git.openpandora.org / pandora-kernel.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Bluetooth: Report identity address when remote device connects
[pandora-kernel.git] / net / bluetooth / hci_event.c
1 /*
2    BlueZ - Bluetooth protocol stack for Linux
3    Copyright (c) 2000-2001, 2010, Code Aurora Forum. All rights reserved.
4
5    Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
6
7    This program is free software; you can redistribute it and/or modify
8    it under the terms of the GNU General Public License version 2 as
9    published by the Free Software Foundation;
10
11    THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12    OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13    FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14    IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15    CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16    WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17    ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18    OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
20    ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21    COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22    SOFTWARE IS DISCLAIMED.
23 */
24
25 /* Bluetooth HCI event handling. */
26
27 #include <asm/unaligned.h>
28
29 #include <net/bluetooth/bluetooth.h>
30 #include <net/bluetooth/hci_core.h>
31 #include <net/bluetooth/mgmt.h>
32
33 #include "a2mp.h"
34 #include "amp.h"
35
36 /* Handle HCI Event packets */
37
38 static void hci_cc_inquiry_cancel(struct hci_dev *hdev, struct sk_buff *skb)
39 {
40         __u8 status = *((__u8 *) skb->data);
41
42         BT_DBG("%s status 0x%2.2x", hdev->name, status);
43
44         if (status)
45                 return;
46
47         clear_bit(HCI_INQUIRY, &hdev->flags);
48         smp_mb__after_clear_bit(); /* wake_up_bit advises about this barrier */
49         wake_up_bit(&hdev->flags, HCI_INQUIRY);
50
51         hci_conn_check_pending(hdev);
52 }
53
54 static void hci_cc_periodic_inq(struct hci_dev *hdev, struct sk_buff *skb)
55 {
56         __u8 status = *((__u8 *) skb->data);
57
58         BT_DBG("%s status 0x%2.2x", hdev->name, status);
59
60         if (status)
61                 return;
62
63         set_bit(HCI_PERIODIC_INQ, &hdev->dev_flags);
64 }
65
66 static void hci_cc_exit_periodic_inq(struct hci_dev *hdev, struct sk_buff *skb)
67 {
68         __u8 status = *((__u8 *) skb->data);
69
70         BT_DBG("%s status 0x%2.2x", hdev->name, status);
71
72         if (status)
73                 return;
74
75         clear_bit(HCI_PERIODIC_INQ, &hdev->dev_flags);
76
77         hci_conn_check_pending(hdev);
78 }
79
80 static void hci_cc_remote_name_req_cancel(struct hci_dev *hdev,
81                                           struct sk_buff *skb)
82 {
83         BT_DBG("%s", hdev->name);
84 }
85
86 static void hci_cc_role_discovery(struct hci_dev *hdev, struct sk_buff *skb)
87 {
88         struct hci_rp_role_discovery *rp = (void *) skb->data;
89         struct hci_conn *conn;
90
91         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
92
93         if (rp->status)
94                 return;
95
96         hci_dev_lock(hdev);
97
98         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
99         if (conn) {
100                 if (rp->role)
101                         conn->link_mode &= ~HCI_LM_MASTER;
102                 else
103                         conn->link_mode |= HCI_LM_MASTER;
104         }
105
106         hci_dev_unlock(hdev);
107 }
108
109 static void hci_cc_read_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
110 {
111         struct hci_rp_read_link_policy *rp = (void *) skb->data;
112         struct hci_conn *conn;
113
114         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
115
116         if (rp->status)
117                 return;
118
119         hci_dev_lock(hdev);
120
121         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
122         if (conn)
123                 conn->link_policy = __le16_to_cpu(rp->policy);
124
125         hci_dev_unlock(hdev);
126 }
127
128 static void hci_cc_write_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
129 {
130         struct hci_rp_write_link_policy *rp = (void *) skb->data;
131         struct hci_conn *conn;
132         void *sent;
133
134         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
135
136         if (rp->status)
137                 return;
138
139         sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LINK_POLICY);
140         if (!sent)
141                 return;
142
143         hci_dev_lock(hdev);
144
145         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
146         if (conn)
147                 conn->link_policy = get_unaligned_le16(sent + 2);
148
149         hci_dev_unlock(hdev);
150 }
151
152 static void hci_cc_read_def_link_policy(struct hci_dev *hdev,
153                                         struct sk_buff *skb)
154 {
155         struct hci_rp_read_def_link_policy *rp = (void *) skb->data;
156
157         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
158
159         if (rp->status)
160                 return;
161
162         hdev->link_policy = __le16_to_cpu(rp->policy);
163 }
164
165 static void hci_cc_write_def_link_policy(struct hci_dev *hdev,
166                                          struct sk_buff *skb)
167 {
168         __u8 status = *((__u8 *) skb->data);
169         void *sent;
170
171         BT_DBG("%s status 0x%2.2x", hdev->name, status);
172
173         sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_DEF_LINK_POLICY);
174         if (!sent)
175                 return;
176
177         if (!status)
178                 hdev->link_policy = get_unaligned_le16(sent);
179 }
180
181 static void hci_cc_reset(struct hci_dev *hdev, struct sk_buff *skb)
182 {
183         __u8 status = *((__u8 *) skb->data);
184
185         BT_DBG("%s status 0x%2.2x", hdev->name, status);
186
187         clear_bit(HCI_RESET, &hdev->flags);
188
189         /* Reset all non-persistent flags */
190         hdev->dev_flags &= ~HCI_PERSISTENT_MASK;
191
192         hdev->discovery.state = DISCOVERY_STOPPED;
193         hdev->inq_tx_power = HCI_TX_POWER_INVALID;
194         hdev->adv_tx_power = HCI_TX_POWER_INVALID;
195
196         memset(hdev->adv_data, 0, sizeof(hdev->adv_data));
197         hdev->adv_data_len = 0;
198
199         memset(hdev->scan_rsp_data, 0, sizeof(hdev->scan_rsp_data));
200         hdev->scan_rsp_data_len = 0;
201
202         hdev->ssp_debug_mode = 0;
203 }
204
205 static void hci_cc_write_local_name(struct hci_dev *hdev, struct sk_buff *skb)
206 {
207         __u8 status = *((__u8 *) skb->data);
208         void *sent;
209
210         BT_DBG("%s status 0x%2.2x", hdev->name, status);
211
212         sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LOCAL_NAME);
213         if (!sent)
214                 return;
215
216         hci_dev_lock(hdev);
217
218         if (test_bit(HCI_MGMT, &hdev->dev_flags))
219                 mgmt_set_local_name_complete(hdev, sent, status);
220         else if (!status)
221                 memcpy(hdev->dev_name, sent, HCI_MAX_NAME_LENGTH);
222
223         hci_dev_unlock(hdev);
224 }
225
226 static void hci_cc_read_local_name(struct hci_dev *hdev, struct sk_buff *skb)
227 {
228         struct hci_rp_read_local_name *rp = (void *) skb->data;
229
230         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
231
232         if (rp->status)
233                 return;
234
235         if (test_bit(HCI_SETUP, &hdev->dev_flags))
236                 memcpy(hdev->dev_name, rp->name, HCI_MAX_NAME_LENGTH);
237 }
238
239 static void hci_cc_write_auth_enable(struct hci_dev *hdev, struct sk_buff *skb)
240 {
241         __u8 status = *((__u8 *) skb->data);
242         void *sent;
243
244         BT_DBG("%s status 0x%2.2x", hdev->name, status);
245
246         sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_AUTH_ENABLE);
247         if (!sent)
248                 return;
249
250         if (!status) {
251                 __u8 param = *((__u8 *) sent);
252
253                 if (param == AUTH_ENABLED)
254                         set_bit(HCI_AUTH, &hdev->flags);
255                 else
256                         clear_bit(HCI_AUTH, &hdev->flags);
257         }
258
259         if (test_bit(HCI_MGMT, &hdev->dev_flags))
260                 mgmt_auth_enable_complete(hdev, status);
261 }
262
263 static void hci_cc_write_encrypt_mode(struct hci_dev *hdev, struct sk_buff *skb)
264 {
265         __u8 status = *((__u8 *) skb->data);
266         void *sent;
267
268         BT_DBG("%s status 0x%2.2x", hdev->name, status);
269
270         sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_ENCRYPT_MODE);
271         if (!sent)
272                 return;
273
274         if (!status) {
275                 __u8 param = *((__u8 *) sent);
276
277                 if (param)
278                         set_bit(HCI_ENCRYPT, &hdev->flags);
279                 else
280                         clear_bit(HCI_ENCRYPT, &hdev->flags);
281         }
282 }
283
284 static void hci_cc_write_scan_enable(struct hci_dev *hdev, struct sk_buff *skb)
285 {
286         __u8 param, status = *((__u8 *) skb->data);
287         int old_pscan, old_iscan;
288         void *sent;
289
290         BT_DBG("%s status 0x%2.2x", hdev->name, status);
291
292         sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SCAN_ENABLE);
293         if (!sent)
294                 return;
295
296         param = *((__u8 *) sent);
297
298         hci_dev_lock(hdev);
299
300         if (status) {
301                 mgmt_write_scan_failed(hdev, param, status);
302                 hdev->discov_timeout = 0;
303                 goto done;
304         }
305
306         /* We need to ensure that we set this back on if someone changed
307          * the scan mode through a raw HCI socket.
308          */
309         set_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
310
311         old_pscan = test_and_clear_bit(HCI_PSCAN, &hdev->flags);
312         old_iscan = test_and_clear_bit(HCI_ISCAN, &hdev->flags);
313
314         if (param & SCAN_INQUIRY) {
315                 set_bit(HCI_ISCAN, &hdev->flags);
316                 if (!old_iscan)
317                         mgmt_discoverable(hdev, 1);
318         } else if (old_iscan)
319                 mgmt_discoverable(hdev, 0);
320
321         if (param & SCAN_PAGE) {
322                 set_bit(HCI_PSCAN, &hdev->flags);
323                 if (!old_pscan)
324                         mgmt_connectable(hdev, 1);
325         } else if (old_pscan)
326                 mgmt_connectable(hdev, 0);
327
328 done:
329         hci_dev_unlock(hdev);
330 }
331
332 static void hci_cc_read_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
333 {
334         struct hci_rp_read_class_of_dev *rp = (void *) skb->data;
335
336         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
337
338         if (rp->status)
339                 return;
340
341         memcpy(hdev->dev_class, rp->dev_class, 3);
342
343         BT_DBG("%s class 0x%.2x%.2x%.2x", hdev->name,
344                hdev->dev_class[2], hdev->dev_class[1], hdev->dev_class[0]);
345 }
346
347 static void hci_cc_write_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
348 {
349         __u8 status = *((__u8 *) skb->data);
350         void *sent;
351
352         BT_DBG("%s status 0x%2.2x", hdev->name, status);
353
354         sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_CLASS_OF_DEV);
355         if (!sent)
356                 return;
357
358         hci_dev_lock(hdev);
359
360         if (status == 0)
361                 memcpy(hdev->dev_class, sent, 3);
362
363         if (test_bit(HCI_MGMT, &hdev->dev_flags))
364                 mgmt_set_class_of_dev_complete(hdev, sent, status);
365
366         hci_dev_unlock(hdev);
367 }
368
369 static void hci_cc_read_voice_setting(struct hci_dev *hdev, struct sk_buff *skb)
370 {
371         struct hci_rp_read_voice_setting *rp = (void *) skb->data;
372         __u16 setting;
373
374         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
375
376         if (rp->status)
377                 return;
378
379         setting = __le16_to_cpu(rp->voice_setting);
380
381         if (hdev->voice_setting == setting)
382                 return;
383
384         hdev->voice_setting = setting;
385
386         BT_DBG("%s voice setting 0x%4.4x", hdev->name, setting);
387
388         if (hdev->notify)
389                 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
390 }
391
392 static void hci_cc_write_voice_setting(struct hci_dev *hdev,
393                                        struct sk_buff *skb)
394 {
395         __u8 status = *((__u8 *) skb->data);
396         __u16 setting;
397         void *sent;
398
399         BT_DBG("%s status 0x%2.2x", hdev->name, status);
400
401         if (status)
402                 return;
403
404         sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_VOICE_SETTING);
405         if (!sent)
406                 return;
407
408         setting = get_unaligned_le16(sent);
409
410         if (hdev->voice_setting == setting)
411                 return;
412
413         hdev->voice_setting = setting;
414
415         BT_DBG("%s voice setting 0x%4.4x", hdev->name, setting);
416
417         if (hdev->notify)
418                 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
419 }
420
421 static void hci_cc_read_num_supported_iac(struct hci_dev *hdev,
422                                           struct sk_buff *skb)
423 {
424         struct hci_rp_read_num_supported_iac *rp = (void *) skb->data;
425
426         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
427
428         if (rp->status)
429                 return;
430
431         hdev->num_iac = rp->num_iac;
432
433         BT_DBG("%s num iac %d", hdev->name, hdev->num_iac);
434 }
435
436 static void hci_cc_write_ssp_mode(struct hci_dev *hdev, struct sk_buff *skb)
437 {
438         __u8 status = *((__u8 *) skb->data);
439         struct hci_cp_write_ssp_mode *sent;
440
441         BT_DBG("%s status 0x%2.2x", hdev->name, status);
442
443         sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SSP_MODE);
444         if (!sent)
445                 return;
446
447         if (!status) {
448                 if (sent->mode)
449                         hdev->features[1][0] |= LMP_HOST_SSP;
450                 else
451                         hdev->features[1][0] &= ~LMP_HOST_SSP;
452         }
453
454         if (test_bit(HCI_MGMT, &hdev->dev_flags))
455                 mgmt_ssp_enable_complete(hdev, sent->mode, status);
456         else if (!status) {
457                 if (sent->mode)
458                         set_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
459                 else
460                         clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
461         }
462 }
463
464 static void hci_cc_write_sc_support(struct hci_dev *hdev, struct sk_buff *skb)
465 {
466         u8 status = *((u8 *) skb->data);
467         struct hci_cp_write_sc_support *sent;
468
469         BT_DBG("%s status 0x%2.2x", hdev->name, status);
470
471         sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SC_SUPPORT);
472         if (!sent)
473                 return;
474
475         if (!status) {
476                 if (sent->support)
477                         hdev->features[1][0] |= LMP_HOST_SC;
478                 else
479                         hdev->features[1][0] &= ~LMP_HOST_SC;
480         }
481
482         if (test_bit(HCI_MGMT, &hdev->dev_flags))
483                 mgmt_sc_enable_complete(hdev, sent->support, status);
484         else if (!status) {
485                 if (sent->support)
486                         set_bit(HCI_SC_ENABLED, &hdev->dev_flags);
487                 else
488                         clear_bit(HCI_SC_ENABLED, &hdev->dev_flags);
489         }
490 }
491
492 static void hci_cc_read_local_version(struct hci_dev *hdev, struct sk_buff *skb)
493 {
494         struct hci_rp_read_local_version *rp = (void *) skb->data;
495
496         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
497
498         if (rp->status)
499                 return;
500
501         if (test_bit(HCI_SETUP, &hdev->dev_flags)) {
502                 hdev->hci_ver = rp->hci_ver;
503                 hdev->hci_rev = __le16_to_cpu(rp->hci_rev);
504                 hdev->lmp_ver = rp->lmp_ver;
505                 hdev->manufacturer = __le16_to_cpu(rp->manufacturer);
506                 hdev->lmp_subver = __le16_to_cpu(rp->lmp_subver);
507         }
508 }
509
510 static void hci_cc_read_local_commands(struct hci_dev *hdev,
511                                        struct sk_buff *skb)
512 {
513         struct hci_rp_read_local_commands *rp = (void *) skb->data;
514
515         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
516
517         if (rp->status)
518                 return;
519
520         if (test_bit(HCI_SETUP, &hdev->dev_flags))
521                 memcpy(hdev->commands, rp->commands, sizeof(hdev->commands));
522 }
523
524 static void hci_cc_read_local_features(struct hci_dev *hdev,
525                                        struct sk_buff *skb)
526 {
527         struct hci_rp_read_local_features *rp = (void *) skb->data;
528
529         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
530
531         if (rp->status)
532                 return;
533
534         memcpy(hdev->features, rp->features, 8);
535
536         /* Adjust default settings according to features
537          * supported by device. */
538
539         if (hdev->features[0][0] & LMP_3SLOT)
540                 hdev->pkt_type |= (HCI_DM3 | HCI_DH3);
541
542         if (hdev->features[0][0] & LMP_5SLOT)
543                 hdev->pkt_type |= (HCI_DM5 | HCI_DH5);
544
545         if (hdev->features[0][1] & LMP_HV2) {
546                 hdev->pkt_type  |= (HCI_HV2);
547                 hdev->esco_type |= (ESCO_HV2);
548         }
549
550         if (hdev->features[0][1] & LMP_HV3) {
551                 hdev->pkt_type  |= (HCI_HV3);
552                 hdev->esco_type |= (ESCO_HV3);
553         }
554
555         if (lmp_esco_capable(hdev))
556                 hdev->esco_type |= (ESCO_EV3);
557
558         if (hdev->features[0][4] & LMP_EV4)
559                 hdev->esco_type |= (ESCO_EV4);
560
561         if (hdev->features[0][4] & LMP_EV5)
562                 hdev->esco_type |= (ESCO_EV5);
563
564         if (hdev->features[0][5] & LMP_EDR_ESCO_2M)
565                 hdev->esco_type |= (ESCO_2EV3);
566
567         if (hdev->features[0][5] & LMP_EDR_ESCO_3M)
568                 hdev->esco_type |= (ESCO_3EV3);
569
570         if (hdev->features[0][5] & LMP_EDR_3S_ESCO)
571                 hdev->esco_type |= (ESCO_2EV5 | ESCO_3EV5);
572 }
573
574 static void hci_cc_read_local_ext_features(struct hci_dev *hdev,
575                                            struct sk_buff *skb)
576 {
577         struct hci_rp_read_local_ext_features *rp = (void *) skb->data;
578
579         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
580
581         if (rp->status)
582                 return;
583
584         if (hdev->max_page < rp->max_page)
585                 hdev->max_page = rp->max_page;
586
587         if (rp->page < HCI_MAX_PAGES)
588                 memcpy(hdev->features[rp->page], rp->features, 8);
589 }
590
591 static void hci_cc_read_flow_control_mode(struct hci_dev *hdev,
592                                           struct sk_buff *skb)
593 {
594         struct hci_rp_read_flow_control_mode *rp = (void *) skb->data;
595
596         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
597
598         if (!rp->status)
599                 hdev->flow_ctl_mode = rp->mode;
600 }
601
602 static void hci_cc_read_buffer_size(struct hci_dev *hdev, struct sk_buff *skb)
603 {
604         struct hci_rp_read_buffer_size *rp = (void *) skb->data;
605
606         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
607
608         if (rp->status)
609                 return;
610
611         hdev->acl_mtu  = __le16_to_cpu(rp->acl_mtu);
612         hdev->sco_mtu  = rp->sco_mtu;
613         hdev->acl_pkts = __le16_to_cpu(rp->acl_max_pkt);
614         hdev->sco_pkts = __le16_to_cpu(rp->sco_max_pkt);
615
616         if (test_bit(HCI_QUIRK_FIXUP_BUFFER_SIZE, &hdev->quirks)) {
617                 hdev->sco_mtu  = 64;
618                 hdev->sco_pkts = 8;
619         }
620
621         hdev->acl_cnt = hdev->acl_pkts;
622         hdev->sco_cnt = hdev->sco_pkts;
623
624         BT_DBG("%s acl mtu %d:%d sco mtu %d:%d", hdev->name, hdev->acl_mtu,
625                hdev->acl_pkts, hdev->sco_mtu, hdev->sco_pkts);
626 }
627
628 static void hci_cc_read_bd_addr(struct hci_dev *hdev, struct sk_buff *skb)
629 {
630         struct hci_rp_read_bd_addr *rp = (void *) skb->data;
631
632         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
633
634         if (!rp->status)
635                 bacpy(&hdev->bdaddr, &rp->bdaddr);
636 }
637
638 static void hci_cc_read_page_scan_activity(struct hci_dev *hdev,
639                                            struct sk_buff *skb)
640 {
641         struct hci_rp_read_page_scan_activity *rp = (void *) skb->data;
642
643         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
644
645         if (test_bit(HCI_INIT, &hdev->flags) && !rp->status) {
646                 hdev->page_scan_interval = __le16_to_cpu(rp->interval);
647                 hdev->page_scan_window = __le16_to_cpu(rp->window);
648         }
649 }
650
651 static void hci_cc_write_page_scan_activity(struct hci_dev *hdev,
652                                             struct sk_buff *skb)
653 {
654         u8 status = *((u8 *) skb->data);
655         struct hci_cp_write_page_scan_activity *sent;
656
657         BT_DBG("%s status 0x%2.2x", hdev->name, status);
658
659         if (status)
660                 return;
661
662         sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY);
663         if (!sent)
664                 return;
665
666         hdev->page_scan_interval = __le16_to_cpu(sent->interval);
667         hdev->page_scan_window = __le16_to_cpu(sent->window);
668 }
669
670 static void hci_cc_read_page_scan_type(struct hci_dev *hdev,
671                                            struct sk_buff *skb)
672 {
673         struct hci_rp_read_page_scan_type *rp = (void *) skb->data;
674
675         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
676
677         if (test_bit(HCI_INIT, &hdev->flags) && !rp->status)
678                 hdev->page_scan_type = rp->type;
679 }
680
681 static void hci_cc_write_page_scan_type(struct hci_dev *hdev,
682                                         struct sk_buff *skb)
683 {
684         u8 status = *((u8 *) skb->data);
685         u8 *type;
686
687         BT_DBG("%s status 0x%2.2x", hdev->name, status);
688
689         if (status)
690                 return;
691
692         type = hci_sent_cmd_data(hdev, HCI_OP_WRITE_PAGE_SCAN_TYPE);
693         if (type)
694                 hdev->page_scan_type = *type;
695 }
696
697 static void hci_cc_read_data_block_size(struct hci_dev *hdev,
698                                         struct sk_buff *skb)
699 {
700         struct hci_rp_read_data_block_size *rp = (void *) skb->data;
701
702         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
703
704         if (rp->status)
705                 return;
706
707         hdev->block_mtu = __le16_to_cpu(rp->max_acl_len);
708         hdev->block_len = __le16_to_cpu(rp->block_len);
709         hdev->num_blocks = __le16_to_cpu(rp->num_blocks);
710
711         hdev->block_cnt = hdev->num_blocks;
712
713         BT_DBG("%s blk mtu %d cnt %d len %d", hdev->name, hdev->block_mtu,
714                hdev->block_cnt, hdev->block_len);
715 }
716
717 static void hci_cc_read_local_amp_info(struct hci_dev *hdev,
718                                        struct sk_buff *skb)
719 {
720         struct hci_rp_read_local_amp_info *rp = (void *) skb->data;
721
722         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
723
724         if (rp->status)
725                 goto a2mp_rsp;
726
727         hdev->amp_status = rp->amp_status;
728         hdev->amp_total_bw = __le32_to_cpu(rp->total_bw);
729         hdev->amp_max_bw = __le32_to_cpu(rp->max_bw);
730         hdev->amp_min_latency = __le32_to_cpu(rp->min_latency);
731         hdev->amp_max_pdu = __le32_to_cpu(rp->max_pdu);
732         hdev->amp_type = rp->amp_type;
733         hdev->amp_pal_cap = __le16_to_cpu(rp->pal_cap);
734         hdev->amp_assoc_size = __le16_to_cpu(rp->max_assoc_size);
735         hdev->amp_be_flush_to = __le32_to_cpu(rp->be_flush_to);
736         hdev->amp_max_flush_to = __le32_to_cpu(rp->max_flush_to);
737
738 a2mp_rsp:
739         a2mp_send_getinfo_rsp(hdev);
740 }
741
742 static void hci_cc_read_local_amp_assoc(struct hci_dev *hdev,
743                                         struct sk_buff *skb)
744 {
745         struct hci_rp_read_local_amp_assoc *rp = (void *) skb->data;
746         struct amp_assoc *assoc = &hdev->loc_assoc;
747         size_t rem_len, frag_len;
748
749         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
750
751         if (rp->status)
752                 goto a2mp_rsp;
753
754         frag_len = skb->len - sizeof(*rp);
755         rem_len = __le16_to_cpu(rp->rem_len);
756
757         if (rem_len > frag_len) {
758                 BT_DBG("frag_len %zu rem_len %zu", frag_len, rem_len);
759
760                 memcpy(assoc->data + assoc->offset, rp->frag, frag_len);
761                 assoc->offset += frag_len;
762
763                 /* Read other fragments */
764                 amp_read_loc_assoc_frag(hdev, rp->phy_handle);
765
766                 return;
767         }
768
769         memcpy(assoc->data + assoc->offset, rp->frag, rem_len);
770         assoc->len = assoc->offset + rem_len;
771         assoc->offset = 0;
772
773 a2mp_rsp:
774         /* Send A2MP Rsp when all fragments are received */
775         a2mp_send_getampassoc_rsp(hdev, rp->status);
776         a2mp_send_create_phy_link_req(hdev, rp->status);
777 }
778
779 static void hci_cc_read_inq_rsp_tx_power(struct hci_dev *hdev,
780                                          struct sk_buff *skb)
781 {
782         struct hci_rp_read_inq_rsp_tx_power *rp = (void *) skb->data;
783
784         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
785
786         if (!rp->status)
787                 hdev->inq_tx_power = rp->tx_power;
788 }
789
790 static void hci_cc_pin_code_reply(struct hci_dev *hdev, struct sk_buff *skb)
791 {
792         struct hci_rp_pin_code_reply *rp = (void *) skb->data;
793         struct hci_cp_pin_code_reply *cp;
794         struct hci_conn *conn;
795
796         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
797
798         hci_dev_lock(hdev);
799
800         if (test_bit(HCI_MGMT, &hdev->dev_flags))
801                 mgmt_pin_code_reply_complete(hdev, &rp->bdaddr, rp->status);
802
803         if (rp->status)
804                 goto unlock;
805
806         cp = hci_sent_cmd_data(hdev, HCI_OP_PIN_CODE_REPLY);
807         if (!cp)
808                 goto unlock;
809
810         conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
811         if (conn)
812                 conn->pin_length = cp->pin_len;
813
814 unlock:
815         hci_dev_unlock(hdev);
816 }
817
818 static void hci_cc_pin_code_neg_reply(struct hci_dev *hdev, struct sk_buff *skb)
819 {
820         struct hci_rp_pin_code_neg_reply *rp = (void *) skb->data;
821
822         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
823
824         hci_dev_lock(hdev);
825
826         if (test_bit(HCI_MGMT, &hdev->dev_flags))
827                 mgmt_pin_code_neg_reply_complete(hdev, &rp->bdaddr,
828                                                  rp->status);
829
830         hci_dev_unlock(hdev);
831 }
832
833 static void hci_cc_le_read_buffer_size(struct hci_dev *hdev,
834                                        struct sk_buff *skb)
835 {
836         struct hci_rp_le_read_buffer_size *rp = (void *) skb->data;
837
838         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
839
840         if (rp->status)
841                 return;
842
843         hdev->le_mtu = __le16_to_cpu(rp->le_mtu);
844         hdev->le_pkts = rp->le_max_pkt;
845
846         hdev->le_cnt = hdev->le_pkts;
847
848         BT_DBG("%s le mtu %d:%d", hdev->name, hdev->le_mtu, hdev->le_pkts);
849 }
850
851 static void hci_cc_le_read_local_features(struct hci_dev *hdev,
852                                           struct sk_buff *skb)
853 {
854         struct hci_rp_le_read_local_features *rp = (void *) skb->data;
855
856         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
857
858         if (!rp->status)
859                 memcpy(hdev->le_features, rp->features, 8);
860 }
861
862 static void hci_cc_le_read_adv_tx_power(struct hci_dev *hdev,
863                                         struct sk_buff *skb)
864 {
865         struct hci_rp_le_read_adv_tx_power *rp = (void *) skb->data;
866
867         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
868
869         if (!rp->status)
870                 hdev->adv_tx_power = rp->tx_power;
871 }
872
873 static void hci_cc_user_confirm_reply(struct hci_dev *hdev, struct sk_buff *skb)
874 {
875         struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
876
877         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
878
879         hci_dev_lock(hdev);
880
881         if (test_bit(HCI_MGMT, &hdev->dev_flags))
882                 mgmt_user_confirm_reply_complete(hdev, &rp->bdaddr, ACL_LINK, 0,
883                                                  rp->status);
884
885         hci_dev_unlock(hdev);
886 }
887
888 static void hci_cc_user_confirm_neg_reply(struct hci_dev *hdev,
889                                           struct sk_buff *skb)
890 {
891         struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
892
893         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
894
895         hci_dev_lock(hdev);
896
897         if (test_bit(HCI_MGMT, &hdev->dev_flags))
898                 mgmt_user_confirm_neg_reply_complete(hdev, &rp->bdaddr,
899                                                      ACL_LINK, 0, rp->status);
900
901         hci_dev_unlock(hdev);
902 }
903
904 static void hci_cc_user_passkey_reply(struct hci_dev *hdev, struct sk_buff *skb)
905 {
906         struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
907
908         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
909
910         hci_dev_lock(hdev);
911
912         if (test_bit(HCI_MGMT, &hdev->dev_flags))
913                 mgmt_user_passkey_reply_complete(hdev, &rp->bdaddr, ACL_LINK,
914                                                  0, rp->status);
915
916         hci_dev_unlock(hdev);
917 }
918
919 static void hci_cc_user_passkey_neg_reply(struct hci_dev *hdev,
920                                           struct sk_buff *skb)
921 {
922         struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
923
924         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
925
926         hci_dev_lock(hdev);
927
928         if (test_bit(HCI_MGMT, &hdev->dev_flags))
929                 mgmt_user_passkey_neg_reply_complete(hdev, &rp->bdaddr,
930                                                      ACL_LINK, 0, rp->status);
931
932         hci_dev_unlock(hdev);
933 }
934
935 static void hci_cc_read_local_oob_data(struct hci_dev *hdev,
936                                        struct sk_buff *skb)
937 {
938         struct hci_rp_read_local_oob_data *rp = (void *) skb->data;
939
940         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
941
942         hci_dev_lock(hdev);
943         mgmt_read_local_oob_data_complete(hdev, rp->hash, rp->randomizer,
944                                           NULL, NULL, rp->status);
945         hci_dev_unlock(hdev);
946 }
947
948 static void hci_cc_read_local_oob_ext_data(struct hci_dev *hdev,
949                                            struct sk_buff *skb)
950 {
951         struct hci_rp_read_local_oob_ext_data *rp = (void *) skb->data;
952
953         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
954
955         hci_dev_lock(hdev);
956         mgmt_read_local_oob_data_complete(hdev, rp->hash192, rp->randomizer192,
957                                           rp->hash256, rp->randomizer256,
958                                           rp->status);
959         hci_dev_unlock(hdev);
960 }
961
962 static void hci_cc_le_set_adv_enable(struct hci_dev *hdev, struct sk_buff *skb)
963 {
964         __u8 *sent, status = *((__u8 *) skb->data);
965
966         BT_DBG("%s status 0x%2.2x", hdev->name, status);
967
968         sent = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_ADV_ENABLE);
969         if (!sent)
970                 return;
971
972         hci_dev_lock(hdev);
973
974         if (!status) {
975                 if (*sent)
976                         set_bit(HCI_ADVERTISING, &hdev->dev_flags);
977                 else
978                         clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
979         }
980
981         hci_dev_unlock(hdev);
982 }
983
984 static void hci_cc_le_set_scan_enable(struct hci_dev *hdev,
985                                       struct sk_buff *skb)
986 {
987         struct hci_cp_le_set_scan_enable *cp;
988         __u8 status = *((__u8 *) skb->data);
989
990         BT_DBG("%s status 0x%2.2x", hdev->name, status);
991
992         cp = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_SCAN_ENABLE);
993         if (!cp)
994                 return;
995
996         if (status)
997                 return;
998
999         switch (cp->enable) {
1000         case LE_SCAN_ENABLE:
1001                 set_bit(HCI_LE_SCAN, &hdev->dev_flags);
1002                 break;
1003
1004         case LE_SCAN_DISABLE:
1005                 clear_bit(HCI_LE_SCAN, &hdev->dev_flags);
1006                 break;
1007
1008         default:
1009                 BT_ERR("Used reserved LE_Scan_Enable param %d", cp->enable);
1010                 break;
1011         }
1012 }
1013
1014 static void hci_cc_le_read_white_list_size(struct hci_dev *hdev,
1015                                            struct sk_buff *skb)
1016 {
1017         struct hci_rp_le_read_white_list_size *rp = (void *) skb->data;
1018
1019         BT_DBG("%s status 0x%2.2x size %u", hdev->name, rp->status, rp->size);
1020
1021         if (!rp->status)
1022                 hdev->le_white_list_size = rp->size;
1023 }
1024
1025 static void hci_cc_le_read_supported_states(struct hci_dev *hdev,
1026                                             struct sk_buff *skb)
1027 {
1028         struct hci_rp_le_read_supported_states *rp = (void *) skb->data;
1029
1030         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1031
1032         if (!rp->status)
1033                 memcpy(hdev->le_states, rp->le_states, 8);
1034 }
1035
1036 static void hci_cc_write_le_host_supported(struct hci_dev *hdev,
1037                                            struct sk_buff *skb)
1038 {
1039         struct hci_cp_write_le_host_supported *sent;
1040         __u8 status = *((__u8 *) skb->data);
1041
1042         BT_DBG("%s status 0x%2.2x", hdev->name, status);
1043
1044         sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED);
1045         if (!sent)
1046                 return;
1047
1048         if (!status) {
1049                 if (sent->le) {
1050                         hdev->features[1][0] |= LMP_HOST_LE;
1051                         set_bit(HCI_LE_ENABLED, &hdev->dev_flags);
1052                 } else {
1053                         hdev->features[1][0] &= ~LMP_HOST_LE;
1054                         clear_bit(HCI_LE_ENABLED, &hdev->dev_flags);
1055                         clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
1056                 }
1057
1058                 if (sent->simul)
1059                         hdev->features[1][0] |= LMP_HOST_LE_BREDR;
1060                 else
1061                         hdev->features[1][0] &= ~LMP_HOST_LE_BREDR;
1062         }
1063 }
1064
1065 static void hci_cc_write_remote_amp_assoc(struct hci_dev *hdev,
1066                                           struct sk_buff *skb)
1067 {
1068         struct hci_rp_write_remote_amp_assoc *rp = (void *) skb->data;
1069
1070         BT_DBG("%s status 0x%2.2x phy_handle 0x%2.2x",
1071                hdev->name, rp->status, rp->phy_handle);
1072
1073         if (rp->status)
1074                 return;
1075
1076         amp_write_rem_assoc_continue(hdev, rp->phy_handle);
1077 }
1078
1079 static void hci_cs_inquiry(struct hci_dev *hdev, __u8 status)
1080 {
1081         BT_DBG("%s status 0x%2.2x", hdev->name, status);
1082
1083         if (status) {
1084                 hci_conn_check_pending(hdev);
1085                 return;
1086         }
1087
1088         set_bit(HCI_INQUIRY, &hdev->flags);
1089 }
1090
1091 static void hci_cs_create_conn(struct hci_dev *hdev, __u8 status)
1092 {
1093         struct hci_cp_create_conn *cp;
1094         struct hci_conn *conn;
1095
1096         BT_DBG("%s status 0x%2.2x", hdev->name, status);
1097
1098         cp = hci_sent_cmd_data(hdev, HCI_OP_CREATE_CONN);
1099         if (!cp)
1100                 return;
1101
1102         hci_dev_lock(hdev);
1103
1104         conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1105
1106         BT_DBG("%s bdaddr %pMR hcon %p", hdev->name, &cp->bdaddr, conn);
1107
1108         if (status) {
1109                 if (conn && conn->state == BT_CONNECT) {
1110                         if (status != 0x0c || conn->attempt > 2) {
1111                                 conn->state = BT_CLOSED;
1112                                 hci_proto_connect_cfm(conn, status);
1113                                 hci_conn_del(conn);
1114                         } else
1115                                 conn->state = BT_CONNECT2;
1116                 }
1117         } else {
1118                 if (!conn) {
1119                         conn = hci_conn_add(hdev, ACL_LINK, &cp->bdaddr);
1120                         if (conn) {
1121                                 conn->out = true;
1122                                 conn->link_mode |= HCI_LM_MASTER;
1123                         } else
1124                                 BT_ERR("No memory for new connection");
1125                 }
1126         }
1127
1128         hci_dev_unlock(hdev);
1129 }
1130
1131 static void hci_cs_add_sco(struct hci_dev *hdev, __u8 status)
1132 {
1133         struct hci_cp_add_sco *cp;
1134         struct hci_conn *acl, *sco;
1135         __u16 handle;
1136
1137         BT_DBG("%s status 0x%2.2x", hdev->name, status);
1138
1139         if (!status)
1140                 return;
1141
1142         cp = hci_sent_cmd_data(hdev, HCI_OP_ADD_SCO);
1143         if (!cp)
1144                 return;
1145
1146         handle = __le16_to_cpu(cp->handle);
1147
1148         BT_DBG("%s handle 0x%4.4x", hdev->name, handle);
1149
1150         hci_dev_lock(hdev);
1151
1152         acl = hci_conn_hash_lookup_handle(hdev, handle);
1153         if (acl) {
1154                 sco = acl->link;
1155                 if (sco) {
1156                         sco->state = BT_CLOSED;
1157
1158                         hci_proto_connect_cfm(sco, status);
1159                         hci_conn_del(sco);
1160                 }
1161         }
1162
1163         hci_dev_unlock(hdev);
1164 }
1165
1166 static void hci_cs_auth_requested(struct hci_dev *hdev, __u8 status)
1167 {
1168         struct hci_cp_auth_requested *cp;
1169         struct hci_conn *conn;
1170
1171         BT_DBG("%s status 0x%2.2x", hdev->name, status);
1172
1173         if (!status)
1174                 return;
1175
1176         cp = hci_sent_cmd_data(hdev, HCI_OP_AUTH_REQUESTED);
1177         if (!cp)
1178                 return;
1179
1180         hci_dev_lock(hdev);
1181
1182         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1183         if (conn) {
1184                 if (conn->state == BT_CONFIG) {
1185                         hci_proto_connect_cfm(conn, status);
1186                         hci_conn_drop(conn);
1187                 }
1188         }
1189
1190         hci_dev_unlock(hdev);
1191 }
1192
1193 static void hci_cs_set_conn_encrypt(struct hci_dev *hdev, __u8 status)
1194 {
1195         struct hci_cp_set_conn_encrypt *cp;
1196         struct hci_conn *conn;
1197
1198         BT_DBG("%s status 0x%2.2x", hdev->name, status);
1199
1200         if (!status)
1201                 return;
1202
1203         cp = hci_sent_cmd_data(hdev, HCI_OP_SET_CONN_ENCRYPT);
1204         if (!cp)
1205                 return;
1206
1207         hci_dev_lock(hdev);
1208
1209         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1210         if (conn) {
1211                 if (conn->state == BT_CONFIG) {
1212                         hci_proto_connect_cfm(conn, status);
1213                         hci_conn_drop(conn);
1214                 }
1215         }
1216
1217         hci_dev_unlock(hdev);
1218 }
1219
1220 static int hci_outgoing_auth_needed(struct hci_dev *hdev,
1221                                     struct hci_conn *conn)
1222 {
1223         if (conn->state != BT_CONFIG || !conn->out)
1224                 return 0;
1225
1226         if (conn->pending_sec_level == BT_SECURITY_SDP)
1227                 return 0;
1228
1229         /* Only request authentication for SSP connections or non-SSP
1230          * devices with sec_level MEDIUM or HIGH or if MITM protection
1231          * is requested.
1232          */
1233         if (!hci_conn_ssp_enabled(conn) && !(conn->auth_type & 0x01) &&
1234             conn->pending_sec_level != BT_SECURITY_HIGH &&
1235             conn->pending_sec_level != BT_SECURITY_MEDIUM)
1236                 return 0;
1237
1238         return 1;
1239 }
1240
1241 static int hci_resolve_name(struct hci_dev *hdev,
1242                                    struct inquiry_entry *e)
1243 {
1244         struct hci_cp_remote_name_req cp;
1245
1246         memset(&cp, 0, sizeof(cp));
1247
1248         bacpy(&cp.bdaddr, &e->data.bdaddr);
1249         cp.pscan_rep_mode = e->data.pscan_rep_mode;
1250         cp.pscan_mode = e->data.pscan_mode;
1251         cp.clock_offset = e->data.clock_offset;
1252
1253         return hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
1254 }
1255
1256 static bool hci_resolve_next_name(struct hci_dev *hdev)
1257 {
1258         struct discovery_state *discov = &hdev->discovery;
1259         struct inquiry_entry *e;
1260
1261         if (list_empty(&discov->resolve))
1262                 return false;
1263
1264         e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_NEEDED);
1265         if (!e)
1266                 return false;
1267
1268         if (hci_resolve_name(hdev, e) == 0) {
1269                 e->name_state = NAME_PENDING;
1270                 return true;
1271         }
1272
1273         return false;
1274 }
1275
1276 static void hci_check_pending_name(struct hci_dev *hdev, struct hci_conn *conn,
1277                                    bdaddr_t *bdaddr, u8 *name, u8 name_len)
1278 {
1279         struct discovery_state *discov = &hdev->discovery;
1280         struct inquiry_entry *e;
1281
1282         if (conn && !test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
1283                 mgmt_device_connected(hdev, bdaddr, ACL_LINK, 0x00, 0, name,
1284                                       name_len, conn->dev_class);
1285
1286         if (discov->state == DISCOVERY_STOPPED)
1287                 return;
1288
1289         if (discov->state == DISCOVERY_STOPPING)
1290                 goto discov_complete;
1291
1292         if (discov->state != DISCOVERY_RESOLVING)
1293                 return;
1294
1295         e = hci_inquiry_cache_lookup_resolve(hdev, bdaddr, NAME_PENDING);
1296         /* If the device was not found in a list of found devices names of which
1297          * are pending. there is no need to continue resolving a next name as it
1298          * will be done upon receiving another Remote Name Request Complete
1299          * Event */
1300         if (!e)
1301                 return;
1302
1303         list_del(&e->list);
1304         if (name) {
1305                 e->name_state = NAME_KNOWN;
1306                 mgmt_remote_name(hdev, bdaddr, ACL_LINK, 0x00,
1307                                  e->data.rssi, name, name_len);
1308         } else {
1309                 e->name_state = NAME_NOT_KNOWN;
1310         }
1311
1312         if (hci_resolve_next_name(hdev))
1313                 return;
1314
1315 discov_complete:
1316         hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1317 }
1318
1319 static void hci_cs_remote_name_req(struct hci_dev *hdev, __u8 status)
1320 {
1321         struct hci_cp_remote_name_req *cp;
1322         struct hci_conn *conn;
1323
1324         BT_DBG("%s status 0x%2.2x", hdev->name, status);
1325
1326         /* If successful wait for the name req complete event before
1327          * checking for the need to do authentication */
1328         if (!status)
1329                 return;
1330
1331         cp = hci_sent_cmd_data(hdev, HCI_OP_REMOTE_NAME_REQ);
1332         if (!cp)
1333                 return;
1334
1335         hci_dev_lock(hdev);
1336
1337         conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1338
1339         if (test_bit(HCI_MGMT, &hdev->dev_flags))
1340                 hci_check_pending_name(hdev, conn, &cp->bdaddr, NULL, 0);
1341
1342         if (!conn)
1343                 goto unlock;
1344
1345         if (!hci_outgoing_auth_needed(hdev, conn))
1346                 goto unlock;
1347
1348         if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
1349                 struct hci_cp_auth_requested auth_cp;
1350
1351                 auth_cp.handle = __cpu_to_le16(conn->handle);
1352                 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED,
1353                              sizeof(auth_cp), &auth_cp);
1354         }
1355
1356 unlock:
1357         hci_dev_unlock(hdev);
1358 }
1359
1360 static void hci_cs_read_remote_features(struct hci_dev *hdev, __u8 status)
1361 {
1362         struct hci_cp_read_remote_features *cp;
1363         struct hci_conn *conn;
1364
1365         BT_DBG("%s status 0x%2.2x", hdev->name, status);
1366
1367         if (!status)
1368                 return;
1369
1370         cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_FEATURES);
1371         if (!cp)
1372                 return;
1373
1374         hci_dev_lock(hdev);
1375
1376         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1377         if (conn) {
1378                 if (conn->state == BT_CONFIG) {
1379                         hci_proto_connect_cfm(conn, status);
1380                         hci_conn_drop(conn);
1381                 }
1382         }
1383
1384         hci_dev_unlock(hdev);
1385 }
1386
1387 static void hci_cs_read_remote_ext_features(struct hci_dev *hdev, __u8 status)
1388 {
1389         struct hci_cp_read_remote_ext_features *cp;
1390         struct hci_conn *conn;
1391
1392         BT_DBG("%s status 0x%2.2x", hdev->name, status);
1393
1394         if (!status)
1395                 return;
1396
1397         cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES);
1398         if (!cp)
1399                 return;
1400
1401         hci_dev_lock(hdev);
1402
1403         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1404         if (conn) {
1405                 if (conn->state == BT_CONFIG) {
1406                         hci_proto_connect_cfm(conn, status);
1407                         hci_conn_drop(conn);
1408                 }
1409         }
1410
1411         hci_dev_unlock(hdev);
1412 }
1413
1414 static void hci_cs_setup_sync_conn(struct hci_dev *hdev, __u8 status)
1415 {
1416         struct hci_cp_setup_sync_conn *cp;
1417         struct hci_conn *acl, *sco;
1418         __u16 handle;
1419
1420         BT_DBG("%s status 0x%2.2x", hdev->name, status);
1421
1422         if (!status)
1423                 return;
1424
1425         cp = hci_sent_cmd_data(hdev, HCI_OP_SETUP_SYNC_CONN);
1426         if (!cp)
1427                 return;
1428
1429         handle = __le16_to_cpu(cp->handle);
1430
1431         BT_DBG("%s handle 0x%4.4x", hdev->name, handle);
1432
1433         hci_dev_lock(hdev);
1434
1435         acl = hci_conn_hash_lookup_handle(hdev, handle);
1436         if (acl) {
1437                 sco = acl->link;
1438                 if (sco) {
1439                         sco->state = BT_CLOSED;
1440
1441                         hci_proto_connect_cfm(sco, status);
1442                         hci_conn_del(sco);
1443                 }
1444         }
1445
1446         hci_dev_unlock(hdev);
1447 }
1448
1449 static void hci_cs_sniff_mode(struct hci_dev *hdev, __u8 status)
1450 {
1451         struct hci_cp_sniff_mode *cp;
1452         struct hci_conn *conn;
1453
1454         BT_DBG("%s status 0x%2.2x", hdev->name, status);
1455
1456         if (!status)
1457                 return;
1458
1459         cp = hci_sent_cmd_data(hdev, HCI_OP_SNIFF_MODE);
1460         if (!cp)
1461                 return;
1462
1463         hci_dev_lock(hdev);
1464
1465         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1466         if (conn) {
1467                 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags);
1468
1469                 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
1470                         hci_sco_setup(conn, status);
1471         }
1472
1473         hci_dev_unlock(hdev);
1474 }
1475
1476 static void hci_cs_exit_sniff_mode(struct hci_dev *hdev, __u8 status)
1477 {
1478         struct hci_cp_exit_sniff_mode *cp;
1479         struct hci_conn *conn;
1480
1481         BT_DBG("%s status 0x%2.2x", hdev->name, status);
1482
1483         if (!status)
1484                 return;
1485
1486         cp = hci_sent_cmd_data(hdev, HCI_OP_EXIT_SNIFF_MODE);
1487         if (!cp)
1488                 return;
1489
1490         hci_dev_lock(hdev);
1491
1492         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1493         if (conn) {
1494                 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags);
1495
1496                 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
1497                         hci_sco_setup(conn, status);
1498         }
1499
1500         hci_dev_unlock(hdev);
1501 }
1502
1503 static void hci_cs_disconnect(struct hci_dev *hdev, u8 status)
1504 {
1505         struct hci_cp_disconnect *cp;
1506         struct hci_conn *conn;
1507
1508         if (!status)
1509                 return;
1510
1511         cp = hci_sent_cmd_data(hdev, HCI_OP_DISCONNECT);
1512         if (!cp)
1513                 return;
1514
1515         hci_dev_lock(hdev);
1516
1517         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1518         if (conn)
1519                 mgmt_disconnect_failed(hdev, &conn->dst, conn->type,
1520                                        conn->dst_type, status);
1521
1522         hci_dev_unlock(hdev);
1523 }
1524
1525 static void hci_cs_create_phylink(struct hci_dev *hdev, u8 status)
1526 {
1527         struct hci_cp_create_phy_link *cp;
1528
1529         BT_DBG("%s status 0x%2.2x", hdev->name, status);
1530
1531         cp = hci_sent_cmd_data(hdev, HCI_OP_CREATE_PHY_LINK);
1532         if (!cp)
1533                 return;
1534
1535         hci_dev_lock(hdev);
1536
1537         if (status) {
1538                 struct hci_conn *hcon;
1539
1540                 hcon = hci_conn_hash_lookup_handle(hdev, cp->phy_handle);
1541                 if (hcon)
1542                         hci_conn_del(hcon);
1543         } else {
1544                 amp_write_remote_assoc(hdev, cp->phy_handle);
1545         }
1546
1547         hci_dev_unlock(hdev);
1548 }
1549
1550 static void hci_cs_accept_phylink(struct hci_dev *hdev, u8 status)
1551 {
1552         struct hci_cp_accept_phy_link *cp;
1553
1554         BT_DBG("%s status 0x%2.2x", hdev->name, status);
1555
1556         if (status)
1557                 return;
1558
1559         cp = hci_sent_cmd_data(hdev, HCI_OP_ACCEPT_PHY_LINK);
1560         if (!cp)
1561                 return;
1562
1563         amp_write_remote_assoc(hdev, cp->phy_handle);
1564 }
1565
1566 static void hci_inquiry_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1567 {
1568         __u8 status = *((__u8 *) skb->data);
1569         struct discovery_state *discov = &hdev->discovery;
1570         struct inquiry_entry *e;
1571
1572         BT_DBG("%s status 0x%2.2x", hdev->name, status);
1573
1574         hci_conn_check_pending(hdev);
1575
1576         if (!test_and_clear_bit(HCI_INQUIRY, &hdev->flags))
1577                 return;
1578
1579         smp_mb__after_clear_bit(); /* wake_up_bit advises about this barrier */
1580         wake_up_bit(&hdev->flags, HCI_INQUIRY);
1581
1582         if (!test_bit(HCI_MGMT, &hdev->dev_flags))
1583                 return;
1584
1585         hci_dev_lock(hdev);
1586
1587         if (discov->state != DISCOVERY_FINDING)
1588                 goto unlock;
1589
1590         if (list_empty(&discov->resolve)) {
1591                 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1592                 goto unlock;
1593         }
1594
1595         e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_NEEDED);
1596         if (e && hci_resolve_name(hdev, e) == 0) {
1597                 e->name_state = NAME_PENDING;
1598                 hci_discovery_set_state(hdev, DISCOVERY_RESOLVING);
1599         } else {
1600                 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1601         }
1602
1603 unlock:
1604         hci_dev_unlock(hdev);
1605 }
1606
1607 static void hci_inquiry_result_evt(struct hci_dev *hdev, struct sk_buff *skb)
1608 {
1609         struct inquiry_data data;
1610         struct inquiry_info *info = (void *) (skb->data + 1);
1611         int num_rsp = *((__u8 *) skb->data);
1612
1613         BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
1614
1615         if (!num_rsp)
1616                 return;
1617
1618         if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags))
1619                 return;
1620
1621         hci_dev_lock(hdev);
1622
1623         for (; num_rsp; num_rsp--, info++) {
1624                 bool name_known, ssp;
1625
1626                 bacpy(&data.bdaddr, &info->bdaddr);
1627                 data.pscan_rep_mode     = info->pscan_rep_mode;
1628                 data.pscan_period_mode  = info->pscan_period_mode;
1629                 data.pscan_mode         = info->pscan_mode;
1630                 memcpy(data.dev_class, info->dev_class, 3);
1631                 data.clock_offset       = info->clock_offset;
1632                 data.rssi               = 0x00;
1633                 data.ssp_mode           = 0x00;
1634
1635                 name_known = hci_inquiry_cache_update(hdev, &data, false, &ssp);
1636                 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
1637                                   info->dev_class, 0, !name_known, ssp, NULL,
1638                                   0);
1639         }
1640
1641         hci_dev_unlock(hdev);
1642 }
1643
1644 static void hci_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1645 {
1646         struct hci_ev_conn_complete *ev = (void *) skb->data;
1647         struct hci_conn *conn;
1648
1649         BT_DBG("%s", hdev->name);
1650
1651         hci_dev_lock(hdev);
1652
1653         conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
1654         if (!conn) {
1655                 if (ev->link_type != SCO_LINK)
1656                         goto unlock;
1657
1658                 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
1659                 if (!conn)
1660                         goto unlock;
1661
1662                 conn->type = SCO_LINK;
1663         }
1664
1665         if (!ev->status) {
1666                 conn->handle = __le16_to_cpu(ev->handle);
1667
1668                 if (conn->type == ACL_LINK) {
1669                         conn->state = BT_CONFIG;
1670                         hci_conn_hold(conn);
1671
1672                         if (!conn->out && !hci_conn_ssp_enabled(conn) &&
1673                             !hci_find_link_key(hdev, &ev->bdaddr))
1674                                 conn->disc_timeout = HCI_PAIRING_TIMEOUT;
1675                         else
1676                                 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
1677                 } else
1678                         conn->state = BT_CONNECTED;
1679
1680                 hci_conn_add_sysfs(conn);
1681
1682                 if (test_bit(HCI_AUTH, &hdev->flags))
1683                         conn->link_mode |= HCI_LM_AUTH;
1684
1685                 if (test_bit(HCI_ENCRYPT, &hdev->flags))
1686                         conn->link_mode |= HCI_LM_ENCRYPT;
1687
1688                 /* Get remote features */
1689                 if (conn->type == ACL_LINK) {
1690                         struct hci_cp_read_remote_features cp;
1691                         cp.handle = ev->handle;
1692                         hci_send_cmd(hdev, HCI_OP_READ_REMOTE_FEATURES,
1693                                      sizeof(cp), &cp);
1694                 }
1695
1696                 /* Set packet type for incoming connection */
1697                 if (!conn->out && hdev->hci_ver < BLUETOOTH_VER_2_0) {
1698                         struct hci_cp_change_conn_ptype cp;
1699                         cp.handle = ev->handle;
1700                         cp.pkt_type = cpu_to_le16(conn->pkt_type);
1701                         hci_send_cmd(hdev, HCI_OP_CHANGE_CONN_PTYPE, sizeof(cp),
1702                                      &cp);
1703                 }
1704         } else {
1705                 conn->state = BT_CLOSED;
1706                 if (conn->type == ACL_LINK)
1707                         mgmt_connect_failed(hdev, &ev->bdaddr, conn->type,
1708                                             conn->dst_type, ev->status);
1709         }
1710
1711         if (conn->type == ACL_LINK)
1712                 hci_sco_setup(conn, ev->status);
1713
1714         if (ev->status) {
1715                 hci_proto_connect_cfm(conn, ev->status);
1716                 hci_conn_del(conn);
1717         } else if (ev->link_type != ACL_LINK)
1718                 hci_proto_connect_cfm(conn, ev->status);
1719
1720 unlock:
1721         hci_dev_unlock(hdev);
1722
1723         hci_conn_check_pending(hdev);
1724 }
1725
1726 static void hci_conn_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
1727 {
1728         struct hci_ev_conn_request *ev = (void *) skb->data;
1729         int mask = hdev->link_mode;
1730         __u8 flags = 0;
1731
1732         BT_DBG("%s bdaddr %pMR type 0x%x", hdev->name, &ev->bdaddr,
1733                ev->link_type);
1734
1735         mask |= hci_proto_connect_ind(hdev, &ev->bdaddr, ev->link_type,
1736                                       &flags);
1737
1738         if ((mask & HCI_LM_ACCEPT) &&
1739             !hci_blacklist_lookup(hdev, &ev->bdaddr, BDADDR_BREDR)) {
1740                 /* Connection accepted */
1741                 struct inquiry_entry *ie;
1742                 struct hci_conn *conn;
1743
1744                 hci_dev_lock(hdev);
1745
1746                 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
1747                 if (ie)
1748                         memcpy(ie->data.dev_class, ev->dev_class, 3);
1749
1750                 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type,
1751                                                &ev->bdaddr);
1752                 if (!conn) {
1753                         conn = hci_conn_add(hdev, ev->link_type, &ev->bdaddr);
1754                         if (!conn) {
1755                                 BT_ERR("No memory for new connection");
1756                                 hci_dev_unlock(hdev);
1757                                 return;
1758                         }
1759                 }
1760
1761                 memcpy(conn->dev_class, ev->dev_class, 3);
1762
1763                 hci_dev_unlock(hdev);
1764
1765                 if (ev->link_type == ACL_LINK ||
1766                     (!(flags & HCI_PROTO_DEFER) && !lmp_esco_capable(hdev))) {
1767                         struct hci_cp_accept_conn_req cp;
1768                         conn->state = BT_CONNECT;
1769
1770                         bacpy(&cp.bdaddr, &ev->bdaddr);
1771
1772                         if (lmp_rswitch_capable(hdev) && (mask & HCI_LM_MASTER))
1773                                 cp.role = 0x00; /* Become master */
1774                         else
1775                                 cp.role = 0x01; /* Remain slave */
1776
1777                         hci_send_cmd(hdev, HCI_OP_ACCEPT_CONN_REQ, sizeof(cp),
1778                                      &cp);
1779                 } else if (!(flags & HCI_PROTO_DEFER)) {
1780                         struct hci_cp_accept_sync_conn_req cp;
1781                         conn->state = BT_CONNECT;
1782
1783                         bacpy(&cp.bdaddr, &ev->bdaddr);
1784                         cp.pkt_type = cpu_to_le16(conn->pkt_type);
1785
1786                         cp.tx_bandwidth   = __constant_cpu_to_le32(0x00001f40);
1787                         cp.rx_bandwidth   = __constant_cpu_to_le32(0x00001f40);
1788                         cp.max_latency    = __constant_cpu_to_le16(0xffff);
1789                         cp.content_format = cpu_to_le16(hdev->voice_setting);
1790                         cp.retrans_effort = 0xff;
1791
1792                         hci_send_cmd(hdev, HCI_OP_ACCEPT_SYNC_CONN_REQ,
1793                                      sizeof(cp), &cp);
1794                 } else {
1795                         conn->state = BT_CONNECT2;
1796                         hci_proto_connect_cfm(conn, 0);
1797                 }
1798         } else {
1799                 /* Connection rejected */
1800                 struct hci_cp_reject_conn_req cp;
1801
1802                 bacpy(&cp.bdaddr, &ev->bdaddr);
1803                 cp.reason = HCI_ERROR_REJ_BAD_ADDR;
1804                 hci_send_cmd(hdev, HCI_OP_REJECT_CONN_REQ, sizeof(cp), &cp);
1805         }
1806 }
1807
1808 static u8 hci_to_mgmt_reason(u8 err)
1809 {
1810         switch (err) {
1811         case HCI_ERROR_CONNECTION_TIMEOUT:
1812                 return MGMT_DEV_DISCONN_TIMEOUT;
1813         case HCI_ERROR_REMOTE_USER_TERM:
1814         case HCI_ERROR_REMOTE_LOW_RESOURCES:
1815         case HCI_ERROR_REMOTE_POWER_OFF:
1816                 return MGMT_DEV_DISCONN_REMOTE;
1817         case HCI_ERROR_LOCAL_HOST_TERM:
1818                 return MGMT_DEV_DISCONN_LOCAL_HOST;
1819         default:
1820                 return MGMT_DEV_DISCONN_UNKNOWN;
1821         }
1822 }
1823
1824 static void hci_disconn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1825 {
1826         struct hci_ev_disconn_complete *ev = (void *) skb->data;
1827         u8 reason = hci_to_mgmt_reason(ev->reason);
1828         struct hci_conn *conn;
1829         u8 type;
1830
1831         BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
1832
1833         hci_dev_lock(hdev);
1834
1835         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1836         if (!conn)
1837                 goto unlock;
1838
1839         if (ev->status) {
1840                 mgmt_disconnect_failed(hdev, &conn->dst, conn->type,
1841                                        conn->dst_type, ev->status);
1842                 goto unlock;
1843         }
1844
1845         conn->state = BT_CLOSED;
1846
1847         if (test_and_clear_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
1848                 mgmt_device_disconnected(hdev, &conn->dst, conn->type,
1849                                          conn->dst_type, reason);
1850
1851         if (conn->type == ACL_LINK && conn->flush_key)
1852                 hci_remove_link_key(hdev, &conn->dst);
1853
1854         type = conn->type;
1855
1856         hci_proto_disconn_cfm(conn, ev->reason);
1857         hci_conn_del(conn);
1858
1859         /* Re-enable advertising if necessary, since it might
1860          * have been disabled by the connection. From the
1861          * HCI_LE_Set_Advertise_Enable command description in
1862          * the core specification (v4.0):
1863          * "The Controller shall continue advertising until the Host
1864          * issues an LE_Set_Advertise_Enable command with
1865          * Advertising_Enable set to 0x00 (Advertising is disabled)
1866          * or until a connection is created or until the Advertising
1867          * is timed out due to Directed Advertising."
1868          */
1869         if (type == LE_LINK)
1870                 mgmt_reenable_advertising(hdev);
1871
1872 unlock:
1873         hci_dev_unlock(hdev);
1874 }
1875
1876 static void hci_auth_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1877 {
1878         struct hci_ev_auth_complete *ev = (void *) skb->data;
1879         struct hci_conn *conn;
1880
1881         BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
1882
1883         hci_dev_lock(hdev);
1884
1885         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1886         if (!conn)
1887                 goto unlock;
1888
1889         if (!ev->status) {
1890                 if (!hci_conn_ssp_enabled(conn) &&
1891                     test_bit(HCI_CONN_REAUTH_PEND, &conn->flags)) {
1892                         BT_INFO("re-auth of legacy device is not possible.");
1893                 } else {
1894                         conn->link_mode |= HCI_LM_AUTH;
1895                         conn->sec_level = conn->pending_sec_level;
1896                 }
1897         } else {
1898                 mgmt_auth_failed(hdev, &conn->dst, conn->type, conn->dst_type,
1899                                  ev->status);
1900         }
1901
1902         clear_bit(HCI_CONN_AUTH_PEND, &conn->flags);
1903         clear_bit(HCI_CONN_REAUTH_PEND, &conn->flags);
1904
1905         if (conn->state == BT_CONFIG) {
1906                 if (!ev->status && hci_conn_ssp_enabled(conn)) {
1907                         struct hci_cp_set_conn_encrypt cp;
1908                         cp.handle  = ev->handle;
1909                         cp.encrypt = 0x01;
1910                         hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
1911                                      &cp);
1912                 } else {
1913                         conn->state = BT_CONNECTED;
1914                         hci_proto_connect_cfm(conn, ev->status);
1915                         hci_conn_drop(conn);
1916                 }
1917         } else {
1918                 hci_auth_cfm(conn, ev->status);
1919
1920                 hci_conn_hold(conn);
1921                 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
1922                 hci_conn_drop(conn);
1923         }
1924
1925         if (test_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags)) {
1926                 if (!ev->status) {
1927                         struct hci_cp_set_conn_encrypt cp;
1928                         cp.handle  = ev->handle;
1929                         cp.encrypt = 0x01;
1930                         hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
1931                                      &cp);
1932                 } else {
1933                         clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
1934                         hci_encrypt_cfm(conn, ev->status, 0x00);
1935                 }
1936         }
1937
1938 unlock:
1939         hci_dev_unlock(hdev);
1940 }
1941
1942 static void hci_remote_name_evt(struct hci_dev *hdev, struct sk_buff *skb)
1943 {
1944         struct hci_ev_remote_name *ev = (void *) skb->data;
1945         struct hci_conn *conn;
1946
1947         BT_DBG("%s", hdev->name);
1948
1949         hci_conn_check_pending(hdev);
1950
1951         hci_dev_lock(hdev);
1952
1953         conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
1954
1955         if (!test_bit(HCI_MGMT, &hdev->dev_flags))
1956                 goto check_auth;
1957
1958         if (ev->status == 0)
1959                 hci_check_pending_name(hdev, conn, &ev->bdaddr, ev->name,
1960                                        strnlen(ev->name, HCI_MAX_NAME_LENGTH));
1961         else
1962                 hci_check_pending_name(hdev, conn, &ev->bdaddr, NULL, 0);
1963
1964 check_auth:
1965         if (!conn)
1966                 goto unlock;
1967
1968         if (!hci_outgoing_auth_needed(hdev, conn))
1969                 goto unlock;
1970
1971         if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
1972                 struct hci_cp_auth_requested cp;
1973                 cp.handle = __cpu_to_le16(conn->handle);
1974                 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp);
1975         }
1976
1977 unlock:
1978         hci_dev_unlock(hdev);
1979 }
1980
1981 static void hci_encrypt_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
1982 {
1983         struct hci_ev_encrypt_change *ev = (void *) skb->data;
1984         struct hci_conn *conn;
1985
1986         BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
1987
1988         hci_dev_lock(hdev);
1989
1990         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1991         if (!conn)
1992                 goto unlock;
1993
1994         if (!ev->status) {
1995                 if (ev->encrypt) {
1996                         /* Encryption implies authentication */
1997                         conn->link_mode |= HCI_LM_AUTH;
1998                         conn->link_mode |= HCI_LM_ENCRYPT;
1999                         conn->sec_level = conn->pending_sec_level;
2000
2001                         /* P-256 authentication key implies FIPS */
2002                         if (conn->key_type == HCI_LK_AUTH_COMBINATION_P256)
2003                                 conn->link_mode |= HCI_LM_FIPS;
2004
2005                         if ((conn->type == ACL_LINK && ev->encrypt == 0x02) ||
2006                             conn->type == LE_LINK)
2007                                 set_bit(HCI_CONN_AES_CCM, &conn->flags);
2008                 } else {
2009                         conn->link_mode &= ~HCI_LM_ENCRYPT;
2010                         clear_bit(HCI_CONN_AES_CCM, &conn->flags);
2011                 }
2012         }
2013
2014         clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
2015
2016         if (ev->status && conn->state == BT_CONNECTED) {
2017                 hci_disconnect(conn, HCI_ERROR_AUTH_FAILURE);
2018                 hci_conn_drop(conn);
2019                 goto unlock;
2020         }
2021
2022         if (conn->state == BT_CONFIG) {
2023                 if (!ev->status)
2024                         conn->state = BT_CONNECTED;
2025
2026                 hci_proto_connect_cfm(conn, ev->status);
2027                 hci_conn_drop(conn);
2028         } else
2029                 hci_encrypt_cfm(conn, ev->status, ev->encrypt);
2030
2031 unlock:
2032         hci_dev_unlock(hdev);
2033 }
2034
2035 static void hci_change_link_key_complete_evt(struct hci_dev *hdev,
2036                                              struct sk_buff *skb)
2037 {
2038         struct hci_ev_change_link_key_complete *ev = (void *) skb->data;
2039         struct hci_conn *conn;
2040
2041         BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2042
2043         hci_dev_lock(hdev);
2044
2045         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2046         if (conn) {
2047                 if (!ev->status)
2048                         conn->link_mode |= HCI_LM_SECURE;
2049
2050                 clear_bit(HCI_CONN_AUTH_PEND, &conn->flags);
2051
2052                 hci_key_change_cfm(conn, ev->status);
2053         }
2054
2055         hci_dev_unlock(hdev);
2056 }
2057
2058 static void hci_remote_features_evt(struct hci_dev *hdev,
2059                                     struct sk_buff *skb)
2060 {
2061         struct hci_ev_remote_features *ev = (void *) skb->data;
2062         struct hci_conn *conn;
2063
2064         BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2065
2066         hci_dev_lock(hdev);
2067
2068         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2069         if (!conn)
2070                 goto unlock;
2071
2072         if (!ev->status)
2073                 memcpy(conn->features[0], ev->features, 8);
2074
2075         if (conn->state != BT_CONFIG)
2076                 goto unlock;
2077
2078         if (!ev->status && lmp_ssp_capable(hdev) && lmp_ssp_capable(conn)) {
2079                 struct hci_cp_read_remote_ext_features cp;
2080                 cp.handle = ev->handle;
2081                 cp.page = 0x01;
2082                 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES,
2083                              sizeof(cp), &cp);
2084                 goto unlock;
2085         }
2086
2087         if (!ev->status && !test_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags)) {
2088                 struct hci_cp_remote_name_req cp;
2089                 memset(&cp, 0, sizeof(cp));
2090                 bacpy(&cp.bdaddr, &conn->dst);
2091                 cp.pscan_rep_mode = 0x02;
2092                 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
2093         } else if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
2094                 mgmt_device_connected(hdev, &conn->dst, conn->type,
2095                                       conn->dst_type, 0, NULL, 0,
2096                                       conn->dev_class);
2097
2098         if (!hci_outgoing_auth_needed(hdev, conn)) {
2099                 conn->state = BT_CONNECTED;
2100                 hci_proto_connect_cfm(conn, ev->status);
2101                 hci_conn_drop(conn);
2102         }
2103
2104 unlock:
2105         hci_dev_unlock(hdev);
2106 }
2107
2108 static void hci_cmd_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2109 {
2110         struct hci_ev_cmd_complete *ev = (void *) skb->data;
2111         u8 status = skb->data[sizeof(*ev)];
2112         __u16 opcode;
2113
2114         skb_pull(skb, sizeof(*ev));
2115
2116         opcode = __le16_to_cpu(ev->opcode);
2117
2118         switch (opcode) {
2119         case HCI_OP_INQUIRY_CANCEL:
2120                 hci_cc_inquiry_cancel(hdev, skb);
2121                 break;
2122
2123         case HCI_OP_PERIODIC_INQ:
2124                 hci_cc_periodic_inq(hdev, skb);
2125                 break;
2126
2127         case HCI_OP_EXIT_PERIODIC_INQ:
2128                 hci_cc_exit_periodic_inq(hdev, skb);
2129                 break;
2130
2131         case HCI_OP_REMOTE_NAME_REQ_CANCEL:
2132                 hci_cc_remote_name_req_cancel(hdev, skb);
2133                 break;
2134
2135         case HCI_OP_ROLE_DISCOVERY:
2136                 hci_cc_role_discovery(hdev, skb);
2137                 break;
2138
2139         case HCI_OP_READ_LINK_POLICY:
2140                 hci_cc_read_link_policy(hdev, skb);
2141                 break;
2142
2143         case HCI_OP_WRITE_LINK_POLICY:
2144                 hci_cc_write_link_policy(hdev, skb);
2145                 break;
2146
2147         case HCI_OP_READ_DEF_LINK_POLICY:
2148                 hci_cc_read_def_link_policy(hdev, skb);
2149                 break;
2150
2151         case HCI_OP_WRITE_DEF_LINK_POLICY:
2152                 hci_cc_write_def_link_policy(hdev, skb);
2153                 break;
2154
2155         case HCI_OP_RESET:
2156                 hci_cc_reset(hdev, skb);
2157                 break;
2158
2159         case HCI_OP_WRITE_LOCAL_NAME:
2160                 hci_cc_write_local_name(hdev, skb);
2161                 break;
2162
2163         case HCI_OP_READ_LOCAL_NAME:
2164                 hci_cc_read_local_name(hdev, skb);
2165                 break;
2166
2167         case HCI_OP_WRITE_AUTH_ENABLE:
2168                 hci_cc_write_auth_enable(hdev, skb);
2169                 break;
2170
2171         case HCI_OP_WRITE_ENCRYPT_MODE:
2172                 hci_cc_write_encrypt_mode(hdev, skb);
2173                 break;
2174
2175         case HCI_OP_WRITE_SCAN_ENABLE:
2176                 hci_cc_write_scan_enable(hdev, skb);
2177                 break;
2178
2179         case HCI_OP_READ_CLASS_OF_DEV:
2180                 hci_cc_read_class_of_dev(hdev, skb);
2181                 break;
2182
2183         case HCI_OP_WRITE_CLASS_OF_DEV:
2184                 hci_cc_write_class_of_dev(hdev, skb);
2185                 break;
2186
2187         case HCI_OP_READ_VOICE_SETTING:
2188                 hci_cc_read_voice_setting(hdev, skb);
2189                 break;
2190
2191         case HCI_OP_WRITE_VOICE_SETTING:
2192                 hci_cc_write_voice_setting(hdev, skb);
2193                 break;
2194
2195         case HCI_OP_READ_NUM_SUPPORTED_IAC:
2196                 hci_cc_read_num_supported_iac(hdev, skb);
2197                 break;
2198
2199         case HCI_OP_WRITE_SSP_MODE:
2200                 hci_cc_write_ssp_mode(hdev, skb);
2201                 break;
2202
2203         case HCI_OP_WRITE_SC_SUPPORT:
2204                 hci_cc_write_sc_support(hdev, skb);
2205                 break;
2206
2207         case HCI_OP_READ_LOCAL_VERSION:
2208                 hci_cc_read_local_version(hdev, skb);
2209                 break;
2210
2211         case HCI_OP_READ_LOCAL_COMMANDS:
2212                 hci_cc_read_local_commands(hdev, skb);
2213                 break;
2214
2215         case HCI_OP_READ_LOCAL_FEATURES:
2216                 hci_cc_read_local_features(hdev, skb);
2217                 break;
2218
2219         case HCI_OP_READ_LOCAL_EXT_FEATURES:
2220                 hci_cc_read_local_ext_features(hdev, skb);
2221                 break;
2222
2223         case HCI_OP_READ_BUFFER_SIZE:
2224                 hci_cc_read_buffer_size(hdev, skb);
2225                 break;
2226
2227         case HCI_OP_READ_BD_ADDR:
2228                 hci_cc_read_bd_addr(hdev, skb);
2229                 break;
2230
2231         case HCI_OP_READ_PAGE_SCAN_ACTIVITY:
2232                 hci_cc_read_page_scan_activity(hdev, skb);
2233                 break;
2234
2235         case HCI_OP_WRITE_PAGE_SCAN_ACTIVITY:
2236                 hci_cc_write_page_scan_activity(hdev, skb);
2237                 break;
2238
2239         case HCI_OP_READ_PAGE_SCAN_TYPE:
2240                 hci_cc_read_page_scan_type(hdev, skb);
2241                 break;
2242
2243         case HCI_OP_WRITE_PAGE_SCAN_TYPE:
2244                 hci_cc_write_page_scan_type(hdev, skb);
2245                 break;
2246
2247         case HCI_OP_READ_DATA_BLOCK_SIZE:
2248                 hci_cc_read_data_block_size(hdev, skb);
2249                 break;
2250
2251         case HCI_OP_READ_FLOW_CONTROL_MODE:
2252                 hci_cc_read_flow_control_mode(hdev, skb);
2253                 break;
2254
2255         case HCI_OP_READ_LOCAL_AMP_INFO:
2256                 hci_cc_read_local_amp_info(hdev, skb);
2257                 break;
2258
2259         case HCI_OP_READ_LOCAL_AMP_ASSOC:
2260                 hci_cc_read_local_amp_assoc(hdev, skb);
2261                 break;
2262
2263         case HCI_OP_READ_INQ_RSP_TX_POWER:
2264                 hci_cc_read_inq_rsp_tx_power(hdev, skb);
2265                 break;
2266
2267         case HCI_OP_PIN_CODE_REPLY:
2268                 hci_cc_pin_code_reply(hdev, skb);
2269                 break;
2270
2271         case HCI_OP_PIN_CODE_NEG_REPLY:
2272                 hci_cc_pin_code_neg_reply(hdev, skb);
2273                 break;
2274
2275         case HCI_OP_READ_LOCAL_OOB_DATA:
2276                 hci_cc_read_local_oob_data(hdev, skb);
2277                 break;
2278
2279         case HCI_OP_READ_LOCAL_OOB_EXT_DATA:
2280                 hci_cc_read_local_oob_ext_data(hdev, skb);
2281                 break;
2282
2283         case HCI_OP_LE_READ_BUFFER_SIZE:
2284                 hci_cc_le_read_buffer_size(hdev, skb);
2285                 break;
2286
2287         case HCI_OP_LE_READ_LOCAL_FEATURES:
2288                 hci_cc_le_read_local_features(hdev, skb);
2289                 break;
2290
2291         case HCI_OP_LE_READ_ADV_TX_POWER:
2292                 hci_cc_le_read_adv_tx_power(hdev, skb);
2293                 break;
2294
2295         case HCI_OP_USER_CONFIRM_REPLY:
2296                 hci_cc_user_confirm_reply(hdev, skb);
2297                 break;
2298
2299         case HCI_OP_USER_CONFIRM_NEG_REPLY:
2300                 hci_cc_user_confirm_neg_reply(hdev, skb);
2301                 break;
2302
2303         case HCI_OP_USER_PASSKEY_REPLY:
2304                 hci_cc_user_passkey_reply(hdev, skb);
2305                 break;
2306
2307         case HCI_OP_USER_PASSKEY_NEG_REPLY:
2308                 hci_cc_user_passkey_neg_reply(hdev, skb);
2309                 break;
2310
2311         case HCI_OP_LE_SET_ADV_ENABLE:
2312                 hci_cc_le_set_adv_enable(hdev, skb);
2313                 break;
2314
2315         case HCI_OP_LE_SET_SCAN_ENABLE:
2316                 hci_cc_le_set_scan_enable(hdev, skb);
2317                 break;
2318
2319         case HCI_OP_LE_READ_WHITE_LIST_SIZE:
2320                 hci_cc_le_read_white_list_size(hdev, skb);
2321                 break;
2322
2323         case HCI_OP_LE_READ_SUPPORTED_STATES:
2324                 hci_cc_le_read_supported_states(hdev, skb);
2325                 break;
2326
2327         case HCI_OP_WRITE_LE_HOST_SUPPORTED:
2328                 hci_cc_write_le_host_supported(hdev, skb);
2329                 break;
2330
2331         case HCI_OP_WRITE_REMOTE_AMP_ASSOC:
2332                 hci_cc_write_remote_amp_assoc(hdev, skb);
2333                 break;
2334
2335         default:
2336                 BT_DBG("%s opcode 0x%4.4x", hdev->name, opcode);
2337                 break;
2338         }
2339
2340         if (opcode != HCI_OP_NOP)
2341                 del_timer(&hdev->cmd_timer);
2342
2343         hci_req_cmd_complete(hdev, opcode, status);
2344
2345         if (ev->ncmd && !test_bit(HCI_RESET, &hdev->flags)) {
2346                 atomic_set(&hdev->cmd_cnt, 1);
2347                 if (!skb_queue_empty(&hdev->cmd_q))
2348                         queue_work(hdev->workqueue, &hdev->cmd_work);
2349         }
2350 }
2351
2352 static void hci_cmd_status_evt(struct hci_dev *hdev, struct sk_buff *skb)
2353 {
2354         struct hci_ev_cmd_status *ev = (void *) skb->data;
2355         __u16 opcode;
2356
2357         skb_pull(skb, sizeof(*ev));
2358
2359         opcode = __le16_to_cpu(ev->opcode);
2360
2361         switch (opcode) {
2362         case HCI_OP_INQUIRY:
2363                 hci_cs_inquiry(hdev, ev->status);
2364                 break;
2365
2366         case HCI_OP_CREATE_CONN:
2367                 hci_cs_create_conn(hdev, ev->status);
2368                 break;
2369
2370         case HCI_OP_ADD_SCO:
2371                 hci_cs_add_sco(hdev, ev->status);
2372                 break;
2373
2374         case HCI_OP_AUTH_REQUESTED:
2375                 hci_cs_auth_requested(hdev, ev->status);
2376                 break;
2377
2378         case HCI_OP_SET_CONN_ENCRYPT:
2379                 hci_cs_set_conn_encrypt(hdev, ev->status);
2380                 break;
2381
2382         case HCI_OP_REMOTE_NAME_REQ:
2383                 hci_cs_remote_name_req(hdev, ev->status);
2384                 break;
2385
2386         case HCI_OP_READ_REMOTE_FEATURES:
2387                 hci_cs_read_remote_features(hdev, ev->status);
2388                 break;
2389
2390         case HCI_OP_READ_REMOTE_EXT_FEATURES:
2391                 hci_cs_read_remote_ext_features(hdev, ev->status);
2392                 break;
2393
2394         case HCI_OP_SETUP_SYNC_CONN:
2395                 hci_cs_setup_sync_conn(hdev, ev->status);
2396                 break;
2397
2398         case HCI_OP_SNIFF_MODE:
2399                 hci_cs_sniff_mode(hdev, ev->status);
2400                 break;
2401
2402         case HCI_OP_EXIT_SNIFF_MODE:
2403                 hci_cs_exit_sniff_mode(hdev, ev->status);
2404                 break;
2405
2406         case HCI_OP_DISCONNECT:
2407                 hci_cs_disconnect(hdev, ev->status);
2408                 break;
2409
2410         case HCI_OP_CREATE_PHY_LINK:
2411                 hci_cs_create_phylink(hdev, ev->status);
2412                 break;
2413
2414         case HCI_OP_ACCEPT_PHY_LINK:
2415                 hci_cs_accept_phylink(hdev, ev->status);
2416                 break;
2417
2418         default:
2419                 BT_DBG("%s opcode 0x%4.4x", hdev->name, opcode);
2420                 break;
2421         }
2422
2423         if (opcode != HCI_OP_NOP)
2424                 del_timer(&hdev->cmd_timer);
2425
2426         if (ev->status ||
2427             (hdev->sent_cmd && !bt_cb(hdev->sent_cmd)->req.event))
2428                 hci_req_cmd_complete(hdev, opcode, ev->status);
2429
2430         if (ev->ncmd && !test_bit(HCI_RESET, &hdev->flags)) {
2431                 atomic_set(&hdev->cmd_cnt, 1);
2432                 if (!skb_queue_empty(&hdev->cmd_q))
2433                         queue_work(hdev->workqueue, &hdev->cmd_work);
2434         }
2435 }
2436
2437 static void hci_role_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2438 {
2439         struct hci_ev_role_change *ev = (void *) skb->data;
2440         struct hci_conn *conn;
2441
2442         BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2443
2444         hci_dev_lock(hdev);
2445
2446         conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2447         if (conn) {
2448                 if (!ev->status) {
2449                         if (ev->role)
2450                                 conn->link_mode &= ~HCI_LM_MASTER;
2451                         else
2452                                 conn->link_mode |= HCI_LM_MASTER;
2453                 }
2454
2455                 clear_bit(HCI_CONN_RSWITCH_PEND, &conn->flags);
2456
2457                 hci_role_switch_cfm(conn, ev->status, ev->role);
2458         }
2459
2460         hci_dev_unlock(hdev);
2461 }
2462
2463 static void hci_num_comp_pkts_evt(struct hci_dev *hdev, struct sk_buff *skb)
2464 {
2465         struct hci_ev_num_comp_pkts *ev = (void *) skb->data;
2466         int i;
2467
2468         if (hdev->flow_ctl_mode != HCI_FLOW_CTL_MODE_PACKET_BASED) {
2469                 BT_ERR("Wrong event for mode %d", hdev->flow_ctl_mode);
2470                 return;
2471         }
2472
2473         if (skb->len < sizeof(*ev) || skb->len < sizeof(*ev) +
2474             ev->num_hndl * sizeof(struct hci_comp_pkts_info)) {
2475                 BT_DBG("%s bad parameters", hdev->name);
2476                 return;
2477         }
2478
2479         BT_DBG("%s num_hndl %d", hdev->name, ev->num_hndl);
2480
2481         for (i = 0; i < ev->num_hndl; i++) {
2482                 struct hci_comp_pkts_info *info = &ev->handles[i];
2483                 struct hci_conn *conn;
2484                 __u16  handle, count;
2485
2486                 handle = __le16_to_cpu(info->handle);
2487                 count  = __le16_to_cpu(info->count);
2488
2489                 conn = hci_conn_hash_lookup_handle(hdev, handle);
2490                 if (!conn)
2491                         continue;
2492
2493                 conn->sent -= count;
2494
2495                 switch (conn->type) {
2496                 case ACL_LINK:
2497                         hdev->acl_cnt += count;
2498                         if (hdev->acl_cnt > hdev->acl_pkts)
2499                                 hdev->acl_cnt = hdev->acl_pkts;
2500                         break;
2501
2502                 case LE_LINK:
2503                         if (hdev->le_pkts) {
2504                                 hdev->le_cnt += count;
2505                                 if (hdev->le_cnt > hdev->le_pkts)
2506                                         hdev->le_cnt = hdev->le_pkts;
2507                         } else {
2508                                 hdev->acl_cnt += count;
2509                                 if (hdev->acl_cnt > hdev->acl_pkts)
2510                                         hdev->acl_cnt = hdev->acl_pkts;
2511                         }
2512                         break;
2513
2514                 case SCO_LINK:
2515                         hdev->sco_cnt += count;
2516                         if (hdev->sco_cnt > hdev->sco_pkts)
2517                                 hdev->sco_cnt = hdev->sco_pkts;
2518                         break;
2519
2520                 default:
2521                         BT_ERR("Unknown type %d conn %p", conn->type, conn);
2522                         break;
2523                 }
2524         }
2525
2526         queue_work(hdev->workqueue, &hdev->tx_work);
2527 }
2528
2529 static struct hci_conn *__hci_conn_lookup_handle(struct hci_dev *hdev,
2530                                                  __u16 handle)
2531 {
2532         struct hci_chan *chan;
2533
2534         switch (hdev->dev_type) {
2535         case HCI_BREDR:
2536                 return hci_conn_hash_lookup_handle(hdev, handle);
2537         case HCI_AMP:
2538                 chan = hci_chan_lookup_handle(hdev, handle);
2539                 if (chan)
2540                         return chan->conn;
2541                 break;
2542         default:
2543                 BT_ERR("%s unknown dev_type %d", hdev->name, hdev->dev_type);
2544                 break;
2545         }
2546
2547         return NULL;
2548 }
2549
2550 static void hci_num_comp_blocks_evt(struct hci_dev *hdev, struct sk_buff *skb)
2551 {
2552         struct hci_ev_num_comp_blocks *ev = (void *) skb->data;
2553         int i;
2554
2555         if (hdev->flow_ctl_mode != HCI_FLOW_CTL_MODE_BLOCK_BASED) {
2556                 BT_ERR("Wrong event for mode %d", hdev->flow_ctl_mode);
2557                 return;
2558         }
2559
2560         if (skb->len < sizeof(*ev) || skb->len < sizeof(*ev) +
2561             ev->num_hndl * sizeof(struct hci_comp_blocks_info)) {
2562                 BT_DBG("%s bad parameters", hdev->name);
2563                 return;
2564         }
2565
2566         BT_DBG("%s num_blocks %d num_hndl %d", hdev->name, ev->num_blocks,
2567                ev->num_hndl);
2568
2569         for (i = 0; i < ev->num_hndl; i++) {
2570                 struct hci_comp_blocks_info *info = &ev->handles[i];
2571                 struct hci_conn *conn = NULL;
2572                 __u16  handle, block_count;
2573
2574                 handle = __le16_to_cpu(info->handle);
2575                 block_count = __le16_to_cpu(info->blocks);
2576
2577                 conn = __hci_conn_lookup_handle(hdev, handle);
2578                 if (!conn)
2579                         continue;
2580
2581                 conn->sent -= block_count;
2582
2583                 switch (conn->type) {
2584                 case ACL_LINK:
2585                 case AMP_LINK:
2586                         hdev->block_cnt += block_count;
2587                         if (hdev->block_cnt > hdev->num_blocks)
2588                                 hdev->block_cnt = hdev->num_blocks;
2589                         break;
2590
2591                 default:
2592                         BT_ERR("Unknown type %d conn %p", conn->type, conn);
2593                         break;
2594                 }
2595         }
2596
2597         queue_work(hdev->workqueue, &hdev->tx_work);
2598 }
2599
2600 static void hci_mode_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2601 {
2602         struct hci_ev_mode_change *ev = (void *) skb->data;
2603         struct hci_conn *conn;
2604
2605         BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2606
2607         hci_dev_lock(hdev);
2608
2609         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2610         if (conn) {
2611                 conn->mode = ev->mode;
2612
2613                 if (!test_and_clear_bit(HCI_CONN_MODE_CHANGE_PEND,
2614                                         &conn->flags)) {
2615                         if (conn->mode == HCI_CM_ACTIVE)
2616                                 set_bit(HCI_CONN_POWER_SAVE, &conn->flags);
2617                         else
2618                                 clear_bit(HCI_CONN_POWER_SAVE, &conn->flags);
2619                 }
2620
2621                 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
2622                         hci_sco_setup(conn, ev->status);
2623         }
2624
2625         hci_dev_unlock(hdev);
2626 }
2627
2628 static void hci_pin_code_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
2629 {
2630         struct hci_ev_pin_code_req *ev = (void *) skb->data;
2631         struct hci_conn *conn;
2632
2633         BT_DBG("%s", hdev->name);
2634
2635         hci_dev_lock(hdev);
2636
2637         conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2638         if (!conn)
2639                 goto unlock;
2640
2641         if (conn->state == BT_CONNECTED) {
2642                 hci_conn_hold(conn);
2643                 conn->disc_timeout = HCI_PAIRING_TIMEOUT;
2644                 hci_conn_drop(conn);
2645         }
2646
2647         if (!test_bit(HCI_PAIRABLE, &hdev->dev_flags))
2648                 hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
2649                              sizeof(ev->bdaddr), &ev->bdaddr);
2650         else if (test_bit(HCI_MGMT, &hdev->dev_flags)) {
2651                 u8 secure;
2652
2653                 if (conn->pending_sec_level == BT_SECURITY_HIGH)
2654                         secure = 1;
2655                 else
2656                         secure = 0;
2657
2658                 mgmt_pin_code_request(hdev, &ev->bdaddr, secure);
2659         }
2660
2661 unlock:
2662         hci_dev_unlock(hdev);
2663 }
2664
2665 static void hci_link_key_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
2666 {
2667         struct hci_ev_link_key_req *ev = (void *) skb->data;
2668         struct hci_cp_link_key_reply cp;
2669         struct hci_conn *conn;
2670         struct link_key *key;
2671
2672         BT_DBG("%s", hdev->name);
2673
2674         if (!test_bit(HCI_MGMT, &hdev->dev_flags))
2675                 return;
2676
2677         hci_dev_lock(hdev);
2678
2679         key = hci_find_link_key(hdev, &ev->bdaddr);
2680         if (!key) {
2681                 BT_DBG("%s link key not found for %pMR", hdev->name,
2682                        &ev->bdaddr);
2683                 goto not_found;
2684         }
2685
2686         BT_DBG("%s found key type %u for %pMR", hdev->name, key->type,
2687                &ev->bdaddr);
2688
2689         if (!test_bit(HCI_DEBUG_KEYS, &hdev->dev_flags) &&
2690             key->type == HCI_LK_DEBUG_COMBINATION) {
2691                 BT_DBG("%s ignoring debug key", hdev->name);
2692                 goto not_found;
2693         }
2694
2695         conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2696         if (conn) {
2697                 if ((key->type == HCI_LK_UNAUTH_COMBINATION_P192 ||
2698                      key->type == HCI_LK_UNAUTH_COMBINATION_P256) &&
2699                     conn->auth_type != 0xff && (conn->auth_type & 0x01)) {
2700                         BT_DBG("%s ignoring unauthenticated key", hdev->name);
2701                         goto not_found;
2702                 }
2703
2704                 if (key->type == HCI_LK_COMBINATION && key->pin_len < 16 &&
2705                     conn->pending_sec_level == BT_SECURITY_HIGH) {
2706                         BT_DBG("%s ignoring key unauthenticated for high security",
2707                                hdev->name);
2708                         goto not_found;
2709                 }
2710
2711                 conn->key_type = key->type;
2712                 conn->pin_length = key->pin_len;
2713         }
2714
2715         bacpy(&cp.bdaddr, &ev->bdaddr);
2716         memcpy(cp.link_key, key->val, HCI_LINK_KEY_SIZE);
2717
2718         hci_send_cmd(hdev, HCI_OP_LINK_KEY_REPLY, sizeof(cp), &cp);
2719
2720         hci_dev_unlock(hdev);
2721
2722         return;
2723
2724 not_found:
2725         hci_send_cmd(hdev, HCI_OP_LINK_KEY_NEG_REPLY, 6, &ev->bdaddr);
2726         hci_dev_unlock(hdev);
2727 }
2728
2729 static void hci_link_key_notify_evt(struct hci_dev *hdev, struct sk_buff *skb)
2730 {
2731         struct hci_ev_link_key_notify *ev = (void *) skb->data;
2732         struct hci_conn *conn;
2733         u8 pin_len = 0;
2734
2735         BT_DBG("%s", hdev->name);
2736
2737         hci_dev_lock(hdev);
2738
2739         conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2740         if (conn) {
2741                 hci_conn_hold(conn);
2742                 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
2743                 pin_len = conn->pin_length;
2744
2745                 if (ev->key_type != HCI_LK_CHANGED_COMBINATION)
2746                         conn->key_type = ev->key_type;
2747
2748                 hci_conn_drop(conn);
2749         }
2750
2751         if (test_bit(HCI_MGMT, &hdev->dev_flags))
2752                 hci_add_link_key(hdev, conn, 1, &ev->bdaddr, ev->link_key,
2753                                  ev->key_type, pin_len);
2754
2755         hci_dev_unlock(hdev);
2756 }
2757
2758 static void hci_clock_offset_evt(struct hci_dev *hdev, struct sk_buff *skb)
2759 {
2760         struct hci_ev_clock_offset *ev = (void *) skb->data;
2761         struct hci_conn *conn;
2762
2763         BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2764
2765         hci_dev_lock(hdev);
2766
2767         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2768         if (conn && !ev->status) {
2769                 struct inquiry_entry *ie;
2770
2771                 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
2772                 if (ie) {
2773                         ie->data.clock_offset = ev->clock_offset;
2774                         ie->timestamp = jiffies;
2775                 }
2776         }
2777
2778         hci_dev_unlock(hdev);
2779 }
2780
2781 static void hci_pkt_type_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2782 {
2783         struct hci_ev_pkt_type_change *ev = (void *) skb->data;
2784         struct hci_conn *conn;
2785
2786         BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2787
2788         hci_dev_lock(hdev);
2789
2790         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2791         if (conn && !ev->status)
2792                 conn->pkt_type = __le16_to_cpu(ev->pkt_type);
2793
2794         hci_dev_unlock(hdev);
2795 }
2796
2797 static void hci_pscan_rep_mode_evt(struct hci_dev *hdev, struct sk_buff *skb)
2798 {
2799         struct hci_ev_pscan_rep_mode *ev = (void *) skb->data;
2800         struct inquiry_entry *ie;
2801
2802         BT_DBG("%s", hdev->name);
2803
2804         hci_dev_lock(hdev);
2805
2806         ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
2807         if (ie) {
2808                 ie->data.pscan_rep_mode = ev->pscan_rep_mode;
2809                 ie->timestamp = jiffies;
2810         }
2811
2812         hci_dev_unlock(hdev);
2813 }
2814
2815 static void hci_inquiry_result_with_rssi_evt(struct hci_dev *hdev,
2816                                              struct sk_buff *skb)
2817 {
2818         struct inquiry_data data;
2819         int num_rsp = *((__u8 *) skb->data);
2820         bool name_known, ssp;
2821
2822         BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
2823
2824         if (!num_rsp)
2825                 return;
2826
2827         if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags))
2828                 return;
2829
2830         hci_dev_lock(hdev);
2831
2832         if ((skb->len - 1) / num_rsp != sizeof(struct inquiry_info_with_rssi)) {
2833                 struct inquiry_info_with_rssi_and_pscan_mode *info;
2834                 info = (void *) (skb->data + 1);
2835
2836                 for (; num_rsp; num_rsp--, info++) {
2837                         bacpy(&data.bdaddr, &info->bdaddr);
2838                         data.pscan_rep_mode     = info->pscan_rep_mode;
2839                         data.pscan_period_mode  = info->pscan_period_mode;
2840                         data.pscan_mode         = info->pscan_mode;
2841                         memcpy(data.dev_class, info->dev_class, 3);
2842                         data.clock_offset       = info->clock_offset;
2843                         data.rssi               = info->rssi;
2844                         data.ssp_mode           = 0x00;
2845
2846                         name_known = hci_inquiry_cache_update(hdev, &data,
2847                                                               false, &ssp);
2848                         mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
2849                                           info->dev_class, info->rssi,
2850                                           !name_known, ssp, NULL, 0);
2851                 }
2852         } else {
2853                 struct inquiry_info_with_rssi *info = (void *) (skb->data + 1);
2854
2855                 for (; num_rsp; num_rsp--, info++) {
2856                         bacpy(&data.bdaddr, &info->bdaddr);
2857                         data.pscan_rep_mode     = info->pscan_rep_mode;
2858                         data.pscan_period_mode  = info->pscan_period_mode;
2859                         data.pscan_mode         = 0x00;
2860                         memcpy(data.dev_class, info->dev_class, 3);
2861                         data.clock_offset       = info->clock_offset;
2862                         data.rssi               = info->rssi;
2863                         data.ssp_mode           = 0x00;
2864                         name_known = hci_inquiry_cache_update(hdev, &data,
2865                                                               false, &ssp);
2866                         mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
2867                                           info->dev_class, info->rssi,
2868                                           !name_known, ssp, NULL, 0);
2869                 }
2870         }
2871
2872         hci_dev_unlock(hdev);
2873 }
2874
2875 static void hci_remote_ext_features_evt(struct hci_dev *hdev,
2876                                         struct sk_buff *skb)
2877 {
2878         struct hci_ev_remote_ext_features *ev = (void *) skb->data;
2879         struct hci_conn *conn;
2880
2881         BT_DBG("%s", hdev->name);
2882
2883         hci_dev_lock(hdev);
2884
2885         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2886         if (!conn)
2887                 goto unlock;
2888
2889         if (ev->page < HCI_MAX_PAGES)
2890                 memcpy(conn->features[ev->page], ev->features, 8);
2891
2892         if (!ev->status && ev->page == 0x01) {
2893                 struct inquiry_entry *ie;
2894
2895                 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
2896                 if (ie)
2897                         ie->data.ssp_mode = (ev->features[0] & LMP_HOST_SSP);
2898
2899                 if (ev->features[0] & LMP_HOST_SSP) {
2900                         set_bit(HCI_CONN_SSP_ENABLED, &conn->flags);
2901                 } else {
2902                         /* It is mandatory by the Bluetooth specification that
2903                          * Extended Inquiry Results are only used when Secure
2904                          * Simple Pairing is enabled, but some devices violate
2905                          * this.
2906                          *
2907                          * To make these devices work, the internal SSP
2908                          * enabled flag needs to be cleared if the remote host
2909                          * features do not indicate SSP support */
2910                         clear_bit(HCI_CONN_SSP_ENABLED, &conn->flags);
2911                 }
2912
2913                 if (ev->features[0] & LMP_HOST_SC)
2914                         set_bit(HCI_CONN_SC_ENABLED, &conn->flags);
2915         }
2916
2917         if (conn->state != BT_CONFIG)
2918                 goto unlock;
2919
2920         if (!ev->status && !test_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags)) {
2921                 struct hci_cp_remote_name_req cp;
2922                 memset(&cp, 0, sizeof(cp));
2923                 bacpy(&cp.bdaddr, &conn->dst);
2924                 cp.pscan_rep_mode = 0x02;
2925                 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
2926         } else if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
2927                 mgmt_device_connected(hdev, &conn->dst, conn->type,
2928                                       conn->dst_type, 0, NULL, 0,
2929                                       conn->dev_class);
2930
2931         if (!hci_outgoing_auth_needed(hdev, conn)) {
2932                 conn->state = BT_CONNECTED;
2933                 hci_proto_connect_cfm(conn, ev->status);
2934                 hci_conn_drop(conn);
2935         }
2936
2937 unlock:
2938         hci_dev_unlock(hdev);
2939 }
2940
2941 static void hci_sync_conn_complete_evt(struct hci_dev *hdev,
2942                                        struct sk_buff *skb)
2943 {
2944         struct hci_ev_sync_conn_complete *ev = (void *) skb->data;
2945         struct hci_conn *conn;
2946
2947         BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2948
2949         hci_dev_lock(hdev);
2950
2951         conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
2952         if (!conn) {
2953                 if (ev->link_type == ESCO_LINK)
2954                         goto unlock;
2955
2956                 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
2957                 if (!conn)
2958                         goto unlock;
2959
2960                 conn->type = SCO_LINK;
2961         }
2962
2963         switch (ev->status) {
2964         case 0x00:
2965                 conn->handle = __le16_to_cpu(ev->handle);
2966                 conn->state  = BT_CONNECTED;
2967
2968                 hci_conn_add_sysfs(conn);
2969                 break;
2970
2971         case 0x0d:      /* Connection Rejected due to Limited Resources */
2972         case 0x11:      /* Unsupported Feature or Parameter Value */
2973         case 0x1c:      /* SCO interval rejected */
2974         case 0x1a:      /* Unsupported Remote Feature */
2975         case 0x1f:      /* Unspecified error */
2976                 if (conn->out) {
2977                         conn->pkt_type = (hdev->esco_type & SCO_ESCO_MASK) |
2978                                         (hdev->esco_type & EDR_ESCO_MASK);
2979                         if (hci_setup_sync(conn, conn->link->handle))
2980                                 goto unlock;
2981                 }
2982                 /* fall through */
2983
2984         default:
2985                 conn->state = BT_CLOSED;
2986                 break;
2987         }
2988
2989         hci_proto_connect_cfm(conn, ev->status);
2990         if (ev->status)
2991                 hci_conn_del(conn);
2992
2993 unlock:
2994         hci_dev_unlock(hdev);
2995 }
2996
2997 static inline size_t eir_get_length(u8 *eir, size_t eir_len)
2998 {
2999         size_t parsed = 0;
3000
3001         while (parsed < eir_len) {
3002                 u8 field_len = eir[0];
3003
3004                 if (field_len == 0)
3005                         return parsed;
3006
3007                 parsed += field_len + 1;
3008                 eir += field_len + 1;
3009         }
3010
3011         return eir_len;
3012 }
3013
3014 static void hci_extended_inquiry_result_evt(struct hci_dev *hdev,
3015                                             struct sk_buff *skb)
3016 {
3017         struct inquiry_data data;
3018         struct extended_inquiry_info *info = (void *) (skb->data + 1);
3019         int num_rsp = *((__u8 *) skb->data);
3020         size_t eir_len;
3021
3022         BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
3023
3024         if (!num_rsp)
3025                 return;
3026
3027         if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags))
3028                 return;
3029
3030         hci_dev_lock(hdev);
3031
3032         for (; num_rsp; num_rsp--, info++) {
3033                 bool name_known, ssp;
3034
3035                 bacpy(&data.bdaddr, &info->bdaddr);
3036                 data.pscan_rep_mode     = info->pscan_rep_mode;
3037                 data.pscan_period_mode  = info->pscan_period_mode;
3038                 data.pscan_mode         = 0x00;
3039                 memcpy(data.dev_class, info->dev_class, 3);
3040                 data.clock_offset       = info->clock_offset;
3041                 data.rssi               = info->rssi;
3042                 data.ssp_mode           = 0x01;
3043
3044                 if (test_bit(HCI_MGMT, &hdev->dev_flags))
3045                         name_known = eir_has_data_type(info->data,
3046                                                        sizeof(info->data),
3047                                                        EIR_NAME_COMPLETE);
3048                 else
3049                         name_known = true;
3050
3051                 name_known = hci_inquiry_cache_update(hdev, &data, name_known,
3052                                                       &ssp);
3053                 eir_len = eir_get_length(info->data, sizeof(info->data));
3054                 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
3055                                   info->dev_class, info->rssi, !name_known,
3056                                   ssp, info->data, eir_len);
3057         }
3058
3059         hci_dev_unlock(hdev);
3060 }
3061
3062 static void hci_key_refresh_complete_evt(struct hci_dev *hdev,
3063                                          struct sk_buff *skb)
3064 {
3065         struct hci_ev_key_refresh_complete *ev = (void *) skb->data;
3066         struct hci_conn *conn;
3067
3068         BT_DBG("%s status 0x%2.2x handle 0x%4.4x", hdev->name, ev->status,
3069                __le16_to_cpu(ev->handle));
3070
3071         hci_dev_lock(hdev);
3072
3073         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
3074         if (!conn)
3075                 goto unlock;
3076
3077         if (!ev->status)
3078                 conn->sec_level = conn->pending_sec_level;
3079
3080         clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
3081
3082         if (ev->status && conn->state == BT_CONNECTED) {
3083                 hci_disconnect(conn, HCI_ERROR_AUTH_FAILURE);
3084                 hci_conn_drop(conn);
3085                 goto unlock;
3086         }
3087
3088         if (conn->state == BT_CONFIG) {
3089                 if (!ev->status)
3090                         conn->state = BT_CONNECTED;
3091
3092                 hci_proto_connect_cfm(conn, ev->status);
3093                 hci_conn_drop(conn);
3094         } else {
3095                 hci_auth_cfm(conn, ev->status);
3096
3097                 hci_conn_hold(conn);
3098                 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
3099                 hci_conn_drop(conn);
3100         }
3101
3102 unlock:
3103         hci_dev_unlock(hdev);
3104 }
3105
3106 static u8 hci_get_auth_req(struct hci_conn *conn)
3107 {
3108         /* If remote requests dedicated bonding follow that lead */
3109         if (conn->remote_auth == HCI_AT_DEDICATED_BONDING ||
3110             conn->remote_auth == HCI_AT_DEDICATED_BONDING_MITM) {
3111                 /* If both remote and local IO capabilities allow MITM
3112                  * protection then require it, otherwise don't */
3113                 if (conn->remote_cap == HCI_IO_NO_INPUT_OUTPUT ||
3114                     conn->io_capability == HCI_IO_NO_INPUT_OUTPUT)
3115                         return HCI_AT_DEDICATED_BONDING;
3116                 else
3117                         return HCI_AT_DEDICATED_BONDING_MITM;
3118         }
3119
3120         /* If remote requests no-bonding follow that lead */
3121         if (conn->remote_auth == HCI_AT_NO_BONDING ||
3122             conn->remote_auth == HCI_AT_NO_BONDING_MITM)
3123                 return conn->remote_auth | (conn->auth_type & 0x01);
3124
3125         return conn->auth_type;
3126 }
3127
3128 static void hci_io_capa_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
3129 {
3130         struct hci_ev_io_capa_request *ev = (void *) skb->data;
3131         struct hci_conn *conn;
3132
3133         BT_DBG("%s", hdev->name);
3134
3135         hci_dev_lock(hdev);
3136
3137         conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3138         if (!conn)
3139                 goto unlock;
3140
3141         hci_conn_hold(conn);
3142
3143         if (!test_bit(HCI_MGMT, &hdev->dev_flags))
3144                 goto unlock;
3145
3146         if (test_bit(HCI_PAIRABLE, &hdev->dev_flags) ||
3147             (conn->remote_auth & ~0x01) == HCI_AT_NO_BONDING) {
3148                 struct hci_cp_io_capability_reply cp;
3149
3150                 bacpy(&cp.bdaddr, &ev->bdaddr);
3151                 /* Change the IO capability from KeyboardDisplay
3152                  * to DisplayYesNo as it is not supported by BT spec. */
3153                 cp.capability = (conn->io_capability == 0x04) ?
3154                                 HCI_IO_DISPLAY_YESNO : conn->io_capability;
3155                 conn->auth_type = hci_get_auth_req(conn);
3156                 cp.authentication = conn->auth_type;
3157
3158                 if (hci_find_remote_oob_data(hdev, &conn->dst) &&
3159                     (conn->out || test_bit(HCI_CONN_REMOTE_OOB, &conn->flags)))
3160                         cp.oob_data = 0x01;
3161                 else
3162                         cp.oob_data = 0x00;
3163
3164                 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_REPLY,
3165                              sizeof(cp), &cp);
3166         } else {
3167                 struct hci_cp_io_capability_neg_reply cp;
3168
3169                 bacpy(&cp.bdaddr, &ev->bdaddr);
3170                 cp.reason = HCI_ERROR_PAIRING_NOT_ALLOWED;
3171
3172                 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_NEG_REPLY,
3173                              sizeof(cp), &cp);
3174         }
3175
3176 unlock:
3177         hci_dev_unlock(hdev);
3178 }
3179
3180 static void hci_io_capa_reply_evt(struct hci_dev *hdev, struct sk_buff *skb)
3181 {
3182         struct hci_ev_io_capa_reply *ev = (void *) skb->data;
3183         struct hci_conn *conn;
3184
3185         BT_DBG("%s", hdev->name);
3186
3187         hci_dev_lock(hdev);
3188
3189         conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3190         if (!conn)
3191                 goto unlock;
3192
3193         conn->remote_cap = ev->capability;
3194         conn->remote_auth = ev->authentication;
3195         if (ev->oob_data)
3196                 set_bit(HCI_CONN_REMOTE_OOB, &conn->flags);
3197
3198 unlock:
3199         hci_dev_unlock(hdev);
3200 }
3201
3202 static void hci_user_confirm_request_evt(struct hci_dev *hdev,
3203                                          struct sk_buff *skb)
3204 {
3205         struct hci_ev_user_confirm_req *ev = (void *) skb->data;
3206         int loc_mitm, rem_mitm, confirm_hint = 0;
3207         struct hci_conn *conn;
3208
3209         BT_DBG("%s", hdev->name);
3210
3211         hci_dev_lock(hdev);
3212
3213         if (!test_bit(HCI_MGMT, &hdev->dev_flags))
3214                 goto unlock;
3215
3216         conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3217         if (!conn)
3218                 goto unlock;
3219
3220         loc_mitm = (conn->auth_type & 0x01);
3221         rem_mitm = (conn->remote_auth & 0x01);
3222
3223         /* If we require MITM but the remote device can't provide that
3224          * (it has NoInputNoOutput) then reject the confirmation
3225          * request. The only exception is when we're dedicated bonding
3226          * initiators (connect_cfm_cb set) since then we always have the MITM
3227          * bit set. */
3228         if (!conn->connect_cfm_cb && loc_mitm &&
3229             conn->remote_cap == HCI_IO_NO_INPUT_OUTPUT) {
3230                 BT_DBG("Rejecting request: remote device can't provide MITM");
3231                 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_NEG_REPLY,
3232                              sizeof(ev->bdaddr), &ev->bdaddr);
3233                 goto unlock;
3234         }
3235
3236         /* If no side requires MITM protection; auto-accept */
3237         if ((!loc_mitm || conn->remote_cap == HCI_IO_NO_INPUT_OUTPUT) &&
3238             (!rem_mitm || conn->io_capability == HCI_IO_NO_INPUT_OUTPUT)) {
3239
3240                 /* If we're not the initiators request authorization to
3241                  * proceed from user space (mgmt_user_confirm with
3242                  * confirm_hint set to 1). */
3243                 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
3244                         BT_DBG("Confirming auto-accept as acceptor");
3245                         confirm_hint = 1;
3246                         goto confirm;
3247                 }
3248
3249                 BT_DBG("Auto-accept of user confirmation with %ums delay",
3250                        hdev->auto_accept_delay);
3251
3252                 if (hdev->auto_accept_delay > 0) {
3253                         int delay = msecs_to_jiffies(hdev->auto_accept_delay);
3254                         queue_delayed_work(conn->hdev->workqueue,
3255                                            &conn->auto_accept_work, delay);
3256                         goto unlock;
3257                 }
3258
3259                 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_REPLY,
3260                              sizeof(ev->bdaddr), &ev->bdaddr);
3261                 goto unlock;
3262         }
3263
3264 confirm:
3265         mgmt_user_confirm_request(hdev, &ev->bdaddr, ACL_LINK, 0, ev->passkey,
3266                                   confirm_hint);
3267
3268 unlock:
3269         hci_dev_unlock(hdev);
3270 }
3271
3272 static void hci_user_passkey_request_evt(struct hci_dev *hdev,
3273                                          struct sk_buff *skb)
3274 {
3275         struct hci_ev_user_passkey_req *ev = (void *) skb->data;
3276
3277         BT_DBG("%s", hdev->name);
3278
3279         if (test_bit(HCI_MGMT, &hdev->dev_flags))
3280                 mgmt_user_passkey_request(hdev, &ev->bdaddr, ACL_LINK, 0);
3281 }
3282
3283 static void hci_user_passkey_notify_evt(struct hci_dev *hdev,
3284                                         struct sk_buff *skb)
3285 {
3286         struct hci_ev_user_passkey_notify *ev = (void *) skb->data;
3287         struct hci_conn *conn;
3288
3289         BT_DBG("%s", hdev->name);
3290
3291         conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3292         if (!conn)
3293                 return;
3294
3295         conn->passkey_notify = __le32_to_cpu(ev->passkey);
3296         conn->passkey_entered = 0;
3297
3298         if (test_bit(HCI_MGMT, &hdev->dev_flags))
3299                 mgmt_user_passkey_notify(hdev, &conn->dst, conn->type,
3300                                          conn->dst_type, conn->passkey_notify,
3301                                          conn->passkey_entered);
3302 }
3303
3304 static void hci_keypress_notify_evt(struct hci_dev *hdev, struct sk_buff *skb)
3305 {
3306         struct hci_ev_keypress_notify *ev = (void *) skb->data;
3307         struct hci_conn *conn;
3308
3309         BT_DBG("%s", hdev->name);
3310
3311         conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3312         if (!conn)
3313                 return;
3314
3315         switch (ev->type) {
3316         case HCI_KEYPRESS_STARTED:
3317                 conn->passkey_entered = 0;
3318                 return;
3319
3320         case HCI_KEYPRESS_ENTERED:
3321                 conn->passkey_entered++;
3322                 break;
3323
3324         case HCI_KEYPRESS_ERASED:
3325                 conn->passkey_entered--;
3326                 break;
3327
3328         case HCI_KEYPRESS_CLEARED:
3329                 conn->passkey_entered = 0;
3330                 break;
3331
3332         case HCI_KEYPRESS_COMPLETED:
3333                 return;
3334         }
3335
3336         if (test_bit(HCI_MGMT, &hdev->dev_flags))
3337                 mgmt_user_passkey_notify(hdev, &conn->dst, conn->type,
3338                                          conn->dst_type, conn->passkey_notify,
3339                                          conn->passkey_entered);
3340 }
3341
3342 static void hci_simple_pair_complete_evt(struct hci_dev *hdev,
3343                                          struct sk_buff *skb)
3344 {
3345         struct hci_ev_simple_pair_complete *ev = (void *) skb->data;
3346         struct hci_conn *conn;
3347
3348         BT_DBG("%s", hdev->name);
3349
3350         hci_dev_lock(hdev);
3351
3352         conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3353         if (!conn)
3354                 goto unlock;
3355
3356         /* To avoid duplicate auth_failed events to user space we check
3357          * the HCI_CONN_AUTH_PEND flag which will be set if we
3358          * initiated the authentication. A traditional auth_complete
3359          * event gets always produced as initiator and is also mapped to
3360          * the mgmt_auth_failed event */
3361         if (!test_bit(HCI_CONN_AUTH_PEND, &conn->flags) && ev->status)
3362                 mgmt_auth_failed(hdev, &conn->dst, conn->type, conn->dst_type,
3363                                  ev->status);
3364
3365         hci_conn_drop(conn);
3366
3367 unlock:
3368         hci_dev_unlock(hdev);
3369 }
3370
3371 static void hci_remote_host_features_evt(struct hci_dev *hdev,
3372                                          struct sk_buff *skb)
3373 {
3374         struct hci_ev_remote_host_features *ev = (void *) skb->data;
3375         struct inquiry_entry *ie;
3376         struct hci_conn *conn;
3377
3378         BT_DBG("%s", hdev->name);
3379
3380         hci_dev_lock(hdev);
3381
3382         conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3383         if (conn)
3384                 memcpy(conn->features[1], ev->features, 8);
3385
3386         ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
3387         if (ie)
3388                 ie->data.ssp_mode = (ev->features[0] & LMP_HOST_SSP);
3389
3390         hci_dev_unlock(hdev);
3391 }
3392
3393 static void hci_remote_oob_data_request_evt(struct hci_dev *hdev,
3394                                             struct sk_buff *skb)
3395 {
3396         struct hci_ev_remote_oob_data_request *ev = (void *) skb->data;
3397         struct oob_data *data;
3398
3399         BT_DBG("%s", hdev->name);
3400
3401         hci_dev_lock(hdev);
3402
3403         if (!test_bit(HCI_MGMT, &hdev->dev_flags))
3404                 goto unlock;
3405
3406         data = hci_find_remote_oob_data(hdev, &ev->bdaddr);
3407         if (data) {
3408                 if (test_bit(HCI_SC_ENABLED, &hdev->dev_flags)) {
3409                         struct hci_cp_remote_oob_ext_data_reply cp;
3410
3411                         bacpy(&cp.bdaddr, &ev->bdaddr);
3412                         memcpy(cp.hash192, data->hash192, sizeof(cp.hash192));
3413                         memcpy(cp.randomizer192, data->randomizer192,
3414                                sizeof(cp.randomizer192));
3415                         memcpy(cp.hash256, data->hash256, sizeof(cp.hash256));
3416                         memcpy(cp.randomizer256, data->randomizer256,
3417                                sizeof(cp.randomizer256));
3418
3419                         hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_EXT_DATA_REPLY,
3420                                      sizeof(cp), &cp);
3421                 } else {
3422                         struct hci_cp_remote_oob_data_reply cp;
3423
3424                         bacpy(&cp.bdaddr, &ev->bdaddr);
3425                         memcpy(cp.hash, data->hash192, sizeof(cp.hash));
3426                         memcpy(cp.randomizer, data->randomizer192,
3427                                sizeof(cp.randomizer));
3428
3429                         hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_REPLY,
3430                                      sizeof(cp), &cp);
3431                 }
3432         } else {
3433                 struct hci_cp_remote_oob_data_neg_reply cp;
3434
3435                 bacpy(&cp.bdaddr, &ev->bdaddr);
3436                 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_NEG_REPLY,
3437                              sizeof(cp), &cp);
3438         }
3439
3440 unlock:
3441         hci_dev_unlock(hdev);
3442 }
3443
3444 static void hci_phy_link_complete_evt(struct hci_dev *hdev,
3445                                       struct sk_buff *skb)
3446 {
3447         struct hci_ev_phy_link_complete *ev = (void *) skb->data;
3448         struct hci_conn *hcon, *bredr_hcon;
3449
3450         BT_DBG("%s handle 0x%2.2x status 0x%2.2x", hdev->name, ev->phy_handle,
3451                ev->status);
3452
3453         hci_dev_lock(hdev);
3454
3455         hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
3456         if (!hcon) {
3457                 hci_dev_unlock(hdev);
3458                 return;
3459         }
3460
3461         if (ev->status) {
3462                 hci_conn_del(hcon);
3463                 hci_dev_unlock(hdev);
3464                 return;
3465         }
3466
3467         bredr_hcon = hcon->amp_mgr->l2cap_conn->hcon;
3468
3469         hcon->state = BT_CONNECTED;
3470         bacpy(&hcon->dst, &bredr_hcon->dst);
3471
3472         hci_conn_hold(hcon);
3473         hcon->disc_timeout = HCI_DISCONN_TIMEOUT;
3474         hci_conn_drop(hcon);
3475
3476         hci_conn_add_sysfs(hcon);
3477
3478         amp_physical_cfm(bredr_hcon, hcon);
3479
3480         hci_dev_unlock(hdev);
3481 }
3482
3483 static void hci_loglink_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
3484 {
3485         struct hci_ev_logical_link_complete *ev = (void *) skb->data;
3486         struct hci_conn *hcon;
3487         struct hci_chan *hchan;
3488         struct amp_mgr *mgr;
3489
3490         BT_DBG("%s log_handle 0x%4.4x phy_handle 0x%2.2x status 0x%2.2x",
3491                hdev->name, le16_to_cpu(ev->handle), ev->phy_handle,
3492                ev->status);
3493
3494         hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
3495         if (!hcon)
3496                 return;
3497
3498         /* Create AMP hchan */
3499         hchan = hci_chan_create(hcon);
3500         if (!hchan)
3501                 return;
3502
3503         hchan->handle = le16_to_cpu(ev->handle);
3504
3505         BT_DBG("hcon %p mgr %p hchan %p", hcon, hcon->amp_mgr, hchan);
3506
3507         mgr = hcon->amp_mgr;
3508         if (mgr && mgr->bredr_chan) {
3509                 struct l2cap_chan *bredr_chan = mgr->bredr_chan;
3510
3511                 l2cap_chan_lock(bredr_chan);
3512
3513                 bredr_chan->conn->mtu = hdev->block_mtu;
3514                 l2cap_logical_cfm(bredr_chan, hchan, 0);
3515                 hci_conn_hold(hcon);
3516
3517                 l2cap_chan_unlock(bredr_chan);
3518         }
3519 }
3520
3521 static void hci_disconn_loglink_complete_evt(struct hci_dev *hdev,
3522                                              struct sk_buff *skb)
3523 {
3524         struct hci_ev_disconn_logical_link_complete *ev = (void *) skb->data;
3525         struct hci_chan *hchan;
3526
3527         BT_DBG("%s log handle 0x%4.4x status 0x%2.2x", hdev->name,
3528                le16_to_cpu(ev->handle), ev->status);
3529
3530         if (ev->status)
3531                 return;
3532
3533         hci_dev_lock(hdev);
3534
3535         hchan = hci_chan_lookup_handle(hdev, le16_to_cpu(ev->handle));
3536         if (!hchan)
3537                 goto unlock;
3538
3539         amp_destroy_logical_link(hchan, ev->reason);
3540
3541 unlock:
3542         hci_dev_unlock(hdev);
3543 }
3544
3545 static void hci_disconn_phylink_complete_evt(struct hci_dev *hdev,
3546                                              struct sk_buff *skb)
3547 {
3548         struct hci_ev_disconn_phy_link_complete *ev = (void *) skb->data;
3549         struct hci_conn *hcon;
3550
3551         BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
3552
3553         if (ev->status)
3554                 return;
3555
3556         hci_dev_lock(hdev);
3557
3558         hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
3559         if (hcon) {
3560                 hcon->state = BT_CLOSED;
3561                 hci_conn_del(hcon);
3562         }
3563
3564         hci_dev_unlock(hdev);
3565 }
3566
3567 static void hci_le_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
3568 {
3569         struct hci_ev_le_conn_complete *ev = (void *) skb->data;
3570         struct hci_conn *conn;
3571         struct smp_irk *irk;
3572
3573         BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
3574
3575         hci_dev_lock(hdev);
3576
3577         conn = hci_conn_hash_lookup_state(hdev, LE_LINK, BT_CONNECT);
3578         if (!conn) {
3579                 conn = hci_conn_add(hdev, LE_LINK, &ev->bdaddr);
3580                 if (!conn) {
3581                         BT_ERR("No memory for new connection");
3582                         goto unlock;
3583                 }
3584
3585                 conn->dst_type = ev->bdaddr_type;
3586
3587                 /* The advertising parameters for own address type
3588                  * define which source address and source address
3589                  * type this connections has.
3590                  */
3591                 if (bacmp(&conn->src, BDADDR_ANY)) {
3592                         conn->src_type = ADDR_LE_DEV_PUBLIC;
3593                 } else {
3594                         bacpy(&conn->src, &hdev->static_addr);
3595                         conn->src_type = ADDR_LE_DEV_RANDOM;
3596                 }
3597
3598                 if (ev->role == LE_CONN_ROLE_MASTER) {
3599                         conn->out = true;
3600                         conn->link_mode |= HCI_LM_MASTER;
3601                 }
3602         }
3603
3604         /* Track the connection based on the Identity Address from now on */
3605         irk = hci_get_irk(hdev, &ev->bdaddr, ev->bdaddr_type);
3606         if (irk) {
3607                 bacpy(&conn->dst, &irk->bdaddr);
3608                 conn->dst_type = irk->addr_type;
3609         }
3610
3611         if (ev->status) {
3612                 mgmt_connect_failed(hdev, &conn->dst, conn->type,
3613                                     conn->dst_type, ev->status);
3614                 hci_proto_connect_cfm(conn, ev->status);
3615                 conn->state = BT_CLOSED;
3616                 hci_conn_del(conn);
3617                 goto unlock;
3618         }
3619
3620         if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
3621                 mgmt_device_connected(hdev, &conn->dst, conn->type,
3622                                       conn->dst_type, 0, NULL, 0, NULL);
3623
3624         conn->sec_level = BT_SECURITY_LOW;
3625         conn->handle = __le16_to_cpu(ev->handle);
3626         conn->state = BT_CONNECTED;
3627
3628         if (test_bit(HCI_6LOWPAN_ENABLED, &hdev->dev_flags))
3629                 set_bit(HCI_CONN_6LOWPAN, &conn->flags);
3630
3631         hci_conn_add_sysfs(conn);
3632
3633         hci_proto_connect_cfm(conn, ev->status);
3634
3635 unlock:
3636         hci_dev_unlock(hdev);
3637 }
3638
3639 static void hci_le_adv_report_evt(struct hci_dev *hdev, struct sk_buff *skb)
3640 {
3641         u8 num_reports = skb->data[0];
3642         void *ptr = &skb->data[1];
3643         s8 rssi;
3644
3645         while (num_reports--) {
3646                 struct hci_ev_le_advertising_info *ev = ptr;
3647
3648                 rssi = ev->data[ev->length];
3649                 mgmt_device_found(hdev, &ev->bdaddr, LE_LINK, ev->bdaddr_type,
3650                                   NULL, rssi, 0, 1, ev->data, ev->length);
3651
3652                 ptr += sizeof(*ev) + ev->length + 1;
3653         }
3654 }
3655
3656 static void hci_le_ltk_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
3657 {
3658         struct hci_ev_le_ltk_req *ev = (void *) skb->data;
3659         struct hci_cp_le_ltk_reply cp;
3660         struct hci_cp_le_ltk_neg_reply neg;
3661         struct hci_conn *conn;
3662         struct smp_ltk *ltk;
3663
3664         BT_DBG("%s handle 0x%4.4x", hdev->name, __le16_to_cpu(ev->handle));
3665
3666         hci_dev_lock(hdev);
3667
3668         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
3669         if (conn == NULL)
3670                 goto not_found;
3671
3672         ltk = hci_find_ltk(hdev, ev->ediv, ev->random, conn->out);
3673         if (ltk == NULL)
3674                 goto not_found;
3675
3676         memcpy(cp.ltk, ltk->val, sizeof(ltk->val));
3677         cp.handle = cpu_to_le16(conn->handle);
3678
3679         if (ltk->authenticated)
3680                 conn->pending_sec_level = BT_SECURITY_HIGH;
3681         else
3682                 conn->pending_sec_level = BT_SECURITY_MEDIUM;
3683
3684         conn->enc_key_size = ltk->enc_size;
3685
3686         hci_send_cmd(hdev, HCI_OP_LE_LTK_REPLY, sizeof(cp), &cp);
3687
3688         if (ltk->type & HCI_SMP_STK) {
3689                 list_del(&ltk->list);
3690                 kfree(ltk);
3691         }
3692
3693         hci_dev_unlock(hdev);
3694
3695         return;
3696
3697 not_found:
3698         neg.handle = ev->handle;
3699         hci_send_cmd(hdev, HCI_OP_LE_LTK_NEG_REPLY, sizeof(neg), &neg);
3700         hci_dev_unlock(hdev);
3701 }
3702
3703 static void hci_le_meta_evt(struct hci_dev *hdev, struct sk_buff *skb)
3704 {
3705         struct hci_ev_le_meta *le_ev = (void *) skb->data;
3706
3707         skb_pull(skb, sizeof(*le_ev));
3708
3709         switch (le_ev->subevent) {
3710         case HCI_EV_LE_CONN_COMPLETE:
3711                 hci_le_conn_complete_evt(hdev, skb);
3712                 break;
3713
3714         case HCI_EV_LE_ADVERTISING_REPORT:
3715                 hci_le_adv_report_evt(hdev, skb);
3716                 break;
3717
3718         case HCI_EV_LE_LTK_REQ:
3719                 hci_le_ltk_request_evt(hdev, skb);
3720                 break;
3721
3722         default:
3723                 break;
3724         }
3725 }
3726
3727 static void hci_chan_selected_evt(struct hci_dev *hdev, struct sk_buff *skb)
3728 {
3729         struct hci_ev_channel_selected *ev = (void *) skb->data;
3730         struct hci_conn *hcon;
3731
3732         BT_DBG("%s handle 0x%2.2x", hdev->name, ev->phy_handle);
3733
3734         skb_pull(skb, sizeof(*ev));
3735
3736         hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
3737         if (!hcon)
3738                 return;
3739
3740         amp_read_loc_assoc_final_data(hdev, hcon);
3741 }
3742
3743 void hci_event_packet(struct hci_dev *hdev, struct sk_buff *skb)
3744 {
3745         struct hci_event_hdr *hdr = (void *) skb->data;
3746         __u8 event = hdr->evt;
3747
3748         hci_dev_lock(hdev);
3749
3750         /* Received events are (currently) only needed when a request is
3751          * ongoing so avoid unnecessary memory allocation.
3752          */
3753         if (hdev->req_status == HCI_REQ_PEND) {
3754                 kfree_skb(hdev->recv_evt);
3755                 hdev->recv_evt = skb_clone(skb, GFP_KERNEL);
3756         }
3757
3758         hci_dev_unlock(hdev);
3759
3760         skb_pull(skb, HCI_EVENT_HDR_SIZE);
3761
3762         if (hdev->sent_cmd && bt_cb(hdev->sent_cmd)->req.event == event) {
3763                 struct hci_command_hdr *cmd_hdr = (void *) hdev->sent_cmd->data;
3764                 u16 opcode = __le16_to_cpu(cmd_hdr->opcode);
3765
3766                 hci_req_cmd_complete(hdev, opcode, 0);
3767         }
3768
3769         switch (event) {
3770         case HCI_EV_INQUIRY_COMPLETE:
3771                 hci_inquiry_complete_evt(hdev, skb);
3772                 break;
3773
3774         case HCI_EV_INQUIRY_RESULT:
3775                 hci_inquiry_result_evt(hdev, skb);
3776                 break;
3777
3778         case HCI_EV_CONN_COMPLETE:
3779                 hci_conn_complete_evt(hdev, skb);
3780                 break;
3781
3782         case HCI_EV_CONN_REQUEST:
3783                 hci_conn_request_evt(hdev, skb);
3784                 break;
3785
3786         case HCI_EV_DISCONN_COMPLETE:
3787                 hci_disconn_complete_evt(hdev, skb);
3788                 break;
3789
3790         case HCI_EV_AUTH_COMPLETE:
3791                 hci_auth_complete_evt(hdev, skb);
3792                 break;
3793
3794         case HCI_EV_REMOTE_NAME:
3795                 hci_remote_name_evt(hdev, skb);
3796                 break;
3797
3798         case HCI_EV_ENCRYPT_CHANGE:
3799                 hci_encrypt_change_evt(hdev, skb);
3800                 break;
3801
3802         case HCI_EV_CHANGE_LINK_KEY_COMPLETE:
3803                 hci_change_link_key_complete_evt(hdev, skb);
3804                 break;
3805
3806         case HCI_EV_REMOTE_FEATURES:
3807                 hci_remote_features_evt(hdev, skb);
3808                 break;
3809
3810         case HCI_EV_CMD_COMPLETE:
3811                 hci_cmd_complete_evt(hdev, skb);
3812                 break;
3813
3814         case HCI_EV_CMD_STATUS:
3815                 hci_cmd_status_evt(hdev, skb);
3816                 break;
3817
3818         case HCI_EV_ROLE_CHANGE:
3819                 hci_role_change_evt(hdev, skb);
3820                 break;
3821
3822         case HCI_EV_NUM_COMP_PKTS:
3823                 hci_num_comp_pkts_evt(hdev, skb);
3824                 break;
3825
3826         case HCI_EV_MODE_CHANGE:
3827                 hci_mode_change_evt(hdev, skb);
3828                 break;
3829
3830         case HCI_EV_PIN_CODE_REQ:
3831                 hci_pin_code_request_evt(hdev, skb);
3832                 break;
3833
3834         case HCI_EV_LINK_KEY_REQ:
3835                 hci_link_key_request_evt(hdev, skb);
3836                 break;
3837
3838         case HCI_EV_LINK_KEY_NOTIFY:
3839                 hci_link_key_notify_evt(hdev, skb);
3840                 break;
3841
3842         case HCI_EV_CLOCK_OFFSET:
3843                 hci_clock_offset_evt(hdev, skb);
3844                 break;
3845
3846         case HCI_EV_PKT_TYPE_CHANGE:
3847                 hci_pkt_type_change_evt(hdev, skb);
3848                 break;
3849
3850         case HCI_EV_PSCAN_REP_MODE:
3851                 hci_pscan_rep_mode_evt(hdev, skb);
3852                 break;
3853
3854         case HCI_EV_INQUIRY_RESULT_WITH_RSSI:
3855                 hci_inquiry_result_with_rssi_evt(hdev, skb);
3856                 break;
3857
3858         case HCI_EV_REMOTE_EXT_FEATURES:
3859                 hci_remote_ext_features_evt(hdev, skb);
3860                 break;
3861
3862         case HCI_EV_SYNC_CONN_COMPLETE:
3863                 hci_sync_conn_complete_evt(hdev, skb);
3864                 break;
3865
3866         case HCI_EV_EXTENDED_INQUIRY_RESULT:
3867                 hci_extended_inquiry_result_evt(hdev, skb);
3868                 break;
3869
3870         case HCI_EV_KEY_REFRESH_COMPLETE:
3871                 hci_key_refresh_complete_evt(hdev, skb);
3872                 break;
3873
3874         case HCI_EV_IO_CAPA_REQUEST:
3875                 hci_io_capa_request_evt(hdev, skb);
3876                 break;
3877
3878         case HCI_EV_IO_CAPA_REPLY:
3879                 hci_io_capa_reply_evt(hdev, skb);
3880                 break;
3881
3882         case HCI_EV_USER_CONFIRM_REQUEST:
3883                 hci_user_confirm_request_evt(hdev, skb);
3884                 break;
3885
3886         case HCI_EV_USER_PASSKEY_REQUEST:
3887                 hci_user_passkey_request_evt(hdev, skb);
3888                 break;
3889
3890         case HCI_EV_USER_PASSKEY_NOTIFY:
3891                 hci_user_passkey_notify_evt(hdev, skb);
3892                 break;
3893
3894         case HCI_EV_KEYPRESS_NOTIFY:
3895                 hci_keypress_notify_evt(hdev, skb);
3896                 break;
3897
3898         case HCI_EV_SIMPLE_PAIR_COMPLETE:
3899                 hci_simple_pair_complete_evt(hdev, skb);
3900                 break;
3901
3902         case HCI_EV_REMOTE_HOST_FEATURES:
3903                 hci_remote_host_features_evt(hdev, skb);
3904                 break;
3905
3906         case HCI_EV_LE_META:
3907                 hci_le_meta_evt(hdev, skb);
3908                 break;
3909
3910         case HCI_EV_CHANNEL_SELECTED:
3911                 hci_chan_selected_evt(hdev, skb);
3912                 break;
3913
3914         case HCI_EV_REMOTE_OOB_DATA_REQUEST:
3915                 hci_remote_oob_data_request_evt(hdev, skb);
3916                 break;
3917
3918         case HCI_EV_PHY_LINK_COMPLETE:
3919                 hci_phy_link_complete_evt(hdev, skb);
3920                 break;
3921
3922         case HCI_EV_LOGICAL_LINK_COMPLETE:
3923                 hci_loglink_complete_evt(hdev, skb);
3924                 break;
3925
3926         case HCI_EV_DISCONN_LOGICAL_LINK_COMPLETE:
3927                 hci_disconn_loglink_complete_evt(hdev, skb);
3928                 break;
3929
3930         case HCI_EV_DISCONN_PHY_LINK_COMPLETE:
3931                 hci_disconn_phylink_complete_evt(hdev, skb);
3932                 break;
3933
3934         case HCI_EV_NUM_COMP_BLOCKS:
3935                 hci_num_comp_blocks_evt(hdev, skb);
3936                 break;
3937
3938         default:
3939                 BT_DBG("%s event 0x%2.2x", hdev->name, event);
3940                 break;
3941         }
3942
3943         kfree_skb(skb);
3944         hdev->stat.evt_rx++;
3945 }
Pandora Kernel Repository