c0ebd 6108 if (hdev->sent_cmd && bt_cb(hdev->sent_cmd)->hci.req_event == event) {
c1f23a2b 6109 struct hci_command_hdr *cmd_hdr = (void *) hdev->sent_cmd->data;
e6214487
JH		 6110 opcode = __le16_to_cpu(cmd_hdr->opcode);
6111 hci_req_cmd_complete(hdev, opcode, status, &req_complete,
6112 &req_complete_skb);
757aa0b5 6113 req_evt = event;
02350a72
JH		 6114 }
6115
e6214487
JH		 6116 /* If it looks like we might end up having to call
6117 * req_complete_skb, store a pristine copy of the skb since the
6118 * various handlers may modify the original one through
6119 * skb_pull() calls, etc.
6120 */
6121 if (req_complete_skb || event == HCI_EV_CMD_STATUS ||
6122 event == HCI_EV_CMD_COMPLETE)
6123 orig_skb = skb_clone(skb, GFP_KERNEL);
6124
6125 skb_pull(skb, HCI_EVENT_HDR_SIZE);
6126
2f20216c
APS		 6127 /* Store wake reason if we're suspended */
6128 hci_store_wake_reason(hdev, event, skb);
6129
a9de9248 6130 switch (event) {
1da177e4
LT		 6131 case HCI_EV_INQUIRY_COMPLETE:
6132 hci_inquiry_complete_evt(hdev, skb);
6133 break;
6134
6135 case HCI_EV_INQUIRY_RESULT:
6136 hci_inquiry_result_evt(hdev, skb);
6137 break;
6138
a9de9248
MH		 6139 case HCI_EV_CONN_COMPLETE:
6140 hci_conn_complete_evt(hdev, skb);
21d9e30e
MH		 6141 break;
6142
1da177e4
LT		 6143 case HCI_EV_CONN_REQUEST:
6144 hci_conn_request_evt(hdev, skb);
6145 break;
6146
1da177e4
LT		 6147 case HCI_EV_DISCONN_COMPLETE:
6148 hci_disconn_complete_evt(hdev, skb);
6149 break;
6150
1da177e4
LT		 6151 case HCI_EV_AUTH_COMPLETE:
6152 hci_auth_complete_evt(hdev, skb);
6153 break;
6154
a9de9248
MH		 6155 case HCI_EV_REMOTE_NAME:
6156 hci_remote_name_evt(hdev, skb);
6157 break;
6158
1da177e4
LT		 6159 case HCI_EV_ENCRYPT_CHANGE:
6160 hci_encrypt_change_evt(hdev, skb);
6161 break;
6162
a9de9248
MH		 6163 case HCI_EV_CHANGE_LINK_KEY_COMPLETE:
6164 hci_change_link_key_complete_evt(hdev, skb);
6165 break;
6166
6167 case HCI_EV_REMOTE_FEATURES:
6168 hci_remote_features_evt(hdev, skb);
6169 break;
6170
a9de9248 6171 case HCI_EV_CMD_COMPLETE:
e6214487
JH		 6172 hci_cmd_complete_evt(hdev, skb, &opcode, &status,
6173 &req_complete, &req_complete_skb);
a9de9248
MH		 6174 break;
6175
6176 case HCI_EV_CMD_STATUS:
e6214487
JH		 6177 hci_cmd_status_evt(hdev, skb, &opcode, &status, &req_complete,
6178 &req_complete_skb);
a9de9248
MH		 6179 break;
6180
24dfa343
MH		 6181 case HCI_EV_HARDWARE_ERROR:
6182 hci_hardware_error_evt(hdev, skb);
6183 break;
6184
a9de9248
MH		 6185 case HCI_EV_ROLE_CHANGE:
6186 hci_role_change_evt(hdev, skb);
6187 break;
6188
6189 case HCI_EV_NUM_COMP_PKTS:
6190 hci_num_comp_pkts_evt(hdev, skb);
6191 break;
6192
6193 case HCI_EV_MODE_CHANGE:
6194 hci_mode_change_evt(hdev, skb);
1da177e4
LT		 6195 break;
6196
6197 case HCI_EV_PIN_CODE_REQ:
6198 hci_pin_code_request_evt(hdev, skb);
6199 break;
6200
6201 case HCI_EV_LINK_KEY_REQ:
6202 hci_link_key_request_evt(hdev, skb);
6203 break;
6204
6205 case HCI_EV_LINK_KEY_NOTIFY:
6206 hci_link_key_notify_evt(hdev, skb);
6207 break;
6208
6209 case HCI_EV_CLOCK_OFFSET:
6210 hci_clock_offset_evt(hdev, skb);
6211 break;
6212
a8746417
MH		 6213 case HCI_EV_PKT_TYPE_CHANGE:
6214 hci_pkt_type_change_evt(hdev, skb);
6215 break;
6216
85a1e930
MH		 6217 case HCI_EV_PSCAN_REP_MODE:
6218 hci_pscan_rep_mode_evt(hdev, skb);
6219 break;
6220
a9de9248
MH		 6221 case HCI_EV_INQUIRY_RESULT_WITH_RSSI:
6222 hci_inquiry_result_with_rssi_evt(hdev, skb);
04837f64
MH		 6223 break;
6224
a9de9248
MH		 6225 case HCI_EV_REMOTE_EXT_FEATURES:
6226 hci_remote_ext_features_evt(hdev, skb);
1da177e4
LT		 6227 break;
6228
a9de9248
MH		 6229 case HCI_EV_SYNC_CONN_COMPLETE:
6230 hci_sync_conn_complete_evt(hdev, skb);
6231 break;
1da177e4 6232
a9de9248
MH		 6233 case HCI_EV_EXTENDED_INQUIRY_RESULT:
6234 hci_extended_inquiry_result_evt(hdev, skb);
6235 break;
1da177e4 6236
1c2e0041
JH		 6237 case HCI_EV_KEY_REFRESH_COMPLETE:
6238 hci_key_refresh_complete_evt(hdev, skb);
6239 break;
6240
0493684e
MH		 6241 case HCI_EV_IO_CAPA_REQUEST:
6242 hci_io_capa_request_evt(hdev, skb);
6243 break;
6244
03b555e1
JH		 6245 case HCI_EV_IO_CAPA_REPLY:
6246 hci_io_capa_reply_evt(hdev, skb);
6247 break;
6248
a5c29683
JH		 6249 case HCI_EV_USER_CONFIRM_REQUEST:
6250 hci_user_confirm_request_evt(hdev, skb);
6251 break;
6252
1143d458
BG		 6253 case HCI_EV_USER_PASSKEY_REQUEST:
6254 hci_user_passkey_request_evt(hdev, skb);
6255 break;
6256
92a25256
JH		 6257 case HCI_EV_USER_PASSKEY_NOTIFY:
6258 hci_user_passkey_notify_evt(hdev, skb);
6259 break;
6260
6261 case HCI_EV_KEYPRESS_NOTIFY:
6262 hci_keypress_notify_evt(hdev, skb);
6263 break;
6264
0493684e
MH		 6265 case HCI_EV_SIMPLE_PAIR_COMPLETE:
6266 hci_simple_pair_complete_evt(hdev, skb);
6267 break;
6268
41a96212
MH		 6269 case HCI_EV_REMOTE_HOST_FEATURES:
6270 hci_remote_host_features_evt(hdev, skb);
6271 break;
6272
fcd89c09
VT		 6273 case HCI_EV_LE_META:
6274 hci_le_meta_evt(hdev, skb);
6275 break;
6276
2763eda6
SJ		 6277 case HCI_EV_REMOTE_OOB_DATA_REQUEST:
6278 hci_remote_oob_data_request_evt(hdev, skb);
6279 break;
6280
a77a6a14
AW		 6281#if IS_ENABLED(CONFIG_BT_HS)
6282 case HCI_EV_CHANNEL_SELECTED:
6283 hci_chan_selected_evt(hdev, skb);
6284 break;
6285
d5e91192
AE		 6286 case HCI_EV_PHY_LINK_COMPLETE:
6287 hci_phy_link_complete_evt(hdev, skb);
6288 break;
6289
27695fb4
AE		 6290 case HCI_EV_LOGICAL_LINK_COMPLETE:
6291 hci_loglink_complete_evt(hdev, skb);
6292 break;
6293
606e2a10
AE		 6294 case HCI_EV_DISCONN_LOGICAL_LINK_COMPLETE:
6295 hci_disconn_loglink_complete_evt(hdev, skb);
6296 break;
6297
9eef6b3a
AE		 6298 case HCI_EV_DISCONN_PHY_LINK_COMPLETE:
6299 hci_disconn_phylink_complete_evt(hdev, skb);
6300 break;
a77a6a14 6301#endif
9eef6b3a 6302
25e89e99
AE		 6303 case HCI_EV_NUM_COMP_BLOCKS:
6304 hci_num_comp_blocks_evt(hdev, skb);
6305 break;
6306
145373cb
MC		 6307 case HCI_EV_VENDOR:
6308 msft_vendor_evt(hdev, skb);
6309 break;
6310
a9de9248 6311 default:
9f1db00c 6312 BT_DBG("%s event 0x%2.2x", hdev->name, event);
1da177e4
LT		 6313 break;
6314 }
6315
757aa0b5 6316 if (req_complete) {
e6214487 6317 req_complete(hdev, status, opcode);
757aa0b5
JH		 6318 } else if (req_complete_skb) {
6319 if (!hci_get_cmd_complete(hdev, opcode, req_evt, orig_skb)) {
6320 kfree_skb(orig_skb);
6321 orig_skb = NULL;
6322 }
e6214487 6323 req_complete_skb(hdev, status, opcode, orig_skb);
757aa0b5 6324 }
e6214487 6325
08bb4da9 6326done:
e6214487 6327 kfree_skb(orig_skb);
1da177e4
LT		 6328 kfree_skb(skb);
6329 hdev->stat.evt_rx++;
6330}
Linux 6.x block layer and io_uring tree(s)