git.openpandora.org / pandora-kernel.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Bluetooth: Track the AES-CCM encryption status of LE and BR/EDR links
[pandora-kernel.git] / net / bluetooth / hci_event.c
1 /*
2    BlueZ - Bluetooth protocol stack for Linux
3    Copyright (c) 2000-2001, 2010, Code Aurora Forum. All rights reserved.
4
5    Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
6
7    This program is free software; you can redistribute it and/or modify
8    it under the terms of the GNU General Public License version 2 as
9    published by the Free Software Foundation;
10
11    THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12    OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13    FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14    IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15    CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16    WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17    ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18    OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
20    ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21    COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22    SOFTWARE IS DISCLAIMED.
23 */
24
25 /* Bluetooth HCI event handling. */
26
27 #include <asm/unaligned.h>
28
29 #include <net/bluetooth/bluetooth.h>
30 #include <net/bluetooth/hci_core.h>
31 #include <net/bluetooth/mgmt.h>
32
33 #include "a2mp.h"
34 #include "amp.h"
35
36 /* Handle HCI Event packets */
37
38 static void hci_cc_inquiry_cancel(struct hci_dev *hdev, struct sk_buff *skb)
39 {
40         __u8 status = *((__u8 *) skb->data);
41
42         BT_DBG("%s status 0x%2.2x", hdev->name, status);
43
44         if (status)
45                 return;
46
47         clear_bit(HCI_INQUIRY, &hdev->flags);
48         smp_mb__after_clear_bit(); /* wake_up_bit advises about this barrier */
49         wake_up_bit(&hdev->flags, HCI_INQUIRY);
50
51         hci_conn_check_pending(hdev);
52 }
53
54 static void hci_cc_periodic_inq(struct hci_dev *hdev, struct sk_buff *skb)
55 {
56         __u8 status = *((__u8 *) skb->data);
57
58         BT_DBG("%s status 0x%2.2x", hdev->name, status);
59
60         if (status)
61                 return;
62
63         set_bit(HCI_PERIODIC_INQ, &hdev->dev_flags);
64 }
65
66 static void hci_cc_exit_periodic_inq(struct hci_dev *hdev, struct sk_buff *skb)
67 {
68         __u8 status = *((__u8 *) skb->data);
69
70         BT_DBG("%s status 0x%2.2x", hdev->name, status);
71
72         if (status)
73                 return;
74
75         clear_bit(HCI_PERIODIC_INQ, &hdev->dev_flags);
76
77         hci_conn_check_pending(hdev);
78 }
79
80 static void hci_cc_remote_name_req_cancel(struct hci_dev *hdev,
81                                           struct sk_buff *skb)
82 {
83         BT_DBG("%s", hdev->name);
84 }
85
86 static void hci_cc_role_discovery(struct hci_dev *hdev, struct sk_buff *skb)
87 {
88         struct hci_rp_role_discovery *rp = (void *) skb->data;
89         struct hci_conn *conn;
90
91         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
92
93         if (rp->status)
94                 return;
95
96         hci_dev_lock(hdev);
97
98         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
99         if (conn) {
100                 if (rp->role)
101                         conn->link_mode &= ~HCI_LM_MASTER;
102                 else
103                         conn->link_mode |= HCI_LM_MASTER;
104         }
105
106         hci_dev_unlock(hdev);
107 }
108
109 static void hci_cc_read_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
110 {
111         struct hci_rp_read_link_policy *rp = (void *) skb->data;
112         struct hci_conn *conn;
113
114         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
115
116         if (rp->status)
117                 return;
118
119         hci_dev_lock(hdev);
120
121         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
122         if (conn)
123                 conn->link_policy = __le16_to_cpu(rp->policy);
124
125         hci_dev_unlock(hdev);
126 }
127
128 static void hci_cc_write_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
129 {
130         struct hci_rp_write_link_policy *rp = (void *) skb->data;
131         struct hci_conn *conn;
132         void *sent;
133
134         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
135
136         if (rp->status)
137                 return;
138
139         sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LINK_POLICY);
140         if (!sent)
141                 return;
142
143         hci_dev_lock(hdev);
144
145         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
146         if (conn)
147                 conn->link_policy = get_unaligned_le16(sent + 2);
148
149         hci_dev_unlock(hdev);
150 }
151
152 static void hci_cc_read_def_link_policy(struct hci_dev *hdev,
153                                         struct sk_buff *skb)
154 {
155         struct hci_rp_read_def_link_policy *rp = (void *) skb->data;
156
157         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
158
159         if (rp->status)
160                 return;
161
162         hdev->link_policy = __le16_to_cpu(rp->policy);
163 }
164
165 static void hci_cc_write_def_link_policy(struct hci_dev *hdev,
166                                          struct sk_buff *skb)
167 {
168         __u8 status = *((__u8 *) skb->data);
169         void *sent;
170
171         BT_DBG("%s status 0x%2.2x", hdev->name, status);
172
173         sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_DEF_LINK_POLICY);
174         if (!sent)
175                 return;
176
177         if (!status)
178                 hdev->link_policy = get_unaligned_le16(sent);
179 }
180
181 static void hci_cc_reset(struct hci_dev *hdev, struct sk_buff *skb)
182 {
183         __u8 status = *((__u8 *) skb->data);
184
185         BT_DBG("%s status 0x%2.2x", hdev->name, status);
186
187         clear_bit(HCI_RESET, &hdev->flags);
188
189         /* Reset all non-persistent flags */
190         hdev->dev_flags &= ~HCI_PERSISTENT_MASK;
191
192         hdev->discovery.state = DISCOVERY_STOPPED;
193         hdev->inq_tx_power = HCI_TX_POWER_INVALID;
194         hdev->adv_tx_power = HCI_TX_POWER_INVALID;
195
196         memset(hdev->adv_data, 0, sizeof(hdev->adv_data));
197         hdev->adv_data_len = 0;
198
199         memset(hdev->scan_rsp_data, 0, sizeof(hdev->scan_rsp_data));
200         hdev->scan_rsp_data_len = 0;
201
202         hdev->ssp_debug_mode = 0;
203 }
204
205 static void hci_cc_write_local_name(struct hci_dev *hdev, struct sk_buff *skb)
206 {
207         __u8 status = *((__u8 *) skb->data);
208         void *sent;
209
210         BT_DBG("%s status 0x%2.2x", hdev->name, status);
211
212         sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LOCAL_NAME);
213         if (!sent)
214                 return;
215
216         hci_dev_lock(hdev);
217
218         if (test_bit(HCI_MGMT, &hdev->dev_flags))
219                 mgmt_set_local_name_complete(hdev, sent, status);
220         else if (!status)
221                 memcpy(hdev->dev_name, sent, HCI_MAX_NAME_LENGTH);
222
223         hci_dev_unlock(hdev);
224 }
225
226 static void hci_cc_read_local_name(struct hci_dev *hdev, struct sk_buff *skb)
227 {
228         struct hci_rp_read_local_name *rp = (void *) skb->data;
229
230         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
231
232         if (rp->status)
233                 return;
234
235         if (test_bit(HCI_SETUP, &hdev->dev_flags))
236                 memcpy(hdev->dev_name, rp->name, HCI_MAX_NAME_LENGTH);
237 }
238
239 static void hci_cc_write_auth_enable(struct hci_dev *hdev, struct sk_buff *skb)
240 {
241         __u8 status = *((__u8 *) skb->data);
242         void *sent;
243
244         BT_DBG("%s status 0x%2.2x", hdev->name, status);
245
246         sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_AUTH_ENABLE);
247         if (!sent)
248                 return;
249
250         if (!status) {
251                 __u8 param = *((__u8 *) sent);
252
253                 if (param == AUTH_ENABLED)
254                         set_bit(HCI_AUTH, &hdev->flags);
255                 else
256                         clear_bit(HCI_AUTH, &hdev->flags);
257         }
258
259         if (test_bit(HCI_MGMT, &hdev->dev_flags))
260                 mgmt_auth_enable_complete(hdev, status);
261 }
262
263 static void hci_cc_write_encrypt_mode(struct hci_dev *hdev, struct sk_buff *skb)
264 {
265         __u8 status = *((__u8 *) skb->data);
266         void *sent;
267
268         BT_DBG("%s status 0x%2.2x", hdev->name, status);
269
270         sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_ENCRYPT_MODE);
271         if (!sent)
272                 return;
273
274         if (!status) {
275                 __u8 param = *((__u8 *) sent);
276
277                 if (param)
278                         set_bit(HCI_ENCRYPT, &hdev->flags);
279                 else
280                         clear_bit(HCI_ENCRYPT, &hdev->flags);
281         }
282 }
283
284 static void hci_cc_write_scan_enable(struct hci_dev *hdev, struct sk_buff *skb)
285 {
286         __u8 param, status = *((__u8 *) skb->data);
287         int old_pscan, old_iscan;
288         void *sent;
289
290         BT_DBG("%s status 0x%2.2x", hdev->name, status);
291
292         sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SCAN_ENABLE);
293         if (!sent)
294                 return;
295
296         param = *((__u8 *) sent);
297
298         hci_dev_lock(hdev);
299
300         if (status) {
301                 mgmt_write_scan_failed(hdev, param, status);
302                 hdev->discov_timeout = 0;
303                 goto done;
304         }
305
306         /* We need to ensure that we set this back on if someone changed
307          * the scan mode through a raw HCI socket.
308          */
309         set_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
310
311         old_pscan = test_and_clear_bit(HCI_PSCAN, &hdev->flags);
312         old_iscan = test_and_clear_bit(HCI_ISCAN, &hdev->flags);
313
314         if (param & SCAN_INQUIRY) {
315                 set_bit(HCI_ISCAN, &hdev->flags);
316                 if (!old_iscan)
317                         mgmt_discoverable(hdev, 1);
318         } else if (old_iscan)
319                 mgmt_discoverable(hdev, 0);
320
321         if (param & SCAN_PAGE) {
322                 set_bit(HCI_PSCAN, &hdev->flags);
323                 if (!old_pscan)
324                         mgmt_connectable(hdev, 1);
325         } else if (old_pscan)
326                 mgmt_connectable(hdev, 0);
327
328 done:
329         hci_dev_unlock(hdev);
330 }
331
332 static void hci_cc_read_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
333 {
334         struct hci_rp_read_class_of_dev *rp = (void *) skb->data;
335
336         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
337
338         if (rp->status)
339                 return;
340
341         memcpy(hdev->dev_class, rp->dev_class, 3);
342
343         BT_DBG("%s class 0x%.2x%.2x%.2x", hdev->name,
344                hdev->dev_class[2], hdev->dev_class[1], hdev->dev_class[0]);
345 }
346
347 static void hci_cc_write_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
348 {
349         __u8 status = *((__u8 *) skb->data);
350         void *sent;
351
352         BT_DBG("%s status 0x%2.2x", hdev->name, status);
353
354         sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_CLASS_OF_DEV);
355         if (!sent)
356                 return;
357
358         hci_dev_lock(hdev);
359
360         if (status == 0)
361                 memcpy(hdev->dev_class, sent, 3);
362
363         if (test_bit(HCI_MGMT, &hdev->dev_flags))
364                 mgmt_set_class_of_dev_complete(hdev, sent, status);
365
366         hci_dev_unlock(hdev);
367 }
368
369 static void hci_cc_read_voice_setting(struct hci_dev *hdev, struct sk_buff *skb)
370 {
371         struct hci_rp_read_voice_setting *rp = (void *) skb->data;
372         __u16 setting;
373
374         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
375
376         if (rp->status)
377                 return;
378
379         setting = __le16_to_cpu(rp->voice_setting);
380
381         if (hdev->voice_setting == setting)
382                 return;
383
384         hdev->voice_setting = setting;
385
386         BT_DBG("%s voice setting 0x%4.4x", hdev->name, setting);
387
388         if (hdev->notify)
389                 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
390 }
391
392 static void hci_cc_write_voice_setting(struct hci_dev *hdev,
393                                        struct sk_buff *skb)
394 {
395         __u8 status = *((__u8 *) skb->data);
396         __u16 setting;
397         void *sent;
398
399         BT_DBG("%s status 0x%2.2x", hdev->name, status);
400
401         if (status)
402                 return;
403
404         sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_VOICE_SETTING);
405         if (!sent)
406                 return;
407
408         setting = get_unaligned_le16(sent);
409
410         if (hdev->voice_setting == setting)
411                 return;
412
413         hdev->voice_setting = setting;
414
415         BT_DBG("%s voice setting 0x%4.4x", hdev->name, setting);
416
417         if (hdev->notify)
418                 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
419 }
420
421 static void hci_cc_read_num_supported_iac(struct hci_dev *hdev,
422                                           struct sk_buff *skb)
423 {
424         struct hci_rp_read_num_supported_iac *rp = (void *) skb->data;
425
426         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
427
428         if (rp->status)
429                 return;
430
431         hdev->num_iac = rp->num_iac;
432
433         BT_DBG("%s num iac %d", hdev->name, hdev->num_iac);
434 }
435
436 static void hci_cc_write_ssp_mode(struct hci_dev *hdev, struct sk_buff *skb)
437 {
438         __u8 status = *((__u8 *) skb->data);
439         struct hci_cp_write_ssp_mode *sent;
440
441         BT_DBG("%s status 0x%2.2x", hdev->name, status);
442
443         sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SSP_MODE);
444         if (!sent)
445                 return;
446
447         if (!status) {
448                 if (sent->mode)
449                         hdev->features[1][0] |= LMP_HOST_SSP;
450                 else
451                         hdev->features[1][0] &= ~LMP_HOST_SSP;
452         }
453
454         if (test_bit(HCI_MGMT, &hdev->dev_flags))
455                 mgmt_ssp_enable_complete(hdev, sent->mode, status);
456         else if (!status) {
457                 if (sent->mode)
458                         set_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
459                 else
460                         clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
461         }
462 }
463
464 static void hci_cc_write_sc_support(struct hci_dev *hdev, struct sk_buff *skb)
465 {
466         u8 status = *((u8 *) skb->data);
467         struct hci_cp_write_sc_support *sent;
468
469         BT_DBG("%s status 0x%2.2x", hdev->name, status);
470
471         sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SC_SUPPORT);
472         if (!sent)
473                 return;
474
475         if (!status) {
476                 if (sent->support)
477                         hdev->features[1][0] |= LMP_HOST_SC;
478                 else
479                         hdev->features[1][0] &= ~LMP_HOST_SC;
480         }
481
482         if (test_bit(HCI_MGMT, &hdev->dev_flags))
483                 mgmt_sc_enable_complete(hdev, sent->support, status);
484         else if (!status) {
485                 if (sent->support)
486                         set_bit(HCI_SC_ENABLED, &hdev->dev_flags);
487                 else
488                         clear_bit(HCI_SC_ENABLED, &hdev->dev_flags);
489         }
490 }
491
492 static void hci_cc_read_local_version(struct hci_dev *hdev, struct sk_buff *skb)
493 {
494         struct hci_rp_read_local_version *rp = (void *) skb->data;
495
496         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
497
498         if (rp->status)
499                 return;
500
501         if (test_bit(HCI_SETUP, &hdev->dev_flags)) {
502                 hdev->hci_ver = rp->hci_ver;
503                 hdev->hci_rev = __le16_to_cpu(rp->hci_rev);
504                 hdev->lmp_ver = rp->lmp_ver;
505                 hdev->manufacturer = __le16_to_cpu(rp->manufacturer);
506                 hdev->lmp_subver = __le16_to_cpu(rp->lmp_subver);
507         }
508 }
509
510 static void hci_cc_read_local_commands(struct hci_dev *hdev,
511                                        struct sk_buff *skb)
512 {
513         struct hci_rp_read_local_commands *rp = (void *) skb->data;
514
515         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
516
517         if (rp->status)
518                 return;
519
520         if (test_bit(HCI_SETUP, &hdev->dev_flags))
521                 memcpy(hdev->commands, rp->commands, sizeof(hdev->commands));
522 }
523
524 static void hci_cc_read_local_features(struct hci_dev *hdev,
525                                        struct sk_buff *skb)
526 {
527         struct hci_rp_read_local_features *rp = (void *) skb->data;
528
529         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
530
531         if (rp->status)
532                 return;
533
534         memcpy(hdev->features, rp->features, 8);
535
536         /* Adjust default settings according to features
537          * supported by device. */
538
539         if (hdev->features[0][0] & LMP_3SLOT)
540                 hdev->pkt_type |= (HCI_DM3 | HCI_DH3);
541
542         if (hdev->features[0][0] & LMP_5SLOT)
543                 hdev->pkt_type |= (HCI_DM5 | HCI_DH5);
544
545         if (hdev->features[0][1] & LMP_HV2) {
546                 hdev->pkt_type  |= (HCI_HV2);
547                 hdev->esco_type |= (ESCO_HV2);
548         }
549
550         if (hdev->features[0][1] & LMP_HV3) {
551                 hdev->pkt_type  |= (HCI_HV3);
552                 hdev->esco_type |= (ESCO_HV3);
553         }
554
555         if (lmp_esco_capable(hdev))
556                 hdev->esco_type |= (ESCO_EV3);
557
558         if (hdev->features[0][4] & LMP_EV4)
559                 hdev->esco_type |= (ESCO_EV4);
560
561         if (hdev->features[0][4] & LMP_EV5)
562                 hdev->esco_type |= (ESCO_EV5);
563
564         if (hdev->features[0][5] & LMP_EDR_ESCO_2M)
565                 hdev->esco_type |= (ESCO_2EV3);
566
567         if (hdev->features[0][5] & LMP_EDR_ESCO_3M)
568                 hdev->esco_type |= (ESCO_3EV3);
569
570         if (hdev->features[0][5] & LMP_EDR_3S_ESCO)
571                 hdev->esco_type |= (ESCO_2EV5 | ESCO_3EV5);
572 }
573
574 static void hci_cc_read_local_ext_features(struct hci_dev *hdev,
575                                            struct sk_buff *skb)
576 {
577         struct hci_rp_read_local_ext_features *rp = (void *) skb->data;
578
579         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
580
581         if (rp->status)
582                 return;
583
584         if (hdev->max_page < rp->max_page)
585                 hdev->max_page = rp->max_page;
586
587         if (rp->page < HCI_MAX_PAGES)
588                 memcpy(hdev->features[rp->page], rp->features, 8);
589 }
590
591 static void hci_cc_read_flow_control_mode(struct hci_dev *hdev,
592                                           struct sk_buff *skb)
593 {
594         struct hci_rp_read_flow_control_mode *rp = (void *) skb->data;
595
596         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
597
598         if (!rp->status)
599                 hdev->flow_ctl_mode = rp->mode;
600 }
601
602 static void hci_cc_read_buffer_size(struct hci_dev *hdev, struct sk_buff *skb)
603 {
604         struct hci_rp_read_buffer_size *rp = (void *) skb->data;
605
606         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
607
608         if (rp->status)
609                 return;
610
611         hdev->acl_mtu  = __le16_to_cpu(rp->acl_mtu);
612         hdev->sco_mtu  = rp->sco_mtu;
613         hdev->acl_pkts = __le16_to_cpu(rp->acl_max_pkt);
614         hdev->sco_pkts = __le16_to_cpu(rp->sco_max_pkt);
615
616         if (test_bit(HCI_QUIRK_FIXUP_BUFFER_SIZE, &hdev->quirks)) {
617                 hdev->sco_mtu  = 64;
618                 hdev->sco_pkts = 8;
619         }
620
621         hdev->acl_cnt = hdev->acl_pkts;
622         hdev->sco_cnt = hdev->sco_pkts;
623
624         BT_DBG("%s acl mtu %d:%d sco mtu %d:%d", hdev->name, hdev->acl_mtu,
625                hdev->acl_pkts, hdev->sco_mtu, hdev->sco_pkts);
626 }
627
628 static void hci_cc_read_bd_addr(struct hci_dev *hdev, struct sk_buff *skb)
629 {
630         struct hci_rp_read_bd_addr *rp = (void *) skb->data;
631
632         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
633
634         if (!rp->status)
635                 bacpy(&hdev->bdaddr, &rp->bdaddr);
636 }
637
638 static void hci_cc_read_page_scan_activity(struct hci_dev *hdev,
639                                            struct sk_buff *skb)
640 {
641         struct hci_rp_read_page_scan_activity *rp = (void *) skb->data;
642
643         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
644
645         if (test_bit(HCI_INIT, &hdev->flags) && !rp->status) {
646                 hdev->page_scan_interval = __le16_to_cpu(rp->interval);
647                 hdev->page_scan_window = __le16_to_cpu(rp->window);
648         }
649 }
650
651 static void hci_cc_write_page_scan_activity(struct hci_dev *hdev,
652                                             struct sk_buff *skb)
653 {
654         u8 status = *((u8 *) skb->data);
655         struct hci_cp_write_page_scan_activity *sent;
656
657         BT_DBG("%s status 0x%2.2x", hdev->name, status);
658
659         if (status)
660                 return;
661
662         sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY);
663         if (!sent)
664                 return;
665
666         hdev->page_scan_interval = __le16_to_cpu(sent->interval);
667         hdev->page_scan_window = __le16_to_cpu(sent->window);
668 }
669
670 static void hci_cc_read_page_scan_type(struct hci_dev *hdev,
671                                            struct sk_buff *skb)
672 {
673         struct hci_rp_read_page_scan_type *rp = (void *) skb->data;
674
675         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
676
677         if (test_bit(HCI_INIT, &hdev->flags) && !rp->status)
678                 hdev->page_scan_type = rp->type;
679 }
680
681 static void hci_cc_write_page_scan_type(struct hci_dev *hdev,
682                                         struct sk_buff *skb)
683 {
684         u8 status = *((u8 *) skb->data);
685         u8 *type;
686
687         BT_DBG("%s status 0x%2.2x", hdev->name, status);
688
689         if (status)
690                 return;
691
692         type = hci_sent_cmd_data(hdev, HCI_OP_WRITE_PAGE_SCAN_TYPE);
693         if (type)
694                 hdev->page_scan_type = *type;
695 }
696
697 static void hci_cc_read_data_block_size(struct hci_dev *hdev,
698                                         struct sk_buff *skb)
699 {
700         struct hci_rp_read_data_block_size *rp = (void *) skb->data;
701
702         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
703
704         if (rp->status)
705                 return;
706
707         hdev->block_mtu = __le16_to_cpu(rp->max_acl_len);
708         hdev->block_len = __le16_to_cpu(rp->block_len);
709         hdev->num_blocks = __le16_to_cpu(rp->num_blocks);
710
711         hdev->block_cnt = hdev->num_blocks;
712
713         BT_DBG("%s blk mtu %d cnt %d len %d", hdev->name, hdev->block_mtu,
714                hdev->block_cnt, hdev->block_len);
715 }
716
717 static void hci_cc_read_local_amp_info(struct hci_dev *hdev,
718                                        struct sk_buff *skb)
719 {
720         struct hci_rp_read_local_amp_info *rp = (void *) skb->data;
721
722         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
723
724         if (rp->status)
725                 goto a2mp_rsp;
726
727         hdev->amp_status = rp->amp_status;
728         hdev->amp_total_bw = __le32_to_cpu(rp->total_bw);
729         hdev->amp_max_bw = __le32_to_cpu(rp->max_bw);
730         hdev->amp_min_latency = __le32_to_cpu(rp->min_latency);
731         hdev->amp_max_pdu = __le32_to_cpu(rp->max_pdu);
732         hdev->amp_type = rp->amp_type;
733         hdev->amp_pal_cap = __le16_to_cpu(rp->pal_cap);
734         hdev->amp_assoc_size = __le16_to_cpu(rp->max_assoc_size);
735         hdev->amp_be_flush_to = __le32_to_cpu(rp->be_flush_to);
736         hdev->amp_max_flush_to = __le32_to_cpu(rp->max_flush_to);
737
738 a2mp_rsp:
739         a2mp_send_getinfo_rsp(hdev);
740 }
741
742 static void hci_cc_read_local_amp_assoc(struct hci_dev *hdev,
743                                         struct sk_buff *skb)
744 {
745         struct hci_rp_read_local_amp_assoc *rp = (void *) skb->data;
746         struct amp_assoc *assoc = &hdev->loc_assoc;
747         size_t rem_len, frag_len;
748
749         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
750
751         if (rp->status)
752                 goto a2mp_rsp;
753
754         frag_len = skb->len - sizeof(*rp);
755         rem_len = __le16_to_cpu(rp->rem_len);
756
757         if (rem_len > frag_len) {
758                 BT_DBG("frag_len %zu rem_len %zu", frag_len, rem_len);
759
760                 memcpy(assoc->data + assoc->offset, rp->frag, frag_len);
761                 assoc->offset += frag_len;
762
763                 /* Read other fragments */
764                 amp_read_loc_assoc_frag(hdev, rp->phy_handle);
765
766                 return;
767         }
768
769         memcpy(assoc->data + assoc->offset, rp->frag, rem_len);
770         assoc->len = assoc->offset + rem_len;
771         assoc->offset = 0;
772
773 a2mp_rsp:
774         /* Send A2MP Rsp when all fragments are received */
775         a2mp_send_getampassoc_rsp(hdev, rp->status);
776         a2mp_send_create_phy_link_req(hdev, rp->status);
777 }
778
779 static void hci_cc_read_inq_rsp_tx_power(struct hci_dev *hdev,
780                                          struct sk_buff *skb)
781 {
782         struct hci_rp_read_inq_rsp_tx_power *rp = (void *) skb->data;
783
784         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
785
786         if (!rp->status)
787                 hdev->inq_tx_power = rp->tx_power;
788 }
789
790 static void hci_cc_pin_code_reply(struct hci_dev *hdev, struct sk_buff *skb)
791 {
792         struct hci_rp_pin_code_reply *rp = (void *) skb->data;
793         struct hci_cp_pin_code_reply *cp;
794         struct hci_conn *conn;
795
796         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
797
798         hci_dev_lock(hdev);
799
800         if (test_bit(HCI_MGMT, &hdev->dev_flags))
801                 mgmt_pin_code_reply_complete(hdev, &rp->bdaddr, rp->status);
802
803         if (rp->status)
804                 goto unlock;
805
806         cp = hci_sent_cmd_data(hdev, HCI_OP_PIN_CODE_REPLY);
807         if (!cp)
808                 goto unlock;
809
810         conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
811         if (conn)
812                 conn->pin_length = cp->pin_len;
813
814 unlock:
815         hci_dev_unlock(hdev);
816 }
817
818 static void hci_cc_pin_code_neg_reply(struct hci_dev *hdev, struct sk_buff *skb)
819 {
820         struct hci_rp_pin_code_neg_reply *rp = (void *) skb->data;
821
822         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
823
824         hci_dev_lock(hdev);
825
826         if (test_bit(HCI_MGMT, &hdev->dev_flags))
827                 mgmt_pin_code_neg_reply_complete(hdev, &rp->bdaddr,
828                                                  rp->status);
829
830         hci_dev_unlock(hdev);
831 }
832
833 static void hci_cc_le_read_buffer_size(struct hci_dev *hdev,
834                                        struct sk_buff *skb)
835 {
836         struct hci_rp_le_read_buffer_size *rp = (void *) skb->data;
837
838         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
839
840         if (rp->status)
841                 return;
842
843         hdev->le_mtu = __le16_to_cpu(rp->le_mtu);
844         hdev->le_pkts = rp->le_max_pkt;
845
846         hdev->le_cnt = hdev->le_pkts;
847
848         BT_DBG("%s le mtu %d:%d", hdev->name, hdev->le_mtu, hdev->le_pkts);
849 }
850
851 static void hci_cc_le_read_local_features(struct hci_dev *hdev,
852                                           struct sk_buff *skb)
853 {
854         struct hci_rp_le_read_local_features *rp = (void *) skb->data;
855
856         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
857
858         if (!rp->status)
859                 memcpy(hdev->le_features, rp->features, 8);
860 }
861
862 static void hci_cc_le_read_adv_tx_power(struct hci_dev *hdev,
863                                         struct sk_buff *skb)
864 {
865         struct hci_rp_le_read_adv_tx_power *rp = (void *) skb->data;
866
867         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
868
869         if (!rp->status)
870                 hdev->adv_tx_power = rp->tx_power;
871 }
872
873 static void hci_cc_user_confirm_reply(struct hci_dev *hdev, struct sk_buff *skb)
874 {
875         struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
876
877         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
878
879         hci_dev_lock(hdev);
880
881         if (test_bit(HCI_MGMT, &hdev->dev_flags))
882                 mgmt_user_confirm_reply_complete(hdev, &rp->bdaddr, ACL_LINK, 0,
883                                                  rp->status);
884
885         hci_dev_unlock(hdev);
886 }
887
888 static void hci_cc_user_confirm_neg_reply(struct hci_dev *hdev,
889                                           struct sk_buff *skb)
890 {
891         struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
892
893         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
894
895         hci_dev_lock(hdev);
896
897         if (test_bit(HCI_MGMT, &hdev->dev_flags))
898                 mgmt_user_confirm_neg_reply_complete(hdev, &rp->bdaddr,
899                                                      ACL_LINK, 0, rp->status);
900
901         hci_dev_unlock(hdev);
902 }
903
904 static void hci_cc_user_passkey_reply(struct hci_dev *hdev, struct sk_buff *skb)
905 {
906         struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
907
908         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
909
910         hci_dev_lock(hdev);
911
912         if (test_bit(HCI_MGMT, &hdev->dev_flags))
913                 mgmt_user_passkey_reply_complete(hdev, &rp->bdaddr, ACL_LINK,
914                                                  0, rp->status);
915
916         hci_dev_unlock(hdev);
917 }
918
919 static void hci_cc_user_passkey_neg_reply(struct hci_dev *hdev,
920                                           struct sk_buff *skb)
921 {
922         struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
923
924         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
925
926         hci_dev_lock(hdev);
927
928         if (test_bit(HCI_MGMT, &hdev->dev_flags))
929                 mgmt_user_passkey_neg_reply_complete(hdev, &rp->bdaddr,
930                                                      ACL_LINK, 0, rp->status);
931
932         hci_dev_unlock(hdev);
933 }
934
935 static void hci_cc_read_local_oob_data(struct hci_dev *hdev,
936                                        struct sk_buff *skb)
937 {
938         struct hci_rp_read_local_oob_data *rp = (void *) skb->data;
939
940         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
941
942         hci_dev_lock(hdev);
943         mgmt_read_local_oob_data_complete(hdev, rp->hash, rp->randomizer,
944                                           NULL, NULL, rp->status);
945         hci_dev_unlock(hdev);
946 }
947
948 static void hci_cc_read_local_oob_ext_data(struct hci_dev *hdev,
949                                            struct sk_buff *skb)
950 {
951         struct hci_rp_read_local_oob_ext_data *rp = (void *) skb->data;
952
953         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
954
955         hci_dev_lock(hdev);
956         mgmt_read_local_oob_data_complete(hdev, rp->hash192, rp->randomizer192,
957                                           rp->hash256, rp->randomizer256,
958                                           rp->status);
959         hci_dev_unlock(hdev);
960 }
961
962 static void hci_cc_le_set_adv_enable(struct hci_dev *hdev, struct sk_buff *skb)
963 {
964         __u8 *sent, status = *((__u8 *) skb->data);
965
966         BT_DBG("%s status 0x%2.2x", hdev->name, status);
967
968         sent = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_ADV_ENABLE);
969         if (!sent)
970                 return;
971
972         hci_dev_lock(hdev);
973
974         if (!status) {
975                 if (*sent)
976                         set_bit(HCI_ADVERTISING, &hdev->dev_flags);
977                 else
978                         clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
979         }
980
981         hci_dev_unlock(hdev);
982 }
983
984 static void hci_cc_le_set_scan_enable(struct hci_dev *hdev,
985                                       struct sk_buff *skb)
986 {
987         struct hci_cp_le_set_scan_enable *cp;
988         __u8 status = *((__u8 *) skb->data);
989
990         BT_DBG("%s status 0x%2.2x", hdev->name, status);
991
992         cp = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_SCAN_ENABLE);
993         if (!cp)
994                 return;
995
996         if (status)
997                 return;
998
999         switch (cp->enable) {
1000         case LE_SCAN_ENABLE:
1001                 set_bit(HCI_LE_SCAN, &hdev->dev_flags);
1002                 break;
1003
1004         case LE_SCAN_DISABLE:
1005                 clear_bit(HCI_LE_SCAN, &hdev->dev_flags);
1006                 break;
1007
1008         default:
1009                 BT_ERR("Used reserved LE_Scan_Enable param %d", cp->enable);
1010                 break;
1011         }
1012 }
1013
1014 static void hci_cc_le_read_white_list_size(struct hci_dev *hdev,
1015                                            struct sk_buff *skb)
1016 {
1017         struct hci_rp_le_read_white_list_size *rp = (void *) skb->data;
1018
1019         BT_DBG("%s status 0x%2.2x size %u", hdev->name, rp->status, rp->size);
1020
1021         if (!rp->status)
1022                 hdev->le_white_list_size = rp->size;
1023 }
1024
1025 static void hci_cc_le_read_supported_states(struct hci_dev *hdev,
1026                                             struct sk_buff *skb)
1027 {
1028         struct hci_rp_le_read_supported_states *rp = (void *) skb->data;
1029
1030         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1031
1032         if (!rp->status)
1033                 memcpy(hdev->le_states, rp->le_states, 8);
1034 }
1035
1036 static void hci_cc_write_le_host_supported(struct hci_dev *hdev,
1037                                            struct sk_buff *skb)
1038 {
1039         struct hci_cp_write_le_host_supported *sent;
1040         __u8 status = *((__u8 *) skb->data);
1041
1042         BT_DBG("%s status 0x%2.2x", hdev->name, status);
1043
1044         sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED);
1045         if (!sent)
1046                 return;
1047
1048         if (!status) {
1049                 if (sent->le) {
1050                         hdev->features[1][0] |= LMP_HOST_LE;
1051                         set_bit(HCI_LE_ENABLED, &hdev->dev_flags);
1052                 } else {
1053                         hdev->features[1][0] &= ~LMP_HOST_LE;
1054                         clear_bit(HCI_LE_ENABLED, &hdev->dev_flags);
1055                         clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
1056                 }
1057
1058                 if (sent->simul)
1059                         hdev->features[1][0] |= LMP_HOST_LE_BREDR;
1060                 else
1061                         hdev->features[1][0] &= ~LMP_HOST_LE_BREDR;
1062         }
1063 }
1064
1065 static void hci_cc_write_remote_amp_assoc(struct hci_dev *hdev,
1066                                           struct sk_buff *skb)
1067 {
1068         struct hci_rp_write_remote_amp_assoc *rp = (void *) skb->data;
1069
1070         BT_DBG("%s status 0x%2.2x phy_handle 0x%2.2x",
1071                hdev->name, rp->status, rp->phy_handle);
1072
1073         if (rp->status)
1074                 return;
1075
1076         amp_write_rem_assoc_continue(hdev, rp->phy_handle);
1077 }
1078
1079 static void hci_cs_inquiry(struct hci_dev *hdev, __u8 status)
1080 {
1081         BT_DBG("%s status 0x%2.2x", hdev->name, status);
1082
1083         if (status) {
1084                 hci_conn_check_pending(hdev);
1085                 return;
1086         }
1087
1088         set_bit(HCI_INQUIRY, &hdev->flags);
1089 }
1090
1091 static void hci_cs_create_conn(struct hci_dev *hdev, __u8 status)
1092 {
1093         struct hci_cp_create_conn *cp;
1094         struct hci_conn *conn;
1095
1096         BT_DBG("%s status 0x%2.2x", hdev->name, status);
1097
1098         cp = hci_sent_cmd_data(hdev, HCI_OP_CREATE_CONN);
1099         if (!cp)
1100                 return;
1101
1102         hci_dev_lock(hdev);
1103
1104         conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1105
1106         BT_DBG("%s bdaddr %pMR hcon %p", hdev->name, &cp->bdaddr, conn);
1107
1108         if (status) {
1109                 if (conn && conn->state == BT_CONNECT) {
1110                         if (status != 0x0c || conn->attempt > 2) {
1111                                 conn->state = BT_CLOSED;
1112                                 hci_proto_connect_cfm(conn, status);
1113                                 hci_conn_del(conn);
1114                         } else
1115                                 conn->state = BT_CONNECT2;
1116                 }
1117         } else {
1118                 if (!conn) {
1119                         conn = hci_conn_add(hdev, ACL_LINK, &cp->bdaddr);
1120                         if (conn) {
1121                                 conn->out = true;
1122                                 conn->link_mode |= HCI_LM_MASTER;
1123                         } else
1124                                 BT_ERR("No memory for new connection");
1125                 }
1126         }
1127
1128         hci_dev_unlock(hdev);
1129 }
1130
1131 static void hci_cs_add_sco(struct hci_dev *hdev, __u8 status)
1132 {
1133         struct hci_cp_add_sco *cp;
1134         struct hci_conn *acl, *sco;
1135         __u16 handle;
1136
1137         BT_DBG("%s status 0x%2.2x", hdev->name, status);
1138
1139         if (!status)
1140                 return;
1141
1142         cp = hci_sent_cmd_data(hdev, HCI_OP_ADD_SCO);
1143         if (!cp)
1144                 return;
1145
1146         handle = __le16_to_cpu(cp->handle);
1147
1148         BT_DBG("%s handle 0x%4.4x", hdev->name, handle);
1149
1150         hci_dev_lock(hdev);
1151
1152         acl = hci_conn_hash_lookup_handle(hdev, handle);
1153         if (acl) {
1154                 sco = acl->link;
1155                 if (sco) {
1156                         sco->state = BT_CLOSED;
1157
1158                         hci_proto_connect_cfm(sco, status);
1159                         hci_conn_del(sco);
1160                 }
1161         }
1162
1163         hci_dev_unlock(hdev);
1164 }
1165
1166 static void hci_cs_auth_requested(struct hci_dev *hdev, __u8 status)
1167 {
1168         struct hci_cp_auth_requested *cp;
1169         struct hci_conn *conn;
1170
1171         BT_DBG("%s status 0x%2.2x", hdev->name, status);
1172
1173         if (!status)
1174                 return;
1175
1176         cp = hci_sent_cmd_data(hdev, HCI_OP_AUTH_REQUESTED);
1177         if (!cp)
1178                 return;
1179
1180         hci_dev_lock(hdev);
1181
1182         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1183         if (conn) {
1184                 if (conn->state == BT_CONFIG) {
1185                         hci_proto_connect_cfm(conn, status);
1186                         hci_conn_drop(conn);
1187                 }
1188         }
1189
1190         hci_dev_unlock(hdev);
1191 }
1192
1193 static void hci_cs_set_conn_encrypt(struct hci_dev *hdev, __u8 status)
1194 {
1195         struct hci_cp_set_conn_encrypt *cp;
1196         struct hci_conn *conn;
1197
1198         BT_DBG("%s status 0x%2.2x", hdev->name, status);
1199
1200         if (!status)
1201                 return;
1202
1203         cp = hci_sent_cmd_data(hdev, HCI_OP_SET_CONN_ENCRYPT);
1204         if (!cp)
1205                 return;
1206
1207         hci_dev_lock(hdev);
1208
1209         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1210         if (conn) {
1211                 if (conn->state == BT_CONFIG) {
1212                         hci_proto_connect_cfm(conn, status);
1213                         hci_conn_drop(conn);
1214                 }
1215         }
1216
1217         hci_dev_unlock(hdev);
1218 }
1219
1220 static int hci_outgoing_auth_needed(struct hci_dev *hdev,
1221                                     struct hci_conn *conn)
1222 {
1223         if (conn->state != BT_CONFIG || !conn->out)
1224                 return 0;
1225
1226         if (conn->pending_sec_level == BT_SECURITY_SDP)
1227                 return 0;
1228
1229         /* Only request authentication for SSP connections or non-SSP
1230          * devices with sec_level MEDIUM or HIGH or if MITM protection
1231          * is requested.
1232          */
1233         if (!hci_conn_ssp_enabled(conn) && !(conn->auth_type & 0x01) &&
1234             conn->pending_sec_level != BT_SECURITY_HIGH &&
1235             conn->pending_sec_level != BT_SECURITY_MEDIUM)
1236                 return 0;
1237
1238         return 1;
1239 }
1240
1241 static int hci_resolve_name(struct hci_dev *hdev,
1242                                    struct inquiry_entry *e)
1243 {
1244         struct hci_cp_remote_name_req cp;
1245
1246         memset(&cp, 0, sizeof(cp));
1247
1248         bacpy(&cp.bdaddr, &e->data.bdaddr);
1249         cp.pscan_rep_mode = e->data.pscan_rep_mode;
1250         cp.pscan_mode = e->data.pscan_mode;
1251         cp.clock_offset = e->data.clock_offset;
1252
1253         return hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
1254 }
1255
1256 static bool hci_resolve_next_name(struct hci_dev *hdev)
1257 {
1258         struct discovery_state *discov = &hdev->discovery;
1259         struct inquiry_entry *e;
1260
1261         if (list_empty(&discov->resolve))
1262                 return false;
1263
1264         e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_NEEDED);
1265         if (!e)
1266                 return false;
1267
1268         if (hci_resolve_name(hdev, e) == 0) {
1269                 e->name_state = NAME_PENDING;
1270                 return true;
1271         }
1272
1273         return false;
1274 }
1275
1276 static void hci_check_pending_name(struct hci_dev *hdev, struct hci_conn *conn,
1277                                    bdaddr_t *bdaddr, u8 *name, u8 name_len)
1278 {
1279         struct discovery_state *discov = &hdev->discovery;
1280         struct inquiry_entry *e;
1281
1282         if (conn && !test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
1283                 mgmt_device_connected(hdev, bdaddr, ACL_LINK, 0x00, 0, name,
1284                                       name_len, conn->dev_class);
1285
1286         if (discov->state == DISCOVERY_STOPPED)
1287                 return;
1288
1289         if (discov->state == DISCOVERY_STOPPING)
1290                 goto discov_complete;
1291
1292         if (discov->state != DISCOVERY_RESOLVING)
1293                 return;
1294
1295         e = hci_inquiry_cache_lookup_resolve(hdev, bdaddr, NAME_PENDING);
1296         /* If the device was not found in a list of found devices names of which
1297          * are pending. there is no need to continue resolving a next name as it
1298          * will be done upon receiving another Remote Name Request Complete
1299          * Event */
1300         if (!e)
1301                 return;
1302
1303         list_del(&e->list);
1304         if (name) {
1305                 e->name_state = NAME_KNOWN;
1306                 mgmt_remote_name(hdev, bdaddr, ACL_LINK, 0x00,
1307                                  e->data.rssi, name, name_len);
1308         } else {
1309                 e->name_state = NAME_NOT_KNOWN;
1310         }
1311
1312         if (hci_resolve_next_name(hdev))
1313                 return;
1314
1315 discov_complete:
1316         hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1317 }
1318
1319 static void hci_cs_remote_name_req(struct hci_dev *hdev, __u8 status)
1320 {
1321         struct hci_cp_remote_name_req *cp;
1322         struct hci_conn *conn;
1323
1324         BT_DBG("%s status 0x%2.2x", hdev->name, status);
1325
1326         /* If successful wait for the name req complete event before
1327          * checking for the need to do authentication */
1328         if (!status)
1329                 return;
1330
1331         cp = hci_sent_cmd_data(hdev, HCI_OP_REMOTE_NAME_REQ);
1332         if (!cp)
1333                 return;
1334
1335         hci_dev_lock(hdev);
1336
1337         conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1338
1339         if (test_bit(HCI_MGMT, &hdev->dev_flags))
1340                 hci_check_pending_name(hdev, conn, &cp->bdaddr, NULL, 0);
1341
1342         if (!conn)
1343                 goto unlock;
1344
1345         if (!hci_outgoing_auth_needed(hdev, conn))
1346                 goto unlock;
1347
1348         if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
1349                 struct hci_cp_auth_requested auth_cp;
1350
1351                 auth_cp.handle = __cpu_to_le16(conn->handle);
1352                 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED,
1353                              sizeof(auth_cp), &auth_cp);
1354         }
1355
1356 unlock:
1357         hci_dev_unlock(hdev);
1358 }
1359
1360 static void hci_cs_read_remote_features(struct hci_dev *hdev, __u8 status)
1361 {
1362         struct hci_cp_read_remote_features *cp;
1363         struct hci_conn *conn;
1364
1365         BT_DBG("%s status 0x%2.2x", hdev->name, status);
1366
1367         if (!status)
1368                 return;
1369
1370         cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_FEATURES);
1371         if (!cp)
1372                 return;
1373
1374         hci_dev_lock(hdev);
1375
1376         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1377         if (conn) {
1378                 if (conn->state == BT_CONFIG) {
1379                         hci_proto_connect_cfm(conn, status);
1380                         hci_conn_drop(conn);
1381                 }
1382         }
1383
1384         hci_dev_unlock(hdev);
1385 }
1386
1387 static void hci_cs_read_remote_ext_features(struct hci_dev *hdev, __u8 status)
1388 {
1389         struct hci_cp_read_remote_ext_features *cp;
1390         struct hci_conn *conn;
1391
1392         BT_DBG("%s status 0x%2.2x", hdev->name, status);
1393
1394         if (!status)
1395                 return;
1396
1397         cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES);
1398         if (!cp)
1399                 return;
1400
1401         hci_dev_lock(hdev);
1402
1403         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1404         if (conn) {
1405                 if (conn->state == BT_CONFIG) {
1406                         hci_proto_connect_cfm(conn, status);
1407                         hci_conn_drop(conn);
1408                 }
1409         }
1410
1411         hci_dev_unlock(hdev);
1412 }
1413
1414 static void hci_cs_setup_sync_conn(struct hci_dev *hdev, __u8 status)
1415 {
1416         struct hci_cp_setup_sync_conn *cp;
1417         struct hci_conn *acl, *sco;
1418         __u16 handle;
1419
1420         BT_DBG("%s status 0x%2.2x", hdev->name, status);
1421
1422         if (!status)
1423                 return;
1424
1425         cp = hci_sent_cmd_data(hdev, HCI_OP_SETUP_SYNC_CONN);
1426         if (!cp)
1427                 return;
1428
1429         handle = __le16_to_cpu(cp->handle);
1430
1431         BT_DBG("%s handle 0x%4.4x", hdev->name, handle);
1432
1433         hci_dev_lock(hdev);
1434
1435         acl = hci_conn_hash_lookup_handle(hdev, handle);
1436         if (acl) {
1437                 sco = acl->link;
1438                 if (sco) {
1439                         sco->state = BT_CLOSED;
1440
1441                         hci_proto_connect_cfm(sco, status);
1442                         hci_conn_del(sco);
1443                 }
1444         }
1445
1446         hci_dev_unlock(hdev);
1447 }
1448
1449 static void hci_cs_sniff_mode(struct hci_dev *hdev, __u8 status)
1450 {
1451         struct hci_cp_sniff_mode *cp;
1452         struct hci_conn *conn;
1453
1454         BT_DBG("%s status 0x%2.2x", hdev->name, status);
1455
1456         if (!status)
1457                 return;
1458
1459         cp = hci_sent_cmd_data(hdev, HCI_OP_SNIFF_MODE);
1460         if (!cp)
1461                 return;
1462
1463         hci_dev_lock(hdev);
1464
1465         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1466         if (conn) {
1467                 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags);
1468
1469                 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
1470                         hci_sco_setup(conn, status);
1471         }
1472
1473         hci_dev_unlock(hdev);
1474 }
1475
1476 static void hci_cs_exit_sniff_mode(struct hci_dev *hdev, __u8 status)
1477 {
1478         struct hci_cp_exit_sniff_mode *cp;
1479         struct hci_conn *conn;
1480
1481         BT_DBG("%s status 0x%2.2x", hdev->name, status);
1482
1483         if (!status)
1484                 return;
1485
1486         cp = hci_sent_cmd_data(hdev, HCI_OP_EXIT_SNIFF_MODE);
1487         if (!cp)
1488                 return;
1489
1490         hci_dev_lock(hdev);
1491
1492         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1493         if (conn) {
1494                 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags);
1495
1496                 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
1497                         hci_sco_setup(conn, status);
1498         }
1499
1500         hci_dev_unlock(hdev);
1501 }
1502
1503 static void hci_cs_disconnect(struct hci_dev *hdev, u8 status)
1504 {
1505         struct hci_cp_disconnect *cp;
1506         struct hci_conn *conn;
1507
1508         if (!status)
1509                 return;
1510
1511         cp = hci_sent_cmd_data(hdev, HCI_OP_DISCONNECT);
1512         if (!cp)
1513                 return;
1514
1515         hci_dev_lock(hdev);
1516
1517         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1518         if (conn)
1519                 mgmt_disconnect_failed(hdev, &conn->dst, conn->type,
1520                                        conn->dst_type, status);
1521
1522         hci_dev_unlock(hdev);
1523 }
1524
1525 static void hci_cs_create_phylink(struct hci_dev *hdev, u8 status)
1526 {
1527         struct hci_cp_create_phy_link *cp;
1528
1529         BT_DBG("%s status 0x%2.2x", hdev->name, status);
1530
1531         cp = hci_sent_cmd_data(hdev, HCI_OP_CREATE_PHY_LINK);
1532         if (!cp)
1533                 return;
1534
1535         hci_dev_lock(hdev);
1536
1537         if (status) {
1538                 struct hci_conn *hcon;
1539
1540                 hcon = hci_conn_hash_lookup_handle(hdev, cp->phy_handle);
1541                 if (hcon)
1542                         hci_conn_del(hcon);
1543         } else {
1544                 amp_write_remote_assoc(hdev, cp->phy_handle);
1545         }
1546
1547         hci_dev_unlock(hdev);
1548 }
1549
1550 static void hci_cs_accept_phylink(struct hci_dev *hdev, u8 status)
1551 {
1552         struct hci_cp_accept_phy_link *cp;
1553
1554         BT_DBG("%s status 0x%2.2x", hdev->name, status);
1555
1556         if (status)
1557                 return;
1558
1559         cp = hci_sent_cmd_data(hdev, HCI_OP_ACCEPT_PHY_LINK);
1560         if (!cp)
1561                 return;
1562
1563         amp_write_remote_assoc(hdev, cp->phy_handle);
1564 }
1565
1566 static void hci_inquiry_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1567 {
1568         __u8 status = *((__u8 *) skb->data);
1569         struct discovery_state *discov = &hdev->discovery;
1570         struct inquiry_entry *e;
1571
1572         BT_DBG("%s status 0x%2.2x", hdev->name, status);
1573
1574         hci_conn_check_pending(hdev);
1575
1576         if (!test_and_clear_bit(HCI_INQUIRY, &hdev->flags))
1577                 return;
1578
1579         smp_mb__after_clear_bit(); /* wake_up_bit advises about this barrier */
1580         wake_up_bit(&hdev->flags, HCI_INQUIRY);
1581
1582         if (!test_bit(HCI_MGMT, &hdev->dev_flags))
1583                 return;
1584
1585         hci_dev_lock(hdev);
1586
1587         if (discov->state != DISCOVERY_FINDING)
1588                 goto unlock;
1589
1590         if (list_empty(&discov->resolve)) {
1591                 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1592                 goto unlock;
1593         }
1594
1595         e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_NEEDED);
1596         if (e && hci_resolve_name(hdev, e) == 0) {
1597                 e->name_state = NAME_PENDING;
1598                 hci_discovery_set_state(hdev, DISCOVERY_RESOLVING);
1599         } else {
1600                 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1601         }
1602
1603 unlock:
1604         hci_dev_unlock(hdev);
1605 }
1606
1607 static void hci_inquiry_result_evt(struct hci_dev *hdev, struct sk_buff *skb)
1608 {
1609         struct inquiry_data data;
1610         struct inquiry_info *info = (void *) (skb->data + 1);
1611         int num_rsp = *((__u8 *) skb->data);
1612
1613         BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
1614
1615         if (!num_rsp)
1616                 return;
1617
1618         if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags))
1619                 return;
1620
1621         hci_dev_lock(hdev);
1622
1623         for (; num_rsp; num_rsp--, info++) {
1624                 bool name_known, ssp;
1625
1626                 bacpy(&data.bdaddr, &info->bdaddr);
1627                 data.pscan_rep_mode     = info->pscan_rep_mode;
1628                 data.pscan_period_mode  = info->pscan_period_mode;
1629                 data.pscan_mode         = info->pscan_mode;
1630                 memcpy(data.dev_class, info->dev_class, 3);
1631                 data.clock_offset       = info->clock_offset;
1632                 data.rssi               = 0x00;
1633                 data.ssp_mode           = 0x00;
1634
1635                 name_known = hci_inquiry_cache_update(hdev, &data, false, &ssp);
1636                 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
1637                                   info->dev_class, 0, !name_known, ssp, NULL,
1638                                   0);
1639         }
1640
1641         hci_dev_unlock(hdev);
1642 }
1643
1644 static void hci_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1645 {
1646         struct hci_ev_conn_complete *ev = (void *) skb->data;
1647         struct hci_conn *conn;
1648
1649         BT_DBG("%s", hdev->name);
1650
1651         hci_dev_lock(hdev);
1652
1653         conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
1654         if (!conn) {
1655                 if (ev->link_type != SCO_LINK)
1656                         goto unlock;
1657
1658                 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
1659                 if (!conn)
1660                         goto unlock;
1661
1662                 conn->type = SCO_LINK;
1663         }
1664
1665         if (!ev->status) {
1666                 conn->handle = __le16_to_cpu(ev->handle);
1667
1668                 if (conn->type == ACL_LINK) {
1669                         conn->state = BT_CONFIG;
1670                         hci_conn_hold(conn);
1671
1672                         if (!conn->out && !hci_conn_ssp_enabled(conn) &&
1673                             !hci_find_link_key(hdev, &ev->bdaddr))
1674                                 conn->disc_timeout = HCI_PAIRING_TIMEOUT;
1675                         else
1676                                 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
1677                 } else
1678                         conn->state = BT_CONNECTED;
1679
1680                 hci_conn_add_sysfs(conn);
1681
1682                 if (test_bit(HCI_AUTH, &hdev->flags))
1683                         conn->link_mode |= HCI_LM_AUTH;
1684
1685                 if (test_bit(HCI_ENCRYPT, &hdev->flags))
1686                         conn->link_mode |= HCI_LM_ENCRYPT;
1687
1688                 /* Get remote features */
1689                 if (conn->type == ACL_LINK) {
1690                         struct hci_cp_read_remote_features cp;
1691                         cp.handle = ev->handle;
1692                         hci_send_cmd(hdev, HCI_OP_READ_REMOTE_FEATURES,
1693                                      sizeof(cp), &cp);
1694                 }
1695
1696                 /* Set packet type for incoming connection */
1697                 if (!conn->out && hdev->hci_ver < BLUETOOTH_VER_2_0) {
1698                         struct hci_cp_change_conn_ptype cp;
1699                         cp.handle = ev->handle;
1700                         cp.pkt_type = cpu_to_le16(conn->pkt_type);
1701                         hci_send_cmd(hdev, HCI_OP_CHANGE_CONN_PTYPE, sizeof(cp),
1702                                      &cp);
1703                 }
1704         } else {
1705                 conn->state = BT_CLOSED;
1706                 if (conn->type == ACL_LINK)
1707                         mgmt_connect_failed(hdev, &ev->bdaddr, conn->type,
1708                                             conn->dst_type, ev->status);
1709         }
1710
1711         if (conn->type == ACL_LINK)
1712                 hci_sco_setup(conn, ev->status);
1713
1714         if (ev->status) {
1715                 hci_proto_connect_cfm(conn, ev->status);
1716                 hci_conn_del(conn);
1717         } else if (ev->link_type != ACL_LINK)
1718                 hci_proto_connect_cfm(conn, ev->status);
1719
1720 unlock:
1721         hci_dev_unlock(hdev);
1722
1723         hci_conn_check_pending(hdev);
1724 }
1725
1726 static void hci_conn_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
1727 {
1728         struct hci_ev_conn_request *ev = (void *) skb->data;
1729         int mask = hdev->link_mode;
1730         __u8 flags = 0;
1731
1732         BT_DBG("%s bdaddr %pMR type 0x%x", hdev->name, &ev->bdaddr,
1733                ev->link_type);
1734
1735         mask |= hci_proto_connect_ind(hdev, &ev->bdaddr, ev->link_type,
1736                                       &flags);
1737
1738         if ((mask & HCI_LM_ACCEPT) &&
1739             !hci_blacklist_lookup(hdev, &ev->bdaddr, BDADDR_BREDR)) {
1740                 /* Connection accepted */
1741                 struct inquiry_entry *ie;
1742                 struct hci_conn *conn;
1743
1744                 hci_dev_lock(hdev);
1745
1746                 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
1747                 if (ie)
1748                         memcpy(ie->data.dev_class, ev->dev_class, 3);
1749
1750                 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type,
1751                                                &ev->bdaddr);
1752                 if (!conn) {
1753                         conn = hci_conn_add(hdev, ev->link_type, &ev->bdaddr);
1754                         if (!conn) {
1755                                 BT_ERR("No memory for new connection");
1756                                 hci_dev_unlock(hdev);
1757                                 return;
1758                         }
1759                 }
1760
1761                 memcpy(conn->dev_class, ev->dev_class, 3);
1762
1763                 hci_dev_unlock(hdev);
1764
1765                 if (ev->link_type == ACL_LINK ||
1766                     (!(flags & HCI_PROTO_DEFER) && !lmp_esco_capable(hdev))) {
1767                         struct hci_cp_accept_conn_req cp;
1768                         conn->state = BT_CONNECT;
1769
1770                         bacpy(&cp.bdaddr, &ev->bdaddr);
1771
1772                         if (lmp_rswitch_capable(hdev) && (mask & HCI_LM_MASTER))
1773                                 cp.role = 0x00; /* Become master */
1774                         else
1775                                 cp.role = 0x01; /* Remain slave */
1776
1777                         hci_send_cmd(hdev, HCI_OP_ACCEPT_CONN_REQ, sizeof(cp),
1778                                      &cp);
1779                 } else if (!(flags & HCI_PROTO_DEFER)) {
1780                         struct hci_cp_accept_sync_conn_req cp;
1781                         conn->state = BT_CONNECT;
1782
1783                         bacpy(&cp.bdaddr, &ev->bdaddr);
1784                         cp.pkt_type = cpu_to_le16(conn->pkt_type);
1785
1786                         cp.tx_bandwidth   = __constant_cpu_to_le32(0x00001f40);
1787                         cp.rx_bandwidth   = __constant_cpu_to_le32(0x00001f40);
1788                         cp.max_latency    = __constant_cpu_to_le16(0xffff);
1789                         cp.content_format = cpu_to_le16(hdev->voice_setting);
1790                         cp.retrans_effort = 0xff;
1791
1792                         hci_send_cmd(hdev, HCI_OP_ACCEPT_SYNC_CONN_REQ,
1793                                      sizeof(cp), &cp);
1794                 } else {
1795                         conn->state = BT_CONNECT2;
1796                         hci_proto_connect_cfm(conn, 0);
1797                 }
1798         } else {
1799                 /* Connection rejected */
1800                 struct hci_cp_reject_conn_req cp;
1801
1802                 bacpy(&cp.bdaddr, &ev->bdaddr);
1803                 cp.reason = HCI_ERROR_REJ_BAD_ADDR;
1804                 hci_send_cmd(hdev, HCI_OP_REJECT_CONN_REQ, sizeof(cp), &cp);
1805         }
1806 }
1807
1808 static u8 hci_to_mgmt_reason(u8 err)
1809 {
1810         switch (err) {
1811         case HCI_ERROR_CONNECTION_TIMEOUT:
1812                 return MGMT_DEV_DISCONN_TIMEOUT;
1813         case HCI_ERROR_REMOTE_USER_TERM:
1814         case HCI_ERROR_REMOTE_LOW_RESOURCES:
1815         case HCI_ERROR_REMOTE_POWER_OFF:
1816                 return MGMT_DEV_DISCONN_REMOTE;
1817         case HCI_ERROR_LOCAL_HOST_TERM:
1818                 return MGMT_DEV_DISCONN_LOCAL_HOST;
1819         default:
1820                 return MGMT_DEV_DISCONN_UNKNOWN;
1821         }
1822 }
1823
1824 static void hci_disconn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1825 {
1826         struct hci_ev_disconn_complete *ev = (void *) skb->data;
1827         u8 reason = hci_to_mgmt_reason(ev->reason);
1828         struct hci_conn *conn;
1829         u8 type;
1830
1831         BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
1832
1833         hci_dev_lock(hdev);
1834
1835         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1836         if (!conn)
1837                 goto unlock;
1838
1839         if (ev->status) {
1840                 mgmt_disconnect_failed(hdev, &conn->dst, conn->type,
1841                                        conn->dst_type, ev->status);
1842                 goto unlock;
1843         }
1844
1845         conn->state = BT_CLOSED;
1846
1847         if (test_and_clear_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
1848                 mgmt_device_disconnected(hdev, &conn->dst, conn->type,
1849                                          conn->dst_type, reason);
1850
1851         if (conn->type == ACL_LINK && conn->flush_key)
1852                 hci_remove_link_key(hdev, &conn->dst);
1853
1854         type = conn->type;
1855
1856         hci_proto_disconn_cfm(conn, ev->reason);
1857         hci_conn_del(conn);
1858
1859         /* Re-enable advertising if necessary, since it might
1860          * have been disabled by the connection. From the
1861          * HCI_LE_Set_Advertise_Enable command description in
1862          * the core specification (v4.0):
1863          * "The Controller shall continue advertising until the Host
1864          * issues an LE_Set_Advertise_Enable command with
1865          * Advertising_Enable set to 0x00 (Advertising is disabled)
1866          * or until a connection is created or until the Advertising
1867          * is timed out due to Directed Advertising."
1868          */
1869         if (type == LE_LINK)
1870                 mgmt_reenable_advertising(hdev);
1871
1872 unlock:
1873         hci_dev_unlock(hdev);
1874 }
1875
1876 static void hci_auth_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1877 {
1878         struct hci_ev_auth_complete *ev = (void *) skb->data;
1879         struct hci_conn *conn;
1880
1881         BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
1882
1883         hci_dev_lock(hdev);
1884
1885         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1886         if (!conn)
1887                 goto unlock;
1888
1889         if (!ev->status) {
1890                 if (!hci_conn_ssp_enabled(conn) &&
1891                     test_bit(HCI_CONN_REAUTH_PEND, &conn->flags)) {
1892                         BT_INFO("re-auth of legacy device is not possible.");
1893                 } else {
1894                         conn->link_mode |= HCI_LM_AUTH;
1895                         conn->sec_level = conn->pending_sec_level;
1896                 }
1897         } else {
1898                 mgmt_auth_failed(hdev, &conn->dst, conn->type, conn->dst_type,
1899                                  ev->status);
1900         }
1901
1902         clear_bit(HCI_CONN_AUTH_PEND, &conn->flags);
1903         clear_bit(HCI_CONN_REAUTH_PEND, &conn->flags);
1904
1905         if (conn->state == BT_CONFIG) {
1906                 if (!ev->status && hci_conn_ssp_enabled(conn)) {
1907                         struct hci_cp_set_conn_encrypt cp;
1908                         cp.handle  = ev->handle;
1909                         cp.encrypt = 0x01;
1910                         hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
1911                                      &cp);
1912                 } else {
1913                         conn->state = BT_CONNECTED;
1914                         hci_proto_connect_cfm(conn, ev->status);
1915                         hci_conn_drop(conn);
1916                 }
1917         } else {
1918                 hci_auth_cfm(conn, ev->status);
1919
1920                 hci_conn_hold(conn);
1921                 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
1922                 hci_conn_drop(conn);
1923         }
1924
1925         if (test_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags)) {
1926                 if (!ev->status) {
1927                         struct hci_cp_set_conn_encrypt cp;
1928                         cp.handle  = ev->handle;
1929                         cp.encrypt = 0x01;
1930                         hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
1931                                      &cp);
1932                 } else {
1933                         clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
1934                         hci_encrypt_cfm(conn, ev->status, 0x00);
1935                 }
1936         }
1937
1938 unlock:
1939         hci_dev_unlock(hdev);
1940 }
1941
1942 static void hci_remote_name_evt(struct hci_dev *hdev, struct sk_buff *skb)
1943 {
1944         struct hci_ev_remote_name *ev = (void *) skb->data;
1945         struct hci_conn *conn;
1946
1947         BT_DBG("%s", hdev->name);
1948
1949         hci_conn_check_pending(hdev);
1950
1951         hci_dev_lock(hdev);
1952
1953         conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
1954
1955         if (!test_bit(HCI_MGMT, &hdev->dev_flags))
1956                 goto check_auth;
1957
1958         if (ev->status == 0)
1959                 hci_check_pending_name(hdev, conn, &ev->bdaddr, ev->name,
1960                                        strnlen(ev->name, HCI_MAX_NAME_LENGTH));
1961         else
1962                 hci_check_pending_name(hdev, conn, &ev->bdaddr, NULL, 0);
1963
1964 check_auth:
1965         if (!conn)
1966                 goto unlock;
1967
1968         if (!hci_outgoing_auth_needed(hdev, conn))
1969                 goto unlock;
1970
1971         if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
1972                 struct hci_cp_auth_requested cp;
1973                 cp.handle = __cpu_to_le16(conn->handle);
1974                 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp);
1975         }
1976
1977 unlock:
1978         hci_dev_unlock(hdev);
1979 }
1980
1981 static void hci_encrypt_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
1982 {
1983         struct hci_ev_encrypt_change *ev = (void *) skb->data;
1984         struct hci_conn *conn;
1985
1986         BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
1987
1988         hci_dev_lock(hdev);
1989
1990         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1991         if (!conn)
1992                 goto unlock;
1993
1994         if (!ev->status) {
1995                 if (ev->encrypt) {
1996                         /* Encryption implies authentication */
1997                         conn->link_mode |= HCI_LM_AUTH;
1998                         conn->link_mode |= HCI_LM_ENCRYPT;
1999                         conn->sec_level = conn->pending_sec_level;
2000
2001                         if ((conn->type == ACL_LINK && ev->encrypt == 0x02) ||
2002                             conn->type == LE_LINK)
2003                                 set_bit(HCI_CONN_AES_CCM, &conn->flags);
2004                 } else {
2005                         conn->link_mode &= ~HCI_LM_ENCRYPT;
2006                         clear_bit(HCI_CONN_AES_CCM, &conn->flags);
2007                 }
2008         }
2009
2010         clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
2011
2012         if (ev->status && conn->state == BT_CONNECTED) {
2013                 hci_disconnect(conn, HCI_ERROR_AUTH_FAILURE);
2014                 hci_conn_drop(conn);
2015                 goto unlock;
2016         }
2017
2018         if (conn->state == BT_CONFIG) {
2019                 if (!ev->status)
2020                         conn->state = BT_CONNECTED;
2021
2022                 hci_proto_connect_cfm(conn, ev->status);
2023                 hci_conn_drop(conn);
2024         } else
2025                 hci_encrypt_cfm(conn, ev->status, ev->encrypt);
2026
2027 unlock:
2028         hci_dev_unlock(hdev);
2029 }
2030
2031 static void hci_change_link_key_complete_evt(struct hci_dev *hdev,
2032                                              struct sk_buff *skb)
2033 {
2034         struct hci_ev_change_link_key_complete *ev = (void *) skb->data;
2035         struct hci_conn *conn;
2036
2037         BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2038
2039         hci_dev_lock(hdev);
2040
2041         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2042         if (conn) {
2043                 if (!ev->status)
2044                         conn->link_mode |= HCI_LM_SECURE;
2045
2046                 clear_bit(HCI_CONN_AUTH_PEND, &conn->flags);
2047
2048                 hci_key_change_cfm(conn, ev->status);
2049         }
2050
2051         hci_dev_unlock(hdev);
2052 }
2053
2054 static void hci_remote_features_evt(struct hci_dev *hdev,
2055                                     struct sk_buff *skb)
2056 {
2057         struct hci_ev_remote_features *ev = (void *) skb->data;
2058         struct hci_conn *conn;
2059
2060         BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2061
2062         hci_dev_lock(hdev);
2063
2064         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2065         if (!conn)
2066                 goto unlock;
2067
2068         if (!ev->status)
2069                 memcpy(conn->features[0], ev->features, 8);
2070
2071         if (conn->state != BT_CONFIG)
2072                 goto unlock;
2073
2074         if (!ev->status && lmp_ssp_capable(hdev) && lmp_ssp_capable(conn)) {
2075                 struct hci_cp_read_remote_ext_features cp;
2076                 cp.handle = ev->handle;
2077                 cp.page = 0x01;
2078                 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES,
2079                              sizeof(cp), &cp);
2080                 goto unlock;
2081         }
2082
2083         if (!ev->status && !test_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags)) {
2084                 struct hci_cp_remote_name_req cp;
2085                 memset(&cp, 0, sizeof(cp));
2086                 bacpy(&cp.bdaddr, &conn->dst);
2087                 cp.pscan_rep_mode = 0x02;
2088                 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
2089         } else if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
2090                 mgmt_device_connected(hdev, &conn->dst, conn->type,
2091                                       conn->dst_type, 0, NULL, 0,
2092                                       conn->dev_class);
2093
2094         if (!hci_outgoing_auth_needed(hdev, conn)) {
2095                 conn->state = BT_CONNECTED;
2096                 hci_proto_connect_cfm(conn, ev->status);
2097                 hci_conn_drop(conn);
2098         }
2099
2100 unlock:
2101         hci_dev_unlock(hdev);
2102 }
2103
2104 static void hci_cmd_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2105 {
2106         struct hci_ev_cmd_complete *ev = (void *) skb->data;
2107         u8 status = skb->data[sizeof(*ev)];
2108         __u16 opcode;
2109
2110         skb_pull(skb, sizeof(*ev));
2111
2112         opcode = __le16_to_cpu(ev->opcode);
2113
2114         switch (opcode) {
2115         case HCI_OP_INQUIRY_CANCEL:
2116                 hci_cc_inquiry_cancel(hdev, skb);
2117                 break;
2118
2119         case HCI_OP_PERIODIC_INQ:
2120                 hci_cc_periodic_inq(hdev, skb);
2121                 break;
2122
2123         case HCI_OP_EXIT_PERIODIC_INQ:
2124                 hci_cc_exit_periodic_inq(hdev, skb);
2125                 break;
2126
2127         case HCI_OP_REMOTE_NAME_REQ_CANCEL:
2128                 hci_cc_remote_name_req_cancel(hdev, skb);
2129                 break;
2130
2131         case HCI_OP_ROLE_DISCOVERY:
2132                 hci_cc_role_discovery(hdev, skb);
2133                 break;
2134
2135         case HCI_OP_READ_LINK_POLICY:
2136                 hci_cc_read_link_policy(hdev, skb);
2137                 break;
2138
2139         case HCI_OP_WRITE_LINK_POLICY:
2140                 hci_cc_write_link_policy(hdev, skb);
2141                 break;
2142
2143         case HCI_OP_READ_DEF_LINK_POLICY:
2144                 hci_cc_read_def_link_policy(hdev, skb);
2145                 break;
2146
2147         case HCI_OP_WRITE_DEF_LINK_POLICY:
2148                 hci_cc_write_def_link_policy(hdev, skb);
2149                 break;
2150
2151         case HCI_OP_RESET:
2152                 hci_cc_reset(hdev, skb);
2153                 break;
2154
2155         case HCI_OP_WRITE_LOCAL_NAME:
2156                 hci_cc_write_local_name(hdev, skb);
2157                 break;
2158
2159         case HCI_OP_READ_LOCAL_NAME:
2160                 hci_cc_read_local_name(hdev, skb);
2161                 break;
2162
2163         case HCI_OP_WRITE_AUTH_ENABLE:
2164                 hci_cc_write_auth_enable(hdev, skb);
2165                 break;
2166
2167         case HCI_OP_WRITE_ENCRYPT_MODE:
2168                 hci_cc_write_encrypt_mode(hdev, skb);
2169                 break;
2170
2171         case HCI_OP_WRITE_SCAN_ENABLE:
2172                 hci_cc_write_scan_enable(hdev, skb);
2173                 break;
2174
2175         case HCI_OP_READ_CLASS_OF_DEV:
2176                 hci_cc_read_class_of_dev(hdev, skb);
2177                 break;
2178
2179         case HCI_OP_WRITE_CLASS_OF_DEV:
2180                 hci_cc_write_class_of_dev(hdev, skb);
2181                 break;
2182
2183         case HCI_OP_READ_VOICE_SETTING:
2184                 hci_cc_read_voice_setting(hdev, skb);
2185                 break;
2186
2187         case HCI_OP_WRITE_VOICE_SETTING:
2188                 hci_cc_write_voice_setting(hdev, skb);
2189                 break;
2190
2191         case HCI_OP_READ_NUM_SUPPORTED_IAC:
2192                 hci_cc_read_num_supported_iac(hdev, skb);
2193                 break;
2194
2195         case HCI_OP_WRITE_SSP_MODE:
2196                 hci_cc_write_ssp_mode(hdev, skb);
2197                 break;
2198
2199         case HCI_OP_WRITE_SC_SUPPORT:
2200                 hci_cc_write_sc_support(hdev, skb);
2201                 break;
2202
2203         case HCI_OP_READ_LOCAL_VERSION:
2204                 hci_cc_read_local_version(hdev, skb);
2205                 break;
2206
2207         case HCI_OP_READ_LOCAL_COMMANDS:
2208                 hci_cc_read_local_commands(hdev, skb);
2209                 break;
2210
2211         case HCI_OP_READ_LOCAL_FEATURES:
2212                 hci_cc_read_local_features(hdev, skb);
2213                 break;
2214
2215         case HCI_OP_READ_LOCAL_EXT_FEATURES:
2216                 hci_cc_read_local_ext_features(hdev, skb);
2217                 break;
2218
2219         case HCI_OP_READ_BUFFER_SIZE:
2220                 hci_cc_read_buffer_size(hdev, skb);
2221                 break;
2222
2223         case HCI_OP_READ_BD_ADDR:
2224                 hci_cc_read_bd_addr(hdev, skb);
2225                 break;
2226
2227         case HCI_OP_READ_PAGE_SCAN_ACTIVITY:
2228                 hci_cc_read_page_scan_activity(hdev, skb);
2229                 break;
2230
2231         case HCI_OP_WRITE_PAGE_SCAN_ACTIVITY:
2232                 hci_cc_write_page_scan_activity(hdev, skb);
2233                 break;
2234
2235         case HCI_OP_READ_PAGE_SCAN_TYPE:
2236                 hci_cc_read_page_scan_type(hdev, skb);
2237                 break;
2238
2239         case HCI_OP_WRITE_PAGE_SCAN_TYPE:
2240                 hci_cc_write_page_scan_type(hdev, skb);
2241                 break;
2242
2243         case HCI_OP_READ_DATA_BLOCK_SIZE:
2244                 hci_cc_read_data_block_size(hdev, skb);
2245                 break;
2246
2247         case HCI_OP_READ_FLOW_CONTROL_MODE:
2248                 hci_cc_read_flow_control_mode(hdev, skb);
2249                 break;
2250
2251         case HCI_OP_READ_LOCAL_AMP_INFO:
2252                 hci_cc_read_local_amp_info(hdev, skb);
2253                 break;
2254
2255         case HCI_OP_READ_LOCAL_AMP_ASSOC:
2256                 hci_cc_read_local_amp_assoc(hdev, skb);
2257                 break;
2258
2259         case HCI_OP_READ_INQ_RSP_TX_POWER:
2260                 hci_cc_read_inq_rsp_tx_power(hdev, skb);
2261                 break;
2262
2263         case HCI_OP_PIN_CODE_REPLY:
2264                 hci_cc_pin_code_reply(hdev, skb);
2265                 break;
2266
2267         case HCI_OP_PIN_CODE_NEG_REPLY:
2268                 hci_cc_pin_code_neg_reply(hdev, skb);
2269                 break;
2270
2271         case HCI_OP_READ_LOCAL_OOB_DATA:
2272                 hci_cc_read_local_oob_data(hdev, skb);
2273                 break;
2274
2275         case HCI_OP_READ_LOCAL_OOB_EXT_DATA:
2276                 hci_cc_read_local_oob_ext_data(hdev, skb);
2277                 break;
2278
2279         case HCI_OP_LE_READ_BUFFER_SIZE:
2280                 hci_cc_le_read_buffer_size(hdev, skb);
2281                 break;
2282
2283         case HCI_OP_LE_READ_LOCAL_FEATURES:
2284                 hci_cc_le_read_local_features(hdev, skb);
2285                 break;
2286
2287         case HCI_OP_LE_READ_ADV_TX_POWER:
2288                 hci_cc_le_read_adv_tx_power(hdev, skb);
2289                 break;
2290
2291         case HCI_OP_USER_CONFIRM_REPLY:
2292                 hci_cc_user_confirm_reply(hdev, skb);
2293                 break;
2294
2295         case HCI_OP_USER_CONFIRM_NEG_REPLY:
2296                 hci_cc_user_confirm_neg_reply(hdev, skb);
2297                 break;
2298
2299         case HCI_OP_USER_PASSKEY_REPLY:
2300                 hci_cc_user_passkey_reply(hdev, skb);
2301                 break;
2302
2303         case HCI_OP_USER_PASSKEY_NEG_REPLY:
2304                 hci_cc_user_passkey_neg_reply(hdev, skb);
2305                 break;
2306
2307         case HCI_OP_LE_SET_ADV_ENABLE:
2308                 hci_cc_le_set_adv_enable(hdev, skb);
2309                 break;
2310
2311         case HCI_OP_LE_SET_SCAN_ENABLE:
2312                 hci_cc_le_set_scan_enable(hdev, skb);
2313                 break;
2314
2315         case HCI_OP_LE_READ_WHITE_LIST_SIZE:
2316                 hci_cc_le_read_white_list_size(hdev, skb);
2317                 break;
2318
2319         case HCI_OP_LE_READ_SUPPORTED_STATES:
2320                 hci_cc_le_read_supported_states(hdev, skb);
2321                 break;
2322
2323         case HCI_OP_WRITE_LE_HOST_SUPPORTED:
2324                 hci_cc_write_le_host_supported(hdev, skb);
2325                 break;
2326
2327         case HCI_OP_WRITE_REMOTE_AMP_ASSOC:
2328                 hci_cc_write_remote_amp_assoc(hdev, skb);
2329                 break;
2330
2331         default:
2332                 BT_DBG("%s opcode 0x%4.4x", hdev->name, opcode);
2333                 break;
2334         }
2335
2336         if (opcode != HCI_OP_NOP)
2337                 del_timer(&hdev->cmd_timer);
2338
2339         hci_req_cmd_complete(hdev, opcode, status);
2340
2341         if (ev->ncmd && !test_bit(HCI_RESET, &hdev->flags)) {
2342                 atomic_set(&hdev->cmd_cnt, 1);
2343                 if (!skb_queue_empty(&hdev->cmd_q))
2344                         queue_work(hdev->workqueue, &hdev->cmd_work);
2345         }
2346 }
2347
2348 static void hci_cmd_status_evt(struct hci_dev *hdev, struct sk_buff *skb)
2349 {
2350         struct hci_ev_cmd_status *ev = (void *) skb->data;
2351         __u16 opcode;
2352
2353         skb_pull(skb, sizeof(*ev));
2354
2355         opcode = __le16_to_cpu(ev->opcode);
2356
2357         switch (opcode) {
2358         case HCI_OP_INQUIRY:
2359                 hci_cs_inquiry(hdev, ev->status);
2360                 break;
2361
2362         case HCI_OP_CREATE_CONN:
2363                 hci_cs_create_conn(hdev, ev->status);
2364                 break;
2365
2366         case HCI_OP_ADD_SCO:
2367                 hci_cs_add_sco(hdev, ev->status);
2368                 break;
2369
2370         case HCI_OP_AUTH_REQUESTED:
2371                 hci_cs_auth_requested(hdev, ev->status);
2372                 break;
2373
2374         case HCI_OP_SET_CONN_ENCRYPT:
2375                 hci_cs_set_conn_encrypt(hdev, ev->status);
2376                 break;
2377
2378         case HCI_OP_REMOTE_NAME_REQ:
2379                 hci_cs_remote_name_req(hdev, ev->status);
2380                 break;
2381
2382         case HCI_OP_READ_REMOTE_FEATURES:
2383                 hci_cs_read_remote_features(hdev, ev->status);
2384                 break;
2385
2386         case HCI_OP_READ_REMOTE_EXT_FEATURES:
2387                 hci_cs_read_remote_ext_features(hdev, ev->status);
2388                 break;
2389
2390         case HCI_OP_SETUP_SYNC_CONN:
2391                 hci_cs_setup_sync_conn(hdev, ev->status);
2392                 break;
2393
2394         case HCI_OP_SNIFF_MODE:
2395                 hci_cs_sniff_mode(hdev, ev->status);
2396                 break;
2397
2398         case HCI_OP_EXIT_SNIFF_MODE:
2399                 hci_cs_exit_sniff_mode(hdev, ev->status);
2400                 break;
2401
2402         case HCI_OP_DISCONNECT:
2403                 hci_cs_disconnect(hdev, ev->status);
2404                 break;
2405
2406         case HCI_OP_CREATE_PHY_LINK:
2407                 hci_cs_create_phylink(hdev, ev->status);
2408                 break;
2409
2410         case HCI_OP_ACCEPT_PHY_LINK:
2411                 hci_cs_accept_phylink(hdev, ev->status);
2412                 break;
2413
2414         default:
2415                 BT_DBG("%s opcode 0x%4.4x", hdev->name, opcode);
2416                 break;
2417         }
2418
2419         if (opcode != HCI_OP_NOP)
2420                 del_timer(&hdev->cmd_timer);
2421
2422         if (ev->status ||
2423             (hdev->sent_cmd && !bt_cb(hdev->sent_cmd)->req.event))
2424                 hci_req_cmd_complete(hdev, opcode, ev->status);
2425
2426         if (ev->ncmd && !test_bit(HCI_RESET, &hdev->flags)) {
2427                 atomic_set(&hdev->cmd_cnt, 1);
2428                 if (!skb_queue_empty(&hdev->cmd_q))
2429                         queue_work(hdev->workqueue, &hdev->cmd_work);
2430         }
2431 }
2432
2433 static void hci_role_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2434 {
2435         struct hci_ev_role_change *ev = (void *) skb->data;
2436         struct hci_conn *conn;
2437
2438         BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2439
2440         hci_dev_lock(hdev);
2441
2442         conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2443         if (conn) {
2444                 if (!ev->status) {
2445                         if (ev->role)
2446                                 conn->link_mode &= ~HCI_LM_MASTER;
2447                         else
2448                                 conn->link_mode |= HCI_LM_MASTER;
2449                 }
2450
2451                 clear_bit(HCI_CONN_RSWITCH_PEND, &conn->flags);
2452
2453                 hci_role_switch_cfm(conn, ev->status, ev->role);
2454         }
2455
2456         hci_dev_unlock(hdev);
2457 }
2458
2459 static void hci_num_comp_pkts_evt(struct hci_dev *hdev, struct sk_buff *skb)
2460 {
2461         struct hci_ev_num_comp_pkts *ev = (void *) skb->data;
2462         int i;
2463
2464         if (hdev->flow_ctl_mode != HCI_FLOW_CTL_MODE_PACKET_BASED) {
2465                 BT_ERR("Wrong event for mode %d", hdev->flow_ctl_mode);
2466                 return;
2467         }
2468
2469         if (skb->len < sizeof(*ev) || skb->len < sizeof(*ev) +
2470             ev->num_hndl * sizeof(struct hci_comp_pkts_info)) {
2471                 BT_DBG("%s bad parameters", hdev->name);
2472                 return;
2473         }
2474
2475         BT_DBG("%s num_hndl %d", hdev->name, ev->num_hndl);
2476
2477         for (i = 0; i < ev->num_hndl; i++) {
2478                 struct hci_comp_pkts_info *info = &ev->handles[i];
2479                 struct hci_conn *conn;
2480                 __u16  handle, count;
2481
2482                 handle = __le16_to_cpu(info->handle);
2483                 count  = __le16_to_cpu(info->count);
2484
2485                 conn = hci_conn_hash_lookup_handle(hdev, handle);
2486                 if (!conn)
2487                         continue;
2488
2489                 conn->sent -= count;
2490
2491                 switch (conn->type) {
2492                 case ACL_LINK:
2493                         hdev->acl_cnt += count;
2494                         if (hdev->acl_cnt > hdev->acl_pkts)
2495                                 hdev->acl_cnt = hdev->acl_pkts;
2496                         break;
2497
2498                 case LE_LINK:
2499                         if (hdev->le_pkts) {
2500                                 hdev->le_cnt += count;
2501                                 if (hdev->le_cnt > hdev->le_pkts)
2502                                         hdev->le_cnt = hdev->le_pkts;
2503                         } else {
2504                                 hdev->acl_cnt += count;
2505                                 if (hdev->acl_cnt > hdev->acl_pkts)
2506                                         hdev->acl_cnt = hdev->acl_pkts;
2507                         }
2508                         break;
2509
2510                 case SCO_LINK:
2511                         hdev->sco_cnt += count;
2512                         if (hdev->sco_cnt > hdev->sco_pkts)
2513                                 hdev->sco_cnt = hdev->sco_pkts;
2514                         break;
2515
2516                 default:
2517                         BT_ERR("Unknown type %d conn %p", conn->type, conn);
2518                         break;
2519                 }
2520         }
2521
2522         queue_work(hdev->workqueue, &hdev->tx_work);
2523 }
2524
2525 static struct hci_conn *__hci_conn_lookup_handle(struct hci_dev *hdev,
2526                                                  __u16 handle)
2527 {
2528         struct hci_chan *chan;
2529
2530         switch (hdev->dev_type) {
2531         case HCI_BREDR:
2532                 return hci_conn_hash_lookup_handle(hdev, handle);
2533         case HCI_AMP:
2534                 chan = hci_chan_lookup_handle(hdev, handle);
2535                 if (chan)
2536                         return chan->conn;
2537                 break;
2538         default:
2539                 BT_ERR("%s unknown dev_type %d", hdev->name, hdev->dev_type);
2540                 break;
2541         }
2542
2543         return NULL;
2544 }
2545
2546 static void hci_num_comp_blocks_evt(struct hci_dev *hdev, struct sk_buff *skb)
2547 {
2548         struct hci_ev_num_comp_blocks *ev = (void *) skb->data;
2549         int i;
2550
2551         if (hdev->flow_ctl_mode != HCI_FLOW_CTL_MODE_BLOCK_BASED) {
2552                 BT_ERR("Wrong event for mode %d", hdev->flow_ctl_mode);
2553                 return;
2554         }
2555
2556         if (skb->len < sizeof(*ev) || skb->len < sizeof(*ev) +
2557             ev->num_hndl * sizeof(struct hci_comp_blocks_info)) {
2558                 BT_DBG("%s bad parameters", hdev->name);
2559                 return;
2560         }
2561
2562         BT_DBG("%s num_blocks %d num_hndl %d", hdev->name, ev->num_blocks,
2563                ev->num_hndl);
2564
2565         for (i = 0; i < ev->num_hndl; i++) {
2566                 struct hci_comp_blocks_info *info = &ev->handles[i];
2567                 struct hci_conn *conn = NULL;
2568                 __u16  handle, block_count;
2569
2570                 handle = __le16_to_cpu(info->handle);
2571                 block_count = __le16_to_cpu(info->blocks);
2572
2573                 conn = __hci_conn_lookup_handle(hdev, handle);
2574                 if (!conn)
2575                         continue;
2576
2577                 conn->sent -= block_count;
2578
2579                 switch (conn->type) {
2580                 case ACL_LINK:
2581                 case AMP_LINK:
2582                         hdev->block_cnt += block_count;
2583                         if (hdev->block_cnt > hdev->num_blocks)
2584                                 hdev->block_cnt = hdev->num_blocks;
2585                         break;
2586
2587                 default:
2588                         BT_ERR("Unknown type %d conn %p", conn->type, conn);
2589                         break;
2590                 }
2591         }
2592
2593         queue_work(hdev->workqueue, &hdev->tx_work);
2594 }
2595
2596 static void hci_mode_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2597 {
2598         struct hci_ev_mode_change *ev = (void *) skb->data;
2599         struct hci_conn *conn;
2600
2601         BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2602
2603         hci_dev_lock(hdev);
2604
2605         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2606         if (conn) {
2607                 conn->mode = ev->mode;
2608
2609                 if (!test_and_clear_bit(HCI_CONN_MODE_CHANGE_PEND,
2610                                         &conn->flags)) {
2611                         if (conn->mode == HCI_CM_ACTIVE)
2612                                 set_bit(HCI_CONN_POWER_SAVE, &conn->flags);
2613                         else
2614                                 clear_bit(HCI_CONN_POWER_SAVE, &conn->flags);
2615                 }
2616
2617                 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
2618                         hci_sco_setup(conn, ev->status);
2619         }
2620
2621         hci_dev_unlock(hdev);
2622 }
2623
2624 static void hci_pin_code_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
2625 {
2626         struct hci_ev_pin_code_req *ev = (void *) skb->data;
2627         struct hci_conn *conn;
2628
2629         BT_DBG("%s", hdev->name);
2630
2631         hci_dev_lock(hdev);
2632
2633         conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2634         if (!conn)
2635                 goto unlock;
2636
2637         if (conn->state == BT_CONNECTED) {
2638                 hci_conn_hold(conn);
2639                 conn->disc_timeout = HCI_PAIRING_TIMEOUT;
2640                 hci_conn_drop(conn);
2641         }
2642
2643         if (!test_bit(HCI_PAIRABLE, &hdev->dev_flags))
2644                 hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
2645                              sizeof(ev->bdaddr), &ev->bdaddr);
2646         else if (test_bit(HCI_MGMT, &hdev->dev_flags)) {
2647                 u8 secure;
2648
2649                 if (conn->pending_sec_level == BT_SECURITY_HIGH)
2650                         secure = 1;
2651                 else
2652                         secure = 0;
2653
2654                 mgmt_pin_code_request(hdev, &ev->bdaddr, secure);
2655         }
2656
2657 unlock:
2658         hci_dev_unlock(hdev);
2659 }
2660
2661 static void hci_link_key_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
2662 {
2663         struct hci_ev_link_key_req *ev = (void *) skb->data;
2664         struct hci_cp_link_key_reply cp;
2665         struct hci_conn *conn;
2666         struct link_key *key;
2667
2668         BT_DBG("%s", hdev->name);
2669
2670         if (!test_bit(HCI_MGMT, &hdev->dev_flags))
2671                 return;
2672
2673         hci_dev_lock(hdev);
2674
2675         key = hci_find_link_key(hdev, &ev->bdaddr);
2676         if (!key) {
2677                 BT_DBG("%s link key not found for %pMR", hdev->name,
2678                        &ev->bdaddr);
2679                 goto not_found;
2680         }
2681
2682         BT_DBG("%s found key type %u for %pMR", hdev->name, key->type,
2683                &ev->bdaddr);
2684
2685         if (!test_bit(HCI_DEBUG_KEYS, &hdev->dev_flags) &&
2686             key->type == HCI_LK_DEBUG_COMBINATION) {
2687                 BT_DBG("%s ignoring debug key", hdev->name);
2688                 goto not_found;
2689         }
2690
2691         conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2692         if (conn) {
2693                 if ((key->type == HCI_LK_UNAUTH_COMBINATION_P192 ||
2694                      key->type == HCI_LK_UNAUTH_COMBINATION_P256) &&
2695                     conn->auth_type != 0xff && (conn->auth_type & 0x01)) {
2696                         BT_DBG("%s ignoring unauthenticated key", hdev->name);
2697                         goto not_found;
2698                 }
2699
2700                 if (key->type == HCI_LK_COMBINATION && key->pin_len < 16 &&
2701                     conn->pending_sec_level == BT_SECURITY_HIGH) {
2702                         BT_DBG("%s ignoring key unauthenticated for high security",
2703                                hdev->name);
2704                         goto not_found;
2705                 }
2706
2707                 conn->key_type = key->type;
2708                 conn->pin_length = key->pin_len;
2709         }
2710
2711         bacpy(&cp.bdaddr, &ev->bdaddr);
2712         memcpy(cp.link_key, key->val, HCI_LINK_KEY_SIZE);
2713
2714         hci_send_cmd(hdev, HCI_OP_LINK_KEY_REPLY, sizeof(cp), &cp);
2715
2716         hci_dev_unlock(hdev);
2717
2718         return;
2719
2720 not_found:
2721         hci_send_cmd(hdev, HCI_OP_LINK_KEY_NEG_REPLY, 6, &ev->bdaddr);
2722         hci_dev_unlock(hdev);
2723 }
2724
2725 static void hci_link_key_notify_evt(struct hci_dev *hdev, struct sk_buff *skb)
2726 {
2727         struct hci_ev_link_key_notify *ev = (void *) skb->data;
2728         struct hci_conn *conn;
2729         u8 pin_len = 0;
2730
2731         BT_DBG("%s", hdev->name);
2732
2733         hci_dev_lock(hdev);
2734
2735         conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2736         if (conn) {
2737                 hci_conn_hold(conn);
2738                 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
2739                 pin_len = conn->pin_length;
2740
2741                 if (ev->key_type != HCI_LK_CHANGED_COMBINATION)
2742                         conn->key_type = ev->key_type;
2743
2744                 hci_conn_drop(conn);
2745         }
2746
2747         if (test_bit(HCI_MGMT, &hdev->dev_flags))
2748                 hci_add_link_key(hdev, conn, 1, &ev->bdaddr, ev->link_key,
2749                                  ev->key_type, pin_len);
2750
2751         hci_dev_unlock(hdev);
2752 }
2753
2754 static void hci_clock_offset_evt(struct hci_dev *hdev, struct sk_buff *skb)
2755 {
2756         struct hci_ev_clock_offset *ev = (void *) skb->data;
2757         struct hci_conn *conn;
2758
2759         BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2760
2761         hci_dev_lock(hdev);
2762
2763         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2764         if (conn && !ev->status) {
2765                 struct inquiry_entry *ie;
2766
2767                 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
2768                 if (ie) {
2769                         ie->data.clock_offset = ev->clock_offset;
2770                         ie->timestamp = jiffies;
2771                 }
2772         }
2773
2774         hci_dev_unlock(hdev);
2775 }
2776
2777 static void hci_pkt_type_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2778 {
2779         struct hci_ev_pkt_type_change *ev = (void *) skb->data;
2780         struct hci_conn *conn;
2781
2782         BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2783
2784         hci_dev_lock(hdev);
2785
2786         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2787         if (conn && !ev->status)
2788                 conn->pkt_type = __le16_to_cpu(ev->pkt_type);
2789
2790         hci_dev_unlock(hdev);
2791 }
2792
2793 static void hci_pscan_rep_mode_evt(struct hci_dev *hdev, struct sk_buff *skb)
2794 {
2795         struct hci_ev_pscan_rep_mode *ev = (void *) skb->data;
2796         struct inquiry_entry *ie;
2797
2798         BT_DBG("%s", hdev->name);
2799
2800         hci_dev_lock(hdev);
2801
2802         ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
2803         if (ie) {
2804                 ie->data.pscan_rep_mode = ev->pscan_rep_mode;
2805                 ie->timestamp = jiffies;
2806         }
2807
2808         hci_dev_unlock(hdev);
2809 }
2810
2811 static void hci_inquiry_result_with_rssi_evt(struct hci_dev *hdev,
2812                                              struct sk_buff *skb)
2813 {
2814         struct inquiry_data data;
2815         int num_rsp = *((__u8 *) skb->data);
2816         bool name_known, ssp;
2817
2818         BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
2819
2820         if (!num_rsp)
2821                 return;
2822
2823         if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags))
2824                 return;
2825
2826         hci_dev_lock(hdev);
2827
2828         if ((skb->len - 1) / num_rsp != sizeof(struct inquiry_info_with_rssi)) {
2829                 struct inquiry_info_with_rssi_and_pscan_mode *info;
2830                 info = (void *) (skb->data + 1);
2831
2832                 for (; num_rsp; num_rsp--, info++) {
2833                         bacpy(&data.bdaddr, &info->bdaddr);
2834                         data.pscan_rep_mode     = info->pscan_rep_mode;
2835                         data.pscan_period_mode  = info->pscan_period_mode;
2836                         data.pscan_mode         = info->pscan_mode;
2837                         memcpy(data.dev_class, info->dev_class, 3);
2838                         data.clock_offset       = info->clock_offset;
2839                         data.rssi               = info->rssi;
2840                         data.ssp_mode           = 0x00;
2841
2842                         name_known = hci_inquiry_cache_update(hdev, &data,
2843                                                               false, &ssp);
2844                         mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
2845                                           info->dev_class, info->rssi,
2846                                           !name_known, ssp, NULL, 0);
2847                 }
2848         } else {
2849                 struct inquiry_info_with_rssi *info = (void *) (skb->data + 1);
2850
2851                 for (; num_rsp; num_rsp--, info++) {
2852                         bacpy(&data.bdaddr, &info->bdaddr);
2853                         data.pscan_rep_mode     = info->pscan_rep_mode;
2854                         data.pscan_period_mode  = info->pscan_period_mode;
2855                         data.pscan_mode         = 0x00;
2856                         memcpy(data.dev_class, info->dev_class, 3);
2857                         data.clock_offset       = info->clock_offset;
2858                         data.rssi               = info->rssi;
2859                         data.ssp_mode           = 0x00;
2860                         name_known = hci_inquiry_cache_update(hdev, &data,
2861                                                               false, &ssp);
2862                         mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
2863                                           info->dev_class, info->rssi,
2864                                           !name_known, ssp, NULL, 0);
2865                 }
2866         }
2867
2868         hci_dev_unlock(hdev);
2869 }
2870
2871 static void hci_remote_ext_features_evt(struct hci_dev *hdev,
2872                                         struct sk_buff *skb)
2873 {
2874         struct hci_ev_remote_ext_features *ev = (void *) skb->data;
2875         struct hci_conn *conn;
2876
2877         BT_DBG("%s", hdev->name);
2878
2879         hci_dev_lock(hdev);
2880
2881         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2882         if (!conn)
2883                 goto unlock;
2884
2885         if (ev->page < HCI_MAX_PAGES)
2886                 memcpy(conn->features[ev->page], ev->features, 8);
2887
2888         if (!ev->status && ev->page == 0x01) {
2889                 struct inquiry_entry *ie;
2890
2891                 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
2892                 if (ie)
2893                         ie->data.ssp_mode = (ev->features[0] & LMP_HOST_SSP);
2894
2895                 if (ev->features[0] & LMP_HOST_SSP) {
2896                         set_bit(HCI_CONN_SSP_ENABLED, &conn->flags);
2897                 } else {
2898                         /* It is mandatory by the Bluetooth specification that
2899                          * Extended Inquiry Results are only used when Secure
2900                          * Simple Pairing is enabled, but some devices violate
2901                          * this.
2902                          *
2903                          * To make these devices work, the internal SSP
2904                          * enabled flag needs to be cleared if the remote host
2905                          * features do not indicate SSP support */
2906                         clear_bit(HCI_CONN_SSP_ENABLED, &conn->flags);
2907                 }
2908
2909                 if (ev->features[0] & LMP_HOST_SC)
2910                         set_bit(HCI_CONN_SC_ENABLED, &conn->flags);
2911         }
2912
2913         if (conn->state != BT_CONFIG)
2914                 goto unlock;
2915
2916         if (!ev->status && !test_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags)) {
2917                 struct hci_cp_remote_name_req cp;
2918                 memset(&cp, 0, sizeof(cp));
2919                 bacpy(&cp.bdaddr, &conn->dst);
2920                 cp.pscan_rep_mode = 0x02;
2921                 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
2922         } else if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
2923                 mgmt_device_connected(hdev, &conn->dst, conn->type,
2924                                       conn->dst_type, 0, NULL, 0,
2925                                       conn->dev_class);
2926
2927         if (!hci_outgoing_auth_needed(hdev, conn)) {
2928                 conn->state = BT_CONNECTED;
2929                 hci_proto_connect_cfm(conn, ev->status);
2930                 hci_conn_drop(conn);
2931         }
2932
2933 unlock:
2934         hci_dev_unlock(hdev);
2935 }
2936
2937 static void hci_sync_conn_complete_evt(struct hci_dev *hdev,
2938                                        struct sk_buff *skb)
2939 {
2940         struct hci_ev_sync_conn_complete *ev = (void *) skb->data;
2941         struct hci_conn *conn;
2942
2943         BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2944
2945         hci_dev_lock(hdev);
2946
2947         conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
2948         if (!conn) {
2949                 if (ev->link_type == ESCO_LINK)
2950                         goto unlock;
2951
2952                 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
2953                 if (!conn)
2954                         goto unlock;
2955
2956                 conn->type = SCO_LINK;
2957         }
2958
2959         switch (ev->status) {
2960         case 0x00:
2961                 conn->handle = __le16_to_cpu(ev->handle);
2962                 conn->state  = BT_CONNECTED;
2963
2964                 hci_conn_add_sysfs(conn);
2965                 break;
2966
2967         case 0x0d:      /* Connection Rejected due to Limited Resources */
2968         case 0x11:      /* Unsupported Feature or Parameter Value */
2969         case 0x1c:      /* SCO interval rejected */
2970         case 0x1a:      /* Unsupported Remote Feature */
2971         case 0x1f:      /* Unspecified error */
2972                 if (conn->out) {
2973                         conn->pkt_type = (hdev->esco_type & SCO_ESCO_MASK) |
2974                                         (hdev->esco_type & EDR_ESCO_MASK);
2975                         if (hci_setup_sync(conn, conn->link->handle))
2976                                 goto unlock;
2977                 }
2978                 /* fall through */
2979
2980         default:
2981                 conn->state = BT_CLOSED;
2982                 break;
2983         }
2984
2985         hci_proto_connect_cfm(conn, ev->status);
2986         if (ev->status)
2987                 hci_conn_del(conn);
2988
2989 unlock:
2990         hci_dev_unlock(hdev);
2991 }
2992
2993 static inline size_t eir_get_length(u8 *eir, size_t eir_len)
2994 {
2995         size_t parsed = 0;
2996
2997         while (parsed < eir_len) {
2998                 u8 field_len = eir[0];
2999
3000                 if (field_len == 0)
3001                         return parsed;
3002
3003                 parsed += field_len + 1;
3004                 eir += field_len + 1;
3005         }
3006
3007         return eir_len;
3008 }
3009
3010 static void hci_extended_inquiry_result_evt(struct hci_dev *hdev,
3011                                             struct sk_buff *skb)
3012 {
3013         struct inquiry_data data;
3014         struct extended_inquiry_info *info = (void *) (skb->data + 1);
3015         int num_rsp = *((__u8 *) skb->data);
3016         size_t eir_len;
3017
3018         BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
3019
3020         if (!num_rsp)
3021                 return;
3022
3023         if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags))
3024                 return;
3025
3026         hci_dev_lock(hdev);
3027
3028         for (; num_rsp; num_rsp--, info++) {
3029                 bool name_known, ssp;
3030
3031                 bacpy(&data.bdaddr, &info->bdaddr);
3032                 data.pscan_rep_mode     = info->pscan_rep_mode;
3033                 data.pscan_period_mode  = info->pscan_period_mode;
3034                 data.pscan_mode         = 0x00;
3035                 memcpy(data.dev_class, info->dev_class, 3);
3036                 data.clock_offset       = info->clock_offset;
3037                 data.rssi               = info->rssi;
3038                 data.ssp_mode           = 0x01;
3039
3040                 if (test_bit(HCI_MGMT, &hdev->dev_flags))
3041                         name_known = eir_has_data_type(info->data,
3042                                                        sizeof(info->data),
3043                                                        EIR_NAME_COMPLETE);
3044                 else
3045                         name_known = true;
3046
3047                 name_known = hci_inquiry_cache_update(hdev, &data, name_known,
3048                                                       &ssp);
3049                 eir_len = eir_get_length(info->data, sizeof(info->data));
3050                 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
3051                                   info->dev_class, info->rssi, !name_known,
3052                                   ssp, info->data, eir_len);
3053         }
3054
3055         hci_dev_unlock(hdev);
3056 }
3057
3058 static void hci_key_refresh_complete_evt(struct hci_dev *hdev,
3059                                          struct sk_buff *skb)
3060 {
3061         struct hci_ev_key_refresh_complete *ev = (void *) skb->data;
3062         struct hci_conn *conn;
3063
3064         BT_DBG("%s status 0x%2.2x handle 0x%4.4x", hdev->name, ev->status,
3065                __le16_to_cpu(ev->handle));
3066
3067         hci_dev_lock(hdev);
3068
3069         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
3070         if (!conn)
3071                 goto unlock;
3072
3073         if (!ev->status)
3074                 conn->sec_level = conn->pending_sec_level;
3075
3076         clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
3077
3078         if (ev->status && conn->state == BT_CONNECTED) {
3079                 hci_disconnect(conn, HCI_ERROR_AUTH_FAILURE);
3080                 hci_conn_drop(conn);
3081                 goto unlock;
3082         }
3083
3084         if (conn->state == BT_CONFIG) {
3085                 if (!ev->status)
3086                         conn->state = BT_CONNECTED;
3087
3088                 hci_proto_connect_cfm(conn, ev->status);
3089                 hci_conn_drop(conn);
3090         } else {
3091                 hci_auth_cfm(conn, ev->status);
3092
3093                 hci_conn_hold(conn);
3094                 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
3095                 hci_conn_drop(conn);
3096         }
3097
3098 unlock:
3099         hci_dev_unlock(hdev);
3100 }
3101
3102 static u8 hci_get_auth_req(struct hci_conn *conn)
3103 {
3104         /* If remote requests dedicated bonding follow that lead */
3105         if (conn->remote_auth == HCI_AT_DEDICATED_BONDING ||
3106             conn->remote_auth == HCI_AT_DEDICATED_BONDING_MITM) {
3107                 /* If both remote and local IO capabilities allow MITM
3108                  * protection then require it, otherwise don't */
3109                 if (conn->remote_cap == HCI_IO_NO_INPUT_OUTPUT ||
3110                     conn->io_capability == HCI_IO_NO_INPUT_OUTPUT)
3111                         return HCI_AT_DEDICATED_BONDING;
3112                 else
3113                         return HCI_AT_DEDICATED_BONDING_MITM;
3114         }
3115
3116         /* If remote requests no-bonding follow that lead */
3117         if (conn->remote_auth == HCI_AT_NO_BONDING ||
3118             conn->remote_auth == HCI_AT_NO_BONDING_MITM)
3119                 return conn->remote_auth | (conn->auth_type & 0x01);
3120
3121         return conn->auth_type;
3122 }
3123
3124 static void hci_io_capa_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
3125 {
3126         struct hci_ev_io_capa_request *ev = (void *) skb->data;
3127         struct hci_conn *conn;
3128
3129         BT_DBG("%s", hdev->name);
3130
3131         hci_dev_lock(hdev);
3132
3133         conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3134         if (!conn)
3135                 goto unlock;
3136
3137         hci_conn_hold(conn);
3138
3139         if (!test_bit(HCI_MGMT, &hdev->dev_flags))
3140                 goto unlock;
3141
3142         if (test_bit(HCI_PAIRABLE, &hdev->dev_flags) ||
3143             (conn->remote_auth & ~0x01) == HCI_AT_NO_BONDING) {
3144                 struct hci_cp_io_capability_reply cp;
3145
3146                 bacpy(&cp.bdaddr, &ev->bdaddr);
3147                 /* Change the IO capability from KeyboardDisplay
3148                  * to DisplayYesNo as it is not supported by BT spec. */
3149                 cp.capability = (conn->io_capability == 0x04) ?
3150                                 HCI_IO_DISPLAY_YESNO : conn->io_capability;
3151                 conn->auth_type = hci_get_auth_req(conn);
3152                 cp.authentication = conn->auth_type;
3153
3154                 if (hci_find_remote_oob_data(hdev, &conn->dst) &&
3155                     (conn->out || test_bit(HCI_CONN_REMOTE_OOB, &conn->flags)))
3156                         cp.oob_data = 0x01;
3157                 else
3158                         cp.oob_data = 0x00;
3159
3160                 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_REPLY,
3161                              sizeof(cp), &cp);
3162         } else {
3163                 struct hci_cp_io_capability_neg_reply cp;
3164
3165                 bacpy(&cp.bdaddr, &ev->bdaddr);
3166                 cp.reason = HCI_ERROR_PAIRING_NOT_ALLOWED;
3167
3168                 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_NEG_REPLY,
3169                              sizeof(cp), &cp);
3170         }
3171
3172 unlock:
3173         hci_dev_unlock(hdev);
3174 }
3175
3176 static void hci_io_capa_reply_evt(struct hci_dev *hdev, struct sk_buff *skb)
3177 {
3178         struct hci_ev_io_capa_reply *ev = (void *) skb->data;
3179         struct hci_conn *conn;
3180
3181         BT_DBG("%s", hdev->name);
3182
3183         hci_dev_lock(hdev);
3184
3185         conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3186         if (!conn)
3187                 goto unlock;
3188
3189         conn->remote_cap = ev->capability;
3190         conn->remote_auth = ev->authentication;
3191         if (ev->oob_data)
3192                 set_bit(HCI_CONN_REMOTE_OOB, &conn->flags);
3193
3194 unlock:
3195         hci_dev_unlock(hdev);
3196 }
3197
3198 static void hci_user_confirm_request_evt(struct hci_dev *hdev,
3199                                          struct sk_buff *skb)
3200 {
3201         struct hci_ev_user_confirm_req *ev = (void *) skb->data;
3202         int loc_mitm, rem_mitm, confirm_hint = 0;
3203         struct hci_conn *conn;
3204
3205         BT_DBG("%s", hdev->name);
3206
3207         hci_dev_lock(hdev);
3208
3209         if (!test_bit(HCI_MGMT, &hdev->dev_flags))
3210                 goto unlock;
3211
3212         conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3213         if (!conn)
3214                 goto unlock;
3215
3216         loc_mitm = (conn->auth_type & 0x01);
3217         rem_mitm = (conn->remote_auth & 0x01);
3218
3219         /* If we require MITM but the remote device can't provide that
3220          * (it has NoInputNoOutput) then reject the confirmation
3221          * request. The only exception is when we're dedicated bonding
3222          * initiators (connect_cfm_cb set) since then we always have the MITM
3223          * bit set. */
3224         if (!conn->connect_cfm_cb && loc_mitm &&
3225             conn->remote_cap == HCI_IO_NO_INPUT_OUTPUT) {
3226                 BT_DBG("Rejecting request: remote device can't provide MITM");
3227                 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_NEG_REPLY,
3228                              sizeof(ev->bdaddr), &ev->bdaddr);
3229                 goto unlock;
3230         }
3231
3232         /* If no side requires MITM protection; auto-accept */
3233         if ((!loc_mitm || conn->remote_cap == HCI_IO_NO_INPUT_OUTPUT) &&
3234             (!rem_mitm || conn->io_capability == HCI_IO_NO_INPUT_OUTPUT)) {
3235
3236                 /* If we're not the initiators request authorization to
3237                  * proceed from user space (mgmt_user_confirm with
3238                  * confirm_hint set to 1). */
3239                 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
3240                         BT_DBG("Confirming auto-accept as acceptor");
3241                         confirm_hint = 1;
3242                         goto confirm;
3243                 }
3244
3245                 BT_DBG("Auto-accept of user confirmation with %ums delay",
3246                        hdev->auto_accept_delay);
3247
3248                 if (hdev->auto_accept_delay > 0) {
3249                         int delay = msecs_to_jiffies(hdev->auto_accept_delay);
3250                         queue_delayed_work(conn->hdev->workqueue,
3251                                            &conn->auto_accept_work, delay);
3252                         goto unlock;
3253                 }
3254
3255                 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_REPLY,
3256                              sizeof(ev->bdaddr), &ev->bdaddr);
3257                 goto unlock;
3258         }
3259
3260 confirm:
3261         mgmt_user_confirm_request(hdev, &ev->bdaddr, ACL_LINK, 0, ev->passkey,
3262                                   confirm_hint);
3263
3264 unlock:
3265         hci_dev_unlock(hdev);
3266 }
3267
3268 static void hci_user_passkey_request_evt(struct hci_dev *hdev,
3269                                          struct sk_buff *skb)
3270 {
3271         struct hci_ev_user_passkey_req *ev = (void *) skb->data;
3272
3273         BT_DBG("%s", hdev->name);
3274
3275         if (test_bit(HCI_MGMT, &hdev->dev_flags))
3276                 mgmt_user_passkey_request(hdev, &ev->bdaddr, ACL_LINK, 0);
3277 }
3278
3279 static void hci_user_passkey_notify_evt(struct hci_dev *hdev,
3280                                         struct sk_buff *skb)
3281 {
3282         struct hci_ev_user_passkey_notify *ev = (void *) skb->data;
3283         struct hci_conn *conn;
3284
3285         BT_DBG("%s", hdev->name);
3286
3287         conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3288         if (!conn)
3289                 return;
3290
3291         conn->passkey_notify = __le32_to_cpu(ev->passkey);
3292         conn->passkey_entered = 0;
3293
3294         if (test_bit(HCI_MGMT, &hdev->dev_flags))
3295                 mgmt_user_passkey_notify(hdev, &conn->dst, conn->type,
3296                                          conn->dst_type, conn->passkey_notify,
3297                                          conn->passkey_entered);
3298 }
3299
3300 static void hci_keypress_notify_evt(struct hci_dev *hdev, struct sk_buff *skb)
3301 {
3302         struct hci_ev_keypress_notify *ev = (void *) skb->data;
3303         struct hci_conn *conn;
3304
3305         BT_DBG("%s", hdev->name);
3306
3307         conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3308         if (!conn)
3309                 return;
3310
3311         switch (ev->type) {
3312         case HCI_KEYPRESS_STARTED:
3313                 conn->passkey_entered = 0;
3314                 return;
3315
3316         case HCI_KEYPRESS_ENTERED:
3317                 conn->passkey_entered++;
3318                 break;
3319
3320         case HCI_KEYPRESS_ERASED:
3321                 conn->passkey_entered--;
3322                 break;
3323
3324         case HCI_KEYPRESS_CLEARED:
3325                 conn->passkey_entered = 0;
3326                 break;
3327
3328         case HCI_KEYPRESS_COMPLETED:
3329                 return;
3330         }
3331
3332         if (test_bit(HCI_MGMT, &hdev->dev_flags))
3333                 mgmt_user_passkey_notify(hdev, &conn->dst, conn->type,
3334                                          conn->dst_type, conn->passkey_notify,
3335                                          conn->passkey_entered);
3336 }
3337
3338 static void hci_simple_pair_complete_evt(struct hci_dev *hdev,
3339                                          struct sk_buff *skb)
3340 {
3341         struct hci_ev_simple_pair_complete *ev = (void *) skb->data;
3342         struct hci_conn *conn;
3343
3344         BT_DBG("%s", hdev->name);
3345
3346         hci_dev_lock(hdev);
3347
3348         conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3349         if (!conn)
3350                 goto unlock;
3351
3352         /* To avoid duplicate auth_failed events to user space we check
3353          * the HCI_CONN_AUTH_PEND flag which will be set if we
3354          * initiated the authentication. A traditional auth_complete
3355          * event gets always produced as initiator and is also mapped to
3356          * the mgmt_auth_failed event */
3357         if (!test_bit(HCI_CONN_AUTH_PEND, &conn->flags) && ev->status)
3358                 mgmt_auth_failed(hdev, &conn->dst, conn->type, conn->dst_type,
3359                                  ev->status);
3360
3361         hci_conn_drop(conn);
3362
3363 unlock:
3364         hci_dev_unlock(hdev);
3365 }
3366
3367 static void hci_remote_host_features_evt(struct hci_dev *hdev,
3368                                          struct sk_buff *skb)
3369 {
3370         struct hci_ev_remote_host_features *ev = (void *) skb->data;
3371         struct inquiry_entry *ie;
3372         struct hci_conn *conn;
3373
3374         BT_DBG("%s", hdev->name);
3375
3376         hci_dev_lock(hdev);
3377
3378         conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3379         if (conn)
3380                 memcpy(conn->features[1], ev->features, 8);
3381
3382         ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
3383         if (ie)
3384                 ie->data.ssp_mode = (ev->features[0] & LMP_HOST_SSP);
3385
3386         hci_dev_unlock(hdev);
3387 }
3388
3389 static void hci_remote_oob_data_request_evt(struct hci_dev *hdev,
3390                                             struct sk_buff *skb)
3391 {
3392         struct hci_ev_remote_oob_data_request *ev = (void *) skb->data;
3393         struct oob_data *data;
3394
3395         BT_DBG("%s", hdev->name);
3396
3397         hci_dev_lock(hdev);
3398
3399         if (!test_bit(HCI_MGMT, &hdev->dev_flags))
3400                 goto unlock;
3401
3402         data = hci_find_remote_oob_data(hdev, &ev->bdaddr);
3403         if (data) {
3404                 if (test_bit(HCI_SC_ENABLED, &hdev->dev_flags)) {
3405                         struct hci_cp_remote_oob_ext_data_reply cp;
3406
3407                         bacpy(&cp.bdaddr, &ev->bdaddr);
3408                         memcpy(cp.hash192, data->hash192, sizeof(cp.hash192));
3409                         memcpy(cp.randomizer192, data->randomizer192,
3410                                sizeof(cp.randomizer192));
3411                         memcpy(cp.hash256, data->hash256, sizeof(cp.hash256));
3412                         memcpy(cp.randomizer256, data->randomizer256,
3413                                sizeof(cp.randomizer256));
3414
3415                         hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_EXT_DATA_REPLY,
3416                                      sizeof(cp), &cp);
3417                 } else {
3418                         struct hci_cp_remote_oob_data_reply cp;
3419
3420                         bacpy(&cp.bdaddr, &ev->bdaddr);
3421                         memcpy(cp.hash, data->hash192, sizeof(cp.hash));
3422                         memcpy(cp.randomizer, data->randomizer192,
3423                                sizeof(cp.randomizer));
3424
3425                         hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_REPLY,
3426                                      sizeof(cp), &cp);
3427                 }
3428         } else {
3429                 struct hci_cp_remote_oob_data_neg_reply cp;
3430
3431                 bacpy(&cp.bdaddr, &ev->bdaddr);
3432                 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_NEG_REPLY,
3433                              sizeof(cp), &cp);
3434         }
3435
3436 unlock:
3437         hci_dev_unlock(hdev);
3438 }
3439
3440 static void hci_phy_link_complete_evt(struct hci_dev *hdev,
3441                                       struct sk_buff *skb)
3442 {
3443         struct hci_ev_phy_link_complete *ev = (void *) skb->data;
3444         struct hci_conn *hcon, *bredr_hcon;
3445
3446         BT_DBG("%s handle 0x%2.2x status 0x%2.2x", hdev->name, ev->phy_handle,
3447                ev->status);
3448
3449         hci_dev_lock(hdev);
3450
3451         hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
3452         if (!hcon) {
3453                 hci_dev_unlock(hdev);
3454                 return;
3455         }
3456
3457         if (ev->status) {
3458                 hci_conn_del(hcon);
3459                 hci_dev_unlock(hdev);
3460                 return;
3461         }
3462
3463         bredr_hcon = hcon->amp_mgr->l2cap_conn->hcon;
3464
3465         hcon->state = BT_CONNECTED;
3466         bacpy(&hcon->dst, &bredr_hcon->dst);
3467
3468         hci_conn_hold(hcon);
3469         hcon->disc_timeout = HCI_DISCONN_TIMEOUT;
3470         hci_conn_drop(hcon);
3471
3472         hci_conn_add_sysfs(hcon);
3473
3474         amp_physical_cfm(bredr_hcon, hcon);
3475
3476         hci_dev_unlock(hdev);
3477 }
3478
3479 static void hci_loglink_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
3480 {
3481         struct hci_ev_logical_link_complete *ev = (void *) skb->data;
3482         struct hci_conn *hcon;
3483         struct hci_chan *hchan;
3484         struct amp_mgr *mgr;
3485
3486         BT_DBG("%s log_handle 0x%4.4x phy_handle 0x%2.2x status 0x%2.2x",
3487                hdev->name, le16_to_cpu(ev->handle), ev->phy_handle,
3488                ev->status);
3489
3490         hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
3491         if (!hcon)
3492                 return;
3493
3494         /* Create AMP hchan */
3495         hchan = hci_chan_create(hcon);
3496         if (!hchan)
3497                 return;
3498
3499         hchan->handle = le16_to_cpu(ev->handle);
3500
3501         BT_DBG("hcon %p mgr %p hchan %p", hcon, hcon->amp_mgr, hchan);
3502
3503         mgr = hcon->amp_mgr;
3504         if (mgr && mgr->bredr_chan) {
3505                 struct l2cap_chan *bredr_chan = mgr->bredr_chan;
3506
3507                 l2cap_chan_lock(bredr_chan);
3508
3509                 bredr_chan->conn->mtu = hdev->block_mtu;
3510                 l2cap_logical_cfm(bredr_chan, hchan, 0);
3511                 hci_conn_hold(hcon);
3512
3513                 l2cap_chan_unlock(bredr_chan);
3514         }
3515 }
3516
3517 static void hci_disconn_loglink_complete_evt(struct hci_dev *hdev,
3518                                              struct sk_buff *skb)
3519 {
3520         struct hci_ev_disconn_logical_link_complete *ev = (void *) skb->data;
3521         struct hci_chan *hchan;
3522
3523         BT_DBG("%s log handle 0x%4.4x status 0x%2.2x", hdev->name,
3524                le16_to_cpu(ev->handle), ev->status);
3525
3526         if (ev->status)
3527                 return;
3528
3529         hci_dev_lock(hdev);
3530
3531         hchan = hci_chan_lookup_handle(hdev, le16_to_cpu(ev->handle));
3532         if (!hchan)
3533                 goto unlock;
3534
3535         amp_destroy_logical_link(hchan, ev->reason);
3536
3537 unlock:
3538         hci_dev_unlock(hdev);
3539 }
3540
3541 static void hci_disconn_phylink_complete_evt(struct hci_dev *hdev,
3542                                              struct sk_buff *skb)
3543 {
3544         struct hci_ev_disconn_phy_link_complete *ev = (void *) skb->data;
3545         struct hci_conn *hcon;
3546
3547         BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
3548
3549         if (ev->status)
3550                 return;
3551
3552         hci_dev_lock(hdev);
3553
3554         hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
3555         if (hcon) {
3556                 hcon->state = BT_CLOSED;
3557                 hci_conn_del(hcon);
3558         }
3559
3560         hci_dev_unlock(hdev);
3561 }
3562
3563 static void hci_le_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
3564 {
3565         struct hci_ev_le_conn_complete *ev = (void *) skb->data;
3566         struct hci_conn *conn;
3567
3568         BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
3569
3570         hci_dev_lock(hdev);
3571
3572         conn = hci_conn_hash_lookup_state(hdev, LE_LINK, BT_CONNECT);
3573         if (!conn) {
3574                 conn = hci_conn_add(hdev, LE_LINK, &ev->bdaddr);
3575                 if (!conn) {
3576                         BT_ERR("No memory for new connection");
3577                         goto unlock;
3578                 }
3579
3580                 conn->dst_type = ev->bdaddr_type;
3581
3582                 /* The advertising parameters for own address type
3583                  * define which source address and source address
3584                  * type this connections has.
3585                  */
3586                 if (bacmp(&conn->src, BDADDR_ANY)) {
3587                         conn->src_type = ADDR_LE_DEV_PUBLIC;
3588                 } else {
3589                         bacpy(&conn->src, &hdev->static_addr);
3590                         conn->src_type = ADDR_LE_DEV_RANDOM;
3591                 }
3592
3593                 if (ev->role == LE_CONN_ROLE_MASTER) {
3594                         conn->out = true;
3595                         conn->link_mode |= HCI_LM_MASTER;
3596                 }
3597         }
3598
3599         if (ev->status) {
3600                 mgmt_connect_failed(hdev, &conn->dst, conn->type,
3601                                     conn->dst_type, ev->status);
3602                 hci_proto_connect_cfm(conn, ev->status);
3603                 conn->state = BT_CLOSED;
3604                 hci_conn_del(conn);
3605                 goto unlock;
3606         }
3607
3608         if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
3609                 mgmt_device_connected(hdev, &ev->bdaddr, conn->type,
3610                                       conn->dst_type, 0, NULL, 0, NULL);
3611
3612         conn->sec_level = BT_SECURITY_LOW;
3613         conn->handle = __le16_to_cpu(ev->handle);
3614         conn->state = BT_CONNECTED;
3615
3616         if (test_bit(HCI_6LOWPAN_ENABLED, &hdev->dev_flags))
3617                 set_bit(HCI_CONN_6LOWPAN, &conn->flags);
3618
3619         hci_conn_add_sysfs(conn);
3620
3621         hci_proto_connect_cfm(conn, ev->status);
3622
3623 unlock:
3624         hci_dev_unlock(hdev);
3625 }
3626
3627 static void hci_le_adv_report_evt(struct hci_dev *hdev, struct sk_buff *skb)
3628 {
3629         u8 num_reports = skb->data[0];
3630         void *ptr = &skb->data[1];
3631         s8 rssi;
3632
3633         while (num_reports--) {
3634                 struct hci_ev_le_advertising_info *ev = ptr;
3635
3636                 rssi = ev->data[ev->length];
3637                 mgmt_device_found(hdev, &ev->bdaddr, LE_LINK, ev->bdaddr_type,
3638                                   NULL, rssi, 0, 1, ev->data, ev->length);
3639
3640                 ptr += sizeof(*ev) + ev->length + 1;
3641         }
3642 }
3643
3644 static void hci_le_ltk_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
3645 {
3646         struct hci_ev_le_ltk_req *ev = (void *) skb->data;
3647         struct hci_cp_le_ltk_reply cp;
3648         struct hci_cp_le_ltk_neg_reply neg;
3649         struct hci_conn *conn;
3650         struct smp_ltk *ltk;
3651
3652         BT_DBG("%s handle 0x%4.4x", hdev->name, __le16_to_cpu(ev->handle));
3653
3654         hci_dev_lock(hdev);
3655
3656         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
3657         if (conn == NULL)
3658                 goto not_found;
3659
3660         ltk = hci_find_ltk(hdev, ev->ediv, ev->random, conn->out);
3661         if (ltk == NULL)
3662                 goto not_found;
3663
3664         memcpy(cp.ltk, ltk->val, sizeof(ltk->val));
3665         cp.handle = cpu_to_le16(conn->handle);
3666
3667         if (ltk->authenticated)
3668                 conn->pending_sec_level = BT_SECURITY_HIGH;
3669         else
3670                 conn->pending_sec_level = BT_SECURITY_MEDIUM;
3671
3672         conn->enc_key_size = ltk->enc_size;
3673
3674         hci_send_cmd(hdev, HCI_OP_LE_LTK_REPLY, sizeof(cp), &cp);
3675
3676         if (ltk->type & HCI_SMP_STK) {
3677                 list_del(&ltk->list);
3678                 kfree(ltk);
3679         }
3680
3681         hci_dev_unlock(hdev);
3682
3683         return;
3684
3685 not_found:
3686         neg.handle = ev->handle;
3687         hci_send_cmd(hdev, HCI_OP_LE_LTK_NEG_REPLY, sizeof(neg), &neg);
3688         hci_dev_unlock(hdev);
3689 }
3690
3691 static void hci_le_meta_evt(struct hci_dev *hdev, struct sk_buff *skb)
3692 {
3693         struct hci_ev_le_meta *le_ev = (void *) skb->data;
3694
3695         skb_pull(skb, sizeof(*le_ev));
3696
3697         switch (le_ev->subevent) {
3698         case HCI_EV_LE_CONN_COMPLETE:
3699                 hci_le_conn_complete_evt(hdev, skb);
3700                 break;
3701
3702         case HCI_EV_LE_ADVERTISING_REPORT:
3703                 hci_le_adv_report_evt(hdev, skb);
3704                 break;
3705
3706         case HCI_EV_LE_LTK_REQ:
3707                 hci_le_ltk_request_evt(hdev, skb);
3708                 break;
3709
3710         default:
3711                 break;
3712         }
3713 }
3714
3715 static void hci_chan_selected_evt(struct hci_dev *hdev, struct sk_buff *skb)
3716 {
3717         struct hci_ev_channel_selected *ev = (void *) skb->data;
3718         struct hci_conn *hcon;
3719
3720         BT_DBG("%s handle 0x%2.2x", hdev->name, ev->phy_handle);
3721
3722         skb_pull(skb, sizeof(*ev));
3723
3724         hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
3725         if (!hcon)
3726                 return;
3727
3728         amp_read_loc_assoc_final_data(hdev, hcon);
3729 }
3730
3731 void hci_event_packet(struct hci_dev *hdev, struct sk_buff *skb)
3732 {
3733         struct hci_event_hdr *hdr = (void *) skb->data;
3734         __u8 event = hdr->evt;
3735
3736         hci_dev_lock(hdev);
3737
3738         /* Received events are (currently) only needed when a request is
3739          * ongoing so avoid unnecessary memory allocation.
3740          */
3741         if (hdev->req_status == HCI_REQ_PEND) {
3742                 kfree_skb(hdev->recv_evt);
3743                 hdev->recv_evt = skb_clone(skb, GFP_KERNEL);
3744         }
3745
3746         hci_dev_unlock(hdev);
3747
3748         skb_pull(skb, HCI_EVENT_HDR_SIZE);
3749
3750         if (hdev->sent_cmd && bt_cb(hdev->sent_cmd)->req.event == event) {
3751                 struct hci_command_hdr *cmd_hdr = (void *) hdev->sent_cmd->data;
3752                 u16 opcode = __le16_to_cpu(cmd_hdr->opcode);
3753
3754                 hci_req_cmd_complete(hdev, opcode, 0);
3755         }
3756
3757         switch (event) {
3758         case HCI_EV_INQUIRY_COMPLETE:
3759                 hci_inquiry_complete_evt(hdev, skb);
3760                 break;
3761
3762         case HCI_EV_INQUIRY_RESULT:
3763                 hci_inquiry_result_evt(hdev, skb);
3764                 break;
3765
3766         case HCI_EV_CONN_COMPLETE:
3767                 hci_conn_complete_evt(hdev, skb);
3768                 break;
3769
3770         case HCI_EV_CONN_REQUEST:
3771                 hci_conn_request_evt(hdev, skb);
3772                 break;
3773
3774         case HCI_EV_DISCONN_COMPLETE:
3775                 hci_disconn_complete_evt(hdev, skb);
3776                 break;
3777
3778         case HCI_EV_AUTH_COMPLETE:
3779                 hci_auth_complete_evt(hdev, skb);
3780                 break;
3781
3782         case HCI_EV_REMOTE_NAME:
3783                 hci_remote_name_evt(hdev, skb);
3784                 break;
3785
3786         case HCI_EV_ENCRYPT_CHANGE:
3787                 hci_encrypt_change_evt(hdev, skb);
3788                 break;
3789
3790         case HCI_EV_CHANGE_LINK_KEY_COMPLETE:
3791                 hci_change_link_key_complete_evt(hdev, skb);
3792                 break;
3793
3794         case HCI_EV_REMOTE_FEATURES:
3795                 hci_remote_features_evt(hdev, skb);
3796                 break;
3797
3798         case HCI_EV_CMD_COMPLETE:
3799                 hci_cmd_complete_evt(hdev, skb);
3800                 break;
3801
3802         case HCI_EV_CMD_STATUS:
3803                 hci_cmd_status_evt(hdev, skb);
3804                 break;
3805
3806         case HCI_EV_ROLE_CHANGE:
3807                 hci_role_change_evt(hdev, skb);
3808                 break;
3809
3810         case HCI_EV_NUM_COMP_PKTS:
3811                 hci_num_comp_pkts_evt(hdev, skb);
3812                 break;
3813
3814         case HCI_EV_MODE_CHANGE:
3815                 hci_mode_change_evt(hdev, skb);
3816                 break;
3817
3818         case HCI_EV_PIN_CODE_REQ:
3819                 hci_pin_code_request_evt(hdev, skb);
3820                 break;
3821
3822         case HCI_EV_LINK_KEY_REQ:
3823                 hci_link_key_request_evt(hdev, skb);
3824                 break;
3825
3826         case HCI_EV_LINK_KEY_NOTIFY:
3827                 hci_link_key_notify_evt(hdev, skb);
3828                 break;
3829
3830         case HCI_EV_CLOCK_OFFSET:
3831                 hci_clock_offset_evt(hdev, skb);
3832                 break;
3833
3834         case HCI_EV_PKT_TYPE_CHANGE:
3835                 hci_pkt_type_change_evt(hdev, skb);
3836                 break;
3837
3838         case HCI_EV_PSCAN_REP_MODE:
3839                 hci_pscan_rep_mode_evt(hdev, skb);
3840                 break;
3841
3842         case HCI_EV_INQUIRY_RESULT_WITH_RSSI:
3843                 hci_inquiry_result_with_rssi_evt(hdev, skb);
3844                 break;
3845
3846         case HCI_EV_REMOTE_EXT_FEATURES:
3847                 hci_remote_ext_features_evt(hdev, skb);
3848                 break;
3849
3850         case HCI_EV_SYNC_CONN_COMPLETE:
3851                 hci_sync_conn_complete_evt(hdev, skb);
3852                 break;
3853
3854         case HCI_EV_EXTENDED_INQUIRY_RESULT:
3855                 hci_extended_inquiry_result_evt(hdev, skb);
3856                 break;
3857
3858         case HCI_EV_KEY_REFRESH_COMPLETE:
3859                 hci_key_refresh_complete_evt(hdev, skb);
3860                 break;
3861
3862         case HCI_EV_IO_CAPA_REQUEST:
3863                 hci_io_capa_request_evt(hdev, skb);
3864                 break;
3865
3866         case HCI_EV_IO_CAPA_REPLY:
3867                 hci_io_capa_reply_evt(hdev, skb);
3868                 break;
3869
3870         case HCI_EV_USER_CONFIRM_REQUEST:
3871                 hci_user_confirm_request_evt(hdev, skb);
3872                 break;
3873
3874         case HCI_EV_USER_PASSKEY_REQUEST:
3875                 hci_user_passkey_request_evt(hdev, skb);
3876                 break;
3877
3878         case HCI_EV_USER_PASSKEY_NOTIFY:
3879                 hci_user_passkey_notify_evt(hdev, skb);
3880                 break;
3881
3882         case HCI_EV_KEYPRESS_NOTIFY:
3883                 hci_keypress_notify_evt(hdev, skb);
3884                 break;
3885
3886         case HCI_EV_SIMPLE_PAIR_COMPLETE:
3887                 hci_simple_pair_complete_evt(hdev, skb);
3888                 break;
3889
3890         case HCI_EV_REMOTE_HOST_FEATURES:
3891                 hci_remote_host_features_evt(hdev, skb);
3892                 break;
3893
3894         case HCI_EV_LE_META:
3895                 hci_le_meta_evt(hdev, skb);
3896                 break;
3897
3898         case HCI_EV_CHANNEL_SELECTED:
3899                 hci_chan_selected_evt(hdev, skb);
3900                 break;
3901
3902         case HCI_EV_REMOTE_OOB_DATA_REQUEST:
3903                 hci_remote_oob_data_request_evt(hdev, skb);
3904                 break;
3905
3906         case HCI_EV_PHY_LINK_COMPLETE:
3907                 hci_phy_link_complete_evt(hdev, skb);
3908                 break;
3909
3910         case HCI_EV_LOGICAL_LINK_COMPLETE:
3911                 hci_loglink_complete_evt(hdev, skb);
3912                 break;
3913
3914         case HCI_EV_DISCONN_LOGICAL_LINK_COMPLETE:
3915                 hci_disconn_loglink_complete_evt(hdev, skb);
3916                 break;
3917
3918         case HCI_EV_DISCONN_PHY_LINK_COMPLETE:
3919                 hci_disconn_phylink_complete_evt(hdev, skb);
3920                 break;
3921
3922         case HCI_EV_NUM_COMP_BLOCKS:
3923                 hci_num_comp_blocks_evt(hdev, skb);
3924                 break;
3925
3926         default:
3927                 BT_DBG("%s event 0x%2.2x", hdev->name, event);
3928                 break;
3929         }
3930
3931         kfree_skb(skb);
3932         hdev->stat.evt_rx++;
3933 }
Pandora Kernel Repository