projects / deliverable / linux.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
arch: Mass conversion of smp_mb__*()
[deliverable/linux.git] / net / bluetooth / hci_event.c
CommitLineData
8e87d142 1/*
1da177e4 2 BlueZ - Bluetooth protocol stack for Linux
2d0a0346 3 Copyright (c) 2000-2001, 2010, Code Aurora Forum. All rights reserved.
1da177e4
LT		 4
5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
8e87d142
YH		 15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
1da177e4
LT		 18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
8e87d142
YH		 20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
1da177e4
LT		 22 SOFTWARE IS DISCLAIMED.
23*/
24
25/* Bluetooth HCI event handling. */
26
1da177e4
LT		 27#include <asm/unaligned.h>
28
29#include <net/bluetooth/bluetooth.h>
30#include <net/bluetooth/hci_core.h>
f0d6a0ea 31#include <net/bluetooth/mgmt.h>
7ef9fbf0 32
7024728e 33#include "a2mp.h"
7ef9fbf0 34#include "amp.h"
1da177e4 35
1da177e4
LT		 36/* Handle HCI Event packets */
37
a9de9248 38static void hci_cc_inquiry_cancel(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 39{
a9de9248 40 __u8 status = *((__u8 *) skb->data);
1da177e4 41
9f1db00c 42 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1da177e4 43
82f4785c 44 if (status)
a9de9248 45 return;
1da177e4 46
89352e7d 47 clear_bit(HCI_INQUIRY, &hdev->flags);
4e857c58 48 smp_mb__after_atomic(); /* wake_up_bit advises about this barrier */
3e13fa1e 49 wake_up_bit(&hdev->flags, HCI_INQUIRY);
89352e7d 50
a9de9248
MH		 51 hci_conn_check_pending(hdev);
52}
6bd57416 53
4d93483b
AG		 54static void hci_cc_periodic_inq(struct hci_dev *hdev, struct sk_buff *skb)
55{
56 __u8 status = *((__u8 *) skb->data);
57
9f1db00c 58 BT_DBG("%s status 0x%2.2x", hdev->name, status);
ae854a70
AG		 59
60 if (status)
61 return;
62
63 set_bit(HCI_PERIODIC_INQ, &hdev->dev_flags);
4d93483b
AG		 64}
65
a9de9248
MH		 66static void hci_cc_exit_periodic_inq(struct hci_dev *hdev, struct sk_buff *skb)
67{
68 __u8 status = *((__u8 *) skb->data);
6bd57416 69
9f1db00c 70 BT_DBG("%s status 0x%2.2x", hdev->name, status);
6bd57416 71
a9de9248
MH		 72 if (status)
73 return;
1da177e4 74
ae854a70
AG		 75 clear_bit(HCI_PERIODIC_INQ, &hdev->dev_flags);
76
a9de9248
MH		 77 hci_conn_check_pending(hdev);
78}
79
807deac2
GP		 80static void hci_cc_remote_name_req_cancel(struct hci_dev *hdev,
81 struct sk_buff *skb)
a9de9248
MH		 82{
83 BT_DBG("%s", hdev->name);
84}
85
86static void hci_cc_role_discovery(struct hci_dev *hdev, struct sk_buff *skb)
87{
88 struct hci_rp_role_discovery *rp = (void *) skb->data;
89 struct hci_conn *conn;
90
9f1db00c 91 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
a9de9248
MH		 92
93 if (rp->status)
94 return;
95
96 hci_dev_lock(hdev);
97
98 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
99 if (conn) {
100 if (rp->role)
101 conn->link_mode &= ~HCI_LM_MASTER;
102 else
103 conn->link_mode |= HCI_LM_MASTER;
1da177e4 104 }
a9de9248
MH		 105
106 hci_dev_unlock(hdev);
1da177e4
LT		 107}
108
e4e8e37c
MH		 109static void hci_cc_read_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
110{
111 struct hci_rp_read_link_policy *rp = (void *) skb->data;
112 struct hci_conn *conn;
113
9f1db00c 114 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
e4e8e37c
MH		 115
116 if (rp->status)
117 return;
118
119 hci_dev_lock(hdev);
120
121 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
122 if (conn)
123 conn->link_policy = __le16_to_cpu(rp->policy);
124
125 hci_dev_unlock(hdev);
126}
127
a9de9248 128static void hci_cc_write_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 129{
a9de9248 130 struct hci_rp_write_link_policy *rp = (void *) skb->data;
1da177e4 131 struct hci_conn *conn;
04837f64 132 void *sent;
1da177e4 133
9f1db00c 134 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1da177e4 135
a9de9248
MH		 136 if (rp->status)
137 return;
1da177e4 138
a9de9248
MH		 139 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LINK_POLICY);
140 if (!sent)
141 return;
1da177e4 142
a9de9248 143 hci_dev_lock(hdev);
1da177e4 144
a9de9248 145 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
e4e8e37c 146 if (conn)
83985319 147 conn->link_policy = get_unaligned_le16(sent + 2);
1da177e4 148
a9de9248
MH		 149 hci_dev_unlock(hdev);
150}
1da177e4 151
807deac2
GP		 152static void hci_cc_read_def_link_policy(struct hci_dev *hdev,
153 struct sk_buff *skb)
e4e8e37c
MH		 154{
155 struct hci_rp_read_def_link_policy *rp = (void *) skb->data;
156
9f1db00c 157 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
e4e8e37c
MH		 158
159 if (rp->status)
160 return;
161
162 hdev->link_policy = __le16_to_cpu(rp->policy);
163}
164
807deac2
GP		 165static void hci_cc_write_def_link_policy(struct hci_dev *hdev,
166 struct sk_buff *skb)
e4e8e37c
MH		 167{
168 __u8 status = *((__u8 *) skb->data);
169 void *sent;
170
9f1db00c 171 BT_DBG("%s status 0x%2.2x", hdev->name, status);
e4e8e37c
MH		 172
173 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_DEF_LINK_POLICY);
174 if (!sent)
175 return;
176
177 if (!status)
178 hdev->link_policy = get_unaligned_le16(sent);
e4e8e37c
MH		 179}
180
a9de9248
MH		 181static void hci_cc_reset(struct hci_dev *hdev, struct sk_buff *skb)
182{
183 __u8 status = *((__u8 *) skb->data);
04837f64 184
9f1db00c 185 BT_DBG("%s status 0x%2.2x", hdev->name, status);
04837f64 186
10572132
GP		 187 clear_bit(HCI_RESET, &hdev->flags);
188
a297e97c 189 /* Reset all non-persistent flags */
2cc6fb00 190 hdev->dev_flags &= ~HCI_PERSISTENT_MASK;
69775ff6
AG		 191
192 hdev->discovery.state = DISCOVERY_STOPPED;
bbaf444a
JH		 193 hdev->inq_tx_power = HCI_TX_POWER_INVALID;
194 hdev->adv_tx_power = HCI_TX_POWER_INVALID;
3f0f524b
JH		 195
196 memset(hdev->adv_data, 0, sizeof(hdev->adv_data));
197 hdev->adv_data_len = 0;
f8e808bd
MH		 198
199 memset(hdev->scan_rsp_data, 0, sizeof(hdev->scan_rsp_data));
200 hdev->scan_rsp_data_len = 0;
06f5b778 201
533553f8
MH		 202 hdev->le_scan_type = LE_SCAN_PASSIVE;
203
06f5b778 204 hdev->ssp_debug_mode = 0;
a9de9248 205}
04837f64 206
a9de9248
MH		 207static void hci_cc_write_local_name(struct hci_dev *hdev, struct sk_buff *skb)
208{
209 __u8 status = *((__u8 *) skb->data);
210 void *sent;
04837f64 211
9f1db00c 212 BT_DBG("%s status 0x%2.2x", hdev->name, status);
04837f64 213
a9de9248
MH		 214 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LOCAL_NAME);
215 if (!sent)
216 return;
04837f64 217
56e5cb86
JH		 218 hci_dev_lock(hdev);
219
f51d5b24
JH		 220 if (test_bit(HCI_MGMT, &hdev->dev_flags))
221 mgmt_set_local_name_complete(hdev, sent, status);
28cc7bde
JH		 222 else if (!status)
223 memcpy(hdev->dev_name, sent, HCI_MAX_NAME_LENGTH);
f51d5b24 224
56e5cb86 225 hci_dev_unlock(hdev);
a9de9248
MH		 226}
227
228static void hci_cc_read_local_name(struct hci_dev *hdev, struct sk_buff *skb)
229{
230 struct hci_rp_read_local_name *rp = (void *) skb->data;
231
9f1db00c 232 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
a9de9248
MH		 233
234 if (rp->status)
235 return;
236
db99b5fc
JH		 237 if (test_bit(HCI_SETUP, &hdev->dev_flags))
238 memcpy(hdev->dev_name, rp->name, HCI_MAX_NAME_LENGTH);
a9de9248
MH		 239}
240
241static void hci_cc_write_auth_enable(struct hci_dev *hdev, struct sk_buff *skb)
242{
243 __u8 status = *((__u8 *) skb->data);
244 void *sent;
245
9f1db00c 246 BT_DBG("%s status 0x%2.2x", hdev->name, status);
a9de9248
MH		 247
248 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_AUTH_ENABLE);
249 if (!sent)
250 return;
251
252 if (!status) {
253 __u8 param = *((__u8 *) sent);
254
255 if (param == AUTH_ENABLED)
256 set_bit(HCI_AUTH, &hdev->flags);
257 else
258 clear_bit(HCI_AUTH, &hdev->flags);
1da177e4 259 }
a9de9248 260
33ef95ed
JH		 261 if (test_bit(HCI_MGMT, &hdev->dev_flags))
262 mgmt_auth_enable_complete(hdev, status);
1da177e4
LT		 263}
264
a9de9248 265static void hci_cc_write_encrypt_mode(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 266{
a9de9248 267 __u8 status = *((__u8 *) skb->data);
1da177e4
LT		 268 void *sent;
269
9f1db00c 270 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1da177e4 271
a9de9248
MH		 272 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_ENCRYPT_MODE);
273 if (!sent)
274 return;
1da177e4 275
a9de9248
MH		 276 if (!status) {
277 __u8 param = *((__u8 *) sent);
278
279 if (param)
280 set_bit(HCI_ENCRYPT, &hdev->flags);
281 else
282 clear_bit(HCI_ENCRYPT, &hdev->flags);
283 }
a9de9248 284}
1da177e4 285
a9de9248
MH		 286static void hci_cc_write_scan_enable(struct hci_dev *hdev, struct sk_buff *skb)
287{
36f7fc7e
JH		 288 __u8 param, status = *((__u8 *) skb->data);
289 int old_pscan, old_iscan;
a9de9248 290 void *sent;
1da177e4 291
9f1db00c 292 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1da177e4 293
a9de9248
MH		 294 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SCAN_ENABLE);
295 if (!sent)
296 return;
1da177e4 297
36f7fc7e
JH		 298 param = *((__u8 *) sent);
299
56e5cb86
JH		 300 hci_dev_lock(hdev);
301
fa1bd918 302 if (status) {
744cf19e 303 mgmt_write_scan_failed(hdev, param, status);
2d7cee58
JH		 304 hdev->discov_timeout = 0;
305 goto done;
306 }
307
0663ca2a
JH		 308 /* We need to ensure that we set this back on if someone changed
309 * the scan mode through a raw HCI socket.
310 */
311 set_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
312
36f7fc7e
JH		 313 old_pscan = test_and_clear_bit(HCI_PSCAN, &hdev->flags);
314 old_iscan = test_and_clear_bit(HCI_ISCAN, &hdev->flags);
315
316 if (param & SCAN_INQUIRY) {
317 set_bit(HCI_ISCAN, &hdev->flags);
318 if (!old_iscan)
744cf19e 319 mgmt_discoverable(hdev, 1);
36f7fc7e 320 } else if (old_iscan)
744cf19e 321 mgmt_discoverable(hdev, 0);
36f7fc7e
JH		 322
323 if (param & SCAN_PAGE) {
324 set_bit(HCI_PSCAN, &hdev->flags);
325 if (!old_pscan)
744cf19e 326 mgmt_connectable(hdev, 1);
36f7fc7e 327 } else if (old_pscan)
744cf19e 328 mgmt_connectable(hdev, 0);
1da177e4 329
36f7fc7e 330done:
56e5cb86 331 hci_dev_unlock(hdev);
a9de9248 332}
1da177e4 333
a9de9248
MH		 334static void hci_cc_read_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
335{
336 struct hci_rp_read_class_of_dev *rp = (void *) skb->data;
1da177e4 337
9f1db00c 338 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1da177e4 339
a9de9248
MH		 340 if (rp->status)
341 return;
1da177e4 342
a9de9248 343 memcpy(hdev->dev_class, rp->dev_class, 3);
1da177e4 344
a9de9248 345 BT_DBG("%s class 0x%.2x%.2x%.2x", hdev->name,
807deac2 346 hdev->dev_class[2], hdev->dev_class[1], hdev->dev_class[0]);
a9de9248 347}
1da177e4 348
a9de9248
MH		 349static void hci_cc_write_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
350{
351 __u8 status = *((__u8 *) skb->data);
352 void *sent;
1da177e4 353
9f1db00c 354 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1da177e4 355
a9de9248
MH		 356 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_CLASS_OF_DEV);
357 if (!sent)
358 return;
1da177e4 359
7f9a903c
MH		 360 hci_dev_lock(hdev);
361
362 if (status == 0)
363 memcpy(hdev->dev_class, sent, 3);
364
365 if (test_bit(HCI_MGMT, &hdev->dev_flags))
366 mgmt_set_class_of_dev_complete(hdev, sent, status);
367
368 hci_dev_unlock(hdev);
a9de9248 369}
1da177e4 370
a9de9248
MH		 371static void hci_cc_read_voice_setting(struct hci_dev *hdev, struct sk_buff *skb)
372{
373 struct hci_rp_read_voice_setting *rp = (void *) skb->data;
374 __u16 setting;
375
9f1db00c 376 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
a9de9248
MH		 377
378 if (rp->status)
379 return;
380
381 setting = __le16_to_cpu(rp->voice_setting);
382
f383f275 383 if (hdev->voice_setting == setting)
a9de9248
MH		 384 return;
385
386 hdev->voice_setting = setting;
387
9f1db00c 388 BT_DBG("%s voice setting 0x%4.4x", hdev->name, setting);
a9de9248 389
3c54711c 390 if (hdev->notify)
a9de9248 391 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
a9de9248
MH		 392}
393
8fc9ced3
GP		 394static void hci_cc_write_voice_setting(struct hci_dev *hdev,
395 struct sk_buff *skb)
a9de9248
MH		 396{
397 __u8 status = *((__u8 *) skb->data);
f383f275 398 __u16 setting;
a9de9248
MH		 399 void *sent;
400
9f1db00c 401 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1da177e4 402
f383f275
MH		 403 if (status)
404 return;
405
a9de9248
MH		 406 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_VOICE_SETTING);
407 if (!sent)
408 return;
1da177e4 409
f383f275 410 setting = get_unaligned_le16(sent);
1da177e4 411
f383f275
MH		 412 if (hdev->voice_setting == setting)
413 return;
414
415 hdev->voice_setting = setting;
1da177e4 416
9f1db00c 417 BT_DBG("%s voice setting 0x%4.4x", hdev->name, setting);
1da177e4 418
3c54711c 419 if (hdev->notify)
f383f275 420 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
1da177e4
LT		 421}
422
b4cb9fb2
MH		 423static void hci_cc_read_num_supported_iac(struct hci_dev *hdev,
424 struct sk_buff *skb)
425{
426 struct hci_rp_read_num_supported_iac *rp = (void *) skb->data;
427
428 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
429
430 if (rp->status)
431 return;
432
433 hdev->num_iac = rp->num_iac;
434
435 BT_DBG("%s num iac %d", hdev->name, hdev->num_iac);
436}
437
333140b5
MH		 438static void hci_cc_write_ssp_mode(struct hci_dev *hdev, struct sk_buff *skb)
439{
440 __u8 status = *((__u8 *) skb->data);
5ed8eb2f 441 struct hci_cp_write_ssp_mode *sent;
333140b5 442
9f1db00c 443 BT_DBG("%s status 0x%2.2x", hdev->name, status);
333140b5 444
333140b5
MH		 445 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SSP_MODE);
446 if (!sent)
447 return;
448
5ed8eb2f
JH		 449 if (!status) {
450 if (sent->mode)
cad718ed 451 hdev->features[1][0] |= LMP_HOST_SSP;
5ed8eb2f 452 else
cad718ed 453 hdev->features[1][0] &= ~LMP_HOST_SSP;
5ed8eb2f
JH		 454 }
455
ed2c4ee3 456 if (test_bit(HCI_MGMT, &hdev->dev_flags))
5ed8eb2f 457 mgmt_ssp_enable_complete(hdev, sent->mode, status);
c0ecddc2 458 else if (!status) {
5ed8eb2f 459 if (sent->mode)
c0ecddc2
JH		 460 set_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
461 else
462 clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
463 }
333140b5
MH		 464}
465
eac83dc6
MH		 466static void hci_cc_write_sc_support(struct hci_dev *hdev, struct sk_buff *skb)
467{
468 u8 status = *((u8 *) skb->data);
469 struct hci_cp_write_sc_support *sent;
470
471 BT_DBG("%s status 0x%2.2x", hdev->name, status);
472
473 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SC_SUPPORT);
474 if (!sent)
475 return;
476
477 if (!status) {
478 if (sent->support)
479 hdev->features[1][0] |= LMP_HOST_SC;
480 else
481 hdev->features[1][0] &= ~LMP_HOST_SC;
482 }
483
484 if (test_bit(HCI_MGMT, &hdev->dev_flags))
485 mgmt_sc_enable_complete(hdev, sent->support, status);
486 else if (!status) {
487 if (sent->support)
488 set_bit(HCI_SC_ENABLED, &hdev->dev_flags);
489 else
490 clear_bit(HCI_SC_ENABLED, &hdev->dev_flags);
491 }
492}
493
a9de9248
MH		 494static void hci_cc_read_local_version(struct hci_dev *hdev, struct sk_buff *skb)
495{
496 struct hci_rp_read_local_version *rp = (void *) skb->data;
1143e5a6 497
9f1db00c 498 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1143e5a6 499
a9de9248 500 if (rp->status)
42c6b129 501 return;
1143e5a6 502
0d5551f5
MH		 503 if (test_bit(HCI_SETUP, &hdev->dev_flags)) {
504 hdev->hci_ver = rp->hci_ver;
505 hdev->hci_rev = __le16_to_cpu(rp->hci_rev);
506 hdev->lmp_ver = rp->lmp_ver;
507 hdev->manufacturer = __le16_to_cpu(rp->manufacturer);
508 hdev->lmp_subver = __le16_to_cpu(rp->lmp_subver);
509 }
d5859e22
JH		 510}
511
8fc9ced3
GP		 512static void hci_cc_read_local_commands(struct hci_dev *hdev,
513 struct sk_buff *skb)
a9de9248
MH		 514{
515 struct hci_rp_read_local_commands *rp = (void *) skb->data;
1da177e4 516
9f1db00c 517 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1da177e4 518
6a070e6e
MH		 519 if (rp->status)
520 return;
521
522 if (test_bit(HCI_SETUP, &hdev->dev_flags))
2177bab5 523 memcpy(hdev->commands, rp->commands, sizeof(hdev->commands));
a9de9248 524}
1da177e4 525
8fc9ced3
GP		 526static void hci_cc_read_local_features(struct hci_dev *hdev,
527 struct sk_buff *skb)
a9de9248
MH		 528{
529 struct hci_rp_read_local_features *rp = (void *) skb->data;
5b7f9909 530
9f1db00c 531 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1da177e4 532
a9de9248
MH		 533 if (rp->status)
534 return;
5b7f9909 535
a9de9248 536 memcpy(hdev->features, rp->features, 8);
5b7f9909 537
a9de9248
MH		 538 /* Adjust default settings according to features
539 * supported by device. */
1da177e4 540
cad718ed 541 if (hdev->features[0][0] & LMP_3SLOT)
a9de9248 542 hdev->pkt_type |= (HCI_DM3 | HCI_DH3);
1da177e4 543
cad718ed 544 if (hdev->features[0][0] & LMP_5SLOT)
a9de9248 545 hdev->pkt_type |= (HCI_DM5 | HCI_DH5);
1da177e4 546
cad718ed 547 if (hdev->features[0][1] & LMP_HV2) {
a9de9248
MH		 548 hdev->pkt_type |= (HCI_HV2);
549 hdev->esco_type |= (ESCO_HV2);
550 }
1da177e4 551
cad718ed 552 if (hdev->features[0][1] & LMP_HV3) {
a9de9248
MH		 553 hdev->pkt_type |= (HCI_HV3);
554 hdev->esco_type |= (ESCO_HV3);
555 }
1da177e4 556
45db810f 557 if (lmp_esco_capable(hdev))
a9de9248 558 hdev->esco_type |= (ESCO_EV3);
da1f5198 559
cad718ed 560 if (hdev->features[0][4] & LMP_EV4)
a9de9248 561 hdev->esco_type |= (ESCO_EV4);
da1f5198 562
cad718ed 563 if (hdev->features[0][4] & LMP_EV5)
a9de9248 564 hdev->esco_type |= (ESCO_EV5);
1da177e4 565
cad718ed 566 if (hdev->features[0][5] & LMP_EDR_ESCO_2M)
efc7688b
MH		 567 hdev->esco_type |= (ESCO_2EV3);
568
cad718ed 569 if (hdev->features[0][5] & LMP_EDR_ESCO_3M)
efc7688b
MH		 570 hdev->esco_type |= (ESCO_3EV3);
571
cad718ed 572 if (hdev->features[0][5] & LMP_EDR_3S_ESCO)
efc7688b 573 hdev->esco_type |= (ESCO_2EV5 | ESCO_3EV5);
a9de9248 574}
1da177e4 575
971e3a4b 576static void hci_cc_read_local_ext_features(struct hci_dev *hdev,
807deac2 577 struct sk_buff *skb)
971e3a4b
AG		 578{
579 struct hci_rp_read_local_ext_features *rp = (void *) skb->data;
580
9f1db00c 581 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
971e3a4b
AG		 582
583 if (rp->status)
42c6b129 584 return;
971e3a4b 585
57af75a8
MH		 586 if (hdev->max_page < rp->max_page)
587 hdev->max_page = rp->max_page;
d2c5d77f 588
cad718ed
JH		 589 if (rp->page < HCI_MAX_PAGES)
590 memcpy(hdev->features[rp->page], rp->features, 8);
971e3a4b
AG		 591}
592
1e89cffb 593static void hci_cc_read_flow_control_mode(struct hci_dev *hdev,
807deac2 594 struct sk_buff *skb)
1e89cffb
AE		 595{
596 struct hci_rp_read_flow_control_mode *rp = (void *) skb->data;
597
9f1db00c 598 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1e89cffb 599
42c6b129
JH		 600 if (!rp->status)
601 hdev->flow_ctl_mode = rp->mode;
1e89cffb
AE		 602}
603
a9de9248
MH		 604static void hci_cc_read_buffer_size(struct hci_dev *hdev, struct sk_buff *skb)
605{
606 struct hci_rp_read_buffer_size *rp = (void *) skb->data;
1da177e4 607
9f1db00c 608 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1da177e4 609
a9de9248
MH		 610 if (rp->status)
611 return;
1da177e4 612
a9de9248
MH		 613 hdev->acl_mtu = __le16_to_cpu(rp->acl_mtu);
614 hdev->sco_mtu = rp->sco_mtu;
615 hdev->acl_pkts = __le16_to_cpu(rp->acl_max_pkt);
616 hdev->sco_pkts = __le16_to_cpu(rp->sco_max_pkt);
617
618 if (test_bit(HCI_QUIRK_FIXUP_BUFFER_SIZE, &hdev->quirks)) {
619 hdev->sco_mtu = 64;
620 hdev->sco_pkts = 8;
1da177e4 621 }
a9de9248
MH		 622
623 hdev->acl_cnt = hdev->acl_pkts;
624 hdev->sco_cnt = hdev->sco_pkts;
625
807deac2
GP		 626 BT_DBG("%s acl mtu %d:%d sco mtu %d:%d", hdev->name, hdev->acl_mtu,
627 hdev->acl_pkts, hdev->sco_mtu, hdev->sco_pkts);
a9de9248
MH		 628}
629
630static void hci_cc_read_bd_addr(struct hci_dev *hdev, struct sk_buff *skb)
631{
632 struct hci_rp_read_bd_addr *rp = (void *) skb->data;
633
9f1db00c 634 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
a9de9248
MH		 635
636 if (!rp->status)
637 bacpy(&hdev->bdaddr, &rp->bdaddr);
23bb5763
JH		 638}
639
f332ec66
JH		 640static void hci_cc_read_page_scan_activity(struct hci_dev *hdev,
641 struct sk_buff *skb)
642{
643 struct hci_rp_read_page_scan_activity *rp = (void *) skb->data;
644
645 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
646
647 if (test_bit(HCI_INIT, &hdev->flags) && !rp->status) {
648 hdev->page_scan_interval = __le16_to_cpu(rp->interval);
649 hdev->page_scan_window = __le16_to_cpu(rp->window);
650 }
651}
652
4a3ee763
JH		 653static void hci_cc_write_page_scan_activity(struct hci_dev *hdev,
654 struct sk_buff *skb)
655{
656 u8 status = *((u8 *) skb->data);
657 struct hci_cp_write_page_scan_activity *sent;
658
659 BT_DBG("%s status 0x%2.2x", hdev->name, status);
660
661 if (status)
662 return;
663
664 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY);
665 if (!sent)
666 return;
667
668 hdev->page_scan_interval = __le16_to_cpu(sent->interval);
669 hdev->page_scan_window = __le16_to_cpu(sent->window);
670}
671
f332ec66
JH		 672static void hci_cc_read_page_scan_type(struct hci_dev *hdev,
673 struct sk_buff *skb)
674{
675 struct hci_rp_read_page_scan_type *rp = (void *) skb->data;
676
677 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
678
679 if (test_bit(HCI_INIT, &hdev->flags) && !rp->status)
680 hdev->page_scan_type = rp->type;
681}
682
4a3ee763
JH		 683static void hci_cc_write_page_scan_type(struct hci_dev *hdev,
684 struct sk_buff *skb)
685{
686 u8 status = *((u8 *) skb->data);
687 u8 *type;
688
689 BT_DBG("%s status 0x%2.2x", hdev->name, status);
690
691 if (status)
692 return;
693
694 type = hci_sent_cmd_data(hdev, HCI_OP_WRITE_PAGE_SCAN_TYPE);
695 if (type)
696 hdev->page_scan_type = *type;
697}
698
350ee4cf 699static void hci_cc_read_data_block_size(struct hci_dev *hdev,
807deac2 700 struct sk_buff *skb)
350ee4cf
AE		 701{
702 struct hci_rp_read_data_block_size *rp = (void *) skb->data;
703
9f1db00c 704 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
350ee4cf
AE		 705
706 if (rp->status)
707 return;
708
709 hdev->block_mtu = __le16_to_cpu(rp->max_acl_len);
710 hdev->block_len = __le16_to_cpu(rp->block_len);
711 hdev->num_blocks = __le16_to_cpu(rp->num_blocks);
712
713 hdev->block_cnt = hdev->num_blocks;
714
715 BT_DBG("%s blk mtu %d cnt %d len %d", hdev->name, hdev->block_mtu,
807deac2 716 hdev->block_cnt, hdev->block_len);
350ee4cf
AE		 717}
718
928abaa7 719static void hci_cc_read_local_amp_info(struct hci_dev *hdev,
807deac2 720 struct sk_buff *skb)
928abaa7
AE		 721{
722 struct hci_rp_read_local_amp_info *rp = (void *) skb->data;
723
9f1db00c 724 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
928abaa7
AE		 725
726 if (rp->status)
8e2a0d92 727 goto a2mp_rsp;
928abaa7
AE		 728
729 hdev->amp_status = rp->amp_status;
730 hdev->amp_total_bw = __le32_to_cpu(rp->total_bw);
731 hdev->amp_max_bw = __le32_to_cpu(rp->max_bw);
732 hdev->amp_min_latency = __le32_to_cpu(rp->min_latency);
733 hdev->amp_max_pdu = __le32_to_cpu(rp->max_pdu);
734 hdev->amp_type = rp->amp_type;
735 hdev->amp_pal_cap = __le16_to_cpu(rp->pal_cap);
736 hdev->amp_assoc_size = __le16_to_cpu(rp->max_assoc_size);
737 hdev->amp_be_flush_to = __le32_to_cpu(rp->be_flush_to);
738 hdev->amp_max_flush_to = __le32_to_cpu(rp->max_flush_to);
739
8e2a0d92
AE		 740a2mp_rsp:
741 a2mp_send_getinfo_rsp(hdev);
928abaa7
AE		 742}
743
903e4541
AE		 744static void hci_cc_read_local_amp_assoc(struct hci_dev *hdev,
745 struct sk_buff *skb)
746{
747 struct hci_rp_read_local_amp_assoc *rp = (void *) skb->data;
748 struct amp_assoc *assoc = &hdev->loc_assoc;
749 size_t rem_len, frag_len;
750
751 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
752
753 if (rp->status)
754 goto a2mp_rsp;
755
756 frag_len = skb->len - sizeof(*rp);
757 rem_len = __le16_to_cpu(rp->rem_len);
758
759 if (rem_len > frag_len) {
2e430be3 760 BT_DBG("frag_len %zu rem_len %zu", frag_len, rem_len);
903e4541
AE		 761
762 memcpy(assoc->data + assoc->offset, rp->frag, frag_len);
763 assoc->offset += frag_len;
764
765 /* Read other fragments */
766 amp_read_loc_assoc_frag(hdev, rp->phy_handle);
767
768 return;
769 }
770
771 memcpy(assoc->data + assoc->offset, rp->frag, rem_len);
772 assoc->len = assoc->offset + rem_len;
773 assoc->offset = 0;
774
775a2mp_rsp:
776 /* Send A2MP Rsp when all fragments are received */
777 a2mp_send_getampassoc_rsp(hdev, rp->status);
9495b2ee 778 a2mp_send_create_phy_link_req(hdev, rp->status);
903e4541
AE		 779}
780
d5859e22 781static void hci_cc_read_inq_rsp_tx_power(struct hci_dev *hdev,
807deac2 782 struct sk_buff *skb)
d5859e22 783{
91c4e9b1 784 struct hci_rp_read_inq_rsp_tx_power *rp = (void *) skb->data;
d5859e22 785
9f1db00c 786 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
91c4e9b1
MH		 787
788 if (!rp->status)
789 hdev->inq_tx_power = rp->tx_power;
d5859e22
JH		 790}
791
980e1a53
JH		 792static void hci_cc_pin_code_reply(struct hci_dev *hdev, struct sk_buff *skb)
793{
794 struct hci_rp_pin_code_reply *rp = (void *) skb->data;
795 struct hci_cp_pin_code_reply *cp;
796 struct hci_conn *conn;
797
9f1db00c 798 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
980e1a53 799
56e5cb86
JH		 800 hci_dev_lock(hdev);
801
a8b2d5c2 802 if (test_bit(HCI_MGMT, &hdev->dev_flags))
744cf19e 803 mgmt_pin_code_reply_complete(hdev, &rp->bdaddr, rp->status);
980e1a53 804
fa1bd918 805 if (rp->status)
56e5cb86 806 goto unlock;
980e1a53
JH		 807
808 cp = hci_sent_cmd_data(hdev, HCI_OP_PIN_CODE_REPLY);
809 if (!cp)
56e5cb86 810 goto unlock;
980e1a53
JH		 811
812 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
813 if (conn)
814 conn->pin_length = cp->pin_len;
56e5cb86
JH		 815
816unlock:
817 hci_dev_unlock(hdev);
980e1a53
JH		 818}
819
820static void hci_cc_pin_code_neg_reply(struct hci_dev *hdev, struct sk_buff *skb)
821{
822 struct hci_rp_pin_code_neg_reply *rp = (void *) skb->data;
823
9f1db00c 824 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
980e1a53 825
56e5cb86
JH		 826 hci_dev_lock(hdev);
827
a8b2d5c2 828 if (test_bit(HCI_MGMT, &hdev->dev_flags))
744cf19e 829 mgmt_pin_code_neg_reply_complete(hdev, &rp->bdaddr,
807deac2 830 rp->status);
56e5cb86
JH		 831
832 hci_dev_unlock(hdev);
980e1a53 833}
56e5cb86 834
6ed58ec5
VT		 835static void hci_cc_le_read_buffer_size(struct hci_dev *hdev,
836 struct sk_buff *skb)
837{
838 struct hci_rp_le_read_buffer_size *rp = (void *) skb->data;
839
9f1db00c 840 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
6ed58ec5
VT		 841
842 if (rp->status)
843 return;
844
845 hdev->le_mtu = __le16_to_cpu(rp->le_mtu);
846 hdev->le_pkts = rp->le_max_pkt;
847
848 hdev->le_cnt = hdev->le_pkts;
849
850 BT_DBG("%s le mtu %d:%d", hdev->name, hdev->le_mtu, hdev->le_pkts);
6ed58ec5 851}
980e1a53 852
60e77321
JH		 853static void hci_cc_le_read_local_features(struct hci_dev *hdev,
854 struct sk_buff *skb)
855{
856 struct hci_rp_le_read_local_features *rp = (void *) skb->data;
857
858 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
859
860 if (!rp->status)
861 memcpy(hdev->le_features, rp->features, 8);
60e77321
JH		 862}
863
8fa19098
JH		 864static void hci_cc_le_read_adv_tx_power(struct hci_dev *hdev,
865 struct sk_buff *skb)
866{
867 struct hci_rp_le_read_adv_tx_power *rp = (void *) skb->data;
868
869 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
870
04b4edcb 871 if (!rp->status)
8fa19098 872 hdev->adv_tx_power = rp->tx_power;
8fa19098
JH		 873}
874
a5c29683
JH		 875static void hci_cc_user_confirm_reply(struct hci_dev *hdev, struct sk_buff *skb)
876{
877 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
878
9f1db00c 879 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
a5c29683 880
56e5cb86
JH		 881 hci_dev_lock(hdev);
882
a8b2d5c2 883 if (test_bit(HCI_MGMT, &hdev->dev_flags))
04124681
GP		 884 mgmt_user_confirm_reply_complete(hdev, &rp->bdaddr, ACL_LINK, 0,
885 rp->status);
56e5cb86
JH		 886
887 hci_dev_unlock(hdev);
a5c29683
JH		 888}
889
890static void hci_cc_user_confirm_neg_reply(struct hci_dev *hdev,
807deac2 891 struct sk_buff *skb)
a5c29683
JH		 892{
893 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
894
9f1db00c 895 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
a5c29683 896
56e5cb86
JH		 897 hci_dev_lock(hdev);
898
a8b2d5c2 899 if (test_bit(HCI_MGMT, &hdev->dev_flags))
744cf19e 900 mgmt_user_confirm_neg_reply_complete(hdev, &rp->bdaddr,
04124681 901 ACL_LINK, 0, rp->status);
56e5cb86
JH		 902
903 hci_dev_unlock(hdev);
a5c29683
JH		 904}
905
1143d458
BG		 906static void hci_cc_user_passkey_reply(struct hci_dev *hdev, struct sk_buff *skb)
907{
908 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
909
9f1db00c 910 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1143d458
BG		 911
912 hci_dev_lock(hdev);
913
a8b2d5c2 914 if (test_bit(HCI_MGMT, &hdev->dev_flags))
272d90df 915 mgmt_user_passkey_reply_complete(hdev, &rp->bdaddr, ACL_LINK,
04124681 916 0, rp->status);
1143d458
BG		 917
918 hci_dev_unlock(hdev);
919}
920
921static void hci_cc_user_passkey_neg_reply(struct hci_dev *hdev,
807deac2 922 struct sk_buff *skb)
1143d458
BG		 923{
924 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
925
9f1db00c 926 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1143d458
BG		 927
928 hci_dev_lock(hdev);
929
a8b2d5c2 930 if (test_bit(HCI_MGMT, &hdev->dev_flags))
1143d458 931 mgmt_user_passkey_neg_reply_complete(hdev, &rp->bdaddr,
04124681 932 ACL_LINK, 0, rp->status);
1143d458
BG		 933
934 hci_dev_unlock(hdev);
935}
936
4d2d2796
MH		 937static void hci_cc_read_local_oob_data(struct hci_dev *hdev,
938 struct sk_buff *skb)
c35938b2
SJ		 939{
940 struct hci_rp_read_local_oob_data *rp = (void *) skb->data;
941
9f1db00c 942 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
c35938b2 943
56e5cb86 944 hci_dev_lock(hdev);
4d2d2796
MH		 945 mgmt_read_local_oob_data_complete(hdev, rp->hash, rp->randomizer,
946 NULL, NULL, rp->status);
947 hci_dev_unlock(hdev);
948}
949
950static void hci_cc_read_local_oob_ext_data(struct hci_dev *hdev,
951 struct sk_buff *skb)
952{
953 struct hci_rp_read_local_oob_ext_data *rp = (void *) skb->data;
954
955 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
956
957 hci_dev_lock(hdev);
958 mgmt_read_local_oob_data_complete(hdev, rp->hash192, rp->randomizer192,
959 rp->hash256, rp->randomizer256,
960 rp->status);
56e5cb86 961 hci_dev_unlock(hdev);
c35938b2
SJ		 962}
963
7a4cd51d
MH		 964
965static void hci_cc_le_set_random_addr(struct hci_dev *hdev, struct sk_buff *skb)
966{
967 __u8 status = *((__u8 *) skb->data);
968 bdaddr_t *sent;
969
970 BT_DBG("%s status 0x%2.2x", hdev->name, status);
971
972 sent = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_RANDOM_ADDR);
973 if (!sent)
974 return;
975
976 hci_dev_lock(hdev);
977
978 if (!status)
979 bacpy(&hdev->random_addr, sent);
980
981 hci_dev_unlock(hdev);
982}
983
c1d5dc4a
JH		 984static void hci_cc_le_set_adv_enable(struct hci_dev *hdev, struct sk_buff *skb)
985{
986 __u8 *sent, status = *((__u8 *) skb->data);
987
988 BT_DBG("%s status 0x%2.2x", hdev->name, status);
989
990 sent = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_ADV_ENABLE);
991 if (!sent)
992 return;
993
994 hci_dev_lock(hdev);
995
778b235a
JH		 996 if (!status)
997 mgmt_advertising(hdev, *sent);
c1d5dc4a 998
04b4edcb 999 hci_dev_unlock(hdev);
c1d5dc4a
JH		 1000}
1001
533553f8
MH		 1002static void hci_cc_le_set_scan_param(struct hci_dev *hdev, struct sk_buff *skb)
1003{
1004 struct hci_cp_le_set_scan_param *cp;
1005 __u8 status = *((__u8 *) skb->data);
1006
1007 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1008
1009 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_SCAN_PARAM);
1010 if (!cp)
1011 return;
1012
1013 hci_dev_lock(hdev);
1014
1015 if (!status)
1016 hdev->le_scan_type = cp->type;
1017
1018 hci_dev_unlock(hdev);
1019}
1020
eb9d91f5 1021static void hci_cc_le_set_scan_enable(struct hci_dev *hdev,
807deac2 1022 struct sk_buff *skb)
eb9d91f5
AG		 1023{
1024 struct hci_cp_le_set_scan_enable *cp;
1025 __u8 status = *((__u8 *) skb->data);
1026
9f1db00c 1027 BT_DBG("%s status 0x%2.2x", hdev->name, status);
eb9d91f5 1028
eb9d91f5
AG		 1029 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_SCAN_ENABLE);
1030 if (!cp)
1031 return;
1032
3fd319b8
AG		 1033 if (status)
1034 return;
1035
68a8aea4 1036 switch (cp->enable) {
76a388be 1037 case LE_SCAN_ENABLE:
d23264a8 1038 set_bit(HCI_LE_SCAN, &hdev->dev_flags);
68a8aea4
AE		 1039 break;
1040
76a388be 1041 case LE_SCAN_DISABLE:
317ac8cb
JH		 1042 /* Cancel this timer so that we don't try to disable scanning
1043 * when it's already disabled.
1044 */
1045 cancel_delayed_work(&hdev->le_scan_disable);
1046
d23264a8 1047 clear_bit(HCI_LE_SCAN, &hdev->dev_flags);
81ad6fd9
JH		 1048 /* The HCI_LE_SCAN_INTERRUPTED flag indicates that we
1049 * interrupted scanning due to a connect request. Mark
1050 * therefore discovery as stopped.
1051 */
1052 if (test_and_clear_bit(HCI_LE_SCAN_INTERRUPTED,
1053 &hdev->dev_flags))
1054 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
68a8aea4
AE		 1055 break;
1056
1057 default:
1058 BT_ERR("Used reserved LE_Scan_Enable param %d", cp->enable);
1059 break;
35815085 1060 }
eb9d91f5
AG		 1061}
1062
cf1d081f
JH		 1063static void hci_cc_le_read_white_list_size(struct hci_dev *hdev,
1064 struct sk_buff *skb)
1065{
1066 struct hci_rp_le_read_white_list_size *rp = (void *) skb->data;
1067
1068 BT_DBG("%s status 0x%2.2x size %u", hdev->name, rp->status, rp->size);
1069
1070 if (!rp->status)
1071 hdev->le_white_list_size = rp->size;
cf1d081f
JH		 1072}
1073
0f36b589
MH		 1074static void hci_cc_le_clear_white_list(struct hci_dev *hdev,
1075 struct sk_buff *skb)
1076{
1077 __u8 status = *((__u8 *) skb->data);
1078
1079 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1080
1081 if (!status)
1082 hci_white_list_clear(hdev);
1083}
1084
1085static void hci_cc_le_add_to_white_list(struct hci_dev *hdev,
1086 struct sk_buff *skb)
1087{
1088 struct hci_cp_le_add_to_white_list *sent;
1089 __u8 status = *((__u8 *) skb->data);
1090
1091 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1092
1093 sent = hci_sent_cmd_data(hdev, HCI_OP_LE_ADD_TO_WHITE_LIST);
1094 if (!sent)
1095 return;
1096
1097 if (!status)
1098 hci_white_list_add(hdev, &sent->bdaddr, sent->bdaddr_type);
1099}
1100
1101static void hci_cc_le_del_from_white_list(struct hci_dev *hdev,
1102 struct sk_buff *skb)
1103{
1104 struct hci_cp_le_del_from_white_list *sent;
1105 __u8 status = *((__u8 *) skb->data);
1106
1107 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1108
1109 sent = hci_sent_cmd_data(hdev, HCI_OP_LE_DEL_FROM_WHITE_LIST);
1110 if (!sent)
1111 return;
1112
1113 if (!status)
1114 hci_white_list_del(hdev, &sent->bdaddr, sent->bdaddr_type);
1115}
1116
9b008c04
JH		 1117static void hci_cc_le_read_supported_states(struct hci_dev *hdev,
1118 struct sk_buff *skb)
1119{
1120 struct hci_rp_le_read_supported_states *rp = (void *) skb->data;
1121
1122 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1123
1124 if (!rp->status)
1125 memcpy(hdev->le_states, rp->le_states, 8);
9b008c04
JH		 1126}
1127
6039aa73
GP		 1128static void hci_cc_write_le_host_supported(struct hci_dev *hdev,
1129 struct sk_buff *skb)
f9b49306 1130{
06199cf8 1131 struct hci_cp_write_le_host_supported *sent;
f9b49306
AG		 1132 __u8 status = *((__u8 *) skb->data);
1133
9f1db00c 1134 BT_DBG("%s status 0x%2.2x", hdev->name, status);
f9b49306 1135
06199cf8 1136 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED);
8f984dfa 1137 if (!sent)
f9b49306
AG		 1138 return;
1139
8f984dfa 1140 if (!status) {
416a4ae5 1141 if (sent->le) {
cad718ed 1142 hdev->features[1][0] |= LMP_HOST_LE;
416a4ae5
JH		 1143 set_bit(HCI_LE_ENABLED, &hdev->dev_flags);
1144 } else {
cad718ed 1145 hdev->features[1][0] &= ~LMP_HOST_LE;
416a4ae5 1146 clear_bit(HCI_LE_ENABLED, &hdev->dev_flags);
f3d3444a 1147 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
416a4ae5 1148 }
53b2caab
JH		 1149
1150 if (sent->simul)
cad718ed 1151 hdev->features[1][0] |= LMP_HOST_LE_BREDR;
53b2caab 1152 else
cad718ed 1153 hdev->features[1][0] &= ~LMP_HOST_LE_BREDR;
8f984dfa 1154 }
f9b49306
AG		 1155}
1156
56ed2cb8
JH		 1157static void hci_cc_set_adv_param(struct hci_dev *hdev, struct sk_buff *skb)
1158{
1159 struct hci_cp_le_set_adv_param *cp;
1160 u8 status = *((u8 *) skb->data);
1161
1162 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1163
1164 if (status)
1165 return;
1166
1167 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_ADV_PARAM);
1168 if (!cp)
1169 return;
1170
1171 hci_dev_lock(hdev);
1172 hdev->adv_addr_type = cp->own_address_type;
1173 hci_dev_unlock(hdev);
1174}
1175
93c284ee
AE		 1176static void hci_cc_write_remote_amp_assoc(struct hci_dev *hdev,
1177 struct sk_buff *skb)
1178{
1179 struct hci_rp_write_remote_amp_assoc *rp = (void *) skb->data;
1180
1181 BT_DBG("%s status 0x%2.2x phy_handle 0x%2.2x",
1182 hdev->name, rp->status, rp->phy_handle);
1183
1184 if (rp->status)
1185 return;
1186
1187 amp_write_rem_assoc_continue(hdev, rp->phy_handle);
1188}
1189
6039aa73 1190static void hci_cs_inquiry(struct hci_dev *hdev, __u8 status)
a9de9248 1191{
9f1db00c 1192 BT_DBG("%s status 0x%2.2x", hdev->name, status);
a9de9248
MH		 1193
1194 if (status) {
a9de9248 1195 hci_conn_check_pending(hdev);
314b2381
JH		 1196 return;
1197 }
1198
89352e7d 1199 set_bit(HCI_INQUIRY, &hdev->flags);
1da177e4
LT		 1200}
1201
6039aa73 1202static void hci_cs_create_conn(struct hci_dev *hdev, __u8 status)
1da177e4 1203{
a9de9248 1204 struct hci_cp_create_conn *cp;
1da177e4 1205 struct hci_conn *conn;
1da177e4 1206
9f1db00c 1207 BT_DBG("%s status 0x%2.2x", hdev->name, status);
a9de9248
MH		 1208
1209 cp = hci_sent_cmd_data(hdev, HCI_OP_CREATE_CONN);
1da177e4
LT		 1210 if (!cp)
1211 return;
1212
1213 hci_dev_lock(hdev);
1214
1215 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1216
6ed93dc6 1217 BT_DBG("%s bdaddr %pMR hcon %p", hdev->name, &cp->bdaddr, conn);
1da177e4
LT		 1218
1219 if (status) {
1220 if (conn && conn->state == BT_CONNECT) {
4c67bc74
MH		 1221 if (status != 0x0c || conn->attempt > 2) {
1222 conn->state = BT_CLOSED;
1223 hci_proto_connect_cfm(conn, status);
1224 hci_conn_del(conn);
1225 } else
1226 conn->state = BT_CONNECT2;
1da177e4
LT		 1227 }
1228 } else {
1229 if (!conn) {
1230 conn = hci_conn_add(hdev, ACL_LINK, &cp->bdaddr);
1231 if (conn) {
a0c808b3 1232 conn->out = true;
1da177e4
LT		 1233 conn->link_mode |= HCI_LM_MASTER;
1234 } else
893ef971 1235 BT_ERR("No memory for new connection");
1da177e4
LT		 1236 }
1237 }
1238
1239 hci_dev_unlock(hdev);
1240}
1241
a9de9248 1242static void hci_cs_add_sco(struct hci_dev *hdev, __u8 status)
1da177e4 1243{
a9de9248
MH		 1244 struct hci_cp_add_sco *cp;
1245 struct hci_conn *acl, *sco;
1246 __u16 handle;
1da177e4 1247
9f1db00c 1248 BT_DBG("%s status 0x%2.2x", hdev->name, status);
b6a0dc82 1249
a9de9248
MH		 1250 if (!status)
1251 return;
1da177e4 1252
a9de9248
MH		 1253 cp = hci_sent_cmd_data(hdev, HCI_OP_ADD_SCO);
1254 if (!cp)
1255 return;
1da177e4 1256
a9de9248 1257 handle = __le16_to_cpu(cp->handle);
1da177e4 1258
9f1db00c 1259 BT_DBG("%s handle 0x%4.4x", hdev->name, handle);
1da177e4 1260
a9de9248 1261 hci_dev_lock(hdev);
1da177e4 1262
a9de9248 1263 acl = hci_conn_hash_lookup_handle(hdev, handle);
5a08ecce
AE		 1264 if (acl) {
1265 sco = acl->link;
1266 if (sco) {
1267 sco->state = BT_CLOSED;
1da177e4 1268
5a08ecce
AE		 1269 hci_proto_connect_cfm(sco, status);
1270 hci_conn_del(sco);
1271 }
a9de9248 1272 }
1da177e4 1273
a9de9248
MH		 1274 hci_dev_unlock(hdev);
1275}
1da177e4 1276
f8558555
MH		 1277static void hci_cs_auth_requested(struct hci_dev *hdev, __u8 status)
1278{
1279 struct hci_cp_auth_requested *cp;
1280 struct hci_conn *conn;
1281
9f1db00c 1282 BT_DBG("%s status 0x%2.2x", hdev->name, status);
f8558555
MH		 1283
1284 if (!status)
1285 return;
1286
1287 cp = hci_sent_cmd_data(hdev, HCI_OP_AUTH_REQUESTED);
1288 if (!cp)
1289 return;
1290
1291 hci_dev_lock(hdev);
1292
1293 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1294 if (conn) {
1295 if (conn->state == BT_CONFIG) {
1296 hci_proto_connect_cfm(conn, status);
76a68ba0 1297 hci_conn_drop(conn);
f8558555
MH		 1298 }
1299 }
1300
1301 hci_dev_unlock(hdev);
1302}
1303
1304static void hci_cs_set_conn_encrypt(struct hci_dev *hdev, __u8 status)
1305{
1306 struct hci_cp_set_conn_encrypt *cp;
1307 struct hci_conn *conn;
1308
9f1db00c 1309 BT_DBG("%s status 0x%2.2x", hdev->name, status);
f8558555
MH		 1310
1311 if (!status)
1312 return;
1313
1314 cp = hci_sent_cmd_data(hdev, HCI_OP_SET_CONN_ENCRYPT);
1315 if (!cp)
1316 return;
1317
1318 hci_dev_lock(hdev);
1319
1320 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1321 if (conn) {
1322 if (conn->state == BT_CONFIG) {
1323 hci_proto_connect_cfm(conn, status);
76a68ba0 1324 hci_conn_drop(conn);
f8558555
MH		 1325 }
1326 }
1327
1328 hci_dev_unlock(hdev);
1329}
1330
127178d2 1331static int hci_outgoing_auth_needed(struct hci_dev *hdev,
807deac2 1332 struct hci_conn *conn)
392599b9 1333{
392599b9
JH		 1334 if (conn->state != BT_CONFIG || !conn->out)
1335 return 0;
1336
765c2a96 1337 if (conn->pending_sec_level == BT_SECURITY_SDP)
392599b9
JH		 1338 return 0;
1339
1340 /* Only request authentication for SSP connections or non-SSP
264b8b4e
JH		 1341 * devices with sec_level MEDIUM or HIGH or if MITM protection
1342 * is requested.
1343 */
807deac2 1344 if (!hci_conn_ssp_enabled(conn) && !(conn->auth_type & 0x01) &&
264b8b4e
JH		 1345 conn->pending_sec_level != BT_SECURITY_HIGH &&
1346 conn->pending_sec_level != BT_SECURITY_MEDIUM)
392599b9
JH		 1347 return 0;
1348
392599b9
JH		 1349 return 1;
1350}
1351
6039aa73 1352static int hci_resolve_name(struct hci_dev *hdev,
04124681 1353 struct inquiry_entry *e)
30dc78e1
JH		 1354{
1355 struct hci_cp_remote_name_req cp;
1356
1357 memset(&cp, 0, sizeof(cp));
1358
1359 bacpy(&cp.bdaddr, &e->data.bdaddr);
1360 cp.pscan_rep_mode = e->data.pscan_rep_mode;
1361 cp.pscan_mode = e->data.pscan_mode;
1362 cp.clock_offset = e->data.clock_offset;
1363
1364 return hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
1365}
1366
b644ba33 1367static bool hci_resolve_next_name(struct hci_dev *hdev)
30dc78e1
JH		 1368{
1369 struct discovery_state *discov = &hdev->discovery;
1370 struct inquiry_entry *e;
1371
b644ba33
JH		 1372 if (list_empty(&discov->resolve))
1373 return false;
1374
1375 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_NEEDED);
c810089c
RM		 1376 if (!e)
1377 return false;
1378
b644ba33
JH		 1379 if (hci_resolve_name(hdev, e) == 0) {
1380 e->name_state = NAME_PENDING;
1381 return true;
1382 }
1383
1384 return false;
1385}
1386
1387static void hci_check_pending_name(struct hci_dev *hdev, struct hci_conn *conn,
04124681 1388 bdaddr_t *bdaddr, u8 *name, u8 name_len)
b644ba33
JH		 1389{
1390 struct discovery_state *discov = &hdev->discovery;
1391 struct inquiry_entry *e;
1392
1393 if (conn && !test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
04124681
GP		 1394 mgmt_device_connected(hdev, bdaddr, ACL_LINK, 0x00, 0, name,
1395 name_len, conn->dev_class);
b644ba33
JH		 1396
1397 if (discov->state == DISCOVERY_STOPPED)
1398 return;
1399
30dc78e1
JH		 1400 if (discov->state == DISCOVERY_STOPPING)
1401 goto discov_complete;
1402
1403 if (discov->state != DISCOVERY_RESOLVING)
1404 return;
1405
1406 e = hci_inquiry_cache_lookup_resolve(hdev, bdaddr, NAME_PENDING);
7cc8380e
RM		 1407 /* If the device was not found in a list of found devices names of which
1408 * are pending. there is no need to continue resolving a next name as it
1409 * will be done upon receiving another Remote Name Request Complete
1410 * Event */
1411 if (!e)
1412 return;
1413
1414 list_del(&e->list);
1415 if (name) {
30dc78e1 1416 e->name_state = NAME_KNOWN;
7cc8380e
RM		 1417 mgmt_remote_name(hdev, bdaddr, ACL_LINK, 0x00,
1418 e->data.rssi, name, name_len);
c3e7c0d9
RM		 1419 } else {
1420 e->name_state = NAME_NOT_KNOWN;
30dc78e1
JH		 1421 }
1422
b644ba33 1423 if (hci_resolve_next_name(hdev))
30dc78e1 1424 return;
30dc78e1
JH		 1425
1426discov_complete:
1427 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1428}
1429
a9de9248
MH		 1430static void hci_cs_remote_name_req(struct hci_dev *hdev, __u8 status)
1431{
127178d2
JH		 1432 struct hci_cp_remote_name_req *cp;
1433 struct hci_conn *conn;
1434
9f1db00c 1435 BT_DBG("%s status 0x%2.2x", hdev->name, status);
127178d2
JH		 1436
1437 /* If successful wait for the name req complete event before
1438 * checking for the need to do authentication */
1439 if (!status)
1440 return;
1441
1442 cp = hci_sent_cmd_data(hdev, HCI_OP_REMOTE_NAME_REQ);
1443 if (!cp)
1444 return;
1445
1446 hci_dev_lock(hdev);
1447
b644ba33
JH		 1448 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1449
a8b2d5c2 1450 if (test_bit(HCI_MGMT, &hdev->dev_flags))
b644ba33 1451 hci_check_pending_name(hdev, conn, &cp->bdaddr, NULL, 0);
30dc78e1 1452
79c6c70c
JH		 1453 if (!conn)
1454 goto unlock;
1455
1456 if (!hci_outgoing_auth_needed(hdev, conn))
1457 goto unlock;
1458
51a8efd7 1459 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
c1f23a2b
JB		 1460 struct hci_cp_auth_requested auth_cp;
1461
1462 auth_cp.handle = __cpu_to_le16(conn->handle);
1463 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED,
1464 sizeof(auth_cp), &auth_cp);
127178d2
JH		 1465 }
1466
79c6c70c 1467unlock:
127178d2 1468 hci_dev_unlock(hdev);
a9de9248 1469}
1da177e4 1470
769be974
MH		 1471static void hci_cs_read_remote_features(struct hci_dev *hdev, __u8 status)
1472{
1473 struct hci_cp_read_remote_features *cp;
1474 struct hci_conn *conn;
1475
9f1db00c 1476 BT_DBG("%s status 0x%2.2x", hdev->name, status);
769be974
MH		 1477
1478 if (!status)
1479 return;
1480
1481 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_FEATURES);
1482 if (!cp)
1483 return;
1484
1485 hci_dev_lock(hdev);
1486
1487 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1488 if (conn) {
1489 if (conn->state == BT_CONFIG) {
769be974 1490 hci_proto_connect_cfm(conn, status);
76a68ba0 1491 hci_conn_drop(conn);
769be974
MH		 1492 }
1493 }
1494
1495 hci_dev_unlock(hdev);
1496}
1497
1498static void hci_cs_read_remote_ext_features(struct hci_dev *hdev, __u8 status)
1499{
1500 struct hci_cp_read_remote_ext_features *cp;
1501 struct hci_conn *conn;
1502
9f1db00c 1503 BT_DBG("%s status 0x%2.2x", hdev->name, status);
769be974
MH		 1504
1505 if (!status)
1506 return;
1507
1508 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES);
1509 if (!cp)
1510 return;
1511
1512 hci_dev_lock(hdev);
1513
1514 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1515 if (conn) {
1516 if (conn->state == BT_CONFIG) {
769be974 1517 hci_proto_connect_cfm(conn, status);
76a68ba0 1518 hci_conn_drop(conn);
769be974
MH		 1519 }
1520 }
1521
1522 hci_dev_unlock(hdev);
1523}
1524
a9de9248
MH		 1525static void hci_cs_setup_sync_conn(struct hci_dev *hdev, __u8 status)
1526{
b6a0dc82
MH		 1527 struct hci_cp_setup_sync_conn *cp;
1528 struct hci_conn *acl, *sco;
1529 __u16 handle;
1530
9f1db00c 1531 BT_DBG("%s status 0x%2.2x", hdev->name, status);
b6a0dc82
MH		 1532
1533 if (!status)
1534 return;
1535
1536 cp = hci_sent_cmd_data(hdev, HCI_OP_SETUP_SYNC_CONN);
1537 if (!cp)
1538 return;
1539
1540 handle = __le16_to_cpu(cp->handle);
1541
9f1db00c 1542 BT_DBG("%s handle 0x%4.4x", hdev->name, handle);
b6a0dc82
MH		 1543
1544 hci_dev_lock(hdev);
1545
1546 acl = hci_conn_hash_lookup_handle(hdev, handle);
5a08ecce
AE		 1547 if (acl) {
1548 sco = acl->link;
1549 if (sco) {
1550 sco->state = BT_CLOSED;
b6a0dc82 1551
5a08ecce
AE		 1552 hci_proto_connect_cfm(sco, status);
1553 hci_conn_del(sco);
1554 }
b6a0dc82
MH		 1555 }
1556
1557 hci_dev_unlock(hdev);
1da177e4
LT		 1558}
1559
a9de9248 1560static void hci_cs_sniff_mode(struct hci_dev *hdev, __u8 status)
1da177e4 1561{
a9de9248
MH		 1562 struct hci_cp_sniff_mode *cp;
1563 struct hci_conn *conn;
1da177e4 1564
9f1db00c 1565 BT_DBG("%s status 0x%2.2x", hdev->name, status);
04837f64 1566
a9de9248
MH		 1567 if (!status)
1568 return;
04837f64 1569
a9de9248
MH		 1570 cp = hci_sent_cmd_data(hdev, HCI_OP_SNIFF_MODE);
1571 if (!cp)
1572 return;
04837f64 1573
a9de9248 1574 hci_dev_lock(hdev);
04837f64 1575
a9de9248 1576 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
e73439d8 1577 if (conn) {
51a8efd7 1578 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags);
04837f64 1579
51a8efd7 1580 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
e73439d8
MH		 1581 hci_sco_setup(conn, status);
1582 }
1583
a9de9248
MH		 1584 hci_dev_unlock(hdev);
1585}
04837f64 1586
a9de9248
MH		 1587static void hci_cs_exit_sniff_mode(struct hci_dev *hdev, __u8 status)
1588{
1589 struct hci_cp_exit_sniff_mode *cp;
1590 struct hci_conn *conn;
04837f64 1591
9f1db00c 1592 BT_DBG("%s status 0x%2.2x", hdev->name, status);
04837f64 1593
a9de9248
MH		 1594 if (!status)
1595 return;
04837f64 1596
a9de9248
MH		 1597 cp = hci_sent_cmd_data(hdev, HCI_OP_EXIT_SNIFF_MODE);
1598 if (!cp)
1599 return;
04837f64 1600
a9de9248 1601 hci_dev_lock(hdev);
1da177e4 1602
a9de9248 1603 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
e73439d8 1604 if (conn) {
51a8efd7 1605 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags);
1da177e4 1606
51a8efd7 1607 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
e73439d8
MH		 1608 hci_sco_setup(conn, status);
1609 }
1610
a9de9248 1611 hci_dev_unlock(hdev);
1da177e4
LT		 1612}
1613
88c3df13
JH		 1614static void hci_cs_disconnect(struct hci_dev *hdev, u8 status)
1615{
1616 struct hci_cp_disconnect *cp;
1617 struct hci_conn *conn;
1618
1619 if (!status)
1620 return;
1621
1622 cp = hci_sent_cmd_data(hdev, HCI_OP_DISCONNECT);
1623 if (!cp)
1624 return;
1625
1626 hci_dev_lock(hdev);
1627
1628 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1629 if (conn)
1630 mgmt_disconnect_failed(hdev, &conn->dst, conn->type,
04124681 1631 conn->dst_type, status);
88c3df13
JH		 1632
1633 hci_dev_unlock(hdev);
1634}
1635
a02226d6
AE		 1636static void hci_cs_create_phylink(struct hci_dev *hdev, u8 status)
1637{
93c284ee
AE		 1638 struct hci_cp_create_phy_link *cp;
1639
a02226d6 1640 BT_DBG("%s status 0x%2.2x", hdev->name, status);
93c284ee 1641
93c284ee
AE		 1642 cp = hci_sent_cmd_data(hdev, HCI_OP_CREATE_PHY_LINK);
1643 if (!cp)
1644 return;
1645
e58917b9
AE		 1646 hci_dev_lock(hdev);
1647
1648 if (status) {
1649 struct hci_conn *hcon;
1650
1651 hcon = hci_conn_hash_lookup_handle(hdev, cp->phy_handle);
1652 if (hcon)
1653 hci_conn_del(hcon);
1654 } else {
1655 amp_write_remote_assoc(hdev, cp->phy_handle);
1656 }
1657
1658 hci_dev_unlock(hdev);
a02226d6
AE		 1659}
1660
0b26ab9d
AE		 1661static void hci_cs_accept_phylink(struct hci_dev *hdev, u8 status)
1662{
1663 struct hci_cp_accept_phy_link *cp;
1664
1665 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1666
1667 if (status)
1668 return;
1669
1670 cp = hci_sent_cmd_data(hdev, HCI_OP_ACCEPT_PHY_LINK);
1671 if (!cp)
1672 return;
1673
1674 amp_write_remote_assoc(hdev, cp->phy_handle);
1675}
1676
cb1d68f7
JH		 1677static void hci_cs_le_create_conn(struct hci_dev *hdev, u8 status)
1678{
1679 struct hci_cp_le_create_conn *cp;
1680 struct hci_conn *conn;
1681
1682 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1683
1684 /* All connection failure handling is taken care of by the
1685 * hci_le_conn_failed function which is triggered by the HCI
1686 * request completion callbacks used for connecting.
1687 */
1688 if (status)
1689 return;
1690
1691 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_CREATE_CONN);
1692 if (!cp)
1693 return;
1694
1695 hci_dev_lock(hdev);
1696
1697 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->peer_addr);
1698 if (!conn)
1699 goto unlock;
1700
1701 /* Store the initiator and responder address information which
1702 * is needed for SMP. These values will not change during the
1703 * lifetime of the connection.
1704 */
1705 conn->init_addr_type = cp->own_address_type;
1706 if (cp->own_address_type == ADDR_LE_DEV_RANDOM)
1707 bacpy(&conn->init_addr, &hdev->random_addr);
1708 else
1709 bacpy(&conn->init_addr, &hdev->bdaddr);
1710
1711 conn->resp_addr_type = cp->peer_addr_type;
1712 bacpy(&conn->resp_addr, &cp->peer_addr);
1713
9489eca4
JH		 1714 /* We don't want the connection attempt to stick around
1715 * indefinitely since LE doesn't have a page timeout concept
1716 * like BR/EDR. Set a timer for any connection that doesn't use
1717 * the white list for connecting.
1718 */
1719 if (cp->filter_policy == HCI_LE_USE_PEER_ADDR)
1720 queue_delayed_work(conn->hdev->workqueue,
1721 &conn->le_conn_timeout,
1722 HCI_LE_CONN_TIMEOUT);
1723
cb1d68f7
JH		 1724unlock:
1725 hci_dev_unlock(hdev);
1726}
1727
81d0c8ad
JH		 1728static void hci_cs_le_start_enc(struct hci_dev *hdev, u8 status)
1729{
1730 struct hci_cp_le_start_enc *cp;
1731 struct hci_conn *conn;
1732
1733 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1734
1735 if (!status)
1736 return;
1737
1738 hci_dev_lock(hdev);
1739
1740 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_START_ENC);
1741 if (!cp)
1742 goto unlock;
1743
1744 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1745 if (!conn)
1746 goto unlock;
1747
1748 if (conn->state != BT_CONNECTED)
1749 goto unlock;
1750
1751 hci_disconnect(conn, HCI_ERROR_AUTH_FAILURE);
1752 hci_conn_drop(conn);
1753
1754unlock:
1755 hci_dev_unlock(hdev);
1756}
1757
6039aa73 1758static void hci_inquiry_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4
LT		 1759{
1760 __u8 status = *((__u8 *) skb->data);
30dc78e1
JH		 1761 struct discovery_state *discov = &hdev->discovery;
1762 struct inquiry_entry *e;
1da177e4 1763
9f1db00c 1764 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1da177e4 1765
a9de9248 1766 hci_conn_check_pending(hdev);
89352e7d
AG		 1767
1768 if (!test_and_clear_bit(HCI_INQUIRY, &hdev->flags))
1769 return;
1770
4e857c58 1771 smp_mb__after_atomic(); /* wake_up_bit advises about this barrier */
3e13fa1e
AG		 1772 wake_up_bit(&hdev->flags, HCI_INQUIRY);
1773
a8b2d5c2 1774 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
30dc78e1
JH		 1775 return;
1776
56e5cb86 1777 hci_dev_lock(hdev);
30dc78e1 1778
343f935b 1779 if (discov->state != DISCOVERY_FINDING)
30dc78e1
JH		 1780 goto unlock;
1781
1782 if (list_empty(&discov->resolve)) {
1783 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1784 goto unlock;
1785 }
1786
1787 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_NEEDED);
1788 if (e && hci_resolve_name(hdev, e) == 0) {
1789 e->name_state = NAME_PENDING;
1790 hci_discovery_set_state(hdev, DISCOVERY_RESOLVING);
1791 } else {
1792 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1793 }
1794
1795unlock:
56e5cb86 1796 hci_dev_unlock(hdev);
1da177e4
LT		 1797}
1798
6039aa73 1799static void hci_inquiry_result_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 1800{
45bb4bf0 1801 struct inquiry_data data;
a9de9248 1802 struct inquiry_info *info = (void *) (skb->data + 1);
1da177e4
LT		 1803 int num_rsp = *((__u8 *) skb->data);
1804
1805 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
1806
45bb4bf0
MH		 1807 if (!num_rsp)
1808 return;
1809
1519cc17
AG		 1810 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags))
1811 return;
1812
1da177e4 1813 hci_dev_lock(hdev);
45bb4bf0 1814
e17acd40 1815 for (; num_rsp; num_rsp--, info++) {
388fc8fa 1816 bool name_known, ssp;
3175405b 1817
1da177e4
LT		 1818 bacpy(&data.bdaddr, &info->bdaddr);
1819 data.pscan_rep_mode = info->pscan_rep_mode;
1820 data.pscan_period_mode = info->pscan_period_mode;
1821 data.pscan_mode = info->pscan_mode;
1822 memcpy(data.dev_class, info->dev_class, 3);
1823 data.clock_offset = info->clock_offset;
1824 data.rssi = 0x00;
41a96212 1825 data.ssp_mode = 0x00;
3175405b 1826
388fc8fa 1827 name_known = hci_inquiry_cache_update(hdev, &data, false, &ssp);
48264f06 1828 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
04124681
GP		 1829 info->dev_class, 0, !name_known, ssp, NULL,
1830 0);
1da177e4 1831 }
45bb4bf0 1832
1da177e4
LT		 1833 hci_dev_unlock(hdev);
1834}
1835
6039aa73 1836static void hci_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 1837{
a9de9248
MH		 1838 struct hci_ev_conn_complete *ev = (void *) skb->data;
1839 struct hci_conn *conn;
1da177e4
LT		 1840
1841 BT_DBG("%s", hdev->name);
1842
1843 hci_dev_lock(hdev);
1844
1845 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
9499237a
MH		 1846 if (!conn) {
1847 if (ev->link_type != SCO_LINK)
1848 goto unlock;
1849
1850 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
1851 if (!conn)
1852 goto unlock;
1853
1854 conn->type = SCO_LINK;
1855 }
1da177e4
LT		 1856
1857 if (!ev->status) {
1858 conn->handle = __le16_to_cpu(ev->handle);
769be974
MH		 1859
1860 if (conn->type == ACL_LINK) {
1861 conn->state = BT_CONFIG;
1862 hci_conn_hold(conn);
a9ea3ed9
SJ		 1863
1864 if (!conn->out && !hci_conn_ssp_enabled(conn) &&
1865 !hci_find_link_key(hdev, &ev->bdaddr))
1866 conn->disc_timeout = HCI_PAIRING_TIMEOUT;
1867 else
1868 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
769be974
MH		 1869 } else
1870 conn->state = BT_CONNECTED;
1da177e4 1871
7d0db0a3
MH		 1872 hci_conn_add_sysfs(conn);
1873
1da177e4
LT		 1874 if (test_bit(HCI_AUTH, &hdev->flags))
1875 conn->link_mode |= HCI_LM_AUTH;
1876
1877 if (test_bit(HCI_ENCRYPT, &hdev->flags))
1878 conn->link_mode |= HCI_LM_ENCRYPT;
1879
04837f64
MH		 1880 /* Get remote features */
1881 if (conn->type == ACL_LINK) {
1882 struct hci_cp_read_remote_features cp;
1883 cp.handle = ev->handle;
769be974 1884 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_FEATURES,
04124681 1885 sizeof(cp), &cp);
04837f64
MH		 1886 }
1887
1da177e4 1888 /* Set packet type for incoming connection */
d095c1eb 1889 if (!conn->out && hdev->hci_ver < BLUETOOTH_VER_2_0) {
1da177e4
LT		 1890 struct hci_cp_change_conn_ptype cp;
1891 cp.handle = ev->handle;
a8746417 1892 cp.pkt_type = cpu_to_le16(conn->pkt_type);
04124681
GP		 1893 hci_send_cmd(hdev, HCI_OP_CHANGE_CONN_PTYPE, sizeof(cp),
1894 &cp);
1da177e4 1895 }
17d5c04c 1896 } else {
1da177e4 1897 conn->state = BT_CLOSED;
17d5c04c 1898 if (conn->type == ACL_LINK)
64c7b77c 1899 mgmt_connect_failed(hdev, &conn->dst, conn->type,
04124681 1900 conn->dst_type, ev->status);
17d5c04c 1901 }
1da177e4 1902
e73439d8
MH		 1903 if (conn->type == ACL_LINK)
1904 hci_sco_setup(conn, ev->status);
1da177e4 1905
769be974
MH		 1906 if (ev->status) {
1907 hci_proto_connect_cfm(conn, ev->status);
1da177e4 1908 hci_conn_del(conn);
c89b6e6b
MH		 1909 } else if (ev->link_type != ACL_LINK)
1910 hci_proto_connect_cfm(conn, ev->status);
1da177e4 1911
a9de9248 1912unlock:
1da177e4 1913 hci_dev_unlock(hdev);
1da177e4 1914
a9de9248 1915 hci_conn_check_pending(hdev);
1da177e4
LT		 1916}
1917
6039aa73 1918static void hci_conn_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 1919{
a9de9248
MH		 1920 struct hci_ev_conn_request *ev = (void *) skb->data;
1921 int mask = hdev->link_mode;
20714bfe 1922 __u8 flags = 0;
1da177e4 1923
6ed93dc6 1924 BT_DBG("%s bdaddr %pMR type 0x%x", hdev->name, &ev->bdaddr,
807deac2 1925 ev->link_type);
1da177e4 1926
20714bfe
FD		 1927 mask |= hci_proto_connect_ind(hdev, &ev->bdaddr, ev->link_type,
1928 &flags);
1da177e4 1929
138d22ef 1930 if ((mask & HCI_LM_ACCEPT) &&
b9ee0a78 1931 !hci_blacklist_lookup(hdev, &ev->bdaddr, BDADDR_BREDR)) {
a9de9248 1932 /* Connection accepted */
c7bdd502 1933 struct inquiry_entry *ie;
1da177e4 1934 struct hci_conn *conn;
1da177e4 1935
a9de9248 1936 hci_dev_lock(hdev);
b6a0dc82 1937
cc11b9c1
AE		 1938 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
1939 if (ie)
c7bdd502
MH		 1940 memcpy(ie->data.dev_class, ev->dev_class, 3);
1941
8fc9ced3
GP		 1942 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type,
1943 &ev->bdaddr);
a9de9248 1944 if (!conn) {
cc11b9c1
AE		 1945 conn = hci_conn_add(hdev, ev->link_type, &ev->bdaddr);
1946 if (!conn) {
893ef971 1947 BT_ERR("No memory for new connection");
a9de9248
MH		 1948 hci_dev_unlock(hdev);
1949 return;
1da177e4
LT		 1950 }
1951 }
b6a0dc82 1952
a9de9248 1953 memcpy(conn->dev_class, ev->dev_class, 3);
b6a0dc82 1954
a9de9248 1955 hci_dev_unlock(hdev);
1da177e4 1956
20714bfe
FD		 1957 if (ev->link_type == ACL_LINK ||
1958 (!(flags & HCI_PROTO_DEFER) && !lmp_esco_capable(hdev))) {
b6a0dc82 1959 struct hci_cp_accept_conn_req cp;
20714bfe 1960 conn->state = BT_CONNECT;
1da177e4 1961
b6a0dc82
MH		 1962 bacpy(&cp.bdaddr, &ev->bdaddr);
1963
1964 if (lmp_rswitch_capable(hdev) && (mask & HCI_LM_MASTER))
1965 cp.role = 0x00; /* Become master */
1966 else
1967 cp.role = 0x01; /* Remain slave */
1968
04124681
GP		 1969 hci_send_cmd(hdev, HCI_OP_ACCEPT_CONN_REQ, sizeof(cp),
1970 &cp);
20714bfe 1971 } else if (!(flags & HCI_PROTO_DEFER)) {
b6a0dc82 1972 struct hci_cp_accept_sync_conn_req cp;
20714bfe 1973 conn->state = BT_CONNECT;
b6a0dc82
MH		 1974
1975 bacpy(&cp.bdaddr, &ev->bdaddr);
a8746417 1976 cp.pkt_type = cpu_to_le16(conn->pkt_type);
b6a0dc82 1977
dcf4adbf
JP		 1978 cp.tx_bandwidth = cpu_to_le32(0x00001f40);
1979 cp.rx_bandwidth = cpu_to_le32(0x00001f40);
1980 cp.max_latency = cpu_to_le16(0xffff);
b6a0dc82
MH		 1981 cp.content_format = cpu_to_le16(hdev->voice_setting);
1982 cp.retrans_effort = 0xff;
1da177e4 1983
b6a0dc82 1984 hci_send_cmd(hdev, HCI_OP_ACCEPT_SYNC_CONN_REQ,
04124681 1985 sizeof(cp), &cp);
20714bfe
FD		 1986 } else {
1987 conn->state = BT_CONNECT2;
1988 hci_proto_connect_cfm(conn, 0);
b6a0dc82 1989 }
a9de9248
MH		 1990 } else {
1991 /* Connection rejected */
1992 struct hci_cp_reject_conn_req cp;
1da177e4 1993
a9de9248 1994 bacpy(&cp.bdaddr, &ev->bdaddr);
9f5a0d7b 1995 cp.reason = HCI_ERROR_REJ_BAD_ADDR;
a9de9248 1996 hci_send_cmd(hdev, HCI_OP_REJECT_CONN_REQ, sizeof(cp), &cp);
1da177e4 1997 }
1da177e4
LT		 1998}
1999
f0d6a0ea
MA		 2000static u8 hci_to_mgmt_reason(u8 err)
2001{
2002 switch (err) {
2003 case HCI_ERROR_CONNECTION_TIMEOUT:
2004 return MGMT_DEV_DISCONN_TIMEOUT;
2005 case HCI_ERROR_REMOTE_USER_TERM:
2006 case HCI_ERROR_REMOTE_LOW_RESOURCES:
2007 case HCI_ERROR_REMOTE_POWER_OFF:
2008 return MGMT_DEV_DISCONN_REMOTE;
2009 case HCI_ERROR_LOCAL_HOST_TERM:
2010 return MGMT_DEV_DISCONN_LOCAL_HOST;
2011 default:
2012 return MGMT_DEV_DISCONN_UNKNOWN;
2013 }
2014}
2015
6039aa73 2016static void hci_disconn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
04837f64 2017{
a9de9248 2018 struct hci_ev_disconn_complete *ev = (void *) skb->data;
abf54a50 2019 u8 reason = hci_to_mgmt_reason(ev->reason);
9fcb18ef 2020 struct hci_conn_params *params;
04837f64 2021 struct hci_conn *conn;
12d4a3b2 2022 bool mgmt_connected;
3846220b 2023 u8 type;
04837f64 2024
9f1db00c 2025 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
04837f64
MH		 2026
2027 hci_dev_lock(hdev);
2028
2029 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
f7520543
JH		 2030 if (!conn)
2031 goto unlock;
7d0db0a3 2032
abf54a50
AG		 2033 if (ev->status) {
2034 mgmt_disconnect_failed(hdev, &conn->dst, conn->type,
2035 conn->dst_type, ev->status);
2036 goto unlock;
37d9ef76 2037 }
f7520543 2038
3846220b
AG		 2039 conn->state = BT_CLOSED;
2040
12d4a3b2
JH		 2041 mgmt_connected = test_and_clear_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags);
2042 mgmt_device_disconnected(hdev, &conn->dst, conn->type, conn->dst_type,
2043 reason, mgmt_connected);
abf54a50 2044
3846220b
AG		 2045 if (conn->type == ACL_LINK && conn->flush_key)
2046 hci_remove_link_key(hdev, &conn->dst);
2210246c 2047
9fcb18ef
AG		 2048 params = hci_conn_params_lookup(hdev, &conn->dst, conn->dst_type);
2049 if (params) {
2050 switch (params->auto_connect) {
2051 case HCI_AUTO_CONN_LINK_LOSS:
2052 if (ev->reason != HCI_ERROR_CONNECTION_TIMEOUT)
2053 break;
2054 /* Fall through */
2055
2056 case HCI_AUTO_CONN_ALWAYS:
2057 hci_pend_le_conn_add(hdev, &conn->dst, conn->dst_type);
2058 break;
2059
2060 default:
2061 break;
2062 }
2063 }
2064
3846220b 2065 type = conn->type;
2210246c 2066
3846220b
AG		 2067 hci_proto_disconn_cfm(conn, ev->reason);
2068 hci_conn_del(conn);
2069
2070 /* Re-enable advertising if necessary, since it might
2071 * have been disabled by the connection. From the
2072 * HCI_LE_Set_Advertise_Enable command description in
2073 * the core specification (v4.0):
2074 * "The Controller shall continue advertising until the Host
2075 * issues an LE_Set_Advertise_Enable command with
2076 * Advertising_Enable set to 0x00 (Advertising is disabled)
2077 * or until a connection is created or until the Advertising
2078 * is timed out due to Directed Advertising."
2079 */
2080 if (type == LE_LINK)
2081 mgmt_reenable_advertising(hdev);
f7520543
JH		 2082
2083unlock:
04837f64
MH		 2084 hci_dev_unlock(hdev);
2085}
2086
6039aa73 2087static void hci_auth_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 2088{
a9de9248 2089 struct hci_ev_auth_complete *ev = (void *) skb->data;
04837f64 2090 struct hci_conn *conn;
1da177e4 2091
9f1db00c 2092 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
1da177e4
LT		 2093
2094 hci_dev_lock(hdev);
2095
04837f64 2096 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
d7556e20
WR		 2097 if (!conn)
2098 goto unlock;
2099
2100 if (!ev->status) {
aa64a8b5 2101 if (!hci_conn_ssp_enabled(conn) &&
807deac2 2102 test_bit(HCI_CONN_REAUTH_PEND, &conn->flags)) {
d7556e20 2103 BT_INFO("re-auth of legacy device is not possible.");
2a611692 2104 } else {
d7556e20
WR		 2105 conn->link_mode |= HCI_LM_AUTH;
2106 conn->sec_level = conn->pending_sec_level;
2a611692 2107 }
d7556e20 2108 } else {
bab73cb6 2109 mgmt_auth_failed(hdev, &conn->dst, conn->type, conn->dst_type,
04124681 2110 ev->status);
d7556e20 2111 }
1da177e4 2112
51a8efd7
JH		 2113 clear_bit(HCI_CONN_AUTH_PEND, &conn->flags);
2114 clear_bit(HCI_CONN_REAUTH_PEND, &conn->flags);
1da177e4 2115
d7556e20 2116 if (conn->state == BT_CONFIG) {
aa64a8b5 2117 if (!ev->status && hci_conn_ssp_enabled(conn)) {
d7556e20
WR		 2118 struct hci_cp_set_conn_encrypt cp;
2119 cp.handle = ev->handle;
2120 cp.encrypt = 0x01;
2121 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
807deac2 2122 &cp);
052b30b0 2123 } else {
d7556e20
WR		 2124 conn->state = BT_CONNECTED;
2125 hci_proto_connect_cfm(conn, ev->status);
76a68ba0 2126 hci_conn_drop(conn);
052b30b0 2127 }
d7556e20
WR		 2128 } else {
2129 hci_auth_cfm(conn, ev->status);
052b30b0 2130
d7556e20
WR		 2131 hci_conn_hold(conn);
2132 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
76a68ba0 2133 hci_conn_drop(conn);
d7556e20
WR		 2134 }
2135
51a8efd7 2136 if (test_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags)) {
d7556e20
WR		 2137 if (!ev->status) {
2138 struct hci_cp_set_conn_encrypt cp;
2139 cp.handle = ev->handle;
2140 cp.encrypt = 0x01;
2141 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
807deac2 2142 &cp);
d7556e20 2143 } else {
51a8efd7 2144 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
d7556e20 2145 hci_encrypt_cfm(conn, ev->status, 0x00);
1da177e4
LT		 2146 }
2147 }
2148
d7556e20 2149unlock:
1da177e4
LT		 2150 hci_dev_unlock(hdev);
2151}
2152
6039aa73 2153static void hci_remote_name_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 2154{
127178d2
JH		 2155 struct hci_ev_remote_name *ev = (void *) skb->data;
2156 struct hci_conn *conn;
2157
a9de9248 2158 BT_DBG("%s", hdev->name);
1da177e4 2159
a9de9248 2160 hci_conn_check_pending(hdev);
127178d2
JH		 2161
2162 hci_dev_lock(hdev);
2163
b644ba33 2164 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
30dc78e1 2165
b644ba33
JH		 2166 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
2167 goto check_auth;
a88a9652 2168
b644ba33
JH		 2169 if (ev->status == 0)
2170 hci_check_pending_name(hdev, conn, &ev->bdaddr, ev->name,
04124681 2171 strnlen(ev->name, HCI_MAX_NAME_LENGTH));
b644ba33
JH		 2172 else
2173 hci_check_pending_name(hdev, conn, &ev->bdaddr, NULL, 0);
2174
2175check_auth:
79c6c70c
JH		 2176 if (!conn)
2177 goto unlock;
2178
2179 if (!hci_outgoing_auth_needed(hdev, conn))
2180 goto unlock;
2181
51a8efd7 2182 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
127178d2
JH		 2183 struct hci_cp_auth_requested cp;
2184 cp.handle = __cpu_to_le16(conn->handle);
2185 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp);
2186 }
2187
79c6c70c 2188unlock:
127178d2 2189 hci_dev_unlock(hdev);
a9de9248
MH		 2190}
2191
6039aa73 2192static void hci_encrypt_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248
MH		 2193{
2194 struct hci_ev_encrypt_change *ev = (void *) skb->data;
2195 struct hci_conn *conn;
2196
9f1db00c 2197 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
1da177e4
LT		 2198
2199 hci_dev_lock(hdev);
2200
04837f64 2201 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
dc8357cc
MH		 2202 if (!conn)
2203 goto unlock;
1da177e4 2204
dc8357cc
MH		 2205 if (!ev->status) {
2206 if (ev->encrypt) {
2207 /* Encryption implies authentication */
2208 conn->link_mode |= HCI_LM_AUTH;
2209 conn->link_mode |= HCI_LM_ENCRYPT;
2210 conn->sec_level = conn->pending_sec_level;
abf76bad 2211
914a6ffe
MH		 2212 /* P-256 authentication key implies FIPS */
2213 if (conn->key_type == HCI_LK_AUTH_COMBINATION_P256)
2214 conn->link_mode |= HCI_LM_FIPS;
2215
abf76bad
MH		 2216 if ((conn->type == ACL_LINK && ev->encrypt == 0x02) ||
2217 conn->type == LE_LINK)
2218 set_bit(HCI_CONN_AES_CCM, &conn->flags);
2219 } else {
dc8357cc 2220 conn->link_mode &= ~HCI_LM_ENCRYPT;
abf76bad
MH		 2221 clear_bit(HCI_CONN_AES_CCM, &conn->flags);
2222 }
dc8357cc 2223 }
a7d7723a 2224
dc8357cc 2225 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
f8558555 2226
dc8357cc
MH		 2227 if (ev->status && conn->state == BT_CONNECTED) {
2228 hci_disconnect(conn, HCI_ERROR_AUTH_FAILURE);
2229 hci_conn_drop(conn);
2230 goto unlock;
1da177e4
LT		 2231 }
2232
dc8357cc
MH		 2233 if (conn->state == BT_CONFIG) {
2234 if (!ev->status)
2235 conn->state = BT_CONNECTED;
2236
40b552aa
MH		 2237 /* In Secure Connections Only mode, do not allow any
2238 * connections that are not encrypted with AES-CCM
2239 * using a P-256 authenticated combination key.
2240 */
2241 if (test_bit(HCI_SC_ONLY, &hdev->dev_flags) &&
2242 (!test_bit(HCI_CONN_AES_CCM, &conn->flags) ||
2243 conn->key_type != HCI_LK_AUTH_COMBINATION_P256)) {
2244 hci_proto_connect_cfm(conn, HCI_ERROR_AUTH_FAILURE);
2245 hci_conn_drop(conn);
2246 goto unlock;
2247 }
2248
dc8357cc
MH		 2249 hci_proto_connect_cfm(conn, ev->status);
2250 hci_conn_drop(conn);
2251 } else
2252 hci_encrypt_cfm(conn, ev->status, ev->encrypt);
2253
a7d7723a 2254unlock:
1da177e4
LT		 2255 hci_dev_unlock(hdev);
2256}
2257
6039aa73
GP		 2258static void hci_change_link_key_complete_evt(struct hci_dev *hdev,
2259 struct sk_buff *skb)
1da177e4 2260{
a9de9248 2261 struct hci_ev_change_link_key_complete *ev = (void *) skb->data;
04837f64 2262 struct hci_conn *conn;
1da177e4 2263
9f1db00c 2264 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
1da177e4
LT		 2265
2266 hci_dev_lock(hdev);
2267
04837f64 2268 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1da177e4
LT		 2269 if (conn) {
2270 if (!ev->status)
2271 conn->link_mode |= HCI_LM_SECURE;
2272
51a8efd7 2273 clear_bit(HCI_CONN_AUTH_PEND, &conn->flags);
1da177e4
LT		 2274
2275 hci_key_change_cfm(conn, ev->status);
2276 }
2277
2278 hci_dev_unlock(hdev);
2279}
2280
6039aa73
GP		 2281static void hci_remote_features_evt(struct hci_dev *hdev,
2282 struct sk_buff *skb)
1da177e4 2283{
a9de9248
MH		 2284 struct hci_ev_remote_features *ev = (void *) skb->data;
2285 struct hci_conn *conn;
2286
9f1db00c 2287 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
a9de9248 2288
a9de9248
MH		 2289 hci_dev_lock(hdev);
2290
2291 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
ccd556fe
JH		 2292 if (!conn)
2293 goto unlock;
769be974 2294
ccd556fe 2295 if (!ev->status)
cad718ed 2296 memcpy(conn->features[0], ev->features, 8);
ccd556fe
JH		 2297
2298 if (conn->state != BT_CONFIG)
2299 goto unlock;
2300
2301 if (!ev->status && lmp_ssp_capable(hdev) && lmp_ssp_capable(conn)) {
2302 struct hci_cp_read_remote_ext_features cp;
2303 cp.handle = ev->handle;
2304 cp.page = 0x01;
2305 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES,
807deac2 2306 sizeof(cp), &cp);
392599b9
JH		 2307 goto unlock;
2308 }
2309
671267bf 2310 if (!ev->status && !test_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags)) {
127178d2
JH		 2311 struct hci_cp_remote_name_req cp;
2312 memset(&cp, 0, sizeof(cp));
2313 bacpy(&cp.bdaddr, &conn->dst);
2314 cp.pscan_rep_mode = 0x02;
2315 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
b644ba33
JH		 2316 } else if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
2317 mgmt_device_connected(hdev, &conn->dst, conn->type,
04124681
GP		 2318 conn->dst_type, 0, NULL, 0,
2319 conn->dev_class);
392599b9 2320
127178d2 2321 if (!hci_outgoing_auth_needed(hdev, conn)) {
ccd556fe
JH		 2322 conn->state = BT_CONNECTED;
2323 hci_proto_connect_cfm(conn, ev->status);
76a68ba0 2324 hci_conn_drop(conn);
769be974 2325 }
a9de9248 2326
ccd556fe 2327unlock:
a9de9248 2328 hci_dev_unlock(hdev);
1da177e4
LT		 2329}
2330
6039aa73 2331static void hci_cmd_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248
MH		 2332{
2333 struct hci_ev_cmd_complete *ev = (void *) skb->data;
9238f36a 2334 u8 status = skb->data[sizeof(*ev)];
a9de9248
MH		 2335 __u16 opcode;
2336
2337 skb_pull(skb, sizeof(*ev));
2338
2339 opcode = __le16_to_cpu(ev->opcode);
2340
2341 switch (opcode) {
2342 case HCI_OP_INQUIRY_CANCEL:
2343 hci_cc_inquiry_cancel(hdev, skb);
2344 break;
2345
4d93483b
AG		 2346 case HCI_OP_PERIODIC_INQ:
2347 hci_cc_periodic_inq(hdev, skb);
2348 break;
2349
a9de9248
MH		 2350 case HCI_OP_EXIT_PERIODIC_INQ:
2351 hci_cc_exit_periodic_inq(hdev, skb);
2352 break;
2353
2354 case HCI_OP_REMOTE_NAME_REQ_CANCEL:
2355 hci_cc_remote_name_req_cancel(hdev, skb);
2356 break;
2357
2358 case HCI_OP_ROLE_DISCOVERY:
2359 hci_cc_role_discovery(hdev, skb);
2360 break;
2361
e4e8e37c
MH		 2362 case HCI_OP_READ_LINK_POLICY:
2363 hci_cc_read_link_policy(hdev, skb);
2364 break;
2365
a9de9248
MH		 2366 case HCI_OP_WRITE_LINK_POLICY:
2367 hci_cc_write_link_policy(hdev, skb);
2368 break;
2369
e4e8e37c
MH		 2370 case HCI_OP_READ_DEF_LINK_POLICY:
2371 hci_cc_read_def_link_policy(hdev, skb);
2372 break;
2373
2374 case HCI_OP_WRITE_DEF_LINK_POLICY:
2375 hci_cc_write_def_link_policy(hdev, skb);
2376 break;
2377
a9de9248
MH		 2378 case HCI_OP_RESET:
2379 hci_cc_reset(hdev, skb);
2380 break;
2381
2382 case HCI_OP_WRITE_LOCAL_NAME:
2383 hci_cc_write_local_name(hdev, skb);
2384 break;
2385
2386 case HCI_OP_READ_LOCAL_NAME:
2387 hci_cc_read_local_name(hdev, skb);
2388 break;
2389
2390 case HCI_OP_WRITE_AUTH_ENABLE:
2391 hci_cc_write_auth_enable(hdev, skb);
2392 break;
2393
2394 case HCI_OP_WRITE_ENCRYPT_MODE:
2395 hci_cc_write_encrypt_mode(hdev, skb);
2396 break;
2397
2398 case HCI_OP_WRITE_SCAN_ENABLE:
2399 hci_cc_write_scan_enable(hdev, skb);
2400 break;
2401
2402 case HCI_OP_READ_CLASS_OF_DEV:
2403 hci_cc_read_class_of_dev(hdev, skb);
2404 break;
2405
2406 case HCI_OP_WRITE_CLASS_OF_DEV:
2407 hci_cc_write_class_of_dev(hdev, skb);
2408 break;
2409
2410 case HCI_OP_READ_VOICE_SETTING:
2411 hci_cc_read_voice_setting(hdev, skb);
2412 break;
2413
2414 case HCI_OP_WRITE_VOICE_SETTING:
2415 hci_cc_write_voice_setting(hdev, skb);
2416 break;
2417
b4cb9fb2
MH		 2418 case HCI_OP_READ_NUM_SUPPORTED_IAC:
2419 hci_cc_read_num_supported_iac(hdev, skb);
2420 break;
2421
333140b5
MH		 2422 case HCI_OP_WRITE_SSP_MODE:
2423 hci_cc_write_ssp_mode(hdev, skb);
2424 break;
2425
eac83dc6
MH		 2426 case HCI_OP_WRITE_SC_SUPPORT:
2427 hci_cc_write_sc_support(hdev, skb);
2428 break;
2429
a9de9248
MH		 2430 case HCI_OP_READ_LOCAL_VERSION:
2431 hci_cc_read_local_version(hdev, skb);
2432 break;
2433
2434 case HCI_OP_READ_LOCAL_COMMANDS:
2435 hci_cc_read_local_commands(hdev, skb);
2436 break;
2437
2438 case HCI_OP_READ_LOCAL_FEATURES:
2439 hci_cc_read_local_features(hdev, skb);
2440 break;
2441
971e3a4b
AG		 2442 case HCI_OP_READ_LOCAL_EXT_FEATURES:
2443 hci_cc_read_local_ext_features(hdev, skb);
2444 break;
2445
a9de9248
MH		 2446 case HCI_OP_READ_BUFFER_SIZE:
2447 hci_cc_read_buffer_size(hdev, skb);
2448 break;
2449
2450 case HCI_OP_READ_BD_ADDR:
2451 hci_cc_read_bd_addr(hdev, skb);
2452 break;
2453
f332ec66
JH		 2454 case HCI_OP_READ_PAGE_SCAN_ACTIVITY:
2455 hci_cc_read_page_scan_activity(hdev, skb);
2456 break;
2457
4a3ee763
JH		 2458 case HCI_OP_WRITE_PAGE_SCAN_ACTIVITY:
2459 hci_cc_write_page_scan_activity(hdev, skb);
2460 break;
2461
f332ec66
JH		 2462 case HCI_OP_READ_PAGE_SCAN_TYPE:
2463 hci_cc_read_page_scan_type(hdev, skb);
2464 break;
2465
4a3ee763
JH		 2466 case HCI_OP_WRITE_PAGE_SCAN_TYPE:
2467 hci_cc_write_page_scan_type(hdev, skb);
2468 break;
2469
350ee4cf
AE		 2470 case HCI_OP_READ_DATA_BLOCK_SIZE:
2471 hci_cc_read_data_block_size(hdev, skb);
2472 break;
2473
1e89cffb
AE		 2474 case HCI_OP_READ_FLOW_CONTROL_MODE:
2475 hci_cc_read_flow_control_mode(hdev, skb);
2476 break;
2477
928abaa7
AE		 2478 case HCI_OP_READ_LOCAL_AMP_INFO:
2479 hci_cc_read_local_amp_info(hdev, skb);
2480 break;
2481
903e4541
AE		 2482 case HCI_OP_READ_LOCAL_AMP_ASSOC:
2483 hci_cc_read_local_amp_assoc(hdev, skb);
2484 break;
2485
d5859e22
JH		 2486 case HCI_OP_READ_INQ_RSP_TX_POWER:
2487 hci_cc_read_inq_rsp_tx_power(hdev, skb);
2488 break;
2489
980e1a53
JH		 2490 case HCI_OP_PIN_CODE_REPLY:
2491 hci_cc_pin_code_reply(hdev, skb);
2492 break;
2493
2494 case HCI_OP_PIN_CODE_NEG_REPLY:
2495 hci_cc_pin_code_neg_reply(hdev, skb);
2496 break;
2497
c35938b2 2498 case HCI_OP_READ_LOCAL_OOB_DATA:
4d2d2796
MH		 2499 hci_cc_read_local_oob_data(hdev, skb);
2500 break;
2501
2502 case HCI_OP_READ_LOCAL_OOB_EXT_DATA:
2503 hci_cc_read_local_oob_ext_data(hdev, skb);
c35938b2
SJ		 2504 break;
2505
6ed58ec5
VT		 2506 case HCI_OP_LE_READ_BUFFER_SIZE:
2507 hci_cc_le_read_buffer_size(hdev, skb);
2508 break;
2509
60e77321
JH		 2510 case HCI_OP_LE_READ_LOCAL_FEATURES:
2511 hci_cc_le_read_local_features(hdev, skb);
2512 break;
2513
8fa19098
JH		 2514 case HCI_OP_LE_READ_ADV_TX_POWER:
2515 hci_cc_le_read_adv_tx_power(hdev, skb);
2516 break;
2517
a5c29683
JH		 2518 case HCI_OP_USER_CONFIRM_REPLY:
2519 hci_cc_user_confirm_reply(hdev, skb);
2520 break;
2521
2522 case HCI_OP_USER_CONFIRM_NEG_REPLY:
2523 hci_cc_user_confirm_neg_reply(hdev, skb);
2524 break;
2525
1143d458
BG		 2526 case HCI_OP_USER_PASSKEY_REPLY:
2527 hci_cc_user_passkey_reply(hdev, skb);
2528 break;
2529
2530 case HCI_OP_USER_PASSKEY_NEG_REPLY:
2531 hci_cc_user_passkey_neg_reply(hdev, skb);
16cde993 2532 break;
07f7fa5d 2533
7a4cd51d
MH		 2534 case HCI_OP_LE_SET_RANDOM_ADDR:
2535 hci_cc_le_set_random_addr(hdev, skb);
2536 break;
2537
c1d5dc4a
JH		 2538 case HCI_OP_LE_SET_ADV_ENABLE:
2539 hci_cc_le_set_adv_enable(hdev, skb);
2540 break;
2541
533553f8
MH		 2542 case HCI_OP_LE_SET_SCAN_PARAM:
2543 hci_cc_le_set_scan_param(hdev, skb);
2544 break;
2545
eb9d91f5
AG		 2546 case HCI_OP_LE_SET_SCAN_ENABLE:
2547 hci_cc_le_set_scan_enable(hdev, skb);
2548 break;
2549
cf1d081f
JH		 2550 case HCI_OP_LE_READ_WHITE_LIST_SIZE:
2551 hci_cc_le_read_white_list_size(hdev, skb);
2552 break;
2553
0f36b589
MH		 2554 case HCI_OP_LE_CLEAR_WHITE_LIST:
2555 hci_cc_le_clear_white_list(hdev, skb);
2556 break;
2557
2558 case HCI_OP_LE_ADD_TO_WHITE_LIST:
2559 hci_cc_le_add_to_white_list(hdev, skb);
2560 break;
2561
2562 case HCI_OP_LE_DEL_FROM_WHITE_LIST:
2563 hci_cc_le_del_from_white_list(hdev, skb);
2564 break;
2565
9b008c04
JH		 2566 case HCI_OP_LE_READ_SUPPORTED_STATES:
2567 hci_cc_le_read_supported_states(hdev, skb);
2568 break;
2569
f9b49306
AG		 2570 case HCI_OP_WRITE_LE_HOST_SUPPORTED:
2571 hci_cc_write_le_host_supported(hdev, skb);
2572 break;
2573
56ed2cb8
JH		 2574 case HCI_OP_LE_SET_ADV_PARAM:
2575 hci_cc_set_adv_param(hdev, skb);
2576 break;
2577
93c284ee
AE		 2578 case HCI_OP_WRITE_REMOTE_AMP_ASSOC:
2579 hci_cc_write_remote_amp_assoc(hdev, skb);
2580 break;
2581
a9de9248 2582 default:
9f1db00c 2583 BT_DBG("%s opcode 0x%4.4x", hdev->name, opcode);
a9de9248
MH		 2584 break;
2585 }
2586
ad82cdd1 2587 if (opcode != HCI_OP_NOP)
6bd32326
VT		 2588 del_timer(&hdev->cmd_timer);
2589
ad82cdd1 2590 hci_req_cmd_complete(hdev, opcode, status);
9238f36a 2591
dbccd791 2592 if (ev->ncmd && !test_bit(HCI_RESET, &hdev->flags)) {
a9de9248
MH		 2593 atomic_set(&hdev->cmd_cnt, 1);
2594 if (!skb_queue_empty(&hdev->cmd_q))
c347b765 2595 queue_work(hdev->workqueue, &hdev->cmd_work);
a9de9248
MH		 2596 }
2597}
2598
6039aa73 2599static void hci_cmd_status_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248
MH		 2600{
2601 struct hci_ev_cmd_status *ev = (void *) skb->data;
2602 __u16 opcode;
2603
2604 skb_pull(skb, sizeof(*ev));
2605
2606 opcode = __le16_to_cpu(ev->opcode);
2607
2608 switch (opcode) {
2609 case HCI_OP_INQUIRY:
2610 hci_cs_inquiry(hdev, ev->status);
2611 break;
2612
2613 case HCI_OP_CREATE_CONN:
2614 hci_cs_create_conn(hdev, ev->status);
2615 break;
2616
2617 case HCI_OP_ADD_SCO:
2618 hci_cs_add_sco(hdev, ev->status);
2619 break;
2620
f8558555
MH		 2621 case HCI_OP_AUTH_REQUESTED:
2622 hci_cs_auth_requested(hdev, ev->status);
2623 break;
2624
2625 case HCI_OP_SET_CONN_ENCRYPT:
2626 hci_cs_set_conn_encrypt(hdev, ev->status);
2627 break;
2628
a9de9248
MH		 2629 case HCI_OP_REMOTE_NAME_REQ:
2630 hci_cs_remote_name_req(hdev, ev->status);
2631 break;
2632
769be974
MH		 2633 case HCI_OP_READ_REMOTE_FEATURES:
2634 hci_cs_read_remote_features(hdev, ev->status);
2635 break;
2636
2637 case HCI_OP_READ_REMOTE_EXT_FEATURES:
2638 hci_cs_read_remote_ext_features(hdev, ev->status);
2639 break;
2640
a9de9248
MH		 2641 case HCI_OP_SETUP_SYNC_CONN:
2642 hci_cs_setup_sync_conn(hdev, ev->status);
2643 break;
2644
2645 case HCI_OP_SNIFF_MODE:
2646 hci_cs_sniff_mode(hdev, ev->status);
2647 break;
2648
2649 case HCI_OP_EXIT_SNIFF_MODE:
2650 hci_cs_exit_sniff_mode(hdev, ev->status);
2651 break;
2652
8962ee74 2653 case HCI_OP_DISCONNECT:
88c3df13 2654 hci_cs_disconnect(hdev, ev->status);
8962ee74
JH		 2655 break;
2656
a02226d6
AE		 2657 case HCI_OP_CREATE_PHY_LINK:
2658 hci_cs_create_phylink(hdev, ev->status);
2659 break;
2660
0b26ab9d
AE		 2661 case HCI_OP_ACCEPT_PHY_LINK:
2662 hci_cs_accept_phylink(hdev, ev->status);
2663 break;
2664
cb1d68f7
JH		 2665 case HCI_OP_LE_CREATE_CONN:
2666 hci_cs_le_create_conn(hdev, ev->status);
2667 break;
2668
81d0c8ad
JH		 2669 case HCI_OP_LE_START_ENC:
2670 hci_cs_le_start_enc(hdev, ev->status);
2671 break;
2672
a9de9248 2673 default:
9f1db00c 2674 BT_DBG("%s opcode 0x%4.4x", hdev->name, opcode);
a9de9248
MH		 2675 break;
2676 }
2677
ad82cdd1 2678 if (opcode != HCI_OP_NOP)
6bd32326
VT		 2679 del_timer(&hdev->cmd_timer);
2680
02350a72
JH		 2681 if (ev->status ||
2682 (hdev->sent_cmd && !bt_cb(hdev->sent_cmd)->req.event))
2683 hci_req_cmd_complete(hdev, opcode, ev->status);
9238f36a 2684
10572132 2685 if (ev->ncmd && !test_bit(HCI_RESET, &hdev->flags)) {
a9de9248
MH		 2686 atomic_set(&hdev->cmd_cnt, 1);
2687 if (!skb_queue_empty(&hdev->cmd_q))
c347b765 2688 queue_work(hdev->workqueue, &hdev->cmd_work);
a9de9248
MH		 2689 }
2690}
2691
6039aa73 2692static void hci_role_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248
MH		 2693{
2694 struct hci_ev_role_change *ev = (void *) skb->data;
2695 struct hci_conn *conn;
2696
9f1db00c 2697 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
a9de9248
MH		 2698
2699 hci_dev_lock(hdev);
2700
2701 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2702 if (conn) {
2703 if (!ev->status) {
2704 if (ev->role)
2705 conn->link_mode &= ~HCI_LM_MASTER;
2706 else
2707 conn->link_mode |= HCI_LM_MASTER;
2708 }
2709
51a8efd7 2710 clear_bit(HCI_CONN_RSWITCH_PEND, &conn->flags);
a9de9248
MH		 2711
2712 hci_role_switch_cfm(conn, ev->status, ev->role);
2713 }
2714
2715 hci_dev_unlock(hdev);
2716}
2717
6039aa73 2718static void hci_num_comp_pkts_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248
MH		 2719{
2720 struct hci_ev_num_comp_pkts *ev = (void *) skb->data;
a9de9248
MH		 2721 int i;
2722
32ac5b9b
AE		 2723 if (hdev->flow_ctl_mode != HCI_FLOW_CTL_MODE_PACKET_BASED) {
2724 BT_ERR("Wrong event for mode %d", hdev->flow_ctl_mode);
2725 return;
2726 }
2727
c5993de8 2728 if (skb->len < sizeof(*ev) || skb->len < sizeof(*ev) +
807deac2 2729 ev->num_hndl * sizeof(struct hci_comp_pkts_info)) {
a9de9248
MH		 2730 BT_DBG("%s bad parameters", hdev->name);
2731 return;
2732 }
2733
c5993de8
AE		 2734 BT_DBG("%s num_hndl %d", hdev->name, ev->num_hndl);
2735
613a1c0c
AE		 2736 for (i = 0; i < ev->num_hndl; i++) {
2737 struct hci_comp_pkts_info *info = &ev->handles[i];
a9de9248
MH		 2738 struct hci_conn *conn;
2739 __u16 handle, count;
2740
613a1c0c
AE		 2741 handle = __le16_to_cpu(info->handle);
2742 count = __le16_to_cpu(info->count);
a9de9248
MH		 2743
2744 conn = hci_conn_hash_lookup_handle(hdev, handle);
f4280918
AE		 2745 if (!conn)
2746 continue;
2747
2748 conn->sent -= count;
2749
2750 switch (conn->type) {
2751 case ACL_LINK:
2752 hdev->acl_cnt += count;
2753 if (hdev->acl_cnt > hdev->acl_pkts)
2754 hdev->acl_cnt = hdev->acl_pkts;
2755 break;
2756
2757 case LE_LINK:
2758 if (hdev->le_pkts) {
2759 hdev->le_cnt += count;
2760 if (hdev->le_cnt > hdev->le_pkts)
2761 hdev->le_cnt = hdev->le_pkts;
2762 } else {
70f23020
AE		 2763 hdev->acl_cnt += count;
2764 if (hdev->acl_cnt > hdev->acl_pkts)
a9de9248 2765 hdev->acl_cnt = hdev->acl_pkts;
a9de9248 2766 }
f4280918
AE		 2767 break;
2768
2769 case SCO_LINK:
2770 hdev->sco_cnt += count;
2771 if (hdev->sco_cnt > hdev->sco_pkts)
2772 hdev->sco_cnt = hdev->sco_pkts;
2773 break;
2774
2775 default:
2776 BT_ERR("Unknown type %d conn %p", conn->type, conn);
2777 break;
a9de9248
MH		 2778 }
2779 }
2780
3eff45ea 2781 queue_work(hdev->workqueue, &hdev->tx_work);
a9de9248
MH		 2782}
2783
76ef7cf7
AE		 2784static struct hci_conn *__hci_conn_lookup_handle(struct hci_dev *hdev,
2785 __u16 handle)
2786{
2787 struct hci_chan *chan;
2788
2789 switch (hdev->dev_type) {
2790 case HCI_BREDR:
2791 return hci_conn_hash_lookup_handle(hdev, handle);
2792 case HCI_AMP:
2793 chan = hci_chan_lookup_handle(hdev, handle);
2794 if (chan)
2795 return chan->conn;
2796 break;
2797 default:
2798 BT_ERR("%s unknown dev_type %d", hdev->name, hdev->dev_type);
2799 break;
2800 }
2801
2802 return NULL;
2803}
2804
6039aa73 2805static void hci_num_comp_blocks_evt(struct hci_dev *hdev, struct sk_buff *skb)
25e89e99
AE		 2806{
2807 struct hci_ev_num_comp_blocks *ev = (void *) skb->data;
2808 int i;
2809
2810 if (hdev->flow_ctl_mode != HCI_FLOW_CTL_MODE_BLOCK_BASED) {
2811 BT_ERR("Wrong event for mode %d", hdev->flow_ctl_mode);
2812 return;
2813 }
2814
2815 if (skb->len < sizeof(*ev) || skb->len < sizeof(*ev) +
807deac2 2816 ev->num_hndl * sizeof(struct hci_comp_blocks_info)) {
25e89e99
AE		 2817 BT_DBG("%s bad parameters", hdev->name);
2818 return;
2819 }
2820
2821 BT_DBG("%s num_blocks %d num_hndl %d", hdev->name, ev->num_blocks,
807deac2 2822 ev->num_hndl);
25e89e99
AE		 2823
2824 for (i = 0; i < ev->num_hndl; i++) {
2825 struct hci_comp_blocks_info *info = &ev->handles[i];
76ef7cf7 2826 struct hci_conn *conn = NULL;
25e89e99
AE		 2827 __u16 handle, block_count;
2828
2829 handle = __le16_to_cpu(info->handle);
2830 block_count = __le16_to_cpu(info->blocks);
2831
76ef7cf7 2832 conn = __hci_conn_lookup_handle(hdev, handle);
25e89e99
AE		 2833 if (!conn)
2834 continue;
2835
2836 conn->sent -= block_count;
2837
2838 switch (conn->type) {
2839 case ACL_LINK:
bd1eb66b 2840 case AMP_LINK:
25e89e99
AE		 2841 hdev->block_cnt += block_count;
2842 if (hdev->block_cnt > hdev->num_blocks)
2843 hdev->block_cnt = hdev->num_blocks;
2844 break;
2845
2846 default:
2847 BT_ERR("Unknown type %d conn %p", conn->type, conn);
2848 break;
2849 }
2850 }
2851
2852 queue_work(hdev->workqueue, &hdev->tx_work);
2853}
2854
6039aa73 2855static void hci_mode_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
04837f64 2856{
a9de9248 2857 struct hci_ev_mode_change *ev = (void *) skb->data;
04837f64
MH		 2858 struct hci_conn *conn;
2859
9f1db00c 2860 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
04837f64
MH		 2861
2862 hci_dev_lock(hdev);
2863
2864 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
a9de9248
MH		 2865 if (conn) {
2866 conn->mode = ev->mode;
a9de9248 2867
8fc9ced3
GP		 2868 if (!test_and_clear_bit(HCI_CONN_MODE_CHANGE_PEND,
2869 &conn->flags)) {
a9de9248 2870 if (conn->mode == HCI_CM_ACTIVE)
58a681ef 2871 set_bit(HCI_CONN_POWER_SAVE, &conn->flags);
a9de9248 2872 else
58a681ef 2873 clear_bit(HCI_CONN_POWER_SAVE, &conn->flags);
a9de9248 2874 }
e73439d8 2875
51a8efd7 2876 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
e73439d8 2877 hci_sco_setup(conn, ev->status);
04837f64
MH		 2878 }
2879
2880 hci_dev_unlock(hdev);
2881}
2882
6039aa73 2883static void hci_pin_code_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248 2884{
052b30b0
MH		 2885 struct hci_ev_pin_code_req *ev = (void *) skb->data;
2886 struct hci_conn *conn;
2887
a9de9248 2888 BT_DBG("%s", hdev->name);
052b30b0
MH		 2889
2890 hci_dev_lock(hdev);
2891
2892 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
b6f98044
WR		 2893 if (!conn)
2894 goto unlock;
2895
2896 if (conn->state == BT_CONNECTED) {
052b30b0
MH		 2897 hci_conn_hold(conn);
2898 conn->disc_timeout = HCI_PAIRING_TIMEOUT;
76a68ba0 2899 hci_conn_drop(conn);
052b30b0
MH		 2900 }
2901
a8b2d5c2 2902 if (!test_bit(HCI_PAIRABLE, &hdev->dev_flags))
03b555e1 2903 hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
807deac2 2904 sizeof(ev->bdaddr), &ev->bdaddr);
a8b2d5c2 2905 else if (test_bit(HCI_MGMT, &hdev->dev_flags)) {
a770bb5a
WR		 2906 u8 secure;
2907
2908 if (conn->pending_sec_level == BT_SECURITY_HIGH)
2909 secure = 1;
2910 else
2911 secure = 0;
2912
744cf19e 2913 mgmt_pin_code_request(hdev, &ev->bdaddr, secure);
a770bb5a 2914 }
980e1a53 2915
b6f98044 2916unlock:
052b30b0 2917 hci_dev_unlock(hdev);
a9de9248
MH		 2918}
2919
6039aa73 2920static void hci_link_key_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248 2921{
55ed8ca1
JH		 2922 struct hci_ev_link_key_req *ev = (void *) skb->data;
2923 struct hci_cp_link_key_reply cp;
2924 struct hci_conn *conn;
2925 struct link_key *key;
2926
a9de9248 2927 BT_DBG("%s", hdev->name);
55ed8ca1 2928
034cbea0 2929 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
55ed8ca1
JH		 2930 return;
2931
2932 hci_dev_lock(hdev);
2933
2934 key = hci_find_link_key(hdev, &ev->bdaddr);
2935 if (!key) {
6ed93dc6
AE		 2936 BT_DBG("%s link key not found for %pMR", hdev->name,
2937 &ev->bdaddr);
55ed8ca1
JH		 2938 goto not_found;
2939 }
2940
6ed93dc6
AE		 2941 BT_DBG("%s found key type %u for %pMR", hdev->name, key->type,
2942 &ev->bdaddr);
55ed8ca1 2943
a8b2d5c2 2944 if (!test_bit(HCI_DEBUG_KEYS, &hdev->dev_flags) &&
807deac2 2945 key->type == HCI_LK_DEBUG_COMBINATION) {
55ed8ca1
JH		 2946 BT_DBG("%s ignoring debug key", hdev->name);
2947 goto not_found;
2948 }
2949
2950 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
60b83f57 2951 if (conn) {
66138ce8
MH		 2952 if ((key->type == HCI_LK_UNAUTH_COMBINATION_P192 ||
2953 key->type == HCI_LK_UNAUTH_COMBINATION_P256) &&
807deac2 2954 conn->auth_type != 0xff && (conn->auth_type & 0x01)) {
60b83f57
WR		 2955 BT_DBG("%s ignoring unauthenticated key", hdev->name);
2956 goto not_found;
2957 }
55ed8ca1 2958
60b83f57 2959 if (key->type == HCI_LK_COMBINATION && key->pin_len < 16 &&
807deac2 2960 conn->pending_sec_level == BT_SECURITY_HIGH) {
8fc9ced3
GP		 2961 BT_DBG("%s ignoring key unauthenticated for high security",
2962 hdev->name);
60b83f57
WR		 2963 goto not_found;
2964 }
2965
2966 conn->key_type = key->type;
2967 conn->pin_length = key->pin_len;
55ed8ca1
JH		 2968 }
2969
2970 bacpy(&cp.bdaddr, &ev->bdaddr);
9b3b4460 2971 memcpy(cp.link_key, key->val, HCI_LINK_KEY_SIZE);
55ed8ca1
JH		 2972
2973 hci_send_cmd(hdev, HCI_OP_LINK_KEY_REPLY, sizeof(cp), &cp);
2974
2975 hci_dev_unlock(hdev);
2976
2977 return;
2978
2979not_found:
2980 hci_send_cmd(hdev, HCI_OP_LINK_KEY_NEG_REPLY, 6, &ev->bdaddr);
2981 hci_dev_unlock(hdev);
a9de9248
MH		 2982}
2983
6039aa73 2984static void hci_link_key_notify_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248 2985{
052b30b0
MH		 2986 struct hci_ev_link_key_notify *ev = (void *) skb->data;
2987 struct hci_conn *conn;
55ed8ca1 2988 u8 pin_len = 0;
052b30b0 2989
a9de9248 2990 BT_DBG("%s", hdev->name);
052b30b0
MH		 2991
2992 hci_dev_lock(hdev);
2993
2994 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2995 if (conn) {
2996 hci_conn_hold(conn);
2997 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
980e1a53 2998 pin_len = conn->pin_length;
13d39315
WR		 2999
3000 if (ev->key_type != HCI_LK_CHANGED_COMBINATION)
3001 conn->key_type = ev->key_type;
3002
76a68ba0 3003 hci_conn_drop(conn);
052b30b0
MH		 3004 }
3005
034cbea0 3006 if (test_bit(HCI_MGMT, &hdev->dev_flags))
d25e28ab 3007 hci_add_link_key(hdev, conn, 1, &ev->bdaddr, ev->link_key,
807deac2 3008 ev->key_type, pin_len);
55ed8ca1 3009
052b30b0 3010 hci_dev_unlock(hdev);
a9de9248
MH		 3011}
3012
6039aa73 3013static void hci_clock_offset_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 3014{
a9de9248 3015 struct hci_ev_clock_offset *ev = (void *) skb->data;
04837f64 3016 struct hci_conn *conn;
1da177e4 3017
9f1db00c 3018 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
1da177e4
LT		 3019
3020 hci_dev_lock(hdev);
3021
04837f64 3022 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1da177e4
LT		 3023 if (conn && !ev->status) {
3024 struct inquiry_entry *ie;
3025
cc11b9c1
AE		 3026 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
3027 if (ie) {
1da177e4
LT		 3028 ie->data.clock_offset = ev->clock_offset;
3029 ie->timestamp = jiffies;
3030 }
3031 }
3032
3033 hci_dev_unlock(hdev);
3034}
3035
6039aa73 3036static void hci_pkt_type_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
a8746417
MH		 3037{
3038 struct hci_ev_pkt_type_change *ev = (void *) skb->data;
3039 struct hci_conn *conn;
3040
9f1db00c 3041 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
a8746417
MH		 3042
3043 hci_dev_lock(hdev);
3044
3045 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
3046 if (conn && !ev->status)
3047 conn->pkt_type = __le16_to_cpu(ev->pkt_type);
3048
3049 hci_dev_unlock(hdev);
3050}
3051
6039aa73 3052static void hci_pscan_rep_mode_evt(struct hci_dev *hdev, struct sk_buff *skb)
85a1e930 3053{
a9de9248 3054 struct hci_ev_pscan_rep_mode *ev = (void *) skb->data;
85a1e930
MH		 3055 struct inquiry_entry *ie;
3056
3057 BT_DBG("%s", hdev->name);
3058
3059 hci_dev_lock(hdev);
3060
cc11b9c1
AE		 3061 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
3062 if (ie) {
85a1e930
MH		 3063 ie->data.pscan_rep_mode = ev->pscan_rep_mode;
3064 ie->timestamp = jiffies;
3065 }
3066
3067 hci_dev_unlock(hdev);
3068}
3069
6039aa73
GP		 3070static void hci_inquiry_result_with_rssi_evt(struct hci_dev *hdev,
3071 struct sk_buff *skb)
a9de9248
MH		 3072{
3073 struct inquiry_data data;
3074 int num_rsp = *((__u8 *) skb->data);
388fc8fa 3075 bool name_known, ssp;
a9de9248
MH		 3076
3077 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
3078
3079 if (!num_rsp)
3080 return;
3081
1519cc17
AG		 3082 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags))
3083 return;
3084
a9de9248
MH		 3085 hci_dev_lock(hdev);
3086
3087 if ((skb->len - 1) / num_rsp != sizeof(struct inquiry_info_with_rssi)) {
138d22ef
SJ		 3088 struct inquiry_info_with_rssi_and_pscan_mode *info;
3089 info = (void *) (skb->data + 1);
a9de9248 3090
e17acd40 3091 for (; num_rsp; num_rsp--, info++) {
a9de9248
MH		 3092 bacpy(&data.bdaddr, &info->bdaddr);
3093 data.pscan_rep_mode = info->pscan_rep_mode;
3094 data.pscan_period_mode = info->pscan_period_mode;
3095 data.pscan_mode = info->pscan_mode;
3096 memcpy(data.dev_class, info->dev_class, 3);
3097 data.clock_offset = info->clock_offset;
3098 data.rssi = info->rssi;
41a96212 3099 data.ssp_mode = 0x00;
3175405b
JH		 3100
3101 name_known = hci_inquiry_cache_update(hdev, &data,
04124681 3102 false, &ssp);
48264f06 3103 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
04124681
GP		 3104 info->dev_class, info->rssi,
3105 !name_known, ssp, NULL, 0);
a9de9248
MH		 3106 }
3107 } else {
3108 struct inquiry_info_with_rssi *info = (void *) (skb->data + 1);
3109
e17acd40 3110 for (; num_rsp; num_rsp--, info++) {
a9de9248
MH		 3111 bacpy(&data.bdaddr, &info->bdaddr);
3112 data.pscan_rep_mode = info->pscan_rep_mode;
3113 data.pscan_period_mode = info->pscan_period_mode;
3114 data.pscan_mode = 0x00;
3115 memcpy(data.dev_class, info->dev_class, 3);
3116 data.clock_offset = info->clock_offset;
3117 data.rssi = info->rssi;
41a96212 3118 data.ssp_mode = 0x00;
3175405b 3119 name_known = hci_inquiry_cache_update(hdev, &data,
04124681 3120 false, &ssp);
48264f06 3121 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
04124681
GP		 3122 info->dev_class, info->rssi,
3123 !name_known, ssp, NULL, 0);
a9de9248
MH		 3124 }
3125 }
3126
3127 hci_dev_unlock(hdev);
3128}
3129
6039aa73
GP		 3130static void hci_remote_ext_features_evt(struct hci_dev *hdev,
3131 struct sk_buff *skb)
a9de9248 3132{
41a96212
MH		 3133 struct hci_ev_remote_ext_features *ev = (void *) skb->data;
3134 struct hci_conn *conn;
3135
a9de9248 3136 BT_DBG("%s", hdev->name);
41a96212 3137
41a96212
MH		 3138 hci_dev_lock(hdev);
3139
3140 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
ccd556fe
JH		 3141 if (!conn)
3142 goto unlock;
41a96212 3143
cad718ed
JH		 3144 if (ev->page < HCI_MAX_PAGES)
3145 memcpy(conn->features[ev->page], ev->features, 8);
3146
ccd556fe
JH		 3147 if (!ev->status && ev->page == 0x01) {
3148 struct inquiry_entry *ie;
41a96212 3149
cc11b9c1
AE		 3150 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
3151 if (ie)
02b7cc62 3152 ie->data.ssp_mode = (ev->features[0] & LMP_HOST_SSP);
769be974 3153
bbb0eada 3154 if (ev->features[0] & LMP_HOST_SSP) {
58a681ef 3155 set_bit(HCI_CONN_SSP_ENABLED, &conn->flags);
bbb0eada
JK		 3156 } else {
3157 /* It is mandatory by the Bluetooth specification that
3158 * Extended Inquiry Results are only used when Secure
3159 * Simple Pairing is enabled, but some devices violate
3160 * this.
3161 *
3162 * To make these devices work, the internal SSP
3163 * enabled flag needs to be cleared if the remote host
3164 * features do not indicate SSP support */
3165 clear_bit(HCI_CONN_SSP_ENABLED, &conn->flags);
3166 }
eb9a8f3f
MH		 3167
3168 if (ev->features[0] & LMP_HOST_SC)
3169 set_bit(HCI_CONN_SC_ENABLED, &conn->flags);
ccd556fe
JH		 3170 }
3171
3172 if (conn->state != BT_CONFIG)
3173 goto unlock;
3174
671267bf 3175 if (!ev->status && !test_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags)) {
127178d2
JH		 3176 struct hci_cp_remote_name_req cp;
3177 memset(&cp, 0, sizeof(cp));
3178 bacpy(&cp.bdaddr, &conn->dst);
3179 cp.pscan_rep_mode = 0x02;
3180 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
b644ba33
JH		 3181 } else if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
3182 mgmt_device_connected(hdev, &conn->dst, conn->type,
04124681
GP		 3183 conn->dst_type, 0, NULL, 0,
3184 conn->dev_class);
392599b9 3185
127178d2 3186 if (!hci_outgoing_auth_needed(hdev, conn)) {
ccd556fe
JH		 3187 conn->state = BT_CONNECTED;
3188 hci_proto_connect_cfm(conn, ev->status);
76a68ba0 3189 hci_conn_drop(conn);
41a96212
MH		 3190 }
3191
ccd556fe 3192unlock:
41a96212 3193 hci_dev_unlock(hdev);
a9de9248
MH		 3194}
3195
6039aa73
GP		 3196static void hci_sync_conn_complete_evt(struct hci_dev *hdev,
3197 struct sk_buff *skb)
a9de9248 3198{
b6a0dc82
MH		 3199 struct hci_ev_sync_conn_complete *ev = (void *) skb->data;
3200 struct hci_conn *conn;
3201
9f1db00c 3202 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
b6a0dc82
MH		 3203
3204 hci_dev_lock(hdev);
3205
3206 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
9dc0a3af
MH		 3207 if (!conn) {
3208 if (ev->link_type == ESCO_LINK)
3209 goto unlock;
3210
3211 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
3212 if (!conn)
3213 goto unlock;
3214
3215 conn->type = SCO_LINK;
3216 }
b6a0dc82 3217
732547f9
MH		 3218 switch (ev->status) {
3219 case 0x00:
b6a0dc82
MH		 3220 conn->handle = __le16_to_cpu(ev->handle);
3221 conn->state = BT_CONNECTED;
7d0db0a3
MH		 3222
3223 hci_conn_add_sysfs(conn);
732547f9
MH		 3224 break;
3225
1a4c958c 3226 case 0x0d: /* Connection Rejected due to Limited Resources */
705e5711 3227 case 0x11: /* Unsupported Feature or Parameter Value */
732547f9 3228 case 0x1c: /* SCO interval rejected */
1038a00b 3229 case 0x1a: /* Unsupported Remote Feature */
732547f9 3230 case 0x1f: /* Unspecified error */
27539bc4 3231 case 0x20: /* Unsupported LMP Parameter value */
2dea632f 3232 if (conn->out) {
732547f9
MH		 3233 conn->pkt_type = (hdev->esco_type & SCO_ESCO_MASK) |
3234 (hdev->esco_type & EDR_ESCO_MASK);
2dea632f
FD		 3235 if (hci_setup_sync(conn, conn->link->handle))
3236 goto unlock;
732547f9
MH		 3237 }
3238 /* fall through */
3239
3240 default:
b6a0dc82 3241 conn->state = BT_CLOSED;
732547f9
MH		 3242 break;
3243 }
b6a0dc82
MH		 3244
3245 hci_proto_connect_cfm(conn, ev->status);
3246 if (ev->status)
3247 hci_conn_del(conn);
3248
3249unlock:
3250 hci_dev_unlock(hdev);
a9de9248
MH		 3251}
3252
efdcf8e3
MH		 3253static inline size_t eir_get_length(u8 *eir, size_t eir_len)
3254{
3255 size_t parsed = 0;
3256
3257 while (parsed < eir_len) {
3258 u8 field_len = eir[0];
3259
3260 if (field_len == 0)
3261 return parsed;
3262
3263 parsed += field_len + 1;
3264 eir += field_len + 1;
3265 }
3266
3267 return eir_len;
3268}
3269
6039aa73
GP		 3270static void hci_extended_inquiry_result_evt(struct hci_dev *hdev,
3271 struct sk_buff *skb)
1da177e4 3272{
a9de9248
MH		 3273 struct inquiry_data data;
3274 struct extended_inquiry_info *info = (void *) (skb->data + 1);
3275 int num_rsp = *((__u8 *) skb->data);
9d939d94 3276 size_t eir_len;
1da177e4 3277
a9de9248 3278 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
1da177e4 3279
a9de9248
MH		 3280 if (!num_rsp)
3281 return;
1da177e4 3282
1519cc17
AG		 3283 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags))
3284 return;
3285
a9de9248
MH		 3286 hci_dev_lock(hdev);
3287
e17acd40 3288 for (; num_rsp; num_rsp--, info++) {
388fc8fa 3289 bool name_known, ssp;
561aafbc 3290
a9de9248 3291 bacpy(&data.bdaddr, &info->bdaddr);
138d22ef
SJ		 3292 data.pscan_rep_mode = info->pscan_rep_mode;
3293 data.pscan_period_mode = info->pscan_period_mode;
3294 data.pscan_mode = 0x00;
a9de9248 3295 memcpy(data.dev_class, info->dev_class, 3);
138d22ef
SJ		 3296 data.clock_offset = info->clock_offset;
3297 data.rssi = info->rssi;
41a96212 3298 data.ssp_mode = 0x01;
561aafbc 3299
a8b2d5c2 3300 if (test_bit(HCI_MGMT, &hdev->dev_flags))
4ddb1930 3301 name_known = eir_has_data_type(info->data,
04124681
GP		 3302 sizeof(info->data),
3303 EIR_NAME_COMPLETE);
561aafbc
JH		 3304 else
3305 name_known = true;
3306
388fc8fa 3307 name_known = hci_inquiry_cache_update(hdev, &data, name_known,
04124681 3308 &ssp);
9d939d94 3309 eir_len = eir_get_length(info->data, sizeof(info->data));
48264f06 3310 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
04124681 3311 info->dev_class, info->rssi, !name_known,
9d939d94 3312 ssp, info->data, eir_len);
a9de9248
MH		 3313 }
3314
3315 hci_dev_unlock(hdev);
3316}
1da177e4 3317
1c2e0041
JH		 3318static void hci_key_refresh_complete_evt(struct hci_dev *hdev,
3319 struct sk_buff *skb)
3320{
3321 struct hci_ev_key_refresh_complete *ev = (void *) skb->data;
3322 struct hci_conn *conn;
3323
9f1db00c 3324 BT_DBG("%s status 0x%2.2x handle 0x%4.4x", hdev->name, ev->status,
1c2e0041
JH		 3325 __le16_to_cpu(ev->handle));
3326
3327 hci_dev_lock(hdev);
3328
3329 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
3330 if (!conn)
3331 goto unlock;
3332
3333 if (!ev->status)
3334 conn->sec_level = conn->pending_sec_level;
3335
3336 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
3337
3338 if (ev->status && conn->state == BT_CONNECTED) {
bed71748 3339 hci_disconnect(conn, HCI_ERROR_AUTH_FAILURE);
76a68ba0 3340 hci_conn_drop(conn);
1c2e0041
JH		 3341 goto unlock;
3342 }
3343
3344 if (conn->state == BT_CONFIG) {
3345 if (!ev->status)
3346 conn->state = BT_CONNECTED;
3347
3348 hci_proto_connect_cfm(conn, ev->status);
76a68ba0 3349 hci_conn_drop(conn);
1c2e0041
JH		 3350 } else {
3351 hci_auth_cfm(conn, ev->status);
3352
3353 hci_conn_hold(conn);
3354 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
76a68ba0 3355 hci_conn_drop(conn);
1c2e0041
JH		 3356 }
3357
3358unlock:
3359 hci_dev_unlock(hdev);
3360}
3361
6039aa73 3362static u8 hci_get_auth_req(struct hci_conn *conn)
17fa4b9d
JH		 3363{
3364 /* If remote requests dedicated bonding follow that lead */
acabae96
MA		 3365 if (conn->remote_auth == HCI_AT_DEDICATED_BONDING ||
3366 conn->remote_auth == HCI_AT_DEDICATED_BONDING_MITM) {
17fa4b9d
JH		 3367 /* If both remote and local IO capabilities allow MITM
3368 * protection then require it, otherwise don't */
acabae96
MA		 3369 if (conn->remote_cap == HCI_IO_NO_INPUT_OUTPUT ||
3370 conn->io_capability == HCI_IO_NO_INPUT_OUTPUT)
3371 return HCI_AT_DEDICATED_BONDING;
17fa4b9d 3372 else
acabae96 3373 return HCI_AT_DEDICATED_BONDING_MITM;
17fa4b9d
JH		 3374 }
3375
3376 /* If remote requests no-bonding follow that lead */
acabae96
MA		 3377 if (conn->remote_auth == HCI_AT_NO_BONDING ||
3378 conn->remote_auth == HCI_AT_NO_BONDING_MITM)
58797bf7 3379 return conn->remote_auth | (conn->auth_type & 0x01);
17fa4b9d
JH		 3380
3381 return conn->auth_type;
3382}
3383
6039aa73 3384static void hci_io_capa_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
0493684e
MH		 3385{
3386 struct hci_ev_io_capa_request *ev = (void *) skb->data;
3387 struct hci_conn *conn;
3388
3389 BT_DBG("%s", hdev->name);
3390
3391 hci_dev_lock(hdev);
3392
3393 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
03b555e1
JH		 3394 if (!conn)
3395 goto unlock;
3396
3397 hci_conn_hold(conn);
3398
a8b2d5c2 3399 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
03b555e1
JH		 3400 goto unlock;
3401
a8b2d5c2 3402 if (test_bit(HCI_PAIRABLE, &hdev->dev_flags) ||
807deac2 3403 (conn->remote_auth & ~0x01) == HCI_AT_NO_BONDING) {
17fa4b9d
JH		 3404 struct hci_cp_io_capability_reply cp;
3405
3406 bacpy(&cp.bdaddr, &ev->bdaddr);
7a7f1e7c
HG		 3407 /* Change the IO capability from KeyboardDisplay
3408 * to DisplayYesNo as it is not supported by BT spec. */
3409 cp.capability = (conn->io_capability == 0x04) ?
a767631a 3410 HCI_IO_DISPLAY_YESNO : conn->io_capability;
7cbc9bd9
JH		 3411 conn->auth_type = hci_get_auth_req(conn);
3412 cp.authentication = conn->auth_type;
17fa4b9d 3413
8fc9ced3
GP		 3414 if (hci_find_remote_oob_data(hdev, &conn->dst) &&
3415 (conn->out || test_bit(HCI_CONN_REMOTE_OOB, &conn->flags)))
ce85ee13
SJ		 3416 cp.oob_data = 0x01;
3417 else
3418 cp.oob_data = 0x00;
3419
17fa4b9d 3420 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_REPLY,
807deac2 3421 sizeof(cp), &cp);
03b555e1
JH		 3422 } else {
3423 struct hci_cp_io_capability_neg_reply cp;
3424
3425 bacpy(&cp.bdaddr, &ev->bdaddr);
9f5a0d7b 3426 cp.reason = HCI_ERROR_PAIRING_NOT_ALLOWED;
0493684e 3427
03b555e1 3428 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_NEG_REPLY,
807deac2 3429 sizeof(cp), &cp);
03b555e1
JH		 3430 }
3431
3432unlock:
3433 hci_dev_unlock(hdev);
3434}
3435
6039aa73 3436static void hci_io_capa_reply_evt(struct hci_dev *hdev, struct sk_buff *skb)
03b555e1
JH		 3437{
3438 struct hci_ev_io_capa_reply *ev = (void *) skb->data;
3439 struct hci_conn *conn;
3440
3441 BT_DBG("%s", hdev->name);
3442
3443 hci_dev_lock(hdev);
3444
3445 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3446 if (!conn)
3447 goto unlock;
3448
03b555e1 3449 conn->remote_cap = ev->capability;
03b555e1 3450 conn->remote_auth = ev->authentication;
58a681ef
JH		 3451 if (ev->oob_data)
3452 set_bit(HCI_CONN_REMOTE_OOB, &conn->flags);
03b555e1
JH		 3453
3454unlock:
0493684e
MH		 3455 hci_dev_unlock(hdev);
3456}
3457
6039aa73
GP		 3458static void hci_user_confirm_request_evt(struct hci_dev *hdev,
3459 struct sk_buff *skb)
a5c29683
JH		 3460{
3461 struct hci_ev_user_confirm_req *ev = (void *) skb->data;
55bc1a37 3462 int loc_mitm, rem_mitm, confirm_hint = 0;
7a828908 3463 struct hci_conn *conn;
a5c29683
JH		 3464
3465 BT_DBG("%s", hdev->name);
3466
3467 hci_dev_lock(hdev);
3468
a8b2d5c2 3469 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
7a828908 3470 goto unlock;
a5c29683 3471
7a828908
JH		 3472 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3473 if (!conn)
3474 goto unlock;
3475
3476 loc_mitm = (conn->auth_type & 0x01);
3477 rem_mitm = (conn->remote_auth & 0x01);
3478
3479 /* If we require MITM but the remote device can't provide that
3480 * (it has NoInputNoOutput) then reject the confirmation
3481 * request. The only exception is when we're dedicated bonding
3482 * initiators (connect_cfm_cb set) since then we always have the MITM
3483 * bit set. */
a767631a
MA		 3484 if (!conn->connect_cfm_cb && loc_mitm &&
3485 conn->remote_cap == HCI_IO_NO_INPUT_OUTPUT) {
7a828908
JH		 3486 BT_DBG("Rejecting request: remote device can't provide MITM");
3487 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_NEG_REPLY,
807deac2 3488 sizeof(ev->bdaddr), &ev->bdaddr);
7a828908
JH		 3489 goto unlock;
3490 }
3491
3492 /* If no side requires MITM protection; auto-accept */
a767631a
MA		 3493 if ((!loc_mitm || conn->remote_cap == HCI_IO_NO_INPUT_OUTPUT) &&
3494 (!rem_mitm || conn->io_capability == HCI_IO_NO_INPUT_OUTPUT)) {
55bc1a37
JH		 3495
3496 /* If we're not the initiators request authorization to
3497 * proceed from user space (mgmt_user_confirm with
3498 * confirm_hint set to 1). */
51a8efd7 3499 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
55bc1a37
JH		 3500 BT_DBG("Confirming auto-accept as acceptor");
3501 confirm_hint = 1;
3502 goto confirm;
3503 }
3504
9f61656a 3505 BT_DBG("Auto-accept of user confirmation with %ums delay",
807deac2 3506 hdev->auto_accept_delay);
9f61656a
JH		 3507
3508 if (hdev->auto_accept_delay > 0) {
3509 int delay = msecs_to_jiffies(hdev->auto_accept_delay);
7bc18d9d
JH		 3510 queue_delayed_work(conn->hdev->workqueue,
3511 &conn->auto_accept_work, delay);
9f61656a
JH		 3512 goto unlock;
3513 }
3514
7a828908 3515 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_REPLY,
807deac2 3516 sizeof(ev->bdaddr), &ev->bdaddr);
7a828908
JH		 3517 goto unlock;
3518 }
3519
55bc1a37 3520confirm:
39adbffe
JH		 3521 mgmt_user_confirm_request(hdev, &ev->bdaddr, ACL_LINK, 0,
3522 le32_to_cpu(ev->passkey), confirm_hint);
7a828908
JH		 3523
3524unlock:
a5c29683
JH		 3525 hci_dev_unlock(hdev);
3526}
3527
6039aa73
GP		 3528static void hci_user_passkey_request_evt(struct hci_dev *hdev,
3529 struct sk_buff *skb)
1143d458
BG		 3530{
3531 struct hci_ev_user_passkey_req *ev = (void *) skb->data;
3532
3533 BT_DBG("%s", hdev->name);
3534
a8b2d5c2 3535 if (test_bit(HCI_MGMT, &hdev->dev_flags))
272d90df 3536 mgmt_user_passkey_request(hdev, &ev->bdaddr, ACL_LINK, 0);
1143d458
BG		 3537}
3538
92a25256
JH		 3539static void hci_user_passkey_notify_evt(struct hci_dev *hdev,
3540 struct sk_buff *skb)
3541{
3542 struct hci_ev_user_passkey_notify *ev = (void *) skb->data;
3543 struct hci_conn *conn;
3544
3545 BT_DBG("%s", hdev->name);
3546
3547 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3548 if (!conn)
3549 return;
3550
3551 conn->passkey_notify = __le32_to_cpu(ev->passkey);
3552 conn->passkey_entered = 0;
3553
3554 if (test_bit(HCI_MGMT, &hdev->dev_flags))
3555 mgmt_user_passkey_notify(hdev, &conn->dst, conn->type,
3556 conn->dst_type, conn->passkey_notify,
3557 conn->passkey_entered);
3558}
3559
3560static void hci_keypress_notify_evt(struct hci_dev *hdev, struct sk_buff *skb)
3561{
3562 struct hci_ev_keypress_notify *ev = (void *) skb->data;
3563 struct hci_conn *conn;
3564
3565 BT_DBG("%s", hdev->name);
3566
3567 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3568 if (!conn)
3569 return;
3570
3571 switch (ev->type) {
3572 case HCI_KEYPRESS_STARTED:
3573 conn->passkey_entered = 0;
3574 return;
3575
3576 case HCI_KEYPRESS_ENTERED:
3577 conn->passkey_entered++;
3578 break;
3579
3580 case HCI_KEYPRESS_ERASED:
3581 conn->passkey_entered--;
3582 break;
3583
3584 case HCI_KEYPRESS_CLEARED:
3585 conn->passkey_entered = 0;
3586 break;
3587
3588 case HCI_KEYPRESS_COMPLETED:
3589 return;
3590 }
3591
3592 if (test_bit(HCI_MGMT, &hdev->dev_flags))
3593 mgmt_user_passkey_notify(hdev, &conn->dst, conn->type,
3594 conn->dst_type, conn->passkey_notify,
3595 conn->passkey_entered);
3596}
3597
6039aa73
GP		 3598static void hci_simple_pair_complete_evt(struct hci_dev *hdev,
3599 struct sk_buff *skb)
0493684e
MH		 3600{
3601 struct hci_ev_simple_pair_complete *ev = (void *) skb->data;
3602 struct hci_conn *conn;
3603
3604 BT_DBG("%s", hdev->name);
3605
3606 hci_dev_lock(hdev);
3607
3608 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2a611692
JH		 3609 if (!conn)
3610 goto unlock;
3611
3612 /* To avoid duplicate auth_failed events to user space we check
3613 * the HCI_CONN_AUTH_PEND flag which will be set if we
3614 * initiated the authentication. A traditional auth_complete
3615 * event gets always produced as initiator and is also mapped to
3616 * the mgmt_auth_failed event */
fa1bd918 3617 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->flags) && ev->status)
bab73cb6 3618 mgmt_auth_failed(hdev, &conn->dst, conn->type, conn->dst_type,
04124681 3619 ev->status);
0493684e 3620
76a68ba0 3621 hci_conn_drop(conn);
2a611692
JH		 3622
3623unlock:
0493684e
MH		 3624 hci_dev_unlock(hdev);
3625}
3626
6039aa73
GP		 3627static void hci_remote_host_features_evt(struct hci_dev *hdev,
3628 struct sk_buff *skb)
41a96212
MH		 3629{
3630 struct hci_ev_remote_host_features *ev = (void *) skb->data;
3631 struct inquiry_entry *ie;
cad718ed 3632 struct hci_conn *conn;
41a96212
MH		 3633
3634 BT_DBG("%s", hdev->name);
3635
3636 hci_dev_lock(hdev);
3637
cad718ed
JH		 3638 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3639 if (conn)
3640 memcpy(conn->features[1], ev->features, 8);
3641
cc11b9c1
AE		 3642 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
3643 if (ie)
02b7cc62 3644 ie->data.ssp_mode = (ev->features[0] & LMP_HOST_SSP);
41a96212
MH		 3645
3646 hci_dev_unlock(hdev);
3647}
3648
6039aa73
GP		 3649static void hci_remote_oob_data_request_evt(struct hci_dev *hdev,
3650 struct sk_buff *skb)
2763eda6
SJ		 3651{
3652 struct hci_ev_remote_oob_data_request *ev = (void *) skb->data;
3653 struct oob_data *data;
3654
3655 BT_DBG("%s", hdev->name);
3656
3657 hci_dev_lock(hdev);
3658
a8b2d5c2 3659 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
e1ba1f15
SJ		 3660 goto unlock;
3661
2763eda6
SJ		 3662 data = hci_find_remote_oob_data(hdev, &ev->bdaddr);
3663 if (data) {
519ca9d0
MH		 3664 if (test_bit(HCI_SC_ENABLED, &hdev->dev_flags)) {
3665 struct hci_cp_remote_oob_ext_data_reply cp;
2763eda6 3666
519ca9d0
MH		 3667 bacpy(&cp.bdaddr, &ev->bdaddr);
3668 memcpy(cp.hash192, data->hash192, sizeof(cp.hash192));
3669 memcpy(cp.randomizer192, data->randomizer192,
3670 sizeof(cp.randomizer192));
3671 memcpy(cp.hash256, data->hash256, sizeof(cp.hash256));
3672 memcpy(cp.randomizer256, data->randomizer256,
3673 sizeof(cp.randomizer256));
3674
3675 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_EXT_DATA_REPLY,
3676 sizeof(cp), &cp);
3677 } else {
3678 struct hci_cp_remote_oob_data_reply cp;
2763eda6 3679
519ca9d0
MH		 3680 bacpy(&cp.bdaddr, &ev->bdaddr);
3681 memcpy(cp.hash, data->hash192, sizeof(cp.hash));
3682 memcpy(cp.randomizer, data->randomizer192,
3683 sizeof(cp.randomizer));
3684
3685 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_REPLY,
3686 sizeof(cp), &cp);
3687 }
2763eda6
SJ		 3688 } else {
3689 struct hci_cp_remote_oob_data_neg_reply cp;
3690
3691 bacpy(&cp.bdaddr, &ev->bdaddr);
519ca9d0
MH		 3692 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_NEG_REPLY,
3693 sizeof(cp), &cp);
2763eda6
SJ		 3694 }
3695
e1ba1f15 3696unlock:
2763eda6
SJ		 3697 hci_dev_unlock(hdev);
3698}
3699
d5e91192
AE		 3700static void hci_phy_link_complete_evt(struct hci_dev *hdev,
3701 struct sk_buff *skb)
3702{
3703 struct hci_ev_phy_link_complete *ev = (void *) skb->data;
3704 struct hci_conn *hcon, *bredr_hcon;
3705
3706 BT_DBG("%s handle 0x%2.2x status 0x%2.2x", hdev->name, ev->phy_handle,
3707 ev->status);
3708
3709 hci_dev_lock(hdev);
3710
3711 hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
3712 if (!hcon) {
3713 hci_dev_unlock(hdev);
3714 return;
3715 }
3716
3717 if (ev->status) {
3718 hci_conn_del(hcon);
3719 hci_dev_unlock(hdev);
3720 return;
3721 }
3722
3723 bredr_hcon = hcon->amp_mgr->l2cap_conn->hcon;
3724
3725 hcon->state = BT_CONNECTED;
3726 bacpy(&hcon->dst, &bredr_hcon->dst);
3727
3728 hci_conn_hold(hcon);
3729 hcon->disc_timeout = HCI_DISCONN_TIMEOUT;
76a68ba0 3730 hci_conn_drop(hcon);
d5e91192 3731
d5e91192
AE		 3732 hci_conn_add_sysfs(hcon);
3733
cf70ff22 3734 amp_physical_cfm(bredr_hcon, hcon);
d5e91192 3735
cf70ff22 3736 hci_dev_unlock(hdev);
d5e91192
AE		 3737}
3738
27695fb4
AE		 3739static void hci_loglink_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
3740{
3741 struct hci_ev_logical_link_complete *ev = (void *) skb->data;
3742 struct hci_conn *hcon;
3743 struct hci_chan *hchan;
3744 struct amp_mgr *mgr;
3745
3746 BT_DBG("%s log_handle 0x%4.4x phy_handle 0x%2.2x status 0x%2.2x",
3747 hdev->name, le16_to_cpu(ev->handle), ev->phy_handle,
3748 ev->status);
3749
3750 hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
3751 if (!hcon)
3752 return;
3753
3754 /* Create AMP hchan */
3755 hchan = hci_chan_create(hcon);
3756 if (!hchan)
3757 return;
3758
3759 hchan->handle = le16_to_cpu(ev->handle);
3760
3761 BT_DBG("hcon %p mgr %p hchan %p", hcon, hcon->amp_mgr, hchan);
3762
3763 mgr = hcon->amp_mgr;
3764 if (mgr && mgr->bredr_chan) {
3765 struct l2cap_chan *bredr_chan = mgr->bredr_chan;
3766
3767 l2cap_chan_lock(bredr_chan);
3768
3769 bredr_chan->conn->mtu = hdev->block_mtu;
3770 l2cap_logical_cfm(bredr_chan, hchan, 0);
3771 hci_conn_hold(hcon);
3772
3773 l2cap_chan_unlock(bredr_chan);
3774 }
3775}
3776
606e2a10
AE		 3777static void hci_disconn_loglink_complete_evt(struct hci_dev *hdev,
3778 struct sk_buff *skb)
3779{
3780 struct hci_ev_disconn_logical_link_complete *ev = (void *) skb->data;
3781 struct hci_chan *hchan;
3782
3783 BT_DBG("%s log handle 0x%4.4x status 0x%2.2x", hdev->name,
3784 le16_to_cpu(ev->handle), ev->status);
3785
3786 if (ev->status)
3787 return;
3788
3789 hci_dev_lock(hdev);
3790
3791 hchan = hci_chan_lookup_handle(hdev, le16_to_cpu(ev->handle));
3792 if (!hchan)
3793 goto unlock;
3794
3795 amp_destroy_logical_link(hchan, ev->reason);
3796
3797unlock:
3798 hci_dev_unlock(hdev);
3799}
3800
9eef6b3a
AE		 3801static void hci_disconn_phylink_complete_evt(struct hci_dev *hdev,
3802 struct sk_buff *skb)
3803{
3804 struct hci_ev_disconn_phy_link_complete *ev = (void *) skb->data;
3805 struct hci_conn *hcon;
3806
3807 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
3808
3809 if (ev->status)
3810 return;
3811
3812 hci_dev_lock(hdev);
3813
3814 hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
3815 if (hcon) {
3816 hcon->state = BT_CLOSED;
3817 hci_conn_del(hcon);
3818 }
3819
3820 hci_dev_unlock(hdev);
3821}
3822
6039aa73 3823static void hci_le_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
fcd89c09
VT		 3824{
3825 struct hci_ev_le_conn_complete *ev = (void *) skb->data;
3826 struct hci_conn *conn;
68d6f6de 3827 struct smp_irk *irk;
fcd89c09 3828
9f1db00c 3829 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
fcd89c09
VT		 3830
3831 hci_dev_lock(hdev);
3832
b47a09b3 3833 conn = hci_conn_hash_lookup_state(hdev, LE_LINK, BT_CONNECT);
b62f328b
VT		 3834 if (!conn) {
3835 conn = hci_conn_add(hdev, LE_LINK, &ev->bdaddr);
3836 if (!conn) {
3837 BT_ERR("No memory for new connection");
230fd16a 3838 goto unlock;
b62f328b 3839 }
29b7988a
AG		 3840
3841 conn->dst_type = ev->bdaddr_type;
b9b343d2 3842
880be4e8
MH		 3843 /* The advertising parameters for own address type
3844 * define which source address and source address
3845 * type this connections has.
3846 */
3847 if (bacmp(&conn->src, BDADDR_ANY)) {
3848 conn->src_type = ADDR_LE_DEV_PUBLIC;
3849 } else {
3850 bacpy(&conn->src, &hdev->static_addr);
3851 conn->src_type = ADDR_LE_DEV_RANDOM;
3852 }
3853
b9b343d2
AG		 3854 if (ev->role == LE_CONN_ROLE_MASTER) {
3855 conn->out = true;
3856 conn->link_mode |= HCI_LM_MASTER;
3857 }
cb1d68f7
JH		 3858
3859 /* If we didn't have a hci_conn object previously
3860 * but we're in master role this must be something
3861 * initiated using a white list. Since white list based
3862 * connections are not "first class citizens" we don't
3863 * have full tracking of them. Therefore, we go ahead
3864 * with a "best effort" approach of determining the
3865 * initiator address based on the HCI_PRIVACY flag.
3866 */
3867 if (conn->out) {
3868 conn->resp_addr_type = ev->bdaddr_type;
3869 bacpy(&conn->resp_addr, &ev->bdaddr);
3870 if (test_bit(HCI_PRIVACY, &hdev->dev_flags)) {
3871 conn->init_addr_type = ADDR_LE_DEV_RANDOM;
3872 bacpy(&conn->init_addr, &hdev->rpa);
3873 } else {
3874 hci_copy_identity_address(hdev,
3875 &conn->init_addr,
3876 &conn->init_addr_type);
3877 }
3878 } else {
3879 /* Set the responder (our side) address type based on
3880 * the advertising address type.
3881 */
3882 conn->resp_addr_type = hdev->adv_addr_type;
3883 if (hdev->adv_addr_type == ADDR_LE_DEV_RANDOM)
3884 bacpy(&conn->resp_addr, &hdev->random_addr);
3885 else
3886 bacpy(&conn->resp_addr, &hdev->bdaddr);
3887
3888 conn->init_addr_type = ev->bdaddr_type;
3889 bacpy(&conn->init_addr, &ev->bdaddr);
3890 }
9489eca4
JH		 3891 } else {
3892 cancel_delayed_work(&conn->le_conn_timeout);
b62f328b 3893 }
fcd89c09 3894
7be2edbb
JH		 3895 /* Ensure that the hci_conn contains the identity address type
3896 * regardless of which address the connection was made with.
7be2edbb 3897 */
a1f4c318 3898 hci_copy_identity_address(hdev, &conn->src, &conn->src_type);
7be2edbb 3899
edb4b466
MH		 3900 /* Lookup the identity address from the stored connection
3901 * address and address type.
3902 *
3903 * When establishing connections to an identity address, the
3904 * connection procedure will store the resolvable random
3905 * address first. Now if it can be converted back into the
3906 * identity address, start using the identity address from
3907 * now on.
3908 */
3909 irk = hci_get_irk(hdev, &conn->dst, conn->dst_type);
68d6f6de
JH		 3910 if (irk) {
3911 bacpy(&conn->dst, &irk->bdaddr);
3912 conn->dst_type = irk->addr_type;
3913 }
3914
cd17decb 3915 if (ev->status) {
06c053fb 3916 hci_le_conn_failed(conn, ev->status);
cd17decb
AG		 3917 goto unlock;
3918 }
3919
b644ba33 3920 if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
01fdb0fc 3921 mgmt_device_connected(hdev, &conn->dst, conn->type,
04124681 3922 conn->dst_type, 0, NULL, 0, NULL);
83bc71b4 3923
7b5c0d52 3924 conn->sec_level = BT_SECURITY_LOW;
fcd89c09
VT		 3925 conn->handle = __le16_to_cpu(ev->handle);
3926 conn->state = BT_CONNECTED;
3927
18722c24
JR		 3928 if (test_bit(HCI_6LOWPAN_ENABLED, &hdev->dev_flags))
3929 set_bit(HCI_CONN_6LOWPAN, &conn->flags);
3930
fcd89c09
VT		 3931 hci_conn_add_sysfs(conn);
3932
3933 hci_proto_connect_cfm(conn, ev->status);
3934
a4790dbd
AG		 3935 hci_pend_le_conn_del(hdev, &conn->dst, conn->dst_type);
3936
fcd89c09
VT		 3937unlock:
3938 hci_dev_unlock(hdev);
3939}
3940
a4790dbd
AG		 3941/* This function requires the caller holds hdev->lock */
3942static void check_pending_le_conn(struct hci_dev *hdev, bdaddr_t *addr,
3943 u8 addr_type)
3944{
3945 struct hci_conn *conn;
5b906a84
AG		 3946 struct smp_irk *irk;
3947
3948 /* If this is a resolvable address, we should resolve it and then
3949 * update address and address type variables.
3950 */
3951 irk = hci_get_irk(hdev, addr, addr_type);
3952 if (irk) {
3953 addr = &irk->bdaddr;
3954 addr_type = irk->addr_type;
3955 }
a4790dbd
AG		 3956
3957 if (!hci_pend_le_conn_lookup(hdev, addr, addr_type))
3958 return;
3959
3960 conn = hci_connect_le(hdev, addr, addr_type, BT_SECURITY_LOW,
3961 HCI_AT_NO_BONDING);
3962 if (!IS_ERR(conn))
3963 return;
3964
3965 switch (PTR_ERR(conn)) {
3966 case -EBUSY:
3967 /* If hci_connect() returns -EBUSY it means there is already
3968 * an LE connection attempt going on. Since controllers don't
3969 * support more than one connection attempt at the time, we
3970 * don't consider this an error case.
3971 */
3972 break;
3973 default:
3974 BT_DBG("Failed to connect: err %ld", PTR_ERR(conn));
3975 }
3976}
3977
6039aa73 3978static void hci_le_adv_report_evt(struct hci_dev *hdev, struct sk_buff *skb)
9aa04c91 3979{
e95beb41
AG		 3980 u8 num_reports = skb->data[0];
3981 void *ptr = &skb->data[1];
3c9e9195 3982 s8 rssi;
9aa04c91 3983
a4790dbd
AG		 3984 hci_dev_lock(hdev);
3985
e95beb41
AG		 3986 while (num_reports--) {
3987 struct hci_ev_le_advertising_info *ev = ptr;
9aa04c91 3988
a4790dbd
AG		 3989 if (ev->evt_type == LE_ADV_IND ||
3990 ev->evt_type == LE_ADV_DIRECT_IND)
3991 check_pending_le_conn(hdev, &ev->bdaddr,
3992 ev->bdaddr_type);
3993
3c9e9195
AG		 3994 rssi = ev->data[ev->length];
3995 mgmt_device_found(hdev, &ev->bdaddr, LE_LINK, ev->bdaddr_type,
04124681 3996 NULL, rssi, 0, 1, ev->data, ev->length);
3c9e9195 3997
e95beb41 3998 ptr += sizeof(*ev) + ev->length + 1;
9aa04c91 3999 }
a4790dbd
AG		 4000
4001 hci_dev_unlock(hdev);
9aa04c91
AG		 4002}
4003
6039aa73 4004static void hci_le_ltk_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
a7a595f6
VCG		 4005{
4006 struct hci_ev_le_ltk_req *ev = (void *) skb->data;
4007 struct hci_cp_le_ltk_reply cp;
bea710fe 4008 struct hci_cp_le_ltk_neg_reply neg;
a7a595f6 4009 struct hci_conn *conn;
c9839a11 4010 struct smp_ltk *ltk;
a7a595f6 4011
9f1db00c 4012 BT_DBG("%s handle 0x%4.4x", hdev->name, __le16_to_cpu(ev->handle));
a7a595f6
VCG		 4013
4014 hci_dev_lock(hdev);
4015
4016 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
bea710fe
VCG		 4017 if (conn == NULL)
4018 goto not_found;
a7a595f6 4019
fe39c7b2 4020 ltk = hci_find_ltk(hdev, ev->ediv, ev->rand, conn->out);
bea710fe
VCG		 4021 if (ltk == NULL)
4022 goto not_found;
4023
4024 memcpy(cp.ltk, ltk->val, sizeof(ltk->val));
a7a595f6 4025 cp.handle = cpu_to_le16(conn->handle);
c9839a11
VCG		 4026
4027 if (ltk->authenticated)
f8776218
AG		 4028 conn->pending_sec_level = BT_SECURITY_HIGH;
4029 else
4030 conn->pending_sec_level = BT_SECURITY_MEDIUM;
a7a595f6 4031
89cbb4da 4032 conn->enc_key_size = ltk->enc_size;
a7a595f6
VCG		 4033
4034 hci_send_cmd(hdev, HCI_OP_LE_LTK_REPLY, sizeof(cp), &cp);
4035
5981a882
CT		 4036 /* Ref. Bluetooth Core SPEC pages 1975 and 2004. STK is a
4037 * temporary key used to encrypt a connection following
4038 * pairing. It is used during the Encrypted Session Setup to
4039 * distribute the keys. Later, security can be re-established
4040 * using a distributed LTK.
4041 */
4042 if (ltk->type == HCI_SMP_STK_SLAVE) {
c9839a11
VCG		 4043 list_del(&ltk->list);
4044 kfree(ltk);
4045 }
4046
a7a595f6 4047 hci_dev_unlock(hdev);
bea710fe
VCG		 4048
4049 return;
4050
4051not_found:
4052 neg.handle = ev->handle;
4053 hci_send_cmd(hdev, HCI_OP_LE_LTK_NEG_REPLY, sizeof(neg), &neg);
4054 hci_dev_unlock(hdev);
a7a595f6
VCG		 4055}
4056
6039aa73 4057static void hci_le_meta_evt(struct hci_dev *hdev, struct sk_buff *skb)
fcd89c09
VT		 4058{
4059 struct hci_ev_le_meta *le_ev = (void *) skb->data;
4060
4061 skb_pull(skb, sizeof(*le_ev));
4062
4063 switch (le_ev->subevent) {
4064 case HCI_EV_LE_CONN_COMPLETE:
4065 hci_le_conn_complete_evt(hdev, skb);
4066 break;
4067
9aa04c91
AG		 4068 case HCI_EV_LE_ADVERTISING_REPORT:
4069 hci_le_adv_report_evt(hdev, skb);
4070 break;
4071
a7a595f6
VCG		 4072 case HCI_EV_LE_LTK_REQ:
4073 hci_le_ltk_request_evt(hdev, skb);
4074 break;
4075
fcd89c09
VT		 4076 default:
4077 break;
4078 }
4079}
4080
9495b2ee
AE		 4081static void hci_chan_selected_evt(struct hci_dev *hdev, struct sk_buff *skb)
4082{
4083 struct hci_ev_channel_selected *ev = (void *) skb->data;
4084 struct hci_conn *hcon;
4085
4086 BT_DBG("%s handle 0x%2.2x", hdev->name, ev->phy_handle);
4087
4088 skb_pull(skb, sizeof(*ev));
4089
4090 hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
4091 if (!hcon)
4092 return;
4093
4094 amp_read_loc_assoc_final_data(hdev, hcon);
4095}
4096
a9de9248
MH		 4097void hci_event_packet(struct hci_dev *hdev, struct sk_buff *skb)
4098{
4099 struct hci_event_hdr *hdr = (void *) skb->data;
4100 __u8 event = hdr->evt;
4101
b6ddb638
JH		 4102 hci_dev_lock(hdev);
4103
4104 /* Received events are (currently) only needed when a request is
4105 * ongoing so avoid unnecessary memory allocation.
4106 */
4107 if (hdev->req_status == HCI_REQ_PEND) {
4108 kfree_skb(hdev->recv_evt);
4109 hdev->recv_evt = skb_clone(skb, GFP_KERNEL);
4110 }
4111
4112 hci_dev_unlock(hdev);
4113
a9de9248
MH		 4114 skb_pull(skb, HCI_EVENT_HDR_SIZE);
4115
02350a72 4116 if (hdev->sent_cmd && bt_cb(hdev->sent_cmd)->req.event == event) {
c1f23a2b
JB		 4117 struct hci_command_hdr *cmd_hdr = (void *) hdev->sent_cmd->data;
4118 u16 opcode = __le16_to_cpu(cmd_hdr->opcode);
02350a72
JH		 4119
4120 hci_req_cmd_complete(hdev, opcode, 0);
4121 }
4122
a9de9248 4123 switch (event) {
1da177e4
LT		 4124 case HCI_EV_INQUIRY_COMPLETE:
4125 hci_inquiry_complete_evt(hdev, skb);
4126 break;
4127
4128 case HCI_EV_INQUIRY_RESULT:
4129 hci_inquiry_result_evt(hdev, skb);
4130 break;
4131
a9de9248
MH		 4132 case HCI_EV_CONN_COMPLETE:
4133 hci_conn_complete_evt(hdev, skb);
21d9e30e
MH		 4134 break;
4135
1da177e4
LT		 4136 case HCI_EV_CONN_REQUEST:
4137 hci_conn_request_evt(hdev, skb);
4138 break;
4139
1da177e4
LT		 4140 case HCI_EV_DISCONN_COMPLETE:
4141 hci_disconn_complete_evt(hdev, skb);
4142 break;
4143
1da177e4
LT		 4144 case HCI_EV_AUTH_COMPLETE:
4145 hci_auth_complete_evt(hdev, skb);
4146 break;
4147
a9de9248
MH		 4148 case HCI_EV_REMOTE_NAME:
4149 hci_remote_name_evt(hdev, skb);
4150 break;
4151
1da177e4
LT		 4152 case HCI_EV_ENCRYPT_CHANGE:
4153 hci_encrypt_change_evt(hdev, skb);
4154 break;
4155
a9de9248
MH		 4156 case HCI_EV_CHANGE_LINK_KEY_COMPLETE:
4157 hci_change_link_key_complete_evt(hdev, skb);
4158 break;
4159
4160 case HCI_EV_REMOTE_FEATURES:
4161 hci_remote_features_evt(hdev, skb);
4162 break;
4163
a9de9248
MH		 4164 case HCI_EV_CMD_COMPLETE:
4165 hci_cmd_complete_evt(hdev, skb);
4166 break;
4167
4168 case HCI_EV_CMD_STATUS:
4169 hci_cmd_status_evt(hdev, skb);
4170 break;
4171
4172 case HCI_EV_ROLE_CHANGE:
4173 hci_role_change_evt(hdev, skb);
4174 break;
4175
4176 case HCI_EV_NUM_COMP_PKTS:
4177 hci_num_comp_pkts_evt(hdev, skb);
4178 break;
4179
4180 case HCI_EV_MODE_CHANGE:
4181 hci_mode_change_evt(hdev, skb);
1da177e4
LT		 4182 break;
4183
4184 case HCI_EV_PIN_CODE_REQ:
4185 hci_pin_code_request_evt(hdev, skb);
4186 break;
4187
4188 case HCI_EV_LINK_KEY_REQ:
4189 hci_link_key_request_evt(hdev, skb);
4190 break;
4191
4192 case HCI_EV_LINK_KEY_NOTIFY:
4193 hci_link_key_notify_evt(hdev, skb);
4194 break;
4195
4196 case HCI_EV_CLOCK_OFFSET:
4197 hci_clock_offset_evt(hdev, skb);
4198 break;
4199
a8746417
MH		 4200 case HCI_EV_PKT_TYPE_CHANGE:
4201 hci_pkt_type_change_evt(hdev, skb);
4202 break;
4203
85a1e930
MH		 4204 case HCI_EV_PSCAN_REP_MODE:
4205 hci_pscan_rep_mode_evt(hdev, skb);
4206 break;
4207
a9de9248
MH		 4208 case HCI_EV_INQUIRY_RESULT_WITH_RSSI:
4209 hci_inquiry_result_with_rssi_evt(hdev, skb);
04837f64
MH		 4210 break;
4211
a9de9248
MH		 4212 case HCI_EV_REMOTE_EXT_FEATURES:
4213 hci_remote_ext_features_evt(hdev, skb);
1da177e4
LT		 4214 break;
4215
a9de9248
MH		 4216 case HCI_EV_SYNC_CONN_COMPLETE:
4217 hci_sync_conn_complete_evt(hdev, skb);
4218 break;
1da177e4 4219
a9de9248
MH		 4220 case HCI_EV_EXTENDED_INQUIRY_RESULT:
4221 hci_extended_inquiry_result_evt(hdev, skb);
4222 break;
1da177e4 4223
1c2e0041
JH		 4224 case HCI_EV_KEY_REFRESH_COMPLETE:
4225 hci_key_refresh_complete_evt(hdev, skb);
4226 break;
4227
0493684e
MH		 4228 case HCI_EV_IO_CAPA_REQUEST:
4229 hci_io_capa_request_evt(hdev, skb);
4230 break;
4231
03b555e1
JH		 4232 case HCI_EV_IO_CAPA_REPLY:
4233 hci_io_capa_reply_evt(hdev, skb);
4234 break;
4235
a5c29683
JH		 4236 case HCI_EV_USER_CONFIRM_REQUEST:
4237 hci_user_confirm_request_evt(hdev, skb);
4238 break;
4239
1143d458
BG		 4240 case HCI_EV_USER_PASSKEY_REQUEST:
4241 hci_user_passkey_request_evt(hdev, skb);
4242 break;
4243
92a25256
JH		 4244 case HCI_EV_USER_PASSKEY_NOTIFY:
4245 hci_user_passkey_notify_evt(hdev, skb);
4246 break;
4247
4248 case HCI_EV_KEYPRESS_NOTIFY:
4249 hci_keypress_notify_evt(hdev, skb);
4250 break;
4251
0493684e
MH		 4252 case HCI_EV_SIMPLE_PAIR_COMPLETE:
4253 hci_simple_pair_complete_evt(hdev, skb);
4254 break;
4255
41a96212
MH		 4256 case HCI_EV_REMOTE_HOST_FEATURES:
4257 hci_remote_host_features_evt(hdev, skb);
4258 break;
4259
fcd89c09
VT		 4260 case HCI_EV_LE_META:
4261 hci_le_meta_evt(hdev, skb);
4262 break;
4263
9495b2ee
AE		 4264 case HCI_EV_CHANNEL_SELECTED:
4265 hci_chan_selected_evt(hdev, skb);
4266 break;
4267
2763eda6
SJ		 4268 case HCI_EV_REMOTE_OOB_DATA_REQUEST:
4269 hci_remote_oob_data_request_evt(hdev, skb);
4270 break;
4271
d5e91192
AE		 4272 case HCI_EV_PHY_LINK_COMPLETE:
4273 hci_phy_link_complete_evt(hdev, skb);
4274 break;
4275
27695fb4
AE		 4276 case HCI_EV_LOGICAL_LINK_COMPLETE:
4277 hci_loglink_complete_evt(hdev, skb);
4278 break;
4279
606e2a10
AE		 4280 case HCI_EV_DISCONN_LOGICAL_LINK_COMPLETE:
4281 hci_disconn_loglink_complete_evt(hdev, skb);
4282 break;
4283
9eef6b3a
AE		 4284 case HCI_EV_DISCONN_PHY_LINK_COMPLETE:
4285 hci_disconn_phylink_complete_evt(hdev, skb);
4286 break;
4287
25e89e99
AE		 4288 case HCI_EV_NUM_COMP_BLOCKS:
4289 hci_num_comp_blocks_evt(hdev, skb);
4290 break;
4291
a9de9248 4292 default:
9f1db00c 4293 BT_DBG("%s event 0x%2.2x", hdev->name, event);
1da177e4
LT		 4294 break;
4295 }
4296
4297 kfree_skb(skb);
4298 hdev->stat.evt_rx++;
4299}
Linux kernel - Deliverables
This page took 0.975064 seconds and 5 git commands to generate.