projects / linux-2.6-block.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Bluetooth: Add timer to force power off
[linux-2.6-block.git] / net / bluetooth / hci_event.c
CommitLineData
8e87d142 1/*
1da177e4 2 BlueZ - Bluetooth protocol stack for Linux
2d0a0346 3 Copyright (c) 2000-2001, 2010, Code Aurora Forum. All rights reserved.
1da177e4
LT		 4
5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
8e87d142
YH		 15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
1da177e4
LT		 18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
8e87d142
YH		 20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
1da177e4
LT		 22 SOFTWARE IS DISCLAIMED.
23*/
24
25/* Bluetooth HCI event handling. */
26
1da177e4
LT		 27#include <asm/unaligned.h>
28
29#include <net/bluetooth/bluetooth.h>
30#include <net/bluetooth/hci_core.h>
f0d6a0ea 31#include <net/bluetooth/mgmt.h>
7ef9fbf0 32
7024728e 33#include "a2mp.h"
7ef9fbf0 34#include "amp.h"
1da177e4 35
1da177e4
LT		 36/* Handle HCI Event packets */
37
a9de9248 38static void hci_cc_inquiry_cancel(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 39{
a9de9248 40 __u8 status = *((__u8 *) skb->data);
1da177e4 41
9f1db00c 42 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1da177e4 43
82f4785c 44 if (status)
a9de9248 45 return;
1da177e4 46
89352e7d 47 clear_bit(HCI_INQUIRY, &hdev->flags);
3e13fa1e
AG		 48 smp_mb__after_clear_bit(); /* wake_up_bit advises about this barrier */
49 wake_up_bit(&hdev->flags, HCI_INQUIRY);
89352e7d 50
a9de9248
MH		 51 hci_conn_check_pending(hdev);
52}
6bd57416 53
4d93483b
AG		 54static void hci_cc_periodic_inq(struct hci_dev *hdev, struct sk_buff *skb)
55{
56 __u8 status = *((__u8 *) skb->data);
57
9f1db00c 58 BT_DBG("%s status 0x%2.2x", hdev->name, status);
ae854a70
AG		 59
60 if (status)
61 return;
62
63 set_bit(HCI_PERIODIC_INQ, &hdev->dev_flags);
4d93483b
AG		 64}
65
a9de9248
MH		 66static void hci_cc_exit_periodic_inq(struct hci_dev *hdev, struct sk_buff *skb)
67{
68 __u8 status = *((__u8 *) skb->data);
6bd57416 69
9f1db00c 70 BT_DBG("%s status 0x%2.2x", hdev->name, status);
6bd57416 71
a9de9248
MH		 72 if (status)
73 return;
1da177e4 74
ae854a70
AG		 75 clear_bit(HCI_PERIODIC_INQ, &hdev->dev_flags);
76
a9de9248
MH		 77 hci_conn_check_pending(hdev);
78}
79
807deac2
GP		 80static void hci_cc_remote_name_req_cancel(struct hci_dev *hdev,
81 struct sk_buff *skb)
a9de9248
MH		 82{
83 BT_DBG("%s", hdev->name);
84}
85
86static void hci_cc_role_discovery(struct hci_dev *hdev, struct sk_buff *skb)
87{
88 struct hci_rp_role_discovery *rp = (void *) skb->data;
89 struct hci_conn *conn;
90
9f1db00c 91 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
a9de9248
MH		 92
93 if (rp->status)
94 return;
95
96 hci_dev_lock(hdev);
97
98 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
99 if (conn) {
100 if (rp->role)
101 conn->link_mode &= ~HCI_LM_MASTER;
102 else
103 conn->link_mode |= HCI_LM_MASTER;
1da177e4 104 }
a9de9248
MH		 105
106 hci_dev_unlock(hdev);
1da177e4
LT		 107}
108
e4e8e37c
MH		 109static void hci_cc_read_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
110{
111 struct hci_rp_read_link_policy *rp = (void *) skb->data;
112 struct hci_conn *conn;
113
9f1db00c 114 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
e4e8e37c
MH		 115
116 if (rp->status)
117 return;
118
119 hci_dev_lock(hdev);
120
121 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
122 if (conn)
123 conn->link_policy = __le16_to_cpu(rp->policy);
124
125 hci_dev_unlock(hdev);
126}
127
a9de9248 128static void hci_cc_write_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 129{
a9de9248 130 struct hci_rp_write_link_policy *rp = (void *) skb->data;
1da177e4 131 struct hci_conn *conn;
04837f64 132 void *sent;
1da177e4 133
9f1db00c 134 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1da177e4 135
a9de9248
MH		 136 if (rp->status)
137 return;
1da177e4 138
a9de9248
MH		 139 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LINK_POLICY);
140 if (!sent)
141 return;
1da177e4 142
a9de9248 143 hci_dev_lock(hdev);
1da177e4 144
a9de9248 145 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
e4e8e37c 146 if (conn)
83985319 147 conn->link_policy = get_unaligned_le16(sent + 2);
1da177e4 148
a9de9248
MH		 149 hci_dev_unlock(hdev);
150}
1da177e4 151
807deac2
GP		 152static void hci_cc_read_def_link_policy(struct hci_dev *hdev,
153 struct sk_buff *skb)
e4e8e37c
MH		 154{
155 struct hci_rp_read_def_link_policy *rp = (void *) skb->data;
156
9f1db00c 157 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
e4e8e37c
MH		 158
159 if (rp->status)
160 return;
161
162 hdev->link_policy = __le16_to_cpu(rp->policy);
163}
164
807deac2
GP		 165static void hci_cc_write_def_link_policy(struct hci_dev *hdev,
166 struct sk_buff *skb)
e4e8e37c
MH		 167{
168 __u8 status = *((__u8 *) skb->data);
169 void *sent;
170
9f1db00c 171 BT_DBG("%s status 0x%2.2x", hdev->name, status);
e4e8e37c
MH		 172
173 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_DEF_LINK_POLICY);
174 if (!sent)
175 return;
176
177 if (!status)
178 hdev->link_policy = get_unaligned_le16(sent);
e4e8e37c
MH		 179}
180
a9de9248
MH		 181static void hci_cc_reset(struct hci_dev *hdev, struct sk_buff *skb)
182{
183 __u8 status = *((__u8 *) skb->data);
04837f64 184
9f1db00c 185 BT_DBG("%s status 0x%2.2x", hdev->name, status);
04837f64 186
10572132
GP		 187 clear_bit(HCI_RESET, &hdev->flags);
188
a297e97c 189 /* Reset all non-persistent flags */
2cc6fb00 190 hdev->dev_flags &= ~HCI_PERSISTENT_MASK;
69775ff6
AG		 191
192 hdev->discovery.state = DISCOVERY_STOPPED;
bbaf444a
JH		 193 hdev->inq_tx_power = HCI_TX_POWER_INVALID;
194 hdev->adv_tx_power = HCI_TX_POWER_INVALID;
3f0f524b
JH		 195
196 memset(hdev->adv_data, 0, sizeof(hdev->adv_data));
197 hdev->adv_data_len = 0;
f8e808bd
MH		 198
199 memset(hdev->scan_rsp_data, 0, sizeof(hdev->scan_rsp_data));
200 hdev->scan_rsp_data_len = 0;
06f5b778
MH		 201
202 hdev->ssp_debug_mode = 0;
a9de9248 203}
04837f64 204
a9de9248
MH		 205static void hci_cc_write_local_name(struct hci_dev *hdev, struct sk_buff *skb)
206{
207 __u8 status = *((__u8 *) skb->data);
208 void *sent;
04837f64 209
9f1db00c 210 BT_DBG("%s status 0x%2.2x", hdev->name, status);
04837f64 211
a9de9248
MH		 212 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LOCAL_NAME);
213 if (!sent)
214 return;
04837f64 215
56e5cb86
JH		 216 hci_dev_lock(hdev);
217
f51d5b24
JH		 218 if (test_bit(HCI_MGMT, &hdev->dev_flags))
219 mgmt_set_local_name_complete(hdev, sent, status);
28cc7bde
JH		 220 else if (!status)
221 memcpy(hdev->dev_name, sent, HCI_MAX_NAME_LENGTH);
f51d5b24 222
56e5cb86 223 hci_dev_unlock(hdev);
a9de9248
MH		 224}
225
226static void hci_cc_read_local_name(struct hci_dev *hdev, struct sk_buff *skb)
227{
228 struct hci_rp_read_local_name *rp = (void *) skb->data;
229
9f1db00c 230 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
a9de9248
MH		 231
232 if (rp->status)
233 return;
234
db99b5fc
JH		 235 if (test_bit(HCI_SETUP, &hdev->dev_flags))
236 memcpy(hdev->dev_name, rp->name, HCI_MAX_NAME_LENGTH);
a9de9248
MH		 237}
238
239static void hci_cc_write_auth_enable(struct hci_dev *hdev, struct sk_buff *skb)
240{
241 __u8 status = *((__u8 *) skb->data);
242 void *sent;
243
9f1db00c 244 BT_DBG("%s status 0x%2.2x", hdev->name, status);
a9de9248
MH		 245
246 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_AUTH_ENABLE);
247 if (!sent)
248 return;
249
250 if (!status) {
251 __u8 param = *((__u8 *) sent);
252
253 if (param == AUTH_ENABLED)
254 set_bit(HCI_AUTH, &hdev->flags);
255 else
256 clear_bit(HCI_AUTH, &hdev->flags);
1da177e4 257 }
a9de9248 258
33ef95ed
JH		 259 if (test_bit(HCI_MGMT, &hdev->dev_flags))
260 mgmt_auth_enable_complete(hdev, status);
1da177e4
LT		 261}
262
a9de9248 263static void hci_cc_write_encrypt_mode(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 264{
a9de9248 265 __u8 status = *((__u8 *) skb->data);
1da177e4
LT		 266 void *sent;
267
9f1db00c 268 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1da177e4 269
a9de9248
MH		 270 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_ENCRYPT_MODE);
271 if (!sent)
272 return;
1da177e4 273
a9de9248
MH		 274 if (!status) {
275 __u8 param = *((__u8 *) sent);
276
277 if (param)
278 set_bit(HCI_ENCRYPT, &hdev->flags);
279 else
280 clear_bit(HCI_ENCRYPT, &hdev->flags);
281 }
a9de9248 282}
1da177e4 283
a9de9248
MH		 284static void hci_cc_write_scan_enable(struct hci_dev *hdev, struct sk_buff *skb)
285{
36f7fc7e
JH		 286 __u8 param, status = *((__u8 *) skb->data);
287 int old_pscan, old_iscan;
a9de9248 288 void *sent;
1da177e4 289
9f1db00c 290 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1da177e4 291
a9de9248
MH		 292 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SCAN_ENABLE);
293 if (!sent)
294 return;
1da177e4 295
36f7fc7e
JH		 296 param = *((__u8 *) sent);
297
56e5cb86
JH		 298 hci_dev_lock(hdev);
299
fa1bd918 300 if (status) {
744cf19e 301 mgmt_write_scan_failed(hdev, param, status);
2d7cee58
JH		 302 hdev->discov_timeout = 0;
303 goto done;
304 }
305
0663ca2a
JH		 306 /* We need to ensure that we set this back on if someone changed
307 * the scan mode through a raw HCI socket.
308 */
309 set_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
310
36f7fc7e
JH		 311 old_pscan = test_and_clear_bit(HCI_PSCAN, &hdev->flags);
312 old_iscan = test_and_clear_bit(HCI_ISCAN, &hdev->flags);
313
314 if (param & SCAN_INQUIRY) {
315 set_bit(HCI_ISCAN, &hdev->flags);
316 if (!old_iscan)
744cf19e 317 mgmt_discoverable(hdev, 1);
36f7fc7e 318 } else if (old_iscan)
744cf19e 319 mgmt_discoverable(hdev, 0);
36f7fc7e
JH		 320
321 if (param & SCAN_PAGE) {
322 set_bit(HCI_PSCAN, &hdev->flags);
323 if (!old_pscan)
744cf19e 324 mgmt_connectable(hdev, 1);
36f7fc7e 325 } else if (old_pscan)
744cf19e 326 mgmt_connectable(hdev, 0);
1da177e4 327
36f7fc7e 328done:
56e5cb86 329 hci_dev_unlock(hdev);
a9de9248 330}
1da177e4 331
a9de9248
MH		 332static void hci_cc_read_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
333{
334 struct hci_rp_read_class_of_dev *rp = (void *) skb->data;
1da177e4 335
9f1db00c 336 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1da177e4 337
a9de9248
MH		 338 if (rp->status)
339 return;
1da177e4 340
a9de9248 341 memcpy(hdev->dev_class, rp->dev_class, 3);
1da177e4 342
a9de9248 343 BT_DBG("%s class 0x%.2x%.2x%.2x", hdev->name,
807deac2 344 hdev->dev_class[2], hdev->dev_class[1], hdev->dev_class[0]);
a9de9248 345}
1da177e4 346
a9de9248
MH		 347static void hci_cc_write_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
348{
349 __u8 status = *((__u8 *) skb->data);
350 void *sent;
1da177e4 351
9f1db00c 352 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1da177e4 353
a9de9248
MH		 354 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_CLASS_OF_DEV);
355 if (!sent)
356 return;
1da177e4 357
7f9a903c
MH		 358 hci_dev_lock(hdev);
359
360 if (status == 0)
361 memcpy(hdev->dev_class, sent, 3);
362
363 if (test_bit(HCI_MGMT, &hdev->dev_flags))
364 mgmt_set_class_of_dev_complete(hdev, sent, status);
365
366 hci_dev_unlock(hdev);
a9de9248 367}
1da177e4 368
a9de9248
MH		 369static void hci_cc_read_voice_setting(struct hci_dev *hdev, struct sk_buff *skb)
370{
371 struct hci_rp_read_voice_setting *rp = (void *) skb->data;
372 __u16 setting;
373
9f1db00c 374 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
a9de9248
MH		 375
376 if (rp->status)
377 return;
378
379 setting = __le16_to_cpu(rp->voice_setting);
380
f383f275 381 if (hdev->voice_setting == setting)
a9de9248
MH		 382 return;
383
384 hdev->voice_setting = setting;
385
9f1db00c 386 BT_DBG("%s voice setting 0x%4.4x", hdev->name, setting);
a9de9248 387
3c54711c 388 if (hdev->notify)
a9de9248 389 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
a9de9248
MH		 390}
391
8fc9ced3
GP		 392static void hci_cc_write_voice_setting(struct hci_dev *hdev,
393 struct sk_buff *skb)
a9de9248
MH		 394{
395 __u8 status = *((__u8 *) skb->data);
f383f275 396 __u16 setting;
a9de9248
MH		 397 void *sent;
398
9f1db00c 399 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1da177e4 400
f383f275
MH		 401 if (status)
402 return;
403
a9de9248
MH		 404 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_VOICE_SETTING);
405 if (!sent)
406 return;
1da177e4 407
f383f275 408 setting = get_unaligned_le16(sent);
1da177e4 409
f383f275
MH		 410 if (hdev->voice_setting == setting)
411 return;
412
413 hdev->voice_setting = setting;
1da177e4 414
9f1db00c 415 BT_DBG("%s voice setting 0x%4.4x", hdev->name, setting);
1da177e4 416
3c54711c 417 if (hdev->notify)
f383f275 418 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
1da177e4
LT		 419}
420
b4cb9fb2
MH		 421static void hci_cc_read_num_supported_iac(struct hci_dev *hdev,
422 struct sk_buff *skb)
423{
424 struct hci_rp_read_num_supported_iac *rp = (void *) skb->data;
425
426 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
427
428 if (rp->status)
429 return;
430
431 hdev->num_iac = rp->num_iac;
432
433 BT_DBG("%s num iac %d", hdev->name, hdev->num_iac);
434}
435
333140b5
MH		 436static void hci_cc_write_ssp_mode(struct hci_dev *hdev, struct sk_buff *skb)
437{
438 __u8 status = *((__u8 *) skb->data);
5ed8eb2f 439 struct hci_cp_write_ssp_mode *sent;
333140b5 440
9f1db00c 441 BT_DBG("%s status 0x%2.2x", hdev->name, status);
333140b5 442
333140b5
MH		 443 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SSP_MODE);
444 if (!sent)
445 return;
446
5ed8eb2f
JH		 447 if (!status) {
448 if (sent->mode)
cad718ed 449 hdev->features[1][0] |= LMP_HOST_SSP;
5ed8eb2f 450 else
cad718ed 451 hdev->features[1][0] &= ~LMP_HOST_SSP;
5ed8eb2f
JH		 452 }
453
ed2c4ee3 454 if (test_bit(HCI_MGMT, &hdev->dev_flags))
5ed8eb2f 455 mgmt_ssp_enable_complete(hdev, sent->mode, status);
c0ecddc2 456 else if (!status) {
5ed8eb2f 457 if (sent->mode)
c0ecddc2
JH		 458 set_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
459 else
460 clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
461 }
333140b5
MH		 462}
463
eac83dc6
MH		 464static void hci_cc_write_sc_support(struct hci_dev *hdev, struct sk_buff *skb)
465{
466 u8 status = *((u8 *) skb->data);
467 struct hci_cp_write_sc_support *sent;
468
469 BT_DBG("%s status 0x%2.2x", hdev->name, status);
470
471 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SC_SUPPORT);
472 if (!sent)
473 return;
474
475 if (!status) {
476 if (sent->support)
477 hdev->features[1][0] |= LMP_HOST_SC;
478 else
479 hdev->features[1][0] &= ~LMP_HOST_SC;
480 }
481
482 if (test_bit(HCI_MGMT, &hdev->dev_flags))
483 mgmt_sc_enable_complete(hdev, sent->support, status);
484 else if (!status) {
485 if (sent->support)
486 set_bit(HCI_SC_ENABLED, &hdev->dev_flags);
487 else
488 clear_bit(HCI_SC_ENABLED, &hdev->dev_flags);
489 }
490}
491
a9de9248
MH		 492static void hci_cc_read_local_version(struct hci_dev *hdev, struct sk_buff *skb)
493{
494 struct hci_rp_read_local_version *rp = (void *) skb->data;
1143e5a6 495
9f1db00c 496 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1143e5a6 497
a9de9248 498 if (rp->status)
42c6b129 499 return;
1143e5a6 500
0d5551f5
MH		 501 if (test_bit(HCI_SETUP, &hdev->dev_flags)) {
502 hdev->hci_ver = rp->hci_ver;
503 hdev->hci_rev = __le16_to_cpu(rp->hci_rev);
504 hdev->lmp_ver = rp->lmp_ver;
505 hdev->manufacturer = __le16_to_cpu(rp->manufacturer);
506 hdev->lmp_subver = __le16_to_cpu(rp->lmp_subver);
507 }
d5859e22
JH		 508}
509
8fc9ced3
GP		 510static void hci_cc_read_local_commands(struct hci_dev *hdev,
511 struct sk_buff *skb)
a9de9248
MH		 512{
513 struct hci_rp_read_local_commands *rp = (void *) skb->data;
1da177e4 514
9f1db00c 515 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1da177e4 516
6a070e6e
MH		 517 if (rp->status)
518 return;
519
520 if (test_bit(HCI_SETUP, &hdev->dev_flags))
2177bab5 521 memcpy(hdev->commands, rp->commands, sizeof(hdev->commands));
a9de9248 522}
1da177e4 523
8fc9ced3
GP		 524static void hci_cc_read_local_features(struct hci_dev *hdev,
525 struct sk_buff *skb)
a9de9248
MH		 526{
527 struct hci_rp_read_local_features *rp = (void *) skb->data;
5b7f9909 528
9f1db00c 529 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1da177e4 530
a9de9248
MH		 531 if (rp->status)
532 return;
5b7f9909 533
a9de9248 534 memcpy(hdev->features, rp->features, 8);
5b7f9909 535
a9de9248
MH		 536 /* Adjust default settings according to features
537 * supported by device. */
1da177e4 538
cad718ed 539 if (hdev->features[0][0] & LMP_3SLOT)
a9de9248 540 hdev->pkt_type |= (HCI_DM3 | HCI_DH3);
1da177e4 541
cad718ed 542 if (hdev->features[0][0] & LMP_5SLOT)
a9de9248 543 hdev->pkt_type |= (HCI_DM5 | HCI_DH5);
1da177e4 544
cad718ed 545 if (hdev->features[0][1] & LMP_HV2) {
a9de9248
MH		 546 hdev->pkt_type |= (HCI_HV2);
547 hdev->esco_type |= (ESCO_HV2);
548 }
1da177e4 549
cad718ed 550 if (hdev->features[0][1] & LMP_HV3) {
a9de9248
MH		 551 hdev->pkt_type |= (HCI_HV3);
552 hdev->esco_type |= (ESCO_HV3);
553 }
1da177e4 554
45db810f 555 if (lmp_esco_capable(hdev))
a9de9248 556 hdev->esco_type |= (ESCO_EV3);
da1f5198 557
cad718ed 558 if (hdev->features[0][4] & LMP_EV4)
a9de9248 559 hdev->esco_type |= (ESCO_EV4);
da1f5198 560
cad718ed 561 if (hdev->features[0][4] & LMP_EV5)
a9de9248 562 hdev->esco_type |= (ESCO_EV5);
1da177e4 563
cad718ed 564 if (hdev->features[0][5] & LMP_EDR_ESCO_2M)
efc7688b
MH		 565 hdev->esco_type |= (ESCO_2EV3);
566
cad718ed 567 if (hdev->features[0][5] & LMP_EDR_ESCO_3M)
efc7688b
MH		 568 hdev->esco_type |= (ESCO_3EV3);
569
cad718ed 570 if (hdev->features[0][5] & LMP_EDR_3S_ESCO)
efc7688b 571 hdev->esco_type |= (ESCO_2EV5 | ESCO_3EV5);
a9de9248 572}
1da177e4 573
971e3a4b 574static void hci_cc_read_local_ext_features(struct hci_dev *hdev,
807deac2 575 struct sk_buff *skb)
971e3a4b
AG		 576{
577 struct hci_rp_read_local_ext_features *rp = (void *) skb->data;
578
9f1db00c 579 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
971e3a4b
AG		 580
581 if (rp->status)
42c6b129 582 return;
971e3a4b 583
57af75a8
MH		 584 if (hdev->max_page < rp->max_page)
585 hdev->max_page = rp->max_page;
d2c5d77f 586
cad718ed
JH		 587 if (rp->page < HCI_MAX_PAGES)
588 memcpy(hdev->features[rp->page], rp->features, 8);
971e3a4b
AG		 589}
590
1e89cffb 591static void hci_cc_read_flow_control_mode(struct hci_dev *hdev,
807deac2 592 struct sk_buff *skb)
1e89cffb
AE		 593{
594 struct hci_rp_read_flow_control_mode *rp = (void *) skb->data;
595
9f1db00c 596 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1e89cffb 597
42c6b129
JH		 598 if (!rp->status)
599 hdev->flow_ctl_mode = rp->mode;
1e89cffb
AE		 600}
601
a9de9248
MH		 602static void hci_cc_read_buffer_size(struct hci_dev *hdev, struct sk_buff *skb)
603{
604 struct hci_rp_read_buffer_size *rp = (void *) skb->data;
1da177e4 605
9f1db00c 606 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1da177e4 607
a9de9248
MH		 608 if (rp->status)
609 return;
1da177e4 610
a9de9248
MH		 611 hdev->acl_mtu = __le16_to_cpu(rp->acl_mtu);
612 hdev->sco_mtu = rp->sco_mtu;
613 hdev->acl_pkts = __le16_to_cpu(rp->acl_max_pkt);
614 hdev->sco_pkts = __le16_to_cpu(rp->sco_max_pkt);
615
616 if (test_bit(HCI_QUIRK_FIXUP_BUFFER_SIZE, &hdev->quirks)) {
617 hdev->sco_mtu = 64;
618 hdev->sco_pkts = 8;
1da177e4 619 }
a9de9248
MH		 620
621 hdev->acl_cnt = hdev->acl_pkts;
622 hdev->sco_cnt = hdev->sco_pkts;
623
807deac2
GP		 624 BT_DBG("%s acl mtu %d:%d sco mtu %d:%d", hdev->name, hdev->acl_mtu,
625 hdev->acl_pkts, hdev->sco_mtu, hdev->sco_pkts);
a9de9248
MH		 626}
627
628static void hci_cc_read_bd_addr(struct hci_dev *hdev, struct sk_buff *skb)
629{
630 struct hci_rp_read_bd_addr *rp = (void *) skb->data;
631
9f1db00c 632 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
a9de9248
MH		 633
634 if (!rp->status)
635 bacpy(&hdev->bdaddr, &rp->bdaddr);
23bb5763
JH		 636}
637
f332ec66
JH		 638static void hci_cc_read_page_scan_activity(struct hci_dev *hdev,
639 struct sk_buff *skb)
640{
641 struct hci_rp_read_page_scan_activity *rp = (void *) skb->data;
642
643 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
644
645 if (test_bit(HCI_INIT, &hdev->flags) && !rp->status) {
646 hdev->page_scan_interval = __le16_to_cpu(rp->interval);
647 hdev->page_scan_window = __le16_to_cpu(rp->window);
648 }
649}
650
4a3ee763
JH		 651static void hci_cc_write_page_scan_activity(struct hci_dev *hdev,
652 struct sk_buff *skb)
653{
654 u8 status = *((u8 *) skb->data);
655 struct hci_cp_write_page_scan_activity *sent;
656
657 BT_DBG("%s status 0x%2.2x", hdev->name, status);
658
659 if (status)
660 return;
661
662 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY);
663 if (!sent)
664 return;
665
666 hdev->page_scan_interval = __le16_to_cpu(sent->interval);
667 hdev->page_scan_window = __le16_to_cpu(sent->window);
668}
669
f332ec66
JH		 670static void hci_cc_read_page_scan_type(struct hci_dev *hdev,
671 struct sk_buff *skb)
672{
673 struct hci_rp_read_page_scan_type *rp = (void *) skb->data;
674
675 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
676
677 if (test_bit(HCI_INIT, &hdev->flags) && !rp->status)
678 hdev->page_scan_type = rp->type;
679}
680
4a3ee763
JH		 681static void hci_cc_write_page_scan_type(struct hci_dev *hdev,
682 struct sk_buff *skb)
683{
684 u8 status = *((u8 *) skb->data);
685 u8 *type;
686
687 BT_DBG("%s status 0x%2.2x", hdev->name, status);
688
689 if (status)
690 return;
691
692 type = hci_sent_cmd_data(hdev, HCI_OP_WRITE_PAGE_SCAN_TYPE);
693 if (type)
694 hdev->page_scan_type = *type;
695}
696
350ee4cf 697static void hci_cc_read_data_block_size(struct hci_dev *hdev,
807deac2 698 struct sk_buff *skb)
350ee4cf
AE		 699{
700 struct hci_rp_read_data_block_size *rp = (void *) skb->data;
701
9f1db00c 702 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
350ee4cf
AE		 703
704 if (rp->status)
705 return;
706
707 hdev->block_mtu = __le16_to_cpu(rp->max_acl_len);
708 hdev->block_len = __le16_to_cpu(rp->block_len);
709 hdev->num_blocks = __le16_to_cpu(rp->num_blocks);
710
711 hdev->block_cnt = hdev->num_blocks;
712
713 BT_DBG("%s blk mtu %d cnt %d len %d", hdev->name, hdev->block_mtu,
807deac2 714 hdev->block_cnt, hdev->block_len);
350ee4cf
AE		 715}
716
928abaa7 717static void hci_cc_read_local_amp_info(struct hci_dev *hdev,
807deac2 718 struct sk_buff *skb)
928abaa7
AE		 719{
720 struct hci_rp_read_local_amp_info *rp = (void *) skb->data;
721
9f1db00c 722 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
928abaa7
AE		 723
724 if (rp->status)
8e2a0d92 725 goto a2mp_rsp;
928abaa7
AE		 726
727 hdev->amp_status = rp->amp_status;
728 hdev->amp_total_bw = __le32_to_cpu(rp->total_bw);
729 hdev->amp_max_bw = __le32_to_cpu(rp->max_bw);
730 hdev->amp_min_latency = __le32_to_cpu(rp->min_latency);
731 hdev->amp_max_pdu = __le32_to_cpu(rp->max_pdu);
732 hdev->amp_type = rp->amp_type;
733 hdev->amp_pal_cap = __le16_to_cpu(rp->pal_cap);
734 hdev->amp_assoc_size = __le16_to_cpu(rp->max_assoc_size);
735 hdev->amp_be_flush_to = __le32_to_cpu(rp->be_flush_to);
736 hdev->amp_max_flush_to = __le32_to_cpu(rp->max_flush_to);
737
8e2a0d92
AE		 738a2mp_rsp:
739 a2mp_send_getinfo_rsp(hdev);
928abaa7
AE		 740}
741
903e4541
AE		 742static void hci_cc_read_local_amp_assoc(struct hci_dev *hdev,
743 struct sk_buff *skb)
744{
745 struct hci_rp_read_local_amp_assoc *rp = (void *) skb->data;
746 struct amp_assoc *assoc = &hdev->loc_assoc;
747 size_t rem_len, frag_len;
748
749 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
750
751 if (rp->status)
752 goto a2mp_rsp;
753
754 frag_len = skb->len - sizeof(*rp);
755 rem_len = __le16_to_cpu(rp->rem_len);
756
757 if (rem_len > frag_len) {
2e430be3 758 BT_DBG("frag_len %zu rem_len %zu", frag_len, rem_len);
903e4541
AE		 759
760 memcpy(assoc->data + assoc->offset, rp->frag, frag_len);
761 assoc->offset += frag_len;
762
763 /* Read other fragments */
764 amp_read_loc_assoc_frag(hdev, rp->phy_handle);
765
766 return;
767 }
768
769 memcpy(assoc->data + assoc->offset, rp->frag, rem_len);
770 assoc->len = assoc->offset + rem_len;
771 assoc->offset = 0;
772
773a2mp_rsp:
774 /* Send A2MP Rsp when all fragments are received */
775 a2mp_send_getampassoc_rsp(hdev, rp->status);
9495b2ee 776 a2mp_send_create_phy_link_req(hdev, rp->status);
903e4541
AE		 777}
778
d5859e22 779static void hci_cc_read_inq_rsp_tx_power(struct hci_dev *hdev,
807deac2 780 struct sk_buff *skb)
d5859e22 781{
91c4e9b1 782 struct hci_rp_read_inq_rsp_tx_power *rp = (void *) skb->data;
d5859e22 783
9f1db00c 784 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
91c4e9b1
MH		 785
786 if (!rp->status)
787 hdev->inq_tx_power = rp->tx_power;
d5859e22
JH		 788}
789
980e1a53
JH		 790static void hci_cc_pin_code_reply(struct hci_dev *hdev, struct sk_buff *skb)
791{
792 struct hci_rp_pin_code_reply *rp = (void *) skb->data;
793 struct hci_cp_pin_code_reply *cp;
794 struct hci_conn *conn;
795
9f1db00c 796 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
980e1a53 797
56e5cb86
JH		 798 hci_dev_lock(hdev);
799
a8b2d5c2 800 if (test_bit(HCI_MGMT, &hdev->dev_flags))
744cf19e 801 mgmt_pin_code_reply_complete(hdev, &rp->bdaddr, rp->status);
980e1a53 802
fa1bd918 803 if (rp->status)
56e5cb86 804 goto unlock;
980e1a53
JH		 805
806 cp = hci_sent_cmd_data(hdev, HCI_OP_PIN_CODE_REPLY);
807 if (!cp)
56e5cb86 808 goto unlock;
980e1a53
JH		 809
810 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
811 if (conn)
812 conn->pin_length = cp->pin_len;
56e5cb86
JH		 813
814unlock:
815 hci_dev_unlock(hdev);
980e1a53
JH		 816}
817
818static void hci_cc_pin_code_neg_reply(struct hci_dev *hdev, struct sk_buff *skb)
819{
820 struct hci_rp_pin_code_neg_reply *rp = (void *) skb->data;
821
9f1db00c 822 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
980e1a53 823
56e5cb86
JH		 824 hci_dev_lock(hdev);
825
a8b2d5c2 826 if (test_bit(HCI_MGMT, &hdev->dev_flags))
744cf19e 827 mgmt_pin_code_neg_reply_complete(hdev, &rp->bdaddr,
807deac2 828 rp->status);
56e5cb86
JH		 829
830 hci_dev_unlock(hdev);
980e1a53 831}
56e5cb86 832
6ed58ec5
VT		 833static void hci_cc_le_read_buffer_size(struct hci_dev *hdev,
834 struct sk_buff *skb)
835{
836 struct hci_rp_le_read_buffer_size *rp = (void *) skb->data;
837
9f1db00c 838 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
6ed58ec5
VT		 839
840 if (rp->status)
841 return;
842
843 hdev->le_mtu = __le16_to_cpu(rp->le_mtu);
844 hdev->le_pkts = rp->le_max_pkt;
845
846 hdev->le_cnt = hdev->le_pkts;
847
848 BT_DBG("%s le mtu %d:%d", hdev->name, hdev->le_mtu, hdev->le_pkts);
6ed58ec5 849}
980e1a53 850
60e77321
JH		 851static void hci_cc_le_read_local_features(struct hci_dev *hdev,
852 struct sk_buff *skb)
853{
854 struct hci_rp_le_read_local_features *rp = (void *) skb->data;
855
856 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
857
858 if (!rp->status)
859 memcpy(hdev->le_features, rp->features, 8);
60e77321
JH		 860}
861
8fa19098
JH		 862static void hci_cc_le_read_adv_tx_power(struct hci_dev *hdev,
863 struct sk_buff *skb)
864{
865 struct hci_rp_le_read_adv_tx_power *rp = (void *) skb->data;
866
867 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
868
04b4edcb 869 if (!rp->status)
8fa19098 870 hdev->adv_tx_power = rp->tx_power;
8fa19098
JH		 871}
872
a5c29683
JH		 873static void hci_cc_user_confirm_reply(struct hci_dev *hdev, struct sk_buff *skb)
874{
875 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
876
9f1db00c 877 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
a5c29683 878
56e5cb86
JH		 879 hci_dev_lock(hdev);
880
a8b2d5c2 881 if (test_bit(HCI_MGMT, &hdev->dev_flags))
04124681
GP		 882 mgmt_user_confirm_reply_complete(hdev, &rp->bdaddr, ACL_LINK, 0,
883 rp->status);
56e5cb86
JH		 884
885 hci_dev_unlock(hdev);
a5c29683
JH		 886}
887
888static void hci_cc_user_confirm_neg_reply(struct hci_dev *hdev,
807deac2 889 struct sk_buff *skb)
a5c29683
JH		 890{
891 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
892
9f1db00c 893 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
a5c29683 894
56e5cb86
JH		 895 hci_dev_lock(hdev);
896
a8b2d5c2 897 if (test_bit(HCI_MGMT, &hdev->dev_flags))
744cf19e 898 mgmt_user_confirm_neg_reply_complete(hdev, &rp->bdaddr,
04124681 899 ACL_LINK, 0, rp->status);
56e5cb86
JH		 900
901 hci_dev_unlock(hdev);
a5c29683
JH		 902}
903
1143d458
BG		 904static void hci_cc_user_passkey_reply(struct hci_dev *hdev, struct sk_buff *skb)
905{
906 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
907
9f1db00c 908 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1143d458
BG		 909
910 hci_dev_lock(hdev);
911
a8b2d5c2 912 if (test_bit(HCI_MGMT, &hdev->dev_flags))
272d90df 913 mgmt_user_passkey_reply_complete(hdev, &rp->bdaddr, ACL_LINK,
04124681 914 0, rp->status);
1143d458
BG		 915
916 hci_dev_unlock(hdev);
917}
918
919static void hci_cc_user_passkey_neg_reply(struct hci_dev *hdev,
807deac2 920 struct sk_buff *skb)
1143d458
BG		 921{
922 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
923
9f1db00c 924 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1143d458
BG		 925
926 hci_dev_lock(hdev);
927
a8b2d5c2 928 if (test_bit(HCI_MGMT, &hdev->dev_flags))
1143d458 929 mgmt_user_passkey_neg_reply_complete(hdev, &rp->bdaddr,
04124681 930 ACL_LINK, 0, rp->status);
1143d458
BG		 931
932 hci_dev_unlock(hdev);
933}
934
4d2d2796
MH		 935static void hci_cc_read_local_oob_data(struct hci_dev *hdev,
936 struct sk_buff *skb)
c35938b2
SJ		 937{
938 struct hci_rp_read_local_oob_data *rp = (void *) skb->data;
939
9f1db00c 940 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
c35938b2 941
56e5cb86 942 hci_dev_lock(hdev);
4d2d2796
MH		 943 mgmt_read_local_oob_data_complete(hdev, rp->hash, rp->randomizer,
944 NULL, NULL, rp->status);
945 hci_dev_unlock(hdev);
946}
947
948static void hci_cc_read_local_oob_ext_data(struct hci_dev *hdev,
949 struct sk_buff *skb)
950{
951 struct hci_rp_read_local_oob_ext_data *rp = (void *) skb->data;
952
953 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
954
955 hci_dev_lock(hdev);
956 mgmt_read_local_oob_data_complete(hdev, rp->hash192, rp->randomizer192,
957 rp->hash256, rp->randomizer256,
958 rp->status);
56e5cb86 959 hci_dev_unlock(hdev);
c35938b2
SJ		 960}
961
7a4cd51d
MH		 962
963static void hci_cc_le_set_random_addr(struct hci_dev *hdev, struct sk_buff *skb)
964{
965 __u8 status = *((__u8 *) skb->data);
966 bdaddr_t *sent;
967
968 BT_DBG("%s status 0x%2.2x", hdev->name, status);
969
970 sent = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_RANDOM_ADDR);
971 if (!sent)
972 return;
973
974 hci_dev_lock(hdev);
975
976 if (!status)
977 bacpy(&hdev->random_addr, sent);
978
979 hci_dev_unlock(hdev);
980}
981
c1d5dc4a
JH		 982static void hci_cc_le_set_adv_enable(struct hci_dev *hdev, struct sk_buff *skb)
983{
984 __u8 *sent, status = *((__u8 *) skb->data);
985
986 BT_DBG("%s status 0x%2.2x", hdev->name, status);
987
988 sent = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_ADV_ENABLE);
989 if (!sent)
990 return;
991
992 hci_dev_lock(hdev);
993
778b235a
JH		 994 if (!status)
995 mgmt_advertising(hdev, *sent);
c1d5dc4a 996
04b4edcb 997 hci_dev_unlock(hdev);
c1d5dc4a
JH		 998}
999
eb9d91f5 1000static void hci_cc_le_set_scan_enable(struct hci_dev *hdev,
807deac2 1001 struct sk_buff *skb)
eb9d91f5
AG		 1002{
1003 struct hci_cp_le_set_scan_enable *cp;
1004 __u8 status = *((__u8 *) skb->data);
1005
9f1db00c 1006 BT_DBG("%s status 0x%2.2x", hdev->name, status);
eb9d91f5 1007
eb9d91f5
AG		 1008 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_SCAN_ENABLE);
1009 if (!cp)
1010 return;
1011
3fd319b8
AG		 1012 if (status)
1013 return;
1014
68a8aea4 1015 switch (cp->enable) {
76a388be 1016 case LE_SCAN_ENABLE:
d23264a8 1017 set_bit(HCI_LE_SCAN, &hdev->dev_flags);
68a8aea4
AE		 1018 break;
1019
76a388be 1020 case LE_SCAN_DISABLE:
d23264a8 1021 clear_bit(HCI_LE_SCAN, &hdev->dev_flags);
68a8aea4
AE		 1022 break;
1023
1024 default:
1025 BT_ERR("Used reserved LE_Scan_Enable param %d", cp->enable);
1026 break;
35815085 1027 }
eb9d91f5
AG		 1028}
1029
cf1d081f
JH		 1030static void hci_cc_le_read_white_list_size(struct hci_dev *hdev,
1031 struct sk_buff *skb)
1032{
1033 struct hci_rp_le_read_white_list_size *rp = (void *) skb->data;
1034
1035 BT_DBG("%s status 0x%2.2x size %u", hdev->name, rp->status, rp->size);
1036
1037 if (!rp->status)
1038 hdev->le_white_list_size = rp->size;
cf1d081f
JH		 1039}
1040
0f36b589
MH		 1041static void hci_cc_le_clear_white_list(struct hci_dev *hdev,
1042 struct sk_buff *skb)
1043{
1044 __u8 status = *((__u8 *) skb->data);
1045
1046 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1047
1048 if (!status)
1049 hci_white_list_clear(hdev);
1050}
1051
1052static void hci_cc_le_add_to_white_list(struct hci_dev *hdev,
1053 struct sk_buff *skb)
1054{
1055 struct hci_cp_le_add_to_white_list *sent;
1056 __u8 status = *((__u8 *) skb->data);
1057
1058 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1059
1060 sent = hci_sent_cmd_data(hdev, HCI_OP_LE_ADD_TO_WHITE_LIST);
1061 if (!sent)
1062 return;
1063
1064 if (!status)
1065 hci_white_list_add(hdev, &sent->bdaddr, sent->bdaddr_type);
1066}
1067
1068static void hci_cc_le_del_from_white_list(struct hci_dev *hdev,
1069 struct sk_buff *skb)
1070{
1071 struct hci_cp_le_del_from_white_list *sent;
1072 __u8 status = *((__u8 *) skb->data);
1073
1074 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1075
1076 sent = hci_sent_cmd_data(hdev, HCI_OP_LE_DEL_FROM_WHITE_LIST);
1077 if (!sent)
1078 return;
1079
1080 if (!status)
1081 hci_white_list_del(hdev, &sent->bdaddr, sent->bdaddr_type);
1082}
1083
9b008c04
JH		 1084static void hci_cc_le_read_supported_states(struct hci_dev *hdev,
1085 struct sk_buff *skb)
1086{
1087 struct hci_rp_le_read_supported_states *rp = (void *) skb->data;
1088
1089 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1090
1091 if (!rp->status)
1092 memcpy(hdev->le_states, rp->le_states, 8);
9b008c04
JH		 1093}
1094
6039aa73
GP		 1095static void hci_cc_write_le_host_supported(struct hci_dev *hdev,
1096 struct sk_buff *skb)
f9b49306 1097{
06199cf8 1098 struct hci_cp_write_le_host_supported *sent;
f9b49306
AG		 1099 __u8 status = *((__u8 *) skb->data);
1100
9f1db00c 1101 BT_DBG("%s status 0x%2.2x", hdev->name, status);
f9b49306 1102
06199cf8 1103 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED);
8f984dfa 1104 if (!sent)
f9b49306
AG		 1105 return;
1106
8f984dfa 1107 if (!status) {
416a4ae5 1108 if (sent->le) {
cad718ed 1109 hdev->features[1][0] |= LMP_HOST_LE;
416a4ae5
JH		 1110 set_bit(HCI_LE_ENABLED, &hdev->dev_flags);
1111 } else {
cad718ed 1112 hdev->features[1][0] &= ~LMP_HOST_LE;
416a4ae5 1113 clear_bit(HCI_LE_ENABLED, &hdev->dev_flags);
f3d3444a 1114 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
416a4ae5 1115 }
53b2caab
JH		 1116
1117 if (sent->simul)
cad718ed 1118 hdev->features[1][0] |= LMP_HOST_LE_BREDR;
53b2caab 1119 else
cad718ed 1120 hdev->features[1][0] &= ~LMP_HOST_LE_BREDR;
8f984dfa 1121 }
f9b49306
AG		 1122}
1123
56ed2cb8
JH		 1124static void hci_cc_set_adv_param(struct hci_dev *hdev, struct sk_buff *skb)
1125{
1126 struct hci_cp_le_set_adv_param *cp;
1127 u8 status = *((u8 *) skb->data);
1128
1129 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1130
1131 if (status)
1132 return;
1133
1134 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_ADV_PARAM);
1135 if (!cp)
1136 return;
1137
1138 hci_dev_lock(hdev);
1139 hdev->adv_addr_type = cp->own_address_type;
1140 hci_dev_unlock(hdev);
1141}
1142
93c284ee
AE		 1143static void hci_cc_write_remote_amp_assoc(struct hci_dev *hdev,
1144 struct sk_buff *skb)
1145{
1146 struct hci_rp_write_remote_amp_assoc *rp = (void *) skb->data;
1147
1148 BT_DBG("%s status 0x%2.2x phy_handle 0x%2.2x",
1149 hdev->name, rp->status, rp->phy_handle);
1150
1151 if (rp->status)
1152 return;
1153
1154 amp_write_rem_assoc_continue(hdev, rp->phy_handle);
1155}
1156
6039aa73 1157static void hci_cs_inquiry(struct hci_dev *hdev, __u8 status)
a9de9248 1158{
9f1db00c 1159 BT_DBG("%s status 0x%2.2x", hdev->name, status);
a9de9248
MH		 1160
1161 if (status) {
a9de9248 1162 hci_conn_check_pending(hdev);
314b2381
JH		 1163 return;
1164 }
1165
89352e7d 1166 set_bit(HCI_INQUIRY, &hdev->flags);
1da177e4
LT		 1167}
1168
6039aa73 1169static void hci_cs_create_conn(struct hci_dev *hdev, __u8 status)
1da177e4 1170{
a9de9248 1171 struct hci_cp_create_conn *cp;
1da177e4 1172 struct hci_conn *conn;
1da177e4 1173
9f1db00c 1174 BT_DBG("%s status 0x%2.2x", hdev->name, status);
a9de9248
MH		 1175
1176 cp = hci_sent_cmd_data(hdev, HCI_OP_CREATE_CONN);
1da177e4
LT		 1177 if (!cp)
1178 return;
1179
1180 hci_dev_lock(hdev);
1181
1182 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1183
6ed93dc6 1184 BT_DBG("%s bdaddr %pMR hcon %p", hdev->name, &cp->bdaddr, conn);
1da177e4
LT		 1185
1186 if (status) {
1187 if (conn && conn->state == BT_CONNECT) {
4c67bc74
MH		 1188 if (status != 0x0c || conn->attempt > 2) {
1189 conn->state = BT_CLOSED;
1190 hci_proto_connect_cfm(conn, status);
1191 hci_conn_del(conn);
1192 } else
1193 conn->state = BT_CONNECT2;
1da177e4
LT		 1194 }
1195 } else {
1196 if (!conn) {
1197 conn = hci_conn_add(hdev, ACL_LINK, &cp->bdaddr);
1198 if (conn) {
a0c808b3 1199 conn->out = true;
1da177e4
LT		 1200 conn->link_mode |= HCI_LM_MASTER;
1201 } else
893ef971 1202 BT_ERR("No memory for new connection");
1da177e4
LT		 1203 }
1204 }
1205
1206 hci_dev_unlock(hdev);
1207}
1208
a9de9248 1209static void hci_cs_add_sco(struct hci_dev *hdev, __u8 status)
1da177e4 1210{
a9de9248
MH		 1211 struct hci_cp_add_sco *cp;
1212 struct hci_conn *acl, *sco;
1213 __u16 handle;
1da177e4 1214
9f1db00c 1215 BT_DBG("%s status 0x%2.2x", hdev->name, status);
b6a0dc82 1216
a9de9248
MH		 1217 if (!status)
1218 return;
1da177e4 1219
a9de9248
MH		 1220 cp = hci_sent_cmd_data(hdev, HCI_OP_ADD_SCO);
1221 if (!cp)
1222 return;
1da177e4 1223
a9de9248 1224 handle = __le16_to_cpu(cp->handle);
1da177e4 1225
9f1db00c 1226 BT_DBG("%s handle 0x%4.4x", hdev->name, handle);
1da177e4 1227
a9de9248 1228 hci_dev_lock(hdev);
1da177e4 1229
a9de9248 1230 acl = hci_conn_hash_lookup_handle(hdev, handle);
5a08ecce
AE		 1231 if (acl) {
1232 sco = acl->link;
1233 if (sco) {
1234 sco->state = BT_CLOSED;
1da177e4 1235
5a08ecce
AE		 1236 hci_proto_connect_cfm(sco, status);
1237 hci_conn_del(sco);
1238 }
a9de9248 1239 }
1da177e4 1240
a9de9248
MH		 1241 hci_dev_unlock(hdev);
1242}
1da177e4 1243
f8558555
MH		 1244static void hci_cs_auth_requested(struct hci_dev *hdev, __u8 status)
1245{
1246 struct hci_cp_auth_requested *cp;
1247 struct hci_conn *conn;
1248
9f1db00c 1249 BT_DBG("%s status 0x%2.2x", hdev->name, status);
f8558555
MH		 1250
1251 if (!status)
1252 return;
1253
1254 cp = hci_sent_cmd_data(hdev, HCI_OP_AUTH_REQUESTED);
1255 if (!cp)
1256 return;
1257
1258 hci_dev_lock(hdev);
1259
1260 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1261 if (conn) {
1262 if (conn->state == BT_CONFIG) {
1263 hci_proto_connect_cfm(conn, status);
76a68ba0 1264 hci_conn_drop(conn);
f8558555
MH		 1265 }
1266 }
1267
1268 hci_dev_unlock(hdev);
1269}
1270
1271static void hci_cs_set_conn_encrypt(struct hci_dev *hdev, __u8 status)
1272{
1273 struct hci_cp_set_conn_encrypt *cp;
1274 struct hci_conn *conn;
1275
9f1db00c 1276 BT_DBG("%s status 0x%2.2x", hdev->name, status);
f8558555
MH		 1277
1278 if (!status)
1279 return;
1280
1281 cp = hci_sent_cmd_data(hdev, HCI_OP_SET_CONN_ENCRYPT);
1282 if (!cp)
1283 return;
1284
1285 hci_dev_lock(hdev);
1286
1287 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1288 if (conn) {
1289 if (conn->state == BT_CONFIG) {
1290 hci_proto_connect_cfm(conn, status);
76a68ba0 1291 hci_conn_drop(conn);
f8558555
MH		 1292 }
1293 }
1294
1295 hci_dev_unlock(hdev);
1296}
1297
127178d2 1298static int hci_outgoing_auth_needed(struct hci_dev *hdev,
807deac2 1299 struct hci_conn *conn)
392599b9 1300{
392599b9
JH		 1301 if (conn->state != BT_CONFIG || !conn->out)
1302 return 0;
1303
765c2a96 1304 if (conn->pending_sec_level == BT_SECURITY_SDP)
392599b9
JH		 1305 return 0;
1306
1307 /* Only request authentication for SSP connections or non-SSP
264b8b4e
JH		 1308 * devices with sec_level MEDIUM or HIGH or if MITM protection
1309 * is requested.
1310 */
807deac2 1311 if (!hci_conn_ssp_enabled(conn) && !(conn->auth_type & 0x01) &&
264b8b4e
JH		 1312 conn->pending_sec_level != BT_SECURITY_HIGH &&
1313 conn->pending_sec_level != BT_SECURITY_MEDIUM)
392599b9
JH		 1314 return 0;
1315
392599b9
JH		 1316 return 1;
1317}
1318
6039aa73 1319static int hci_resolve_name(struct hci_dev *hdev,
04124681 1320 struct inquiry_entry *e)
30dc78e1
JH		 1321{
1322 struct hci_cp_remote_name_req cp;
1323
1324 memset(&cp, 0, sizeof(cp));
1325
1326 bacpy(&cp.bdaddr, &e->data.bdaddr);
1327 cp.pscan_rep_mode = e->data.pscan_rep_mode;
1328 cp.pscan_mode = e->data.pscan_mode;
1329 cp.clock_offset = e->data.clock_offset;
1330
1331 return hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
1332}
1333
b644ba33 1334static bool hci_resolve_next_name(struct hci_dev *hdev)
30dc78e1
JH		 1335{
1336 struct discovery_state *discov = &hdev->discovery;
1337 struct inquiry_entry *e;
1338
b644ba33
JH		 1339 if (list_empty(&discov->resolve))
1340 return false;
1341
1342 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_NEEDED);
c810089c
RM		 1343 if (!e)
1344 return false;
1345
b644ba33
JH		 1346 if (hci_resolve_name(hdev, e) == 0) {
1347 e->name_state = NAME_PENDING;
1348 return true;
1349 }
1350
1351 return false;
1352}
1353
1354static void hci_check_pending_name(struct hci_dev *hdev, struct hci_conn *conn,
04124681 1355 bdaddr_t *bdaddr, u8 *name, u8 name_len)
b644ba33
JH		 1356{
1357 struct discovery_state *discov = &hdev->discovery;
1358 struct inquiry_entry *e;
1359
1360 if (conn && !test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
04124681
GP		 1361 mgmt_device_connected(hdev, bdaddr, ACL_LINK, 0x00, 0, name,
1362 name_len, conn->dev_class);
b644ba33
JH		 1363
1364 if (discov->state == DISCOVERY_STOPPED)
1365 return;
1366
30dc78e1
JH		 1367 if (discov->state == DISCOVERY_STOPPING)
1368 goto discov_complete;
1369
1370 if (discov->state != DISCOVERY_RESOLVING)
1371 return;
1372
1373 e = hci_inquiry_cache_lookup_resolve(hdev, bdaddr, NAME_PENDING);
7cc8380e
RM		 1374 /* If the device was not found in a list of found devices names of which
1375 * are pending. there is no need to continue resolving a next name as it
1376 * will be done upon receiving another Remote Name Request Complete
1377 * Event */
1378 if (!e)
1379 return;
1380
1381 list_del(&e->list);
1382 if (name) {
30dc78e1 1383 e->name_state = NAME_KNOWN;
7cc8380e
RM		 1384 mgmt_remote_name(hdev, bdaddr, ACL_LINK, 0x00,
1385 e->data.rssi, name, name_len);
c3e7c0d9
RM		 1386 } else {
1387 e->name_state = NAME_NOT_KNOWN;
30dc78e1
JH		 1388 }
1389
b644ba33 1390 if (hci_resolve_next_name(hdev))
30dc78e1 1391 return;
30dc78e1
JH		 1392
1393discov_complete:
1394 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1395}
1396
a9de9248
MH		 1397static void hci_cs_remote_name_req(struct hci_dev *hdev, __u8 status)
1398{
127178d2
JH		 1399 struct hci_cp_remote_name_req *cp;
1400 struct hci_conn *conn;
1401
9f1db00c 1402 BT_DBG("%s status 0x%2.2x", hdev->name, status);
127178d2
JH		 1403
1404 /* If successful wait for the name req complete event before
1405 * checking for the need to do authentication */
1406 if (!status)
1407 return;
1408
1409 cp = hci_sent_cmd_data(hdev, HCI_OP_REMOTE_NAME_REQ);
1410 if (!cp)
1411 return;
1412
1413 hci_dev_lock(hdev);
1414
b644ba33
JH		 1415 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1416
a8b2d5c2 1417 if (test_bit(HCI_MGMT, &hdev->dev_flags))
b644ba33 1418 hci_check_pending_name(hdev, conn, &cp->bdaddr, NULL, 0);
30dc78e1 1419
79c6c70c
JH		 1420 if (!conn)
1421 goto unlock;
1422
1423 if (!hci_outgoing_auth_needed(hdev, conn))
1424 goto unlock;
1425
51a8efd7 1426 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
c1f23a2b
JB		 1427 struct hci_cp_auth_requested auth_cp;
1428
1429 auth_cp.handle = __cpu_to_le16(conn->handle);
1430 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED,
1431 sizeof(auth_cp), &auth_cp);
127178d2
JH		 1432 }
1433
79c6c70c 1434unlock:
127178d2 1435 hci_dev_unlock(hdev);
a9de9248 1436}
1da177e4 1437
769be974
MH		 1438static void hci_cs_read_remote_features(struct hci_dev *hdev, __u8 status)
1439{
1440 struct hci_cp_read_remote_features *cp;
1441 struct hci_conn *conn;
1442
9f1db00c 1443 BT_DBG("%s status 0x%2.2x", hdev->name, status);
769be974
MH		 1444
1445 if (!status)
1446 return;
1447
1448 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_FEATURES);
1449 if (!cp)
1450 return;
1451
1452 hci_dev_lock(hdev);
1453
1454 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1455 if (conn) {
1456 if (conn->state == BT_CONFIG) {
769be974 1457 hci_proto_connect_cfm(conn, status);
76a68ba0 1458 hci_conn_drop(conn);
769be974
MH		 1459 }
1460 }
1461
1462 hci_dev_unlock(hdev);
1463}
1464
1465static void hci_cs_read_remote_ext_features(struct hci_dev *hdev, __u8 status)
1466{
1467 struct hci_cp_read_remote_ext_features *cp;
1468 struct hci_conn *conn;
1469
9f1db00c 1470 BT_DBG("%s status 0x%2.2x", hdev->name, status);
769be974
MH		 1471
1472 if (!status)
1473 return;
1474
1475 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES);
1476 if (!cp)
1477 return;
1478
1479 hci_dev_lock(hdev);
1480
1481 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1482 if (conn) {
1483 if (conn->state == BT_CONFIG) {
769be974 1484 hci_proto_connect_cfm(conn, status);
76a68ba0 1485 hci_conn_drop(conn);
769be974
MH		 1486 }
1487 }
1488
1489 hci_dev_unlock(hdev);
1490}
1491
a9de9248
MH		 1492static void hci_cs_setup_sync_conn(struct hci_dev *hdev, __u8 status)
1493{
b6a0dc82
MH		 1494 struct hci_cp_setup_sync_conn *cp;
1495 struct hci_conn *acl, *sco;
1496 __u16 handle;
1497
9f1db00c 1498 BT_DBG("%s status 0x%2.2x", hdev->name, status);
b6a0dc82
MH		 1499
1500 if (!status)
1501 return;
1502
1503 cp = hci_sent_cmd_data(hdev, HCI_OP_SETUP_SYNC_CONN);
1504 if (!cp)
1505 return;
1506
1507 handle = __le16_to_cpu(cp->handle);
1508
9f1db00c 1509 BT_DBG("%s handle 0x%4.4x", hdev->name, handle);
b6a0dc82
MH		 1510
1511 hci_dev_lock(hdev);
1512
1513 acl = hci_conn_hash_lookup_handle(hdev, handle);
5a08ecce
AE		 1514 if (acl) {
1515 sco = acl->link;
1516 if (sco) {
1517 sco->state = BT_CLOSED;
b6a0dc82 1518
5a08ecce
AE		 1519 hci_proto_connect_cfm(sco, status);
1520 hci_conn_del(sco);
1521 }
b6a0dc82
MH		 1522 }
1523
1524 hci_dev_unlock(hdev);
1da177e4
LT		 1525}
1526
a9de9248 1527static void hci_cs_sniff_mode(struct hci_dev *hdev, __u8 status)
1da177e4 1528{
a9de9248
MH		 1529 struct hci_cp_sniff_mode *cp;
1530 struct hci_conn *conn;
1da177e4 1531
9f1db00c 1532 BT_DBG("%s status 0x%2.2x", hdev->name, status);
04837f64 1533
a9de9248
MH		 1534 if (!status)
1535 return;
04837f64 1536
a9de9248
MH		 1537 cp = hci_sent_cmd_data(hdev, HCI_OP_SNIFF_MODE);
1538 if (!cp)
1539 return;
04837f64 1540
a9de9248 1541 hci_dev_lock(hdev);
04837f64 1542
a9de9248 1543 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
e73439d8 1544 if (conn) {
51a8efd7 1545 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags);
04837f64 1546
51a8efd7 1547 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
e73439d8
MH		 1548 hci_sco_setup(conn, status);
1549 }
1550
a9de9248
MH		 1551 hci_dev_unlock(hdev);
1552}
04837f64 1553
a9de9248
MH		 1554static void hci_cs_exit_sniff_mode(struct hci_dev *hdev, __u8 status)
1555{
1556 struct hci_cp_exit_sniff_mode *cp;
1557 struct hci_conn *conn;
04837f64 1558
9f1db00c 1559 BT_DBG("%s status 0x%2.2x", hdev->name, status);
04837f64 1560
a9de9248
MH		 1561 if (!status)
1562 return;
04837f64 1563
a9de9248
MH		 1564 cp = hci_sent_cmd_data(hdev, HCI_OP_EXIT_SNIFF_MODE);
1565 if (!cp)
1566 return;
04837f64 1567
a9de9248 1568 hci_dev_lock(hdev);
1da177e4 1569
a9de9248 1570 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
e73439d8 1571 if (conn) {
51a8efd7 1572 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags);
1da177e4 1573
51a8efd7 1574 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
e73439d8
MH		 1575 hci_sco_setup(conn, status);
1576 }
1577
a9de9248 1578 hci_dev_unlock(hdev);
1da177e4
LT		 1579}
1580
88c3df13
JH		 1581static void hci_cs_disconnect(struct hci_dev *hdev, u8 status)
1582{
1583 struct hci_cp_disconnect *cp;
1584 struct hci_conn *conn;
1585
1586 if (!status)
1587 return;
1588
1589 cp = hci_sent_cmd_data(hdev, HCI_OP_DISCONNECT);
1590 if (!cp)
1591 return;
1592
1593 hci_dev_lock(hdev);
1594
1595 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1596 if (conn)
1597 mgmt_disconnect_failed(hdev, &conn->dst, conn->type,
04124681 1598 conn->dst_type, status);
88c3df13
JH		 1599
1600 hci_dev_unlock(hdev);
1601}
1602
a02226d6
AE		 1603static void hci_cs_create_phylink(struct hci_dev *hdev, u8 status)
1604{
93c284ee
AE		 1605 struct hci_cp_create_phy_link *cp;
1606
a02226d6 1607 BT_DBG("%s status 0x%2.2x", hdev->name, status);
93c284ee 1608
93c284ee
AE		 1609 cp = hci_sent_cmd_data(hdev, HCI_OP_CREATE_PHY_LINK);
1610 if (!cp)
1611 return;
1612
e58917b9
AE		 1613 hci_dev_lock(hdev);
1614
1615 if (status) {
1616 struct hci_conn *hcon;
1617
1618 hcon = hci_conn_hash_lookup_handle(hdev, cp->phy_handle);
1619 if (hcon)
1620 hci_conn_del(hcon);
1621 } else {
1622 amp_write_remote_assoc(hdev, cp->phy_handle);
1623 }
1624
1625 hci_dev_unlock(hdev);
a02226d6
AE		 1626}
1627
0b26ab9d
AE		 1628static void hci_cs_accept_phylink(struct hci_dev *hdev, u8 status)
1629{
1630 struct hci_cp_accept_phy_link *cp;
1631
1632 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1633
1634 if (status)
1635 return;
1636
1637 cp = hci_sent_cmd_data(hdev, HCI_OP_ACCEPT_PHY_LINK);
1638 if (!cp)
1639 return;
1640
1641 amp_write_remote_assoc(hdev, cp->phy_handle);
1642}
1643
6039aa73 1644static void hci_inquiry_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4
LT		 1645{
1646 __u8 status = *((__u8 *) skb->data);
30dc78e1
JH		 1647 struct discovery_state *discov = &hdev->discovery;
1648 struct inquiry_entry *e;
1da177e4 1649
9f1db00c 1650 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1da177e4 1651
a9de9248 1652 hci_conn_check_pending(hdev);
89352e7d
AG		 1653
1654 if (!test_and_clear_bit(HCI_INQUIRY, &hdev->flags))
1655 return;
1656
3e13fa1e
AG		 1657 smp_mb__after_clear_bit(); /* wake_up_bit advises about this barrier */
1658 wake_up_bit(&hdev->flags, HCI_INQUIRY);
1659
a8b2d5c2 1660 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
30dc78e1
JH		 1661 return;
1662
56e5cb86 1663 hci_dev_lock(hdev);
30dc78e1 1664
343f935b 1665 if (discov->state != DISCOVERY_FINDING)
30dc78e1
JH		 1666 goto unlock;
1667
1668 if (list_empty(&discov->resolve)) {
1669 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1670 goto unlock;
1671 }
1672
1673 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_NEEDED);
1674 if (e && hci_resolve_name(hdev, e) == 0) {
1675 e->name_state = NAME_PENDING;
1676 hci_discovery_set_state(hdev, DISCOVERY_RESOLVING);
1677 } else {
1678 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1679 }
1680
1681unlock:
56e5cb86 1682 hci_dev_unlock(hdev);
1da177e4
LT		 1683}
1684
6039aa73 1685static void hci_inquiry_result_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 1686{
45bb4bf0 1687 struct inquiry_data data;
a9de9248 1688 struct inquiry_info *info = (void *) (skb->data + 1);
1da177e4
LT		 1689 int num_rsp = *((__u8 *) skb->data);
1690
1691 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
1692
45bb4bf0
MH		 1693 if (!num_rsp)
1694 return;
1695
1519cc17
AG		 1696 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags))
1697 return;
1698
1da177e4 1699 hci_dev_lock(hdev);
45bb4bf0 1700
e17acd40 1701 for (; num_rsp; num_rsp--, info++) {
388fc8fa 1702 bool name_known, ssp;
3175405b 1703
1da177e4
LT		 1704 bacpy(&data.bdaddr, &info->bdaddr);
1705 data.pscan_rep_mode = info->pscan_rep_mode;
1706 data.pscan_period_mode = info->pscan_period_mode;
1707 data.pscan_mode = info->pscan_mode;
1708 memcpy(data.dev_class, info->dev_class, 3);
1709 data.clock_offset = info->clock_offset;
1710 data.rssi = 0x00;
41a96212 1711 data.ssp_mode = 0x00;
3175405b 1712
388fc8fa 1713 name_known = hci_inquiry_cache_update(hdev, &data, false, &ssp);
48264f06 1714 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
04124681
GP		 1715 info->dev_class, 0, !name_known, ssp, NULL,
1716 0);
1da177e4 1717 }
45bb4bf0 1718
1da177e4
LT		 1719 hci_dev_unlock(hdev);
1720}
1721
6039aa73 1722static void hci_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 1723{
a9de9248
MH		 1724 struct hci_ev_conn_complete *ev = (void *) skb->data;
1725 struct hci_conn *conn;
1da177e4
LT		 1726
1727 BT_DBG("%s", hdev->name);
1728
1729 hci_dev_lock(hdev);
1730
1731 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
9499237a
MH		 1732 if (!conn) {
1733 if (ev->link_type != SCO_LINK)
1734 goto unlock;
1735
1736 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
1737 if (!conn)
1738 goto unlock;
1739
1740 conn->type = SCO_LINK;
1741 }
1da177e4
LT		 1742
1743 if (!ev->status) {
1744 conn->handle = __le16_to_cpu(ev->handle);
769be974
MH		 1745
1746 if (conn->type == ACL_LINK) {
1747 conn->state = BT_CONFIG;
1748 hci_conn_hold(conn);
a9ea3ed9
SJ		 1749
1750 if (!conn->out && !hci_conn_ssp_enabled(conn) &&
1751 !hci_find_link_key(hdev, &ev->bdaddr))
1752 conn->disc_timeout = HCI_PAIRING_TIMEOUT;
1753 else
1754 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
769be974
MH		 1755 } else
1756 conn->state = BT_CONNECTED;
1da177e4 1757
7d0db0a3
MH		 1758 hci_conn_add_sysfs(conn);
1759
1da177e4
LT		 1760 if (test_bit(HCI_AUTH, &hdev->flags))
1761 conn->link_mode |= HCI_LM_AUTH;
1762
1763 if (test_bit(HCI_ENCRYPT, &hdev->flags))
1764 conn->link_mode |= HCI_LM_ENCRYPT;
1765
04837f64
MH		 1766 /* Get remote features */
1767 if (conn->type == ACL_LINK) {
1768 struct hci_cp_read_remote_features cp;
1769 cp.handle = ev->handle;
769be974 1770 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_FEATURES,
04124681 1771 sizeof(cp), &cp);
04837f64
MH		 1772 }
1773
1da177e4 1774 /* Set packet type for incoming connection */
d095c1eb 1775 if (!conn->out && hdev->hci_ver < BLUETOOTH_VER_2_0) {
1da177e4
LT		 1776 struct hci_cp_change_conn_ptype cp;
1777 cp.handle = ev->handle;
a8746417 1778 cp.pkt_type = cpu_to_le16(conn->pkt_type);
04124681
GP		 1779 hci_send_cmd(hdev, HCI_OP_CHANGE_CONN_PTYPE, sizeof(cp),
1780 &cp);
1da177e4 1781 }
17d5c04c 1782 } else {
1da177e4 1783 conn->state = BT_CLOSED;
17d5c04c 1784 if (conn->type == ACL_LINK)
64c7b77c 1785 mgmt_connect_failed(hdev, &conn->dst, conn->type,
04124681 1786 conn->dst_type, ev->status);
17d5c04c 1787 }
1da177e4 1788
e73439d8
MH		 1789 if (conn->type == ACL_LINK)
1790 hci_sco_setup(conn, ev->status);
1da177e4 1791
769be974
MH		 1792 if (ev->status) {
1793 hci_proto_connect_cfm(conn, ev->status);
1da177e4 1794 hci_conn_del(conn);
c89b6e6b
MH		 1795 } else if (ev->link_type != ACL_LINK)
1796 hci_proto_connect_cfm(conn, ev->status);
1da177e4 1797
a9de9248 1798unlock:
1da177e4 1799 hci_dev_unlock(hdev);
1da177e4 1800
a9de9248 1801 hci_conn_check_pending(hdev);
1da177e4
LT		 1802}
1803
6039aa73 1804static void hci_conn_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 1805{
a9de9248
MH		 1806 struct hci_ev_conn_request *ev = (void *) skb->data;
1807 int mask = hdev->link_mode;
20714bfe 1808 __u8 flags = 0;
1da177e4 1809
6ed93dc6 1810 BT_DBG("%s bdaddr %pMR type 0x%x", hdev->name, &ev->bdaddr,
807deac2 1811 ev->link_type);
1da177e4 1812
20714bfe
FD		 1813 mask |= hci_proto_connect_ind(hdev, &ev->bdaddr, ev->link_type,
1814 &flags);
1da177e4 1815
138d22ef 1816 if ((mask & HCI_LM_ACCEPT) &&
b9ee0a78 1817 !hci_blacklist_lookup(hdev, &ev->bdaddr, BDADDR_BREDR)) {
a9de9248 1818 /* Connection accepted */
c7bdd502 1819 struct inquiry_entry *ie;
1da177e4 1820 struct hci_conn *conn;
1da177e4 1821
a9de9248 1822 hci_dev_lock(hdev);
b6a0dc82 1823
cc11b9c1
AE		 1824 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
1825 if (ie)
c7bdd502
MH		 1826 memcpy(ie->data.dev_class, ev->dev_class, 3);
1827
8fc9ced3
GP		 1828 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type,
1829 &ev->bdaddr);
a9de9248 1830 if (!conn) {
cc11b9c1
AE		 1831 conn = hci_conn_add(hdev, ev->link_type, &ev->bdaddr);
1832 if (!conn) {
893ef971 1833 BT_ERR("No memory for new connection");
a9de9248
MH		 1834 hci_dev_unlock(hdev);
1835 return;
1da177e4
LT		 1836 }
1837 }
b6a0dc82 1838
a9de9248 1839 memcpy(conn->dev_class, ev->dev_class, 3);
b6a0dc82 1840
a9de9248 1841 hci_dev_unlock(hdev);
1da177e4 1842
20714bfe
FD		 1843 if (ev->link_type == ACL_LINK ||
1844 (!(flags & HCI_PROTO_DEFER) && !lmp_esco_capable(hdev))) {
b6a0dc82 1845 struct hci_cp_accept_conn_req cp;
20714bfe 1846 conn->state = BT_CONNECT;
1da177e4 1847
b6a0dc82
MH		 1848 bacpy(&cp.bdaddr, &ev->bdaddr);
1849
1850 if (lmp_rswitch_capable(hdev) && (mask & HCI_LM_MASTER))
1851 cp.role = 0x00; /* Become master */
1852 else
1853 cp.role = 0x01; /* Remain slave */
1854
04124681
GP		 1855 hci_send_cmd(hdev, HCI_OP_ACCEPT_CONN_REQ, sizeof(cp),
1856 &cp);
20714bfe 1857 } else if (!(flags & HCI_PROTO_DEFER)) {
b6a0dc82 1858 struct hci_cp_accept_sync_conn_req cp;
20714bfe 1859 conn->state = BT_CONNECT;
b6a0dc82
MH		 1860
1861 bacpy(&cp.bdaddr, &ev->bdaddr);
a8746417 1862 cp.pkt_type = cpu_to_le16(conn->pkt_type);
b6a0dc82 1863
82781e63
AE		 1864 cp.tx_bandwidth = __constant_cpu_to_le32(0x00001f40);
1865 cp.rx_bandwidth = __constant_cpu_to_le32(0x00001f40);
1866 cp.max_latency = __constant_cpu_to_le16(0xffff);
b6a0dc82
MH		 1867 cp.content_format = cpu_to_le16(hdev->voice_setting);
1868 cp.retrans_effort = 0xff;
1da177e4 1869
b6a0dc82 1870 hci_send_cmd(hdev, HCI_OP_ACCEPT_SYNC_CONN_REQ,
04124681 1871 sizeof(cp), &cp);
20714bfe
FD		 1872 } else {
1873 conn->state = BT_CONNECT2;
1874 hci_proto_connect_cfm(conn, 0);
b6a0dc82 1875 }
a9de9248
MH		 1876 } else {
1877 /* Connection rejected */
1878 struct hci_cp_reject_conn_req cp;
1da177e4 1879
a9de9248 1880 bacpy(&cp.bdaddr, &ev->bdaddr);
9f5a0d7b 1881 cp.reason = HCI_ERROR_REJ_BAD_ADDR;
a9de9248 1882 hci_send_cmd(hdev, HCI_OP_REJECT_CONN_REQ, sizeof(cp), &cp);
1da177e4 1883 }
1da177e4
LT		 1884}
1885
f0d6a0ea
MA		 1886static u8 hci_to_mgmt_reason(u8 err)
1887{
1888 switch (err) {
1889 case HCI_ERROR_CONNECTION_TIMEOUT:
1890 return MGMT_DEV_DISCONN_TIMEOUT;
1891 case HCI_ERROR_REMOTE_USER_TERM:
1892 case HCI_ERROR_REMOTE_LOW_RESOURCES:
1893 case HCI_ERROR_REMOTE_POWER_OFF:
1894 return MGMT_DEV_DISCONN_REMOTE;
1895 case HCI_ERROR_LOCAL_HOST_TERM:
1896 return MGMT_DEV_DISCONN_LOCAL_HOST;
1897 default:
1898 return MGMT_DEV_DISCONN_UNKNOWN;
1899 }
1900}
1901
6039aa73 1902static void hci_disconn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
04837f64 1903{
a9de9248 1904 struct hci_ev_disconn_complete *ev = (void *) skb->data;
abf54a50 1905 u8 reason = hci_to_mgmt_reason(ev->reason);
9fcb18ef 1906 struct hci_conn_params *params;
04837f64 1907 struct hci_conn *conn;
12d4a3b2 1908 bool mgmt_connected;
3846220b 1909 u8 type;
04837f64 1910
9f1db00c 1911 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
04837f64
MH		 1912
1913 hci_dev_lock(hdev);
1914
1915 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
f7520543
JH		 1916 if (!conn)
1917 goto unlock;
7d0db0a3 1918
abf54a50
AG		 1919 if (ev->status) {
1920 mgmt_disconnect_failed(hdev, &conn->dst, conn->type,
1921 conn->dst_type, ev->status);
1922 goto unlock;
37d9ef76 1923 }
f7520543 1924
3846220b
AG		 1925 conn->state = BT_CLOSED;
1926
12d4a3b2
JH		 1927 mgmt_connected = test_and_clear_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags);
1928 mgmt_device_disconnected(hdev, &conn->dst, conn->type, conn->dst_type,
1929 reason, mgmt_connected);
abf54a50 1930
3846220b
AG		 1931 if (conn->type == ACL_LINK && conn->flush_key)
1932 hci_remove_link_key(hdev, &conn->dst);
2210246c 1933
9fcb18ef
AG		 1934 params = hci_conn_params_lookup(hdev, &conn->dst, conn->dst_type);
1935 if (params) {
1936 switch (params->auto_connect) {
1937 case HCI_AUTO_CONN_LINK_LOSS:
1938 if (ev->reason != HCI_ERROR_CONNECTION_TIMEOUT)
1939 break;
1940 /* Fall through */
1941
1942 case HCI_AUTO_CONN_ALWAYS:
1943 hci_pend_le_conn_add(hdev, &conn->dst, conn->dst_type);
1944 break;
1945
1946 default:
1947 break;
1948 }
1949 }
1950
3846220b 1951 type = conn->type;
2210246c 1952
3846220b
AG		 1953 hci_proto_disconn_cfm(conn, ev->reason);
1954 hci_conn_del(conn);
1955
1956 /* Re-enable advertising if necessary, since it might
1957 * have been disabled by the connection. From the
1958 * HCI_LE_Set_Advertise_Enable command description in
1959 * the core specification (v4.0):
1960 * "The Controller shall continue advertising until the Host
1961 * issues an LE_Set_Advertise_Enable command with
1962 * Advertising_Enable set to 0x00 (Advertising is disabled)
1963 * or until a connection is created or until the Advertising
1964 * is timed out due to Directed Advertising."
1965 */
1966 if (type == LE_LINK)
1967 mgmt_reenable_advertising(hdev);
f7520543
JH		 1968
1969unlock:
04837f64
MH		 1970 hci_dev_unlock(hdev);
1971}
1972
6039aa73 1973static void hci_auth_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 1974{
a9de9248 1975 struct hci_ev_auth_complete *ev = (void *) skb->data;
04837f64 1976 struct hci_conn *conn;
1da177e4 1977
9f1db00c 1978 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
1da177e4
LT		 1979
1980 hci_dev_lock(hdev);
1981
04837f64 1982 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
d7556e20
WR		 1983 if (!conn)
1984 goto unlock;
1985
1986 if (!ev->status) {
aa64a8b5 1987 if (!hci_conn_ssp_enabled(conn) &&
807deac2 1988 test_bit(HCI_CONN_REAUTH_PEND, &conn->flags)) {
d7556e20 1989 BT_INFO("re-auth of legacy device is not possible.");
2a611692 1990 } else {
d7556e20
WR		 1991 conn->link_mode |= HCI_LM_AUTH;
1992 conn->sec_level = conn->pending_sec_level;
2a611692 1993 }
d7556e20 1994 } else {
bab73cb6 1995 mgmt_auth_failed(hdev, &conn->dst, conn->type, conn->dst_type,
04124681 1996 ev->status);
d7556e20 1997 }
1da177e4 1998
51a8efd7
JH		 1999 clear_bit(HCI_CONN_AUTH_PEND, &conn->flags);
2000 clear_bit(HCI_CONN_REAUTH_PEND, &conn->flags);
1da177e4 2001
d7556e20 2002 if (conn->state == BT_CONFIG) {
aa64a8b5 2003 if (!ev->status && hci_conn_ssp_enabled(conn)) {
d7556e20
WR		 2004 struct hci_cp_set_conn_encrypt cp;
2005 cp.handle = ev->handle;
2006 cp.encrypt = 0x01;
2007 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
807deac2 2008 &cp);
052b30b0 2009 } else {
d7556e20
WR		 2010 conn->state = BT_CONNECTED;
2011 hci_proto_connect_cfm(conn, ev->status);
76a68ba0 2012 hci_conn_drop(conn);
052b30b0 2013 }
d7556e20
WR		 2014 } else {
2015 hci_auth_cfm(conn, ev->status);
052b30b0 2016
d7556e20
WR		 2017 hci_conn_hold(conn);
2018 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
76a68ba0 2019 hci_conn_drop(conn);
d7556e20
WR		 2020 }
2021
51a8efd7 2022 if (test_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags)) {
d7556e20
WR		 2023 if (!ev->status) {
2024 struct hci_cp_set_conn_encrypt cp;
2025 cp.handle = ev->handle;
2026 cp.encrypt = 0x01;
2027 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
807deac2 2028 &cp);
d7556e20 2029 } else {
51a8efd7 2030 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
d7556e20 2031 hci_encrypt_cfm(conn, ev->status, 0x00);
1da177e4
LT		 2032 }
2033 }
2034
d7556e20 2035unlock:
1da177e4
LT		 2036 hci_dev_unlock(hdev);
2037}
2038
6039aa73 2039static void hci_remote_name_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 2040{
127178d2
JH		 2041 struct hci_ev_remote_name *ev = (void *) skb->data;
2042 struct hci_conn *conn;
2043
a9de9248 2044 BT_DBG("%s", hdev->name);
1da177e4 2045
a9de9248 2046 hci_conn_check_pending(hdev);
127178d2
JH		 2047
2048 hci_dev_lock(hdev);
2049
b644ba33 2050 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
30dc78e1 2051
b644ba33
JH		 2052 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
2053 goto check_auth;
a88a9652 2054
b644ba33
JH		 2055 if (ev->status == 0)
2056 hci_check_pending_name(hdev, conn, &ev->bdaddr, ev->name,
04124681 2057 strnlen(ev->name, HCI_MAX_NAME_LENGTH));
b644ba33
JH		 2058 else
2059 hci_check_pending_name(hdev, conn, &ev->bdaddr, NULL, 0);
2060
2061check_auth:
79c6c70c
JH		 2062 if (!conn)
2063 goto unlock;
2064
2065 if (!hci_outgoing_auth_needed(hdev, conn))
2066 goto unlock;
2067
51a8efd7 2068 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
127178d2
JH		 2069 struct hci_cp_auth_requested cp;
2070 cp.handle = __cpu_to_le16(conn->handle);
2071 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp);
2072 }
2073
79c6c70c 2074unlock:
127178d2 2075 hci_dev_unlock(hdev);
a9de9248
MH		 2076}
2077
6039aa73 2078static void hci_encrypt_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248
MH		 2079{
2080 struct hci_ev_encrypt_change *ev = (void *) skb->data;
2081 struct hci_conn *conn;
2082
9f1db00c 2083 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
1da177e4
LT		 2084
2085 hci_dev_lock(hdev);
2086
04837f64 2087 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
dc8357cc
MH		 2088 if (!conn)
2089 goto unlock;
1da177e4 2090
dc8357cc
MH		 2091 if (!ev->status) {
2092 if (ev->encrypt) {
2093 /* Encryption implies authentication */
2094 conn->link_mode |= HCI_LM_AUTH;
2095 conn->link_mode |= HCI_LM_ENCRYPT;
2096 conn->sec_level = conn->pending_sec_level;
abf76bad 2097
914a6ffe
MH		 2098 /* P-256 authentication key implies FIPS */
2099 if (conn->key_type == HCI_LK_AUTH_COMBINATION_P256)
2100 conn->link_mode |= HCI_LM_FIPS;
2101
abf76bad
MH		 2102 if ((conn->type == ACL_LINK && ev->encrypt == 0x02) ||
2103 conn->type == LE_LINK)
2104 set_bit(HCI_CONN_AES_CCM, &conn->flags);
2105 } else {
dc8357cc 2106 conn->link_mode &= ~HCI_LM_ENCRYPT;
abf76bad
MH		 2107 clear_bit(HCI_CONN_AES_CCM, &conn->flags);
2108 }
dc8357cc 2109 }
a7d7723a 2110
dc8357cc 2111 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
f8558555 2112
dc8357cc
MH		 2113 if (ev->status && conn->state == BT_CONNECTED) {
2114 hci_disconnect(conn, HCI_ERROR_AUTH_FAILURE);
2115 hci_conn_drop(conn);
2116 goto unlock;
1da177e4
LT		 2117 }
2118
dc8357cc
MH		 2119 if (conn->state == BT_CONFIG) {
2120 if (!ev->status)
2121 conn->state = BT_CONNECTED;
2122
2123 hci_proto_connect_cfm(conn, ev->status);
2124 hci_conn_drop(conn);
2125 } else
2126 hci_encrypt_cfm(conn, ev->status, ev->encrypt);
2127
a7d7723a 2128unlock:
1da177e4
LT		 2129 hci_dev_unlock(hdev);
2130}
2131
6039aa73
GP		 2132static void hci_change_link_key_complete_evt(struct hci_dev *hdev,
2133 struct sk_buff *skb)
1da177e4 2134{
a9de9248 2135 struct hci_ev_change_link_key_complete *ev = (void *) skb->data;
04837f64 2136 struct hci_conn *conn;
1da177e4 2137
9f1db00c 2138 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
1da177e4
LT		 2139
2140 hci_dev_lock(hdev);
2141
04837f64 2142 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1da177e4
LT		 2143 if (conn) {
2144 if (!ev->status)
2145 conn->link_mode |= HCI_LM_SECURE;
2146
51a8efd7 2147 clear_bit(HCI_CONN_AUTH_PEND, &conn->flags);
1da177e4
LT		 2148
2149 hci_key_change_cfm(conn, ev->status);
2150 }
2151
2152 hci_dev_unlock(hdev);
2153}
2154
6039aa73
GP		 2155static void hci_remote_features_evt(struct hci_dev *hdev,
2156 struct sk_buff *skb)
1da177e4 2157{
a9de9248
MH		 2158 struct hci_ev_remote_features *ev = (void *) skb->data;
2159 struct hci_conn *conn;
2160
9f1db00c 2161 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
a9de9248 2162
a9de9248
MH		 2163 hci_dev_lock(hdev);
2164
2165 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
ccd556fe
JH		 2166 if (!conn)
2167 goto unlock;
769be974 2168
ccd556fe 2169 if (!ev->status)
cad718ed 2170 memcpy(conn->features[0], ev->features, 8);
ccd556fe
JH		 2171
2172 if (conn->state != BT_CONFIG)
2173 goto unlock;
2174
2175 if (!ev->status && lmp_ssp_capable(hdev) && lmp_ssp_capable(conn)) {
2176 struct hci_cp_read_remote_ext_features cp;
2177 cp.handle = ev->handle;
2178 cp.page = 0x01;
2179 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES,
807deac2 2180 sizeof(cp), &cp);
392599b9
JH		 2181 goto unlock;
2182 }
2183
671267bf 2184 if (!ev->status && !test_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags)) {
127178d2
JH		 2185 struct hci_cp_remote_name_req cp;
2186 memset(&cp, 0, sizeof(cp));
2187 bacpy(&cp.bdaddr, &conn->dst);
2188 cp.pscan_rep_mode = 0x02;
2189 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
b644ba33
JH		 2190 } else if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
2191 mgmt_device_connected(hdev, &conn->dst, conn->type,
04124681
GP		 2192 conn->dst_type, 0, NULL, 0,
2193 conn->dev_class);
392599b9 2194
127178d2 2195 if (!hci_outgoing_auth_needed(hdev, conn)) {
ccd556fe
JH		 2196 conn->state = BT_CONNECTED;
2197 hci_proto_connect_cfm(conn, ev->status);
76a68ba0 2198 hci_conn_drop(conn);
769be974 2199 }
a9de9248 2200
ccd556fe 2201unlock:
a9de9248 2202 hci_dev_unlock(hdev);
1da177e4
LT		 2203}
2204
6039aa73 2205static void hci_cmd_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248
MH		 2206{
2207 struct hci_ev_cmd_complete *ev = (void *) skb->data;
9238f36a 2208 u8 status = skb->data[sizeof(*ev)];
a9de9248
MH		 2209 __u16 opcode;
2210
2211 skb_pull(skb, sizeof(*ev));
2212
2213 opcode = __le16_to_cpu(ev->opcode);
2214
2215 switch (opcode) {
2216 case HCI_OP_INQUIRY_CANCEL:
2217 hci_cc_inquiry_cancel(hdev, skb);
2218 break;
2219
4d93483b
AG		 2220 case HCI_OP_PERIODIC_INQ:
2221 hci_cc_periodic_inq(hdev, skb);
2222 break;
2223
a9de9248
MH		 2224 case HCI_OP_EXIT_PERIODIC_INQ:
2225 hci_cc_exit_periodic_inq(hdev, skb);
2226 break;
2227
2228 case HCI_OP_REMOTE_NAME_REQ_CANCEL:
2229 hci_cc_remote_name_req_cancel(hdev, skb);
2230 break;
2231
2232 case HCI_OP_ROLE_DISCOVERY:
2233 hci_cc_role_discovery(hdev, skb);
2234 break;
2235
e4e8e37c
MH		 2236 case HCI_OP_READ_LINK_POLICY:
2237 hci_cc_read_link_policy(hdev, skb);
2238 break;
2239
a9de9248
MH		 2240 case HCI_OP_WRITE_LINK_POLICY:
2241 hci_cc_write_link_policy(hdev, skb);
2242 break;
2243
e4e8e37c
MH		 2244 case HCI_OP_READ_DEF_LINK_POLICY:
2245 hci_cc_read_def_link_policy(hdev, skb);
2246 break;
2247
2248 case HCI_OP_WRITE_DEF_LINK_POLICY:
2249 hci_cc_write_def_link_policy(hdev, skb);
2250 break;
2251
a9de9248
MH		 2252 case HCI_OP_RESET:
2253 hci_cc_reset(hdev, skb);
2254 break;
2255
2256 case HCI_OP_WRITE_LOCAL_NAME:
2257 hci_cc_write_local_name(hdev, skb);
2258 break;
2259
2260 case HCI_OP_READ_LOCAL_NAME:
2261 hci_cc_read_local_name(hdev, skb);
2262 break;
2263
2264 case HCI_OP_WRITE_AUTH_ENABLE:
2265 hci_cc_write_auth_enable(hdev, skb);
2266 break;
2267
2268 case HCI_OP_WRITE_ENCRYPT_MODE:
2269 hci_cc_write_encrypt_mode(hdev, skb);
2270 break;
2271
2272 case HCI_OP_WRITE_SCAN_ENABLE:
2273 hci_cc_write_scan_enable(hdev, skb);
2274 break;
2275
2276 case HCI_OP_READ_CLASS_OF_DEV:
2277 hci_cc_read_class_of_dev(hdev, skb);
2278 break;
2279
2280 case HCI_OP_WRITE_CLASS_OF_DEV:
2281 hci_cc_write_class_of_dev(hdev, skb);
2282 break;
2283
2284 case HCI_OP_READ_VOICE_SETTING:
2285 hci_cc_read_voice_setting(hdev, skb);
2286 break;
2287
2288 case HCI_OP_WRITE_VOICE_SETTING:
2289 hci_cc_write_voice_setting(hdev, skb);
2290 break;
2291
b4cb9fb2
MH		 2292 case HCI_OP_READ_NUM_SUPPORTED_IAC:
2293 hci_cc_read_num_supported_iac(hdev, skb);
2294 break;
2295
333140b5
MH		 2296 case HCI_OP_WRITE_SSP_MODE:
2297 hci_cc_write_ssp_mode(hdev, skb);
2298 break;
2299
eac83dc6
MH		 2300 case HCI_OP_WRITE_SC_SUPPORT:
2301 hci_cc_write_sc_support(hdev, skb);
2302 break;
2303
a9de9248
MH		 2304 case HCI_OP_READ_LOCAL_VERSION:
2305 hci_cc_read_local_version(hdev, skb);
2306 break;
2307
2308 case HCI_OP_READ_LOCAL_COMMANDS:
2309 hci_cc_read_local_commands(hdev, skb);
2310 break;
2311
2312 case HCI_OP_READ_LOCAL_FEATURES:
2313 hci_cc_read_local_features(hdev, skb);
2314 break;
2315
971e3a4b
AG		 2316 case HCI_OP_READ_LOCAL_EXT_FEATURES:
2317 hci_cc_read_local_ext_features(hdev, skb);
2318 break;
2319
a9de9248
MH		 2320 case HCI_OP_READ_BUFFER_SIZE:
2321 hci_cc_read_buffer_size(hdev, skb);
2322 break;
2323
2324 case HCI_OP_READ_BD_ADDR:
2325 hci_cc_read_bd_addr(hdev, skb);
2326 break;
2327
f332ec66
JH		 2328 case HCI_OP_READ_PAGE_SCAN_ACTIVITY:
2329 hci_cc_read_page_scan_activity(hdev, skb);
2330 break;
2331
4a3ee763
JH		 2332 case HCI_OP_WRITE_PAGE_SCAN_ACTIVITY:
2333 hci_cc_write_page_scan_activity(hdev, skb);
2334 break;
2335
f332ec66
JH		 2336 case HCI_OP_READ_PAGE_SCAN_TYPE:
2337 hci_cc_read_page_scan_type(hdev, skb);
2338 break;
2339
4a3ee763
JH		 2340 case HCI_OP_WRITE_PAGE_SCAN_TYPE:
2341 hci_cc_write_page_scan_type(hdev, skb);
2342 break;
2343
350ee4cf
AE		 2344 case HCI_OP_READ_DATA_BLOCK_SIZE:
2345 hci_cc_read_data_block_size(hdev, skb);
2346 break;
2347
1e89cffb
AE		 2348 case HCI_OP_READ_FLOW_CONTROL_MODE:
2349 hci_cc_read_flow_control_mode(hdev, skb);
2350 break;
2351
928abaa7
AE		 2352 case HCI_OP_READ_LOCAL_AMP_INFO:
2353 hci_cc_read_local_amp_info(hdev, skb);
2354 break;
2355
903e4541
AE		 2356 case HCI_OP_READ_LOCAL_AMP_ASSOC:
2357 hci_cc_read_local_amp_assoc(hdev, skb);
2358 break;
2359
d5859e22
JH		 2360 case HCI_OP_READ_INQ_RSP_TX_POWER:
2361 hci_cc_read_inq_rsp_tx_power(hdev, skb);
2362 break;
2363
980e1a53
JH		 2364 case HCI_OP_PIN_CODE_REPLY:
2365 hci_cc_pin_code_reply(hdev, skb);
2366 break;
2367
2368 case HCI_OP_PIN_CODE_NEG_REPLY:
2369 hci_cc_pin_code_neg_reply(hdev, skb);
2370 break;
2371
c35938b2 2372 case HCI_OP_READ_LOCAL_OOB_DATA:
4d2d2796
MH		 2373 hci_cc_read_local_oob_data(hdev, skb);
2374 break;
2375
2376 case HCI_OP_READ_LOCAL_OOB_EXT_DATA:
2377 hci_cc_read_local_oob_ext_data(hdev, skb);
c35938b2
SJ		 2378 break;
2379
6ed58ec5
VT		 2380 case HCI_OP_LE_READ_BUFFER_SIZE:
2381 hci_cc_le_read_buffer_size(hdev, skb);
2382 break;
2383
60e77321
JH		 2384 case HCI_OP_LE_READ_LOCAL_FEATURES:
2385 hci_cc_le_read_local_features(hdev, skb);
2386 break;
2387
8fa19098
JH		 2388 case HCI_OP_LE_READ_ADV_TX_POWER:
2389 hci_cc_le_read_adv_tx_power(hdev, skb);
2390 break;
2391
a5c29683
JH		 2392 case HCI_OP_USER_CONFIRM_REPLY:
2393 hci_cc_user_confirm_reply(hdev, skb);
2394 break;
2395
2396 case HCI_OP_USER_CONFIRM_NEG_REPLY:
2397 hci_cc_user_confirm_neg_reply(hdev, skb);
2398 break;
2399
1143d458
BG		 2400 case HCI_OP_USER_PASSKEY_REPLY:
2401 hci_cc_user_passkey_reply(hdev, skb);
2402 break;
2403
2404 case HCI_OP_USER_PASSKEY_NEG_REPLY:
2405 hci_cc_user_passkey_neg_reply(hdev, skb);
16cde993 2406 break;
07f7fa5d 2407
7a4cd51d
MH		 2408 case HCI_OP_LE_SET_RANDOM_ADDR:
2409 hci_cc_le_set_random_addr(hdev, skb);
2410 break;
2411
c1d5dc4a
JH		 2412 case HCI_OP_LE_SET_ADV_ENABLE:
2413 hci_cc_le_set_adv_enable(hdev, skb);
2414 break;
2415
eb9d91f5
AG		 2416 case HCI_OP_LE_SET_SCAN_ENABLE:
2417 hci_cc_le_set_scan_enable(hdev, skb);
2418 break;
2419
cf1d081f
JH		 2420 case HCI_OP_LE_READ_WHITE_LIST_SIZE:
2421 hci_cc_le_read_white_list_size(hdev, skb);
2422 break;
2423
0f36b589
MH		 2424 case HCI_OP_LE_CLEAR_WHITE_LIST:
2425 hci_cc_le_clear_white_list(hdev, skb);
2426 break;
2427
2428 case HCI_OP_LE_ADD_TO_WHITE_LIST:
2429 hci_cc_le_add_to_white_list(hdev, skb);
2430 break;
2431
2432 case HCI_OP_LE_DEL_FROM_WHITE_LIST:
2433 hci_cc_le_del_from_white_list(hdev, skb);
2434 break;
2435
9b008c04
JH		 2436 case HCI_OP_LE_READ_SUPPORTED_STATES:
2437 hci_cc_le_read_supported_states(hdev, skb);
2438 break;
2439
f9b49306
AG		 2440 case HCI_OP_WRITE_LE_HOST_SUPPORTED:
2441 hci_cc_write_le_host_supported(hdev, skb);
2442 break;
2443
56ed2cb8
JH		 2444 case HCI_OP_LE_SET_ADV_PARAM:
2445 hci_cc_set_adv_param(hdev, skb);
2446 break;
2447
93c284ee
AE		 2448 case HCI_OP_WRITE_REMOTE_AMP_ASSOC:
2449 hci_cc_write_remote_amp_assoc(hdev, skb);
2450 break;
2451
a9de9248 2452 default:
9f1db00c 2453 BT_DBG("%s opcode 0x%4.4x", hdev->name, opcode);
a9de9248
MH		 2454 break;
2455 }
2456
ad82cdd1 2457 if (opcode != HCI_OP_NOP)
6bd32326
VT		 2458 del_timer(&hdev->cmd_timer);
2459
ad82cdd1 2460 hci_req_cmd_complete(hdev, opcode, status);
9238f36a 2461
dbccd791 2462 if (ev->ncmd && !test_bit(HCI_RESET, &hdev->flags)) {
a9de9248
MH		 2463 atomic_set(&hdev->cmd_cnt, 1);
2464 if (!skb_queue_empty(&hdev->cmd_q))
c347b765 2465 queue_work(hdev->workqueue, &hdev->cmd_work);
a9de9248
MH		 2466 }
2467}
2468
6039aa73 2469static void hci_cmd_status_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248
MH		 2470{
2471 struct hci_ev_cmd_status *ev = (void *) skb->data;
2472 __u16 opcode;
2473
2474 skb_pull(skb, sizeof(*ev));
2475
2476 opcode = __le16_to_cpu(ev->opcode);
2477
2478 switch (opcode) {
2479 case HCI_OP_INQUIRY:
2480 hci_cs_inquiry(hdev, ev->status);
2481 break;
2482
2483 case HCI_OP_CREATE_CONN:
2484 hci_cs_create_conn(hdev, ev->status);
2485 break;
2486
2487 case HCI_OP_ADD_SCO:
2488 hci_cs_add_sco(hdev, ev->status);
2489 break;
2490
f8558555
MH		 2491 case HCI_OP_AUTH_REQUESTED:
2492 hci_cs_auth_requested(hdev, ev->status);
2493 break;
2494
2495 case HCI_OP_SET_CONN_ENCRYPT:
2496 hci_cs_set_conn_encrypt(hdev, ev->status);
2497 break;
2498
a9de9248
MH		 2499 case HCI_OP_REMOTE_NAME_REQ:
2500 hci_cs_remote_name_req(hdev, ev->status);
2501 break;
2502
769be974
MH		 2503 case HCI_OP_READ_REMOTE_FEATURES:
2504 hci_cs_read_remote_features(hdev, ev->status);
2505 break;
2506
2507 case HCI_OP_READ_REMOTE_EXT_FEATURES:
2508 hci_cs_read_remote_ext_features(hdev, ev->status);
2509 break;
2510
a9de9248
MH		 2511 case HCI_OP_SETUP_SYNC_CONN:
2512 hci_cs_setup_sync_conn(hdev, ev->status);
2513 break;
2514
2515 case HCI_OP_SNIFF_MODE:
2516 hci_cs_sniff_mode(hdev, ev->status);
2517 break;
2518
2519 case HCI_OP_EXIT_SNIFF_MODE:
2520 hci_cs_exit_sniff_mode(hdev, ev->status);
2521 break;
2522
8962ee74 2523 case HCI_OP_DISCONNECT:
88c3df13 2524 hci_cs_disconnect(hdev, ev->status);
8962ee74
JH		 2525 break;
2526
a02226d6
AE		 2527 case HCI_OP_CREATE_PHY_LINK:
2528 hci_cs_create_phylink(hdev, ev->status);
2529 break;
2530
0b26ab9d
AE		 2531 case HCI_OP_ACCEPT_PHY_LINK:
2532 hci_cs_accept_phylink(hdev, ev->status);
2533 break;
2534
a9de9248 2535 default:
9f1db00c 2536 BT_DBG("%s opcode 0x%4.4x", hdev->name, opcode);
a9de9248
MH		 2537 break;
2538 }
2539
ad82cdd1 2540 if (opcode != HCI_OP_NOP)
6bd32326
VT		 2541 del_timer(&hdev->cmd_timer);
2542
02350a72
JH		 2543 if (ev->status ||
2544 (hdev->sent_cmd && !bt_cb(hdev->sent_cmd)->req.event))
2545 hci_req_cmd_complete(hdev, opcode, ev->status);
9238f36a 2546
10572132 2547 if (ev->ncmd && !test_bit(HCI_RESET, &hdev->flags)) {
a9de9248
MH		 2548 atomic_set(&hdev->cmd_cnt, 1);
2549 if (!skb_queue_empty(&hdev->cmd_q))
c347b765 2550 queue_work(hdev->workqueue, &hdev->cmd_work);
a9de9248
MH		 2551 }
2552}
2553
6039aa73 2554static void hci_role_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248
MH		 2555{
2556 struct hci_ev_role_change *ev = (void *) skb->data;
2557 struct hci_conn *conn;
2558
9f1db00c 2559 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
a9de9248
MH		 2560
2561 hci_dev_lock(hdev);
2562
2563 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2564 if (conn) {
2565 if (!ev->status) {
2566 if (ev->role)
2567 conn->link_mode &= ~HCI_LM_MASTER;
2568 else
2569 conn->link_mode |= HCI_LM_MASTER;
2570 }
2571
51a8efd7 2572 clear_bit(HCI_CONN_RSWITCH_PEND, &conn->flags);
a9de9248
MH		 2573
2574 hci_role_switch_cfm(conn, ev->status, ev->role);
2575 }
2576
2577 hci_dev_unlock(hdev);
2578}
2579
6039aa73 2580static void hci_num_comp_pkts_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248
MH		 2581{
2582 struct hci_ev_num_comp_pkts *ev = (void *) skb->data;
a9de9248
MH		 2583 int i;
2584
32ac5b9b
AE		 2585 if (hdev->flow_ctl_mode != HCI_FLOW_CTL_MODE_PACKET_BASED) {
2586 BT_ERR("Wrong event for mode %d", hdev->flow_ctl_mode);
2587 return;
2588 }
2589
c5993de8 2590 if (skb->len < sizeof(*ev) || skb->len < sizeof(*ev) +
807deac2 2591 ev->num_hndl * sizeof(struct hci_comp_pkts_info)) {
a9de9248
MH		 2592 BT_DBG("%s bad parameters", hdev->name);
2593 return;
2594 }
2595
c5993de8
AE		 2596 BT_DBG("%s num_hndl %d", hdev->name, ev->num_hndl);
2597
613a1c0c
AE		 2598 for (i = 0; i < ev->num_hndl; i++) {
2599 struct hci_comp_pkts_info *info = &ev->handles[i];
a9de9248
MH		 2600 struct hci_conn *conn;
2601 __u16 handle, count;
2602
613a1c0c
AE		 2603 handle = __le16_to_cpu(info->handle);
2604 count = __le16_to_cpu(info->count);
a9de9248
MH		 2605
2606 conn = hci_conn_hash_lookup_handle(hdev, handle);
f4280918
AE		 2607 if (!conn)
2608 continue;
2609
2610 conn->sent -= count;
2611
2612 switch (conn->type) {
2613 case ACL_LINK:
2614 hdev->acl_cnt += count;
2615 if (hdev->acl_cnt > hdev->acl_pkts)
2616 hdev->acl_cnt = hdev->acl_pkts;
2617 break;
2618
2619 case LE_LINK:
2620 if (hdev->le_pkts) {
2621 hdev->le_cnt += count;
2622 if (hdev->le_cnt > hdev->le_pkts)
2623 hdev->le_cnt = hdev->le_pkts;
2624 } else {
70f23020
AE		 2625 hdev->acl_cnt += count;
2626 if (hdev->acl_cnt > hdev->acl_pkts)
a9de9248 2627 hdev->acl_cnt = hdev->acl_pkts;
a9de9248 2628 }
f4280918
AE		 2629 break;
2630
2631 case SCO_LINK:
2632 hdev->sco_cnt += count;
2633 if (hdev->sco_cnt > hdev->sco_pkts)
2634 hdev->sco_cnt = hdev->sco_pkts;
2635 break;
2636
2637 default:
2638 BT_ERR("Unknown type %d conn %p", conn->type, conn);
2639 break;
a9de9248
MH		 2640 }
2641 }
2642
3eff45ea 2643 queue_work(hdev->workqueue, &hdev->tx_work);
a9de9248
MH		 2644}
2645
76ef7cf7
AE		 2646static struct hci_conn *__hci_conn_lookup_handle(struct hci_dev *hdev,
2647 __u16 handle)
2648{
2649 struct hci_chan *chan;
2650
2651 switch (hdev->dev_type) {
2652 case HCI_BREDR:
2653 return hci_conn_hash_lookup_handle(hdev, handle);
2654 case HCI_AMP:
2655 chan = hci_chan_lookup_handle(hdev, handle);
2656 if (chan)
2657 return chan->conn;
2658 break;
2659 default:
2660 BT_ERR("%s unknown dev_type %d", hdev->name, hdev->dev_type);
2661 break;
2662 }
2663
2664 return NULL;
2665}
2666
6039aa73 2667static void hci_num_comp_blocks_evt(struct hci_dev *hdev, struct sk_buff *skb)
25e89e99
AE		 2668{
2669 struct hci_ev_num_comp_blocks *ev = (void *) skb->data;
2670 int i;
2671
2672 if (hdev->flow_ctl_mode != HCI_FLOW_CTL_MODE_BLOCK_BASED) {
2673 BT_ERR("Wrong event for mode %d", hdev->flow_ctl_mode);
2674 return;
2675 }
2676
2677 if (skb->len < sizeof(*ev) || skb->len < sizeof(*ev) +
807deac2 2678 ev->num_hndl * sizeof(struct hci_comp_blocks_info)) {
25e89e99
AE		 2679 BT_DBG("%s bad parameters", hdev->name);
2680 return;
2681 }
2682
2683 BT_DBG("%s num_blocks %d num_hndl %d", hdev->name, ev->num_blocks,
807deac2 2684 ev->num_hndl);
25e89e99
AE		 2685
2686 for (i = 0; i < ev->num_hndl; i++) {
2687 struct hci_comp_blocks_info *info = &ev->handles[i];
76ef7cf7 2688 struct hci_conn *conn = NULL;
25e89e99
AE		 2689 __u16 handle, block_count;
2690
2691 handle = __le16_to_cpu(info->handle);
2692 block_count = __le16_to_cpu(info->blocks);
2693
76ef7cf7 2694 conn = __hci_conn_lookup_handle(hdev, handle);
25e89e99
AE		 2695 if (!conn)
2696 continue;
2697
2698 conn->sent -= block_count;
2699
2700 switch (conn->type) {
2701 case ACL_LINK:
bd1eb66b 2702 case AMP_LINK:
25e89e99
AE		 2703 hdev->block_cnt += block_count;
2704 if (hdev->block_cnt > hdev->num_blocks)
2705 hdev->block_cnt = hdev->num_blocks;
2706 break;
2707
2708 default:
2709 BT_ERR("Unknown type %d conn %p", conn->type, conn);
2710 break;
2711 }
2712 }
2713
2714 queue_work(hdev->workqueue, &hdev->tx_work);
2715}
2716
6039aa73 2717static void hci_mode_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
04837f64 2718{
a9de9248 2719 struct hci_ev_mode_change *ev = (void *) skb->data;
04837f64
MH		 2720 struct hci_conn *conn;
2721
9f1db00c 2722 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
04837f64
MH		 2723
2724 hci_dev_lock(hdev);
2725
2726 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
a9de9248
MH		 2727 if (conn) {
2728 conn->mode = ev->mode;
a9de9248 2729
8fc9ced3
GP		 2730 if (!test_and_clear_bit(HCI_CONN_MODE_CHANGE_PEND,
2731 &conn->flags)) {
a9de9248 2732 if (conn->mode == HCI_CM_ACTIVE)
58a681ef 2733 set_bit(HCI_CONN_POWER_SAVE, &conn->flags);
a9de9248 2734 else
58a681ef 2735 clear_bit(HCI_CONN_POWER_SAVE, &conn->flags);
a9de9248 2736 }
e73439d8 2737
51a8efd7 2738 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
e73439d8 2739 hci_sco_setup(conn, ev->status);
04837f64
MH		 2740 }
2741
2742 hci_dev_unlock(hdev);
2743}
2744
6039aa73 2745static void hci_pin_code_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248 2746{
052b30b0
MH		 2747 struct hci_ev_pin_code_req *ev = (void *) skb->data;
2748 struct hci_conn *conn;
2749
a9de9248 2750 BT_DBG("%s", hdev->name);
052b30b0
MH		 2751
2752 hci_dev_lock(hdev);
2753
2754 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
b6f98044
WR		 2755 if (!conn)
2756 goto unlock;
2757
2758 if (conn->state == BT_CONNECTED) {
052b30b0
MH		 2759 hci_conn_hold(conn);
2760 conn->disc_timeout = HCI_PAIRING_TIMEOUT;
76a68ba0 2761 hci_conn_drop(conn);
052b30b0
MH		 2762 }
2763
a8b2d5c2 2764 if (!test_bit(HCI_PAIRABLE, &hdev->dev_flags))
03b555e1 2765 hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
807deac2 2766 sizeof(ev->bdaddr), &ev->bdaddr);
a8b2d5c2 2767 else if (test_bit(HCI_MGMT, &hdev->dev_flags)) {
a770bb5a
WR		 2768 u8 secure;
2769
2770 if (conn->pending_sec_level == BT_SECURITY_HIGH)
2771 secure = 1;
2772 else
2773 secure = 0;
2774
744cf19e 2775 mgmt_pin_code_request(hdev, &ev->bdaddr, secure);
a770bb5a 2776 }
980e1a53 2777
b6f98044 2778unlock:
052b30b0 2779 hci_dev_unlock(hdev);
a9de9248
MH		 2780}
2781
6039aa73 2782static void hci_link_key_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248 2783{
55ed8ca1
JH		 2784 struct hci_ev_link_key_req *ev = (void *) skb->data;
2785 struct hci_cp_link_key_reply cp;
2786 struct hci_conn *conn;
2787 struct link_key *key;
2788
a9de9248 2789 BT_DBG("%s", hdev->name);
55ed8ca1 2790
034cbea0 2791 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
55ed8ca1
JH		 2792 return;
2793
2794 hci_dev_lock(hdev);
2795
2796 key = hci_find_link_key(hdev, &ev->bdaddr);
2797 if (!key) {
6ed93dc6
AE		 2798 BT_DBG("%s link key not found for %pMR", hdev->name,
2799 &ev->bdaddr);
55ed8ca1
JH		 2800 goto not_found;
2801 }
2802
6ed93dc6
AE		 2803 BT_DBG("%s found key type %u for %pMR", hdev->name, key->type,
2804 &ev->bdaddr);
55ed8ca1 2805
a8b2d5c2 2806 if (!test_bit(HCI_DEBUG_KEYS, &hdev->dev_flags) &&
807deac2 2807 key->type == HCI_LK_DEBUG_COMBINATION) {
55ed8ca1
JH		 2808 BT_DBG("%s ignoring debug key", hdev->name);
2809 goto not_found;
2810 }
2811
2812 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
60b83f57 2813 if (conn) {
66138ce8
MH		 2814 if ((key->type == HCI_LK_UNAUTH_COMBINATION_P192 ||
2815 key->type == HCI_LK_UNAUTH_COMBINATION_P256) &&
807deac2 2816 conn->auth_type != 0xff && (conn->auth_type & 0x01)) {
60b83f57
WR		 2817 BT_DBG("%s ignoring unauthenticated key", hdev->name);
2818 goto not_found;
2819 }
55ed8ca1 2820
60b83f57 2821 if (key->type == HCI_LK_COMBINATION && key->pin_len < 16 &&
807deac2 2822 conn->pending_sec_level == BT_SECURITY_HIGH) {
8fc9ced3
GP		 2823 BT_DBG("%s ignoring key unauthenticated for high security",
2824 hdev->name);
60b83f57
WR		 2825 goto not_found;
2826 }
2827
2828 conn->key_type = key->type;
2829 conn->pin_length = key->pin_len;
55ed8ca1
JH		 2830 }
2831
2832 bacpy(&cp.bdaddr, &ev->bdaddr);
9b3b4460 2833 memcpy(cp.link_key, key->val, HCI_LINK_KEY_SIZE);
55ed8ca1
JH		 2834
2835 hci_send_cmd(hdev, HCI_OP_LINK_KEY_REPLY, sizeof(cp), &cp);
2836
2837 hci_dev_unlock(hdev);
2838
2839 return;
2840
2841not_found:
2842 hci_send_cmd(hdev, HCI_OP_LINK_KEY_NEG_REPLY, 6, &ev->bdaddr);
2843 hci_dev_unlock(hdev);
a9de9248
MH		 2844}
2845
6039aa73 2846static void hci_link_key_notify_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248 2847{
052b30b0
MH		 2848 struct hci_ev_link_key_notify *ev = (void *) skb->data;
2849 struct hci_conn *conn;
55ed8ca1 2850 u8 pin_len = 0;
052b30b0 2851
a9de9248 2852 BT_DBG("%s", hdev->name);
052b30b0
MH		 2853
2854 hci_dev_lock(hdev);
2855
2856 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2857 if (conn) {
2858 hci_conn_hold(conn);
2859 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
980e1a53 2860 pin_len = conn->pin_length;
13d39315
WR		 2861
2862 if (ev->key_type != HCI_LK_CHANGED_COMBINATION)
2863 conn->key_type = ev->key_type;
2864
76a68ba0 2865 hci_conn_drop(conn);
052b30b0
MH		 2866 }
2867
034cbea0 2868 if (test_bit(HCI_MGMT, &hdev->dev_flags))
d25e28ab 2869 hci_add_link_key(hdev, conn, 1, &ev->bdaddr, ev->link_key,
807deac2 2870 ev->key_type, pin_len);
55ed8ca1 2871
052b30b0 2872 hci_dev_unlock(hdev);
a9de9248
MH		 2873}
2874
6039aa73 2875static void hci_clock_offset_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 2876{
a9de9248 2877 struct hci_ev_clock_offset *ev = (void *) skb->data;
04837f64 2878 struct hci_conn *conn;
1da177e4 2879
9f1db00c 2880 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
1da177e4
LT		 2881
2882 hci_dev_lock(hdev);
2883
04837f64 2884 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1da177e4
LT		 2885 if (conn && !ev->status) {
2886 struct inquiry_entry *ie;
2887
cc11b9c1
AE		 2888 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
2889 if (ie) {
1da177e4
LT		 2890 ie->data.clock_offset = ev->clock_offset;
2891 ie->timestamp = jiffies;
2892 }
2893 }
2894
2895 hci_dev_unlock(hdev);
2896}
2897
6039aa73 2898static void hci_pkt_type_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
a8746417
MH		 2899{
2900 struct hci_ev_pkt_type_change *ev = (void *) skb->data;
2901 struct hci_conn *conn;
2902
9f1db00c 2903 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
a8746417
MH		 2904
2905 hci_dev_lock(hdev);
2906
2907 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2908 if (conn && !ev->status)
2909 conn->pkt_type = __le16_to_cpu(ev->pkt_type);
2910
2911 hci_dev_unlock(hdev);
2912}
2913
6039aa73 2914static void hci_pscan_rep_mode_evt(struct hci_dev *hdev, struct sk_buff *skb)
85a1e930 2915{
a9de9248 2916 struct hci_ev_pscan_rep_mode *ev = (void *) skb->data;
85a1e930
MH		 2917 struct inquiry_entry *ie;
2918
2919 BT_DBG("%s", hdev->name);
2920
2921 hci_dev_lock(hdev);
2922
cc11b9c1
AE		 2923 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
2924 if (ie) {
85a1e930
MH		 2925 ie->data.pscan_rep_mode = ev->pscan_rep_mode;
2926 ie->timestamp = jiffies;
2927 }
2928
2929 hci_dev_unlock(hdev);
2930}
2931
6039aa73
GP		 2932static void hci_inquiry_result_with_rssi_evt(struct hci_dev *hdev,
2933 struct sk_buff *skb)
a9de9248
MH		 2934{
2935 struct inquiry_data data;
2936 int num_rsp = *((__u8 *) skb->data);
388fc8fa 2937 bool name_known, ssp;
a9de9248
MH		 2938
2939 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
2940
2941 if (!num_rsp)
2942 return;
2943
1519cc17
AG		 2944 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags))
2945 return;
2946
a9de9248
MH		 2947 hci_dev_lock(hdev);
2948
2949 if ((skb->len - 1) / num_rsp != sizeof(struct inquiry_info_with_rssi)) {
138d22ef
SJ		 2950 struct inquiry_info_with_rssi_and_pscan_mode *info;
2951 info = (void *) (skb->data + 1);
a9de9248 2952
e17acd40 2953 for (; num_rsp; num_rsp--, info++) {
a9de9248
MH		 2954 bacpy(&data.bdaddr, &info->bdaddr);
2955 data.pscan_rep_mode = info->pscan_rep_mode;
2956 data.pscan_period_mode = info->pscan_period_mode;
2957 data.pscan_mode = info->pscan_mode;
2958 memcpy(data.dev_class, info->dev_class, 3);
2959 data.clock_offset = info->clock_offset;
2960 data.rssi = info->rssi;
41a96212 2961 data.ssp_mode = 0x00;
3175405b
JH		 2962
2963 name_known = hci_inquiry_cache_update(hdev, &data,
04124681 2964 false, &ssp);
48264f06 2965 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
04124681
GP		 2966 info->dev_class, info->rssi,
2967 !name_known, ssp, NULL, 0);
a9de9248
MH		 2968 }
2969 } else {
2970 struct inquiry_info_with_rssi *info = (void *) (skb->data + 1);
2971
e17acd40 2972 for (; num_rsp; num_rsp--, info++) {
a9de9248
MH		 2973 bacpy(&data.bdaddr, &info->bdaddr);
2974 data.pscan_rep_mode = info->pscan_rep_mode;
2975 data.pscan_period_mode = info->pscan_period_mode;
2976 data.pscan_mode = 0x00;
2977 memcpy(data.dev_class, info->dev_class, 3);
2978 data.clock_offset = info->clock_offset;
2979 data.rssi = info->rssi;
41a96212 2980 data.ssp_mode = 0x00;
3175405b 2981 name_known = hci_inquiry_cache_update(hdev, &data,
04124681 2982 false, &ssp);
48264f06 2983 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
04124681
GP		 2984 info->dev_class, info->rssi,
2985 !name_known, ssp, NULL, 0);
a9de9248
MH		 2986 }
2987 }
2988
2989 hci_dev_unlock(hdev);
2990}
2991
6039aa73
GP		 2992static void hci_remote_ext_features_evt(struct hci_dev *hdev,
2993 struct sk_buff *skb)
a9de9248 2994{
41a96212
MH		 2995 struct hci_ev_remote_ext_features *ev = (void *) skb->data;
2996 struct hci_conn *conn;
2997
a9de9248 2998 BT_DBG("%s", hdev->name);
41a96212 2999
41a96212
MH		 3000 hci_dev_lock(hdev);
3001
3002 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
ccd556fe
JH		 3003 if (!conn)
3004 goto unlock;
41a96212 3005
cad718ed
JH		 3006 if (ev->page < HCI_MAX_PAGES)
3007 memcpy(conn->features[ev->page], ev->features, 8);
3008
ccd556fe
JH		 3009 if (!ev->status && ev->page == 0x01) {
3010 struct inquiry_entry *ie;
41a96212 3011
cc11b9c1
AE		 3012 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
3013 if (ie)
02b7cc62 3014 ie->data.ssp_mode = (ev->features[0] & LMP_HOST_SSP);
769be974 3015
bbb0eada 3016 if (ev->features[0] & LMP_HOST_SSP) {
58a681ef 3017 set_bit(HCI_CONN_SSP_ENABLED, &conn->flags);
bbb0eada
JK		 3018 } else {
3019 /* It is mandatory by the Bluetooth specification that
3020 * Extended Inquiry Results are only used when Secure
3021 * Simple Pairing is enabled, but some devices violate
3022 * this.
3023 *
3024 * To make these devices work, the internal SSP
3025 * enabled flag needs to be cleared if the remote host
3026 * features do not indicate SSP support */
3027 clear_bit(HCI_CONN_SSP_ENABLED, &conn->flags);
3028 }
eb9a8f3f
MH		 3029
3030 if (ev->features[0] & LMP_HOST_SC)
3031 set_bit(HCI_CONN_SC_ENABLED, &conn->flags);
ccd556fe
JH		 3032 }
3033
3034 if (conn->state != BT_CONFIG)
3035 goto unlock;
3036
671267bf 3037 if (!ev->status && !test_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags)) {
127178d2
JH		 3038 struct hci_cp_remote_name_req cp;
3039 memset(&cp, 0, sizeof(cp));
3040 bacpy(&cp.bdaddr, &conn->dst);
3041 cp.pscan_rep_mode = 0x02;
3042 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
b644ba33
JH		 3043 } else if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
3044 mgmt_device_connected(hdev, &conn->dst, conn->type,
04124681
GP		 3045 conn->dst_type, 0, NULL, 0,
3046 conn->dev_class);
392599b9 3047
127178d2 3048 if (!hci_outgoing_auth_needed(hdev, conn)) {
ccd556fe
JH		 3049 conn->state = BT_CONNECTED;
3050 hci_proto_connect_cfm(conn, ev->status);
76a68ba0 3051 hci_conn_drop(conn);
41a96212
MH		 3052 }
3053
ccd556fe 3054unlock:
41a96212 3055 hci_dev_unlock(hdev);
a9de9248
MH		 3056}
3057
6039aa73
GP		 3058static void hci_sync_conn_complete_evt(struct hci_dev *hdev,
3059 struct sk_buff *skb)
a9de9248 3060{
b6a0dc82
MH		 3061 struct hci_ev_sync_conn_complete *ev = (void *) skb->data;
3062 struct hci_conn *conn;
3063
9f1db00c 3064 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
b6a0dc82
MH		 3065
3066 hci_dev_lock(hdev);
3067
3068 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
9dc0a3af
MH		 3069 if (!conn) {
3070 if (ev->link_type == ESCO_LINK)
3071 goto unlock;
3072
3073 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
3074 if (!conn)
3075 goto unlock;
3076
3077 conn->type = SCO_LINK;
3078 }
b6a0dc82 3079
732547f9
MH		 3080 switch (ev->status) {
3081 case 0x00:
b6a0dc82
MH		 3082 conn->handle = __le16_to_cpu(ev->handle);
3083 conn->state = BT_CONNECTED;
7d0db0a3
MH		 3084
3085 hci_conn_add_sysfs(conn);
732547f9
MH		 3086 break;
3087
1a4c958c 3088 case 0x0d: /* Connection Rejected due to Limited Resources */
705e5711 3089 case 0x11: /* Unsupported Feature or Parameter Value */
732547f9 3090 case 0x1c: /* SCO interval rejected */
1038a00b 3091 case 0x1a: /* Unsupported Remote Feature */
732547f9 3092 case 0x1f: /* Unspecified error */
2dea632f 3093 if (conn->out) {
732547f9
MH		 3094 conn->pkt_type = (hdev->esco_type & SCO_ESCO_MASK) |
3095 (hdev->esco_type & EDR_ESCO_MASK);
2dea632f
FD		 3096 if (hci_setup_sync(conn, conn->link->handle))
3097 goto unlock;
732547f9
MH		 3098 }
3099 /* fall through */
3100
3101 default:
b6a0dc82 3102 conn->state = BT_CLOSED;
732547f9
MH		 3103 break;
3104 }
b6a0dc82
MH		 3105
3106 hci_proto_connect_cfm(conn, ev->status);
3107 if (ev->status)
3108 hci_conn_del(conn);
3109
3110unlock:
3111 hci_dev_unlock(hdev);
a9de9248
MH		 3112}
3113
efdcf8e3
MH		 3114static inline size_t eir_get_length(u8 *eir, size_t eir_len)
3115{
3116 size_t parsed = 0;
3117
3118 while (parsed < eir_len) {
3119 u8 field_len = eir[0];
3120
3121 if (field_len == 0)
3122 return parsed;
3123
3124 parsed += field_len + 1;
3125 eir += field_len + 1;
3126 }
3127
3128 return eir_len;
3129}
3130
6039aa73
GP		 3131static void hci_extended_inquiry_result_evt(struct hci_dev *hdev,
3132 struct sk_buff *skb)
1da177e4 3133{
a9de9248
MH		 3134 struct inquiry_data data;
3135 struct extended_inquiry_info *info = (void *) (skb->data + 1);
3136 int num_rsp = *((__u8 *) skb->data);
9d939d94 3137 size_t eir_len;
1da177e4 3138
a9de9248 3139 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
1da177e4 3140
a9de9248
MH		 3141 if (!num_rsp)
3142 return;
1da177e4 3143
1519cc17
AG		 3144 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags))
3145 return;
3146
a9de9248
MH		 3147 hci_dev_lock(hdev);
3148
e17acd40 3149 for (; num_rsp; num_rsp--, info++) {
388fc8fa 3150 bool name_known, ssp;
561aafbc 3151
a9de9248 3152 bacpy(&data.bdaddr, &info->bdaddr);
138d22ef
SJ		 3153 data.pscan_rep_mode = info->pscan_rep_mode;
3154 data.pscan_period_mode = info->pscan_period_mode;
3155 data.pscan_mode = 0x00;
a9de9248 3156 memcpy(data.dev_class, info->dev_class, 3);
138d22ef
SJ		 3157 data.clock_offset = info->clock_offset;
3158 data.rssi = info->rssi;
41a96212 3159 data.ssp_mode = 0x01;
561aafbc 3160
a8b2d5c2 3161 if (test_bit(HCI_MGMT, &hdev->dev_flags))
4ddb1930 3162 name_known = eir_has_data_type(info->data,
04124681
GP		 3163 sizeof(info->data),
3164 EIR_NAME_COMPLETE);
561aafbc
JH		 3165 else
3166 name_known = true;
3167
388fc8fa 3168 name_known = hci_inquiry_cache_update(hdev, &data, name_known,
04124681 3169 &ssp);
9d939d94 3170 eir_len = eir_get_length(info->data, sizeof(info->data));
48264f06 3171 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
04124681 3172 info->dev_class, info->rssi, !name_known,
9d939d94 3173 ssp, info->data, eir_len);
a9de9248
MH		 3174 }
3175
3176 hci_dev_unlock(hdev);
3177}
1da177e4 3178
1c2e0041
JH		 3179static void hci_key_refresh_complete_evt(struct hci_dev *hdev,
3180 struct sk_buff *skb)
3181{
3182 struct hci_ev_key_refresh_complete *ev = (void *) skb->data;
3183 struct hci_conn *conn;
3184
9f1db00c 3185 BT_DBG("%s status 0x%2.2x handle 0x%4.4x", hdev->name, ev->status,
1c2e0041
JH		 3186 __le16_to_cpu(ev->handle));
3187
3188 hci_dev_lock(hdev);
3189
3190 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
3191 if (!conn)
3192 goto unlock;
3193
3194 if (!ev->status)
3195 conn->sec_level = conn->pending_sec_level;
3196
3197 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
3198
3199 if (ev->status && conn->state == BT_CONNECTED) {
bed71748 3200 hci_disconnect(conn, HCI_ERROR_AUTH_FAILURE);
76a68ba0 3201 hci_conn_drop(conn);
1c2e0041
JH		 3202 goto unlock;
3203 }
3204
3205 if (conn->state == BT_CONFIG) {
3206 if (!ev->status)
3207 conn->state = BT_CONNECTED;
3208
3209 hci_proto_connect_cfm(conn, ev->status);
76a68ba0 3210 hci_conn_drop(conn);
1c2e0041
JH		 3211 } else {
3212 hci_auth_cfm(conn, ev->status);
3213
3214 hci_conn_hold(conn);
3215 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
76a68ba0 3216 hci_conn_drop(conn);
1c2e0041
JH		 3217 }
3218
3219unlock:
3220 hci_dev_unlock(hdev);
3221}
3222
6039aa73 3223static u8 hci_get_auth_req(struct hci_conn *conn)
17fa4b9d
JH		 3224{
3225 /* If remote requests dedicated bonding follow that lead */
acabae96
MA		 3226 if (conn->remote_auth == HCI_AT_DEDICATED_BONDING ||
3227 conn->remote_auth == HCI_AT_DEDICATED_BONDING_MITM) {
17fa4b9d
JH		 3228 /* If both remote and local IO capabilities allow MITM
3229 * protection then require it, otherwise don't */
acabae96
MA		 3230 if (conn->remote_cap == HCI_IO_NO_INPUT_OUTPUT ||
3231 conn->io_capability == HCI_IO_NO_INPUT_OUTPUT)
3232 return HCI_AT_DEDICATED_BONDING;
17fa4b9d 3233 else
acabae96 3234 return HCI_AT_DEDICATED_BONDING_MITM;
17fa4b9d
JH		 3235 }
3236
3237 /* If remote requests no-bonding follow that lead */
acabae96
MA		 3238 if (conn->remote_auth == HCI_AT_NO_BONDING ||
3239 conn->remote_auth == HCI_AT_NO_BONDING_MITM)
58797bf7 3240 return conn->remote_auth | (conn->auth_type & 0x01);
17fa4b9d
JH		 3241
3242 return conn->auth_type;
3243}
3244
6039aa73 3245static void hci_io_capa_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
0493684e
MH		 3246{
3247 struct hci_ev_io_capa_request *ev = (void *) skb->data;
3248 struct hci_conn *conn;
3249
3250 BT_DBG("%s", hdev->name);
3251
3252 hci_dev_lock(hdev);
3253
3254 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
03b555e1
JH		 3255 if (!conn)
3256 goto unlock;
3257
3258 hci_conn_hold(conn);
3259
a8b2d5c2 3260 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
03b555e1
JH		 3261 goto unlock;
3262
a8b2d5c2 3263 if (test_bit(HCI_PAIRABLE, &hdev->dev_flags) ||
807deac2 3264 (conn->remote_auth & ~0x01) == HCI_AT_NO_BONDING) {
17fa4b9d
JH		 3265 struct hci_cp_io_capability_reply cp;
3266
3267 bacpy(&cp.bdaddr, &ev->bdaddr);
7a7f1e7c
HG		 3268 /* Change the IO capability from KeyboardDisplay
3269 * to DisplayYesNo as it is not supported by BT spec. */
3270 cp.capability = (conn->io_capability == 0x04) ?
a767631a 3271 HCI_IO_DISPLAY_YESNO : conn->io_capability;
7cbc9bd9
JH		 3272 conn->auth_type = hci_get_auth_req(conn);
3273 cp.authentication = conn->auth_type;
17fa4b9d 3274
8fc9ced3
GP		 3275 if (hci_find_remote_oob_data(hdev, &conn->dst) &&
3276 (conn->out || test_bit(HCI_CONN_REMOTE_OOB, &conn->flags)))
ce85ee13
SJ		 3277 cp.oob_data = 0x01;
3278 else
3279 cp.oob_data = 0x00;
3280
17fa4b9d 3281 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_REPLY,
807deac2 3282 sizeof(cp), &cp);
03b555e1
JH		 3283 } else {
3284 struct hci_cp_io_capability_neg_reply cp;
3285
3286 bacpy(&cp.bdaddr, &ev->bdaddr);
9f5a0d7b 3287 cp.reason = HCI_ERROR_PAIRING_NOT_ALLOWED;
0493684e 3288
03b555e1 3289 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_NEG_REPLY,
807deac2 3290 sizeof(cp), &cp);
03b555e1
JH		 3291 }
3292
3293unlock:
3294 hci_dev_unlock(hdev);
3295}
3296
6039aa73 3297static void hci_io_capa_reply_evt(struct hci_dev *hdev, struct sk_buff *skb)
03b555e1
JH		 3298{
3299 struct hci_ev_io_capa_reply *ev = (void *) skb->data;
3300 struct hci_conn *conn;
3301
3302 BT_DBG("%s", hdev->name);
3303
3304 hci_dev_lock(hdev);
3305
3306 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3307 if (!conn)
3308 goto unlock;
3309
03b555e1 3310 conn->remote_cap = ev->capability;
03b555e1 3311 conn->remote_auth = ev->authentication;
58a681ef
JH		 3312 if (ev->oob_data)
3313 set_bit(HCI_CONN_REMOTE_OOB, &conn->flags);
03b555e1
JH		 3314
3315unlock:
0493684e
MH		 3316 hci_dev_unlock(hdev);
3317}
3318
6039aa73
GP		 3319static void hci_user_confirm_request_evt(struct hci_dev *hdev,
3320 struct sk_buff *skb)
a5c29683
JH		 3321{
3322 struct hci_ev_user_confirm_req *ev = (void *) skb->data;
55bc1a37 3323 int loc_mitm, rem_mitm, confirm_hint = 0;
7a828908 3324 struct hci_conn *conn;
a5c29683
JH		 3325
3326 BT_DBG("%s", hdev->name);
3327
3328 hci_dev_lock(hdev);
3329
a8b2d5c2 3330 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
7a828908 3331 goto unlock;
a5c29683 3332
7a828908
JH		 3333 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3334 if (!conn)
3335 goto unlock;
3336
3337 loc_mitm = (conn->auth_type & 0x01);
3338 rem_mitm = (conn->remote_auth & 0x01);
3339
3340 /* If we require MITM but the remote device can't provide that
3341 * (it has NoInputNoOutput) then reject the confirmation
3342 * request. The only exception is when we're dedicated bonding
3343 * initiators (connect_cfm_cb set) since then we always have the MITM
3344 * bit set. */
a767631a
MA		 3345 if (!conn->connect_cfm_cb && loc_mitm &&
3346 conn->remote_cap == HCI_IO_NO_INPUT_OUTPUT) {
7a828908
JH		 3347 BT_DBG("Rejecting request: remote device can't provide MITM");
3348 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_NEG_REPLY,
807deac2 3349 sizeof(ev->bdaddr), &ev->bdaddr);
7a828908
JH		 3350 goto unlock;
3351 }
3352
3353 /* If no side requires MITM protection; auto-accept */
a767631a
MA		 3354 if ((!loc_mitm || conn->remote_cap == HCI_IO_NO_INPUT_OUTPUT) &&
3355 (!rem_mitm || conn->io_capability == HCI_IO_NO_INPUT_OUTPUT)) {
55bc1a37
JH		 3356
3357 /* If we're not the initiators request authorization to
3358 * proceed from user space (mgmt_user_confirm with
3359 * confirm_hint set to 1). */
51a8efd7 3360 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
55bc1a37
JH		 3361 BT_DBG("Confirming auto-accept as acceptor");
3362 confirm_hint = 1;
3363 goto confirm;
3364 }
3365
9f61656a 3366 BT_DBG("Auto-accept of user confirmation with %ums delay",
807deac2 3367 hdev->auto_accept_delay);
9f61656a
JH		 3368
3369 if (hdev->auto_accept_delay > 0) {
3370 int delay = msecs_to_jiffies(hdev->auto_accept_delay);
7bc18d9d
JH		 3371 queue_delayed_work(conn->hdev->workqueue,
3372 &conn->auto_accept_work, delay);
9f61656a
JH		 3373 goto unlock;
3374 }
3375
7a828908 3376 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_REPLY,
807deac2 3377 sizeof(ev->bdaddr), &ev->bdaddr);
7a828908
JH		 3378 goto unlock;
3379 }
3380
55bc1a37 3381confirm:
272d90df 3382 mgmt_user_confirm_request(hdev, &ev->bdaddr, ACL_LINK, 0, ev->passkey,
04124681 3383 confirm_hint);
7a828908
JH		 3384
3385unlock:
a5c29683
JH		 3386 hci_dev_unlock(hdev);
3387}
3388
6039aa73
GP		 3389static void hci_user_passkey_request_evt(struct hci_dev *hdev,
3390 struct sk_buff *skb)
1143d458
BG		 3391{
3392 struct hci_ev_user_passkey_req *ev = (void *) skb->data;
3393
3394 BT_DBG("%s", hdev->name);
3395
a8b2d5c2 3396 if (test_bit(HCI_MGMT, &hdev->dev_flags))
272d90df 3397 mgmt_user_passkey_request(hdev, &ev->bdaddr, ACL_LINK, 0);
1143d458
BG		 3398}
3399
92a25256
JH		 3400static void hci_user_passkey_notify_evt(struct hci_dev *hdev,
3401 struct sk_buff *skb)
3402{
3403 struct hci_ev_user_passkey_notify *ev = (void *) skb->data;
3404 struct hci_conn *conn;
3405
3406 BT_DBG("%s", hdev->name);
3407
3408 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3409 if (!conn)
3410 return;
3411
3412 conn->passkey_notify = __le32_to_cpu(ev->passkey);
3413 conn->passkey_entered = 0;
3414
3415 if (test_bit(HCI_MGMT, &hdev->dev_flags))
3416 mgmt_user_passkey_notify(hdev, &conn->dst, conn->type,
3417 conn->dst_type, conn->passkey_notify,
3418 conn->passkey_entered);
3419}
3420
3421static void hci_keypress_notify_evt(struct hci_dev *hdev, struct sk_buff *skb)
3422{
3423 struct hci_ev_keypress_notify *ev = (void *) skb->data;
3424 struct hci_conn *conn;
3425
3426 BT_DBG("%s", hdev->name);
3427
3428 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3429 if (!conn)
3430 return;
3431
3432 switch (ev->type) {
3433 case HCI_KEYPRESS_STARTED:
3434 conn->passkey_entered = 0;
3435 return;
3436
3437 case HCI_KEYPRESS_ENTERED:
3438 conn->passkey_entered++;
3439 break;
3440
3441 case HCI_KEYPRESS_ERASED:
3442 conn->passkey_entered--;
3443 break;
3444
3445 case HCI_KEYPRESS_CLEARED:
3446 conn->passkey_entered = 0;
3447 break;
3448
3449 case HCI_KEYPRESS_COMPLETED:
3450 return;
3451 }
3452
3453 if (test_bit(HCI_MGMT, &hdev->dev_flags))
3454 mgmt_user_passkey_notify(hdev, &conn->dst, conn->type,
3455 conn->dst_type, conn->passkey_notify,
3456 conn->passkey_entered);
3457}
3458
6039aa73
GP		 3459static void hci_simple_pair_complete_evt(struct hci_dev *hdev,
3460 struct sk_buff *skb)
0493684e
MH		 3461{
3462 struct hci_ev_simple_pair_complete *ev = (void *) skb->data;
3463 struct hci_conn *conn;
3464
3465 BT_DBG("%s", hdev->name);
3466
3467 hci_dev_lock(hdev);
3468
3469 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2a611692
JH		 3470 if (!conn)
3471 goto unlock;
3472
3473 /* To avoid duplicate auth_failed events to user space we check
3474 * the HCI_CONN_AUTH_PEND flag which will be set if we
3475 * initiated the authentication. A traditional auth_complete
3476 * event gets always produced as initiator and is also mapped to
3477 * the mgmt_auth_failed event */
fa1bd918 3478 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->flags) && ev->status)
bab73cb6 3479 mgmt_auth_failed(hdev, &conn->dst, conn->type, conn->dst_type,
04124681 3480 ev->status);
0493684e 3481
76a68ba0 3482 hci_conn_drop(conn);
2a611692
JH		 3483
3484unlock:
0493684e
MH		 3485 hci_dev_unlock(hdev);
3486}
3487
6039aa73
GP		 3488static void hci_remote_host_features_evt(struct hci_dev *hdev,
3489 struct sk_buff *skb)
41a96212
MH		 3490{
3491 struct hci_ev_remote_host_features *ev = (void *) skb->data;
3492 struct inquiry_entry *ie;
cad718ed 3493 struct hci_conn *conn;
41a96212
MH		 3494
3495 BT_DBG("%s", hdev->name);
3496
3497 hci_dev_lock(hdev);
3498
cad718ed
JH		 3499 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3500 if (conn)
3501 memcpy(conn->features[1], ev->features, 8);
3502
cc11b9c1
AE		 3503 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
3504 if (ie)
02b7cc62 3505 ie->data.ssp_mode = (ev->features[0] & LMP_HOST_SSP);
41a96212
MH		 3506
3507 hci_dev_unlock(hdev);
3508}
3509
6039aa73
GP		 3510static void hci_remote_oob_data_request_evt(struct hci_dev *hdev,
3511 struct sk_buff *skb)
2763eda6
SJ		 3512{
3513 struct hci_ev_remote_oob_data_request *ev = (void *) skb->data;
3514 struct oob_data *data;
3515
3516 BT_DBG("%s", hdev->name);
3517
3518 hci_dev_lock(hdev);
3519
a8b2d5c2 3520 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
e1ba1f15
SJ		 3521 goto unlock;
3522
2763eda6
SJ		 3523 data = hci_find_remote_oob_data(hdev, &ev->bdaddr);
3524 if (data) {
519ca9d0
MH		 3525 if (test_bit(HCI_SC_ENABLED, &hdev->dev_flags)) {
3526 struct hci_cp_remote_oob_ext_data_reply cp;
2763eda6 3527
519ca9d0
MH		 3528 bacpy(&cp.bdaddr, &ev->bdaddr);
3529 memcpy(cp.hash192, data->hash192, sizeof(cp.hash192));
3530 memcpy(cp.randomizer192, data->randomizer192,
3531 sizeof(cp.randomizer192));
3532 memcpy(cp.hash256, data->hash256, sizeof(cp.hash256));
3533 memcpy(cp.randomizer256, data->randomizer256,
3534 sizeof(cp.randomizer256));
3535
3536 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_EXT_DATA_REPLY,
3537 sizeof(cp), &cp);
3538 } else {
3539 struct hci_cp_remote_oob_data_reply cp;
2763eda6 3540
519ca9d0
MH		 3541 bacpy(&cp.bdaddr, &ev->bdaddr);
3542 memcpy(cp.hash, data->hash192, sizeof(cp.hash));
3543 memcpy(cp.randomizer, data->randomizer192,
3544 sizeof(cp.randomizer));
3545
3546 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_REPLY,
3547 sizeof(cp), &cp);
3548 }
2763eda6
SJ		 3549 } else {
3550 struct hci_cp_remote_oob_data_neg_reply cp;
3551
3552 bacpy(&cp.bdaddr, &ev->bdaddr);
519ca9d0
MH		 3553 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_NEG_REPLY,
3554 sizeof(cp), &cp);
2763eda6
SJ		 3555 }
3556
e1ba1f15 3557unlock:
2763eda6
SJ		 3558 hci_dev_unlock(hdev);
3559}
3560
d5e91192
AE		 3561static void hci_phy_link_complete_evt(struct hci_dev *hdev,
3562 struct sk_buff *skb)
3563{
3564 struct hci_ev_phy_link_complete *ev = (void *) skb->data;
3565 struct hci_conn *hcon, *bredr_hcon;
3566
3567 BT_DBG("%s handle 0x%2.2x status 0x%2.2x", hdev->name, ev->phy_handle,
3568 ev->status);
3569
3570 hci_dev_lock(hdev);
3571
3572 hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
3573 if (!hcon) {
3574 hci_dev_unlock(hdev);
3575 return;
3576 }
3577
3578 if (ev->status) {
3579 hci_conn_del(hcon);
3580 hci_dev_unlock(hdev);
3581 return;
3582 }
3583
3584 bredr_hcon = hcon->amp_mgr->l2cap_conn->hcon;
3585
3586 hcon->state = BT_CONNECTED;
3587 bacpy(&hcon->dst, &bredr_hcon->dst);
3588
3589 hci_conn_hold(hcon);
3590 hcon->disc_timeout = HCI_DISCONN_TIMEOUT;
76a68ba0 3591 hci_conn_drop(hcon);
d5e91192 3592
d5e91192
AE		 3593 hci_conn_add_sysfs(hcon);
3594
cf70ff22 3595 amp_physical_cfm(bredr_hcon, hcon);
d5e91192 3596
cf70ff22 3597 hci_dev_unlock(hdev);
d5e91192
AE		 3598}
3599
27695fb4
AE		 3600static void hci_loglink_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
3601{
3602 struct hci_ev_logical_link_complete *ev = (void *) skb->data;
3603 struct hci_conn *hcon;
3604 struct hci_chan *hchan;
3605 struct amp_mgr *mgr;
3606
3607 BT_DBG("%s log_handle 0x%4.4x phy_handle 0x%2.2x status 0x%2.2x",
3608 hdev->name, le16_to_cpu(ev->handle), ev->phy_handle,
3609 ev->status);
3610
3611 hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
3612 if (!hcon)
3613 return;
3614
3615 /* Create AMP hchan */
3616 hchan = hci_chan_create(hcon);
3617 if (!hchan)
3618 return;
3619
3620 hchan->handle = le16_to_cpu(ev->handle);
3621
3622 BT_DBG("hcon %p mgr %p hchan %p", hcon, hcon->amp_mgr, hchan);
3623
3624 mgr = hcon->amp_mgr;
3625 if (mgr && mgr->bredr_chan) {
3626 struct l2cap_chan *bredr_chan = mgr->bredr_chan;
3627
3628 l2cap_chan_lock(bredr_chan);
3629
3630 bredr_chan->conn->mtu = hdev->block_mtu;
3631 l2cap_logical_cfm(bredr_chan, hchan, 0);
3632 hci_conn_hold(hcon);
3633
3634 l2cap_chan_unlock(bredr_chan);
3635 }
3636}
3637
606e2a10
AE		 3638static void hci_disconn_loglink_complete_evt(struct hci_dev *hdev,
3639 struct sk_buff *skb)
3640{
3641 struct hci_ev_disconn_logical_link_complete *ev = (void *) skb->data;
3642 struct hci_chan *hchan;
3643
3644 BT_DBG("%s log handle 0x%4.4x status 0x%2.2x", hdev->name,
3645 le16_to_cpu(ev->handle), ev->status);
3646
3647 if (ev->status)
3648 return;
3649
3650 hci_dev_lock(hdev);
3651
3652 hchan = hci_chan_lookup_handle(hdev, le16_to_cpu(ev->handle));
3653 if (!hchan)
3654 goto unlock;
3655
3656 amp_destroy_logical_link(hchan, ev->reason);
3657
3658unlock:
3659 hci_dev_unlock(hdev);
3660}
3661
9eef6b3a
AE		 3662static void hci_disconn_phylink_complete_evt(struct hci_dev *hdev,
3663 struct sk_buff *skb)
3664{
3665 struct hci_ev_disconn_phy_link_complete *ev = (void *) skb->data;
3666 struct hci_conn *hcon;
3667
3668 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
3669
3670 if (ev->status)
3671 return;
3672
3673 hci_dev_lock(hdev);
3674
3675 hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
3676 if (hcon) {
3677 hcon->state = BT_CLOSED;
3678 hci_conn_del(hcon);
3679 }
3680
3681 hci_dev_unlock(hdev);
3682}
3683
6039aa73 3684static void hci_le_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
fcd89c09
VT		 3685{
3686 struct hci_ev_le_conn_complete *ev = (void *) skb->data;
3687 struct hci_conn *conn;
68d6f6de 3688 struct smp_irk *irk;
fcd89c09 3689
9f1db00c 3690 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
fcd89c09
VT		 3691
3692 hci_dev_lock(hdev);
3693
b47a09b3 3694 conn = hci_conn_hash_lookup_state(hdev, LE_LINK, BT_CONNECT);
b62f328b
VT		 3695 if (!conn) {
3696 conn = hci_conn_add(hdev, LE_LINK, &ev->bdaddr);
3697 if (!conn) {
3698 BT_ERR("No memory for new connection");
230fd16a 3699 goto unlock;
b62f328b 3700 }
29b7988a
AG		 3701
3702 conn->dst_type = ev->bdaddr_type;
b9b343d2 3703
880be4e8
MH		 3704 /* The advertising parameters for own address type
3705 * define which source address and source address
3706 * type this connections has.
3707 */
3708 if (bacmp(&conn->src, BDADDR_ANY)) {
3709 conn->src_type = ADDR_LE_DEV_PUBLIC;
3710 } else {
3711 bacpy(&conn->src, &hdev->static_addr);
3712 conn->src_type = ADDR_LE_DEV_RANDOM;
3713 }
3714
b9b343d2
AG		 3715 if (ev->role == LE_CONN_ROLE_MASTER) {
3716 conn->out = true;
3717 conn->link_mode |= HCI_LM_MASTER;
3718 }
b62f328b 3719 }
fcd89c09 3720
7be2edbb
JH		 3721 /* Ensure that the hci_conn contains the identity address type
3722 * regardless of which address the connection was made with.
7be2edbb 3723 */
a1f4c318 3724 hci_copy_identity_address(hdev, &conn->src, &conn->src_type);
7be2edbb 3725
edb4b466
MH		 3726 /* Lookup the identity address from the stored connection
3727 * address and address type.
3728 *
3729 * When establishing connections to an identity address, the
3730 * connection procedure will store the resolvable random
3731 * address first. Now if it can be converted back into the
3732 * identity address, start using the identity address from
3733 * now on.
3734 */
3735 irk = hci_get_irk(hdev, &conn->dst, conn->dst_type);
68d6f6de
JH		 3736 if (irk) {
3737 bacpy(&conn->dst, &irk->bdaddr);
3738 conn->dst_type = irk->addr_type;
3739 }
3740
cd17decb 3741 if (ev->status) {
06c053fb 3742 hci_le_conn_failed(conn, ev->status);
cd17decb
AG		 3743 goto unlock;
3744 }
3745
b644ba33 3746 if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
01fdb0fc 3747 mgmt_device_connected(hdev, &conn->dst, conn->type,
04124681 3748 conn->dst_type, 0, NULL, 0, NULL);
83bc71b4 3749
7b5c0d52 3750 conn->sec_level = BT_SECURITY_LOW;
fcd89c09
VT		 3751 conn->handle = __le16_to_cpu(ev->handle);
3752 conn->state = BT_CONNECTED;
3753
18722c24
JR		 3754 if (test_bit(HCI_6LOWPAN_ENABLED, &hdev->dev_flags))
3755 set_bit(HCI_CONN_6LOWPAN, &conn->flags);
3756
fcd89c09
VT		 3757 hci_conn_add_sysfs(conn);
3758
3759 hci_proto_connect_cfm(conn, ev->status);
3760
a4790dbd
AG		 3761 hci_pend_le_conn_del(hdev, &conn->dst, conn->dst_type);
3762
fcd89c09
VT		 3763unlock:
3764 hci_dev_unlock(hdev);
3765}
3766
a4790dbd
AG		 3767/* This function requires the caller holds hdev->lock */
3768static void check_pending_le_conn(struct hci_dev *hdev, bdaddr_t *addr,
3769 u8 addr_type)
3770{
3771 struct hci_conn *conn;
5b906a84
AG		 3772 struct smp_irk *irk;
3773
3774 /* If this is a resolvable address, we should resolve it and then
3775 * update address and address type variables.
3776 */
3777 irk = hci_get_irk(hdev, addr, addr_type);
3778 if (irk) {
3779 addr = &irk->bdaddr;
3780 addr_type = irk->addr_type;
3781 }
a4790dbd
AG		 3782
3783 if (!hci_pend_le_conn_lookup(hdev, addr, addr_type))
3784 return;
3785
3786 conn = hci_connect_le(hdev, addr, addr_type, BT_SECURITY_LOW,
3787 HCI_AT_NO_BONDING);
3788 if (!IS_ERR(conn))
3789 return;
3790
3791 switch (PTR_ERR(conn)) {
3792 case -EBUSY:
3793 /* If hci_connect() returns -EBUSY it means there is already
3794 * an LE connection attempt going on. Since controllers don't
3795 * support more than one connection attempt at the time, we
3796 * don't consider this an error case.
3797 */
3798 break;
3799 default:
3800 BT_DBG("Failed to connect: err %ld", PTR_ERR(conn));
3801 }
3802}
3803
6039aa73 3804static void hci_le_adv_report_evt(struct hci_dev *hdev, struct sk_buff *skb)
9aa04c91 3805{
e95beb41
AG		 3806 u8 num_reports = skb->data[0];
3807 void *ptr = &skb->data[1];
3c9e9195 3808 s8 rssi;
9aa04c91 3809
a4790dbd
AG		 3810 hci_dev_lock(hdev);
3811
e95beb41
AG		 3812 while (num_reports--) {
3813 struct hci_ev_le_advertising_info *ev = ptr;
9aa04c91 3814
a4790dbd
AG		 3815 if (ev->evt_type == LE_ADV_IND ||
3816 ev->evt_type == LE_ADV_DIRECT_IND)
3817 check_pending_le_conn(hdev, &ev->bdaddr,
3818 ev->bdaddr_type);
3819
3c9e9195
AG		 3820 rssi = ev->data[ev->length];
3821 mgmt_device_found(hdev, &ev->bdaddr, LE_LINK, ev->bdaddr_type,
04124681 3822 NULL, rssi, 0, 1, ev->data, ev->length);
3c9e9195 3823
e95beb41 3824 ptr += sizeof(*ev) + ev->length + 1;
9aa04c91 3825 }
a4790dbd
AG		 3826
3827 hci_dev_unlock(hdev);
9aa04c91
AG		 3828}
3829
6039aa73 3830static void hci_le_ltk_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
a7a595f6
VCG		 3831{
3832 struct hci_ev_le_ltk_req *ev = (void *) skb->data;
3833 struct hci_cp_le_ltk_reply cp;
bea710fe 3834 struct hci_cp_le_ltk_neg_reply neg;
a7a595f6 3835 struct hci_conn *conn;
c9839a11 3836 struct smp_ltk *ltk;
a7a595f6 3837
9f1db00c 3838 BT_DBG("%s handle 0x%4.4x", hdev->name, __le16_to_cpu(ev->handle));
a7a595f6
VCG		 3839
3840 hci_dev_lock(hdev);
3841
3842 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
bea710fe
VCG		 3843 if (conn == NULL)
3844 goto not_found;
a7a595f6 3845
98a0b845 3846 ltk = hci_find_ltk(hdev, ev->ediv, ev->random, conn->out);
bea710fe
VCG		 3847 if (ltk == NULL)
3848 goto not_found;
3849
3850 memcpy(cp.ltk, ltk->val, sizeof(ltk->val));
a7a595f6 3851 cp.handle = cpu_to_le16(conn->handle);
c9839a11
VCG		 3852
3853 if (ltk->authenticated)
f8776218
AG		 3854 conn->pending_sec_level = BT_SECURITY_HIGH;
3855 else
3856 conn->pending_sec_level = BT_SECURITY_MEDIUM;
a7a595f6 3857
89cbb4da 3858 conn->enc_key_size = ltk->enc_size;
a7a595f6
VCG		 3859
3860 hci_send_cmd(hdev, HCI_OP_LE_LTK_REPLY, sizeof(cp), &cp);
3861
c9839a11
VCG		 3862 if (ltk->type & HCI_SMP_STK) {
3863 list_del(&ltk->list);
3864 kfree(ltk);
3865 }
3866
a7a595f6 3867 hci_dev_unlock(hdev);
bea710fe
VCG		 3868
3869 return;
3870
3871not_found:
3872 neg.handle = ev->handle;
3873 hci_send_cmd(hdev, HCI_OP_LE_LTK_NEG_REPLY, sizeof(neg), &neg);
3874 hci_dev_unlock(hdev);
a7a595f6
VCG		 3875}
3876
6039aa73 3877static void hci_le_meta_evt(struct hci_dev *hdev, struct sk_buff *skb)
fcd89c09
VT		 3878{
3879 struct hci_ev_le_meta *le_ev = (void *) skb->data;
3880
3881 skb_pull(skb, sizeof(*le_ev));
3882
3883 switch (le_ev->subevent) {
3884 case HCI_EV_LE_CONN_COMPLETE:
3885 hci_le_conn_complete_evt(hdev, skb);
3886 break;
3887
9aa04c91
AG		 3888 case HCI_EV_LE_ADVERTISING_REPORT:
3889 hci_le_adv_report_evt(hdev, skb);
3890 break;
3891
a7a595f6
VCG		 3892 case HCI_EV_LE_LTK_REQ:
3893 hci_le_ltk_request_evt(hdev, skb);
3894 break;
3895
fcd89c09
VT		 3896 default:
3897 break;
3898 }
3899}
3900
9495b2ee
AE		 3901static void hci_chan_selected_evt(struct hci_dev *hdev, struct sk_buff *skb)
3902{
3903 struct hci_ev_channel_selected *ev = (void *) skb->data;
3904 struct hci_conn *hcon;
3905
3906 BT_DBG("%s handle 0x%2.2x", hdev->name, ev->phy_handle);
3907
3908 skb_pull(skb, sizeof(*ev));
3909
3910 hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
3911 if (!hcon)
3912 return;
3913
3914 amp_read_loc_assoc_final_data(hdev, hcon);
3915}
3916
a9de9248
MH		 3917void hci_event_packet(struct hci_dev *hdev, struct sk_buff *skb)
3918{
3919 struct hci_event_hdr *hdr = (void *) skb->data;
3920 __u8 event = hdr->evt;
3921
b6ddb638
JH		 3922 hci_dev_lock(hdev);
3923
3924 /* Received events are (currently) only needed when a request is
3925 * ongoing so avoid unnecessary memory allocation.
3926 */
3927 if (hdev->req_status == HCI_REQ_PEND) {
3928 kfree_skb(hdev->recv_evt);
3929 hdev->recv_evt = skb_clone(skb, GFP_KERNEL);
3930 }
3931
3932 hci_dev_unlock(hdev);
3933
a9de9248
MH		 3934 skb_pull(skb, HCI_EVENT_HDR_SIZE);
3935
02350a72 3936 if (hdev->sent_cmd && bt_cb(hdev->sent_cmd)->req.event == event) {
c1f23a2b
JB		 3937 struct hci_command_hdr *cmd_hdr = (void *) hdev->sent_cmd->data;
3938 u16 opcode = __le16_to_cpu(cmd_hdr->opcode);
02350a72
JH		 3939
3940 hci_req_cmd_complete(hdev, opcode, 0);
3941 }
3942
a9de9248 3943 switch (event) {
1da177e4
LT		 3944 case HCI_EV_INQUIRY_COMPLETE:
3945 hci_inquiry_complete_evt(hdev, skb);
3946 break;
3947
3948 case HCI_EV_INQUIRY_RESULT:
3949 hci_inquiry_result_evt(hdev, skb);
3950 break;
3951
a9de9248
MH		 3952 case HCI_EV_CONN_COMPLETE:
3953 hci_conn_complete_evt(hdev, skb);
21d9e30e
MH		 3954 break;
3955
1da177e4
LT		 3956 case HCI_EV_CONN_REQUEST:
3957 hci_conn_request_evt(hdev, skb);
3958 break;
3959
1da177e4
LT		 3960 case HCI_EV_DISCONN_COMPLETE:
3961 hci_disconn_complete_evt(hdev, skb);
3962 break;
3963
1da177e4
LT		 3964 case HCI_EV_AUTH_COMPLETE:
3965 hci_auth_complete_evt(hdev, skb);
3966 break;
3967
a9de9248
MH		 3968 case HCI_EV_REMOTE_NAME:
3969 hci_remote_name_evt(hdev, skb);
3970 break;
3971
1da177e4
LT		 3972 case HCI_EV_ENCRYPT_CHANGE:
3973 hci_encrypt_change_evt(hdev, skb);
3974 break;
3975
a9de9248
MH		 3976 case HCI_EV_CHANGE_LINK_KEY_COMPLETE:
3977 hci_change_link_key_complete_evt(hdev, skb);
3978 break;
3979
3980 case HCI_EV_REMOTE_FEATURES:
3981 hci_remote_features_evt(hdev, skb);
3982 break;
3983
a9de9248
MH		 3984 case HCI_EV_CMD_COMPLETE:
3985 hci_cmd_complete_evt(hdev, skb);
3986 break;
3987
3988 case HCI_EV_CMD_STATUS:
3989 hci_cmd_status_evt(hdev, skb);
3990 break;
3991
3992 case HCI_EV_ROLE_CHANGE:
3993 hci_role_change_evt(hdev, skb);
3994 break;
3995
3996 case HCI_EV_NUM_COMP_PKTS:
3997 hci_num_comp_pkts_evt(hdev, skb);
3998 break;
3999
4000 case HCI_EV_MODE_CHANGE:
4001 hci_mode_change_evt(hdev, skb);
1da177e4
LT		 4002 break;
4003
4004 case HCI_EV_PIN_CODE_REQ:
4005 hci_pin_code_request_evt(hdev, skb);
4006 break;
4007
4008 case HCI_EV_LINK_KEY_REQ:
4009 hci_link_key_request_evt(hdev, skb);
4010 break;
4011
4012 case HCI_EV_LINK_KEY_NOTIFY:
4013 hci_link_key_notify_evt(hdev, skb);
4014 break;
4015
4016 case HCI_EV_CLOCK_OFFSET:
4017 hci_clock_offset_evt(hdev, skb);
4018 break;
4019
a8746417
MH		 4020 case HCI_EV_PKT_TYPE_CHANGE:
4021 hci_pkt_type_change_evt(hdev, skb);
4022 break;
4023
85a1e930
MH		 4024 case HCI_EV_PSCAN_REP_MODE:
4025 hci_pscan_rep_mode_evt(hdev, skb);
4026 break;
4027
a9de9248
MH		 4028 case HCI_EV_INQUIRY_RESULT_WITH_RSSI:
4029 hci_inquiry_result_with_rssi_evt(hdev, skb);
04837f64
MH		 4030 break;
4031
a9de9248
MH		 4032 case HCI_EV_REMOTE_EXT_FEATURES:
4033 hci_remote_ext_features_evt(hdev, skb);
1da177e4
LT		 4034 break;
4035
a9de9248
MH		 4036 case HCI_EV_SYNC_CONN_COMPLETE:
4037 hci_sync_conn_complete_evt(hdev, skb);
4038 break;
1da177e4 4039
a9de9248
MH		 4040 case HCI_EV_EXTENDED_INQUIRY_RESULT:
4041 hci_extended_inquiry_result_evt(hdev, skb);
4042 break;
1da177e4 4043
1c2e0041
JH		 4044 case HCI_EV_KEY_REFRESH_COMPLETE:
4045 hci_key_refresh_complete_evt(hdev, skb);
4046 break;
4047
0493684e
MH		 4048 case HCI_EV_IO_CAPA_REQUEST:
4049 hci_io_capa_request_evt(hdev, skb);
4050 break;
4051
03b555e1
JH		 4052 case HCI_EV_IO_CAPA_REPLY:
4053 hci_io_capa_reply_evt(hdev, skb);
4054 break;
4055
a5c29683
JH		 4056 case HCI_EV_USER_CONFIRM_REQUEST:
4057 hci_user_confirm_request_evt(hdev, skb);
4058 break;
4059
1143d458
BG		 4060 case HCI_EV_USER_PASSKEY_REQUEST:
4061 hci_user_passkey_request_evt(hdev, skb);
4062 break;
4063
92a25256
JH		 4064 case HCI_EV_USER_PASSKEY_NOTIFY:
4065 hci_user_passkey_notify_evt(hdev, skb);
4066 break;
4067
4068 case HCI_EV_KEYPRESS_NOTIFY:
4069 hci_keypress_notify_evt(hdev, skb);
4070 break;
4071
0493684e
MH		 4072 case HCI_EV_SIMPLE_PAIR_COMPLETE:
4073 hci_simple_pair_complete_evt(hdev, skb);
4074 break;
4075
41a96212
MH		 4076 case HCI_EV_REMOTE_HOST_FEATURES:
4077 hci_remote_host_features_evt(hdev, skb);
4078 break;
4079
fcd89c09
VT		 4080 case HCI_EV_LE_META:
4081 hci_le_meta_evt(hdev, skb);
4082 break;
4083
9495b2ee
AE		 4084 case HCI_EV_CHANNEL_SELECTED:
4085 hci_chan_selected_evt(hdev, skb);
4086 break;
4087
2763eda6
SJ		 4088 case HCI_EV_REMOTE_OOB_DATA_REQUEST:
4089 hci_remote_oob_data_request_evt(hdev, skb);
4090 break;
4091
d5e91192
AE		 4092 case HCI_EV_PHY_LINK_COMPLETE:
4093 hci_phy_link_complete_evt(hdev, skb);
4094 break;
4095
27695fb4
AE		 4096 case HCI_EV_LOGICAL_LINK_COMPLETE:
4097 hci_loglink_complete_evt(hdev, skb);
4098 break;
4099
606e2a10
AE		 4100 case HCI_EV_DISCONN_LOGICAL_LINK_COMPLETE:
4101 hci_disconn_loglink_complete_evt(hdev, skb);
4102 break;
4103
9eef6b3a
AE		 4104 case HCI_EV_DISCONN_PHY_LINK_COMPLETE:
4105 hci_disconn_phylink_complete_evt(hdev, skb);
4106 break;
4107
25e89e99
AE		 4108 case HCI_EV_NUM_COMP_BLOCKS:
4109 hci_num_comp_blocks_evt(hdev, skb);
4110 break;
4111
a9de9248 4112 default:
9f1db00c 4113 BT_DBG("%s event 0x%2.2x", hdev->name, event);
1da177e4
LT		 4114 break;
4115 }
4116
4117 kfree_skb(skb);
4118 hdev->stat.evt_rx++;
4119}
Linux 6.x block layer and io_uring tree(s)