projects / linux-2.6-block.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Bluetooth: Use helper function to determine BR/EDR OOB data present
[linux-2.6-block.git] / net / bluetooth / hci_event.c
CommitLineData
8e87d142 1/*
1da177e4 2 BlueZ - Bluetooth protocol stack for Linux
2d0a0346 3 Copyright (c) 2000-2001, 2010, Code Aurora Forum. All rights reserved.
1da177e4
LT		 4
5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
8e87d142
YH		 15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
1da177e4
LT		 18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
8e87d142
YH		 20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
1da177e4
LT		 22 SOFTWARE IS DISCLAIMED.
23*/
24
25/* Bluetooth HCI event handling. */
26
1da177e4
LT		 27#include <asm/unaligned.h>
28
29#include <net/bluetooth/bluetooth.h>
30#include <net/bluetooth/hci_core.h>
f0d6a0ea 31#include <net/bluetooth/mgmt.h>
7ef9fbf0 32
0857dd3b 33#include "hci_request.h"
23b9ceb7 34#include "hci_debugfs.h"
7024728e 35#include "a2mp.h"
7ef9fbf0 36#include "amp.h"
2ceba539 37#include "smp.h"
1da177e4 38
1da177e4
LT		 39/* Handle HCI Event packets */
40
a9de9248 41static void hci_cc_inquiry_cancel(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 42{
a9de9248 43 __u8 status = *((__u8 *) skb->data);
1da177e4 44
9f1db00c 45 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1da177e4 46
82f4785c 47 if (status)
a9de9248 48 return;
1da177e4 49
89352e7d 50 clear_bit(HCI_INQUIRY, &hdev->flags);
4e857c58 51 smp_mb__after_atomic(); /* wake_up_bit advises about this barrier */
3e13fa1e 52 wake_up_bit(&hdev->flags, HCI_INQUIRY);
89352e7d 53
50143a43
JH		 54 hci_dev_lock(hdev);
55 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
56 hci_dev_unlock(hdev);
57
a9de9248
MH		 58 hci_conn_check_pending(hdev);
59}
6bd57416 60
4d93483b
AG		 61static void hci_cc_periodic_inq(struct hci_dev *hdev, struct sk_buff *skb)
62{
63 __u8 status = *((__u8 *) skb->data);
64
9f1db00c 65 BT_DBG("%s status 0x%2.2x", hdev->name, status);
ae854a70
AG		 66
67 if (status)
68 return;
69
70 set_bit(HCI_PERIODIC_INQ, &hdev->dev_flags);
4d93483b
AG		 71}
72
a9de9248
MH		 73static void hci_cc_exit_periodic_inq(struct hci_dev *hdev, struct sk_buff *skb)
74{
75 __u8 status = *((__u8 *) skb->data);
6bd57416 76
9f1db00c 77 BT_DBG("%s status 0x%2.2x", hdev->name, status);
6bd57416 78
a9de9248
MH		 79 if (status)
80 return;
1da177e4 81
ae854a70
AG		 82 clear_bit(HCI_PERIODIC_INQ, &hdev->dev_flags);
83
a9de9248
MH		 84 hci_conn_check_pending(hdev);
85}
86
807deac2
GP		 87static void hci_cc_remote_name_req_cancel(struct hci_dev *hdev,
88 struct sk_buff *skb)
a9de9248
MH		 89{
90 BT_DBG("%s", hdev->name);
91}
92
93static void hci_cc_role_discovery(struct hci_dev *hdev, struct sk_buff *skb)
94{
95 struct hci_rp_role_discovery *rp = (void *) skb->data;
96 struct hci_conn *conn;
97
9f1db00c 98 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
a9de9248
MH		 99
100 if (rp->status)
101 return;
102
103 hci_dev_lock(hdev);
104
105 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
40bef302
JH		 106 if (conn)
107 conn->role = rp->role;
a9de9248
MH		 108
109 hci_dev_unlock(hdev);
1da177e4
LT		 110}
111
e4e8e37c
MH		 112static void hci_cc_read_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
113{
114 struct hci_rp_read_link_policy *rp = (void *) skb->data;
115 struct hci_conn *conn;
116
9f1db00c 117 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
e4e8e37c
MH		 118
119 if (rp->status)
120 return;
121
122 hci_dev_lock(hdev);
123
124 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
125 if (conn)
126 conn->link_policy = __le16_to_cpu(rp->policy);
127
128 hci_dev_unlock(hdev);
129}
130
a9de9248 131static void hci_cc_write_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 132{
a9de9248 133 struct hci_rp_write_link_policy *rp = (void *) skb->data;
1da177e4 134 struct hci_conn *conn;
04837f64 135 void *sent;
1da177e4 136
9f1db00c 137 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1da177e4 138
a9de9248
MH		 139 if (rp->status)
140 return;
1da177e4 141
a9de9248
MH		 142 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LINK_POLICY);
143 if (!sent)
144 return;
1da177e4 145
a9de9248 146 hci_dev_lock(hdev);
1da177e4 147
a9de9248 148 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
e4e8e37c 149 if (conn)
83985319 150 conn->link_policy = get_unaligned_le16(sent + 2);
1da177e4 151
a9de9248
MH		 152 hci_dev_unlock(hdev);
153}
1da177e4 154
807deac2
GP		 155static void hci_cc_read_def_link_policy(struct hci_dev *hdev,
156 struct sk_buff *skb)
e4e8e37c
MH		 157{
158 struct hci_rp_read_def_link_policy *rp = (void *) skb->data;
159
9f1db00c 160 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
e4e8e37c
MH		 161
162 if (rp->status)
163 return;
164
165 hdev->link_policy = __le16_to_cpu(rp->policy);
166}
167
807deac2
GP		 168static void hci_cc_write_def_link_policy(struct hci_dev *hdev,
169 struct sk_buff *skb)
e4e8e37c
MH		 170{
171 __u8 status = *((__u8 *) skb->data);
172 void *sent;
173
9f1db00c 174 BT_DBG("%s status 0x%2.2x", hdev->name, status);
e4e8e37c 175
45296acd
MH		 176 if (status)
177 return;
178
e4e8e37c
MH		 179 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_DEF_LINK_POLICY);
180 if (!sent)
181 return;
182
45296acd 183 hdev->link_policy = get_unaligned_le16(sent);
e4e8e37c
MH		 184}
185
a9de9248
MH		 186static void hci_cc_reset(struct hci_dev *hdev, struct sk_buff *skb)
187{
188 __u8 status = *((__u8 *) skb->data);
04837f64 189
9f1db00c 190 BT_DBG("%s status 0x%2.2x", hdev->name, status);
04837f64 191
10572132
GP		 192 clear_bit(HCI_RESET, &hdev->flags);
193
8761f9d6
MH		 194 if (status)
195 return;
196
a297e97c 197 /* Reset all non-persistent flags */
2cc6fb00 198 hdev->dev_flags &= ~HCI_PERSISTENT_MASK;
69775ff6
AG		 199
200 hdev->discovery.state = DISCOVERY_STOPPED;
bbaf444a
JH		 201 hdev->inq_tx_power = HCI_TX_POWER_INVALID;
202 hdev->adv_tx_power = HCI_TX_POWER_INVALID;
3f0f524b
JH		 203
204 memset(hdev->adv_data, 0, sizeof(hdev->adv_data));
205 hdev->adv_data_len = 0;
f8e808bd
MH		 206
207 memset(hdev->scan_rsp_data, 0, sizeof(hdev->scan_rsp_data));
208 hdev->scan_rsp_data_len = 0;
06f5b778 209
533553f8
MH		 210 hdev->le_scan_type = LE_SCAN_PASSIVE;
211
06f5b778 212 hdev->ssp_debug_mode = 0;
a4d5504d
MH		 213
214 hci_bdaddr_list_clear(&hdev->le_white_list);
a9de9248 215}
04837f64 216
c2f0f979
MH		 217static void hci_cc_read_stored_link_key(struct hci_dev *hdev,
218 struct sk_buff *skb)
219{
220 struct hci_rp_read_stored_link_key *rp = (void *)skb->data;
221 struct hci_cp_read_stored_link_key *sent;
222
223 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
224
225 sent = hci_sent_cmd_data(hdev, HCI_OP_READ_STORED_LINK_KEY);
226 if (!sent)
227 return;
228
229 if (!rp->status && sent->read_all == 0x01) {
230 hdev->stored_max_keys = rp->max_keys;
231 hdev->stored_num_keys = rp->num_keys;
232 }
233}
234
a9366120
MH		 235static void hci_cc_delete_stored_link_key(struct hci_dev *hdev,
236 struct sk_buff *skb)
237{
238 struct hci_rp_delete_stored_link_key *rp = (void *)skb->data;
239
240 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
241
242 if (rp->status)
243 return;
244
245 if (rp->num_keys <= hdev->stored_num_keys)
246 hdev->stored_num_keys -= rp->num_keys;
247 else
248 hdev->stored_num_keys = 0;
249}
250
a9de9248
MH		 251static void hci_cc_write_local_name(struct hci_dev *hdev, struct sk_buff *skb)
252{
253 __u8 status = *((__u8 *) skb->data);
254 void *sent;
04837f64 255
9f1db00c 256 BT_DBG("%s status 0x%2.2x", hdev->name, status);
04837f64 257
a9de9248
MH		 258 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LOCAL_NAME);
259 if (!sent)
260 return;
04837f64 261
56e5cb86
JH		 262 hci_dev_lock(hdev);
263
f51d5b24
JH		 264 if (test_bit(HCI_MGMT, &hdev->dev_flags))
265 mgmt_set_local_name_complete(hdev, sent, status);
28cc7bde
JH		 266 else if (!status)
267 memcpy(hdev->dev_name, sent, HCI_MAX_NAME_LENGTH);
f51d5b24 268
56e5cb86 269 hci_dev_unlock(hdev);
a9de9248
MH		 270}
271
272static void hci_cc_read_local_name(struct hci_dev *hdev, struct sk_buff *skb)
273{
274 struct hci_rp_read_local_name *rp = (void *) skb->data;
275
9f1db00c 276 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
a9de9248
MH		 277
278 if (rp->status)
279 return;
280
8bfe8442
MH		 281 if (test_bit(HCI_SETUP, &hdev->dev_flags) ||
282 test_bit(HCI_CONFIG, &hdev->dev_flags))
db99b5fc 283 memcpy(hdev->dev_name, rp->name, HCI_MAX_NAME_LENGTH);
a9de9248
MH		 284}
285
286static void hci_cc_write_auth_enable(struct hci_dev *hdev, struct sk_buff *skb)
287{
288 __u8 status = *((__u8 *) skb->data);
289 void *sent;
290
9f1db00c 291 BT_DBG("%s status 0x%2.2x", hdev->name, status);
a9de9248
MH		 292
293 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_AUTH_ENABLE);
294 if (!sent)
295 return;
296
5c1a4c8f
JK		 297 hci_dev_lock(hdev);
298
a9de9248
MH		 299 if (!status) {
300 __u8 param = *((__u8 *) sent);
301
302 if (param == AUTH_ENABLED)
303 set_bit(HCI_AUTH, &hdev->flags);
304 else
305 clear_bit(HCI_AUTH, &hdev->flags);
1da177e4 306 }
a9de9248 307
33ef95ed
JH		 308 if (test_bit(HCI_MGMT, &hdev->dev_flags))
309 mgmt_auth_enable_complete(hdev, status);
5c1a4c8f
JK		 310
311 hci_dev_unlock(hdev);
1da177e4
LT		 312}
313
a9de9248 314static void hci_cc_write_encrypt_mode(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 315{
a9de9248 316 __u8 status = *((__u8 *) skb->data);
45296acd 317 __u8 param;
1da177e4
LT		 318 void *sent;
319
9f1db00c 320 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1da177e4 321
45296acd
MH		 322 if (status)
323 return;
324
a9de9248
MH		 325 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_ENCRYPT_MODE);
326 if (!sent)
327 return;
1da177e4 328
45296acd 329 param = *((__u8 *) sent);
a9de9248 330
45296acd
MH		 331 if (param)
332 set_bit(HCI_ENCRYPT, &hdev->flags);
333 else
334 clear_bit(HCI_ENCRYPT, &hdev->flags);
a9de9248 335}
1da177e4 336
a9de9248
MH		 337static void hci_cc_write_scan_enable(struct hci_dev *hdev, struct sk_buff *skb)
338{
45296acd
MH		 339 __u8 status = *((__u8 *) skb->data);
340 __u8 param;
a9de9248 341 void *sent;
1da177e4 342
9f1db00c 343 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1da177e4 344
a9de9248
MH		 345 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SCAN_ENABLE);
346 if (!sent)
347 return;
1da177e4 348
36f7fc7e
JH		 349 param = *((__u8 *) sent);
350
56e5cb86
JH		 351 hci_dev_lock(hdev);
352
fa1bd918 353 if (status) {
2d7cee58
JH		 354 hdev->discov_timeout = 0;
355 goto done;
356 }
357
bc6d2d04 358 if (param & SCAN_INQUIRY)
36f7fc7e 359 set_bit(HCI_ISCAN, &hdev->flags);
bc6d2d04
JH		 360 else
361 clear_bit(HCI_ISCAN, &hdev->flags);
36f7fc7e 362
031547d8 363 if (param & SCAN_PAGE)
36f7fc7e 364 set_bit(HCI_PSCAN, &hdev->flags);
bc6d2d04 365 else
204e3990 366 clear_bit(HCI_PSCAN, &hdev->flags);
1da177e4 367
36f7fc7e 368done:
56e5cb86 369 hci_dev_unlock(hdev);
a9de9248 370}
1da177e4 371
a9de9248
MH		 372static void hci_cc_read_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
373{
374 struct hci_rp_read_class_of_dev *rp = (void *) skb->data;
1da177e4 375
9f1db00c 376 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1da177e4 377
a9de9248
MH		 378 if (rp->status)
379 return;
1da177e4 380
a9de9248 381 memcpy(hdev->dev_class, rp->dev_class, 3);
1da177e4 382
a9de9248 383 BT_DBG("%s class 0x%.2x%.2x%.2x", hdev->name,
807deac2 384 hdev->dev_class[2], hdev->dev_class[1], hdev->dev_class[0]);
a9de9248 385}
1da177e4 386
a9de9248
MH		 387static void hci_cc_write_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
388{
389 __u8 status = *((__u8 *) skb->data);
390 void *sent;
1da177e4 391
9f1db00c 392 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1da177e4 393
a9de9248
MH		 394 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_CLASS_OF_DEV);
395 if (!sent)
396 return;
1da177e4 397
7f9a903c
MH		 398 hci_dev_lock(hdev);
399
400 if (status == 0)
401 memcpy(hdev->dev_class, sent, 3);
402
403 if (test_bit(HCI_MGMT, &hdev->dev_flags))
404 mgmt_set_class_of_dev_complete(hdev, sent, status);
405
406 hci_dev_unlock(hdev);
a9de9248 407}
1da177e4 408
a9de9248
MH		 409static void hci_cc_read_voice_setting(struct hci_dev *hdev, struct sk_buff *skb)
410{
411 struct hci_rp_read_voice_setting *rp = (void *) skb->data;
412 __u16 setting;
413
9f1db00c 414 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
a9de9248
MH		 415
416 if (rp->status)
417 return;
418
419 setting = __le16_to_cpu(rp->voice_setting);
420
f383f275 421 if (hdev->voice_setting == setting)
a9de9248
MH		 422 return;
423
424 hdev->voice_setting = setting;
425
9f1db00c 426 BT_DBG("%s voice setting 0x%4.4x", hdev->name, setting);
a9de9248 427
3c54711c 428 if (hdev->notify)
a9de9248 429 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
a9de9248
MH		 430}
431
8fc9ced3
GP		 432static void hci_cc_write_voice_setting(struct hci_dev *hdev,
433 struct sk_buff *skb)
a9de9248
MH		 434{
435 __u8 status = *((__u8 *) skb->data);
f383f275 436 __u16 setting;
a9de9248
MH		 437 void *sent;
438
9f1db00c 439 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1da177e4 440
f383f275
MH		 441 if (status)
442 return;
443
a9de9248
MH		 444 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_VOICE_SETTING);
445 if (!sent)
446 return;
1da177e4 447
f383f275 448 setting = get_unaligned_le16(sent);
1da177e4 449
f383f275
MH		 450 if (hdev->voice_setting == setting)
451 return;
452
453 hdev->voice_setting = setting;
1da177e4 454
9f1db00c 455 BT_DBG("%s voice setting 0x%4.4x", hdev->name, setting);
1da177e4 456
3c54711c 457 if (hdev->notify)
f383f275 458 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
1da177e4
LT		 459}
460
b4cb9fb2
MH		 461static void hci_cc_read_num_supported_iac(struct hci_dev *hdev,
462 struct sk_buff *skb)
463{
464 struct hci_rp_read_num_supported_iac *rp = (void *) skb->data;
465
466 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
467
468 if (rp->status)
469 return;
470
471 hdev->num_iac = rp->num_iac;
472
473 BT_DBG("%s num iac %d", hdev->name, hdev->num_iac);
474}
475
333140b5
MH		 476static void hci_cc_write_ssp_mode(struct hci_dev *hdev, struct sk_buff *skb)
477{
478 __u8 status = *((__u8 *) skb->data);
5ed8eb2f 479 struct hci_cp_write_ssp_mode *sent;
333140b5 480
9f1db00c 481 BT_DBG("%s status 0x%2.2x", hdev->name, status);
333140b5 482
333140b5
MH		 483 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SSP_MODE);
484 if (!sent)
485 return;
486
5c1a4c8f
JK		 487 hci_dev_lock(hdev);
488
5ed8eb2f
JH		 489 if (!status) {
490 if (sent->mode)
cad718ed 491 hdev->features[1][0] |= LMP_HOST_SSP;
5ed8eb2f 492 else
cad718ed 493 hdev->features[1][0] &= ~LMP_HOST_SSP;
5ed8eb2f
JH		 494 }
495
ed2c4ee3 496 if (test_bit(HCI_MGMT, &hdev->dev_flags))
5ed8eb2f 497 mgmt_ssp_enable_complete(hdev, sent->mode, status);
c0ecddc2 498 else if (!status) {
5ed8eb2f 499 if (sent->mode)
c0ecddc2
JH		 500 set_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
501 else
502 clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
503 }
5c1a4c8f
JK		 504
505 hci_dev_unlock(hdev);
333140b5
MH		 506}
507
eac83dc6
MH		 508static void hci_cc_write_sc_support(struct hci_dev *hdev, struct sk_buff *skb)
509{
510 u8 status = *((u8 *) skb->data);
511 struct hci_cp_write_sc_support *sent;
512
513 BT_DBG("%s status 0x%2.2x", hdev->name, status);
514
515 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SC_SUPPORT);
516 if (!sent)
517 return;
518
5c1a4c8f
JK		 519 hci_dev_lock(hdev);
520
eac83dc6
MH		 521 if (!status) {
522 if (sent->support)
523 hdev->features[1][0] |= LMP_HOST_SC;
524 else
525 hdev->features[1][0] &= ~LMP_HOST_SC;
526 }
527
a1443f5a 528 if (!test_bit(HCI_MGMT, &hdev->dev_flags) && !status) {
eac83dc6
MH		 529 if (sent->support)
530 set_bit(HCI_SC_ENABLED, &hdev->dev_flags);
531 else
532 clear_bit(HCI_SC_ENABLED, &hdev->dev_flags);
533 }
5c1a4c8f
JK		 534
535 hci_dev_unlock(hdev);
eac83dc6
MH		 536}
537
a9de9248
MH		 538static void hci_cc_read_local_version(struct hci_dev *hdev, struct sk_buff *skb)
539{
540 struct hci_rp_read_local_version *rp = (void *) skb->data;
1143e5a6 541
9f1db00c 542 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1143e5a6 543
a9de9248 544 if (rp->status)
42c6b129 545 return;
1143e5a6 546
8bfe8442
MH		 547 if (test_bit(HCI_SETUP, &hdev->dev_flags) ||
548 test_bit(HCI_CONFIG, &hdev->dev_flags)) {
0d5551f5
MH		 549 hdev->hci_ver = rp->hci_ver;
550 hdev->hci_rev = __le16_to_cpu(rp->hci_rev);
551 hdev->lmp_ver = rp->lmp_ver;
552 hdev->manufacturer = __le16_to_cpu(rp->manufacturer);
553 hdev->lmp_subver = __le16_to_cpu(rp->lmp_subver);
554 }
d5859e22
JH		 555}
556
8fc9ced3
GP		 557static void hci_cc_read_local_commands(struct hci_dev *hdev,
558 struct sk_buff *skb)
a9de9248
MH		 559{
560 struct hci_rp_read_local_commands *rp = (void *) skb->data;
1da177e4 561
9f1db00c 562 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1da177e4 563
6a070e6e
MH		 564 if (rp->status)
565 return;
566
8bfe8442
MH		 567 if (test_bit(HCI_SETUP, &hdev->dev_flags) ||
568 test_bit(HCI_CONFIG, &hdev->dev_flags))
2177bab5 569 memcpy(hdev->commands, rp->commands, sizeof(hdev->commands));
a9de9248 570}
1da177e4 571
8fc9ced3
GP		 572static void hci_cc_read_local_features(struct hci_dev *hdev,
573 struct sk_buff *skb)
a9de9248
MH		 574{
575 struct hci_rp_read_local_features *rp = (void *) skb->data;
5b7f9909 576
9f1db00c 577 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1da177e4 578
a9de9248
MH		 579 if (rp->status)
580 return;
5b7f9909 581
a9de9248 582 memcpy(hdev->features, rp->features, 8);
5b7f9909 583
a9de9248
MH		 584 /* Adjust default settings according to features
585 * supported by device. */
1da177e4 586
cad718ed 587 if (hdev->features[0][0] & LMP_3SLOT)
a9de9248 588 hdev->pkt_type |= (HCI_DM3 | HCI_DH3);
1da177e4 589
cad718ed 590 if (hdev->features[0][0] & LMP_5SLOT)
a9de9248 591 hdev->pkt_type |= (HCI_DM5 | HCI_DH5);
1da177e4 592
cad718ed 593 if (hdev->features[0][1] & LMP_HV2) {
a9de9248
MH		 594 hdev->pkt_type |= (HCI_HV2);
595 hdev->esco_type |= (ESCO_HV2);
596 }
1da177e4 597
cad718ed 598 if (hdev->features[0][1] & LMP_HV3) {
a9de9248
MH		 599 hdev->pkt_type |= (HCI_HV3);
600 hdev->esco_type |= (ESCO_HV3);
601 }
1da177e4 602
45db810f 603 if (lmp_esco_capable(hdev))
a9de9248 604 hdev->esco_type |= (ESCO_EV3);
da1f5198 605
cad718ed 606 if (hdev->features[0][4] & LMP_EV4)
a9de9248 607 hdev->esco_type |= (ESCO_EV4);
da1f5198 608
cad718ed 609 if (hdev->features[0][4] & LMP_EV5)
a9de9248 610 hdev->esco_type |= (ESCO_EV5);
1da177e4 611
cad718ed 612 if (hdev->features[0][5] & LMP_EDR_ESCO_2M)
efc7688b
MH		 613 hdev->esco_type |= (ESCO_2EV3);
614
cad718ed 615 if (hdev->features[0][5] & LMP_EDR_ESCO_3M)
efc7688b
MH		 616 hdev->esco_type |= (ESCO_3EV3);
617
cad718ed 618 if (hdev->features[0][5] & LMP_EDR_3S_ESCO)
efc7688b 619 hdev->esco_type |= (ESCO_2EV5 | ESCO_3EV5);
a9de9248 620}
1da177e4 621
971e3a4b 622static void hci_cc_read_local_ext_features(struct hci_dev *hdev,
807deac2 623 struct sk_buff *skb)
971e3a4b
AG		 624{
625 struct hci_rp_read_local_ext_features *rp = (void *) skb->data;
626
9f1db00c 627 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
971e3a4b
AG		 628
629 if (rp->status)
42c6b129 630 return;
971e3a4b 631
57af75a8
MH		 632 if (hdev->max_page < rp->max_page)
633 hdev->max_page = rp->max_page;
d2c5d77f 634
cad718ed
JH		 635 if (rp->page < HCI_MAX_PAGES)
636 memcpy(hdev->features[rp->page], rp->features, 8);
971e3a4b
AG		 637}
638
1e89cffb 639static void hci_cc_read_flow_control_mode(struct hci_dev *hdev,
807deac2 640 struct sk_buff *skb)
1e89cffb
AE		 641{
642 struct hci_rp_read_flow_control_mode *rp = (void *) skb->data;
643
9f1db00c 644 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1e89cffb 645
45296acd
MH		 646 if (rp->status)
647 return;
648
649 hdev->flow_ctl_mode = rp->mode;
1e89cffb
AE		 650}
651
a9de9248
MH		 652static void hci_cc_read_buffer_size(struct hci_dev *hdev, struct sk_buff *skb)
653{
654 struct hci_rp_read_buffer_size *rp = (void *) skb->data;
1da177e4 655
9f1db00c 656 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1da177e4 657
a9de9248
MH		 658 if (rp->status)
659 return;
1da177e4 660
a9de9248
MH		 661 hdev->acl_mtu = __le16_to_cpu(rp->acl_mtu);
662 hdev->sco_mtu = rp->sco_mtu;
663 hdev->acl_pkts = __le16_to_cpu(rp->acl_max_pkt);
664 hdev->sco_pkts = __le16_to_cpu(rp->sco_max_pkt);
665
666 if (test_bit(HCI_QUIRK_FIXUP_BUFFER_SIZE, &hdev->quirks)) {
667 hdev->sco_mtu = 64;
668 hdev->sco_pkts = 8;
1da177e4 669 }
a9de9248
MH		 670
671 hdev->acl_cnt = hdev->acl_pkts;
672 hdev->sco_cnt = hdev->sco_pkts;
673
807deac2
GP		 674 BT_DBG("%s acl mtu %d:%d sco mtu %d:%d", hdev->name, hdev->acl_mtu,
675 hdev->acl_pkts, hdev->sco_mtu, hdev->sco_pkts);
a9de9248
MH		 676}
677
678static void hci_cc_read_bd_addr(struct hci_dev *hdev, struct sk_buff *skb)
679{
680 struct hci_rp_read_bd_addr *rp = (void *) skb->data;
681
9f1db00c 682 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
a9de9248 683
e30d3f5f
MH		 684 if (rp->status)
685 return;
686
687 if (test_bit(HCI_INIT, &hdev->flags))
a9de9248 688 bacpy(&hdev->bdaddr, &rp->bdaddr);
e30d3f5f
MH		 689
690 if (test_bit(HCI_SETUP, &hdev->dev_flags))
691 bacpy(&hdev->setup_addr, &rp->bdaddr);
23bb5763
JH		 692}
693
f332ec66
JH		 694static void hci_cc_read_page_scan_activity(struct hci_dev *hdev,
695 struct sk_buff *skb)
696{
697 struct hci_rp_read_page_scan_activity *rp = (void *) skb->data;
698
699 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
700
45296acd
MH		 701 if (rp->status)
702 return;
703
704 if (test_bit(HCI_INIT, &hdev->flags)) {
f332ec66
JH		 705 hdev->page_scan_interval = __le16_to_cpu(rp->interval);
706 hdev->page_scan_window = __le16_to_cpu(rp->window);
707 }
708}
709
4a3ee763
JH		 710static void hci_cc_write_page_scan_activity(struct hci_dev *hdev,
711 struct sk_buff *skb)
712{
713 u8 status = *((u8 *) skb->data);
714 struct hci_cp_write_page_scan_activity *sent;
715
716 BT_DBG("%s status 0x%2.2x", hdev->name, status);
717
718 if (status)
719 return;
720
721 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY);
722 if (!sent)
723 return;
724
725 hdev->page_scan_interval = __le16_to_cpu(sent->interval);
726 hdev->page_scan_window = __le16_to_cpu(sent->window);
727}
728
f332ec66
JH		 729static void hci_cc_read_page_scan_type(struct hci_dev *hdev,
730 struct sk_buff *skb)
731{
732 struct hci_rp_read_page_scan_type *rp = (void *) skb->data;
733
734 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
735
45296acd
MH		 736 if (rp->status)
737 return;
738
739 if (test_bit(HCI_INIT, &hdev->flags))
f332ec66
JH		 740 hdev->page_scan_type = rp->type;
741}
742
4a3ee763
JH		 743static void hci_cc_write_page_scan_type(struct hci_dev *hdev,
744 struct sk_buff *skb)
745{
746 u8 status = *((u8 *) skb->data);
747 u8 *type;
748
749 BT_DBG("%s status 0x%2.2x", hdev->name, status);
750
751 if (status)
752 return;
753
754 type = hci_sent_cmd_data(hdev, HCI_OP_WRITE_PAGE_SCAN_TYPE);
755 if (type)
756 hdev->page_scan_type = *type;
757}
758
350ee4cf 759static void hci_cc_read_data_block_size(struct hci_dev *hdev,
807deac2 760 struct sk_buff *skb)
350ee4cf
AE		 761{
762 struct hci_rp_read_data_block_size *rp = (void *) skb->data;
763
9f1db00c 764 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
350ee4cf
AE		 765
766 if (rp->status)
767 return;
768
769 hdev->block_mtu = __le16_to_cpu(rp->max_acl_len);
770 hdev->block_len = __le16_to_cpu(rp->block_len);
771 hdev->num_blocks = __le16_to_cpu(rp->num_blocks);
772
773 hdev->block_cnt = hdev->num_blocks;
774
775 BT_DBG("%s blk mtu %d cnt %d len %d", hdev->name, hdev->block_mtu,
807deac2 776 hdev->block_cnt, hdev->block_len);
350ee4cf
AE		 777}
778
33f35721
JH		 779static void hci_cc_read_clock(struct hci_dev *hdev, struct sk_buff *skb)
780{
781 struct hci_rp_read_clock *rp = (void *) skb->data;
782 struct hci_cp_read_clock *cp;
783 struct hci_conn *conn;
784
785 BT_DBG("%s", hdev->name);
786
787 if (skb->len < sizeof(*rp))
788 return;
789
790 if (rp->status)
791 return;
792
793 hci_dev_lock(hdev);
794
795 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_CLOCK);
796 if (!cp)
797 goto unlock;
798
799 if (cp->which == 0x00) {
800 hdev->clock = le32_to_cpu(rp->clock);
801 goto unlock;
802 }
803
804 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
805 if (conn) {
806 conn->clock = le32_to_cpu(rp->clock);
807 conn->clock_accuracy = le16_to_cpu(rp->accuracy);
808 }
809
810unlock:
811 hci_dev_unlock(hdev);
812}
813
928abaa7 814static void hci_cc_read_local_amp_info(struct hci_dev *hdev,
807deac2 815 struct sk_buff *skb)
928abaa7
AE		 816{
817 struct hci_rp_read_local_amp_info *rp = (void *) skb->data;
818
9f1db00c 819 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
928abaa7
AE		 820
821 if (rp->status)
8e2a0d92 822 goto a2mp_rsp;
928abaa7
AE		 823
824 hdev->amp_status = rp->amp_status;
825 hdev->amp_total_bw = __le32_to_cpu(rp->total_bw);
826 hdev->amp_max_bw = __le32_to_cpu(rp->max_bw);
827 hdev->amp_min_latency = __le32_to_cpu(rp->min_latency);
828 hdev->amp_max_pdu = __le32_to_cpu(rp->max_pdu);
829 hdev->amp_type = rp->amp_type;
830 hdev->amp_pal_cap = __le16_to_cpu(rp->pal_cap);
831 hdev->amp_assoc_size = __le16_to_cpu(rp->max_assoc_size);
832 hdev->amp_be_flush_to = __le32_to_cpu(rp->be_flush_to);
833 hdev->amp_max_flush_to = __le32_to_cpu(rp->max_flush_to);
834
8e2a0d92
AE		 835a2mp_rsp:
836 a2mp_send_getinfo_rsp(hdev);
928abaa7
AE		 837}
838
903e4541
AE		 839static void hci_cc_read_local_amp_assoc(struct hci_dev *hdev,
840 struct sk_buff *skb)
841{
842 struct hci_rp_read_local_amp_assoc *rp = (void *) skb->data;
843 struct amp_assoc *assoc = &hdev->loc_assoc;
844 size_t rem_len, frag_len;
845
846 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
847
848 if (rp->status)
849 goto a2mp_rsp;
850
851 frag_len = skb->len - sizeof(*rp);
852 rem_len = __le16_to_cpu(rp->rem_len);
853
854 if (rem_len > frag_len) {
2e430be3 855 BT_DBG("frag_len %zu rem_len %zu", frag_len, rem_len);
903e4541
AE		 856
857 memcpy(assoc->data + assoc->offset, rp->frag, frag_len);
858 assoc->offset += frag_len;
859
860 /* Read other fragments */
861 amp_read_loc_assoc_frag(hdev, rp->phy_handle);
862
863 return;
864 }
865
866 memcpy(assoc->data + assoc->offset, rp->frag, rem_len);
867 assoc->len = assoc->offset + rem_len;
868 assoc->offset = 0;
869
870a2mp_rsp:
871 /* Send A2MP Rsp when all fragments are received */
872 a2mp_send_getampassoc_rsp(hdev, rp->status);
9495b2ee 873 a2mp_send_create_phy_link_req(hdev, rp->status);
903e4541
AE		 874}
875
d5859e22 876static void hci_cc_read_inq_rsp_tx_power(struct hci_dev *hdev,
807deac2 877 struct sk_buff *skb)
d5859e22 878{
91c4e9b1 879 struct hci_rp_read_inq_rsp_tx_power *rp = (void *) skb->data;
d5859e22 880
9f1db00c 881 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
91c4e9b1 882
45296acd
MH		 883 if (rp->status)
884 return;
885
886 hdev->inq_tx_power = rp->tx_power;
d5859e22
JH		 887}
888
980e1a53
JH		 889static void hci_cc_pin_code_reply(struct hci_dev *hdev, struct sk_buff *skb)
890{
891 struct hci_rp_pin_code_reply *rp = (void *) skb->data;
892 struct hci_cp_pin_code_reply *cp;
893 struct hci_conn *conn;
894
9f1db00c 895 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
980e1a53 896
56e5cb86
JH		 897 hci_dev_lock(hdev);
898
a8b2d5c2 899 if (test_bit(HCI_MGMT, &hdev->dev_flags))
744cf19e 900 mgmt_pin_code_reply_complete(hdev, &rp->bdaddr, rp->status);
980e1a53 901
fa1bd918 902 if (rp->status)
56e5cb86 903 goto unlock;
980e1a53
JH		 904
905 cp = hci_sent_cmd_data(hdev, HCI_OP_PIN_CODE_REPLY);
906 if (!cp)
56e5cb86 907 goto unlock;
980e1a53
JH		 908
909 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
910 if (conn)
911 conn->pin_length = cp->pin_len;
56e5cb86
JH		 912
913unlock:
914 hci_dev_unlock(hdev);
980e1a53
JH		 915}
916
917static void hci_cc_pin_code_neg_reply(struct hci_dev *hdev, struct sk_buff *skb)
918{
919 struct hci_rp_pin_code_neg_reply *rp = (void *) skb->data;
920
9f1db00c 921 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
980e1a53 922
56e5cb86
JH		 923 hci_dev_lock(hdev);
924
a8b2d5c2 925 if (test_bit(HCI_MGMT, &hdev->dev_flags))
744cf19e 926 mgmt_pin_code_neg_reply_complete(hdev, &rp->bdaddr,
807deac2 927 rp->status);
56e5cb86
JH		 928
929 hci_dev_unlock(hdev);
980e1a53 930}
56e5cb86 931
6ed58ec5
VT		 932static void hci_cc_le_read_buffer_size(struct hci_dev *hdev,
933 struct sk_buff *skb)
934{
935 struct hci_rp_le_read_buffer_size *rp = (void *) skb->data;
936
9f1db00c 937 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
6ed58ec5
VT		 938
939 if (rp->status)
940 return;
941
942 hdev->le_mtu = __le16_to_cpu(rp->le_mtu);
943 hdev->le_pkts = rp->le_max_pkt;
944
945 hdev->le_cnt = hdev->le_pkts;
946
947 BT_DBG("%s le mtu %d:%d", hdev->name, hdev->le_mtu, hdev->le_pkts);
6ed58ec5 948}
980e1a53 949
60e77321
JH		 950static void hci_cc_le_read_local_features(struct hci_dev *hdev,
951 struct sk_buff *skb)
952{
953 struct hci_rp_le_read_local_features *rp = (void *) skb->data;
954
955 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
956
45296acd
MH		 957 if (rp->status)
958 return;
959
960 memcpy(hdev->le_features, rp->features, 8);
60e77321
JH		 961}
962
8fa19098
JH		 963static void hci_cc_le_read_adv_tx_power(struct hci_dev *hdev,
964 struct sk_buff *skb)
965{
966 struct hci_rp_le_read_adv_tx_power *rp = (void *) skb->data;
967
968 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
969
45296acd
MH		 970 if (rp->status)
971 return;
972
973 hdev->adv_tx_power = rp->tx_power;
8fa19098
JH		 974}
975
a5c29683
JH		 976static void hci_cc_user_confirm_reply(struct hci_dev *hdev, struct sk_buff *skb)
977{
978 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
979
9f1db00c 980 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
a5c29683 981
56e5cb86
JH		 982 hci_dev_lock(hdev);
983
a8b2d5c2 984 if (test_bit(HCI_MGMT, &hdev->dev_flags))
04124681
GP		 985 mgmt_user_confirm_reply_complete(hdev, &rp->bdaddr, ACL_LINK, 0,
986 rp->status);
56e5cb86
JH		 987
988 hci_dev_unlock(hdev);
a5c29683
JH		 989}
990
991static void hci_cc_user_confirm_neg_reply(struct hci_dev *hdev,
807deac2 992 struct sk_buff *skb)
a5c29683
JH		 993{
994 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
995
9f1db00c 996 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
a5c29683 997
56e5cb86
JH		 998 hci_dev_lock(hdev);
999
a8b2d5c2 1000 if (test_bit(HCI_MGMT, &hdev->dev_flags))
744cf19e 1001 mgmt_user_confirm_neg_reply_complete(hdev, &rp->bdaddr,
04124681 1002 ACL_LINK, 0, rp->status);
56e5cb86
JH		 1003
1004 hci_dev_unlock(hdev);
a5c29683
JH		 1005}
1006
1143d458
BG		 1007static void hci_cc_user_passkey_reply(struct hci_dev *hdev, struct sk_buff *skb)
1008{
1009 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
1010
9f1db00c 1011 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1143d458
BG		 1012
1013 hci_dev_lock(hdev);
1014
a8b2d5c2 1015 if (test_bit(HCI_MGMT, &hdev->dev_flags))
272d90df 1016 mgmt_user_passkey_reply_complete(hdev, &rp->bdaddr, ACL_LINK,
04124681 1017 0, rp->status);
1143d458
BG		 1018
1019 hci_dev_unlock(hdev);
1020}
1021
1022static void hci_cc_user_passkey_neg_reply(struct hci_dev *hdev,
807deac2 1023 struct sk_buff *skb)
1143d458
BG		 1024{
1025 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
1026
9f1db00c 1027 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1143d458
BG		 1028
1029 hci_dev_lock(hdev);
1030
a8b2d5c2 1031 if (test_bit(HCI_MGMT, &hdev->dev_flags))
1143d458 1032 mgmt_user_passkey_neg_reply_complete(hdev, &rp->bdaddr,
04124681 1033 ACL_LINK, 0, rp->status);
1143d458
BG		 1034
1035 hci_dev_unlock(hdev);
1036}
1037
4d2d2796
MH		 1038static void hci_cc_read_local_oob_data(struct hci_dev *hdev,
1039 struct sk_buff *skb)
c35938b2
SJ		 1040{
1041 struct hci_rp_read_local_oob_data *rp = (void *) skb->data;
1042
9f1db00c 1043 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
c35938b2 1044
56e5cb86 1045 hci_dev_lock(hdev);
38da1703
JH		 1046 mgmt_read_local_oob_data_complete(hdev, rp->hash, rp->rand, NULL, NULL,
1047 rp->status);
4d2d2796
MH		 1048 hci_dev_unlock(hdev);
1049}
1050
1051static void hci_cc_read_local_oob_ext_data(struct hci_dev *hdev,
1052 struct sk_buff *skb)
1053{
1054 struct hci_rp_read_local_oob_ext_data *rp = (void *) skb->data;
1055
1056 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1057
1058 hci_dev_lock(hdev);
38da1703
JH		 1059 mgmt_read_local_oob_data_complete(hdev, rp->hash192, rp->rand192,
1060 rp->hash256, rp->rand256,
4d2d2796 1061 rp->status);
56e5cb86 1062 hci_dev_unlock(hdev);
c35938b2
SJ		 1063}
1064
7a4cd51d
MH		 1065
1066static void hci_cc_le_set_random_addr(struct hci_dev *hdev, struct sk_buff *skb)
1067{
1068 __u8 status = *((__u8 *) skb->data);
1069 bdaddr_t *sent;
1070
1071 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1072
45296acd
MH		 1073 if (status)
1074 return;
1075
7a4cd51d
MH		 1076 sent = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_RANDOM_ADDR);
1077 if (!sent)
1078 return;
1079
1080 hci_dev_lock(hdev);
1081
45296acd 1082 bacpy(&hdev->random_addr, sent);
7a4cd51d
MH		 1083
1084 hci_dev_unlock(hdev);
1085}
1086
c1d5dc4a
JH		 1087static void hci_cc_le_set_adv_enable(struct hci_dev *hdev, struct sk_buff *skb)
1088{
1089 __u8 *sent, status = *((__u8 *) skb->data);
1090
1091 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1092
45296acd 1093 if (status)
c1d5dc4a
JH		 1094 return;
1095
45296acd
MH		 1096 sent = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_ADV_ENABLE);
1097 if (!sent)
3c857757
JH		 1098 return;
1099
c1d5dc4a
JH		 1100 hci_dev_lock(hdev);
1101
49c922bb 1102 /* If we're doing connection initiation as peripheral. Set a
3c857757
JH		 1103 * timeout in case something goes wrong.
1104 */
1105 if (*sent) {
1106 struct hci_conn *conn;
1107
66c417c1
JH		 1108 set_bit(HCI_LE_ADV, &hdev->dev_flags);
1109
3c857757
JH		 1110 conn = hci_conn_hash_lookup_state(hdev, LE_LINK, BT_CONNECT);
1111 if (conn)
1112 queue_delayed_work(hdev->workqueue,
1113 &conn->le_conn_timeout,
09ae260b 1114 conn->conn_timeout);
66c417c1
JH		 1115 } else {
1116 clear_bit(HCI_LE_ADV, &hdev->dev_flags);
3c857757
JH		 1117 }
1118
04b4edcb 1119 hci_dev_unlock(hdev);
c1d5dc4a
JH		 1120}
1121
533553f8
MH		 1122static void hci_cc_le_set_scan_param(struct hci_dev *hdev, struct sk_buff *skb)
1123{
1124 struct hci_cp_le_set_scan_param *cp;
1125 __u8 status = *((__u8 *) skb->data);
1126
1127 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1128
45296acd
MH		 1129 if (status)
1130 return;
1131
533553f8
MH		 1132 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_SCAN_PARAM);
1133 if (!cp)
1134 return;
1135
1136 hci_dev_lock(hdev);
1137
45296acd 1138 hdev->le_scan_type = cp->type;
533553f8
MH		 1139
1140 hci_dev_unlock(hdev);
1141}
1142
b9a6328f
JH		 1143static bool has_pending_adv_report(struct hci_dev *hdev)
1144{
1145 struct discovery_state *d = &hdev->discovery;
1146
1147 return bacmp(&d->last_adv_addr, BDADDR_ANY);
1148}
1149
1150static void clear_pending_adv_report(struct hci_dev *hdev)
1151{
1152 struct discovery_state *d = &hdev->discovery;
1153
1154 bacpy(&d->last_adv_addr, BDADDR_ANY);
1155 d->last_adv_data_len = 0;
1156}
1157
1158static void store_pending_adv_report(struct hci_dev *hdev, bdaddr_t *bdaddr,
c70a7e4c
MH		 1159 u8 bdaddr_type, s8 rssi, u32 flags,
1160 u8 *data, u8 len)
b9a6328f
JH		 1161{
1162 struct discovery_state *d = &hdev->discovery;
1163
1164 bacpy(&d->last_adv_addr, bdaddr);
1165 d->last_adv_addr_type = bdaddr_type;
ff5cd29f 1166 d->last_adv_rssi = rssi;
c70a7e4c 1167 d->last_adv_flags = flags;
b9a6328f
JH		 1168 memcpy(d->last_adv_data, data, len);
1169 d->last_adv_data_len = len;
1170}
1171
eb9d91f5 1172static void hci_cc_le_set_scan_enable(struct hci_dev *hdev,
807deac2 1173 struct sk_buff *skb)
eb9d91f5
AG		 1174{
1175 struct hci_cp_le_set_scan_enable *cp;
1176 __u8 status = *((__u8 *) skb->data);
1177
9f1db00c 1178 BT_DBG("%s status 0x%2.2x", hdev->name, status);
eb9d91f5 1179
45296acd 1180 if (status)
eb9d91f5
AG		 1181 return;
1182
45296acd
MH		 1183 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_SCAN_ENABLE);
1184 if (!cp)
3fd319b8
AG		 1185 return;
1186
5c1a4c8f
JK		 1187 hci_dev_lock(hdev);
1188
68a8aea4 1189 switch (cp->enable) {
76a388be 1190 case LE_SCAN_ENABLE:
d23264a8 1191 set_bit(HCI_LE_SCAN, &hdev->dev_flags);
b9a6328f
JH		 1192 if (hdev->le_scan_type == LE_SCAN_ACTIVE)
1193 clear_pending_adv_report(hdev);
68a8aea4
AE		 1194 break;
1195
76a388be 1196 case LE_SCAN_DISABLE:
b9a6328f
JH		 1197 /* We do this here instead of when setting DISCOVERY_STOPPED
1198 * since the latter would potentially require waiting for
1199 * inquiry to stop too.
1200 */
1201 if (has_pending_adv_report(hdev)) {
1202 struct discovery_state *d = &hdev->discovery;
1203
1204 mgmt_device_found(hdev, &d->last_adv_addr, LE_LINK,
ab0aa433 1205 d->last_adv_addr_type, NULL,
c70a7e4c 1206 d->last_adv_rssi, d->last_adv_flags,
ab0aa433 1207 d->last_adv_data,
b9a6328f
JH		 1208 d->last_adv_data_len, NULL, 0);
1209 }
1210
317ac8cb
JH		 1211 /* Cancel this timer so that we don't try to disable scanning
1212 * when it's already disabled.
1213 */
1214 cancel_delayed_work(&hdev->le_scan_disable);
1215
d23264a8 1216 clear_bit(HCI_LE_SCAN, &hdev->dev_flags);
e8bb6b97 1217
81ad6fd9
JH		 1218 /* The HCI_LE_SCAN_INTERRUPTED flag indicates that we
1219 * interrupted scanning due to a connect request. Mark
e8bb6b97
JH		 1220 * therefore discovery as stopped. If this was not
1221 * because of a connect request advertising might have
1222 * been disabled because of active scanning, so
1223 * re-enable it again if necessary.
81ad6fd9
JH		 1224 */
1225 if (test_and_clear_bit(HCI_LE_SCAN_INTERRUPTED,
1226 &hdev->dev_flags))
1227 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
e8bb6b97 1228 else if (!test_bit(HCI_LE_ADV, &hdev->dev_flags) &&
34722277 1229 hdev->discovery.state == DISCOVERY_FINDING)
e8bb6b97
JH		 1230 mgmt_reenable_advertising(hdev);
1231
68a8aea4
AE		 1232 break;
1233
1234 default:
1235 BT_ERR("Used reserved LE_Scan_Enable param %d", cp->enable);
1236 break;
35815085 1237 }
5c1a4c8f
JK		 1238
1239 hci_dev_unlock(hdev);
eb9d91f5
AG		 1240}
1241
cf1d081f
JH		 1242static void hci_cc_le_read_white_list_size(struct hci_dev *hdev,
1243 struct sk_buff *skb)
1244{
1245 struct hci_rp_le_read_white_list_size *rp = (void *) skb->data;
1246
1247 BT_DBG("%s status 0x%2.2x size %u", hdev->name, rp->status, rp->size);
1248
45296acd
MH		 1249 if (rp->status)
1250 return;
1251
1252 hdev->le_white_list_size = rp->size;
cf1d081f
JH		 1253}
1254
0f36b589
MH		 1255static void hci_cc_le_clear_white_list(struct hci_dev *hdev,
1256 struct sk_buff *skb)
1257{
1258 __u8 status = *((__u8 *) skb->data);
1259
1260 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1261
45296acd
MH		 1262 if (status)
1263 return;
1264
dcc36c16 1265 hci_bdaddr_list_clear(&hdev->le_white_list);
0f36b589
MH		 1266}
1267
1268static void hci_cc_le_add_to_white_list(struct hci_dev *hdev,
1269 struct sk_buff *skb)
1270{
1271 struct hci_cp_le_add_to_white_list *sent;
1272 __u8 status = *((__u8 *) skb->data);
1273
1274 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1275
45296acd
MH		 1276 if (status)
1277 return;
1278
0f36b589
MH		 1279 sent = hci_sent_cmd_data(hdev, HCI_OP_LE_ADD_TO_WHITE_LIST);
1280 if (!sent)
1281 return;
1282
dcc36c16
JH		 1283 hci_bdaddr_list_add(&hdev->le_white_list, &sent->bdaddr,
1284 sent->bdaddr_type);
0f36b589
MH		 1285}
1286
1287static void hci_cc_le_del_from_white_list(struct hci_dev *hdev,
1288 struct sk_buff *skb)
1289{
1290 struct hci_cp_le_del_from_white_list *sent;
1291 __u8 status = *((__u8 *) skb->data);
1292
1293 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1294
45296acd
MH		 1295 if (status)
1296 return;
1297
0f36b589
MH		 1298 sent = hci_sent_cmd_data(hdev, HCI_OP_LE_DEL_FROM_WHITE_LIST);
1299 if (!sent)
1300 return;
1301
dcc36c16
JH		 1302 hci_bdaddr_list_del(&hdev->le_white_list, &sent->bdaddr,
1303 sent->bdaddr_type);
0f36b589
MH		 1304}
1305
9b008c04
JH		 1306static void hci_cc_le_read_supported_states(struct hci_dev *hdev,
1307 struct sk_buff *skb)
1308{
1309 struct hci_rp_le_read_supported_states *rp = (void *) skb->data;
1310
1311 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1312
45296acd
MH		 1313 if (rp->status)
1314 return;
1315
1316 memcpy(hdev->le_states, rp->le_states, 8);
9b008c04
JH		 1317}
1318
a8e1bfaa
MH		 1319static void hci_cc_le_read_def_data_len(struct hci_dev *hdev,
1320 struct sk_buff *skb)
1321{
1322 struct hci_rp_le_read_def_data_len *rp = (void *) skb->data;
1323
1324 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1325
1326 if (rp->status)
1327 return;
1328
1329 hdev->le_def_tx_len = le16_to_cpu(rp->tx_len);
1330 hdev->le_def_tx_time = le16_to_cpu(rp->tx_time);
1331}
1332
1333static void hci_cc_le_write_def_data_len(struct hci_dev *hdev,
1334 struct sk_buff *skb)
1335{
1336 struct hci_cp_le_write_def_data_len *sent;
1337 __u8 status = *((__u8 *) skb->data);
1338
1339 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1340
1341 if (status)
1342 return;
1343
1344 sent = hci_sent_cmd_data(hdev, HCI_OP_LE_WRITE_DEF_DATA_LEN);
1345 if (!sent)
1346 return;
1347
1348 hdev->le_def_tx_len = le16_to_cpu(sent->tx_len);
1349 hdev->le_def_tx_time = le16_to_cpu(sent->tx_time);
1350}
1351
1352static void hci_cc_le_read_max_data_len(struct hci_dev *hdev,
1353 struct sk_buff *skb)
1354{
1355 struct hci_rp_le_read_max_data_len *rp = (void *) skb->data;
1356
1357 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1358
1359 if (rp->status)
1360 return;
1361
1362 hdev->le_max_tx_len = le16_to_cpu(rp->tx_len);
1363 hdev->le_max_tx_time = le16_to_cpu(rp->tx_time);
1364 hdev->le_max_rx_len = le16_to_cpu(rp->rx_len);
1365 hdev->le_max_rx_time = le16_to_cpu(rp->rx_time);
1366}
1367
6039aa73
GP		 1368static void hci_cc_write_le_host_supported(struct hci_dev *hdev,
1369 struct sk_buff *skb)
f9b49306 1370{
06199cf8 1371 struct hci_cp_write_le_host_supported *sent;
f9b49306
AG		 1372 __u8 status = *((__u8 *) skb->data);
1373
9f1db00c 1374 BT_DBG("%s status 0x%2.2x", hdev->name, status);
f9b49306 1375
45296acd
MH		 1376 if (status)
1377 return;
1378
06199cf8 1379 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED);
8f984dfa 1380 if (!sent)
f9b49306
AG		 1381 return;
1382
5c1a4c8f
JK		 1383 hci_dev_lock(hdev);
1384
45296acd
MH		 1385 if (sent->le) {
1386 hdev->features[1][0] |= LMP_HOST_LE;
1387 set_bit(HCI_LE_ENABLED, &hdev->dev_flags);
1388 } else {
1389 hdev->features[1][0] &= ~LMP_HOST_LE;
1390 clear_bit(HCI_LE_ENABLED, &hdev->dev_flags);
1391 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
8f984dfa 1392 }
45296acd
MH		 1393
1394 if (sent->simul)
1395 hdev->features[1][0] |= LMP_HOST_LE_BREDR;
1396 else
1397 hdev->features[1][0] &= ~LMP_HOST_LE_BREDR;
5c1a4c8f
JK		 1398
1399 hci_dev_unlock(hdev);
f9b49306
AG		 1400}
1401
56ed2cb8
JH		 1402static void hci_cc_set_adv_param(struct hci_dev *hdev, struct sk_buff *skb)
1403{
1404 struct hci_cp_le_set_adv_param *cp;
1405 u8 status = *((u8 *) skb->data);
1406
1407 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1408
1409 if (status)
1410 return;
1411
1412 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_ADV_PARAM);
1413 if (!cp)
1414 return;
1415
1416 hci_dev_lock(hdev);
1417 hdev->adv_addr_type = cp->own_address_type;
1418 hci_dev_unlock(hdev);
1419}
1420
93c284ee
AE		 1421static void hci_cc_write_remote_amp_assoc(struct hci_dev *hdev,
1422 struct sk_buff *skb)
1423{
1424 struct hci_rp_write_remote_amp_assoc *rp = (void *) skb->data;
1425
1426 BT_DBG("%s status 0x%2.2x phy_handle 0x%2.2x",
1427 hdev->name, rp->status, rp->phy_handle);
1428
1429 if (rp->status)
1430 return;
1431
1432 amp_write_rem_assoc_continue(hdev, rp->phy_handle);
1433}
1434
5ae76a94
AK		 1435static void hci_cc_read_rssi(struct hci_dev *hdev, struct sk_buff *skb)
1436{
1437 struct hci_rp_read_rssi *rp = (void *) skb->data;
1438 struct hci_conn *conn;
1439
1440 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1441
1442 if (rp->status)
1443 return;
1444
1445 hci_dev_lock(hdev);
1446
1447 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
1448 if (conn)
1449 conn->rssi = rp->rssi;
1450
1451 hci_dev_unlock(hdev);
1452}
1453
5a134fae
AK		 1454static void hci_cc_read_tx_power(struct hci_dev *hdev, struct sk_buff *skb)
1455{
1456 struct hci_cp_read_tx_power *sent;
1457 struct hci_rp_read_tx_power *rp = (void *) skb->data;
1458 struct hci_conn *conn;
1459
1460 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1461
1462 if (rp->status)
1463 return;
1464
1465 sent = hci_sent_cmd_data(hdev, HCI_OP_READ_TX_POWER);
1466 if (!sent)
1467 return;
1468
1469 hci_dev_lock(hdev);
1470
1471 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
d0455ed9
AK		 1472 if (!conn)
1473 goto unlock;
1474
1475 switch (sent->type) {
1476 case 0x00:
5a134fae 1477 conn->tx_power = rp->tx_power;
d0455ed9
AK		 1478 break;
1479 case 0x01:
1480 conn->max_tx_power = rp->tx_power;
1481 break;
1482 }
5a134fae 1483
d0455ed9 1484unlock:
5a134fae
AK		 1485 hci_dev_unlock(hdev);
1486}
1487
6039aa73 1488static void hci_cs_inquiry(struct hci_dev *hdev, __u8 status)
a9de9248 1489{
9f1db00c 1490 BT_DBG("%s status 0x%2.2x", hdev->name, status);
a9de9248
MH		 1491
1492 if (status) {
a9de9248 1493 hci_conn_check_pending(hdev);
314b2381
JH		 1494 return;
1495 }
1496
89352e7d 1497 set_bit(HCI_INQUIRY, &hdev->flags);
1da177e4
LT		 1498}
1499
6039aa73 1500static void hci_cs_create_conn(struct hci_dev *hdev, __u8 status)
1da177e4 1501{
a9de9248 1502 struct hci_cp_create_conn *cp;
1da177e4 1503 struct hci_conn *conn;
1da177e4 1504
9f1db00c 1505 BT_DBG("%s status 0x%2.2x", hdev->name, status);
a9de9248
MH		 1506
1507 cp = hci_sent_cmd_data(hdev, HCI_OP_CREATE_CONN);
1da177e4
LT		 1508 if (!cp)
1509 return;
1510
1511 hci_dev_lock(hdev);
1512
1513 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1514
6ed93dc6 1515 BT_DBG("%s bdaddr %pMR hcon %p", hdev->name, &cp->bdaddr, conn);
1da177e4
LT		 1516
1517 if (status) {
1518 if (conn && conn->state == BT_CONNECT) {
4c67bc74
MH		 1519 if (status != 0x0c || conn->attempt > 2) {
1520 conn->state = BT_CLOSED;
1521 hci_proto_connect_cfm(conn, status);
1522 hci_conn_del(conn);
1523 } else
1524 conn->state = BT_CONNECT2;
1da177e4
LT		 1525 }
1526 } else {
1527 if (!conn) {
a5c4e309
JH		 1528 conn = hci_conn_add(hdev, ACL_LINK, &cp->bdaddr,
1529 HCI_ROLE_MASTER);
1530 if (!conn)
893ef971 1531 BT_ERR("No memory for new connection");
1da177e4
LT		 1532 }
1533 }
1534
1535 hci_dev_unlock(hdev);
1536}
1537
a9de9248 1538static void hci_cs_add_sco(struct hci_dev *hdev, __u8 status)
1da177e4 1539{
a9de9248
MH		 1540 struct hci_cp_add_sco *cp;
1541 struct hci_conn *acl, *sco;
1542 __u16 handle;
1da177e4 1543
9f1db00c 1544 BT_DBG("%s status 0x%2.2x", hdev->name, status);
b6a0dc82 1545
a9de9248
MH		 1546 if (!status)
1547 return;
1da177e4 1548
a9de9248
MH		 1549 cp = hci_sent_cmd_data(hdev, HCI_OP_ADD_SCO);
1550 if (!cp)
1551 return;
1da177e4 1552
a9de9248 1553 handle = __le16_to_cpu(cp->handle);
1da177e4 1554
9f1db00c 1555 BT_DBG("%s handle 0x%4.4x", hdev->name, handle);
1da177e4 1556
a9de9248 1557 hci_dev_lock(hdev);
1da177e4 1558
a9de9248 1559 acl = hci_conn_hash_lookup_handle(hdev, handle);
5a08ecce
AE		 1560 if (acl) {
1561 sco = acl->link;
1562 if (sco) {
1563 sco->state = BT_CLOSED;
1da177e4 1564
5a08ecce
AE		 1565 hci_proto_connect_cfm(sco, status);
1566 hci_conn_del(sco);
1567 }
a9de9248 1568 }
1da177e4 1569
a9de9248
MH		 1570 hci_dev_unlock(hdev);
1571}
1da177e4 1572
f8558555
MH		 1573static void hci_cs_auth_requested(struct hci_dev *hdev, __u8 status)
1574{
1575 struct hci_cp_auth_requested *cp;
1576 struct hci_conn *conn;
1577
9f1db00c 1578 BT_DBG("%s status 0x%2.2x", hdev->name, status);
f8558555
MH		 1579
1580 if (!status)
1581 return;
1582
1583 cp = hci_sent_cmd_data(hdev, HCI_OP_AUTH_REQUESTED);
1584 if (!cp)
1585 return;
1586
1587 hci_dev_lock(hdev);
1588
1589 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1590 if (conn) {
1591 if (conn->state == BT_CONFIG) {
1592 hci_proto_connect_cfm(conn, status);
76a68ba0 1593 hci_conn_drop(conn);
f8558555
MH		 1594 }
1595 }
1596
1597 hci_dev_unlock(hdev);
1598}
1599
1600static void hci_cs_set_conn_encrypt(struct hci_dev *hdev, __u8 status)
1601{
1602 struct hci_cp_set_conn_encrypt *cp;
1603 struct hci_conn *conn;
1604
9f1db00c 1605 BT_DBG("%s status 0x%2.2x", hdev->name, status);
f8558555
MH		 1606
1607 if (!status)
1608 return;
1609
1610 cp = hci_sent_cmd_data(hdev, HCI_OP_SET_CONN_ENCRYPT);
1611 if (!cp)
1612 return;
1613
1614 hci_dev_lock(hdev);
1615
1616 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1617 if (conn) {
1618 if (conn->state == BT_CONFIG) {
1619 hci_proto_connect_cfm(conn, status);
76a68ba0 1620 hci_conn_drop(conn);
f8558555
MH		 1621 }
1622 }
1623
1624 hci_dev_unlock(hdev);
1625}
1626
127178d2 1627static int hci_outgoing_auth_needed(struct hci_dev *hdev,
807deac2 1628 struct hci_conn *conn)
392599b9 1629{
392599b9
JH		 1630 if (conn->state != BT_CONFIG || !conn->out)
1631 return 0;
1632
765c2a96 1633 if (conn->pending_sec_level == BT_SECURITY_SDP)
392599b9
JH		 1634 return 0;
1635
1636 /* Only request authentication for SSP connections or non-SSP
264b8b4e
JH		 1637 * devices with sec_level MEDIUM or HIGH or if MITM protection
1638 * is requested.
1639 */
807deac2 1640 if (!hci_conn_ssp_enabled(conn) && !(conn->auth_type & 0x01) &&
7e3691e1 1641 conn->pending_sec_level != BT_SECURITY_FIPS &&
264b8b4e
JH		 1642 conn->pending_sec_level != BT_SECURITY_HIGH &&
1643 conn->pending_sec_level != BT_SECURITY_MEDIUM)
392599b9
JH		 1644 return 0;
1645
392599b9
JH		 1646 return 1;
1647}
1648
6039aa73 1649static int hci_resolve_name(struct hci_dev *hdev,
04124681 1650 struct inquiry_entry *e)
30dc78e1
JH		 1651{
1652 struct hci_cp_remote_name_req cp;
1653
1654 memset(&cp, 0, sizeof(cp));
1655
1656 bacpy(&cp.bdaddr, &e->data.bdaddr);
1657 cp.pscan_rep_mode = e->data.pscan_rep_mode;
1658 cp.pscan_mode = e->data.pscan_mode;
1659 cp.clock_offset = e->data.clock_offset;
1660
1661 return hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
1662}
1663
b644ba33 1664static bool hci_resolve_next_name(struct hci_dev *hdev)
30dc78e1
JH		 1665{
1666 struct discovery_state *discov = &hdev->discovery;
1667 struct inquiry_entry *e;
1668
b644ba33
JH		 1669 if (list_empty(&discov->resolve))
1670 return false;
1671
1672 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_NEEDED);
c810089c
RM		 1673 if (!e)
1674 return false;
1675
b644ba33
JH		 1676 if (hci_resolve_name(hdev, e) == 0) {
1677 e->name_state = NAME_PENDING;
1678 return true;
1679 }
1680
1681 return false;
1682}
1683
1684static void hci_check_pending_name(struct hci_dev *hdev, struct hci_conn *conn,
04124681 1685 bdaddr_t *bdaddr, u8 *name, u8 name_len)
b644ba33
JH		 1686{
1687 struct discovery_state *discov = &hdev->discovery;
1688 struct inquiry_entry *e;
1689
60cb49d2
JH		 1690 /* Update the mgmt connected state if necessary. Be careful with
1691 * conn objects that exist but are not (yet) connected however.
1692 * Only those in BT_CONFIG or BT_CONNECTED states can be
1693 * considered connected.
1694 */
1695 if (conn &&
1696 (conn->state == BT_CONFIG || conn->state == BT_CONNECTED) &&
cb77c3ec 1697 !test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
48ec92fa 1698 mgmt_device_connected(hdev, conn, 0, name, name_len);
b644ba33
JH		 1699
1700 if (discov->state == DISCOVERY_STOPPED)
1701 return;
1702
30dc78e1
JH		 1703 if (discov->state == DISCOVERY_STOPPING)
1704 goto discov_complete;
1705
1706 if (discov->state != DISCOVERY_RESOLVING)
1707 return;
1708
1709 e = hci_inquiry_cache_lookup_resolve(hdev, bdaddr, NAME_PENDING);
7cc8380e
RM		 1710 /* If the device was not found in a list of found devices names of which
1711 * are pending. there is no need to continue resolving a next name as it
1712 * will be done upon receiving another Remote Name Request Complete
1713 * Event */
1714 if (!e)
1715 return;
1716
1717 list_del(&e->list);
1718 if (name) {
30dc78e1 1719 e->name_state = NAME_KNOWN;
7cc8380e
RM		 1720 mgmt_remote_name(hdev, bdaddr, ACL_LINK, 0x00,
1721 e->data.rssi, name, name_len);
c3e7c0d9
RM		 1722 } else {
1723 e->name_state = NAME_NOT_KNOWN;
30dc78e1
JH		 1724 }
1725
b644ba33 1726 if (hci_resolve_next_name(hdev))
30dc78e1 1727 return;
30dc78e1
JH		 1728
1729discov_complete:
1730 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1731}
1732
a9de9248
MH		 1733static void hci_cs_remote_name_req(struct hci_dev *hdev, __u8 status)
1734{
127178d2
JH		 1735 struct hci_cp_remote_name_req *cp;
1736 struct hci_conn *conn;
1737
9f1db00c 1738 BT_DBG("%s status 0x%2.2x", hdev->name, status);
127178d2
JH		 1739
1740 /* If successful wait for the name req complete event before
1741 * checking for the need to do authentication */
1742 if (!status)
1743 return;
1744
1745 cp = hci_sent_cmd_data(hdev, HCI_OP_REMOTE_NAME_REQ);
1746 if (!cp)
1747 return;
1748
1749 hci_dev_lock(hdev);
1750
b644ba33
JH		 1751 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1752
a8b2d5c2 1753 if (test_bit(HCI_MGMT, &hdev->dev_flags))
b644ba33 1754 hci_check_pending_name(hdev, conn, &cp->bdaddr, NULL, 0);
30dc78e1 1755
79c6c70c
JH		 1756 if (!conn)
1757 goto unlock;
1758
1759 if (!hci_outgoing_auth_needed(hdev, conn))
1760 goto unlock;
1761
51a8efd7 1762 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
c1f23a2b
JB		 1763 struct hci_cp_auth_requested auth_cp;
1764
977f8fce
JH		 1765 set_bit(HCI_CONN_AUTH_INITIATOR, &conn->flags);
1766
c1f23a2b
JB		 1767 auth_cp.handle = __cpu_to_le16(conn->handle);
1768 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED,
1769 sizeof(auth_cp), &auth_cp);
127178d2
JH		 1770 }
1771
79c6c70c 1772unlock:
127178d2 1773 hci_dev_unlock(hdev);
a9de9248 1774}
1da177e4 1775
769be974
MH		 1776static void hci_cs_read_remote_features(struct hci_dev *hdev, __u8 status)
1777{
1778 struct hci_cp_read_remote_features *cp;
1779 struct hci_conn *conn;
1780
9f1db00c 1781 BT_DBG("%s status 0x%2.2x", hdev->name, status);
769be974
MH		 1782
1783 if (!status)
1784 return;
1785
1786 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_FEATURES);
1787 if (!cp)
1788 return;
1789
1790 hci_dev_lock(hdev);
1791
1792 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1793 if (conn) {
1794 if (conn->state == BT_CONFIG) {
769be974 1795 hci_proto_connect_cfm(conn, status);
76a68ba0 1796 hci_conn_drop(conn);
769be974
MH		 1797 }
1798 }
1799
1800 hci_dev_unlock(hdev);
1801}
1802
1803static void hci_cs_read_remote_ext_features(struct hci_dev *hdev, __u8 status)
1804{
1805 struct hci_cp_read_remote_ext_features *cp;
1806 struct hci_conn *conn;
1807
9f1db00c 1808 BT_DBG("%s status 0x%2.2x", hdev->name, status);
769be974
MH		 1809
1810 if (!status)
1811 return;
1812
1813 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES);
1814 if (!cp)
1815 return;
1816
1817 hci_dev_lock(hdev);
1818
1819 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1820 if (conn) {
1821 if (conn->state == BT_CONFIG) {
769be974 1822 hci_proto_connect_cfm(conn, status);
76a68ba0 1823 hci_conn_drop(conn);
769be974
MH		 1824 }
1825 }
1826
1827 hci_dev_unlock(hdev);
1828}
1829
a9de9248
MH		 1830static void hci_cs_setup_sync_conn(struct hci_dev *hdev, __u8 status)
1831{
b6a0dc82
MH		 1832 struct hci_cp_setup_sync_conn *cp;
1833 struct hci_conn *acl, *sco;
1834 __u16 handle;
1835
9f1db00c 1836 BT_DBG("%s status 0x%2.2x", hdev->name, status);
b6a0dc82
MH		 1837
1838 if (!status)
1839 return;
1840
1841 cp = hci_sent_cmd_data(hdev, HCI_OP_SETUP_SYNC_CONN);
1842 if (!cp)
1843 return;
1844
1845 handle = __le16_to_cpu(cp->handle);
1846
9f1db00c 1847 BT_DBG("%s handle 0x%4.4x", hdev->name, handle);
b6a0dc82
MH		 1848
1849 hci_dev_lock(hdev);
1850
1851 acl = hci_conn_hash_lookup_handle(hdev, handle);
5a08ecce
AE		 1852 if (acl) {
1853 sco = acl->link;
1854 if (sco) {
1855 sco->state = BT_CLOSED;
b6a0dc82 1856
5a08ecce
AE		 1857 hci_proto_connect_cfm(sco, status);
1858 hci_conn_del(sco);
1859 }
b6a0dc82
MH		 1860 }
1861
1862 hci_dev_unlock(hdev);
1da177e4
LT		 1863}
1864
a9de9248 1865static void hci_cs_sniff_mode(struct hci_dev *hdev, __u8 status)
1da177e4 1866{
a9de9248
MH		 1867 struct hci_cp_sniff_mode *cp;
1868 struct hci_conn *conn;
1da177e4 1869
9f1db00c 1870 BT_DBG("%s status 0x%2.2x", hdev->name, status);
04837f64 1871
a9de9248
MH		 1872 if (!status)
1873 return;
04837f64 1874
a9de9248
MH		 1875 cp = hci_sent_cmd_data(hdev, HCI_OP_SNIFF_MODE);
1876 if (!cp)
1877 return;
04837f64 1878
a9de9248 1879 hci_dev_lock(hdev);
04837f64 1880
a9de9248 1881 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
e73439d8 1882 if (conn) {
51a8efd7 1883 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags);
04837f64 1884
51a8efd7 1885 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
e73439d8
MH		 1886 hci_sco_setup(conn, status);
1887 }
1888
a9de9248
MH		 1889 hci_dev_unlock(hdev);
1890}
04837f64 1891
a9de9248
MH		 1892static void hci_cs_exit_sniff_mode(struct hci_dev *hdev, __u8 status)
1893{
1894 struct hci_cp_exit_sniff_mode *cp;
1895 struct hci_conn *conn;
04837f64 1896
9f1db00c 1897 BT_DBG("%s status 0x%2.2x", hdev->name, status);
04837f64 1898
a9de9248
MH		 1899 if (!status)
1900 return;
04837f64 1901
a9de9248
MH		 1902 cp = hci_sent_cmd_data(hdev, HCI_OP_EXIT_SNIFF_MODE);
1903 if (!cp)
1904 return;
04837f64 1905
a9de9248 1906 hci_dev_lock(hdev);
1da177e4 1907
a9de9248 1908 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
e73439d8 1909 if (conn) {
51a8efd7 1910 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags);
1da177e4 1911
51a8efd7 1912 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
e73439d8
MH		 1913 hci_sco_setup(conn, status);
1914 }
1915
a9de9248 1916 hci_dev_unlock(hdev);
1da177e4
LT		 1917}
1918
88c3df13
JH		 1919static void hci_cs_disconnect(struct hci_dev *hdev, u8 status)
1920{
1921 struct hci_cp_disconnect *cp;
1922 struct hci_conn *conn;
1923
1924 if (!status)
1925 return;
1926
1927 cp = hci_sent_cmd_data(hdev, HCI_OP_DISCONNECT);
1928 if (!cp)
1929 return;
1930
1931 hci_dev_lock(hdev);
1932
1933 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1934 if (conn)
1935 mgmt_disconnect_failed(hdev, &conn->dst, conn->type,
04124681 1936 conn->dst_type, status);
88c3df13
JH		 1937
1938 hci_dev_unlock(hdev);
1939}
1940
a02226d6
AE		 1941static void hci_cs_create_phylink(struct hci_dev *hdev, u8 status)
1942{
93c284ee
AE		 1943 struct hci_cp_create_phy_link *cp;
1944
a02226d6 1945 BT_DBG("%s status 0x%2.2x", hdev->name, status);
93c284ee 1946
93c284ee
AE		 1947 cp = hci_sent_cmd_data(hdev, HCI_OP_CREATE_PHY_LINK);
1948 if (!cp)
1949 return;
1950
e58917b9
AE		 1951 hci_dev_lock(hdev);
1952
1953 if (status) {
1954 struct hci_conn *hcon;
1955
1956 hcon = hci_conn_hash_lookup_handle(hdev, cp->phy_handle);
1957 if (hcon)
1958 hci_conn_del(hcon);
1959 } else {
1960 amp_write_remote_assoc(hdev, cp->phy_handle);
1961 }
1962
1963 hci_dev_unlock(hdev);
a02226d6
AE		 1964}
1965
0b26ab9d
AE		 1966static void hci_cs_accept_phylink(struct hci_dev *hdev, u8 status)
1967{
1968 struct hci_cp_accept_phy_link *cp;
1969
1970 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1971
1972 if (status)
1973 return;
1974
1975 cp = hci_sent_cmd_data(hdev, HCI_OP_ACCEPT_PHY_LINK);
1976 if (!cp)
1977 return;
1978
1979 amp_write_remote_assoc(hdev, cp->phy_handle);
1980}
1981
cb1d68f7
JH		 1982static void hci_cs_le_create_conn(struct hci_dev *hdev, u8 status)
1983{
1984 struct hci_cp_le_create_conn *cp;
1985 struct hci_conn *conn;
1986
1987 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1988
1989 /* All connection failure handling is taken care of by the
1990 * hci_le_conn_failed function which is triggered by the HCI
1991 * request completion callbacks used for connecting.
1992 */
1993 if (status)
1994 return;
1995
1996 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_CREATE_CONN);
1997 if (!cp)
1998 return;
1999
2000 hci_dev_lock(hdev);
2001
2002 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->peer_addr);
2003 if (!conn)
2004 goto unlock;
2005
2006 /* Store the initiator and responder address information which
2007 * is needed for SMP. These values will not change during the
2008 * lifetime of the connection.
2009 */
2010 conn->init_addr_type = cp->own_address_type;
2011 if (cp->own_address_type == ADDR_LE_DEV_RANDOM)
2012 bacpy(&conn->init_addr, &hdev->random_addr);
2013 else
2014 bacpy(&conn->init_addr, &hdev->bdaddr);
2015
2016 conn->resp_addr_type = cp->peer_addr_type;
2017 bacpy(&conn->resp_addr, &cp->peer_addr);
2018
9489eca4
JH		 2019 /* We don't want the connection attempt to stick around
2020 * indefinitely since LE doesn't have a page timeout concept
2021 * like BR/EDR. Set a timer for any connection that doesn't use
2022 * the white list for connecting.
2023 */
2024 if (cp->filter_policy == HCI_LE_USE_PEER_ADDR)
2025 queue_delayed_work(conn->hdev->workqueue,
2026 &conn->le_conn_timeout,
09ae260b 2027 conn->conn_timeout);
9489eca4 2028
cb1d68f7
JH		 2029unlock:
2030 hci_dev_unlock(hdev);
2031}
2032
81d0c8ad
JH		 2033static void hci_cs_le_start_enc(struct hci_dev *hdev, u8 status)
2034{
2035 struct hci_cp_le_start_enc *cp;
2036 struct hci_conn *conn;
2037
2038 BT_DBG("%s status 0x%2.2x", hdev->name, status);
2039
2040 if (!status)
2041 return;
2042
2043 hci_dev_lock(hdev);
2044
2045 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_START_ENC);
2046 if (!cp)
2047 goto unlock;
2048
2049 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
2050 if (!conn)
2051 goto unlock;
2052
2053 if (conn->state != BT_CONNECTED)
2054 goto unlock;
2055
2056 hci_disconnect(conn, HCI_ERROR_AUTH_FAILURE);
2057 hci_conn_drop(conn);
2058
2059unlock:
2060 hci_dev_unlock(hdev);
2061}
2062
50fc85f1
KP		 2063static void hci_cs_switch_role(struct hci_dev *hdev, u8 status)
2064{
2065 struct hci_cp_switch_role *cp;
2066 struct hci_conn *conn;
2067
2068 BT_DBG("%s status 0x%2.2x", hdev->name, status);
2069
2070 if (!status)
2071 return;
2072
2073 cp = hci_sent_cmd_data(hdev, HCI_OP_SWITCH_ROLE);
2074 if (!cp)
2075 return;
2076
2077 hci_dev_lock(hdev);
2078
2079 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
2080 if (conn)
2081 clear_bit(HCI_CONN_RSWITCH_PEND, &conn->flags);
2082
2083 hci_dev_unlock(hdev);
2084}
2085
6039aa73 2086static void hci_inquiry_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4
LT		 2087{
2088 __u8 status = *((__u8 *) skb->data);
30dc78e1
JH		 2089 struct discovery_state *discov = &hdev->discovery;
2090 struct inquiry_entry *e;
1da177e4 2091
9f1db00c 2092 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1da177e4 2093
a9de9248 2094 hci_conn_check_pending(hdev);
89352e7d
AG		 2095
2096 if (!test_and_clear_bit(HCI_INQUIRY, &hdev->flags))
2097 return;
2098
4e857c58 2099 smp_mb__after_atomic(); /* wake_up_bit advises about this barrier */
3e13fa1e
AG		 2100 wake_up_bit(&hdev->flags, HCI_INQUIRY);
2101
a8b2d5c2 2102 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
30dc78e1
JH		 2103 return;
2104
56e5cb86 2105 hci_dev_lock(hdev);
30dc78e1 2106
343f935b 2107 if (discov->state != DISCOVERY_FINDING)
30dc78e1
JH		 2108 goto unlock;
2109
2110 if (list_empty(&discov->resolve)) {
2111 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
2112 goto unlock;
2113 }
2114
2115 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_NEEDED);
2116 if (e && hci_resolve_name(hdev, e) == 0) {
2117 e->name_state = NAME_PENDING;
2118 hci_discovery_set_state(hdev, DISCOVERY_RESOLVING);
2119 } else {
2120 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
2121 }
2122
2123unlock:
56e5cb86 2124 hci_dev_unlock(hdev);
1da177e4
LT		 2125}
2126
6039aa73 2127static void hci_inquiry_result_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 2128{
45bb4bf0 2129 struct inquiry_data data;
a9de9248 2130 struct inquiry_info *info = (void *) (skb->data + 1);
1da177e4
LT		 2131 int num_rsp = *((__u8 *) skb->data);
2132
2133 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
2134
45bb4bf0
MH		 2135 if (!num_rsp)
2136 return;
2137
1519cc17
AG		 2138 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags))
2139 return;
2140
1da177e4 2141 hci_dev_lock(hdev);
45bb4bf0 2142
e17acd40 2143 for (; num_rsp; num_rsp--, info++) {
af58925c 2144 u32 flags;
3175405b 2145
1da177e4
LT		 2146 bacpy(&data.bdaddr, &info->bdaddr);
2147 data.pscan_rep_mode = info->pscan_rep_mode;
2148 data.pscan_period_mode = info->pscan_period_mode;
2149 data.pscan_mode = info->pscan_mode;
2150 memcpy(data.dev_class, info->dev_class, 3);
2151 data.clock_offset = info->clock_offset;
efb2513f 2152 data.rssi = HCI_RSSI_INVALID;
41a96212 2153 data.ssp_mode = 0x00;
3175405b 2154
af58925c
MH		 2155 flags = hci_inquiry_cache_update(hdev, &data, false);
2156
48264f06 2157 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
efb2513f
MH		 2158 info->dev_class, HCI_RSSI_INVALID,
2159 flags, NULL, 0, NULL, 0);
1da177e4 2160 }
45bb4bf0 2161
1da177e4
LT		 2162 hci_dev_unlock(hdev);
2163}
2164
6039aa73 2165static void hci_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 2166{
a9de9248
MH		 2167 struct hci_ev_conn_complete *ev = (void *) skb->data;
2168 struct hci_conn *conn;
1da177e4
LT		 2169
2170 BT_DBG("%s", hdev->name);
2171
2172 hci_dev_lock(hdev);
2173
2174 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
9499237a
MH		 2175 if (!conn) {
2176 if (ev->link_type != SCO_LINK)
2177 goto unlock;
2178
2179 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
2180 if (!conn)
2181 goto unlock;
2182
2183 conn->type = SCO_LINK;
2184 }
1da177e4
LT		 2185
2186 if (!ev->status) {
2187 conn->handle = __le16_to_cpu(ev->handle);
769be974
MH		 2188
2189 if (conn->type == ACL_LINK) {
2190 conn->state = BT_CONFIG;
2191 hci_conn_hold(conn);
a9ea3ed9
SJ		 2192
2193 if (!conn->out && !hci_conn_ssp_enabled(conn) &&
2194 !hci_find_link_key(hdev, &ev->bdaddr))
2195 conn->disc_timeout = HCI_PAIRING_TIMEOUT;
2196 else
2197 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
769be974
MH		 2198 } else
2199 conn->state = BT_CONNECTED;
1da177e4 2200
23b9ceb7 2201 hci_debugfs_create_conn(conn);
7d0db0a3
MH		 2202 hci_conn_add_sysfs(conn);
2203
1da177e4 2204 if (test_bit(HCI_AUTH, &hdev->flags))
4dae2798 2205 set_bit(HCI_CONN_AUTH, &conn->flags);
1da177e4
LT		 2206
2207 if (test_bit(HCI_ENCRYPT, &hdev->flags))
4dae2798 2208 set_bit(HCI_CONN_ENCRYPT, &conn->flags);
1da177e4 2209
04837f64
MH		 2210 /* Get remote features */
2211 if (conn->type == ACL_LINK) {
2212 struct hci_cp_read_remote_features cp;
2213 cp.handle = ev->handle;
769be974 2214 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_FEATURES,
04124681 2215 sizeof(cp), &cp);
22f433dc 2216
1d2dc5b7 2217 hci_update_page_scan(hdev);
04837f64
MH		 2218 }
2219
1da177e4 2220 /* Set packet type for incoming connection */
d095c1eb 2221 if (!conn->out && hdev->hci_ver < BLUETOOTH_VER_2_0) {
1da177e4
LT		 2222 struct hci_cp_change_conn_ptype cp;
2223 cp.handle = ev->handle;
a8746417 2224 cp.pkt_type = cpu_to_le16(conn->pkt_type);
04124681
GP		 2225 hci_send_cmd(hdev, HCI_OP_CHANGE_CONN_PTYPE, sizeof(cp),
2226 &cp);
1da177e4 2227 }
17d5c04c 2228 } else {
1da177e4 2229 conn->state = BT_CLOSED;
17d5c04c 2230 if (conn->type == ACL_LINK)
64c7b77c 2231 mgmt_connect_failed(hdev, &conn->dst, conn->type,
04124681 2232 conn->dst_type, ev->status);
17d5c04c 2233 }
1da177e4 2234
e73439d8
MH		 2235 if (conn->type == ACL_LINK)
2236 hci_sco_setup(conn, ev->status);
1da177e4 2237
769be974
MH		 2238 if (ev->status) {
2239 hci_proto_connect_cfm(conn, ev->status);
1da177e4 2240 hci_conn_del(conn);
c89b6e6b
MH		 2241 } else if (ev->link_type != ACL_LINK)
2242 hci_proto_connect_cfm(conn, ev->status);
1da177e4 2243
a9de9248 2244unlock:
1da177e4 2245 hci_dev_unlock(hdev);
1da177e4 2246
a9de9248 2247 hci_conn_check_pending(hdev);
1da177e4
LT		 2248}
2249
70c46425
JH		 2250static void hci_reject_conn(struct hci_dev *hdev, bdaddr_t *bdaddr)
2251{
2252 struct hci_cp_reject_conn_req cp;
2253
2254 bacpy(&cp.bdaddr, bdaddr);
2255 cp.reason = HCI_ERROR_REJ_BAD_ADDR;
2256 hci_send_cmd(hdev, HCI_OP_REJECT_CONN_REQ, sizeof(cp), &cp);
2257}
2258
6039aa73 2259static void hci_conn_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 2260{
a9de9248
MH		 2261 struct hci_ev_conn_request *ev = (void *) skb->data;
2262 int mask = hdev->link_mode;
70c46425
JH		 2263 struct inquiry_entry *ie;
2264 struct hci_conn *conn;
20714bfe 2265 __u8 flags = 0;
1da177e4 2266
6ed93dc6 2267 BT_DBG("%s bdaddr %pMR type 0x%x", hdev->name, &ev->bdaddr,
807deac2 2268 ev->link_type);
1da177e4 2269
20714bfe
FD		 2270 mask |= hci_proto_connect_ind(hdev, &ev->bdaddr, ev->link_type,
2271 &flags);
1da177e4 2272
70c46425
JH		 2273 if (!(mask & HCI_LM_ACCEPT)) {
2274 hci_reject_conn(hdev, &ev->bdaddr);
2275 return;
2276 }
2277
46c4c941
JH		 2278 if (hci_bdaddr_list_lookup(&hdev->blacklist, &ev->bdaddr,
2279 BDADDR_BREDR)) {
2280 hci_reject_conn(hdev, &ev->bdaddr);
2281 return;
2282 }
2283
6a8fc95c
JH		 2284 /* Require HCI_CONNECTABLE or a whitelist entry to accept the
2285 * connection. These features are only touched through mgmt so
2286 * only do the checks if HCI_MGMT is set.
2287 */
2288 if (test_bit(HCI_MGMT, &hdev->dev_flags) &&
2289 !test_bit(HCI_CONNECTABLE, &hdev->dev_flags) &&
46c4c941
JH		 2290 !hci_bdaddr_list_lookup(&hdev->whitelist, &ev->bdaddr,
2291 BDADDR_BREDR)) {
2292 hci_reject_conn(hdev, &ev->bdaddr);
2293 return;
70c46425 2294 }
1da177e4 2295
70c46425 2296 /* Connection accepted */
b6a0dc82 2297
70c46425
JH		 2298 hci_dev_lock(hdev);
2299
2300 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
2301 if (ie)
2302 memcpy(ie->data.dev_class, ev->dev_class, 3);
c7bdd502 2303
70c46425
JH		 2304 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type,
2305 &ev->bdaddr);
2306 if (!conn) {
a5c4e309
JH		 2307 conn = hci_conn_add(hdev, ev->link_type, &ev->bdaddr,
2308 HCI_ROLE_SLAVE);
a9de9248 2309 if (!conn) {
70c46425
JH		 2310 BT_ERR("No memory for new connection");
2311 hci_dev_unlock(hdev);
2312 return;
1da177e4 2313 }
70c46425 2314 }
b6a0dc82 2315
70c46425 2316 memcpy(conn->dev_class, ev->dev_class, 3);
b6a0dc82 2317
70c46425 2318 hci_dev_unlock(hdev);
1da177e4 2319
70c46425
JH		 2320 if (ev->link_type == ACL_LINK ||
2321 (!(flags & HCI_PROTO_DEFER) && !lmp_esco_capable(hdev))) {
2322 struct hci_cp_accept_conn_req cp;
2323 conn->state = BT_CONNECT;
1da177e4 2324
70c46425 2325 bacpy(&cp.bdaddr, &ev->bdaddr);
b6a0dc82 2326
70c46425
JH		 2327 if (lmp_rswitch_capable(hdev) && (mask & HCI_LM_MASTER))
2328 cp.role = 0x00; /* Become master */
2329 else
2330 cp.role = 0x01; /* Remain slave */
b6a0dc82 2331
70c46425
JH		 2332 hci_send_cmd(hdev, HCI_OP_ACCEPT_CONN_REQ, sizeof(cp), &cp);
2333 } else if (!(flags & HCI_PROTO_DEFER)) {
2334 struct hci_cp_accept_sync_conn_req cp;
2335 conn->state = BT_CONNECT;
b6a0dc82 2336
70c46425
JH		 2337 bacpy(&cp.bdaddr, &ev->bdaddr);
2338 cp.pkt_type = cpu_to_le16(conn->pkt_type);
b6a0dc82 2339
70c46425
JH		 2340 cp.tx_bandwidth = cpu_to_le32(0x00001f40);
2341 cp.rx_bandwidth = cpu_to_le32(0x00001f40);
2342 cp.max_latency = cpu_to_le16(0xffff);
2343 cp.content_format = cpu_to_le16(hdev->voice_setting);
2344 cp.retrans_effort = 0xff;
1da177e4 2345
70c46425
JH		 2346 hci_send_cmd(hdev, HCI_OP_ACCEPT_SYNC_CONN_REQ, sizeof(cp),
2347 &cp);
a9de9248 2348 } else {
70c46425
JH		 2349 conn->state = BT_CONNECT2;
2350 hci_proto_connect_cfm(conn, 0);
1da177e4 2351 }
1da177e4
LT		 2352}
2353
f0d6a0ea
MA		 2354static u8 hci_to_mgmt_reason(u8 err)
2355{
2356 switch (err) {
2357 case HCI_ERROR_CONNECTION_TIMEOUT:
2358 return MGMT_DEV_DISCONN_TIMEOUT;
2359 case HCI_ERROR_REMOTE_USER_TERM:
2360 case HCI_ERROR_REMOTE_LOW_RESOURCES:
2361 case HCI_ERROR_REMOTE_POWER_OFF:
2362 return MGMT_DEV_DISCONN_REMOTE;
2363 case HCI_ERROR_LOCAL_HOST_TERM:
2364 return MGMT_DEV_DISCONN_LOCAL_HOST;
2365 default:
2366 return MGMT_DEV_DISCONN_UNKNOWN;
2367 }
2368}
2369
6039aa73 2370static void hci_disconn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
04837f64 2371{
a9de9248 2372 struct hci_ev_disconn_complete *ev = (void *) skb->data;
abf54a50 2373 u8 reason = hci_to_mgmt_reason(ev->reason);
9fcb18ef 2374 struct hci_conn_params *params;
04837f64 2375 struct hci_conn *conn;
12d4a3b2 2376 bool mgmt_connected;
3846220b 2377 u8 type;
04837f64 2378
9f1db00c 2379 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
04837f64
MH		 2380
2381 hci_dev_lock(hdev);
2382
2383 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
f7520543
JH		 2384 if (!conn)
2385 goto unlock;
7d0db0a3 2386
abf54a50
AG		 2387 if (ev->status) {
2388 mgmt_disconnect_failed(hdev, &conn->dst, conn->type,
2389 conn->dst_type, ev->status);
2390 goto unlock;
37d9ef76 2391 }
f7520543 2392
3846220b
AG		 2393 conn->state = BT_CLOSED;
2394
12d4a3b2
JH		 2395 mgmt_connected = test_and_clear_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags);
2396 mgmt_device_disconnected(hdev, &conn->dst, conn->type, conn->dst_type,
2397 reason, mgmt_connected);
abf54a50 2398
22f433dc
JH		 2399 if (conn->type == ACL_LINK) {
2400 if (test_bit(HCI_CONN_FLUSH_KEY, &conn->flags))
2401 hci_remove_link_key(hdev, &conn->dst);
2402
1d2dc5b7 2403 hci_update_page_scan(hdev);
22f433dc 2404 }
2210246c 2405
9fcb18ef
AG		 2406 params = hci_conn_params_lookup(hdev, &conn->dst, conn->dst_type);
2407 if (params) {
2408 switch (params->auto_connect) {
2409 case HCI_AUTO_CONN_LINK_LOSS:
2410 if (ev->reason != HCI_ERROR_CONNECTION_TIMEOUT)
2411 break;
2412 /* Fall through */
2413
4b9e7e75 2414 case HCI_AUTO_CONN_DIRECT:
9fcb18ef 2415 case HCI_AUTO_CONN_ALWAYS:
418025d1
JH		 2416 list_del_init(&params->action);
2417 list_add(&params->action, &hdev->pend_le_conns);
2418 hci_update_background_scan(hdev);
9fcb18ef
AG		 2419 break;
2420
2421 default:
2422 break;
2423 }
2424 }
2425
3846220b 2426 type = conn->type;
2210246c 2427
3846220b
AG		 2428 hci_proto_disconn_cfm(conn, ev->reason);
2429 hci_conn_del(conn);
2430
2431 /* Re-enable advertising if necessary, since it might
2432 * have been disabled by the connection. From the
2433 * HCI_LE_Set_Advertise_Enable command description in
2434 * the core specification (v4.0):
2435 * "The Controller shall continue advertising until the Host
2436 * issues an LE_Set_Advertise_Enable command with
2437 * Advertising_Enable set to 0x00 (Advertising is disabled)
2438 * or until a connection is created or until the Advertising
2439 * is timed out due to Directed Advertising."
2440 */
2441 if (type == LE_LINK)
2442 mgmt_reenable_advertising(hdev);
f7520543
JH		 2443
2444unlock:
04837f64
MH		 2445 hci_dev_unlock(hdev);
2446}
2447
6039aa73 2448static void hci_auth_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 2449{
a9de9248 2450 struct hci_ev_auth_complete *ev = (void *) skb->data;
04837f64 2451 struct hci_conn *conn;
1da177e4 2452
9f1db00c 2453 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
1da177e4
LT		 2454
2455 hci_dev_lock(hdev);
2456
04837f64 2457 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
d7556e20
WR		 2458 if (!conn)
2459 goto unlock;
2460
2461 if (!ev->status) {
aa64a8b5 2462 if (!hci_conn_ssp_enabled(conn) &&
807deac2 2463 test_bit(HCI_CONN_REAUTH_PEND, &conn->flags)) {
d7556e20 2464 BT_INFO("re-auth of legacy device is not possible.");
2a611692 2465 } else {
4dae2798 2466 set_bit(HCI_CONN_AUTH, &conn->flags);
d7556e20 2467 conn->sec_level = conn->pending_sec_level;
2a611692 2468 }
d7556e20 2469 } else {
e1e930f5 2470 mgmt_auth_failed(conn, ev->status);
d7556e20 2471 }
1da177e4 2472
51a8efd7
JH		 2473 clear_bit(HCI_CONN_AUTH_PEND, &conn->flags);
2474 clear_bit(HCI_CONN_REAUTH_PEND, &conn->flags);
1da177e4 2475
d7556e20 2476 if (conn->state == BT_CONFIG) {
aa64a8b5 2477 if (!ev->status && hci_conn_ssp_enabled(conn)) {
d7556e20
WR		 2478 struct hci_cp_set_conn_encrypt cp;
2479 cp.handle = ev->handle;
2480 cp.encrypt = 0x01;
2481 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
807deac2 2482 &cp);
052b30b0 2483 } else {
d7556e20
WR		 2484 conn->state = BT_CONNECTED;
2485 hci_proto_connect_cfm(conn, ev->status);
76a68ba0 2486 hci_conn_drop(conn);
052b30b0 2487 }
d7556e20
WR		 2488 } else {
2489 hci_auth_cfm(conn, ev->status);
052b30b0 2490
d7556e20
WR		 2491 hci_conn_hold(conn);
2492 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
76a68ba0 2493 hci_conn_drop(conn);
d7556e20
WR		 2494 }
2495
51a8efd7 2496 if (test_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags)) {
d7556e20
WR		 2497 if (!ev->status) {
2498 struct hci_cp_set_conn_encrypt cp;
2499 cp.handle = ev->handle;
2500 cp.encrypt = 0x01;
2501 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
807deac2 2502 &cp);
d7556e20 2503 } else {
51a8efd7 2504 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
d7556e20 2505 hci_encrypt_cfm(conn, ev->status, 0x00);
1da177e4
LT		 2506 }
2507 }
2508
d7556e20 2509unlock:
1da177e4
LT		 2510 hci_dev_unlock(hdev);
2511}
2512
6039aa73 2513static void hci_remote_name_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 2514{
127178d2
JH		 2515 struct hci_ev_remote_name *ev = (void *) skb->data;
2516 struct hci_conn *conn;
2517
a9de9248 2518 BT_DBG("%s", hdev->name);
1da177e4 2519
a9de9248 2520 hci_conn_check_pending(hdev);
127178d2
JH		 2521
2522 hci_dev_lock(hdev);
2523
b644ba33 2524 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
30dc78e1 2525
b644ba33
JH		 2526 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
2527 goto check_auth;
a88a9652 2528
b644ba33
JH		 2529 if (ev->status == 0)
2530 hci_check_pending_name(hdev, conn, &ev->bdaddr, ev->name,
04124681 2531 strnlen(ev->name, HCI_MAX_NAME_LENGTH));
b644ba33
JH		 2532 else
2533 hci_check_pending_name(hdev, conn, &ev->bdaddr, NULL, 0);
2534
2535check_auth:
79c6c70c
JH		 2536 if (!conn)
2537 goto unlock;
2538
2539 if (!hci_outgoing_auth_needed(hdev, conn))
2540 goto unlock;
2541
51a8efd7 2542 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
127178d2 2543 struct hci_cp_auth_requested cp;
977f8fce
JH		 2544
2545 set_bit(HCI_CONN_AUTH_INITIATOR, &conn->flags);
2546
127178d2
JH		 2547 cp.handle = __cpu_to_le16(conn->handle);
2548 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp);
2549 }
2550
79c6c70c 2551unlock:
127178d2 2552 hci_dev_unlock(hdev);
a9de9248
MH		 2553}
2554
6039aa73 2555static void hci_encrypt_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248
MH		 2556{
2557 struct hci_ev_encrypt_change *ev = (void *) skb->data;
2558 struct hci_conn *conn;
2559
9f1db00c 2560 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
1da177e4
LT		 2561
2562 hci_dev_lock(hdev);
2563
04837f64 2564 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
dc8357cc
MH		 2565 if (!conn)
2566 goto unlock;
1da177e4 2567
dc8357cc
MH		 2568 if (!ev->status) {
2569 if (ev->encrypt) {
2570 /* Encryption implies authentication */
4dae2798
JH		 2571 set_bit(HCI_CONN_AUTH, &conn->flags);
2572 set_bit(HCI_CONN_ENCRYPT, &conn->flags);
dc8357cc 2573 conn->sec_level = conn->pending_sec_level;
abf76bad 2574
914a6ffe
MH		 2575 /* P-256 authentication key implies FIPS */
2576 if (conn->key_type == HCI_LK_AUTH_COMBINATION_P256)
4dae2798 2577 set_bit(HCI_CONN_FIPS, &conn->flags);
914a6ffe 2578
abf76bad
MH		 2579 if ((conn->type == ACL_LINK && ev->encrypt == 0x02) ||
2580 conn->type == LE_LINK)
2581 set_bit(HCI_CONN_AES_CCM, &conn->flags);
2582 } else {
4dae2798 2583 clear_bit(HCI_CONN_ENCRYPT, &conn->flags);
abf76bad
MH		 2584 clear_bit(HCI_CONN_AES_CCM, &conn->flags);
2585 }
dc8357cc 2586 }
a7d7723a 2587
7ed3fa20
JH		 2588 /* We should disregard the current RPA and generate a new one
2589 * whenever the encryption procedure fails.
2590 */
2591 if (ev->status && conn->type == LE_LINK)
2592 set_bit(HCI_RPA_EXPIRED, &hdev->dev_flags);
2593
dc8357cc 2594 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
f8558555 2595
dc8357cc
MH		 2596 if (ev->status && conn->state == BT_CONNECTED) {
2597 hci_disconnect(conn, HCI_ERROR_AUTH_FAILURE);
2598 hci_conn_drop(conn);
2599 goto unlock;
1da177e4
LT		 2600 }
2601
dc8357cc
MH		 2602 if (conn->state == BT_CONFIG) {
2603 if (!ev->status)
2604 conn->state = BT_CONNECTED;
2605
40b552aa
MH		 2606 /* In Secure Connections Only mode, do not allow any
2607 * connections that are not encrypted with AES-CCM
2608 * using a P-256 authenticated combination key.
2609 */
2610 if (test_bit(HCI_SC_ONLY, &hdev->dev_flags) &&
2611 (!test_bit(HCI_CONN_AES_CCM, &conn->flags) ||
2612 conn->key_type != HCI_LK_AUTH_COMBINATION_P256)) {
2613 hci_proto_connect_cfm(conn, HCI_ERROR_AUTH_FAILURE);
2614 hci_conn_drop(conn);
2615 goto unlock;
2616 }
2617
dc8357cc
MH		 2618 hci_proto_connect_cfm(conn, ev->status);
2619 hci_conn_drop(conn);
2620 } else
2621 hci_encrypt_cfm(conn, ev->status, ev->encrypt);
2622
a7d7723a 2623unlock:
1da177e4
LT		 2624 hci_dev_unlock(hdev);
2625}
2626
6039aa73
GP		 2627static void hci_change_link_key_complete_evt(struct hci_dev *hdev,
2628 struct sk_buff *skb)
1da177e4 2629{
a9de9248 2630 struct hci_ev_change_link_key_complete *ev = (void *) skb->data;
04837f64 2631 struct hci_conn *conn;
1da177e4 2632
9f1db00c 2633 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
1da177e4
LT		 2634
2635 hci_dev_lock(hdev);
2636
04837f64 2637 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1da177e4
LT		 2638 if (conn) {
2639 if (!ev->status)
4dae2798 2640 set_bit(HCI_CONN_SECURE, &conn->flags);
1da177e4 2641
51a8efd7 2642 clear_bit(HCI_CONN_AUTH_PEND, &conn->flags);
1da177e4
LT		 2643
2644 hci_key_change_cfm(conn, ev->status);
2645 }
2646
2647 hci_dev_unlock(hdev);
2648}
2649
6039aa73
GP		 2650static void hci_remote_features_evt(struct hci_dev *hdev,
2651 struct sk_buff *skb)
1da177e4 2652{
a9de9248
MH		 2653 struct hci_ev_remote_features *ev = (void *) skb->data;
2654 struct hci_conn *conn;
2655
9f1db00c 2656 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
a9de9248 2657
a9de9248
MH		 2658 hci_dev_lock(hdev);
2659
2660 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
ccd556fe
JH		 2661 if (!conn)
2662 goto unlock;
769be974 2663
ccd556fe 2664 if (!ev->status)
cad718ed 2665 memcpy(conn->features[0], ev->features, 8);
ccd556fe
JH		 2666
2667 if (conn->state != BT_CONFIG)
2668 goto unlock;
2669
2670 if (!ev->status && lmp_ssp_capable(hdev) && lmp_ssp_capable(conn)) {
2671 struct hci_cp_read_remote_ext_features cp;
2672 cp.handle = ev->handle;
2673 cp.page = 0x01;
2674 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES,
807deac2 2675 sizeof(cp), &cp);
392599b9
JH		 2676 goto unlock;
2677 }
2678
671267bf 2679 if (!ev->status && !test_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags)) {
127178d2
JH		 2680 struct hci_cp_remote_name_req cp;
2681 memset(&cp, 0, sizeof(cp));
2682 bacpy(&cp.bdaddr, &conn->dst);
2683 cp.pscan_rep_mode = 0x02;
2684 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
b644ba33 2685 } else if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
48ec92fa 2686 mgmt_device_connected(hdev, conn, 0, NULL, 0);
392599b9 2687
127178d2 2688 if (!hci_outgoing_auth_needed(hdev, conn)) {
ccd556fe
JH		 2689 conn->state = BT_CONNECTED;
2690 hci_proto_connect_cfm(conn, ev->status);
76a68ba0 2691 hci_conn_drop(conn);
769be974 2692 }
a9de9248 2693
ccd556fe 2694unlock:
a9de9248 2695 hci_dev_unlock(hdev);
1da177e4
LT		 2696}
2697
6039aa73 2698static void hci_cmd_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248
MH		 2699{
2700 struct hci_ev_cmd_complete *ev = (void *) skb->data;
9238f36a 2701 u8 status = skb->data[sizeof(*ev)];
a9de9248
MH		 2702 __u16 opcode;
2703
2704 skb_pull(skb, sizeof(*ev));
2705
2706 opcode = __le16_to_cpu(ev->opcode);
2707
2708 switch (opcode) {
2709 case HCI_OP_INQUIRY_CANCEL:
2710 hci_cc_inquiry_cancel(hdev, skb);
2711 break;
2712
4d93483b
AG		 2713 case HCI_OP_PERIODIC_INQ:
2714 hci_cc_periodic_inq(hdev, skb);
2715 break;
2716
a9de9248
MH		 2717 case HCI_OP_EXIT_PERIODIC_INQ:
2718 hci_cc_exit_periodic_inq(hdev, skb);
2719 break;
2720
2721 case HCI_OP_REMOTE_NAME_REQ_CANCEL:
2722 hci_cc_remote_name_req_cancel(hdev, skb);
2723 break;
2724
2725 case HCI_OP_ROLE_DISCOVERY:
2726 hci_cc_role_discovery(hdev, skb);
2727 break;
2728
e4e8e37c
MH		 2729 case HCI_OP_READ_LINK_POLICY:
2730 hci_cc_read_link_policy(hdev, skb);
2731 break;
2732
a9de9248
MH		 2733 case HCI_OP_WRITE_LINK_POLICY:
2734 hci_cc_write_link_policy(hdev, skb);
2735 break;
2736
e4e8e37c
MH		 2737 case HCI_OP_READ_DEF_LINK_POLICY:
2738 hci_cc_read_def_link_policy(hdev, skb);
2739 break;
2740
2741 case HCI_OP_WRITE_DEF_LINK_POLICY:
2742 hci_cc_write_def_link_policy(hdev, skb);
2743 break;
2744
a9de9248
MH		 2745 case HCI_OP_RESET:
2746 hci_cc_reset(hdev, skb);
2747 break;
2748
c2f0f979
MH		 2749 case HCI_OP_READ_STORED_LINK_KEY:
2750 hci_cc_read_stored_link_key(hdev, skb);
2751 break;
2752
a9366120
MH		 2753 case HCI_OP_DELETE_STORED_LINK_KEY:
2754 hci_cc_delete_stored_link_key(hdev, skb);
2755 break;
2756
a9de9248
MH		 2757 case HCI_OP_WRITE_LOCAL_NAME:
2758 hci_cc_write_local_name(hdev, skb);
2759 break;
2760
2761 case HCI_OP_READ_LOCAL_NAME:
2762 hci_cc_read_local_name(hdev, skb);
2763 break;
2764
2765 case HCI_OP_WRITE_AUTH_ENABLE:
2766 hci_cc_write_auth_enable(hdev, skb);
2767 break;
2768
2769 case HCI_OP_WRITE_ENCRYPT_MODE:
2770 hci_cc_write_encrypt_mode(hdev, skb);
2771 break;
2772
2773 case HCI_OP_WRITE_SCAN_ENABLE:
2774 hci_cc_write_scan_enable(hdev, skb);
2775 break;
2776
2777 case HCI_OP_READ_CLASS_OF_DEV:
2778 hci_cc_read_class_of_dev(hdev, skb);
2779 break;
2780
2781 case HCI_OP_WRITE_CLASS_OF_DEV:
2782 hci_cc_write_class_of_dev(hdev, skb);
2783 break;
2784
2785 case HCI_OP_READ_VOICE_SETTING:
2786 hci_cc_read_voice_setting(hdev, skb);
2787 break;
2788
2789 case HCI_OP_WRITE_VOICE_SETTING:
2790 hci_cc_write_voice_setting(hdev, skb);
2791 break;
2792
b4cb9fb2
MH		 2793 case HCI_OP_READ_NUM_SUPPORTED_IAC:
2794 hci_cc_read_num_supported_iac(hdev, skb);
2795 break;
2796
333140b5
MH		 2797 case HCI_OP_WRITE_SSP_MODE:
2798 hci_cc_write_ssp_mode(hdev, skb);
2799 break;
2800
eac83dc6
MH		 2801 case HCI_OP_WRITE_SC_SUPPORT:
2802 hci_cc_write_sc_support(hdev, skb);
2803 break;
2804
a9de9248
MH		 2805 case HCI_OP_READ_LOCAL_VERSION:
2806 hci_cc_read_local_version(hdev, skb);
2807 break;
2808
2809 case HCI_OP_READ_LOCAL_COMMANDS:
2810 hci_cc_read_local_commands(hdev, skb);
2811 break;
2812
2813 case HCI_OP_READ_LOCAL_FEATURES:
2814 hci_cc_read_local_features(hdev, skb);
2815 break;
2816
971e3a4b
AG		 2817 case HCI_OP_READ_LOCAL_EXT_FEATURES:
2818 hci_cc_read_local_ext_features(hdev, skb);
2819 break;
2820
a9de9248
MH		 2821 case HCI_OP_READ_BUFFER_SIZE:
2822 hci_cc_read_buffer_size(hdev, skb);
2823 break;
2824
2825 case HCI_OP_READ_BD_ADDR:
2826 hci_cc_read_bd_addr(hdev, skb);
2827 break;
2828
f332ec66
JH		 2829 case HCI_OP_READ_PAGE_SCAN_ACTIVITY:
2830 hci_cc_read_page_scan_activity(hdev, skb);
2831 break;
2832
4a3ee763
JH		 2833 case HCI_OP_WRITE_PAGE_SCAN_ACTIVITY:
2834 hci_cc_write_page_scan_activity(hdev, skb);
2835 break;
2836
f332ec66
JH		 2837 case HCI_OP_READ_PAGE_SCAN_TYPE:
2838 hci_cc_read_page_scan_type(hdev, skb);
2839 break;
2840
4a3ee763
JH		 2841 case HCI_OP_WRITE_PAGE_SCAN_TYPE:
2842 hci_cc_write_page_scan_type(hdev, skb);
2843 break;
2844
350ee4cf
AE		 2845 case HCI_OP_READ_DATA_BLOCK_SIZE:
2846 hci_cc_read_data_block_size(hdev, skb);
2847 break;
2848
1e89cffb
AE		 2849 case HCI_OP_READ_FLOW_CONTROL_MODE:
2850 hci_cc_read_flow_control_mode(hdev, skb);
2851 break;
2852
928abaa7
AE		 2853 case HCI_OP_READ_LOCAL_AMP_INFO:
2854 hci_cc_read_local_amp_info(hdev, skb);
2855 break;
2856
33f35721
JH		 2857 case HCI_OP_READ_CLOCK:
2858 hci_cc_read_clock(hdev, skb);
2859 break;
2860
903e4541
AE		 2861 case HCI_OP_READ_LOCAL_AMP_ASSOC:
2862 hci_cc_read_local_amp_assoc(hdev, skb);
2863 break;
2864
d5859e22
JH		 2865 case HCI_OP_READ_INQ_RSP_TX_POWER:
2866 hci_cc_read_inq_rsp_tx_power(hdev, skb);
2867 break;
2868
980e1a53
JH		 2869 case HCI_OP_PIN_CODE_REPLY:
2870 hci_cc_pin_code_reply(hdev, skb);
2871 break;
2872
2873 case HCI_OP_PIN_CODE_NEG_REPLY:
2874 hci_cc_pin_code_neg_reply(hdev, skb);
2875 break;
2876
c35938b2 2877 case HCI_OP_READ_LOCAL_OOB_DATA:
4d2d2796
MH		 2878 hci_cc_read_local_oob_data(hdev, skb);
2879 break;
2880
2881 case HCI_OP_READ_LOCAL_OOB_EXT_DATA:
2882 hci_cc_read_local_oob_ext_data(hdev, skb);
c35938b2
SJ		 2883 break;
2884
6ed58ec5
VT		 2885 case HCI_OP_LE_READ_BUFFER_SIZE:
2886 hci_cc_le_read_buffer_size(hdev, skb);
2887 break;
2888
60e77321
JH		 2889 case HCI_OP_LE_READ_LOCAL_FEATURES:
2890 hci_cc_le_read_local_features(hdev, skb);
2891 break;
2892
8fa19098
JH		 2893 case HCI_OP_LE_READ_ADV_TX_POWER:
2894 hci_cc_le_read_adv_tx_power(hdev, skb);
2895 break;
2896
a5c29683
JH		 2897 case HCI_OP_USER_CONFIRM_REPLY:
2898 hci_cc_user_confirm_reply(hdev, skb);
2899 break;
2900
2901 case HCI_OP_USER_CONFIRM_NEG_REPLY:
2902 hci_cc_user_confirm_neg_reply(hdev, skb);
2903 break;
2904
1143d458
BG		 2905 case HCI_OP_USER_PASSKEY_REPLY:
2906 hci_cc_user_passkey_reply(hdev, skb);
2907 break;
2908
2909 case HCI_OP_USER_PASSKEY_NEG_REPLY:
2910 hci_cc_user_passkey_neg_reply(hdev, skb);
16cde993 2911 break;
07f7fa5d 2912
7a4cd51d
MH		 2913 case HCI_OP_LE_SET_RANDOM_ADDR:
2914 hci_cc_le_set_random_addr(hdev, skb);
2915 break;
2916
c1d5dc4a
JH		 2917 case HCI_OP_LE_SET_ADV_ENABLE:
2918 hci_cc_le_set_adv_enable(hdev, skb);
2919 break;
2920
533553f8
MH		 2921 case HCI_OP_LE_SET_SCAN_PARAM:
2922 hci_cc_le_set_scan_param(hdev, skb);
2923 break;
2924
eb9d91f5
AG		 2925 case HCI_OP_LE_SET_SCAN_ENABLE:
2926 hci_cc_le_set_scan_enable(hdev, skb);
2927 break;
2928
cf1d081f
JH		 2929 case HCI_OP_LE_READ_WHITE_LIST_SIZE:
2930 hci_cc_le_read_white_list_size(hdev, skb);
2931 break;
2932
0f36b589
MH		 2933 case HCI_OP_LE_CLEAR_WHITE_LIST:
2934 hci_cc_le_clear_white_list(hdev, skb);
2935 break;
2936
2937 case HCI_OP_LE_ADD_TO_WHITE_LIST:
2938 hci_cc_le_add_to_white_list(hdev, skb);
2939 break;
2940
2941 case HCI_OP_LE_DEL_FROM_WHITE_LIST:
2942 hci_cc_le_del_from_white_list(hdev, skb);
2943 break;
2944
9b008c04
JH		 2945 case HCI_OP_LE_READ_SUPPORTED_STATES:
2946 hci_cc_le_read_supported_states(hdev, skb);
2947 break;
2948
a8e1bfaa
MH		 2949 case HCI_OP_LE_READ_DEF_DATA_LEN:
2950 hci_cc_le_read_def_data_len(hdev, skb);
2951 break;
2952
2953 case HCI_OP_LE_WRITE_DEF_DATA_LEN:
2954 hci_cc_le_write_def_data_len(hdev, skb);
2955 break;
2956
2957 case HCI_OP_LE_READ_MAX_DATA_LEN:
2958 hci_cc_le_read_max_data_len(hdev, skb);
2959 break;
2960
f9b49306
AG		 2961 case HCI_OP_WRITE_LE_HOST_SUPPORTED:
2962 hci_cc_write_le_host_supported(hdev, skb);
2963 break;
2964
56ed2cb8
JH		 2965 case HCI_OP_LE_SET_ADV_PARAM:
2966 hci_cc_set_adv_param(hdev, skb);
2967 break;
2968
93c284ee
AE		 2969 case HCI_OP_WRITE_REMOTE_AMP_ASSOC:
2970 hci_cc_write_remote_amp_assoc(hdev, skb);
2971 break;
2972
5ae76a94
AK		 2973 case HCI_OP_READ_RSSI:
2974 hci_cc_read_rssi(hdev, skb);
2975 break;
2976
5a134fae
AK		 2977 case HCI_OP_READ_TX_POWER:
2978 hci_cc_read_tx_power(hdev, skb);
2979 break;
2980
a9de9248 2981 default:
9f1db00c 2982 BT_DBG("%s opcode 0x%4.4x", hdev->name, opcode);
a9de9248
MH		 2983 break;
2984 }
2985
ad82cdd1 2986 if (opcode != HCI_OP_NOP)
65cc2b49 2987 cancel_delayed_work(&hdev->cmd_timer);
6bd32326 2988
ad82cdd1 2989 hci_req_cmd_complete(hdev, opcode, status);
9238f36a 2990
dbccd791 2991 if (ev->ncmd && !test_bit(HCI_RESET, &hdev->flags)) {
a9de9248
MH		 2992 atomic_set(&hdev->cmd_cnt, 1);
2993 if (!skb_queue_empty(&hdev->cmd_q))
c347b765 2994 queue_work(hdev->workqueue, &hdev->cmd_work);
a9de9248
MH		 2995 }
2996}
2997
6039aa73 2998static void hci_cmd_status_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248
MH		 2999{
3000 struct hci_ev_cmd_status *ev = (void *) skb->data;
3001 __u16 opcode;
3002
3003 skb_pull(skb, sizeof(*ev));
3004
3005 opcode = __le16_to_cpu(ev->opcode);
3006
3007 switch (opcode) {
3008 case HCI_OP_INQUIRY:
3009 hci_cs_inquiry(hdev, ev->status);
3010 break;
3011
3012 case HCI_OP_CREATE_CONN:
3013 hci_cs_create_conn(hdev, ev->status);
3014 break;
3015
9645c76c
KP		 3016 case HCI_OP_DISCONNECT:
3017 hci_cs_disconnect(hdev, ev->status);
3018 break;
3019
a9de9248
MH		 3020 case HCI_OP_ADD_SCO:
3021 hci_cs_add_sco(hdev, ev->status);
3022 break;
3023
f8558555
MH		 3024 case HCI_OP_AUTH_REQUESTED:
3025 hci_cs_auth_requested(hdev, ev->status);
3026 break;
3027
3028 case HCI_OP_SET_CONN_ENCRYPT:
3029 hci_cs_set_conn_encrypt(hdev, ev->status);
3030 break;
3031
a9de9248
MH		 3032 case HCI_OP_REMOTE_NAME_REQ:
3033 hci_cs_remote_name_req(hdev, ev->status);
3034 break;
3035
769be974
MH		 3036 case HCI_OP_READ_REMOTE_FEATURES:
3037 hci_cs_read_remote_features(hdev, ev->status);
3038 break;
3039
3040 case HCI_OP_READ_REMOTE_EXT_FEATURES:
3041 hci_cs_read_remote_ext_features(hdev, ev->status);
3042 break;
3043
a9de9248
MH		 3044 case HCI_OP_SETUP_SYNC_CONN:
3045 hci_cs_setup_sync_conn(hdev, ev->status);
3046 break;
3047
9645c76c
KP		 3048 case HCI_OP_CREATE_PHY_LINK:
3049 hci_cs_create_phylink(hdev, ev->status);
3050 break;
3051
3052 case HCI_OP_ACCEPT_PHY_LINK:
3053 hci_cs_accept_phylink(hdev, ev->status);
3054 break;
3055
a9de9248
MH		 3056 case HCI_OP_SNIFF_MODE:
3057 hci_cs_sniff_mode(hdev, ev->status);
3058 break;
3059
3060 case HCI_OP_EXIT_SNIFF_MODE:
3061 hci_cs_exit_sniff_mode(hdev, ev->status);
3062 break;
3063
50fc85f1
KP		 3064 case HCI_OP_SWITCH_ROLE:
3065 hci_cs_switch_role(hdev, ev->status);
3066 break;
3067
cb1d68f7
JH		 3068 case HCI_OP_LE_CREATE_CONN:
3069 hci_cs_le_create_conn(hdev, ev->status);
3070 break;
3071
81d0c8ad
JH		 3072 case HCI_OP_LE_START_ENC:
3073 hci_cs_le_start_enc(hdev, ev->status);
3074 break;
3075
a9de9248 3076 default:
9f1db00c 3077 BT_DBG("%s opcode 0x%4.4x", hdev->name, opcode);
a9de9248
MH		 3078 break;
3079 }
3080
ad82cdd1 3081 if (opcode != HCI_OP_NOP)
65cc2b49 3082 cancel_delayed_work(&hdev->cmd_timer);
6bd32326 3083
02350a72
JH		 3084 if (ev->status ||
3085 (hdev->sent_cmd && !bt_cb(hdev->sent_cmd)->req.event))
3086 hci_req_cmd_complete(hdev, opcode, ev->status);
9238f36a 3087
10572132 3088 if (ev->ncmd && !test_bit(HCI_RESET, &hdev->flags)) {
a9de9248
MH		 3089 atomic_set(&hdev->cmd_cnt, 1);
3090 if (!skb_queue_empty(&hdev->cmd_q))
c347b765 3091 queue_work(hdev->workqueue, &hdev->cmd_work);
a9de9248
MH		 3092 }
3093}
3094
24dfa343
MH		 3095static void hci_hardware_error_evt(struct hci_dev *hdev, struct sk_buff *skb)
3096{
3097 struct hci_ev_hardware_error *ev = (void *) skb->data;
3098
3099 BT_ERR("%s hardware error 0x%2.2x", hdev->name, ev->code);
3100}
3101
6039aa73 3102static void hci_role_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248
MH		 3103{
3104 struct hci_ev_role_change *ev = (void *) skb->data;
3105 struct hci_conn *conn;
3106
9f1db00c 3107 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
a9de9248
MH		 3108
3109 hci_dev_lock(hdev);
3110
3111 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3112 if (conn) {
40bef302
JH		 3113 if (!ev->status)
3114 conn->role = ev->role;
a9de9248 3115
51a8efd7 3116 clear_bit(HCI_CONN_RSWITCH_PEND, &conn->flags);
a9de9248
MH		 3117
3118 hci_role_switch_cfm(conn, ev->status, ev->role);
3119 }
3120
3121 hci_dev_unlock(hdev);
3122}
3123
6039aa73 3124static void hci_num_comp_pkts_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248
MH		 3125{
3126 struct hci_ev_num_comp_pkts *ev = (void *) skb->data;
a9de9248
MH		 3127 int i;
3128
32ac5b9b
AE		 3129 if (hdev->flow_ctl_mode != HCI_FLOW_CTL_MODE_PACKET_BASED) {
3130 BT_ERR("Wrong event for mode %d", hdev->flow_ctl_mode);
3131 return;
3132 }
3133
c5993de8 3134 if (skb->len < sizeof(*ev) || skb->len < sizeof(*ev) +
807deac2 3135 ev->num_hndl * sizeof(struct hci_comp_pkts_info)) {
a9de9248
MH		 3136 BT_DBG("%s bad parameters", hdev->name);
3137 return;
3138 }
3139
c5993de8
AE		 3140 BT_DBG("%s num_hndl %d", hdev->name, ev->num_hndl);
3141
613a1c0c
AE		 3142 for (i = 0; i < ev->num_hndl; i++) {
3143 struct hci_comp_pkts_info *info = &ev->handles[i];
a9de9248
MH		 3144 struct hci_conn *conn;
3145 __u16 handle, count;
3146
613a1c0c
AE		 3147 handle = __le16_to_cpu(info->handle);
3148 count = __le16_to_cpu(info->count);
a9de9248
MH		 3149
3150 conn = hci_conn_hash_lookup_handle(hdev, handle);
f4280918
AE		 3151 if (!conn)
3152 continue;
3153
3154 conn->sent -= count;
3155
3156 switch (conn->type) {
3157 case ACL_LINK:
3158 hdev->acl_cnt += count;
3159 if (hdev->acl_cnt > hdev->acl_pkts)
3160 hdev->acl_cnt = hdev->acl_pkts;
3161 break;
3162
3163 case LE_LINK:
3164 if (hdev->le_pkts) {
3165 hdev->le_cnt += count;
3166 if (hdev->le_cnt > hdev->le_pkts)
3167 hdev->le_cnt = hdev->le_pkts;
3168 } else {
70f23020
AE		 3169 hdev->acl_cnt += count;
3170 if (hdev->acl_cnt > hdev->acl_pkts)
a9de9248 3171 hdev->acl_cnt = hdev->acl_pkts;
a9de9248 3172 }
f4280918
AE		 3173 break;
3174
3175 case SCO_LINK:
3176 hdev->sco_cnt += count;
3177 if (hdev->sco_cnt > hdev->sco_pkts)
3178 hdev->sco_cnt = hdev->sco_pkts;
3179 break;
3180
3181 default:
3182 BT_ERR("Unknown type %d conn %p", conn->type, conn);
3183 break;
a9de9248
MH		 3184 }
3185 }
3186
3eff45ea 3187 queue_work(hdev->workqueue, &hdev->tx_work);
a9de9248
MH		 3188}
3189
76ef7cf7
AE		 3190static struct hci_conn *__hci_conn_lookup_handle(struct hci_dev *hdev,
3191 __u16 handle)
3192{
3193 struct hci_chan *chan;
3194
3195 switch (hdev->dev_type) {
3196 case HCI_BREDR:
3197 return hci_conn_hash_lookup_handle(hdev, handle);
3198 case HCI_AMP:
3199 chan = hci_chan_lookup_handle(hdev, handle);
3200 if (chan)
3201 return chan->conn;
3202 break;
3203 default:
3204 BT_ERR("%s unknown dev_type %d", hdev->name, hdev->dev_type);
3205 break;
3206 }
3207
3208 return NULL;
3209}
3210
6039aa73 3211static void hci_num_comp_blocks_evt(struct hci_dev *hdev, struct sk_buff *skb)
25e89e99
AE		 3212{
3213 struct hci_ev_num_comp_blocks *ev = (void *) skb->data;
3214 int i;
3215
3216 if (hdev->flow_ctl_mode != HCI_FLOW_CTL_MODE_BLOCK_BASED) {
3217 BT_ERR("Wrong event for mode %d", hdev->flow_ctl_mode);
3218 return;
3219 }
3220
3221 if (skb->len < sizeof(*ev) || skb->len < sizeof(*ev) +
807deac2 3222 ev->num_hndl * sizeof(struct hci_comp_blocks_info)) {
25e89e99
AE		 3223 BT_DBG("%s bad parameters", hdev->name);
3224 return;
3225 }
3226
3227 BT_DBG("%s num_blocks %d num_hndl %d", hdev->name, ev->num_blocks,
807deac2 3228 ev->num_hndl);
25e89e99
AE		 3229
3230 for (i = 0; i < ev->num_hndl; i++) {
3231 struct hci_comp_blocks_info *info = &ev->handles[i];
76ef7cf7 3232 struct hci_conn *conn = NULL;
25e89e99
AE		 3233 __u16 handle, block_count;
3234
3235 handle = __le16_to_cpu(info->handle);
3236 block_count = __le16_to_cpu(info->blocks);
3237
76ef7cf7 3238 conn = __hci_conn_lookup_handle(hdev, handle);
25e89e99
AE		 3239 if (!conn)
3240 continue;
3241
3242 conn->sent -= block_count;
3243
3244 switch (conn->type) {
3245 case ACL_LINK:
bd1eb66b 3246 case AMP_LINK:
25e89e99
AE		 3247 hdev->block_cnt += block_count;
3248 if (hdev->block_cnt > hdev->num_blocks)
3249 hdev->block_cnt = hdev->num_blocks;
3250 break;
3251
3252 default:
3253 BT_ERR("Unknown type %d conn %p", conn->type, conn);
3254 break;
3255 }
3256 }
3257
3258 queue_work(hdev->workqueue, &hdev->tx_work);
3259}
3260
6039aa73 3261static void hci_mode_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
04837f64 3262{
a9de9248 3263 struct hci_ev_mode_change *ev = (void *) skb->data;
04837f64
MH		 3264 struct hci_conn *conn;
3265
9f1db00c 3266 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
04837f64
MH		 3267
3268 hci_dev_lock(hdev);
3269
3270 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
a9de9248
MH		 3271 if (conn) {
3272 conn->mode = ev->mode;
a9de9248 3273
8fc9ced3
GP		 3274 if (!test_and_clear_bit(HCI_CONN_MODE_CHANGE_PEND,
3275 &conn->flags)) {
a9de9248 3276 if (conn->mode == HCI_CM_ACTIVE)
58a681ef 3277 set_bit(HCI_CONN_POWER_SAVE, &conn->flags);
a9de9248 3278 else
58a681ef 3279 clear_bit(HCI_CONN_POWER_SAVE, &conn->flags);
a9de9248 3280 }
e73439d8 3281
51a8efd7 3282 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
e73439d8 3283 hci_sco_setup(conn, ev->status);
04837f64
MH		 3284 }
3285
3286 hci_dev_unlock(hdev);
3287}
3288
6039aa73 3289static void hci_pin_code_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248 3290{
052b30b0
MH		 3291 struct hci_ev_pin_code_req *ev = (void *) skb->data;
3292 struct hci_conn *conn;
3293
a9de9248 3294 BT_DBG("%s", hdev->name);
052b30b0
MH		 3295
3296 hci_dev_lock(hdev);
3297
3298 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
b6f98044
WR		 3299 if (!conn)
3300 goto unlock;
3301
3302 if (conn->state == BT_CONNECTED) {
052b30b0
MH		 3303 hci_conn_hold(conn);
3304 conn->disc_timeout = HCI_PAIRING_TIMEOUT;
76a68ba0 3305 hci_conn_drop(conn);
052b30b0
MH		 3306 }
3307
b6ae8457 3308 if (!test_bit(HCI_BONDABLE, &hdev->dev_flags) &&
2f407f0a 3309 !test_bit(HCI_CONN_AUTH_INITIATOR, &conn->flags)) {
03b555e1 3310 hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
807deac2 3311 sizeof(ev->bdaddr), &ev->bdaddr);
2f407f0a 3312 } else if (test_bit(HCI_MGMT, &hdev->dev_flags)) {
a770bb5a
WR		 3313 u8 secure;
3314
3315 if (conn->pending_sec_level == BT_SECURITY_HIGH)
3316 secure = 1;
3317 else
3318 secure = 0;
3319
744cf19e 3320 mgmt_pin_code_request(hdev, &ev->bdaddr, secure);
a770bb5a 3321 }
980e1a53 3322
b6f98044 3323unlock:
052b30b0 3324 hci_dev_unlock(hdev);
a9de9248
MH		 3325}
3326
cb6f3f7a
JH		 3327static void conn_set_key(struct hci_conn *conn, u8 key_type, u8 pin_len)
3328{
3329 if (key_type == HCI_LK_CHANGED_COMBINATION)
3330 return;
3331
3332 conn->pin_length = pin_len;
3333 conn->key_type = key_type;
3334
3335 switch (key_type) {
3336 case HCI_LK_LOCAL_UNIT:
3337 case HCI_LK_REMOTE_UNIT:
3338 case HCI_LK_DEBUG_COMBINATION:
3339 return;
3340 case HCI_LK_COMBINATION:
3341 if (pin_len == 16)
3342 conn->pending_sec_level = BT_SECURITY_HIGH;
3343 else
3344 conn->pending_sec_level = BT_SECURITY_MEDIUM;
3345 break;
3346 case HCI_LK_UNAUTH_COMBINATION_P192:
3347 case HCI_LK_UNAUTH_COMBINATION_P256:
3348 conn->pending_sec_level = BT_SECURITY_MEDIUM;
3349 break;
3350 case HCI_LK_AUTH_COMBINATION_P192:
3351 conn->pending_sec_level = BT_SECURITY_HIGH;
3352 break;
3353 case HCI_LK_AUTH_COMBINATION_P256:
3354 conn->pending_sec_level = BT_SECURITY_FIPS;
3355 break;
3356 }
3357}
3358
6039aa73 3359static void hci_link_key_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248 3360{
55ed8ca1
JH		 3361 struct hci_ev_link_key_req *ev = (void *) skb->data;
3362 struct hci_cp_link_key_reply cp;
3363 struct hci_conn *conn;
3364 struct link_key *key;
3365
a9de9248 3366 BT_DBG("%s", hdev->name);
55ed8ca1 3367
034cbea0 3368 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
55ed8ca1
JH		 3369 return;
3370
3371 hci_dev_lock(hdev);
3372
3373 key = hci_find_link_key(hdev, &ev->bdaddr);
3374 if (!key) {
6ed93dc6
AE		 3375 BT_DBG("%s link key not found for %pMR", hdev->name,
3376 &ev->bdaddr);
55ed8ca1
JH		 3377 goto not_found;
3378 }
3379
6ed93dc6
AE		 3380 BT_DBG("%s found key type %u for %pMR", hdev->name, key->type,
3381 &ev->bdaddr);
55ed8ca1 3382
55ed8ca1 3383 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
60b83f57 3384 if (conn) {
fe8bc5ac
JH		 3385 clear_bit(HCI_CONN_NEW_LINK_KEY, &conn->flags);
3386
66138ce8
MH		 3387 if ((key->type == HCI_LK_UNAUTH_COMBINATION_P192 ||
3388 key->type == HCI_LK_UNAUTH_COMBINATION_P256) &&
807deac2 3389 conn->auth_type != 0xff && (conn->auth_type & 0x01)) {
60b83f57
WR		 3390 BT_DBG("%s ignoring unauthenticated key", hdev->name);
3391 goto not_found;
3392 }
55ed8ca1 3393
60b83f57 3394 if (key->type == HCI_LK_COMBINATION && key->pin_len < 16 &&
f3fb0b58
JH		 3395 (conn->pending_sec_level == BT_SECURITY_HIGH ||
3396 conn->pending_sec_level == BT_SECURITY_FIPS)) {
8fc9ced3
GP		 3397 BT_DBG("%s ignoring key unauthenticated for high security",
3398 hdev->name);
60b83f57
WR		 3399 goto not_found;
3400 }
3401
cb6f3f7a 3402 conn_set_key(conn, key->type, key->pin_len);
55ed8ca1
JH		 3403 }
3404
3405 bacpy(&cp.bdaddr, &ev->bdaddr);
9b3b4460 3406 memcpy(cp.link_key, key->val, HCI_LINK_KEY_SIZE);
55ed8ca1
JH		 3407
3408 hci_send_cmd(hdev, HCI_OP_LINK_KEY_REPLY, sizeof(cp), &cp);
3409
3410 hci_dev_unlock(hdev);
3411
3412 return;
3413
3414not_found:
3415 hci_send_cmd(hdev, HCI_OP_LINK_KEY_NEG_REPLY, 6, &ev->bdaddr);
3416 hci_dev_unlock(hdev);
a9de9248
MH		 3417}
3418
6039aa73 3419static void hci_link_key_notify_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248 3420{
052b30b0
MH		 3421 struct hci_ev_link_key_notify *ev = (void *) skb->data;
3422 struct hci_conn *conn;
7652ff6a
JH		 3423 struct link_key *key;
3424 bool persistent;
55ed8ca1 3425 u8 pin_len = 0;
052b30b0 3426
a9de9248 3427 BT_DBG("%s", hdev->name);
052b30b0
MH		 3428
3429 hci_dev_lock(hdev);
3430
3431 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
82c13d42
JH		 3432 if (!conn)
3433 goto unlock;
3434
3435 hci_conn_hold(conn);
3436 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
3437 hci_conn_drop(conn);
3438
fe8bc5ac 3439 set_bit(HCI_CONN_NEW_LINK_KEY, &conn->flags);
82c13d42 3440 conn_set_key(conn, ev->key_type, conn->pin_length);
052b30b0 3441
7652ff6a
JH		 3442 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
3443 goto unlock;
3444
3445 key = hci_add_link_key(hdev, conn, &ev->bdaddr, ev->link_key,
3446 ev->key_type, pin_len, &persistent);
3447 if (!key)
3448 goto unlock;
3449
cb6f3f7a
JH		 3450 /* Update connection information since adding the key will have
3451 * fixed up the type in the case of changed combination keys.
3452 */
3453 if (ev->key_type == HCI_LK_CHANGED_COMBINATION)
3454 conn_set_key(conn, key->type, key->pin_len);
3455
7652ff6a 3456 mgmt_new_link_key(hdev, key, persistent);
55ed8ca1 3457
6d5650c4
JH		 3458 /* Keep debug keys around only if the HCI_KEEP_DEBUG_KEYS flag
3459 * is set. If it's not set simply remove the key from the kernel
3460 * list (we've still notified user space about it but with
3461 * store_hint being 0).
3462 */
3463 if (key->type == HCI_LK_DEBUG_COMBINATION &&
3464 !test_bit(HCI_KEEP_DEBUG_KEYS, &hdev->dev_flags)) {
0378b597
JH		 3465 list_del_rcu(&key->list);
3466 kfree_rcu(key, rcu);
82c13d42 3467 goto unlock;
6d5650c4 3468 }
7652ff6a 3469
82c13d42
JH		 3470 if (persistent)
3471 clear_bit(HCI_CONN_FLUSH_KEY, &conn->flags);
3472 else
3473 set_bit(HCI_CONN_FLUSH_KEY, &conn->flags);
3474
7652ff6a 3475unlock:
052b30b0 3476 hci_dev_unlock(hdev);
a9de9248
MH		 3477}
3478
6039aa73 3479static void hci_clock_offset_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 3480{
a9de9248 3481 struct hci_ev_clock_offset *ev = (void *) skb->data;
04837f64 3482 struct hci_conn *conn;
1da177e4 3483
9f1db00c 3484 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
1da177e4
LT		 3485
3486 hci_dev_lock(hdev);
3487
04837f64 3488 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1da177e4
LT		 3489 if (conn && !ev->status) {
3490 struct inquiry_entry *ie;
3491
cc11b9c1
AE		 3492 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
3493 if (ie) {
1da177e4
LT		 3494 ie->data.clock_offset = ev->clock_offset;
3495 ie->timestamp = jiffies;
3496 }
3497 }
3498
3499 hci_dev_unlock(hdev);
3500}
3501
6039aa73 3502static void hci_pkt_type_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
a8746417
MH		 3503{
3504 struct hci_ev_pkt_type_change *ev = (void *) skb->data;
3505 struct hci_conn *conn;
3506
9f1db00c 3507 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
a8746417
MH		 3508
3509 hci_dev_lock(hdev);
3510
3511 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
3512 if (conn && !ev->status)
3513 conn->pkt_type = __le16_to_cpu(ev->pkt_type);
3514
3515 hci_dev_unlock(hdev);
3516}
3517
6039aa73 3518static void hci_pscan_rep_mode_evt(struct hci_dev *hdev, struct sk_buff *skb)
85a1e930 3519{
a9de9248 3520 struct hci_ev_pscan_rep_mode *ev = (void *) skb->data;
85a1e930
MH		 3521 struct inquiry_entry *ie;
3522
3523 BT_DBG("%s", hdev->name);
3524
3525 hci_dev_lock(hdev);
3526
cc11b9c1
AE		 3527 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
3528 if (ie) {
85a1e930
MH		 3529 ie->data.pscan_rep_mode = ev->pscan_rep_mode;
3530 ie->timestamp = jiffies;
3531 }
3532
3533 hci_dev_unlock(hdev);
3534}
3535
6039aa73
GP		 3536static void hci_inquiry_result_with_rssi_evt(struct hci_dev *hdev,
3537 struct sk_buff *skb)
a9de9248
MH		 3538{
3539 struct inquiry_data data;
3540 int num_rsp = *((__u8 *) skb->data);
3541
3542 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
3543
3544 if (!num_rsp)
3545 return;
3546
1519cc17
AG		 3547 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags))
3548 return;
3549
a9de9248
MH		 3550 hci_dev_lock(hdev);
3551
3552 if ((skb->len - 1) / num_rsp != sizeof(struct inquiry_info_with_rssi)) {
138d22ef
SJ		 3553 struct inquiry_info_with_rssi_and_pscan_mode *info;
3554 info = (void *) (skb->data + 1);
a9de9248 3555
e17acd40 3556 for (; num_rsp; num_rsp--, info++) {
af58925c
MH		 3557 u32 flags;
3558
a9de9248
MH		 3559 bacpy(&data.bdaddr, &info->bdaddr);
3560 data.pscan_rep_mode = info->pscan_rep_mode;
3561 data.pscan_period_mode = info->pscan_period_mode;
3562 data.pscan_mode = info->pscan_mode;
3563 memcpy(data.dev_class, info->dev_class, 3);
3564 data.clock_offset = info->clock_offset;
3565 data.rssi = info->rssi;
41a96212 3566 data.ssp_mode = 0x00;
3175405b 3567
af58925c
MH		 3568 flags = hci_inquiry_cache_update(hdev, &data, false);
3569
48264f06 3570 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
04124681 3571 info->dev_class, info->rssi,
af58925c 3572 flags, NULL, 0, NULL, 0);
a9de9248
MH		 3573 }
3574 } else {
3575 struct inquiry_info_with_rssi *info = (void *) (skb->data + 1);
3576
e17acd40 3577 for (; num_rsp; num_rsp--, info++) {
af58925c
MH		 3578 u32 flags;
3579
a9de9248
MH		 3580 bacpy(&data.bdaddr, &info->bdaddr);
3581 data.pscan_rep_mode = info->pscan_rep_mode;
3582 data.pscan_period_mode = info->pscan_period_mode;
3583 data.pscan_mode = 0x00;
3584 memcpy(data.dev_class, info->dev_class, 3);
3585 data.clock_offset = info->clock_offset;
3586 data.rssi = info->rssi;
41a96212 3587 data.ssp_mode = 0x00;
af58925c
MH		 3588
3589 flags = hci_inquiry_cache_update(hdev, &data, false);
3590
48264f06 3591 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
04124681 3592 info->dev_class, info->rssi,
af58925c 3593 flags, NULL, 0, NULL, 0);
a9de9248
MH		 3594 }
3595 }
3596
3597 hci_dev_unlock(hdev);
3598}
3599
6039aa73
GP		 3600static void hci_remote_ext_features_evt(struct hci_dev *hdev,
3601 struct sk_buff *skb)
a9de9248 3602{
41a96212
MH		 3603 struct hci_ev_remote_ext_features *ev = (void *) skb->data;
3604 struct hci_conn *conn;
3605
a9de9248 3606 BT_DBG("%s", hdev->name);
41a96212 3607
41a96212
MH		 3608 hci_dev_lock(hdev);
3609
3610 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
ccd556fe
JH		 3611 if (!conn)
3612 goto unlock;
41a96212 3613
cad718ed
JH		 3614 if (ev->page < HCI_MAX_PAGES)
3615 memcpy(conn->features[ev->page], ev->features, 8);
3616
ccd556fe
JH		 3617 if (!ev->status && ev->page == 0x01) {
3618 struct inquiry_entry *ie;
41a96212 3619
cc11b9c1
AE		 3620 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
3621 if (ie)
02b7cc62 3622 ie->data.ssp_mode = (ev->features[0] & LMP_HOST_SSP);
769be974 3623
bbb0eada 3624 if (ev->features[0] & LMP_HOST_SSP) {
58a681ef 3625 set_bit(HCI_CONN_SSP_ENABLED, &conn->flags);
bbb0eada
JK		 3626 } else {
3627 /* It is mandatory by the Bluetooth specification that
3628 * Extended Inquiry Results are only used when Secure
3629 * Simple Pairing is enabled, but some devices violate
3630 * this.
3631 *
3632 * To make these devices work, the internal SSP
3633 * enabled flag needs to be cleared if the remote host
3634 * features do not indicate SSP support */
3635 clear_bit(HCI_CONN_SSP_ENABLED, &conn->flags);
3636 }
eb9a8f3f
MH		 3637
3638 if (ev->features[0] & LMP_HOST_SC)
3639 set_bit(HCI_CONN_SC_ENABLED, &conn->flags);
ccd556fe
JH		 3640 }
3641
3642 if (conn->state != BT_CONFIG)
3643 goto unlock;
3644
671267bf 3645 if (!ev->status && !test_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags)) {
127178d2
JH		 3646 struct hci_cp_remote_name_req cp;
3647 memset(&cp, 0, sizeof(cp));
3648 bacpy(&cp.bdaddr, &conn->dst);
3649 cp.pscan_rep_mode = 0x02;
3650 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
b644ba33 3651 } else if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
48ec92fa 3652 mgmt_device_connected(hdev, conn, 0, NULL, 0);
392599b9 3653
127178d2 3654 if (!hci_outgoing_auth_needed(hdev, conn)) {
ccd556fe
JH		 3655 conn->state = BT_CONNECTED;
3656 hci_proto_connect_cfm(conn, ev->status);
76a68ba0 3657 hci_conn_drop(conn);
41a96212
MH		 3658 }
3659
ccd556fe 3660unlock:
41a96212 3661 hci_dev_unlock(hdev);
a9de9248
MH		 3662}
3663
6039aa73
GP		 3664static void hci_sync_conn_complete_evt(struct hci_dev *hdev,
3665 struct sk_buff *skb)
a9de9248 3666{
b6a0dc82
MH		 3667 struct hci_ev_sync_conn_complete *ev = (void *) skb->data;
3668 struct hci_conn *conn;
3669
9f1db00c 3670 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
b6a0dc82
MH		 3671
3672 hci_dev_lock(hdev);
3673
3674 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
9dc0a3af
MH		 3675 if (!conn) {
3676 if (ev->link_type == ESCO_LINK)
3677 goto unlock;
3678
3679 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
3680 if (!conn)
3681 goto unlock;
3682
3683 conn->type = SCO_LINK;
3684 }
b6a0dc82 3685
732547f9
MH		 3686 switch (ev->status) {
3687 case 0x00:
b6a0dc82
MH		 3688 conn->handle = __le16_to_cpu(ev->handle);
3689 conn->state = BT_CONNECTED;
7d0db0a3 3690
23b9ceb7 3691 hci_debugfs_create_conn(conn);
7d0db0a3 3692 hci_conn_add_sysfs(conn);
732547f9
MH		 3693 break;
3694
81218d20 3695 case 0x10: /* Connection Accept Timeout */
1a4c958c 3696 case 0x0d: /* Connection Rejected due to Limited Resources */
705e5711 3697 case 0x11: /* Unsupported Feature or Parameter Value */
732547f9 3698 case 0x1c: /* SCO interval rejected */
1038a00b 3699 case 0x1a: /* Unsupported Remote Feature */
732547f9 3700 case 0x1f: /* Unspecified error */
27539bc4 3701 case 0x20: /* Unsupported LMP Parameter value */
2dea632f 3702 if (conn->out) {
732547f9
MH		 3703 conn->pkt_type = (hdev->esco_type & SCO_ESCO_MASK) |
3704 (hdev->esco_type & EDR_ESCO_MASK);
2dea632f
FD		 3705 if (hci_setup_sync(conn, conn->link->handle))
3706 goto unlock;
732547f9
MH		 3707 }
3708 /* fall through */
3709
3710 default:
b6a0dc82 3711 conn->state = BT_CLOSED;
732547f9
MH		 3712 break;
3713 }
b6a0dc82
MH		 3714
3715 hci_proto_connect_cfm(conn, ev->status);
3716 if (ev->status)
3717 hci_conn_del(conn);
3718
3719unlock:
3720 hci_dev_unlock(hdev);
a9de9248
MH		 3721}
3722
efdcf8e3
MH		 3723static inline size_t eir_get_length(u8 *eir, size_t eir_len)
3724{
3725 size_t parsed = 0;
3726
3727 while (parsed < eir_len) {
3728 u8 field_len = eir[0];
3729
3730 if (field_len == 0)
3731 return parsed;
3732
3733 parsed += field_len + 1;
3734 eir += field_len + 1;
3735 }
3736
3737 return eir_len;
3738}
3739
6039aa73
GP		 3740static void hci_extended_inquiry_result_evt(struct hci_dev *hdev,
3741 struct sk_buff *skb)
1da177e4 3742{
a9de9248
MH		 3743 struct inquiry_data data;
3744 struct extended_inquiry_info *info = (void *) (skb->data + 1);
3745 int num_rsp = *((__u8 *) skb->data);
9d939d94 3746 size_t eir_len;
1da177e4 3747
a9de9248 3748 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
1da177e4 3749
a9de9248
MH		 3750 if (!num_rsp)
3751 return;
1da177e4 3752
1519cc17
AG		 3753 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags))
3754 return;
3755
a9de9248
MH		 3756 hci_dev_lock(hdev);
3757
e17acd40 3758 for (; num_rsp; num_rsp--, info++) {
af58925c
MH		 3759 u32 flags;
3760 bool name_known;
561aafbc 3761
a9de9248 3762 bacpy(&data.bdaddr, &info->bdaddr);
138d22ef
SJ		 3763 data.pscan_rep_mode = info->pscan_rep_mode;
3764 data.pscan_period_mode = info->pscan_period_mode;
3765 data.pscan_mode = 0x00;
a9de9248 3766 memcpy(data.dev_class, info->dev_class, 3);
138d22ef
SJ		 3767 data.clock_offset = info->clock_offset;
3768 data.rssi = info->rssi;
41a96212 3769 data.ssp_mode = 0x01;
561aafbc 3770
a8b2d5c2 3771 if (test_bit(HCI_MGMT, &hdev->dev_flags))
4ddb1930 3772 name_known = eir_has_data_type(info->data,
04124681
GP		 3773 sizeof(info->data),
3774 EIR_NAME_COMPLETE);
561aafbc
JH		 3775 else
3776 name_known = true;
3777
af58925c
MH		 3778 flags = hci_inquiry_cache_update(hdev, &data, name_known);
3779
9d939d94 3780 eir_len = eir_get_length(info->data, sizeof(info->data));
af58925c 3781
48264f06 3782 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
af58925c
MH		 3783 info->dev_class, info->rssi,
3784 flags, info->data, eir_len, NULL, 0);
a9de9248
MH		 3785 }
3786
3787 hci_dev_unlock(hdev);
3788}
1da177e4 3789
1c2e0041
JH		 3790static void hci_key_refresh_complete_evt(struct hci_dev *hdev,
3791 struct sk_buff *skb)
3792{
3793 struct hci_ev_key_refresh_complete *ev = (void *) skb->data;
3794 struct hci_conn *conn;
3795
9f1db00c 3796 BT_DBG("%s status 0x%2.2x handle 0x%4.4x", hdev->name, ev->status,
1c2e0041
JH		 3797 __le16_to_cpu(ev->handle));
3798
3799 hci_dev_lock(hdev);
3800
3801 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
3802 if (!conn)
3803 goto unlock;
3804
9eb1fbfa
JH		 3805 /* For BR/EDR the necessary steps are taken through the
3806 * auth_complete event.
3807 */
3808 if (conn->type != LE_LINK)
3809 goto unlock;
3810
1c2e0041
JH		 3811 if (!ev->status)
3812 conn->sec_level = conn->pending_sec_level;
3813
3814 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
3815
3816 if (ev->status && conn->state == BT_CONNECTED) {
bed71748 3817 hci_disconnect(conn, HCI_ERROR_AUTH_FAILURE);
76a68ba0 3818 hci_conn_drop(conn);
1c2e0041
JH		 3819 goto unlock;
3820 }
3821
3822 if (conn->state == BT_CONFIG) {
3823 if (!ev->status)
3824 conn->state = BT_CONNECTED;
3825
3826 hci_proto_connect_cfm(conn, ev->status);
76a68ba0 3827 hci_conn_drop(conn);
1c2e0041
JH		 3828 } else {
3829 hci_auth_cfm(conn, ev->status);
3830
3831 hci_conn_hold(conn);
3832 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
76a68ba0 3833 hci_conn_drop(conn);
1c2e0041
JH		 3834 }
3835
3836unlock:
3837 hci_dev_unlock(hdev);
3838}
3839
6039aa73 3840static u8 hci_get_auth_req(struct hci_conn *conn)
17fa4b9d 3841{
17fa4b9d 3842 /* If remote requests no-bonding follow that lead */
acabae96
MA		 3843 if (conn->remote_auth == HCI_AT_NO_BONDING ||
3844 conn->remote_auth == HCI_AT_NO_BONDING_MITM)
58797bf7 3845 return conn->remote_auth | (conn->auth_type & 0x01);
17fa4b9d 3846
b7f94c88
MA		 3847 /* If both remote and local have enough IO capabilities, require
3848 * MITM protection
3849 */
3850 if (conn->remote_cap != HCI_IO_NO_INPUT_OUTPUT &&
3851 conn->io_capability != HCI_IO_NO_INPUT_OUTPUT)
3852 return conn->remote_auth | 0x01;
3853
7e74170a
TM		 3854 /* No MITM protection possible so ignore remote requirement */
3855 return (conn->remote_auth & ~0x01) | (conn->auth_type & 0x01);
17fa4b9d
JH		 3856}
3857
a83ed81e
MH		 3858static u8 bredr_oob_data_present(struct hci_conn *conn)
3859{
3860 struct hci_dev *hdev = conn->hdev;
3861 struct oob_data *data;
3862
3863 data = hci_find_remote_oob_data(hdev, &conn->dst, BDADDR_BREDR);
3864 if (!data)
3865 return 0x00;
3866
3867 if (conn->out || test_bit(HCI_CONN_REMOTE_OOB, &conn->flags))
3868 return 0x01;
3869
3870 return 0x00;
3871}
3872
6039aa73 3873static void hci_io_capa_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
0493684e
MH		 3874{
3875 struct hci_ev_io_capa_request *ev = (void *) skb->data;
3876 struct hci_conn *conn;
3877
3878 BT_DBG("%s", hdev->name);
3879
3880 hci_dev_lock(hdev);
3881
3882 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
03b555e1
JH		 3883 if (!conn)
3884 goto unlock;
3885
3886 hci_conn_hold(conn);
3887
a8b2d5c2 3888 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
03b555e1
JH		 3889 goto unlock;
3890
2f407f0a
JH		 3891 /* Allow pairing if we're pairable, the initiators of the
3892 * pairing or if the remote is not requesting bonding.
3893 */
b6ae8457 3894 if (test_bit(HCI_BONDABLE, &hdev->dev_flags) ||
2f407f0a 3895 test_bit(HCI_CONN_AUTH_INITIATOR, &conn->flags) ||
807deac2 3896 (conn->remote_auth & ~0x01) == HCI_AT_NO_BONDING) {
17fa4b9d
JH		 3897 struct hci_cp_io_capability_reply cp;
3898
3899 bacpy(&cp.bdaddr, &ev->bdaddr);
7a7f1e7c
HG		 3900 /* Change the IO capability from KeyboardDisplay
3901 * to DisplayYesNo as it is not supported by BT spec. */
3902 cp.capability = (conn->io_capability == 0x04) ?
a767631a 3903 HCI_IO_DISPLAY_YESNO : conn->io_capability;
b7f94c88
MA		 3904
3905 /* If we are initiators, there is no remote information yet */
3906 if (conn->remote_auth == 0xff) {
b16c6604 3907 /* Request MITM protection if our IO caps allow it
4ad51a75 3908 * except for the no-bonding case.
b16c6604 3909 */
6fd6b915 3910 if (conn->io_capability != HCI_IO_NO_INPUT_OUTPUT &&
9f743d74 3911 conn->auth_type != HCI_AT_NO_BONDING)
6c53823a 3912 conn->auth_type |= 0x01;
b7f94c88
MA		 3913 } else {
3914 conn->auth_type = hci_get_auth_req(conn);
b7f94c88 3915 }
17fa4b9d 3916
82c295b1
JH		 3917 /* If we're not bondable, force one of the non-bondable
3918 * authentication requirement values.
3919 */
3920 if (!test_bit(HCI_BONDABLE, &hdev->dev_flags))
3921 conn->auth_type &= HCI_AT_NO_BONDING_MITM;
3922
3923 cp.authentication = conn->auth_type;
a83ed81e 3924 cp.oob_data = bredr_oob_data_present(conn);
ce85ee13 3925
17fa4b9d 3926 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_REPLY,
807deac2 3927 sizeof(cp), &cp);
03b555e1
JH		 3928 } else {
3929 struct hci_cp_io_capability_neg_reply cp;
3930
3931 bacpy(&cp.bdaddr, &ev->bdaddr);
9f5a0d7b 3932 cp.reason = HCI_ERROR_PAIRING_NOT_ALLOWED;
0493684e 3933
03b555e1 3934 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_NEG_REPLY,
807deac2 3935 sizeof(cp), &cp);
03b555e1
JH		 3936 }
3937
3938unlock:
3939 hci_dev_unlock(hdev);
3940}
3941
6039aa73 3942static void hci_io_capa_reply_evt(struct hci_dev *hdev, struct sk_buff *skb)
03b555e1
JH		 3943{
3944 struct hci_ev_io_capa_reply *ev = (void *) skb->data;
3945 struct hci_conn *conn;
3946
3947 BT_DBG("%s", hdev->name);
3948
3949 hci_dev_lock(hdev);
3950
3951 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3952 if (!conn)
3953 goto unlock;
3954
03b555e1 3955 conn->remote_cap = ev->capability;
03b555e1 3956 conn->remote_auth = ev->authentication;
58a681ef
JH		 3957 if (ev->oob_data)
3958 set_bit(HCI_CONN_REMOTE_OOB, &conn->flags);
03b555e1
JH		 3959
3960unlock:
0493684e
MH		 3961 hci_dev_unlock(hdev);
3962}
3963
6039aa73
GP		 3964static void hci_user_confirm_request_evt(struct hci_dev *hdev,
3965 struct sk_buff *skb)
a5c29683
JH		 3966{
3967 struct hci_ev_user_confirm_req *ev = (void *) skb->data;
55bc1a37 3968 int loc_mitm, rem_mitm, confirm_hint = 0;
7a828908 3969 struct hci_conn *conn;
a5c29683
JH		 3970
3971 BT_DBG("%s", hdev->name);
3972
3973 hci_dev_lock(hdev);
3974
a8b2d5c2 3975 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
7a828908 3976 goto unlock;
a5c29683 3977
7a828908
JH		 3978 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3979 if (!conn)
3980 goto unlock;
3981
3982 loc_mitm = (conn->auth_type & 0x01);
3983 rem_mitm = (conn->remote_auth & 0x01);
3984
3985 /* If we require MITM but the remote device can't provide that
6c53823a
JH		 3986 * (it has NoInputNoOutput) then reject the confirmation
3987 * request. We check the security level here since it doesn't
3988 * necessarily match conn->auth_type.
6fd6b915 3989 */
6c53823a
JH		 3990 if (conn->pending_sec_level > BT_SECURITY_MEDIUM &&
3991 conn->remote_cap == HCI_IO_NO_INPUT_OUTPUT) {
7a828908
JH		 3992 BT_DBG("Rejecting request: remote device can't provide MITM");
3993 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_NEG_REPLY,
807deac2 3994 sizeof(ev->bdaddr), &ev->bdaddr);
7a828908
JH		 3995 goto unlock;
3996 }
3997
3998 /* If no side requires MITM protection; auto-accept */
a767631a
MA		 3999 if ((!loc_mitm || conn->remote_cap == HCI_IO_NO_INPUT_OUTPUT) &&
4000 (!rem_mitm || conn->io_capability == HCI_IO_NO_INPUT_OUTPUT)) {
55bc1a37
JH		 4001
4002 /* If we're not the initiators request authorization to
4003 * proceed from user space (mgmt_user_confirm with
ba15a58b 4004 * confirm_hint set to 1). The exception is if neither
02f3e254
JH		 4005 * side had MITM or if the local IO capability is
4006 * NoInputNoOutput, in which case we do auto-accept
ba15a58b
JH		 4007 */
4008 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->flags) &&
02f3e254 4009 conn->io_capability != HCI_IO_NO_INPUT_OUTPUT &&
ba15a58b 4010 (loc_mitm || rem_mitm)) {
55bc1a37
JH		 4011 BT_DBG("Confirming auto-accept as acceptor");
4012 confirm_hint = 1;
4013 goto confirm;
4014 }
4015
9f61656a 4016 BT_DBG("Auto-accept of user confirmation with %ums delay",
807deac2 4017 hdev->auto_accept_delay);
9f61656a
JH		 4018
4019 if (hdev->auto_accept_delay > 0) {
4020 int delay = msecs_to_jiffies(hdev->auto_accept_delay);
7bc18d9d
JH		 4021 queue_delayed_work(conn->hdev->workqueue,
4022 &conn->auto_accept_work, delay);
9f61656a
JH		 4023 goto unlock;
4024 }
4025
7a828908 4026 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_REPLY,
807deac2 4027 sizeof(ev->bdaddr), &ev->bdaddr);
7a828908
JH		 4028 goto unlock;
4029 }
4030
55bc1a37 4031confirm:
39adbffe
JH		 4032 mgmt_user_confirm_request(hdev, &ev->bdaddr, ACL_LINK, 0,
4033 le32_to_cpu(ev->passkey), confirm_hint);
7a828908
JH		 4034
4035unlock:
a5c29683
JH		 4036 hci_dev_unlock(hdev);
4037}
4038
6039aa73
GP		 4039static void hci_user_passkey_request_evt(struct hci_dev *hdev,
4040 struct sk_buff *skb)
1143d458
BG		 4041{
4042 struct hci_ev_user_passkey_req *ev = (void *) skb->data;
4043
4044 BT_DBG("%s", hdev->name);
4045
a8b2d5c2 4046 if (test_bit(HCI_MGMT, &hdev->dev_flags))
272d90df 4047 mgmt_user_passkey_request(hdev, &ev->bdaddr, ACL_LINK, 0);
1143d458
BG		 4048}
4049
92a25256
JH		 4050static void hci_user_passkey_notify_evt(struct hci_dev *hdev,
4051 struct sk_buff *skb)
4052{
4053 struct hci_ev_user_passkey_notify *ev = (void *) skb->data;
4054 struct hci_conn *conn;
4055
4056 BT_DBG("%s", hdev->name);
4057
4058 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
4059 if (!conn)
4060 return;
4061
4062 conn->passkey_notify = __le32_to_cpu(ev->passkey);
4063 conn->passkey_entered = 0;
4064
4065 if (test_bit(HCI_MGMT, &hdev->dev_flags))
4066 mgmt_user_passkey_notify(hdev, &conn->dst, conn->type,
4067 conn->dst_type, conn->passkey_notify,
4068 conn->passkey_entered);
4069}
4070
4071static void hci_keypress_notify_evt(struct hci_dev *hdev, struct sk_buff *skb)
4072{
4073 struct hci_ev_keypress_notify *ev = (void *) skb->data;
4074 struct hci_conn *conn;
4075
4076 BT_DBG("%s", hdev->name);
4077
4078 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
4079 if (!conn)
4080 return;
4081
4082 switch (ev->type) {
4083 case HCI_KEYPRESS_STARTED:
4084 conn->passkey_entered = 0;
4085 return;
4086
4087 case HCI_KEYPRESS_ENTERED:
4088 conn->passkey_entered++;
4089 break;
4090
4091 case HCI_KEYPRESS_ERASED:
4092 conn->passkey_entered--;
4093 break;
4094
4095 case HCI_KEYPRESS_CLEARED:
4096 conn->passkey_entered = 0;
4097 break;
4098
4099 case HCI_KEYPRESS_COMPLETED:
4100 return;
4101 }
4102
4103 if (test_bit(HCI_MGMT, &hdev->dev_flags))
4104 mgmt_user_passkey_notify(hdev, &conn->dst, conn->type,
4105 conn->dst_type, conn->passkey_notify,
4106 conn->passkey_entered);
4107}
4108
6039aa73
GP		 4109static void hci_simple_pair_complete_evt(struct hci_dev *hdev,
4110 struct sk_buff *skb)
0493684e
MH		 4111{
4112 struct hci_ev_simple_pair_complete *ev = (void *) skb->data;
4113 struct hci_conn *conn;
4114
4115 BT_DBG("%s", hdev->name);
4116
4117 hci_dev_lock(hdev);
4118
4119 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2a611692
JH		 4120 if (!conn)
4121 goto unlock;
4122
c1d4fa7a
JH		 4123 /* Reset the authentication requirement to unknown */
4124 conn->remote_auth = 0xff;
4125
2a611692
JH		 4126 /* To avoid duplicate auth_failed events to user space we check
4127 * the HCI_CONN_AUTH_PEND flag which will be set if we
4128 * initiated the authentication. A traditional auth_complete
4129 * event gets always produced as initiator and is also mapped to
4130 * the mgmt_auth_failed event */
fa1bd918 4131 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->flags) && ev->status)
e1e930f5 4132 mgmt_auth_failed(conn, ev->status);
0493684e 4133
76a68ba0 4134 hci_conn_drop(conn);
2a611692
JH		 4135
4136unlock:
0493684e
MH		 4137 hci_dev_unlock(hdev);
4138}
4139
6039aa73
GP		 4140static void hci_remote_host_features_evt(struct hci_dev *hdev,
4141 struct sk_buff *skb)
41a96212
MH		 4142{
4143 struct hci_ev_remote_host_features *ev = (void *) skb->data;
4144 struct inquiry_entry *ie;
cad718ed 4145 struct hci_conn *conn;
41a96212
MH		 4146
4147 BT_DBG("%s", hdev->name);
4148
4149 hci_dev_lock(hdev);
4150
cad718ed
JH		 4151 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
4152 if (conn)
4153 memcpy(conn->features[1], ev->features, 8);
4154
cc11b9c1
AE		 4155 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
4156 if (ie)
02b7cc62 4157 ie->data.ssp_mode = (ev->features[0] & LMP_HOST_SSP);
41a96212
MH		 4158
4159 hci_dev_unlock(hdev);
4160}
4161
6039aa73
GP		 4162static void hci_remote_oob_data_request_evt(struct hci_dev *hdev,
4163 struct sk_buff *skb)
2763eda6
SJ		 4164{
4165 struct hci_ev_remote_oob_data_request *ev = (void *) skb->data;
4166 struct oob_data *data;
4167
4168 BT_DBG("%s", hdev->name);
4169
4170 hci_dev_lock(hdev);
4171
a8b2d5c2 4172 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
e1ba1f15
SJ		 4173 goto unlock;
4174
6928a924 4175 data = hci_find_remote_oob_data(hdev, &ev->bdaddr, BDADDR_BREDR);
6665d057
MH		 4176 if (!data) {
4177 struct hci_cp_remote_oob_data_neg_reply cp;
519ca9d0 4178
6665d057
MH		 4179 bacpy(&cp.bdaddr, &ev->bdaddr);
4180 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_NEG_REPLY,
4181 sizeof(cp), &cp);
4182 goto unlock;
4183 }
2763eda6 4184
6665d057
MH		 4185 if (bredr_sc_enabled(hdev)) {
4186 struct hci_cp_remote_oob_ext_data_reply cp;
519ca9d0 4187
6665d057
MH		 4188 bacpy(&cp.bdaddr, &ev->bdaddr);
4189 if (test_bit(HCI_SC_ONLY, &hdev->dev_flags)) {
4190 memset(cp.hash192, 0, sizeof(cp.hash192));
4191 memset(cp.rand192, 0, sizeof(cp.rand192));
4192 } else {
4193 memcpy(cp.hash192, data->hash192, sizeof(cp.hash192));
4194 memcpy(cp.rand192, data->rand192, sizeof(cp.rand192));
519ca9d0 4195 }
6665d057
MH		 4196 memcpy(cp.hash256, data->hash256, sizeof(cp.hash256));
4197 memcpy(cp.rand256, data->rand256, sizeof(cp.rand256));
4198
4199 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_EXT_DATA_REPLY,
4200 sizeof(cp), &cp);
2763eda6 4201 } else {
6665d057 4202 struct hci_cp_remote_oob_data_reply cp;
2763eda6
SJ		 4203
4204 bacpy(&cp.bdaddr, &ev->bdaddr);
6665d057
MH		 4205 memcpy(cp.hash, data->hash192, sizeof(cp.hash));
4206 memcpy(cp.rand, data->rand192, sizeof(cp.rand));
4207
4208 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_REPLY,
519ca9d0 4209 sizeof(cp), &cp);
2763eda6
SJ		 4210 }
4211
e1ba1f15 4212unlock:
2763eda6
SJ		 4213 hci_dev_unlock(hdev);
4214}
4215
d5e91192
AE		 4216static void hci_phy_link_complete_evt(struct hci_dev *hdev,
4217 struct sk_buff *skb)
4218{
4219 struct hci_ev_phy_link_complete *ev = (void *) skb->data;
4220 struct hci_conn *hcon, *bredr_hcon;
4221
4222 BT_DBG("%s handle 0x%2.2x status 0x%2.2x", hdev->name, ev->phy_handle,
4223 ev->status);
4224
4225 hci_dev_lock(hdev);
4226
4227 hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
4228 if (!hcon) {
4229 hci_dev_unlock(hdev);
4230 return;
4231 }
4232
4233 if (ev->status) {
4234 hci_conn_del(hcon);
4235 hci_dev_unlock(hdev);
4236 return;
4237 }
4238
4239 bredr_hcon = hcon->amp_mgr->l2cap_conn->hcon;
4240
4241 hcon->state = BT_CONNECTED;
4242 bacpy(&hcon->dst, &bredr_hcon->dst);
4243
4244 hci_conn_hold(hcon);
4245 hcon->disc_timeout = HCI_DISCONN_TIMEOUT;
76a68ba0 4246 hci_conn_drop(hcon);
d5e91192 4247
23b9ceb7 4248 hci_debugfs_create_conn(hcon);
d5e91192
AE		 4249 hci_conn_add_sysfs(hcon);
4250
cf70ff22 4251 amp_physical_cfm(bredr_hcon, hcon);
d5e91192 4252
cf70ff22 4253 hci_dev_unlock(hdev);
d5e91192
AE		 4254}
4255
27695fb4
AE		 4256static void hci_loglink_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
4257{
4258 struct hci_ev_logical_link_complete *ev = (void *) skb->data;
4259 struct hci_conn *hcon;
4260 struct hci_chan *hchan;
4261 struct amp_mgr *mgr;
4262
4263 BT_DBG("%s log_handle 0x%4.4x phy_handle 0x%2.2x status 0x%2.2x",
4264 hdev->name, le16_to_cpu(ev->handle), ev->phy_handle,
4265 ev->status);
4266
4267 hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
4268 if (!hcon)
4269 return;
4270
4271 /* Create AMP hchan */
4272 hchan = hci_chan_create(hcon);
4273 if (!hchan)
4274 return;
4275
4276 hchan->handle = le16_to_cpu(ev->handle);
4277
4278 BT_DBG("hcon %p mgr %p hchan %p", hcon, hcon->amp_mgr, hchan);
4279
4280 mgr = hcon->amp_mgr;
4281 if (mgr && mgr->bredr_chan) {
4282 struct l2cap_chan *bredr_chan = mgr->bredr_chan;
4283
4284 l2cap_chan_lock(bredr_chan);
4285
4286 bredr_chan->conn->mtu = hdev->block_mtu;
4287 l2cap_logical_cfm(bredr_chan, hchan, 0);
4288 hci_conn_hold(hcon);
4289
4290 l2cap_chan_unlock(bredr_chan);
4291 }
4292}
4293
606e2a10
AE		 4294static void hci_disconn_loglink_complete_evt(struct hci_dev *hdev,
4295 struct sk_buff *skb)
4296{
4297 struct hci_ev_disconn_logical_link_complete *ev = (void *) skb->data;
4298 struct hci_chan *hchan;
4299
4300 BT_DBG("%s log handle 0x%4.4x status 0x%2.2x", hdev->name,
4301 le16_to_cpu(ev->handle), ev->status);
4302
4303 if (ev->status)
4304 return;
4305
4306 hci_dev_lock(hdev);
4307
4308 hchan = hci_chan_lookup_handle(hdev, le16_to_cpu(ev->handle));
4309 if (!hchan)
4310 goto unlock;
4311
4312 amp_destroy_logical_link(hchan, ev->reason);
4313
4314unlock:
4315 hci_dev_unlock(hdev);
4316}
4317
9eef6b3a
AE		 4318static void hci_disconn_phylink_complete_evt(struct hci_dev *hdev,
4319 struct sk_buff *skb)
4320{
4321 struct hci_ev_disconn_phy_link_complete *ev = (void *) skb->data;
4322 struct hci_conn *hcon;
4323
4324 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
4325
4326 if (ev->status)
4327 return;
4328
4329 hci_dev_lock(hdev);
4330
4331 hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
4332 if (hcon) {
4333 hcon->state = BT_CLOSED;
4334 hci_conn_del(hcon);
4335 }
4336
4337 hci_dev_unlock(hdev);
4338}
4339
6039aa73 4340static void hci_le_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
fcd89c09
VT		 4341{
4342 struct hci_ev_le_conn_complete *ev = (void *) skb->data;
912b42ef 4343 struct hci_conn_params *params;
fcd89c09 4344 struct hci_conn *conn;
68d6f6de 4345 struct smp_irk *irk;
837d502e 4346 u8 addr_type;
fcd89c09 4347
9f1db00c 4348 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
fcd89c09
VT		 4349
4350 hci_dev_lock(hdev);
4351
fbd96c15
JH		 4352 /* All controllers implicitly stop advertising in the event of a
4353 * connection, so ensure that the state bit is cleared.
4354 */
4355 clear_bit(HCI_LE_ADV, &hdev->dev_flags);
4356
b47a09b3 4357 conn = hci_conn_hash_lookup_state(hdev, LE_LINK, BT_CONNECT);
b62f328b 4358 if (!conn) {
a5c4e309 4359 conn = hci_conn_add(hdev, LE_LINK, &ev->bdaddr, ev->role);
b62f328b
VT		 4360 if (!conn) {
4361 BT_ERR("No memory for new connection");
230fd16a 4362 goto unlock;
b62f328b 4363 }
29b7988a
AG		 4364
4365 conn->dst_type = ev->bdaddr_type;
b9b343d2 4366
cb1d68f7
JH		 4367 /* If we didn't have a hci_conn object previously
4368 * but we're in master role this must be something
4369 * initiated using a white list. Since white list based
4370 * connections are not "first class citizens" we don't
4371 * have full tracking of them. Therefore, we go ahead
4372 * with a "best effort" approach of determining the
4373 * initiator address based on the HCI_PRIVACY flag.
4374 */
4375 if (conn->out) {
4376 conn->resp_addr_type = ev->bdaddr_type;
4377 bacpy(&conn->resp_addr, &ev->bdaddr);
4378 if (test_bit(HCI_PRIVACY, &hdev->dev_flags)) {
4379 conn->init_addr_type = ADDR_LE_DEV_RANDOM;
4380 bacpy(&conn->init_addr, &hdev->rpa);
4381 } else {
4382 hci_copy_identity_address(hdev,
4383 &conn->init_addr,
4384 &conn->init_addr_type);
4385 }
cb1d68f7 4386 }
9489eca4
JH		 4387 } else {
4388 cancel_delayed_work(&conn->le_conn_timeout);
b62f328b 4389 }
fcd89c09 4390
80c24ab8
JH		 4391 if (!conn->out) {
4392 /* Set the responder (our side) address type based on
4393 * the advertising address type.
4394 */
4395 conn->resp_addr_type = hdev->adv_addr_type;
4396 if (hdev->adv_addr_type == ADDR_LE_DEV_RANDOM)
4397 bacpy(&conn->resp_addr, &hdev->random_addr);
4398 else
4399 bacpy(&conn->resp_addr, &hdev->bdaddr);
4400
4401 conn->init_addr_type = ev->bdaddr_type;
4402 bacpy(&conn->init_addr, &ev->bdaddr);
a720d735
MH		 4403
4404 /* For incoming connections, set the default minimum
4405 * and maximum connection interval. They will be used
4406 * to check if the parameters are in range and if not
4407 * trigger the connection update procedure.
4408 */
4409 conn->le_conn_min_interval = hdev->le_conn_min_interval;
4410 conn->le_conn_max_interval = hdev->le_conn_max_interval;
80c24ab8 4411 }
7be2edbb 4412
edb4b466
MH		 4413 /* Lookup the identity address from the stored connection
4414 * address and address type.
4415 *
4416 * When establishing connections to an identity address, the
4417 * connection procedure will store the resolvable random
4418 * address first. Now if it can be converted back into the
4419 * identity address, start using the identity address from
4420 * now on.
4421 */
4422 irk = hci_get_irk(hdev, &conn->dst, conn->dst_type);
68d6f6de
JH		 4423 if (irk) {
4424 bacpy(&conn->dst, &irk->bdaddr);
4425 conn->dst_type = irk->addr_type;
4426 }
4427
2d3c2260
JH		 4428 if (ev->status) {
4429 hci_le_conn_failed(conn, ev->status);
837d502e
JH		 4430 goto unlock;
4431 }
4432
08853f18
JH		 4433 if (conn->dst_type == ADDR_LE_DEV_PUBLIC)
4434 addr_type = BDADDR_LE_PUBLIC;
4435 else
4436 addr_type = BDADDR_LE_RANDOM;
4437
2d3c2260
JH		 4438 /* Drop the connection if the device is blocked */
4439 if (hci_bdaddr_list_lookup(&hdev->blacklist, &conn->dst, addr_type)) {
4440 hci_conn_drop(conn);
cd17decb
AG		 4441 goto unlock;
4442 }
4443
b644ba33 4444 if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
48ec92fa 4445 mgmt_device_connected(hdev, conn, 0, NULL, 0);
83bc71b4 4446
7b5c0d52 4447 conn->sec_level = BT_SECURITY_LOW;
fcd89c09
VT		 4448 conn->handle = __le16_to_cpu(ev->handle);
4449 conn->state = BT_CONNECTED;
4450
e04fde60
MH		 4451 conn->le_conn_interval = le16_to_cpu(ev->interval);
4452 conn->le_conn_latency = le16_to_cpu(ev->latency);
4453 conn->le_supv_timeout = le16_to_cpu(ev->supervision_timeout);
4454
23b9ceb7 4455 hci_debugfs_create_conn(conn);
fcd89c09
VT		 4456 hci_conn_add_sysfs(conn);
4457
4458 hci_proto_connect_cfm(conn, ev->status);
4459
5477610f
JH		 4460 params = hci_pend_le_action_lookup(&hdev->pend_le_conns, &conn->dst,
4461 conn->dst_type);
f161dd41 4462 if (params) {
95305baa 4463 list_del_init(&params->action);
f161dd41
JH		 4464 if (params->conn) {
4465 hci_conn_drop(params->conn);
f8aaf9b6 4466 hci_conn_put(params->conn);
f161dd41
JH		 4467 params->conn = NULL;
4468 }
4469 }
a4790dbd 4470
fcd89c09 4471unlock:
223683a5 4472 hci_update_background_scan(hdev);
fcd89c09
VT		 4473 hci_dev_unlock(hdev);
4474}
4475
1855d92d
MH		 4476static void hci_le_conn_update_complete_evt(struct hci_dev *hdev,
4477 struct sk_buff *skb)
4478{
4479 struct hci_ev_le_conn_update_complete *ev = (void *) skb->data;
4480 struct hci_conn *conn;
4481
4482 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
4483
4484 if (ev->status)
4485 return;
4486
4487 hci_dev_lock(hdev);
4488
4489 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
4490 if (conn) {
4491 conn->le_conn_interval = le16_to_cpu(ev->interval);
4492 conn->le_conn_latency = le16_to_cpu(ev->latency);
4493 conn->le_supv_timeout = le16_to_cpu(ev->supervision_timeout);
4494 }
4495
4496 hci_dev_unlock(hdev);
4497}
4498
a4790dbd 4499/* This function requires the caller holds hdev->lock */
fd45ada9
AA		 4500static struct hci_conn *check_pending_le_conn(struct hci_dev *hdev,
4501 bdaddr_t *addr,
4502 u8 addr_type, u8 adv_type)
a4790dbd
AG		 4503{
4504 struct hci_conn *conn;
4b9e7e75 4505 struct hci_conn_params *params;
a4790dbd 4506
1c1abcab
JH		 4507 /* If the event is not connectable don't proceed further */
4508 if (adv_type != LE_ADV_IND && adv_type != LE_ADV_DIRECT_IND)
fd45ada9 4509 return NULL;
1c1abcab
JH		 4510
4511 /* Ignore if the device is blocked */
dcc36c16 4512 if (hci_bdaddr_list_lookup(&hdev->blacklist, addr, addr_type))
fd45ada9 4513 return NULL;
1c1abcab 4514
f99353cf
JH		 4515 /* Most controller will fail if we try to create new connections
4516 * while we have an existing one in slave role.
4517 */
4518 if (hdev->conn_hash.le_num_slave > 0)
fd45ada9 4519 return NULL;
f99353cf 4520
1c1abcab
JH		 4521 /* If we're not connectable only connect devices that we have in
4522 * our pend_le_conns list.
4523 */
4b9e7e75
MH		 4524 params = hci_pend_le_action_lookup(&hdev->pend_le_conns,
4525 addr, addr_type);
4526 if (!params)
fd45ada9 4527 return NULL;
4b9e7e75
MH		 4528
4529 switch (params->auto_connect) {
4530 case HCI_AUTO_CONN_DIRECT:
4531 /* Only devices advertising with ADV_DIRECT_IND are
4532 * triggering a connection attempt. This is allowing
4533 * incoming connections from slave devices.
4534 */
4535 if (adv_type != LE_ADV_DIRECT_IND)
fd45ada9 4536 return NULL;
4b9e7e75
MH		 4537 break;
4538 case HCI_AUTO_CONN_ALWAYS:
4539 /* Devices advertising with ADV_IND or ADV_DIRECT_IND
4540 * are triggering a connection attempt. This means
4541 * that incoming connectioms from slave device are
4542 * accepted and also outgoing connections to slave
4543 * devices are established when found.
4544 */
4545 break;
4546 default:
fd45ada9 4547 return NULL;
4b9e7e75 4548 }
a4790dbd
AG		 4549
4550 conn = hci_connect_le(hdev, addr, addr_type, BT_SECURITY_LOW,
e804d25d 4551 HCI_LE_AUTOCONN_TIMEOUT, HCI_ROLE_MASTER);
f161dd41
JH		 4552 if (!IS_ERR(conn)) {
4553 /* Store the pointer since we don't really have any
4554 * other owner of the object besides the params that
4555 * triggered it. This way we can abort the connection if
4556 * the parameters get removed and keep the reference
4557 * count consistent once the connection is established.
4558 */
f8aaf9b6 4559 params->conn = hci_conn_get(conn);
fd45ada9 4560 return conn;
f161dd41 4561 }
a4790dbd
AG		 4562
4563 switch (PTR_ERR(conn)) {
4564 case -EBUSY:
4565 /* If hci_connect() returns -EBUSY it means there is already
4566 * an LE connection attempt going on. Since controllers don't
4567 * support more than one connection attempt at the time, we
4568 * don't consider this an error case.
4569 */
4570 break;
4571 default:
4572 BT_DBG("Failed to connect: err %ld", PTR_ERR(conn));
fd45ada9 4573 return NULL;
a4790dbd 4574 }
fd45ada9
AA		 4575
4576 return NULL;
a4790dbd
AG		 4577}
4578
4af605d8 4579static void process_adv_report(struct hci_dev *hdev, u8 type, bdaddr_t *bdaddr,
2f010b55
MH		 4580 u8 bdaddr_type, bdaddr_t *direct_addr,
4581 u8 direct_addr_type, s8 rssi, u8 *data, u8 len)
4af605d8 4582{
b9a6328f 4583 struct discovery_state *d = &hdev->discovery;
1c1abcab 4584 struct smp_irk *irk;
fd45ada9 4585 struct hci_conn *conn;
474ee066 4586 bool match;
c70a7e4c 4587 u32 flags;
b9a6328f 4588
2f010b55
MH		 4589 /* If the direct address is present, then this report is from
4590 * a LE Direct Advertising Report event. In that case it is
4591 * important to see if the address is matching the local
4592 * controller address.
4593 */
4594 if (direct_addr) {
4595 /* Only resolvable random addresses are valid for these
4596 * kind of reports and others can be ignored.
4597 */
4598 if (!hci_bdaddr_is_rpa(direct_addr, direct_addr_type))
4599 return;
4600
4601 /* If the controller is not using resolvable random
4602 * addresses, then this report can be ignored.
4603 */
4604 if (!test_bit(HCI_PRIVACY, &hdev->dev_flags))
4605 return;
4606
4607 /* If the local IRK of the controller does not match
4608 * with the resolvable random address provided, then
4609 * this report can be ignored.
4610 */
4611 if (!smp_irk_matches(hdev, hdev->irk, direct_addr))
4612 return;
4613 }
4614
1c1abcab
JH		 4615 /* Check if we need to convert to identity address */
4616 irk = hci_get_irk(hdev, bdaddr, bdaddr_type);
4617 if (irk) {
4618 bdaddr = &irk->bdaddr;
4619 bdaddr_type = irk->addr_type;
4620 }
4621
4622 /* Check if we have been requested to connect to this device */
fd45ada9
AA		 4623 conn = check_pending_le_conn(hdev, bdaddr, bdaddr_type, type);
4624 if (conn && type == LE_ADV_IND) {
4625 /* Store report for later inclusion by
4626 * mgmt_device_connected
4627 */
4628 memcpy(conn->le_adv_data, data, len);
4629 conn->le_adv_data_len = len;
4630 }
1c1abcab 4631
0d2bf134
JH		 4632 /* Passive scanning shouldn't trigger any device found events,
4633 * except for devices marked as CONN_REPORT for which we do send
4634 * device found events.
4635 */
ca5c4be7 4636 if (hdev->le_scan_type == LE_SCAN_PASSIVE) {
0d2bf134
JH		 4637 if (type == LE_ADV_DIRECT_IND)
4638 return;
4639
3a19b6fe
JH		 4640 if (!hci_pend_le_action_lookup(&hdev->pend_le_reports,
4641 bdaddr, bdaddr_type))
0d2bf134
JH		 4642 return;
4643
4644 if (type == LE_ADV_NONCONN_IND || type == LE_ADV_SCAN_IND)
4645 flags = MGMT_DEV_FOUND_NOT_CONNECTABLE;
4646 else
4647 flags = 0;
4648 mgmt_device_found(hdev, bdaddr, LE_LINK, bdaddr_type, NULL,
4649 rssi, flags, data, len, NULL, 0);
97bf2e99 4650 return;
ca5c4be7 4651 }
4af605d8 4652
c70a7e4c
MH		 4653 /* When receiving non-connectable or scannable undirected
4654 * advertising reports, this means that the remote device is
4655 * not connectable and then clearly indicate this in the
4656 * device found event.
4657 *
4658 * When receiving a scan response, then there is no way to
4659 * know if the remote device is connectable or not. However
4660 * since scan responses are merged with a previously seen
4661 * advertising report, the flags field from that report
4662 * will be used.
4663 *
4664 * In the really unlikely case that a controller get confused
4665 * and just sends a scan response event, then it is marked as
4666 * not connectable as well.
4667 */
4668 if (type == LE_ADV_NONCONN_IND || type == LE_ADV_SCAN_IND ||
4669 type == LE_ADV_SCAN_RSP)
4670 flags = MGMT_DEV_FOUND_NOT_CONNECTABLE;
4671 else
4672 flags = 0;
4673
b9a6328f
JH		 4674 /* If there's nothing pending either store the data from this
4675 * event or send an immediate device found event if the data
4676 * should not be stored for later.
4677 */
4678 if (!has_pending_adv_report(hdev)) {
4679 /* If the report will trigger a SCAN_REQ store it for
4680 * later merging.
4681 */
4682 if (type == LE_ADV_IND || type == LE_ADV_SCAN_IND) {
4683 store_pending_adv_report(hdev, bdaddr, bdaddr_type,
c70a7e4c 4684 rssi, flags, data, len);
b9a6328f
JH		 4685 return;
4686 }
4687
4688 mgmt_device_found(hdev, bdaddr, LE_LINK, bdaddr_type, NULL,
c70a7e4c 4689 rssi, flags, data, len, NULL, 0);
b9a6328f
JH		 4690 return;
4691 }
4692
474ee066
JH		 4693 /* Check if the pending report is for the same device as the new one */
4694 match = (!bacmp(bdaddr, &d->last_adv_addr) &&
4695 bdaddr_type == d->last_adv_addr_type);
4696
b9a6328f
JH		 4697 /* If the pending data doesn't match this report or this isn't a
4698 * scan response (e.g. we got a duplicate ADV_IND) then force
4699 * sending of the pending data.
4700 */
474ee066
JH		 4701 if (type != LE_ADV_SCAN_RSP || !match) {
4702 /* Send out whatever is in the cache, but skip duplicates */
4703 if (!match)
4704 mgmt_device_found(hdev, &d->last_adv_addr, LE_LINK,
ff5cd29f 4705 d->last_adv_addr_type, NULL,
c70a7e4c 4706 d->last_adv_rssi, d->last_adv_flags,
ff5cd29f 4707 d->last_adv_data,
474ee066 4708 d->last_adv_data_len, NULL, 0);
b9a6328f
JH		 4709
4710 /* If the new report will trigger a SCAN_REQ store it for
4711 * later merging.
4712 */
4713 if (type == LE_ADV_IND || type == LE_ADV_SCAN_IND) {
4714 store_pending_adv_report(hdev, bdaddr, bdaddr_type,
c70a7e4c 4715 rssi, flags, data, len);
b9a6328f
JH		 4716 return;
4717 }
4718
4719 /* The advertising reports cannot be merged, so clear
4720 * the pending report and send out a device found event.
4721 */
4722 clear_pending_adv_report(hdev);
5c5b93e4 4723 mgmt_device_found(hdev, bdaddr, LE_LINK, bdaddr_type, NULL,
c70a7e4c 4724 rssi, flags, data, len, NULL, 0);
b9a6328f
JH		 4725 return;
4726 }
4727
4728 /* If we get here we've got a pending ADV_IND or ADV_SCAN_IND and
4729 * the new event is a SCAN_RSP. We can therefore proceed with
4730 * sending a merged device found event.
4731 */
4732 mgmt_device_found(hdev, &d->last_adv_addr, LE_LINK,
c70a7e4c 4733 d->last_adv_addr_type, NULL, rssi, d->last_adv_flags,
42bd6a56 4734 d->last_adv_data, d->last_adv_data_len, data, len);
b9a6328f 4735 clear_pending_adv_report(hdev);
4af605d8
JH		 4736}
4737
6039aa73 4738static void hci_le_adv_report_evt(struct hci_dev *hdev, struct sk_buff *skb)
9aa04c91 4739{
e95beb41
AG		 4740 u8 num_reports = skb->data[0];
4741 void *ptr = &skb->data[1];
9aa04c91 4742
a4790dbd
AG		 4743 hci_dev_lock(hdev);
4744
e95beb41
AG		 4745 while (num_reports--) {
4746 struct hci_ev_le_advertising_info *ev = ptr;
4af605d8 4747 s8 rssi;
a4790dbd 4748
3c9e9195 4749 rssi = ev->data[ev->length];
4af605d8 4750 process_adv_report(hdev, ev->evt_type, &ev->bdaddr,
2f010b55
MH		 4751 ev->bdaddr_type, NULL, 0, rssi,
4752 ev->data, ev->length);
3c9e9195 4753
e95beb41 4754 ptr += sizeof(*ev) + ev->length + 1;
9aa04c91 4755 }
a4790dbd
AG		 4756
4757 hci_dev_unlock(hdev);
9aa04c91
AG		 4758}
4759
6039aa73 4760static void hci_le_ltk_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
a7a595f6
VCG		 4761{
4762 struct hci_ev_le_ltk_req *ev = (void *) skb->data;
4763 struct hci_cp_le_ltk_reply cp;
bea710fe 4764 struct hci_cp_le_ltk_neg_reply neg;
a7a595f6 4765 struct hci_conn *conn;
c9839a11 4766 struct smp_ltk *ltk;
a7a595f6 4767
9f1db00c 4768 BT_DBG("%s handle 0x%4.4x", hdev->name, __le16_to_cpu(ev->handle));
a7a595f6
VCG		 4769
4770 hci_dev_lock(hdev);
4771
4772 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
bea710fe
VCG		 4773 if (conn == NULL)
4774 goto not_found;
a7a595f6 4775
f3a73d97 4776 ltk = hci_find_ltk(hdev, &conn->dst, conn->dst_type, conn->role);
5378bc56 4777 if (!ltk)
bea710fe
VCG		 4778 goto not_found;
4779
5378bc56
JH		 4780 if (smp_ltk_is_sc(ltk)) {
4781 /* With SC both EDiv and Rand are set to zero */
4782 if (ev->ediv || ev->rand)
4783 goto not_found;
4784 } else {
4785 /* For non-SC keys check that EDiv and Rand match */
4786 if (ev->ediv != ltk->ediv || ev->rand != ltk->rand)
4787 goto not_found;
4788 }
4789
bea710fe 4790 memcpy(cp.ltk, ltk->val, sizeof(ltk->val));
a7a595f6 4791 cp.handle = cpu_to_le16(conn->handle);
c9839a11 4792
a6f7833c 4793 conn->pending_sec_level = smp_ltk_sec_level(ltk);
a7a595f6 4794
89cbb4da 4795 conn->enc_key_size = ltk->enc_size;
a7a595f6
VCG		 4796
4797 hci_send_cmd(hdev, HCI_OP_LE_LTK_REPLY, sizeof(cp), &cp);
4798
5981a882
CT		 4799 /* Ref. Bluetooth Core SPEC pages 1975 and 2004. STK is a
4800 * temporary key used to encrypt a connection following
4801 * pairing. It is used during the Encrypted Session Setup to
4802 * distribute the keys. Later, security can be re-established
4803 * using a distributed LTK.
4804 */
2ceba539 4805 if (ltk->type == SMP_STK) {
fe59a05f 4806 set_bit(HCI_CONN_STK_ENCRYPT, &conn->flags);
970d0f1b
JH		 4807 list_del_rcu(&ltk->list);
4808 kfree_rcu(ltk, rcu);
fe59a05f
JH		 4809 } else {
4810 clear_bit(HCI_CONN_STK_ENCRYPT, &conn->flags);
c9839a11
VCG		 4811 }
4812
a7a595f6 4813 hci_dev_unlock(hdev);
bea710fe
VCG		 4814
4815 return;
4816
4817not_found:
4818 neg.handle = ev->handle;
4819 hci_send_cmd(hdev, HCI_OP_LE_LTK_NEG_REPLY, sizeof(neg), &neg);
4820 hci_dev_unlock(hdev);
a7a595f6
VCG		 4821}
4822
8e75b46a
AG		 4823static void send_conn_param_neg_reply(struct hci_dev *hdev, u16 handle,
4824 u8 reason)
4825{
4826 struct hci_cp_le_conn_param_req_neg_reply cp;
4827
4828 cp.handle = cpu_to_le16(handle);
4829 cp.reason = reason;
4830
4831 hci_send_cmd(hdev, HCI_OP_LE_CONN_PARAM_REQ_NEG_REPLY, sizeof(cp),
4832 &cp);
4833}
4834
4835static void hci_le_remote_conn_param_req_evt(struct hci_dev *hdev,
4836 struct sk_buff *skb)
4837{
4838 struct hci_ev_le_remote_conn_param_req *ev = (void *) skb->data;
4839 struct hci_cp_le_conn_param_req_reply cp;
4840 struct hci_conn *hcon;
4841 u16 handle, min, max, latency, timeout;
4842
4843 handle = le16_to_cpu(ev->handle);
4844 min = le16_to_cpu(ev->interval_min);
4845 max = le16_to_cpu(ev->interval_max);
4846 latency = le16_to_cpu(ev->latency);
4847 timeout = le16_to_cpu(ev->timeout);
4848
4849 hcon = hci_conn_hash_lookup_handle(hdev, handle);
4850 if (!hcon || hcon->state != BT_CONNECTED)
4851 return send_conn_param_neg_reply(hdev, handle,
4852 HCI_ERROR_UNKNOWN_CONN_ID);
4853
4854 if (hci_check_conn_params(min, max, latency, timeout))
4855 return send_conn_param_neg_reply(hdev, handle,
4856 HCI_ERROR_INVALID_LL_PARAMS);
4857
40bef302 4858 if (hcon->role == HCI_ROLE_MASTER) {
348d50b8 4859 struct hci_conn_params *params;
f4869e2a 4860 u8 store_hint;
348d50b8
JH		 4861
4862 hci_dev_lock(hdev);
4863
4864 params = hci_conn_params_lookup(hdev, &hcon->dst,
4865 hcon->dst_type);
4866 if (params) {
4867 params->conn_min_interval = min;
4868 params->conn_max_interval = max;
4869 params->conn_latency = latency;
4870 params->supervision_timeout = timeout;
f4869e2a
JH		 4871 store_hint = 0x01;
4872 } else{
4873 store_hint = 0x00;
348d50b8
JH		 4874 }
4875
4876 hci_dev_unlock(hdev);
4877
f4869e2a
JH		 4878 mgmt_new_conn_param(hdev, &hcon->dst, hcon->dst_type,
4879 store_hint, min, max, latency, timeout);
348d50b8 4880 }
ffb5a827 4881
8e75b46a
AG		 4882 cp.handle = ev->handle;
4883 cp.interval_min = ev->interval_min;
4884 cp.interval_max = ev->interval_max;
4885 cp.latency = ev->latency;
4886 cp.timeout = ev->timeout;
4887 cp.min_ce_len = 0;
4888 cp.max_ce_len = 0;
4889
4890 hci_send_cmd(hdev, HCI_OP_LE_CONN_PARAM_REQ_REPLY, sizeof(cp), &cp);
4891}
4892
2f010b55
MH		 4893static void hci_le_direct_adv_report_evt(struct hci_dev *hdev,
4894 struct sk_buff *skb)
4895{
4896 u8 num_reports = skb->data[0];
4897 void *ptr = &skb->data[1];
4898
4899 hci_dev_lock(hdev);
4900
4901 while (num_reports--) {
4902 struct hci_ev_le_direct_adv_info *ev = ptr;
4903
4904 process_adv_report(hdev, ev->evt_type, &ev->bdaddr,
4905 ev->bdaddr_type, &ev->direct_addr,
4906 ev->direct_addr_type, ev->rssi, NULL, 0);
4907
4908 ptr += sizeof(*ev);
4909 }
4910
4911 hci_dev_unlock(hdev);
4912}
4913
6039aa73 4914static void hci_le_meta_evt(struct hci_dev *hdev, struct sk_buff *skb)
fcd89c09
VT		 4915{
4916 struct hci_ev_le_meta *le_ev = (void *) skb->data;
4917
4918 skb_pull(skb, sizeof(*le_ev));
4919
4920 switch (le_ev->subevent) {
4921 case HCI_EV_LE_CONN_COMPLETE:
4922 hci_le_conn_complete_evt(hdev, skb);
4923 break;
4924
1855d92d
MH		 4925 case HCI_EV_LE_CONN_UPDATE_COMPLETE:
4926 hci_le_conn_update_complete_evt(hdev, skb);
4927 break;
4928
9aa04c91
AG		 4929 case HCI_EV_LE_ADVERTISING_REPORT:
4930 hci_le_adv_report_evt(hdev, skb);
4931 break;
4932
a7a595f6
VCG		 4933 case HCI_EV_LE_LTK_REQ:
4934 hci_le_ltk_request_evt(hdev, skb);
4935 break;
4936
8e75b46a
AG		 4937 case HCI_EV_LE_REMOTE_CONN_PARAM_REQ:
4938 hci_le_remote_conn_param_req_evt(hdev, skb);
4939 break;
4940
2f010b55
MH		 4941 case HCI_EV_LE_DIRECT_ADV_REPORT:
4942 hci_le_direct_adv_report_evt(hdev, skb);
4943 break;
4944
fcd89c09
VT		 4945 default:
4946 break;
4947 }
4948}
4949
9495b2ee
AE		 4950static void hci_chan_selected_evt(struct hci_dev *hdev, struct sk_buff *skb)
4951{
4952 struct hci_ev_channel_selected *ev = (void *) skb->data;
4953 struct hci_conn *hcon;
4954
4955 BT_DBG("%s handle 0x%2.2x", hdev->name, ev->phy_handle);
4956
4957 skb_pull(skb, sizeof(*ev));
4958
4959 hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
4960 if (!hcon)
4961 return;
4962
4963 amp_read_loc_assoc_final_data(hdev, hcon);
4964}
4965
a9de9248
MH		 4966void hci_event_packet(struct hci_dev *hdev, struct sk_buff *skb)
4967{
4968 struct hci_event_hdr *hdr = (void *) skb->data;
4969 __u8 event = hdr->evt;
4970
b6ddb638
JH		 4971 hci_dev_lock(hdev);
4972
4973 /* Received events are (currently) only needed when a request is
4974 * ongoing so avoid unnecessary memory allocation.
4975 */
899de765 4976 if (hci_req_pending(hdev)) {
b6ddb638
JH		 4977 kfree_skb(hdev->recv_evt);
4978 hdev->recv_evt = skb_clone(skb, GFP_KERNEL);
4979 }
4980
4981 hci_dev_unlock(hdev);
4982
a9de9248
MH		 4983 skb_pull(skb, HCI_EVENT_HDR_SIZE);
4984
02350a72 4985 if (hdev->sent_cmd && bt_cb(hdev->sent_cmd)->req.event == event) {
c1f23a2b
JB		 4986 struct hci_command_hdr *cmd_hdr = (void *) hdev->sent_cmd->data;
4987 u16 opcode = __le16_to_cpu(cmd_hdr->opcode);
02350a72
JH		 4988
4989 hci_req_cmd_complete(hdev, opcode, 0);
4990 }
4991
a9de9248 4992 switch (event) {
1da177e4
LT		 4993 case HCI_EV_INQUIRY_COMPLETE:
4994 hci_inquiry_complete_evt(hdev, skb);
4995 break;
4996
4997 case HCI_EV_INQUIRY_RESULT:
4998 hci_inquiry_result_evt(hdev, skb);
4999 break;
5000
a9de9248
MH		 5001 case HCI_EV_CONN_COMPLETE:
5002 hci_conn_complete_evt(hdev, skb);
21d9e30e
MH		 5003 break;
5004
1da177e4
LT		 5005 case HCI_EV_CONN_REQUEST:
5006 hci_conn_request_evt(hdev, skb);
5007 break;
5008
1da177e4
LT		 5009 case HCI_EV_DISCONN_COMPLETE:
5010 hci_disconn_complete_evt(hdev, skb);
5011 break;
5012
1da177e4
LT		 5013 case HCI_EV_AUTH_COMPLETE:
5014 hci_auth_complete_evt(hdev, skb);
5015 break;
5016
a9de9248
MH		 5017 case HCI_EV_REMOTE_NAME:
5018 hci_remote_name_evt(hdev, skb);
5019 break;
5020
1da177e4
LT		 5021 case HCI_EV_ENCRYPT_CHANGE:
5022 hci_encrypt_change_evt(hdev, skb);
5023 break;
5024
a9de9248
MH		 5025 case HCI_EV_CHANGE_LINK_KEY_COMPLETE:
5026 hci_change_link_key_complete_evt(hdev, skb);
5027 break;
5028
5029 case HCI_EV_REMOTE_FEATURES:
5030 hci_remote_features_evt(hdev, skb);
5031 break;
5032
a9de9248
MH		 5033 case HCI_EV_CMD_COMPLETE:
5034 hci_cmd_complete_evt(hdev, skb);
5035 break;
5036
5037 case HCI_EV_CMD_STATUS:
5038 hci_cmd_status_evt(hdev, skb);
5039 break;
5040
24dfa343
MH		 5041 case HCI_EV_HARDWARE_ERROR:
5042 hci_hardware_error_evt(hdev, skb);
5043 break;
5044
a9de9248
MH		 5045 case HCI_EV_ROLE_CHANGE:
5046 hci_role_change_evt(hdev, skb);
5047 break;
5048
5049 case HCI_EV_NUM_COMP_PKTS:
5050 hci_num_comp_pkts_evt(hdev, skb);
5051 break;
5052
5053 case HCI_EV_MODE_CHANGE:
5054 hci_mode_change_evt(hdev, skb);
1da177e4
LT		 5055 break;
5056
5057 case HCI_EV_PIN_CODE_REQ:
5058 hci_pin_code_request_evt(hdev, skb);
5059 break;
5060
5061 case HCI_EV_LINK_KEY_REQ:
5062 hci_link_key_request_evt(hdev, skb);
5063 break;
5064
5065 case HCI_EV_LINK_KEY_NOTIFY:
5066 hci_link_key_notify_evt(hdev, skb);
5067 break;
5068
5069 case HCI_EV_CLOCK_OFFSET:
5070 hci_clock_offset_evt(hdev, skb);
5071 break;
5072
a8746417
MH		 5073 case HCI_EV_PKT_TYPE_CHANGE:
5074 hci_pkt_type_change_evt(hdev, skb);
5075 break;
5076
85a1e930
MH		 5077 case HCI_EV_PSCAN_REP_MODE:
5078 hci_pscan_rep_mode_evt(hdev, skb);
5079 break;
5080
a9de9248
MH		 5081 case HCI_EV_INQUIRY_RESULT_WITH_RSSI:
5082 hci_inquiry_result_with_rssi_evt(hdev, skb);
04837f64
MH		 5083 break;
5084
a9de9248
MH		 5085 case HCI_EV_REMOTE_EXT_FEATURES:
5086 hci_remote_ext_features_evt(hdev, skb);
1da177e4
LT		 5087 break;
5088
a9de9248
MH		 5089 case HCI_EV_SYNC_CONN_COMPLETE:
5090 hci_sync_conn_complete_evt(hdev, skb);
5091 break;
1da177e4 5092
a9de9248
MH		 5093 case HCI_EV_EXTENDED_INQUIRY_RESULT:
5094 hci_extended_inquiry_result_evt(hdev, skb);
5095 break;
1da177e4 5096
1c2e0041
JH		 5097 case HCI_EV_KEY_REFRESH_COMPLETE:
5098 hci_key_refresh_complete_evt(hdev, skb);
5099 break;
5100
0493684e
MH		 5101 case HCI_EV_IO_CAPA_REQUEST:
5102 hci_io_capa_request_evt(hdev, skb);
5103 break;
5104
03b555e1
JH		 5105 case HCI_EV_IO_CAPA_REPLY:
5106 hci_io_capa_reply_evt(hdev, skb);
5107 break;
5108
a5c29683
JH		 5109 case HCI_EV_USER_CONFIRM_REQUEST:
5110 hci_user_confirm_request_evt(hdev, skb);
5111 break;
5112
1143d458
BG		 5113 case HCI_EV_USER_PASSKEY_REQUEST:
5114 hci_user_passkey_request_evt(hdev, skb);
5115 break;
5116
92a25256
JH		 5117 case HCI_EV_USER_PASSKEY_NOTIFY:
5118 hci_user_passkey_notify_evt(hdev, skb);
5119 break;
5120
5121 case HCI_EV_KEYPRESS_NOTIFY:
5122 hci_keypress_notify_evt(hdev, skb);
5123 break;
5124
0493684e
MH		 5125 case HCI_EV_SIMPLE_PAIR_COMPLETE:
5126 hci_simple_pair_complete_evt(hdev, skb);
5127 break;
5128
41a96212
MH		 5129 case HCI_EV_REMOTE_HOST_FEATURES:
5130 hci_remote_host_features_evt(hdev, skb);
5131 break;
5132
fcd89c09
VT		 5133 case HCI_EV_LE_META:
5134 hci_le_meta_evt(hdev, skb);
5135 break;
5136
9495b2ee
AE		 5137 case HCI_EV_CHANNEL_SELECTED:
5138 hci_chan_selected_evt(hdev, skb);
5139 break;
5140
2763eda6
SJ		 5141 case HCI_EV_REMOTE_OOB_DATA_REQUEST:
5142 hci_remote_oob_data_request_evt(hdev, skb);
5143 break;
5144
d5e91192
AE		 5145 case HCI_EV_PHY_LINK_COMPLETE:
5146 hci_phy_link_complete_evt(hdev, skb);
5147 break;
5148
27695fb4
AE		 5149 case HCI_EV_LOGICAL_LINK_COMPLETE:
5150 hci_loglink_complete_evt(hdev, skb);
5151 break;
5152
606e2a10
AE		 5153 case HCI_EV_DISCONN_LOGICAL_LINK_COMPLETE:
5154 hci_disconn_loglink_complete_evt(hdev, skb);
5155 break;
5156
9eef6b3a
AE		 5157 case HCI_EV_DISCONN_PHY_LINK_COMPLETE:
5158 hci_disconn_phylink_complete_evt(hdev, skb);
5159 break;
5160
25e89e99
AE		 5161 case HCI_EV_NUM_COMP_BLOCKS:
5162 hci_num_comp_blocks_evt(hdev, skb);
5163 break;
5164
a9de9248 5165 default:
9f1db00c 5166 BT_DBG("%s event 0x%2.2x", hdev->name, event);
1da177e4
LT		 5167 break;
5168 }
5169
5170 kfree_skb(skb);
5171 hdev->stat.evt_rx++;
5172}
Linux 6.x block layer and io_uring tree(s)