]> git.proxmox.com Git - mirror_ubuntu-bionic-kernel.git/blame - net/bluetooth/hci_event.c
projects / mirror_ubuntu-bionic-kernel.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Bluetooth: Fix incorrectly setting HCI_CONNECTABLE
[mirror_ubuntu-bionic-kernel.git] / net / bluetooth / hci_event.c
CommitLineData
8e87d142 1/*
1da177e4 2 BlueZ - Bluetooth protocol stack for Linux
2d0a0346 3 Copyright (c) 2000-2001, 2010, Code Aurora Forum. All rights reserved.
1da177e4
LT		 4
5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
8e87d142
YH		 15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
1da177e4
LT		 18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
8e87d142
YH		 20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
1da177e4
LT		 22 SOFTWARE IS DISCLAIMED.
23*/
24
25/* Bluetooth HCI event handling. */
26
1da177e4
LT		 27#include <asm/unaligned.h>
28
29#include <net/bluetooth/bluetooth.h>
30#include <net/bluetooth/hci_core.h>
f0d6a0ea 31#include <net/bluetooth/mgmt.h>
7ef9fbf0 32
7024728e 33#include "a2mp.h"
7ef9fbf0 34#include "amp.h"
2ceba539 35#include "smp.h"
1da177e4 36
1da177e4
LT		 37/* Handle HCI Event packets */
38
a9de9248 39static void hci_cc_inquiry_cancel(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 40{
a9de9248 41 __u8 status = *((__u8 *) skb->data);
1da177e4 42
9f1db00c 43 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1da177e4 44
82f4785c 45 if (status)
a9de9248 46 return;
1da177e4 47
89352e7d 48 clear_bit(HCI_INQUIRY, &hdev->flags);
4e857c58 49 smp_mb__after_atomic(); /* wake_up_bit advises about this barrier */
3e13fa1e 50 wake_up_bit(&hdev->flags, HCI_INQUIRY);
89352e7d 51
50143a43
JH		 52 hci_dev_lock(hdev);
53 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
54 hci_dev_unlock(hdev);
55
a9de9248
MH		 56 hci_conn_check_pending(hdev);
57}
6bd57416 58
4d93483b
AG		 59static void hci_cc_periodic_inq(struct hci_dev *hdev, struct sk_buff *skb)
60{
61 __u8 status = *((__u8 *) skb->data);
62
9f1db00c 63 BT_DBG("%s status 0x%2.2x", hdev->name, status);
ae854a70
AG		 64
65 if (status)
66 return;
67
68 set_bit(HCI_PERIODIC_INQ, &hdev->dev_flags);
4d93483b
AG		 69}
70
a9de9248
MH		 71static void hci_cc_exit_periodic_inq(struct hci_dev *hdev, struct sk_buff *skb)
72{
73 __u8 status = *((__u8 *) skb->data);
6bd57416 74
9f1db00c 75 BT_DBG("%s status 0x%2.2x", hdev->name, status);
6bd57416 76
a9de9248
MH		 77 if (status)
78 return;
1da177e4 79
ae854a70
AG		 80 clear_bit(HCI_PERIODIC_INQ, &hdev->dev_flags);
81
a9de9248
MH		 82 hci_conn_check_pending(hdev);
83}
84
807deac2
GP		 85static void hci_cc_remote_name_req_cancel(struct hci_dev *hdev,
86 struct sk_buff *skb)
a9de9248
MH		 87{
88 BT_DBG("%s", hdev->name);
89}
90
91static void hci_cc_role_discovery(struct hci_dev *hdev, struct sk_buff *skb)
92{
93 struct hci_rp_role_discovery *rp = (void *) skb->data;
94 struct hci_conn *conn;
95
9f1db00c 96 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
a9de9248
MH		 97
98 if (rp->status)
99 return;
100
101 hci_dev_lock(hdev);
102
103 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
104 if (conn) {
105 if (rp->role)
4dae2798 106 clear_bit(HCI_CONN_MASTER, &conn->flags);
a9de9248 107 else
4dae2798 108 set_bit(HCI_CONN_MASTER, &conn->flags);
1da177e4 109 }
a9de9248
MH		 110
111 hci_dev_unlock(hdev);
1da177e4
LT		 112}
113
e4e8e37c
MH		 114static void hci_cc_read_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
115{
116 struct hci_rp_read_link_policy *rp = (void *) skb->data;
117 struct hci_conn *conn;
118
9f1db00c 119 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
e4e8e37c
MH		 120
121 if (rp->status)
122 return;
123
124 hci_dev_lock(hdev);
125
126 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
127 if (conn)
128 conn->link_policy = __le16_to_cpu(rp->policy);
129
130 hci_dev_unlock(hdev);
131}
132
a9de9248 133static void hci_cc_write_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 134{
a9de9248 135 struct hci_rp_write_link_policy *rp = (void *) skb->data;
1da177e4 136 struct hci_conn *conn;
04837f64 137 void *sent;
1da177e4 138
9f1db00c 139 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1da177e4 140
a9de9248
MH		 141 if (rp->status)
142 return;
1da177e4 143
a9de9248
MH		 144 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LINK_POLICY);
145 if (!sent)
146 return;
1da177e4 147
a9de9248 148 hci_dev_lock(hdev);
1da177e4 149
a9de9248 150 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
e4e8e37c 151 if (conn)
83985319 152 conn->link_policy = get_unaligned_le16(sent + 2);
1da177e4 153
a9de9248
MH		 154 hci_dev_unlock(hdev);
155}
1da177e4 156
807deac2
GP		 157static void hci_cc_read_def_link_policy(struct hci_dev *hdev,
158 struct sk_buff *skb)
e4e8e37c
MH		 159{
160 struct hci_rp_read_def_link_policy *rp = (void *) skb->data;
161
9f1db00c 162 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
e4e8e37c
MH		 163
164 if (rp->status)
165 return;
166
167 hdev->link_policy = __le16_to_cpu(rp->policy);
168}
169
807deac2
GP		 170static void hci_cc_write_def_link_policy(struct hci_dev *hdev,
171 struct sk_buff *skb)
e4e8e37c
MH		 172{
173 __u8 status = *((__u8 *) skb->data);
174 void *sent;
175
9f1db00c 176 BT_DBG("%s status 0x%2.2x", hdev->name, status);
e4e8e37c 177
45296acd
MH		 178 if (status)
179 return;
180
e4e8e37c
MH		 181 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_DEF_LINK_POLICY);
182 if (!sent)
183 return;
184
45296acd 185 hdev->link_policy = get_unaligned_le16(sent);
e4e8e37c
MH		 186}
187
a9de9248
MH		 188static void hci_cc_reset(struct hci_dev *hdev, struct sk_buff *skb)
189{
190 __u8 status = *((__u8 *) skb->data);
04837f64 191
9f1db00c 192 BT_DBG("%s status 0x%2.2x", hdev->name, status);
04837f64 193
10572132
GP		 194 clear_bit(HCI_RESET, &hdev->flags);
195
a297e97c 196 /* Reset all non-persistent flags */
2cc6fb00 197 hdev->dev_flags &= ~HCI_PERSISTENT_MASK;
69775ff6
AG		 198
199 hdev->discovery.state = DISCOVERY_STOPPED;
bbaf444a
JH		 200 hdev->inq_tx_power = HCI_TX_POWER_INVALID;
201 hdev->adv_tx_power = HCI_TX_POWER_INVALID;
3f0f524b
JH		 202
203 memset(hdev->adv_data, 0, sizeof(hdev->adv_data));
204 hdev->adv_data_len = 0;
f8e808bd
MH		 205
206 memset(hdev->scan_rsp_data, 0, sizeof(hdev->scan_rsp_data));
207 hdev->scan_rsp_data_len = 0;
06f5b778 208
533553f8
MH		 209 hdev->le_scan_type = LE_SCAN_PASSIVE;
210
06f5b778 211 hdev->ssp_debug_mode = 0;
a9de9248 212}
04837f64 213
a9de9248
MH		 214static void hci_cc_write_local_name(struct hci_dev *hdev, struct sk_buff *skb)
215{
216 __u8 status = *((__u8 *) skb->data);
217 void *sent;
04837f64 218
9f1db00c 219 BT_DBG("%s status 0x%2.2x", hdev->name, status);
04837f64 220
a9de9248
MH		 221 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LOCAL_NAME);
222 if (!sent)
223 return;
04837f64 224
56e5cb86
JH		 225 hci_dev_lock(hdev);
226
f51d5b24
JH		 227 if (test_bit(HCI_MGMT, &hdev->dev_flags))
228 mgmt_set_local_name_complete(hdev, sent, status);
28cc7bde
JH		 229 else if (!status)
230 memcpy(hdev->dev_name, sent, HCI_MAX_NAME_LENGTH);
f51d5b24 231
56e5cb86 232 hci_dev_unlock(hdev);
a9de9248
MH		 233}
234
235static void hci_cc_read_local_name(struct hci_dev *hdev, struct sk_buff *skb)
236{
237 struct hci_rp_read_local_name *rp = (void *) skb->data;
238
9f1db00c 239 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
a9de9248
MH		 240
241 if (rp->status)
242 return;
243
db99b5fc
JH		 244 if (test_bit(HCI_SETUP, &hdev->dev_flags))
245 memcpy(hdev->dev_name, rp->name, HCI_MAX_NAME_LENGTH);
a9de9248
MH		 246}
247
248static void hci_cc_write_auth_enable(struct hci_dev *hdev, struct sk_buff *skb)
249{
250 __u8 status = *((__u8 *) skb->data);
251 void *sent;
252
9f1db00c 253 BT_DBG("%s status 0x%2.2x", hdev->name, status);
a9de9248
MH		 254
255 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_AUTH_ENABLE);
256 if (!sent)
257 return;
258
259 if (!status) {
260 __u8 param = *((__u8 *) sent);
261
262 if (param == AUTH_ENABLED)
263 set_bit(HCI_AUTH, &hdev->flags);
264 else
265 clear_bit(HCI_AUTH, &hdev->flags);
1da177e4 266 }
a9de9248 267
33ef95ed
JH		 268 if (test_bit(HCI_MGMT, &hdev->dev_flags))
269 mgmt_auth_enable_complete(hdev, status);
1da177e4
LT		 270}
271
a9de9248 272static void hci_cc_write_encrypt_mode(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 273{
a9de9248 274 __u8 status = *((__u8 *) skb->data);
45296acd 275 __u8 param;
1da177e4
LT		 276 void *sent;
277
9f1db00c 278 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1da177e4 279
45296acd
MH		 280 if (status)
281 return;
282
a9de9248
MH		 283 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_ENCRYPT_MODE);
284 if (!sent)
285 return;
1da177e4 286
45296acd 287 param = *((__u8 *) sent);
a9de9248 288
45296acd
MH		 289 if (param)
290 set_bit(HCI_ENCRYPT, &hdev->flags);
291 else
292 clear_bit(HCI_ENCRYPT, &hdev->flags);
a9de9248 293}
1da177e4 294
a9de9248
MH		 295static void hci_cc_write_scan_enable(struct hci_dev *hdev, struct sk_buff *skb)
296{
45296acd
MH		 297 __u8 status = *((__u8 *) skb->data);
298 __u8 param;
36f7fc7e 299 int old_pscan, old_iscan;
a9de9248 300 void *sent;
1da177e4 301
9f1db00c 302 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1da177e4 303
a9de9248
MH		 304 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SCAN_ENABLE);
305 if (!sent)
306 return;
1da177e4 307
36f7fc7e
JH		 308 param = *((__u8 *) sent);
309
56e5cb86
JH		 310 hci_dev_lock(hdev);
311
fa1bd918 312 if (status) {
744cf19e 313 mgmt_write_scan_failed(hdev, param, status);
2d7cee58
JH		 314 hdev->discov_timeout = 0;
315 goto done;
316 }
317
0663ca2a
JH		 318 /* We need to ensure that we set this back on if someone changed
319 * the scan mode through a raw HCI socket.
320 */
321 set_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
322
36f7fc7e
JH		 323 old_pscan = test_and_clear_bit(HCI_PSCAN, &hdev->flags);
324 old_iscan = test_and_clear_bit(HCI_ISCAN, &hdev->flags);
325
326 if (param & SCAN_INQUIRY) {
327 set_bit(HCI_ISCAN, &hdev->flags);
328 if (!old_iscan)
744cf19e 329 mgmt_discoverable(hdev, 1);
36f7fc7e 330 } else if (old_iscan)
744cf19e 331 mgmt_discoverable(hdev, 0);
36f7fc7e
JH		 332
333 if (param & SCAN_PAGE) {
334 set_bit(HCI_PSCAN, &hdev->flags);
335 if (!old_pscan)
744cf19e 336 mgmt_connectable(hdev, 1);
36f7fc7e 337 } else if (old_pscan)
744cf19e 338 mgmt_connectable(hdev, 0);
1da177e4 339
36f7fc7e 340done:
56e5cb86 341 hci_dev_unlock(hdev);
a9de9248 342}
1da177e4 343
a9de9248
MH		 344static void hci_cc_read_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
345{
346 struct hci_rp_read_class_of_dev *rp = (void *) skb->data;
1da177e4 347
9f1db00c 348 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1da177e4 349
a9de9248
MH		 350 if (rp->status)
351 return;
1da177e4 352
a9de9248 353 memcpy(hdev->dev_class, rp->dev_class, 3);
1da177e4 354
a9de9248 355 BT_DBG("%s class 0x%.2x%.2x%.2x", hdev->name,
807deac2 356 hdev->dev_class[2], hdev->dev_class[1], hdev->dev_class[0]);
a9de9248 357}
1da177e4 358
a9de9248
MH		 359static void hci_cc_write_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
360{
361 __u8 status = *((__u8 *) skb->data);
362 void *sent;
1da177e4 363
9f1db00c 364 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1da177e4 365
a9de9248
MH		 366 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_CLASS_OF_DEV);
367 if (!sent)
368 return;
1da177e4 369
7f9a903c
MH		 370 hci_dev_lock(hdev);
371
372 if (status == 0)
373 memcpy(hdev->dev_class, sent, 3);
374
375 if (test_bit(HCI_MGMT, &hdev->dev_flags))
376 mgmt_set_class_of_dev_complete(hdev, sent, status);
377
378 hci_dev_unlock(hdev);
a9de9248 379}
1da177e4 380
a9de9248
MH		 381static void hci_cc_read_voice_setting(struct hci_dev *hdev, struct sk_buff *skb)
382{
383 struct hci_rp_read_voice_setting *rp = (void *) skb->data;
384 __u16 setting;
385
9f1db00c 386 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
a9de9248
MH		 387
388 if (rp->status)
389 return;
390
391 setting = __le16_to_cpu(rp->voice_setting);
392
f383f275 393 if (hdev->voice_setting == setting)
a9de9248
MH		 394 return;
395
396 hdev->voice_setting = setting;
397
9f1db00c 398 BT_DBG("%s voice setting 0x%4.4x", hdev->name, setting);
a9de9248 399
3c54711c 400 if (hdev->notify)
a9de9248 401 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
a9de9248
MH		 402}
403
8fc9ced3
GP		 404static void hci_cc_write_voice_setting(struct hci_dev *hdev,
405 struct sk_buff *skb)
a9de9248
MH		 406{
407 __u8 status = *((__u8 *) skb->data);
f383f275 408 __u16 setting;
a9de9248
MH		 409 void *sent;
410
9f1db00c 411 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1da177e4 412
f383f275
MH		 413 if (status)
414 return;
415
a9de9248
MH		 416 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_VOICE_SETTING);
417 if (!sent)
418 return;
1da177e4 419
f383f275 420 setting = get_unaligned_le16(sent);
1da177e4 421
f383f275
MH		 422 if (hdev->voice_setting == setting)
423 return;
424
425 hdev->voice_setting = setting;
1da177e4 426
9f1db00c 427 BT_DBG("%s voice setting 0x%4.4x", hdev->name, setting);
1da177e4 428
3c54711c 429 if (hdev->notify)
f383f275 430 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
1da177e4
LT		 431}
432
b4cb9fb2
MH		 433static void hci_cc_read_num_supported_iac(struct hci_dev *hdev,
434 struct sk_buff *skb)
435{
436 struct hci_rp_read_num_supported_iac *rp = (void *) skb->data;
437
438 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
439
440 if (rp->status)
441 return;
442
443 hdev->num_iac = rp->num_iac;
444
445 BT_DBG("%s num iac %d", hdev->name, hdev->num_iac);
446}
447
333140b5
MH		 448static void hci_cc_write_ssp_mode(struct hci_dev *hdev, struct sk_buff *skb)
449{
450 __u8 status = *((__u8 *) skb->data);
5ed8eb2f 451 struct hci_cp_write_ssp_mode *sent;
333140b5 452
9f1db00c 453 BT_DBG("%s status 0x%2.2x", hdev->name, status);
333140b5 454
333140b5
MH		 455 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SSP_MODE);
456 if (!sent)
457 return;
458
5ed8eb2f
JH		 459 if (!status) {
460 if (sent->mode)
cad718ed 461 hdev->features[1][0] |= LMP_HOST_SSP;
5ed8eb2f 462 else
cad718ed 463 hdev->features[1][0] &= ~LMP_HOST_SSP;
5ed8eb2f
JH		 464 }
465
ed2c4ee3 466 if (test_bit(HCI_MGMT, &hdev->dev_flags))
5ed8eb2f 467 mgmt_ssp_enable_complete(hdev, sent->mode, status);
c0ecddc2 468 else if (!status) {
5ed8eb2f 469 if (sent->mode)
c0ecddc2
JH		 470 set_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
471 else
472 clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
473 }
333140b5
MH		 474}
475
eac83dc6
MH		 476static void hci_cc_write_sc_support(struct hci_dev *hdev, struct sk_buff *skb)
477{
478 u8 status = *((u8 *) skb->data);
479 struct hci_cp_write_sc_support *sent;
480
481 BT_DBG("%s status 0x%2.2x", hdev->name, status);
482
483 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SC_SUPPORT);
484 if (!sent)
485 return;
486
487 if (!status) {
488 if (sent->support)
489 hdev->features[1][0] |= LMP_HOST_SC;
490 else
491 hdev->features[1][0] &= ~LMP_HOST_SC;
492 }
493
494 if (test_bit(HCI_MGMT, &hdev->dev_flags))
495 mgmt_sc_enable_complete(hdev, sent->support, status);
496 else if (!status) {
497 if (sent->support)
498 set_bit(HCI_SC_ENABLED, &hdev->dev_flags);
499 else
500 clear_bit(HCI_SC_ENABLED, &hdev->dev_flags);
501 }
502}
503
a9de9248
MH		 504static void hci_cc_read_local_version(struct hci_dev *hdev, struct sk_buff *skb)
505{
506 struct hci_rp_read_local_version *rp = (void *) skb->data;
1143e5a6 507
9f1db00c 508 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1143e5a6 509
a9de9248 510 if (rp->status)
42c6b129 511 return;
1143e5a6 512
0d5551f5
MH		 513 if (test_bit(HCI_SETUP, &hdev->dev_flags)) {
514 hdev->hci_ver = rp->hci_ver;
515 hdev->hci_rev = __le16_to_cpu(rp->hci_rev);
516 hdev->lmp_ver = rp->lmp_ver;
517 hdev->manufacturer = __le16_to_cpu(rp->manufacturer);
518 hdev->lmp_subver = __le16_to_cpu(rp->lmp_subver);
519 }
d5859e22
JH		 520}
521
8fc9ced3
GP		 522static void hci_cc_read_local_commands(struct hci_dev *hdev,
523 struct sk_buff *skb)
a9de9248
MH		 524{
525 struct hci_rp_read_local_commands *rp = (void *) skb->data;
1da177e4 526
9f1db00c 527 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1da177e4 528
6a070e6e
MH		 529 if (rp->status)
530 return;
531
532 if (test_bit(HCI_SETUP, &hdev->dev_flags))
2177bab5 533 memcpy(hdev->commands, rp->commands, sizeof(hdev->commands));
a9de9248 534}
1da177e4 535
8fc9ced3
GP		 536static void hci_cc_read_local_features(struct hci_dev *hdev,
537 struct sk_buff *skb)
a9de9248
MH		 538{
539 struct hci_rp_read_local_features *rp = (void *) skb->data;
5b7f9909 540
9f1db00c 541 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1da177e4 542
a9de9248
MH		 543 if (rp->status)
544 return;
5b7f9909 545
a9de9248 546 memcpy(hdev->features, rp->features, 8);
5b7f9909 547
a9de9248
MH		 548 /* Adjust default settings according to features
549 * supported by device. */
1da177e4 550
cad718ed 551 if (hdev->features[0][0] & LMP_3SLOT)
a9de9248 552 hdev->pkt_type |= (HCI_DM3 | HCI_DH3);
1da177e4 553
cad718ed 554 if (hdev->features[0][0] & LMP_5SLOT)
a9de9248 555 hdev->pkt_type |= (HCI_DM5 | HCI_DH5);
1da177e4 556
cad718ed 557 if (hdev->features[0][1] & LMP_HV2) {
a9de9248
MH		 558 hdev->pkt_type |= (HCI_HV2);
559 hdev->esco_type |= (ESCO_HV2);
560 }
1da177e4 561
cad718ed 562 if (hdev->features[0][1] & LMP_HV3) {
a9de9248
MH		 563 hdev->pkt_type |= (HCI_HV3);
564 hdev->esco_type |= (ESCO_HV3);
565 }
1da177e4 566
45db810f 567 if (lmp_esco_capable(hdev))
a9de9248 568 hdev->esco_type |= (ESCO_EV3);
da1f5198 569
cad718ed 570 if (hdev->features[0][4] & LMP_EV4)
a9de9248 571 hdev->esco_type |= (ESCO_EV4);
da1f5198 572
cad718ed 573 if (hdev->features[0][4] & LMP_EV5)
a9de9248 574 hdev->esco_type |= (ESCO_EV5);
1da177e4 575
cad718ed 576 if (hdev->features[0][5] & LMP_EDR_ESCO_2M)
efc7688b
MH		 577 hdev->esco_type |= (ESCO_2EV3);
578
cad718ed 579 if (hdev->features[0][5] & LMP_EDR_ESCO_3M)
efc7688b
MH		 580 hdev->esco_type |= (ESCO_3EV3);
581
cad718ed 582 if (hdev->features[0][5] & LMP_EDR_3S_ESCO)
efc7688b 583 hdev->esco_type |= (ESCO_2EV5 | ESCO_3EV5);
a9de9248 584}
1da177e4 585
971e3a4b 586static void hci_cc_read_local_ext_features(struct hci_dev *hdev,
807deac2 587 struct sk_buff *skb)
971e3a4b
AG		 588{
589 struct hci_rp_read_local_ext_features *rp = (void *) skb->data;
590
9f1db00c 591 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
971e3a4b
AG		 592
593 if (rp->status)
42c6b129 594 return;
971e3a4b 595
57af75a8
MH		 596 if (hdev->max_page < rp->max_page)
597 hdev->max_page = rp->max_page;
d2c5d77f 598
cad718ed
JH		 599 if (rp->page < HCI_MAX_PAGES)
600 memcpy(hdev->features[rp->page], rp->features, 8);
971e3a4b
AG		 601}
602
1e89cffb 603static void hci_cc_read_flow_control_mode(struct hci_dev *hdev,
807deac2 604 struct sk_buff *skb)
1e89cffb
AE		 605{
606 struct hci_rp_read_flow_control_mode *rp = (void *) skb->data;
607
9f1db00c 608 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1e89cffb 609
45296acd
MH		 610 if (rp->status)
611 return;
612
613 hdev->flow_ctl_mode = rp->mode;
1e89cffb
AE		 614}
615
a9de9248
MH		 616static void hci_cc_read_buffer_size(struct hci_dev *hdev, struct sk_buff *skb)
617{
618 struct hci_rp_read_buffer_size *rp = (void *) skb->data;
1da177e4 619
9f1db00c 620 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1da177e4 621
a9de9248
MH		 622 if (rp->status)
623 return;
1da177e4 624
a9de9248
MH		 625 hdev->acl_mtu = __le16_to_cpu(rp->acl_mtu);
626 hdev->sco_mtu = rp->sco_mtu;
627 hdev->acl_pkts = __le16_to_cpu(rp->acl_max_pkt);
628 hdev->sco_pkts = __le16_to_cpu(rp->sco_max_pkt);
629
630 if (test_bit(HCI_QUIRK_FIXUP_BUFFER_SIZE, &hdev->quirks)) {
631 hdev->sco_mtu = 64;
632 hdev->sco_pkts = 8;
1da177e4 633 }
a9de9248
MH		 634
635 hdev->acl_cnt = hdev->acl_pkts;
636 hdev->sco_cnt = hdev->sco_pkts;
637
807deac2
GP		 638 BT_DBG("%s acl mtu %d:%d sco mtu %d:%d", hdev->name, hdev->acl_mtu,
639 hdev->acl_pkts, hdev->sco_mtu, hdev->sco_pkts);
a9de9248
MH		 640}
641
642static void hci_cc_read_bd_addr(struct hci_dev *hdev, struct sk_buff *skb)
643{
644 struct hci_rp_read_bd_addr *rp = (void *) skb->data;
645
9f1db00c 646 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
a9de9248 647
e30d3f5f
MH		 648 if (rp->status)
649 return;
650
651 if (test_bit(HCI_INIT, &hdev->flags))
a9de9248 652 bacpy(&hdev->bdaddr, &rp->bdaddr);
e30d3f5f
MH		 653
654 if (test_bit(HCI_SETUP, &hdev->dev_flags))
655 bacpy(&hdev->setup_addr, &rp->bdaddr);
23bb5763
JH		 656}
657
f332ec66
JH		 658static void hci_cc_read_page_scan_activity(struct hci_dev *hdev,
659 struct sk_buff *skb)
660{
661 struct hci_rp_read_page_scan_activity *rp = (void *) skb->data;
662
663 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
664
45296acd
MH		 665 if (rp->status)
666 return;
667
668 if (test_bit(HCI_INIT, &hdev->flags)) {
f332ec66
JH		 669 hdev->page_scan_interval = __le16_to_cpu(rp->interval);
670 hdev->page_scan_window = __le16_to_cpu(rp->window);
671 }
672}
673
4a3ee763
JH		 674static void hci_cc_write_page_scan_activity(struct hci_dev *hdev,
675 struct sk_buff *skb)
676{
677 u8 status = *((u8 *) skb->data);
678 struct hci_cp_write_page_scan_activity *sent;
679
680 BT_DBG("%s status 0x%2.2x", hdev->name, status);
681
682 if (status)
683 return;
684
685 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY);
686 if (!sent)
687 return;
688
689 hdev->page_scan_interval = __le16_to_cpu(sent->interval);
690 hdev->page_scan_window = __le16_to_cpu(sent->window);
691}
692
f332ec66
JH		 693static void hci_cc_read_page_scan_type(struct hci_dev *hdev,
694 struct sk_buff *skb)
695{
696 struct hci_rp_read_page_scan_type *rp = (void *) skb->data;
697
698 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
699
45296acd
MH		 700 if (rp->status)
701 return;
702
703 if (test_bit(HCI_INIT, &hdev->flags))
f332ec66
JH		 704 hdev->page_scan_type = rp->type;
705}
706
4a3ee763
JH		 707static void hci_cc_write_page_scan_type(struct hci_dev *hdev,
708 struct sk_buff *skb)
709{
710 u8 status = *((u8 *) skb->data);
711 u8 *type;
712
713 BT_DBG("%s status 0x%2.2x", hdev->name, status);
714
715 if (status)
716 return;
717
718 type = hci_sent_cmd_data(hdev, HCI_OP_WRITE_PAGE_SCAN_TYPE);
719 if (type)
720 hdev->page_scan_type = *type;
721}
722
350ee4cf 723static void hci_cc_read_data_block_size(struct hci_dev *hdev,
807deac2 724 struct sk_buff *skb)
350ee4cf
AE		 725{
726 struct hci_rp_read_data_block_size *rp = (void *) skb->data;
727
9f1db00c 728 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
350ee4cf
AE		 729
730 if (rp->status)
731 return;
732
733 hdev->block_mtu = __le16_to_cpu(rp->max_acl_len);
734 hdev->block_len = __le16_to_cpu(rp->block_len);
735 hdev->num_blocks = __le16_to_cpu(rp->num_blocks);
736
737 hdev->block_cnt = hdev->num_blocks;
738
739 BT_DBG("%s blk mtu %d cnt %d len %d", hdev->name, hdev->block_mtu,
807deac2 740 hdev->block_cnt, hdev->block_len);
350ee4cf
AE		 741}
742
33f35721
JH		 743static void hci_cc_read_clock(struct hci_dev *hdev, struct sk_buff *skb)
744{
745 struct hci_rp_read_clock *rp = (void *) skb->data;
746 struct hci_cp_read_clock *cp;
747 struct hci_conn *conn;
748
749 BT_DBG("%s", hdev->name);
750
751 if (skb->len < sizeof(*rp))
752 return;
753
754 if (rp->status)
755 return;
756
757 hci_dev_lock(hdev);
758
759 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_CLOCK);
760 if (!cp)
761 goto unlock;
762
763 if (cp->which == 0x00) {
764 hdev->clock = le32_to_cpu(rp->clock);
765 goto unlock;
766 }
767
768 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
769 if (conn) {
770 conn->clock = le32_to_cpu(rp->clock);
771 conn->clock_accuracy = le16_to_cpu(rp->accuracy);
772 }
773
774unlock:
775 hci_dev_unlock(hdev);
776}
777
928abaa7 778static void hci_cc_read_local_amp_info(struct hci_dev *hdev,
807deac2 779 struct sk_buff *skb)
928abaa7
AE		 780{
781 struct hci_rp_read_local_amp_info *rp = (void *) skb->data;
782
9f1db00c 783 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
928abaa7
AE		 784
785 if (rp->status)
8e2a0d92 786 goto a2mp_rsp;
928abaa7
AE		 787
788 hdev->amp_status = rp->amp_status;
789 hdev->amp_total_bw = __le32_to_cpu(rp->total_bw);
790 hdev->amp_max_bw = __le32_to_cpu(rp->max_bw);
791 hdev->amp_min_latency = __le32_to_cpu(rp->min_latency);
792 hdev->amp_max_pdu = __le32_to_cpu(rp->max_pdu);
793 hdev->amp_type = rp->amp_type;
794 hdev->amp_pal_cap = __le16_to_cpu(rp->pal_cap);
795 hdev->amp_assoc_size = __le16_to_cpu(rp->max_assoc_size);
796 hdev->amp_be_flush_to = __le32_to_cpu(rp->be_flush_to);
797 hdev->amp_max_flush_to = __le32_to_cpu(rp->max_flush_to);
798
8e2a0d92
AE		 799a2mp_rsp:
800 a2mp_send_getinfo_rsp(hdev);
928abaa7
AE		 801}
802
903e4541
AE		 803static void hci_cc_read_local_amp_assoc(struct hci_dev *hdev,
804 struct sk_buff *skb)
805{
806 struct hci_rp_read_local_amp_assoc *rp = (void *) skb->data;
807 struct amp_assoc *assoc = &hdev->loc_assoc;
808 size_t rem_len, frag_len;
809
810 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
811
812 if (rp->status)
813 goto a2mp_rsp;
814
815 frag_len = skb->len - sizeof(*rp);
816 rem_len = __le16_to_cpu(rp->rem_len);
817
818 if (rem_len > frag_len) {
2e430be3 819 BT_DBG("frag_len %zu rem_len %zu", frag_len, rem_len);
903e4541
AE		 820
821 memcpy(assoc->data + assoc->offset, rp->frag, frag_len);
822 assoc->offset += frag_len;
823
824 /* Read other fragments */
825 amp_read_loc_assoc_frag(hdev, rp->phy_handle);
826
827 return;
828 }
829
830 memcpy(assoc->data + assoc->offset, rp->frag, rem_len);
831 assoc->len = assoc->offset + rem_len;
832 assoc->offset = 0;
833
834a2mp_rsp:
835 /* Send A2MP Rsp when all fragments are received */
836 a2mp_send_getampassoc_rsp(hdev, rp->status);
9495b2ee 837 a2mp_send_create_phy_link_req(hdev, rp->status);
903e4541
AE		 838}
839
d5859e22 840static void hci_cc_read_inq_rsp_tx_power(struct hci_dev *hdev,
807deac2 841 struct sk_buff *skb)
d5859e22 842{
91c4e9b1 843 struct hci_rp_read_inq_rsp_tx_power *rp = (void *) skb->data;
d5859e22 844
9f1db00c 845 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
91c4e9b1 846
45296acd
MH		 847 if (rp->status)
848 return;
849
850 hdev->inq_tx_power = rp->tx_power;
d5859e22
JH		 851}
852
980e1a53
JH		 853static void hci_cc_pin_code_reply(struct hci_dev *hdev, struct sk_buff *skb)
854{
855 struct hci_rp_pin_code_reply *rp = (void *) skb->data;
856 struct hci_cp_pin_code_reply *cp;
857 struct hci_conn *conn;
858
9f1db00c 859 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
980e1a53 860
56e5cb86
JH		 861 hci_dev_lock(hdev);
862
a8b2d5c2 863 if (test_bit(HCI_MGMT, &hdev->dev_flags))
744cf19e 864 mgmt_pin_code_reply_complete(hdev, &rp->bdaddr, rp->status);
980e1a53 865
fa1bd918 866 if (rp->status)
56e5cb86 867 goto unlock;
980e1a53
JH		 868
869 cp = hci_sent_cmd_data(hdev, HCI_OP_PIN_CODE_REPLY);
870 if (!cp)
56e5cb86 871 goto unlock;
980e1a53
JH		 872
873 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
874 if (conn)
875 conn->pin_length = cp->pin_len;
56e5cb86
JH		 876
877unlock:
878 hci_dev_unlock(hdev);
980e1a53
JH		 879}
880
881static void hci_cc_pin_code_neg_reply(struct hci_dev *hdev, struct sk_buff *skb)
882{
883 struct hci_rp_pin_code_neg_reply *rp = (void *) skb->data;
884
9f1db00c 885 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
980e1a53 886
56e5cb86
JH		 887 hci_dev_lock(hdev);
888
a8b2d5c2 889 if (test_bit(HCI_MGMT, &hdev->dev_flags))
744cf19e 890 mgmt_pin_code_neg_reply_complete(hdev, &rp->bdaddr,
807deac2 891 rp->status);
56e5cb86
JH		 892
893 hci_dev_unlock(hdev);
980e1a53 894}
56e5cb86 895
6ed58ec5
VT		 896static void hci_cc_le_read_buffer_size(struct hci_dev *hdev,
897 struct sk_buff *skb)
898{
899 struct hci_rp_le_read_buffer_size *rp = (void *) skb->data;
900
9f1db00c 901 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
6ed58ec5
VT		 902
903 if (rp->status)
904 return;
905
906 hdev->le_mtu = __le16_to_cpu(rp->le_mtu);
907 hdev->le_pkts = rp->le_max_pkt;
908
909 hdev->le_cnt = hdev->le_pkts;
910
911 BT_DBG("%s le mtu %d:%d", hdev->name, hdev->le_mtu, hdev->le_pkts);
6ed58ec5 912}
980e1a53 913
60e77321
JH		 914static void hci_cc_le_read_local_features(struct hci_dev *hdev,
915 struct sk_buff *skb)
916{
917 struct hci_rp_le_read_local_features *rp = (void *) skb->data;
918
919 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
920
45296acd
MH		 921 if (rp->status)
922 return;
923
924 memcpy(hdev->le_features, rp->features, 8);
60e77321
JH		 925}
926
8fa19098
JH		 927static void hci_cc_le_read_adv_tx_power(struct hci_dev *hdev,
928 struct sk_buff *skb)
929{
930 struct hci_rp_le_read_adv_tx_power *rp = (void *) skb->data;
931
932 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
933
45296acd
MH		 934 if (rp->status)
935 return;
936
937 hdev->adv_tx_power = rp->tx_power;
8fa19098
JH		 938}
939
a5c29683
JH		 940static void hci_cc_user_confirm_reply(struct hci_dev *hdev, struct sk_buff *skb)
941{
942 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
943
9f1db00c 944 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
a5c29683 945
56e5cb86
JH		 946 hci_dev_lock(hdev);
947
a8b2d5c2 948 if (test_bit(HCI_MGMT, &hdev->dev_flags))
04124681
GP		 949 mgmt_user_confirm_reply_complete(hdev, &rp->bdaddr, ACL_LINK, 0,
950 rp->status);
56e5cb86
JH		 951
952 hci_dev_unlock(hdev);
a5c29683
JH		 953}
954
955static void hci_cc_user_confirm_neg_reply(struct hci_dev *hdev,
807deac2 956 struct sk_buff *skb)
a5c29683
JH		 957{
958 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
959
9f1db00c 960 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
a5c29683 961
56e5cb86
JH		 962 hci_dev_lock(hdev);
963
a8b2d5c2 964 if (test_bit(HCI_MGMT, &hdev->dev_flags))
744cf19e 965 mgmt_user_confirm_neg_reply_complete(hdev, &rp->bdaddr,
04124681 966 ACL_LINK, 0, rp->status);
56e5cb86
JH		 967
968 hci_dev_unlock(hdev);
a5c29683
JH		 969}
970
1143d458
BG		 971static void hci_cc_user_passkey_reply(struct hci_dev *hdev, struct sk_buff *skb)
972{
973 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
974
9f1db00c 975 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1143d458
BG		 976
977 hci_dev_lock(hdev);
978
a8b2d5c2 979 if (test_bit(HCI_MGMT, &hdev->dev_flags))
272d90df 980 mgmt_user_passkey_reply_complete(hdev, &rp->bdaddr, ACL_LINK,
04124681 981 0, rp->status);
1143d458
BG		 982
983 hci_dev_unlock(hdev);
984}
985
986static void hci_cc_user_passkey_neg_reply(struct hci_dev *hdev,
807deac2 987 struct sk_buff *skb)
1143d458
BG		 988{
989 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
990
9f1db00c 991 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1143d458
BG		 992
993 hci_dev_lock(hdev);
994
a8b2d5c2 995 if (test_bit(HCI_MGMT, &hdev->dev_flags))
1143d458 996 mgmt_user_passkey_neg_reply_complete(hdev, &rp->bdaddr,
04124681 997 ACL_LINK, 0, rp->status);
1143d458
BG		 998
999 hci_dev_unlock(hdev);
1000}
1001
4d2d2796
MH		 1002static void hci_cc_read_local_oob_data(struct hci_dev *hdev,
1003 struct sk_buff *skb)
c35938b2
SJ		 1004{
1005 struct hci_rp_read_local_oob_data *rp = (void *) skb->data;
1006
9f1db00c 1007 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
c35938b2 1008
56e5cb86 1009 hci_dev_lock(hdev);
4d2d2796
MH		 1010 mgmt_read_local_oob_data_complete(hdev, rp->hash, rp->randomizer,
1011 NULL, NULL, rp->status);
1012 hci_dev_unlock(hdev);
1013}
1014
1015static void hci_cc_read_local_oob_ext_data(struct hci_dev *hdev,
1016 struct sk_buff *skb)
1017{
1018 struct hci_rp_read_local_oob_ext_data *rp = (void *) skb->data;
1019
1020 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1021
1022 hci_dev_lock(hdev);
1023 mgmt_read_local_oob_data_complete(hdev, rp->hash192, rp->randomizer192,
1024 rp->hash256, rp->randomizer256,
1025 rp->status);
56e5cb86 1026 hci_dev_unlock(hdev);
c35938b2
SJ		 1027}
1028
7a4cd51d
MH		 1029
1030static void hci_cc_le_set_random_addr(struct hci_dev *hdev, struct sk_buff *skb)
1031{
1032 __u8 status = *((__u8 *) skb->data);
1033 bdaddr_t *sent;
1034
1035 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1036
45296acd
MH		 1037 if (status)
1038 return;
1039
7a4cd51d
MH		 1040 sent = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_RANDOM_ADDR);
1041 if (!sent)
1042 return;
1043
1044 hci_dev_lock(hdev);
1045
45296acd 1046 bacpy(&hdev->random_addr, sent);
7a4cd51d
MH		 1047
1048 hci_dev_unlock(hdev);
1049}
1050
c1d5dc4a
JH		 1051static void hci_cc_le_set_adv_enable(struct hci_dev *hdev, struct sk_buff *skb)
1052{
1053 __u8 *sent, status = *((__u8 *) skb->data);
1054
1055 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1056
45296acd 1057 if (status)
c1d5dc4a
JH		 1058 return;
1059
45296acd
MH		 1060 sent = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_ADV_ENABLE);
1061 if (!sent)
3c857757
JH		 1062 return;
1063
c1d5dc4a
JH		 1064 hci_dev_lock(hdev);
1065
3c857757
JH		 1066 /* If we're doing connection initation as peripheral. Set a
1067 * timeout in case something goes wrong.
1068 */
1069 if (*sent) {
1070 struct hci_conn *conn;
1071
66c417c1
JH		 1072 set_bit(HCI_LE_ADV, &hdev->dev_flags);
1073
3c857757
JH		 1074 conn = hci_conn_hash_lookup_state(hdev, LE_LINK, BT_CONNECT);
1075 if (conn)
1076 queue_delayed_work(hdev->workqueue,
1077 &conn->le_conn_timeout,
09ae260b 1078 conn->conn_timeout);
66c417c1
JH		 1079 } else {
1080 clear_bit(HCI_LE_ADV, &hdev->dev_flags);
3c857757
JH		 1081 }
1082
04b4edcb 1083 hci_dev_unlock(hdev);
c1d5dc4a
JH		 1084}
1085
533553f8
MH		 1086static void hci_cc_le_set_scan_param(struct hci_dev *hdev, struct sk_buff *skb)
1087{
1088 struct hci_cp_le_set_scan_param *cp;
1089 __u8 status = *((__u8 *) skb->data);
1090
1091 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1092
45296acd
MH		 1093 if (status)
1094 return;
1095
533553f8
MH		 1096 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_SCAN_PARAM);
1097 if (!cp)
1098 return;
1099
1100 hci_dev_lock(hdev);
1101
45296acd 1102 hdev->le_scan_type = cp->type;
533553f8
MH		 1103
1104 hci_dev_unlock(hdev);
1105}
1106
b9a6328f
JH		 1107static bool has_pending_adv_report(struct hci_dev *hdev)
1108{
1109 struct discovery_state *d = &hdev->discovery;
1110
1111 return bacmp(&d->last_adv_addr, BDADDR_ANY);
1112}
1113
1114static void clear_pending_adv_report(struct hci_dev *hdev)
1115{
1116 struct discovery_state *d = &hdev->discovery;
1117
1118 bacpy(&d->last_adv_addr, BDADDR_ANY);
1119 d->last_adv_data_len = 0;
1120}
1121
1122static void store_pending_adv_report(struct hci_dev *hdev, bdaddr_t *bdaddr,
c70a7e4c
MH		 1123 u8 bdaddr_type, s8 rssi, u32 flags,
1124 u8 *data, u8 len)
b9a6328f
JH		 1125{
1126 struct discovery_state *d = &hdev->discovery;
1127
1128 bacpy(&d->last_adv_addr, bdaddr);
1129 d->last_adv_addr_type = bdaddr_type;
ff5cd29f 1130 d->last_adv_rssi = rssi;
c70a7e4c 1131 d->last_adv_flags = flags;
b9a6328f
JH		 1132 memcpy(d->last_adv_data, data, len);
1133 d->last_adv_data_len = len;
1134}
1135
eb9d91f5 1136static void hci_cc_le_set_scan_enable(struct hci_dev *hdev,
807deac2 1137 struct sk_buff *skb)
eb9d91f5
AG		 1138{
1139 struct hci_cp_le_set_scan_enable *cp;
1140 __u8 status = *((__u8 *) skb->data);
1141
9f1db00c 1142 BT_DBG("%s status 0x%2.2x", hdev->name, status);
eb9d91f5 1143
45296acd 1144 if (status)
eb9d91f5
AG		 1145 return;
1146
45296acd
MH		 1147 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_SCAN_ENABLE);
1148 if (!cp)
3fd319b8
AG		 1149 return;
1150
68a8aea4 1151 switch (cp->enable) {
76a388be 1152 case LE_SCAN_ENABLE:
d23264a8 1153 set_bit(HCI_LE_SCAN, &hdev->dev_flags);
b9a6328f
JH		 1154 if (hdev->le_scan_type == LE_SCAN_ACTIVE)
1155 clear_pending_adv_report(hdev);
68a8aea4
AE		 1156 break;
1157
76a388be 1158 case LE_SCAN_DISABLE:
b9a6328f
JH		 1159 /* We do this here instead of when setting DISCOVERY_STOPPED
1160 * since the latter would potentially require waiting for
1161 * inquiry to stop too.
1162 */
1163 if (has_pending_adv_report(hdev)) {
1164 struct discovery_state *d = &hdev->discovery;
1165
1166 mgmt_device_found(hdev, &d->last_adv_addr, LE_LINK,
ab0aa433 1167 d->last_adv_addr_type, NULL,
c70a7e4c 1168 d->last_adv_rssi, d->last_adv_flags,
ab0aa433 1169 d->last_adv_data,
b9a6328f
JH		 1170 d->last_adv_data_len, NULL, 0);
1171 }
1172
317ac8cb
JH		 1173 /* Cancel this timer so that we don't try to disable scanning
1174 * when it's already disabled.
1175 */
1176 cancel_delayed_work(&hdev->le_scan_disable);
1177
d23264a8 1178 clear_bit(HCI_LE_SCAN, &hdev->dev_flags);
e8bb6b97 1179
81ad6fd9
JH		 1180 /* The HCI_LE_SCAN_INTERRUPTED flag indicates that we
1181 * interrupted scanning due to a connect request. Mark
e8bb6b97
JH		 1182 * therefore discovery as stopped. If this was not
1183 * because of a connect request advertising might have
1184 * been disabled because of active scanning, so
1185 * re-enable it again if necessary.
81ad6fd9
JH		 1186 */
1187 if (test_and_clear_bit(HCI_LE_SCAN_INTERRUPTED,
1188 &hdev->dev_flags))
1189 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
e8bb6b97 1190 else if (!test_bit(HCI_LE_ADV, &hdev->dev_flags) &&
34722277 1191 hdev->discovery.state == DISCOVERY_FINDING)
e8bb6b97
JH		 1192 mgmt_reenable_advertising(hdev);
1193
68a8aea4
AE		 1194 break;
1195
1196 default:
1197 BT_ERR("Used reserved LE_Scan_Enable param %d", cp->enable);
1198 break;
35815085 1199 }
eb9d91f5
AG		 1200}
1201
cf1d081f
JH		 1202static void hci_cc_le_read_white_list_size(struct hci_dev *hdev,
1203 struct sk_buff *skb)
1204{
1205 struct hci_rp_le_read_white_list_size *rp = (void *) skb->data;
1206
1207 BT_DBG("%s status 0x%2.2x size %u", hdev->name, rp->status, rp->size);
1208
45296acd
MH		 1209 if (rp->status)
1210 return;
1211
1212 hdev->le_white_list_size = rp->size;
cf1d081f
JH		 1213}
1214
0f36b589
MH		 1215static void hci_cc_le_clear_white_list(struct hci_dev *hdev,
1216 struct sk_buff *skb)
1217{
1218 __u8 status = *((__u8 *) skb->data);
1219
1220 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1221
45296acd
MH		 1222 if (status)
1223 return;
1224
dcc36c16 1225 hci_bdaddr_list_clear(&hdev->le_white_list);
0f36b589
MH		 1226}
1227
1228static void hci_cc_le_add_to_white_list(struct hci_dev *hdev,
1229 struct sk_buff *skb)
1230{
1231 struct hci_cp_le_add_to_white_list *sent;
1232 __u8 status = *((__u8 *) skb->data);
1233
1234 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1235
45296acd
MH		 1236 if (status)
1237 return;
1238
0f36b589
MH		 1239 sent = hci_sent_cmd_data(hdev, HCI_OP_LE_ADD_TO_WHITE_LIST);
1240 if (!sent)
1241 return;
1242
dcc36c16
JH		 1243 hci_bdaddr_list_add(&hdev->le_white_list, &sent->bdaddr,
1244 sent->bdaddr_type);
0f36b589
MH		 1245}
1246
1247static void hci_cc_le_del_from_white_list(struct hci_dev *hdev,
1248 struct sk_buff *skb)
1249{
1250 struct hci_cp_le_del_from_white_list *sent;
1251 __u8 status = *((__u8 *) skb->data);
1252
1253 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1254
45296acd
MH		 1255 if (status)
1256 return;
1257
0f36b589
MH		 1258 sent = hci_sent_cmd_data(hdev, HCI_OP_LE_DEL_FROM_WHITE_LIST);
1259 if (!sent)
1260 return;
1261
dcc36c16
JH		 1262 hci_bdaddr_list_del(&hdev->le_white_list, &sent->bdaddr,
1263 sent->bdaddr_type);
0f36b589
MH		 1264}
1265
9b008c04
JH		 1266static void hci_cc_le_read_supported_states(struct hci_dev *hdev,
1267 struct sk_buff *skb)
1268{
1269 struct hci_rp_le_read_supported_states *rp = (void *) skb->data;
1270
1271 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1272
45296acd
MH		 1273 if (rp->status)
1274 return;
1275
1276 memcpy(hdev->le_states, rp->le_states, 8);
9b008c04
JH		 1277}
1278
6039aa73
GP		 1279static void hci_cc_write_le_host_supported(struct hci_dev *hdev,
1280 struct sk_buff *skb)
f9b49306 1281{
06199cf8 1282 struct hci_cp_write_le_host_supported *sent;
f9b49306
AG		 1283 __u8 status = *((__u8 *) skb->data);
1284
9f1db00c 1285 BT_DBG("%s status 0x%2.2x", hdev->name, status);
f9b49306 1286
45296acd
MH		 1287 if (status)
1288 return;
1289
06199cf8 1290 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED);
8f984dfa 1291 if (!sent)
f9b49306
AG		 1292 return;
1293
45296acd
MH		 1294 if (sent->le) {
1295 hdev->features[1][0] |= LMP_HOST_LE;
1296 set_bit(HCI_LE_ENABLED, &hdev->dev_flags);
1297 } else {
1298 hdev->features[1][0] &= ~LMP_HOST_LE;
1299 clear_bit(HCI_LE_ENABLED, &hdev->dev_flags);
1300 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
8f984dfa 1301 }
45296acd
MH		 1302
1303 if (sent->simul)
1304 hdev->features[1][0] |= LMP_HOST_LE_BREDR;
1305 else
1306 hdev->features[1][0] &= ~LMP_HOST_LE_BREDR;
f9b49306
AG		 1307}
1308
56ed2cb8
JH		 1309static void hci_cc_set_adv_param(struct hci_dev *hdev, struct sk_buff *skb)
1310{
1311 struct hci_cp_le_set_adv_param *cp;
1312 u8 status = *((u8 *) skb->data);
1313
1314 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1315
1316 if (status)
1317 return;
1318
1319 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_ADV_PARAM);
1320 if (!cp)
1321 return;
1322
1323 hci_dev_lock(hdev);
1324 hdev->adv_addr_type = cp->own_address_type;
1325 hci_dev_unlock(hdev);
1326}
1327
93c284ee
AE		 1328static void hci_cc_write_remote_amp_assoc(struct hci_dev *hdev,
1329 struct sk_buff *skb)
1330{
1331 struct hci_rp_write_remote_amp_assoc *rp = (void *) skb->data;
1332
1333 BT_DBG("%s status 0x%2.2x phy_handle 0x%2.2x",
1334 hdev->name, rp->status, rp->phy_handle);
1335
1336 if (rp->status)
1337 return;
1338
1339 amp_write_rem_assoc_continue(hdev, rp->phy_handle);
1340}
1341
5ae76a94
AK		 1342static void hci_cc_read_rssi(struct hci_dev *hdev, struct sk_buff *skb)
1343{
1344 struct hci_rp_read_rssi *rp = (void *) skb->data;
1345 struct hci_conn *conn;
1346
1347 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1348
1349 if (rp->status)
1350 return;
1351
1352 hci_dev_lock(hdev);
1353
1354 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
1355 if (conn)
1356 conn->rssi = rp->rssi;
1357
1358 hci_dev_unlock(hdev);
1359}
1360
5a134fae
AK		 1361static void hci_cc_read_tx_power(struct hci_dev *hdev, struct sk_buff *skb)
1362{
1363 struct hci_cp_read_tx_power *sent;
1364 struct hci_rp_read_tx_power *rp = (void *) skb->data;
1365 struct hci_conn *conn;
1366
1367 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1368
1369 if (rp->status)
1370 return;
1371
1372 sent = hci_sent_cmd_data(hdev, HCI_OP_READ_TX_POWER);
1373 if (!sent)
1374 return;
1375
1376 hci_dev_lock(hdev);
1377
1378 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
d0455ed9
AK		 1379 if (!conn)
1380 goto unlock;
1381
1382 switch (sent->type) {
1383 case 0x00:
5a134fae 1384 conn->tx_power = rp->tx_power;
d0455ed9
AK		 1385 break;
1386 case 0x01:
1387 conn->max_tx_power = rp->tx_power;
1388 break;
1389 }
5a134fae 1390
d0455ed9 1391unlock:
5a134fae
AK		 1392 hci_dev_unlock(hdev);
1393}
1394
6039aa73 1395static void hci_cs_inquiry(struct hci_dev *hdev, __u8 status)
a9de9248 1396{
9f1db00c 1397 BT_DBG("%s status 0x%2.2x", hdev->name, status);
a9de9248
MH		 1398
1399 if (status) {
a9de9248 1400 hci_conn_check_pending(hdev);
314b2381
JH		 1401 return;
1402 }
1403
89352e7d 1404 set_bit(HCI_INQUIRY, &hdev->flags);
1da177e4
LT		 1405}
1406
6039aa73 1407static void hci_cs_create_conn(struct hci_dev *hdev, __u8 status)
1da177e4 1408{
a9de9248 1409 struct hci_cp_create_conn *cp;
1da177e4 1410 struct hci_conn *conn;
1da177e4 1411
9f1db00c 1412 BT_DBG("%s status 0x%2.2x", hdev->name, status);
a9de9248
MH		 1413
1414 cp = hci_sent_cmd_data(hdev, HCI_OP_CREATE_CONN);
1da177e4
LT		 1415 if (!cp)
1416 return;
1417
1418 hci_dev_lock(hdev);
1419
1420 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1421
6ed93dc6 1422 BT_DBG("%s bdaddr %pMR hcon %p", hdev->name, &cp->bdaddr, conn);
1da177e4
LT		 1423
1424 if (status) {
1425 if (conn && conn->state == BT_CONNECT) {
4c67bc74
MH		 1426 if (status != 0x0c || conn->attempt > 2) {
1427 conn->state = BT_CLOSED;
1428 hci_proto_connect_cfm(conn, status);
1429 hci_conn_del(conn);
1430 } else
1431 conn->state = BT_CONNECT2;
1da177e4
LT		 1432 }
1433 } else {
1434 if (!conn) {
1435 conn = hci_conn_add(hdev, ACL_LINK, &cp->bdaddr);
1436 if (conn) {
a0c808b3 1437 conn->out = true;
4dae2798 1438 set_bit(HCI_CONN_MASTER, &conn->flags);
1da177e4 1439 } else
893ef971 1440 BT_ERR("No memory for new connection");
1da177e4
LT		 1441 }
1442 }
1443
1444 hci_dev_unlock(hdev);
1445}
1446
a9de9248 1447static void hci_cs_add_sco(struct hci_dev *hdev, __u8 status)
1da177e4 1448{
a9de9248
MH		 1449 struct hci_cp_add_sco *cp;
1450 struct hci_conn *acl, *sco;
1451 __u16 handle;
1da177e4 1452
9f1db00c 1453 BT_DBG("%s status 0x%2.2x", hdev->name, status);
b6a0dc82 1454
a9de9248
MH		 1455 if (!status)
1456 return;
1da177e4 1457
a9de9248
MH		 1458 cp = hci_sent_cmd_data(hdev, HCI_OP_ADD_SCO);
1459 if (!cp)
1460 return;
1da177e4 1461
a9de9248 1462 handle = __le16_to_cpu(cp->handle);
1da177e4 1463
9f1db00c 1464 BT_DBG("%s handle 0x%4.4x", hdev->name, handle);
1da177e4 1465
a9de9248 1466 hci_dev_lock(hdev);
1da177e4 1467
a9de9248 1468 acl = hci_conn_hash_lookup_handle(hdev, handle);
5a08ecce
AE		 1469 if (acl) {
1470 sco = acl->link;
1471 if (sco) {
1472 sco->state = BT_CLOSED;
1da177e4 1473
5a08ecce
AE		 1474 hci_proto_connect_cfm(sco, status);
1475 hci_conn_del(sco);
1476 }
a9de9248 1477 }
1da177e4 1478
a9de9248
MH		 1479 hci_dev_unlock(hdev);
1480}
1da177e4 1481
f8558555
MH		 1482static void hci_cs_auth_requested(struct hci_dev *hdev, __u8 status)
1483{
1484 struct hci_cp_auth_requested *cp;
1485 struct hci_conn *conn;
1486
9f1db00c 1487 BT_DBG("%s status 0x%2.2x", hdev->name, status);
f8558555
MH		 1488
1489 if (!status)
1490 return;
1491
1492 cp = hci_sent_cmd_data(hdev, HCI_OP_AUTH_REQUESTED);
1493 if (!cp)
1494 return;
1495
1496 hci_dev_lock(hdev);
1497
1498 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1499 if (conn) {
1500 if (conn->state == BT_CONFIG) {
1501 hci_proto_connect_cfm(conn, status);
76a68ba0 1502 hci_conn_drop(conn);
f8558555
MH		 1503 }
1504 }
1505
1506 hci_dev_unlock(hdev);
1507}
1508
1509static void hci_cs_set_conn_encrypt(struct hci_dev *hdev, __u8 status)
1510{
1511 struct hci_cp_set_conn_encrypt *cp;
1512 struct hci_conn *conn;
1513
9f1db00c 1514 BT_DBG("%s status 0x%2.2x", hdev->name, status);
f8558555
MH		 1515
1516 if (!status)
1517 return;
1518
1519 cp = hci_sent_cmd_data(hdev, HCI_OP_SET_CONN_ENCRYPT);
1520 if (!cp)
1521 return;
1522
1523 hci_dev_lock(hdev);
1524
1525 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1526 if (conn) {
1527 if (conn->state == BT_CONFIG) {
1528 hci_proto_connect_cfm(conn, status);
76a68ba0 1529 hci_conn_drop(conn);
f8558555
MH		 1530 }
1531 }
1532
1533 hci_dev_unlock(hdev);
1534}
1535
127178d2 1536static int hci_outgoing_auth_needed(struct hci_dev *hdev,
807deac2 1537 struct hci_conn *conn)
392599b9 1538{
392599b9
JH		 1539 if (conn->state != BT_CONFIG || !conn->out)
1540 return 0;
1541
765c2a96 1542 if (conn->pending_sec_level == BT_SECURITY_SDP)
392599b9
JH		 1543 return 0;
1544
1545 /* Only request authentication for SSP connections or non-SSP
264b8b4e
JH		 1546 * devices with sec_level MEDIUM or HIGH or if MITM protection
1547 * is requested.
1548 */
807deac2 1549 if (!hci_conn_ssp_enabled(conn) && !(conn->auth_type & 0x01) &&
7e3691e1 1550 conn->pending_sec_level != BT_SECURITY_FIPS &&
264b8b4e
JH		 1551 conn->pending_sec_level != BT_SECURITY_HIGH &&
1552 conn->pending_sec_level != BT_SECURITY_MEDIUM)
392599b9
JH		 1553 return 0;
1554
392599b9
JH		 1555 return 1;
1556}
1557
6039aa73 1558static int hci_resolve_name(struct hci_dev *hdev,
04124681 1559 struct inquiry_entry *e)
30dc78e1
JH		 1560{
1561 struct hci_cp_remote_name_req cp;
1562
1563 memset(&cp, 0, sizeof(cp));
1564
1565 bacpy(&cp.bdaddr, &e->data.bdaddr);
1566 cp.pscan_rep_mode = e->data.pscan_rep_mode;
1567 cp.pscan_mode = e->data.pscan_mode;
1568 cp.clock_offset = e->data.clock_offset;
1569
1570 return hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
1571}
1572
b644ba33 1573static bool hci_resolve_next_name(struct hci_dev *hdev)
30dc78e1
JH		 1574{
1575 struct discovery_state *discov = &hdev->discovery;
1576 struct inquiry_entry *e;
1577
b644ba33
JH		 1578 if (list_empty(&discov->resolve))
1579 return false;
1580
1581 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_NEEDED);
c810089c
RM		 1582 if (!e)
1583 return false;
1584
b644ba33
JH		 1585 if (hci_resolve_name(hdev, e) == 0) {
1586 e->name_state = NAME_PENDING;
1587 return true;
1588 }
1589
1590 return false;
1591}
1592
1593static void hci_check_pending_name(struct hci_dev *hdev, struct hci_conn *conn,
04124681 1594 bdaddr_t *bdaddr, u8 *name, u8 name_len)
b644ba33
JH		 1595{
1596 struct discovery_state *discov = &hdev->discovery;
1597 struct inquiry_entry *e;
1598
1599 if (conn && !test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
04124681
GP		 1600 mgmt_device_connected(hdev, bdaddr, ACL_LINK, 0x00, 0, name,
1601 name_len, conn->dev_class);
b644ba33
JH		 1602
1603 if (discov->state == DISCOVERY_STOPPED)
1604 return;
1605
30dc78e1
JH		 1606 if (discov->state == DISCOVERY_STOPPING)
1607 goto discov_complete;
1608
1609 if (discov->state != DISCOVERY_RESOLVING)
1610 return;
1611
1612 e = hci_inquiry_cache_lookup_resolve(hdev, bdaddr, NAME_PENDING);
7cc8380e
RM		 1613 /* If the device was not found in a list of found devices names of which
1614 * are pending. there is no need to continue resolving a next name as it
1615 * will be done upon receiving another Remote Name Request Complete
1616 * Event */
1617 if (!e)
1618 return;
1619
1620 list_del(&e->list);
1621 if (name) {
30dc78e1 1622 e->name_state = NAME_KNOWN;
7cc8380e
RM		 1623 mgmt_remote_name(hdev, bdaddr, ACL_LINK, 0x00,
1624 e->data.rssi, name, name_len);
c3e7c0d9
RM		 1625 } else {
1626 e->name_state = NAME_NOT_KNOWN;
30dc78e1
JH		 1627 }
1628
b644ba33 1629 if (hci_resolve_next_name(hdev))
30dc78e1 1630 return;
30dc78e1
JH		 1631
1632discov_complete:
1633 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1634}
1635
a9de9248
MH		 1636static void hci_cs_remote_name_req(struct hci_dev *hdev, __u8 status)
1637{
127178d2
JH		 1638 struct hci_cp_remote_name_req *cp;
1639 struct hci_conn *conn;
1640
9f1db00c 1641 BT_DBG("%s status 0x%2.2x", hdev->name, status);
127178d2
JH		 1642
1643 /* If successful wait for the name req complete event before
1644 * checking for the need to do authentication */
1645 if (!status)
1646 return;
1647
1648 cp = hci_sent_cmd_data(hdev, HCI_OP_REMOTE_NAME_REQ);
1649 if (!cp)
1650 return;
1651
1652 hci_dev_lock(hdev);
1653
b644ba33
JH		 1654 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1655
a8b2d5c2 1656 if (test_bit(HCI_MGMT, &hdev->dev_flags))
b644ba33 1657 hci_check_pending_name(hdev, conn, &cp->bdaddr, NULL, 0);
30dc78e1 1658
79c6c70c
JH		 1659 if (!conn)
1660 goto unlock;
1661
1662 if (!hci_outgoing_auth_needed(hdev, conn))
1663 goto unlock;
1664
51a8efd7 1665 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
c1f23a2b
JB		 1666 struct hci_cp_auth_requested auth_cp;
1667
1668 auth_cp.handle = __cpu_to_le16(conn->handle);
1669 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED,
1670 sizeof(auth_cp), &auth_cp);
127178d2
JH		 1671 }
1672
79c6c70c 1673unlock:
127178d2 1674 hci_dev_unlock(hdev);
a9de9248 1675}
1da177e4 1676
769be974
MH		 1677static void hci_cs_read_remote_features(struct hci_dev *hdev, __u8 status)
1678{
1679 struct hci_cp_read_remote_features *cp;
1680 struct hci_conn *conn;
1681
9f1db00c 1682 BT_DBG("%s status 0x%2.2x", hdev->name, status);
769be974
MH		 1683
1684 if (!status)
1685 return;
1686
1687 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_FEATURES);
1688 if (!cp)
1689 return;
1690
1691 hci_dev_lock(hdev);
1692
1693 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1694 if (conn) {
1695 if (conn->state == BT_CONFIG) {
769be974 1696 hci_proto_connect_cfm(conn, status);
76a68ba0 1697 hci_conn_drop(conn);
769be974
MH		 1698 }
1699 }
1700
1701 hci_dev_unlock(hdev);
1702}
1703
1704static void hci_cs_read_remote_ext_features(struct hci_dev *hdev, __u8 status)
1705{
1706 struct hci_cp_read_remote_ext_features *cp;
1707 struct hci_conn *conn;
1708
9f1db00c 1709 BT_DBG("%s status 0x%2.2x", hdev->name, status);
769be974
MH		 1710
1711 if (!status)
1712 return;
1713
1714 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES);
1715 if (!cp)
1716 return;
1717
1718 hci_dev_lock(hdev);
1719
1720 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1721 if (conn) {
1722 if (conn->state == BT_CONFIG) {
769be974 1723 hci_proto_connect_cfm(conn, status);
76a68ba0 1724 hci_conn_drop(conn);
769be974
MH		 1725 }
1726 }
1727
1728 hci_dev_unlock(hdev);
1729}
1730
a9de9248
MH		 1731static void hci_cs_setup_sync_conn(struct hci_dev *hdev, __u8 status)
1732{
b6a0dc82
MH		 1733 struct hci_cp_setup_sync_conn *cp;
1734 struct hci_conn *acl, *sco;
1735 __u16 handle;
1736
9f1db00c 1737 BT_DBG("%s status 0x%2.2x", hdev->name, status);
b6a0dc82
MH		 1738
1739 if (!status)
1740 return;
1741
1742 cp = hci_sent_cmd_data(hdev, HCI_OP_SETUP_SYNC_CONN);
1743 if (!cp)
1744 return;
1745
1746 handle = __le16_to_cpu(cp->handle);
1747
9f1db00c 1748 BT_DBG("%s handle 0x%4.4x", hdev->name, handle);
b6a0dc82
MH		 1749
1750 hci_dev_lock(hdev);
1751
1752 acl = hci_conn_hash_lookup_handle(hdev, handle);
5a08ecce
AE		 1753 if (acl) {
1754 sco = acl->link;
1755 if (sco) {
1756 sco->state = BT_CLOSED;
b6a0dc82 1757
5a08ecce
AE		 1758 hci_proto_connect_cfm(sco, status);
1759 hci_conn_del(sco);
1760 }
b6a0dc82
MH		 1761 }
1762
1763 hci_dev_unlock(hdev);
1da177e4
LT		 1764}
1765
a9de9248 1766static void hci_cs_sniff_mode(struct hci_dev *hdev, __u8 status)
1da177e4 1767{
a9de9248
MH		 1768 struct hci_cp_sniff_mode *cp;
1769 struct hci_conn *conn;
1da177e4 1770
9f1db00c 1771 BT_DBG("%s status 0x%2.2x", hdev->name, status);
04837f64 1772
a9de9248
MH		 1773 if (!status)
1774 return;
04837f64 1775
a9de9248
MH		 1776 cp = hci_sent_cmd_data(hdev, HCI_OP_SNIFF_MODE);
1777 if (!cp)
1778 return;
04837f64 1779
a9de9248 1780 hci_dev_lock(hdev);
04837f64 1781
a9de9248 1782 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
e73439d8 1783 if (conn) {
51a8efd7 1784 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags);
04837f64 1785
51a8efd7 1786 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
e73439d8
MH		 1787 hci_sco_setup(conn, status);
1788 }
1789
a9de9248
MH		 1790 hci_dev_unlock(hdev);
1791}
04837f64 1792
a9de9248
MH		 1793static void hci_cs_exit_sniff_mode(struct hci_dev *hdev, __u8 status)
1794{
1795 struct hci_cp_exit_sniff_mode *cp;
1796 struct hci_conn *conn;
04837f64 1797
9f1db00c 1798 BT_DBG("%s status 0x%2.2x", hdev->name, status);
04837f64 1799
a9de9248
MH		 1800 if (!status)
1801 return;
04837f64 1802
a9de9248
MH		 1803 cp = hci_sent_cmd_data(hdev, HCI_OP_EXIT_SNIFF_MODE);
1804 if (!cp)
1805 return;
04837f64 1806
a9de9248 1807 hci_dev_lock(hdev);
1da177e4 1808
a9de9248 1809 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
e73439d8 1810 if (conn) {
51a8efd7 1811 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags);
1da177e4 1812
51a8efd7 1813 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
e73439d8
MH		 1814 hci_sco_setup(conn, status);
1815 }
1816
a9de9248 1817 hci_dev_unlock(hdev);
1da177e4
LT		 1818}
1819
88c3df13
JH		 1820static void hci_cs_disconnect(struct hci_dev *hdev, u8 status)
1821{
1822 struct hci_cp_disconnect *cp;
1823 struct hci_conn *conn;
1824
1825 if (!status)
1826 return;
1827
1828 cp = hci_sent_cmd_data(hdev, HCI_OP_DISCONNECT);
1829 if (!cp)
1830 return;
1831
1832 hci_dev_lock(hdev);
1833
1834 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1835 if (conn)
1836 mgmt_disconnect_failed(hdev, &conn->dst, conn->type,
04124681 1837 conn->dst_type, status);
88c3df13
JH		 1838
1839 hci_dev_unlock(hdev);
1840}
1841
a02226d6
AE		 1842static void hci_cs_create_phylink(struct hci_dev *hdev, u8 status)
1843{
93c284ee
AE		 1844 struct hci_cp_create_phy_link *cp;
1845
a02226d6 1846 BT_DBG("%s status 0x%2.2x", hdev->name, status);
93c284ee 1847
93c284ee
AE		 1848 cp = hci_sent_cmd_data(hdev, HCI_OP_CREATE_PHY_LINK);
1849 if (!cp)
1850 return;
1851
e58917b9
AE		 1852 hci_dev_lock(hdev);
1853
1854 if (status) {
1855 struct hci_conn *hcon;
1856
1857 hcon = hci_conn_hash_lookup_handle(hdev, cp->phy_handle);
1858 if (hcon)
1859 hci_conn_del(hcon);
1860 } else {
1861 amp_write_remote_assoc(hdev, cp->phy_handle);
1862 }
1863
1864 hci_dev_unlock(hdev);
a02226d6
AE		 1865}
1866
0b26ab9d
AE		 1867static void hci_cs_accept_phylink(struct hci_dev *hdev, u8 status)
1868{
1869 struct hci_cp_accept_phy_link *cp;
1870
1871 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1872
1873 if (status)
1874 return;
1875
1876 cp = hci_sent_cmd_data(hdev, HCI_OP_ACCEPT_PHY_LINK);
1877 if (!cp)
1878 return;
1879
1880 amp_write_remote_assoc(hdev, cp->phy_handle);
1881}
1882
cb1d68f7
JH		 1883static void hci_cs_le_create_conn(struct hci_dev *hdev, u8 status)
1884{
1885 struct hci_cp_le_create_conn *cp;
1886 struct hci_conn *conn;
1887
1888 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1889
1890 /* All connection failure handling is taken care of by the
1891 * hci_le_conn_failed function which is triggered by the HCI
1892 * request completion callbacks used for connecting.
1893 */
1894 if (status)
1895 return;
1896
1897 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_CREATE_CONN);
1898 if (!cp)
1899 return;
1900
1901 hci_dev_lock(hdev);
1902
1903 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->peer_addr);
1904 if (!conn)
1905 goto unlock;
1906
1907 /* Store the initiator and responder address information which
1908 * is needed for SMP. These values will not change during the
1909 * lifetime of the connection.
1910 */
1911 conn->init_addr_type = cp->own_address_type;
1912 if (cp->own_address_type == ADDR_LE_DEV_RANDOM)
1913 bacpy(&conn->init_addr, &hdev->random_addr);
1914 else
1915 bacpy(&conn->init_addr, &hdev->bdaddr);
1916
1917 conn->resp_addr_type = cp->peer_addr_type;
1918 bacpy(&conn->resp_addr, &cp->peer_addr);
1919
9489eca4
JH		 1920 /* We don't want the connection attempt to stick around
1921 * indefinitely since LE doesn't have a page timeout concept
1922 * like BR/EDR. Set a timer for any connection that doesn't use
1923 * the white list for connecting.
1924 */
1925 if (cp->filter_policy == HCI_LE_USE_PEER_ADDR)
1926 queue_delayed_work(conn->hdev->workqueue,
1927 &conn->le_conn_timeout,
09ae260b 1928 conn->conn_timeout);
9489eca4 1929
cb1d68f7
JH		 1930unlock:
1931 hci_dev_unlock(hdev);
1932}
1933
81d0c8ad
JH		 1934static void hci_cs_le_start_enc(struct hci_dev *hdev, u8 status)
1935{
1936 struct hci_cp_le_start_enc *cp;
1937 struct hci_conn *conn;
1938
1939 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1940
1941 if (!status)
1942 return;
1943
1944 hci_dev_lock(hdev);
1945
1946 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_START_ENC);
1947 if (!cp)
1948 goto unlock;
1949
1950 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1951 if (!conn)
1952 goto unlock;
1953
1954 if (conn->state != BT_CONNECTED)
1955 goto unlock;
1956
1957 hci_disconnect(conn, HCI_ERROR_AUTH_FAILURE);
1958 hci_conn_drop(conn);
1959
1960unlock:
1961 hci_dev_unlock(hdev);
1962}
1963
6039aa73 1964static void hci_inquiry_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4
LT		 1965{
1966 __u8 status = *((__u8 *) skb->data);
30dc78e1
JH		 1967 struct discovery_state *discov = &hdev->discovery;
1968 struct inquiry_entry *e;
1da177e4 1969
9f1db00c 1970 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1da177e4 1971
a9de9248 1972 hci_conn_check_pending(hdev);
89352e7d
AG		 1973
1974 if (!test_and_clear_bit(HCI_INQUIRY, &hdev->flags))
1975 return;
1976
4e857c58 1977 smp_mb__after_atomic(); /* wake_up_bit advises about this barrier */
3e13fa1e
AG		 1978 wake_up_bit(&hdev->flags, HCI_INQUIRY);
1979
a8b2d5c2 1980 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
30dc78e1
JH		 1981 return;
1982
56e5cb86 1983 hci_dev_lock(hdev);
30dc78e1 1984
343f935b 1985 if (discov->state != DISCOVERY_FINDING)
30dc78e1
JH		 1986 goto unlock;
1987
1988 if (list_empty(&discov->resolve)) {
1989 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1990 goto unlock;
1991 }
1992
1993 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_NEEDED);
1994 if (e && hci_resolve_name(hdev, e) == 0) {
1995 e->name_state = NAME_PENDING;
1996 hci_discovery_set_state(hdev, DISCOVERY_RESOLVING);
1997 } else {
1998 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1999 }
2000
2001unlock:
56e5cb86 2002 hci_dev_unlock(hdev);
1da177e4
LT		 2003}
2004
6039aa73 2005static void hci_inquiry_result_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 2006{
45bb4bf0 2007 struct inquiry_data data;
a9de9248 2008 struct inquiry_info *info = (void *) (skb->data + 1);
1da177e4
LT		 2009 int num_rsp = *((__u8 *) skb->data);
2010
2011 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
2012
45bb4bf0
MH		 2013 if (!num_rsp)
2014 return;
2015
1519cc17
AG		 2016 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags))
2017 return;
2018
1da177e4 2019 hci_dev_lock(hdev);
45bb4bf0 2020
e17acd40 2021 for (; num_rsp; num_rsp--, info++) {
af58925c 2022 u32 flags;
3175405b 2023
1da177e4
LT		 2024 bacpy(&data.bdaddr, &info->bdaddr);
2025 data.pscan_rep_mode = info->pscan_rep_mode;
2026 data.pscan_period_mode = info->pscan_period_mode;
2027 data.pscan_mode = info->pscan_mode;
2028 memcpy(data.dev_class, info->dev_class, 3);
2029 data.clock_offset = info->clock_offset;
2030 data.rssi = 0x00;
41a96212 2031 data.ssp_mode = 0x00;
3175405b 2032
af58925c
MH		 2033 flags = hci_inquiry_cache_update(hdev, &data, false);
2034
48264f06 2035 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
af58925c 2036 info->dev_class, 0, flags, NULL, 0, NULL, 0);
1da177e4 2037 }
45bb4bf0 2038
1da177e4
LT		 2039 hci_dev_unlock(hdev);
2040}
2041
6039aa73 2042static void hci_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 2043{
a9de9248
MH		 2044 struct hci_ev_conn_complete *ev = (void *) skb->data;
2045 struct hci_conn *conn;
1da177e4
LT		 2046
2047 BT_DBG("%s", hdev->name);
2048
2049 hci_dev_lock(hdev);
2050
2051 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
9499237a
MH		 2052 if (!conn) {
2053 if (ev->link_type != SCO_LINK)
2054 goto unlock;
2055
2056 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
2057 if (!conn)
2058 goto unlock;
2059
2060 conn->type = SCO_LINK;
2061 }
1da177e4
LT		 2062
2063 if (!ev->status) {
2064 conn->handle = __le16_to_cpu(ev->handle);
769be974
MH		 2065
2066 if (conn->type == ACL_LINK) {
2067 conn->state = BT_CONFIG;
2068 hci_conn_hold(conn);
a9ea3ed9
SJ		 2069
2070 if (!conn->out && !hci_conn_ssp_enabled(conn) &&
2071 !hci_find_link_key(hdev, &ev->bdaddr))
2072 conn->disc_timeout = HCI_PAIRING_TIMEOUT;
2073 else
2074 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
769be974
MH		 2075 } else
2076 conn->state = BT_CONNECTED;
1da177e4 2077
7d0db0a3
MH		 2078 hci_conn_add_sysfs(conn);
2079
1da177e4 2080 if (test_bit(HCI_AUTH, &hdev->flags))
4dae2798 2081 set_bit(HCI_CONN_AUTH, &conn->flags);
1da177e4
LT		 2082
2083 if (test_bit(HCI_ENCRYPT, &hdev->flags))
4dae2798 2084 set_bit(HCI_CONN_ENCRYPT, &conn->flags);
1da177e4 2085
04837f64
MH		 2086 /* Get remote features */
2087 if (conn->type == ACL_LINK) {
2088 struct hci_cp_read_remote_features cp;
2089 cp.handle = ev->handle;
769be974 2090 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_FEATURES,
04124681 2091 sizeof(cp), &cp);
04837f64
MH		 2092 }
2093
1da177e4 2094 /* Set packet type for incoming connection */
d095c1eb 2095 if (!conn->out && hdev->hci_ver < BLUETOOTH_VER_2_0) {
1da177e4
LT		 2096 struct hci_cp_change_conn_ptype cp;
2097 cp.handle = ev->handle;
a8746417 2098 cp.pkt_type = cpu_to_le16(conn->pkt_type);
04124681
GP		 2099 hci_send_cmd(hdev, HCI_OP_CHANGE_CONN_PTYPE, sizeof(cp),
2100 &cp);
1da177e4 2101 }
17d5c04c 2102 } else {
1da177e4 2103 conn->state = BT_CLOSED;
17d5c04c 2104 if (conn->type == ACL_LINK)
64c7b77c 2105 mgmt_connect_failed(hdev, &conn->dst, conn->type,
04124681 2106 conn->dst_type, ev->status);
17d5c04c 2107 }
1da177e4 2108
e73439d8
MH		 2109 if (conn->type == ACL_LINK)
2110 hci_sco_setup(conn, ev->status);
1da177e4 2111
769be974
MH		 2112 if (ev->status) {
2113 hci_proto_connect_cfm(conn, ev->status);
1da177e4 2114 hci_conn_del(conn);
c89b6e6b
MH		 2115 } else if (ev->link_type != ACL_LINK)
2116 hci_proto_connect_cfm(conn, ev->status);
1da177e4 2117
a9de9248 2118unlock:
1da177e4 2119 hci_dev_unlock(hdev);
1da177e4 2120
a9de9248 2121 hci_conn_check_pending(hdev);
1da177e4
LT		 2122}
2123
6039aa73 2124static void hci_conn_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 2125{
a9de9248
MH		 2126 struct hci_ev_conn_request *ev = (void *) skb->data;
2127 int mask = hdev->link_mode;
20714bfe 2128 __u8 flags = 0;
1da177e4 2129
6ed93dc6 2130 BT_DBG("%s bdaddr %pMR type 0x%x", hdev->name, &ev->bdaddr,
807deac2 2131 ev->link_type);
1da177e4 2132
20714bfe
FD		 2133 mask |= hci_proto_connect_ind(hdev, &ev->bdaddr, ev->link_type,
2134 &flags);
1da177e4 2135
138d22ef 2136 if ((mask & HCI_LM_ACCEPT) &&
dcc36c16
JH		 2137 !hci_bdaddr_list_lookup(&hdev->blacklist, &ev->bdaddr,
2138 BDADDR_BREDR)) {
a9de9248 2139 /* Connection accepted */
c7bdd502 2140 struct inquiry_entry *ie;
1da177e4 2141 struct hci_conn *conn;
1da177e4 2142
a9de9248 2143 hci_dev_lock(hdev);
b6a0dc82 2144
cc11b9c1
AE		 2145 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
2146 if (ie)
c7bdd502
MH		 2147 memcpy(ie->data.dev_class, ev->dev_class, 3);
2148
8fc9ced3
GP		 2149 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type,
2150 &ev->bdaddr);
a9de9248 2151 if (!conn) {
cc11b9c1
AE		 2152 conn = hci_conn_add(hdev, ev->link_type, &ev->bdaddr);
2153 if (!conn) {
893ef971 2154 BT_ERR("No memory for new connection");
a9de9248
MH		 2155 hci_dev_unlock(hdev);
2156 return;
1da177e4
LT		 2157 }
2158 }
b6a0dc82 2159
a9de9248 2160 memcpy(conn->dev_class, ev->dev_class, 3);
b6a0dc82 2161
a9de9248 2162 hci_dev_unlock(hdev);
1da177e4 2163
20714bfe
FD		 2164 if (ev->link_type == ACL_LINK ||
2165 (!(flags & HCI_PROTO_DEFER) && !lmp_esco_capable(hdev))) {
b6a0dc82 2166 struct hci_cp_accept_conn_req cp;
20714bfe 2167 conn->state = BT_CONNECT;
1da177e4 2168
b6a0dc82
MH		 2169 bacpy(&cp.bdaddr, &ev->bdaddr);
2170
2171 if (lmp_rswitch_capable(hdev) && (mask & HCI_LM_MASTER))
2172 cp.role = 0x00; /* Become master */
2173 else
2174 cp.role = 0x01; /* Remain slave */
2175
04124681
GP		 2176 hci_send_cmd(hdev, HCI_OP_ACCEPT_CONN_REQ, sizeof(cp),
2177 &cp);
20714bfe 2178 } else if (!(flags & HCI_PROTO_DEFER)) {
b6a0dc82 2179 struct hci_cp_accept_sync_conn_req cp;
20714bfe 2180 conn->state = BT_CONNECT;
b6a0dc82
MH		 2181
2182 bacpy(&cp.bdaddr, &ev->bdaddr);
a8746417 2183 cp.pkt_type = cpu_to_le16(conn->pkt_type);
b6a0dc82 2184
dcf4adbf
JP		 2185 cp.tx_bandwidth = cpu_to_le32(0x00001f40);
2186 cp.rx_bandwidth = cpu_to_le32(0x00001f40);
2187 cp.max_latency = cpu_to_le16(0xffff);
b6a0dc82
MH		 2188 cp.content_format = cpu_to_le16(hdev->voice_setting);
2189 cp.retrans_effort = 0xff;
1da177e4 2190
b6a0dc82 2191 hci_send_cmd(hdev, HCI_OP_ACCEPT_SYNC_CONN_REQ,
04124681 2192 sizeof(cp), &cp);
20714bfe
FD		 2193 } else {
2194 conn->state = BT_CONNECT2;
2195 hci_proto_connect_cfm(conn, 0);
b6a0dc82 2196 }
a9de9248
MH		 2197 } else {
2198 /* Connection rejected */
2199 struct hci_cp_reject_conn_req cp;
1da177e4 2200
a9de9248 2201 bacpy(&cp.bdaddr, &ev->bdaddr);
9f5a0d7b 2202 cp.reason = HCI_ERROR_REJ_BAD_ADDR;
a9de9248 2203 hci_send_cmd(hdev, HCI_OP_REJECT_CONN_REQ, sizeof(cp), &cp);
1da177e4 2204 }
1da177e4
LT		 2205}
2206
f0d6a0ea
MA		 2207static u8 hci_to_mgmt_reason(u8 err)
2208{
2209 switch (err) {
2210 case HCI_ERROR_CONNECTION_TIMEOUT:
2211 return MGMT_DEV_DISCONN_TIMEOUT;
2212 case HCI_ERROR_REMOTE_USER_TERM:
2213 case HCI_ERROR_REMOTE_LOW_RESOURCES:
2214 case HCI_ERROR_REMOTE_POWER_OFF:
2215 return MGMT_DEV_DISCONN_REMOTE;
2216 case HCI_ERROR_LOCAL_HOST_TERM:
2217 return MGMT_DEV_DISCONN_LOCAL_HOST;
2218 default:
2219 return MGMT_DEV_DISCONN_UNKNOWN;
2220 }
2221}
2222
6039aa73 2223static void hci_disconn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
04837f64 2224{
a9de9248 2225 struct hci_ev_disconn_complete *ev = (void *) skb->data;
abf54a50 2226 u8 reason = hci_to_mgmt_reason(ev->reason);
9fcb18ef 2227 struct hci_conn_params *params;
04837f64 2228 struct hci_conn *conn;
12d4a3b2 2229 bool mgmt_connected;
3846220b 2230 u8 type;
04837f64 2231
9f1db00c 2232 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
04837f64
MH		 2233
2234 hci_dev_lock(hdev);
2235
2236 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
f7520543
JH		 2237 if (!conn)
2238 goto unlock;
7d0db0a3 2239
abf54a50
AG		 2240 if (ev->status) {
2241 mgmt_disconnect_failed(hdev, &conn->dst, conn->type,
2242 conn->dst_type, ev->status);
2243 goto unlock;
37d9ef76 2244 }
f7520543 2245
3846220b
AG		 2246 conn->state = BT_CLOSED;
2247
12d4a3b2
JH		 2248 mgmt_connected = test_and_clear_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags);
2249 mgmt_device_disconnected(hdev, &conn->dst, conn->type, conn->dst_type,
2250 reason, mgmt_connected);
abf54a50 2251
af6a9c32
JH		 2252 if (conn->type == ACL_LINK &&
2253 test_bit(HCI_CONN_FLUSH_KEY, &conn->flags))
3846220b 2254 hci_remove_link_key(hdev, &conn->dst);
2210246c 2255
9fcb18ef
AG		 2256 params = hci_conn_params_lookup(hdev, &conn->dst, conn->dst_type);
2257 if (params) {
2258 switch (params->auto_connect) {
2259 case HCI_AUTO_CONN_LINK_LOSS:
2260 if (ev->reason != HCI_ERROR_CONNECTION_TIMEOUT)
2261 break;
2262 /* Fall through */
2263
2264 case HCI_AUTO_CONN_ALWAYS:
418025d1
JH		 2265 list_del_init(&params->action);
2266 list_add(&params->action, &hdev->pend_le_conns);
2267 hci_update_background_scan(hdev);
9fcb18ef
AG		 2268 break;
2269
2270 default:
2271 break;
2272 }
2273 }
2274
3846220b 2275 type = conn->type;
2210246c 2276
3846220b
AG		 2277 hci_proto_disconn_cfm(conn, ev->reason);
2278 hci_conn_del(conn);
2279
2280 /* Re-enable advertising if necessary, since it might
2281 * have been disabled by the connection. From the
2282 * HCI_LE_Set_Advertise_Enable command description in
2283 * the core specification (v4.0):
2284 * "The Controller shall continue advertising until the Host
2285 * issues an LE_Set_Advertise_Enable command with
2286 * Advertising_Enable set to 0x00 (Advertising is disabled)
2287 * or until a connection is created or until the Advertising
2288 * is timed out due to Directed Advertising."
2289 */
2290 if (type == LE_LINK)
2291 mgmt_reenable_advertising(hdev);
f7520543
JH		 2292
2293unlock:
04837f64
MH		 2294 hci_dev_unlock(hdev);
2295}
2296
6039aa73 2297static void hci_auth_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 2298{
a9de9248 2299 struct hci_ev_auth_complete *ev = (void *) skb->data;
04837f64 2300 struct hci_conn *conn;
1da177e4 2301
9f1db00c 2302 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
1da177e4
LT		 2303
2304 hci_dev_lock(hdev);
2305
04837f64 2306 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
d7556e20
WR		 2307 if (!conn)
2308 goto unlock;
2309
2310 if (!ev->status) {
aa64a8b5 2311 if (!hci_conn_ssp_enabled(conn) &&
807deac2 2312 test_bit(HCI_CONN_REAUTH_PEND, &conn->flags)) {
d7556e20 2313 BT_INFO("re-auth of legacy device is not possible.");
2a611692 2314 } else {
4dae2798 2315 set_bit(HCI_CONN_AUTH, &conn->flags);
d7556e20 2316 conn->sec_level = conn->pending_sec_level;
2a611692 2317 }
d7556e20 2318 } else {
bab73cb6 2319 mgmt_auth_failed(hdev, &conn->dst, conn->type, conn->dst_type,
04124681 2320 ev->status);
d7556e20 2321 }
1da177e4 2322
51a8efd7
JH		 2323 clear_bit(HCI_CONN_AUTH_PEND, &conn->flags);
2324 clear_bit(HCI_CONN_REAUTH_PEND, &conn->flags);
1da177e4 2325
d7556e20 2326 if (conn->state == BT_CONFIG) {
aa64a8b5 2327 if (!ev->status && hci_conn_ssp_enabled(conn)) {
d7556e20
WR		 2328 struct hci_cp_set_conn_encrypt cp;
2329 cp.handle = ev->handle;
2330 cp.encrypt = 0x01;
2331 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
807deac2 2332 &cp);
052b30b0 2333 } else {
d7556e20
WR		 2334 conn->state = BT_CONNECTED;
2335 hci_proto_connect_cfm(conn, ev->status);
76a68ba0 2336 hci_conn_drop(conn);
052b30b0 2337 }
d7556e20
WR		 2338 } else {
2339 hci_auth_cfm(conn, ev->status);
052b30b0 2340
d7556e20
WR		 2341 hci_conn_hold(conn);
2342 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
76a68ba0 2343 hci_conn_drop(conn);
d7556e20
WR		 2344 }
2345
51a8efd7 2346 if (test_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags)) {
d7556e20
WR		 2347 if (!ev->status) {
2348 struct hci_cp_set_conn_encrypt cp;
2349 cp.handle = ev->handle;
2350 cp.encrypt = 0x01;
2351 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
807deac2 2352 &cp);
d7556e20 2353 } else {
51a8efd7 2354 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
d7556e20 2355 hci_encrypt_cfm(conn, ev->status, 0x00);
1da177e4
LT		 2356 }
2357 }
2358
d7556e20 2359unlock:
1da177e4
LT		 2360 hci_dev_unlock(hdev);
2361}
2362
6039aa73 2363static void hci_remote_name_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 2364{
127178d2
JH		 2365 struct hci_ev_remote_name *ev = (void *) skb->data;
2366 struct hci_conn *conn;
2367
a9de9248 2368 BT_DBG("%s", hdev->name);
1da177e4 2369
a9de9248 2370 hci_conn_check_pending(hdev);
127178d2
JH		 2371
2372 hci_dev_lock(hdev);
2373
b644ba33 2374 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
30dc78e1 2375
b644ba33
JH		 2376 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
2377 goto check_auth;
a88a9652 2378
b644ba33
JH		 2379 if (ev->status == 0)
2380 hci_check_pending_name(hdev, conn, &ev->bdaddr, ev->name,
04124681 2381 strnlen(ev->name, HCI_MAX_NAME_LENGTH));
b644ba33
JH		 2382 else
2383 hci_check_pending_name(hdev, conn, &ev->bdaddr, NULL, 0);
2384
2385check_auth:
79c6c70c
JH		 2386 if (!conn)
2387 goto unlock;
2388
2389 if (!hci_outgoing_auth_needed(hdev, conn))
2390 goto unlock;
2391
51a8efd7 2392 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
127178d2
JH		 2393 struct hci_cp_auth_requested cp;
2394 cp.handle = __cpu_to_le16(conn->handle);
2395 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp);
2396 }
2397
79c6c70c 2398unlock:
127178d2 2399 hci_dev_unlock(hdev);
a9de9248
MH		 2400}
2401
6039aa73 2402static void hci_encrypt_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248
MH		 2403{
2404 struct hci_ev_encrypt_change *ev = (void *) skb->data;
2405 struct hci_conn *conn;
2406
9f1db00c 2407 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
1da177e4
LT		 2408
2409 hci_dev_lock(hdev);
2410
04837f64 2411 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
dc8357cc
MH		 2412 if (!conn)
2413 goto unlock;
1da177e4 2414
dc8357cc
MH		 2415 if (!ev->status) {
2416 if (ev->encrypt) {
2417 /* Encryption implies authentication */
4dae2798
JH		 2418 set_bit(HCI_CONN_AUTH, &conn->flags);
2419 set_bit(HCI_CONN_ENCRYPT, &conn->flags);
dc8357cc 2420 conn->sec_level = conn->pending_sec_level;
abf76bad 2421
914a6ffe
MH		 2422 /* P-256 authentication key implies FIPS */
2423 if (conn->key_type == HCI_LK_AUTH_COMBINATION_P256)
4dae2798 2424 set_bit(HCI_CONN_FIPS, &conn->flags);
914a6ffe 2425
abf76bad
MH		 2426 if ((conn->type == ACL_LINK && ev->encrypt == 0x02) ||
2427 conn->type == LE_LINK)
2428 set_bit(HCI_CONN_AES_CCM, &conn->flags);
2429 } else {
4dae2798 2430 clear_bit(HCI_CONN_ENCRYPT, &conn->flags);
abf76bad
MH		 2431 clear_bit(HCI_CONN_AES_CCM, &conn->flags);
2432 }
dc8357cc 2433 }
a7d7723a 2434
dc8357cc 2435 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
f8558555 2436
dc8357cc
MH		 2437 if (ev->status && conn->state == BT_CONNECTED) {
2438 hci_disconnect(conn, HCI_ERROR_AUTH_FAILURE);
2439 hci_conn_drop(conn);
2440 goto unlock;
1da177e4
LT		 2441 }
2442
dc8357cc
MH		 2443 if (conn->state == BT_CONFIG) {
2444 if (!ev->status)
2445 conn->state = BT_CONNECTED;
2446
40b552aa
MH		 2447 /* In Secure Connections Only mode, do not allow any
2448 * connections that are not encrypted with AES-CCM
2449 * using a P-256 authenticated combination key.
2450 */
2451 if (test_bit(HCI_SC_ONLY, &hdev->dev_flags) &&
2452 (!test_bit(HCI_CONN_AES_CCM, &conn->flags) ||
2453 conn->key_type != HCI_LK_AUTH_COMBINATION_P256)) {
2454 hci_proto_connect_cfm(conn, HCI_ERROR_AUTH_FAILURE);
2455 hci_conn_drop(conn);
2456 goto unlock;
2457 }
2458
dc8357cc
MH		 2459 hci_proto_connect_cfm(conn, ev->status);
2460 hci_conn_drop(conn);
2461 } else
2462 hci_encrypt_cfm(conn, ev->status, ev->encrypt);
2463
a7d7723a 2464unlock:
1da177e4
LT		 2465 hci_dev_unlock(hdev);
2466}
2467
6039aa73
GP		 2468static void hci_change_link_key_complete_evt(struct hci_dev *hdev,
2469 struct sk_buff *skb)
1da177e4 2470{
a9de9248 2471 struct hci_ev_change_link_key_complete *ev = (void *) skb->data;
04837f64 2472 struct hci_conn *conn;
1da177e4 2473
9f1db00c 2474 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
1da177e4
LT		 2475
2476 hci_dev_lock(hdev);
2477
04837f64 2478 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1da177e4
LT		 2479 if (conn) {
2480 if (!ev->status)
4dae2798 2481 set_bit(HCI_CONN_SECURE, &conn->flags);
1da177e4 2482
51a8efd7 2483 clear_bit(HCI_CONN_AUTH_PEND, &conn->flags);
1da177e4
LT		 2484
2485 hci_key_change_cfm(conn, ev->status);
2486 }
2487
2488 hci_dev_unlock(hdev);
2489}
2490
6039aa73
GP		 2491static void hci_remote_features_evt(struct hci_dev *hdev,
2492 struct sk_buff *skb)
1da177e4 2493{
a9de9248
MH		 2494 struct hci_ev_remote_features *ev = (void *) skb->data;
2495 struct hci_conn *conn;
2496
9f1db00c 2497 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
a9de9248 2498
a9de9248
MH		 2499 hci_dev_lock(hdev);
2500
2501 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
ccd556fe
JH		 2502 if (!conn)
2503 goto unlock;
769be974 2504
ccd556fe 2505 if (!ev->status)
cad718ed 2506 memcpy(conn->features[0], ev->features, 8);
ccd556fe
JH		 2507
2508 if (conn->state != BT_CONFIG)
2509 goto unlock;
2510
2511 if (!ev->status && lmp_ssp_capable(hdev) && lmp_ssp_capable(conn)) {
2512 struct hci_cp_read_remote_ext_features cp;
2513 cp.handle = ev->handle;
2514 cp.page = 0x01;
2515 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES,
807deac2 2516 sizeof(cp), &cp);
392599b9
JH		 2517 goto unlock;
2518 }
2519
671267bf 2520 if (!ev->status && !test_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags)) {
127178d2
JH		 2521 struct hci_cp_remote_name_req cp;
2522 memset(&cp, 0, sizeof(cp));
2523 bacpy(&cp.bdaddr, &conn->dst);
2524 cp.pscan_rep_mode = 0x02;
2525 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
b644ba33
JH		 2526 } else if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
2527 mgmt_device_connected(hdev, &conn->dst, conn->type,
04124681
GP		 2528 conn->dst_type, 0, NULL, 0,
2529 conn->dev_class);
392599b9 2530
127178d2 2531 if (!hci_outgoing_auth_needed(hdev, conn)) {
ccd556fe
JH		 2532 conn->state = BT_CONNECTED;
2533 hci_proto_connect_cfm(conn, ev->status);
76a68ba0 2534 hci_conn_drop(conn);
769be974 2535 }
a9de9248 2536
ccd556fe 2537unlock:
a9de9248 2538 hci_dev_unlock(hdev);
1da177e4
LT		 2539}
2540
6039aa73 2541static void hci_cmd_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248
MH		 2542{
2543 struct hci_ev_cmd_complete *ev = (void *) skb->data;
9238f36a 2544 u8 status = skb->data[sizeof(*ev)];
a9de9248
MH		 2545 __u16 opcode;
2546
2547 skb_pull(skb, sizeof(*ev));
2548
2549 opcode = __le16_to_cpu(ev->opcode);
2550
2551 switch (opcode) {
2552 case HCI_OP_INQUIRY_CANCEL:
2553 hci_cc_inquiry_cancel(hdev, skb);
2554 break;
2555
4d93483b
AG		 2556 case HCI_OP_PERIODIC_INQ:
2557 hci_cc_periodic_inq(hdev, skb);
2558 break;
2559
a9de9248
MH		 2560 case HCI_OP_EXIT_PERIODIC_INQ:
2561 hci_cc_exit_periodic_inq(hdev, skb);
2562 break;
2563
2564 case HCI_OP_REMOTE_NAME_REQ_CANCEL:
2565 hci_cc_remote_name_req_cancel(hdev, skb);
2566 break;
2567
2568 case HCI_OP_ROLE_DISCOVERY:
2569 hci_cc_role_discovery(hdev, skb);
2570 break;
2571
e4e8e37c
MH		 2572 case HCI_OP_READ_LINK_POLICY:
2573 hci_cc_read_link_policy(hdev, skb);
2574 break;
2575
a9de9248
MH		 2576 case HCI_OP_WRITE_LINK_POLICY:
2577 hci_cc_write_link_policy(hdev, skb);
2578 break;
2579
e4e8e37c
MH		 2580 case HCI_OP_READ_DEF_LINK_POLICY:
2581 hci_cc_read_def_link_policy(hdev, skb);
2582 break;
2583
2584 case HCI_OP_WRITE_DEF_LINK_POLICY:
2585 hci_cc_write_def_link_policy(hdev, skb);
2586 break;
2587
a9de9248
MH		 2588 case HCI_OP_RESET:
2589 hci_cc_reset(hdev, skb);
2590 break;
2591
2592 case HCI_OP_WRITE_LOCAL_NAME:
2593 hci_cc_write_local_name(hdev, skb);
2594 break;
2595
2596 case HCI_OP_READ_LOCAL_NAME:
2597 hci_cc_read_local_name(hdev, skb);
2598 break;
2599
2600 case HCI_OP_WRITE_AUTH_ENABLE:
2601 hci_cc_write_auth_enable(hdev, skb);
2602 break;
2603
2604 case HCI_OP_WRITE_ENCRYPT_MODE:
2605 hci_cc_write_encrypt_mode(hdev, skb);
2606 break;
2607
2608 case HCI_OP_WRITE_SCAN_ENABLE:
2609 hci_cc_write_scan_enable(hdev, skb);
2610 break;
2611
2612 case HCI_OP_READ_CLASS_OF_DEV:
2613 hci_cc_read_class_of_dev(hdev, skb);
2614 break;
2615
2616 case HCI_OP_WRITE_CLASS_OF_DEV:
2617 hci_cc_write_class_of_dev(hdev, skb);
2618 break;
2619
2620 case HCI_OP_READ_VOICE_SETTING:
2621 hci_cc_read_voice_setting(hdev, skb);
2622 break;
2623
2624 case HCI_OP_WRITE_VOICE_SETTING:
2625 hci_cc_write_voice_setting(hdev, skb);
2626 break;
2627
b4cb9fb2
MH		 2628 case HCI_OP_READ_NUM_SUPPORTED_IAC:
2629 hci_cc_read_num_supported_iac(hdev, skb);
2630 break;
2631
333140b5
MH		 2632 case HCI_OP_WRITE_SSP_MODE:
2633 hci_cc_write_ssp_mode(hdev, skb);
2634 break;
2635
eac83dc6
MH		 2636 case HCI_OP_WRITE_SC_SUPPORT:
2637 hci_cc_write_sc_support(hdev, skb);
2638 break;
2639
a9de9248
MH		 2640 case HCI_OP_READ_LOCAL_VERSION:
2641 hci_cc_read_local_version(hdev, skb);
2642 break;
2643
2644 case HCI_OP_READ_LOCAL_COMMANDS:
2645 hci_cc_read_local_commands(hdev, skb);
2646 break;
2647
2648 case HCI_OP_READ_LOCAL_FEATURES:
2649 hci_cc_read_local_features(hdev, skb);
2650 break;
2651
971e3a4b
AG		 2652 case HCI_OP_READ_LOCAL_EXT_FEATURES:
2653 hci_cc_read_local_ext_features(hdev, skb);
2654 break;
2655
a9de9248
MH		 2656 case HCI_OP_READ_BUFFER_SIZE:
2657 hci_cc_read_buffer_size(hdev, skb);
2658 break;
2659
2660 case HCI_OP_READ_BD_ADDR:
2661 hci_cc_read_bd_addr(hdev, skb);
2662 break;
2663
f332ec66
JH		 2664 case HCI_OP_READ_PAGE_SCAN_ACTIVITY:
2665 hci_cc_read_page_scan_activity(hdev, skb);
2666 break;
2667
4a3ee763
JH		 2668 case HCI_OP_WRITE_PAGE_SCAN_ACTIVITY:
2669 hci_cc_write_page_scan_activity(hdev, skb);
2670 break;
2671
f332ec66
JH		 2672 case HCI_OP_READ_PAGE_SCAN_TYPE:
2673 hci_cc_read_page_scan_type(hdev, skb);
2674 break;
2675
4a3ee763
JH		 2676 case HCI_OP_WRITE_PAGE_SCAN_TYPE:
2677 hci_cc_write_page_scan_type(hdev, skb);
2678 break;
2679
350ee4cf
AE		 2680 case HCI_OP_READ_DATA_BLOCK_SIZE:
2681 hci_cc_read_data_block_size(hdev, skb);
2682 break;
2683
1e89cffb
AE		 2684 case HCI_OP_READ_FLOW_CONTROL_MODE:
2685 hci_cc_read_flow_control_mode(hdev, skb);
2686 break;
2687
928abaa7
AE		 2688 case HCI_OP_READ_LOCAL_AMP_INFO:
2689 hci_cc_read_local_amp_info(hdev, skb);
2690 break;
2691
33f35721
JH		 2692 case HCI_OP_READ_CLOCK:
2693 hci_cc_read_clock(hdev, skb);
2694 break;
2695
903e4541
AE		 2696 case HCI_OP_READ_LOCAL_AMP_ASSOC:
2697 hci_cc_read_local_amp_assoc(hdev, skb);
2698 break;
2699
d5859e22
JH		 2700 case HCI_OP_READ_INQ_RSP_TX_POWER:
2701 hci_cc_read_inq_rsp_tx_power(hdev, skb);
2702 break;
2703
980e1a53
JH		 2704 case HCI_OP_PIN_CODE_REPLY:
2705 hci_cc_pin_code_reply(hdev, skb);
2706 break;
2707
2708 case HCI_OP_PIN_CODE_NEG_REPLY:
2709 hci_cc_pin_code_neg_reply(hdev, skb);
2710 break;
2711
c35938b2 2712 case HCI_OP_READ_LOCAL_OOB_DATA:
4d2d2796
MH		 2713 hci_cc_read_local_oob_data(hdev, skb);
2714 break;
2715
2716 case HCI_OP_READ_LOCAL_OOB_EXT_DATA:
2717 hci_cc_read_local_oob_ext_data(hdev, skb);
c35938b2
SJ		 2718 break;
2719
6ed58ec5
VT		 2720 case HCI_OP_LE_READ_BUFFER_SIZE:
2721 hci_cc_le_read_buffer_size(hdev, skb);
2722 break;
2723
60e77321
JH		 2724 case HCI_OP_LE_READ_LOCAL_FEATURES:
2725 hci_cc_le_read_local_features(hdev, skb);
2726 break;
2727
8fa19098
JH		 2728 case HCI_OP_LE_READ_ADV_TX_POWER:
2729 hci_cc_le_read_adv_tx_power(hdev, skb);
2730 break;
2731
a5c29683
JH		 2732 case HCI_OP_USER_CONFIRM_REPLY:
2733 hci_cc_user_confirm_reply(hdev, skb);
2734 break;
2735
2736 case HCI_OP_USER_CONFIRM_NEG_REPLY:
2737 hci_cc_user_confirm_neg_reply(hdev, skb);
2738 break;
2739
1143d458
BG		 2740 case HCI_OP_USER_PASSKEY_REPLY:
2741 hci_cc_user_passkey_reply(hdev, skb);
2742 break;
2743
2744 case HCI_OP_USER_PASSKEY_NEG_REPLY:
2745 hci_cc_user_passkey_neg_reply(hdev, skb);
16cde993 2746 break;
07f7fa5d 2747
7a4cd51d
MH		 2748 case HCI_OP_LE_SET_RANDOM_ADDR:
2749 hci_cc_le_set_random_addr(hdev, skb);
2750 break;
2751
c1d5dc4a
JH		 2752 case HCI_OP_LE_SET_ADV_ENABLE:
2753 hci_cc_le_set_adv_enable(hdev, skb);
2754 break;
2755
533553f8
MH		 2756 case HCI_OP_LE_SET_SCAN_PARAM:
2757 hci_cc_le_set_scan_param(hdev, skb);
2758 break;
2759
eb9d91f5
AG		 2760 case HCI_OP_LE_SET_SCAN_ENABLE:
2761 hci_cc_le_set_scan_enable(hdev, skb);
2762 break;
2763
cf1d081f
JH		 2764 case HCI_OP_LE_READ_WHITE_LIST_SIZE:
2765 hci_cc_le_read_white_list_size(hdev, skb);
2766 break;
2767
0f36b589
MH		 2768 case HCI_OP_LE_CLEAR_WHITE_LIST:
2769 hci_cc_le_clear_white_list(hdev, skb);
2770 break;
2771
2772 case HCI_OP_LE_ADD_TO_WHITE_LIST:
2773 hci_cc_le_add_to_white_list(hdev, skb);
2774 break;
2775
2776 case HCI_OP_LE_DEL_FROM_WHITE_LIST:
2777 hci_cc_le_del_from_white_list(hdev, skb);
2778 break;
2779
9b008c04
JH		 2780 case HCI_OP_LE_READ_SUPPORTED_STATES:
2781 hci_cc_le_read_supported_states(hdev, skb);
2782 break;
2783
f9b49306
AG		 2784 case HCI_OP_WRITE_LE_HOST_SUPPORTED:
2785 hci_cc_write_le_host_supported(hdev, skb);
2786 break;
2787
56ed2cb8
JH		 2788 case HCI_OP_LE_SET_ADV_PARAM:
2789 hci_cc_set_adv_param(hdev, skb);
2790 break;
2791
93c284ee
AE		 2792 case HCI_OP_WRITE_REMOTE_AMP_ASSOC:
2793 hci_cc_write_remote_amp_assoc(hdev, skb);
2794 break;
2795
5ae76a94
AK		 2796 case HCI_OP_READ_RSSI:
2797 hci_cc_read_rssi(hdev, skb);
2798 break;
2799
5a134fae
AK		 2800 case HCI_OP_READ_TX_POWER:
2801 hci_cc_read_tx_power(hdev, skb);
2802 break;
2803
a9de9248 2804 default:
9f1db00c 2805 BT_DBG("%s opcode 0x%4.4x", hdev->name, opcode);
a9de9248
MH		 2806 break;
2807 }
2808
ad82cdd1 2809 if (opcode != HCI_OP_NOP)
65cc2b49 2810 cancel_delayed_work(&hdev->cmd_timer);
6bd32326 2811
ad82cdd1 2812 hci_req_cmd_complete(hdev, opcode, status);
9238f36a 2813
dbccd791 2814 if (ev->ncmd && !test_bit(HCI_RESET, &hdev->flags)) {
a9de9248
MH		 2815 atomic_set(&hdev->cmd_cnt, 1);
2816 if (!skb_queue_empty(&hdev->cmd_q))
c347b765 2817 queue_work(hdev->workqueue, &hdev->cmd_work);
a9de9248
MH		 2818 }
2819}
2820
6039aa73 2821static void hci_cmd_status_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248
MH		 2822{
2823 struct hci_ev_cmd_status *ev = (void *) skb->data;
2824 __u16 opcode;
2825
2826 skb_pull(skb, sizeof(*ev));
2827
2828 opcode = __le16_to_cpu(ev->opcode);
2829
2830 switch (opcode) {
2831 case HCI_OP_INQUIRY:
2832 hci_cs_inquiry(hdev, ev->status);
2833 break;
2834
2835 case HCI_OP_CREATE_CONN:
2836 hci_cs_create_conn(hdev, ev->status);
2837 break;
2838
2839 case HCI_OP_ADD_SCO:
2840 hci_cs_add_sco(hdev, ev->status);
2841 break;
2842
f8558555
MH		 2843 case HCI_OP_AUTH_REQUESTED:
2844 hci_cs_auth_requested(hdev, ev->status);
2845 break;
2846
2847 case HCI_OP_SET_CONN_ENCRYPT:
2848 hci_cs_set_conn_encrypt(hdev, ev->status);
2849 break;
2850
a9de9248
MH		 2851 case HCI_OP_REMOTE_NAME_REQ:
2852 hci_cs_remote_name_req(hdev, ev->status);
2853 break;
2854
769be974
MH		 2855 case HCI_OP_READ_REMOTE_FEATURES:
2856 hci_cs_read_remote_features(hdev, ev->status);
2857 break;
2858
2859 case HCI_OP_READ_REMOTE_EXT_FEATURES:
2860 hci_cs_read_remote_ext_features(hdev, ev->status);
2861 break;
2862
a9de9248
MH		 2863 case HCI_OP_SETUP_SYNC_CONN:
2864 hci_cs_setup_sync_conn(hdev, ev->status);
2865 break;
2866
2867 case HCI_OP_SNIFF_MODE:
2868 hci_cs_sniff_mode(hdev, ev->status);
2869 break;
2870
2871 case HCI_OP_EXIT_SNIFF_MODE:
2872 hci_cs_exit_sniff_mode(hdev, ev->status);
2873 break;
2874
8962ee74 2875 case HCI_OP_DISCONNECT:
88c3df13 2876 hci_cs_disconnect(hdev, ev->status);
8962ee74
JH		 2877 break;
2878
a02226d6
AE		 2879 case HCI_OP_CREATE_PHY_LINK:
2880 hci_cs_create_phylink(hdev, ev->status);
2881 break;
2882
0b26ab9d
AE		 2883 case HCI_OP_ACCEPT_PHY_LINK:
2884 hci_cs_accept_phylink(hdev, ev->status);
2885 break;
2886
cb1d68f7
JH		 2887 case HCI_OP_LE_CREATE_CONN:
2888 hci_cs_le_create_conn(hdev, ev->status);
2889 break;
2890
81d0c8ad
JH		 2891 case HCI_OP_LE_START_ENC:
2892 hci_cs_le_start_enc(hdev, ev->status);
2893 break;
2894
a9de9248 2895 default:
9f1db00c 2896 BT_DBG("%s opcode 0x%4.4x", hdev->name, opcode);
a9de9248
MH		 2897 break;
2898 }
2899
ad82cdd1 2900 if (opcode != HCI_OP_NOP)
65cc2b49 2901 cancel_delayed_work(&hdev->cmd_timer);
6bd32326 2902
02350a72
JH		 2903 if (ev->status ||
2904 (hdev->sent_cmd && !bt_cb(hdev->sent_cmd)->req.event))
2905 hci_req_cmd_complete(hdev, opcode, ev->status);
9238f36a 2906
10572132 2907 if (ev->ncmd && !test_bit(HCI_RESET, &hdev->flags)) {
a9de9248
MH		 2908 atomic_set(&hdev->cmd_cnt, 1);
2909 if (!skb_queue_empty(&hdev->cmd_q))
c347b765 2910 queue_work(hdev->workqueue, &hdev->cmd_work);
a9de9248
MH		 2911 }
2912}
2913
6039aa73 2914static void hci_role_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248
MH		 2915{
2916 struct hci_ev_role_change *ev = (void *) skb->data;
2917 struct hci_conn *conn;
2918
9f1db00c 2919 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
a9de9248
MH		 2920
2921 hci_dev_lock(hdev);
2922
2923 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2924 if (conn) {
2925 if (!ev->status) {
2926 if (ev->role)
4dae2798 2927 clear_bit(HCI_CONN_MASTER, &conn->flags);
a9de9248 2928 else
4dae2798 2929 set_bit(HCI_CONN_MASTER, &conn->flags);
a9de9248
MH		 2930 }
2931
51a8efd7 2932 clear_bit(HCI_CONN_RSWITCH_PEND, &conn->flags);
a9de9248
MH		 2933
2934 hci_role_switch_cfm(conn, ev->status, ev->role);
2935 }
2936
2937 hci_dev_unlock(hdev);
2938}
2939
6039aa73 2940static void hci_num_comp_pkts_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248
MH		 2941{
2942 struct hci_ev_num_comp_pkts *ev = (void *) skb->data;
a9de9248
MH		 2943 int i;
2944
32ac5b9b
AE		 2945 if (hdev->flow_ctl_mode != HCI_FLOW_CTL_MODE_PACKET_BASED) {
2946 BT_ERR("Wrong event for mode %d", hdev->flow_ctl_mode);
2947 return;
2948 }
2949
c5993de8 2950 if (skb->len < sizeof(*ev) || skb->len < sizeof(*ev) +
807deac2 2951 ev->num_hndl * sizeof(struct hci_comp_pkts_info)) {
a9de9248
MH		 2952 BT_DBG("%s bad parameters", hdev->name);
2953 return;
2954 }
2955
c5993de8
AE		 2956 BT_DBG("%s num_hndl %d", hdev->name, ev->num_hndl);
2957
613a1c0c
AE		 2958 for (i = 0; i < ev->num_hndl; i++) {
2959 struct hci_comp_pkts_info *info = &ev->handles[i];
a9de9248
MH		 2960 struct hci_conn *conn;
2961 __u16 handle, count;
2962
613a1c0c
AE		 2963 handle = __le16_to_cpu(info->handle);
2964 count = __le16_to_cpu(info->count);
a9de9248
MH		 2965
2966 conn = hci_conn_hash_lookup_handle(hdev, handle);
f4280918
AE		 2967 if (!conn)
2968 continue;
2969
2970 conn->sent -= count;
2971
2972 switch (conn->type) {
2973 case ACL_LINK:
2974 hdev->acl_cnt += count;
2975 if (hdev->acl_cnt > hdev->acl_pkts)
2976 hdev->acl_cnt = hdev->acl_pkts;
2977 break;
2978
2979 case LE_LINK:
2980 if (hdev->le_pkts) {
2981 hdev->le_cnt += count;
2982 if (hdev->le_cnt > hdev->le_pkts)
2983 hdev->le_cnt = hdev->le_pkts;
2984 } else {
70f23020
AE		 2985 hdev->acl_cnt += count;
2986 if (hdev->acl_cnt > hdev->acl_pkts)
a9de9248 2987 hdev->acl_cnt = hdev->acl_pkts;
a9de9248 2988 }
f4280918
AE		 2989 break;
2990
2991 case SCO_LINK:
2992 hdev->sco_cnt += count;
2993 if (hdev->sco_cnt > hdev->sco_pkts)
2994 hdev->sco_cnt = hdev->sco_pkts;
2995 break;
2996
2997 default:
2998 BT_ERR("Unknown type %d conn %p", conn->type, conn);
2999 break;
a9de9248
MH		 3000 }
3001 }
3002
3eff45ea 3003 queue_work(hdev->workqueue, &hdev->tx_work);
a9de9248
MH		 3004}
3005
76ef7cf7
AE		 3006static struct hci_conn *__hci_conn_lookup_handle(struct hci_dev *hdev,
3007 __u16 handle)
3008{
3009 struct hci_chan *chan;
3010
3011 switch (hdev->dev_type) {
3012 case HCI_BREDR:
3013 return hci_conn_hash_lookup_handle(hdev, handle);
3014 case HCI_AMP:
3015 chan = hci_chan_lookup_handle(hdev, handle);
3016 if (chan)
3017 return chan->conn;
3018 break;
3019 default:
3020 BT_ERR("%s unknown dev_type %d", hdev->name, hdev->dev_type);
3021 break;
3022 }
3023
3024 return NULL;
3025}
3026
6039aa73 3027static void hci_num_comp_blocks_evt(struct hci_dev *hdev, struct sk_buff *skb)
25e89e99
AE		 3028{
3029 struct hci_ev_num_comp_blocks *ev = (void *) skb->data;
3030 int i;
3031
3032 if (hdev->flow_ctl_mode != HCI_FLOW_CTL_MODE_BLOCK_BASED) {
3033 BT_ERR("Wrong event for mode %d", hdev->flow_ctl_mode);
3034 return;
3035 }
3036
3037 if (skb->len < sizeof(*ev) || skb->len < sizeof(*ev) +
807deac2 3038 ev->num_hndl * sizeof(struct hci_comp_blocks_info)) {
25e89e99
AE		 3039 BT_DBG("%s bad parameters", hdev->name);
3040 return;
3041 }
3042
3043 BT_DBG("%s num_blocks %d num_hndl %d", hdev->name, ev->num_blocks,
807deac2 3044 ev->num_hndl);
25e89e99
AE		 3045
3046 for (i = 0; i < ev->num_hndl; i++) {
3047 struct hci_comp_blocks_info *info = &ev->handles[i];
76ef7cf7 3048 struct hci_conn *conn = NULL;
25e89e99
AE		 3049 __u16 handle, block_count;
3050
3051 handle = __le16_to_cpu(info->handle);
3052 block_count = __le16_to_cpu(info->blocks);
3053
76ef7cf7 3054 conn = __hci_conn_lookup_handle(hdev, handle);
25e89e99
AE		 3055 if (!conn)
3056 continue;
3057
3058 conn->sent -= block_count;
3059
3060 switch (conn->type) {
3061 case ACL_LINK:
bd1eb66b 3062 case AMP_LINK:
25e89e99
AE		 3063 hdev->block_cnt += block_count;
3064 if (hdev->block_cnt > hdev->num_blocks)
3065 hdev->block_cnt = hdev->num_blocks;
3066 break;
3067
3068 default:
3069 BT_ERR("Unknown type %d conn %p", conn->type, conn);
3070 break;
3071 }
3072 }
3073
3074 queue_work(hdev->workqueue, &hdev->tx_work);
3075}
3076
6039aa73 3077static void hci_mode_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
04837f64 3078{
a9de9248 3079 struct hci_ev_mode_change *ev = (void *) skb->data;
04837f64
MH		 3080 struct hci_conn *conn;
3081
9f1db00c 3082 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
04837f64
MH		 3083
3084 hci_dev_lock(hdev);
3085
3086 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
a9de9248
MH		 3087 if (conn) {
3088 conn->mode = ev->mode;
a9de9248 3089
8fc9ced3
GP		 3090 if (!test_and_clear_bit(HCI_CONN_MODE_CHANGE_PEND,
3091 &conn->flags)) {
a9de9248 3092 if (conn->mode == HCI_CM_ACTIVE)
58a681ef 3093 set_bit(HCI_CONN_POWER_SAVE, &conn->flags);
a9de9248 3094 else
58a681ef 3095 clear_bit(HCI_CONN_POWER_SAVE, &conn->flags);
a9de9248 3096 }
e73439d8 3097
51a8efd7 3098 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
e73439d8 3099 hci_sco_setup(conn, ev->status);
04837f64
MH		 3100 }
3101
3102 hci_dev_unlock(hdev);
3103}
3104
6039aa73 3105static void hci_pin_code_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248 3106{
052b30b0
MH		 3107 struct hci_ev_pin_code_req *ev = (void *) skb->data;
3108 struct hci_conn *conn;
3109
a9de9248 3110 BT_DBG("%s", hdev->name);
052b30b0
MH		 3111
3112 hci_dev_lock(hdev);
3113
3114 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
b6f98044
WR		 3115 if (!conn)
3116 goto unlock;
3117
3118 if (conn->state == BT_CONNECTED) {
052b30b0
MH		 3119 hci_conn_hold(conn);
3120 conn->disc_timeout = HCI_PAIRING_TIMEOUT;
76a68ba0 3121 hci_conn_drop(conn);
052b30b0
MH		 3122 }
3123
a8b2d5c2 3124 if (!test_bit(HCI_PAIRABLE, &hdev->dev_flags))
03b555e1 3125 hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
807deac2 3126 sizeof(ev->bdaddr), &ev->bdaddr);
a8b2d5c2 3127 else if (test_bit(HCI_MGMT, &hdev->dev_flags)) {
a770bb5a
WR		 3128 u8 secure;
3129
3130 if (conn->pending_sec_level == BT_SECURITY_HIGH)
3131 secure = 1;
3132 else
3133 secure = 0;
3134
744cf19e 3135 mgmt_pin_code_request(hdev, &ev->bdaddr, secure);
a770bb5a 3136 }
980e1a53 3137
b6f98044 3138unlock:
052b30b0 3139 hci_dev_unlock(hdev);
a9de9248
MH		 3140}
3141
6039aa73 3142static void hci_link_key_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248 3143{
55ed8ca1
JH		 3144 struct hci_ev_link_key_req *ev = (void *) skb->data;
3145 struct hci_cp_link_key_reply cp;
3146 struct hci_conn *conn;
3147 struct link_key *key;
3148
a9de9248 3149 BT_DBG("%s", hdev->name);
55ed8ca1 3150
034cbea0 3151 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
55ed8ca1
JH		 3152 return;
3153
3154 hci_dev_lock(hdev);
3155
3156 key = hci_find_link_key(hdev, &ev->bdaddr);
3157 if (!key) {
6ed93dc6
AE		 3158 BT_DBG("%s link key not found for %pMR", hdev->name,
3159 &ev->bdaddr);
55ed8ca1
JH		 3160 goto not_found;
3161 }
3162
6ed93dc6
AE		 3163 BT_DBG("%s found key type %u for %pMR", hdev->name, key->type,
3164 &ev->bdaddr);
55ed8ca1 3165
55ed8ca1 3166 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
60b83f57 3167 if (conn) {
66138ce8
MH		 3168 if ((key->type == HCI_LK_UNAUTH_COMBINATION_P192 ||
3169 key->type == HCI_LK_UNAUTH_COMBINATION_P256) &&
807deac2 3170 conn->auth_type != 0xff && (conn->auth_type & 0x01)) {
60b83f57
WR		 3171 BT_DBG("%s ignoring unauthenticated key", hdev->name);
3172 goto not_found;
3173 }
55ed8ca1 3174
60b83f57 3175 if (key->type == HCI_LK_COMBINATION && key->pin_len < 16 &&
f3fb0b58
JH		 3176 (conn->pending_sec_level == BT_SECURITY_HIGH ||
3177 conn->pending_sec_level == BT_SECURITY_FIPS)) {
8fc9ced3
GP		 3178 BT_DBG("%s ignoring key unauthenticated for high security",
3179 hdev->name);
60b83f57
WR		 3180 goto not_found;
3181 }
3182
3183 conn->key_type = key->type;
3184 conn->pin_length = key->pin_len;
55ed8ca1
JH		 3185 }
3186
3187 bacpy(&cp.bdaddr, &ev->bdaddr);
9b3b4460 3188 memcpy(cp.link_key, key->val, HCI_LINK_KEY_SIZE);
55ed8ca1
JH		 3189
3190 hci_send_cmd(hdev, HCI_OP_LINK_KEY_REPLY, sizeof(cp), &cp);
3191
3192 hci_dev_unlock(hdev);
3193
3194 return;
3195
3196not_found:
3197 hci_send_cmd(hdev, HCI_OP_LINK_KEY_NEG_REPLY, 6, &ev->bdaddr);
3198 hci_dev_unlock(hdev);
a9de9248
MH		 3199}
3200
6039aa73 3201static void hci_link_key_notify_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248 3202{
052b30b0
MH		 3203 struct hci_ev_link_key_notify *ev = (void *) skb->data;
3204 struct hci_conn *conn;
7652ff6a
JH		 3205 struct link_key *key;
3206 bool persistent;
55ed8ca1 3207 u8 pin_len = 0;
052b30b0 3208
a9de9248 3209 BT_DBG("%s", hdev->name);
052b30b0
MH		 3210
3211 hci_dev_lock(hdev);
3212
3213 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3214 if (conn) {
3215 hci_conn_hold(conn);
3216 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
980e1a53 3217 pin_len = conn->pin_length;
13d39315
WR		 3218
3219 if (ev->key_type != HCI_LK_CHANGED_COMBINATION)
3220 conn->key_type = ev->key_type;
3221
76a68ba0 3222 hci_conn_drop(conn);
052b30b0
MH		 3223 }
3224
7652ff6a
JH		 3225 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
3226 goto unlock;
3227
3228 key = hci_add_link_key(hdev, conn, &ev->bdaddr, ev->link_key,
3229 ev->key_type, pin_len, &persistent);
3230 if (!key)
3231 goto unlock;
3232
3233 mgmt_new_link_key(hdev, key, persistent);
55ed8ca1 3234
6d5650c4
JH		 3235 /* Keep debug keys around only if the HCI_KEEP_DEBUG_KEYS flag
3236 * is set. If it's not set simply remove the key from the kernel
3237 * list (we've still notified user space about it but with
3238 * store_hint being 0).
3239 */
3240 if (key->type == HCI_LK_DEBUG_COMBINATION &&
3241 !test_bit(HCI_KEEP_DEBUG_KEYS, &hdev->dev_flags)) {
3242 list_del(&key->list);
3243 kfree(key);
3244 } else if (conn) {
af6a9c32
JH		 3245 if (persistent)
3246 clear_bit(HCI_CONN_FLUSH_KEY, &conn->flags);
3247 else
3248 set_bit(HCI_CONN_FLUSH_KEY, &conn->flags);
6d5650c4 3249 }
7652ff6a
JH		 3250
3251unlock:
052b30b0 3252 hci_dev_unlock(hdev);
a9de9248
MH		 3253}
3254
6039aa73 3255static void hci_clock_offset_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 3256{
a9de9248 3257 struct hci_ev_clock_offset *ev = (void *) skb->data;
04837f64 3258 struct hci_conn *conn;
1da177e4 3259
9f1db00c 3260 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
1da177e4
LT		 3261
3262 hci_dev_lock(hdev);
3263
04837f64 3264 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1da177e4
LT		 3265 if (conn && !ev->status) {
3266 struct inquiry_entry *ie;
3267
cc11b9c1
AE		 3268 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
3269 if (ie) {
1da177e4
LT		 3270 ie->data.clock_offset = ev->clock_offset;
3271 ie->timestamp = jiffies;
3272 }
3273 }
3274
3275 hci_dev_unlock(hdev);
3276}
3277
6039aa73 3278static void hci_pkt_type_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
a8746417
MH		 3279{
3280 struct hci_ev_pkt_type_change *ev = (void *) skb->data;
3281 struct hci_conn *conn;
3282
9f1db00c 3283 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
a8746417
MH		 3284
3285 hci_dev_lock(hdev);
3286
3287 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
3288 if (conn && !ev->status)
3289 conn->pkt_type = __le16_to_cpu(ev->pkt_type);
3290
3291 hci_dev_unlock(hdev);
3292}
3293
6039aa73 3294static void hci_pscan_rep_mode_evt(struct hci_dev *hdev, struct sk_buff *skb)
85a1e930 3295{
a9de9248 3296 struct hci_ev_pscan_rep_mode *ev = (void *) skb->data;
85a1e930
MH		 3297 struct inquiry_entry *ie;
3298
3299 BT_DBG("%s", hdev->name);
3300
3301 hci_dev_lock(hdev);
3302
cc11b9c1
AE		 3303 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
3304 if (ie) {
85a1e930
MH		 3305 ie->data.pscan_rep_mode = ev->pscan_rep_mode;
3306 ie->timestamp = jiffies;
3307 }
3308
3309 hci_dev_unlock(hdev);
3310}
3311
6039aa73
GP		 3312static void hci_inquiry_result_with_rssi_evt(struct hci_dev *hdev,
3313 struct sk_buff *skb)
a9de9248
MH		 3314{
3315 struct inquiry_data data;
3316 int num_rsp = *((__u8 *) skb->data);
3317
3318 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
3319
3320 if (!num_rsp)
3321 return;
3322
1519cc17
AG		 3323 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags))
3324 return;
3325
a9de9248
MH		 3326 hci_dev_lock(hdev);
3327
3328 if ((skb->len - 1) / num_rsp != sizeof(struct inquiry_info_with_rssi)) {
138d22ef
SJ		 3329 struct inquiry_info_with_rssi_and_pscan_mode *info;
3330 info = (void *) (skb->data + 1);
a9de9248 3331
e17acd40 3332 for (; num_rsp; num_rsp--, info++) {
af58925c
MH		 3333 u32 flags;
3334
a9de9248
MH		 3335 bacpy(&data.bdaddr, &info->bdaddr);
3336 data.pscan_rep_mode = info->pscan_rep_mode;
3337 data.pscan_period_mode = info->pscan_period_mode;
3338 data.pscan_mode = info->pscan_mode;
3339 memcpy(data.dev_class, info->dev_class, 3);
3340 data.clock_offset = info->clock_offset;
3341 data.rssi = info->rssi;
41a96212 3342 data.ssp_mode = 0x00;
3175405b 3343
af58925c
MH		 3344 flags = hci_inquiry_cache_update(hdev, &data, false);
3345
48264f06 3346 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
04124681 3347 info->dev_class, info->rssi,
af58925c 3348 flags, NULL, 0, NULL, 0);
a9de9248
MH		 3349 }
3350 } else {
3351 struct inquiry_info_with_rssi *info = (void *) (skb->data + 1);
3352
e17acd40 3353 for (; num_rsp; num_rsp--, info++) {
af58925c
MH		 3354 u32 flags;
3355
a9de9248
MH		 3356 bacpy(&data.bdaddr, &info->bdaddr);
3357 data.pscan_rep_mode = info->pscan_rep_mode;
3358 data.pscan_period_mode = info->pscan_period_mode;
3359 data.pscan_mode = 0x00;
3360 memcpy(data.dev_class, info->dev_class, 3);
3361 data.clock_offset = info->clock_offset;
3362 data.rssi = info->rssi;
41a96212 3363 data.ssp_mode = 0x00;
af58925c
MH		 3364
3365 flags = hci_inquiry_cache_update(hdev, &data, false);
3366
48264f06 3367 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
04124681 3368 info->dev_class, info->rssi,
af58925c 3369 flags, NULL, 0, NULL, 0);
a9de9248
MH		 3370 }
3371 }
3372
3373 hci_dev_unlock(hdev);
3374}
3375
6039aa73
GP		 3376static void hci_remote_ext_features_evt(struct hci_dev *hdev,
3377 struct sk_buff *skb)
a9de9248 3378{
41a96212
MH		 3379 struct hci_ev_remote_ext_features *ev = (void *) skb->data;
3380 struct hci_conn *conn;
3381
a9de9248 3382 BT_DBG("%s", hdev->name);
41a96212 3383
41a96212
MH		 3384 hci_dev_lock(hdev);
3385
3386 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
ccd556fe
JH		 3387 if (!conn)
3388 goto unlock;
41a96212 3389
cad718ed
JH		 3390 if (ev->page < HCI_MAX_PAGES)
3391 memcpy(conn->features[ev->page], ev->features, 8);
3392
ccd556fe
JH		 3393 if (!ev->status && ev->page == 0x01) {
3394 struct inquiry_entry *ie;
41a96212 3395
cc11b9c1
AE		 3396 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
3397 if (ie)
02b7cc62 3398 ie->data.ssp_mode = (ev->features[0] & LMP_HOST_SSP);
769be974 3399
bbb0eada 3400 if (ev->features[0] & LMP_HOST_SSP) {
58a681ef 3401 set_bit(HCI_CONN_SSP_ENABLED, &conn->flags);
bbb0eada
JK		 3402 } else {
3403 /* It is mandatory by the Bluetooth specification that
3404 * Extended Inquiry Results are only used when Secure
3405 * Simple Pairing is enabled, but some devices violate
3406 * this.
3407 *
3408 * To make these devices work, the internal SSP
3409 * enabled flag needs to be cleared if the remote host
3410 * features do not indicate SSP support */
3411 clear_bit(HCI_CONN_SSP_ENABLED, &conn->flags);
3412 }
eb9a8f3f
MH		 3413
3414 if (ev->features[0] & LMP_HOST_SC)
3415 set_bit(HCI_CONN_SC_ENABLED, &conn->flags);
ccd556fe
JH		 3416 }
3417
3418 if (conn->state != BT_CONFIG)
3419 goto unlock;
3420
671267bf 3421 if (!ev->status && !test_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags)) {
127178d2
JH		 3422 struct hci_cp_remote_name_req cp;
3423 memset(&cp, 0, sizeof(cp));
3424 bacpy(&cp.bdaddr, &conn->dst);
3425 cp.pscan_rep_mode = 0x02;
3426 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
b644ba33
JH		 3427 } else if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
3428 mgmt_device_connected(hdev, &conn->dst, conn->type,
04124681
GP		 3429 conn->dst_type, 0, NULL, 0,
3430 conn->dev_class);
392599b9 3431
127178d2 3432 if (!hci_outgoing_auth_needed(hdev, conn)) {
ccd556fe
JH		 3433 conn->state = BT_CONNECTED;
3434 hci_proto_connect_cfm(conn, ev->status);
76a68ba0 3435 hci_conn_drop(conn);
41a96212
MH		 3436 }
3437
ccd556fe 3438unlock:
41a96212 3439 hci_dev_unlock(hdev);
a9de9248
MH		 3440}
3441
6039aa73
GP		 3442static void hci_sync_conn_complete_evt(struct hci_dev *hdev,
3443 struct sk_buff *skb)
a9de9248 3444{
b6a0dc82
MH		 3445 struct hci_ev_sync_conn_complete *ev = (void *) skb->data;
3446 struct hci_conn *conn;
3447
9f1db00c 3448 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
b6a0dc82
MH		 3449
3450 hci_dev_lock(hdev);
3451
3452 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
9dc0a3af
MH		 3453 if (!conn) {
3454 if (ev->link_type == ESCO_LINK)
3455 goto unlock;
3456
3457 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
3458 if (!conn)
3459 goto unlock;
3460
3461 conn->type = SCO_LINK;
3462 }
b6a0dc82 3463
732547f9
MH		 3464 switch (ev->status) {
3465 case 0x00:
b6a0dc82
MH		 3466 conn->handle = __le16_to_cpu(ev->handle);
3467 conn->state = BT_CONNECTED;
7d0db0a3
MH		 3468
3469 hci_conn_add_sysfs(conn);
732547f9
MH		 3470 break;
3471
81218d20 3472 case 0x10: /* Connection Accept Timeout */
1a4c958c 3473 case 0x0d: /* Connection Rejected due to Limited Resources */
705e5711 3474 case 0x11: /* Unsupported Feature or Parameter Value */
732547f9 3475 case 0x1c: /* SCO interval rejected */
1038a00b 3476 case 0x1a: /* Unsupported Remote Feature */
732547f9 3477 case 0x1f: /* Unspecified error */
27539bc4 3478 case 0x20: /* Unsupported LMP Parameter value */
2dea632f 3479 if (conn->out) {
732547f9
MH		 3480 conn->pkt_type = (hdev->esco_type & SCO_ESCO_MASK) |
3481 (hdev->esco_type & EDR_ESCO_MASK);
2dea632f
FD		 3482 if (hci_setup_sync(conn, conn->link->handle))
3483 goto unlock;
732547f9
MH		 3484 }
3485 /* fall through */
3486
3487 default:
b6a0dc82 3488 conn->state = BT_CLOSED;
732547f9
MH		 3489 break;
3490 }
b6a0dc82
MH		 3491
3492 hci_proto_connect_cfm(conn, ev->status);
3493 if (ev->status)
3494 hci_conn_del(conn);
3495
3496unlock:
3497 hci_dev_unlock(hdev);
a9de9248
MH		 3498}
3499
efdcf8e3
MH		 3500static inline size_t eir_get_length(u8 *eir, size_t eir_len)
3501{
3502 size_t parsed = 0;
3503
3504 while (parsed < eir_len) {
3505 u8 field_len = eir[0];
3506
3507 if (field_len == 0)
3508 return parsed;
3509
3510 parsed += field_len + 1;
3511 eir += field_len + 1;
3512 }
3513
3514 return eir_len;
3515}
3516
6039aa73
GP		 3517static void hci_extended_inquiry_result_evt(struct hci_dev *hdev,
3518 struct sk_buff *skb)
1da177e4 3519{
a9de9248
MH		 3520 struct inquiry_data data;
3521 struct extended_inquiry_info *info = (void *) (skb->data + 1);
3522 int num_rsp = *((__u8 *) skb->data);
9d939d94 3523 size_t eir_len;
1da177e4 3524
a9de9248 3525 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
1da177e4 3526
a9de9248
MH		 3527 if (!num_rsp)
3528 return;
1da177e4 3529
1519cc17
AG		 3530 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags))
3531 return;
3532
a9de9248
MH		 3533 hci_dev_lock(hdev);
3534
e17acd40 3535 for (; num_rsp; num_rsp--, info++) {
af58925c
MH		 3536 u32 flags;
3537 bool name_known;
561aafbc 3538
a9de9248 3539 bacpy(&data.bdaddr, &info->bdaddr);
138d22ef
SJ		 3540 data.pscan_rep_mode = info->pscan_rep_mode;
3541 data.pscan_period_mode = info->pscan_period_mode;
3542 data.pscan_mode = 0x00;
a9de9248 3543 memcpy(data.dev_class, info->dev_class, 3);
138d22ef
SJ		 3544 data.clock_offset = info->clock_offset;
3545 data.rssi = info->rssi;
41a96212 3546 data.ssp_mode = 0x01;
561aafbc 3547
a8b2d5c2 3548 if (test_bit(HCI_MGMT, &hdev->dev_flags))
4ddb1930 3549 name_known = eir_has_data_type(info->data,
04124681
GP		 3550 sizeof(info->data),
3551 EIR_NAME_COMPLETE);
561aafbc
JH		 3552 else
3553 name_known = true;
3554
af58925c
MH		 3555 flags = hci_inquiry_cache_update(hdev, &data, name_known);
3556
9d939d94 3557 eir_len = eir_get_length(info->data, sizeof(info->data));
af58925c 3558
48264f06 3559 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
af58925c
MH		 3560 info->dev_class, info->rssi,
3561 flags, info->data, eir_len, NULL, 0);
a9de9248
MH		 3562 }
3563
3564 hci_dev_unlock(hdev);
3565}
1da177e4 3566
1c2e0041
JH		 3567static void hci_key_refresh_complete_evt(struct hci_dev *hdev,
3568 struct sk_buff *skb)
3569{
3570 struct hci_ev_key_refresh_complete *ev = (void *) skb->data;
3571 struct hci_conn *conn;
3572
9f1db00c 3573 BT_DBG("%s status 0x%2.2x handle 0x%4.4x", hdev->name, ev->status,
1c2e0041
JH		 3574 __le16_to_cpu(ev->handle));
3575
3576 hci_dev_lock(hdev);
3577
3578 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
3579 if (!conn)
3580 goto unlock;
3581
9eb1fbfa
JH		 3582 /* For BR/EDR the necessary steps are taken through the
3583 * auth_complete event.
3584 */
3585 if (conn->type != LE_LINK)
3586 goto unlock;
3587
1c2e0041
JH		 3588 if (!ev->status)
3589 conn->sec_level = conn->pending_sec_level;
3590
3591 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
3592
3593 if (ev->status && conn->state == BT_CONNECTED) {
bed71748 3594 hci_disconnect(conn, HCI_ERROR_AUTH_FAILURE);
76a68ba0 3595 hci_conn_drop(conn);
1c2e0041
JH		 3596 goto unlock;
3597 }
3598
3599 if (conn->state == BT_CONFIG) {
3600 if (!ev->status)
3601 conn->state = BT_CONNECTED;
3602
3603 hci_proto_connect_cfm(conn, ev->status);
76a68ba0 3604 hci_conn_drop(conn);
1c2e0041
JH		 3605 } else {
3606 hci_auth_cfm(conn, ev->status);
3607
3608 hci_conn_hold(conn);
3609 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
76a68ba0 3610 hci_conn_drop(conn);
1c2e0041
JH		 3611 }
3612
3613unlock:
3614 hci_dev_unlock(hdev);
3615}
3616
6039aa73 3617static u8 hci_get_auth_req(struct hci_conn *conn)
17fa4b9d 3618{
17fa4b9d 3619 /* If remote requests no-bonding follow that lead */
acabae96
MA		 3620 if (conn->remote_auth == HCI_AT_NO_BONDING ||
3621 conn->remote_auth == HCI_AT_NO_BONDING_MITM)
58797bf7 3622 return conn->remote_auth | (conn->auth_type & 0x01);
17fa4b9d 3623
b7f94c88
MA		 3624 /* If both remote and local have enough IO capabilities, require
3625 * MITM protection
3626 */
3627 if (conn->remote_cap != HCI_IO_NO_INPUT_OUTPUT &&
3628 conn->io_capability != HCI_IO_NO_INPUT_OUTPUT)
3629 return conn->remote_auth | 0x01;
3630
7e74170a
TM		 3631 /* No MITM protection possible so ignore remote requirement */
3632 return (conn->remote_auth & ~0x01) | (conn->auth_type & 0x01);
17fa4b9d
JH		 3633}
3634
6039aa73 3635static void hci_io_capa_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
0493684e
MH		 3636{
3637 struct hci_ev_io_capa_request *ev = (void *) skb->data;
3638 struct hci_conn *conn;
3639
3640 BT_DBG("%s", hdev->name);
3641
3642 hci_dev_lock(hdev);
3643
3644 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
03b555e1
JH		 3645 if (!conn)
3646 goto unlock;
3647
3648 hci_conn_hold(conn);
3649
a8b2d5c2 3650 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
03b555e1
JH		 3651 goto unlock;
3652
a8b2d5c2 3653 if (test_bit(HCI_PAIRABLE, &hdev->dev_flags) ||
807deac2 3654 (conn->remote_auth & ~0x01) == HCI_AT_NO_BONDING) {
17fa4b9d
JH		 3655 struct hci_cp_io_capability_reply cp;
3656
3657 bacpy(&cp.bdaddr, &ev->bdaddr);
7a7f1e7c
HG		 3658 /* Change the IO capability from KeyboardDisplay
3659 * to DisplayYesNo as it is not supported by BT spec. */
3660 cp.capability = (conn->io_capability == 0x04) ?
a767631a 3661 HCI_IO_DISPLAY_YESNO : conn->io_capability;
b7f94c88
MA		 3662
3663 /* If we are initiators, there is no remote information yet */
3664 if (conn->remote_auth == 0xff) {
3665 cp.authentication = conn->auth_type;
6fd6b915 3666
b16c6604 3667 /* Request MITM protection if our IO caps allow it
4ad51a75
JH		 3668 * except for the no-bonding case.
3669 * conn->auth_type is not updated here since
3670 * that might cause the user confirmation to be
3671 * rejected in case the remote doesn't have the
3672 * IO capabilities for MITM.
b16c6604 3673 */
6fd6b915 3674 if (conn->io_capability != HCI_IO_NO_INPUT_OUTPUT &&
b16c6604 3675 cp.authentication != HCI_AT_NO_BONDING)
6fd6b915 3676 cp.authentication |= 0x01;
b7f94c88
MA		 3677 } else {
3678 conn->auth_type = hci_get_auth_req(conn);
3679 cp.authentication = conn->auth_type;
3680 }
17fa4b9d 3681
8fc9ced3
GP		 3682 if (hci_find_remote_oob_data(hdev, &conn->dst) &&
3683 (conn->out || test_bit(HCI_CONN_REMOTE_OOB, &conn->flags)))
ce85ee13
SJ		 3684 cp.oob_data = 0x01;
3685 else
3686 cp.oob_data = 0x00;
3687
17fa4b9d 3688 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_REPLY,
807deac2 3689 sizeof(cp), &cp);
03b555e1
JH		 3690 } else {
3691 struct hci_cp_io_capability_neg_reply cp;
3692
3693 bacpy(&cp.bdaddr, &ev->bdaddr);
9f5a0d7b 3694 cp.reason = HCI_ERROR_PAIRING_NOT_ALLOWED;
0493684e 3695
03b555e1 3696 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_NEG_REPLY,
807deac2 3697 sizeof(cp), &cp);
03b555e1
JH		 3698 }
3699
3700unlock:
3701 hci_dev_unlock(hdev);
3702}
3703
6039aa73 3704static void hci_io_capa_reply_evt(struct hci_dev *hdev, struct sk_buff *skb)
03b555e1
JH		 3705{
3706 struct hci_ev_io_capa_reply *ev = (void *) skb->data;
3707 struct hci_conn *conn;
3708
3709 BT_DBG("%s", hdev->name);
3710
3711 hci_dev_lock(hdev);
3712
3713 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3714 if (!conn)
3715 goto unlock;
3716
03b555e1 3717 conn->remote_cap = ev->capability;
03b555e1 3718 conn->remote_auth = ev->authentication;
58a681ef
JH		 3719 if (ev->oob_data)
3720 set_bit(HCI_CONN_REMOTE_OOB, &conn->flags);
03b555e1
JH		 3721
3722unlock:
0493684e
MH		 3723 hci_dev_unlock(hdev);
3724}
3725
6039aa73
GP		 3726static void hci_user_confirm_request_evt(struct hci_dev *hdev,
3727 struct sk_buff *skb)
a5c29683
JH		 3728{
3729 struct hci_ev_user_confirm_req *ev = (void *) skb->data;
55bc1a37 3730 int loc_mitm, rem_mitm, confirm_hint = 0;
7a828908 3731 struct hci_conn *conn;
a5c29683
JH		 3732
3733 BT_DBG("%s", hdev->name);
3734
3735 hci_dev_lock(hdev);
3736
a8b2d5c2 3737 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
7a828908 3738 goto unlock;
a5c29683 3739
7a828908
JH		 3740 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3741 if (!conn)
3742 goto unlock;
3743
3744 loc_mitm = (conn->auth_type & 0x01);
3745 rem_mitm = (conn->remote_auth & 0x01);
3746
3747 /* If we require MITM but the remote device can't provide that
6fd6b915
MA		 3748 * (it has NoInputNoOutput) then reject the confirmation request
3749 */
3750 if (loc_mitm && conn->remote_cap == HCI_IO_NO_INPUT_OUTPUT) {
7a828908
JH		 3751 BT_DBG("Rejecting request: remote device can't provide MITM");
3752 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_NEG_REPLY,
807deac2 3753 sizeof(ev->bdaddr), &ev->bdaddr);
7a828908
JH		 3754 goto unlock;
3755 }
3756
3757 /* If no side requires MITM protection; auto-accept */
a767631a
MA		 3758 if ((!loc_mitm || conn->remote_cap == HCI_IO_NO_INPUT_OUTPUT) &&
3759 (!rem_mitm || conn->io_capability == HCI_IO_NO_INPUT_OUTPUT)) {
55bc1a37
JH		 3760
3761 /* If we're not the initiators request authorization to
3762 * proceed from user space (mgmt_user_confirm with
ba15a58b
JH		 3763 * confirm_hint set to 1). The exception is if neither
3764 * side had MITM in which case we do auto-accept.
3765 */
3766 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->flags) &&
3767 (loc_mitm || rem_mitm)) {
55bc1a37
JH		 3768 BT_DBG("Confirming auto-accept as acceptor");
3769 confirm_hint = 1;
3770 goto confirm;
3771 }
3772
9f61656a 3773 BT_DBG("Auto-accept of user confirmation with %ums delay",
807deac2 3774 hdev->auto_accept_delay);
9f61656a
JH		 3775
3776 if (hdev->auto_accept_delay > 0) {
3777 int delay = msecs_to_jiffies(hdev->auto_accept_delay);
7bc18d9d
JH		 3778 queue_delayed_work(conn->hdev->workqueue,
3779 &conn->auto_accept_work, delay);
9f61656a
JH		 3780 goto unlock;
3781 }
3782
7a828908 3783 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_REPLY,
807deac2 3784 sizeof(ev->bdaddr), &ev->bdaddr);
7a828908
JH		 3785 goto unlock;
3786 }
3787
55bc1a37 3788confirm:
39adbffe
JH		 3789 mgmt_user_confirm_request(hdev, &ev->bdaddr, ACL_LINK, 0,
3790 le32_to_cpu(ev->passkey), confirm_hint);
7a828908
JH		 3791
3792unlock:
a5c29683
JH		 3793 hci_dev_unlock(hdev);
3794}
3795
6039aa73
GP		 3796static void hci_user_passkey_request_evt(struct hci_dev *hdev,
3797 struct sk_buff *skb)
1143d458
BG		 3798{
3799 struct hci_ev_user_passkey_req *ev = (void *) skb->data;
3800
3801 BT_DBG("%s", hdev->name);
3802
a8b2d5c2 3803 if (test_bit(HCI_MGMT, &hdev->dev_flags))
272d90df 3804 mgmt_user_passkey_request(hdev, &ev->bdaddr, ACL_LINK, 0);
1143d458
BG		 3805}
3806
92a25256
JH		 3807static void hci_user_passkey_notify_evt(struct hci_dev *hdev,
3808 struct sk_buff *skb)
3809{
3810 struct hci_ev_user_passkey_notify *ev = (void *) skb->data;
3811 struct hci_conn *conn;
3812
3813 BT_DBG("%s", hdev->name);
3814
3815 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3816 if (!conn)
3817 return;
3818
3819 conn->passkey_notify = __le32_to_cpu(ev->passkey);
3820 conn->passkey_entered = 0;
3821
3822 if (test_bit(HCI_MGMT, &hdev->dev_flags))
3823 mgmt_user_passkey_notify(hdev, &conn->dst, conn->type,
3824 conn->dst_type, conn->passkey_notify,
3825 conn->passkey_entered);
3826}
3827
3828static void hci_keypress_notify_evt(struct hci_dev *hdev, struct sk_buff *skb)
3829{
3830 struct hci_ev_keypress_notify *ev = (void *) skb->data;
3831 struct hci_conn *conn;
3832
3833 BT_DBG("%s", hdev->name);
3834
3835 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3836 if (!conn)
3837 return;
3838
3839 switch (ev->type) {
3840 case HCI_KEYPRESS_STARTED:
3841 conn->passkey_entered = 0;
3842 return;
3843
3844 case HCI_KEYPRESS_ENTERED:
3845 conn->passkey_entered++;
3846 break;
3847
3848 case HCI_KEYPRESS_ERASED:
3849 conn->passkey_entered--;
3850 break;
3851
3852 case HCI_KEYPRESS_CLEARED:
3853 conn->passkey_entered = 0;
3854 break;
3855
3856 case HCI_KEYPRESS_COMPLETED:
3857 return;
3858 }
3859
3860 if (test_bit(HCI_MGMT, &hdev->dev_flags))
3861 mgmt_user_passkey_notify(hdev, &conn->dst, conn->type,
3862 conn->dst_type, conn->passkey_notify,
3863 conn->passkey_entered);
3864}
3865
6039aa73
GP		 3866static void hci_simple_pair_complete_evt(struct hci_dev *hdev,
3867 struct sk_buff *skb)
0493684e
MH		 3868{
3869 struct hci_ev_simple_pair_complete *ev = (void *) skb->data;
3870 struct hci_conn *conn;
3871
3872 BT_DBG("%s", hdev->name);
3873
3874 hci_dev_lock(hdev);
3875
3876 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2a611692
JH		 3877 if (!conn)
3878 goto unlock;
3879
3880 /* To avoid duplicate auth_failed events to user space we check
3881 * the HCI_CONN_AUTH_PEND flag which will be set if we
3882 * initiated the authentication. A traditional auth_complete
3883 * event gets always produced as initiator and is also mapped to
3884 * the mgmt_auth_failed event */
fa1bd918 3885 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->flags) && ev->status)
bab73cb6 3886 mgmt_auth_failed(hdev, &conn->dst, conn->type, conn->dst_type,
04124681 3887 ev->status);
0493684e 3888
76a68ba0 3889 hci_conn_drop(conn);
2a611692
JH		 3890
3891unlock:
0493684e
MH		 3892 hci_dev_unlock(hdev);
3893}
3894
6039aa73
GP		 3895static void hci_remote_host_features_evt(struct hci_dev *hdev,
3896 struct sk_buff *skb)
41a96212
MH		 3897{
3898 struct hci_ev_remote_host_features *ev = (void *) skb->data;
3899 struct inquiry_entry *ie;
cad718ed 3900 struct hci_conn *conn;
41a96212
MH		 3901
3902 BT_DBG("%s", hdev->name);
3903
3904 hci_dev_lock(hdev);
3905
cad718ed
JH		 3906 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3907 if (conn)
3908 memcpy(conn->features[1], ev->features, 8);
3909
cc11b9c1
AE		 3910 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
3911 if (ie)
02b7cc62 3912 ie->data.ssp_mode = (ev->features[0] & LMP_HOST_SSP);
41a96212
MH		 3913
3914 hci_dev_unlock(hdev);
3915}
3916
6039aa73
GP		 3917static void hci_remote_oob_data_request_evt(struct hci_dev *hdev,
3918 struct sk_buff *skb)
2763eda6
SJ		 3919{
3920 struct hci_ev_remote_oob_data_request *ev = (void *) skb->data;
3921 struct oob_data *data;
3922
3923 BT_DBG("%s", hdev->name);
3924
3925 hci_dev_lock(hdev);
3926
a8b2d5c2 3927 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
e1ba1f15
SJ		 3928 goto unlock;
3929
2763eda6
SJ		 3930 data = hci_find_remote_oob_data(hdev, &ev->bdaddr);
3931 if (data) {
519ca9d0
MH		 3932 if (test_bit(HCI_SC_ENABLED, &hdev->dev_flags)) {
3933 struct hci_cp_remote_oob_ext_data_reply cp;
2763eda6 3934
519ca9d0
MH		 3935 bacpy(&cp.bdaddr, &ev->bdaddr);
3936 memcpy(cp.hash192, data->hash192, sizeof(cp.hash192));
3937 memcpy(cp.randomizer192, data->randomizer192,
3938 sizeof(cp.randomizer192));
3939 memcpy(cp.hash256, data->hash256, sizeof(cp.hash256));
3940 memcpy(cp.randomizer256, data->randomizer256,
3941 sizeof(cp.randomizer256));
3942
3943 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_EXT_DATA_REPLY,
3944 sizeof(cp), &cp);
3945 } else {
3946 struct hci_cp_remote_oob_data_reply cp;
2763eda6 3947
519ca9d0
MH		 3948 bacpy(&cp.bdaddr, &ev->bdaddr);
3949 memcpy(cp.hash, data->hash192, sizeof(cp.hash));
3950 memcpy(cp.randomizer, data->randomizer192,
3951 sizeof(cp.randomizer));
3952
3953 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_REPLY,
3954 sizeof(cp), &cp);
3955 }
2763eda6
SJ		 3956 } else {
3957 struct hci_cp_remote_oob_data_neg_reply cp;
3958
3959 bacpy(&cp.bdaddr, &ev->bdaddr);
519ca9d0
MH		 3960 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_NEG_REPLY,
3961 sizeof(cp), &cp);
2763eda6
SJ		 3962 }
3963
e1ba1f15 3964unlock:
2763eda6
SJ		 3965 hci_dev_unlock(hdev);
3966}
3967
d5e91192
AE		 3968static void hci_phy_link_complete_evt(struct hci_dev *hdev,
3969 struct sk_buff *skb)
3970{
3971 struct hci_ev_phy_link_complete *ev = (void *) skb->data;
3972 struct hci_conn *hcon, *bredr_hcon;
3973
3974 BT_DBG("%s handle 0x%2.2x status 0x%2.2x", hdev->name, ev->phy_handle,
3975 ev->status);
3976
3977 hci_dev_lock(hdev);
3978
3979 hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
3980 if (!hcon) {
3981 hci_dev_unlock(hdev);
3982 return;
3983 }
3984
3985 if (ev->status) {
3986 hci_conn_del(hcon);
3987 hci_dev_unlock(hdev);
3988 return;
3989 }
3990
3991 bredr_hcon = hcon->amp_mgr->l2cap_conn->hcon;
3992
3993 hcon->state = BT_CONNECTED;
3994 bacpy(&hcon->dst, &bredr_hcon->dst);
3995
3996 hci_conn_hold(hcon);
3997 hcon->disc_timeout = HCI_DISCONN_TIMEOUT;
76a68ba0 3998 hci_conn_drop(hcon);
d5e91192 3999
d5e91192
AE		 4000 hci_conn_add_sysfs(hcon);
4001
cf70ff22 4002 amp_physical_cfm(bredr_hcon, hcon);
d5e91192 4003
cf70ff22 4004 hci_dev_unlock(hdev);
d5e91192
AE		 4005}
4006
27695fb4
AE		 4007static void hci_loglink_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
4008{
4009 struct hci_ev_logical_link_complete *ev = (void *) skb->data;
4010 struct hci_conn *hcon;
4011 struct hci_chan *hchan;
4012 struct amp_mgr *mgr;
4013
4014 BT_DBG("%s log_handle 0x%4.4x phy_handle 0x%2.2x status 0x%2.2x",
4015 hdev->name, le16_to_cpu(ev->handle), ev->phy_handle,
4016 ev->status);
4017
4018 hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
4019 if (!hcon)
4020 return;
4021
4022 /* Create AMP hchan */
4023 hchan = hci_chan_create(hcon);
4024 if (!hchan)
4025 return;
4026
4027 hchan->handle = le16_to_cpu(ev->handle);
4028
4029 BT_DBG("hcon %p mgr %p hchan %p", hcon, hcon->amp_mgr, hchan);
4030
4031 mgr = hcon->amp_mgr;
4032 if (mgr && mgr->bredr_chan) {
4033 struct l2cap_chan *bredr_chan = mgr->bredr_chan;
4034
4035 l2cap_chan_lock(bredr_chan);
4036
4037 bredr_chan->conn->mtu = hdev->block_mtu;
4038 l2cap_logical_cfm(bredr_chan, hchan, 0);
4039 hci_conn_hold(hcon);
4040
4041 l2cap_chan_unlock(bredr_chan);
4042 }
4043}
4044
606e2a10
AE		 4045static void hci_disconn_loglink_complete_evt(struct hci_dev *hdev,
4046 struct sk_buff *skb)
4047{
4048 struct hci_ev_disconn_logical_link_complete *ev = (void *) skb->data;
4049 struct hci_chan *hchan;
4050
4051 BT_DBG("%s log handle 0x%4.4x status 0x%2.2x", hdev->name,
4052 le16_to_cpu(ev->handle), ev->status);
4053
4054 if (ev->status)
4055 return;
4056
4057 hci_dev_lock(hdev);
4058
4059 hchan = hci_chan_lookup_handle(hdev, le16_to_cpu(ev->handle));
4060 if (!hchan)
4061 goto unlock;
4062
4063 amp_destroy_logical_link(hchan, ev->reason);
4064
4065unlock:
4066 hci_dev_unlock(hdev);
4067}
4068
9eef6b3a
AE		 4069static void hci_disconn_phylink_complete_evt(struct hci_dev *hdev,
4070 struct sk_buff *skb)
4071{
4072 struct hci_ev_disconn_phy_link_complete *ev = (void *) skb->data;
4073 struct hci_conn *hcon;
4074
4075 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
4076
4077 if (ev->status)
4078 return;
4079
4080 hci_dev_lock(hdev);
4081
4082 hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
4083 if (hcon) {
4084 hcon->state = BT_CLOSED;
4085 hci_conn_del(hcon);
4086 }
4087
4088 hci_dev_unlock(hdev);
4089}
4090
6039aa73 4091static void hci_le_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
fcd89c09
VT		 4092{
4093 struct hci_ev_le_conn_complete *ev = (void *) skb->data;
912b42ef 4094 struct hci_conn_params *params;
fcd89c09 4095 struct hci_conn *conn;
68d6f6de 4096 struct smp_irk *irk;
837d502e 4097 u8 addr_type;
fcd89c09 4098
9f1db00c 4099 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
fcd89c09
VT		 4100
4101 hci_dev_lock(hdev);
4102
fbd96c15
JH		 4103 /* All controllers implicitly stop advertising in the event of a
4104 * connection, so ensure that the state bit is cleared.
4105 */
4106 clear_bit(HCI_LE_ADV, &hdev->dev_flags);
4107
b47a09b3 4108 conn = hci_conn_hash_lookup_state(hdev, LE_LINK, BT_CONNECT);
b62f328b
VT		 4109 if (!conn) {
4110 conn = hci_conn_add(hdev, LE_LINK, &ev->bdaddr);
4111 if (!conn) {
4112 BT_ERR("No memory for new connection");
230fd16a 4113 goto unlock;
b62f328b 4114 }
29b7988a
AG		 4115
4116 conn->dst_type = ev->bdaddr_type;
b9b343d2
AG		 4117
4118 if (ev->role == LE_CONN_ROLE_MASTER) {
4119 conn->out = true;
4dae2798 4120 set_bit(HCI_CONN_MASTER, &conn->flags);
b9b343d2 4121 }
cb1d68f7
JH		 4122
4123 /* If we didn't have a hci_conn object previously
4124 * but we're in master role this must be something
4125 * initiated using a white list. Since white list based
4126 * connections are not "first class citizens" we don't
4127 * have full tracking of them. Therefore, we go ahead
4128 * with a "best effort" approach of determining the
4129 * initiator address based on the HCI_PRIVACY flag.
4130 */
4131 if (conn->out) {
4132 conn->resp_addr_type = ev->bdaddr_type;
4133 bacpy(&conn->resp_addr, &ev->bdaddr);
4134 if (test_bit(HCI_PRIVACY, &hdev->dev_flags)) {
4135 conn->init_addr_type = ADDR_LE_DEV_RANDOM;
4136 bacpy(&conn->init_addr, &hdev->rpa);
4137 } else {
4138 hci_copy_identity_address(hdev,
4139 &conn->init_addr,
4140 &conn->init_addr_type);
4141 }
cb1d68f7 4142 }
9489eca4
JH		 4143 } else {
4144 cancel_delayed_work(&conn->le_conn_timeout);
b62f328b 4145 }
fcd89c09 4146
80c24ab8
JH		 4147 if (!conn->out) {
4148 /* Set the responder (our side) address type based on
4149 * the advertising address type.
4150 */
4151 conn->resp_addr_type = hdev->adv_addr_type;
4152 if (hdev->adv_addr_type == ADDR_LE_DEV_RANDOM)
4153 bacpy(&conn->resp_addr, &hdev->random_addr);
4154 else
4155 bacpy(&conn->resp_addr, &hdev->bdaddr);
4156
4157 conn->init_addr_type = ev->bdaddr_type;
4158 bacpy(&conn->init_addr, &ev->bdaddr);
a720d735
MH		 4159
4160 /* For incoming connections, set the default minimum
4161 * and maximum connection interval. They will be used
4162 * to check if the parameters are in range and if not
4163 * trigger the connection update procedure.
4164 */
4165 conn->le_conn_min_interval = hdev->le_conn_min_interval;
4166 conn->le_conn_max_interval = hdev->le_conn_max_interval;
80c24ab8 4167 }
7be2edbb 4168
edb4b466
MH		 4169 /* Lookup the identity address from the stored connection
4170 * address and address type.
4171 *
4172 * When establishing connections to an identity address, the
4173 * connection procedure will store the resolvable random
4174 * address first. Now if it can be converted back into the
4175 * identity address, start using the identity address from
4176 * now on.
4177 */
4178 irk = hci_get_irk(hdev, &conn->dst, conn->dst_type);
68d6f6de
JH		 4179 if (irk) {
4180 bacpy(&conn->dst, &irk->bdaddr);
4181 conn->dst_type = irk->addr_type;
4182 }
4183
837d502e
JH		 4184 if (conn->dst_type == ADDR_LE_DEV_PUBLIC)
4185 addr_type = BDADDR_LE_PUBLIC;
4186 else
4187 addr_type = BDADDR_LE_RANDOM;
4188
4189 /* Drop the connection if he device is blocked */
dcc36c16 4190 if (hci_bdaddr_list_lookup(&hdev->blacklist, &conn->dst, addr_type)) {
837d502e
JH		 4191 hci_conn_drop(conn);
4192 goto unlock;
4193 }
4194
cd17decb 4195 if (ev->status) {
06c053fb 4196 hci_le_conn_failed(conn, ev->status);
cd17decb
AG		 4197 goto unlock;
4198 }
4199
b644ba33 4200 if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
01fdb0fc 4201 mgmt_device_connected(hdev, &conn->dst, conn->type,
04124681 4202 conn->dst_type, 0, NULL, 0, NULL);
83bc71b4 4203
7b5c0d52 4204 conn->sec_level = BT_SECURITY_LOW;
fcd89c09
VT		 4205 conn->handle = __le16_to_cpu(ev->handle);
4206 conn->state = BT_CONNECTED;
4207
e04fde60
MH		 4208 conn->le_conn_interval = le16_to_cpu(ev->interval);
4209 conn->le_conn_latency = le16_to_cpu(ev->latency);
4210 conn->le_supv_timeout = le16_to_cpu(ev->supervision_timeout);
4211
fcd89c09
VT		 4212 hci_conn_add_sysfs(conn);
4213
4214 hci_proto_connect_cfm(conn, ev->status);
4215
912b42ef 4216 params = hci_conn_params_lookup(hdev, &conn->dst, conn->dst_type);
223683a5 4217 if (params)
95305baa 4218 list_del_init(&params->action);
a4790dbd 4219
fcd89c09 4220unlock:
223683a5 4221 hci_update_background_scan(hdev);
fcd89c09
VT		 4222 hci_dev_unlock(hdev);
4223}
4224
1855d92d
MH		 4225static void hci_le_conn_update_complete_evt(struct hci_dev *hdev,
4226 struct sk_buff *skb)
4227{
4228 struct hci_ev_le_conn_update_complete *ev = (void *) skb->data;
4229 struct hci_conn *conn;
4230
4231 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
4232
4233 if (ev->status)
4234 return;
4235
4236 hci_dev_lock(hdev);
4237
4238 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
4239 if (conn) {
4240 conn->le_conn_interval = le16_to_cpu(ev->interval);
4241 conn->le_conn_latency = le16_to_cpu(ev->latency);
4242 conn->le_supv_timeout = le16_to_cpu(ev->supervision_timeout);
4243 }
4244
4245 hci_dev_unlock(hdev);
4246}
4247
a4790dbd 4248/* This function requires the caller holds hdev->lock */
7e899c94 4249static void check_pending_le_conn(struct hci_dev *hdev, bdaddr_t *addr,
1c1abcab 4250 u8 addr_type, u8 adv_type)
a4790dbd
AG		 4251{
4252 struct hci_conn *conn;
4253
1c1abcab
JH		 4254 /* If the event is not connectable don't proceed further */
4255 if (adv_type != LE_ADV_IND && adv_type != LE_ADV_DIRECT_IND)
7e899c94 4256 return;
1c1abcab
JH		 4257
4258 /* Ignore if the device is blocked */
dcc36c16 4259 if (hci_bdaddr_list_lookup(&hdev->blacklist, addr, addr_type))
7e899c94 4260 return;
1c1abcab
JH		 4261
4262 /* If we're connectable, always connect any ADV_DIRECT_IND event */
4263 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags) &&
4264 adv_type == LE_ADV_DIRECT_IND)
4265 goto connect;
4266
4267 /* If we're not connectable only connect devices that we have in
4268 * our pend_le_conns list.
4269 */
501f8827 4270 if (!hci_pend_le_action_lookup(&hdev->pend_le_conns, addr, addr_type))
7e899c94 4271 return;
a4790dbd 4272
1c1abcab 4273connect:
cdd6275e 4274 /* Request connection in master = true role */
a4790dbd 4275 conn = hci_connect_le(hdev, addr, addr_type, BT_SECURITY_LOW,
cdd6275e 4276 HCI_LE_AUTOCONN_TIMEOUT, true);
a4790dbd 4277 if (!IS_ERR(conn))
7e899c94 4278 return;
a4790dbd
AG		 4279
4280 switch (PTR_ERR(conn)) {
4281 case -EBUSY:
4282 /* If hci_connect() returns -EBUSY it means there is already
4283 * an LE connection attempt going on. Since controllers don't
4284 * support more than one connection attempt at the time, we
4285 * don't consider this an error case.
4286 */
4287 break;
4288 default:
4289 BT_DBG("Failed to connect: err %ld", PTR_ERR(conn));
4290 }
4291}
4292
4af605d8
JH		 4293static void process_adv_report(struct hci_dev *hdev, u8 type, bdaddr_t *bdaddr,
4294 u8 bdaddr_type, s8 rssi, u8 *data, u8 len)
4295{
b9a6328f 4296 struct discovery_state *d = &hdev->discovery;
1c1abcab 4297 struct smp_irk *irk;
474ee066 4298 bool match;
c70a7e4c 4299 u32 flags;
b9a6328f 4300
1c1abcab
JH		 4301 /* Check if we need to convert to identity address */
4302 irk = hci_get_irk(hdev, bdaddr, bdaddr_type);
4303 if (irk) {
4304 bdaddr = &irk->bdaddr;
4305 bdaddr_type = irk->addr_type;
4306 }
4307
4308 /* Check if we have been requested to connect to this device */
4309 check_pending_le_conn(hdev, bdaddr, bdaddr_type, type);
4310
0d2bf134
JH		 4311 /* Passive scanning shouldn't trigger any device found events,
4312 * except for devices marked as CONN_REPORT for which we do send
4313 * device found events.
4314 */
ca5c4be7 4315 if (hdev->le_scan_type == LE_SCAN_PASSIVE) {
0d2bf134 4316 struct hci_conn_params *param;
0d2bf134 4317
0d2bf134
JH		 4318 if (type == LE_ADV_DIRECT_IND)
4319 return;
4320
a7545f2a
JH		 4321 param = hci_pend_le_action_lookup(&hdev->pend_le_reports,
4322 bdaddr, bdaddr_type);
4323 if (!param)
0d2bf134
JH		 4324 return;
4325
4326 if (type == LE_ADV_NONCONN_IND || type == LE_ADV_SCAN_IND)
4327 flags = MGMT_DEV_FOUND_NOT_CONNECTABLE;
4328 else
4329 flags = 0;
4330 mgmt_device_found(hdev, bdaddr, LE_LINK, bdaddr_type, NULL,
4331 rssi, flags, data, len, NULL, 0);
97bf2e99 4332 return;
ca5c4be7 4333 }
4af605d8 4334
c70a7e4c
MH		 4335 /* When receiving non-connectable or scannable undirected
4336 * advertising reports, this means that the remote device is
4337 * not connectable and then clearly indicate this in the
4338 * device found event.
4339 *
4340 * When receiving a scan response, then there is no way to
4341 * know if the remote device is connectable or not. However
4342 * since scan responses are merged with a previously seen
4343 * advertising report, the flags field from that report
4344 * will be used.
4345 *
4346 * In the really unlikely case that a controller get confused
4347 * and just sends a scan response event, then it is marked as
4348 * not connectable as well.
4349 */
4350 if (type == LE_ADV_NONCONN_IND || type == LE_ADV_SCAN_IND ||
4351 type == LE_ADV_SCAN_RSP)
4352 flags = MGMT_DEV_FOUND_NOT_CONNECTABLE;
4353 else
4354 flags = 0;
4355
b9a6328f
JH		 4356 /* If there's nothing pending either store the data from this
4357 * event or send an immediate device found event if the data
4358 * should not be stored for later.
4359 */
4360 if (!has_pending_adv_report(hdev)) {
4361 /* If the report will trigger a SCAN_REQ store it for
4362 * later merging.
4363 */
4364 if (type == LE_ADV_IND || type == LE_ADV_SCAN_IND) {
4365 store_pending_adv_report(hdev, bdaddr, bdaddr_type,
c70a7e4c 4366 rssi, flags, data, len);
b9a6328f
JH		 4367 return;
4368 }
4369
4370 mgmt_device_found(hdev, bdaddr, LE_LINK, bdaddr_type, NULL,
c70a7e4c 4371 rssi, flags, data, len, NULL, 0);
b9a6328f
JH		 4372 return;
4373 }
4374
474ee066
JH		 4375 /* Check if the pending report is for the same device as the new one */
4376 match = (!bacmp(bdaddr, &d->last_adv_addr) &&
4377 bdaddr_type == d->last_adv_addr_type);
4378
b9a6328f
JH		 4379 /* If the pending data doesn't match this report or this isn't a
4380 * scan response (e.g. we got a duplicate ADV_IND) then force
4381 * sending of the pending data.
4382 */
474ee066
JH		 4383 if (type != LE_ADV_SCAN_RSP || !match) {
4384 /* Send out whatever is in the cache, but skip duplicates */
4385 if (!match)
4386 mgmt_device_found(hdev, &d->last_adv_addr, LE_LINK,
ff5cd29f 4387 d->last_adv_addr_type, NULL,
c70a7e4c 4388 d->last_adv_rssi, d->last_adv_flags,
ff5cd29f 4389 d->last_adv_data,
474ee066 4390 d->last_adv_data_len, NULL, 0);
b9a6328f
JH		 4391
4392 /* If the new report will trigger a SCAN_REQ store it for
4393 * later merging.
4394 */
4395 if (type == LE_ADV_IND || type == LE_ADV_SCAN_IND) {
4396 store_pending_adv_report(hdev, bdaddr, bdaddr_type,
c70a7e4c 4397 rssi, flags, data, len);
b9a6328f
JH		 4398 return;
4399 }
4400
4401 /* The advertising reports cannot be merged, so clear
4402 * the pending report and send out a device found event.
4403 */
4404 clear_pending_adv_report(hdev);
5c5b93e4 4405 mgmt_device_found(hdev, bdaddr, LE_LINK, bdaddr_type, NULL,
c70a7e4c 4406 rssi, flags, data, len, NULL, 0);
b9a6328f
JH		 4407 return;
4408 }
4409
4410 /* If we get here we've got a pending ADV_IND or ADV_SCAN_IND and
4411 * the new event is a SCAN_RSP. We can therefore proceed with
4412 * sending a merged device found event.
4413 */
4414 mgmt_device_found(hdev, &d->last_adv_addr, LE_LINK,
c70a7e4c 4415 d->last_adv_addr_type, NULL, rssi, d->last_adv_flags,
42bd6a56 4416 d->last_adv_data, d->last_adv_data_len, data, len);
b9a6328f 4417 clear_pending_adv_report(hdev);
4af605d8
JH		 4418}
4419
6039aa73 4420static void hci_le_adv_report_evt(struct hci_dev *hdev, struct sk_buff *skb)
9aa04c91 4421{
e95beb41
AG		 4422 u8 num_reports = skb->data[0];
4423 void *ptr = &skb->data[1];
9aa04c91 4424
a4790dbd
AG		 4425 hci_dev_lock(hdev);
4426
e95beb41
AG		 4427 while (num_reports--) {
4428 struct hci_ev_le_advertising_info *ev = ptr;
4af605d8 4429 s8 rssi;
a4790dbd 4430
3c9e9195 4431 rssi = ev->data[ev->length];
4af605d8
JH		 4432 process_adv_report(hdev, ev->evt_type, &ev->bdaddr,
4433 ev->bdaddr_type, rssi, ev->data, ev->length);
3c9e9195 4434
e95beb41 4435 ptr += sizeof(*ev) + ev->length + 1;
9aa04c91 4436 }
a4790dbd
AG		 4437
4438 hci_dev_unlock(hdev);
9aa04c91
AG		 4439}
4440
6039aa73 4441static void hci_le_ltk_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
a7a595f6
VCG		 4442{
4443 struct hci_ev_le_ltk_req *ev = (void *) skb->data;
4444 struct hci_cp_le_ltk_reply cp;
bea710fe 4445 struct hci_cp_le_ltk_neg_reply neg;
a7a595f6 4446 struct hci_conn *conn;
c9839a11 4447 struct smp_ltk *ltk;
a7a595f6 4448
9f1db00c 4449 BT_DBG("%s handle 0x%4.4x", hdev->name, __le16_to_cpu(ev->handle));
a7a595f6
VCG		 4450
4451 hci_dev_lock(hdev);
4452
4453 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
bea710fe
VCG		 4454 if (conn == NULL)
4455 goto not_found;
a7a595f6 4456
fe39c7b2 4457 ltk = hci_find_ltk(hdev, ev->ediv, ev->rand, conn->out);
bea710fe
VCG		 4458 if (ltk == NULL)
4459 goto not_found;
4460
4461 memcpy(cp.ltk, ltk->val, sizeof(ltk->val));
a7a595f6 4462 cp.handle = cpu_to_le16(conn->handle);
c9839a11
VCG		 4463
4464 if (ltk->authenticated)
f8776218
AG		 4465 conn->pending_sec_level = BT_SECURITY_HIGH;
4466 else
4467 conn->pending_sec_level = BT_SECURITY_MEDIUM;
a7a595f6 4468
89cbb4da 4469 conn->enc_key_size = ltk->enc_size;
a7a595f6
VCG		 4470
4471 hci_send_cmd(hdev, HCI_OP_LE_LTK_REPLY, sizeof(cp), &cp);
4472
5981a882
CT		 4473 /* Ref. Bluetooth Core SPEC pages 1975 and 2004. STK is a
4474 * temporary key used to encrypt a connection following
4475 * pairing. It is used during the Encrypted Session Setup to
4476 * distribute the keys. Later, security can be re-established
4477 * using a distributed LTK.
4478 */
2ceba539 4479 if (ltk->type == SMP_STK) {
fe59a05f 4480 set_bit(HCI_CONN_STK_ENCRYPT, &conn->flags);
c9839a11
VCG		 4481 list_del(&ltk->list);
4482 kfree(ltk);
fe59a05f
JH		 4483 } else {
4484 clear_bit(HCI_CONN_STK_ENCRYPT, &conn->flags);
c9839a11
VCG		 4485 }
4486
a7a595f6 4487 hci_dev_unlock(hdev);
bea710fe
VCG		 4488
4489 return;
4490
4491not_found:
4492 neg.handle = ev->handle;
4493 hci_send_cmd(hdev, HCI_OP_LE_LTK_NEG_REPLY, sizeof(neg), &neg);
4494 hci_dev_unlock(hdev);
a7a595f6
VCG		 4495}
4496
8e75b46a
AG		 4497static void send_conn_param_neg_reply(struct hci_dev *hdev, u16 handle,
4498 u8 reason)
4499{
4500 struct hci_cp_le_conn_param_req_neg_reply cp;
4501
4502 cp.handle = cpu_to_le16(handle);
4503 cp.reason = reason;
4504
4505 hci_send_cmd(hdev, HCI_OP_LE_CONN_PARAM_REQ_NEG_REPLY, sizeof(cp),
4506 &cp);
4507}
4508
4509static void hci_le_remote_conn_param_req_evt(struct hci_dev *hdev,
4510 struct sk_buff *skb)
4511{
4512 struct hci_ev_le_remote_conn_param_req *ev = (void *) skb->data;
4513 struct hci_cp_le_conn_param_req_reply cp;
4514 struct hci_conn *hcon;
4515 u16 handle, min, max, latency, timeout;
4516
4517 handle = le16_to_cpu(ev->handle);
4518 min = le16_to_cpu(ev->interval_min);
4519 max = le16_to_cpu(ev->interval_max);
4520 latency = le16_to_cpu(ev->latency);
4521 timeout = le16_to_cpu(ev->timeout);
4522
4523 hcon = hci_conn_hash_lookup_handle(hdev, handle);
4524 if (!hcon || hcon->state != BT_CONNECTED)
4525 return send_conn_param_neg_reply(hdev, handle,
4526 HCI_ERROR_UNKNOWN_CONN_ID);
4527
4528 if (hci_check_conn_params(min, max, latency, timeout))
4529 return send_conn_param_neg_reply(hdev, handle,
4530 HCI_ERROR_INVALID_LL_PARAMS);
4531
348d50b8
JH		 4532 if (test_bit(HCI_CONN_MASTER, &hcon->flags)) {
4533 struct hci_conn_params *params;
f4869e2a 4534 u8 store_hint;
348d50b8
JH		 4535
4536 hci_dev_lock(hdev);
4537
4538 params = hci_conn_params_lookup(hdev, &hcon->dst,
4539 hcon->dst_type);
4540 if (params) {
4541 params->conn_min_interval = min;
4542 params->conn_max_interval = max;
4543 params->conn_latency = latency;
4544 params->supervision_timeout = timeout;
f4869e2a
JH		 4545 store_hint = 0x01;
4546 } else{
4547 store_hint = 0x00;
348d50b8
JH		 4548 }
4549
4550 hci_dev_unlock(hdev);
4551
f4869e2a
JH		 4552 mgmt_new_conn_param(hdev, &hcon->dst, hcon->dst_type,
4553 store_hint, min, max, latency, timeout);
348d50b8 4554 }
ffb5a827 4555
8e75b46a
AG		 4556 cp.handle = ev->handle;
4557 cp.interval_min = ev->interval_min;
4558 cp.interval_max = ev->interval_max;
4559 cp.latency = ev->latency;
4560 cp.timeout = ev->timeout;
4561 cp.min_ce_len = 0;
4562 cp.max_ce_len = 0;
4563
4564 hci_send_cmd(hdev, HCI_OP_LE_CONN_PARAM_REQ_REPLY, sizeof(cp), &cp);
4565}
4566
6039aa73 4567static void hci_le_meta_evt(struct hci_dev *hdev, struct sk_buff *skb)
fcd89c09
VT		 4568{
4569 struct hci_ev_le_meta *le_ev = (void *) skb->data;
4570
4571 skb_pull(skb, sizeof(*le_ev));
4572
4573 switch (le_ev->subevent) {
4574 case HCI_EV_LE_CONN_COMPLETE:
4575 hci_le_conn_complete_evt(hdev, skb);
4576 break;
4577
1855d92d
MH		 4578 case HCI_EV_LE_CONN_UPDATE_COMPLETE:
4579 hci_le_conn_update_complete_evt(hdev, skb);
4580 break;
4581
9aa04c91
AG		 4582 case HCI_EV_LE_ADVERTISING_REPORT:
4583 hci_le_adv_report_evt(hdev, skb);
4584 break;
4585
a7a595f6
VCG		 4586 case HCI_EV_LE_LTK_REQ:
4587 hci_le_ltk_request_evt(hdev, skb);
4588 break;
4589
8e75b46a
AG		 4590 case HCI_EV_LE_REMOTE_CONN_PARAM_REQ:
4591 hci_le_remote_conn_param_req_evt(hdev, skb);
4592 break;
4593
fcd89c09
VT		 4594 default:
4595 break;
4596 }
4597}
4598
9495b2ee
AE		 4599static void hci_chan_selected_evt(struct hci_dev *hdev, struct sk_buff *skb)
4600{
4601 struct hci_ev_channel_selected *ev = (void *) skb->data;
4602 struct hci_conn *hcon;
4603
4604 BT_DBG("%s handle 0x%2.2x", hdev->name, ev->phy_handle);
4605
4606 skb_pull(skb, sizeof(*ev));
4607
4608 hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
4609 if (!hcon)
4610 return;
4611
4612 amp_read_loc_assoc_final_data(hdev, hcon);
4613}
4614
a9de9248
MH		 4615void hci_event_packet(struct hci_dev *hdev, struct sk_buff *skb)
4616{
4617 struct hci_event_hdr *hdr = (void *) skb->data;
4618 __u8 event = hdr->evt;
4619
b6ddb638
JH		 4620 hci_dev_lock(hdev);
4621
4622 /* Received events are (currently) only needed when a request is
4623 * ongoing so avoid unnecessary memory allocation.
4624 */
4625 if (hdev->req_status == HCI_REQ_PEND) {
4626 kfree_skb(hdev->recv_evt);
4627 hdev->recv_evt = skb_clone(skb, GFP_KERNEL);
4628 }
4629
4630 hci_dev_unlock(hdev);
4631
a9de9248
MH		 4632 skb_pull(skb, HCI_EVENT_HDR_SIZE);
4633
02350a72 4634 if (hdev->sent_cmd && bt_cb(hdev->sent_cmd)->req.event == event) {
c1f23a2b
JB		 4635 struct hci_command_hdr *cmd_hdr = (void *) hdev->sent_cmd->data;
4636 u16 opcode = __le16_to_cpu(cmd_hdr->opcode);
02350a72
JH		 4637
4638 hci_req_cmd_complete(hdev, opcode, 0);
4639 }
4640
a9de9248 4641 switch (event) {
1da177e4
LT		 4642 case HCI_EV_INQUIRY_COMPLETE:
4643 hci_inquiry_complete_evt(hdev, skb);
4644 break;
4645
4646 case HCI_EV_INQUIRY_RESULT:
4647 hci_inquiry_result_evt(hdev, skb);
4648 break;
4649
a9de9248
MH		 4650 case HCI_EV_CONN_COMPLETE:
4651 hci_conn_complete_evt(hdev, skb);
21d9e30e
MH		 4652 break;
4653
1da177e4
LT		 4654 case HCI_EV_CONN_REQUEST:
4655 hci_conn_request_evt(hdev, skb);
4656 break;
4657
1da177e4
LT		 4658 case HCI_EV_DISCONN_COMPLETE:
4659 hci_disconn_complete_evt(hdev, skb);
4660 break;
4661
1da177e4
LT		 4662 case HCI_EV_AUTH_COMPLETE:
4663 hci_auth_complete_evt(hdev, skb);
4664 break;
4665
a9de9248
MH		 4666 case HCI_EV_REMOTE_NAME:
4667 hci_remote_name_evt(hdev, skb);
4668 break;
4669
1da177e4
LT		 4670 case HCI_EV_ENCRYPT_CHANGE:
4671 hci_encrypt_change_evt(hdev, skb);
4672 break;
4673
a9de9248
MH		 4674 case HCI_EV_CHANGE_LINK_KEY_COMPLETE:
4675 hci_change_link_key_complete_evt(hdev, skb);
4676 break;
4677
4678 case HCI_EV_REMOTE_FEATURES:
4679 hci_remote_features_evt(hdev, skb);
4680 break;
4681
a9de9248
MH		 4682 case HCI_EV_CMD_COMPLETE:
4683 hci_cmd_complete_evt(hdev, skb);
4684 break;
4685
4686 case HCI_EV_CMD_STATUS:
4687 hci_cmd_status_evt(hdev, skb);
4688 break;
4689
4690 case HCI_EV_ROLE_CHANGE:
4691 hci_role_change_evt(hdev, skb);
4692 break;
4693
4694 case HCI_EV_NUM_COMP_PKTS:
4695 hci_num_comp_pkts_evt(hdev, skb);
4696 break;
4697
4698 case HCI_EV_MODE_CHANGE:
4699 hci_mode_change_evt(hdev, skb);
1da177e4
LT		 4700 break;
4701
4702 case HCI_EV_PIN_CODE_REQ:
4703 hci_pin_code_request_evt(hdev, skb);
4704 break;
4705
4706 case HCI_EV_LINK_KEY_REQ:
4707 hci_link_key_request_evt(hdev, skb);
4708 break;
4709
4710 case HCI_EV_LINK_KEY_NOTIFY:
4711 hci_link_key_notify_evt(hdev, skb);
4712 break;
4713
4714 case HCI_EV_CLOCK_OFFSET:
4715 hci_clock_offset_evt(hdev, skb);
4716 break;
4717
a8746417
MH		 4718 case HCI_EV_PKT_TYPE_CHANGE:
4719 hci_pkt_type_change_evt(hdev, skb);
4720 break;
4721
85a1e930
MH		 4722 case HCI_EV_PSCAN_REP_MODE:
4723 hci_pscan_rep_mode_evt(hdev, skb);
4724 break;
4725
a9de9248
MH		 4726 case HCI_EV_INQUIRY_RESULT_WITH_RSSI:
4727 hci_inquiry_result_with_rssi_evt(hdev, skb);
04837f64
MH		 4728 break;
4729
a9de9248
MH		 4730 case HCI_EV_REMOTE_EXT_FEATURES:
4731 hci_remote_ext_features_evt(hdev, skb);
1da177e4
LT		 4732 break;
4733
a9de9248
MH		 4734 case HCI_EV_SYNC_CONN_COMPLETE:
4735 hci_sync_conn_complete_evt(hdev, skb);
4736 break;
1da177e4 4737
a9de9248
MH		 4738 case HCI_EV_EXTENDED_INQUIRY_RESULT:
4739 hci_extended_inquiry_result_evt(hdev, skb);
4740 break;
1da177e4 4741
1c2e0041
JH		 4742 case HCI_EV_KEY_REFRESH_COMPLETE:
4743 hci_key_refresh_complete_evt(hdev, skb);
4744 break;
4745
0493684e
MH		 4746 case HCI_EV_IO_CAPA_REQUEST:
4747 hci_io_capa_request_evt(hdev, skb);
4748 break;
4749
03b555e1
JH		 4750 case HCI_EV_IO_CAPA_REPLY:
4751 hci_io_capa_reply_evt(hdev, skb);
4752 break;
4753
a5c29683
JH		 4754 case HCI_EV_USER_CONFIRM_REQUEST:
4755 hci_user_confirm_request_evt(hdev, skb);
4756 break;
4757
1143d458
BG		 4758 case HCI_EV_USER_PASSKEY_REQUEST:
4759 hci_user_passkey_request_evt(hdev, skb);
4760 break;
4761
92a25256
JH		 4762 case HCI_EV_USER_PASSKEY_NOTIFY:
4763 hci_user_passkey_notify_evt(hdev, skb);
4764 break;
4765
4766 case HCI_EV_KEYPRESS_NOTIFY:
4767 hci_keypress_notify_evt(hdev, skb);
4768 break;
4769
0493684e
MH		 4770 case HCI_EV_SIMPLE_PAIR_COMPLETE:
4771 hci_simple_pair_complete_evt(hdev, skb);
4772 break;
4773
41a96212
MH		 4774 case HCI_EV_REMOTE_HOST_FEATURES:
4775 hci_remote_host_features_evt(hdev, skb);
4776 break;
4777
fcd89c09
VT		 4778 case HCI_EV_LE_META:
4779 hci_le_meta_evt(hdev, skb);
4780 break;
4781
9495b2ee
AE		 4782 case HCI_EV_CHANNEL_SELECTED:
4783 hci_chan_selected_evt(hdev, skb);
4784 break;
4785
2763eda6
SJ		 4786 case HCI_EV_REMOTE_OOB_DATA_REQUEST:
4787 hci_remote_oob_data_request_evt(hdev, skb);
4788 break;
4789
d5e91192
AE		 4790 case HCI_EV_PHY_LINK_COMPLETE:
4791 hci_phy_link_complete_evt(hdev, skb);
4792 break;
4793
27695fb4
AE		 4794 case HCI_EV_LOGICAL_LINK_COMPLETE:
4795 hci_loglink_complete_evt(hdev, skb);
4796 break;
4797
606e2a10
AE		 4798 case HCI_EV_DISCONN_LOGICAL_LINK_COMPLETE:
4799 hci_disconn_loglink_complete_evt(hdev, skb);
4800 break;
4801
9eef6b3a
AE		 4802 case HCI_EV_DISCONN_PHY_LINK_COMPLETE:
4803 hci_disconn_phylink_complete_evt(hdev, skb);
4804 break;
4805
25e89e99
AE		 4806 case HCI_EV_NUM_COMP_BLOCKS:
4807 hci_num_comp_blocks_evt(hdev, skb);
4808 break;
4809
a9de9248 4810 default:
9f1db00c 4811 BT_DBG("%s event 0x%2.2x", hdev->name, event);
1da177e4
LT		 4812 break;
4813 }
4814
4815 kfree_skb(skb);
4816 hdev->stat.evt_rx++;
4817}
ubuntu-bionic-kernel mirror