git.openpandora.org / pandora-kernel.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Bluetooth: Track LE white list modification via HCI commands
[pandora-kernel.git] / net / bluetooth / hci_event.c
1 /*
2    BlueZ - Bluetooth protocol stack for Linux
3    Copyright (c) 2000-2001, 2010, Code Aurora Forum. All rights reserved.
4
5    Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
6
7    This program is free software; you can redistribute it and/or modify
8    it under the terms of the GNU General Public License version 2 as
9    published by the Free Software Foundation;
10
11    THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12    OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13    FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14    IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15    CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16    WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17    ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18    OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
20    ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21    COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22    SOFTWARE IS DISCLAIMED.
23 */
24
25 /* Bluetooth HCI event handling. */
26
27 #include <asm/unaligned.h>
28
29 #include <net/bluetooth/bluetooth.h>
30 #include <net/bluetooth/hci_core.h>
31 #include <net/bluetooth/mgmt.h>
32
33 #include "a2mp.h"
34 #include "amp.h"
35
36 /* Handle HCI Event packets */
37
38 static void hci_cc_inquiry_cancel(struct hci_dev *hdev, struct sk_buff *skb)
39 {
40         __u8 status = *((__u8 *) skb->data);
41
42         BT_DBG("%s status 0x%2.2x", hdev->name, status);
43
44         if (status)
45                 return;
46
47         clear_bit(HCI_INQUIRY, &hdev->flags);
48         smp_mb__after_clear_bit(); /* wake_up_bit advises about this barrier */
49         wake_up_bit(&hdev->flags, HCI_INQUIRY);
50
51         hci_conn_check_pending(hdev);
52 }
53
54 static void hci_cc_periodic_inq(struct hci_dev *hdev, struct sk_buff *skb)
55 {
56         __u8 status = *((__u8 *) skb->data);
57
58         BT_DBG("%s status 0x%2.2x", hdev->name, status);
59
60         if (status)
61                 return;
62
63         set_bit(HCI_PERIODIC_INQ, &hdev->dev_flags);
64 }
65
66 static void hci_cc_exit_periodic_inq(struct hci_dev *hdev, struct sk_buff *skb)
67 {
68         __u8 status = *((__u8 *) skb->data);
69
70         BT_DBG("%s status 0x%2.2x", hdev->name, status);
71
72         if (status)
73                 return;
74
75         clear_bit(HCI_PERIODIC_INQ, &hdev->dev_flags);
76
77         hci_conn_check_pending(hdev);
78 }
79
80 static void hci_cc_remote_name_req_cancel(struct hci_dev *hdev,
81                                           struct sk_buff *skb)
82 {
83         BT_DBG("%s", hdev->name);
84 }
85
86 static void hci_cc_role_discovery(struct hci_dev *hdev, struct sk_buff *skb)
87 {
88         struct hci_rp_role_discovery *rp = (void *) skb->data;
89         struct hci_conn *conn;
90
91         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
92
93         if (rp->status)
94                 return;
95
96         hci_dev_lock(hdev);
97
98         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
99         if (conn) {
100                 if (rp->role)
101                         conn->link_mode &= ~HCI_LM_MASTER;
102                 else
103                         conn->link_mode |= HCI_LM_MASTER;
104         }
105
106         hci_dev_unlock(hdev);
107 }
108
109 static void hci_cc_read_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
110 {
111         struct hci_rp_read_link_policy *rp = (void *) skb->data;
112         struct hci_conn *conn;
113
114         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
115
116         if (rp->status)
117                 return;
118
119         hci_dev_lock(hdev);
120
121         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
122         if (conn)
123                 conn->link_policy = __le16_to_cpu(rp->policy);
124
125         hci_dev_unlock(hdev);
126 }
127
128 static void hci_cc_write_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
129 {
130         struct hci_rp_write_link_policy *rp = (void *) skb->data;
131         struct hci_conn *conn;
132         void *sent;
133
134         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
135
136         if (rp->status)
137                 return;
138
139         sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LINK_POLICY);
140         if (!sent)
141                 return;
142
143         hci_dev_lock(hdev);
144
145         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
146         if (conn)
147                 conn->link_policy = get_unaligned_le16(sent + 2);
148
149         hci_dev_unlock(hdev);
150 }
151
152 static void hci_cc_read_def_link_policy(struct hci_dev *hdev,
153                                         struct sk_buff *skb)
154 {
155         struct hci_rp_read_def_link_policy *rp = (void *) skb->data;
156
157         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
158
159         if (rp->status)
160                 return;
161
162         hdev->link_policy = __le16_to_cpu(rp->policy);
163 }
164
165 static void hci_cc_write_def_link_policy(struct hci_dev *hdev,
166                                          struct sk_buff *skb)
167 {
168         __u8 status = *((__u8 *) skb->data);
169         void *sent;
170
171         BT_DBG("%s status 0x%2.2x", hdev->name, status);
172
173         sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_DEF_LINK_POLICY);
174         if (!sent)
175                 return;
176
177         if (!status)
178                 hdev->link_policy = get_unaligned_le16(sent);
179 }
180
181 static void hci_cc_reset(struct hci_dev *hdev, struct sk_buff *skb)
182 {
183         __u8 status = *((__u8 *) skb->data);
184
185         BT_DBG("%s status 0x%2.2x", hdev->name, status);
186
187         clear_bit(HCI_RESET, &hdev->flags);
188
189         /* Reset all non-persistent flags */
190         hdev->dev_flags &= ~HCI_PERSISTENT_MASK;
191
192         hdev->discovery.state = DISCOVERY_STOPPED;
193         hdev->inq_tx_power = HCI_TX_POWER_INVALID;
194         hdev->adv_tx_power = HCI_TX_POWER_INVALID;
195
196         memset(hdev->adv_data, 0, sizeof(hdev->adv_data));
197         hdev->adv_data_len = 0;
198
199         memset(hdev->scan_rsp_data, 0, sizeof(hdev->scan_rsp_data));
200         hdev->scan_rsp_data_len = 0;
201
202         hdev->ssp_debug_mode = 0;
203 }
204
205 static void hci_cc_write_local_name(struct hci_dev *hdev, struct sk_buff *skb)
206 {
207         __u8 status = *((__u8 *) skb->data);
208         void *sent;
209
210         BT_DBG("%s status 0x%2.2x", hdev->name, status);
211
212         sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LOCAL_NAME);
213         if (!sent)
214                 return;
215
216         hci_dev_lock(hdev);
217
218         if (test_bit(HCI_MGMT, &hdev->dev_flags))
219                 mgmt_set_local_name_complete(hdev, sent, status);
220         else if (!status)
221                 memcpy(hdev->dev_name, sent, HCI_MAX_NAME_LENGTH);
222
223         hci_dev_unlock(hdev);
224 }
225
226 static void hci_cc_read_local_name(struct hci_dev *hdev, struct sk_buff *skb)
227 {
228         struct hci_rp_read_local_name *rp = (void *) skb->data;
229
230         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
231
232         if (rp->status)
233                 return;
234
235         if (test_bit(HCI_SETUP, &hdev->dev_flags))
236                 memcpy(hdev->dev_name, rp->name, HCI_MAX_NAME_LENGTH);
237 }
238
239 static void hci_cc_write_auth_enable(struct hci_dev *hdev, struct sk_buff *skb)
240 {
241         __u8 status = *((__u8 *) skb->data);
242         void *sent;
243
244         BT_DBG("%s status 0x%2.2x", hdev->name, status);
245
246         sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_AUTH_ENABLE);
247         if (!sent)
248                 return;
249
250         if (!status) {
251                 __u8 param = *((__u8 *) sent);
252
253                 if (param == AUTH_ENABLED)
254                         set_bit(HCI_AUTH, &hdev->flags);
255                 else
256                         clear_bit(HCI_AUTH, &hdev->flags);
257         }
258
259         if (test_bit(HCI_MGMT, &hdev->dev_flags))
260                 mgmt_auth_enable_complete(hdev, status);
261 }
262
263 static void hci_cc_write_encrypt_mode(struct hci_dev *hdev, struct sk_buff *skb)
264 {
265         __u8 status = *((__u8 *) skb->data);
266         void *sent;
267
268         BT_DBG("%s status 0x%2.2x", hdev->name, status);
269
270         sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_ENCRYPT_MODE);
271         if (!sent)
272                 return;
273
274         if (!status) {
275                 __u8 param = *((__u8 *) sent);
276
277                 if (param)
278                         set_bit(HCI_ENCRYPT, &hdev->flags);
279                 else
280                         clear_bit(HCI_ENCRYPT, &hdev->flags);
281         }
282 }
283
284 static void hci_cc_write_scan_enable(struct hci_dev *hdev, struct sk_buff *skb)
285 {
286         __u8 param, status = *((__u8 *) skb->data);
287         int old_pscan, old_iscan;
288         void *sent;
289
290         BT_DBG("%s status 0x%2.2x", hdev->name, status);
291
292         sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SCAN_ENABLE);
293         if (!sent)
294                 return;
295
296         param = *((__u8 *) sent);
297
298         hci_dev_lock(hdev);
299
300         if (status) {
301                 mgmt_write_scan_failed(hdev, param, status);
302                 hdev->discov_timeout = 0;
303                 goto done;
304         }
305
306         /* We need to ensure that we set this back on if someone changed
307          * the scan mode through a raw HCI socket.
308          */
309         set_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
310
311         old_pscan = test_and_clear_bit(HCI_PSCAN, &hdev->flags);
312         old_iscan = test_and_clear_bit(HCI_ISCAN, &hdev->flags);
313
314         if (param & SCAN_INQUIRY) {
315                 set_bit(HCI_ISCAN, &hdev->flags);
316                 if (!old_iscan)
317                         mgmt_discoverable(hdev, 1);
318         } else if (old_iscan)
319                 mgmt_discoverable(hdev, 0);
320
321         if (param & SCAN_PAGE) {
322                 set_bit(HCI_PSCAN, &hdev->flags);
323                 if (!old_pscan)
324                         mgmt_connectable(hdev, 1);
325         } else if (old_pscan)
326                 mgmt_connectable(hdev, 0);
327
328 done:
329         hci_dev_unlock(hdev);
330 }
331
332 static void hci_cc_read_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
333 {
334         struct hci_rp_read_class_of_dev *rp = (void *) skb->data;
335
336         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
337
338         if (rp->status)
339                 return;
340
341         memcpy(hdev->dev_class, rp->dev_class, 3);
342
343         BT_DBG("%s class 0x%.2x%.2x%.2x", hdev->name,
344                hdev->dev_class[2], hdev->dev_class[1], hdev->dev_class[0]);
345 }
346
347 static void hci_cc_write_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
348 {
349         __u8 status = *((__u8 *) skb->data);
350         void *sent;
351
352         BT_DBG("%s status 0x%2.2x", hdev->name, status);
353
354         sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_CLASS_OF_DEV);
355         if (!sent)
356                 return;
357
358         hci_dev_lock(hdev);
359
360         if (status == 0)
361                 memcpy(hdev->dev_class, sent, 3);
362
363         if (test_bit(HCI_MGMT, &hdev->dev_flags))
364                 mgmt_set_class_of_dev_complete(hdev, sent, status);
365
366         hci_dev_unlock(hdev);
367 }
368
369 static void hci_cc_read_voice_setting(struct hci_dev *hdev, struct sk_buff *skb)
370 {
371         struct hci_rp_read_voice_setting *rp = (void *) skb->data;
372         __u16 setting;
373
374         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
375
376         if (rp->status)
377                 return;
378
379         setting = __le16_to_cpu(rp->voice_setting);
380
381         if (hdev->voice_setting == setting)
382                 return;
383
384         hdev->voice_setting = setting;
385
386         BT_DBG("%s voice setting 0x%4.4x", hdev->name, setting);
387
388         if (hdev->notify)
389                 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
390 }
391
392 static void hci_cc_write_voice_setting(struct hci_dev *hdev,
393                                        struct sk_buff *skb)
394 {
395         __u8 status = *((__u8 *) skb->data);
396         __u16 setting;
397         void *sent;
398
399         BT_DBG("%s status 0x%2.2x", hdev->name, status);
400
401         if (status)
402                 return;
403
404         sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_VOICE_SETTING);
405         if (!sent)
406                 return;
407
408         setting = get_unaligned_le16(sent);
409
410         if (hdev->voice_setting == setting)
411                 return;
412
413         hdev->voice_setting = setting;
414
415         BT_DBG("%s voice setting 0x%4.4x", hdev->name, setting);
416
417         if (hdev->notify)
418                 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
419 }
420
421 static void hci_cc_read_num_supported_iac(struct hci_dev *hdev,
422                                           struct sk_buff *skb)
423 {
424         struct hci_rp_read_num_supported_iac *rp = (void *) skb->data;
425
426         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
427
428         if (rp->status)
429                 return;
430
431         hdev->num_iac = rp->num_iac;
432
433         BT_DBG("%s num iac %d", hdev->name, hdev->num_iac);
434 }
435
436 static void hci_cc_write_ssp_mode(struct hci_dev *hdev, struct sk_buff *skb)
437 {
438         __u8 status = *((__u8 *) skb->data);
439         struct hci_cp_write_ssp_mode *sent;
440
441         BT_DBG("%s status 0x%2.2x", hdev->name, status);
442
443         sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SSP_MODE);
444         if (!sent)
445                 return;
446
447         if (!status) {
448                 if (sent->mode)
449                         hdev->features[1][0] |= LMP_HOST_SSP;
450                 else
451                         hdev->features[1][0] &= ~LMP_HOST_SSP;
452         }
453
454         if (test_bit(HCI_MGMT, &hdev->dev_flags))
455                 mgmt_ssp_enable_complete(hdev, sent->mode, status);
456         else if (!status) {
457                 if (sent->mode)
458                         set_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
459                 else
460                         clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
461         }
462 }
463
464 static void hci_cc_write_sc_support(struct hci_dev *hdev, struct sk_buff *skb)
465 {
466         u8 status = *((u8 *) skb->data);
467         struct hci_cp_write_sc_support *sent;
468
469         BT_DBG("%s status 0x%2.2x", hdev->name, status);
470
471         sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SC_SUPPORT);
472         if (!sent)
473                 return;
474
475         if (!status) {
476                 if (sent->support)
477                         hdev->features[1][0] |= LMP_HOST_SC;
478                 else
479                         hdev->features[1][0] &= ~LMP_HOST_SC;
480         }
481
482         if (test_bit(HCI_MGMT, &hdev->dev_flags))
483                 mgmt_sc_enable_complete(hdev, sent->support, status);
484         else if (!status) {
485                 if (sent->support)
486                         set_bit(HCI_SC_ENABLED, &hdev->dev_flags);
487                 else
488                         clear_bit(HCI_SC_ENABLED, &hdev->dev_flags);
489         }
490 }
491
492 static void hci_cc_read_local_version(struct hci_dev *hdev, struct sk_buff *skb)
493 {
494         struct hci_rp_read_local_version *rp = (void *) skb->data;
495
496         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
497
498         if (rp->status)
499                 return;
500
501         if (test_bit(HCI_SETUP, &hdev->dev_flags)) {
502                 hdev->hci_ver = rp->hci_ver;
503                 hdev->hci_rev = __le16_to_cpu(rp->hci_rev);
504                 hdev->lmp_ver = rp->lmp_ver;
505                 hdev->manufacturer = __le16_to_cpu(rp->manufacturer);
506                 hdev->lmp_subver = __le16_to_cpu(rp->lmp_subver);
507         }
508 }
509
510 static void hci_cc_read_local_commands(struct hci_dev *hdev,
511                                        struct sk_buff *skb)
512 {
513         struct hci_rp_read_local_commands *rp = (void *) skb->data;
514
515         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
516
517         if (rp->status)
518                 return;
519
520         if (test_bit(HCI_SETUP, &hdev->dev_flags))
521                 memcpy(hdev->commands, rp->commands, sizeof(hdev->commands));
522 }
523
524 static void hci_cc_read_local_features(struct hci_dev *hdev,
525                                        struct sk_buff *skb)
526 {
527         struct hci_rp_read_local_features *rp = (void *) skb->data;
528
529         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
530
531         if (rp->status)
532                 return;
533
534         memcpy(hdev->features, rp->features, 8);
535
536         /* Adjust default settings according to features
537          * supported by device. */
538
539         if (hdev->features[0][0] & LMP_3SLOT)
540                 hdev->pkt_type |= (HCI_DM3 | HCI_DH3);
541
542         if (hdev->features[0][0] & LMP_5SLOT)
543                 hdev->pkt_type |= (HCI_DM5 | HCI_DH5);
544
545         if (hdev->features[0][1] & LMP_HV2) {
546                 hdev->pkt_type  |= (HCI_HV2);
547                 hdev->esco_type |= (ESCO_HV2);
548         }
549
550         if (hdev->features[0][1] & LMP_HV3) {
551                 hdev->pkt_type  |= (HCI_HV3);
552                 hdev->esco_type |= (ESCO_HV3);
553         }
554
555         if (lmp_esco_capable(hdev))
556                 hdev->esco_type |= (ESCO_EV3);
557
558         if (hdev->features[0][4] & LMP_EV4)
559                 hdev->esco_type |= (ESCO_EV4);
560
561         if (hdev->features[0][4] & LMP_EV5)
562                 hdev->esco_type |= (ESCO_EV5);
563
564         if (hdev->features[0][5] & LMP_EDR_ESCO_2M)
565                 hdev->esco_type |= (ESCO_2EV3);
566
567         if (hdev->features[0][5] & LMP_EDR_ESCO_3M)
568                 hdev->esco_type |= (ESCO_3EV3);
569
570         if (hdev->features[0][5] & LMP_EDR_3S_ESCO)
571                 hdev->esco_type |= (ESCO_2EV5 | ESCO_3EV5);
572 }
573
574 static void hci_cc_read_local_ext_features(struct hci_dev *hdev,
575                                            struct sk_buff *skb)
576 {
577         struct hci_rp_read_local_ext_features *rp = (void *) skb->data;
578
579         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
580
581         if (rp->status)
582                 return;
583
584         if (hdev->max_page < rp->max_page)
585                 hdev->max_page = rp->max_page;
586
587         if (rp->page < HCI_MAX_PAGES)
588                 memcpy(hdev->features[rp->page], rp->features, 8);
589 }
590
591 static void hci_cc_read_flow_control_mode(struct hci_dev *hdev,
592                                           struct sk_buff *skb)
593 {
594         struct hci_rp_read_flow_control_mode *rp = (void *) skb->data;
595
596         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
597
598         if (!rp->status)
599                 hdev->flow_ctl_mode = rp->mode;
600 }
601
602 static void hci_cc_read_buffer_size(struct hci_dev *hdev, struct sk_buff *skb)
603 {
604         struct hci_rp_read_buffer_size *rp = (void *) skb->data;
605
606         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
607
608         if (rp->status)
609                 return;
610
611         hdev->acl_mtu  = __le16_to_cpu(rp->acl_mtu);
612         hdev->sco_mtu  = rp->sco_mtu;
613         hdev->acl_pkts = __le16_to_cpu(rp->acl_max_pkt);
614         hdev->sco_pkts = __le16_to_cpu(rp->sco_max_pkt);
615
616         if (test_bit(HCI_QUIRK_FIXUP_BUFFER_SIZE, &hdev->quirks)) {
617                 hdev->sco_mtu  = 64;
618                 hdev->sco_pkts = 8;
619         }
620
621         hdev->acl_cnt = hdev->acl_pkts;
622         hdev->sco_cnt = hdev->sco_pkts;
623
624         BT_DBG("%s acl mtu %d:%d sco mtu %d:%d", hdev->name, hdev->acl_mtu,
625                hdev->acl_pkts, hdev->sco_mtu, hdev->sco_pkts);
626 }
627
628 static void hci_cc_read_bd_addr(struct hci_dev *hdev, struct sk_buff *skb)
629 {
630         struct hci_rp_read_bd_addr *rp = (void *) skb->data;
631
632         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
633
634         if (!rp->status)
635                 bacpy(&hdev->bdaddr, &rp->bdaddr);
636 }
637
638 static void hci_cc_read_page_scan_activity(struct hci_dev *hdev,
639                                            struct sk_buff *skb)
640 {
641         struct hci_rp_read_page_scan_activity *rp = (void *) skb->data;
642
643         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
644
645         if (test_bit(HCI_INIT, &hdev->flags) && !rp->status) {
646                 hdev->page_scan_interval = __le16_to_cpu(rp->interval);
647                 hdev->page_scan_window = __le16_to_cpu(rp->window);
648         }
649 }
650
651 static void hci_cc_write_page_scan_activity(struct hci_dev *hdev,
652                                             struct sk_buff *skb)
653 {
654         u8 status = *((u8 *) skb->data);
655         struct hci_cp_write_page_scan_activity *sent;
656
657         BT_DBG("%s status 0x%2.2x", hdev->name, status);
658
659         if (status)
660                 return;
661
662         sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY);
663         if (!sent)
664                 return;
665
666         hdev->page_scan_interval = __le16_to_cpu(sent->interval);
667         hdev->page_scan_window = __le16_to_cpu(sent->window);
668 }
669
670 static void hci_cc_read_page_scan_type(struct hci_dev *hdev,
671                                            struct sk_buff *skb)
672 {
673         struct hci_rp_read_page_scan_type *rp = (void *) skb->data;
674
675         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
676
677         if (test_bit(HCI_INIT, &hdev->flags) && !rp->status)
678                 hdev->page_scan_type = rp->type;
679 }
680
681 static void hci_cc_write_page_scan_type(struct hci_dev *hdev,
682                                         struct sk_buff *skb)
683 {
684         u8 status = *((u8 *) skb->data);
685         u8 *type;
686
687         BT_DBG("%s status 0x%2.2x", hdev->name, status);
688
689         if (status)
690                 return;
691
692         type = hci_sent_cmd_data(hdev, HCI_OP_WRITE_PAGE_SCAN_TYPE);
693         if (type)
694                 hdev->page_scan_type = *type;
695 }
696
697 static void hci_cc_read_data_block_size(struct hci_dev *hdev,
698                                         struct sk_buff *skb)
699 {
700         struct hci_rp_read_data_block_size *rp = (void *) skb->data;
701
702         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
703
704         if (rp->status)
705                 return;
706
707         hdev->block_mtu = __le16_to_cpu(rp->max_acl_len);
708         hdev->block_len = __le16_to_cpu(rp->block_len);
709         hdev->num_blocks = __le16_to_cpu(rp->num_blocks);
710
711         hdev->block_cnt = hdev->num_blocks;
712
713         BT_DBG("%s blk mtu %d cnt %d len %d", hdev->name, hdev->block_mtu,
714                hdev->block_cnt, hdev->block_len);
715 }
716
717 static void hci_cc_read_local_amp_info(struct hci_dev *hdev,
718                                        struct sk_buff *skb)
719 {
720         struct hci_rp_read_local_amp_info *rp = (void *) skb->data;
721
722         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
723
724         if (rp->status)
725                 goto a2mp_rsp;
726
727         hdev->amp_status = rp->amp_status;
728         hdev->amp_total_bw = __le32_to_cpu(rp->total_bw);
729         hdev->amp_max_bw = __le32_to_cpu(rp->max_bw);
730         hdev->amp_min_latency = __le32_to_cpu(rp->min_latency);
731         hdev->amp_max_pdu = __le32_to_cpu(rp->max_pdu);
732         hdev->amp_type = rp->amp_type;
733         hdev->amp_pal_cap = __le16_to_cpu(rp->pal_cap);
734         hdev->amp_assoc_size = __le16_to_cpu(rp->max_assoc_size);
735         hdev->amp_be_flush_to = __le32_to_cpu(rp->be_flush_to);
736         hdev->amp_max_flush_to = __le32_to_cpu(rp->max_flush_to);
737
738 a2mp_rsp:
739         a2mp_send_getinfo_rsp(hdev);
740 }
741
742 static void hci_cc_read_local_amp_assoc(struct hci_dev *hdev,
743                                         struct sk_buff *skb)
744 {
745         struct hci_rp_read_local_amp_assoc *rp = (void *) skb->data;
746         struct amp_assoc *assoc = &hdev->loc_assoc;
747         size_t rem_len, frag_len;
748
749         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
750
751         if (rp->status)
752                 goto a2mp_rsp;
753
754         frag_len = skb->len - sizeof(*rp);
755         rem_len = __le16_to_cpu(rp->rem_len);
756
757         if (rem_len > frag_len) {
758                 BT_DBG("frag_len %zu rem_len %zu", frag_len, rem_len);
759
760                 memcpy(assoc->data + assoc->offset, rp->frag, frag_len);
761                 assoc->offset += frag_len;
762
763                 /* Read other fragments */
764                 amp_read_loc_assoc_frag(hdev, rp->phy_handle);
765
766                 return;
767         }
768
769         memcpy(assoc->data + assoc->offset, rp->frag, rem_len);
770         assoc->len = assoc->offset + rem_len;
771         assoc->offset = 0;
772
773 a2mp_rsp:
774         /* Send A2MP Rsp when all fragments are received */
775         a2mp_send_getampassoc_rsp(hdev, rp->status);
776         a2mp_send_create_phy_link_req(hdev, rp->status);
777 }
778
779 static void hci_cc_read_inq_rsp_tx_power(struct hci_dev *hdev,
780                                          struct sk_buff *skb)
781 {
782         struct hci_rp_read_inq_rsp_tx_power *rp = (void *) skb->data;
783
784         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
785
786         if (!rp->status)
787                 hdev->inq_tx_power = rp->tx_power;
788 }
789
790 static void hci_cc_pin_code_reply(struct hci_dev *hdev, struct sk_buff *skb)
791 {
792         struct hci_rp_pin_code_reply *rp = (void *) skb->data;
793         struct hci_cp_pin_code_reply *cp;
794         struct hci_conn *conn;
795
796         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
797
798         hci_dev_lock(hdev);
799
800         if (test_bit(HCI_MGMT, &hdev->dev_flags))
801                 mgmt_pin_code_reply_complete(hdev, &rp->bdaddr, rp->status);
802
803         if (rp->status)
804                 goto unlock;
805
806         cp = hci_sent_cmd_data(hdev, HCI_OP_PIN_CODE_REPLY);
807         if (!cp)
808                 goto unlock;
809
810         conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
811         if (conn)
812                 conn->pin_length = cp->pin_len;
813
814 unlock:
815         hci_dev_unlock(hdev);
816 }
817
818 static void hci_cc_pin_code_neg_reply(struct hci_dev *hdev, struct sk_buff *skb)
819 {
820         struct hci_rp_pin_code_neg_reply *rp = (void *) skb->data;
821
822         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
823
824         hci_dev_lock(hdev);
825
826         if (test_bit(HCI_MGMT, &hdev->dev_flags))
827                 mgmt_pin_code_neg_reply_complete(hdev, &rp->bdaddr,
828                                                  rp->status);
829
830         hci_dev_unlock(hdev);
831 }
832
833 static void hci_cc_le_read_buffer_size(struct hci_dev *hdev,
834                                        struct sk_buff *skb)
835 {
836         struct hci_rp_le_read_buffer_size *rp = (void *) skb->data;
837
838         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
839
840         if (rp->status)
841                 return;
842
843         hdev->le_mtu = __le16_to_cpu(rp->le_mtu);
844         hdev->le_pkts = rp->le_max_pkt;
845
846         hdev->le_cnt = hdev->le_pkts;
847
848         BT_DBG("%s le mtu %d:%d", hdev->name, hdev->le_mtu, hdev->le_pkts);
849 }
850
851 static void hci_cc_le_read_local_features(struct hci_dev *hdev,
852                                           struct sk_buff *skb)
853 {
854         struct hci_rp_le_read_local_features *rp = (void *) skb->data;
855
856         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
857
858         if (!rp->status)
859                 memcpy(hdev->le_features, rp->features, 8);
860 }
861
862 static void hci_cc_le_read_adv_tx_power(struct hci_dev *hdev,
863                                         struct sk_buff *skb)
864 {
865         struct hci_rp_le_read_adv_tx_power *rp = (void *) skb->data;
866
867         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
868
869         if (!rp->status)
870                 hdev->adv_tx_power = rp->tx_power;
871 }
872
873 static void hci_cc_user_confirm_reply(struct hci_dev *hdev, struct sk_buff *skb)
874 {
875         struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
876
877         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
878
879         hci_dev_lock(hdev);
880
881         if (test_bit(HCI_MGMT, &hdev->dev_flags))
882                 mgmt_user_confirm_reply_complete(hdev, &rp->bdaddr, ACL_LINK, 0,
883                                                  rp->status);
884
885         hci_dev_unlock(hdev);
886 }
887
888 static void hci_cc_user_confirm_neg_reply(struct hci_dev *hdev,
889                                           struct sk_buff *skb)
890 {
891         struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
892
893         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
894
895         hci_dev_lock(hdev);
896
897         if (test_bit(HCI_MGMT, &hdev->dev_flags))
898                 mgmt_user_confirm_neg_reply_complete(hdev, &rp->bdaddr,
899                                                      ACL_LINK, 0, rp->status);
900
901         hci_dev_unlock(hdev);
902 }
903
904 static void hci_cc_user_passkey_reply(struct hci_dev *hdev, struct sk_buff *skb)
905 {
906         struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
907
908         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
909
910         hci_dev_lock(hdev);
911
912         if (test_bit(HCI_MGMT, &hdev->dev_flags))
913                 mgmt_user_passkey_reply_complete(hdev, &rp->bdaddr, ACL_LINK,
914                                                  0, rp->status);
915
916         hci_dev_unlock(hdev);
917 }
918
919 static void hci_cc_user_passkey_neg_reply(struct hci_dev *hdev,
920                                           struct sk_buff *skb)
921 {
922         struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
923
924         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
925
926         hci_dev_lock(hdev);
927
928         if (test_bit(HCI_MGMT, &hdev->dev_flags))
929                 mgmt_user_passkey_neg_reply_complete(hdev, &rp->bdaddr,
930                                                      ACL_LINK, 0, rp->status);
931
932         hci_dev_unlock(hdev);
933 }
934
935 static void hci_cc_read_local_oob_data(struct hci_dev *hdev,
936                                        struct sk_buff *skb)
937 {
938         struct hci_rp_read_local_oob_data *rp = (void *) skb->data;
939
940         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
941
942         hci_dev_lock(hdev);
943         mgmt_read_local_oob_data_complete(hdev, rp->hash, rp->randomizer,
944                                           NULL, NULL, rp->status);
945         hci_dev_unlock(hdev);
946 }
947
948 static void hci_cc_read_local_oob_ext_data(struct hci_dev *hdev,
949                                            struct sk_buff *skb)
950 {
951         struct hci_rp_read_local_oob_ext_data *rp = (void *) skb->data;
952
953         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
954
955         hci_dev_lock(hdev);
956         mgmt_read_local_oob_data_complete(hdev, rp->hash192, rp->randomizer192,
957                                           rp->hash256, rp->randomizer256,
958                                           rp->status);
959         hci_dev_unlock(hdev);
960 }
961
962
963 static void hci_cc_le_set_random_addr(struct hci_dev *hdev, struct sk_buff *skb)
964 {
965         __u8 status = *((__u8 *) skb->data);
966         bdaddr_t *sent;
967
968         BT_DBG("%s status 0x%2.2x", hdev->name, status);
969
970         sent = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_RANDOM_ADDR);
971         if (!sent)
972                 return;
973
974         hci_dev_lock(hdev);
975
976         if (!status)
977                 bacpy(&hdev->random_addr, sent);
978
979         hci_dev_unlock(hdev);
980 }
981
982 static void hci_cc_le_set_adv_enable(struct hci_dev *hdev, struct sk_buff *skb)
983 {
984         __u8 *sent, status = *((__u8 *) skb->data);
985
986         BT_DBG("%s status 0x%2.2x", hdev->name, status);
987
988         sent = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_ADV_ENABLE);
989         if (!sent)
990                 return;
991
992         hci_dev_lock(hdev);
993
994         if (!status)
995                 mgmt_advertising(hdev, *sent);
996
997         hci_dev_unlock(hdev);
998 }
999
1000 static void hci_cc_le_set_scan_enable(struct hci_dev *hdev,
1001                                       struct sk_buff *skb)
1002 {
1003         struct hci_cp_le_set_scan_enable *cp;
1004         __u8 status = *((__u8 *) skb->data);
1005
1006         BT_DBG("%s status 0x%2.2x", hdev->name, status);
1007
1008         cp = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_SCAN_ENABLE);
1009         if (!cp)
1010                 return;
1011
1012         if (status)
1013                 return;
1014
1015         switch (cp->enable) {
1016         case LE_SCAN_ENABLE:
1017                 set_bit(HCI_LE_SCAN, &hdev->dev_flags);
1018                 break;
1019
1020         case LE_SCAN_DISABLE:
1021                 clear_bit(HCI_LE_SCAN, &hdev->dev_flags);
1022                 break;
1023
1024         default:
1025                 BT_ERR("Used reserved LE_Scan_Enable param %d", cp->enable);
1026                 break;
1027         }
1028 }
1029
1030 static void hci_cc_le_read_white_list_size(struct hci_dev *hdev,
1031                                            struct sk_buff *skb)
1032 {
1033         struct hci_rp_le_read_white_list_size *rp = (void *) skb->data;
1034
1035         BT_DBG("%s status 0x%2.2x size %u", hdev->name, rp->status, rp->size);
1036
1037         if (!rp->status)
1038                 hdev->le_white_list_size = rp->size;
1039 }
1040
1041 static void hci_cc_le_clear_white_list(struct hci_dev *hdev,
1042                                        struct sk_buff *skb)
1043 {
1044         __u8 status = *((__u8 *) skb->data);
1045
1046         BT_DBG("%s status 0x%2.2x", hdev->name, status);
1047
1048         if (!status)
1049                 hci_white_list_clear(hdev);
1050 }
1051
1052 static void hci_cc_le_add_to_white_list(struct hci_dev *hdev,
1053                                         struct sk_buff *skb)
1054 {
1055         struct hci_cp_le_add_to_white_list *sent;
1056         __u8 status = *((__u8 *) skb->data);
1057
1058         BT_DBG("%s status 0x%2.2x", hdev->name, status);
1059
1060         sent = hci_sent_cmd_data(hdev, HCI_OP_LE_ADD_TO_WHITE_LIST);
1061         if (!sent)
1062                 return;
1063
1064         if (!status)
1065                 hci_white_list_add(hdev, &sent->bdaddr, sent->bdaddr_type);
1066 }
1067
1068 static void hci_cc_le_del_from_white_list(struct hci_dev *hdev,
1069                                           struct sk_buff *skb)
1070 {
1071         struct hci_cp_le_del_from_white_list *sent;
1072         __u8 status = *((__u8 *) skb->data);
1073
1074         BT_DBG("%s status 0x%2.2x", hdev->name, status);
1075
1076         sent = hci_sent_cmd_data(hdev, HCI_OP_LE_DEL_FROM_WHITE_LIST);
1077         if (!sent)
1078                 return;
1079
1080         if (!status)
1081                 hci_white_list_del(hdev, &sent->bdaddr, sent->bdaddr_type);
1082 }
1083
1084 static void hci_cc_le_read_supported_states(struct hci_dev *hdev,
1085                                             struct sk_buff *skb)
1086 {
1087         struct hci_rp_le_read_supported_states *rp = (void *) skb->data;
1088
1089         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1090
1091         if (!rp->status)
1092                 memcpy(hdev->le_states, rp->le_states, 8);
1093 }
1094
1095 static void hci_cc_write_le_host_supported(struct hci_dev *hdev,
1096                                            struct sk_buff *skb)
1097 {
1098         struct hci_cp_write_le_host_supported *sent;
1099         __u8 status = *((__u8 *) skb->data);
1100
1101         BT_DBG("%s status 0x%2.2x", hdev->name, status);
1102
1103         sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED);
1104         if (!sent)
1105                 return;
1106
1107         if (!status) {
1108                 if (sent->le) {
1109                         hdev->features[1][0] |= LMP_HOST_LE;
1110                         set_bit(HCI_LE_ENABLED, &hdev->dev_flags);
1111                 } else {
1112                         hdev->features[1][0] &= ~LMP_HOST_LE;
1113                         clear_bit(HCI_LE_ENABLED, &hdev->dev_flags);
1114                         clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
1115                 }
1116
1117                 if (sent->simul)
1118                         hdev->features[1][0] |= LMP_HOST_LE_BREDR;
1119                 else
1120                         hdev->features[1][0] &= ~LMP_HOST_LE_BREDR;
1121         }
1122 }
1123
1124 static void hci_cc_set_adv_param(struct hci_dev *hdev, struct sk_buff *skb)
1125 {
1126         struct hci_cp_le_set_adv_param *cp;
1127         u8 status = *((u8 *) skb->data);
1128
1129         BT_DBG("%s status 0x%2.2x", hdev->name, status);
1130
1131         if (status)
1132                 return;
1133
1134         cp = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_ADV_PARAM);
1135         if (!cp)
1136                 return;
1137
1138         hci_dev_lock(hdev);
1139         hdev->adv_addr_type = cp->own_address_type;
1140         hci_dev_unlock(hdev);
1141 }
1142
1143 static void hci_cc_write_remote_amp_assoc(struct hci_dev *hdev,
1144                                           struct sk_buff *skb)
1145 {
1146         struct hci_rp_write_remote_amp_assoc *rp = (void *) skb->data;
1147
1148         BT_DBG("%s status 0x%2.2x phy_handle 0x%2.2x",
1149                hdev->name, rp->status, rp->phy_handle);
1150
1151         if (rp->status)
1152                 return;
1153
1154         amp_write_rem_assoc_continue(hdev, rp->phy_handle);
1155 }
1156
1157 static void hci_cs_inquiry(struct hci_dev *hdev, __u8 status)
1158 {
1159         BT_DBG("%s status 0x%2.2x", hdev->name, status);
1160
1161         if (status) {
1162                 hci_conn_check_pending(hdev);
1163                 return;
1164         }
1165
1166         set_bit(HCI_INQUIRY, &hdev->flags);
1167 }
1168
1169 static void hci_cs_create_conn(struct hci_dev *hdev, __u8 status)
1170 {
1171         struct hci_cp_create_conn *cp;
1172         struct hci_conn *conn;
1173
1174         BT_DBG("%s status 0x%2.2x", hdev->name, status);
1175
1176         cp = hci_sent_cmd_data(hdev, HCI_OP_CREATE_CONN);
1177         if (!cp)
1178                 return;
1179
1180         hci_dev_lock(hdev);
1181
1182         conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1183
1184         BT_DBG("%s bdaddr %pMR hcon %p", hdev->name, &cp->bdaddr, conn);
1185
1186         if (status) {
1187                 if (conn && conn->state == BT_CONNECT) {
1188                         if (status != 0x0c || conn->attempt > 2) {
1189                                 conn->state = BT_CLOSED;
1190                                 hci_proto_connect_cfm(conn, status);
1191                                 hci_conn_del(conn);
1192                         } else
1193                                 conn->state = BT_CONNECT2;
1194                 }
1195         } else {
1196                 if (!conn) {
1197                         conn = hci_conn_add(hdev, ACL_LINK, &cp->bdaddr);
1198                         if (conn) {
1199                                 conn->out = true;
1200                                 conn->link_mode |= HCI_LM_MASTER;
1201                         } else
1202                                 BT_ERR("No memory for new connection");
1203                 }
1204         }
1205
1206         hci_dev_unlock(hdev);
1207 }
1208
1209 static void hci_cs_add_sco(struct hci_dev *hdev, __u8 status)
1210 {
1211         struct hci_cp_add_sco *cp;
1212         struct hci_conn *acl, *sco;
1213         __u16 handle;
1214
1215         BT_DBG("%s status 0x%2.2x", hdev->name, status);
1216
1217         if (!status)
1218                 return;
1219
1220         cp = hci_sent_cmd_data(hdev, HCI_OP_ADD_SCO);
1221         if (!cp)
1222                 return;
1223
1224         handle = __le16_to_cpu(cp->handle);
1225
1226         BT_DBG("%s handle 0x%4.4x", hdev->name, handle);
1227
1228         hci_dev_lock(hdev);
1229
1230         acl = hci_conn_hash_lookup_handle(hdev, handle);
1231         if (acl) {
1232                 sco = acl->link;
1233                 if (sco) {
1234                         sco->state = BT_CLOSED;
1235
1236                         hci_proto_connect_cfm(sco, status);
1237                         hci_conn_del(sco);
1238                 }
1239         }
1240
1241         hci_dev_unlock(hdev);
1242 }
1243
1244 static void hci_cs_auth_requested(struct hci_dev *hdev, __u8 status)
1245 {
1246         struct hci_cp_auth_requested *cp;
1247         struct hci_conn *conn;
1248
1249         BT_DBG("%s status 0x%2.2x", hdev->name, status);
1250
1251         if (!status)
1252                 return;
1253
1254         cp = hci_sent_cmd_data(hdev, HCI_OP_AUTH_REQUESTED);
1255         if (!cp)
1256                 return;
1257
1258         hci_dev_lock(hdev);
1259
1260         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1261         if (conn) {
1262                 if (conn->state == BT_CONFIG) {
1263                         hci_proto_connect_cfm(conn, status);
1264                         hci_conn_drop(conn);
1265                 }
1266         }
1267
1268         hci_dev_unlock(hdev);
1269 }
1270
1271 static void hci_cs_set_conn_encrypt(struct hci_dev *hdev, __u8 status)
1272 {
1273         struct hci_cp_set_conn_encrypt *cp;
1274         struct hci_conn *conn;
1275
1276         BT_DBG("%s status 0x%2.2x", hdev->name, status);
1277
1278         if (!status)
1279                 return;
1280
1281         cp = hci_sent_cmd_data(hdev, HCI_OP_SET_CONN_ENCRYPT);
1282         if (!cp)
1283                 return;
1284
1285         hci_dev_lock(hdev);
1286
1287         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1288         if (conn) {
1289                 if (conn->state == BT_CONFIG) {
1290                         hci_proto_connect_cfm(conn, status);
1291                         hci_conn_drop(conn);
1292                 }
1293         }
1294
1295         hci_dev_unlock(hdev);
1296 }
1297
1298 static int hci_outgoing_auth_needed(struct hci_dev *hdev,
1299                                     struct hci_conn *conn)
1300 {
1301         if (conn->state != BT_CONFIG || !conn->out)
1302                 return 0;
1303
1304         if (conn->pending_sec_level == BT_SECURITY_SDP)
1305                 return 0;
1306
1307         /* Only request authentication for SSP connections or non-SSP
1308          * devices with sec_level MEDIUM or HIGH or if MITM protection
1309          * is requested.
1310          */
1311         if (!hci_conn_ssp_enabled(conn) && !(conn->auth_type & 0x01) &&
1312             conn->pending_sec_level != BT_SECURITY_HIGH &&
1313             conn->pending_sec_level != BT_SECURITY_MEDIUM)
1314                 return 0;
1315
1316         return 1;
1317 }
1318
1319 static int hci_resolve_name(struct hci_dev *hdev,
1320                                    struct inquiry_entry *e)
1321 {
1322         struct hci_cp_remote_name_req cp;
1323
1324         memset(&cp, 0, sizeof(cp));
1325
1326         bacpy(&cp.bdaddr, &e->data.bdaddr);
1327         cp.pscan_rep_mode = e->data.pscan_rep_mode;
1328         cp.pscan_mode = e->data.pscan_mode;
1329         cp.clock_offset = e->data.clock_offset;
1330
1331         return hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
1332 }
1333
1334 static bool hci_resolve_next_name(struct hci_dev *hdev)
1335 {
1336         struct discovery_state *discov = &hdev->discovery;
1337         struct inquiry_entry *e;
1338
1339         if (list_empty(&discov->resolve))
1340                 return false;
1341
1342         e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_NEEDED);
1343         if (!e)
1344                 return false;
1345
1346         if (hci_resolve_name(hdev, e) == 0) {
1347                 e->name_state = NAME_PENDING;
1348                 return true;
1349         }
1350
1351         return false;
1352 }
1353
1354 static void hci_check_pending_name(struct hci_dev *hdev, struct hci_conn *conn,
1355                                    bdaddr_t *bdaddr, u8 *name, u8 name_len)
1356 {
1357         struct discovery_state *discov = &hdev->discovery;
1358         struct inquiry_entry *e;
1359
1360         if (conn && !test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
1361                 mgmt_device_connected(hdev, bdaddr, ACL_LINK, 0x00, 0, name,
1362                                       name_len, conn->dev_class);
1363
1364         if (discov->state == DISCOVERY_STOPPED)
1365                 return;
1366
1367         if (discov->state == DISCOVERY_STOPPING)
1368                 goto discov_complete;
1369
1370         if (discov->state != DISCOVERY_RESOLVING)
1371                 return;
1372
1373         e = hci_inquiry_cache_lookup_resolve(hdev, bdaddr, NAME_PENDING);
1374         /* If the device was not found in a list of found devices names of which
1375          * are pending. there is no need to continue resolving a next name as it
1376          * will be done upon receiving another Remote Name Request Complete
1377          * Event */
1378         if (!e)
1379                 return;
1380
1381         list_del(&e->list);
1382         if (name) {
1383                 e->name_state = NAME_KNOWN;
1384                 mgmt_remote_name(hdev, bdaddr, ACL_LINK, 0x00,
1385                                  e->data.rssi, name, name_len);
1386         } else {
1387                 e->name_state = NAME_NOT_KNOWN;
1388         }
1389
1390         if (hci_resolve_next_name(hdev))
1391                 return;
1392
1393 discov_complete:
1394         hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1395 }
1396
1397 static void hci_cs_remote_name_req(struct hci_dev *hdev, __u8 status)
1398 {
1399         struct hci_cp_remote_name_req *cp;
1400         struct hci_conn *conn;
1401
1402         BT_DBG("%s status 0x%2.2x", hdev->name, status);
1403
1404         /* If successful wait for the name req complete event before
1405          * checking for the need to do authentication */
1406         if (!status)
1407                 return;
1408
1409         cp = hci_sent_cmd_data(hdev, HCI_OP_REMOTE_NAME_REQ);
1410         if (!cp)
1411                 return;
1412
1413         hci_dev_lock(hdev);
1414
1415         conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1416
1417         if (test_bit(HCI_MGMT, &hdev->dev_flags))
1418                 hci_check_pending_name(hdev, conn, &cp->bdaddr, NULL, 0);
1419
1420         if (!conn)
1421                 goto unlock;
1422
1423         if (!hci_outgoing_auth_needed(hdev, conn))
1424                 goto unlock;
1425
1426         if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
1427                 struct hci_cp_auth_requested auth_cp;
1428
1429                 auth_cp.handle = __cpu_to_le16(conn->handle);
1430                 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED,
1431                              sizeof(auth_cp), &auth_cp);
1432         }
1433
1434 unlock:
1435         hci_dev_unlock(hdev);
1436 }
1437
1438 static void hci_cs_read_remote_features(struct hci_dev *hdev, __u8 status)
1439 {
1440         struct hci_cp_read_remote_features *cp;
1441         struct hci_conn *conn;
1442
1443         BT_DBG("%s status 0x%2.2x", hdev->name, status);
1444
1445         if (!status)
1446                 return;
1447
1448         cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_FEATURES);
1449         if (!cp)
1450                 return;
1451
1452         hci_dev_lock(hdev);
1453
1454         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1455         if (conn) {
1456                 if (conn->state == BT_CONFIG) {
1457                         hci_proto_connect_cfm(conn, status);
1458                         hci_conn_drop(conn);
1459                 }
1460         }
1461
1462         hci_dev_unlock(hdev);
1463 }
1464
1465 static void hci_cs_read_remote_ext_features(struct hci_dev *hdev, __u8 status)
1466 {
1467         struct hci_cp_read_remote_ext_features *cp;
1468         struct hci_conn *conn;
1469
1470         BT_DBG("%s status 0x%2.2x", hdev->name, status);
1471
1472         if (!status)
1473                 return;
1474
1475         cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES);
1476         if (!cp)
1477                 return;
1478
1479         hci_dev_lock(hdev);
1480
1481         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1482         if (conn) {
1483                 if (conn->state == BT_CONFIG) {
1484                         hci_proto_connect_cfm(conn, status);
1485                         hci_conn_drop(conn);
1486                 }
1487         }
1488
1489         hci_dev_unlock(hdev);
1490 }
1491
1492 static void hci_cs_setup_sync_conn(struct hci_dev *hdev, __u8 status)
1493 {
1494         struct hci_cp_setup_sync_conn *cp;
1495         struct hci_conn *acl, *sco;
1496         __u16 handle;
1497
1498         BT_DBG("%s status 0x%2.2x", hdev->name, status);
1499
1500         if (!status)
1501                 return;
1502
1503         cp = hci_sent_cmd_data(hdev, HCI_OP_SETUP_SYNC_CONN);
1504         if (!cp)
1505                 return;
1506
1507         handle = __le16_to_cpu(cp->handle);
1508
1509         BT_DBG("%s handle 0x%4.4x", hdev->name, handle);
1510
1511         hci_dev_lock(hdev);
1512
1513         acl = hci_conn_hash_lookup_handle(hdev, handle);
1514         if (acl) {
1515                 sco = acl->link;
1516                 if (sco) {
1517                         sco->state = BT_CLOSED;
1518
1519                         hci_proto_connect_cfm(sco, status);
1520                         hci_conn_del(sco);
1521                 }
1522         }
1523
1524         hci_dev_unlock(hdev);
1525 }
1526
1527 static void hci_cs_sniff_mode(struct hci_dev *hdev, __u8 status)
1528 {
1529         struct hci_cp_sniff_mode *cp;
1530         struct hci_conn *conn;
1531
1532         BT_DBG("%s status 0x%2.2x", hdev->name, status);
1533
1534         if (!status)
1535                 return;
1536
1537         cp = hci_sent_cmd_data(hdev, HCI_OP_SNIFF_MODE);
1538         if (!cp)
1539                 return;
1540
1541         hci_dev_lock(hdev);
1542
1543         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1544         if (conn) {
1545                 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags);
1546
1547                 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
1548                         hci_sco_setup(conn, status);
1549         }
1550
1551         hci_dev_unlock(hdev);
1552 }
1553
1554 static void hci_cs_exit_sniff_mode(struct hci_dev *hdev, __u8 status)
1555 {
1556         struct hci_cp_exit_sniff_mode *cp;
1557         struct hci_conn *conn;
1558
1559         BT_DBG("%s status 0x%2.2x", hdev->name, status);
1560
1561         if (!status)
1562                 return;
1563
1564         cp = hci_sent_cmd_data(hdev, HCI_OP_EXIT_SNIFF_MODE);
1565         if (!cp)
1566                 return;
1567
1568         hci_dev_lock(hdev);
1569
1570         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1571         if (conn) {
1572                 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags);
1573
1574                 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
1575                         hci_sco_setup(conn, status);
1576         }
1577
1578         hci_dev_unlock(hdev);
1579 }
1580
1581 static void hci_cs_disconnect(struct hci_dev *hdev, u8 status)
1582 {
1583         struct hci_cp_disconnect *cp;
1584         struct hci_conn *conn;
1585
1586         if (!status)
1587                 return;
1588
1589         cp = hci_sent_cmd_data(hdev, HCI_OP_DISCONNECT);
1590         if (!cp)
1591                 return;
1592
1593         hci_dev_lock(hdev);
1594
1595         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1596         if (conn)
1597                 mgmt_disconnect_failed(hdev, &conn->dst, conn->type,
1598                                        conn->dst_type, status);
1599
1600         hci_dev_unlock(hdev);
1601 }
1602
1603 static void hci_cs_create_phylink(struct hci_dev *hdev, u8 status)
1604 {
1605         struct hci_cp_create_phy_link *cp;
1606
1607         BT_DBG("%s status 0x%2.2x", hdev->name, status);
1608
1609         cp = hci_sent_cmd_data(hdev, HCI_OP_CREATE_PHY_LINK);
1610         if (!cp)
1611                 return;
1612
1613         hci_dev_lock(hdev);
1614
1615         if (status) {
1616                 struct hci_conn *hcon;
1617
1618                 hcon = hci_conn_hash_lookup_handle(hdev, cp->phy_handle);
1619                 if (hcon)
1620                         hci_conn_del(hcon);
1621         } else {
1622                 amp_write_remote_assoc(hdev, cp->phy_handle);
1623         }
1624
1625         hci_dev_unlock(hdev);
1626 }
1627
1628 static void hci_cs_accept_phylink(struct hci_dev *hdev, u8 status)
1629 {
1630         struct hci_cp_accept_phy_link *cp;
1631
1632         BT_DBG("%s status 0x%2.2x", hdev->name, status);
1633
1634         if (status)
1635                 return;
1636
1637         cp = hci_sent_cmd_data(hdev, HCI_OP_ACCEPT_PHY_LINK);
1638         if (!cp)
1639                 return;
1640
1641         amp_write_remote_assoc(hdev, cp->phy_handle);
1642 }
1643
1644 static void hci_inquiry_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1645 {
1646         __u8 status = *((__u8 *) skb->data);
1647         struct discovery_state *discov = &hdev->discovery;
1648         struct inquiry_entry *e;
1649
1650         BT_DBG("%s status 0x%2.2x", hdev->name, status);
1651
1652         hci_conn_check_pending(hdev);
1653
1654         if (!test_and_clear_bit(HCI_INQUIRY, &hdev->flags))
1655                 return;
1656
1657         smp_mb__after_clear_bit(); /* wake_up_bit advises about this barrier */
1658         wake_up_bit(&hdev->flags, HCI_INQUIRY);
1659
1660         if (!test_bit(HCI_MGMT, &hdev->dev_flags))
1661                 return;
1662
1663         hci_dev_lock(hdev);
1664
1665         if (discov->state != DISCOVERY_FINDING)
1666                 goto unlock;
1667
1668         if (list_empty(&discov->resolve)) {
1669                 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1670                 goto unlock;
1671         }
1672
1673         e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_NEEDED);
1674         if (e && hci_resolve_name(hdev, e) == 0) {
1675                 e->name_state = NAME_PENDING;
1676                 hci_discovery_set_state(hdev, DISCOVERY_RESOLVING);
1677         } else {
1678                 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1679         }
1680
1681 unlock:
1682         hci_dev_unlock(hdev);
1683 }
1684
1685 static void hci_inquiry_result_evt(struct hci_dev *hdev, struct sk_buff *skb)
1686 {
1687         struct inquiry_data data;
1688         struct inquiry_info *info = (void *) (skb->data + 1);
1689         int num_rsp = *((__u8 *) skb->data);
1690
1691         BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
1692
1693         if (!num_rsp)
1694                 return;
1695
1696         if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags))
1697                 return;
1698
1699         hci_dev_lock(hdev);
1700
1701         for (; num_rsp; num_rsp--, info++) {
1702                 bool name_known, ssp;
1703
1704                 bacpy(&data.bdaddr, &info->bdaddr);
1705                 data.pscan_rep_mode     = info->pscan_rep_mode;
1706                 data.pscan_period_mode  = info->pscan_period_mode;
1707                 data.pscan_mode         = info->pscan_mode;
1708                 memcpy(data.dev_class, info->dev_class, 3);
1709                 data.clock_offset       = info->clock_offset;
1710                 data.rssi               = 0x00;
1711                 data.ssp_mode           = 0x00;
1712
1713                 name_known = hci_inquiry_cache_update(hdev, &data, false, &ssp);
1714                 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
1715                                   info->dev_class, 0, !name_known, ssp, NULL,
1716                                   0);
1717         }
1718
1719         hci_dev_unlock(hdev);
1720 }
1721
1722 static void hci_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1723 {
1724         struct hci_ev_conn_complete *ev = (void *) skb->data;
1725         struct hci_conn *conn;
1726
1727         BT_DBG("%s", hdev->name);
1728
1729         hci_dev_lock(hdev);
1730
1731         conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
1732         if (!conn) {
1733                 if (ev->link_type != SCO_LINK)
1734                         goto unlock;
1735
1736                 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
1737                 if (!conn)
1738                         goto unlock;
1739
1740                 conn->type = SCO_LINK;
1741         }
1742
1743         if (!ev->status) {
1744                 conn->handle = __le16_to_cpu(ev->handle);
1745
1746                 if (conn->type == ACL_LINK) {
1747                         conn->state = BT_CONFIG;
1748                         hci_conn_hold(conn);
1749
1750                         if (!conn->out && !hci_conn_ssp_enabled(conn) &&
1751                             !hci_find_link_key(hdev, &ev->bdaddr))
1752                                 conn->disc_timeout = HCI_PAIRING_TIMEOUT;
1753                         else
1754                                 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
1755                 } else
1756                         conn->state = BT_CONNECTED;
1757
1758                 hci_conn_add_sysfs(conn);
1759
1760                 if (test_bit(HCI_AUTH, &hdev->flags))
1761                         conn->link_mode |= HCI_LM_AUTH;
1762
1763                 if (test_bit(HCI_ENCRYPT, &hdev->flags))
1764                         conn->link_mode |= HCI_LM_ENCRYPT;
1765
1766                 /* Get remote features */
1767                 if (conn->type == ACL_LINK) {
1768                         struct hci_cp_read_remote_features cp;
1769                         cp.handle = ev->handle;
1770                         hci_send_cmd(hdev, HCI_OP_READ_REMOTE_FEATURES,
1771                                      sizeof(cp), &cp);
1772                 }
1773
1774                 /* Set packet type for incoming connection */
1775                 if (!conn->out && hdev->hci_ver < BLUETOOTH_VER_2_0) {
1776                         struct hci_cp_change_conn_ptype cp;
1777                         cp.handle = ev->handle;
1778                         cp.pkt_type = cpu_to_le16(conn->pkt_type);
1779                         hci_send_cmd(hdev, HCI_OP_CHANGE_CONN_PTYPE, sizeof(cp),
1780                                      &cp);
1781                 }
1782         } else {
1783                 conn->state = BT_CLOSED;
1784                 if (conn->type == ACL_LINK)
1785                         mgmt_connect_failed(hdev, &conn->dst, conn->type,
1786                                             conn->dst_type, ev->status);
1787         }
1788
1789         if (conn->type == ACL_LINK)
1790                 hci_sco_setup(conn, ev->status);
1791
1792         if (ev->status) {
1793                 hci_proto_connect_cfm(conn, ev->status);
1794                 hci_conn_del(conn);
1795         } else if (ev->link_type != ACL_LINK)
1796                 hci_proto_connect_cfm(conn, ev->status);
1797
1798 unlock:
1799         hci_dev_unlock(hdev);
1800
1801         hci_conn_check_pending(hdev);
1802 }
1803
1804 static void hci_conn_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
1805 {
1806         struct hci_ev_conn_request *ev = (void *) skb->data;
1807         int mask = hdev->link_mode;
1808         __u8 flags = 0;
1809
1810         BT_DBG("%s bdaddr %pMR type 0x%x", hdev->name, &ev->bdaddr,
1811                ev->link_type);
1812
1813         mask |= hci_proto_connect_ind(hdev, &ev->bdaddr, ev->link_type,
1814                                       &flags);
1815
1816         if ((mask & HCI_LM_ACCEPT) &&
1817             !hci_blacklist_lookup(hdev, &ev->bdaddr, BDADDR_BREDR)) {
1818                 /* Connection accepted */
1819                 struct inquiry_entry *ie;
1820                 struct hci_conn *conn;
1821
1822                 hci_dev_lock(hdev);
1823
1824                 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
1825                 if (ie)
1826                         memcpy(ie->data.dev_class, ev->dev_class, 3);
1827
1828                 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type,
1829                                                &ev->bdaddr);
1830                 if (!conn) {
1831                         conn = hci_conn_add(hdev, ev->link_type, &ev->bdaddr);
1832                         if (!conn) {
1833                                 BT_ERR("No memory for new connection");
1834                                 hci_dev_unlock(hdev);
1835                                 return;
1836                         }
1837                 }
1838
1839                 memcpy(conn->dev_class, ev->dev_class, 3);
1840
1841                 hci_dev_unlock(hdev);
1842
1843                 if (ev->link_type == ACL_LINK ||
1844                     (!(flags & HCI_PROTO_DEFER) && !lmp_esco_capable(hdev))) {
1845                         struct hci_cp_accept_conn_req cp;
1846                         conn->state = BT_CONNECT;
1847
1848                         bacpy(&cp.bdaddr, &ev->bdaddr);
1849
1850                         if (lmp_rswitch_capable(hdev) && (mask & HCI_LM_MASTER))
1851                                 cp.role = 0x00; /* Become master */
1852                         else
1853                                 cp.role = 0x01; /* Remain slave */
1854
1855                         hci_send_cmd(hdev, HCI_OP_ACCEPT_CONN_REQ, sizeof(cp),
1856                                      &cp);
1857                 } else if (!(flags & HCI_PROTO_DEFER)) {
1858                         struct hci_cp_accept_sync_conn_req cp;
1859                         conn->state = BT_CONNECT;
1860
1861                         bacpy(&cp.bdaddr, &ev->bdaddr);
1862                         cp.pkt_type = cpu_to_le16(conn->pkt_type);
1863
1864                         cp.tx_bandwidth   = __constant_cpu_to_le32(0x00001f40);
1865                         cp.rx_bandwidth   = __constant_cpu_to_le32(0x00001f40);
1866                         cp.max_latency    = __constant_cpu_to_le16(0xffff);
1867                         cp.content_format = cpu_to_le16(hdev->voice_setting);
1868                         cp.retrans_effort = 0xff;
1869
1870                         hci_send_cmd(hdev, HCI_OP_ACCEPT_SYNC_CONN_REQ,
1871                                      sizeof(cp), &cp);
1872                 } else {
1873                         conn->state = BT_CONNECT2;
1874                         hci_proto_connect_cfm(conn, 0);
1875                 }
1876         } else {
1877                 /* Connection rejected */
1878                 struct hci_cp_reject_conn_req cp;
1879
1880                 bacpy(&cp.bdaddr, &ev->bdaddr);
1881                 cp.reason = HCI_ERROR_REJ_BAD_ADDR;
1882                 hci_send_cmd(hdev, HCI_OP_REJECT_CONN_REQ, sizeof(cp), &cp);
1883         }
1884 }
1885
1886 static u8 hci_to_mgmt_reason(u8 err)
1887 {
1888         switch (err) {
1889         case HCI_ERROR_CONNECTION_TIMEOUT:
1890                 return MGMT_DEV_DISCONN_TIMEOUT;
1891         case HCI_ERROR_REMOTE_USER_TERM:
1892         case HCI_ERROR_REMOTE_LOW_RESOURCES:
1893         case HCI_ERROR_REMOTE_POWER_OFF:
1894                 return MGMT_DEV_DISCONN_REMOTE;
1895         case HCI_ERROR_LOCAL_HOST_TERM:
1896                 return MGMT_DEV_DISCONN_LOCAL_HOST;
1897         default:
1898                 return MGMT_DEV_DISCONN_UNKNOWN;
1899         }
1900 }
1901
1902 static void hci_disconn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1903 {
1904         struct hci_ev_disconn_complete *ev = (void *) skb->data;
1905         u8 reason = hci_to_mgmt_reason(ev->reason);
1906         struct hci_conn_params *params;
1907         struct hci_conn *conn;
1908         bool mgmt_connected;
1909         u8 type;
1910
1911         BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
1912
1913         hci_dev_lock(hdev);
1914
1915         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1916         if (!conn)
1917                 goto unlock;
1918
1919         if (ev->status) {
1920                 mgmt_disconnect_failed(hdev, &conn->dst, conn->type,
1921                                        conn->dst_type, ev->status);
1922                 goto unlock;
1923         }
1924
1925         conn->state = BT_CLOSED;
1926
1927         mgmt_connected = test_and_clear_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags);
1928         mgmt_device_disconnected(hdev, &conn->dst, conn->type, conn->dst_type,
1929                                 reason, mgmt_connected);
1930
1931         if (conn->type == ACL_LINK && conn->flush_key)
1932                 hci_remove_link_key(hdev, &conn->dst);
1933
1934         params = hci_conn_params_lookup(hdev, &conn->dst, conn->dst_type);
1935         if (params) {
1936                 switch (params->auto_connect) {
1937                 case HCI_AUTO_CONN_LINK_LOSS:
1938                         if (ev->reason != HCI_ERROR_CONNECTION_TIMEOUT)
1939                                 break;
1940                         /* Fall through */
1941
1942                 case HCI_AUTO_CONN_ALWAYS:
1943                         hci_pend_le_conn_add(hdev, &conn->dst, conn->dst_type);
1944                         break;
1945
1946                 default:
1947                         break;
1948                 }
1949         }
1950
1951         type = conn->type;
1952
1953         hci_proto_disconn_cfm(conn, ev->reason);
1954         hci_conn_del(conn);
1955
1956         /* Re-enable advertising if necessary, since it might
1957          * have been disabled by the connection. From the
1958          * HCI_LE_Set_Advertise_Enable command description in
1959          * the core specification (v4.0):
1960          * "The Controller shall continue advertising until the Host
1961          * issues an LE_Set_Advertise_Enable command with
1962          * Advertising_Enable set to 0x00 (Advertising is disabled)
1963          * or until a connection is created or until the Advertising
1964          * is timed out due to Directed Advertising."
1965          */
1966         if (type == LE_LINK)
1967                 mgmt_reenable_advertising(hdev);
1968
1969 unlock:
1970         hci_dev_unlock(hdev);
1971 }
1972
1973 static void hci_auth_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1974 {
1975         struct hci_ev_auth_complete *ev = (void *) skb->data;
1976         struct hci_conn *conn;
1977
1978         BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
1979
1980         hci_dev_lock(hdev);
1981
1982         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1983         if (!conn)
1984                 goto unlock;
1985
1986         if (!ev->status) {
1987                 if (!hci_conn_ssp_enabled(conn) &&
1988                     test_bit(HCI_CONN_REAUTH_PEND, &conn->flags)) {
1989                         BT_INFO("re-auth of legacy device is not possible.");
1990                 } else {
1991                         conn->link_mode |= HCI_LM_AUTH;
1992                         conn->sec_level = conn->pending_sec_level;
1993                 }
1994         } else {
1995                 mgmt_auth_failed(hdev, &conn->dst, conn->type, conn->dst_type,
1996                                  ev->status);
1997         }
1998
1999         clear_bit(HCI_CONN_AUTH_PEND, &conn->flags);
2000         clear_bit(HCI_CONN_REAUTH_PEND, &conn->flags);
2001
2002         if (conn->state == BT_CONFIG) {
2003                 if (!ev->status && hci_conn_ssp_enabled(conn)) {
2004                         struct hci_cp_set_conn_encrypt cp;
2005                         cp.handle  = ev->handle;
2006                         cp.encrypt = 0x01;
2007                         hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
2008                                      &cp);
2009                 } else {
2010                         conn->state = BT_CONNECTED;
2011                         hci_proto_connect_cfm(conn, ev->status);
2012                         hci_conn_drop(conn);
2013                 }
2014         } else {
2015                 hci_auth_cfm(conn, ev->status);
2016
2017                 hci_conn_hold(conn);
2018                 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
2019                 hci_conn_drop(conn);
2020         }
2021
2022         if (test_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags)) {
2023                 if (!ev->status) {
2024                         struct hci_cp_set_conn_encrypt cp;
2025                         cp.handle  = ev->handle;
2026                         cp.encrypt = 0x01;
2027                         hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
2028                                      &cp);
2029                 } else {
2030                         clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
2031                         hci_encrypt_cfm(conn, ev->status, 0x00);
2032                 }
2033         }
2034
2035 unlock:
2036         hci_dev_unlock(hdev);
2037 }
2038
2039 static void hci_remote_name_evt(struct hci_dev *hdev, struct sk_buff *skb)
2040 {
2041         struct hci_ev_remote_name *ev = (void *) skb->data;
2042         struct hci_conn *conn;
2043
2044         BT_DBG("%s", hdev->name);
2045
2046         hci_conn_check_pending(hdev);
2047
2048         hci_dev_lock(hdev);
2049
2050         conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2051
2052         if (!test_bit(HCI_MGMT, &hdev->dev_flags))
2053                 goto check_auth;
2054
2055         if (ev->status == 0)
2056                 hci_check_pending_name(hdev, conn, &ev->bdaddr, ev->name,
2057                                        strnlen(ev->name, HCI_MAX_NAME_LENGTH));
2058         else
2059                 hci_check_pending_name(hdev, conn, &ev->bdaddr, NULL, 0);
2060
2061 check_auth:
2062         if (!conn)
2063                 goto unlock;
2064
2065         if (!hci_outgoing_auth_needed(hdev, conn))
2066                 goto unlock;
2067
2068         if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
2069                 struct hci_cp_auth_requested cp;
2070                 cp.handle = __cpu_to_le16(conn->handle);
2071                 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp);
2072         }
2073
2074 unlock:
2075         hci_dev_unlock(hdev);
2076 }
2077
2078 static void hci_encrypt_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2079 {
2080         struct hci_ev_encrypt_change *ev = (void *) skb->data;
2081         struct hci_conn *conn;
2082
2083         BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2084
2085         hci_dev_lock(hdev);
2086
2087         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2088         if (!conn)
2089                 goto unlock;
2090
2091         if (!ev->status) {
2092                 if (ev->encrypt) {
2093                         /* Encryption implies authentication */
2094                         conn->link_mode |= HCI_LM_AUTH;
2095                         conn->link_mode |= HCI_LM_ENCRYPT;
2096                         conn->sec_level = conn->pending_sec_level;
2097
2098                         /* P-256 authentication key implies FIPS */
2099                         if (conn->key_type == HCI_LK_AUTH_COMBINATION_P256)
2100                                 conn->link_mode |= HCI_LM_FIPS;
2101
2102                         if ((conn->type == ACL_LINK && ev->encrypt == 0x02) ||
2103                             conn->type == LE_LINK)
2104                                 set_bit(HCI_CONN_AES_CCM, &conn->flags);
2105                 } else {
2106                         conn->link_mode &= ~HCI_LM_ENCRYPT;
2107                         clear_bit(HCI_CONN_AES_CCM, &conn->flags);
2108                 }
2109         }
2110
2111         clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
2112
2113         if (ev->status && conn->state == BT_CONNECTED) {
2114                 hci_disconnect(conn, HCI_ERROR_AUTH_FAILURE);
2115                 hci_conn_drop(conn);
2116                 goto unlock;
2117         }
2118
2119         if (conn->state == BT_CONFIG) {
2120                 if (!ev->status)
2121                         conn->state = BT_CONNECTED;
2122
2123                 hci_proto_connect_cfm(conn, ev->status);
2124                 hci_conn_drop(conn);
2125         } else
2126                 hci_encrypt_cfm(conn, ev->status, ev->encrypt);
2127
2128 unlock:
2129         hci_dev_unlock(hdev);
2130 }
2131
2132 static void hci_change_link_key_complete_evt(struct hci_dev *hdev,
2133                                              struct sk_buff *skb)
2134 {
2135         struct hci_ev_change_link_key_complete *ev = (void *) skb->data;
2136         struct hci_conn *conn;
2137
2138         BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2139
2140         hci_dev_lock(hdev);
2141
2142         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2143         if (conn) {
2144                 if (!ev->status)
2145                         conn->link_mode |= HCI_LM_SECURE;
2146
2147                 clear_bit(HCI_CONN_AUTH_PEND, &conn->flags);
2148
2149                 hci_key_change_cfm(conn, ev->status);
2150         }
2151
2152         hci_dev_unlock(hdev);
2153 }
2154
2155 static void hci_remote_features_evt(struct hci_dev *hdev,
2156                                     struct sk_buff *skb)
2157 {
2158         struct hci_ev_remote_features *ev = (void *) skb->data;
2159         struct hci_conn *conn;
2160
2161         BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2162
2163         hci_dev_lock(hdev);
2164
2165         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2166         if (!conn)
2167                 goto unlock;
2168
2169         if (!ev->status)
2170                 memcpy(conn->features[0], ev->features, 8);
2171
2172         if (conn->state != BT_CONFIG)
2173                 goto unlock;
2174
2175         if (!ev->status && lmp_ssp_capable(hdev) && lmp_ssp_capable(conn)) {
2176                 struct hci_cp_read_remote_ext_features cp;
2177                 cp.handle = ev->handle;
2178                 cp.page = 0x01;
2179                 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES,
2180                              sizeof(cp), &cp);
2181                 goto unlock;
2182         }
2183
2184         if (!ev->status && !test_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags)) {
2185                 struct hci_cp_remote_name_req cp;
2186                 memset(&cp, 0, sizeof(cp));
2187                 bacpy(&cp.bdaddr, &conn->dst);
2188                 cp.pscan_rep_mode = 0x02;
2189                 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
2190         } else if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
2191                 mgmt_device_connected(hdev, &conn->dst, conn->type,
2192                                       conn->dst_type, 0, NULL, 0,
2193                                       conn->dev_class);
2194
2195         if (!hci_outgoing_auth_needed(hdev, conn)) {
2196                 conn->state = BT_CONNECTED;
2197                 hci_proto_connect_cfm(conn, ev->status);
2198                 hci_conn_drop(conn);
2199         }
2200
2201 unlock:
2202         hci_dev_unlock(hdev);
2203 }
2204
2205 static void hci_cmd_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2206 {
2207         struct hci_ev_cmd_complete *ev = (void *) skb->data;
2208         u8 status = skb->data[sizeof(*ev)];
2209         __u16 opcode;
2210
2211         skb_pull(skb, sizeof(*ev));
2212
2213         opcode = __le16_to_cpu(ev->opcode);
2214
2215         switch (opcode) {
2216         case HCI_OP_INQUIRY_CANCEL:
2217                 hci_cc_inquiry_cancel(hdev, skb);
2218                 break;
2219
2220         case HCI_OP_PERIODIC_INQ:
2221                 hci_cc_periodic_inq(hdev, skb);
2222                 break;
2223
2224         case HCI_OP_EXIT_PERIODIC_INQ:
2225                 hci_cc_exit_periodic_inq(hdev, skb);
2226                 break;
2227
2228         case HCI_OP_REMOTE_NAME_REQ_CANCEL:
2229                 hci_cc_remote_name_req_cancel(hdev, skb);
2230                 break;
2231
2232         case HCI_OP_ROLE_DISCOVERY:
2233                 hci_cc_role_discovery(hdev, skb);
2234                 break;
2235
2236         case HCI_OP_READ_LINK_POLICY:
2237                 hci_cc_read_link_policy(hdev, skb);
2238                 break;
2239
2240         case HCI_OP_WRITE_LINK_POLICY:
2241                 hci_cc_write_link_policy(hdev, skb);
2242                 break;
2243
2244         case HCI_OP_READ_DEF_LINK_POLICY:
2245                 hci_cc_read_def_link_policy(hdev, skb);
2246                 break;
2247
2248         case HCI_OP_WRITE_DEF_LINK_POLICY:
2249                 hci_cc_write_def_link_policy(hdev, skb);
2250                 break;
2251
2252         case HCI_OP_RESET:
2253                 hci_cc_reset(hdev, skb);
2254                 break;
2255
2256         case HCI_OP_WRITE_LOCAL_NAME:
2257                 hci_cc_write_local_name(hdev, skb);
2258                 break;
2259
2260         case HCI_OP_READ_LOCAL_NAME:
2261                 hci_cc_read_local_name(hdev, skb);
2262                 break;
2263
2264         case HCI_OP_WRITE_AUTH_ENABLE:
2265                 hci_cc_write_auth_enable(hdev, skb);
2266                 break;
2267
2268         case HCI_OP_WRITE_ENCRYPT_MODE:
2269                 hci_cc_write_encrypt_mode(hdev, skb);
2270                 break;
2271
2272         case HCI_OP_WRITE_SCAN_ENABLE:
2273                 hci_cc_write_scan_enable(hdev, skb);
2274                 break;
2275
2276         case HCI_OP_READ_CLASS_OF_DEV:
2277                 hci_cc_read_class_of_dev(hdev, skb);
2278                 break;
2279
2280         case HCI_OP_WRITE_CLASS_OF_DEV:
2281                 hci_cc_write_class_of_dev(hdev, skb);
2282                 break;
2283
2284         case HCI_OP_READ_VOICE_SETTING:
2285                 hci_cc_read_voice_setting(hdev, skb);
2286                 break;
2287
2288         case HCI_OP_WRITE_VOICE_SETTING:
2289                 hci_cc_write_voice_setting(hdev, skb);
2290                 break;
2291
2292         case HCI_OP_READ_NUM_SUPPORTED_IAC:
2293                 hci_cc_read_num_supported_iac(hdev, skb);
2294                 break;
2295
2296         case HCI_OP_WRITE_SSP_MODE:
2297                 hci_cc_write_ssp_mode(hdev, skb);
2298                 break;
2299
2300         case HCI_OP_WRITE_SC_SUPPORT:
2301                 hci_cc_write_sc_support(hdev, skb);
2302                 break;
2303
2304         case HCI_OP_READ_LOCAL_VERSION:
2305                 hci_cc_read_local_version(hdev, skb);
2306                 break;
2307
2308         case HCI_OP_READ_LOCAL_COMMANDS:
2309                 hci_cc_read_local_commands(hdev, skb);
2310                 break;
2311
2312         case HCI_OP_READ_LOCAL_FEATURES:
2313                 hci_cc_read_local_features(hdev, skb);
2314                 break;
2315
2316         case HCI_OP_READ_LOCAL_EXT_FEATURES:
2317                 hci_cc_read_local_ext_features(hdev, skb);
2318                 break;
2319
2320         case HCI_OP_READ_BUFFER_SIZE:
2321                 hci_cc_read_buffer_size(hdev, skb);
2322                 break;
2323
2324         case HCI_OP_READ_BD_ADDR:
2325                 hci_cc_read_bd_addr(hdev, skb);
2326                 break;
2327
2328         case HCI_OP_READ_PAGE_SCAN_ACTIVITY:
2329                 hci_cc_read_page_scan_activity(hdev, skb);
2330                 break;
2331
2332         case HCI_OP_WRITE_PAGE_SCAN_ACTIVITY:
2333                 hci_cc_write_page_scan_activity(hdev, skb);
2334                 break;
2335
2336         case HCI_OP_READ_PAGE_SCAN_TYPE:
2337                 hci_cc_read_page_scan_type(hdev, skb);
2338                 break;
2339
2340         case HCI_OP_WRITE_PAGE_SCAN_TYPE:
2341                 hci_cc_write_page_scan_type(hdev, skb);
2342                 break;
2343
2344         case HCI_OP_READ_DATA_BLOCK_SIZE:
2345                 hci_cc_read_data_block_size(hdev, skb);
2346                 break;
2347
2348         case HCI_OP_READ_FLOW_CONTROL_MODE:
2349                 hci_cc_read_flow_control_mode(hdev, skb);
2350                 break;
2351
2352         case HCI_OP_READ_LOCAL_AMP_INFO:
2353                 hci_cc_read_local_amp_info(hdev, skb);
2354                 break;
2355
2356         case HCI_OP_READ_LOCAL_AMP_ASSOC:
2357                 hci_cc_read_local_amp_assoc(hdev, skb);
2358                 break;
2359
2360         case HCI_OP_READ_INQ_RSP_TX_POWER:
2361                 hci_cc_read_inq_rsp_tx_power(hdev, skb);
2362                 break;
2363
2364         case HCI_OP_PIN_CODE_REPLY:
2365                 hci_cc_pin_code_reply(hdev, skb);
2366                 break;
2367
2368         case HCI_OP_PIN_CODE_NEG_REPLY:
2369                 hci_cc_pin_code_neg_reply(hdev, skb);
2370                 break;
2371
2372         case HCI_OP_READ_LOCAL_OOB_DATA:
2373                 hci_cc_read_local_oob_data(hdev, skb);
2374                 break;
2375
2376         case HCI_OP_READ_LOCAL_OOB_EXT_DATA:
2377                 hci_cc_read_local_oob_ext_data(hdev, skb);
2378                 break;
2379
2380         case HCI_OP_LE_READ_BUFFER_SIZE:
2381                 hci_cc_le_read_buffer_size(hdev, skb);
2382                 break;
2383
2384         case HCI_OP_LE_READ_LOCAL_FEATURES:
2385                 hci_cc_le_read_local_features(hdev, skb);
2386                 break;
2387
2388         case HCI_OP_LE_READ_ADV_TX_POWER:
2389                 hci_cc_le_read_adv_tx_power(hdev, skb);
2390                 break;
2391
2392         case HCI_OP_USER_CONFIRM_REPLY:
2393                 hci_cc_user_confirm_reply(hdev, skb);
2394                 break;
2395
2396         case HCI_OP_USER_CONFIRM_NEG_REPLY:
2397                 hci_cc_user_confirm_neg_reply(hdev, skb);
2398                 break;
2399
2400         case HCI_OP_USER_PASSKEY_REPLY:
2401                 hci_cc_user_passkey_reply(hdev, skb);
2402                 break;
2403
2404         case HCI_OP_USER_PASSKEY_NEG_REPLY:
2405                 hci_cc_user_passkey_neg_reply(hdev, skb);
2406                 break;
2407
2408         case HCI_OP_LE_SET_RANDOM_ADDR:
2409                 hci_cc_le_set_random_addr(hdev, skb);
2410                 break;
2411
2412         case HCI_OP_LE_SET_ADV_ENABLE:
2413                 hci_cc_le_set_adv_enable(hdev, skb);
2414                 break;
2415
2416         case HCI_OP_LE_SET_SCAN_ENABLE:
2417                 hci_cc_le_set_scan_enable(hdev, skb);
2418                 break;
2419
2420         case HCI_OP_LE_READ_WHITE_LIST_SIZE:
2421                 hci_cc_le_read_white_list_size(hdev, skb);
2422                 break;
2423
2424         case HCI_OP_LE_CLEAR_WHITE_LIST:
2425                 hci_cc_le_clear_white_list(hdev, skb);
2426                 break;
2427
2428         case HCI_OP_LE_ADD_TO_WHITE_LIST:
2429                 hci_cc_le_add_to_white_list(hdev, skb);
2430                 break;
2431
2432         case HCI_OP_LE_DEL_FROM_WHITE_LIST:
2433                 hci_cc_le_del_from_white_list(hdev, skb);
2434                 break;
2435
2436         case HCI_OP_LE_READ_SUPPORTED_STATES:
2437                 hci_cc_le_read_supported_states(hdev, skb);
2438                 break;
2439
2440         case HCI_OP_WRITE_LE_HOST_SUPPORTED:
2441                 hci_cc_write_le_host_supported(hdev, skb);
2442                 break;
2443
2444         case HCI_OP_LE_SET_ADV_PARAM:
2445                 hci_cc_set_adv_param(hdev, skb);
2446                 break;
2447
2448         case HCI_OP_WRITE_REMOTE_AMP_ASSOC:
2449                 hci_cc_write_remote_amp_assoc(hdev, skb);
2450                 break;
2451
2452         default:
2453                 BT_DBG("%s opcode 0x%4.4x", hdev->name, opcode);
2454                 break;
2455         }
2456
2457         if (opcode != HCI_OP_NOP)
2458                 del_timer(&hdev->cmd_timer);
2459
2460         hci_req_cmd_complete(hdev, opcode, status);
2461
2462         if (ev->ncmd && !test_bit(HCI_RESET, &hdev->flags)) {
2463                 atomic_set(&hdev->cmd_cnt, 1);
2464                 if (!skb_queue_empty(&hdev->cmd_q))
2465                         queue_work(hdev->workqueue, &hdev->cmd_work);
2466         }
2467 }
2468
2469 static void hci_cmd_status_evt(struct hci_dev *hdev, struct sk_buff *skb)
2470 {
2471         struct hci_ev_cmd_status *ev = (void *) skb->data;
2472         __u16 opcode;
2473
2474         skb_pull(skb, sizeof(*ev));
2475
2476         opcode = __le16_to_cpu(ev->opcode);
2477
2478         switch (opcode) {
2479         case HCI_OP_INQUIRY:
2480                 hci_cs_inquiry(hdev, ev->status);
2481                 break;
2482
2483         case HCI_OP_CREATE_CONN:
2484                 hci_cs_create_conn(hdev, ev->status);
2485                 break;
2486
2487         case HCI_OP_ADD_SCO:
2488                 hci_cs_add_sco(hdev, ev->status);
2489                 break;
2490
2491         case HCI_OP_AUTH_REQUESTED:
2492                 hci_cs_auth_requested(hdev, ev->status);
2493                 break;
2494
2495         case HCI_OP_SET_CONN_ENCRYPT:
2496                 hci_cs_set_conn_encrypt(hdev, ev->status);
2497                 break;
2498
2499         case HCI_OP_REMOTE_NAME_REQ:
2500                 hci_cs_remote_name_req(hdev, ev->status);
2501                 break;
2502
2503         case HCI_OP_READ_REMOTE_FEATURES:
2504                 hci_cs_read_remote_features(hdev, ev->status);
2505                 break;
2506
2507         case HCI_OP_READ_REMOTE_EXT_FEATURES:
2508                 hci_cs_read_remote_ext_features(hdev, ev->status);
2509                 break;
2510
2511         case HCI_OP_SETUP_SYNC_CONN:
2512                 hci_cs_setup_sync_conn(hdev, ev->status);
2513                 break;
2514
2515         case HCI_OP_SNIFF_MODE:
2516                 hci_cs_sniff_mode(hdev, ev->status);
2517                 break;
2518
2519         case HCI_OP_EXIT_SNIFF_MODE:
2520                 hci_cs_exit_sniff_mode(hdev, ev->status);
2521                 break;
2522
2523         case HCI_OP_DISCONNECT:
2524                 hci_cs_disconnect(hdev, ev->status);
2525                 break;
2526
2527         case HCI_OP_CREATE_PHY_LINK:
2528                 hci_cs_create_phylink(hdev, ev->status);
2529                 break;
2530
2531         case HCI_OP_ACCEPT_PHY_LINK:
2532                 hci_cs_accept_phylink(hdev, ev->status);
2533                 break;
2534
2535         default:
2536                 BT_DBG("%s opcode 0x%4.4x", hdev->name, opcode);
2537                 break;
2538         }
2539
2540         if (opcode != HCI_OP_NOP)
2541                 del_timer(&hdev->cmd_timer);
2542
2543         if (ev->status ||
2544             (hdev->sent_cmd && !bt_cb(hdev->sent_cmd)->req.event))
2545                 hci_req_cmd_complete(hdev, opcode, ev->status);
2546
2547         if (ev->ncmd && !test_bit(HCI_RESET, &hdev->flags)) {
2548                 atomic_set(&hdev->cmd_cnt, 1);
2549                 if (!skb_queue_empty(&hdev->cmd_q))
2550                         queue_work(hdev->workqueue, &hdev->cmd_work);
2551         }
2552 }
2553
2554 static void hci_role_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2555 {
2556         struct hci_ev_role_change *ev = (void *) skb->data;
2557         struct hci_conn *conn;
2558
2559         BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2560
2561         hci_dev_lock(hdev);
2562
2563         conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2564         if (conn) {
2565                 if (!ev->status) {
2566                         if (ev->role)
2567                                 conn->link_mode &= ~HCI_LM_MASTER;
2568                         else
2569                                 conn->link_mode |= HCI_LM_MASTER;
2570                 }
2571
2572                 clear_bit(HCI_CONN_RSWITCH_PEND, &conn->flags);
2573
2574                 hci_role_switch_cfm(conn, ev->status, ev->role);
2575         }
2576
2577         hci_dev_unlock(hdev);
2578 }
2579
2580 static void hci_num_comp_pkts_evt(struct hci_dev *hdev, struct sk_buff *skb)
2581 {
2582         struct hci_ev_num_comp_pkts *ev = (void *) skb->data;
2583         int i;
2584
2585         if (hdev->flow_ctl_mode != HCI_FLOW_CTL_MODE_PACKET_BASED) {
2586                 BT_ERR("Wrong event for mode %d", hdev->flow_ctl_mode);
2587                 return;
2588         }
2589
2590         if (skb->len < sizeof(*ev) || skb->len < sizeof(*ev) +
2591             ev->num_hndl * sizeof(struct hci_comp_pkts_info)) {
2592                 BT_DBG("%s bad parameters", hdev->name);
2593                 return;
2594         }
2595
2596         BT_DBG("%s num_hndl %d", hdev->name, ev->num_hndl);
2597
2598         for (i = 0; i < ev->num_hndl; i++) {
2599                 struct hci_comp_pkts_info *info = &ev->handles[i];
2600                 struct hci_conn *conn;
2601                 __u16  handle, count;
2602
2603                 handle = __le16_to_cpu(info->handle);
2604                 count  = __le16_to_cpu(info->count);
2605
2606                 conn = hci_conn_hash_lookup_handle(hdev, handle);
2607                 if (!conn)
2608                         continue;
2609
2610                 conn->sent -= count;
2611
2612                 switch (conn->type) {
2613                 case ACL_LINK:
2614                         hdev->acl_cnt += count;
2615                         if (hdev->acl_cnt > hdev->acl_pkts)
2616                                 hdev->acl_cnt = hdev->acl_pkts;
2617                         break;
2618
2619                 case LE_LINK:
2620                         if (hdev->le_pkts) {
2621                                 hdev->le_cnt += count;
2622                                 if (hdev->le_cnt > hdev->le_pkts)
2623                                         hdev->le_cnt = hdev->le_pkts;
2624                         } else {
2625                                 hdev->acl_cnt += count;
2626                                 if (hdev->acl_cnt > hdev->acl_pkts)
2627                                         hdev->acl_cnt = hdev->acl_pkts;
2628                         }
2629                         break;
2630
2631                 case SCO_LINK:
2632                         hdev->sco_cnt += count;
2633                         if (hdev->sco_cnt > hdev->sco_pkts)
2634                                 hdev->sco_cnt = hdev->sco_pkts;
2635                         break;
2636
2637                 default:
2638                         BT_ERR("Unknown type %d conn %p", conn->type, conn);
2639                         break;
2640                 }
2641         }
2642
2643         queue_work(hdev->workqueue, &hdev->tx_work);
2644 }
2645
2646 static struct hci_conn *__hci_conn_lookup_handle(struct hci_dev *hdev,
2647                                                  __u16 handle)
2648 {
2649         struct hci_chan *chan;
2650
2651         switch (hdev->dev_type) {
2652         case HCI_BREDR:
2653                 return hci_conn_hash_lookup_handle(hdev, handle);
2654         case HCI_AMP:
2655                 chan = hci_chan_lookup_handle(hdev, handle);
2656                 if (chan)
2657                         return chan->conn;
2658                 break;
2659         default:
2660                 BT_ERR("%s unknown dev_type %d", hdev->name, hdev->dev_type);
2661                 break;
2662         }
2663
2664         return NULL;
2665 }
2666
2667 static void hci_num_comp_blocks_evt(struct hci_dev *hdev, struct sk_buff *skb)
2668 {
2669         struct hci_ev_num_comp_blocks *ev = (void *) skb->data;
2670         int i;
2671
2672         if (hdev->flow_ctl_mode != HCI_FLOW_CTL_MODE_BLOCK_BASED) {
2673                 BT_ERR("Wrong event for mode %d", hdev->flow_ctl_mode);
2674                 return;
2675         }
2676
2677         if (skb->len < sizeof(*ev) || skb->len < sizeof(*ev) +
2678             ev->num_hndl * sizeof(struct hci_comp_blocks_info)) {
2679                 BT_DBG("%s bad parameters", hdev->name);
2680                 return;
2681         }
2682
2683         BT_DBG("%s num_blocks %d num_hndl %d", hdev->name, ev->num_blocks,
2684                ev->num_hndl);
2685
2686         for (i = 0; i < ev->num_hndl; i++) {
2687                 struct hci_comp_blocks_info *info = &ev->handles[i];
2688                 struct hci_conn *conn = NULL;
2689                 __u16  handle, block_count;
2690
2691                 handle = __le16_to_cpu(info->handle);
2692                 block_count = __le16_to_cpu(info->blocks);
2693
2694                 conn = __hci_conn_lookup_handle(hdev, handle);
2695                 if (!conn)
2696                         continue;
2697
2698                 conn->sent -= block_count;
2699
2700                 switch (conn->type) {
2701                 case ACL_LINK:
2702                 case AMP_LINK:
2703                         hdev->block_cnt += block_count;
2704                         if (hdev->block_cnt > hdev->num_blocks)
2705                                 hdev->block_cnt = hdev->num_blocks;
2706                         break;
2707
2708                 default:
2709                         BT_ERR("Unknown type %d conn %p", conn->type, conn);
2710                         break;
2711                 }
2712         }
2713
2714         queue_work(hdev->workqueue, &hdev->tx_work);
2715 }
2716
2717 static void hci_mode_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2718 {
2719         struct hci_ev_mode_change *ev = (void *) skb->data;
2720         struct hci_conn *conn;
2721
2722         BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2723
2724         hci_dev_lock(hdev);
2725
2726         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2727         if (conn) {
2728                 conn->mode = ev->mode;
2729
2730                 if (!test_and_clear_bit(HCI_CONN_MODE_CHANGE_PEND,
2731                                         &conn->flags)) {
2732                         if (conn->mode == HCI_CM_ACTIVE)
2733                                 set_bit(HCI_CONN_POWER_SAVE, &conn->flags);
2734                         else
2735                                 clear_bit(HCI_CONN_POWER_SAVE, &conn->flags);
2736                 }
2737
2738                 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
2739                         hci_sco_setup(conn, ev->status);
2740         }
2741
2742         hci_dev_unlock(hdev);
2743 }
2744
2745 static void hci_pin_code_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
2746 {
2747         struct hci_ev_pin_code_req *ev = (void *) skb->data;
2748         struct hci_conn *conn;
2749
2750         BT_DBG("%s", hdev->name);
2751
2752         hci_dev_lock(hdev);
2753
2754         conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2755         if (!conn)
2756                 goto unlock;
2757
2758         if (conn->state == BT_CONNECTED) {
2759                 hci_conn_hold(conn);
2760                 conn->disc_timeout = HCI_PAIRING_TIMEOUT;
2761                 hci_conn_drop(conn);
2762         }
2763
2764         if (!test_bit(HCI_PAIRABLE, &hdev->dev_flags))
2765                 hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
2766                              sizeof(ev->bdaddr), &ev->bdaddr);
2767         else if (test_bit(HCI_MGMT, &hdev->dev_flags)) {
2768                 u8 secure;
2769
2770                 if (conn->pending_sec_level == BT_SECURITY_HIGH)
2771                         secure = 1;
2772                 else
2773                         secure = 0;
2774
2775                 mgmt_pin_code_request(hdev, &ev->bdaddr, secure);
2776         }
2777
2778 unlock:
2779         hci_dev_unlock(hdev);
2780 }
2781
2782 static void hci_link_key_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
2783 {
2784         struct hci_ev_link_key_req *ev = (void *) skb->data;
2785         struct hci_cp_link_key_reply cp;
2786         struct hci_conn *conn;
2787         struct link_key *key;
2788
2789         BT_DBG("%s", hdev->name);
2790
2791         if (!test_bit(HCI_MGMT, &hdev->dev_flags))
2792                 return;
2793
2794         hci_dev_lock(hdev);
2795
2796         key = hci_find_link_key(hdev, &ev->bdaddr);
2797         if (!key) {
2798                 BT_DBG("%s link key not found for %pMR", hdev->name,
2799                        &ev->bdaddr);
2800                 goto not_found;
2801         }
2802
2803         BT_DBG("%s found key type %u for %pMR", hdev->name, key->type,
2804                &ev->bdaddr);
2805
2806         if (!test_bit(HCI_DEBUG_KEYS, &hdev->dev_flags) &&
2807             key->type == HCI_LK_DEBUG_COMBINATION) {
2808                 BT_DBG("%s ignoring debug key", hdev->name);
2809                 goto not_found;
2810         }
2811
2812         conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2813         if (conn) {
2814                 if ((key->type == HCI_LK_UNAUTH_COMBINATION_P192 ||
2815                      key->type == HCI_LK_UNAUTH_COMBINATION_P256) &&
2816                     conn->auth_type != 0xff && (conn->auth_type & 0x01)) {
2817                         BT_DBG("%s ignoring unauthenticated key", hdev->name);
2818                         goto not_found;
2819                 }
2820
2821                 if (key->type == HCI_LK_COMBINATION && key->pin_len < 16 &&
2822                     conn->pending_sec_level == BT_SECURITY_HIGH) {
2823                         BT_DBG("%s ignoring key unauthenticated for high security",
2824                                hdev->name);
2825                         goto not_found;
2826                 }
2827
2828                 conn->key_type = key->type;
2829                 conn->pin_length = key->pin_len;
2830         }
2831
2832         bacpy(&cp.bdaddr, &ev->bdaddr);
2833         memcpy(cp.link_key, key->val, HCI_LINK_KEY_SIZE);
2834
2835         hci_send_cmd(hdev, HCI_OP_LINK_KEY_REPLY, sizeof(cp), &cp);
2836
2837         hci_dev_unlock(hdev);
2838
2839         return;
2840
2841 not_found:
2842         hci_send_cmd(hdev, HCI_OP_LINK_KEY_NEG_REPLY, 6, &ev->bdaddr);
2843         hci_dev_unlock(hdev);
2844 }
2845
2846 static void hci_link_key_notify_evt(struct hci_dev *hdev, struct sk_buff *skb)
2847 {
2848         struct hci_ev_link_key_notify *ev = (void *) skb->data;
2849         struct hci_conn *conn;
2850         u8 pin_len = 0;
2851
2852         BT_DBG("%s", hdev->name);
2853
2854         hci_dev_lock(hdev);
2855
2856         conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2857         if (conn) {
2858                 hci_conn_hold(conn);
2859                 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
2860                 pin_len = conn->pin_length;
2861
2862                 if (ev->key_type != HCI_LK_CHANGED_COMBINATION)
2863                         conn->key_type = ev->key_type;
2864
2865                 hci_conn_drop(conn);
2866         }
2867
2868         if (test_bit(HCI_MGMT, &hdev->dev_flags))
2869                 hci_add_link_key(hdev, conn, 1, &ev->bdaddr, ev->link_key,
2870                                  ev->key_type, pin_len);
2871
2872         hci_dev_unlock(hdev);
2873 }
2874
2875 static void hci_clock_offset_evt(struct hci_dev *hdev, struct sk_buff *skb)
2876 {
2877         struct hci_ev_clock_offset *ev = (void *) skb->data;
2878         struct hci_conn *conn;
2879
2880         BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2881
2882         hci_dev_lock(hdev);
2883
2884         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2885         if (conn && !ev->status) {
2886                 struct inquiry_entry *ie;
2887
2888                 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
2889                 if (ie) {
2890                         ie->data.clock_offset = ev->clock_offset;
2891                         ie->timestamp = jiffies;
2892                 }
2893         }
2894
2895         hci_dev_unlock(hdev);
2896 }
2897
2898 static void hci_pkt_type_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2899 {
2900         struct hci_ev_pkt_type_change *ev = (void *) skb->data;
2901         struct hci_conn *conn;
2902
2903         BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2904
2905         hci_dev_lock(hdev);
2906
2907         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2908         if (conn && !ev->status)
2909                 conn->pkt_type = __le16_to_cpu(ev->pkt_type);
2910
2911         hci_dev_unlock(hdev);
2912 }
2913
2914 static void hci_pscan_rep_mode_evt(struct hci_dev *hdev, struct sk_buff *skb)
2915 {
2916         struct hci_ev_pscan_rep_mode *ev = (void *) skb->data;
2917         struct inquiry_entry *ie;
2918
2919         BT_DBG("%s", hdev->name);
2920
2921         hci_dev_lock(hdev);
2922
2923         ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
2924         if (ie) {
2925                 ie->data.pscan_rep_mode = ev->pscan_rep_mode;
2926                 ie->timestamp = jiffies;
2927         }
2928
2929         hci_dev_unlock(hdev);
2930 }
2931
2932 static void hci_inquiry_result_with_rssi_evt(struct hci_dev *hdev,
2933                                              struct sk_buff *skb)
2934 {
2935         struct inquiry_data data;
2936         int num_rsp = *((__u8 *) skb->data);
2937         bool name_known, ssp;
2938
2939         BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
2940
2941         if (!num_rsp)
2942                 return;
2943
2944         if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags))
2945                 return;
2946
2947         hci_dev_lock(hdev);
2948
2949         if ((skb->len - 1) / num_rsp != sizeof(struct inquiry_info_with_rssi)) {
2950                 struct inquiry_info_with_rssi_and_pscan_mode *info;
2951                 info = (void *) (skb->data + 1);
2952
2953                 for (; num_rsp; num_rsp--, info++) {
2954                         bacpy(&data.bdaddr, &info->bdaddr);
2955                         data.pscan_rep_mode     = info->pscan_rep_mode;
2956                         data.pscan_period_mode  = info->pscan_period_mode;
2957                         data.pscan_mode         = info->pscan_mode;
2958                         memcpy(data.dev_class, info->dev_class, 3);
2959                         data.clock_offset       = info->clock_offset;
2960                         data.rssi               = info->rssi;
2961                         data.ssp_mode           = 0x00;
2962
2963                         name_known = hci_inquiry_cache_update(hdev, &data,
2964                                                               false, &ssp);
2965                         mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
2966                                           info->dev_class, info->rssi,
2967                                           !name_known, ssp, NULL, 0);
2968                 }
2969         } else {
2970                 struct inquiry_info_with_rssi *info = (void *) (skb->data + 1);
2971
2972                 for (; num_rsp; num_rsp--, info++) {
2973                         bacpy(&data.bdaddr, &info->bdaddr);
2974                         data.pscan_rep_mode     = info->pscan_rep_mode;
2975                         data.pscan_period_mode  = info->pscan_period_mode;
2976                         data.pscan_mode         = 0x00;
2977                         memcpy(data.dev_class, info->dev_class, 3);
2978                         data.clock_offset       = info->clock_offset;
2979                         data.rssi               = info->rssi;
2980                         data.ssp_mode           = 0x00;
2981                         name_known = hci_inquiry_cache_update(hdev, &data,
2982                                                               false, &ssp);
2983                         mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
2984                                           info->dev_class, info->rssi,
2985                                           !name_known, ssp, NULL, 0);
2986                 }
2987         }
2988
2989         hci_dev_unlock(hdev);
2990 }
2991
2992 static void hci_remote_ext_features_evt(struct hci_dev *hdev,
2993                                         struct sk_buff *skb)
2994 {
2995         struct hci_ev_remote_ext_features *ev = (void *) skb->data;
2996         struct hci_conn *conn;
2997
2998         BT_DBG("%s", hdev->name);
2999
3000         hci_dev_lock(hdev);
3001
3002         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
3003         if (!conn)
3004                 goto unlock;
3005
3006         if (ev->page < HCI_MAX_PAGES)
3007                 memcpy(conn->features[ev->page], ev->features, 8);
3008
3009         if (!ev->status && ev->page == 0x01) {
3010                 struct inquiry_entry *ie;
3011
3012                 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
3013                 if (ie)
3014                         ie->data.ssp_mode = (ev->features[0] & LMP_HOST_SSP);
3015
3016                 if (ev->features[0] & LMP_HOST_SSP) {
3017                         set_bit(HCI_CONN_SSP_ENABLED, &conn->flags);
3018                 } else {
3019                         /* It is mandatory by the Bluetooth specification that
3020                          * Extended Inquiry Results are only used when Secure
3021                          * Simple Pairing is enabled, but some devices violate
3022                          * this.
3023                          *
3024                          * To make these devices work, the internal SSP
3025                          * enabled flag needs to be cleared if the remote host
3026                          * features do not indicate SSP support */
3027                         clear_bit(HCI_CONN_SSP_ENABLED, &conn->flags);
3028                 }
3029
3030                 if (ev->features[0] & LMP_HOST_SC)
3031                         set_bit(HCI_CONN_SC_ENABLED, &conn->flags);
3032         }
3033
3034         if (conn->state != BT_CONFIG)
3035                 goto unlock;
3036
3037         if (!ev->status && !test_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags)) {
3038                 struct hci_cp_remote_name_req cp;
3039                 memset(&cp, 0, sizeof(cp));
3040                 bacpy(&cp.bdaddr, &conn->dst);
3041                 cp.pscan_rep_mode = 0x02;
3042                 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
3043         } else if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
3044                 mgmt_device_connected(hdev, &conn->dst, conn->type,
3045                                       conn->dst_type, 0, NULL, 0,
3046                                       conn->dev_class);
3047
3048         if (!hci_outgoing_auth_needed(hdev, conn)) {
3049                 conn->state = BT_CONNECTED;
3050                 hci_proto_connect_cfm(conn, ev->status);
3051                 hci_conn_drop(conn);
3052         }
3053
3054 unlock:
3055         hci_dev_unlock(hdev);
3056 }
3057
3058 static void hci_sync_conn_complete_evt(struct hci_dev *hdev,
3059                                        struct sk_buff *skb)
3060 {
3061         struct hci_ev_sync_conn_complete *ev = (void *) skb->data;
3062         struct hci_conn *conn;
3063
3064         BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
3065
3066         hci_dev_lock(hdev);
3067
3068         conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
3069         if (!conn) {
3070                 if (ev->link_type == ESCO_LINK)
3071                         goto unlock;
3072
3073                 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
3074                 if (!conn)
3075                         goto unlock;
3076
3077                 conn->type = SCO_LINK;
3078         }
3079
3080         switch (ev->status) {
3081         case 0x00:
3082                 conn->handle = __le16_to_cpu(ev->handle);
3083                 conn->state  = BT_CONNECTED;
3084
3085                 hci_conn_add_sysfs(conn);
3086                 break;
3087
3088         case 0x0d:      /* Connection Rejected due to Limited Resources */
3089         case 0x11:      /* Unsupported Feature or Parameter Value */
3090         case 0x1c:      /* SCO interval rejected */
3091         case 0x1a:      /* Unsupported Remote Feature */
3092         case 0x1f:      /* Unspecified error */
3093                 if (conn->out) {
3094                         conn->pkt_type = (hdev->esco_type & SCO_ESCO_MASK) |
3095                                         (hdev->esco_type & EDR_ESCO_MASK);
3096                         if (hci_setup_sync(conn, conn->link->handle))
3097                                 goto unlock;
3098                 }
3099                 /* fall through */
3100
3101         default:
3102                 conn->state = BT_CLOSED;
3103                 break;
3104         }
3105
3106         hci_proto_connect_cfm(conn, ev->status);
3107         if (ev->status)
3108                 hci_conn_del(conn);
3109
3110 unlock:
3111         hci_dev_unlock(hdev);
3112 }
3113
3114 static inline size_t eir_get_length(u8 *eir, size_t eir_len)
3115 {
3116         size_t parsed = 0;
3117
3118         while (parsed < eir_len) {
3119                 u8 field_len = eir[0];
3120
3121                 if (field_len == 0)
3122                         return parsed;
3123
3124                 parsed += field_len + 1;
3125                 eir += field_len + 1;
3126         }
3127
3128         return eir_len;
3129 }
3130
3131 static void hci_extended_inquiry_result_evt(struct hci_dev *hdev,
3132                                             struct sk_buff *skb)
3133 {
3134         struct inquiry_data data;
3135         struct extended_inquiry_info *info = (void *) (skb->data + 1);
3136         int num_rsp = *((__u8 *) skb->data);
3137         size_t eir_len;
3138
3139         BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
3140
3141         if (!num_rsp)
3142                 return;
3143
3144         if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags))
3145                 return;
3146
3147         hci_dev_lock(hdev);
3148
3149         for (; num_rsp; num_rsp--, info++) {
3150                 bool name_known, ssp;
3151
3152                 bacpy(&data.bdaddr, &info->bdaddr);
3153                 data.pscan_rep_mode     = info->pscan_rep_mode;
3154                 data.pscan_period_mode  = info->pscan_period_mode;
3155                 data.pscan_mode         = 0x00;
3156                 memcpy(data.dev_class, info->dev_class, 3);
3157                 data.clock_offset       = info->clock_offset;
3158                 data.rssi               = info->rssi;
3159                 data.ssp_mode           = 0x01;
3160
3161                 if (test_bit(HCI_MGMT, &hdev->dev_flags))
3162                         name_known = eir_has_data_type(info->data,
3163                                                        sizeof(info->data),
3164                                                        EIR_NAME_COMPLETE);
3165                 else
3166                         name_known = true;
3167
3168                 name_known = hci_inquiry_cache_update(hdev, &data, name_known,
3169                                                       &ssp);
3170                 eir_len = eir_get_length(info->data, sizeof(info->data));
3171                 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
3172                                   info->dev_class, info->rssi, !name_known,
3173                                   ssp, info->data, eir_len);
3174         }
3175
3176         hci_dev_unlock(hdev);
3177 }
3178
3179 static void hci_key_refresh_complete_evt(struct hci_dev *hdev,
3180                                          struct sk_buff *skb)
3181 {
3182         struct hci_ev_key_refresh_complete *ev = (void *) skb->data;
3183         struct hci_conn *conn;
3184
3185         BT_DBG("%s status 0x%2.2x handle 0x%4.4x", hdev->name, ev->status,
3186                __le16_to_cpu(ev->handle));
3187
3188         hci_dev_lock(hdev);
3189
3190         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
3191         if (!conn)
3192                 goto unlock;
3193
3194         if (!ev->status)
3195                 conn->sec_level = conn->pending_sec_level;
3196
3197         clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
3198
3199         if (ev->status && conn->state == BT_CONNECTED) {
3200                 hci_disconnect(conn, HCI_ERROR_AUTH_FAILURE);
3201                 hci_conn_drop(conn);
3202                 goto unlock;
3203         }
3204
3205         if (conn->state == BT_CONFIG) {
3206                 if (!ev->status)
3207                         conn->state = BT_CONNECTED;
3208
3209                 hci_proto_connect_cfm(conn, ev->status);
3210                 hci_conn_drop(conn);
3211         } else {
3212                 hci_auth_cfm(conn, ev->status);
3213
3214                 hci_conn_hold(conn);
3215                 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
3216                 hci_conn_drop(conn);
3217         }
3218
3219 unlock:
3220         hci_dev_unlock(hdev);
3221 }
3222
3223 static u8 hci_get_auth_req(struct hci_conn *conn)
3224 {
3225         /* If remote requests dedicated bonding follow that lead */
3226         if (conn->remote_auth == HCI_AT_DEDICATED_BONDING ||
3227             conn->remote_auth == HCI_AT_DEDICATED_BONDING_MITM) {
3228                 /* If both remote and local IO capabilities allow MITM
3229                  * protection then require it, otherwise don't */
3230                 if (conn->remote_cap == HCI_IO_NO_INPUT_OUTPUT ||
3231                     conn->io_capability == HCI_IO_NO_INPUT_OUTPUT)
3232                         return HCI_AT_DEDICATED_BONDING;
3233                 else
3234                         return HCI_AT_DEDICATED_BONDING_MITM;
3235         }
3236
3237         /* If remote requests no-bonding follow that lead */
3238         if (conn->remote_auth == HCI_AT_NO_BONDING ||
3239             conn->remote_auth == HCI_AT_NO_BONDING_MITM)
3240                 return conn->remote_auth | (conn->auth_type & 0x01);
3241
3242         return conn->auth_type;
3243 }
3244
3245 static void hci_io_capa_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
3246 {
3247         struct hci_ev_io_capa_request *ev = (void *) skb->data;
3248         struct hci_conn *conn;
3249
3250         BT_DBG("%s", hdev->name);
3251
3252         hci_dev_lock(hdev);
3253
3254         conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3255         if (!conn)
3256                 goto unlock;
3257
3258         hci_conn_hold(conn);
3259
3260         if (!test_bit(HCI_MGMT, &hdev->dev_flags))
3261                 goto unlock;
3262
3263         if (test_bit(HCI_PAIRABLE, &hdev->dev_flags) ||
3264             (conn->remote_auth & ~0x01) == HCI_AT_NO_BONDING) {
3265                 struct hci_cp_io_capability_reply cp;
3266
3267                 bacpy(&cp.bdaddr, &ev->bdaddr);
3268                 /* Change the IO capability from KeyboardDisplay
3269                  * to DisplayYesNo as it is not supported by BT spec. */
3270                 cp.capability = (conn->io_capability == 0x04) ?
3271                                 HCI_IO_DISPLAY_YESNO : conn->io_capability;
3272                 conn->auth_type = hci_get_auth_req(conn);
3273                 cp.authentication = conn->auth_type;
3274
3275                 if (hci_find_remote_oob_data(hdev, &conn->dst) &&
3276                     (conn->out || test_bit(HCI_CONN_REMOTE_OOB, &conn->flags)))
3277                         cp.oob_data = 0x01;
3278                 else
3279                         cp.oob_data = 0x00;
3280
3281                 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_REPLY,
3282                              sizeof(cp), &cp);
3283         } else {
3284                 struct hci_cp_io_capability_neg_reply cp;
3285
3286                 bacpy(&cp.bdaddr, &ev->bdaddr);
3287                 cp.reason = HCI_ERROR_PAIRING_NOT_ALLOWED;
3288
3289                 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_NEG_REPLY,
3290                              sizeof(cp), &cp);
3291         }
3292
3293 unlock:
3294         hci_dev_unlock(hdev);
3295 }
3296
3297 static void hci_io_capa_reply_evt(struct hci_dev *hdev, struct sk_buff *skb)
3298 {
3299         struct hci_ev_io_capa_reply *ev = (void *) skb->data;
3300         struct hci_conn *conn;
3301
3302         BT_DBG("%s", hdev->name);
3303
3304         hci_dev_lock(hdev);
3305
3306         conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3307         if (!conn)
3308                 goto unlock;
3309
3310         conn->remote_cap = ev->capability;
3311         conn->remote_auth = ev->authentication;
3312         if (ev->oob_data)
3313                 set_bit(HCI_CONN_REMOTE_OOB, &conn->flags);
3314
3315 unlock:
3316         hci_dev_unlock(hdev);
3317 }
3318
3319 static void hci_user_confirm_request_evt(struct hci_dev *hdev,
3320                                          struct sk_buff *skb)
3321 {
3322         struct hci_ev_user_confirm_req *ev = (void *) skb->data;
3323         int loc_mitm, rem_mitm, confirm_hint = 0;
3324         struct hci_conn *conn;
3325
3326         BT_DBG("%s", hdev->name);
3327
3328         hci_dev_lock(hdev);
3329
3330         if (!test_bit(HCI_MGMT, &hdev->dev_flags))
3331                 goto unlock;
3332
3333         conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3334         if (!conn)
3335                 goto unlock;
3336
3337         loc_mitm = (conn->auth_type & 0x01);
3338         rem_mitm = (conn->remote_auth & 0x01);
3339
3340         /* If we require MITM but the remote device can't provide that
3341          * (it has NoInputNoOutput) then reject the confirmation
3342          * request. The only exception is when we're dedicated bonding
3343          * initiators (connect_cfm_cb set) since then we always have the MITM
3344          * bit set. */
3345         if (!conn->connect_cfm_cb && loc_mitm &&
3346             conn->remote_cap == HCI_IO_NO_INPUT_OUTPUT) {
3347                 BT_DBG("Rejecting request: remote device can't provide MITM");
3348                 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_NEG_REPLY,
3349                              sizeof(ev->bdaddr), &ev->bdaddr);
3350                 goto unlock;
3351         }
3352
3353         /* If no side requires MITM protection; auto-accept */
3354         if ((!loc_mitm || conn->remote_cap == HCI_IO_NO_INPUT_OUTPUT) &&
3355             (!rem_mitm || conn->io_capability == HCI_IO_NO_INPUT_OUTPUT)) {
3356
3357                 /* If we're not the initiators request authorization to
3358                  * proceed from user space (mgmt_user_confirm with
3359                  * confirm_hint set to 1). */
3360                 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
3361                         BT_DBG("Confirming auto-accept as acceptor");
3362                         confirm_hint = 1;
3363                         goto confirm;
3364                 }
3365
3366                 BT_DBG("Auto-accept of user confirmation with %ums delay",
3367                        hdev->auto_accept_delay);
3368
3369                 if (hdev->auto_accept_delay > 0) {
3370                         int delay = msecs_to_jiffies(hdev->auto_accept_delay);
3371                         queue_delayed_work(conn->hdev->workqueue,
3372                                            &conn->auto_accept_work, delay);
3373                         goto unlock;
3374                 }
3375
3376                 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_REPLY,
3377                              sizeof(ev->bdaddr), &ev->bdaddr);
3378                 goto unlock;
3379         }
3380
3381 confirm:
3382         mgmt_user_confirm_request(hdev, &ev->bdaddr, ACL_LINK, 0, ev->passkey,
3383                                   confirm_hint);
3384
3385 unlock:
3386         hci_dev_unlock(hdev);
3387 }
3388
3389 static void hci_user_passkey_request_evt(struct hci_dev *hdev,
3390                                          struct sk_buff *skb)
3391 {
3392         struct hci_ev_user_passkey_req *ev = (void *) skb->data;
3393
3394         BT_DBG("%s", hdev->name);
3395
3396         if (test_bit(HCI_MGMT, &hdev->dev_flags))
3397                 mgmt_user_passkey_request(hdev, &ev->bdaddr, ACL_LINK, 0);
3398 }
3399
3400 static void hci_user_passkey_notify_evt(struct hci_dev *hdev,
3401                                         struct sk_buff *skb)
3402 {
3403         struct hci_ev_user_passkey_notify *ev = (void *) skb->data;
3404         struct hci_conn *conn;
3405
3406         BT_DBG("%s", hdev->name);
3407
3408         conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3409         if (!conn)
3410                 return;
3411
3412         conn->passkey_notify = __le32_to_cpu(ev->passkey);
3413         conn->passkey_entered = 0;
3414
3415         if (test_bit(HCI_MGMT, &hdev->dev_flags))
3416                 mgmt_user_passkey_notify(hdev, &conn->dst, conn->type,
3417                                          conn->dst_type, conn->passkey_notify,
3418                                          conn->passkey_entered);
3419 }
3420
3421 static void hci_keypress_notify_evt(struct hci_dev *hdev, struct sk_buff *skb)
3422 {
3423         struct hci_ev_keypress_notify *ev = (void *) skb->data;
3424         struct hci_conn *conn;
3425
3426         BT_DBG("%s", hdev->name);
3427
3428         conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3429         if (!conn)
3430                 return;
3431
3432         switch (ev->type) {
3433         case HCI_KEYPRESS_STARTED:
3434                 conn->passkey_entered = 0;
3435                 return;
3436
3437         case HCI_KEYPRESS_ENTERED:
3438                 conn->passkey_entered++;
3439                 break;
3440
3441         case HCI_KEYPRESS_ERASED:
3442                 conn->passkey_entered--;
3443                 break;
3444
3445         case HCI_KEYPRESS_CLEARED:
3446                 conn->passkey_entered = 0;
3447                 break;
3448
3449         case HCI_KEYPRESS_COMPLETED:
3450                 return;
3451         }
3452
3453         if (test_bit(HCI_MGMT, &hdev->dev_flags))
3454                 mgmt_user_passkey_notify(hdev, &conn->dst, conn->type,
3455                                          conn->dst_type, conn->passkey_notify,
3456                                          conn->passkey_entered);
3457 }
3458
3459 static void hci_simple_pair_complete_evt(struct hci_dev *hdev,
3460                                          struct sk_buff *skb)
3461 {
3462         struct hci_ev_simple_pair_complete *ev = (void *) skb->data;
3463         struct hci_conn *conn;
3464
3465         BT_DBG("%s", hdev->name);
3466
3467         hci_dev_lock(hdev);
3468
3469         conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3470         if (!conn)
3471                 goto unlock;
3472
3473         /* To avoid duplicate auth_failed events to user space we check
3474          * the HCI_CONN_AUTH_PEND flag which will be set if we
3475          * initiated the authentication. A traditional auth_complete
3476          * event gets always produced as initiator and is also mapped to
3477          * the mgmt_auth_failed event */
3478         if (!test_bit(HCI_CONN_AUTH_PEND, &conn->flags) && ev->status)
3479                 mgmt_auth_failed(hdev, &conn->dst, conn->type, conn->dst_type,
3480                                  ev->status);
3481
3482         hci_conn_drop(conn);
3483
3484 unlock:
3485         hci_dev_unlock(hdev);
3486 }
3487
3488 static void hci_remote_host_features_evt(struct hci_dev *hdev,
3489                                          struct sk_buff *skb)
3490 {
3491         struct hci_ev_remote_host_features *ev = (void *) skb->data;
3492         struct inquiry_entry *ie;
3493         struct hci_conn *conn;
3494
3495         BT_DBG("%s", hdev->name);
3496
3497         hci_dev_lock(hdev);
3498
3499         conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3500         if (conn)
3501                 memcpy(conn->features[1], ev->features, 8);
3502
3503         ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
3504         if (ie)
3505                 ie->data.ssp_mode = (ev->features[0] & LMP_HOST_SSP);
3506
3507         hci_dev_unlock(hdev);
3508 }
3509
3510 static void hci_remote_oob_data_request_evt(struct hci_dev *hdev,
3511                                             struct sk_buff *skb)
3512 {
3513         struct hci_ev_remote_oob_data_request *ev = (void *) skb->data;
3514         struct oob_data *data;
3515
3516         BT_DBG("%s", hdev->name);
3517
3518         hci_dev_lock(hdev);
3519
3520         if (!test_bit(HCI_MGMT, &hdev->dev_flags))
3521                 goto unlock;
3522
3523         data = hci_find_remote_oob_data(hdev, &ev->bdaddr);
3524         if (data) {
3525                 if (test_bit(HCI_SC_ENABLED, &hdev->dev_flags)) {
3526                         struct hci_cp_remote_oob_ext_data_reply cp;
3527
3528                         bacpy(&cp.bdaddr, &ev->bdaddr);
3529                         memcpy(cp.hash192, data->hash192, sizeof(cp.hash192));
3530                         memcpy(cp.randomizer192, data->randomizer192,
3531                                sizeof(cp.randomizer192));
3532                         memcpy(cp.hash256, data->hash256, sizeof(cp.hash256));
3533                         memcpy(cp.randomizer256, data->randomizer256,
3534                                sizeof(cp.randomizer256));
3535
3536                         hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_EXT_DATA_REPLY,
3537                                      sizeof(cp), &cp);
3538                 } else {
3539                         struct hci_cp_remote_oob_data_reply cp;
3540
3541                         bacpy(&cp.bdaddr, &ev->bdaddr);
3542                         memcpy(cp.hash, data->hash192, sizeof(cp.hash));
3543                         memcpy(cp.randomizer, data->randomizer192,
3544                                sizeof(cp.randomizer));
3545
3546                         hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_REPLY,
3547                                      sizeof(cp), &cp);
3548                 }
3549         } else {
3550                 struct hci_cp_remote_oob_data_neg_reply cp;
3551
3552                 bacpy(&cp.bdaddr, &ev->bdaddr);
3553                 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_NEG_REPLY,
3554                              sizeof(cp), &cp);
3555         }
3556
3557 unlock:
3558         hci_dev_unlock(hdev);
3559 }
3560
3561 static void hci_phy_link_complete_evt(struct hci_dev *hdev,
3562                                       struct sk_buff *skb)
3563 {
3564         struct hci_ev_phy_link_complete *ev = (void *) skb->data;
3565         struct hci_conn *hcon, *bredr_hcon;
3566
3567         BT_DBG("%s handle 0x%2.2x status 0x%2.2x", hdev->name, ev->phy_handle,
3568                ev->status);
3569
3570         hci_dev_lock(hdev);
3571
3572         hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
3573         if (!hcon) {
3574                 hci_dev_unlock(hdev);
3575                 return;
3576         }
3577
3578         if (ev->status) {
3579                 hci_conn_del(hcon);
3580                 hci_dev_unlock(hdev);
3581                 return;
3582         }
3583
3584         bredr_hcon = hcon->amp_mgr->l2cap_conn->hcon;
3585
3586         hcon->state = BT_CONNECTED;
3587         bacpy(&hcon->dst, &bredr_hcon->dst);
3588
3589         hci_conn_hold(hcon);
3590         hcon->disc_timeout = HCI_DISCONN_TIMEOUT;
3591         hci_conn_drop(hcon);
3592
3593         hci_conn_add_sysfs(hcon);
3594
3595         amp_physical_cfm(bredr_hcon, hcon);
3596
3597         hci_dev_unlock(hdev);
3598 }
3599
3600 static void hci_loglink_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
3601 {
3602         struct hci_ev_logical_link_complete *ev = (void *) skb->data;
3603         struct hci_conn *hcon;
3604         struct hci_chan *hchan;
3605         struct amp_mgr *mgr;
3606
3607         BT_DBG("%s log_handle 0x%4.4x phy_handle 0x%2.2x status 0x%2.2x",
3608                hdev->name, le16_to_cpu(ev->handle), ev->phy_handle,
3609                ev->status);
3610
3611         hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
3612         if (!hcon)
3613                 return;
3614
3615         /* Create AMP hchan */
3616         hchan = hci_chan_create(hcon);
3617         if (!hchan)
3618                 return;
3619
3620         hchan->handle = le16_to_cpu(ev->handle);
3621
3622         BT_DBG("hcon %p mgr %p hchan %p", hcon, hcon->amp_mgr, hchan);
3623
3624         mgr = hcon->amp_mgr;
3625         if (mgr && mgr->bredr_chan) {
3626                 struct l2cap_chan *bredr_chan = mgr->bredr_chan;
3627
3628                 l2cap_chan_lock(bredr_chan);
3629
3630                 bredr_chan->conn->mtu = hdev->block_mtu;
3631                 l2cap_logical_cfm(bredr_chan, hchan, 0);
3632                 hci_conn_hold(hcon);
3633
3634                 l2cap_chan_unlock(bredr_chan);
3635         }
3636 }
3637
3638 static void hci_disconn_loglink_complete_evt(struct hci_dev *hdev,
3639                                              struct sk_buff *skb)
3640 {
3641         struct hci_ev_disconn_logical_link_complete *ev = (void *) skb->data;
3642         struct hci_chan *hchan;
3643
3644         BT_DBG("%s log handle 0x%4.4x status 0x%2.2x", hdev->name,
3645                le16_to_cpu(ev->handle), ev->status);
3646
3647         if (ev->status)
3648                 return;
3649
3650         hci_dev_lock(hdev);
3651
3652         hchan = hci_chan_lookup_handle(hdev, le16_to_cpu(ev->handle));
3653         if (!hchan)
3654                 goto unlock;
3655
3656         amp_destroy_logical_link(hchan, ev->reason);
3657
3658 unlock:
3659         hci_dev_unlock(hdev);
3660 }
3661
3662 static void hci_disconn_phylink_complete_evt(struct hci_dev *hdev,
3663                                              struct sk_buff *skb)
3664 {
3665         struct hci_ev_disconn_phy_link_complete *ev = (void *) skb->data;
3666         struct hci_conn *hcon;
3667
3668         BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
3669
3670         if (ev->status)
3671                 return;
3672
3673         hci_dev_lock(hdev);
3674
3675         hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
3676         if (hcon) {
3677                 hcon->state = BT_CLOSED;
3678                 hci_conn_del(hcon);
3679         }
3680
3681         hci_dev_unlock(hdev);
3682 }
3683
3684 static void hci_le_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
3685 {
3686         struct hci_ev_le_conn_complete *ev = (void *) skb->data;
3687         struct hci_conn *conn;
3688         struct smp_irk *irk;
3689
3690         BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
3691
3692         hci_dev_lock(hdev);
3693
3694         conn = hci_conn_hash_lookup_state(hdev, LE_LINK, BT_CONNECT);
3695         if (!conn) {
3696                 conn = hci_conn_add(hdev, LE_LINK, &ev->bdaddr);
3697                 if (!conn) {
3698                         BT_ERR("No memory for new connection");
3699                         goto unlock;
3700                 }
3701
3702                 conn->dst_type = ev->bdaddr_type;
3703
3704                 /* The advertising parameters for own address type
3705                  * define which source address and source address
3706                  * type this connections has.
3707                  */
3708                 if (bacmp(&conn->src, BDADDR_ANY)) {
3709                         conn->src_type = ADDR_LE_DEV_PUBLIC;
3710                 } else {
3711                         bacpy(&conn->src, &hdev->static_addr);
3712                         conn->src_type = ADDR_LE_DEV_RANDOM;
3713                 }
3714
3715                 if (ev->role == LE_CONN_ROLE_MASTER) {
3716                         conn->out = true;
3717                         conn->link_mode |= HCI_LM_MASTER;
3718                 }
3719         }
3720
3721         /* Ensure that the hci_conn contains the identity address type
3722          * regardless of which address the connection was made with.
3723          */
3724         hci_copy_identity_address(hdev, &conn->src, &conn->src_type);
3725
3726         /* Lookup the identity address from the stored connection
3727          * address and address type.
3728          *
3729          * When establishing connections to an identity address, the
3730          * connection procedure will store the resolvable random
3731          * address first. Now if it can be converted back into the
3732          * identity address, start using the identity address from
3733          * now on.
3734          */
3735         irk = hci_get_irk(hdev, &conn->dst, conn->dst_type);
3736         if (irk) {
3737                 bacpy(&conn->dst, &irk->bdaddr);
3738                 conn->dst_type = irk->addr_type;
3739         }
3740
3741         if (ev->status) {
3742                 hci_le_conn_failed(conn, ev->status);
3743                 goto unlock;
3744         }
3745
3746         if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
3747                 mgmt_device_connected(hdev, &conn->dst, conn->type,
3748                                       conn->dst_type, 0, NULL, 0, NULL);
3749
3750         conn->sec_level = BT_SECURITY_LOW;
3751         conn->handle = __le16_to_cpu(ev->handle);
3752         conn->state = BT_CONNECTED;
3753
3754         if (test_bit(HCI_6LOWPAN_ENABLED, &hdev->dev_flags))
3755                 set_bit(HCI_CONN_6LOWPAN, &conn->flags);
3756
3757         hci_conn_add_sysfs(conn);
3758
3759         hci_proto_connect_cfm(conn, ev->status);
3760
3761         hci_pend_le_conn_del(hdev, &conn->dst, conn->dst_type);
3762
3763 unlock:
3764         hci_dev_unlock(hdev);
3765 }
3766
3767 /* This function requires the caller holds hdev->lock */
3768 static void check_pending_le_conn(struct hci_dev *hdev, bdaddr_t *addr,
3769                                   u8 addr_type)
3770 {
3771         struct hci_conn *conn;
3772         struct smp_irk *irk;
3773
3774         /* If this is a resolvable address, we should resolve it and then
3775          * update address and address type variables.
3776          */
3777         irk = hci_get_irk(hdev, addr, addr_type);
3778         if (irk) {
3779                 addr = &irk->bdaddr;
3780                 addr_type = irk->addr_type;
3781         }
3782
3783         if (!hci_pend_le_conn_lookup(hdev, addr, addr_type))
3784                 return;
3785
3786         conn = hci_connect_le(hdev, addr, addr_type, BT_SECURITY_LOW,
3787                               HCI_AT_NO_BONDING);
3788         if (!IS_ERR(conn))
3789                 return;
3790
3791         switch (PTR_ERR(conn)) {
3792         case -EBUSY:
3793                 /* If hci_connect() returns -EBUSY it means there is already
3794                  * an LE connection attempt going on. Since controllers don't
3795                  * support more than one connection attempt at the time, we
3796                  * don't consider this an error case.
3797                  */
3798                 break;
3799         default:
3800                 BT_DBG("Failed to connect: err %ld", PTR_ERR(conn));
3801         }
3802 }
3803
3804 static void hci_le_adv_report_evt(struct hci_dev *hdev, struct sk_buff *skb)
3805 {
3806         u8 num_reports = skb->data[0];
3807         void *ptr = &skb->data[1];
3808         s8 rssi;
3809
3810         hci_dev_lock(hdev);
3811
3812         while (num_reports--) {
3813                 struct hci_ev_le_advertising_info *ev = ptr;
3814
3815                 if (ev->evt_type == LE_ADV_IND ||
3816                     ev->evt_type == LE_ADV_DIRECT_IND)
3817                         check_pending_le_conn(hdev, &ev->bdaddr,
3818                                               ev->bdaddr_type);
3819
3820                 rssi = ev->data[ev->length];
3821                 mgmt_device_found(hdev, &ev->bdaddr, LE_LINK, ev->bdaddr_type,
3822                                   NULL, rssi, 0, 1, ev->data, ev->length);
3823
3824                 ptr += sizeof(*ev) + ev->length + 1;
3825         }
3826
3827         hci_dev_unlock(hdev);
3828 }
3829
3830 static void hci_le_ltk_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
3831 {
3832         struct hci_ev_le_ltk_req *ev = (void *) skb->data;
3833         struct hci_cp_le_ltk_reply cp;
3834         struct hci_cp_le_ltk_neg_reply neg;
3835         struct hci_conn *conn;
3836         struct smp_ltk *ltk;
3837
3838         BT_DBG("%s handle 0x%4.4x", hdev->name, __le16_to_cpu(ev->handle));
3839
3840         hci_dev_lock(hdev);
3841
3842         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
3843         if (conn == NULL)
3844                 goto not_found;
3845
3846         ltk = hci_find_ltk(hdev, ev->ediv, ev->random, conn->out);
3847         if (ltk == NULL)
3848                 goto not_found;
3849
3850         memcpy(cp.ltk, ltk->val, sizeof(ltk->val));
3851         cp.handle = cpu_to_le16(conn->handle);
3852
3853         if (ltk->authenticated)
3854                 conn->pending_sec_level = BT_SECURITY_HIGH;
3855         else
3856                 conn->pending_sec_level = BT_SECURITY_MEDIUM;
3857
3858         conn->enc_key_size = ltk->enc_size;
3859
3860         hci_send_cmd(hdev, HCI_OP_LE_LTK_REPLY, sizeof(cp), &cp);
3861
3862         if (ltk->type & HCI_SMP_STK) {
3863                 list_del(&ltk->list);
3864                 kfree(ltk);
3865         }
3866
3867         hci_dev_unlock(hdev);
3868
3869         return;
3870
3871 not_found:
3872         neg.handle = ev->handle;
3873         hci_send_cmd(hdev, HCI_OP_LE_LTK_NEG_REPLY, sizeof(neg), &neg);
3874         hci_dev_unlock(hdev);
3875 }
3876
3877 static void hci_le_meta_evt(struct hci_dev *hdev, struct sk_buff *skb)
3878 {
3879         struct hci_ev_le_meta *le_ev = (void *) skb->data;
3880
3881         skb_pull(skb, sizeof(*le_ev));
3882
3883         switch (le_ev->subevent) {
3884         case HCI_EV_LE_CONN_COMPLETE:
3885                 hci_le_conn_complete_evt(hdev, skb);
3886                 break;
3887
3888         case HCI_EV_LE_ADVERTISING_REPORT:
3889                 hci_le_adv_report_evt(hdev, skb);
3890                 break;
3891
3892         case HCI_EV_LE_LTK_REQ:
3893                 hci_le_ltk_request_evt(hdev, skb);
3894                 break;
3895
3896         default:
3897                 break;
3898         }
3899 }
3900
3901 static void hci_chan_selected_evt(struct hci_dev *hdev, struct sk_buff *skb)
3902 {
3903         struct hci_ev_channel_selected *ev = (void *) skb->data;
3904         struct hci_conn *hcon;
3905
3906         BT_DBG("%s handle 0x%2.2x", hdev->name, ev->phy_handle);
3907
3908         skb_pull(skb, sizeof(*ev));
3909
3910         hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
3911         if (!hcon)
3912                 return;
3913
3914         amp_read_loc_assoc_final_data(hdev, hcon);
3915 }
3916
3917 void hci_event_packet(struct hci_dev *hdev, struct sk_buff *skb)
3918 {
3919         struct hci_event_hdr *hdr = (void *) skb->data;
3920         __u8 event = hdr->evt;
3921
3922         hci_dev_lock(hdev);
3923
3924         /* Received events are (currently) only needed when a request is
3925          * ongoing so avoid unnecessary memory allocation.
3926          */
3927         if (hdev->req_status == HCI_REQ_PEND) {
3928                 kfree_skb(hdev->recv_evt);
3929                 hdev->recv_evt = skb_clone(skb, GFP_KERNEL);
3930         }
3931
3932         hci_dev_unlock(hdev);
3933
3934         skb_pull(skb, HCI_EVENT_HDR_SIZE);
3935
3936         if (hdev->sent_cmd && bt_cb(hdev->sent_cmd)->req.event == event) {
3937                 struct hci_command_hdr *cmd_hdr = (void *) hdev->sent_cmd->data;
3938                 u16 opcode = __le16_to_cpu(cmd_hdr->opcode);
3939
3940                 hci_req_cmd_complete(hdev, opcode, 0);
3941         }
3942
3943         switch (event) {
3944         case HCI_EV_INQUIRY_COMPLETE:
3945                 hci_inquiry_complete_evt(hdev, skb);
3946                 break;
3947
3948         case HCI_EV_INQUIRY_RESULT:
3949                 hci_inquiry_result_evt(hdev, skb);
3950                 break;
3951
3952         case HCI_EV_CONN_COMPLETE:
3953                 hci_conn_complete_evt(hdev, skb);
3954                 break;
3955
3956         case HCI_EV_CONN_REQUEST:
3957                 hci_conn_request_evt(hdev, skb);
3958                 break;
3959
3960         case HCI_EV_DISCONN_COMPLETE:
3961                 hci_disconn_complete_evt(hdev, skb);
3962                 break;
3963
3964         case HCI_EV_AUTH_COMPLETE:
3965                 hci_auth_complete_evt(hdev, skb);
3966                 break;
3967
3968         case HCI_EV_REMOTE_NAME:
3969                 hci_remote_name_evt(hdev, skb);
3970                 break;
3971
3972         case HCI_EV_ENCRYPT_CHANGE:
3973                 hci_encrypt_change_evt(hdev, skb);
3974                 break;
3975
3976         case HCI_EV_CHANGE_LINK_KEY_COMPLETE:
3977                 hci_change_link_key_complete_evt(hdev, skb);
3978                 break;
3979
3980         case HCI_EV_REMOTE_FEATURES:
3981                 hci_remote_features_evt(hdev, skb);
3982                 break;
3983
3984         case HCI_EV_CMD_COMPLETE:
3985                 hci_cmd_complete_evt(hdev, skb);
3986                 break;
3987
3988         case HCI_EV_CMD_STATUS:
3989                 hci_cmd_status_evt(hdev, skb);
3990                 break;
3991
3992         case HCI_EV_ROLE_CHANGE:
3993                 hci_role_change_evt(hdev, skb);
3994                 break;
3995
3996         case HCI_EV_NUM_COMP_PKTS:
3997                 hci_num_comp_pkts_evt(hdev, skb);
3998                 break;
3999
4000         case HCI_EV_MODE_CHANGE:
4001                 hci_mode_change_evt(hdev, skb);
4002                 break;
4003
4004         case HCI_EV_PIN_CODE_REQ:
4005                 hci_pin_code_request_evt(hdev, skb);
4006                 break;
4007
4008         case HCI_EV_LINK_KEY_REQ:
4009                 hci_link_key_request_evt(hdev, skb);
4010                 break;
4011
4012         case HCI_EV_LINK_KEY_NOTIFY:
4013                 hci_link_key_notify_evt(hdev, skb);
4014                 break;
4015
4016         case HCI_EV_CLOCK_OFFSET:
4017                 hci_clock_offset_evt(hdev, skb);
4018                 break;
4019
4020         case HCI_EV_PKT_TYPE_CHANGE:
4021                 hci_pkt_type_change_evt(hdev, skb);
4022                 break;
4023
4024         case HCI_EV_PSCAN_REP_MODE:
4025                 hci_pscan_rep_mode_evt(hdev, skb);
4026                 break;
4027
4028         case HCI_EV_INQUIRY_RESULT_WITH_RSSI:
4029                 hci_inquiry_result_with_rssi_evt(hdev, skb);
4030                 break;
4031
4032         case HCI_EV_REMOTE_EXT_FEATURES:
4033                 hci_remote_ext_features_evt(hdev, skb);
4034                 break;
4035
4036         case HCI_EV_SYNC_CONN_COMPLETE:
4037                 hci_sync_conn_complete_evt(hdev, skb);
4038                 break;
4039
4040         case HCI_EV_EXTENDED_INQUIRY_RESULT:
4041                 hci_extended_inquiry_result_evt(hdev, skb);
4042                 break;
4043
4044         case HCI_EV_KEY_REFRESH_COMPLETE:
4045                 hci_key_refresh_complete_evt(hdev, skb);
4046                 break;
4047
4048         case HCI_EV_IO_CAPA_REQUEST:
4049                 hci_io_capa_request_evt(hdev, skb);
4050                 break;
4051
4052         case HCI_EV_IO_CAPA_REPLY:
4053                 hci_io_capa_reply_evt(hdev, skb);
4054                 break;
4055
4056         case HCI_EV_USER_CONFIRM_REQUEST:
4057                 hci_user_confirm_request_evt(hdev, skb);
4058                 break;
4059
4060         case HCI_EV_USER_PASSKEY_REQUEST:
4061                 hci_user_passkey_request_evt(hdev, skb);
4062                 break;
4063
4064         case HCI_EV_USER_PASSKEY_NOTIFY:
4065                 hci_user_passkey_notify_evt(hdev, skb);
4066                 break;
4067
4068         case HCI_EV_KEYPRESS_NOTIFY:
4069                 hci_keypress_notify_evt(hdev, skb);
4070                 break;
4071
4072         case HCI_EV_SIMPLE_PAIR_COMPLETE:
4073                 hci_simple_pair_complete_evt(hdev, skb);
4074                 break;
4075
4076         case HCI_EV_REMOTE_HOST_FEATURES:
4077                 hci_remote_host_features_evt(hdev, skb);
4078                 break;
4079
4080         case HCI_EV_LE_META:
4081                 hci_le_meta_evt(hdev, skb);
4082                 break;
4083
4084         case HCI_EV_CHANNEL_SELECTED:
4085                 hci_chan_selected_evt(hdev, skb);
4086                 break;
4087
4088         case HCI_EV_REMOTE_OOB_DATA_REQUEST:
4089                 hci_remote_oob_data_request_evt(hdev, skb);
4090                 break;
4091
4092         case HCI_EV_PHY_LINK_COMPLETE:
4093                 hci_phy_link_complete_evt(hdev, skb);
4094                 break;
4095
4096         case HCI_EV_LOGICAL_LINK_COMPLETE:
4097                 hci_loglink_complete_evt(hdev, skb);
4098                 break;
4099
4100         case HCI_EV_DISCONN_LOGICAL_LINK_COMPLETE:
4101                 hci_disconn_loglink_complete_evt(hdev, skb);
4102                 break;
4103
4104         case HCI_EV_DISCONN_PHY_LINK_COMPLETE:
4105                 hci_disconn_phylink_complete_evt(hdev, skb);
4106                 break;
4107
4108         case HCI_EV_NUM_COMP_BLOCKS:
4109                 hci_num_comp_blocks_evt(hdev, skb);
4110                 break;
4111
4112         default:
4113                 BT_DBG("%s event 0x%2.2x", hdev->name, event);
4114                 break;
4115         }
4116
4117         kfree_skb(skb);
4118         hdev->stat.evt_rx++;
4119 }
Pandora Kernel Repository