]> git.proxmox.com Git - mirror_ubuntu-bionic-kernel.git/blame - net/bluetooth/hci_event.c
projects / mirror_ubuntu-bionic-kernel.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Bluetooth: Add directed advertising support through connect()
[mirror_ubuntu-bionic-kernel.git] / net / bluetooth / hci_event.c
CommitLineData
8e87d142 1/*
1da177e4 2 BlueZ - Bluetooth protocol stack for Linux
2d0a0346 3 Copyright (c) 2000-2001, 2010, Code Aurora Forum. All rights reserved.
1da177e4
LT		 4
5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
8e87d142
YH		 15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
1da177e4
LT		 18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
8e87d142
YH		 20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
1da177e4
LT		 22 SOFTWARE IS DISCLAIMED.
23*/
24
25/* Bluetooth HCI event handling. */
26
1da177e4
LT		 27#include <asm/unaligned.h>
28
29#include <net/bluetooth/bluetooth.h>
30#include <net/bluetooth/hci_core.h>
f0d6a0ea 31#include <net/bluetooth/mgmt.h>
7ef9fbf0 32
7024728e 33#include "a2mp.h"
7ef9fbf0 34#include "amp.h"
1da177e4 35
1da177e4
LT		 36/* Handle HCI Event packets */
37
a9de9248 38static void hci_cc_inquiry_cancel(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 39{
a9de9248 40 __u8 status = *((__u8 *) skb->data);
1da177e4 41
9f1db00c 42 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1da177e4 43
82f4785c 44 if (status)
a9de9248 45 return;
1da177e4 46
89352e7d 47 clear_bit(HCI_INQUIRY, &hdev->flags);
3e13fa1e
AG		 48 smp_mb__after_clear_bit(); /* wake_up_bit advises about this barrier */
49 wake_up_bit(&hdev->flags, HCI_INQUIRY);
89352e7d 50
a9de9248
MH		 51 hci_conn_check_pending(hdev);
52}
6bd57416 53
4d93483b
AG		 54static void hci_cc_periodic_inq(struct hci_dev *hdev, struct sk_buff *skb)
55{
56 __u8 status = *((__u8 *) skb->data);
57
9f1db00c 58 BT_DBG("%s status 0x%2.2x", hdev->name, status);
ae854a70
AG		 59
60 if (status)
61 return;
62
63 set_bit(HCI_PERIODIC_INQ, &hdev->dev_flags);
4d93483b
AG		 64}
65
a9de9248
MH		 66static void hci_cc_exit_periodic_inq(struct hci_dev *hdev, struct sk_buff *skb)
67{
68 __u8 status = *((__u8 *) skb->data);
6bd57416 69
9f1db00c 70 BT_DBG("%s status 0x%2.2x", hdev->name, status);
6bd57416 71
a9de9248
MH		 72 if (status)
73 return;
1da177e4 74
ae854a70
AG		 75 clear_bit(HCI_PERIODIC_INQ, &hdev->dev_flags);
76
a9de9248
MH		 77 hci_conn_check_pending(hdev);
78}
79
807deac2
GP		 80static void hci_cc_remote_name_req_cancel(struct hci_dev *hdev,
81 struct sk_buff *skb)
a9de9248
MH		 82{
83 BT_DBG("%s", hdev->name);
84}
85
86static void hci_cc_role_discovery(struct hci_dev *hdev, struct sk_buff *skb)
87{
88 struct hci_rp_role_discovery *rp = (void *) skb->data;
89 struct hci_conn *conn;
90
9f1db00c 91 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
a9de9248
MH		 92
93 if (rp->status)
94 return;
95
96 hci_dev_lock(hdev);
97
98 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
99 if (conn) {
100 if (rp->role)
101 conn->link_mode &= ~HCI_LM_MASTER;
102 else
103 conn->link_mode |= HCI_LM_MASTER;
1da177e4 104 }
a9de9248
MH		 105
106 hci_dev_unlock(hdev);
1da177e4
LT		 107}
108
e4e8e37c
MH		 109static void hci_cc_read_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
110{
111 struct hci_rp_read_link_policy *rp = (void *) skb->data;
112 struct hci_conn *conn;
113
9f1db00c 114 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
e4e8e37c
MH		 115
116 if (rp->status)
117 return;
118
119 hci_dev_lock(hdev);
120
121 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
122 if (conn)
123 conn->link_policy = __le16_to_cpu(rp->policy);
124
125 hci_dev_unlock(hdev);
126}
127
a9de9248 128static void hci_cc_write_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 129{
a9de9248 130 struct hci_rp_write_link_policy *rp = (void *) skb->data;
1da177e4 131 struct hci_conn *conn;
04837f64 132 void *sent;
1da177e4 133
9f1db00c 134 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1da177e4 135
a9de9248
MH		 136 if (rp->status)
137 return;
1da177e4 138
a9de9248
MH		 139 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LINK_POLICY);
140 if (!sent)
141 return;
1da177e4 142
a9de9248 143 hci_dev_lock(hdev);
1da177e4 144
a9de9248 145 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
e4e8e37c 146 if (conn)
83985319 147 conn->link_policy = get_unaligned_le16(sent + 2);
1da177e4 148
a9de9248
MH		 149 hci_dev_unlock(hdev);
150}
1da177e4 151
807deac2
GP		 152static void hci_cc_read_def_link_policy(struct hci_dev *hdev,
153 struct sk_buff *skb)
e4e8e37c
MH		 154{
155 struct hci_rp_read_def_link_policy *rp = (void *) skb->data;
156
9f1db00c 157 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
e4e8e37c
MH		 158
159 if (rp->status)
160 return;
161
162 hdev->link_policy = __le16_to_cpu(rp->policy);
163}
164
807deac2
GP		 165static void hci_cc_write_def_link_policy(struct hci_dev *hdev,
166 struct sk_buff *skb)
e4e8e37c
MH		 167{
168 __u8 status = *((__u8 *) skb->data);
169 void *sent;
170
9f1db00c 171 BT_DBG("%s status 0x%2.2x", hdev->name, status);
e4e8e37c
MH		 172
173 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_DEF_LINK_POLICY);
174 if (!sent)
175 return;
176
177 if (!status)
178 hdev->link_policy = get_unaligned_le16(sent);
e4e8e37c
MH		 179}
180
a9de9248
MH		 181static void hci_cc_reset(struct hci_dev *hdev, struct sk_buff *skb)
182{
183 __u8 status = *((__u8 *) skb->data);
04837f64 184
9f1db00c 185 BT_DBG("%s status 0x%2.2x", hdev->name, status);
04837f64 186
10572132
GP		 187 clear_bit(HCI_RESET, &hdev->flags);
188
a297e97c 189 /* Reset all non-persistent flags */
2cc6fb00 190 hdev->dev_flags &= ~HCI_PERSISTENT_MASK;
69775ff6
AG		 191
192 hdev->discovery.state = DISCOVERY_STOPPED;
bbaf444a
JH		 193 hdev->inq_tx_power = HCI_TX_POWER_INVALID;
194 hdev->adv_tx_power = HCI_TX_POWER_INVALID;
3f0f524b
JH		 195
196 memset(hdev->adv_data, 0, sizeof(hdev->adv_data));
197 hdev->adv_data_len = 0;
f8e808bd
MH		 198
199 memset(hdev->scan_rsp_data, 0, sizeof(hdev->scan_rsp_data));
200 hdev->scan_rsp_data_len = 0;
06f5b778 201
533553f8
MH		 202 hdev->le_scan_type = LE_SCAN_PASSIVE;
203
06f5b778 204 hdev->ssp_debug_mode = 0;
a9de9248 205}
04837f64 206
a9de9248
MH		 207static void hci_cc_write_local_name(struct hci_dev *hdev, struct sk_buff *skb)
208{
209 __u8 status = *((__u8 *) skb->data);
210 void *sent;
04837f64 211
9f1db00c 212 BT_DBG("%s status 0x%2.2x", hdev->name, status);
04837f64 213
a9de9248
MH		 214 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LOCAL_NAME);
215 if (!sent)
216 return;
04837f64 217
56e5cb86
JH		 218 hci_dev_lock(hdev);
219
f51d5b24
JH		 220 if (test_bit(HCI_MGMT, &hdev->dev_flags))
221 mgmt_set_local_name_complete(hdev, sent, status);
28cc7bde
JH		 222 else if (!status)
223 memcpy(hdev->dev_name, sent, HCI_MAX_NAME_LENGTH);
f51d5b24 224
56e5cb86 225 hci_dev_unlock(hdev);
a9de9248
MH		 226}
227
228static void hci_cc_read_local_name(struct hci_dev *hdev, struct sk_buff *skb)
229{
230 struct hci_rp_read_local_name *rp = (void *) skb->data;
231
9f1db00c 232 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
a9de9248
MH		 233
234 if (rp->status)
235 return;
236
db99b5fc
JH		 237 if (test_bit(HCI_SETUP, &hdev->dev_flags))
238 memcpy(hdev->dev_name, rp->name, HCI_MAX_NAME_LENGTH);
a9de9248
MH		 239}
240
241static void hci_cc_write_auth_enable(struct hci_dev *hdev, struct sk_buff *skb)
242{
243 __u8 status = *((__u8 *) skb->data);
244 void *sent;
245
9f1db00c 246 BT_DBG("%s status 0x%2.2x", hdev->name, status);
a9de9248
MH		 247
248 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_AUTH_ENABLE);
249 if (!sent)
250 return;
251
252 if (!status) {
253 __u8 param = *((__u8 *) sent);
254
255 if (param == AUTH_ENABLED)
256 set_bit(HCI_AUTH, &hdev->flags);
257 else
258 clear_bit(HCI_AUTH, &hdev->flags);
1da177e4 259 }
a9de9248 260
33ef95ed
JH		 261 if (test_bit(HCI_MGMT, &hdev->dev_flags))
262 mgmt_auth_enable_complete(hdev, status);
1da177e4
LT		 263}
264
a9de9248 265static void hci_cc_write_encrypt_mode(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 266{
a9de9248 267 __u8 status = *((__u8 *) skb->data);
1da177e4
LT		 268 void *sent;
269
9f1db00c 270 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1da177e4 271
a9de9248
MH		 272 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_ENCRYPT_MODE);
273 if (!sent)
274 return;
1da177e4 275
a9de9248
MH		 276 if (!status) {
277 __u8 param = *((__u8 *) sent);
278
279 if (param)
280 set_bit(HCI_ENCRYPT, &hdev->flags);
281 else
282 clear_bit(HCI_ENCRYPT, &hdev->flags);
283 }
a9de9248 284}
1da177e4 285
a9de9248
MH		 286static void hci_cc_write_scan_enable(struct hci_dev *hdev, struct sk_buff *skb)
287{
36f7fc7e
JH		 288 __u8 param, status = *((__u8 *) skb->data);
289 int old_pscan, old_iscan;
a9de9248 290 void *sent;
1da177e4 291
9f1db00c 292 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1da177e4 293
a9de9248
MH		 294 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SCAN_ENABLE);
295 if (!sent)
296 return;
1da177e4 297
36f7fc7e
JH		 298 param = *((__u8 *) sent);
299
56e5cb86
JH		 300 hci_dev_lock(hdev);
301
fa1bd918 302 if (status) {
744cf19e 303 mgmt_write_scan_failed(hdev, param, status);
2d7cee58
JH		 304 hdev->discov_timeout = 0;
305 goto done;
306 }
307
0663ca2a
JH		 308 /* We need to ensure that we set this back on if someone changed
309 * the scan mode through a raw HCI socket.
310 */
311 set_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
312
36f7fc7e
JH		 313 old_pscan = test_and_clear_bit(HCI_PSCAN, &hdev->flags);
314 old_iscan = test_and_clear_bit(HCI_ISCAN, &hdev->flags);
315
316 if (param & SCAN_INQUIRY) {
317 set_bit(HCI_ISCAN, &hdev->flags);
318 if (!old_iscan)
744cf19e 319 mgmt_discoverable(hdev, 1);
36f7fc7e 320 } else if (old_iscan)
744cf19e 321 mgmt_discoverable(hdev, 0);
36f7fc7e
JH		 322
323 if (param & SCAN_PAGE) {
324 set_bit(HCI_PSCAN, &hdev->flags);
325 if (!old_pscan)
744cf19e 326 mgmt_connectable(hdev, 1);
36f7fc7e 327 } else if (old_pscan)
744cf19e 328 mgmt_connectable(hdev, 0);
1da177e4 329
36f7fc7e 330done:
56e5cb86 331 hci_dev_unlock(hdev);
a9de9248 332}
1da177e4 333
a9de9248
MH		 334static void hci_cc_read_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
335{
336 struct hci_rp_read_class_of_dev *rp = (void *) skb->data;
1da177e4 337
9f1db00c 338 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1da177e4 339
a9de9248
MH		 340 if (rp->status)
341 return;
1da177e4 342
a9de9248 343 memcpy(hdev->dev_class, rp->dev_class, 3);
1da177e4 344
a9de9248 345 BT_DBG("%s class 0x%.2x%.2x%.2x", hdev->name,
807deac2 346 hdev->dev_class[2], hdev->dev_class[1], hdev->dev_class[0]);
a9de9248 347}
1da177e4 348
a9de9248
MH		 349static void hci_cc_write_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
350{
351 __u8 status = *((__u8 *) skb->data);
352 void *sent;
1da177e4 353
9f1db00c 354 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1da177e4 355
a9de9248
MH		 356 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_CLASS_OF_DEV);
357 if (!sent)
358 return;
1da177e4 359
7f9a903c
MH		 360 hci_dev_lock(hdev);
361
362 if (status == 0)
363 memcpy(hdev->dev_class, sent, 3);
364
365 if (test_bit(HCI_MGMT, &hdev->dev_flags))
366 mgmt_set_class_of_dev_complete(hdev, sent, status);
367
368 hci_dev_unlock(hdev);
a9de9248 369}
1da177e4 370
a9de9248
MH		 371static void hci_cc_read_voice_setting(struct hci_dev *hdev, struct sk_buff *skb)
372{
373 struct hci_rp_read_voice_setting *rp = (void *) skb->data;
374 __u16 setting;
375
9f1db00c 376 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
a9de9248
MH		 377
378 if (rp->status)
379 return;
380
381 setting = __le16_to_cpu(rp->voice_setting);
382
f383f275 383 if (hdev->voice_setting == setting)
a9de9248
MH		 384 return;
385
386 hdev->voice_setting = setting;
387
9f1db00c 388 BT_DBG("%s voice setting 0x%4.4x", hdev->name, setting);
a9de9248 389
3c54711c 390 if (hdev->notify)
a9de9248 391 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
a9de9248
MH		 392}
393
8fc9ced3
GP		 394static void hci_cc_write_voice_setting(struct hci_dev *hdev,
395 struct sk_buff *skb)
a9de9248
MH		 396{
397 __u8 status = *((__u8 *) skb->data);
f383f275 398 __u16 setting;
a9de9248
MH		 399 void *sent;
400
9f1db00c 401 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1da177e4 402
f383f275
MH		 403 if (status)
404 return;
405
a9de9248
MH		 406 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_VOICE_SETTING);
407 if (!sent)
408 return;
1da177e4 409
f383f275 410 setting = get_unaligned_le16(sent);
1da177e4 411
f383f275
MH		 412 if (hdev->voice_setting == setting)
413 return;
414
415 hdev->voice_setting = setting;
1da177e4 416
9f1db00c 417 BT_DBG("%s voice setting 0x%4.4x", hdev->name, setting);
1da177e4 418
3c54711c 419 if (hdev->notify)
f383f275 420 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
1da177e4
LT		 421}
422
b4cb9fb2
MH		 423static void hci_cc_read_num_supported_iac(struct hci_dev *hdev,
424 struct sk_buff *skb)
425{
426 struct hci_rp_read_num_supported_iac *rp = (void *) skb->data;
427
428 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
429
430 if (rp->status)
431 return;
432
433 hdev->num_iac = rp->num_iac;
434
435 BT_DBG("%s num iac %d", hdev->name, hdev->num_iac);
436}
437
333140b5
MH		 438static void hci_cc_write_ssp_mode(struct hci_dev *hdev, struct sk_buff *skb)
439{
440 __u8 status = *((__u8 *) skb->data);
5ed8eb2f 441 struct hci_cp_write_ssp_mode *sent;
333140b5 442
9f1db00c 443 BT_DBG("%s status 0x%2.2x", hdev->name, status);
333140b5 444
333140b5
MH		 445 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SSP_MODE);
446 if (!sent)
447 return;
448
5ed8eb2f
JH		 449 if (!status) {
450 if (sent->mode)
cad718ed 451 hdev->features[1][0] |= LMP_HOST_SSP;
5ed8eb2f 452 else
cad718ed 453 hdev->features[1][0] &= ~LMP_HOST_SSP;
5ed8eb2f
JH		 454 }
455
ed2c4ee3 456 if (test_bit(HCI_MGMT, &hdev->dev_flags))
5ed8eb2f 457 mgmt_ssp_enable_complete(hdev, sent->mode, status);
c0ecddc2 458 else if (!status) {
5ed8eb2f 459 if (sent->mode)
c0ecddc2
JH		 460 set_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
461 else
462 clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
463 }
333140b5
MH		 464}
465
eac83dc6
MH		 466static void hci_cc_write_sc_support(struct hci_dev *hdev, struct sk_buff *skb)
467{
468 u8 status = *((u8 *) skb->data);
469 struct hci_cp_write_sc_support *sent;
470
471 BT_DBG("%s status 0x%2.2x", hdev->name, status);
472
473 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SC_SUPPORT);
474 if (!sent)
475 return;
476
477 if (!status) {
478 if (sent->support)
479 hdev->features[1][0] |= LMP_HOST_SC;
480 else
481 hdev->features[1][0] &= ~LMP_HOST_SC;
482 }
483
484 if (test_bit(HCI_MGMT, &hdev->dev_flags))
485 mgmt_sc_enable_complete(hdev, sent->support, status);
486 else if (!status) {
487 if (sent->support)
488 set_bit(HCI_SC_ENABLED, &hdev->dev_flags);
489 else
490 clear_bit(HCI_SC_ENABLED, &hdev->dev_flags);
491 }
492}
493
a9de9248
MH		 494static void hci_cc_read_local_version(struct hci_dev *hdev, struct sk_buff *skb)
495{
496 struct hci_rp_read_local_version *rp = (void *) skb->data;
1143e5a6 497
9f1db00c 498 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1143e5a6 499
a9de9248 500 if (rp->status)
42c6b129 501 return;
1143e5a6 502
0d5551f5
MH		 503 if (test_bit(HCI_SETUP, &hdev->dev_flags)) {
504 hdev->hci_ver = rp->hci_ver;
505 hdev->hci_rev = __le16_to_cpu(rp->hci_rev);
506 hdev->lmp_ver = rp->lmp_ver;
507 hdev->manufacturer = __le16_to_cpu(rp->manufacturer);
508 hdev->lmp_subver = __le16_to_cpu(rp->lmp_subver);
509 }
d5859e22
JH		 510}
511
8fc9ced3
GP		 512static void hci_cc_read_local_commands(struct hci_dev *hdev,
513 struct sk_buff *skb)
a9de9248
MH		 514{
515 struct hci_rp_read_local_commands *rp = (void *) skb->data;
1da177e4 516
9f1db00c 517 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1da177e4 518
6a070e6e
MH		 519 if (rp->status)
520 return;
521
522 if (test_bit(HCI_SETUP, &hdev->dev_flags))
2177bab5 523 memcpy(hdev->commands, rp->commands, sizeof(hdev->commands));
a9de9248 524}
1da177e4 525
8fc9ced3
GP		 526static void hci_cc_read_local_features(struct hci_dev *hdev,
527 struct sk_buff *skb)
a9de9248
MH		 528{
529 struct hci_rp_read_local_features *rp = (void *) skb->data;
5b7f9909 530
9f1db00c 531 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1da177e4 532
a9de9248
MH		 533 if (rp->status)
534 return;
5b7f9909 535
a9de9248 536 memcpy(hdev->features, rp->features, 8);
5b7f9909 537
a9de9248
MH		 538 /* Adjust default settings according to features
539 * supported by device. */
1da177e4 540
cad718ed 541 if (hdev->features[0][0] & LMP_3SLOT)
a9de9248 542 hdev->pkt_type |= (HCI_DM3 | HCI_DH3);
1da177e4 543
cad718ed 544 if (hdev->features[0][0] & LMP_5SLOT)
a9de9248 545 hdev->pkt_type |= (HCI_DM5 | HCI_DH5);
1da177e4 546
cad718ed 547 if (hdev->features[0][1] & LMP_HV2) {
a9de9248
MH		 548 hdev->pkt_type |= (HCI_HV2);
549 hdev->esco_type |= (ESCO_HV2);
550 }
1da177e4 551
cad718ed 552 if (hdev->features[0][1] & LMP_HV3) {
a9de9248
MH		 553 hdev->pkt_type |= (HCI_HV3);
554 hdev->esco_type |= (ESCO_HV3);
555 }
1da177e4 556
45db810f 557 if (lmp_esco_capable(hdev))
a9de9248 558 hdev->esco_type |= (ESCO_EV3);
da1f5198 559
cad718ed 560 if (hdev->features[0][4] & LMP_EV4)
a9de9248 561 hdev->esco_type |= (ESCO_EV4);
da1f5198 562
cad718ed 563 if (hdev->features[0][4] & LMP_EV5)
a9de9248 564 hdev->esco_type |= (ESCO_EV5);
1da177e4 565
cad718ed 566 if (hdev->features[0][5] & LMP_EDR_ESCO_2M)
efc7688b
MH		 567 hdev->esco_type |= (ESCO_2EV3);
568
cad718ed 569 if (hdev->features[0][5] & LMP_EDR_ESCO_3M)
efc7688b
MH		 570 hdev->esco_type |= (ESCO_3EV3);
571
cad718ed 572 if (hdev->features[0][5] & LMP_EDR_3S_ESCO)
efc7688b 573 hdev->esco_type |= (ESCO_2EV5 | ESCO_3EV5);
a9de9248 574}
1da177e4 575
971e3a4b 576static void hci_cc_read_local_ext_features(struct hci_dev *hdev,
807deac2 577 struct sk_buff *skb)
971e3a4b
AG		 578{
579 struct hci_rp_read_local_ext_features *rp = (void *) skb->data;
580
9f1db00c 581 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
971e3a4b
AG		 582
583 if (rp->status)
42c6b129 584 return;
971e3a4b 585
57af75a8
MH		 586 if (hdev->max_page < rp->max_page)
587 hdev->max_page = rp->max_page;
d2c5d77f 588
cad718ed
JH		 589 if (rp->page < HCI_MAX_PAGES)
590 memcpy(hdev->features[rp->page], rp->features, 8);
971e3a4b
AG		 591}
592
1e89cffb 593static void hci_cc_read_flow_control_mode(struct hci_dev *hdev,
807deac2 594 struct sk_buff *skb)
1e89cffb
AE		 595{
596 struct hci_rp_read_flow_control_mode *rp = (void *) skb->data;
597
9f1db00c 598 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1e89cffb 599
42c6b129
JH		 600 if (!rp->status)
601 hdev->flow_ctl_mode = rp->mode;
1e89cffb
AE		 602}
603
a9de9248
MH		 604static void hci_cc_read_buffer_size(struct hci_dev *hdev, struct sk_buff *skb)
605{
606 struct hci_rp_read_buffer_size *rp = (void *) skb->data;
1da177e4 607
9f1db00c 608 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1da177e4 609
a9de9248
MH		 610 if (rp->status)
611 return;
1da177e4 612
a9de9248
MH		 613 hdev->acl_mtu = __le16_to_cpu(rp->acl_mtu);
614 hdev->sco_mtu = rp->sco_mtu;
615 hdev->acl_pkts = __le16_to_cpu(rp->acl_max_pkt);
616 hdev->sco_pkts = __le16_to_cpu(rp->sco_max_pkt);
617
618 if (test_bit(HCI_QUIRK_FIXUP_BUFFER_SIZE, &hdev->quirks)) {
619 hdev->sco_mtu = 64;
620 hdev->sco_pkts = 8;
1da177e4 621 }
a9de9248
MH		 622
623 hdev->acl_cnt = hdev->acl_pkts;
624 hdev->sco_cnt = hdev->sco_pkts;
625
807deac2
GP		 626 BT_DBG("%s acl mtu %d:%d sco mtu %d:%d", hdev->name, hdev->acl_mtu,
627 hdev->acl_pkts, hdev->sco_mtu, hdev->sco_pkts);
a9de9248
MH		 628}
629
630static void hci_cc_read_bd_addr(struct hci_dev *hdev, struct sk_buff *skb)
631{
632 struct hci_rp_read_bd_addr *rp = (void *) skb->data;
633
9f1db00c 634 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
a9de9248
MH		 635
636 if (!rp->status)
637 bacpy(&hdev->bdaddr, &rp->bdaddr);
23bb5763
JH		 638}
639
f332ec66
JH		 640static void hci_cc_read_page_scan_activity(struct hci_dev *hdev,
641 struct sk_buff *skb)
642{
643 struct hci_rp_read_page_scan_activity *rp = (void *) skb->data;
644
645 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
646
647 if (test_bit(HCI_INIT, &hdev->flags) && !rp->status) {
648 hdev->page_scan_interval = __le16_to_cpu(rp->interval);
649 hdev->page_scan_window = __le16_to_cpu(rp->window);
650 }
651}
652
4a3ee763
JH		 653static void hci_cc_write_page_scan_activity(struct hci_dev *hdev,
654 struct sk_buff *skb)
655{
656 u8 status = *((u8 *) skb->data);
657 struct hci_cp_write_page_scan_activity *sent;
658
659 BT_DBG("%s status 0x%2.2x", hdev->name, status);
660
661 if (status)
662 return;
663
664 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY);
665 if (!sent)
666 return;
667
668 hdev->page_scan_interval = __le16_to_cpu(sent->interval);
669 hdev->page_scan_window = __le16_to_cpu(sent->window);
670}
671
f332ec66
JH		 672static void hci_cc_read_page_scan_type(struct hci_dev *hdev,
673 struct sk_buff *skb)
674{
675 struct hci_rp_read_page_scan_type *rp = (void *) skb->data;
676
677 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
678
679 if (test_bit(HCI_INIT, &hdev->flags) && !rp->status)
680 hdev->page_scan_type = rp->type;
681}
682
4a3ee763
JH		 683static void hci_cc_write_page_scan_type(struct hci_dev *hdev,
684 struct sk_buff *skb)
685{
686 u8 status = *((u8 *) skb->data);
687 u8 *type;
688
689 BT_DBG("%s status 0x%2.2x", hdev->name, status);
690
691 if (status)
692 return;
693
694 type = hci_sent_cmd_data(hdev, HCI_OP_WRITE_PAGE_SCAN_TYPE);
695 if (type)
696 hdev->page_scan_type = *type;
697}
698
350ee4cf 699static void hci_cc_read_data_block_size(struct hci_dev *hdev,
807deac2 700 struct sk_buff *skb)
350ee4cf
AE		 701{
702 struct hci_rp_read_data_block_size *rp = (void *) skb->data;
703
9f1db00c 704 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
350ee4cf
AE		 705
706 if (rp->status)
707 return;
708
709 hdev->block_mtu = __le16_to_cpu(rp->max_acl_len);
710 hdev->block_len = __le16_to_cpu(rp->block_len);
711 hdev->num_blocks = __le16_to_cpu(rp->num_blocks);
712
713 hdev->block_cnt = hdev->num_blocks;
714
715 BT_DBG("%s blk mtu %d cnt %d len %d", hdev->name, hdev->block_mtu,
807deac2 716 hdev->block_cnt, hdev->block_len);
350ee4cf
AE		 717}
718
928abaa7 719static void hci_cc_read_local_amp_info(struct hci_dev *hdev,
807deac2 720 struct sk_buff *skb)
928abaa7
AE		 721{
722 struct hci_rp_read_local_amp_info *rp = (void *) skb->data;
723
9f1db00c 724 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
928abaa7
AE		 725
726 if (rp->status)
8e2a0d92 727 goto a2mp_rsp;
928abaa7
AE		 728
729 hdev->amp_status = rp->amp_status;
730 hdev->amp_total_bw = __le32_to_cpu(rp->total_bw);
731 hdev->amp_max_bw = __le32_to_cpu(rp->max_bw);
732 hdev->amp_min_latency = __le32_to_cpu(rp->min_latency);
733 hdev->amp_max_pdu = __le32_to_cpu(rp->max_pdu);
734 hdev->amp_type = rp->amp_type;
735 hdev->amp_pal_cap = __le16_to_cpu(rp->pal_cap);
736 hdev->amp_assoc_size = __le16_to_cpu(rp->max_assoc_size);
737 hdev->amp_be_flush_to = __le32_to_cpu(rp->be_flush_to);
738 hdev->amp_max_flush_to = __le32_to_cpu(rp->max_flush_to);
739
8e2a0d92
AE		 740a2mp_rsp:
741 a2mp_send_getinfo_rsp(hdev);
928abaa7
AE		 742}
743
903e4541
AE		 744static void hci_cc_read_local_amp_assoc(struct hci_dev *hdev,
745 struct sk_buff *skb)
746{
747 struct hci_rp_read_local_amp_assoc *rp = (void *) skb->data;
748 struct amp_assoc *assoc = &hdev->loc_assoc;
749 size_t rem_len, frag_len;
750
751 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
752
753 if (rp->status)
754 goto a2mp_rsp;
755
756 frag_len = skb->len - sizeof(*rp);
757 rem_len = __le16_to_cpu(rp->rem_len);
758
759 if (rem_len > frag_len) {
2e430be3 760 BT_DBG("frag_len %zu rem_len %zu", frag_len, rem_len);
903e4541
AE		 761
762 memcpy(assoc->data + assoc->offset, rp->frag, frag_len);
763 assoc->offset += frag_len;
764
765 /* Read other fragments */
766 amp_read_loc_assoc_frag(hdev, rp->phy_handle);
767
768 return;
769 }
770
771 memcpy(assoc->data + assoc->offset, rp->frag, rem_len);
772 assoc->len = assoc->offset + rem_len;
773 assoc->offset = 0;
774
775a2mp_rsp:
776 /* Send A2MP Rsp when all fragments are received */
777 a2mp_send_getampassoc_rsp(hdev, rp->status);
9495b2ee 778 a2mp_send_create_phy_link_req(hdev, rp->status);
903e4541
AE		 779}
780
d5859e22 781static void hci_cc_read_inq_rsp_tx_power(struct hci_dev *hdev,
807deac2 782 struct sk_buff *skb)
d5859e22 783{
91c4e9b1 784 struct hci_rp_read_inq_rsp_tx_power *rp = (void *) skb->data;
d5859e22 785
9f1db00c 786 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
91c4e9b1
MH		 787
788 if (!rp->status)
789 hdev->inq_tx_power = rp->tx_power;
d5859e22
JH		 790}
791
980e1a53
JH		 792static void hci_cc_pin_code_reply(struct hci_dev *hdev, struct sk_buff *skb)
793{
794 struct hci_rp_pin_code_reply *rp = (void *) skb->data;
795 struct hci_cp_pin_code_reply *cp;
796 struct hci_conn *conn;
797
9f1db00c 798 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
980e1a53 799
56e5cb86
JH		 800 hci_dev_lock(hdev);
801
a8b2d5c2 802 if (test_bit(HCI_MGMT, &hdev->dev_flags))
744cf19e 803 mgmt_pin_code_reply_complete(hdev, &rp->bdaddr, rp->status);
980e1a53 804
fa1bd918 805 if (rp->status)
56e5cb86 806 goto unlock;
980e1a53
JH		 807
808 cp = hci_sent_cmd_data(hdev, HCI_OP_PIN_CODE_REPLY);
809 if (!cp)
56e5cb86 810 goto unlock;
980e1a53
JH		 811
812 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
813 if (conn)
814 conn->pin_length = cp->pin_len;
56e5cb86
JH		 815
816unlock:
817 hci_dev_unlock(hdev);
980e1a53
JH		 818}
819
820static void hci_cc_pin_code_neg_reply(struct hci_dev *hdev, struct sk_buff *skb)
821{
822 struct hci_rp_pin_code_neg_reply *rp = (void *) skb->data;
823
9f1db00c 824 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
980e1a53 825
56e5cb86
JH		 826 hci_dev_lock(hdev);
827
a8b2d5c2 828 if (test_bit(HCI_MGMT, &hdev->dev_flags))
744cf19e 829 mgmt_pin_code_neg_reply_complete(hdev, &rp->bdaddr,
807deac2 830 rp->status);
56e5cb86
JH		 831
832 hci_dev_unlock(hdev);
980e1a53 833}
56e5cb86 834
6ed58ec5
VT		 835static void hci_cc_le_read_buffer_size(struct hci_dev *hdev,
836 struct sk_buff *skb)
837{
838 struct hci_rp_le_read_buffer_size *rp = (void *) skb->data;
839
9f1db00c 840 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
6ed58ec5
VT		 841
842 if (rp->status)
843 return;
844
845 hdev->le_mtu = __le16_to_cpu(rp->le_mtu);
846 hdev->le_pkts = rp->le_max_pkt;
847
848 hdev->le_cnt = hdev->le_pkts;
849
850 BT_DBG("%s le mtu %d:%d", hdev->name, hdev->le_mtu, hdev->le_pkts);
6ed58ec5 851}
980e1a53 852
60e77321
JH		 853static void hci_cc_le_read_local_features(struct hci_dev *hdev,
854 struct sk_buff *skb)
855{
856 struct hci_rp_le_read_local_features *rp = (void *) skb->data;
857
858 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
859
860 if (!rp->status)
861 memcpy(hdev->le_features, rp->features, 8);
60e77321
JH		 862}
863
8fa19098
JH		 864static void hci_cc_le_read_adv_tx_power(struct hci_dev *hdev,
865 struct sk_buff *skb)
866{
867 struct hci_rp_le_read_adv_tx_power *rp = (void *) skb->data;
868
869 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
870
04b4edcb 871 if (!rp->status)
8fa19098 872 hdev->adv_tx_power = rp->tx_power;
8fa19098
JH		 873}
874
a5c29683
JH		 875static void hci_cc_user_confirm_reply(struct hci_dev *hdev, struct sk_buff *skb)
876{
877 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
878
9f1db00c 879 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
a5c29683 880
56e5cb86
JH		 881 hci_dev_lock(hdev);
882
a8b2d5c2 883 if (test_bit(HCI_MGMT, &hdev->dev_flags))
04124681
GP		 884 mgmt_user_confirm_reply_complete(hdev, &rp->bdaddr, ACL_LINK, 0,
885 rp->status);
56e5cb86
JH		 886
887 hci_dev_unlock(hdev);
a5c29683
JH		 888}
889
890static void hci_cc_user_confirm_neg_reply(struct hci_dev *hdev,
807deac2 891 struct sk_buff *skb)
a5c29683
JH		 892{
893 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
894
9f1db00c 895 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
a5c29683 896
56e5cb86
JH		 897 hci_dev_lock(hdev);
898
a8b2d5c2 899 if (test_bit(HCI_MGMT, &hdev->dev_flags))
744cf19e 900 mgmt_user_confirm_neg_reply_complete(hdev, &rp->bdaddr,
04124681 901 ACL_LINK, 0, rp->status);
56e5cb86
JH		 902
903 hci_dev_unlock(hdev);
a5c29683
JH		 904}
905
1143d458
BG		 906static void hci_cc_user_passkey_reply(struct hci_dev *hdev, struct sk_buff *skb)
907{
908 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
909
9f1db00c 910 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1143d458
BG		 911
912 hci_dev_lock(hdev);
913
a8b2d5c2 914 if (test_bit(HCI_MGMT, &hdev->dev_flags))
272d90df 915 mgmt_user_passkey_reply_complete(hdev, &rp->bdaddr, ACL_LINK,
04124681 916 0, rp->status);
1143d458
BG		 917
918 hci_dev_unlock(hdev);
919}
920
921static void hci_cc_user_passkey_neg_reply(struct hci_dev *hdev,
807deac2 922 struct sk_buff *skb)
1143d458
BG		 923{
924 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
925
9f1db00c 926 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1143d458
BG		 927
928 hci_dev_lock(hdev);
929
a8b2d5c2 930 if (test_bit(HCI_MGMT, &hdev->dev_flags))
1143d458 931 mgmt_user_passkey_neg_reply_complete(hdev, &rp->bdaddr,
04124681 932 ACL_LINK, 0, rp->status);
1143d458
BG		 933
934 hci_dev_unlock(hdev);
935}
936
4d2d2796
MH		 937static void hci_cc_read_local_oob_data(struct hci_dev *hdev,
938 struct sk_buff *skb)
c35938b2
SJ		 939{
940 struct hci_rp_read_local_oob_data *rp = (void *) skb->data;
941
9f1db00c 942 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
c35938b2 943
56e5cb86 944 hci_dev_lock(hdev);
4d2d2796
MH		 945 mgmt_read_local_oob_data_complete(hdev, rp->hash, rp->randomizer,
946 NULL, NULL, rp->status);
947 hci_dev_unlock(hdev);
948}
949
950static void hci_cc_read_local_oob_ext_data(struct hci_dev *hdev,
951 struct sk_buff *skb)
952{
953 struct hci_rp_read_local_oob_ext_data *rp = (void *) skb->data;
954
955 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
956
957 hci_dev_lock(hdev);
958 mgmt_read_local_oob_data_complete(hdev, rp->hash192, rp->randomizer192,
959 rp->hash256, rp->randomizer256,
960 rp->status);
56e5cb86 961 hci_dev_unlock(hdev);
c35938b2
SJ		 962}
963
7a4cd51d
MH		 964
965static void hci_cc_le_set_random_addr(struct hci_dev *hdev, struct sk_buff *skb)
966{
967 __u8 status = *((__u8 *) skb->data);
968 bdaddr_t *sent;
969
970 BT_DBG("%s status 0x%2.2x", hdev->name, status);
971
972 sent = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_RANDOM_ADDR);
973 if (!sent)
974 return;
975
976 hci_dev_lock(hdev);
977
978 if (!status)
979 bacpy(&hdev->random_addr, sent);
980
981 hci_dev_unlock(hdev);
982}
983
c1d5dc4a
JH		 984static void hci_cc_le_set_adv_enable(struct hci_dev *hdev, struct sk_buff *skb)
985{
986 __u8 *sent, status = *((__u8 *) skb->data);
987
988 BT_DBG("%s status 0x%2.2x", hdev->name, status);
989
990 sent = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_ADV_ENABLE);
991 if (!sent)
992 return;
993
3c857757
JH		 994 if (status)
995 return;
996
c1d5dc4a
JH		 997 hci_dev_lock(hdev);
998
3c857757
JH		 999 /* If we're doing connection initation as peripheral. Set a
1000 * timeout in case something goes wrong.
1001 */
1002 if (*sent) {
1003 struct hci_conn *conn;
1004
1005 conn = hci_conn_hash_lookup_state(hdev, LE_LINK, BT_CONNECT);
1006 if (conn)
1007 queue_delayed_work(hdev->workqueue,
1008 &conn->le_conn_timeout,
1009 HCI_LE_CONN_TIMEOUT);
1010 }
1011
1012 mgmt_advertising(hdev, *sent);
c1d5dc4a 1013
04b4edcb 1014 hci_dev_unlock(hdev);
c1d5dc4a
JH		 1015}
1016
533553f8
MH		 1017static void hci_cc_le_set_scan_param(struct hci_dev *hdev, struct sk_buff *skb)
1018{
1019 struct hci_cp_le_set_scan_param *cp;
1020 __u8 status = *((__u8 *) skb->data);
1021
1022 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1023
1024 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_SCAN_PARAM);
1025 if (!cp)
1026 return;
1027
1028 hci_dev_lock(hdev);
1029
1030 if (!status)
1031 hdev->le_scan_type = cp->type;
1032
1033 hci_dev_unlock(hdev);
1034}
1035
eb9d91f5 1036static void hci_cc_le_set_scan_enable(struct hci_dev *hdev,
807deac2 1037 struct sk_buff *skb)
eb9d91f5
AG		 1038{
1039 struct hci_cp_le_set_scan_enable *cp;
1040 __u8 status = *((__u8 *) skb->data);
1041
9f1db00c 1042 BT_DBG("%s status 0x%2.2x", hdev->name, status);
eb9d91f5 1043
eb9d91f5
AG		 1044 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_SCAN_ENABLE);
1045 if (!cp)
1046 return;
1047
3fd319b8
AG		 1048 if (status)
1049 return;
1050
68a8aea4 1051 switch (cp->enable) {
76a388be 1052 case LE_SCAN_ENABLE:
d23264a8 1053 set_bit(HCI_LE_SCAN, &hdev->dev_flags);
68a8aea4
AE		 1054 break;
1055
76a388be 1056 case LE_SCAN_DISABLE:
317ac8cb
JH		 1057 /* Cancel this timer so that we don't try to disable scanning
1058 * when it's already disabled.
1059 */
1060 cancel_delayed_work(&hdev->le_scan_disable);
1061
d23264a8 1062 clear_bit(HCI_LE_SCAN, &hdev->dev_flags);
81ad6fd9
JH		 1063 /* The HCI_LE_SCAN_INTERRUPTED flag indicates that we
1064 * interrupted scanning due to a connect request. Mark
1065 * therefore discovery as stopped.
1066 */
1067 if (test_and_clear_bit(HCI_LE_SCAN_INTERRUPTED,
1068 &hdev->dev_flags))
1069 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
68a8aea4
AE		 1070 break;
1071
1072 default:
1073 BT_ERR("Used reserved LE_Scan_Enable param %d", cp->enable);
1074 break;
35815085 1075 }
eb9d91f5
AG		 1076}
1077
cf1d081f
JH		 1078static void hci_cc_le_read_white_list_size(struct hci_dev *hdev,
1079 struct sk_buff *skb)
1080{
1081 struct hci_rp_le_read_white_list_size *rp = (void *) skb->data;
1082
1083 BT_DBG("%s status 0x%2.2x size %u", hdev->name, rp->status, rp->size);
1084
1085 if (!rp->status)
1086 hdev->le_white_list_size = rp->size;
cf1d081f
JH		 1087}
1088
0f36b589
MH		 1089static void hci_cc_le_clear_white_list(struct hci_dev *hdev,
1090 struct sk_buff *skb)
1091{
1092 __u8 status = *((__u8 *) skb->data);
1093
1094 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1095
1096 if (!status)
1097 hci_white_list_clear(hdev);
1098}
1099
1100static void hci_cc_le_add_to_white_list(struct hci_dev *hdev,
1101 struct sk_buff *skb)
1102{
1103 struct hci_cp_le_add_to_white_list *sent;
1104 __u8 status = *((__u8 *) skb->data);
1105
1106 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1107
1108 sent = hci_sent_cmd_data(hdev, HCI_OP_LE_ADD_TO_WHITE_LIST);
1109 if (!sent)
1110 return;
1111
1112 if (!status)
1113 hci_white_list_add(hdev, &sent->bdaddr, sent->bdaddr_type);
1114}
1115
1116static void hci_cc_le_del_from_white_list(struct hci_dev *hdev,
1117 struct sk_buff *skb)
1118{
1119 struct hci_cp_le_del_from_white_list *sent;
1120 __u8 status = *((__u8 *) skb->data);
1121
1122 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1123
1124 sent = hci_sent_cmd_data(hdev, HCI_OP_LE_DEL_FROM_WHITE_LIST);
1125 if (!sent)
1126 return;
1127
1128 if (!status)
1129 hci_white_list_del(hdev, &sent->bdaddr, sent->bdaddr_type);
1130}
1131
9b008c04
JH		 1132static void hci_cc_le_read_supported_states(struct hci_dev *hdev,
1133 struct sk_buff *skb)
1134{
1135 struct hci_rp_le_read_supported_states *rp = (void *) skb->data;
1136
1137 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1138
1139 if (!rp->status)
1140 memcpy(hdev->le_states, rp->le_states, 8);
9b008c04
JH		 1141}
1142
6039aa73
GP		 1143static void hci_cc_write_le_host_supported(struct hci_dev *hdev,
1144 struct sk_buff *skb)
f9b49306 1145{
06199cf8 1146 struct hci_cp_write_le_host_supported *sent;
f9b49306
AG		 1147 __u8 status = *((__u8 *) skb->data);
1148
9f1db00c 1149 BT_DBG("%s status 0x%2.2x", hdev->name, status);
f9b49306 1150
06199cf8 1151 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED);
8f984dfa 1152 if (!sent)
f9b49306
AG		 1153 return;
1154
8f984dfa 1155 if (!status) {
416a4ae5 1156 if (sent->le) {
cad718ed 1157 hdev->features[1][0] |= LMP_HOST_LE;
416a4ae5
JH		 1158 set_bit(HCI_LE_ENABLED, &hdev->dev_flags);
1159 } else {
cad718ed 1160 hdev->features[1][0] &= ~LMP_HOST_LE;
416a4ae5 1161 clear_bit(HCI_LE_ENABLED, &hdev->dev_flags);
f3d3444a 1162 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
416a4ae5 1163 }
53b2caab
JH		 1164
1165 if (sent->simul)
cad718ed 1166 hdev->features[1][0] |= LMP_HOST_LE_BREDR;
53b2caab 1167 else
cad718ed 1168 hdev->features[1][0] &= ~LMP_HOST_LE_BREDR;
8f984dfa 1169 }
f9b49306
AG		 1170}
1171
56ed2cb8
JH		 1172static void hci_cc_set_adv_param(struct hci_dev *hdev, struct sk_buff *skb)
1173{
1174 struct hci_cp_le_set_adv_param *cp;
1175 u8 status = *((u8 *) skb->data);
1176
1177 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1178
1179 if (status)
1180 return;
1181
1182 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_ADV_PARAM);
1183 if (!cp)
1184 return;
1185
1186 hci_dev_lock(hdev);
1187 hdev->adv_addr_type = cp->own_address_type;
1188 hci_dev_unlock(hdev);
1189}
1190
93c284ee
AE		 1191static void hci_cc_write_remote_amp_assoc(struct hci_dev *hdev,
1192 struct sk_buff *skb)
1193{
1194 struct hci_rp_write_remote_amp_assoc *rp = (void *) skb->data;
1195
1196 BT_DBG("%s status 0x%2.2x phy_handle 0x%2.2x",
1197 hdev->name, rp->status, rp->phy_handle);
1198
1199 if (rp->status)
1200 return;
1201
1202 amp_write_rem_assoc_continue(hdev, rp->phy_handle);
1203}
1204
6039aa73 1205static void hci_cs_inquiry(struct hci_dev *hdev, __u8 status)
a9de9248 1206{
9f1db00c 1207 BT_DBG("%s status 0x%2.2x", hdev->name, status);
a9de9248
MH		 1208
1209 if (status) {
a9de9248 1210 hci_conn_check_pending(hdev);
314b2381
JH		 1211 return;
1212 }
1213
89352e7d 1214 set_bit(HCI_INQUIRY, &hdev->flags);
1da177e4
LT		 1215}
1216
6039aa73 1217static void hci_cs_create_conn(struct hci_dev *hdev, __u8 status)
1da177e4 1218{
a9de9248 1219 struct hci_cp_create_conn *cp;
1da177e4 1220 struct hci_conn *conn;
1da177e4 1221
9f1db00c 1222 BT_DBG("%s status 0x%2.2x", hdev->name, status);
a9de9248
MH		 1223
1224 cp = hci_sent_cmd_data(hdev, HCI_OP_CREATE_CONN);
1da177e4
LT		 1225 if (!cp)
1226 return;
1227
1228 hci_dev_lock(hdev);
1229
1230 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1231
6ed93dc6 1232 BT_DBG("%s bdaddr %pMR hcon %p", hdev->name, &cp->bdaddr, conn);
1da177e4
LT		 1233
1234 if (status) {
1235 if (conn && conn->state == BT_CONNECT) {
4c67bc74
MH		 1236 if (status != 0x0c || conn->attempt > 2) {
1237 conn->state = BT_CLOSED;
1238 hci_proto_connect_cfm(conn, status);
1239 hci_conn_del(conn);
1240 } else
1241 conn->state = BT_CONNECT2;
1da177e4
LT		 1242 }
1243 } else {
1244 if (!conn) {
1245 conn = hci_conn_add(hdev, ACL_LINK, &cp->bdaddr);
1246 if (conn) {
a0c808b3 1247 conn->out = true;
1da177e4
LT		 1248 conn->link_mode |= HCI_LM_MASTER;
1249 } else
893ef971 1250 BT_ERR("No memory for new connection");
1da177e4
LT		 1251 }
1252 }
1253
1254 hci_dev_unlock(hdev);
1255}
1256
a9de9248 1257static void hci_cs_add_sco(struct hci_dev *hdev, __u8 status)
1da177e4 1258{
a9de9248
MH		 1259 struct hci_cp_add_sco *cp;
1260 struct hci_conn *acl, *sco;
1261 __u16 handle;
1da177e4 1262
9f1db00c 1263 BT_DBG("%s status 0x%2.2x", hdev->name, status);
b6a0dc82 1264
a9de9248
MH		 1265 if (!status)
1266 return;
1da177e4 1267
a9de9248
MH		 1268 cp = hci_sent_cmd_data(hdev, HCI_OP_ADD_SCO);
1269 if (!cp)
1270 return;
1da177e4 1271
a9de9248 1272 handle = __le16_to_cpu(cp->handle);
1da177e4 1273
9f1db00c 1274 BT_DBG("%s handle 0x%4.4x", hdev->name, handle);
1da177e4 1275
a9de9248 1276 hci_dev_lock(hdev);
1da177e4 1277
a9de9248 1278 acl = hci_conn_hash_lookup_handle(hdev, handle);
5a08ecce
AE		 1279 if (acl) {
1280 sco = acl->link;
1281 if (sco) {
1282 sco->state = BT_CLOSED;
1da177e4 1283
5a08ecce
AE		 1284 hci_proto_connect_cfm(sco, status);
1285 hci_conn_del(sco);
1286 }
a9de9248 1287 }
1da177e4 1288
a9de9248
MH		 1289 hci_dev_unlock(hdev);
1290}
1da177e4 1291
f8558555
MH		 1292static void hci_cs_auth_requested(struct hci_dev *hdev, __u8 status)
1293{
1294 struct hci_cp_auth_requested *cp;
1295 struct hci_conn *conn;
1296
9f1db00c 1297 BT_DBG("%s status 0x%2.2x", hdev->name, status);
f8558555
MH		 1298
1299 if (!status)
1300 return;
1301
1302 cp = hci_sent_cmd_data(hdev, HCI_OP_AUTH_REQUESTED);
1303 if (!cp)
1304 return;
1305
1306 hci_dev_lock(hdev);
1307
1308 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1309 if (conn) {
1310 if (conn->state == BT_CONFIG) {
1311 hci_proto_connect_cfm(conn, status);
76a68ba0 1312 hci_conn_drop(conn);
f8558555
MH		 1313 }
1314 }
1315
1316 hci_dev_unlock(hdev);
1317}
1318
1319static void hci_cs_set_conn_encrypt(struct hci_dev *hdev, __u8 status)
1320{
1321 struct hci_cp_set_conn_encrypt *cp;
1322 struct hci_conn *conn;
1323
9f1db00c 1324 BT_DBG("%s status 0x%2.2x", hdev->name, status);
f8558555
MH		 1325
1326 if (!status)
1327 return;
1328
1329 cp = hci_sent_cmd_data(hdev, HCI_OP_SET_CONN_ENCRYPT);
1330 if (!cp)
1331 return;
1332
1333 hci_dev_lock(hdev);
1334
1335 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1336 if (conn) {
1337 if (conn->state == BT_CONFIG) {
1338 hci_proto_connect_cfm(conn, status);
76a68ba0 1339 hci_conn_drop(conn);
f8558555
MH		 1340 }
1341 }
1342
1343 hci_dev_unlock(hdev);
1344}
1345
127178d2 1346static int hci_outgoing_auth_needed(struct hci_dev *hdev,
807deac2 1347 struct hci_conn *conn)
392599b9 1348{
392599b9
JH		 1349 if (conn->state != BT_CONFIG || !conn->out)
1350 return 0;
1351
765c2a96 1352 if (conn->pending_sec_level == BT_SECURITY_SDP)
392599b9
JH		 1353 return 0;
1354
1355 /* Only request authentication for SSP connections or non-SSP
264b8b4e
JH		 1356 * devices with sec_level MEDIUM or HIGH or if MITM protection
1357 * is requested.
1358 */
807deac2 1359 if (!hci_conn_ssp_enabled(conn) && !(conn->auth_type & 0x01) &&
264b8b4e
JH		 1360 conn->pending_sec_level != BT_SECURITY_HIGH &&
1361 conn->pending_sec_level != BT_SECURITY_MEDIUM)
392599b9
JH		 1362 return 0;
1363
392599b9
JH		 1364 return 1;
1365}
1366
6039aa73 1367static int hci_resolve_name(struct hci_dev *hdev,
04124681 1368 struct inquiry_entry *e)
30dc78e1
JH		 1369{
1370 struct hci_cp_remote_name_req cp;
1371
1372 memset(&cp, 0, sizeof(cp));
1373
1374 bacpy(&cp.bdaddr, &e->data.bdaddr);
1375 cp.pscan_rep_mode = e->data.pscan_rep_mode;
1376 cp.pscan_mode = e->data.pscan_mode;
1377 cp.clock_offset = e->data.clock_offset;
1378
1379 return hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
1380}
1381
b644ba33 1382static bool hci_resolve_next_name(struct hci_dev *hdev)
30dc78e1
JH		 1383{
1384 struct discovery_state *discov = &hdev->discovery;
1385 struct inquiry_entry *e;
1386
b644ba33
JH		 1387 if (list_empty(&discov->resolve))
1388 return false;
1389
1390 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_NEEDED);
c810089c
RM		 1391 if (!e)
1392 return false;
1393
b644ba33
JH		 1394 if (hci_resolve_name(hdev, e) == 0) {
1395 e->name_state = NAME_PENDING;
1396 return true;
1397 }
1398
1399 return false;
1400}
1401
1402static void hci_check_pending_name(struct hci_dev *hdev, struct hci_conn *conn,
04124681 1403 bdaddr_t *bdaddr, u8 *name, u8 name_len)
b644ba33
JH		 1404{
1405 struct discovery_state *discov = &hdev->discovery;
1406 struct inquiry_entry *e;
1407
1408 if (conn && !test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
04124681
GP		 1409 mgmt_device_connected(hdev, bdaddr, ACL_LINK, 0x00, 0, name,
1410 name_len, conn->dev_class);
b644ba33
JH		 1411
1412 if (discov->state == DISCOVERY_STOPPED)
1413 return;
1414
30dc78e1
JH		 1415 if (discov->state == DISCOVERY_STOPPING)
1416 goto discov_complete;
1417
1418 if (discov->state != DISCOVERY_RESOLVING)
1419 return;
1420
1421 e = hci_inquiry_cache_lookup_resolve(hdev, bdaddr, NAME_PENDING);
7cc8380e
RM		 1422 /* If the device was not found in a list of found devices names of which
1423 * are pending. there is no need to continue resolving a next name as it
1424 * will be done upon receiving another Remote Name Request Complete
1425 * Event */
1426 if (!e)
1427 return;
1428
1429 list_del(&e->list);
1430 if (name) {
30dc78e1 1431 e->name_state = NAME_KNOWN;
7cc8380e
RM		 1432 mgmt_remote_name(hdev, bdaddr, ACL_LINK, 0x00,
1433 e->data.rssi, name, name_len);
c3e7c0d9
RM		 1434 } else {
1435 e->name_state = NAME_NOT_KNOWN;
30dc78e1
JH		 1436 }
1437
b644ba33 1438 if (hci_resolve_next_name(hdev))
30dc78e1 1439 return;
30dc78e1
JH		 1440
1441discov_complete:
1442 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1443}
1444
a9de9248
MH		 1445static void hci_cs_remote_name_req(struct hci_dev *hdev, __u8 status)
1446{
127178d2
JH		 1447 struct hci_cp_remote_name_req *cp;
1448 struct hci_conn *conn;
1449
9f1db00c 1450 BT_DBG("%s status 0x%2.2x", hdev->name, status);
127178d2
JH		 1451
1452 /* If successful wait for the name req complete event before
1453 * checking for the need to do authentication */
1454 if (!status)
1455 return;
1456
1457 cp = hci_sent_cmd_data(hdev, HCI_OP_REMOTE_NAME_REQ);
1458 if (!cp)
1459 return;
1460
1461 hci_dev_lock(hdev);
1462
b644ba33
JH		 1463 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1464
a8b2d5c2 1465 if (test_bit(HCI_MGMT, &hdev->dev_flags))
b644ba33 1466 hci_check_pending_name(hdev, conn, &cp->bdaddr, NULL, 0);
30dc78e1 1467
79c6c70c
JH		 1468 if (!conn)
1469 goto unlock;
1470
1471 if (!hci_outgoing_auth_needed(hdev, conn))
1472 goto unlock;
1473
51a8efd7 1474 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
c1f23a2b
JB		 1475 struct hci_cp_auth_requested auth_cp;
1476
1477 auth_cp.handle = __cpu_to_le16(conn->handle);
1478 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED,
1479 sizeof(auth_cp), &auth_cp);
127178d2
JH		 1480 }
1481
79c6c70c 1482unlock:
127178d2 1483 hci_dev_unlock(hdev);
a9de9248 1484}
1da177e4 1485
769be974
MH		 1486static void hci_cs_read_remote_features(struct hci_dev *hdev, __u8 status)
1487{
1488 struct hci_cp_read_remote_features *cp;
1489 struct hci_conn *conn;
1490
9f1db00c 1491 BT_DBG("%s status 0x%2.2x", hdev->name, status);
769be974
MH		 1492
1493 if (!status)
1494 return;
1495
1496 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_FEATURES);
1497 if (!cp)
1498 return;
1499
1500 hci_dev_lock(hdev);
1501
1502 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1503 if (conn) {
1504 if (conn->state == BT_CONFIG) {
769be974 1505 hci_proto_connect_cfm(conn, status);
76a68ba0 1506 hci_conn_drop(conn);
769be974
MH		 1507 }
1508 }
1509
1510 hci_dev_unlock(hdev);
1511}
1512
1513static void hci_cs_read_remote_ext_features(struct hci_dev *hdev, __u8 status)
1514{
1515 struct hci_cp_read_remote_ext_features *cp;
1516 struct hci_conn *conn;
1517
9f1db00c 1518 BT_DBG("%s status 0x%2.2x", hdev->name, status);
769be974
MH		 1519
1520 if (!status)
1521 return;
1522
1523 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES);
1524 if (!cp)
1525 return;
1526
1527 hci_dev_lock(hdev);
1528
1529 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1530 if (conn) {
1531 if (conn->state == BT_CONFIG) {
769be974 1532 hci_proto_connect_cfm(conn, status);
76a68ba0 1533 hci_conn_drop(conn);
769be974
MH		 1534 }
1535 }
1536
1537 hci_dev_unlock(hdev);
1538}
1539
a9de9248
MH		 1540static void hci_cs_setup_sync_conn(struct hci_dev *hdev, __u8 status)
1541{
b6a0dc82
MH		 1542 struct hci_cp_setup_sync_conn *cp;
1543 struct hci_conn *acl, *sco;
1544 __u16 handle;
1545
9f1db00c 1546 BT_DBG("%s status 0x%2.2x", hdev->name, status);
b6a0dc82
MH		 1547
1548 if (!status)
1549 return;
1550
1551 cp = hci_sent_cmd_data(hdev, HCI_OP_SETUP_SYNC_CONN);
1552 if (!cp)
1553 return;
1554
1555 handle = __le16_to_cpu(cp->handle);
1556
9f1db00c 1557 BT_DBG("%s handle 0x%4.4x", hdev->name, handle);
b6a0dc82
MH		 1558
1559 hci_dev_lock(hdev);
1560
1561 acl = hci_conn_hash_lookup_handle(hdev, handle);
5a08ecce
AE		 1562 if (acl) {
1563 sco = acl->link;
1564 if (sco) {
1565 sco->state = BT_CLOSED;
b6a0dc82 1566
5a08ecce
AE		 1567 hci_proto_connect_cfm(sco, status);
1568 hci_conn_del(sco);
1569 }
b6a0dc82
MH		 1570 }
1571
1572 hci_dev_unlock(hdev);
1da177e4
LT		 1573}
1574
a9de9248 1575static void hci_cs_sniff_mode(struct hci_dev *hdev, __u8 status)
1da177e4 1576{
a9de9248
MH		 1577 struct hci_cp_sniff_mode *cp;
1578 struct hci_conn *conn;
1da177e4 1579
9f1db00c 1580 BT_DBG("%s status 0x%2.2x", hdev->name, status);
04837f64 1581
a9de9248
MH		 1582 if (!status)
1583 return;
04837f64 1584
a9de9248
MH		 1585 cp = hci_sent_cmd_data(hdev, HCI_OP_SNIFF_MODE);
1586 if (!cp)
1587 return;
04837f64 1588
a9de9248 1589 hci_dev_lock(hdev);
04837f64 1590
a9de9248 1591 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
e73439d8 1592 if (conn) {
51a8efd7 1593 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags);
04837f64 1594
51a8efd7 1595 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
e73439d8
MH		 1596 hci_sco_setup(conn, status);
1597 }
1598
a9de9248
MH		 1599 hci_dev_unlock(hdev);
1600}
04837f64 1601
a9de9248
MH		 1602static void hci_cs_exit_sniff_mode(struct hci_dev *hdev, __u8 status)
1603{
1604 struct hci_cp_exit_sniff_mode *cp;
1605 struct hci_conn *conn;
04837f64 1606
9f1db00c 1607 BT_DBG("%s status 0x%2.2x", hdev->name, status);
04837f64 1608
a9de9248
MH		 1609 if (!status)
1610 return;
04837f64 1611
a9de9248
MH		 1612 cp = hci_sent_cmd_data(hdev, HCI_OP_EXIT_SNIFF_MODE);
1613 if (!cp)
1614 return;
04837f64 1615
a9de9248 1616 hci_dev_lock(hdev);
1da177e4 1617
a9de9248 1618 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
e73439d8 1619 if (conn) {
51a8efd7 1620 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags);
1da177e4 1621
51a8efd7 1622 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
e73439d8
MH		 1623 hci_sco_setup(conn, status);
1624 }
1625
a9de9248 1626 hci_dev_unlock(hdev);
1da177e4
LT		 1627}
1628
88c3df13
JH		 1629static void hci_cs_disconnect(struct hci_dev *hdev, u8 status)
1630{
1631 struct hci_cp_disconnect *cp;
1632 struct hci_conn *conn;
1633
1634 if (!status)
1635 return;
1636
1637 cp = hci_sent_cmd_data(hdev, HCI_OP_DISCONNECT);
1638 if (!cp)
1639 return;
1640
1641 hci_dev_lock(hdev);
1642
1643 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1644 if (conn)
1645 mgmt_disconnect_failed(hdev, &conn->dst, conn->type,
04124681 1646 conn->dst_type, status);
88c3df13
JH		 1647
1648 hci_dev_unlock(hdev);
1649}
1650
a02226d6
AE		 1651static void hci_cs_create_phylink(struct hci_dev *hdev, u8 status)
1652{
93c284ee
AE		 1653 struct hci_cp_create_phy_link *cp;
1654
a02226d6 1655 BT_DBG("%s status 0x%2.2x", hdev->name, status);
93c284ee 1656
93c284ee
AE		 1657 cp = hci_sent_cmd_data(hdev, HCI_OP_CREATE_PHY_LINK);
1658 if (!cp)
1659 return;
1660
e58917b9
AE		 1661 hci_dev_lock(hdev);
1662
1663 if (status) {
1664 struct hci_conn *hcon;
1665
1666 hcon = hci_conn_hash_lookup_handle(hdev, cp->phy_handle);
1667 if (hcon)
1668 hci_conn_del(hcon);
1669 } else {
1670 amp_write_remote_assoc(hdev, cp->phy_handle);
1671 }
1672
1673 hci_dev_unlock(hdev);
a02226d6
AE		 1674}
1675
0b26ab9d
AE		 1676static void hci_cs_accept_phylink(struct hci_dev *hdev, u8 status)
1677{
1678 struct hci_cp_accept_phy_link *cp;
1679
1680 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1681
1682 if (status)
1683 return;
1684
1685 cp = hci_sent_cmd_data(hdev, HCI_OP_ACCEPT_PHY_LINK);
1686 if (!cp)
1687 return;
1688
1689 amp_write_remote_assoc(hdev, cp->phy_handle);
1690}
1691
cb1d68f7
JH		 1692static void hci_cs_le_create_conn(struct hci_dev *hdev, u8 status)
1693{
1694 struct hci_cp_le_create_conn *cp;
1695 struct hci_conn *conn;
1696
1697 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1698
1699 /* All connection failure handling is taken care of by the
1700 * hci_le_conn_failed function which is triggered by the HCI
1701 * request completion callbacks used for connecting.
1702 */
1703 if (status)
1704 return;
1705
1706 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_CREATE_CONN);
1707 if (!cp)
1708 return;
1709
1710 hci_dev_lock(hdev);
1711
1712 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->peer_addr);
1713 if (!conn)
1714 goto unlock;
1715
1716 /* Store the initiator and responder address information which
1717 * is needed for SMP. These values will not change during the
1718 * lifetime of the connection.
1719 */
1720 conn->init_addr_type = cp->own_address_type;
1721 if (cp->own_address_type == ADDR_LE_DEV_RANDOM)
1722 bacpy(&conn->init_addr, &hdev->random_addr);
1723 else
1724 bacpy(&conn->init_addr, &hdev->bdaddr);
1725
1726 conn->resp_addr_type = cp->peer_addr_type;
1727 bacpy(&conn->resp_addr, &cp->peer_addr);
1728
9489eca4
JH		 1729 /* We don't want the connection attempt to stick around
1730 * indefinitely since LE doesn't have a page timeout concept
1731 * like BR/EDR. Set a timer for any connection that doesn't use
1732 * the white list for connecting.
1733 */
1734 if (cp->filter_policy == HCI_LE_USE_PEER_ADDR)
1735 queue_delayed_work(conn->hdev->workqueue,
1736 &conn->le_conn_timeout,
1737 HCI_LE_CONN_TIMEOUT);
1738
cb1d68f7
JH		 1739unlock:
1740 hci_dev_unlock(hdev);
1741}
1742
81d0c8ad
JH		 1743static void hci_cs_le_start_enc(struct hci_dev *hdev, u8 status)
1744{
1745 struct hci_cp_le_start_enc *cp;
1746 struct hci_conn *conn;
1747
1748 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1749
1750 if (!status)
1751 return;
1752
1753 hci_dev_lock(hdev);
1754
1755 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_START_ENC);
1756 if (!cp)
1757 goto unlock;
1758
1759 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1760 if (!conn)
1761 goto unlock;
1762
1763 if (conn->state != BT_CONNECTED)
1764 goto unlock;
1765
1766 hci_disconnect(conn, HCI_ERROR_AUTH_FAILURE);
1767 hci_conn_drop(conn);
1768
1769unlock:
1770 hci_dev_unlock(hdev);
1771}
1772
6039aa73 1773static void hci_inquiry_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4
LT		 1774{
1775 __u8 status = *((__u8 *) skb->data);
30dc78e1
JH		 1776 struct discovery_state *discov = &hdev->discovery;
1777 struct inquiry_entry *e;
1da177e4 1778
9f1db00c 1779 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1da177e4 1780
a9de9248 1781 hci_conn_check_pending(hdev);
89352e7d
AG		 1782
1783 if (!test_and_clear_bit(HCI_INQUIRY, &hdev->flags))
1784 return;
1785
3e13fa1e
AG		 1786 smp_mb__after_clear_bit(); /* wake_up_bit advises about this barrier */
1787 wake_up_bit(&hdev->flags, HCI_INQUIRY);
1788
a8b2d5c2 1789 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
30dc78e1
JH		 1790 return;
1791
56e5cb86 1792 hci_dev_lock(hdev);
30dc78e1 1793
343f935b 1794 if (discov->state != DISCOVERY_FINDING)
30dc78e1
JH		 1795 goto unlock;
1796
1797 if (list_empty(&discov->resolve)) {
1798 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1799 goto unlock;
1800 }
1801
1802 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_NEEDED);
1803 if (e && hci_resolve_name(hdev, e) == 0) {
1804 e->name_state = NAME_PENDING;
1805 hci_discovery_set_state(hdev, DISCOVERY_RESOLVING);
1806 } else {
1807 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1808 }
1809
1810unlock:
56e5cb86 1811 hci_dev_unlock(hdev);
1da177e4
LT		 1812}
1813
6039aa73 1814static void hci_inquiry_result_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 1815{
45bb4bf0 1816 struct inquiry_data data;
a9de9248 1817 struct inquiry_info *info = (void *) (skb->data + 1);
1da177e4
LT		 1818 int num_rsp = *((__u8 *) skb->data);
1819
1820 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
1821
45bb4bf0
MH		 1822 if (!num_rsp)
1823 return;
1824
1519cc17
AG		 1825 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags))
1826 return;
1827
1da177e4 1828 hci_dev_lock(hdev);
45bb4bf0 1829
e17acd40 1830 for (; num_rsp; num_rsp--, info++) {
388fc8fa 1831 bool name_known, ssp;
3175405b 1832
1da177e4
LT		 1833 bacpy(&data.bdaddr, &info->bdaddr);
1834 data.pscan_rep_mode = info->pscan_rep_mode;
1835 data.pscan_period_mode = info->pscan_period_mode;
1836 data.pscan_mode = info->pscan_mode;
1837 memcpy(data.dev_class, info->dev_class, 3);
1838 data.clock_offset = info->clock_offset;
1839 data.rssi = 0x00;
41a96212 1840 data.ssp_mode = 0x00;
3175405b 1841
388fc8fa 1842 name_known = hci_inquiry_cache_update(hdev, &data, false, &ssp);
48264f06 1843 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
04124681 1844 info->dev_class, 0, !name_known, ssp, NULL,
5d2e9fad 1845 0, NULL, 0);
1da177e4 1846 }
45bb4bf0 1847
1da177e4
LT		 1848 hci_dev_unlock(hdev);
1849}
1850
6039aa73 1851static void hci_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 1852{
a9de9248
MH		 1853 struct hci_ev_conn_complete *ev = (void *) skb->data;
1854 struct hci_conn *conn;
1da177e4
LT		 1855
1856 BT_DBG("%s", hdev->name);
1857
1858 hci_dev_lock(hdev);
1859
1860 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
9499237a
MH		 1861 if (!conn) {
1862 if (ev->link_type != SCO_LINK)
1863 goto unlock;
1864
1865 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
1866 if (!conn)
1867 goto unlock;
1868
1869 conn->type = SCO_LINK;
1870 }
1da177e4
LT		 1871
1872 if (!ev->status) {
1873 conn->handle = __le16_to_cpu(ev->handle);
769be974
MH		 1874
1875 if (conn->type == ACL_LINK) {
1876 conn->state = BT_CONFIG;
1877 hci_conn_hold(conn);
a9ea3ed9
SJ		 1878
1879 if (!conn->out && !hci_conn_ssp_enabled(conn) &&
1880 !hci_find_link_key(hdev, &ev->bdaddr))
1881 conn->disc_timeout = HCI_PAIRING_TIMEOUT;
1882 else
1883 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
769be974
MH		 1884 } else
1885 conn->state = BT_CONNECTED;
1da177e4 1886
7d0db0a3
MH		 1887 hci_conn_add_sysfs(conn);
1888
1da177e4
LT		 1889 if (test_bit(HCI_AUTH, &hdev->flags))
1890 conn->link_mode |= HCI_LM_AUTH;
1891
1892 if (test_bit(HCI_ENCRYPT, &hdev->flags))
1893 conn->link_mode |= HCI_LM_ENCRYPT;
1894
04837f64
MH		 1895 /* Get remote features */
1896 if (conn->type == ACL_LINK) {
1897 struct hci_cp_read_remote_features cp;
1898 cp.handle = ev->handle;
769be974 1899 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_FEATURES,
04124681 1900 sizeof(cp), &cp);
04837f64
MH		 1901 }
1902
1da177e4 1903 /* Set packet type for incoming connection */
d095c1eb 1904 if (!conn->out && hdev->hci_ver < BLUETOOTH_VER_2_0) {
1da177e4
LT		 1905 struct hci_cp_change_conn_ptype cp;
1906 cp.handle = ev->handle;
a8746417 1907 cp.pkt_type = cpu_to_le16(conn->pkt_type);
04124681
GP		 1908 hci_send_cmd(hdev, HCI_OP_CHANGE_CONN_PTYPE, sizeof(cp),
1909 &cp);
1da177e4 1910 }
17d5c04c 1911 } else {
1da177e4 1912 conn->state = BT_CLOSED;
17d5c04c 1913 if (conn->type == ACL_LINK)
64c7b77c 1914 mgmt_connect_failed(hdev, &conn->dst, conn->type,
04124681 1915 conn->dst_type, ev->status);
17d5c04c 1916 }
1da177e4 1917
e73439d8
MH		 1918 if (conn->type == ACL_LINK)
1919 hci_sco_setup(conn, ev->status);
1da177e4 1920
769be974
MH		 1921 if (ev->status) {
1922 hci_proto_connect_cfm(conn, ev->status);
1da177e4 1923 hci_conn_del(conn);
c89b6e6b
MH		 1924 } else if (ev->link_type != ACL_LINK)
1925 hci_proto_connect_cfm(conn, ev->status);
1da177e4 1926
a9de9248 1927unlock:
1da177e4 1928 hci_dev_unlock(hdev);
1da177e4 1929
a9de9248 1930 hci_conn_check_pending(hdev);
1da177e4
LT		 1931}
1932
6039aa73 1933static void hci_conn_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 1934{
a9de9248
MH		 1935 struct hci_ev_conn_request *ev = (void *) skb->data;
1936 int mask = hdev->link_mode;
20714bfe 1937 __u8 flags = 0;
1da177e4 1938
6ed93dc6 1939 BT_DBG("%s bdaddr %pMR type 0x%x", hdev->name, &ev->bdaddr,
807deac2 1940 ev->link_type);
1da177e4 1941
20714bfe
FD		 1942 mask |= hci_proto_connect_ind(hdev, &ev->bdaddr, ev->link_type,
1943 &flags);
1da177e4 1944
138d22ef 1945 if ((mask & HCI_LM_ACCEPT) &&
b9ee0a78 1946 !hci_blacklist_lookup(hdev, &ev->bdaddr, BDADDR_BREDR)) {
a9de9248 1947 /* Connection accepted */
c7bdd502 1948 struct inquiry_entry *ie;
1da177e4 1949 struct hci_conn *conn;
1da177e4 1950
a9de9248 1951 hci_dev_lock(hdev);
b6a0dc82 1952
cc11b9c1
AE		 1953 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
1954 if (ie)
c7bdd502
MH		 1955 memcpy(ie->data.dev_class, ev->dev_class, 3);
1956
8fc9ced3
GP		 1957 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type,
1958 &ev->bdaddr);
a9de9248 1959 if (!conn) {
cc11b9c1
AE		 1960 conn = hci_conn_add(hdev, ev->link_type, &ev->bdaddr);
1961 if (!conn) {
893ef971 1962 BT_ERR("No memory for new connection");
a9de9248
MH		 1963 hci_dev_unlock(hdev);
1964 return;
1da177e4
LT		 1965 }
1966 }
b6a0dc82 1967
a9de9248 1968 memcpy(conn->dev_class, ev->dev_class, 3);
b6a0dc82 1969
a9de9248 1970 hci_dev_unlock(hdev);
1da177e4 1971
20714bfe
FD		 1972 if (ev->link_type == ACL_LINK ||
1973 (!(flags & HCI_PROTO_DEFER) && !lmp_esco_capable(hdev))) {
b6a0dc82 1974 struct hci_cp_accept_conn_req cp;
20714bfe 1975 conn->state = BT_CONNECT;
1da177e4 1976
b6a0dc82
MH		 1977 bacpy(&cp.bdaddr, &ev->bdaddr);
1978
1979 if (lmp_rswitch_capable(hdev) && (mask & HCI_LM_MASTER))
1980 cp.role = 0x00; /* Become master */
1981 else
1982 cp.role = 0x01; /* Remain slave */
1983
04124681
GP		 1984 hci_send_cmd(hdev, HCI_OP_ACCEPT_CONN_REQ, sizeof(cp),
1985 &cp);
20714bfe 1986 } else if (!(flags & HCI_PROTO_DEFER)) {
b6a0dc82 1987 struct hci_cp_accept_sync_conn_req cp;
20714bfe 1988 conn->state = BT_CONNECT;
b6a0dc82
MH		 1989
1990 bacpy(&cp.bdaddr, &ev->bdaddr);
a8746417 1991 cp.pkt_type = cpu_to_le16(conn->pkt_type);
b6a0dc82 1992
dcf4adbf
JP		 1993 cp.tx_bandwidth = cpu_to_le32(0x00001f40);
1994 cp.rx_bandwidth = cpu_to_le32(0x00001f40);
1995 cp.max_latency = cpu_to_le16(0xffff);
b6a0dc82
MH		 1996 cp.content_format = cpu_to_le16(hdev->voice_setting);
1997 cp.retrans_effort = 0xff;
1da177e4 1998
b6a0dc82 1999 hci_send_cmd(hdev, HCI_OP_ACCEPT_SYNC_CONN_REQ,
04124681 2000 sizeof(cp), &cp);
20714bfe
FD		 2001 } else {
2002 conn->state = BT_CONNECT2;
2003 hci_proto_connect_cfm(conn, 0);
b6a0dc82 2004 }
a9de9248
MH		 2005 } else {
2006 /* Connection rejected */
2007 struct hci_cp_reject_conn_req cp;
1da177e4 2008
a9de9248 2009 bacpy(&cp.bdaddr, &ev->bdaddr);
9f5a0d7b 2010 cp.reason = HCI_ERROR_REJ_BAD_ADDR;
a9de9248 2011 hci_send_cmd(hdev, HCI_OP_REJECT_CONN_REQ, sizeof(cp), &cp);
1da177e4 2012 }
1da177e4
LT		 2013}
2014
f0d6a0ea
MA		 2015static u8 hci_to_mgmt_reason(u8 err)
2016{
2017 switch (err) {
2018 case HCI_ERROR_CONNECTION_TIMEOUT:
2019 return MGMT_DEV_DISCONN_TIMEOUT;
2020 case HCI_ERROR_REMOTE_USER_TERM:
2021 case HCI_ERROR_REMOTE_LOW_RESOURCES:
2022 case HCI_ERROR_REMOTE_POWER_OFF:
2023 return MGMT_DEV_DISCONN_REMOTE;
2024 case HCI_ERROR_LOCAL_HOST_TERM:
2025 return MGMT_DEV_DISCONN_LOCAL_HOST;
2026 default:
2027 return MGMT_DEV_DISCONN_UNKNOWN;
2028 }
2029}
2030
6039aa73 2031static void hci_disconn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
04837f64 2032{
a9de9248 2033 struct hci_ev_disconn_complete *ev = (void *) skb->data;
abf54a50 2034 u8 reason = hci_to_mgmt_reason(ev->reason);
9fcb18ef 2035 struct hci_conn_params *params;
04837f64 2036 struct hci_conn *conn;
12d4a3b2 2037 bool mgmt_connected;
3846220b 2038 u8 type;
04837f64 2039
9f1db00c 2040 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
04837f64
MH		 2041
2042 hci_dev_lock(hdev);
2043
2044 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
f7520543
JH		 2045 if (!conn)
2046 goto unlock;
7d0db0a3 2047
abf54a50
AG		 2048 if (ev->status) {
2049 mgmt_disconnect_failed(hdev, &conn->dst, conn->type,
2050 conn->dst_type, ev->status);
2051 goto unlock;
37d9ef76 2052 }
f7520543 2053
3846220b
AG		 2054 conn->state = BT_CLOSED;
2055
12d4a3b2
JH		 2056 mgmt_connected = test_and_clear_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags);
2057 mgmt_device_disconnected(hdev, &conn->dst, conn->type, conn->dst_type,
2058 reason, mgmt_connected);
abf54a50 2059
3846220b
AG		 2060 if (conn->type == ACL_LINK && conn->flush_key)
2061 hci_remove_link_key(hdev, &conn->dst);
2210246c 2062
9fcb18ef
AG		 2063 params = hci_conn_params_lookup(hdev, &conn->dst, conn->dst_type);
2064 if (params) {
2065 switch (params->auto_connect) {
2066 case HCI_AUTO_CONN_LINK_LOSS:
2067 if (ev->reason != HCI_ERROR_CONNECTION_TIMEOUT)
2068 break;
2069 /* Fall through */
2070
2071 case HCI_AUTO_CONN_ALWAYS:
2072 hci_pend_le_conn_add(hdev, &conn->dst, conn->dst_type);
2073 break;
2074
2075 default:
2076 break;
2077 }
2078 }
2079
3846220b 2080 type = conn->type;
2210246c 2081
3846220b
AG		 2082 hci_proto_disconn_cfm(conn, ev->reason);
2083 hci_conn_del(conn);
2084
2085 /* Re-enable advertising if necessary, since it might
2086 * have been disabled by the connection. From the
2087 * HCI_LE_Set_Advertise_Enable command description in
2088 * the core specification (v4.0):
2089 * "The Controller shall continue advertising until the Host
2090 * issues an LE_Set_Advertise_Enable command with
2091 * Advertising_Enable set to 0x00 (Advertising is disabled)
2092 * or until a connection is created or until the Advertising
2093 * is timed out due to Directed Advertising."
2094 */
2095 if (type == LE_LINK)
2096 mgmt_reenable_advertising(hdev);
f7520543
JH		 2097
2098unlock:
04837f64
MH		 2099 hci_dev_unlock(hdev);
2100}
2101
6039aa73 2102static void hci_auth_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 2103{
a9de9248 2104 struct hci_ev_auth_complete *ev = (void *) skb->data;
04837f64 2105 struct hci_conn *conn;
1da177e4 2106
9f1db00c 2107 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
1da177e4
LT		 2108
2109 hci_dev_lock(hdev);
2110
04837f64 2111 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
d7556e20
WR		 2112 if (!conn)
2113 goto unlock;
2114
2115 if (!ev->status) {
aa64a8b5 2116 if (!hci_conn_ssp_enabled(conn) &&
807deac2 2117 test_bit(HCI_CONN_REAUTH_PEND, &conn->flags)) {
d7556e20 2118 BT_INFO("re-auth of legacy device is not possible.");
2a611692 2119 } else {
d7556e20
WR		 2120 conn->link_mode |= HCI_LM_AUTH;
2121 conn->sec_level = conn->pending_sec_level;
2a611692 2122 }
d7556e20 2123 } else {
bab73cb6 2124 mgmt_auth_failed(hdev, &conn->dst, conn->type, conn->dst_type,
04124681 2125 ev->status);
d7556e20 2126 }
1da177e4 2127
51a8efd7
JH		 2128 clear_bit(HCI_CONN_AUTH_PEND, &conn->flags);
2129 clear_bit(HCI_CONN_REAUTH_PEND, &conn->flags);
1da177e4 2130
d7556e20 2131 if (conn->state == BT_CONFIG) {
aa64a8b5 2132 if (!ev->status && hci_conn_ssp_enabled(conn)) {
d7556e20
WR		 2133 struct hci_cp_set_conn_encrypt cp;
2134 cp.handle = ev->handle;
2135 cp.encrypt = 0x01;
2136 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
807deac2 2137 &cp);
052b30b0 2138 } else {
d7556e20
WR		 2139 conn->state = BT_CONNECTED;
2140 hci_proto_connect_cfm(conn, ev->status);
76a68ba0 2141 hci_conn_drop(conn);
052b30b0 2142 }
d7556e20
WR		 2143 } else {
2144 hci_auth_cfm(conn, ev->status);
052b30b0 2145
d7556e20
WR		 2146 hci_conn_hold(conn);
2147 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
76a68ba0 2148 hci_conn_drop(conn);
d7556e20
WR		 2149 }
2150
51a8efd7 2151 if (test_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags)) {
d7556e20
WR		 2152 if (!ev->status) {
2153 struct hci_cp_set_conn_encrypt cp;
2154 cp.handle = ev->handle;
2155 cp.encrypt = 0x01;
2156 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
807deac2 2157 &cp);
d7556e20 2158 } else {
51a8efd7 2159 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
d7556e20 2160 hci_encrypt_cfm(conn, ev->status, 0x00);
1da177e4
LT		 2161 }
2162 }
2163
d7556e20 2164unlock:
1da177e4
LT		 2165 hci_dev_unlock(hdev);
2166}
2167
6039aa73 2168static void hci_remote_name_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 2169{
127178d2
JH		 2170 struct hci_ev_remote_name *ev = (void *) skb->data;
2171 struct hci_conn *conn;
2172
a9de9248 2173 BT_DBG("%s", hdev->name);
1da177e4 2174
a9de9248 2175 hci_conn_check_pending(hdev);
127178d2
JH		 2176
2177 hci_dev_lock(hdev);
2178
b644ba33 2179 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
30dc78e1 2180
b644ba33
JH		 2181 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
2182 goto check_auth;
a88a9652 2183
b644ba33
JH		 2184 if (ev->status == 0)
2185 hci_check_pending_name(hdev, conn, &ev->bdaddr, ev->name,
04124681 2186 strnlen(ev->name, HCI_MAX_NAME_LENGTH));
b644ba33
JH		 2187 else
2188 hci_check_pending_name(hdev, conn, &ev->bdaddr, NULL, 0);
2189
2190check_auth:
79c6c70c
JH		 2191 if (!conn)
2192 goto unlock;
2193
2194 if (!hci_outgoing_auth_needed(hdev, conn))
2195 goto unlock;
2196
51a8efd7 2197 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
127178d2
JH		 2198 struct hci_cp_auth_requested cp;
2199 cp.handle = __cpu_to_le16(conn->handle);
2200 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp);
2201 }
2202
79c6c70c 2203unlock:
127178d2 2204 hci_dev_unlock(hdev);
a9de9248
MH		 2205}
2206
6039aa73 2207static void hci_encrypt_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248
MH		 2208{
2209 struct hci_ev_encrypt_change *ev = (void *) skb->data;
2210 struct hci_conn *conn;
2211
9f1db00c 2212 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
1da177e4
LT		 2213
2214 hci_dev_lock(hdev);
2215
04837f64 2216 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
dc8357cc
MH		 2217 if (!conn)
2218 goto unlock;
1da177e4 2219
dc8357cc
MH		 2220 if (!ev->status) {
2221 if (ev->encrypt) {
2222 /* Encryption implies authentication */
2223 conn->link_mode |= HCI_LM_AUTH;
2224 conn->link_mode |= HCI_LM_ENCRYPT;
2225 conn->sec_level = conn->pending_sec_level;
abf76bad 2226
914a6ffe
MH		 2227 /* P-256 authentication key implies FIPS */
2228 if (conn->key_type == HCI_LK_AUTH_COMBINATION_P256)
2229 conn->link_mode |= HCI_LM_FIPS;
2230
abf76bad
MH		 2231 if ((conn->type == ACL_LINK && ev->encrypt == 0x02) ||
2232 conn->type == LE_LINK)
2233 set_bit(HCI_CONN_AES_CCM, &conn->flags);
2234 } else {
dc8357cc 2235 conn->link_mode &= ~HCI_LM_ENCRYPT;
abf76bad
MH		 2236 clear_bit(HCI_CONN_AES_CCM, &conn->flags);
2237 }
dc8357cc 2238 }
a7d7723a 2239
dc8357cc 2240 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
f8558555 2241
dc8357cc
MH		 2242 if (ev->status && conn->state == BT_CONNECTED) {
2243 hci_disconnect(conn, HCI_ERROR_AUTH_FAILURE);
2244 hci_conn_drop(conn);
2245 goto unlock;
1da177e4
LT		 2246 }
2247
dc8357cc
MH		 2248 if (conn->state == BT_CONFIG) {
2249 if (!ev->status)
2250 conn->state = BT_CONNECTED;
2251
40b552aa
MH		 2252 /* In Secure Connections Only mode, do not allow any
2253 * connections that are not encrypted with AES-CCM
2254 * using a P-256 authenticated combination key.
2255 */
2256 if (test_bit(HCI_SC_ONLY, &hdev->dev_flags) &&
2257 (!test_bit(HCI_CONN_AES_CCM, &conn->flags) ||
2258 conn->key_type != HCI_LK_AUTH_COMBINATION_P256)) {
2259 hci_proto_connect_cfm(conn, HCI_ERROR_AUTH_FAILURE);
2260 hci_conn_drop(conn);
2261 goto unlock;
2262 }
2263
dc8357cc
MH		 2264 hci_proto_connect_cfm(conn, ev->status);
2265 hci_conn_drop(conn);
2266 } else
2267 hci_encrypt_cfm(conn, ev->status, ev->encrypt);
2268
a7d7723a 2269unlock:
1da177e4
LT		 2270 hci_dev_unlock(hdev);
2271}
2272
6039aa73
GP		 2273static void hci_change_link_key_complete_evt(struct hci_dev *hdev,
2274 struct sk_buff *skb)
1da177e4 2275{
a9de9248 2276 struct hci_ev_change_link_key_complete *ev = (void *) skb->data;
04837f64 2277 struct hci_conn *conn;
1da177e4 2278
9f1db00c 2279 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
1da177e4
LT		 2280
2281 hci_dev_lock(hdev);
2282
04837f64 2283 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1da177e4
LT		 2284 if (conn) {
2285 if (!ev->status)
2286 conn->link_mode |= HCI_LM_SECURE;
2287
51a8efd7 2288 clear_bit(HCI_CONN_AUTH_PEND, &conn->flags);
1da177e4
LT		 2289
2290 hci_key_change_cfm(conn, ev->status);
2291 }
2292
2293 hci_dev_unlock(hdev);
2294}
2295
6039aa73
GP		 2296static void hci_remote_features_evt(struct hci_dev *hdev,
2297 struct sk_buff *skb)
1da177e4 2298{
a9de9248
MH		 2299 struct hci_ev_remote_features *ev = (void *) skb->data;
2300 struct hci_conn *conn;
2301
9f1db00c 2302 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
a9de9248 2303
a9de9248
MH		 2304 hci_dev_lock(hdev);
2305
2306 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
ccd556fe
JH		 2307 if (!conn)
2308 goto unlock;
769be974 2309
ccd556fe 2310 if (!ev->status)
cad718ed 2311 memcpy(conn->features[0], ev->features, 8);
ccd556fe
JH		 2312
2313 if (conn->state != BT_CONFIG)
2314 goto unlock;
2315
2316 if (!ev->status && lmp_ssp_capable(hdev) && lmp_ssp_capable(conn)) {
2317 struct hci_cp_read_remote_ext_features cp;
2318 cp.handle = ev->handle;
2319 cp.page = 0x01;
2320 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES,
807deac2 2321 sizeof(cp), &cp);
392599b9
JH		 2322 goto unlock;
2323 }
2324
671267bf 2325 if (!ev->status && !test_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags)) {
127178d2
JH		 2326 struct hci_cp_remote_name_req cp;
2327 memset(&cp, 0, sizeof(cp));
2328 bacpy(&cp.bdaddr, &conn->dst);
2329 cp.pscan_rep_mode = 0x02;
2330 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
b644ba33
JH		 2331 } else if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
2332 mgmt_device_connected(hdev, &conn->dst, conn->type,
04124681
GP		 2333 conn->dst_type, 0, NULL, 0,
2334 conn->dev_class);
392599b9 2335
127178d2 2336 if (!hci_outgoing_auth_needed(hdev, conn)) {
ccd556fe
JH		 2337 conn->state = BT_CONNECTED;
2338 hci_proto_connect_cfm(conn, ev->status);
76a68ba0 2339 hci_conn_drop(conn);
769be974 2340 }
a9de9248 2341
ccd556fe 2342unlock:
a9de9248 2343 hci_dev_unlock(hdev);
1da177e4
LT		 2344}
2345
6039aa73 2346static void hci_cmd_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248
MH		 2347{
2348 struct hci_ev_cmd_complete *ev = (void *) skb->data;
9238f36a 2349 u8 status = skb->data[sizeof(*ev)];
a9de9248
MH		 2350 __u16 opcode;
2351
2352 skb_pull(skb, sizeof(*ev));
2353
2354 opcode = __le16_to_cpu(ev->opcode);
2355
2356 switch (opcode) {
2357 case HCI_OP_INQUIRY_CANCEL:
2358 hci_cc_inquiry_cancel(hdev, skb);
2359 break;
2360
4d93483b
AG		 2361 case HCI_OP_PERIODIC_INQ:
2362 hci_cc_periodic_inq(hdev, skb);
2363 break;
2364
a9de9248
MH		 2365 case HCI_OP_EXIT_PERIODIC_INQ:
2366 hci_cc_exit_periodic_inq(hdev, skb);
2367 break;
2368
2369 case HCI_OP_REMOTE_NAME_REQ_CANCEL:
2370 hci_cc_remote_name_req_cancel(hdev, skb);
2371 break;
2372
2373 case HCI_OP_ROLE_DISCOVERY:
2374 hci_cc_role_discovery(hdev, skb);
2375 break;
2376
e4e8e37c
MH		 2377 case HCI_OP_READ_LINK_POLICY:
2378 hci_cc_read_link_policy(hdev, skb);
2379 break;
2380
a9de9248
MH		 2381 case HCI_OP_WRITE_LINK_POLICY:
2382 hci_cc_write_link_policy(hdev, skb);
2383 break;
2384
e4e8e37c
MH		 2385 case HCI_OP_READ_DEF_LINK_POLICY:
2386 hci_cc_read_def_link_policy(hdev, skb);
2387 break;
2388
2389 case HCI_OP_WRITE_DEF_LINK_POLICY:
2390 hci_cc_write_def_link_policy(hdev, skb);
2391 break;
2392
a9de9248
MH		 2393 case HCI_OP_RESET:
2394 hci_cc_reset(hdev, skb);
2395 break;
2396
2397 case HCI_OP_WRITE_LOCAL_NAME:
2398 hci_cc_write_local_name(hdev, skb);
2399 break;
2400
2401 case HCI_OP_READ_LOCAL_NAME:
2402 hci_cc_read_local_name(hdev, skb);
2403 break;
2404
2405 case HCI_OP_WRITE_AUTH_ENABLE:
2406 hci_cc_write_auth_enable(hdev, skb);
2407 break;
2408
2409 case HCI_OP_WRITE_ENCRYPT_MODE:
2410 hci_cc_write_encrypt_mode(hdev, skb);
2411 break;
2412
2413 case HCI_OP_WRITE_SCAN_ENABLE:
2414 hci_cc_write_scan_enable(hdev, skb);
2415 break;
2416
2417 case HCI_OP_READ_CLASS_OF_DEV:
2418 hci_cc_read_class_of_dev(hdev, skb);
2419 break;
2420
2421 case HCI_OP_WRITE_CLASS_OF_DEV:
2422 hci_cc_write_class_of_dev(hdev, skb);
2423 break;
2424
2425 case HCI_OP_READ_VOICE_SETTING:
2426 hci_cc_read_voice_setting(hdev, skb);
2427 break;
2428
2429 case HCI_OP_WRITE_VOICE_SETTING:
2430 hci_cc_write_voice_setting(hdev, skb);
2431 break;
2432
b4cb9fb2
MH		 2433 case HCI_OP_READ_NUM_SUPPORTED_IAC:
2434 hci_cc_read_num_supported_iac(hdev, skb);
2435 break;
2436
333140b5
MH		 2437 case HCI_OP_WRITE_SSP_MODE:
2438 hci_cc_write_ssp_mode(hdev, skb);
2439 break;
2440
eac83dc6
MH		 2441 case HCI_OP_WRITE_SC_SUPPORT:
2442 hci_cc_write_sc_support(hdev, skb);
2443 break;
2444
a9de9248
MH		 2445 case HCI_OP_READ_LOCAL_VERSION:
2446 hci_cc_read_local_version(hdev, skb);
2447 break;
2448
2449 case HCI_OP_READ_LOCAL_COMMANDS:
2450 hci_cc_read_local_commands(hdev, skb);
2451 break;
2452
2453 case HCI_OP_READ_LOCAL_FEATURES:
2454 hci_cc_read_local_features(hdev, skb);
2455 break;
2456
971e3a4b
AG		 2457 case HCI_OP_READ_LOCAL_EXT_FEATURES:
2458 hci_cc_read_local_ext_features(hdev, skb);
2459 break;
2460
a9de9248
MH		 2461 case HCI_OP_READ_BUFFER_SIZE:
2462 hci_cc_read_buffer_size(hdev, skb);
2463 break;
2464
2465 case HCI_OP_READ_BD_ADDR:
2466 hci_cc_read_bd_addr(hdev, skb);
2467 break;
2468
f332ec66
JH		 2469 case HCI_OP_READ_PAGE_SCAN_ACTIVITY:
2470 hci_cc_read_page_scan_activity(hdev, skb);
2471 break;
2472
4a3ee763
JH		 2473 case HCI_OP_WRITE_PAGE_SCAN_ACTIVITY:
2474 hci_cc_write_page_scan_activity(hdev, skb);
2475 break;
2476
f332ec66
JH		 2477 case HCI_OP_READ_PAGE_SCAN_TYPE:
2478 hci_cc_read_page_scan_type(hdev, skb);
2479 break;
2480
4a3ee763
JH		 2481 case HCI_OP_WRITE_PAGE_SCAN_TYPE:
2482 hci_cc_write_page_scan_type(hdev, skb);
2483 break;
2484
350ee4cf
AE		 2485 case HCI_OP_READ_DATA_BLOCK_SIZE:
2486 hci_cc_read_data_block_size(hdev, skb);
2487 break;
2488
1e89cffb
AE		 2489 case HCI_OP_READ_FLOW_CONTROL_MODE:
2490 hci_cc_read_flow_control_mode(hdev, skb);
2491 break;
2492
928abaa7
AE		 2493 case HCI_OP_READ_LOCAL_AMP_INFO:
2494 hci_cc_read_local_amp_info(hdev, skb);
2495 break;
2496
903e4541
AE		 2497 case HCI_OP_READ_LOCAL_AMP_ASSOC:
2498 hci_cc_read_local_amp_assoc(hdev, skb);
2499 break;
2500
d5859e22
JH		 2501 case HCI_OP_READ_INQ_RSP_TX_POWER:
2502 hci_cc_read_inq_rsp_tx_power(hdev, skb);
2503 break;
2504
980e1a53
JH		 2505 case HCI_OP_PIN_CODE_REPLY:
2506 hci_cc_pin_code_reply(hdev, skb);
2507 break;
2508
2509 case HCI_OP_PIN_CODE_NEG_REPLY:
2510 hci_cc_pin_code_neg_reply(hdev, skb);
2511 break;
2512
c35938b2 2513 case HCI_OP_READ_LOCAL_OOB_DATA:
4d2d2796
MH		 2514 hci_cc_read_local_oob_data(hdev, skb);
2515 break;
2516
2517 case HCI_OP_READ_LOCAL_OOB_EXT_DATA:
2518 hci_cc_read_local_oob_ext_data(hdev, skb);
c35938b2
SJ		 2519 break;
2520
6ed58ec5
VT		 2521 case HCI_OP_LE_READ_BUFFER_SIZE:
2522 hci_cc_le_read_buffer_size(hdev, skb);
2523 break;
2524
60e77321
JH		 2525 case HCI_OP_LE_READ_LOCAL_FEATURES:
2526 hci_cc_le_read_local_features(hdev, skb);
2527 break;
2528
8fa19098
JH		 2529 case HCI_OP_LE_READ_ADV_TX_POWER:
2530 hci_cc_le_read_adv_tx_power(hdev, skb);
2531 break;
2532
a5c29683
JH		 2533 case HCI_OP_USER_CONFIRM_REPLY:
2534 hci_cc_user_confirm_reply(hdev, skb);
2535 break;
2536
2537 case HCI_OP_USER_CONFIRM_NEG_REPLY:
2538 hci_cc_user_confirm_neg_reply(hdev, skb);
2539 break;
2540
1143d458
BG		 2541 case HCI_OP_USER_PASSKEY_REPLY:
2542 hci_cc_user_passkey_reply(hdev, skb);
2543 break;
2544
2545 case HCI_OP_USER_PASSKEY_NEG_REPLY:
2546 hci_cc_user_passkey_neg_reply(hdev, skb);
16cde993 2547 break;
07f7fa5d 2548
7a4cd51d
MH		 2549 case HCI_OP_LE_SET_RANDOM_ADDR:
2550 hci_cc_le_set_random_addr(hdev, skb);
2551 break;
2552
c1d5dc4a
JH		 2553 case HCI_OP_LE_SET_ADV_ENABLE:
2554 hci_cc_le_set_adv_enable(hdev, skb);
2555 break;
2556
533553f8
MH		 2557 case HCI_OP_LE_SET_SCAN_PARAM:
2558 hci_cc_le_set_scan_param(hdev, skb);
2559 break;
2560
eb9d91f5
AG		 2561 case HCI_OP_LE_SET_SCAN_ENABLE:
2562 hci_cc_le_set_scan_enable(hdev, skb);
2563 break;
2564
cf1d081f
JH		 2565 case HCI_OP_LE_READ_WHITE_LIST_SIZE:
2566 hci_cc_le_read_white_list_size(hdev, skb);
2567 break;
2568
0f36b589
MH		 2569 case HCI_OP_LE_CLEAR_WHITE_LIST:
2570 hci_cc_le_clear_white_list(hdev, skb);
2571 break;
2572
2573 case HCI_OP_LE_ADD_TO_WHITE_LIST:
2574 hci_cc_le_add_to_white_list(hdev, skb);
2575 break;
2576
2577 case HCI_OP_LE_DEL_FROM_WHITE_LIST:
2578 hci_cc_le_del_from_white_list(hdev, skb);
2579 break;
2580
9b008c04
JH		 2581 case HCI_OP_LE_READ_SUPPORTED_STATES:
2582 hci_cc_le_read_supported_states(hdev, skb);
2583 break;
2584
f9b49306
AG		 2585 case HCI_OP_WRITE_LE_HOST_SUPPORTED:
2586 hci_cc_write_le_host_supported(hdev, skb);
2587 break;
2588
56ed2cb8
JH		 2589 case HCI_OP_LE_SET_ADV_PARAM:
2590 hci_cc_set_adv_param(hdev, skb);
2591 break;
2592
93c284ee
AE		 2593 case HCI_OP_WRITE_REMOTE_AMP_ASSOC:
2594 hci_cc_write_remote_amp_assoc(hdev, skb);
2595 break;
2596
a9de9248 2597 default:
9f1db00c 2598 BT_DBG("%s opcode 0x%4.4x", hdev->name, opcode);
a9de9248
MH		 2599 break;
2600 }
2601
ad82cdd1 2602 if (opcode != HCI_OP_NOP)
6bd32326
VT		 2603 del_timer(&hdev->cmd_timer);
2604
ad82cdd1 2605 hci_req_cmd_complete(hdev, opcode, status);
9238f36a 2606
dbccd791 2607 if (ev->ncmd && !test_bit(HCI_RESET, &hdev->flags)) {
a9de9248
MH		 2608 atomic_set(&hdev->cmd_cnt, 1);
2609 if (!skb_queue_empty(&hdev->cmd_q))
c347b765 2610 queue_work(hdev->workqueue, &hdev->cmd_work);
a9de9248
MH		 2611 }
2612}
2613
6039aa73 2614static void hci_cmd_status_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248
MH		 2615{
2616 struct hci_ev_cmd_status *ev = (void *) skb->data;
2617 __u16 opcode;
2618
2619 skb_pull(skb, sizeof(*ev));
2620
2621 opcode = __le16_to_cpu(ev->opcode);
2622
2623 switch (opcode) {
2624 case HCI_OP_INQUIRY:
2625 hci_cs_inquiry(hdev, ev->status);
2626 break;
2627
2628 case HCI_OP_CREATE_CONN:
2629 hci_cs_create_conn(hdev, ev->status);
2630 break;
2631
2632 case HCI_OP_ADD_SCO:
2633 hci_cs_add_sco(hdev, ev->status);
2634 break;
2635
f8558555
MH		 2636 case HCI_OP_AUTH_REQUESTED:
2637 hci_cs_auth_requested(hdev, ev->status);
2638 break;
2639
2640 case HCI_OP_SET_CONN_ENCRYPT:
2641 hci_cs_set_conn_encrypt(hdev, ev->status);
2642 break;
2643
a9de9248
MH		 2644 case HCI_OP_REMOTE_NAME_REQ:
2645 hci_cs_remote_name_req(hdev, ev->status);
2646 break;
2647
769be974
MH		 2648 case HCI_OP_READ_REMOTE_FEATURES:
2649 hci_cs_read_remote_features(hdev, ev->status);
2650 break;
2651
2652 case HCI_OP_READ_REMOTE_EXT_FEATURES:
2653 hci_cs_read_remote_ext_features(hdev, ev->status);
2654 break;
2655
a9de9248
MH		 2656 case HCI_OP_SETUP_SYNC_CONN:
2657 hci_cs_setup_sync_conn(hdev, ev->status);
2658 break;
2659
2660 case HCI_OP_SNIFF_MODE:
2661 hci_cs_sniff_mode(hdev, ev->status);
2662 break;
2663
2664 case HCI_OP_EXIT_SNIFF_MODE:
2665 hci_cs_exit_sniff_mode(hdev, ev->status);
2666 break;
2667
8962ee74 2668 case HCI_OP_DISCONNECT:
88c3df13 2669 hci_cs_disconnect(hdev, ev->status);
8962ee74
JH		 2670 break;
2671
a02226d6
AE		 2672 case HCI_OP_CREATE_PHY_LINK:
2673 hci_cs_create_phylink(hdev, ev->status);
2674 break;
2675
0b26ab9d
AE		 2676 case HCI_OP_ACCEPT_PHY_LINK:
2677 hci_cs_accept_phylink(hdev, ev->status);
2678 break;
2679
cb1d68f7
JH		 2680 case HCI_OP_LE_CREATE_CONN:
2681 hci_cs_le_create_conn(hdev, ev->status);
2682 break;
2683
81d0c8ad
JH		 2684 case HCI_OP_LE_START_ENC:
2685 hci_cs_le_start_enc(hdev, ev->status);
2686 break;
2687
a9de9248 2688 default:
9f1db00c 2689 BT_DBG("%s opcode 0x%4.4x", hdev->name, opcode);
a9de9248
MH		 2690 break;
2691 }
2692
ad82cdd1 2693 if (opcode != HCI_OP_NOP)
6bd32326
VT		 2694 del_timer(&hdev->cmd_timer);
2695
02350a72
JH		 2696 if (ev->status ||
2697 (hdev->sent_cmd && !bt_cb(hdev->sent_cmd)->req.event))
2698 hci_req_cmd_complete(hdev, opcode, ev->status);
9238f36a 2699
10572132 2700 if (ev->ncmd && !test_bit(HCI_RESET, &hdev->flags)) {
a9de9248
MH		 2701 atomic_set(&hdev->cmd_cnt, 1);
2702 if (!skb_queue_empty(&hdev->cmd_q))
c347b765 2703 queue_work(hdev->workqueue, &hdev->cmd_work);
a9de9248
MH		 2704 }
2705}
2706
6039aa73 2707static void hci_role_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248
MH		 2708{
2709 struct hci_ev_role_change *ev = (void *) skb->data;
2710 struct hci_conn *conn;
2711
9f1db00c 2712 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
a9de9248
MH		 2713
2714 hci_dev_lock(hdev);
2715
2716 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2717 if (conn) {
2718 if (!ev->status) {
2719 if (ev->role)
2720 conn->link_mode &= ~HCI_LM_MASTER;
2721 else
2722 conn->link_mode |= HCI_LM_MASTER;
2723 }
2724
51a8efd7 2725 clear_bit(HCI_CONN_RSWITCH_PEND, &conn->flags);
a9de9248
MH		 2726
2727 hci_role_switch_cfm(conn, ev->status, ev->role);
2728 }
2729
2730 hci_dev_unlock(hdev);
2731}
2732
6039aa73 2733static void hci_num_comp_pkts_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248
MH		 2734{
2735 struct hci_ev_num_comp_pkts *ev = (void *) skb->data;
a9de9248
MH		 2736 int i;
2737
32ac5b9b
AE		 2738 if (hdev->flow_ctl_mode != HCI_FLOW_CTL_MODE_PACKET_BASED) {
2739 BT_ERR("Wrong event for mode %d", hdev->flow_ctl_mode);
2740 return;
2741 }
2742
c5993de8 2743 if (skb->len < sizeof(*ev) || skb->len < sizeof(*ev) +
807deac2 2744 ev->num_hndl * sizeof(struct hci_comp_pkts_info)) {
a9de9248
MH		 2745 BT_DBG("%s bad parameters", hdev->name);
2746 return;
2747 }
2748
c5993de8
AE		 2749 BT_DBG("%s num_hndl %d", hdev->name, ev->num_hndl);
2750
613a1c0c
AE		 2751 for (i = 0; i < ev->num_hndl; i++) {
2752 struct hci_comp_pkts_info *info = &ev->handles[i];
a9de9248
MH		 2753 struct hci_conn *conn;
2754 __u16 handle, count;
2755
613a1c0c
AE		 2756 handle = __le16_to_cpu(info->handle);
2757 count = __le16_to_cpu(info->count);
a9de9248
MH		 2758
2759 conn = hci_conn_hash_lookup_handle(hdev, handle);
f4280918
AE		 2760 if (!conn)
2761 continue;
2762
2763 conn->sent -= count;
2764
2765 switch (conn->type) {
2766 case ACL_LINK:
2767 hdev->acl_cnt += count;
2768 if (hdev->acl_cnt > hdev->acl_pkts)
2769 hdev->acl_cnt = hdev->acl_pkts;
2770 break;
2771
2772 case LE_LINK:
2773 if (hdev->le_pkts) {
2774 hdev->le_cnt += count;
2775 if (hdev->le_cnt > hdev->le_pkts)
2776 hdev->le_cnt = hdev->le_pkts;
2777 } else {
70f23020
AE		 2778 hdev->acl_cnt += count;
2779 if (hdev->acl_cnt > hdev->acl_pkts)
a9de9248 2780 hdev->acl_cnt = hdev->acl_pkts;
a9de9248 2781 }
f4280918
AE		 2782 break;
2783
2784 case SCO_LINK:
2785 hdev->sco_cnt += count;
2786 if (hdev->sco_cnt > hdev->sco_pkts)
2787 hdev->sco_cnt = hdev->sco_pkts;
2788 break;
2789
2790 default:
2791 BT_ERR("Unknown type %d conn %p", conn->type, conn);
2792 break;
a9de9248
MH		 2793 }
2794 }
2795
3eff45ea 2796 queue_work(hdev->workqueue, &hdev->tx_work);
a9de9248
MH		 2797}
2798
76ef7cf7
AE		 2799static struct hci_conn *__hci_conn_lookup_handle(struct hci_dev *hdev,
2800 __u16 handle)
2801{
2802 struct hci_chan *chan;
2803
2804 switch (hdev->dev_type) {
2805 case HCI_BREDR:
2806 return hci_conn_hash_lookup_handle(hdev, handle);
2807 case HCI_AMP:
2808 chan = hci_chan_lookup_handle(hdev, handle);
2809 if (chan)
2810 return chan->conn;
2811 break;
2812 default:
2813 BT_ERR("%s unknown dev_type %d", hdev->name, hdev->dev_type);
2814 break;
2815 }
2816
2817 return NULL;
2818}
2819
6039aa73 2820static void hci_num_comp_blocks_evt(struct hci_dev *hdev, struct sk_buff *skb)
25e89e99
AE		 2821{
2822 struct hci_ev_num_comp_blocks *ev = (void *) skb->data;
2823 int i;
2824
2825 if (hdev->flow_ctl_mode != HCI_FLOW_CTL_MODE_BLOCK_BASED) {
2826 BT_ERR("Wrong event for mode %d", hdev->flow_ctl_mode);
2827 return;
2828 }
2829
2830 if (skb->len < sizeof(*ev) || skb->len < sizeof(*ev) +
807deac2 2831 ev->num_hndl * sizeof(struct hci_comp_blocks_info)) {
25e89e99
AE		 2832 BT_DBG("%s bad parameters", hdev->name);
2833 return;
2834 }
2835
2836 BT_DBG("%s num_blocks %d num_hndl %d", hdev->name, ev->num_blocks,
807deac2 2837 ev->num_hndl);
25e89e99
AE		 2838
2839 for (i = 0; i < ev->num_hndl; i++) {
2840 struct hci_comp_blocks_info *info = &ev->handles[i];
76ef7cf7 2841 struct hci_conn *conn = NULL;
25e89e99
AE		 2842 __u16 handle, block_count;
2843
2844 handle = __le16_to_cpu(info->handle);
2845 block_count = __le16_to_cpu(info->blocks);
2846
76ef7cf7 2847 conn = __hci_conn_lookup_handle(hdev, handle);
25e89e99
AE		 2848 if (!conn)
2849 continue;
2850
2851 conn->sent -= block_count;
2852
2853 switch (conn->type) {
2854 case ACL_LINK:
bd1eb66b 2855 case AMP_LINK:
25e89e99
AE		 2856 hdev->block_cnt += block_count;
2857 if (hdev->block_cnt > hdev->num_blocks)
2858 hdev->block_cnt = hdev->num_blocks;
2859 break;
2860
2861 default:
2862 BT_ERR("Unknown type %d conn %p", conn->type, conn);
2863 break;
2864 }
2865 }
2866
2867 queue_work(hdev->workqueue, &hdev->tx_work);
2868}
2869
6039aa73 2870static void hci_mode_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
04837f64 2871{
a9de9248 2872 struct hci_ev_mode_change *ev = (void *) skb->data;
04837f64
MH		 2873 struct hci_conn *conn;
2874
9f1db00c 2875 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
04837f64
MH		 2876
2877 hci_dev_lock(hdev);
2878
2879 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
a9de9248
MH		 2880 if (conn) {
2881 conn->mode = ev->mode;
a9de9248 2882
8fc9ced3
GP		 2883 if (!test_and_clear_bit(HCI_CONN_MODE_CHANGE_PEND,
2884 &conn->flags)) {
a9de9248 2885 if (conn->mode == HCI_CM_ACTIVE)
58a681ef 2886 set_bit(HCI_CONN_POWER_SAVE, &conn->flags);
a9de9248 2887 else
58a681ef 2888 clear_bit(HCI_CONN_POWER_SAVE, &conn->flags);
a9de9248 2889 }
e73439d8 2890
51a8efd7 2891 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
e73439d8 2892 hci_sco_setup(conn, ev->status);
04837f64
MH		 2893 }
2894
2895 hci_dev_unlock(hdev);
2896}
2897
6039aa73 2898static void hci_pin_code_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248 2899{
052b30b0
MH		 2900 struct hci_ev_pin_code_req *ev = (void *) skb->data;
2901 struct hci_conn *conn;
2902
a9de9248 2903 BT_DBG("%s", hdev->name);
052b30b0
MH		 2904
2905 hci_dev_lock(hdev);
2906
2907 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
b6f98044
WR		 2908 if (!conn)
2909 goto unlock;
2910
2911 if (conn->state == BT_CONNECTED) {
052b30b0
MH		 2912 hci_conn_hold(conn);
2913 conn->disc_timeout = HCI_PAIRING_TIMEOUT;
76a68ba0 2914 hci_conn_drop(conn);
052b30b0
MH		 2915 }
2916
a8b2d5c2 2917 if (!test_bit(HCI_PAIRABLE, &hdev->dev_flags))
03b555e1 2918 hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
807deac2 2919 sizeof(ev->bdaddr), &ev->bdaddr);
a8b2d5c2 2920 else if (test_bit(HCI_MGMT, &hdev->dev_flags)) {
a770bb5a
WR		 2921 u8 secure;
2922
2923 if (conn->pending_sec_level == BT_SECURITY_HIGH)
2924 secure = 1;
2925 else
2926 secure = 0;
2927
744cf19e 2928 mgmt_pin_code_request(hdev, &ev->bdaddr, secure);
a770bb5a 2929 }
980e1a53 2930
b6f98044 2931unlock:
052b30b0 2932 hci_dev_unlock(hdev);
a9de9248
MH		 2933}
2934
6039aa73 2935static void hci_link_key_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248 2936{
55ed8ca1
JH		 2937 struct hci_ev_link_key_req *ev = (void *) skb->data;
2938 struct hci_cp_link_key_reply cp;
2939 struct hci_conn *conn;
2940 struct link_key *key;
2941
a9de9248 2942 BT_DBG("%s", hdev->name);
55ed8ca1 2943
034cbea0 2944 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
55ed8ca1
JH		 2945 return;
2946
2947 hci_dev_lock(hdev);
2948
2949 key = hci_find_link_key(hdev, &ev->bdaddr);
2950 if (!key) {
6ed93dc6
AE		 2951 BT_DBG("%s link key not found for %pMR", hdev->name,
2952 &ev->bdaddr);
55ed8ca1
JH		 2953 goto not_found;
2954 }
2955
6ed93dc6
AE		 2956 BT_DBG("%s found key type %u for %pMR", hdev->name, key->type,
2957 &ev->bdaddr);
55ed8ca1 2958
a8b2d5c2 2959 if (!test_bit(HCI_DEBUG_KEYS, &hdev->dev_flags) &&
807deac2 2960 key->type == HCI_LK_DEBUG_COMBINATION) {
55ed8ca1
JH		 2961 BT_DBG("%s ignoring debug key", hdev->name);
2962 goto not_found;
2963 }
2964
2965 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
60b83f57 2966 if (conn) {
66138ce8
MH		 2967 if ((key->type == HCI_LK_UNAUTH_COMBINATION_P192 ||
2968 key->type == HCI_LK_UNAUTH_COMBINATION_P256) &&
807deac2 2969 conn->auth_type != 0xff && (conn->auth_type & 0x01)) {
60b83f57
WR		 2970 BT_DBG("%s ignoring unauthenticated key", hdev->name);
2971 goto not_found;
2972 }
55ed8ca1 2973
60b83f57 2974 if (key->type == HCI_LK_COMBINATION && key->pin_len < 16 &&
807deac2 2975 conn->pending_sec_level == BT_SECURITY_HIGH) {
8fc9ced3
GP		 2976 BT_DBG("%s ignoring key unauthenticated for high security",
2977 hdev->name);
60b83f57
WR		 2978 goto not_found;
2979 }
2980
2981 conn->key_type = key->type;
2982 conn->pin_length = key->pin_len;
55ed8ca1
JH		 2983 }
2984
2985 bacpy(&cp.bdaddr, &ev->bdaddr);
9b3b4460 2986 memcpy(cp.link_key, key->val, HCI_LINK_KEY_SIZE);
55ed8ca1
JH		 2987
2988 hci_send_cmd(hdev, HCI_OP_LINK_KEY_REPLY, sizeof(cp), &cp);
2989
2990 hci_dev_unlock(hdev);
2991
2992 return;
2993
2994not_found:
2995 hci_send_cmd(hdev, HCI_OP_LINK_KEY_NEG_REPLY, 6, &ev->bdaddr);
2996 hci_dev_unlock(hdev);
a9de9248
MH		 2997}
2998
6039aa73 2999static void hci_link_key_notify_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248 3000{
052b30b0
MH		 3001 struct hci_ev_link_key_notify *ev = (void *) skb->data;
3002 struct hci_conn *conn;
55ed8ca1 3003 u8 pin_len = 0;
052b30b0 3004
a9de9248 3005 BT_DBG("%s", hdev->name);
052b30b0
MH		 3006
3007 hci_dev_lock(hdev);
3008
3009 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3010 if (conn) {
3011 hci_conn_hold(conn);
3012 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
980e1a53 3013 pin_len = conn->pin_length;
13d39315
WR		 3014
3015 if (ev->key_type != HCI_LK_CHANGED_COMBINATION)
3016 conn->key_type = ev->key_type;
3017
76a68ba0 3018 hci_conn_drop(conn);
052b30b0
MH		 3019 }
3020
034cbea0 3021 if (test_bit(HCI_MGMT, &hdev->dev_flags))
d25e28ab 3022 hci_add_link_key(hdev, conn, 1, &ev->bdaddr, ev->link_key,
807deac2 3023 ev->key_type, pin_len);
55ed8ca1 3024
052b30b0 3025 hci_dev_unlock(hdev);
a9de9248
MH		 3026}
3027
6039aa73 3028static void hci_clock_offset_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 3029{
a9de9248 3030 struct hci_ev_clock_offset *ev = (void *) skb->data;
04837f64 3031 struct hci_conn *conn;
1da177e4 3032
9f1db00c 3033 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
1da177e4
LT		 3034
3035 hci_dev_lock(hdev);
3036
04837f64 3037 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1da177e4
LT		 3038 if (conn && !ev->status) {
3039 struct inquiry_entry *ie;
3040
cc11b9c1
AE		 3041 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
3042 if (ie) {
1da177e4
LT		 3043 ie->data.clock_offset = ev->clock_offset;
3044 ie->timestamp = jiffies;
3045 }
3046 }
3047
3048 hci_dev_unlock(hdev);
3049}
3050
6039aa73 3051static void hci_pkt_type_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
a8746417
MH		 3052{
3053 struct hci_ev_pkt_type_change *ev = (void *) skb->data;
3054 struct hci_conn *conn;
3055
9f1db00c 3056 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
a8746417
MH		 3057
3058 hci_dev_lock(hdev);
3059
3060 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
3061 if (conn && !ev->status)
3062 conn->pkt_type = __le16_to_cpu(ev->pkt_type);
3063
3064 hci_dev_unlock(hdev);
3065}
3066
6039aa73 3067static void hci_pscan_rep_mode_evt(struct hci_dev *hdev, struct sk_buff *skb)
85a1e930 3068{
a9de9248 3069 struct hci_ev_pscan_rep_mode *ev = (void *) skb->data;
85a1e930
MH		 3070 struct inquiry_entry *ie;
3071
3072 BT_DBG("%s", hdev->name);
3073
3074 hci_dev_lock(hdev);
3075
cc11b9c1
AE		 3076 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
3077 if (ie) {
85a1e930
MH		 3078 ie->data.pscan_rep_mode = ev->pscan_rep_mode;
3079 ie->timestamp = jiffies;
3080 }
3081
3082 hci_dev_unlock(hdev);
3083}
3084
6039aa73
GP		 3085static void hci_inquiry_result_with_rssi_evt(struct hci_dev *hdev,
3086 struct sk_buff *skb)
a9de9248
MH		 3087{
3088 struct inquiry_data data;
3089 int num_rsp = *((__u8 *) skb->data);
388fc8fa 3090 bool name_known, ssp;
a9de9248
MH		 3091
3092 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
3093
3094 if (!num_rsp)
3095 return;
3096
1519cc17
AG		 3097 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags))
3098 return;
3099
a9de9248
MH		 3100 hci_dev_lock(hdev);
3101
3102 if ((skb->len - 1) / num_rsp != sizeof(struct inquiry_info_with_rssi)) {
138d22ef
SJ		 3103 struct inquiry_info_with_rssi_and_pscan_mode *info;
3104 info = (void *) (skb->data + 1);
a9de9248 3105
e17acd40 3106 for (; num_rsp; num_rsp--, info++) {
a9de9248
MH		 3107 bacpy(&data.bdaddr, &info->bdaddr);
3108 data.pscan_rep_mode = info->pscan_rep_mode;
3109 data.pscan_period_mode = info->pscan_period_mode;
3110 data.pscan_mode = info->pscan_mode;
3111 memcpy(data.dev_class, info->dev_class, 3);
3112 data.clock_offset = info->clock_offset;
3113 data.rssi = info->rssi;
41a96212 3114 data.ssp_mode = 0x00;
3175405b
JH		 3115
3116 name_known = hci_inquiry_cache_update(hdev, &data,
04124681 3117 false, &ssp);
48264f06 3118 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
04124681 3119 info->dev_class, info->rssi,
5d2e9fad 3120 !name_known, ssp, NULL, 0, NULL, 0);
a9de9248
MH		 3121 }
3122 } else {
3123 struct inquiry_info_with_rssi *info = (void *) (skb->data + 1);
3124
e17acd40 3125 for (; num_rsp; num_rsp--, info++) {
a9de9248
MH		 3126 bacpy(&data.bdaddr, &info->bdaddr);
3127 data.pscan_rep_mode = info->pscan_rep_mode;
3128 data.pscan_period_mode = info->pscan_period_mode;
3129 data.pscan_mode = 0x00;
3130 memcpy(data.dev_class, info->dev_class, 3);
3131 data.clock_offset = info->clock_offset;
3132 data.rssi = info->rssi;
41a96212 3133 data.ssp_mode = 0x00;
3175405b 3134 name_known = hci_inquiry_cache_update(hdev, &data,
04124681 3135 false, &ssp);
48264f06 3136 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
04124681 3137 info->dev_class, info->rssi,
5d2e9fad 3138 !name_known, ssp, NULL, 0, NULL, 0);
a9de9248
MH		 3139 }
3140 }
3141
3142 hci_dev_unlock(hdev);
3143}
3144
6039aa73
GP		 3145static void hci_remote_ext_features_evt(struct hci_dev *hdev,
3146 struct sk_buff *skb)
a9de9248 3147{
41a96212
MH		 3148 struct hci_ev_remote_ext_features *ev = (void *) skb->data;
3149 struct hci_conn *conn;
3150
a9de9248 3151 BT_DBG("%s", hdev->name);
41a96212 3152
41a96212
MH		 3153 hci_dev_lock(hdev);
3154
3155 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
ccd556fe
JH		 3156 if (!conn)
3157 goto unlock;
41a96212 3158
cad718ed
JH		 3159 if (ev->page < HCI_MAX_PAGES)
3160 memcpy(conn->features[ev->page], ev->features, 8);
3161
ccd556fe
JH		 3162 if (!ev->status && ev->page == 0x01) {
3163 struct inquiry_entry *ie;
41a96212 3164
cc11b9c1
AE		 3165 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
3166 if (ie)
02b7cc62 3167 ie->data.ssp_mode = (ev->features[0] & LMP_HOST_SSP);
769be974 3168
bbb0eada 3169 if (ev->features[0] & LMP_HOST_SSP) {
58a681ef 3170 set_bit(HCI_CONN_SSP_ENABLED, &conn->flags);
bbb0eada
JK		 3171 } else {
3172 /* It is mandatory by the Bluetooth specification that
3173 * Extended Inquiry Results are only used when Secure
3174 * Simple Pairing is enabled, but some devices violate
3175 * this.
3176 *
3177 * To make these devices work, the internal SSP
3178 * enabled flag needs to be cleared if the remote host
3179 * features do not indicate SSP support */
3180 clear_bit(HCI_CONN_SSP_ENABLED, &conn->flags);
3181 }
eb9a8f3f
MH		 3182
3183 if (ev->features[0] & LMP_HOST_SC)
3184 set_bit(HCI_CONN_SC_ENABLED, &conn->flags);
ccd556fe
JH		 3185 }
3186
3187 if (conn->state != BT_CONFIG)
3188 goto unlock;
3189
671267bf 3190 if (!ev->status && !test_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags)) {
127178d2
JH		 3191 struct hci_cp_remote_name_req cp;
3192 memset(&cp, 0, sizeof(cp));
3193 bacpy(&cp.bdaddr, &conn->dst);
3194 cp.pscan_rep_mode = 0x02;
3195 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
b644ba33
JH		 3196 } else if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
3197 mgmt_device_connected(hdev, &conn->dst, conn->type,
04124681
GP		 3198 conn->dst_type, 0, NULL, 0,
3199 conn->dev_class);
392599b9 3200
127178d2 3201 if (!hci_outgoing_auth_needed(hdev, conn)) {
ccd556fe
JH		 3202 conn->state = BT_CONNECTED;
3203 hci_proto_connect_cfm(conn, ev->status);
76a68ba0 3204 hci_conn_drop(conn);
41a96212
MH		 3205 }
3206
ccd556fe 3207unlock:
41a96212 3208 hci_dev_unlock(hdev);
a9de9248
MH		 3209}
3210
6039aa73
GP		 3211static void hci_sync_conn_complete_evt(struct hci_dev *hdev,
3212 struct sk_buff *skb)
a9de9248 3213{
b6a0dc82
MH		 3214 struct hci_ev_sync_conn_complete *ev = (void *) skb->data;
3215 struct hci_conn *conn;
3216
9f1db00c 3217 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
b6a0dc82
MH		 3218
3219 hci_dev_lock(hdev);
3220
3221 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
9dc0a3af
MH		 3222 if (!conn) {
3223 if (ev->link_type == ESCO_LINK)
3224 goto unlock;
3225
3226 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
3227 if (!conn)
3228 goto unlock;
3229
3230 conn->type = SCO_LINK;
3231 }
b6a0dc82 3232
732547f9
MH		 3233 switch (ev->status) {
3234 case 0x00:
b6a0dc82
MH		 3235 conn->handle = __le16_to_cpu(ev->handle);
3236 conn->state = BT_CONNECTED;
7d0db0a3
MH		 3237
3238 hci_conn_add_sysfs(conn);
732547f9
MH		 3239 break;
3240
1a4c958c 3241 case 0x0d: /* Connection Rejected due to Limited Resources */
705e5711 3242 case 0x11: /* Unsupported Feature or Parameter Value */
732547f9 3243 case 0x1c: /* SCO interval rejected */
1038a00b 3244 case 0x1a: /* Unsupported Remote Feature */
732547f9 3245 case 0x1f: /* Unspecified error */
27539bc4 3246 case 0x20: /* Unsupported LMP Parameter value */
2dea632f 3247 if (conn->out) {
732547f9
MH		 3248 conn->pkt_type = (hdev->esco_type & SCO_ESCO_MASK) |
3249 (hdev->esco_type & EDR_ESCO_MASK);
2dea632f
FD		 3250 if (hci_setup_sync(conn, conn->link->handle))
3251 goto unlock;
732547f9
MH		 3252 }
3253 /* fall through */
3254
3255 default:
b6a0dc82 3256 conn->state = BT_CLOSED;
732547f9
MH		 3257 break;
3258 }
b6a0dc82
MH		 3259
3260 hci_proto_connect_cfm(conn, ev->status);
3261 if (ev->status)
3262 hci_conn_del(conn);
3263
3264unlock:
3265 hci_dev_unlock(hdev);
a9de9248
MH		 3266}
3267
efdcf8e3
MH		 3268static inline size_t eir_get_length(u8 *eir, size_t eir_len)
3269{
3270 size_t parsed = 0;
3271
3272 while (parsed < eir_len) {
3273 u8 field_len = eir[0];
3274
3275 if (field_len == 0)
3276 return parsed;
3277
3278 parsed += field_len + 1;
3279 eir += field_len + 1;
3280 }
3281
3282 return eir_len;
3283}
3284
6039aa73
GP		 3285static void hci_extended_inquiry_result_evt(struct hci_dev *hdev,
3286 struct sk_buff *skb)
1da177e4 3287{
a9de9248
MH		 3288 struct inquiry_data data;
3289 struct extended_inquiry_info *info = (void *) (skb->data + 1);
3290 int num_rsp = *((__u8 *) skb->data);
9d939d94 3291 size_t eir_len;
1da177e4 3292
a9de9248 3293 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
1da177e4 3294
a9de9248
MH		 3295 if (!num_rsp)
3296 return;
1da177e4 3297
1519cc17
AG		 3298 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags))
3299 return;
3300
a9de9248
MH		 3301 hci_dev_lock(hdev);
3302
e17acd40 3303 for (; num_rsp; num_rsp--, info++) {
388fc8fa 3304 bool name_known, ssp;
561aafbc 3305
a9de9248 3306 bacpy(&data.bdaddr, &info->bdaddr);
138d22ef
SJ		 3307 data.pscan_rep_mode = info->pscan_rep_mode;
3308 data.pscan_period_mode = info->pscan_period_mode;
3309 data.pscan_mode = 0x00;
a9de9248 3310 memcpy(data.dev_class, info->dev_class, 3);
138d22ef
SJ		 3311 data.clock_offset = info->clock_offset;
3312 data.rssi = info->rssi;
41a96212 3313 data.ssp_mode = 0x01;
561aafbc 3314
a8b2d5c2 3315 if (test_bit(HCI_MGMT, &hdev->dev_flags))
4ddb1930 3316 name_known = eir_has_data_type(info->data,
04124681
GP		 3317 sizeof(info->data),
3318 EIR_NAME_COMPLETE);
561aafbc
JH		 3319 else
3320 name_known = true;
3321
388fc8fa 3322 name_known = hci_inquiry_cache_update(hdev, &data, name_known,
04124681 3323 &ssp);
9d939d94 3324 eir_len = eir_get_length(info->data, sizeof(info->data));
48264f06 3325 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
04124681 3326 info->dev_class, info->rssi, !name_known,
5d2e9fad 3327 ssp, info->data, eir_len, NULL, 0);
a9de9248
MH		 3328 }
3329
3330 hci_dev_unlock(hdev);
3331}
1da177e4 3332
1c2e0041
JH		 3333static void hci_key_refresh_complete_evt(struct hci_dev *hdev,
3334 struct sk_buff *skb)
3335{
3336 struct hci_ev_key_refresh_complete *ev = (void *) skb->data;
3337 struct hci_conn *conn;
3338
9f1db00c 3339 BT_DBG("%s status 0x%2.2x handle 0x%4.4x", hdev->name, ev->status,
1c2e0041
JH		 3340 __le16_to_cpu(ev->handle));
3341
3342 hci_dev_lock(hdev);
3343
3344 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
3345 if (!conn)
3346 goto unlock;
3347
3348 if (!ev->status)
3349 conn->sec_level = conn->pending_sec_level;
3350
3351 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
3352
3353 if (ev->status && conn->state == BT_CONNECTED) {
bed71748 3354 hci_disconnect(conn, HCI_ERROR_AUTH_FAILURE);
76a68ba0 3355 hci_conn_drop(conn);
1c2e0041
JH		 3356 goto unlock;
3357 }
3358
3359 if (conn->state == BT_CONFIG) {
3360 if (!ev->status)
3361 conn->state = BT_CONNECTED;
3362
3363 hci_proto_connect_cfm(conn, ev->status);
76a68ba0 3364 hci_conn_drop(conn);
1c2e0041
JH		 3365 } else {
3366 hci_auth_cfm(conn, ev->status);
3367
3368 hci_conn_hold(conn);
3369 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
76a68ba0 3370 hci_conn_drop(conn);
1c2e0041
JH		 3371 }
3372
3373unlock:
3374 hci_dev_unlock(hdev);
3375}
3376
6039aa73 3377static u8 hci_get_auth_req(struct hci_conn *conn)
17fa4b9d
JH		 3378{
3379 /* If remote requests dedicated bonding follow that lead */
acabae96
MA		 3380 if (conn->remote_auth == HCI_AT_DEDICATED_BONDING ||
3381 conn->remote_auth == HCI_AT_DEDICATED_BONDING_MITM) {
17fa4b9d
JH		 3382 /* If both remote and local IO capabilities allow MITM
3383 * protection then require it, otherwise don't */
acabae96
MA		 3384 if (conn->remote_cap == HCI_IO_NO_INPUT_OUTPUT ||
3385 conn->io_capability == HCI_IO_NO_INPUT_OUTPUT)
3386 return HCI_AT_DEDICATED_BONDING;
17fa4b9d 3387 else
acabae96 3388 return HCI_AT_DEDICATED_BONDING_MITM;
17fa4b9d
JH		 3389 }
3390
3391 /* If remote requests no-bonding follow that lead */
acabae96
MA		 3392 if (conn->remote_auth == HCI_AT_NO_BONDING ||
3393 conn->remote_auth == HCI_AT_NO_BONDING_MITM)
58797bf7 3394 return conn->remote_auth | (conn->auth_type & 0x01);
17fa4b9d
JH		 3395
3396 return conn->auth_type;
3397}
3398
6039aa73 3399static void hci_io_capa_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
0493684e
MH		 3400{
3401 struct hci_ev_io_capa_request *ev = (void *) skb->data;
3402 struct hci_conn *conn;
3403
3404 BT_DBG("%s", hdev->name);
3405
3406 hci_dev_lock(hdev);
3407
3408 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
03b555e1
JH		 3409 if (!conn)
3410 goto unlock;
3411
3412 hci_conn_hold(conn);
3413
a8b2d5c2 3414 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
03b555e1
JH		 3415 goto unlock;
3416
a8b2d5c2 3417 if (test_bit(HCI_PAIRABLE, &hdev->dev_flags) ||
807deac2 3418 (conn->remote_auth & ~0x01) == HCI_AT_NO_BONDING) {
17fa4b9d
JH		 3419 struct hci_cp_io_capability_reply cp;
3420
3421 bacpy(&cp.bdaddr, &ev->bdaddr);
7a7f1e7c
HG		 3422 /* Change the IO capability from KeyboardDisplay
3423 * to DisplayYesNo as it is not supported by BT spec. */
3424 cp.capability = (conn->io_capability == 0x04) ?
a767631a 3425 HCI_IO_DISPLAY_YESNO : conn->io_capability;
7cbc9bd9
JH		 3426 conn->auth_type = hci_get_auth_req(conn);
3427 cp.authentication = conn->auth_type;
17fa4b9d 3428
8fc9ced3
GP		 3429 if (hci_find_remote_oob_data(hdev, &conn->dst) &&
3430 (conn->out || test_bit(HCI_CONN_REMOTE_OOB, &conn->flags)))
ce85ee13
SJ		 3431 cp.oob_data = 0x01;
3432 else
3433 cp.oob_data = 0x00;
3434
17fa4b9d 3435 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_REPLY,
807deac2 3436 sizeof(cp), &cp);
03b555e1
JH		 3437 } else {
3438 struct hci_cp_io_capability_neg_reply cp;
3439
3440 bacpy(&cp.bdaddr, &ev->bdaddr);
9f5a0d7b 3441 cp.reason = HCI_ERROR_PAIRING_NOT_ALLOWED;
0493684e 3442
03b555e1 3443 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_NEG_REPLY,
807deac2 3444 sizeof(cp), &cp);
03b555e1
JH		 3445 }
3446
3447unlock:
3448 hci_dev_unlock(hdev);
3449}
3450
6039aa73 3451static void hci_io_capa_reply_evt(struct hci_dev *hdev, struct sk_buff *skb)
03b555e1
JH		 3452{
3453 struct hci_ev_io_capa_reply *ev = (void *) skb->data;
3454 struct hci_conn *conn;
3455
3456 BT_DBG("%s", hdev->name);
3457
3458 hci_dev_lock(hdev);
3459
3460 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3461 if (!conn)
3462 goto unlock;
3463
03b555e1 3464 conn->remote_cap = ev->capability;
03b555e1 3465 conn->remote_auth = ev->authentication;
58a681ef
JH		 3466 if (ev->oob_data)
3467 set_bit(HCI_CONN_REMOTE_OOB, &conn->flags);
03b555e1
JH		 3468
3469unlock:
0493684e
MH		 3470 hci_dev_unlock(hdev);
3471}
3472
6039aa73
GP		 3473static void hci_user_confirm_request_evt(struct hci_dev *hdev,
3474 struct sk_buff *skb)
a5c29683
JH		 3475{
3476 struct hci_ev_user_confirm_req *ev = (void *) skb->data;
55bc1a37 3477 int loc_mitm, rem_mitm, confirm_hint = 0;
7a828908 3478 struct hci_conn *conn;
a5c29683
JH		 3479
3480 BT_DBG("%s", hdev->name);
3481
3482 hci_dev_lock(hdev);
3483
a8b2d5c2 3484 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
7a828908 3485 goto unlock;
a5c29683 3486
7a828908
JH		 3487 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3488 if (!conn)
3489 goto unlock;
3490
3491 loc_mitm = (conn->auth_type & 0x01);
3492 rem_mitm = (conn->remote_auth & 0x01);
3493
3494 /* If we require MITM but the remote device can't provide that
3495 * (it has NoInputNoOutput) then reject the confirmation
3496 * request. The only exception is when we're dedicated bonding
3497 * initiators (connect_cfm_cb set) since then we always have the MITM
3498 * bit set. */
a767631a
MA		 3499 if (!conn->connect_cfm_cb && loc_mitm &&
3500 conn->remote_cap == HCI_IO_NO_INPUT_OUTPUT) {
7a828908
JH		 3501 BT_DBG("Rejecting request: remote device can't provide MITM");
3502 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_NEG_REPLY,
807deac2 3503 sizeof(ev->bdaddr), &ev->bdaddr);
7a828908
JH		 3504 goto unlock;
3505 }
3506
3507 /* If no side requires MITM protection; auto-accept */
a767631a
MA		 3508 if ((!loc_mitm || conn->remote_cap == HCI_IO_NO_INPUT_OUTPUT) &&
3509 (!rem_mitm || conn->io_capability == HCI_IO_NO_INPUT_OUTPUT)) {
55bc1a37
JH		 3510
3511 /* If we're not the initiators request authorization to
3512 * proceed from user space (mgmt_user_confirm with
3513 * confirm_hint set to 1). */
51a8efd7 3514 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
55bc1a37
JH		 3515 BT_DBG("Confirming auto-accept as acceptor");
3516 confirm_hint = 1;
3517 goto confirm;
3518 }
3519
9f61656a 3520 BT_DBG("Auto-accept of user confirmation with %ums delay",
807deac2 3521 hdev->auto_accept_delay);
9f61656a
JH		 3522
3523 if (hdev->auto_accept_delay > 0) {
3524 int delay = msecs_to_jiffies(hdev->auto_accept_delay);
7bc18d9d
JH		 3525 queue_delayed_work(conn->hdev->workqueue,
3526 &conn->auto_accept_work, delay);
9f61656a
JH		 3527 goto unlock;
3528 }
3529
7a828908 3530 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_REPLY,
807deac2 3531 sizeof(ev->bdaddr), &ev->bdaddr);
7a828908
JH		 3532 goto unlock;
3533 }
3534
55bc1a37 3535confirm:
39adbffe
JH		 3536 mgmt_user_confirm_request(hdev, &ev->bdaddr, ACL_LINK, 0,
3537 le32_to_cpu(ev->passkey), confirm_hint);
7a828908
JH		 3538
3539unlock:
a5c29683
JH		 3540 hci_dev_unlock(hdev);
3541}
3542
6039aa73
GP		 3543static void hci_user_passkey_request_evt(struct hci_dev *hdev,
3544 struct sk_buff *skb)
1143d458
BG		 3545{
3546 struct hci_ev_user_passkey_req *ev = (void *) skb->data;
3547
3548 BT_DBG("%s", hdev->name);
3549
a8b2d5c2 3550 if (test_bit(HCI_MGMT, &hdev->dev_flags))
272d90df 3551 mgmt_user_passkey_request(hdev, &ev->bdaddr, ACL_LINK, 0);
1143d458
BG		 3552}
3553
92a25256
JH		 3554static void hci_user_passkey_notify_evt(struct hci_dev *hdev,
3555 struct sk_buff *skb)
3556{
3557 struct hci_ev_user_passkey_notify *ev = (void *) skb->data;
3558 struct hci_conn *conn;
3559
3560 BT_DBG("%s", hdev->name);
3561
3562 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3563 if (!conn)
3564 return;
3565
3566 conn->passkey_notify = __le32_to_cpu(ev->passkey);
3567 conn->passkey_entered = 0;
3568
3569 if (test_bit(HCI_MGMT, &hdev->dev_flags))
3570 mgmt_user_passkey_notify(hdev, &conn->dst, conn->type,
3571 conn->dst_type, conn->passkey_notify,
3572 conn->passkey_entered);
3573}
3574
3575static void hci_keypress_notify_evt(struct hci_dev *hdev, struct sk_buff *skb)
3576{
3577 struct hci_ev_keypress_notify *ev = (void *) skb->data;
3578 struct hci_conn *conn;
3579
3580 BT_DBG("%s", hdev->name);
3581
3582 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3583 if (!conn)
3584 return;
3585
3586 switch (ev->type) {
3587 case HCI_KEYPRESS_STARTED:
3588 conn->passkey_entered = 0;
3589 return;
3590
3591 case HCI_KEYPRESS_ENTERED:
3592 conn->passkey_entered++;
3593 break;
3594
3595 case HCI_KEYPRESS_ERASED:
3596 conn->passkey_entered--;
3597 break;
3598
3599 case HCI_KEYPRESS_CLEARED:
3600 conn->passkey_entered = 0;
3601 break;
3602
3603 case HCI_KEYPRESS_COMPLETED:
3604 return;
3605 }
3606
3607 if (test_bit(HCI_MGMT, &hdev->dev_flags))
3608 mgmt_user_passkey_notify(hdev, &conn->dst, conn->type,
3609 conn->dst_type, conn->passkey_notify,
3610 conn->passkey_entered);
3611}
3612
6039aa73
GP		 3613static void hci_simple_pair_complete_evt(struct hci_dev *hdev,
3614 struct sk_buff *skb)
0493684e
MH		 3615{
3616 struct hci_ev_simple_pair_complete *ev = (void *) skb->data;
3617 struct hci_conn *conn;
3618
3619 BT_DBG("%s", hdev->name);
3620
3621 hci_dev_lock(hdev);
3622
3623 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2a611692
JH		 3624 if (!conn)
3625 goto unlock;
3626
3627 /* To avoid duplicate auth_failed events to user space we check
3628 * the HCI_CONN_AUTH_PEND flag which will be set if we
3629 * initiated the authentication. A traditional auth_complete
3630 * event gets always produced as initiator and is also mapped to
3631 * the mgmt_auth_failed event */
fa1bd918 3632 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->flags) && ev->status)
bab73cb6 3633 mgmt_auth_failed(hdev, &conn->dst, conn->type, conn->dst_type,
04124681 3634 ev->status);
0493684e 3635
76a68ba0 3636 hci_conn_drop(conn);
2a611692
JH		 3637
3638unlock:
0493684e
MH		 3639 hci_dev_unlock(hdev);
3640}
3641
6039aa73
GP		 3642static void hci_remote_host_features_evt(struct hci_dev *hdev,
3643 struct sk_buff *skb)
41a96212
MH		 3644{
3645 struct hci_ev_remote_host_features *ev = (void *) skb->data;
3646 struct inquiry_entry *ie;
cad718ed 3647 struct hci_conn *conn;
41a96212
MH		 3648
3649 BT_DBG("%s", hdev->name);
3650
3651 hci_dev_lock(hdev);
3652
cad718ed
JH		 3653 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3654 if (conn)
3655 memcpy(conn->features[1], ev->features, 8);
3656
cc11b9c1
AE		 3657 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
3658 if (ie)
02b7cc62 3659 ie->data.ssp_mode = (ev->features[0] & LMP_HOST_SSP);
41a96212
MH		 3660
3661 hci_dev_unlock(hdev);
3662}
3663
6039aa73
GP		 3664static void hci_remote_oob_data_request_evt(struct hci_dev *hdev,
3665 struct sk_buff *skb)
2763eda6
SJ		 3666{
3667 struct hci_ev_remote_oob_data_request *ev = (void *) skb->data;
3668 struct oob_data *data;
3669
3670 BT_DBG("%s", hdev->name);
3671
3672 hci_dev_lock(hdev);
3673
a8b2d5c2 3674 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
e1ba1f15
SJ		 3675 goto unlock;
3676
2763eda6
SJ		 3677 data = hci_find_remote_oob_data(hdev, &ev->bdaddr);
3678 if (data) {
519ca9d0
MH		 3679 if (test_bit(HCI_SC_ENABLED, &hdev->dev_flags)) {
3680 struct hci_cp_remote_oob_ext_data_reply cp;
2763eda6 3681
519ca9d0
MH		 3682 bacpy(&cp.bdaddr, &ev->bdaddr);
3683 memcpy(cp.hash192, data->hash192, sizeof(cp.hash192));
3684 memcpy(cp.randomizer192, data->randomizer192,
3685 sizeof(cp.randomizer192));
3686 memcpy(cp.hash256, data->hash256, sizeof(cp.hash256));
3687 memcpy(cp.randomizer256, data->randomizer256,
3688 sizeof(cp.randomizer256));
3689
3690 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_EXT_DATA_REPLY,
3691 sizeof(cp), &cp);
3692 } else {
3693 struct hci_cp_remote_oob_data_reply cp;
2763eda6 3694
519ca9d0
MH		 3695 bacpy(&cp.bdaddr, &ev->bdaddr);
3696 memcpy(cp.hash, data->hash192, sizeof(cp.hash));
3697 memcpy(cp.randomizer, data->randomizer192,
3698 sizeof(cp.randomizer));
3699
3700 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_REPLY,
3701 sizeof(cp), &cp);
3702 }
2763eda6
SJ		 3703 } else {
3704 struct hci_cp_remote_oob_data_neg_reply cp;
3705
3706 bacpy(&cp.bdaddr, &ev->bdaddr);
519ca9d0
MH		 3707 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_NEG_REPLY,
3708 sizeof(cp), &cp);
2763eda6
SJ		 3709 }
3710
e1ba1f15 3711unlock:
2763eda6
SJ		 3712 hci_dev_unlock(hdev);
3713}
3714
d5e91192
AE		 3715static void hci_phy_link_complete_evt(struct hci_dev *hdev,
3716 struct sk_buff *skb)
3717{
3718 struct hci_ev_phy_link_complete *ev = (void *) skb->data;
3719 struct hci_conn *hcon, *bredr_hcon;
3720
3721 BT_DBG("%s handle 0x%2.2x status 0x%2.2x", hdev->name, ev->phy_handle,
3722 ev->status);
3723
3724 hci_dev_lock(hdev);
3725
3726 hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
3727 if (!hcon) {
3728 hci_dev_unlock(hdev);
3729 return;
3730 }
3731
3732 if (ev->status) {
3733 hci_conn_del(hcon);
3734 hci_dev_unlock(hdev);
3735 return;
3736 }
3737
3738 bredr_hcon = hcon->amp_mgr->l2cap_conn->hcon;
3739
3740 hcon->state = BT_CONNECTED;
3741 bacpy(&hcon->dst, &bredr_hcon->dst);
3742
3743 hci_conn_hold(hcon);
3744 hcon->disc_timeout = HCI_DISCONN_TIMEOUT;
76a68ba0 3745 hci_conn_drop(hcon);
d5e91192 3746
d5e91192
AE		 3747 hci_conn_add_sysfs(hcon);
3748
cf70ff22 3749 amp_physical_cfm(bredr_hcon, hcon);
d5e91192 3750
cf70ff22 3751 hci_dev_unlock(hdev);
d5e91192
AE		 3752}
3753
27695fb4
AE		 3754static void hci_loglink_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
3755{
3756 struct hci_ev_logical_link_complete *ev = (void *) skb->data;
3757 struct hci_conn *hcon;
3758 struct hci_chan *hchan;
3759 struct amp_mgr *mgr;
3760
3761 BT_DBG("%s log_handle 0x%4.4x phy_handle 0x%2.2x status 0x%2.2x",
3762 hdev->name, le16_to_cpu(ev->handle), ev->phy_handle,
3763 ev->status);
3764
3765 hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
3766 if (!hcon)
3767 return;
3768
3769 /* Create AMP hchan */
3770 hchan = hci_chan_create(hcon);
3771 if (!hchan)
3772 return;
3773
3774 hchan->handle = le16_to_cpu(ev->handle);
3775
3776 BT_DBG("hcon %p mgr %p hchan %p", hcon, hcon->amp_mgr, hchan);
3777
3778 mgr = hcon->amp_mgr;
3779 if (mgr && mgr->bredr_chan) {
3780 struct l2cap_chan *bredr_chan = mgr->bredr_chan;
3781
3782 l2cap_chan_lock(bredr_chan);
3783
3784 bredr_chan->conn->mtu = hdev->block_mtu;
3785 l2cap_logical_cfm(bredr_chan, hchan, 0);
3786 hci_conn_hold(hcon);
3787
3788 l2cap_chan_unlock(bredr_chan);
3789 }
3790}
3791
606e2a10
AE		 3792static void hci_disconn_loglink_complete_evt(struct hci_dev *hdev,
3793 struct sk_buff *skb)
3794{
3795 struct hci_ev_disconn_logical_link_complete *ev = (void *) skb->data;
3796 struct hci_chan *hchan;
3797
3798 BT_DBG("%s log handle 0x%4.4x status 0x%2.2x", hdev->name,
3799 le16_to_cpu(ev->handle), ev->status);
3800
3801 if (ev->status)
3802 return;
3803
3804 hci_dev_lock(hdev);
3805
3806 hchan = hci_chan_lookup_handle(hdev, le16_to_cpu(ev->handle));
3807 if (!hchan)
3808 goto unlock;
3809
3810 amp_destroy_logical_link(hchan, ev->reason);
3811
3812unlock:
3813 hci_dev_unlock(hdev);
3814}
3815
9eef6b3a
AE		 3816static void hci_disconn_phylink_complete_evt(struct hci_dev *hdev,
3817 struct sk_buff *skb)
3818{
3819 struct hci_ev_disconn_phy_link_complete *ev = (void *) skb->data;
3820 struct hci_conn *hcon;
3821
3822 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
3823
3824 if (ev->status)
3825 return;
3826
3827 hci_dev_lock(hdev);
3828
3829 hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
3830 if (hcon) {
3831 hcon->state = BT_CLOSED;
3832 hci_conn_del(hcon);
3833 }
3834
3835 hci_dev_unlock(hdev);
3836}
3837
6039aa73 3838static void hci_le_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
fcd89c09
VT		 3839{
3840 struct hci_ev_le_conn_complete *ev = (void *) skb->data;
3841 struct hci_conn *conn;
68d6f6de 3842 struct smp_irk *irk;
fcd89c09 3843
9f1db00c 3844 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
fcd89c09
VT		 3845
3846 hci_dev_lock(hdev);
3847
b47a09b3 3848 conn = hci_conn_hash_lookup_state(hdev, LE_LINK, BT_CONNECT);
b62f328b
VT		 3849 if (!conn) {
3850 conn = hci_conn_add(hdev, LE_LINK, &ev->bdaddr);
3851 if (!conn) {
3852 BT_ERR("No memory for new connection");
230fd16a 3853 goto unlock;
b62f328b 3854 }
29b7988a
AG		 3855
3856 conn->dst_type = ev->bdaddr_type;
b9b343d2
AG		 3857
3858 if (ev->role == LE_CONN_ROLE_MASTER) {
3859 conn->out = true;
3860 conn->link_mode |= HCI_LM_MASTER;
3861 }
cb1d68f7
JH		 3862
3863 /* If we didn't have a hci_conn object previously
3864 * but we're in master role this must be something
3865 * initiated using a white list. Since white list based
3866 * connections are not "first class citizens" we don't
3867 * have full tracking of them. Therefore, we go ahead
3868 * with a "best effort" approach of determining the
3869 * initiator address based on the HCI_PRIVACY flag.
3870 */
3871 if (conn->out) {
3872 conn->resp_addr_type = ev->bdaddr_type;
3873 bacpy(&conn->resp_addr, &ev->bdaddr);
3874 if (test_bit(HCI_PRIVACY, &hdev->dev_flags)) {
3875 conn->init_addr_type = ADDR_LE_DEV_RANDOM;
3876 bacpy(&conn->init_addr, &hdev->rpa);
3877 } else {
3878 hci_copy_identity_address(hdev,
3879 &conn->init_addr,
3880 &conn->init_addr_type);
3881 }
cb1d68f7 3882 }
9489eca4
JH		 3883 } else {
3884 cancel_delayed_work(&conn->le_conn_timeout);
b62f328b 3885 }
fcd89c09 3886
80c24ab8
JH		 3887 if (!conn->out) {
3888 /* Set the responder (our side) address type based on
3889 * the advertising address type.
3890 */
3891 conn->resp_addr_type = hdev->adv_addr_type;
3892 if (hdev->adv_addr_type == ADDR_LE_DEV_RANDOM)
3893 bacpy(&conn->resp_addr, &hdev->random_addr);
3894 else
3895 bacpy(&conn->resp_addr, &hdev->bdaddr);
3896
3897 conn->init_addr_type = ev->bdaddr_type;
3898 bacpy(&conn->init_addr, &ev->bdaddr);
3899 }
3900
edb4b466
MH		 3901 /* Lookup the identity address from the stored connection
3902 * address and address type.
3903 *
3904 * When establishing connections to an identity address, the
3905 * connection procedure will store the resolvable random
3906 * address first. Now if it can be converted back into the
3907 * identity address, start using the identity address from
3908 * now on.
3909 */
3910 irk = hci_get_irk(hdev, &conn->dst, conn->dst_type);
68d6f6de
JH		 3911 if (irk) {
3912 bacpy(&conn->dst, &irk->bdaddr);
3913 conn->dst_type = irk->addr_type;
3914 }
3915
cd17decb 3916 if (ev->status) {
06c053fb 3917 hci_le_conn_failed(conn, ev->status);
cd17decb
AG		 3918 goto unlock;
3919 }
3920
b644ba33 3921 if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
01fdb0fc 3922 mgmt_device_connected(hdev, &conn->dst, conn->type,
04124681 3923 conn->dst_type, 0, NULL, 0, NULL);
83bc71b4 3924
7b5c0d52 3925 conn->sec_level = BT_SECURITY_LOW;
fcd89c09
VT		 3926 conn->handle = __le16_to_cpu(ev->handle);
3927 conn->state = BT_CONNECTED;
3928
18722c24
JR		 3929 if (test_bit(HCI_6LOWPAN_ENABLED, &hdev->dev_flags))
3930 set_bit(HCI_CONN_6LOWPAN, &conn->flags);
3931
fcd89c09
VT		 3932 hci_conn_add_sysfs(conn);
3933
3934 hci_proto_connect_cfm(conn, ev->status);
3935
a4790dbd
AG		 3936 hci_pend_le_conn_del(hdev, &conn->dst, conn->dst_type);
3937
fcd89c09
VT		 3938unlock:
3939 hci_dev_unlock(hdev);
3940}
3941
a4790dbd
AG		 3942/* This function requires the caller holds hdev->lock */
3943static void check_pending_le_conn(struct hci_dev *hdev, bdaddr_t *addr,
3944 u8 addr_type)
3945{
3946 struct hci_conn *conn;
5b906a84
AG		 3947 struct smp_irk *irk;
3948
3949 /* If this is a resolvable address, we should resolve it and then
3950 * update address and address type variables.
3951 */
3952 irk = hci_get_irk(hdev, addr, addr_type);
3953 if (irk) {
3954 addr = &irk->bdaddr;
3955 addr_type = irk->addr_type;
3956 }
a4790dbd
AG		 3957
3958 if (!hci_pend_le_conn_lookup(hdev, addr, addr_type))
3959 return;
3960
3961 conn = hci_connect_le(hdev, addr, addr_type, BT_SECURITY_LOW,
3962 HCI_AT_NO_BONDING);
3963 if (!IS_ERR(conn))
3964 return;
3965
3966 switch (PTR_ERR(conn)) {
3967 case -EBUSY:
3968 /* If hci_connect() returns -EBUSY it means there is already
3969 * an LE connection attempt going on. Since controllers don't
3970 * support more than one connection attempt at the time, we
3971 * don't consider this an error case.
3972 */
3973 break;
3974 default:
3975 BT_DBG("Failed to connect: err %ld", PTR_ERR(conn));
3976 }
3977}
3978
4af605d8
JH		 3979static void process_adv_report(struct hci_dev *hdev, u8 type, bdaddr_t *bdaddr,
3980 u8 bdaddr_type, s8 rssi, u8 *data, u8 len)
3981{
ca5c4be7
JH		 3982 /* Passive scanning shouldn't trigger any device found events */
3983 if (hdev->le_scan_type == LE_SCAN_PASSIVE) {
3984 if (type == LE_ADV_IND || type == LE_ADV_DIRECT_IND)
3985 check_pending_le_conn(hdev, bdaddr, bdaddr_type);
3986 return;
3987 }
4af605d8
JH		 3988
3989 mgmt_device_found(hdev, bdaddr, LE_LINK, bdaddr_type, NULL, rssi, 0, 1,
5d2e9fad 3990 data, len, NULL, 0);
4af605d8
JH		 3991}
3992
6039aa73 3993static void hci_le_adv_report_evt(struct hci_dev *hdev, struct sk_buff *skb)
9aa04c91 3994{
e95beb41
AG		 3995 u8 num_reports = skb->data[0];
3996 void *ptr = &skb->data[1];
9aa04c91 3997
a4790dbd
AG		 3998 hci_dev_lock(hdev);
3999
e95beb41
AG		 4000 while (num_reports--) {
4001 struct hci_ev_le_advertising_info *ev = ptr;
4af605d8 4002 s8 rssi;
a4790dbd 4003
3c9e9195 4004 rssi = ev->data[ev->length];
4af605d8
JH		 4005 process_adv_report(hdev, ev->evt_type, &ev->bdaddr,
4006 ev->bdaddr_type, rssi, ev->data, ev->length);
3c9e9195 4007
e95beb41 4008 ptr += sizeof(*ev) + ev->length + 1;
9aa04c91 4009 }
a4790dbd
AG		 4010
4011 hci_dev_unlock(hdev);
9aa04c91
AG		 4012}
4013
6039aa73 4014static void hci_le_ltk_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
a7a595f6
VCG		 4015{
4016 struct hci_ev_le_ltk_req *ev = (void *) skb->data;
4017 struct hci_cp_le_ltk_reply cp;
bea710fe 4018 struct hci_cp_le_ltk_neg_reply neg;
a7a595f6 4019 struct hci_conn *conn;
c9839a11 4020 struct smp_ltk *ltk;
a7a595f6 4021
9f1db00c 4022 BT_DBG("%s handle 0x%4.4x", hdev->name, __le16_to_cpu(ev->handle));
a7a595f6
VCG		 4023
4024 hci_dev_lock(hdev);
4025
4026 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
bea710fe
VCG		 4027 if (conn == NULL)
4028 goto not_found;
a7a595f6 4029
fe39c7b2 4030 ltk = hci_find_ltk(hdev, ev->ediv, ev->rand, conn->out);
bea710fe
VCG		 4031 if (ltk == NULL)
4032 goto not_found;
4033
4034 memcpy(cp.ltk, ltk->val, sizeof(ltk->val));
a7a595f6 4035 cp.handle = cpu_to_le16(conn->handle);
c9839a11
VCG		 4036
4037 if (ltk->authenticated)
f8776218
AG		 4038 conn->pending_sec_level = BT_SECURITY_HIGH;
4039 else
4040 conn->pending_sec_level = BT_SECURITY_MEDIUM;
a7a595f6 4041
89cbb4da 4042 conn->enc_key_size = ltk->enc_size;
a7a595f6
VCG		 4043
4044 hci_send_cmd(hdev, HCI_OP_LE_LTK_REPLY, sizeof(cp), &cp);
4045
5981a882
CT		 4046 /* Ref. Bluetooth Core SPEC pages 1975 and 2004. STK is a
4047 * temporary key used to encrypt a connection following
4048 * pairing. It is used during the Encrypted Session Setup to
4049 * distribute the keys. Later, security can be re-established
4050 * using a distributed LTK.
4051 */
4052 if (ltk->type == HCI_SMP_STK_SLAVE) {
c9839a11
VCG		 4053 list_del(&ltk->list);
4054 kfree(ltk);
4055 }
4056
a7a595f6 4057 hci_dev_unlock(hdev);
bea710fe
VCG		 4058
4059 return;
4060
4061not_found:
4062 neg.handle = ev->handle;
4063 hci_send_cmd(hdev, HCI_OP_LE_LTK_NEG_REPLY, sizeof(neg), &neg);
4064 hci_dev_unlock(hdev);
a7a595f6
VCG		 4065}
4066
6039aa73 4067static void hci_le_meta_evt(struct hci_dev *hdev, struct sk_buff *skb)
fcd89c09
VT		 4068{
4069 struct hci_ev_le_meta *le_ev = (void *) skb->data;
4070
4071 skb_pull(skb, sizeof(*le_ev));
4072
4073 switch (le_ev->subevent) {
4074 case HCI_EV_LE_CONN_COMPLETE:
4075 hci_le_conn_complete_evt(hdev, skb);
4076 break;
4077
9aa04c91
AG		 4078 case HCI_EV_LE_ADVERTISING_REPORT:
4079 hci_le_adv_report_evt(hdev, skb);
4080 break;
4081
a7a595f6
VCG		 4082 case HCI_EV_LE_LTK_REQ:
4083 hci_le_ltk_request_evt(hdev, skb);
4084 break;
4085
fcd89c09
VT		 4086 default:
4087 break;
4088 }
4089}
4090
9495b2ee
AE		 4091static void hci_chan_selected_evt(struct hci_dev *hdev, struct sk_buff *skb)
4092{
4093 struct hci_ev_channel_selected *ev = (void *) skb->data;
4094 struct hci_conn *hcon;
4095
4096 BT_DBG("%s handle 0x%2.2x", hdev->name, ev->phy_handle);
4097
4098 skb_pull(skb, sizeof(*ev));
4099
4100 hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
4101 if (!hcon)
4102 return;
4103
4104 amp_read_loc_assoc_final_data(hdev, hcon);
4105}
4106
a9de9248
MH		 4107void hci_event_packet(struct hci_dev *hdev, struct sk_buff *skb)
4108{
4109 struct hci_event_hdr *hdr = (void *) skb->data;
4110 __u8 event = hdr->evt;
4111
b6ddb638
JH		 4112 hci_dev_lock(hdev);
4113
4114 /* Received events are (currently) only needed when a request is
4115 * ongoing so avoid unnecessary memory allocation.
4116 */
4117 if (hdev->req_status == HCI_REQ_PEND) {
4118 kfree_skb(hdev->recv_evt);
4119 hdev->recv_evt = skb_clone(skb, GFP_KERNEL);
4120 }
4121
4122 hci_dev_unlock(hdev);
4123
a9de9248
MH		 4124 skb_pull(skb, HCI_EVENT_HDR_SIZE);
4125
02350a72 4126 if (hdev->sent_cmd && bt_cb(hdev->sent_cmd)->req.event == event) {
c1f23a2b
JB		 4127 struct hci_command_hdr *cmd_hdr = (void *) hdev->sent_cmd->data;
4128 u16 opcode = __le16_to_cpu(cmd_hdr->opcode);
02350a72
JH		 4129
4130 hci_req_cmd_complete(hdev, opcode, 0);
4131 }
4132
a9de9248 4133 switch (event) {
1da177e4
LT		 4134 case HCI_EV_INQUIRY_COMPLETE:
4135 hci_inquiry_complete_evt(hdev, skb);
4136 break;
4137
4138 case HCI_EV_INQUIRY_RESULT:
4139 hci_inquiry_result_evt(hdev, skb);
4140 break;
4141
a9de9248
MH		 4142 case HCI_EV_CONN_COMPLETE:
4143 hci_conn_complete_evt(hdev, skb);
21d9e30e
MH		 4144 break;
4145
1da177e4
LT		 4146 case HCI_EV_CONN_REQUEST:
4147 hci_conn_request_evt(hdev, skb);
4148 break;
4149
1da177e4
LT		 4150 case HCI_EV_DISCONN_COMPLETE:
4151 hci_disconn_complete_evt(hdev, skb);
4152 break;
4153
1da177e4
LT		 4154 case HCI_EV_AUTH_COMPLETE:
4155 hci_auth_complete_evt(hdev, skb);
4156 break;
4157
a9de9248
MH		 4158 case HCI_EV_REMOTE_NAME:
4159 hci_remote_name_evt(hdev, skb);
4160 break;
4161
1da177e4
LT		 4162 case HCI_EV_ENCRYPT_CHANGE:
4163 hci_encrypt_change_evt(hdev, skb);
4164 break;
4165
a9de9248
MH		 4166 case HCI_EV_CHANGE_LINK_KEY_COMPLETE:
4167 hci_change_link_key_complete_evt(hdev, skb);
4168 break;
4169
4170 case HCI_EV_REMOTE_FEATURES:
4171 hci_remote_features_evt(hdev, skb);
4172 break;
4173
a9de9248
MH		 4174 case HCI_EV_CMD_COMPLETE:
4175 hci_cmd_complete_evt(hdev, skb);
4176 break;
4177
4178 case HCI_EV_CMD_STATUS:
4179 hci_cmd_status_evt(hdev, skb);
4180 break;
4181
4182 case HCI_EV_ROLE_CHANGE:
4183 hci_role_change_evt(hdev, skb);
4184 break;
4185
4186 case HCI_EV_NUM_COMP_PKTS:
4187 hci_num_comp_pkts_evt(hdev, skb);
4188 break;
4189
4190 case HCI_EV_MODE_CHANGE:
4191 hci_mode_change_evt(hdev, skb);
1da177e4
LT		 4192 break;
4193
4194 case HCI_EV_PIN_CODE_REQ:
4195 hci_pin_code_request_evt(hdev, skb);
4196 break;
4197
4198 case HCI_EV_LINK_KEY_REQ:
4199 hci_link_key_request_evt(hdev, skb);
4200 break;
4201
4202 case HCI_EV_LINK_KEY_NOTIFY:
4203 hci_link_key_notify_evt(hdev, skb);
4204 break;
4205
4206 case HCI_EV_CLOCK_OFFSET:
4207 hci_clock_offset_evt(hdev, skb);
4208 break;
4209
a8746417
MH		 4210 case HCI_EV_PKT_TYPE_CHANGE:
4211 hci_pkt_type_change_evt(hdev, skb);
4212 break;
4213
85a1e930
MH		 4214 case HCI_EV_PSCAN_REP_MODE:
4215 hci_pscan_rep_mode_evt(hdev, skb);
4216 break;
4217
a9de9248
MH		 4218 case HCI_EV_INQUIRY_RESULT_WITH_RSSI:
4219 hci_inquiry_result_with_rssi_evt(hdev, skb);
04837f64
MH		 4220 break;
4221
a9de9248
MH		 4222 case HCI_EV_REMOTE_EXT_FEATURES:
4223 hci_remote_ext_features_evt(hdev, skb);
1da177e4
LT		 4224 break;
4225
a9de9248
MH		 4226 case HCI_EV_SYNC_CONN_COMPLETE:
4227 hci_sync_conn_complete_evt(hdev, skb);
4228 break;
1da177e4 4229
a9de9248
MH		 4230 case HCI_EV_EXTENDED_INQUIRY_RESULT:
4231 hci_extended_inquiry_result_evt(hdev, skb);
4232 break;
1da177e4 4233
1c2e0041
JH		 4234 case HCI_EV_KEY_REFRESH_COMPLETE:
4235 hci_key_refresh_complete_evt(hdev, skb);
4236 break;
4237
0493684e
MH		 4238 case HCI_EV_IO_CAPA_REQUEST:
4239 hci_io_capa_request_evt(hdev, skb);
4240 break;
4241
03b555e1
JH		 4242 case HCI_EV_IO_CAPA_REPLY:
4243 hci_io_capa_reply_evt(hdev, skb);
4244 break;
4245
a5c29683
JH		 4246 case HCI_EV_USER_CONFIRM_REQUEST:
4247 hci_user_confirm_request_evt(hdev, skb);
4248 break;
4249
1143d458
BG		 4250 case HCI_EV_USER_PASSKEY_REQUEST:
4251 hci_user_passkey_request_evt(hdev, skb);
4252 break;
4253
92a25256
JH		 4254 case HCI_EV_USER_PASSKEY_NOTIFY:
4255 hci_user_passkey_notify_evt(hdev, skb);
4256 break;
4257
4258 case HCI_EV_KEYPRESS_NOTIFY:
4259 hci_keypress_notify_evt(hdev, skb);
4260 break;
4261
0493684e
MH		 4262 case HCI_EV_SIMPLE_PAIR_COMPLETE:
4263 hci_simple_pair_complete_evt(hdev, skb);
4264 break;
4265
41a96212
MH		 4266 case HCI_EV_REMOTE_HOST_FEATURES:
4267 hci_remote_host_features_evt(hdev, skb);
4268 break;
4269
fcd89c09
VT		 4270 case HCI_EV_LE_META:
4271 hci_le_meta_evt(hdev, skb);
4272 break;
4273
9495b2ee
AE		 4274 case HCI_EV_CHANNEL_SELECTED:
4275 hci_chan_selected_evt(hdev, skb);
4276 break;
4277
2763eda6
SJ		 4278 case HCI_EV_REMOTE_OOB_DATA_REQUEST:
4279 hci_remote_oob_data_request_evt(hdev, skb);
4280 break;
4281
d5e91192
AE		 4282 case HCI_EV_PHY_LINK_COMPLETE:
4283 hci_phy_link_complete_evt(hdev, skb);
4284 break;
4285
27695fb4
AE		 4286 case HCI_EV_LOGICAL_LINK_COMPLETE:
4287 hci_loglink_complete_evt(hdev, skb);
4288 break;
4289
606e2a10
AE		 4290 case HCI_EV_DISCONN_LOGICAL_LINK_COMPLETE:
4291 hci_disconn_loglink_complete_evt(hdev, skb);
4292 break;
4293
9eef6b3a
AE		 4294 case HCI_EV_DISCONN_PHY_LINK_COMPLETE:
4295 hci_disconn_phylink_complete_evt(hdev, skb);
4296 break;
4297
25e89e99
AE		 4298 case HCI_EV_NUM_COMP_BLOCKS:
4299 hci_num_comp_blocks_evt(hdev, skb);
4300 break;
4301
a9de9248 4302 default:
9f1db00c 4303 BT_DBG("%s event 0x%2.2x", hdev->name, event);
1da177e4
LT		 4304 break;
4305 }
4306
4307 kfree_skb(skb);
4308 hdev->stat.evt_rx++;
4309}
ubuntu-bionic-kernel mirror