git.openpandora.org / pandora-kernel.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Bluetooth: Add tracking of advertising address type
[pandora-kernel.git] / net / bluetooth / hci_event.c
1 /*
2    BlueZ - Bluetooth protocol stack for Linux
3    Copyright (c) 2000-2001, 2010, Code Aurora Forum. All rights reserved.
4
5    Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
6
7    This program is free software; you can redistribute it and/or modify
8    it under the terms of the GNU General Public License version 2 as
9    published by the Free Software Foundation;
10
11    THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12    OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13    FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14    IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15    CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16    WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17    ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18    OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
20    ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21    COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22    SOFTWARE IS DISCLAIMED.
23 */
24
25 /* Bluetooth HCI event handling. */
26
27 #include <asm/unaligned.h>
28
29 #include <net/bluetooth/bluetooth.h>
30 #include <net/bluetooth/hci_core.h>
31 #include <net/bluetooth/mgmt.h>
32
33 #include "a2mp.h"
34 #include "amp.h"
35
36 /* Handle HCI Event packets */
37
38 static void hci_cc_inquiry_cancel(struct hci_dev *hdev, struct sk_buff *skb)
39 {
40         __u8 status = *((__u8 *) skb->data);
41
42         BT_DBG("%s status 0x%2.2x", hdev->name, status);
43
44         if (status)
45                 return;
46
47         clear_bit(HCI_INQUIRY, &hdev->flags);
48         smp_mb__after_clear_bit(); /* wake_up_bit advises about this barrier */
49         wake_up_bit(&hdev->flags, HCI_INQUIRY);
50
51         hci_conn_check_pending(hdev);
52 }
53
54 static void hci_cc_periodic_inq(struct hci_dev *hdev, struct sk_buff *skb)
55 {
56         __u8 status = *((__u8 *) skb->data);
57
58         BT_DBG("%s status 0x%2.2x", hdev->name, status);
59
60         if (status)
61                 return;
62
63         set_bit(HCI_PERIODIC_INQ, &hdev->dev_flags);
64 }
65
66 static void hci_cc_exit_periodic_inq(struct hci_dev *hdev, struct sk_buff *skb)
67 {
68         __u8 status = *((__u8 *) skb->data);
69
70         BT_DBG("%s status 0x%2.2x", hdev->name, status);
71
72         if (status)
73                 return;
74
75         clear_bit(HCI_PERIODIC_INQ, &hdev->dev_flags);
76
77         hci_conn_check_pending(hdev);
78 }
79
80 static void hci_cc_remote_name_req_cancel(struct hci_dev *hdev,
81                                           struct sk_buff *skb)
82 {
83         BT_DBG("%s", hdev->name);
84 }
85
86 static void hci_cc_role_discovery(struct hci_dev *hdev, struct sk_buff *skb)
87 {
88         struct hci_rp_role_discovery *rp = (void *) skb->data;
89         struct hci_conn *conn;
90
91         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
92
93         if (rp->status)
94                 return;
95
96         hci_dev_lock(hdev);
97
98         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
99         if (conn) {
100                 if (rp->role)
101                         conn->link_mode &= ~HCI_LM_MASTER;
102                 else
103                         conn->link_mode |= HCI_LM_MASTER;
104         }
105
106         hci_dev_unlock(hdev);
107 }
108
109 static void hci_cc_read_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
110 {
111         struct hci_rp_read_link_policy *rp = (void *) skb->data;
112         struct hci_conn *conn;
113
114         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
115
116         if (rp->status)
117                 return;
118
119         hci_dev_lock(hdev);
120
121         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
122         if (conn)
123                 conn->link_policy = __le16_to_cpu(rp->policy);
124
125         hci_dev_unlock(hdev);
126 }
127
128 static void hci_cc_write_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
129 {
130         struct hci_rp_write_link_policy *rp = (void *) skb->data;
131         struct hci_conn *conn;
132         void *sent;
133
134         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
135
136         if (rp->status)
137                 return;
138
139         sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LINK_POLICY);
140         if (!sent)
141                 return;
142
143         hci_dev_lock(hdev);
144
145         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
146         if (conn)
147                 conn->link_policy = get_unaligned_le16(sent + 2);
148
149         hci_dev_unlock(hdev);
150 }
151
152 static void hci_cc_read_def_link_policy(struct hci_dev *hdev,
153                                         struct sk_buff *skb)
154 {
155         struct hci_rp_read_def_link_policy *rp = (void *) skb->data;
156
157         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
158
159         if (rp->status)
160                 return;
161
162         hdev->link_policy = __le16_to_cpu(rp->policy);
163 }
164
165 static void hci_cc_write_def_link_policy(struct hci_dev *hdev,
166                                          struct sk_buff *skb)
167 {
168         __u8 status = *((__u8 *) skb->data);
169         void *sent;
170
171         BT_DBG("%s status 0x%2.2x", hdev->name, status);
172
173         sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_DEF_LINK_POLICY);
174         if (!sent)
175                 return;
176
177         if (!status)
178                 hdev->link_policy = get_unaligned_le16(sent);
179 }
180
181 static void hci_cc_reset(struct hci_dev *hdev, struct sk_buff *skb)
182 {
183         __u8 status = *((__u8 *) skb->data);
184
185         BT_DBG("%s status 0x%2.2x", hdev->name, status);
186
187         clear_bit(HCI_RESET, &hdev->flags);
188
189         /* Reset all non-persistent flags */
190         hdev->dev_flags &= ~HCI_PERSISTENT_MASK;
191
192         hdev->discovery.state = DISCOVERY_STOPPED;
193         hdev->inq_tx_power = HCI_TX_POWER_INVALID;
194         hdev->adv_tx_power = HCI_TX_POWER_INVALID;
195
196         memset(hdev->adv_data, 0, sizeof(hdev->adv_data));
197         hdev->adv_data_len = 0;
198
199         memset(hdev->scan_rsp_data, 0, sizeof(hdev->scan_rsp_data));
200         hdev->scan_rsp_data_len = 0;
201
202         hdev->ssp_debug_mode = 0;
203 }
204
205 static void hci_cc_write_local_name(struct hci_dev *hdev, struct sk_buff *skb)
206 {
207         __u8 status = *((__u8 *) skb->data);
208         void *sent;
209
210         BT_DBG("%s status 0x%2.2x", hdev->name, status);
211
212         sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LOCAL_NAME);
213         if (!sent)
214                 return;
215
216         hci_dev_lock(hdev);
217
218         if (test_bit(HCI_MGMT, &hdev->dev_flags))
219                 mgmt_set_local_name_complete(hdev, sent, status);
220         else if (!status)
221                 memcpy(hdev->dev_name, sent, HCI_MAX_NAME_LENGTH);
222
223         hci_dev_unlock(hdev);
224 }
225
226 static void hci_cc_read_local_name(struct hci_dev *hdev, struct sk_buff *skb)
227 {
228         struct hci_rp_read_local_name *rp = (void *) skb->data;
229
230         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
231
232         if (rp->status)
233                 return;
234
235         if (test_bit(HCI_SETUP, &hdev->dev_flags))
236                 memcpy(hdev->dev_name, rp->name, HCI_MAX_NAME_LENGTH);
237 }
238
239 static void hci_cc_write_auth_enable(struct hci_dev *hdev, struct sk_buff *skb)
240 {
241         __u8 status = *((__u8 *) skb->data);
242         void *sent;
243
244         BT_DBG("%s status 0x%2.2x", hdev->name, status);
245
246         sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_AUTH_ENABLE);
247         if (!sent)
248                 return;
249
250         if (!status) {
251                 __u8 param = *((__u8 *) sent);
252
253                 if (param == AUTH_ENABLED)
254                         set_bit(HCI_AUTH, &hdev->flags);
255                 else
256                         clear_bit(HCI_AUTH, &hdev->flags);
257         }
258
259         if (test_bit(HCI_MGMT, &hdev->dev_flags))
260                 mgmt_auth_enable_complete(hdev, status);
261 }
262
263 static void hci_cc_write_encrypt_mode(struct hci_dev *hdev, struct sk_buff *skb)
264 {
265         __u8 status = *((__u8 *) skb->data);
266         void *sent;
267
268         BT_DBG("%s status 0x%2.2x", hdev->name, status);
269
270         sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_ENCRYPT_MODE);
271         if (!sent)
272                 return;
273
274         if (!status) {
275                 __u8 param = *((__u8 *) sent);
276
277                 if (param)
278                         set_bit(HCI_ENCRYPT, &hdev->flags);
279                 else
280                         clear_bit(HCI_ENCRYPT, &hdev->flags);
281         }
282 }
283
284 static void hci_cc_write_scan_enable(struct hci_dev *hdev, struct sk_buff *skb)
285 {
286         __u8 param, status = *((__u8 *) skb->data);
287         int old_pscan, old_iscan;
288         void *sent;
289
290         BT_DBG("%s status 0x%2.2x", hdev->name, status);
291
292         sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SCAN_ENABLE);
293         if (!sent)
294                 return;
295
296         param = *((__u8 *) sent);
297
298         hci_dev_lock(hdev);
299
300         if (status) {
301                 mgmt_write_scan_failed(hdev, param, status);
302                 hdev->discov_timeout = 0;
303                 goto done;
304         }
305
306         /* We need to ensure that we set this back on if someone changed
307          * the scan mode through a raw HCI socket.
308          */
309         set_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
310
311         old_pscan = test_and_clear_bit(HCI_PSCAN, &hdev->flags);
312         old_iscan = test_and_clear_bit(HCI_ISCAN, &hdev->flags);
313
314         if (param & SCAN_INQUIRY) {
315                 set_bit(HCI_ISCAN, &hdev->flags);
316                 if (!old_iscan)
317                         mgmt_discoverable(hdev, 1);
318         } else if (old_iscan)
319                 mgmt_discoverable(hdev, 0);
320
321         if (param & SCAN_PAGE) {
322                 set_bit(HCI_PSCAN, &hdev->flags);
323                 if (!old_pscan)
324                         mgmt_connectable(hdev, 1);
325         } else if (old_pscan)
326                 mgmt_connectable(hdev, 0);
327
328 done:
329         hci_dev_unlock(hdev);
330 }
331
332 static void hci_cc_read_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
333 {
334         struct hci_rp_read_class_of_dev *rp = (void *) skb->data;
335
336         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
337
338         if (rp->status)
339                 return;
340
341         memcpy(hdev->dev_class, rp->dev_class, 3);
342
343         BT_DBG("%s class 0x%.2x%.2x%.2x", hdev->name,
344                hdev->dev_class[2], hdev->dev_class[1], hdev->dev_class[0]);
345 }
346
347 static void hci_cc_write_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
348 {
349         __u8 status = *((__u8 *) skb->data);
350         void *sent;
351
352         BT_DBG("%s status 0x%2.2x", hdev->name, status);
353
354         sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_CLASS_OF_DEV);
355         if (!sent)
356                 return;
357
358         hci_dev_lock(hdev);
359
360         if (status == 0)
361                 memcpy(hdev->dev_class, sent, 3);
362
363         if (test_bit(HCI_MGMT, &hdev->dev_flags))
364                 mgmt_set_class_of_dev_complete(hdev, sent, status);
365
366         hci_dev_unlock(hdev);
367 }
368
369 static void hci_cc_read_voice_setting(struct hci_dev *hdev, struct sk_buff *skb)
370 {
371         struct hci_rp_read_voice_setting *rp = (void *) skb->data;
372         __u16 setting;
373
374         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
375
376         if (rp->status)
377                 return;
378
379         setting = __le16_to_cpu(rp->voice_setting);
380
381         if (hdev->voice_setting == setting)
382                 return;
383
384         hdev->voice_setting = setting;
385
386         BT_DBG("%s voice setting 0x%4.4x", hdev->name, setting);
387
388         if (hdev->notify)
389                 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
390 }
391
392 static void hci_cc_write_voice_setting(struct hci_dev *hdev,
393                                        struct sk_buff *skb)
394 {
395         __u8 status = *((__u8 *) skb->data);
396         __u16 setting;
397         void *sent;
398
399         BT_DBG("%s status 0x%2.2x", hdev->name, status);
400
401         if (status)
402                 return;
403
404         sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_VOICE_SETTING);
405         if (!sent)
406                 return;
407
408         setting = get_unaligned_le16(sent);
409
410         if (hdev->voice_setting == setting)
411                 return;
412
413         hdev->voice_setting = setting;
414
415         BT_DBG("%s voice setting 0x%4.4x", hdev->name, setting);
416
417         if (hdev->notify)
418                 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
419 }
420
421 static void hci_cc_read_num_supported_iac(struct hci_dev *hdev,
422                                           struct sk_buff *skb)
423 {
424         struct hci_rp_read_num_supported_iac *rp = (void *) skb->data;
425
426         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
427
428         if (rp->status)
429                 return;
430
431         hdev->num_iac = rp->num_iac;
432
433         BT_DBG("%s num iac %d", hdev->name, hdev->num_iac);
434 }
435
436 static void hci_cc_write_ssp_mode(struct hci_dev *hdev, struct sk_buff *skb)
437 {
438         __u8 status = *((__u8 *) skb->data);
439         struct hci_cp_write_ssp_mode *sent;
440
441         BT_DBG("%s status 0x%2.2x", hdev->name, status);
442
443         sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SSP_MODE);
444         if (!sent)
445                 return;
446
447         if (!status) {
448                 if (sent->mode)
449                         hdev->features[1][0] |= LMP_HOST_SSP;
450                 else
451                         hdev->features[1][0] &= ~LMP_HOST_SSP;
452         }
453
454         if (test_bit(HCI_MGMT, &hdev->dev_flags))
455                 mgmt_ssp_enable_complete(hdev, sent->mode, status);
456         else if (!status) {
457                 if (sent->mode)
458                         set_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
459                 else
460                         clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
461         }
462 }
463
464 static void hci_cc_write_sc_support(struct hci_dev *hdev, struct sk_buff *skb)
465 {
466         u8 status = *((u8 *) skb->data);
467         struct hci_cp_write_sc_support *sent;
468
469         BT_DBG("%s status 0x%2.2x", hdev->name, status);
470
471         sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SC_SUPPORT);
472         if (!sent)
473                 return;
474
475         if (!status) {
476                 if (sent->support)
477                         hdev->features[1][0] |= LMP_HOST_SC;
478                 else
479                         hdev->features[1][0] &= ~LMP_HOST_SC;
480         }
481
482         if (test_bit(HCI_MGMT, &hdev->dev_flags))
483                 mgmt_sc_enable_complete(hdev, sent->support, status);
484         else if (!status) {
485                 if (sent->support)
486                         set_bit(HCI_SC_ENABLED, &hdev->dev_flags);
487                 else
488                         clear_bit(HCI_SC_ENABLED, &hdev->dev_flags);
489         }
490 }
491
492 static void hci_cc_read_local_version(struct hci_dev *hdev, struct sk_buff *skb)
493 {
494         struct hci_rp_read_local_version *rp = (void *) skb->data;
495
496         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
497
498         if (rp->status)
499                 return;
500
501         if (test_bit(HCI_SETUP, &hdev->dev_flags)) {
502                 hdev->hci_ver = rp->hci_ver;
503                 hdev->hci_rev = __le16_to_cpu(rp->hci_rev);
504                 hdev->lmp_ver = rp->lmp_ver;
505                 hdev->manufacturer = __le16_to_cpu(rp->manufacturer);
506                 hdev->lmp_subver = __le16_to_cpu(rp->lmp_subver);
507         }
508 }
509
510 static void hci_cc_read_local_commands(struct hci_dev *hdev,
511                                        struct sk_buff *skb)
512 {
513         struct hci_rp_read_local_commands *rp = (void *) skb->data;
514
515         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
516
517         if (rp->status)
518                 return;
519
520         if (test_bit(HCI_SETUP, &hdev->dev_flags))
521                 memcpy(hdev->commands, rp->commands, sizeof(hdev->commands));
522 }
523
524 static void hci_cc_read_local_features(struct hci_dev *hdev,
525                                        struct sk_buff *skb)
526 {
527         struct hci_rp_read_local_features *rp = (void *) skb->data;
528
529         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
530
531         if (rp->status)
532                 return;
533
534         memcpy(hdev->features, rp->features, 8);
535
536         /* Adjust default settings according to features
537          * supported by device. */
538
539         if (hdev->features[0][0] & LMP_3SLOT)
540                 hdev->pkt_type |= (HCI_DM3 | HCI_DH3);
541
542         if (hdev->features[0][0] & LMP_5SLOT)
543                 hdev->pkt_type |= (HCI_DM5 | HCI_DH5);
544
545         if (hdev->features[0][1] & LMP_HV2) {
546                 hdev->pkt_type  |= (HCI_HV2);
547                 hdev->esco_type |= (ESCO_HV2);
548         }
549
550         if (hdev->features[0][1] & LMP_HV3) {
551                 hdev->pkt_type  |= (HCI_HV3);
552                 hdev->esco_type |= (ESCO_HV3);
553         }
554
555         if (lmp_esco_capable(hdev))
556                 hdev->esco_type |= (ESCO_EV3);
557
558         if (hdev->features[0][4] & LMP_EV4)
559                 hdev->esco_type |= (ESCO_EV4);
560
561         if (hdev->features[0][4] & LMP_EV5)
562                 hdev->esco_type |= (ESCO_EV5);
563
564         if (hdev->features[0][5] & LMP_EDR_ESCO_2M)
565                 hdev->esco_type |= (ESCO_2EV3);
566
567         if (hdev->features[0][5] & LMP_EDR_ESCO_3M)
568                 hdev->esco_type |= (ESCO_3EV3);
569
570         if (hdev->features[0][5] & LMP_EDR_3S_ESCO)
571                 hdev->esco_type |= (ESCO_2EV5 | ESCO_3EV5);
572 }
573
574 static void hci_cc_read_local_ext_features(struct hci_dev *hdev,
575                                            struct sk_buff *skb)
576 {
577         struct hci_rp_read_local_ext_features *rp = (void *) skb->data;
578
579         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
580
581         if (rp->status)
582                 return;
583
584         if (hdev->max_page < rp->max_page)
585                 hdev->max_page = rp->max_page;
586
587         if (rp->page < HCI_MAX_PAGES)
588                 memcpy(hdev->features[rp->page], rp->features, 8);
589 }
590
591 static void hci_cc_read_flow_control_mode(struct hci_dev *hdev,
592                                           struct sk_buff *skb)
593 {
594         struct hci_rp_read_flow_control_mode *rp = (void *) skb->data;
595
596         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
597
598         if (!rp->status)
599                 hdev->flow_ctl_mode = rp->mode;
600 }
601
602 static void hci_cc_read_buffer_size(struct hci_dev *hdev, struct sk_buff *skb)
603 {
604         struct hci_rp_read_buffer_size *rp = (void *) skb->data;
605
606         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
607
608         if (rp->status)
609                 return;
610
611         hdev->acl_mtu  = __le16_to_cpu(rp->acl_mtu);
612         hdev->sco_mtu  = rp->sco_mtu;
613         hdev->acl_pkts = __le16_to_cpu(rp->acl_max_pkt);
614         hdev->sco_pkts = __le16_to_cpu(rp->sco_max_pkt);
615
616         if (test_bit(HCI_QUIRK_FIXUP_BUFFER_SIZE, &hdev->quirks)) {
617                 hdev->sco_mtu  = 64;
618                 hdev->sco_pkts = 8;
619         }
620
621         hdev->acl_cnt = hdev->acl_pkts;
622         hdev->sco_cnt = hdev->sco_pkts;
623
624         BT_DBG("%s acl mtu %d:%d sco mtu %d:%d", hdev->name, hdev->acl_mtu,
625                hdev->acl_pkts, hdev->sco_mtu, hdev->sco_pkts);
626 }
627
628 static void hci_cc_read_bd_addr(struct hci_dev *hdev, struct sk_buff *skb)
629 {
630         struct hci_rp_read_bd_addr *rp = (void *) skb->data;
631
632         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
633
634         if (!rp->status)
635                 bacpy(&hdev->bdaddr, &rp->bdaddr);
636 }
637
638 static void hci_cc_read_page_scan_activity(struct hci_dev *hdev,
639                                            struct sk_buff *skb)
640 {
641         struct hci_rp_read_page_scan_activity *rp = (void *) skb->data;
642
643         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
644
645         if (test_bit(HCI_INIT, &hdev->flags) && !rp->status) {
646                 hdev->page_scan_interval = __le16_to_cpu(rp->interval);
647                 hdev->page_scan_window = __le16_to_cpu(rp->window);
648         }
649 }
650
651 static void hci_cc_write_page_scan_activity(struct hci_dev *hdev,
652                                             struct sk_buff *skb)
653 {
654         u8 status = *((u8 *) skb->data);
655         struct hci_cp_write_page_scan_activity *sent;
656
657         BT_DBG("%s status 0x%2.2x", hdev->name, status);
658
659         if (status)
660                 return;
661
662         sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY);
663         if (!sent)
664                 return;
665
666         hdev->page_scan_interval = __le16_to_cpu(sent->interval);
667         hdev->page_scan_window = __le16_to_cpu(sent->window);
668 }
669
670 static void hci_cc_read_page_scan_type(struct hci_dev *hdev,
671                                            struct sk_buff *skb)
672 {
673         struct hci_rp_read_page_scan_type *rp = (void *) skb->data;
674
675         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
676
677         if (test_bit(HCI_INIT, &hdev->flags) && !rp->status)
678                 hdev->page_scan_type = rp->type;
679 }
680
681 static void hci_cc_write_page_scan_type(struct hci_dev *hdev,
682                                         struct sk_buff *skb)
683 {
684         u8 status = *((u8 *) skb->data);
685         u8 *type;
686
687         BT_DBG("%s status 0x%2.2x", hdev->name, status);
688
689         if (status)
690                 return;
691
692         type = hci_sent_cmd_data(hdev, HCI_OP_WRITE_PAGE_SCAN_TYPE);
693         if (type)
694                 hdev->page_scan_type = *type;
695 }
696
697 static void hci_cc_read_data_block_size(struct hci_dev *hdev,
698                                         struct sk_buff *skb)
699 {
700         struct hci_rp_read_data_block_size *rp = (void *) skb->data;
701
702         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
703
704         if (rp->status)
705                 return;
706
707         hdev->block_mtu = __le16_to_cpu(rp->max_acl_len);
708         hdev->block_len = __le16_to_cpu(rp->block_len);
709         hdev->num_blocks = __le16_to_cpu(rp->num_blocks);
710
711         hdev->block_cnt = hdev->num_blocks;
712
713         BT_DBG("%s blk mtu %d cnt %d len %d", hdev->name, hdev->block_mtu,
714                hdev->block_cnt, hdev->block_len);
715 }
716
717 static void hci_cc_read_local_amp_info(struct hci_dev *hdev,
718                                        struct sk_buff *skb)
719 {
720         struct hci_rp_read_local_amp_info *rp = (void *) skb->data;
721
722         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
723
724         if (rp->status)
725                 goto a2mp_rsp;
726
727         hdev->amp_status = rp->amp_status;
728         hdev->amp_total_bw = __le32_to_cpu(rp->total_bw);
729         hdev->amp_max_bw = __le32_to_cpu(rp->max_bw);
730         hdev->amp_min_latency = __le32_to_cpu(rp->min_latency);
731         hdev->amp_max_pdu = __le32_to_cpu(rp->max_pdu);
732         hdev->amp_type = rp->amp_type;
733         hdev->amp_pal_cap = __le16_to_cpu(rp->pal_cap);
734         hdev->amp_assoc_size = __le16_to_cpu(rp->max_assoc_size);
735         hdev->amp_be_flush_to = __le32_to_cpu(rp->be_flush_to);
736         hdev->amp_max_flush_to = __le32_to_cpu(rp->max_flush_to);
737
738 a2mp_rsp:
739         a2mp_send_getinfo_rsp(hdev);
740 }
741
742 static void hci_cc_read_local_amp_assoc(struct hci_dev *hdev,
743                                         struct sk_buff *skb)
744 {
745         struct hci_rp_read_local_amp_assoc *rp = (void *) skb->data;
746         struct amp_assoc *assoc = &hdev->loc_assoc;
747         size_t rem_len, frag_len;
748
749         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
750
751         if (rp->status)
752                 goto a2mp_rsp;
753
754         frag_len = skb->len - sizeof(*rp);
755         rem_len = __le16_to_cpu(rp->rem_len);
756
757         if (rem_len > frag_len) {
758                 BT_DBG("frag_len %zu rem_len %zu", frag_len, rem_len);
759
760                 memcpy(assoc->data + assoc->offset, rp->frag, frag_len);
761                 assoc->offset += frag_len;
762
763                 /* Read other fragments */
764                 amp_read_loc_assoc_frag(hdev, rp->phy_handle);
765
766                 return;
767         }
768
769         memcpy(assoc->data + assoc->offset, rp->frag, rem_len);
770         assoc->len = assoc->offset + rem_len;
771         assoc->offset = 0;
772
773 a2mp_rsp:
774         /* Send A2MP Rsp when all fragments are received */
775         a2mp_send_getampassoc_rsp(hdev, rp->status);
776         a2mp_send_create_phy_link_req(hdev, rp->status);
777 }
778
779 static void hci_cc_read_inq_rsp_tx_power(struct hci_dev *hdev,
780                                          struct sk_buff *skb)
781 {
782         struct hci_rp_read_inq_rsp_tx_power *rp = (void *) skb->data;
783
784         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
785
786         if (!rp->status)
787                 hdev->inq_tx_power = rp->tx_power;
788 }
789
790 static void hci_cc_pin_code_reply(struct hci_dev *hdev, struct sk_buff *skb)
791 {
792         struct hci_rp_pin_code_reply *rp = (void *) skb->data;
793         struct hci_cp_pin_code_reply *cp;
794         struct hci_conn *conn;
795
796         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
797
798         hci_dev_lock(hdev);
799
800         if (test_bit(HCI_MGMT, &hdev->dev_flags))
801                 mgmt_pin_code_reply_complete(hdev, &rp->bdaddr, rp->status);
802
803         if (rp->status)
804                 goto unlock;
805
806         cp = hci_sent_cmd_data(hdev, HCI_OP_PIN_CODE_REPLY);
807         if (!cp)
808                 goto unlock;
809
810         conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
811         if (conn)
812                 conn->pin_length = cp->pin_len;
813
814 unlock:
815         hci_dev_unlock(hdev);
816 }
817
818 static void hci_cc_pin_code_neg_reply(struct hci_dev *hdev, struct sk_buff *skb)
819 {
820         struct hci_rp_pin_code_neg_reply *rp = (void *) skb->data;
821
822         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
823
824         hci_dev_lock(hdev);
825
826         if (test_bit(HCI_MGMT, &hdev->dev_flags))
827                 mgmt_pin_code_neg_reply_complete(hdev, &rp->bdaddr,
828                                                  rp->status);
829
830         hci_dev_unlock(hdev);
831 }
832
833 static void hci_cc_le_read_buffer_size(struct hci_dev *hdev,
834                                        struct sk_buff *skb)
835 {
836         struct hci_rp_le_read_buffer_size *rp = (void *) skb->data;
837
838         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
839
840         if (rp->status)
841                 return;
842
843         hdev->le_mtu = __le16_to_cpu(rp->le_mtu);
844         hdev->le_pkts = rp->le_max_pkt;
845
846         hdev->le_cnt = hdev->le_pkts;
847
848         BT_DBG("%s le mtu %d:%d", hdev->name, hdev->le_mtu, hdev->le_pkts);
849 }
850
851 static void hci_cc_le_read_local_features(struct hci_dev *hdev,
852                                           struct sk_buff *skb)
853 {
854         struct hci_rp_le_read_local_features *rp = (void *) skb->data;
855
856         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
857
858         if (!rp->status)
859                 memcpy(hdev->le_features, rp->features, 8);
860 }
861
862 static void hci_cc_le_read_adv_tx_power(struct hci_dev *hdev,
863                                         struct sk_buff *skb)
864 {
865         struct hci_rp_le_read_adv_tx_power *rp = (void *) skb->data;
866
867         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
868
869         if (!rp->status)
870                 hdev->adv_tx_power = rp->tx_power;
871 }
872
873 static void hci_cc_user_confirm_reply(struct hci_dev *hdev, struct sk_buff *skb)
874 {
875         struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
876
877         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
878
879         hci_dev_lock(hdev);
880
881         if (test_bit(HCI_MGMT, &hdev->dev_flags))
882                 mgmt_user_confirm_reply_complete(hdev, &rp->bdaddr, ACL_LINK, 0,
883                                                  rp->status);
884
885         hci_dev_unlock(hdev);
886 }
887
888 static void hci_cc_user_confirm_neg_reply(struct hci_dev *hdev,
889                                           struct sk_buff *skb)
890 {
891         struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
892
893         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
894
895         hci_dev_lock(hdev);
896
897         if (test_bit(HCI_MGMT, &hdev->dev_flags))
898                 mgmt_user_confirm_neg_reply_complete(hdev, &rp->bdaddr,
899                                                      ACL_LINK, 0, rp->status);
900
901         hci_dev_unlock(hdev);
902 }
903
904 static void hci_cc_user_passkey_reply(struct hci_dev *hdev, struct sk_buff *skb)
905 {
906         struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
907
908         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
909
910         hci_dev_lock(hdev);
911
912         if (test_bit(HCI_MGMT, &hdev->dev_flags))
913                 mgmt_user_passkey_reply_complete(hdev, &rp->bdaddr, ACL_LINK,
914                                                  0, rp->status);
915
916         hci_dev_unlock(hdev);
917 }
918
919 static void hci_cc_user_passkey_neg_reply(struct hci_dev *hdev,
920                                           struct sk_buff *skb)
921 {
922         struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
923
924         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
925
926         hci_dev_lock(hdev);
927
928         if (test_bit(HCI_MGMT, &hdev->dev_flags))
929                 mgmt_user_passkey_neg_reply_complete(hdev, &rp->bdaddr,
930                                                      ACL_LINK, 0, rp->status);
931
932         hci_dev_unlock(hdev);
933 }
934
935 static void hci_cc_read_local_oob_data(struct hci_dev *hdev,
936                                        struct sk_buff *skb)
937 {
938         struct hci_rp_read_local_oob_data *rp = (void *) skb->data;
939
940         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
941
942         hci_dev_lock(hdev);
943         mgmt_read_local_oob_data_complete(hdev, rp->hash, rp->randomizer,
944                                           NULL, NULL, rp->status);
945         hci_dev_unlock(hdev);
946 }
947
948 static void hci_cc_read_local_oob_ext_data(struct hci_dev *hdev,
949                                            struct sk_buff *skb)
950 {
951         struct hci_rp_read_local_oob_ext_data *rp = (void *) skb->data;
952
953         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
954
955         hci_dev_lock(hdev);
956         mgmt_read_local_oob_data_complete(hdev, rp->hash192, rp->randomizer192,
957                                           rp->hash256, rp->randomizer256,
958                                           rp->status);
959         hci_dev_unlock(hdev);
960 }
961
962
963 static void hci_cc_le_set_random_addr(struct hci_dev *hdev, struct sk_buff *skb)
964 {
965         __u8 status = *((__u8 *) skb->data);
966         bdaddr_t *sent;
967
968         BT_DBG("%s status 0x%2.2x", hdev->name, status);
969
970         sent = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_RANDOM_ADDR);
971         if (!sent)
972                 return;
973
974         hci_dev_lock(hdev);
975
976         if (!status)
977                 bacpy(&hdev->random_addr, sent);
978
979         hci_dev_unlock(hdev);
980 }
981
982 static void hci_cc_le_set_adv_enable(struct hci_dev *hdev, struct sk_buff *skb)
983 {
984         __u8 *sent, status = *((__u8 *) skb->data);
985
986         BT_DBG("%s status 0x%2.2x", hdev->name, status);
987
988         sent = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_ADV_ENABLE);
989         if (!sent)
990                 return;
991
992         hci_dev_lock(hdev);
993
994         if (!status)
995                 mgmt_advertising(hdev, *sent);
996
997         hci_dev_unlock(hdev);
998 }
999
1000 static void hci_cc_le_set_scan_enable(struct hci_dev *hdev,
1001                                       struct sk_buff *skb)
1002 {
1003         struct hci_cp_le_set_scan_enable *cp;
1004         __u8 status = *((__u8 *) skb->data);
1005
1006         BT_DBG("%s status 0x%2.2x", hdev->name, status);
1007
1008         cp = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_SCAN_ENABLE);
1009         if (!cp)
1010                 return;
1011
1012         if (status)
1013                 return;
1014
1015         switch (cp->enable) {
1016         case LE_SCAN_ENABLE:
1017                 set_bit(HCI_LE_SCAN, &hdev->dev_flags);
1018                 break;
1019
1020         case LE_SCAN_DISABLE:
1021                 clear_bit(HCI_LE_SCAN, &hdev->dev_flags);
1022                 break;
1023
1024         default:
1025                 BT_ERR("Used reserved LE_Scan_Enable param %d", cp->enable);
1026                 break;
1027         }
1028 }
1029
1030 static void hci_cc_le_read_white_list_size(struct hci_dev *hdev,
1031                                            struct sk_buff *skb)
1032 {
1033         struct hci_rp_le_read_white_list_size *rp = (void *) skb->data;
1034
1035         BT_DBG("%s status 0x%2.2x size %u", hdev->name, rp->status, rp->size);
1036
1037         if (!rp->status)
1038                 hdev->le_white_list_size = rp->size;
1039 }
1040
1041 static void hci_cc_le_read_supported_states(struct hci_dev *hdev,
1042                                             struct sk_buff *skb)
1043 {
1044         struct hci_rp_le_read_supported_states *rp = (void *) skb->data;
1045
1046         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1047
1048         if (!rp->status)
1049                 memcpy(hdev->le_states, rp->le_states, 8);
1050 }
1051
1052 static void hci_cc_write_le_host_supported(struct hci_dev *hdev,
1053                                            struct sk_buff *skb)
1054 {
1055         struct hci_cp_write_le_host_supported *sent;
1056         __u8 status = *((__u8 *) skb->data);
1057
1058         BT_DBG("%s status 0x%2.2x", hdev->name, status);
1059
1060         sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED);
1061         if (!sent)
1062                 return;
1063
1064         if (!status) {
1065                 if (sent->le) {
1066                         hdev->features[1][0] |= LMP_HOST_LE;
1067                         set_bit(HCI_LE_ENABLED, &hdev->dev_flags);
1068                 } else {
1069                         hdev->features[1][0] &= ~LMP_HOST_LE;
1070                         clear_bit(HCI_LE_ENABLED, &hdev->dev_flags);
1071                         clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
1072                 }
1073
1074                 if (sent->simul)
1075                         hdev->features[1][0] |= LMP_HOST_LE_BREDR;
1076                 else
1077                         hdev->features[1][0] &= ~LMP_HOST_LE_BREDR;
1078         }
1079 }
1080
1081 static void hci_cc_set_adv_param(struct hci_dev *hdev, struct sk_buff *skb)
1082 {
1083         struct hci_cp_le_set_adv_param *cp;
1084         u8 status = *((u8 *) skb->data);
1085
1086         BT_DBG("%s status 0x%2.2x", hdev->name, status);
1087
1088         if (status)
1089                 return;
1090
1091         cp = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_ADV_PARAM);
1092         if (!cp)
1093                 return;
1094
1095         hci_dev_lock(hdev);
1096         hdev->adv_addr_type = cp->own_address_type;
1097         hci_dev_unlock(hdev);
1098 }
1099
1100 static void hci_cc_write_remote_amp_assoc(struct hci_dev *hdev,
1101                                           struct sk_buff *skb)
1102 {
1103         struct hci_rp_write_remote_amp_assoc *rp = (void *) skb->data;
1104
1105         BT_DBG("%s status 0x%2.2x phy_handle 0x%2.2x",
1106                hdev->name, rp->status, rp->phy_handle);
1107
1108         if (rp->status)
1109                 return;
1110
1111         amp_write_rem_assoc_continue(hdev, rp->phy_handle);
1112 }
1113
1114 static void hci_cs_inquiry(struct hci_dev *hdev, __u8 status)
1115 {
1116         BT_DBG("%s status 0x%2.2x", hdev->name, status);
1117
1118         if (status) {
1119                 hci_conn_check_pending(hdev);
1120                 return;
1121         }
1122
1123         set_bit(HCI_INQUIRY, &hdev->flags);
1124 }
1125
1126 static void hci_cs_create_conn(struct hci_dev *hdev, __u8 status)
1127 {
1128         struct hci_cp_create_conn *cp;
1129         struct hci_conn *conn;
1130
1131         BT_DBG("%s status 0x%2.2x", hdev->name, status);
1132
1133         cp = hci_sent_cmd_data(hdev, HCI_OP_CREATE_CONN);
1134         if (!cp)
1135                 return;
1136
1137         hci_dev_lock(hdev);
1138
1139         conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1140
1141         BT_DBG("%s bdaddr %pMR hcon %p", hdev->name, &cp->bdaddr, conn);
1142
1143         if (status) {
1144                 if (conn && conn->state == BT_CONNECT) {
1145                         if (status != 0x0c || conn->attempt > 2) {
1146                                 conn->state = BT_CLOSED;
1147                                 hci_proto_connect_cfm(conn, status);
1148                                 hci_conn_del(conn);
1149                         } else
1150                                 conn->state = BT_CONNECT2;
1151                 }
1152         } else {
1153                 if (!conn) {
1154                         conn = hci_conn_add(hdev, ACL_LINK, &cp->bdaddr);
1155                         if (conn) {
1156                                 conn->out = true;
1157                                 conn->link_mode |= HCI_LM_MASTER;
1158                         } else
1159                                 BT_ERR("No memory for new connection");
1160                 }
1161         }
1162
1163         hci_dev_unlock(hdev);
1164 }
1165
1166 static void hci_cs_add_sco(struct hci_dev *hdev, __u8 status)
1167 {
1168         struct hci_cp_add_sco *cp;
1169         struct hci_conn *acl, *sco;
1170         __u16 handle;
1171
1172         BT_DBG("%s status 0x%2.2x", hdev->name, status);
1173
1174         if (!status)
1175                 return;
1176
1177         cp = hci_sent_cmd_data(hdev, HCI_OP_ADD_SCO);
1178         if (!cp)
1179                 return;
1180
1181         handle = __le16_to_cpu(cp->handle);
1182
1183         BT_DBG("%s handle 0x%4.4x", hdev->name, handle);
1184
1185         hci_dev_lock(hdev);
1186
1187         acl = hci_conn_hash_lookup_handle(hdev, handle);
1188         if (acl) {
1189                 sco = acl->link;
1190                 if (sco) {
1191                         sco->state = BT_CLOSED;
1192
1193                         hci_proto_connect_cfm(sco, status);
1194                         hci_conn_del(sco);
1195                 }
1196         }
1197
1198         hci_dev_unlock(hdev);
1199 }
1200
1201 static void hci_cs_auth_requested(struct hci_dev *hdev, __u8 status)
1202 {
1203         struct hci_cp_auth_requested *cp;
1204         struct hci_conn *conn;
1205
1206         BT_DBG("%s status 0x%2.2x", hdev->name, status);
1207
1208         if (!status)
1209                 return;
1210
1211         cp = hci_sent_cmd_data(hdev, HCI_OP_AUTH_REQUESTED);
1212         if (!cp)
1213                 return;
1214
1215         hci_dev_lock(hdev);
1216
1217         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1218         if (conn) {
1219                 if (conn->state == BT_CONFIG) {
1220                         hci_proto_connect_cfm(conn, status);
1221                         hci_conn_drop(conn);
1222                 }
1223         }
1224
1225         hci_dev_unlock(hdev);
1226 }
1227
1228 static void hci_cs_set_conn_encrypt(struct hci_dev *hdev, __u8 status)
1229 {
1230         struct hci_cp_set_conn_encrypt *cp;
1231         struct hci_conn *conn;
1232
1233         BT_DBG("%s status 0x%2.2x", hdev->name, status);
1234
1235         if (!status)
1236                 return;
1237
1238         cp = hci_sent_cmd_data(hdev, HCI_OP_SET_CONN_ENCRYPT);
1239         if (!cp)
1240                 return;
1241
1242         hci_dev_lock(hdev);
1243
1244         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1245         if (conn) {
1246                 if (conn->state == BT_CONFIG) {
1247                         hci_proto_connect_cfm(conn, status);
1248                         hci_conn_drop(conn);
1249                 }
1250         }
1251
1252         hci_dev_unlock(hdev);
1253 }
1254
1255 static int hci_outgoing_auth_needed(struct hci_dev *hdev,
1256                                     struct hci_conn *conn)
1257 {
1258         if (conn->state != BT_CONFIG || !conn->out)
1259                 return 0;
1260
1261         if (conn->pending_sec_level == BT_SECURITY_SDP)
1262                 return 0;
1263
1264         /* Only request authentication for SSP connections or non-SSP
1265          * devices with sec_level MEDIUM or HIGH or if MITM protection
1266          * is requested.
1267          */
1268         if (!hci_conn_ssp_enabled(conn) && !(conn->auth_type & 0x01) &&
1269             conn->pending_sec_level != BT_SECURITY_HIGH &&
1270             conn->pending_sec_level != BT_SECURITY_MEDIUM)
1271                 return 0;
1272
1273         return 1;
1274 }
1275
1276 static int hci_resolve_name(struct hci_dev *hdev,
1277                                    struct inquiry_entry *e)
1278 {
1279         struct hci_cp_remote_name_req cp;
1280
1281         memset(&cp, 0, sizeof(cp));
1282
1283         bacpy(&cp.bdaddr, &e->data.bdaddr);
1284         cp.pscan_rep_mode = e->data.pscan_rep_mode;
1285         cp.pscan_mode = e->data.pscan_mode;
1286         cp.clock_offset = e->data.clock_offset;
1287
1288         return hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
1289 }
1290
1291 static bool hci_resolve_next_name(struct hci_dev *hdev)
1292 {
1293         struct discovery_state *discov = &hdev->discovery;
1294         struct inquiry_entry *e;
1295
1296         if (list_empty(&discov->resolve))
1297                 return false;
1298
1299         e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_NEEDED);
1300         if (!e)
1301                 return false;
1302
1303         if (hci_resolve_name(hdev, e) == 0) {
1304                 e->name_state = NAME_PENDING;
1305                 return true;
1306         }
1307
1308         return false;
1309 }
1310
1311 static void hci_check_pending_name(struct hci_dev *hdev, struct hci_conn *conn,
1312                                    bdaddr_t *bdaddr, u8 *name, u8 name_len)
1313 {
1314         struct discovery_state *discov = &hdev->discovery;
1315         struct inquiry_entry *e;
1316
1317         if (conn && !test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
1318                 mgmt_device_connected(hdev, bdaddr, ACL_LINK, 0x00, 0, name,
1319                                       name_len, conn->dev_class);
1320
1321         if (discov->state == DISCOVERY_STOPPED)
1322                 return;
1323
1324         if (discov->state == DISCOVERY_STOPPING)
1325                 goto discov_complete;
1326
1327         if (discov->state != DISCOVERY_RESOLVING)
1328                 return;
1329
1330         e = hci_inquiry_cache_lookup_resolve(hdev, bdaddr, NAME_PENDING);
1331         /* If the device was not found in a list of found devices names of which
1332          * are pending. there is no need to continue resolving a next name as it
1333          * will be done upon receiving another Remote Name Request Complete
1334          * Event */
1335         if (!e)
1336                 return;
1337
1338         list_del(&e->list);
1339         if (name) {
1340                 e->name_state = NAME_KNOWN;
1341                 mgmt_remote_name(hdev, bdaddr, ACL_LINK, 0x00,
1342                                  e->data.rssi, name, name_len);
1343         } else {
1344                 e->name_state = NAME_NOT_KNOWN;
1345         }
1346
1347         if (hci_resolve_next_name(hdev))
1348                 return;
1349
1350 discov_complete:
1351         hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1352 }
1353
1354 static void hci_cs_remote_name_req(struct hci_dev *hdev, __u8 status)
1355 {
1356         struct hci_cp_remote_name_req *cp;
1357         struct hci_conn *conn;
1358
1359         BT_DBG("%s status 0x%2.2x", hdev->name, status);
1360
1361         /* If successful wait for the name req complete event before
1362          * checking for the need to do authentication */
1363         if (!status)
1364                 return;
1365
1366         cp = hci_sent_cmd_data(hdev, HCI_OP_REMOTE_NAME_REQ);
1367         if (!cp)
1368                 return;
1369
1370         hci_dev_lock(hdev);
1371
1372         conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1373
1374         if (test_bit(HCI_MGMT, &hdev->dev_flags))
1375                 hci_check_pending_name(hdev, conn, &cp->bdaddr, NULL, 0);
1376
1377         if (!conn)
1378                 goto unlock;
1379
1380         if (!hci_outgoing_auth_needed(hdev, conn))
1381                 goto unlock;
1382
1383         if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
1384                 struct hci_cp_auth_requested auth_cp;
1385
1386                 auth_cp.handle = __cpu_to_le16(conn->handle);
1387                 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED,
1388                              sizeof(auth_cp), &auth_cp);
1389         }
1390
1391 unlock:
1392         hci_dev_unlock(hdev);
1393 }
1394
1395 static void hci_cs_read_remote_features(struct hci_dev *hdev, __u8 status)
1396 {
1397         struct hci_cp_read_remote_features *cp;
1398         struct hci_conn *conn;
1399
1400         BT_DBG("%s status 0x%2.2x", hdev->name, status);
1401
1402         if (!status)
1403                 return;
1404
1405         cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_FEATURES);
1406         if (!cp)
1407                 return;
1408
1409         hci_dev_lock(hdev);
1410
1411         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1412         if (conn) {
1413                 if (conn->state == BT_CONFIG) {
1414                         hci_proto_connect_cfm(conn, status);
1415                         hci_conn_drop(conn);
1416                 }
1417         }
1418
1419         hci_dev_unlock(hdev);
1420 }
1421
1422 static void hci_cs_read_remote_ext_features(struct hci_dev *hdev, __u8 status)
1423 {
1424         struct hci_cp_read_remote_ext_features *cp;
1425         struct hci_conn *conn;
1426
1427         BT_DBG("%s status 0x%2.2x", hdev->name, status);
1428
1429         if (!status)
1430                 return;
1431
1432         cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES);
1433         if (!cp)
1434                 return;
1435
1436         hci_dev_lock(hdev);
1437
1438         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1439         if (conn) {
1440                 if (conn->state == BT_CONFIG) {
1441                         hci_proto_connect_cfm(conn, status);
1442                         hci_conn_drop(conn);
1443                 }
1444         }
1445
1446         hci_dev_unlock(hdev);
1447 }
1448
1449 static void hci_cs_setup_sync_conn(struct hci_dev *hdev, __u8 status)
1450 {
1451         struct hci_cp_setup_sync_conn *cp;
1452         struct hci_conn *acl, *sco;
1453         __u16 handle;
1454
1455         BT_DBG("%s status 0x%2.2x", hdev->name, status);
1456
1457         if (!status)
1458                 return;
1459
1460         cp = hci_sent_cmd_data(hdev, HCI_OP_SETUP_SYNC_CONN);
1461         if (!cp)
1462                 return;
1463
1464         handle = __le16_to_cpu(cp->handle);
1465
1466         BT_DBG("%s handle 0x%4.4x", hdev->name, handle);
1467
1468         hci_dev_lock(hdev);
1469
1470         acl = hci_conn_hash_lookup_handle(hdev, handle);
1471         if (acl) {
1472                 sco = acl->link;
1473                 if (sco) {
1474                         sco->state = BT_CLOSED;
1475
1476                         hci_proto_connect_cfm(sco, status);
1477                         hci_conn_del(sco);
1478                 }
1479         }
1480
1481         hci_dev_unlock(hdev);
1482 }
1483
1484 static void hci_cs_sniff_mode(struct hci_dev *hdev, __u8 status)
1485 {
1486         struct hci_cp_sniff_mode *cp;
1487         struct hci_conn *conn;
1488
1489         BT_DBG("%s status 0x%2.2x", hdev->name, status);
1490
1491         if (!status)
1492                 return;
1493
1494         cp = hci_sent_cmd_data(hdev, HCI_OP_SNIFF_MODE);
1495         if (!cp)
1496                 return;
1497
1498         hci_dev_lock(hdev);
1499
1500         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1501         if (conn) {
1502                 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags);
1503
1504                 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
1505                         hci_sco_setup(conn, status);
1506         }
1507
1508         hci_dev_unlock(hdev);
1509 }
1510
1511 static void hci_cs_exit_sniff_mode(struct hci_dev *hdev, __u8 status)
1512 {
1513         struct hci_cp_exit_sniff_mode *cp;
1514         struct hci_conn *conn;
1515
1516         BT_DBG("%s status 0x%2.2x", hdev->name, status);
1517
1518         if (!status)
1519                 return;
1520
1521         cp = hci_sent_cmd_data(hdev, HCI_OP_EXIT_SNIFF_MODE);
1522         if (!cp)
1523                 return;
1524
1525         hci_dev_lock(hdev);
1526
1527         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1528         if (conn) {
1529                 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags);
1530
1531                 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
1532                         hci_sco_setup(conn, status);
1533         }
1534
1535         hci_dev_unlock(hdev);
1536 }
1537
1538 static void hci_cs_disconnect(struct hci_dev *hdev, u8 status)
1539 {
1540         struct hci_cp_disconnect *cp;
1541         struct hci_conn *conn;
1542
1543         if (!status)
1544                 return;
1545
1546         cp = hci_sent_cmd_data(hdev, HCI_OP_DISCONNECT);
1547         if (!cp)
1548                 return;
1549
1550         hci_dev_lock(hdev);
1551
1552         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1553         if (conn)
1554                 mgmt_disconnect_failed(hdev, &conn->dst, conn->type,
1555                                        conn->dst_type, status);
1556
1557         hci_dev_unlock(hdev);
1558 }
1559
1560 static void hci_cs_create_phylink(struct hci_dev *hdev, u8 status)
1561 {
1562         struct hci_cp_create_phy_link *cp;
1563
1564         BT_DBG("%s status 0x%2.2x", hdev->name, status);
1565
1566         cp = hci_sent_cmd_data(hdev, HCI_OP_CREATE_PHY_LINK);
1567         if (!cp)
1568                 return;
1569
1570         hci_dev_lock(hdev);
1571
1572         if (status) {
1573                 struct hci_conn *hcon;
1574
1575                 hcon = hci_conn_hash_lookup_handle(hdev, cp->phy_handle);
1576                 if (hcon)
1577                         hci_conn_del(hcon);
1578         } else {
1579                 amp_write_remote_assoc(hdev, cp->phy_handle);
1580         }
1581
1582         hci_dev_unlock(hdev);
1583 }
1584
1585 static void hci_cs_accept_phylink(struct hci_dev *hdev, u8 status)
1586 {
1587         struct hci_cp_accept_phy_link *cp;
1588
1589         BT_DBG("%s status 0x%2.2x", hdev->name, status);
1590
1591         if (status)
1592                 return;
1593
1594         cp = hci_sent_cmd_data(hdev, HCI_OP_ACCEPT_PHY_LINK);
1595         if (!cp)
1596                 return;
1597
1598         amp_write_remote_assoc(hdev, cp->phy_handle);
1599 }
1600
1601 static void hci_inquiry_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1602 {
1603         __u8 status = *((__u8 *) skb->data);
1604         struct discovery_state *discov = &hdev->discovery;
1605         struct inquiry_entry *e;
1606
1607         BT_DBG("%s status 0x%2.2x", hdev->name, status);
1608
1609         hci_conn_check_pending(hdev);
1610
1611         if (!test_and_clear_bit(HCI_INQUIRY, &hdev->flags))
1612                 return;
1613
1614         smp_mb__after_clear_bit(); /* wake_up_bit advises about this barrier */
1615         wake_up_bit(&hdev->flags, HCI_INQUIRY);
1616
1617         if (!test_bit(HCI_MGMT, &hdev->dev_flags))
1618                 return;
1619
1620         hci_dev_lock(hdev);
1621
1622         if (discov->state != DISCOVERY_FINDING)
1623                 goto unlock;
1624
1625         if (list_empty(&discov->resolve)) {
1626                 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1627                 goto unlock;
1628         }
1629
1630         e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_NEEDED);
1631         if (e && hci_resolve_name(hdev, e) == 0) {
1632                 e->name_state = NAME_PENDING;
1633                 hci_discovery_set_state(hdev, DISCOVERY_RESOLVING);
1634         } else {
1635                 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1636         }
1637
1638 unlock:
1639         hci_dev_unlock(hdev);
1640 }
1641
1642 static void hci_inquiry_result_evt(struct hci_dev *hdev, struct sk_buff *skb)
1643 {
1644         struct inquiry_data data;
1645         struct inquiry_info *info = (void *) (skb->data + 1);
1646         int num_rsp = *((__u8 *) skb->data);
1647
1648         BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
1649
1650         if (!num_rsp)
1651                 return;
1652
1653         if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags))
1654                 return;
1655
1656         hci_dev_lock(hdev);
1657
1658         for (; num_rsp; num_rsp--, info++) {
1659                 bool name_known, ssp;
1660
1661                 bacpy(&data.bdaddr, &info->bdaddr);
1662                 data.pscan_rep_mode     = info->pscan_rep_mode;
1663                 data.pscan_period_mode  = info->pscan_period_mode;
1664                 data.pscan_mode         = info->pscan_mode;
1665                 memcpy(data.dev_class, info->dev_class, 3);
1666                 data.clock_offset       = info->clock_offset;
1667                 data.rssi               = 0x00;
1668                 data.ssp_mode           = 0x00;
1669
1670                 name_known = hci_inquiry_cache_update(hdev, &data, false, &ssp);
1671                 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
1672                                   info->dev_class, 0, !name_known, ssp, NULL,
1673                                   0);
1674         }
1675
1676         hci_dev_unlock(hdev);
1677 }
1678
1679 static void hci_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1680 {
1681         struct hci_ev_conn_complete *ev = (void *) skb->data;
1682         struct hci_conn *conn;
1683
1684         BT_DBG("%s", hdev->name);
1685
1686         hci_dev_lock(hdev);
1687
1688         conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
1689         if (!conn) {
1690                 if (ev->link_type != SCO_LINK)
1691                         goto unlock;
1692
1693                 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
1694                 if (!conn)
1695                         goto unlock;
1696
1697                 conn->type = SCO_LINK;
1698         }
1699
1700         if (!ev->status) {
1701                 conn->handle = __le16_to_cpu(ev->handle);
1702
1703                 if (conn->type == ACL_LINK) {
1704                         conn->state = BT_CONFIG;
1705                         hci_conn_hold(conn);
1706
1707                         if (!conn->out && !hci_conn_ssp_enabled(conn) &&
1708                             !hci_find_link_key(hdev, &ev->bdaddr))
1709                                 conn->disc_timeout = HCI_PAIRING_TIMEOUT;
1710                         else
1711                                 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
1712                 } else
1713                         conn->state = BT_CONNECTED;
1714
1715                 hci_conn_add_sysfs(conn);
1716
1717                 if (test_bit(HCI_AUTH, &hdev->flags))
1718                         conn->link_mode |= HCI_LM_AUTH;
1719
1720                 if (test_bit(HCI_ENCRYPT, &hdev->flags))
1721                         conn->link_mode |= HCI_LM_ENCRYPT;
1722
1723                 /* Get remote features */
1724                 if (conn->type == ACL_LINK) {
1725                         struct hci_cp_read_remote_features cp;
1726                         cp.handle = ev->handle;
1727                         hci_send_cmd(hdev, HCI_OP_READ_REMOTE_FEATURES,
1728                                      sizeof(cp), &cp);
1729                 }
1730
1731                 /* Set packet type for incoming connection */
1732                 if (!conn->out && hdev->hci_ver < BLUETOOTH_VER_2_0) {
1733                         struct hci_cp_change_conn_ptype cp;
1734                         cp.handle = ev->handle;
1735                         cp.pkt_type = cpu_to_le16(conn->pkt_type);
1736                         hci_send_cmd(hdev, HCI_OP_CHANGE_CONN_PTYPE, sizeof(cp),
1737                                      &cp);
1738                 }
1739         } else {
1740                 conn->state = BT_CLOSED;
1741                 if (conn->type == ACL_LINK)
1742                         mgmt_connect_failed(hdev, &conn->dst, conn->type,
1743                                             conn->dst_type, ev->status);
1744         }
1745
1746         if (conn->type == ACL_LINK)
1747                 hci_sco_setup(conn, ev->status);
1748
1749         if (ev->status) {
1750                 hci_proto_connect_cfm(conn, ev->status);
1751                 hci_conn_del(conn);
1752         } else if (ev->link_type != ACL_LINK)
1753                 hci_proto_connect_cfm(conn, ev->status);
1754
1755 unlock:
1756         hci_dev_unlock(hdev);
1757
1758         hci_conn_check_pending(hdev);
1759 }
1760
1761 static void hci_conn_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
1762 {
1763         struct hci_ev_conn_request *ev = (void *) skb->data;
1764         int mask = hdev->link_mode;
1765         __u8 flags = 0;
1766
1767         BT_DBG("%s bdaddr %pMR type 0x%x", hdev->name, &ev->bdaddr,
1768                ev->link_type);
1769
1770         mask |= hci_proto_connect_ind(hdev, &ev->bdaddr, ev->link_type,
1771                                       &flags);
1772
1773         if ((mask & HCI_LM_ACCEPT) &&
1774             !hci_blacklist_lookup(hdev, &ev->bdaddr, BDADDR_BREDR)) {
1775                 /* Connection accepted */
1776                 struct inquiry_entry *ie;
1777                 struct hci_conn *conn;
1778
1779                 hci_dev_lock(hdev);
1780
1781                 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
1782                 if (ie)
1783                         memcpy(ie->data.dev_class, ev->dev_class, 3);
1784
1785                 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type,
1786                                                &ev->bdaddr);
1787                 if (!conn) {
1788                         conn = hci_conn_add(hdev, ev->link_type, &ev->bdaddr);
1789                         if (!conn) {
1790                                 BT_ERR("No memory for new connection");
1791                                 hci_dev_unlock(hdev);
1792                                 return;
1793                         }
1794                 }
1795
1796                 memcpy(conn->dev_class, ev->dev_class, 3);
1797
1798                 hci_dev_unlock(hdev);
1799
1800                 if (ev->link_type == ACL_LINK ||
1801                     (!(flags & HCI_PROTO_DEFER) && !lmp_esco_capable(hdev))) {
1802                         struct hci_cp_accept_conn_req cp;
1803                         conn->state = BT_CONNECT;
1804
1805                         bacpy(&cp.bdaddr, &ev->bdaddr);
1806
1807                         if (lmp_rswitch_capable(hdev) && (mask & HCI_LM_MASTER))
1808                                 cp.role = 0x00; /* Become master */
1809                         else
1810                                 cp.role = 0x01; /* Remain slave */
1811
1812                         hci_send_cmd(hdev, HCI_OP_ACCEPT_CONN_REQ, sizeof(cp),
1813                                      &cp);
1814                 } else if (!(flags & HCI_PROTO_DEFER)) {
1815                         struct hci_cp_accept_sync_conn_req cp;
1816                         conn->state = BT_CONNECT;
1817
1818                         bacpy(&cp.bdaddr, &ev->bdaddr);
1819                         cp.pkt_type = cpu_to_le16(conn->pkt_type);
1820
1821                         cp.tx_bandwidth   = __constant_cpu_to_le32(0x00001f40);
1822                         cp.rx_bandwidth   = __constant_cpu_to_le32(0x00001f40);
1823                         cp.max_latency    = __constant_cpu_to_le16(0xffff);
1824                         cp.content_format = cpu_to_le16(hdev->voice_setting);
1825                         cp.retrans_effort = 0xff;
1826
1827                         hci_send_cmd(hdev, HCI_OP_ACCEPT_SYNC_CONN_REQ,
1828                                      sizeof(cp), &cp);
1829                 } else {
1830                         conn->state = BT_CONNECT2;
1831                         hci_proto_connect_cfm(conn, 0);
1832                 }
1833         } else {
1834                 /* Connection rejected */
1835                 struct hci_cp_reject_conn_req cp;
1836
1837                 bacpy(&cp.bdaddr, &ev->bdaddr);
1838                 cp.reason = HCI_ERROR_REJ_BAD_ADDR;
1839                 hci_send_cmd(hdev, HCI_OP_REJECT_CONN_REQ, sizeof(cp), &cp);
1840         }
1841 }
1842
1843 static u8 hci_to_mgmt_reason(u8 err)
1844 {
1845         switch (err) {
1846         case HCI_ERROR_CONNECTION_TIMEOUT:
1847                 return MGMT_DEV_DISCONN_TIMEOUT;
1848         case HCI_ERROR_REMOTE_USER_TERM:
1849         case HCI_ERROR_REMOTE_LOW_RESOURCES:
1850         case HCI_ERROR_REMOTE_POWER_OFF:
1851                 return MGMT_DEV_DISCONN_REMOTE;
1852         case HCI_ERROR_LOCAL_HOST_TERM:
1853                 return MGMT_DEV_DISCONN_LOCAL_HOST;
1854         default:
1855                 return MGMT_DEV_DISCONN_UNKNOWN;
1856         }
1857 }
1858
1859 static void hci_disconn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1860 {
1861         struct hci_ev_disconn_complete *ev = (void *) skb->data;
1862         u8 reason = hci_to_mgmt_reason(ev->reason);
1863         struct hci_conn_params *params;
1864         struct hci_conn *conn;
1865         bool mgmt_connected;
1866         u8 type;
1867
1868         BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
1869
1870         hci_dev_lock(hdev);
1871
1872         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1873         if (!conn)
1874                 goto unlock;
1875
1876         if (ev->status) {
1877                 mgmt_disconnect_failed(hdev, &conn->dst, conn->type,
1878                                        conn->dst_type, ev->status);
1879                 goto unlock;
1880         }
1881
1882         conn->state = BT_CLOSED;
1883
1884         mgmt_connected = test_and_clear_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags);
1885         mgmt_device_disconnected(hdev, &conn->dst, conn->type, conn->dst_type,
1886                                 reason, mgmt_connected);
1887
1888         if (conn->type == ACL_LINK && conn->flush_key)
1889                 hci_remove_link_key(hdev, &conn->dst);
1890
1891         params = hci_conn_params_lookup(hdev, &conn->dst, conn->dst_type);
1892         if (params) {
1893                 switch (params->auto_connect) {
1894                 case HCI_AUTO_CONN_LINK_LOSS:
1895                         if (ev->reason != HCI_ERROR_CONNECTION_TIMEOUT)
1896                                 break;
1897                         /* Fall through */
1898
1899                 case HCI_AUTO_CONN_ALWAYS:
1900                         hci_pend_le_conn_add(hdev, &conn->dst, conn->dst_type);
1901                         break;
1902
1903                 default:
1904                         break;
1905                 }
1906         }
1907
1908         type = conn->type;
1909
1910         hci_proto_disconn_cfm(conn, ev->reason);
1911         hci_conn_del(conn);
1912
1913         /* Re-enable advertising if necessary, since it might
1914          * have been disabled by the connection. From the
1915          * HCI_LE_Set_Advertise_Enable command description in
1916          * the core specification (v4.0):
1917          * "The Controller shall continue advertising until the Host
1918          * issues an LE_Set_Advertise_Enable command with
1919          * Advertising_Enable set to 0x00 (Advertising is disabled)
1920          * or until a connection is created or until the Advertising
1921          * is timed out due to Directed Advertising."
1922          */
1923         if (type == LE_LINK)
1924                 mgmt_reenable_advertising(hdev);
1925
1926 unlock:
1927         hci_dev_unlock(hdev);
1928 }
1929
1930 static void hci_auth_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1931 {
1932         struct hci_ev_auth_complete *ev = (void *) skb->data;
1933         struct hci_conn *conn;
1934
1935         BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
1936
1937         hci_dev_lock(hdev);
1938
1939         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1940         if (!conn)
1941                 goto unlock;
1942
1943         if (!ev->status) {
1944                 if (!hci_conn_ssp_enabled(conn) &&
1945                     test_bit(HCI_CONN_REAUTH_PEND, &conn->flags)) {
1946                         BT_INFO("re-auth of legacy device is not possible.");
1947                 } else {
1948                         conn->link_mode |= HCI_LM_AUTH;
1949                         conn->sec_level = conn->pending_sec_level;
1950                 }
1951         } else {
1952                 mgmt_auth_failed(hdev, &conn->dst, conn->type, conn->dst_type,
1953                                  ev->status);
1954         }
1955
1956         clear_bit(HCI_CONN_AUTH_PEND, &conn->flags);
1957         clear_bit(HCI_CONN_REAUTH_PEND, &conn->flags);
1958
1959         if (conn->state == BT_CONFIG) {
1960                 if (!ev->status && hci_conn_ssp_enabled(conn)) {
1961                         struct hci_cp_set_conn_encrypt cp;
1962                         cp.handle  = ev->handle;
1963                         cp.encrypt = 0x01;
1964                         hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
1965                                      &cp);
1966                 } else {
1967                         conn->state = BT_CONNECTED;
1968                         hci_proto_connect_cfm(conn, ev->status);
1969                         hci_conn_drop(conn);
1970                 }
1971         } else {
1972                 hci_auth_cfm(conn, ev->status);
1973
1974                 hci_conn_hold(conn);
1975                 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
1976                 hci_conn_drop(conn);
1977         }
1978
1979         if (test_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags)) {
1980                 if (!ev->status) {
1981                         struct hci_cp_set_conn_encrypt cp;
1982                         cp.handle  = ev->handle;
1983                         cp.encrypt = 0x01;
1984                         hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
1985                                      &cp);
1986                 } else {
1987                         clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
1988                         hci_encrypt_cfm(conn, ev->status, 0x00);
1989                 }
1990         }
1991
1992 unlock:
1993         hci_dev_unlock(hdev);
1994 }
1995
1996 static void hci_remote_name_evt(struct hci_dev *hdev, struct sk_buff *skb)
1997 {
1998         struct hci_ev_remote_name *ev = (void *) skb->data;
1999         struct hci_conn *conn;
2000
2001         BT_DBG("%s", hdev->name);
2002
2003         hci_conn_check_pending(hdev);
2004
2005         hci_dev_lock(hdev);
2006
2007         conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2008
2009         if (!test_bit(HCI_MGMT, &hdev->dev_flags))
2010                 goto check_auth;
2011
2012         if (ev->status == 0)
2013                 hci_check_pending_name(hdev, conn, &ev->bdaddr, ev->name,
2014                                        strnlen(ev->name, HCI_MAX_NAME_LENGTH));
2015         else
2016                 hci_check_pending_name(hdev, conn, &ev->bdaddr, NULL, 0);
2017
2018 check_auth:
2019         if (!conn)
2020                 goto unlock;
2021
2022         if (!hci_outgoing_auth_needed(hdev, conn))
2023                 goto unlock;
2024
2025         if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
2026                 struct hci_cp_auth_requested cp;
2027                 cp.handle = __cpu_to_le16(conn->handle);
2028                 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp);
2029         }
2030
2031 unlock:
2032         hci_dev_unlock(hdev);
2033 }
2034
2035 static void hci_encrypt_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2036 {
2037         struct hci_ev_encrypt_change *ev = (void *) skb->data;
2038         struct hci_conn *conn;
2039
2040         BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2041
2042         hci_dev_lock(hdev);
2043
2044         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2045         if (!conn)
2046                 goto unlock;
2047
2048         if (!ev->status) {
2049                 if (ev->encrypt) {
2050                         /* Encryption implies authentication */
2051                         conn->link_mode |= HCI_LM_AUTH;
2052                         conn->link_mode |= HCI_LM_ENCRYPT;
2053                         conn->sec_level = conn->pending_sec_level;
2054
2055                         /* P-256 authentication key implies FIPS */
2056                         if (conn->key_type == HCI_LK_AUTH_COMBINATION_P256)
2057                                 conn->link_mode |= HCI_LM_FIPS;
2058
2059                         if ((conn->type == ACL_LINK && ev->encrypt == 0x02) ||
2060                             conn->type == LE_LINK)
2061                                 set_bit(HCI_CONN_AES_CCM, &conn->flags);
2062                 } else {
2063                         conn->link_mode &= ~HCI_LM_ENCRYPT;
2064                         clear_bit(HCI_CONN_AES_CCM, &conn->flags);
2065                 }
2066         }
2067
2068         clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
2069
2070         if (ev->status && conn->state == BT_CONNECTED) {
2071                 hci_disconnect(conn, HCI_ERROR_AUTH_FAILURE);
2072                 hci_conn_drop(conn);
2073                 goto unlock;
2074         }
2075
2076         if (conn->state == BT_CONFIG) {
2077                 if (!ev->status)
2078                         conn->state = BT_CONNECTED;
2079
2080                 hci_proto_connect_cfm(conn, ev->status);
2081                 hci_conn_drop(conn);
2082         } else
2083                 hci_encrypt_cfm(conn, ev->status, ev->encrypt);
2084
2085 unlock:
2086         hci_dev_unlock(hdev);
2087 }
2088
2089 static void hci_change_link_key_complete_evt(struct hci_dev *hdev,
2090                                              struct sk_buff *skb)
2091 {
2092         struct hci_ev_change_link_key_complete *ev = (void *) skb->data;
2093         struct hci_conn *conn;
2094
2095         BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2096
2097         hci_dev_lock(hdev);
2098
2099         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2100         if (conn) {
2101                 if (!ev->status)
2102                         conn->link_mode |= HCI_LM_SECURE;
2103
2104                 clear_bit(HCI_CONN_AUTH_PEND, &conn->flags);
2105
2106                 hci_key_change_cfm(conn, ev->status);
2107         }
2108
2109         hci_dev_unlock(hdev);
2110 }
2111
2112 static void hci_remote_features_evt(struct hci_dev *hdev,
2113                                     struct sk_buff *skb)
2114 {
2115         struct hci_ev_remote_features *ev = (void *) skb->data;
2116         struct hci_conn *conn;
2117
2118         BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2119
2120         hci_dev_lock(hdev);
2121
2122         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2123         if (!conn)
2124                 goto unlock;
2125
2126         if (!ev->status)
2127                 memcpy(conn->features[0], ev->features, 8);
2128
2129         if (conn->state != BT_CONFIG)
2130                 goto unlock;
2131
2132         if (!ev->status && lmp_ssp_capable(hdev) && lmp_ssp_capable(conn)) {
2133                 struct hci_cp_read_remote_ext_features cp;
2134                 cp.handle = ev->handle;
2135                 cp.page = 0x01;
2136                 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES,
2137                              sizeof(cp), &cp);
2138                 goto unlock;
2139         }
2140
2141         if (!ev->status && !test_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags)) {
2142                 struct hci_cp_remote_name_req cp;
2143                 memset(&cp, 0, sizeof(cp));
2144                 bacpy(&cp.bdaddr, &conn->dst);
2145                 cp.pscan_rep_mode = 0x02;
2146                 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
2147         } else if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
2148                 mgmt_device_connected(hdev, &conn->dst, conn->type,
2149                                       conn->dst_type, 0, NULL, 0,
2150                                       conn->dev_class);
2151
2152         if (!hci_outgoing_auth_needed(hdev, conn)) {
2153                 conn->state = BT_CONNECTED;
2154                 hci_proto_connect_cfm(conn, ev->status);
2155                 hci_conn_drop(conn);
2156         }
2157
2158 unlock:
2159         hci_dev_unlock(hdev);
2160 }
2161
2162 static void hci_cmd_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2163 {
2164         struct hci_ev_cmd_complete *ev = (void *) skb->data;
2165         u8 status = skb->data[sizeof(*ev)];
2166         __u16 opcode;
2167
2168         skb_pull(skb, sizeof(*ev));
2169
2170         opcode = __le16_to_cpu(ev->opcode);
2171
2172         switch (opcode) {
2173         case HCI_OP_INQUIRY_CANCEL:
2174                 hci_cc_inquiry_cancel(hdev, skb);
2175                 break;
2176
2177         case HCI_OP_PERIODIC_INQ:
2178                 hci_cc_periodic_inq(hdev, skb);
2179                 break;
2180
2181         case HCI_OP_EXIT_PERIODIC_INQ:
2182                 hci_cc_exit_periodic_inq(hdev, skb);
2183                 break;
2184
2185         case HCI_OP_REMOTE_NAME_REQ_CANCEL:
2186                 hci_cc_remote_name_req_cancel(hdev, skb);
2187                 break;
2188
2189         case HCI_OP_ROLE_DISCOVERY:
2190                 hci_cc_role_discovery(hdev, skb);
2191                 break;
2192
2193         case HCI_OP_READ_LINK_POLICY:
2194                 hci_cc_read_link_policy(hdev, skb);
2195                 break;
2196
2197         case HCI_OP_WRITE_LINK_POLICY:
2198                 hci_cc_write_link_policy(hdev, skb);
2199                 break;
2200
2201         case HCI_OP_READ_DEF_LINK_POLICY:
2202                 hci_cc_read_def_link_policy(hdev, skb);
2203                 break;
2204
2205         case HCI_OP_WRITE_DEF_LINK_POLICY:
2206                 hci_cc_write_def_link_policy(hdev, skb);
2207                 break;
2208
2209         case HCI_OP_RESET:
2210                 hci_cc_reset(hdev, skb);
2211                 break;
2212
2213         case HCI_OP_WRITE_LOCAL_NAME:
2214                 hci_cc_write_local_name(hdev, skb);
2215                 break;
2216
2217         case HCI_OP_READ_LOCAL_NAME:
2218                 hci_cc_read_local_name(hdev, skb);
2219                 break;
2220
2221         case HCI_OP_WRITE_AUTH_ENABLE:
2222                 hci_cc_write_auth_enable(hdev, skb);
2223                 break;
2224
2225         case HCI_OP_WRITE_ENCRYPT_MODE:
2226                 hci_cc_write_encrypt_mode(hdev, skb);
2227                 break;
2228
2229         case HCI_OP_WRITE_SCAN_ENABLE:
2230                 hci_cc_write_scan_enable(hdev, skb);
2231                 break;
2232
2233         case HCI_OP_READ_CLASS_OF_DEV:
2234                 hci_cc_read_class_of_dev(hdev, skb);
2235                 break;
2236
2237         case HCI_OP_WRITE_CLASS_OF_DEV:
2238                 hci_cc_write_class_of_dev(hdev, skb);
2239                 break;
2240
2241         case HCI_OP_READ_VOICE_SETTING:
2242                 hci_cc_read_voice_setting(hdev, skb);
2243                 break;
2244
2245         case HCI_OP_WRITE_VOICE_SETTING:
2246                 hci_cc_write_voice_setting(hdev, skb);
2247                 break;
2248
2249         case HCI_OP_READ_NUM_SUPPORTED_IAC:
2250                 hci_cc_read_num_supported_iac(hdev, skb);
2251                 break;
2252
2253         case HCI_OP_WRITE_SSP_MODE:
2254                 hci_cc_write_ssp_mode(hdev, skb);
2255                 break;
2256
2257         case HCI_OP_WRITE_SC_SUPPORT:
2258                 hci_cc_write_sc_support(hdev, skb);
2259                 break;
2260
2261         case HCI_OP_READ_LOCAL_VERSION:
2262                 hci_cc_read_local_version(hdev, skb);
2263                 break;
2264
2265         case HCI_OP_READ_LOCAL_COMMANDS:
2266                 hci_cc_read_local_commands(hdev, skb);
2267                 break;
2268
2269         case HCI_OP_READ_LOCAL_FEATURES:
2270                 hci_cc_read_local_features(hdev, skb);
2271                 break;
2272
2273         case HCI_OP_READ_LOCAL_EXT_FEATURES:
2274                 hci_cc_read_local_ext_features(hdev, skb);
2275                 break;
2276
2277         case HCI_OP_READ_BUFFER_SIZE:
2278                 hci_cc_read_buffer_size(hdev, skb);
2279                 break;
2280
2281         case HCI_OP_READ_BD_ADDR:
2282                 hci_cc_read_bd_addr(hdev, skb);
2283                 break;
2284
2285         case HCI_OP_READ_PAGE_SCAN_ACTIVITY:
2286                 hci_cc_read_page_scan_activity(hdev, skb);
2287                 break;
2288
2289         case HCI_OP_WRITE_PAGE_SCAN_ACTIVITY:
2290                 hci_cc_write_page_scan_activity(hdev, skb);
2291                 break;
2292
2293         case HCI_OP_READ_PAGE_SCAN_TYPE:
2294                 hci_cc_read_page_scan_type(hdev, skb);
2295                 break;
2296
2297         case HCI_OP_WRITE_PAGE_SCAN_TYPE:
2298                 hci_cc_write_page_scan_type(hdev, skb);
2299                 break;
2300
2301         case HCI_OP_READ_DATA_BLOCK_SIZE:
2302                 hci_cc_read_data_block_size(hdev, skb);
2303                 break;
2304
2305         case HCI_OP_READ_FLOW_CONTROL_MODE:
2306                 hci_cc_read_flow_control_mode(hdev, skb);
2307                 break;
2308
2309         case HCI_OP_READ_LOCAL_AMP_INFO:
2310                 hci_cc_read_local_amp_info(hdev, skb);
2311                 break;
2312
2313         case HCI_OP_READ_LOCAL_AMP_ASSOC:
2314                 hci_cc_read_local_amp_assoc(hdev, skb);
2315                 break;
2316
2317         case HCI_OP_READ_INQ_RSP_TX_POWER:
2318                 hci_cc_read_inq_rsp_tx_power(hdev, skb);
2319                 break;
2320
2321         case HCI_OP_PIN_CODE_REPLY:
2322                 hci_cc_pin_code_reply(hdev, skb);
2323                 break;
2324
2325         case HCI_OP_PIN_CODE_NEG_REPLY:
2326                 hci_cc_pin_code_neg_reply(hdev, skb);
2327                 break;
2328
2329         case HCI_OP_READ_LOCAL_OOB_DATA:
2330                 hci_cc_read_local_oob_data(hdev, skb);
2331                 break;
2332
2333         case HCI_OP_READ_LOCAL_OOB_EXT_DATA:
2334                 hci_cc_read_local_oob_ext_data(hdev, skb);
2335                 break;
2336
2337         case HCI_OP_LE_READ_BUFFER_SIZE:
2338                 hci_cc_le_read_buffer_size(hdev, skb);
2339                 break;
2340
2341         case HCI_OP_LE_READ_LOCAL_FEATURES:
2342                 hci_cc_le_read_local_features(hdev, skb);
2343                 break;
2344
2345         case HCI_OP_LE_READ_ADV_TX_POWER:
2346                 hci_cc_le_read_adv_tx_power(hdev, skb);
2347                 break;
2348
2349         case HCI_OP_USER_CONFIRM_REPLY:
2350                 hci_cc_user_confirm_reply(hdev, skb);
2351                 break;
2352
2353         case HCI_OP_USER_CONFIRM_NEG_REPLY:
2354                 hci_cc_user_confirm_neg_reply(hdev, skb);
2355                 break;
2356
2357         case HCI_OP_USER_PASSKEY_REPLY:
2358                 hci_cc_user_passkey_reply(hdev, skb);
2359                 break;
2360
2361         case HCI_OP_USER_PASSKEY_NEG_REPLY:
2362                 hci_cc_user_passkey_neg_reply(hdev, skb);
2363                 break;
2364
2365         case HCI_OP_LE_SET_RANDOM_ADDR:
2366                 hci_cc_le_set_random_addr(hdev, skb);
2367                 break;
2368
2369         case HCI_OP_LE_SET_ADV_ENABLE:
2370                 hci_cc_le_set_adv_enable(hdev, skb);
2371                 break;
2372
2373         case HCI_OP_LE_SET_SCAN_ENABLE:
2374                 hci_cc_le_set_scan_enable(hdev, skb);
2375                 break;
2376
2377         case HCI_OP_LE_READ_WHITE_LIST_SIZE:
2378                 hci_cc_le_read_white_list_size(hdev, skb);
2379                 break;
2380
2381         case HCI_OP_LE_READ_SUPPORTED_STATES:
2382                 hci_cc_le_read_supported_states(hdev, skb);
2383                 break;
2384
2385         case HCI_OP_WRITE_LE_HOST_SUPPORTED:
2386                 hci_cc_write_le_host_supported(hdev, skb);
2387                 break;
2388
2389         case HCI_OP_LE_SET_ADV_PARAM:
2390                 hci_cc_set_adv_param(hdev, skb);
2391                 break;
2392
2393         case HCI_OP_WRITE_REMOTE_AMP_ASSOC:
2394                 hci_cc_write_remote_amp_assoc(hdev, skb);
2395                 break;
2396
2397         default:
2398                 BT_DBG("%s opcode 0x%4.4x", hdev->name, opcode);
2399                 break;
2400         }
2401
2402         if (opcode != HCI_OP_NOP)
2403                 del_timer(&hdev->cmd_timer);
2404
2405         hci_req_cmd_complete(hdev, opcode, status);
2406
2407         if (ev->ncmd && !test_bit(HCI_RESET, &hdev->flags)) {
2408                 atomic_set(&hdev->cmd_cnt, 1);
2409                 if (!skb_queue_empty(&hdev->cmd_q))
2410                         queue_work(hdev->workqueue, &hdev->cmd_work);
2411         }
2412 }
2413
2414 static void hci_cmd_status_evt(struct hci_dev *hdev, struct sk_buff *skb)
2415 {
2416         struct hci_ev_cmd_status *ev = (void *) skb->data;
2417         __u16 opcode;
2418
2419         skb_pull(skb, sizeof(*ev));
2420
2421         opcode = __le16_to_cpu(ev->opcode);
2422
2423         switch (opcode) {
2424         case HCI_OP_INQUIRY:
2425                 hci_cs_inquiry(hdev, ev->status);
2426                 break;
2427
2428         case HCI_OP_CREATE_CONN:
2429                 hci_cs_create_conn(hdev, ev->status);
2430                 break;
2431
2432         case HCI_OP_ADD_SCO:
2433                 hci_cs_add_sco(hdev, ev->status);
2434                 break;
2435
2436         case HCI_OP_AUTH_REQUESTED:
2437                 hci_cs_auth_requested(hdev, ev->status);
2438                 break;
2439
2440         case HCI_OP_SET_CONN_ENCRYPT:
2441                 hci_cs_set_conn_encrypt(hdev, ev->status);
2442                 break;
2443
2444         case HCI_OP_REMOTE_NAME_REQ:
2445                 hci_cs_remote_name_req(hdev, ev->status);
2446                 break;
2447
2448         case HCI_OP_READ_REMOTE_FEATURES:
2449                 hci_cs_read_remote_features(hdev, ev->status);
2450                 break;
2451
2452         case HCI_OP_READ_REMOTE_EXT_FEATURES:
2453                 hci_cs_read_remote_ext_features(hdev, ev->status);
2454                 break;
2455
2456         case HCI_OP_SETUP_SYNC_CONN:
2457                 hci_cs_setup_sync_conn(hdev, ev->status);
2458                 break;
2459
2460         case HCI_OP_SNIFF_MODE:
2461                 hci_cs_sniff_mode(hdev, ev->status);
2462                 break;
2463
2464         case HCI_OP_EXIT_SNIFF_MODE:
2465                 hci_cs_exit_sniff_mode(hdev, ev->status);
2466                 break;
2467
2468         case HCI_OP_DISCONNECT:
2469                 hci_cs_disconnect(hdev, ev->status);
2470                 break;
2471
2472         case HCI_OP_CREATE_PHY_LINK:
2473                 hci_cs_create_phylink(hdev, ev->status);
2474                 break;
2475
2476         case HCI_OP_ACCEPT_PHY_LINK:
2477                 hci_cs_accept_phylink(hdev, ev->status);
2478                 break;
2479
2480         default:
2481                 BT_DBG("%s opcode 0x%4.4x", hdev->name, opcode);
2482                 break;
2483         }
2484
2485         if (opcode != HCI_OP_NOP)
2486                 del_timer(&hdev->cmd_timer);
2487
2488         if (ev->status ||
2489             (hdev->sent_cmd && !bt_cb(hdev->sent_cmd)->req.event))
2490                 hci_req_cmd_complete(hdev, opcode, ev->status);
2491
2492         if (ev->ncmd && !test_bit(HCI_RESET, &hdev->flags)) {
2493                 atomic_set(&hdev->cmd_cnt, 1);
2494                 if (!skb_queue_empty(&hdev->cmd_q))
2495                         queue_work(hdev->workqueue, &hdev->cmd_work);
2496         }
2497 }
2498
2499 static void hci_role_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2500 {
2501         struct hci_ev_role_change *ev = (void *) skb->data;
2502         struct hci_conn *conn;
2503
2504         BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2505
2506         hci_dev_lock(hdev);
2507
2508         conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2509         if (conn) {
2510                 if (!ev->status) {
2511                         if (ev->role)
2512                                 conn->link_mode &= ~HCI_LM_MASTER;
2513                         else
2514                                 conn->link_mode |= HCI_LM_MASTER;
2515                 }
2516
2517                 clear_bit(HCI_CONN_RSWITCH_PEND, &conn->flags);
2518
2519                 hci_role_switch_cfm(conn, ev->status, ev->role);
2520         }
2521
2522         hci_dev_unlock(hdev);
2523 }
2524
2525 static void hci_num_comp_pkts_evt(struct hci_dev *hdev, struct sk_buff *skb)
2526 {
2527         struct hci_ev_num_comp_pkts *ev = (void *) skb->data;
2528         int i;
2529
2530         if (hdev->flow_ctl_mode != HCI_FLOW_CTL_MODE_PACKET_BASED) {
2531                 BT_ERR("Wrong event for mode %d", hdev->flow_ctl_mode);
2532                 return;
2533         }
2534
2535         if (skb->len < sizeof(*ev) || skb->len < sizeof(*ev) +
2536             ev->num_hndl * sizeof(struct hci_comp_pkts_info)) {
2537                 BT_DBG("%s bad parameters", hdev->name);
2538                 return;
2539         }
2540
2541         BT_DBG("%s num_hndl %d", hdev->name, ev->num_hndl);
2542
2543         for (i = 0; i < ev->num_hndl; i++) {
2544                 struct hci_comp_pkts_info *info = &ev->handles[i];
2545                 struct hci_conn *conn;
2546                 __u16  handle, count;
2547
2548                 handle = __le16_to_cpu(info->handle);
2549                 count  = __le16_to_cpu(info->count);
2550
2551                 conn = hci_conn_hash_lookup_handle(hdev, handle);
2552                 if (!conn)
2553                         continue;
2554
2555                 conn->sent -= count;
2556
2557                 switch (conn->type) {
2558                 case ACL_LINK:
2559                         hdev->acl_cnt += count;
2560                         if (hdev->acl_cnt > hdev->acl_pkts)
2561                                 hdev->acl_cnt = hdev->acl_pkts;
2562                         break;
2563
2564                 case LE_LINK:
2565                         if (hdev->le_pkts) {
2566                                 hdev->le_cnt += count;
2567                                 if (hdev->le_cnt > hdev->le_pkts)
2568                                         hdev->le_cnt = hdev->le_pkts;
2569                         } else {
2570                                 hdev->acl_cnt += count;
2571                                 if (hdev->acl_cnt > hdev->acl_pkts)
2572                                         hdev->acl_cnt = hdev->acl_pkts;
2573                         }
2574                         break;
2575
2576                 case SCO_LINK:
2577                         hdev->sco_cnt += count;
2578                         if (hdev->sco_cnt > hdev->sco_pkts)
2579                                 hdev->sco_cnt = hdev->sco_pkts;
2580                         break;
2581
2582                 default:
2583                         BT_ERR("Unknown type %d conn %p", conn->type, conn);
2584                         break;
2585                 }
2586         }
2587
2588         queue_work(hdev->workqueue, &hdev->tx_work);
2589 }
2590
2591 static struct hci_conn *__hci_conn_lookup_handle(struct hci_dev *hdev,
2592                                                  __u16 handle)
2593 {
2594         struct hci_chan *chan;
2595
2596         switch (hdev->dev_type) {
2597         case HCI_BREDR:
2598                 return hci_conn_hash_lookup_handle(hdev, handle);
2599         case HCI_AMP:
2600                 chan = hci_chan_lookup_handle(hdev, handle);
2601                 if (chan)
2602                         return chan->conn;
2603                 break;
2604         default:
2605                 BT_ERR("%s unknown dev_type %d", hdev->name, hdev->dev_type);
2606                 break;
2607         }
2608
2609         return NULL;
2610 }
2611
2612 static void hci_num_comp_blocks_evt(struct hci_dev *hdev, struct sk_buff *skb)
2613 {
2614         struct hci_ev_num_comp_blocks *ev = (void *) skb->data;
2615         int i;
2616
2617         if (hdev->flow_ctl_mode != HCI_FLOW_CTL_MODE_BLOCK_BASED) {
2618                 BT_ERR("Wrong event for mode %d", hdev->flow_ctl_mode);
2619                 return;
2620         }
2621
2622         if (skb->len < sizeof(*ev) || skb->len < sizeof(*ev) +
2623             ev->num_hndl * sizeof(struct hci_comp_blocks_info)) {
2624                 BT_DBG("%s bad parameters", hdev->name);
2625                 return;
2626         }
2627
2628         BT_DBG("%s num_blocks %d num_hndl %d", hdev->name, ev->num_blocks,
2629                ev->num_hndl);
2630
2631         for (i = 0; i < ev->num_hndl; i++) {
2632                 struct hci_comp_blocks_info *info = &ev->handles[i];
2633                 struct hci_conn *conn = NULL;
2634                 __u16  handle, block_count;
2635
2636                 handle = __le16_to_cpu(info->handle);
2637                 block_count = __le16_to_cpu(info->blocks);
2638
2639                 conn = __hci_conn_lookup_handle(hdev, handle);
2640                 if (!conn)
2641                         continue;
2642
2643                 conn->sent -= block_count;
2644
2645                 switch (conn->type) {
2646                 case ACL_LINK:
2647                 case AMP_LINK:
2648                         hdev->block_cnt += block_count;
2649                         if (hdev->block_cnt > hdev->num_blocks)
2650                                 hdev->block_cnt = hdev->num_blocks;
2651                         break;
2652
2653                 default:
2654                         BT_ERR("Unknown type %d conn %p", conn->type, conn);
2655                         break;
2656                 }
2657         }
2658
2659         queue_work(hdev->workqueue, &hdev->tx_work);
2660 }
2661
2662 static void hci_mode_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2663 {
2664         struct hci_ev_mode_change *ev = (void *) skb->data;
2665         struct hci_conn *conn;
2666
2667         BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2668
2669         hci_dev_lock(hdev);
2670
2671         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2672         if (conn) {
2673                 conn->mode = ev->mode;
2674
2675                 if (!test_and_clear_bit(HCI_CONN_MODE_CHANGE_PEND,
2676                                         &conn->flags)) {
2677                         if (conn->mode == HCI_CM_ACTIVE)
2678                                 set_bit(HCI_CONN_POWER_SAVE, &conn->flags);
2679                         else
2680                                 clear_bit(HCI_CONN_POWER_SAVE, &conn->flags);
2681                 }
2682
2683                 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
2684                         hci_sco_setup(conn, ev->status);
2685         }
2686
2687         hci_dev_unlock(hdev);
2688 }
2689
2690 static void hci_pin_code_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
2691 {
2692         struct hci_ev_pin_code_req *ev = (void *) skb->data;
2693         struct hci_conn *conn;
2694
2695         BT_DBG("%s", hdev->name);
2696
2697         hci_dev_lock(hdev);
2698
2699         conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2700         if (!conn)
2701                 goto unlock;
2702
2703         if (conn->state == BT_CONNECTED) {
2704                 hci_conn_hold(conn);
2705                 conn->disc_timeout = HCI_PAIRING_TIMEOUT;
2706                 hci_conn_drop(conn);
2707         }
2708
2709         if (!test_bit(HCI_PAIRABLE, &hdev->dev_flags))
2710                 hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
2711                              sizeof(ev->bdaddr), &ev->bdaddr);
2712         else if (test_bit(HCI_MGMT, &hdev->dev_flags)) {
2713                 u8 secure;
2714
2715                 if (conn->pending_sec_level == BT_SECURITY_HIGH)
2716                         secure = 1;
2717                 else
2718                         secure = 0;
2719
2720                 mgmt_pin_code_request(hdev, &ev->bdaddr, secure);
2721         }
2722
2723 unlock:
2724         hci_dev_unlock(hdev);
2725 }
2726
2727 static void hci_link_key_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
2728 {
2729         struct hci_ev_link_key_req *ev = (void *) skb->data;
2730         struct hci_cp_link_key_reply cp;
2731         struct hci_conn *conn;
2732         struct link_key *key;
2733
2734         BT_DBG("%s", hdev->name);
2735
2736         if (!test_bit(HCI_MGMT, &hdev->dev_flags))
2737                 return;
2738
2739         hci_dev_lock(hdev);
2740
2741         key = hci_find_link_key(hdev, &ev->bdaddr);
2742         if (!key) {
2743                 BT_DBG("%s link key not found for %pMR", hdev->name,
2744                        &ev->bdaddr);
2745                 goto not_found;
2746         }
2747
2748         BT_DBG("%s found key type %u for %pMR", hdev->name, key->type,
2749                &ev->bdaddr);
2750
2751         if (!test_bit(HCI_DEBUG_KEYS, &hdev->dev_flags) &&
2752             key->type == HCI_LK_DEBUG_COMBINATION) {
2753                 BT_DBG("%s ignoring debug key", hdev->name);
2754                 goto not_found;
2755         }
2756
2757         conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2758         if (conn) {
2759                 if ((key->type == HCI_LK_UNAUTH_COMBINATION_P192 ||
2760                      key->type == HCI_LK_UNAUTH_COMBINATION_P256) &&
2761                     conn->auth_type != 0xff && (conn->auth_type & 0x01)) {
2762                         BT_DBG("%s ignoring unauthenticated key", hdev->name);
2763                         goto not_found;
2764                 }
2765
2766                 if (key->type == HCI_LK_COMBINATION && key->pin_len < 16 &&
2767                     conn->pending_sec_level == BT_SECURITY_HIGH) {
2768                         BT_DBG("%s ignoring key unauthenticated for high security",
2769                                hdev->name);
2770                         goto not_found;
2771                 }
2772
2773                 conn->key_type = key->type;
2774                 conn->pin_length = key->pin_len;
2775         }
2776
2777         bacpy(&cp.bdaddr, &ev->bdaddr);
2778         memcpy(cp.link_key, key->val, HCI_LINK_KEY_SIZE);
2779
2780         hci_send_cmd(hdev, HCI_OP_LINK_KEY_REPLY, sizeof(cp), &cp);
2781
2782         hci_dev_unlock(hdev);
2783
2784         return;
2785
2786 not_found:
2787         hci_send_cmd(hdev, HCI_OP_LINK_KEY_NEG_REPLY, 6, &ev->bdaddr);
2788         hci_dev_unlock(hdev);
2789 }
2790
2791 static void hci_link_key_notify_evt(struct hci_dev *hdev, struct sk_buff *skb)
2792 {
2793         struct hci_ev_link_key_notify *ev = (void *) skb->data;
2794         struct hci_conn *conn;
2795         u8 pin_len = 0;
2796
2797         BT_DBG("%s", hdev->name);
2798
2799         hci_dev_lock(hdev);
2800
2801         conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2802         if (conn) {
2803                 hci_conn_hold(conn);
2804                 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
2805                 pin_len = conn->pin_length;
2806
2807                 if (ev->key_type != HCI_LK_CHANGED_COMBINATION)
2808                         conn->key_type = ev->key_type;
2809
2810                 hci_conn_drop(conn);
2811         }
2812
2813         if (test_bit(HCI_MGMT, &hdev->dev_flags))
2814                 hci_add_link_key(hdev, conn, 1, &ev->bdaddr, ev->link_key,
2815                                  ev->key_type, pin_len);
2816
2817         hci_dev_unlock(hdev);
2818 }
2819
2820 static void hci_clock_offset_evt(struct hci_dev *hdev, struct sk_buff *skb)
2821 {
2822         struct hci_ev_clock_offset *ev = (void *) skb->data;
2823         struct hci_conn *conn;
2824
2825         BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2826
2827         hci_dev_lock(hdev);
2828
2829         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2830         if (conn && !ev->status) {
2831                 struct inquiry_entry *ie;
2832
2833                 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
2834                 if (ie) {
2835                         ie->data.clock_offset = ev->clock_offset;
2836                         ie->timestamp = jiffies;
2837                 }
2838         }
2839
2840         hci_dev_unlock(hdev);
2841 }
2842
2843 static void hci_pkt_type_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2844 {
2845         struct hci_ev_pkt_type_change *ev = (void *) skb->data;
2846         struct hci_conn *conn;
2847
2848         BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2849
2850         hci_dev_lock(hdev);
2851
2852         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2853         if (conn && !ev->status)
2854                 conn->pkt_type = __le16_to_cpu(ev->pkt_type);
2855
2856         hci_dev_unlock(hdev);
2857 }
2858
2859 static void hci_pscan_rep_mode_evt(struct hci_dev *hdev, struct sk_buff *skb)
2860 {
2861         struct hci_ev_pscan_rep_mode *ev = (void *) skb->data;
2862         struct inquiry_entry *ie;
2863
2864         BT_DBG("%s", hdev->name);
2865
2866         hci_dev_lock(hdev);
2867
2868         ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
2869         if (ie) {
2870                 ie->data.pscan_rep_mode = ev->pscan_rep_mode;
2871                 ie->timestamp = jiffies;
2872         }
2873
2874         hci_dev_unlock(hdev);
2875 }
2876
2877 static void hci_inquiry_result_with_rssi_evt(struct hci_dev *hdev,
2878                                              struct sk_buff *skb)
2879 {
2880         struct inquiry_data data;
2881         int num_rsp = *((__u8 *) skb->data);
2882         bool name_known, ssp;
2883
2884         BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
2885
2886         if (!num_rsp)
2887                 return;
2888
2889         if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags))
2890                 return;
2891
2892         hci_dev_lock(hdev);
2893
2894         if ((skb->len - 1) / num_rsp != sizeof(struct inquiry_info_with_rssi)) {
2895                 struct inquiry_info_with_rssi_and_pscan_mode *info;
2896                 info = (void *) (skb->data + 1);
2897
2898                 for (; num_rsp; num_rsp--, info++) {
2899                         bacpy(&data.bdaddr, &info->bdaddr);
2900                         data.pscan_rep_mode     = info->pscan_rep_mode;
2901                         data.pscan_period_mode  = info->pscan_period_mode;
2902                         data.pscan_mode         = info->pscan_mode;
2903                         memcpy(data.dev_class, info->dev_class, 3);
2904                         data.clock_offset       = info->clock_offset;
2905                         data.rssi               = info->rssi;
2906                         data.ssp_mode           = 0x00;
2907
2908                         name_known = hci_inquiry_cache_update(hdev, &data,
2909                                                               false, &ssp);
2910                         mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
2911                                           info->dev_class, info->rssi,
2912                                           !name_known, ssp, NULL, 0);
2913                 }
2914         } else {
2915                 struct inquiry_info_with_rssi *info = (void *) (skb->data + 1);
2916
2917                 for (; num_rsp; num_rsp--, info++) {
2918                         bacpy(&data.bdaddr, &info->bdaddr);
2919                         data.pscan_rep_mode     = info->pscan_rep_mode;
2920                         data.pscan_period_mode  = info->pscan_period_mode;
2921                         data.pscan_mode         = 0x00;
2922                         memcpy(data.dev_class, info->dev_class, 3);
2923                         data.clock_offset       = info->clock_offset;
2924                         data.rssi               = info->rssi;
2925                         data.ssp_mode           = 0x00;
2926                         name_known = hci_inquiry_cache_update(hdev, &data,
2927                                                               false, &ssp);
2928                         mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
2929                                           info->dev_class, info->rssi,
2930                                           !name_known, ssp, NULL, 0);
2931                 }
2932         }
2933
2934         hci_dev_unlock(hdev);
2935 }
2936
2937 static void hci_remote_ext_features_evt(struct hci_dev *hdev,
2938                                         struct sk_buff *skb)
2939 {
2940         struct hci_ev_remote_ext_features *ev = (void *) skb->data;
2941         struct hci_conn *conn;
2942
2943         BT_DBG("%s", hdev->name);
2944
2945         hci_dev_lock(hdev);
2946
2947         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2948         if (!conn)
2949                 goto unlock;
2950
2951         if (ev->page < HCI_MAX_PAGES)
2952                 memcpy(conn->features[ev->page], ev->features, 8);
2953
2954         if (!ev->status && ev->page == 0x01) {
2955                 struct inquiry_entry *ie;
2956
2957                 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
2958                 if (ie)
2959                         ie->data.ssp_mode = (ev->features[0] & LMP_HOST_SSP);
2960
2961                 if (ev->features[0] & LMP_HOST_SSP) {
2962                         set_bit(HCI_CONN_SSP_ENABLED, &conn->flags);
2963                 } else {
2964                         /* It is mandatory by the Bluetooth specification that
2965                          * Extended Inquiry Results are only used when Secure
2966                          * Simple Pairing is enabled, but some devices violate
2967                          * this.
2968                          *
2969                          * To make these devices work, the internal SSP
2970                          * enabled flag needs to be cleared if the remote host
2971                          * features do not indicate SSP support */
2972                         clear_bit(HCI_CONN_SSP_ENABLED, &conn->flags);
2973                 }
2974
2975                 if (ev->features[0] & LMP_HOST_SC)
2976                         set_bit(HCI_CONN_SC_ENABLED, &conn->flags);
2977         }
2978
2979         if (conn->state != BT_CONFIG)
2980                 goto unlock;
2981
2982         if (!ev->status && !test_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags)) {
2983                 struct hci_cp_remote_name_req cp;
2984                 memset(&cp, 0, sizeof(cp));
2985                 bacpy(&cp.bdaddr, &conn->dst);
2986                 cp.pscan_rep_mode = 0x02;
2987                 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
2988         } else if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
2989                 mgmt_device_connected(hdev, &conn->dst, conn->type,
2990                                       conn->dst_type, 0, NULL, 0,
2991                                       conn->dev_class);
2992
2993         if (!hci_outgoing_auth_needed(hdev, conn)) {
2994                 conn->state = BT_CONNECTED;
2995                 hci_proto_connect_cfm(conn, ev->status);
2996                 hci_conn_drop(conn);
2997         }
2998
2999 unlock:
3000         hci_dev_unlock(hdev);
3001 }
3002
3003 static void hci_sync_conn_complete_evt(struct hci_dev *hdev,
3004                                        struct sk_buff *skb)
3005 {
3006         struct hci_ev_sync_conn_complete *ev = (void *) skb->data;
3007         struct hci_conn *conn;
3008
3009         BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
3010
3011         hci_dev_lock(hdev);
3012
3013         conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
3014         if (!conn) {
3015                 if (ev->link_type == ESCO_LINK)
3016                         goto unlock;
3017
3018                 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
3019                 if (!conn)
3020                         goto unlock;
3021
3022                 conn->type = SCO_LINK;
3023         }
3024
3025         switch (ev->status) {
3026         case 0x00:
3027                 conn->handle = __le16_to_cpu(ev->handle);
3028                 conn->state  = BT_CONNECTED;
3029
3030                 hci_conn_add_sysfs(conn);
3031                 break;
3032
3033         case 0x0d:      /* Connection Rejected due to Limited Resources */
3034         case 0x11:      /* Unsupported Feature or Parameter Value */
3035         case 0x1c:      /* SCO interval rejected */
3036         case 0x1a:      /* Unsupported Remote Feature */
3037         case 0x1f:      /* Unspecified error */
3038                 if (conn->out) {
3039                         conn->pkt_type = (hdev->esco_type & SCO_ESCO_MASK) |
3040                                         (hdev->esco_type & EDR_ESCO_MASK);
3041                         if (hci_setup_sync(conn, conn->link->handle))
3042                                 goto unlock;
3043                 }
3044                 /* fall through */
3045
3046         default:
3047                 conn->state = BT_CLOSED;
3048                 break;
3049         }
3050
3051         hci_proto_connect_cfm(conn, ev->status);
3052         if (ev->status)
3053                 hci_conn_del(conn);
3054
3055 unlock:
3056         hci_dev_unlock(hdev);
3057 }
3058
3059 static inline size_t eir_get_length(u8 *eir, size_t eir_len)
3060 {
3061         size_t parsed = 0;
3062
3063         while (parsed < eir_len) {
3064                 u8 field_len = eir[0];
3065
3066                 if (field_len == 0)
3067                         return parsed;
3068
3069                 parsed += field_len + 1;
3070                 eir += field_len + 1;
3071         }
3072
3073         return eir_len;
3074 }
3075
3076 static void hci_extended_inquiry_result_evt(struct hci_dev *hdev,
3077                                             struct sk_buff *skb)
3078 {
3079         struct inquiry_data data;
3080         struct extended_inquiry_info *info = (void *) (skb->data + 1);
3081         int num_rsp = *((__u8 *) skb->data);
3082         size_t eir_len;
3083
3084         BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
3085
3086         if (!num_rsp)
3087                 return;
3088
3089         if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags))
3090                 return;
3091
3092         hci_dev_lock(hdev);
3093
3094         for (; num_rsp; num_rsp--, info++) {
3095                 bool name_known, ssp;
3096
3097                 bacpy(&data.bdaddr, &info->bdaddr);
3098                 data.pscan_rep_mode     = info->pscan_rep_mode;
3099                 data.pscan_period_mode  = info->pscan_period_mode;
3100                 data.pscan_mode         = 0x00;
3101                 memcpy(data.dev_class, info->dev_class, 3);
3102                 data.clock_offset       = info->clock_offset;
3103                 data.rssi               = info->rssi;
3104                 data.ssp_mode           = 0x01;
3105
3106                 if (test_bit(HCI_MGMT, &hdev->dev_flags))
3107                         name_known = eir_has_data_type(info->data,
3108                                                        sizeof(info->data),
3109                                                        EIR_NAME_COMPLETE);
3110                 else
3111                         name_known = true;
3112
3113                 name_known = hci_inquiry_cache_update(hdev, &data, name_known,
3114                                                       &ssp);
3115                 eir_len = eir_get_length(info->data, sizeof(info->data));
3116                 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
3117                                   info->dev_class, info->rssi, !name_known,
3118                                   ssp, info->data, eir_len);
3119         }
3120
3121         hci_dev_unlock(hdev);
3122 }
3123
3124 static void hci_key_refresh_complete_evt(struct hci_dev *hdev,
3125                                          struct sk_buff *skb)
3126 {
3127         struct hci_ev_key_refresh_complete *ev = (void *) skb->data;
3128         struct hci_conn *conn;
3129
3130         BT_DBG("%s status 0x%2.2x handle 0x%4.4x", hdev->name, ev->status,
3131                __le16_to_cpu(ev->handle));
3132
3133         hci_dev_lock(hdev);
3134
3135         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
3136         if (!conn)
3137                 goto unlock;
3138
3139         if (!ev->status)
3140                 conn->sec_level = conn->pending_sec_level;
3141
3142         clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
3143
3144         if (ev->status && conn->state == BT_CONNECTED) {
3145                 hci_disconnect(conn, HCI_ERROR_AUTH_FAILURE);
3146                 hci_conn_drop(conn);
3147                 goto unlock;
3148         }
3149
3150         if (conn->state == BT_CONFIG) {
3151                 if (!ev->status)
3152                         conn->state = BT_CONNECTED;
3153
3154                 hci_proto_connect_cfm(conn, ev->status);
3155                 hci_conn_drop(conn);
3156         } else {
3157                 hci_auth_cfm(conn, ev->status);
3158
3159                 hci_conn_hold(conn);
3160                 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
3161                 hci_conn_drop(conn);
3162         }
3163
3164 unlock:
3165         hci_dev_unlock(hdev);
3166 }
3167
3168 static u8 hci_get_auth_req(struct hci_conn *conn)
3169 {
3170         /* If remote requests dedicated bonding follow that lead */
3171         if (conn->remote_auth == HCI_AT_DEDICATED_BONDING ||
3172             conn->remote_auth == HCI_AT_DEDICATED_BONDING_MITM) {
3173                 /* If both remote and local IO capabilities allow MITM
3174                  * protection then require it, otherwise don't */
3175                 if (conn->remote_cap == HCI_IO_NO_INPUT_OUTPUT ||
3176                     conn->io_capability == HCI_IO_NO_INPUT_OUTPUT)
3177                         return HCI_AT_DEDICATED_BONDING;
3178                 else
3179                         return HCI_AT_DEDICATED_BONDING_MITM;
3180         }
3181
3182         /* If remote requests no-bonding follow that lead */
3183         if (conn->remote_auth == HCI_AT_NO_BONDING ||
3184             conn->remote_auth == HCI_AT_NO_BONDING_MITM)
3185                 return conn->remote_auth | (conn->auth_type & 0x01);
3186
3187         return conn->auth_type;
3188 }
3189
3190 static void hci_io_capa_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
3191 {
3192         struct hci_ev_io_capa_request *ev = (void *) skb->data;
3193         struct hci_conn *conn;
3194
3195         BT_DBG("%s", hdev->name);
3196
3197         hci_dev_lock(hdev);
3198
3199         conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3200         if (!conn)
3201                 goto unlock;
3202
3203         hci_conn_hold(conn);
3204
3205         if (!test_bit(HCI_MGMT, &hdev->dev_flags))
3206                 goto unlock;
3207
3208         if (test_bit(HCI_PAIRABLE, &hdev->dev_flags) ||
3209             (conn->remote_auth & ~0x01) == HCI_AT_NO_BONDING) {
3210                 struct hci_cp_io_capability_reply cp;
3211
3212                 bacpy(&cp.bdaddr, &ev->bdaddr);
3213                 /* Change the IO capability from KeyboardDisplay
3214                  * to DisplayYesNo as it is not supported by BT spec. */
3215                 cp.capability = (conn->io_capability == 0x04) ?
3216                                 HCI_IO_DISPLAY_YESNO : conn->io_capability;
3217                 conn->auth_type = hci_get_auth_req(conn);
3218                 cp.authentication = conn->auth_type;
3219
3220                 if (hci_find_remote_oob_data(hdev, &conn->dst) &&
3221                     (conn->out || test_bit(HCI_CONN_REMOTE_OOB, &conn->flags)))
3222                         cp.oob_data = 0x01;
3223                 else
3224                         cp.oob_data = 0x00;
3225
3226                 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_REPLY,
3227                              sizeof(cp), &cp);
3228         } else {
3229                 struct hci_cp_io_capability_neg_reply cp;
3230
3231                 bacpy(&cp.bdaddr, &ev->bdaddr);
3232                 cp.reason = HCI_ERROR_PAIRING_NOT_ALLOWED;
3233
3234                 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_NEG_REPLY,
3235                              sizeof(cp), &cp);
3236         }
3237
3238 unlock:
3239         hci_dev_unlock(hdev);
3240 }
3241
3242 static void hci_io_capa_reply_evt(struct hci_dev *hdev, struct sk_buff *skb)
3243 {
3244         struct hci_ev_io_capa_reply *ev = (void *) skb->data;
3245         struct hci_conn *conn;
3246
3247         BT_DBG("%s", hdev->name);
3248
3249         hci_dev_lock(hdev);
3250
3251         conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3252         if (!conn)
3253                 goto unlock;
3254
3255         conn->remote_cap = ev->capability;
3256         conn->remote_auth = ev->authentication;
3257         if (ev->oob_data)
3258                 set_bit(HCI_CONN_REMOTE_OOB, &conn->flags);
3259
3260 unlock:
3261         hci_dev_unlock(hdev);
3262 }
3263
3264 static void hci_user_confirm_request_evt(struct hci_dev *hdev,
3265                                          struct sk_buff *skb)
3266 {
3267         struct hci_ev_user_confirm_req *ev = (void *) skb->data;
3268         int loc_mitm, rem_mitm, confirm_hint = 0;
3269         struct hci_conn *conn;
3270
3271         BT_DBG("%s", hdev->name);
3272
3273         hci_dev_lock(hdev);
3274
3275         if (!test_bit(HCI_MGMT, &hdev->dev_flags))
3276                 goto unlock;
3277
3278         conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3279         if (!conn)
3280                 goto unlock;
3281
3282         loc_mitm = (conn->auth_type & 0x01);
3283         rem_mitm = (conn->remote_auth & 0x01);
3284
3285         /* If we require MITM but the remote device can't provide that
3286          * (it has NoInputNoOutput) then reject the confirmation
3287          * request. The only exception is when we're dedicated bonding
3288          * initiators (connect_cfm_cb set) since then we always have the MITM
3289          * bit set. */
3290         if (!conn->connect_cfm_cb && loc_mitm &&
3291             conn->remote_cap == HCI_IO_NO_INPUT_OUTPUT) {
3292                 BT_DBG("Rejecting request: remote device can't provide MITM");
3293                 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_NEG_REPLY,
3294                              sizeof(ev->bdaddr), &ev->bdaddr);
3295                 goto unlock;
3296         }
3297
3298         /* If no side requires MITM protection; auto-accept */
3299         if ((!loc_mitm || conn->remote_cap == HCI_IO_NO_INPUT_OUTPUT) &&
3300             (!rem_mitm || conn->io_capability == HCI_IO_NO_INPUT_OUTPUT)) {
3301
3302                 /* If we're not the initiators request authorization to
3303                  * proceed from user space (mgmt_user_confirm with
3304                  * confirm_hint set to 1). */
3305                 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
3306                         BT_DBG("Confirming auto-accept as acceptor");
3307                         confirm_hint = 1;
3308                         goto confirm;
3309                 }
3310
3311                 BT_DBG("Auto-accept of user confirmation with %ums delay",
3312                        hdev->auto_accept_delay);
3313
3314                 if (hdev->auto_accept_delay > 0) {
3315                         int delay = msecs_to_jiffies(hdev->auto_accept_delay);
3316                         queue_delayed_work(conn->hdev->workqueue,
3317                                            &conn->auto_accept_work, delay);
3318                         goto unlock;
3319                 }
3320
3321                 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_REPLY,
3322                              sizeof(ev->bdaddr), &ev->bdaddr);
3323                 goto unlock;
3324         }
3325
3326 confirm:
3327         mgmt_user_confirm_request(hdev, &ev->bdaddr, ACL_LINK, 0, ev->passkey,
3328                                   confirm_hint);
3329
3330 unlock:
3331         hci_dev_unlock(hdev);
3332 }
3333
3334 static void hci_user_passkey_request_evt(struct hci_dev *hdev,
3335                                          struct sk_buff *skb)
3336 {
3337         struct hci_ev_user_passkey_req *ev = (void *) skb->data;
3338
3339         BT_DBG("%s", hdev->name);
3340
3341         if (test_bit(HCI_MGMT, &hdev->dev_flags))
3342                 mgmt_user_passkey_request(hdev, &ev->bdaddr, ACL_LINK, 0);
3343 }
3344
3345 static void hci_user_passkey_notify_evt(struct hci_dev *hdev,
3346                                         struct sk_buff *skb)
3347 {
3348         struct hci_ev_user_passkey_notify *ev = (void *) skb->data;
3349         struct hci_conn *conn;
3350
3351         BT_DBG("%s", hdev->name);
3352
3353         conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3354         if (!conn)
3355                 return;
3356
3357         conn->passkey_notify = __le32_to_cpu(ev->passkey);
3358         conn->passkey_entered = 0;
3359
3360         if (test_bit(HCI_MGMT, &hdev->dev_flags))
3361                 mgmt_user_passkey_notify(hdev, &conn->dst, conn->type,
3362                                          conn->dst_type, conn->passkey_notify,
3363                                          conn->passkey_entered);
3364 }
3365
3366 static void hci_keypress_notify_evt(struct hci_dev *hdev, struct sk_buff *skb)
3367 {
3368         struct hci_ev_keypress_notify *ev = (void *) skb->data;
3369         struct hci_conn *conn;
3370
3371         BT_DBG("%s", hdev->name);
3372
3373         conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3374         if (!conn)
3375                 return;
3376
3377         switch (ev->type) {
3378         case HCI_KEYPRESS_STARTED:
3379                 conn->passkey_entered = 0;
3380                 return;
3381
3382         case HCI_KEYPRESS_ENTERED:
3383                 conn->passkey_entered++;
3384                 break;
3385
3386         case HCI_KEYPRESS_ERASED:
3387                 conn->passkey_entered--;
3388                 break;
3389
3390         case HCI_KEYPRESS_CLEARED:
3391                 conn->passkey_entered = 0;
3392                 break;
3393
3394         case HCI_KEYPRESS_COMPLETED:
3395                 return;
3396         }
3397
3398         if (test_bit(HCI_MGMT, &hdev->dev_flags))
3399                 mgmt_user_passkey_notify(hdev, &conn->dst, conn->type,
3400                                          conn->dst_type, conn->passkey_notify,
3401                                          conn->passkey_entered);
3402 }
3403
3404 static void hci_simple_pair_complete_evt(struct hci_dev *hdev,
3405                                          struct sk_buff *skb)
3406 {
3407         struct hci_ev_simple_pair_complete *ev = (void *) skb->data;
3408         struct hci_conn *conn;
3409
3410         BT_DBG("%s", hdev->name);
3411
3412         hci_dev_lock(hdev);
3413
3414         conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3415         if (!conn)
3416                 goto unlock;
3417
3418         /* To avoid duplicate auth_failed events to user space we check
3419          * the HCI_CONN_AUTH_PEND flag which will be set if we
3420          * initiated the authentication. A traditional auth_complete
3421          * event gets always produced as initiator and is also mapped to
3422          * the mgmt_auth_failed event */
3423         if (!test_bit(HCI_CONN_AUTH_PEND, &conn->flags) && ev->status)
3424                 mgmt_auth_failed(hdev, &conn->dst, conn->type, conn->dst_type,
3425                                  ev->status);
3426
3427         hci_conn_drop(conn);
3428
3429 unlock:
3430         hci_dev_unlock(hdev);
3431 }
3432
3433 static void hci_remote_host_features_evt(struct hci_dev *hdev,
3434                                          struct sk_buff *skb)
3435 {
3436         struct hci_ev_remote_host_features *ev = (void *) skb->data;
3437         struct inquiry_entry *ie;
3438         struct hci_conn *conn;
3439
3440         BT_DBG("%s", hdev->name);
3441
3442         hci_dev_lock(hdev);
3443
3444         conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3445         if (conn)
3446                 memcpy(conn->features[1], ev->features, 8);
3447
3448         ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
3449         if (ie)
3450                 ie->data.ssp_mode = (ev->features[0] & LMP_HOST_SSP);
3451
3452         hci_dev_unlock(hdev);
3453 }
3454
3455 static void hci_remote_oob_data_request_evt(struct hci_dev *hdev,
3456                                             struct sk_buff *skb)
3457 {
3458         struct hci_ev_remote_oob_data_request *ev = (void *) skb->data;
3459         struct oob_data *data;
3460
3461         BT_DBG("%s", hdev->name);
3462
3463         hci_dev_lock(hdev);
3464
3465         if (!test_bit(HCI_MGMT, &hdev->dev_flags))
3466                 goto unlock;
3467
3468         data = hci_find_remote_oob_data(hdev, &ev->bdaddr);
3469         if (data) {
3470                 if (test_bit(HCI_SC_ENABLED, &hdev->dev_flags)) {
3471                         struct hci_cp_remote_oob_ext_data_reply cp;
3472
3473                         bacpy(&cp.bdaddr, &ev->bdaddr);
3474                         memcpy(cp.hash192, data->hash192, sizeof(cp.hash192));
3475                         memcpy(cp.randomizer192, data->randomizer192,
3476                                sizeof(cp.randomizer192));
3477                         memcpy(cp.hash256, data->hash256, sizeof(cp.hash256));
3478                         memcpy(cp.randomizer256, data->randomizer256,
3479                                sizeof(cp.randomizer256));
3480
3481                         hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_EXT_DATA_REPLY,
3482                                      sizeof(cp), &cp);
3483                 } else {
3484                         struct hci_cp_remote_oob_data_reply cp;
3485
3486                         bacpy(&cp.bdaddr, &ev->bdaddr);
3487                         memcpy(cp.hash, data->hash192, sizeof(cp.hash));
3488                         memcpy(cp.randomizer, data->randomizer192,
3489                                sizeof(cp.randomizer));
3490
3491                         hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_REPLY,
3492                                      sizeof(cp), &cp);
3493                 }
3494         } else {
3495                 struct hci_cp_remote_oob_data_neg_reply cp;
3496
3497                 bacpy(&cp.bdaddr, &ev->bdaddr);
3498                 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_NEG_REPLY,
3499                              sizeof(cp), &cp);
3500         }
3501
3502 unlock:
3503         hci_dev_unlock(hdev);
3504 }
3505
3506 static void hci_phy_link_complete_evt(struct hci_dev *hdev,
3507                                       struct sk_buff *skb)
3508 {
3509         struct hci_ev_phy_link_complete *ev = (void *) skb->data;
3510         struct hci_conn *hcon, *bredr_hcon;
3511
3512         BT_DBG("%s handle 0x%2.2x status 0x%2.2x", hdev->name, ev->phy_handle,
3513                ev->status);
3514
3515         hci_dev_lock(hdev);
3516
3517         hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
3518         if (!hcon) {
3519                 hci_dev_unlock(hdev);
3520                 return;
3521         }
3522
3523         if (ev->status) {
3524                 hci_conn_del(hcon);
3525                 hci_dev_unlock(hdev);
3526                 return;
3527         }
3528
3529         bredr_hcon = hcon->amp_mgr->l2cap_conn->hcon;
3530
3531         hcon->state = BT_CONNECTED;
3532         bacpy(&hcon->dst, &bredr_hcon->dst);
3533
3534         hci_conn_hold(hcon);
3535         hcon->disc_timeout = HCI_DISCONN_TIMEOUT;
3536         hci_conn_drop(hcon);
3537
3538         hci_conn_add_sysfs(hcon);
3539
3540         amp_physical_cfm(bredr_hcon, hcon);
3541
3542         hci_dev_unlock(hdev);
3543 }
3544
3545 static void hci_loglink_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
3546 {
3547         struct hci_ev_logical_link_complete *ev = (void *) skb->data;
3548         struct hci_conn *hcon;
3549         struct hci_chan *hchan;
3550         struct amp_mgr *mgr;
3551
3552         BT_DBG("%s log_handle 0x%4.4x phy_handle 0x%2.2x status 0x%2.2x",
3553                hdev->name, le16_to_cpu(ev->handle), ev->phy_handle,
3554                ev->status);
3555
3556         hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
3557         if (!hcon)
3558                 return;
3559
3560         /* Create AMP hchan */
3561         hchan = hci_chan_create(hcon);
3562         if (!hchan)
3563                 return;
3564
3565         hchan->handle = le16_to_cpu(ev->handle);
3566
3567         BT_DBG("hcon %p mgr %p hchan %p", hcon, hcon->amp_mgr, hchan);
3568
3569         mgr = hcon->amp_mgr;
3570         if (mgr && mgr->bredr_chan) {
3571                 struct l2cap_chan *bredr_chan = mgr->bredr_chan;
3572
3573                 l2cap_chan_lock(bredr_chan);
3574
3575                 bredr_chan->conn->mtu = hdev->block_mtu;
3576                 l2cap_logical_cfm(bredr_chan, hchan, 0);
3577                 hci_conn_hold(hcon);
3578
3579                 l2cap_chan_unlock(bredr_chan);
3580         }
3581 }
3582
3583 static void hci_disconn_loglink_complete_evt(struct hci_dev *hdev,
3584                                              struct sk_buff *skb)
3585 {
3586         struct hci_ev_disconn_logical_link_complete *ev = (void *) skb->data;
3587         struct hci_chan *hchan;
3588
3589         BT_DBG("%s log handle 0x%4.4x status 0x%2.2x", hdev->name,
3590                le16_to_cpu(ev->handle), ev->status);
3591
3592         if (ev->status)
3593                 return;
3594
3595         hci_dev_lock(hdev);
3596
3597         hchan = hci_chan_lookup_handle(hdev, le16_to_cpu(ev->handle));
3598         if (!hchan)
3599                 goto unlock;
3600
3601         amp_destroy_logical_link(hchan, ev->reason);
3602
3603 unlock:
3604         hci_dev_unlock(hdev);
3605 }
3606
3607 static void hci_disconn_phylink_complete_evt(struct hci_dev *hdev,
3608                                              struct sk_buff *skb)
3609 {
3610         struct hci_ev_disconn_phy_link_complete *ev = (void *) skb->data;
3611         struct hci_conn *hcon;
3612
3613         BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
3614
3615         if (ev->status)
3616                 return;
3617
3618         hci_dev_lock(hdev);
3619
3620         hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
3621         if (hcon) {
3622                 hcon->state = BT_CLOSED;
3623                 hci_conn_del(hcon);
3624         }
3625
3626         hci_dev_unlock(hdev);
3627 }
3628
3629 static void hci_le_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
3630 {
3631         struct hci_ev_le_conn_complete *ev = (void *) skb->data;
3632         struct hci_conn *conn;
3633         struct smp_irk *irk;
3634
3635         BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
3636
3637         hci_dev_lock(hdev);
3638
3639         conn = hci_conn_hash_lookup_state(hdev, LE_LINK, BT_CONNECT);
3640         if (!conn) {
3641                 conn = hci_conn_add(hdev, LE_LINK, &ev->bdaddr);
3642                 if (!conn) {
3643                         BT_ERR("No memory for new connection");
3644                         goto unlock;
3645                 }
3646
3647                 conn->dst_type = ev->bdaddr_type;
3648
3649                 /* The advertising parameters for own address type
3650                  * define which source address and source address
3651                  * type this connections has.
3652                  */
3653                 if (bacmp(&conn->src, BDADDR_ANY)) {
3654                         conn->src_type = ADDR_LE_DEV_PUBLIC;
3655                 } else {
3656                         bacpy(&conn->src, &hdev->static_addr);
3657                         conn->src_type = ADDR_LE_DEV_RANDOM;
3658                 }
3659
3660                 if (ev->role == LE_CONN_ROLE_MASTER) {
3661                         conn->out = true;
3662                         conn->link_mode |= HCI_LM_MASTER;
3663                 }
3664         }
3665
3666         /* Ensure that the hci_conn contains the identity address type
3667          * regardless of which address the connection was made with.
3668          *
3669          * If the controller has a public BD_ADDR, then by default
3670          * use that one. If this is a LE only controller without
3671          * a public address, default to the static random address.
3672          *
3673          * For debugging purposes it is possible to force
3674          * controllers with a public address to use the static
3675          * random address instead.
3676          */
3677         if (test_bit(HCI_FORCE_STATIC_ADDR, &hdev->dev_flags) ||
3678             !bacmp(&hdev->bdaddr, BDADDR_ANY)) {
3679                 bacpy(&conn->src, &hdev->static_addr);
3680                 conn->src_type = ADDR_LE_DEV_RANDOM;
3681         } else {
3682                 bacpy(&conn->src, &hdev->bdaddr);
3683                 conn->src_type = ADDR_LE_DEV_PUBLIC;
3684         }
3685
3686         /* Lookup the identity address from the stored connection
3687          * address and address type.
3688          *
3689          * When establishing connections to an identity address, the
3690          * connection procedure will store the resolvable random
3691          * address first. Now if it can be converted back into the
3692          * identity address, start using the identity address from
3693          * now on.
3694          */
3695         irk = hci_get_irk(hdev, &conn->dst, conn->dst_type);
3696         if (irk) {
3697                 bacpy(&conn->dst, &irk->bdaddr);
3698                 conn->dst_type = irk->addr_type;
3699         }
3700
3701         if (ev->status) {
3702                 hci_le_conn_failed(conn, ev->status);
3703                 goto unlock;
3704         }
3705
3706         if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
3707                 mgmt_device_connected(hdev, &conn->dst, conn->type,
3708                                       conn->dst_type, 0, NULL, 0, NULL);
3709
3710         conn->sec_level = BT_SECURITY_LOW;
3711         conn->handle = __le16_to_cpu(ev->handle);
3712         conn->state = BT_CONNECTED;
3713
3714         if (test_bit(HCI_6LOWPAN_ENABLED, &hdev->dev_flags))
3715                 set_bit(HCI_CONN_6LOWPAN, &conn->flags);
3716
3717         hci_conn_add_sysfs(conn);
3718
3719         hci_proto_connect_cfm(conn, ev->status);
3720
3721         hci_pend_le_conn_del(hdev, &conn->dst, conn->dst_type);
3722
3723 unlock:
3724         hci_dev_unlock(hdev);
3725 }
3726
3727 /* This function requires the caller holds hdev->lock */
3728 static void check_pending_le_conn(struct hci_dev *hdev, bdaddr_t *addr,
3729                                   u8 addr_type)
3730 {
3731         struct hci_conn *conn;
3732         struct smp_irk *irk;
3733
3734         /* If this is a resolvable address, we should resolve it and then
3735          * update address and address type variables.
3736          */
3737         irk = hci_get_irk(hdev, addr, addr_type);
3738         if (irk) {
3739                 addr = &irk->bdaddr;
3740                 addr_type = irk->addr_type;
3741         }
3742
3743         if (!hci_pend_le_conn_lookup(hdev, addr, addr_type))
3744                 return;
3745
3746         conn = hci_connect_le(hdev, addr, addr_type, BT_SECURITY_LOW,
3747                               HCI_AT_NO_BONDING);
3748         if (!IS_ERR(conn))
3749                 return;
3750
3751         switch (PTR_ERR(conn)) {
3752         case -EBUSY:
3753                 /* If hci_connect() returns -EBUSY it means there is already
3754                  * an LE connection attempt going on. Since controllers don't
3755                  * support more than one connection attempt at the time, we
3756                  * don't consider this an error case.
3757                  */
3758                 break;
3759         default:
3760                 BT_DBG("Failed to connect: err %ld", PTR_ERR(conn));
3761         }
3762 }
3763
3764 static void hci_le_adv_report_evt(struct hci_dev *hdev, struct sk_buff *skb)
3765 {
3766         u8 num_reports = skb->data[0];
3767         void *ptr = &skb->data[1];
3768         s8 rssi;
3769
3770         hci_dev_lock(hdev);
3771
3772         while (num_reports--) {
3773                 struct hci_ev_le_advertising_info *ev = ptr;
3774
3775                 if (ev->evt_type == LE_ADV_IND ||
3776                     ev->evt_type == LE_ADV_DIRECT_IND)
3777                         check_pending_le_conn(hdev, &ev->bdaddr,
3778                                               ev->bdaddr_type);
3779
3780                 rssi = ev->data[ev->length];
3781                 mgmt_device_found(hdev, &ev->bdaddr, LE_LINK, ev->bdaddr_type,
3782                                   NULL, rssi, 0, 1, ev->data, ev->length);
3783
3784                 ptr += sizeof(*ev) + ev->length + 1;
3785         }
3786
3787         hci_dev_unlock(hdev);
3788 }
3789
3790 static void hci_le_ltk_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
3791 {
3792         struct hci_ev_le_ltk_req *ev = (void *) skb->data;
3793         struct hci_cp_le_ltk_reply cp;
3794         struct hci_cp_le_ltk_neg_reply neg;
3795         struct hci_conn *conn;
3796         struct smp_ltk *ltk;
3797
3798         BT_DBG("%s handle 0x%4.4x", hdev->name, __le16_to_cpu(ev->handle));
3799
3800         hci_dev_lock(hdev);
3801
3802         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
3803         if (conn == NULL)
3804                 goto not_found;
3805
3806         ltk = hci_find_ltk(hdev, ev->ediv, ev->random, conn->out);
3807         if (ltk == NULL)
3808                 goto not_found;
3809
3810         memcpy(cp.ltk, ltk->val, sizeof(ltk->val));
3811         cp.handle = cpu_to_le16(conn->handle);
3812
3813         if (ltk->authenticated)
3814                 conn->pending_sec_level = BT_SECURITY_HIGH;
3815         else
3816                 conn->pending_sec_level = BT_SECURITY_MEDIUM;
3817
3818         conn->enc_key_size = ltk->enc_size;
3819
3820         hci_send_cmd(hdev, HCI_OP_LE_LTK_REPLY, sizeof(cp), &cp);
3821
3822         if (ltk->type & HCI_SMP_STK) {
3823                 list_del(&ltk->list);
3824                 kfree(ltk);
3825         }
3826
3827         hci_dev_unlock(hdev);
3828
3829         return;
3830
3831 not_found:
3832         neg.handle = ev->handle;
3833         hci_send_cmd(hdev, HCI_OP_LE_LTK_NEG_REPLY, sizeof(neg), &neg);
3834         hci_dev_unlock(hdev);
3835 }
3836
3837 static void hci_le_meta_evt(struct hci_dev *hdev, struct sk_buff *skb)
3838 {
3839         struct hci_ev_le_meta *le_ev = (void *) skb->data;
3840
3841         skb_pull(skb, sizeof(*le_ev));
3842
3843         switch (le_ev->subevent) {
3844         case HCI_EV_LE_CONN_COMPLETE:
3845                 hci_le_conn_complete_evt(hdev, skb);
3846                 break;
3847
3848         case HCI_EV_LE_ADVERTISING_REPORT:
3849                 hci_le_adv_report_evt(hdev, skb);
3850                 break;
3851
3852         case HCI_EV_LE_LTK_REQ:
3853                 hci_le_ltk_request_evt(hdev, skb);
3854                 break;
3855
3856         default:
3857                 break;
3858         }
3859 }
3860
3861 static void hci_chan_selected_evt(struct hci_dev *hdev, struct sk_buff *skb)
3862 {
3863         struct hci_ev_channel_selected *ev = (void *) skb->data;
3864         struct hci_conn *hcon;
3865
3866         BT_DBG("%s handle 0x%2.2x", hdev->name, ev->phy_handle);
3867
3868         skb_pull(skb, sizeof(*ev));
3869
3870         hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
3871         if (!hcon)
3872                 return;
3873
3874         amp_read_loc_assoc_final_data(hdev, hcon);
3875 }
3876
3877 void hci_event_packet(struct hci_dev *hdev, struct sk_buff *skb)
3878 {
3879         struct hci_event_hdr *hdr = (void *) skb->data;
3880         __u8 event = hdr->evt;
3881
3882         hci_dev_lock(hdev);
3883
3884         /* Received events are (currently) only needed when a request is
3885          * ongoing so avoid unnecessary memory allocation.
3886          */
3887         if (hdev->req_status == HCI_REQ_PEND) {
3888                 kfree_skb(hdev->recv_evt);
3889                 hdev->recv_evt = skb_clone(skb, GFP_KERNEL);
3890         }
3891
3892         hci_dev_unlock(hdev);
3893
3894         skb_pull(skb, HCI_EVENT_HDR_SIZE);
3895
3896         if (hdev->sent_cmd && bt_cb(hdev->sent_cmd)->req.event == event) {
3897                 struct hci_command_hdr *cmd_hdr = (void *) hdev->sent_cmd->data;
3898                 u16 opcode = __le16_to_cpu(cmd_hdr->opcode);
3899
3900                 hci_req_cmd_complete(hdev, opcode, 0);
3901         }
3902
3903         switch (event) {
3904         case HCI_EV_INQUIRY_COMPLETE:
3905                 hci_inquiry_complete_evt(hdev, skb);
3906                 break;
3907
3908         case HCI_EV_INQUIRY_RESULT:
3909                 hci_inquiry_result_evt(hdev, skb);
3910                 break;
3911
3912         case HCI_EV_CONN_COMPLETE:
3913                 hci_conn_complete_evt(hdev, skb);
3914                 break;
3915
3916         case HCI_EV_CONN_REQUEST:
3917                 hci_conn_request_evt(hdev, skb);
3918                 break;
3919
3920         case HCI_EV_DISCONN_COMPLETE:
3921                 hci_disconn_complete_evt(hdev, skb);
3922                 break;
3923
3924         case HCI_EV_AUTH_COMPLETE:
3925                 hci_auth_complete_evt(hdev, skb);
3926                 break;
3927
3928         case HCI_EV_REMOTE_NAME:
3929                 hci_remote_name_evt(hdev, skb);
3930                 break;
3931
3932         case HCI_EV_ENCRYPT_CHANGE:
3933                 hci_encrypt_change_evt(hdev, skb);
3934                 break;
3935
3936         case HCI_EV_CHANGE_LINK_KEY_COMPLETE:
3937                 hci_change_link_key_complete_evt(hdev, skb);
3938                 break;
3939
3940         case HCI_EV_REMOTE_FEATURES:
3941                 hci_remote_features_evt(hdev, skb);
3942                 break;
3943
3944         case HCI_EV_CMD_COMPLETE:
3945                 hci_cmd_complete_evt(hdev, skb);
3946                 break;
3947
3948         case HCI_EV_CMD_STATUS:
3949                 hci_cmd_status_evt(hdev, skb);
3950                 break;
3951
3952         case HCI_EV_ROLE_CHANGE:
3953                 hci_role_change_evt(hdev, skb);
3954                 break;
3955
3956         case HCI_EV_NUM_COMP_PKTS:
3957                 hci_num_comp_pkts_evt(hdev, skb);
3958                 break;
3959
3960         case HCI_EV_MODE_CHANGE:
3961                 hci_mode_change_evt(hdev, skb);
3962                 break;
3963
3964         case HCI_EV_PIN_CODE_REQ:
3965                 hci_pin_code_request_evt(hdev, skb);
3966                 break;
3967
3968         case HCI_EV_LINK_KEY_REQ:
3969                 hci_link_key_request_evt(hdev, skb);
3970                 break;
3971
3972         case HCI_EV_LINK_KEY_NOTIFY:
3973                 hci_link_key_notify_evt(hdev, skb);
3974                 break;
3975
3976         case HCI_EV_CLOCK_OFFSET:
3977                 hci_clock_offset_evt(hdev, skb);
3978                 break;
3979
3980         case HCI_EV_PKT_TYPE_CHANGE:
3981                 hci_pkt_type_change_evt(hdev, skb);
3982                 break;
3983
3984         case HCI_EV_PSCAN_REP_MODE:
3985                 hci_pscan_rep_mode_evt(hdev, skb);
3986                 break;
3987
3988         case HCI_EV_INQUIRY_RESULT_WITH_RSSI:
3989                 hci_inquiry_result_with_rssi_evt(hdev, skb);
3990                 break;
3991
3992         case HCI_EV_REMOTE_EXT_FEATURES:
3993                 hci_remote_ext_features_evt(hdev, skb);
3994                 break;
3995
3996         case HCI_EV_SYNC_CONN_COMPLETE:
3997                 hci_sync_conn_complete_evt(hdev, skb);
3998                 break;
3999
4000         case HCI_EV_EXTENDED_INQUIRY_RESULT:
4001                 hci_extended_inquiry_result_evt(hdev, skb);
4002                 break;
4003
4004         case HCI_EV_KEY_REFRESH_COMPLETE:
4005                 hci_key_refresh_complete_evt(hdev, skb);
4006                 break;
4007
4008         case HCI_EV_IO_CAPA_REQUEST:
4009                 hci_io_capa_request_evt(hdev, skb);
4010                 break;
4011
4012         case HCI_EV_IO_CAPA_REPLY:
4013                 hci_io_capa_reply_evt(hdev, skb);
4014                 break;
4015
4016         case HCI_EV_USER_CONFIRM_REQUEST:
4017                 hci_user_confirm_request_evt(hdev, skb);
4018                 break;
4019
4020         case HCI_EV_USER_PASSKEY_REQUEST:
4021                 hci_user_passkey_request_evt(hdev, skb);
4022                 break;
4023
4024         case HCI_EV_USER_PASSKEY_NOTIFY:
4025                 hci_user_passkey_notify_evt(hdev, skb);
4026                 break;
4027
4028         case HCI_EV_KEYPRESS_NOTIFY:
4029                 hci_keypress_notify_evt(hdev, skb);
4030                 break;
4031
4032         case HCI_EV_SIMPLE_PAIR_COMPLETE:
4033                 hci_simple_pair_complete_evt(hdev, skb);
4034                 break;
4035
4036         case HCI_EV_REMOTE_HOST_FEATURES:
4037                 hci_remote_host_features_evt(hdev, skb);
4038                 break;
4039
4040         case HCI_EV_LE_META:
4041                 hci_le_meta_evt(hdev, skb);
4042                 break;
4043
4044         case HCI_EV_CHANNEL_SELECTED:
4045                 hci_chan_selected_evt(hdev, skb);
4046                 break;
4047
4048         case HCI_EV_REMOTE_OOB_DATA_REQUEST:
4049                 hci_remote_oob_data_request_evt(hdev, skb);
4050                 break;
4051
4052         case HCI_EV_PHY_LINK_COMPLETE:
4053                 hci_phy_link_complete_evt(hdev, skb);
4054                 break;
4055
4056         case HCI_EV_LOGICAL_LINK_COMPLETE:
4057                 hci_loglink_complete_evt(hdev, skb);
4058                 break;
4059
4060         case HCI_EV_DISCONN_LOGICAL_LINK_COMPLETE:
4061                 hci_disconn_loglink_complete_evt(hdev, skb);
4062                 break;
4063
4064         case HCI_EV_DISCONN_PHY_LINK_COMPLETE:
4065                 hci_disconn_phylink_complete_evt(hdev, skb);
4066                 break;
4067
4068         case HCI_EV_NUM_COMP_BLOCKS:
4069                 hci_num_comp_blocks_evt(hdev, skb);
4070                 break;
4071
4072         default:
4073                 BT_DBG("%s event 0x%2.2x", hdev->name, event);
4074                 break;
4075         }
4076
4077         kfree_skb(skb);
4078         hdev->stat.evt_rx++;
4079 }
Pandora Kernel Repository