projects / firefly-linux-kernel-4.4.55.git / blob
? search:


e89707f3394f3d8df473cf0f76bdce898a494a4c
[firefly-linux-kernel-4.4.55.git] / net / bluetooth / hci_event.c
1 /*
2    BlueZ - Bluetooth protocol stack for Linux
3    Copyright (c) 2000-2001, 2010, Code Aurora Forum. All rights reserved.
4
5    Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
6
7    This program is free software; you can redistribute it and/or modify
8    it under the terms of the GNU General Public License version 2 as
9    published by the Free Software Foundation;
10
11    THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12    OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13    FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14    IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15    CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16    WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17    ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18    OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
20    ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21    COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22    SOFTWARE IS DISCLAIMED.
23 */
24
25 /* Bluetooth HCI event handling. */
26
27 #include <asm/unaligned.h>
28
29 #include <net/bluetooth/bluetooth.h>
30 #include <net/bluetooth/hci_core.h>
31 #include <net/bluetooth/mgmt.h>
32 #include <net/bluetooth/a2mp.h>
33 #include <net/bluetooth/amp.h>
34
35 /* Handle HCI Event packets */
36
37 static void hci_cc_inquiry_cancel(struct hci_dev *hdev, struct sk_buff *skb)
38 {
39         __u8 status = *((__u8 *) skb->data);
40
41         BT_DBG("%s status 0x%2.2x", hdev->name, status);
42
43         if (status) {
44                 hci_dev_lock(hdev);
45                 mgmt_stop_discovery_failed(hdev, status);
46                 hci_dev_unlock(hdev);
47                 return;
48         }
49
50         clear_bit(HCI_INQUIRY, &hdev->flags);
51
52         hci_dev_lock(hdev);
53         hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
54         hci_dev_unlock(hdev);
55
56         hci_req_cmd_complete(hdev, HCI_OP_INQUIRY, status);
57
58         hci_conn_check_pending(hdev);
59 }
60
61 static void hci_cc_periodic_inq(struct hci_dev *hdev, struct sk_buff *skb)
62 {
63         __u8 status = *((__u8 *) skb->data);
64
65         BT_DBG("%s status 0x%2.2x", hdev->name, status);
66
67         if (status)
68                 return;
69
70         set_bit(HCI_PERIODIC_INQ, &hdev->dev_flags);
71 }
72
73 static void hci_cc_exit_periodic_inq(struct hci_dev *hdev, struct sk_buff *skb)
74 {
75         __u8 status = *((__u8 *) skb->data);
76
77         BT_DBG("%s status 0x%2.2x", hdev->name, status);
78
79         if (status)
80                 return;
81
82         clear_bit(HCI_PERIODIC_INQ, &hdev->dev_flags);
83
84         hci_conn_check_pending(hdev);
85 }
86
87 static void hci_cc_remote_name_req_cancel(struct hci_dev *hdev,
88                                           struct sk_buff *skb)
89 {
90         BT_DBG("%s", hdev->name);
91 }
92
93 static void hci_cc_role_discovery(struct hci_dev *hdev, struct sk_buff *skb)
94 {
95         struct hci_rp_role_discovery *rp = (void *) skb->data;
96         struct hci_conn *conn;
97
98         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
99
100         if (rp->status)
101                 return;
102
103         hci_dev_lock(hdev);
104
105         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
106         if (conn) {
107                 if (rp->role)
108                         conn->link_mode &= ~HCI_LM_MASTER;
109                 else
110                         conn->link_mode |= HCI_LM_MASTER;
111         }
112
113         hci_dev_unlock(hdev);
114 }
115
116 static void hci_cc_read_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
117 {
118         struct hci_rp_read_link_policy *rp = (void *) skb->data;
119         struct hci_conn *conn;
120
121         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
122
123         if (rp->status)
124                 return;
125
126         hci_dev_lock(hdev);
127
128         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
129         if (conn)
130                 conn->link_policy = __le16_to_cpu(rp->policy);
131
132         hci_dev_unlock(hdev);
133 }
134
135 static void hci_cc_write_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
136 {
137         struct hci_rp_write_link_policy *rp = (void *) skb->data;
138         struct hci_conn *conn;
139         void *sent;
140
141         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
142
143         if (rp->status)
144                 return;
145
146         sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LINK_POLICY);
147         if (!sent)
148                 return;
149
150         hci_dev_lock(hdev);
151
152         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
153         if (conn)
154                 conn->link_policy = get_unaligned_le16(sent + 2);
155
156         hci_dev_unlock(hdev);
157 }
158
159 static void hci_cc_read_def_link_policy(struct hci_dev *hdev,
160                                         struct sk_buff *skb)
161 {
162         struct hci_rp_read_def_link_policy *rp = (void *) skb->data;
163
164         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
165
166         if (rp->status)
167                 return;
168
169         hdev->link_policy = __le16_to_cpu(rp->policy);
170 }
171
172 static void hci_cc_write_def_link_policy(struct hci_dev *hdev,
173                                          struct sk_buff *skb)
174 {
175         __u8 status = *((__u8 *) skb->data);
176         void *sent;
177
178         BT_DBG("%s status 0x%2.2x", hdev->name, status);
179
180         sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_DEF_LINK_POLICY);
181         if (!sent)
182                 return;
183
184         if (!status)
185                 hdev->link_policy = get_unaligned_le16(sent);
186 }
187
188 static void hci_cc_reset(struct hci_dev *hdev, struct sk_buff *skb)
189 {
190         __u8 status = *((__u8 *) skb->data);
191
192         BT_DBG("%s status 0x%2.2x", hdev->name, status);
193
194         clear_bit(HCI_RESET, &hdev->flags);
195
196         /* Reset all non-persistent flags */
197         hdev->dev_flags &= ~(BIT(HCI_LE_SCAN) | BIT(HCI_PENDING_CLASS) |
198                              BIT(HCI_PERIODIC_INQ));
199
200         hdev->discovery.state = DISCOVERY_STOPPED;
201         hdev->inq_tx_power = HCI_TX_POWER_INVALID;
202         hdev->adv_tx_power = HCI_TX_POWER_INVALID;
203
204         memset(hdev->adv_data, 0, sizeof(hdev->adv_data));
205         hdev->adv_data_len = 0;
206 }
207
208 static void hci_cc_write_local_name(struct hci_dev *hdev, struct sk_buff *skb)
209 {
210         __u8 status = *((__u8 *) skb->data);
211         void *sent;
212
213         BT_DBG("%s status 0x%2.2x", hdev->name, status);
214
215         sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LOCAL_NAME);
216         if (!sent)
217                 return;
218
219         hci_dev_lock(hdev);
220
221         if (test_bit(HCI_MGMT, &hdev->dev_flags))
222                 mgmt_set_local_name_complete(hdev, sent, status);
223         else if (!status)
224                 memcpy(hdev->dev_name, sent, HCI_MAX_NAME_LENGTH);
225
226         hci_dev_unlock(hdev);
227
228         if (!status && !test_bit(HCI_INIT, &hdev->flags))
229                 hci_update_ad(hdev);
230 }
231
232 static void hci_cc_read_local_name(struct hci_dev *hdev, struct sk_buff *skb)
233 {
234         struct hci_rp_read_local_name *rp = (void *) skb->data;
235
236         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
237
238         if (rp->status)
239                 return;
240
241         if (test_bit(HCI_SETUP, &hdev->dev_flags))
242                 memcpy(hdev->dev_name, rp->name, HCI_MAX_NAME_LENGTH);
243 }
244
245 static void hci_cc_write_auth_enable(struct hci_dev *hdev, struct sk_buff *skb)
246 {
247         __u8 status = *((__u8 *) skb->data);
248         void *sent;
249
250         BT_DBG("%s status 0x%2.2x", hdev->name, status);
251
252         sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_AUTH_ENABLE);
253         if (!sent)
254                 return;
255
256         if (!status) {
257                 __u8 param = *((__u8 *) sent);
258
259                 if (param == AUTH_ENABLED)
260                         set_bit(HCI_AUTH, &hdev->flags);
261                 else
262                         clear_bit(HCI_AUTH, &hdev->flags);
263         }
264
265         if (test_bit(HCI_MGMT, &hdev->dev_flags))
266                 mgmt_auth_enable_complete(hdev, status);
267 }
268
269 static void hci_cc_write_encrypt_mode(struct hci_dev *hdev, struct sk_buff *skb)
270 {
271         __u8 status = *((__u8 *) skb->data);
272         void *sent;
273
274         BT_DBG("%s status 0x%2.2x", hdev->name, status);
275
276         sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_ENCRYPT_MODE);
277         if (!sent)
278                 return;
279
280         if (!status) {
281                 __u8 param = *((__u8 *) sent);
282
283                 if (param)
284                         set_bit(HCI_ENCRYPT, &hdev->flags);
285                 else
286                         clear_bit(HCI_ENCRYPT, &hdev->flags);
287         }
288 }
289
290 static void hci_cc_write_scan_enable(struct hci_dev *hdev, struct sk_buff *skb)
291 {
292         __u8 param, status = *((__u8 *) skb->data);
293         int old_pscan, old_iscan;
294         void *sent;
295
296         BT_DBG("%s status 0x%2.2x", hdev->name, status);
297
298         sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SCAN_ENABLE);
299         if (!sent)
300                 return;
301
302         param = *((__u8 *) sent);
303
304         hci_dev_lock(hdev);
305
306         if (status) {
307                 mgmt_write_scan_failed(hdev, param, status);
308                 hdev->discov_timeout = 0;
309                 goto done;
310         }
311
312         old_pscan = test_and_clear_bit(HCI_PSCAN, &hdev->flags);
313         old_iscan = test_and_clear_bit(HCI_ISCAN, &hdev->flags);
314
315         if (param & SCAN_INQUIRY) {
316                 set_bit(HCI_ISCAN, &hdev->flags);
317                 if (!old_iscan)
318                         mgmt_discoverable(hdev, 1);
319                 if (hdev->discov_timeout > 0) {
320                         int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
321                         queue_delayed_work(hdev->workqueue, &hdev->discov_off,
322                                            to);
323                 }
324         } else if (old_iscan)
325                 mgmt_discoverable(hdev, 0);
326
327         if (param & SCAN_PAGE) {
328                 set_bit(HCI_PSCAN, &hdev->flags);
329                 if (!old_pscan)
330                         mgmt_connectable(hdev, 1);
331         } else if (old_pscan)
332                 mgmt_connectable(hdev, 0);
333
334 done:
335         hci_dev_unlock(hdev);
336 }
337
338 static void hci_cc_read_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
339 {
340         struct hci_rp_read_class_of_dev *rp = (void *) skb->data;
341
342         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
343
344         if (rp->status)
345                 return;
346
347         memcpy(hdev->dev_class, rp->dev_class, 3);
348
349         BT_DBG("%s class 0x%.2x%.2x%.2x", hdev->name,
350                hdev->dev_class[2], hdev->dev_class[1], hdev->dev_class[0]);
351 }
352
353 static void hci_cc_write_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
354 {
355         __u8 status = *((__u8 *) skb->data);
356         void *sent;
357
358         BT_DBG("%s status 0x%2.2x", hdev->name, status);
359
360         sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_CLASS_OF_DEV);
361         if (!sent)
362                 return;
363
364         hci_dev_lock(hdev);
365
366         if (status == 0)
367                 memcpy(hdev->dev_class, sent, 3);
368
369         if (test_bit(HCI_MGMT, &hdev->dev_flags))
370                 mgmt_set_class_of_dev_complete(hdev, sent, status);
371
372         hci_dev_unlock(hdev);
373 }
374
375 static void hci_cc_read_voice_setting(struct hci_dev *hdev, struct sk_buff *skb)
376 {
377         struct hci_rp_read_voice_setting *rp = (void *) skb->data;
378         __u16 setting;
379
380         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
381
382         if (rp->status)
383                 return;
384
385         setting = __le16_to_cpu(rp->voice_setting);
386
387         if (hdev->voice_setting == setting)
388                 return;
389
390         hdev->voice_setting = setting;
391
392         BT_DBG("%s voice setting 0x%4.4x", hdev->name, setting);
393
394         if (hdev->notify)
395                 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
396 }
397
398 static void hci_cc_write_voice_setting(struct hci_dev *hdev,
399                                        struct sk_buff *skb)
400 {
401         __u8 status = *((__u8 *) skb->data);
402         __u16 setting;
403         void *sent;
404
405         BT_DBG("%s status 0x%2.2x", hdev->name, status);
406
407         if (status)
408                 return;
409
410         sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_VOICE_SETTING);
411         if (!sent)
412                 return;
413
414         setting = get_unaligned_le16(sent);
415
416         if (hdev->voice_setting == setting)
417                 return;
418
419         hdev->voice_setting = setting;
420
421         BT_DBG("%s voice setting 0x%4.4x", hdev->name, setting);
422
423         if (hdev->notify)
424                 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
425 }
426
427 static void hci_cc_write_ssp_mode(struct hci_dev *hdev, struct sk_buff *skb)
428 {
429         __u8 status = *((__u8 *) skb->data);
430         struct hci_cp_write_ssp_mode *sent;
431
432         BT_DBG("%s status 0x%2.2x", hdev->name, status);
433
434         sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SSP_MODE);
435         if (!sent)
436                 return;
437
438         if (!status) {
439                 if (sent->mode)
440                         hdev->host_features[0] |= LMP_HOST_SSP;
441                 else
442                         hdev->host_features[0] &= ~LMP_HOST_SSP;
443         }
444
445         if (test_bit(HCI_MGMT, &hdev->dev_flags))
446                 mgmt_ssp_enable_complete(hdev, sent->mode, status);
447         else if (!status) {
448                 if (sent->mode)
449                         set_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
450                 else
451                         clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
452         }
453 }
454
455 static void hci_cc_read_local_version(struct hci_dev *hdev, struct sk_buff *skb)
456 {
457         struct hci_rp_read_local_version *rp = (void *) skb->data;
458
459         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
460
461         if (rp->status)
462                 return;
463
464         hdev->hci_ver = rp->hci_ver;
465         hdev->hci_rev = __le16_to_cpu(rp->hci_rev);
466         hdev->lmp_ver = rp->lmp_ver;
467         hdev->manufacturer = __le16_to_cpu(rp->manufacturer);
468         hdev->lmp_subver = __le16_to_cpu(rp->lmp_subver);
469
470         BT_DBG("%s manufacturer 0x%4.4x hci ver %d:%d", hdev->name,
471                hdev->manufacturer, hdev->hci_ver, hdev->hci_rev);
472 }
473
474 static void hci_cc_read_local_commands(struct hci_dev *hdev,
475                                        struct sk_buff *skb)
476 {
477         struct hci_rp_read_local_commands *rp = (void *) skb->data;
478
479         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
480
481         if (!rp->status)
482                 memcpy(hdev->commands, rp->commands, sizeof(hdev->commands));
483 }
484
485 static void hci_cc_read_local_features(struct hci_dev *hdev,
486                                        struct sk_buff *skb)
487 {
488         struct hci_rp_read_local_features *rp = (void *) skb->data;
489
490         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
491
492         if (rp->status)
493                 return;
494
495         memcpy(hdev->features, rp->features, 8);
496
497         /* Adjust default settings according to features
498          * supported by device. */
499
500         if (hdev->features[0] & LMP_3SLOT)
501                 hdev->pkt_type |= (HCI_DM3 | HCI_DH3);
502
503         if (hdev->features[0] & LMP_5SLOT)
504                 hdev->pkt_type |= (HCI_DM5 | HCI_DH5);
505
506         if (hdev->features[1] & LMP_HV2) {
507                 hdev->pkt_type  |= (HCI_HV2);
508                 hdev->esco_type |= (ESCO_HV2);
509         }
510
511         if (hdev->features[1] & LMP_HV3) {
512                 hdev->pkt_type  |= (HCI_HV3);
513                 hdev->esco_type |= (ESCO_HV3);
514         }
515
516         if (lmp_esco_capable(hdev))
517                 hdev->esco_type |= (ESCO_EV3);
518
519         if (hdev->features[4] & LMP_EV4)
520                 hdev->esco_type |= (ESCO_EV4);
521
522         if (hdev->features[4] & LMP_EV5)
523                 hdev->esco_type |= (ESCO_EV5);
524
525         if (hdev->features[5] & LMP_EDR_ESCO_2M)
526                 hdev->esco_type |= (ESCO_2EV3);
527
528         if (hdev->features[5] & LMP_EDR_ESCO_3M)
529                 hdev->esco_type |= (ESCO_3EV3);
530
531         if (hdev->features[5] & LMP_EDR_3S_ESCO)
532                 hdev->esco_type |= (ESCO_2EV5 | ESCO_3EV5);
533
534         BT_DBG("%s features 0x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x", hdev->name,
535                hdev->features[0], hdev->features[1],
536                hdev->features[2], hdev->features[3],
537                hdev->features[4], hdev->features[5],
538                hdev->features[6], hdev->features[7]);
539 }
540
541 static void hci_cc_read_local_ext_features(struct hci_dev *hdev,
542                                            struct sk_buff *skb)
543 {
544         struct hci_rp_read_local_ext_features *rp = (void *) skb->data;
545
546         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
547
548         if (rp->status)
549                 return;
550
551         switch (rp->page) {
552         case 0:
553                 memcpy(hdev->features, rp->features, 8);
554                 break;
555         case 1:
556                 memcpy(hdev->host_features, rp->features, 8);
557                 break;
558         }
559 }
560
561 static void hci_cc_read_flow_control_mode(struct hci_dev *hdev,
562                                           struct sk_buff *skb)
563 {
564         struct hci_rp_read_flow_control_mode *rp = (void *) skb->data;
565
566         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
567
568         if (!rp->status)
569                 hdev->flow_ctl_mode = rp->mode;
570 }
571
572 static void hci_cc_read_buffer_size(struct hci_dev *hdev, struct sk_buff *skb)
573 {
574         struct hci_rp_read_buffer_size *rp = (void *) skb->data;
575
576         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
577
578         if (rp->status)
579                 return;
580
581         hdev->acl_mtu  = __le16_to_cpu(rp->acl_mtu);
582         hdev->sco_mtu  = rp->sco_mtu;
583         hdev->acl_pkts = __le16_to_cpu(rp->acl_max_pkt);
584         hdev->sco_pkts = __le16_to_cpu(rp->sco_max_pkt);
585
586         if (test_bit(HCI_QUIRK_FIXUP_BUFFER_SIZE, &hdev->quirks)) {
587                 hdev->sco_mtu  = 64;
588                 hdev->sco_pkts = 8;
589         }
590
591         hdev->acl_cnt = hdev->acl_pkts;
592         hdev->sco_cnt = hdev->sco_pkts;
593
594         BT_DBG("%s acl mtu %d:%d sco mtu %d:%d", hdev->name, hdev->acl_mtu,
595                hdev->acl_pkts, hdev->sco_mtu, hdev->sco_pkts);
596 }
597
598 static void hci_cc_read_bd_addr(struct hci_dev *hdev, struct sk_buff *skb)
599 {
600         struct hci_rp_read_bd_addr *rp = (void *) skb->data;
601
602         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
603
604         if (!rp->status)
605                 bacpy(&hdev->bdaddr, &rp->bdaddr);
606 }
607
608 static void hci_cc_read_data_block_size(struct hci_dev *hdev,
609                                         struct sk_buff *skb)
610 {
611         struct hci_rp_read_data_block_size *rp = (void *) skb->data;
612
613         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
614
615         if (rp->status)
616                 return;
617
618         hdev->block_mtu = __le16_to_cpu(rp->max_acl_len);
619         hdev->block_len = __le16_to_cpu(rp->block_len);
620         hdev->num_blocks = __le16_to_cpu(rp->num_blocks);
621
622         hdev->block_cnt = hdev->num_blocks;
623
624         BT_DBG("%s blk mtu %d cnt %d len %d", hdev->name, hdev->block_mtu,
625                hdev->block_cnt, hdev->block_len);
626 }
627
628 static void hci_cc_read_local_amp_info(struct hci_dev *hdev,
629                                        struct sk_buff *skb)
630 {
631         struct hci_rp_read_local_amp_info *rp = (void *) skb->data;
632
633         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
634
635         if (rp->status)
636                 goto a2mp_rsp;
637
638         hdev->amp_status = rp->amp_status;
639         hdev->amp_total_bw = __le32_to_cpu(rp->total_bw);
640         hdev->amp_max_bw = __le32_to_cpu(rp->max_bw);
641         hdev->amp_min_latency = __le32_to_cpu(rp->min_latency);
642         hdev->amp_max_pdu = __le32_to_cpu(rp->max_pdu);
643         hdev->amp_type = rp->amp_type;
644         hdev->amp_pal_cap = __le16_to_cpu(rp->pal_cap);
645         hdev->amp_assoc_size = __le16_to_cpu(rp->max_assoc_size);
646         hdev->amp_be_flush_to = __le32_to_cpu(rp->be_flush_to);
647         hdev->amp_max_flush_to = __le32_to_cpu(rp->max_flush_to);
648
649 a2mp_rsp:
650         a2mp_send_getinfo_rsp(hdev);
651 }
652
653 static void hci_cc_read_local_amp_assoc(struct hci_dev *hdev,
654                                         struct sk_buff *skb)
655 {
656         struct hci_rp_read_local_amp_assoc *rp = (void *) skb->data;
657         struct amp_assoc *assoc = &hdev->loc_assoc;
658         size_t rem_len, frag_len;
659
660         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
661
662         if (rp->status)
663                 goto a2mp_rsp;
664
665         frag_len = skb->len - sizeof(*rp);
666         rem_len = __le16_to_cpu(rp->rem_len);
667
668         if (rem_len > frag_len) {
669                 BT_DBG("frag_len %zu rem_len %zu", frag_len, rem_len);
670
671                 memcpy(assoc->data + assoc->offset, rp->frag, frag_len);
672                 assoc->offset += frag_len;
673
674                 /* Read other fragments */
675                 amp_read_loc_assoc_frag(hdev, rp->phy_handle);
676
677                 return;
678         }
679
680         memcpy(assoc->data + assoc->offset, rp->frag, rem_len);
681         assoc->len = assoc->offset + rem_len;
682         assoc->offset = 0;
683
684 a2mp_rsp:
685         /* Send A2MP Rsp when all fragments are received */
686         a2mp_send_getampassoc_rsp(hdev, rp->status);
687         a2mp_send_create_phy_link_req(hdev, rp->status);
688 }
689
690 static void hci_cc_read_inq_rsp_tx_power(struct hci_dev *hdev,
691                                          struct sk_buff *skb)
692 {
693         struct hci_rp_read_inq_rsp_tx_power *rp = (void *) skb->data;
694
695         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
696
697         if (!rp->status)
698                 hdev->inq_tx_power = rp->tx_power;
699 }
700
701 static void hci_cc_pin_code_reply(struct hci_dev *hdev, struct sk_buff *skb)
702 {
703         struct hci_rp_pin_code_reply *rp = (void *) skb->data;
704         struct hci_cp_pin_code_reply *cp;
705         struct hci_conn *conn;
706
707         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
708
709         hci_dev_lock(hdev);
710
711         if (test_bit(HCI_MGMT, &hdev->dev_flags))
712                 mgmt_pin_code_reply_complete(hdev, &rp->bdaddr, rp->status);
713
714         if (rp->status)
715                 goto unlock;
716
717         cp = hci_sent_cmd_data(hdev, HCI_OP_PIN_CODE_REPLY);
718         if (!cp)
719                 goto unlock;
720
721         conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
722         if (conn)
723                 conn->pin_length = cp->pin_len;
724
725 unlock:
726         hci_dev_unlock(hdev);
727 }
728
729 static void hci_cc_pin_code_neg_reply(struct hci_dev *hdev, struct sk_buff *skb)
730 {
731         struct hci_rp_pin_code_neg_reply *rp = (void *) skb->data;
732
733         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
734
735         hci_dev_lock(hdev);
736
737         if (test_bit(HCI_MGMT, &hdev->dev_flags))
738                 mgmt_pin_code_neg_reply_complete(hdev, &rp->bdaddr,
739                                                  rp->status);
740
741         hci_dev_unlock(hdev);
742 }
743
744 static void hci_cc_le_read_buffer_size(struct hci_dev *hdev,
745                                        struct sk_buff *skb)
746 {
747         struct hci_rp_le_read_buffer_size *rp = (void *) skb->data;
748
749         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
750
751         if (rp->status)
752                 return;
753
754         hdev->le_mtu = __le16_to_cpu(rp->le_mtu);
755         hdev->le_pkts = rp->le_max_pkt;
756
757         hdev->le_cnt = hdev->le_pkts;
758
759         BT_DBG("%s le mtu %d:%d", hdev->name, hdev->le_mtu, hdev->le_pkts);
760 }
761
762 static void hci_cc_le_read_local_features(struct hci_dev *hdev,
763                                           struct sk_buff *skb)
764 {
765         struct hci_rp_le_read_local_features *rp = (void *) skb->data;
766
767         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
768
769         if (!rp->status)
770                 memcpy(hdev->le_features, rp->features, 8);
771 }
772
773 static void hci_cc_le_read_adv_tx_power(struct hci_dev *hdev,
774                                         struct sk_buff *skb)
775 {
776         struct hci_rp_le_read_adv_tx_power *rp = (void *) skb->data;
777
778         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
779
780         if (!rp->status) {
781                 hdev->adv_tx_power = rp->tx_power;
782                 if (!test_bit(HCI_INIT, &hdev->flags))
783                         hci_update_ad(hdev);
784         }
785 }
786
787 static void hci_cc_user_confirm_reply(struct hci_dev *hdev, struct sk_buff *skb)
788 {
789         struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
790
791         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
792
793         hci_dev_lock(hdev);
794
795         if (test_bit(HCI_MGMT, &hdev->dev_flags))
796                 mgmt_user_confirm_reply_complete(hdev, &rp->bdaddr, ACL_LINK, 0,
797                                                  rp->status);
798
799         hci_dev_unlock(hdev);
800 }
801
802 static void hci_cc_user_confirm_neg_reply(struct hci_dev *hdev,
803                                           struct sk_buff *skb)
804 {
805         struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
806
807         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
808
809         hci_dev_lock(hdev);
810
811         if (test_bit(HCI_MGMT, &hdev->dev_flags))
812                 mgmt_user_confirm_neg_reply_complete(hdev, &rp->bdaddr,
813                                                      ACL_LINK, 0, rp->status);
814
815         hci_dev_unlock(hdev);
816 }
817
818 static void hci_cc_user_passkey_reply(struct hci_dev *hdev, struct sk_buff *skb)
819 {
820         struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
821
822         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
823
824         hci_dev_lock(hdev);
825
826         if (test_bit(HCI_MGMT, &hdev->dev_flags))
827                 mgmt_user_passkey_reply_complete(hdev, &rp->bdaddr, ACL_LINK,
828                                                  0, rp->status);
829
830         hci_dev_unlock(hdev);
831 }
832
833 static void hci_cc_user_passkey_neg_reply(struct hci_dev *hdev,
834                                           struct sk_buff *skb)
835 {
836         struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
837
838         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
839
840         hci_dev_lock(hdev);
841
842         if (test_bit(HCI_MGMT, &hdev->dev_flags))
843                 mgmt_user_passkey_neg_reply_complete(hdev, &rp->bdaddr,
844                                                      ACL_LINK, 0, rp->status);
845
846         hci_dev_unlock(hdev);
847 }
848
849 static void hci_cc_read_local_oob_data_reply(struct hci_dev *hdev,
850                                              struct sk_buff *skb)
851 {
852         struct hci_rp_read_local_oob_data *rp = (void *) skb->data;
853
854         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
855
856         hci_dev_lock(hdev);
857         mgmt_read_local_oob_data_reply_complete(hdev, rp->hash,
858                                                 rp->randomizer, rp->status);
859         hci_dev_unlock(hdev);
860 }
861
862 static void hci_cc_le_set_adv_enable(struct hci_dev *hdev, struct sk_buff *skb)
863 {
864         __u8 *sent, status = *((__u8 *) skb->data);
865
866         BT_DBG("%s status 0x%2.2x", hdev->name, status);
867
868         sent = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_ADV_ENABLE);
869         if (!sent)
870                 return;
871
872         hci_dev_lock(hdev);
873
874         if (!status) {
875                 if (*sent)
876                         set_bit(HCI_LE_PERIPHERAL, &hdev->dev_flags);
877                 else
878                         clear_bit(HCI_LE_PERIPHERAL, &hdev->dev_flags);
879         }
880
881         hci_dev_unlock(hdev);
882
883         if (!test_bit(HCI_INIT, &hdev->flags))
884                 hci_update_ad(hdev);
885 }
886
887 static void hci_cc_le_set_scan_param(struct hci_dev *hdev, struct sk_buff *skb)
888 {
889         __u8 status = *((__u8 *) skb->data);
890
891         BT_DBG("%s status 0x%2.2x", hdev->name, status);
892
893         if (status) {
894                 hci_dev_lock(hdev);
895                 mgmt_start_discovery_failed(hdev, status);
896                 hci_dev_unlock(hdev);
897                 return;
898         }
899 }
900
901 static void hci_cc_le_set_scan_enable(struct hci_dev *hdev,
902                                       struct sk_buff *skb)
903 {
904         struct hci_cp_le_set_scan_enable *cp;
905         __u8 status = *((__u8 *) skb->data);
906
907         BT_DBG("%s status 0x%2.2x", hdev->name, status);
908
909         cp = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_SCAN_ENABLE);
910         if (!cp)
911                 return;
912
913         switch (cp->enable) {
914         case LE_SCANNING_ENABLED:
915                 if (status) {
916                         hci_dev_lock(hdev);
917                         mgmt_start_discovery_failed(hdev, status);
918                         hci_dev_unlock(hdev);
919                         return;
920                 }
921
922                 set_bit(HCI_LE_SCAN, &hdev->dev_flags);
923
924                 hci_dev_lock(hdev);
925                 hci_discovery_set_state(hdev, DISCOVERY_FINDING);
926                 hci_dev_unlock(hdev);
927                 break;
928
929         case LE_SCANNING_DISABLED:
930                 if (status) {
931                         hci_dev_lock(hdev);
932                         mgmt_stop_discovery_failed(hdev, status);
933                         hci_dev_unlock(hdev);
934                         return;
935                 }
936
937                 clear_bit(HCI_LE_SCAN, &hdev->dev_flags);
938
939                 if (hdev->discovery.type == DISCOV_TYPE_INTERLEAVED &&
940                     hdev->discovery.state == DISCOVERY_FINDING) {
941                         mgmt_interleaved_discovery(hdev);
942                 } else {
943                         hci_dev_lock(hdev);
944                         hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
945                         hci_dev_unlock(hdev);
946                 }
947
948                 break;
949
950         default:
951                 BT_ERR("Used reserved LE_Scan_Enable param %d", cp->enable);
952                 break;
953         }
954 }
955
956 static void hci_cc_le_read_white_list_size(struct hci_dev *hdev,
957                                            struct sk_buff *skb)
958 {
959         struct hci_rp_le_read_white_list_size *rp = (void *) skb->data;
960
961         BT_DBG("%s status 0x%2.2x size %u", hdev->name, rp->status, rp->size);
962
963         if (!rp->status)
964                 hdev->le_white_list_size = rp->size;
965 }
966
967 static void hci_cc_le_read_supported_states(struct hci_dev *hdev,
968                                             struct sk_buff *skb)
969 {
970         struct hci_rp_le_read_supported_states *rp = (void *) skb->data;
971
972         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
973
974         if (!rp->status)
975                 memcpy(hdev->le_states, rp->le_states, 8);
976 }
977
978 static void hci_cc_write_le_host_supported(struct hci_dev *hdev,
979                                            struct sk_buff *skb)
980 {
981         struct hci_cp_write_le_host_supported *sent;
982         __u8 status = *((__u8 *) skb->data);
983
984         BT_DBG("%s status 0x%2.2x", hdev->name, status);
985
986         sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED);
987         if (!sent)
988                 return;
989
990         if (!status) {
991                 if (sent->le)
992                         hdev->host_features[0] |= LMP_HOST_LE;
993                 else
994                         hdev->host_features[0] &= ~LMP_HOST_LE;
995
996                 if (sent->simul)
997                         hdev->host_features[0] |= LMP_HOST_LE_BREDR;
998                 else
999                         hdev->host_features[0] &= ~LMP_HOST_LE_BREDR;
1000         }
1001
1002         if (test_bit(HCI_MGMT, &hdev->dev_flags) &&
1003             !test_bit(HCI_INIT, &hdev->flags))
1004                 mgmt_le_enable_complete(hdev, sent->le, status);
1005 }
1006
1007 static void hci_cc_write_remote_amp_assoc(struct hci_dev *hdev,
1008                                           struct sk_buff *skb)
1009 {
1010         struct hci_rp_write_remote_amp_assoc *rp = (void *) skb->data;
1011
1012         BT_DBG("%s status 0x%2.2x phy_handle 0x%2.2x",
1013                hdev->name, rp->status, rp->phy_handle);
1014
1015         if (rp->status)
1016                 return;
1017
1018         amp_write_rem_assoc_continue(hdev, rp->phy_handle);
1019 }
1020
1021 static void hci_cs_inquiry(struct hci_dev *hdev, __u8 status)
1022 {
1023         BT_DBG("%s status 0x%2.2x", hdev->name, status);
1024
1025         if (status) {
1026                 hci_conn_check_pending(hdev);
1027                 hci_dev_lock(hdev);
1028                 if (test_bit(HCI_MGMT, &hdev->dev_flags))
1029                         mgmt_start_discovery_failed(hdev, status);
1030                 hci_dev_unlock(hdev);
1031                 return;
1032         }
1033
1034         set_bit(HCI_INQUIRY, &hdev->flags);
1035
1036         hci_dev_lock(hdev);
1037         hci_discovery_set_state(hdev, DISCOVERY_FINDING);
1038         hci_dev_unlock(hdev);
1039 }
1040
1041 static void hci_cs_create_conn(struct hci_dev *hdev, __u8 status)
1042 {
1043         struct hci_cp_create_conn *cp;
1044         struct hci_conn *conn;
1045
1046         BT_DBG("%s status 0x%2.2x", hdev->name, status);
1047
1048         cp = hci_sent_cmd_data(hdev, HCI_OP_CREATE_CONN);
1049         if (!cp)
1050                 return;
1051
1052         hci_dev_lock(hdev);
1053
1054         conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1055
1056         BT_DBG("%s bdaddr %pMR hcon %p", hdev->name, &cp->bdaddr, conn);
1057
1058         if (status) {
1059                 if (conn && conn->state == BT_CONNECT) {
1060                         if (status != 0x0c || conn->attempt > 2) {
1061                                 conn->state = BT_CLOSED;
1062                                 hci_proto_connect_cfm(conn, status);
1063                                 hci_conn_del(conn);
1064                         } else
1065                                 conn->state = BT_CONNECT2;
1066                 }
1067         } else {
1068                 if (!conn) {
1069                         conn = hci_conn_add(hdev, ACL_LINK, &cp->bdaddr);
1070                         if (conn) {
1071                                 conn->out = true;
1072                                 conn->link_mode |= HCI_LM_MASTER;
1073                         } else
1074                                 BT_ERR("No memory for new connection");
1075                 }
1076         }
1077
1078         hci_dev_unlock(hdev);
1079 }
1080
1081 static void hci_cs_add_sco(struct hci_dev *hdev, __u8 status)
1082 {
1083         struct hci_cp_add_sco *cp;
1084         struct hci_conn *acl, *sco;
1085         __u16 handle;
1086
1087         BT_DBG("%s status 0x%2.2x", hdev->name, status);
1088
1089         if (!status)
1090                 return;
1091
1092         cp = hci_sent_cmd_data(hdev, HCI_OP_ADD_SCO);
1093         if (!cp)
1094                 return;
1095
1096         handle = __le16_to_cpu(cp->handle);
1097
1098         BT_DBG("%s handle 0x%4.4x", hdev->name, handle);
1099
1100         hci_dev_lock(hdev);
1101
1102         acl = hci_conn_hash_lookup_handle(hdev, handle);
1103         if (acl) {
1104                 sco = acl->link;
1105                 if (sco) {
1106                         sco->state = BT_CLOSED;
1107
1108                         hci_proto_connect_cfm(sco, status);
1109                         hci_conn_del(sco);
1110                 }
1111         }
1112
1113         hci_dev_unlock(hdev);
1114 }
1115
1116 static void hci_cs_auth_requested(struct hci_dev *hdev, __u8 status)
1117 {
1118         struct hci_cp_auth_requested *cp;
1119         struct hci_conn *conn;
1120
1121         BT_DBG("%s status 0x%2.2x", hdev->name, status);
1122
1123         if (!status)
1124                 return;
1125
1126         cp = hci_sent_cmd_data(hdev, HCI_OP_AUTH_REQUESTED);
1127         if (!cp)
1128                 return;
1129
1130         hci_dev_lock(hdev);
1131
1132         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1133         if (conn) {
1134                 if (conn->state == BT_CONFIG) {
1135                         hci_proto_connect_cfm(conn, status);
1136                         hci_conn_put(conn);
1137                 }
1138         }
1139
1140         hci_dev_unlock(hdev);
1141 }
1142
1143 static void hci_cs_set_conn_encrypt(struct hci_dev *hdev, __u8 status)
1144 {
1145         struct hci_cp_set_conn_encrypt *cp;
1146         struct hci_conn *conn;
1147
1148         BT_DBG("%s status 0x%2.2x", hdev->name, status);
1149
1150         if (!status)
1151                 return;
1152
1153         cp = hci_sent_cmd_data(hdev, HCI_OP_SET_CONN_ENCRYPT);
1154         if (!cp)
1155                 return;
1156
1157         hci_dev_lock(hdev);
1158
1159         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1160         if (conn) {
1161                 if (conn->state == BT_CONFIG) {
1162                         hci_proto_connect_cfm(conn, status);
1163                         hci_conn_put(conn);
1164                 }
1165         }
1166
1167         hci_dev_unlock(hdev);
1168 }
1169
1170 static int hci_outgoing_auth_needed(struct hci_dev *hdev,
1171                                     struct hci_conn *conn)
1172 {
1173         if (conn->state != BT_CONFIG || !conn->out)
1174                 return 0;
1175
1176         if (conn->pending_sec_level == BT_SECURITY_SDP)
1177                 return 0;
1178
1179         /* Only request authentication for SSP connections or non-SSP
1180          * devices with sec_level HIGH or if MITM protection is requested */
1181         if (!hci_conn_ssp_enabled(conn) && !(conn->auth_type & 0x01) &&
1182             conn->pending_sec_level != BT_SECURITY_HIGH)
1183                 return 0;
1184
1185         return 1;
1186 }
1187
1188 static int hci_resolve_name(struct hci_dev *hdev,
1189                                    struct inquiry_entry *e)
1190 {
1191         struct hci_cp_remote_name_req cp;
1192
1193         memset(&cp, 0, sizeof(cp));
1194
1195         bacpy(&cp.bdaddr, &e->data.bdaddr);
1196         cp.pscan_rep_mode = e->data.pscan_rep_mode;
1197         cp.pscan_mode = e->data.pscan_mode;
1198         cp.clock_offset = e->data.clock_offset;
1199
1200         return hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
1201 }
1202
1203 static bool hci_resolve_next_name(struct hci_dev *hdev)
1204 {
1205         struct discovery_state *discov = &hdev->discovery;
1206         struct inquiry_entry *e;
1207
1208         if (list_empty(&discov->resolve))
1209                 return false;
1210
1211         e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_NEEDED);
1212         if (!e)
1213                 return false;
1214
1215         if (hci_resolve_name(hdev, e) == 0) {
1216                 e->name_state = NAME_PENDING;
1217                 return true;
1218         }
1219
1220         return false;
1221 }
1222
1223 static void hci_check_pending_name(struct hci_dev *hdev, struct hci_conn *conn,
1224                                    bdaddr_t *bdaddr, u8 *name, u8 name_len)
1225 {
1226         struct discovery_state *discov = &hdev->discovery;
1227         struct inquiry_entry *e;
1228
1229         if (conn && !test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
1230                 mgmt_device_connected(hdev, bdaddr, ACL_LINK, 0x00, 0, name,
1231                                       name_len, conn->dev_class);
1232
1233         if (discov->state == DISCOVERY_STOPPED)
1234                 return;
1235
1236         if (discov->state == DISCOVERY_STOPPING)
1237                 goto discov_complete;
1238
1239         if (discov->state != DISCOVERY_RESOLVING)
1240                 return;
1241
1242         e = hci_inquiry_cache_lookup_resolve(hdev, bdaddr, NAME_PENDING);
1243         /* If the device was not found in a list of found devices names of which
1244          * are pending. there is no need to continue resolving a next name as it
1245          * will be done upon receiving another Remote Name Request Complete
1246          * Event */
1247         if (!e)
1248                 return;
1249
1250         list_del(&e->list);
1251         if (name) {
1252                 e->name_state = NAME_KNOWN;
1253                 mgmt_remote_name(hdev, bdaddr, ACL_LINK, 0x00,
1254                                  e->data.rssi, name, name_len);
1255         } else {
1256                 e->name_state = NAME_NOT_KNOWN;
1257         }
1258
1259         if (hci_resolve_next_name(hdev))
1260                 return;
1261
1262 discov_complete:
1263         hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1264 }
1265
1266 static void hci_cs_remote_name_req(struct hci_dev *hdev, __u8 status)
1267 {
1268         struct hci_cp_remote_name_req *cp;
1269         struct hci_conn *conn;
1270
1271         BT_DBG("%s status 0x%2.2x", hdev->name, status);
1272
1273         /* If successful wait for the name req complete event before
1274          * checking for the need to do authentication */
1275         if (!status)
1276                 return;
1277
1278         cp = hci_sent_cmd_data(hdev, HCI_OP_REMOTE_NAME_REQ);
1279         if (!cp)
1280                 return;
1281
1282         hci_dev_lock(hdev);
1283
1284         conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1285
1286         if (test_bit(HCI_MGMT, &hdev->dev_flags))
1287                 hci_check_pending_name(hdev, conn, &cp->bdaddr, NULL, 0);
1288
1289         if (!conn)
1290                 goto unlock;
1291
1292         if (!hci_outgoing_auth_needed(hdev, conn))
1293                 goto unlock;
1294
1295         if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
1296                 struct hci_cp_auth_requested cp;
1297                 cp.handle = __cpu_to_le16(conn->handle);
1298                 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp);
1299         }
1300
1301 unlock:
1302         hci_dev_unlock(hdev);
1303 }
1304
1305 static void hci_cs_read_remote_features(struct hci_dev *hdev, __u8 status)
1306 {
1307         struct hci_cp_read_remote_features *cp;
1308         struct hci_conn *conn;
1309
1310         BT_DBG("%s status 0x%2.2x", hdev->name, status);
1311
1312         if (!status)
1313                 return;
1314
1315         cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_FEATURES);
1316         if (!cp)
1317                 return;
1318
1319         hci_dev_lock(hdev);
1320
1321         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1322         if (conn) {
1323                 if (conn->state == BT_CONFIG) {
1324                         hci_proto_connect_cfm(conn, status);
1325                         hci_conn_put(conn);
1326                 }
1327         }
1328
1329         hci_dev_unlock(hdev);
1330 }
1331
1332 static void hci_cs_read_remote_ext_features(struct hci_dev *hdev, __u8 status)
1333 {
1334         struct hci_cp_read_remote_ext_features *cp;
1335         struct hci_conn *conn;
1336
1337         BT_DBG("%s status 0x%2.2x", hdev->name, status);
1338
1339         if (!status)
1340                 return;
1341
1342         cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES);
1343         if (!cp)
1344                 return;
1345
1346         hci_dev_lock(hdev);
1347
1348         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1349         if (conn) {
1350                 if (conn->state == BT_CONFIG) {
1351                         hci_proto_connect_cfm(conn, status);
1352                         hci_conn_put(conn);
1353                 }
1354         }
1355
1356         hci_dev_unlock(hdev);
1357 }
1358
1359 static void hci_cs_setup_sync_conn(struct hci_dev *hdev, __u8 status)
1360 {
1361         struct hci_cp_setup_sync_conn *cp;
1362         struct hci_conn *acl, *sco;
1363         __u16 handle;
1364
1365         BT_DBG("%s status 0x%2.2x", hdev->name, status);
1366
1367         if (!status)
1368                 return;
1369
1370         cp = hci_sent_cmd_data(hdev, HCI_OP_SETUP_SYNC_CONN);
1371         if (!cp)
1372                 return;
1373
1374         handle = __le16_to_cpu(cp->handle);
1375
1376         BT_DBG("%s handle 0x%4.4x", hdev->name, handle);
1377
1378         hci_dev_lock(hdev);
1379
1380         acl = hci_conn_hash_lookup_handle(hdev, handle);
1381         if (acl) {
1382                 sco = acl->link;
1383                 if (sco) {
1384                         sco->state = BT_CLOSED;
1385
1386                         hci_proto_connect_cfm(sco, status);
1387                         hci_conn_del(sco);
1388                 }
1389         }
1390
1391         hci_dev_unlock(hdev);
1392 }
1393
1394 static void hci_cs_sniff_mode(struct hci_dev *hdev, __u8 status)
1395 {
1396         struct hci_cp_sniff_mode *cp;
1397         struct hci_conn *conn;
1398
1399         BT_DBG("%s status 0x%2.2x", hdev->name, status);
1400
1401         if (!status)
1402                 return;
1403
1404         cp = hci_sent_cmd_data(hdev, HCI_OP_SNIFF_MODE);
1405         if (!cp)
1406                 return;
1407
1408         hci_dev_lock(hdev);
1409
1410         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1411         if (conn) {
1412                 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags);
1413
1414                 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
1415                         hci_sco_setup(conn, status);
1416         }
1417
1418         hci_dev_unlock(hdev);
1419 }
1420
1421 static void hci_cs_exit_sniff_mode(struct hci_dev *hdev, __u8 status)
1422 {
1423         struct hci_cp_exit_sniff_mode *cp;
1424         struct hci_conn *conn;
1425
1426         BT_DBG("%s status 0x%2.2x", hdev->name, status);
1427
1428         if (!status)
1429                 return;
1430
1431         cp = hci_sent_cmd_data(hdev, HCI_OP_EXIT_SNIFF_MODE);
1432         if (!cp)
1433                 return;
1434
1435         hci_dev_lock(hdev);
1436
1437         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1438         if (conn) {
1439                 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags);
1440
1441                 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
1442                         hci_sco_setup(conn, status);
1443         }
1444
1445         hci_dev_unlock(hdev);
1446 }
1447
1448 static void hci_cs_disconnect(struct hci_dev *hdev, u8 status)
1449 {
1450         struct hci_cp_disconnect *cp;
1451         struct hci_conn *conn;
1452
1453         if (!status)
1454                 return;
1455
1456         cp = hci_sent_cmd_data(hdev, HCI_OP_DISCONNECT);
1457         if (!cp)
1458                 return;
1459
1460         hci_dev_lock(hdev);
1461
1462         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1463         if (conn)
1464                 mgmt_disconnect_failed(hdev, &conn->dst, conn->type,
1465                                        conn->dst_type, status);
1466
1467         hci_dev_unlock(hdev);
1468 }
1469
1470 static void hci_cs_le_create_conn(struct hci_dev *hdev, __u8 status)
1471 {
1472         struct hci_conn *conn;
1473
1474         BT_DBG("%s status 0x%2.2x", hdev->name, status);
1475
1476         if (status) {
1477                 hci_dev_lock(hdev);
1478
1479                 conn = hci_conn_hash_lookup_state(hdev, LE_LINK, BT_CONNECT);
1480                 if (!conn) {
1481                         hci_dev_unlock(hdev);
1482                         return;
1483                 }
1484
1485                 BT_DBG("%s bdaddr %pMR conn %p", hdev->name, &conn->dst, conn);
1486
1487                 conn->state = BT_CLOSED;
1488                 mgmt_connect_failed(hdev, &conn->dst, conn->type,
1489                                     conn->dst_type, status);
1490                 hci_proto_connect_cfm(conn, status);
1491                 hci_conn_del(conn);
1492
1493                 hci_dev_unlock(hdev);
1494         }
1495 }
1496
1497 static void hci_cs_create_phylink(struct hci_dev *hdev, u8 status)
1498 {
1499         struct hci_cp_create_phy_link *cp;
1500
1501         BT_DBG("%s status 0x%2.2x", hdev->name, status);
1502
1503         cp = hci_sent_cmd_data(hdev, HCI_OP_CREATE_PHY_LINK);
1504         if (!cp)
1505                 return;
1506
1507         hci_dev_lock(hdev);
1508
1509         if (status) {
1510                 struct hci_conn *hcon;
1511
1512                 hcon = hci_conn_hash_lookup_handle(hdev, cp->phy_handle);
1513                 if (hcon)
1514                         hci_conn_del(hcon);
1515         } else {
1516                 amp_write_remote_assoc(hdev, cp->phy_handle);
1517         }
1518
1519         hci_dev_unlock(hdev);
1520 }
1521
1522 static void hci_cs_accept_phylink(struct hci_dev *hdev, u8 status)
1523 {
1524         struct hci_cp_accept_phy_link *cp;
1525
1526         BT_DBG("%s status 0x%2.2x", hdev->name, status);
1527
1528         if (status)
1529                 return;
1530
1531         cp = hci_sent_cmd_data(hdev, HCI_OP_ACCEPT_PHY_LINK);
1532         if (!cp)
1533                 return;
1534
1535         amp_write_remote_assoc(hdev, cp->phy_handle);
1536 }
1537
1538 static void hci_inquiry_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1539 {
1540         __u8 status = *((__u8 *) skb->data);
1541         struct discovery_state *discov = &hdev->discovery;
1542         struct inquiry_entry *e;
1543
1544         BT_DBG("%s status 0x%2.2x", hdev->name, status);
1545
1546         hci_req_cmd_complete(hdev, HCI_OP_INQUIRY, status);
1547
1548         hci_conn_check_pending(hdev);
1549
1550         if (!test_and_clear_bit(HCI_INQUIRY, &hdev->flags))
1551                 return;
1552
1553         if (!test_bit(HCI_MGMT, &hdev->dev_flags))
1554                 return;
1555
1556         hci_dev_lock(hdev);
1557
1558         if (discov->state != DISCOVERY_FINDING)
1559                 goto unlock;
1560
1561         if (list_empty(&discov->resolve)) {
1562                 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1563                 goto unlock;
1564         }
1565
1566         e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_NEEDED);
1567         if (e && hci_resolve_name(hdev, e) == 0) {
1568                 e->name_state = NAME_PENDING;
1569                 hci_discovery_set_state(hdev, DISCOVERY_RESOLVING);
1570         } else {
1571                 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1572         }
1573
1574 unlock:
1575         hci_dev_unlock(hdev);
1576 }
1577
1578 static void hci_inquiry_result_evt(struct hci_dev *hdev, struct sk_buff *skb)
1579 {
1580         struct inquiry_data data;
1581         struct inquiry_info *info = (void *) (skb->data + 1);
1582         int num_rsp = *((__u8 *) skb->data);
1583
1584         BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
1585
1586         if (!num_rsp)
1587                 return;
1588
1589         if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags))
1590                 return;
1591
1592         hci_dev_lock(hdev);
1593
1594         for (; num_rsp; num_rsp--, info++) {
1595                 bool name_known, ssp;
1596
1597                 bacpy(&data.bdaddr, &info->bdaddr);
1598                 data.pscan_rep_mode     = info->pscan_rep_mode;
1599                 data.pscan_period_mode  = info->pscan_period_mode;
1600                 data.pscan_mode         = info->pscan_mode;
1601                 memcpy(data.dev_class, info->dev_class, 3);
1602                 data.clock_offset       = info->clock_offset;
1603                 data.rssi               = 0x00;
1604                 data.ssp_mode           = 0x00;
1605
1606                 name_known = hci_inquiry_cache_update(hdev, &data, false, &ssp);
1607                 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
1608                                   info->dev_class, 0, !name_known, ssp, NULL,
1609                                   0);
1610         }
1611
1612         hci_dev_unlock(hdev);
1613 }
1614
1615 static void hci_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1616 {
1617         struct hci_ev_conn_complete *ev = (void *) skb->data;
1618         struct hci_conn *conn;
1619
1620         BT_DBG("%s", hdev->name);
1621
1622         hci_dev_lock(hdev);
1623
1624         conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
1625         if (!conn) {
1626                 if (ev->link_type != SCO_LINK)
1627                         goto unlock;
1628
1629                 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
1630                 if (!conn)
1631                         goto unlock;
1632
1633                 conn->type = SCO_LINK;
1634         }
1635
1636         if (!ev->status) {
1637                 conn->handle = __le16_to_cpu(ev->handle);
1638
1639                 if (conn->type == ACL_LINK) {
1640                         conn->state = BT_CONFIG;
1641                         hci_conn_hold(conn);
1642
1643                         if (!conn->out && !hci_conn_ssp_enabled(conn) &&
1644                             !hci_find_link_key(hdev, &ev->bdaddr))
1645                                 conn->disc_timeout = HCI_PAIRING_TIMEOUT;
1646                         else
1647                                 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
1648                 } else
1649                         conn->state = BT_CONNECTED;
1650
1651                 hci_conn_hold_device(conn);
1652                 hci_conn_add_sysfs(conn);
1653
1654                 if (test_bit(HCI_AUTH, &hdev->flags))
1655                         conn->link_mode |= HCI_LM_AUTH;
1656
1657                 if (test_bit(HCI_ENCRYPT, &hdev->flags))
1658                         conn->link_mode |= HCI_LM_ENCRYPT;
1659
1660                 /* Get remote features */
1661                 if (conn->type == ACL_LINK) {
1662                         struct hci_cp_read_remote_features cp;
1663                         cp.handle = ev->handle;
1664                         hci_send_cmd(hdev, HCI_OP_READ_REMOTE_FEATURES,
1665                                      sizeof(cp), &cp);
1666                 }
1667
1668                 /* Set packet type for incoming connection */
1669                 if (!conn->out && hdev->hci_ver < BLUETOOTH_VER_2_0) {
1670                         struct hci_cp_change_conn_ptype cp;
1671                         cp.handle = ev->handle;
1672                         cp.pkt_type = cpu_to_le16(conn->pkt_type);
1673                         hci_send_cmd(hdev, HCI_OP_CHANGE_CONN_PTYPE, sizeof(cp),
1674                                      &cp);
1675                 }
1676         } else {
1677                 conn->state = BT_CLOSED;
1678                 if (conn->type == ACL_LINK)
1679                         mgmt_connect_failed(hdev, &ev->bdaddr, conn->type,
1680                                             conn->dst_type, ev->status);
1681         }
1682
1683         if (conn->type == ACL_LINK)
1684                 hci_sco_setup(conn, ev->status);
1685
1686         if (ev->status) {
1687                 hci_proto_connect_cfm(conn, ev->status);
1688                 hci_conn_del(conn);
1689         } else if (ev->link_type != ACL_LINK)
1690                 hci_proto_connect_cfm(conn, ev->status);
1691
1692 unlock:
1693         hci_dev_unlock(hdev);
1694
1695         hci_conn_check_pending(hdev);
1696 }
1697
1698 void hci_conn_accept(struct hci_conn *conn, int mask)
1699 {
1700         struct hci_dev *hdev = conn->hdev;
1701
1702         BT_DBG("conn %p", conn);
1703
1704         conn->state = BT_CONFIG;
1705
1706         if (!lmp_esco_capable(hdev)) {
1707                 struct hci_cp_accept_conn_req cp;
1708
1709                 bacpy(&cp.bdaddr, &conn->dst);
1710
1711                 if (lmp_rswitch_capable(hdev) && (mask & HCI_LM_MASTER))
1712                         cp.role = 0x00; /* Become master */
1713                 else
1714                         cp.role = 0x01; /* Remain slave */
1715
1716                 hci_send_cmd(hdev, HCI_OP_ACCEPT_CONN_REQ, sizeof(cp), &cp);
1717         } else /* lmp_esco_capable(hdev)) */ {
1718                 struct hci_cp_accept_sync_conn_req cp;
1719
1720                 bacpy(&cp.bdaddr, &conn->dst);
1721                 cp.pkt_type = cpu_to_le16(conn->pkt_type);
1722
1723                 cp.tx_bandwidth   = __constant_cpu_to_le32(0x00001f40);
1724                 cp.rx_bandwidth   = __constant_cpu_to_le32(0x00001f40);
1725                 cp.max_latency    = __constant_cpu_to_le16(0xffff);
1726                 cp.content_format = cpu_to_le16(hdev->voice_setting);
1727                 cp.retrans_effort = 0xff;
1728
1729                 hci_send_cmd(hdev, HCI_OP_ACCEPT_SYNC_CONN_REQ,
1730                              sizeof(cp), &cp);
1731         }
1732 }
1733
1734 static void hci_conn_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
1735 {
1736         struct hci_ev_conn_request *ev = (void *) skb->data;
1737         int mask = hdev->link_mode;
1738         __u8 flags = 0;
1739
1740         BT_DBG("%s bdaddr %pMR type 0x%x", hdev->name, &ev->bdaddr,
1741                ev->link_type);
1742
1743         mask |= hci_proto_connect_ind(hdev, &ev->bdaddr, ev->link_type,
1744                                       &flags);
1745
1746         if ((mask & HCI_LM_ACCEPT) &&
1747             !hci_blacklist_lookup(hdev, &ev->bdaddr)) {
1748                 /* Connection accepted */
1749                 struct inquiry_entry *ie;
1750                 struct hci_conn *conn;
1751
1752                 hci_dev_lock(hdev);
1753
1754                 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
1755                 if (ie)
1756                         memcpy(ie->data.dev_class, ev->dev_class, 3);
1757
1758                 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type,
1759                                                &ev->bdaddr);
1760                 if (!conn) {
1761                         conn = hci_conn_add(hdev, ev->link_type, &ev->bdaddr);
1762                         if (!conn) {
1763                                 BT_ERR("No memory for new connection");
1764                                 hci_dev_unlock(hdev);
1765                                 return;
1766                         }
1767                 }
1768
1769                 memcpy(conn->dev_class, ev->dev_class, 3);
1770
1771                 hci_dev_unlock(hdev);
1772
1773                 if (ev->link_type == ACL_LINK ||
1774                     (!(flags & HCI_PROTO_DEFER) && !lmp_esco_capable(hdev))) {
1775                         struct hci_cp_accept_conn_req cp;
1776                         conn->state = BT_CONNECT;
1777
1778                         bacpy(&cp.bdaddr, &ev->bdaddr);
1779
1780                         if (lmp_rswitch_capable(hdev) && (mask & HCI_LM_MASTER))
1781                                 cp.role = 0x00; /* Become master */
1782                         else
1783                                 cp.role = 0x01; /* Remain slave */
1784
1785                         hci_send_cmd(hdev, HCI_OP_ACCEPT_CONN_REQ, sizeof(cp),
1786                                      &cp);
1787                 } else if (!(flags & HCI_PROTO_DEFER)) {
1788                         struct hci_cp_accept_sync_conn_req cp;
1789                         conn->state = BT_CONNECT;
1790
1791                         bacpy(&cp.bdaddr, &ev->bdaddr);
1792                         cp.pkt_type = cpu_to_le16(conn->pkt_type);
1793
1794                         cp.tx_bandwidth   = __constant_cpu_to_le32(0x00001f40);
1795                         cp.rx_bandwidth   = __constant_cpu_to_le32(0x00001f40);
1796                         cp.max_latency    = __constant_cpu_to_le16(0xffff);
1797                         cp.content_format = cpu_to_le16(hdev->voice_setting);
1798                         cp.retrans_effort = 0xff;
1799
1800                         hci_send_cmd(hdev, HCI_OP_ACCEPT_SYNC_CONN_REQ,
1801                                      sizeof(cp), &cp);
1802                 } else {
1803                         conn->state = BT_CONNECT2;
1804                         hci_proto_connect_cfm(conn, 0);
1805                         hci_conn_put(conn);
1806                 }
1807         } else {
1808                 /* Connection rejected */
1809                 struct hci_cp_reject_conn_req cp;
1810
1811                 bacpy(&cp.bdaddr, &ev->bdaddr);
1812                 cp.reason = HCI_ERROR_REJ_BAD_ADDR;
1813                 hci_send_cmd(hdev, HCI_OP_REJECT_CONN_REQ, sizeof(cp), &cp);
1814         }
1815 }
1816
1817 static u8 hci_to_mgmt_reason(u8 err)
1818 {
1819         switch (err) {
1820         case HCI_ERROR_CONNECTION_TIMEOUT:
1821                 return MGMT_DEV_DISCONN_TIMEOUT;
1822         case HCI_ERROR_REMOTE_USER_TERM:
1823         case HCI_ERROR_REMOTE_LOW_RESOURCES:
1824         case HCI_ERROR_REMOTE_POWER_OFF:
1825                 return MGMT_DEV_DISCONN_REMOTE;
1826         case HCI_ERROR_LOCAL_HOST_TERM:
1827                 return MGMT_DEV_DISCONN_LOCAL_HOST;
1828         default:
1829                 return MGMT_DEV_DISCONN_UNKNOWN;
1830         }
1831 }
1832
1833 static void hci_disconn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1834 {
1835         struct hci_ev_disconn_complete *ev = (void *) skb->data;
1836         struct hci_conn *conn;
1837
1838         BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
1839
1840         hci_dev_lock(hdev);
1841
1842         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1843         if (!conn)
1844                 goto unlock;
1845
1846         if (ev->status == 0)
1847                 conn->state = BT_CLOSED;
1848
1849         if (test_and_clear_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags) &&
1850             (conn->type == ACL_LINK || conn->type == LE_LINK)) {
1851                 if (ev->status) {
1852                         mgmt_disconnect_failed(hdev, &conn->dst, conn->type,
1853                                                conn->dst_type, ev->status);
1854                 } else {
1855                         u8 reason = hci_to_mgmt_reason(ev->reason);
1856
1857                         mgmt_device_disconnected(hdev, &conn->dst, conn->type,
1858                                                  conn->dst_type, reason);
1859                 }
1860         }
1861
1862         if (ev->status == 0) {
1863                 if (conn->type == ACL_LINK && conn->flush_key)
1864                         hci_remove_link_key(hdev, &conn->dst);
1865                 hci_proto_disconn_cfm(conn, ev->reason);
1866                 hci_conn_del(conn);
1867         }
1868
1869 unlock:
1870         hci_dev_unlock(hdev);
1871 }
1872
1873 static void hci_auth_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1874 {
1875         struct hci_ev_auth_complete *ev = (void *) skb->data;
1876         struct hci_conn *conn;
1877
1878         BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
1879
1880         hci_dev_lock(hdev);
1881
1882         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1883         if (!conn)
1884                 goto unlock;
1885
1886         if (!ev->status) {
1887                 if (!hci_conn_ssp_enabled(conn) &&
1888                     test_bit(HCI_CONN_REAUTH_PEND, &conn->flags)) {
1889                         BT_INFO("re-auth of legacy device is not possible.");
1890                 } else {
1891                         conn->link_mode |= HCI_LM_AUTH;
1892                         conn->sec_level = conn->pending_sec_level;
1893                 }
1894         } else {
1895                 mgmt_auth_failed(hdev, &conn->dst, conn->type, conn->dst_type,
1896                                  ev->status);
1897         }
1898
1899         clear_bit(HCI_CONN_AUTH_PEND, &conn->flags);
1900         clear_bit(HCI_CONN_REAUTH_PEND, &conn->flags);
1901
1902         if (conn->state == BT_CONFIG) {
1903                 if (!ev->status && hci_conn_ssp_enabled(conn)) {
1904                         struct hci_cp_set_conn_encrypt cp;
1905                         cp.handle  = ev->handle;
1906                         cp.encrypt = 0x01;
1907                         hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
1908                                      &cp);
1909                 } else {
1910                         conn->state = BT_CONNECTED;
1911                         hci_proto_connect_cfm(conn, ev->status);
1912                         hci_conn_put(conn);
1913                 }
1914         } else {
1915                 hci_auth_cfm(conn, ev->status);
1916
1917                 hci_conn_hold(conn);
1918                 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
1919                 hci_conn_put(conn);
1920         }
1921
1922         if (test_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags)) {
1923                 if (!ev->status) {
1924                         struct hci_cp_set_conn_encrypt cp;
1925                         cp.handle  = ev->handle;
1926                         cp.encrypt = 0x01;
1927                         hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
1928                                      &cp);
1929                 } else {
1930                         clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
1931                         hci_encrypt_cfm(conn, ev->status, 0x00);
1932                 }
1933         }
1934
1935 unlock:
1936         hci_dev_unlock(hdev);
1937 }
1938
1939 static void hci_remote_name_evt(struct hci_dev *hdev, struct sk_buff *skb)
1940 {
1941         struct hci_ev_remote_name *ev = (void *) skb->data;
1942         struct hci_conn *conn;
1943
1944         BT_DBG("%s", hdev->name);
1945
1946         hci_conn_check_pending(hdev);
1947
1948         hci_dev_lock(hdev);
1949
1950         conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
1951
1952         if (!test_bit(HCI_MGMT, &hdev->dev_flags))
1953                 goto check_auth;
1954
1955         if (ev->status == 0)
1956                 hci_check_pending_name(hdev, conn, &ev->bdaddr, ev->name,
1957                                        strnlen(ev->name, HCI_MAX_NAME_LENGTH));
1958         else
1959                 hci_check_pending_name(hdev, conn, &ev->bdaddr, NULL, 0);
1960
1961 check_auth:
1962         if (!conn)
1963                 goto unlock;
1964
1965         if (!hci_outgoing_auth_needed(hdev, conn))
1966                 goto unlock;
1967
1968         if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
1969                 struct hci_cp_auth_requested cp;
1970                 cp.handle = __cpu_to_le16(conn->handle);
1971                 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp);
1972         }
1973
1974 unlock:
1975         hci_dev_unlock(hdev);
1976 }
1977
1978 static void hci_encrypt_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
1979 {
1980         struct hci_ev_encrypt_change *ev = (void *) skb->data;
1981         struct hci_conn *conn;
1982
1983         BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
1984
1985         hci_dev_lock(hdev);
1986
1987         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1988         if (conn) {
1989                 if (!ev->status) {
1990                         if (ev->encrypt) {
1991                                 /* Encryption implies authentication */
1992                                 conn->link_mode |= HCI_LM_AUTH;
1993                                 conn->link_mode |= HCI_LM_ENCRYPT;
1994                                 conn->sec_level = conn->pending_sec_level;
1995                         } else
1996                                 conn->link_mode &= ~HCI_LM_ENCRYPT;
1997                 }
1998
1999                 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
2000
2001                 if (ev->status && conn->state == BT_CONNECTED) {
2002                         hci_disconnect(conn, HCI_ERROR_AUTH_FAILURE);
2003                         hci_conn_put(conn);
2004                         goto unlock;
2005                 }
2006
2007                 if (conn->state == BT_CONFIG) {
2008                         if (!ev->status)
2009                                 conn->state = BT_CONNECTED;
2010
2011                         hci_proto_connect_cfm(conn, ev->status);
2012                         hci_conn_put(conn);
2013                 } else
2014                         hci_encrypt_cfm(conn, ev->status, ev->encrypt);
2015         }
2016
2017 unlock:
2018         hci_dev_unlock(hdev);
2019 }
2020
2021 static void hci_change_link_key_complete_evt(struct hci_dev *hdev,
2022                                              struct sk_buff *skb)
2023 {
2024         struct hci_ev_change_link_key_complete *ev = (void *) skb->data;
2025         struct hci_conn *conn;
2026
2027         BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2028
2029         hci_dev_lock(hdev);
2030
2031         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2032         if (conn) {
2033                 if (!ev->status)
2034                         conn->link_mode |= HCI_LM_SECURE;
2035
2036                 clear_bit(HCI_CONN_AUTH_PEND, &conn->flags);
2037
2038                 hci_key_change_cfm(conn, ev->status);
2039         }
2040
2041         hci_dev_unlock(hdev);
2042 }
2043
2044 static void hci_remote_features_evt(struct hci_dev *hdev,
2045                                     struct sk_buff *skb)
2046 {
2047         struct hci_ev_remote_features *ev = (void *) skb->data;
2048         struct hci_conn *conn;
2049
2050         BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2051
2052         hci_dev_lock(hdev);
2053
2054         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2055         if (!conn)
2056                 goto unlock;
2057
2058         if (!ev->status)
2059                 memcpy(conn->features, ev->features, 8);
2060
2061         if (conn->state != BT_CONFIG)
2062                 goto unlock;
2063
2064         if (!ev->status && lmp_ssp_capable(hdev) && lmp_ssp_capable(conn)) {
2065                 struct hci_cp_read_remote_ext_features cp;
2066                 cp.handle = ev->handle;
2067                 cp.page = 0x01;
2068                 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES,
2069                              sizeof(cp), &cp);
2070                 goto unlock;
2071         }
2072
2073         if (!ev->status && !test_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags)) {
2074                 struct hci_cp_remote_name_req cp;
2075                 memset(&cp, 0, sizeof(cp));
2076                 bacpy(&cp.bdaddr, &conn->dst);
2077                 cp.pscan_rep_mode = 0x02;
2078                 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
2079         } else if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
2080                 mgmt_device_connected(hdev, &conn->dst, conn->type,
2081                                       conn->dst_type, 0, NULL, 0,
2082                                       conn->dev_class);
2083
2084         if (!hci_outgoing_auth_needed(hdev, conn)) {
2085                 conn->state = BT_CONNECTED;
2086                 hci_proto_connect_cfm(conn, ev->status);
2087                 hci_conn_put(conn);
2088         }
2089
2090 unlock:
2091         hci_dev_unlock(hdev);
2092 }
2093
2094 static void hci_cmd_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2095 {
2096         struct hci_ev_cmd_complete *ev = (void *) skb->data;
2097         u8 status = skb->data[sizeof(*ev)];
2098         __u16 opcode;
2099
2100         skb_pull(skb, sizeof(*ev));
2101
2102         opcode = __le16_to_cpu(ev->opcode);
2103
2104         switch (opcode) {
2105         case HCI_OP_INQUIRY_CANCEL:
2106                 hci_cc_inquiry_cancel(hdev, skb);
2107                 break;
2108
2109         case HCI_OP_PERIODIC_INQ:
2110                 hci_cc_periodic_inq(hdev, skb);
2111                 break;
2112
2113         case HCI_OP_EXIT_PERIODIC_INQ:
2114                 hci_cc_exit_periodic_inq(hdev, skb);
2115                 break;
2116
2117         case HCI_OP_REMOTE_NAME_REQ_CANCEL:
2118                 hci_cc_remote_name_req_cancel(hdev, skb);
2119                 break;
2120
2121         case HCI_OP_ROLE_DISCOVERY:
2122                 hci_cc_role_discovery(hdev, skb);
2123                 break;
2124
2125         case HCI_OP_READ_LINK_POLICY:
2126                 hci_cc_read_link_policy(hdev, skb);
2127                 break;
2128
2129         case HCI_OP_WRITE_LINK_POLICY:
2130                 hci_cc_write_link_policy(hdev, skb);
2131                 break;
2132
2133         case HCI_OP_READ_DEF_LINK_POLICY:
2134                 hci_cc_read_def_link_policy(hdev, skb);
2135                 break;
2136
2137         case HCI_OP_WRITE_DEF_LINK_POLICY:
2138                 hci_cc_write_def_link_policy(hdev, skb);
2139                 break;
2140
2141         case HCI_OP_RESET:
2142                 hci_cc_reset(hdev, skb);
2143                 break;
2144
2145         case HCI_OP_WRITE_LOCAL_NAME:
2146                 hci_cc_write_local_name(hdev, skb);
2147                 break;
2148
2149         case HCI_OP_READ_LOCAL_NAME:
2150                 hci_cc_read_local_name(hdev, skb);
2151                 break;
2152
2153         case HCI_OP_WRITE_AUTH_ENABLE:
2154                 hci_cc_write_auth_enable(hdev, skb);
2155                 break;
2156
2157         case HCI_OP_WRITE_ENCRYPT_MODE:
2158                 hci_cc_write_encrypt_mode(hdev, skb);
2159                 break;
2160
2161         case HCI_OP_WRITE_SCAN_ENABLE:
2162                 hci_cc_write_scan_enable(hdev, skb);
2163                 break;
2164
2165         case HCI_OP_READ_CLASS_OF_DEV:
2166                 hci_cc_read_class_of_dev(hdev, skb);
2167                 break;
2168
2169         case HCI_OP_WRITE_CLASS_OF_DEV:
2170                 hci_cc_write_class_of_dev(hdev, skb);
2171                 break;
2172
2173         case HCI_OP_READ_VOICE_SETTING:
2174                 hci_cc_read_voice_setting(hdev, skb);
2175                 break;
2176
2177         case HCI_OP_WRITE_VOICE_SETTING:
2178                 hci_cc_write_voice_setting(hdev, skb);
2179                 break;
2180
2181         case HCI_OP_WRITE_SSP_MODE:
2182                 hci_cc_write_ssp_mode(hdev, skb);
2183                 break;
2184
2185         case HCI_OP_READ_LOCAL_VERSION:
2186                 hci_cc_read_local_version(hdev, skb);
2187                 break;
2188
2189         case HCI_OP_READ_LOCAL_COMMANDS:
2190                 hci_cc_read_local_commands(hdev, skb);
2191                 break;
2192
2193         case HCI_OP_READ_LOCAL_FEATURES:
2194                 hci_cc_read_local_features(hdev, skb);
2195                 break;
2196
2197         case HCI_OP_READ_LOCAL_EXT_FEATURES:
2198                 hci_cc_read_local_ext_features(hdev, skb);
2199                 break;
2200
2201         case HCI_OP_READ_BUFFER_SIZE:
2202                 hci_cc_read_buffer_size(hdev, skb);
2203                 break;
2204
2205         case HCI_OP_READ_BD_ADDR:
2206                 hci_cc_read_bd_addr(hdev, skb);
2207                 break;
2208
2209         case HCI_OP_READ_DATA_BLOCK_SIZE:
2210                 hci_cc_read_data_block_size(hdev, skb);
2211                 break;
2212
2213         case HCI_OP_READ_FLOW_CONTROL_MODE:
2214                 hci_cc_read_flow_control_mode(hdev, skb);
2215                 break;
2216
2217         case HCI_OP_READ_LOCAL_AMP_INFO:
2218                 hci_cc_read_local_amp_info(hdev, skb);
2219                 break;
2220
2221         case HCI_OP_READ_LOCAL_AMP_ASSOC:
2222                 hci_cc_read_local_amp_assoc(hdev, skb);
2223                 break;
2224
2225         case HCI_OP_READ_INQ_RSP_TX_POWER:
2226                 hci_cc_read_inq_rsp_tx_power(hdev, skb);
2227                 break;
2228
2229         case HCI_OP_PIN_CODE_REPLY:
2230                 hci_cc_pin_code_reply(hdev, skb);
2231                 break;
2232
2233         case HCI_OP_PIN_CODE_NEG_REPLY:
2234                 hci_cc_pin_code_neg_reply(hdev, skb);
2235                 break;
2236
2237         case HCI_OP_READ_LOCAL_OOB_DATA:
2238                 hci_cc_read_local_oob_data_reply(hdev, skb);
2239                 break;
2240
2241         case HCI_OP_LE_READ_BUFFER_SIZE:
2242                 hci_cc_le_read_buffer_size(hdev, skb);
2243                 break;
2244
2245         case HCI_OP_LE_READ_LOCAL_FEATURES:
2246                 hci_cc_le_read_local_features(hdev, skb);
2247                 break;
2248
2249         case HCI_OP_LE_READ_ADV_TX_POWER:
2250                 hci_cc_le_read_adv_tx_power(hdev, skb);
2251                 break;
2252
2253         case HCI_OP_USER_CONFIRM_REPLY:
2254                 hci_cc_user_confirm_reply(hdev, skb);
2255                 break;
2256
2257         case HCI_OP_USER_CONFIRM_NEG_REPLY:
2258                 hci_cc_user_confirm_neg_reply(hdev, skb);
2259                 break;
2260
2261         case HCI_OP_USER_PASSKEY_REPLY:
2262                 hci_cc_user_passkey_reply(hdev, skb);
2263                 break;
2264
2265         case HCI_OP_USER_PASSKEY_NEG_REPLY:
2266                 hci_cc_user_passkey_neg_reply(hdev, skb);
2267                 break;
2268
2269         case HCI_OP_LE_SET_SCAN_PARAM:
2270                 hci_cc_le_set_scan_param(hdev, skb);
2271                 break;
2272
2273         case HCI_OP_LE_SET_ADV_ENABLE:
2274                 hci_cc_le_set_adv_enable(hdev, skb);
2275                 break;
2276
2277         case HCI_OP_LE_SET_SCAN_ENABLE:
2278                 hci_cc_le_set_scan_enable(hdev, skb);
2279                 break;
2280
2281         case HCI_OP_LE_READ_WHITE_LIST_SIZE:
2282                 hci_cc_le_read_white_list_size(hdev, skb);
2283                 break;
2284
2285         case HCI_OP_LE_READ_SUPPORTED_STATES:
2286                 hci_cc_le_read_supported_states(hdev, skb);
2287                 break;
2288
2289         case HCI_OP_WRITE_LE_HOST_SUPPORTED:
2290                 hci_cc_write_le_host_supported(hdev, skb);
2291                 break;
2292
2293         case HCI_OP_WRITE_REMOTE_AMP_ASSOC:
2294                 hci_cc_write_remote_amp_assoc(hdev, skb);
2295                 break;
2296
2297         default:
2298                 BT_DBG("%s opcode 0x%4.4x", hdev->name, opcode);
2299                 break;
2300         }
2301
2302         if (ev->opcode != HCI_OP_NOP)
2303                 del_timer(&hdev->cmd_timer);
2304
2305         hci_req_cmd_complete(hdev, ev->opcode, status);
2306
2307         if (ev->ncmd && !test_bit(HCI_RESET, &hdev->flags)) {
2308                 atomic_set(&hdev->cmd_cnt, 1);
2309                 if (!skb_queue_empty(&hdev->cmd_q))
2310                         queue_work(hdev->workqueue, &hdev->cmd_work);
2311         }
2312 }
2313
2314 static void hci_cmd_status_evt(struct hci_dev *hdev, struct sk_buff *skb)
2315 {
2316         struct hci_ev_cmd_status *ev = (void *) skb->data;
2317         __u16 opcode;
2318
2319         skb_pull(skb, sizeof(*ev));
2320
2321         opcode = __le16_to_cpu(ev->opcode);
2322
2323         switch (opcode) {
2324         case HCI_OP_INQUIRY:
2325                 hci_cs_inquiry(hdev, ev->status);
2326                 break;
2327
2328         case HCI_OP_CREATE_CONN:
2329                 hci_cs_create_conn(hdev, ev->status);
2330                 break;
2331
2332         case HCI_OP_ADD_SCO:
2333                 hci_cs_add_sco(hdev, ev->status);
2334                 break;
2335
2336         case HCI_OP_AUTH_REQUESTED:
2337                 hci_cs_auth_requested(hdev, ev->status);
2338                 break;
2339
2340         case HCI_OP_SET_CONN_ENCRYPT:
2341                 hci_cs_set_conn_encrypt(hdev, ev->status);
2342                 break;
2343
2344         case HCI_OP_REMOTE_NAME_REQ:
2345                 hci_cs_remote_name_req(hdev, ev->status);
2346                 break;
2347
2348         case HCI_OP_READ_REMOTE_FEATURES:
2349                 hci_cs_read_remote_features(hdev, ev->status);
2350                 break;
2351
2352         case HCI_OP_READ_REMOTE_EXT_FEATURES:
2353                 hci_cs_read_remote_ext_features(hdev, ev->status);
2354                 break;
2355
2356         case HCI_OP_SETUP_SYNC_CONN:
2357                 hci_cs_setup_sync_conn(hdev, ev->status);
2358                 break;
2359
2360         case HCI_OP_SNIFF_MODE:
2361                 hci_cs_sniff_mode(hdev, ev->status);
2362                 break;
2363
2364         case HCI_OP_EXIT_SNIFF_MODE:
2365                 hci_cs_exit_sniff_mode(hdev, ev->status);
2366                 break;
2367
2368         case HCI_OP_DISCONNECT:
2369                 hci_cs_disconnect(hdev, ev->status);
2370                 break;
2371
2372         case HCI_OP_LE_CREATE_CONN:
2373                 hci_cs_le_create_conn(hdev, ev->status);
2374                 break;
2375
2376         case HCI_OP_CREATE_PHY_LINK:
2377                 hci_cs_create_phylink(hdev, ev->status);
2378                 break;
2379
2380         case HCI_OP_ACCEPT_PHY_LINK:
2381                 hci_cs_accept_phylink(hdev, ev->status);
2382                 break;
2383
2384         default:
2385                 BT_DBG("%s opcode 0x%4.4x", hdev->name, opcode);
2386                 break;
2387         }
2388
2389         if (ev->opcode != HCI_OP_NOP)
2390                 del_timer(&hdev->cmd_timer);
2391
2392         hci_req_cmd_status(hdev, ev->opcode, ev->status);
2393
2394         if (ev->ncmd && !test_bit(HCI_RESET, &hdev->flags)) {
2395                 atomic_set(&hdev->cmd_cnt, 1);
2396                 if (!skb_queue_empty(&hdev->cmd_q))
2397                         queue_work(hdev->workqueue, &hdev->cmd_work);
2398         }
2399 }
2400
2401 static void hci_role_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2402 {
2403         struct hci_ev_role_change *ev = (void *) skb->data;
2404         struct hci_conn *conn;
2405
2406         BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2407
2408         hci_dev_lock(hdev);
2409
2410         conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2411         if (conn) {
2412                 if (!ev->status) {
2413                         if (ev->role)
2414                                 conn->link_mode &= ~HCI_LM_MASTER;
2415                         else
2416                                 conn->link_mode |= HCI_LM_MASTER;
2417                 }
2418
2419                 clear_bit(HCI_CONN_RSWITCH_PEND, &conn->flags);
2420
2421                 hci_role_switch_cfm(conn, ev->status, ev->role);
2422         }
2423
2424         hci_dev_unlock(hdev);
2425 }
2426
2427 static void hci_num_comp_pkts_evt(struct hci_dev *hdev, struct sk_buff *skb)
2428 {
2429         struct hci_ev_num_comp_pkts *ev = (void *) skb->data;
2430         int i;
2431
2432         if (hdev->flow_ctl_mode != HCI_FLOW_CTL_MODE_PACKET_BASED) {
2433                 BT_ERR("Wrong event for mode %d", hdev->flow_ctl_mode);
2434                 return;
2435         }
2436
2437         if (skb->len < sizeof(*ev) || skb->len < sizeof(*ev) +
2438             ev->num_hndl * sizeof(struct hci_comp_pkts_info)) {
2439                 BT_DBG("%s bad parameters", hdev->name);
2440                 return;
2441         }
2442
2443         BT_DBG("%s num_hndl %d", hdev->name, ev->num_hndl);
2444
2445         for (i = 0; i < ev->num_hndl; i++) {
2446                 struct hci_comp_pkts_info *info = &ev->handles[i];
2447                 struct hci_conn *conn;
2448                 __u16  handle, count;
2449
2450                 handle = __le16_to_cpu(info->handle);
2451                 count  = __le16_to_cpu(info->count);
2452
2453                 conn = hci_conn_hash_lookup_handle(hdev, handle);
2454                 if (!conn)
2455                         continue;
2456
2457                 conn->sent -= count;
2458
2459                 switch (conn->type) {
2460                 case ACL_LINK:
2461                         hdev->acl_cnt += count;
2462                         if (hdev->acl_cnt > hdev->acl_pkts)
2463                                 hdev->acl_cnt = hdev->acl_pkts;
2464                         break;
2465
2466                 case LE_LINK:
2467                         if (hdev->le_pkts) {
2468                                 hdev->le_cnt += count;
2469                                 if (hdev->le_cnt > hdev->le_pkts)
2470                                         hdev->le_cnt = hdev->le_pkts;
2471                         } else {
2472                                 hdev->acl_cnt += count;
2473                                 if (hdev->acl_cnt > hdev->acl_pkts)
2474                                         hdev->acl_cnt = hdev->acl_pkts;
2475                         }
2476                         break;
2477
2478                 case SCO_LINK:
2479                         hdev->sco_cnt += count;
2480                         if (hdev->sco_cnt > hdev->sco_pkts)
2481                                 hdev->sco_cnt = hdev->sco_pkts;
2482                         break;
2483
2484                 default:
2485                         BT_ERR("Unknown type %d conn %p", conn->type, conn);
2486                         break;
2487                 }
2488         }
2489
2490         queue_work(hdev->workqueue, &hdev->tx_work);
2491 }
2492
2493 static struct hci_conn *__hci_conn_lookup_handle(struct hci_dev *hdev,
2494                                                  __u16 handle)
2495 {
2496         struct hci_chan *chan;
2497
2498         switch (hdev->dev_type) {
2499         case HCI_BREDR:
2500                 return hci_conn_hash_lookup_handle(hdev, handle);
2501         case HCI_AMP:
2502                 chan = hci_chan_lookup_handle(hdev, handle);
2503                 if (chan)
2504                         return chan->conn;
2505                 break;
2506         default:
2507                 BT_ERR("%s unknown dev_type %d", hdev->name, hdev->dev_type);
2508                 break;
2509         }
2510
2511         return NULL;
2512 }
2513
2514 static void hci_num_comp_blocks_evt(struct hci_dev *hdev, struct sk_buff *skb)
2515 {
2516         struct hci_ev_num_comp_blocks *ev = (void *) skb->data;
2517         int i;
2518
2519         if (hdev->flow_ctl_mode != HCI_FLOW_CTL_MODE_BLOCK_BASED) {
2520                 BT_ERR("Wrong event for mode %d", hdev->flow_ctl_mode);
2521                 return;
2522         }
2523
2524         if (skb->len < sizeof(*ev) || skb->len < sizeof(*ev) +
2525             ev->num_hndl * sizeof(struct hci_comp_blocks_info)) {
2526                 BT_DBG("%s bad parameters", hdev->name);
2527                 return;
2528         }
2529
2530         BT_DBG("%s num_blocks %d num_hndl %d", hdev->name, ev->num_blocks,
2531                ev->num_hndl);
2532
2533         for (i = 0; i < ev->num_hndl; i++) {
2534                 struct hci_comp_blocks_info *info = &ev->handles[i];
2535                 struct hci_conn *conn = NULL;
2536                 __u16  handle, block_count;
2537
2538                 handle = __le16_to_cpu(info->handle);
2539                 block_count = __le16_to_cpu(info->blocks);
2540
2541                 conn = __hci_conn_lookup_handle(hdev, handle);
2542                 if (!conn)
2543                         continue;
2544
2545                 conn->sent -= block_count;
2546
2547                 switch (conn->type) {
2548                 case ACL_LINK:
2549                 case AMP_LINK:
2550                         hdev->block_cnt += block_count;
2551                         if (hdev->block_cnt > hdev->num_blocks)
2552                                 hdev->block_cnt = hdev->num_blocks;
2553                         break;
2554
2555                 default:
2556                         BT_ERR("Unknown type %d conn %p", conn->type, conn);
2557                         break;
2558                 }
2559         }
2560
2561         queue_work(hdev->workqueue, &hdev->tx_work);
2562 }
2563
2564 static void hci_mode_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2565 {
2566         struct hci_ev_mode_change *ev = (void *) skb->data;
2567         struct hci_conn *conn;
2568
2569         BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2570
2571         hci_dev_lock(hdev);
2572
2573         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2574         if (conn) {
2575                 conn->mode = ev->mode;
2576                 conn->interval = __le16_to_cpu(ev->interval);
2577
2578                 if (!test_and_clear_bit(HCI_CONN_MODE_CHANGE_PEND,
2579                                         &conn->flags)) {
2580                         if (conn->mode == HCI_CM_ACTIVE)
2581                                 set_bit(HCI_CONN_POWER_SAVE, &conn->flags);
2582                         else
2583                                 clear_bit(HCI_CONN_POWER_SAVE, &conn->flags);
2584                 }
2585
2586                 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
2587                         hci_sco_setup(conn, ev->status);
2588         }
2589
2590         hci_dev_unlock(hdev);
2591 }
2592
2593 static void hci_pin_code_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
2594 {
2595         struct hci_ev_pin_code_req *ev = (void *) skb->data;
2596         struct hci_conn *conn;
2597
2598         BT_DBG("%s", hdev->name);
2599
2600         hci_dev_lock(hdev);
2601
2602         conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2603         if (!conn)
2604                 goto unlock;
2605
2606         if (conn->state == BT_CONNECTED) {
2607                 hci_conn_hold(conn);
2608                 conn->disc_timeout = HCI_PAIRING_TIMEOUT;
2609                 hci_conn_put(conn);
2610         }
2611
2612         if (!test_bit(HCI_PAIRABLE, &hdev->dev_flags))
2613                 hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
2614                              sizeof(ev->bdaddr), &ev->bdaddr);
2615         else if (test_bit(HCI_MGMT, &hdev->dev_flags)) {
2616                 u8 secure;
2617
2618                 if (conn->pending_sec_level == BT_SECURITY_HIGH)
2619                         secure = 1;
2620                 else
2621                         secure = 0;
2622
2623                 mgmt_pin_code_request(hdev, &ev->bdaddr, secure);
2624         }
2625
2626 unlock:
2627         hci_dev_unlock(hdev);
2628 }
2629
2630 static void hci_link_key_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
2631 {
2632         struct hci_ev_link_key_req *ev = (void *) skb->data;
2633         struct hci_cp_link_key_reply cp;
2634         struct hci_conn *conn;
2635         struct link_key *key;
2636
2637         BT_DBG("%s", hdev->name);
2638
2639         if (!test_bit(HCI_LINK_KEYS, &hdev->dev_flags))
2640                 return;
2641
2642         hci_dev_lock(hdev);
2643
2644         key = hci_find_link_key(hdev, &ev->bdaddr);
2645         if (!key) {
2646                 BT_DBG("%s link key not found for %pMR", hdev->name,
2647                        &ev->bdaddr);
2648                 goto not_found;
2649         }
2650
2651         BT_DBG("%s found key type %u for %pMR", hdev->name, key->type,
2652                &ev->bdaddr);
2653
2654         if (!test_bit(HCI_DEBUG_KEYS, &hdev->dev_flags) &&
2655             key->type == HCI_LK_DEBUG_COMBINATION) {
2656                 BT_DBG("%s ignoring debug key", hdev->name);
2657                 goto not_found;
2658         }
2659
2660         conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2661         if (conn) {
2662                 if (key->type == HCI_LK_UNAUTH_COMBINATION &&
2663                     conn->auth_type != 0xff && (conn->auth_type & 0x01)) {
2664                         BT_DBG("%s ignoring unauthenticated key", hdev->name);
2665                         goto not_found;
2666                 }
2667
2668                 if (key->type == HCI_LK_COMBINATION && key->pin_len < 16 &&
2669                     conn->pending_sec_level == BT_SECURITY_HIGH) {
2670                         BT_DBG("%s ignoring key unauthenticated for high security",
2671                                hdev->name);
2672                         goto not_found;
2673                 }
2674
2675                 conn->key_type = key->type;
2676                 conn->pin_length = key->pin_len;
2677         }
2678
2679         bacpy(&cp.bdaddr, &ev->bdaddr);
2680         memcpy(cp.link_key, key->val, HCI_LINK_KEY_SIZE);
2681
2682         hci_send_cmd(hdev, HCI_OP_LINK_KEY_REPLY, sizeof(cp), &cp);
2683
2684         hci_dev_unlock(hdev);
2685
2686         return;
2687
2688 not_found:
2689         hci_send_cmd(hdev, HCI_OP_LINK_KEY_NEG_REPLY, 6, &ev->bdaddr);
2690         hci_dev_unlock(hdev);
2691 }
2692
2693 static void hci_link_key_notify_evt(struct hci_dev *hdev, struct sk_buff *skb)
2694 {
2695         struct hci_ev_link_key_notify *ev = (void *) skb->data;
2696         struct hci_conn *conn;
2697         u8 pin_len = 0;
2698
2699         BT_DBG("%s", hdev->name);
2700
2701         hci_dev_lock(hdev);
2702
2703         conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2704         if (conn) {
2705                 hci_conn_hold(conn);
2706                 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
2707                 pin_len = conn->pin_length;
2708
2709                 if (ev->key_type != HCI_LK_CHANGED_COMBINATION)
2710                         conn->key_type = ev->key_type;
2711
2712                 hci_conn_put(conn);
2713         }
2714
2715         if (test_bit(HCI_LINK_KEYS, &hdev->dev_flags))
2716                 hci_add_link_key(hdev, conn, 1, &ev->bdaddr, ev->link_key,
2717                                  ev->key_type, pin_len);
2718
2719         hci_dev_unlock(hdev);
2720 }
2721
2722 static void hci_clock_offset_evt(struct hci_dev *hdev, struct sk_buff *skb)
2723 {
2724         struct hci_ev_clock_offset *ev = (void *) skb->data;
2725         struct hci_conn *conn;
2726
2727         BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2728
2729         hci_dev_lock(hdev);
2730
2731         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2732         if (conn && !ev->status) {
2733                 struct inquiry_entry *ie;
2734
2735                 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
2736                 if (ie) {
2737                         ie->data.clock_offset = ev->clock_offset;
2738                         ie->timestamp = jiffies;
2739                 }
2740         }
2741
2742         hci_dev_unlock(hdev);
2743 }
2744
2745 static void hci_pkt_type_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2746 {
2747         struct hci_ev_pkt_type_change *ev = (void *) skb->data;
2748         struct hci_conn *conn;
2749
2750         BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2751
2752         hci_dev_lock(hdev);
2753
2754         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2755         if (conn && !ev->status)
2756                 conn->pkt_type = __le16_to_cpu(ev->pkt_type);
2757
2758         hci_dev_unlock(hdev);
2759 }
2760
2761 static void hci_pscan_rep_mode_evt(struct hci_dev *hdev, struct sk_buff *skb)
2762 {
2763         struct hci_ev_pscan_rep_mode *ev = (void *) skb->data;
2764         struct inquiry_entry *ie;
2765
2766         BT_DBG("%s", hdev->name);
2767
2768         hci_dev_lock(hdev);
2769
2770         ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
2771         if (ie) {
2772                 ie->data.pscan_rep_mode = ev->pscan_rep_mode;
2773                 ie->timestamp = jiffies;
2774         }
2775
2776         hci_dev_unlock(hdev);
2777 }
2778
2779 static void hci_inquiry_result_with_rssi_evt(struct hci_dev *hdev,
2780                                              struct sk_buff *skb)
2781 {
2782         struct inquiry_data data;
2783         int num_rsp = *((__u8 *) skb->data);
2784         bool name_known, ssp;
2785
2786         BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
2787
2788         if (!num_rsp)
2789                 return;
2790
2791         if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags))
2792                 return;
2793
2794         hci_dev_lock(hdev);
2795
2796         if ((skb->len - 1) / num_rsp != sizeof(struct inquiry_info_with_rssi)) {
2797                 struct inquiry_info_with_rssi_and_pscan_mode *info;
2798                 info = (void *) (skb->data + 1);
2799
2800                 for (; num_rsp; num_rsp--, info++) {
2801                         bacpy(&data.bdaddr, &info->bdaddr);
2802                         data.pscan_rep_mode     = info->pscan_rep_mode;
2803                         data.pscan_period_mode  = info->pscan_period_mode;
2804                         data.pscan_mode         = info->pscan_mode;
2805                         memcpy(data.dev_class, info->dev_class, 3);
2806                         data.clock_offset       = info->clock_offset;
2807                         data.rssi               = info->rssi;
2808                         data.ssp_mode           = 0x00;
2809
2810                         name_known = hci_inquiry_cache_update(hdev, &data,
2811                                                               false, &ssp);
2812                         mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
2813                                           info->dev_class, info->rssi,
2814                                           !name_known, ssp, NULL, 0);
2815                 }
2816         } else {
2817                 struct inquiry_info_with_rssi *info = (void *) (skb->data + 1);
2818
2819                 for (; num_rsp; num_rsp--, info++) {
2820                         bacpy(&data.bdaddr, &info->bdaddr);
2821                         data.pscan_rep_mode     = info->pscan_rep_mode;
2822                         data.pscan_period_mode  = info->pscan_period_mode;
2823                         data.pscan_mode         = 0x00;
2824                         memcpy(data.dev_class, info->dev_class, 3);
2825                         data.clock_offset       = info->clock_offset;
2826                         data.rssi               = info->rssi;
2827                         data.ssp_mode           = 0x00;
2828                         name_known = hci_inquiry_cache_update(hdev, &data,
2829                                                               false, &ssp);
2830                         mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
2831                                           info->dev_class, info->rssi,
2832                                           !name_known, ssp, NULL, 0);
2833                 }
2834         }
2835
2836         hci_dev_unlock(hdev);
2837 }
2838
2839 static void hci_remote_ext_features_evt(struct hci_dev *hdev,
2840                                         struct sk_buff *skb)
2841 {
2842         struct hci_ev_remote_ext_features *ev = (void *) skb->data;
2843         struct hci_conn *conn;
2844
2845         BT_DBG("%s", hdev->name);
2846
2847         hci_dev_lock(hdev);
2848
2849         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2850         if (!conn)
2851                 goto unlock;
2852
2853         if (!ev->status && ev->page == 0x01) {
2854                 struct inquiry_entry *ie;
2855
2856                 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
2857                 if (ie)
2858                         ie->data.ssp_mode = (ev->features[0] & LMP_HOST_SSP);
2859
2860                 if (ev->features[0] & LMP_HOST_SSP)
2861                         set_bit(HCI_CONN_SSP_ENABLED, &conn->flags);
2862         }
2863
2864         if (conn->state != BT_CONFIG)
2865                 goto unlock;
2866
2867         if (!ev->status && !test_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags)) {
2868                 struct hci_cp_remote_name_req cp;
2869                 memset(&cp, 0, sizeof(cp));
2870                 bacpy(&cp.bdaddr, &conn->dst);
2871                 cp.pscan_rep_mode = 0x02;
2872                 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
2873         } else if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
2874                 mgmt_device_connected(hdev, &conn->dst, conn->type,
2875                                       conn->dst_type, 0, NULL, 0,
2876                                       conn->dev_class);
2877
2878         if (!hci_outgoing_auth_needed(hdev, conn)) {
2879                 conn->state = BT_CONNECTED;
2880                 hci_proto_connect_cfm(conn, ev->status);
2881                 hci_conn_put(conn);
2882         }
2883
2884 unlock:
2885         hci_dev_unlock(hdev);
2886 }
2887
2888 static void hci_sync_conn_complete_evt(struct hci_dev *hdev,
2889                                        struct sk_buff *skb)
2890 {
2891         struct hci_ev_sync_conn_complete *ev = (void *) skb->data;
2892         struct hci_conn *conn;
2893
2894         BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2895
2896         hci_dev_lock(hdev);
2897
2898         conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
2899         if (!conn) {
2900                 if (ev->link_type == ESCO_LINK)
2901                         goto unlock;
2902
2903                 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
2904                 if (!conn)
2905                         goto unlock;
2906
2907                 conn->type = SCO_LINK;
2908         }
2909
2910         switch (ev->status) {
2911         case 0x00:
2912                 conn->handle = __le16_to_cpu(ev->handle);
2913                 conn->state  = BT_CONNECTED;
2914
2915                 hci_conn_hold_device(conn);
2916                 hci_conn_add_sysfs(conn);
2917                 break;
2918
2919         case 0x11:      /* Unsupported Feature or Parameter Value */
2920         case 0x1c:      /* SCO interval rejected */
2921         case 0x1a:      /* Unsupported Remote Feature */
2922         case 0x1f:      /* Unspecified error */
2923                 if (conn->out && conn->attempt < 2) {
2924                         conn->pkt_type = (hdev->esco_type & SCO_ESCO_MASK) |
2925                                         (hdev->esco_type & EDR_ESCO_MASK);
2926                         hci_setup_sync(conn, conn->link->handle);
2927                         goto unlock;
2928                 }
2929                 /* fall through */
2930
2931         default:
2932                 conn->state = BT_CLOSED;
2933                 break;
2934         }
2935
2936         hci_proto_connect_cfm(conn, ev->status);
2937         if (ev->status)
2938                 hci_conn_del(conn);
2939
2940 unlock:
2941         hci_dev_unlock(hdev);
2942 }
2943
2944 static void hci_extended_inquiry_result_evt(struct hci_dev *hdev,
2945                                             struct sk_buff *skb)
2946 {
2947         struct inquiry_data data;
2948         struct extended_inquiry_info *info = (void *) (skb->data + 1);
2949         int num_rsp = *((__u8 *) skb->data);
2950         size_t eir_len;
2951
2952         BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
2953
2954         if (!num_rsp)
2955                 return;
2956
2957         if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags))
2958                 return;
2959
2960         hci_dev_lock(hdev);
2961
2962         for (; num_rsp; num_rsp--, info++) {
2963                 bool name_known, ssp;
2964
2965                 bacpy(&data.bdaddr, &info->bdaddr);
2966                 data.pscan_rep_mode     = info->pscan_rep_mode;
2967                 data.pscan_period_mode  = info->pscan_period_mode;
2968                 data.pscan_mode         = 0x00;
2969                 memcpy(data.dev_class, info->dev_class, 3);
2970                 data.clock_offset       = info->clock_offset;
2971                 data.rssi               = info->rssi;
2972                 data.ssp_mode           = 0x01;
2973
2974                 if (test_bit(HCI_MGMT, &hdev->dev_flags))
2975                         name_known = eir_has_data_type(info->data,
2976                                                        sizeof(info->data),
2977                                                        EIR_NAME_COMPLETE);
2978                 else
2979                         name_known = true;
2980
2981                 name_known = hci_inquiry_cache_update(hdev, &data, name_known,
2982                                                       &ssp);
2983                 eir_len = eir_get_length(info->data, sizeof(info->data));
2984                 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
2985                                   info->dev_class, info->rssi, !name_known,
2986                                   ssp, info->data, eir_len);
2987         }
2988
2989         hci_dev_unlock(hdev);
2990 }
2991
2992 static void hci_key_refresh_complete_evt(struct hci_dev *hdev,
2993                                          struct sk_buff *skb)
2994 {
2995         struct hci_ev_key_refresh_complete *ev = (void *) skb->data;
2996         struct hci_conn *conn;
2997
2998         BT_DBG("%s status 0x%2.2x handle 0x%4.4x", hdev->name, ev->status,
2999                __le16_to_cpu(ev->handle));
3000
3001         hci_dev_lock(hdev);
3002
3003         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
3004         if (!conn)
3005                 goto unlock;
3006
3007         if (!ev->status)
3008                 conn->sec_level = conn->pending_sec_level;
3009
3010         clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
3011
3012         if (ev->status && conn->state == BT_CONNECTED) {
3013                 hci_disconnect(conn, HCI_ERROR_AUTH_FAILURE);
3014                 hci_conn_put(conn);
3015                 goto unlock;
3016         }
3017
3018         if (conn->state == BT_CONFIG) {
3019                 if (!ev->status)
3020                         conn->state = BT_CONNECTED;
3021
3022                 hci_proto_connect_cfm(conn, ev->status);
3023                 hci_conn_put(conn);
3024         } else {
3025                 hci_auth_cfm(conn, ev->status);
3026
3027                 hci_conn_hold(conn);
3028                 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
3029                 hci_conn_put(conn);
3030         }
3031
3032 unlock:
3033         hci_dev_unlock(hdev);
3034 }
3035
3036 static u8 hci_get_auth_req(struct hci_conn *conn)
3037 {
3038         /* If remote requests dedicated bonding follow that lead */
3039         if (conn->remote_auth == 0x02 || conn->remote_auth == 0x03) {
3040                 /* If both remote and local IO capabilities allow MITM
3041                  * protection then require it, otherwise don't */
3042                 if (conn->remote_cap == 0x03 || conn->io_capability == 0x03)
3043                         return 0x02;
3044                 else
3045                         return 0x03;
3046         }
3047
3048         /* If remote requests no-bonding follow that lead */
3049         if (conn->remote_auth == 0x00 || conn->remote_auth == 0x01)
3050                 return conn->remote_auth | (conn->auth_type & 0x01);
3051
3052         return conn->auth_type;
3053 }
3054
3055 static void hci_io_capa_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
3056 {
3057         struct hci_ev_io_capa_request *ev = (void *) skb->data;
3058         struct hci_conn *conn;
3059
3060         BT_DBG("%s", hdev->name);
3061
3062         hci_dev_lock(hdev);
3063
3064         conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3065         if (!conn)
3066                 goto unlock;
3067
3068         hci_conn_hold(conn);
3069
3070         if (!test_bit(HCI_MGMT, &hdev->dev_flags))
3071                 goto unlock;
3072
3073         if (test_bit(HCI_PAIRABLE, &hdev->dev_flags) ||
3074             (conn->remote_auth & ~0x01) == HCI_AT_NO_BONDING) {
3075                 struct hci_cp_io_capability_reply cp;
3076
3077                 bacpy(&cp.bdaddr, &ev->bdaddr);
3078                 /* Change the IO capability from KeyboardDisplay
3079                  * to DisplayYesNo as it is not supported by BT spec. */
3080                 cp.capability = (conn->io_capability == 0x04) ?
3081                                                 0x01 : conn->io_capability;
3082                 conn->auth_type = hci_get_auth_req(conn);
3083                 cp.authentication = conn->auth_type;
3084
3085                 if (hci_find_remote_oob_data(hdev, &conn->dst) &&
3086                     (conn->out || test_bit(HCI_CONN_REMOTE_OOB, &conn->flags)))
3087                         cp.oob_data = 0x01;
3088                 else
3089                         cp.oob_data = 0x00;
3090
3091                 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_REPLY,
3092                              sizeof(cp), &cp);
3093         } else {
3094                 struct hci_cp_io_capability_neg_reply cp;
3095
3096                 bacpy(&cp.bdaddr, &ev->bdaddr);
3097                 cp.reason = HCI_ERROR_PAIRING_NOT_ALLOWED;
3098
3099                 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_NEG_REPLY,
3100                              sizeof(cp), &cp);
3101         }
3102
3103 unlock:
3104         hci_dev_unlock(hdev);
3105 }
3106
3107 static void hci_io_capa_reply_evt(struct hci_dev *hdev, struct sk_buff *skb)
3108 {
3109         struct hci_ev_io_capa_reply *ev = (void *) skb->data;
3110         struct hci_conn *conn;
3111
3112         BT_DBG("%s", hdev->name);
3113
3114         hci_dev_lock(hdev);
3115
3116         conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3117         if (!conn)
3118                 goto unlock;
3119
3120         conn->remote_cap = ev->capability;
3121         conn->remote_auth = ev->authentication;
3122         if (ev->oob_data)
3123                 set_bit(HCI_CONN_REMOTE_OOB, &conn->flags);
3124
3125 unlock:
3126         hci_dev_unlock(hdev);
3127 }
3128
3129 static void hci_user_confirm_request_evt(struct hci_dev *hdev,
3130                                          struct sk_buff *skb)
3131 {
3132         struct hci_ev_user_confirm_req *ev = (void *) skb->data;
3133         int loc_mitm, rem_mitm, confirm_hint = 0;
3134         struct hci_conn *conn;
3135
3136         BT_DBG("%s", hdev->name);
3137
3138         hci_dev_lock(hdev);
3139
3140         if (!test_bit(HCI_MGMT, &hdev->dev_flags))
3141                 goto unlock;
3142
3143         conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3144         if (!conn)
3145                 goto unlock;
3146
3147         loc_mitm = (conn->auth_type & 0x01);
3148         rem_mitm = (conn->remote_auth & 0x01);
3149
3150         /* If we require MITM but the remote device can't provide that
3151          * (it has NoInputNoOutput) then reject the confirmation
3152          * request. The only exception is when we're dedicated bonding
3153          * initiators (connect_cfm_cb set) since then we always have the MITM
3154          * bit set. */
3155         if (!conn->connect_cfm_cb && loc_mitm && conn->remote_cap == 0x03) {
3156                 BT_DBG("Rejecting request: remote device can't provide MITM");
3157                 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_NEG_REPLY,
3158                              sizeof(ev->bdaddr), &ev->bdaddr);
3159                 goto unlock;
3160         }
3161
3162         /* If no side requires MITM protection; auto-accept */
3163         if ((!loc_mitm || conn->remote_cap == 0x03) &&
3164             (!rem_mitm || conn->io_capability == 0x03)) {
3165
3166                 /* If we're not the initiators request authorization to
3167                  * proceed from user space (mgmt_user_confirm with
3168                  * confirm_hint set to 1). */
3169                 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
3170                         BT_DBG("Confirming auto-accept as acceptor");
3171                         confirm_hint = 1;
3172                         goto confirm;
3173                 }
3174
3175                 BT_DBG("Auto-accept of user confirmation with %ums delay",
3176                        hdev->auto_accept_delay);
3177
3178                 if (hdev->auto_accept_delay > 0) {
3179                         int delay = msecs_to_jiffies(hdev->auto_accept_delay);
3180                         mod_timer(&conn->auto_accept_timer, jiffies + delay);
3181                         goto unlock;
3182                 }
3183
3184                 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_REPLY,
3185                              sizeof(ev->bdaddr), &ev->bdaddr);
3186                 goto unlock;
3187         }
3188
3189 confirm:
3190         mgmt_user_confirm_request(hdev, &ev->bdaddr, ACL_LINK, 0, ev->passkey,
3191                                   confirm_hint);
3192
3193 unlock:
3194         hci_dev_unlock(hdev);
3195 }
3196
3197 static void hci_user_passkey_request_evt(struct hci_dev *hdev,
3198                                          struct sk_buff *skb)
3199 {
3200         struct hci_ev_user_passkey_req *ev = (void *) skb->data;
3201
3202         BT_DBG("%s", hdev->name);
3203
3204         if (test_bit(HCI_MGMT, &hdev->dev_flags))
3205                 mgmt_user_passkey_request(hdev, &ev->bdaddr, ACL_LINK, 0);
3206 }
3207
3208 static void hci_user_passkey_notify_evt(struct hci_dev *hdev,
3209                                         struct sk_buff *skb)
3210 {
3211         struct hci_ev_user_passkey_notify *ev = (void *) skb->data;
3212         struct hci_conn *conn;
3213
3214         BT_DBG("%s", hdev->name);
3215
3216         conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3217         if (!conn)
3218                 return;
3219
3220         conn->passkey_notify = __le32_to_cpu(ev->passkey);
3221         conn->passkey_entered = 0;
3222
3223         if (test_bit(HCI_MGMT, &hdev->dev_flags))
3224                 mgmt_user_passkey_notify(hdev, &conn->dst, conn->type,
3225                                          conn->dst_type, conn->passkey_notify,
3226                                          conn->passkey_entered);
3227 }
3228
3229 static void hci_keypress_notify_evt(struct hci_dev *hdev, struct sk_buff *skb)
3230 {
3231         struct hci_ev_keypress_notify *ev = (void *) skb->data;
3232         struct hci_conn *conn;
3233
3234         BT_DBG("%s", hdev->name);
3235
3236         conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3237         if (!conn)
3238                 return;
3239
3240         switch (ev->type) {
3241         case HCI_KEYPRESS_STARTED:
3242                 conn->passkey_entered = 0;
3243                 return;
3244
3245         case HCI_KEYPRESS_ENTERED:
3246                 conn->passkey_entered++;
3247                 break;
3248
3249         case HCI_KEYPRESS_ERASED:
3250                 conn->passkey_entered--;
3251                 break;
3252
3253         case HCI_KEYPRESS_CLEARED:
3254                 conn->passkey_entered = 0;
3255                 break;
3256
3257         case HCI_KEYPRESS_COMPLETED:
3258                 return;
3259         }
3260
3261         if (test_bit(HCI_MGMT, &hdev->dev_flags))
3262                 mgmt_user_passkey_notify(hdev, &conn->dst, conn->type,
3263                                          conn->dst_type, conn->passkey_notify,
3264                                          conn->passkey_entered);
3265 }
3266
3267 static void hci_simple_pair_complete_evt(struct hci_dev *hdev,
3268                                          struct sk_buff *skb)
3269 {
3270         struct hci_ev_simple_pair_complete *ev = (void *) skb->data;
3271         struct hci_conn *conn;
3272
3273         BT_DBG("%s", hdev->name);
3274
3275         hci_dev_lock(hdev);
3276
3277         conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3278         if (!conn)
3279                 goto unlock;
3280
3281         /* To avoid duplicate auth_failed events to user space we check
3282          * the HCI_CONN_AUTH_PEND flag which will be set if we
3283          * initiated the authentication. A traditional auth_complete
3284          * event gets always produced as initiator and is also mapped to
3285          * the mgmt_auth_failed event */
3286         if (!test_bit(HCI_CONN_AUTH_PEND, &conn->flags) && ev->status)
3287                 mgmt_auth_failed(hdev, &conn->dst, conn->type, conn->dst_type,
3288                                  ev->status);
3289
3290         hci_conn_put(conn);
3291
3292 unlock:
3293         hci_dev_unlock(hdev);
3294 }
3295
3296 static void hci_remote_host_features_evt(struct hci_dev *hdev,
3297                                          struct sk_buff *skb)
3298 {
3299         struct hci_ev_remote_host_features *ev = (void *) skb->data;
3300         struct inquiry_entry *ie;
3301
3302         BT_DBG("%s", hdev->name);
3303
3304         hci_dev_lock(hdev);
3305
3306         ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
3307         if (ie)
3308                 ie->data.ssp_mode = (ev->features[0] & LMP_HOST_SSP);
3309
3310         hci_dev_unlock(hdev);
3311 }
3312
3313 static void hci_remote_oob_data_request_evt(struct hci_dev *hdev,
3314                                             struct sk_buff *skb)
3315 {
3316         struct hci_ev_remote_oob_data_request *ev = (void *) skb->data;
3317         struct oob_data *data;
3318
3319         BT_DBG("%s", hdev->name);
3320
3321         hci_dev_lock(hdev);
3322
3323         if (!test_bit(HCI_MGMT, &hdev->dev_flags))
3324                 goto unlock;
3325
3326         data = hci_find_remote_oob_data(hdev, &ev->bdaddr);
3327         if (data) {
3328                 struct hci_cp_remote_oob_data_reply cp;
3329
3330                 bacpy(&cp.bdaddr, &ev->bdaddr);
3331                 memcpy(cp.hash, data->hash, sizeof(cp.hash));
3332                 memcpy(cp.randomizer, data->randomizer, sizeof(cp.randomizer));
3333
3334                 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_REPLY, sizeof(cp),
3335                              &cp);
3336         } else {
3337                 struct hci_cp_remote_oob_data_neg_reply cp;
3338
3339                 bacpy(&cp.bdaddr, &ev->bdaddr);
3340                 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_NEG_REPLY, sizeof(cp),
3341                              &cp);
3342         }
3343
3344 unlock:
3345         hci_dev_unlock(hdev);
3346 }
3347
3348 static void hci_phy_link_complete_evt(struct hci_dev *hdev,
3349                                       struct sk_buff *skb)
3350 {
3351         struct hci_ev_phy_link_complete *ev = (void *) skb->data;
3352         struct hci_conn *hcon, *bredr_hcon;
3353
3354         BT_DBG("%s handle 0x%2.2x status 0x%2.2x", hdev->name, ev->phy_handle,
3355                ev->status);
3356
3357         hci_dev_lock(hdev);
3358
3359         hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
3360         if (!hcon) {
3361                 hci_dev_unlock(hdev);
3362                 return;
3363         }
3364
3365         if (ev->status) {
3366                 hci_conn_del(hcon);
3367                 hci_dev_unlock(hdev);
3368                 return;
3369         }
3370
3371         bredr_hcon = hcon->amp_mgr->l2cap_conn->hcon;
3372
3373         hcon->state = BT_CONNECTED;
3374         bacpy(&hcon->dst, &bredr_hcon->dst);
3375
3376         hci_conn_hold(hcon);
3377         hcon->disc_timeout = HCI_DISCONN_TIMEOUT;
3378         hci_conn_put(hcon);
3379
3380         hci_conn_hold_device(hcon);
3381         hci_conn_add_sysfs(hcon);
3382
3383         amp_physical_cfm(bredr_hcon, hcon);
3384
3385         hci_dev_unlock(hdev);
3386 }
3387
3388 static void hci_loglink_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
3389 {
3390         struct hci_ev_logical_link_complete *ev = (void *) skb->data;
3391         struct hci_conn *hcon;
3392         struct hci_chan *hchan;
3393         struct amp_mgr *mgr;
3394
3395         BT_DBG("%s log_handle 0x%4.4x phy_handle 0x%2.2x status 0x%2.2x",
3396                hdev->name, le16_to_cpu(ev->handle), ev->phy_handle,
3397                ev->status);
3398
3399         hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
3400         if (!hcon)
3401                 return;
3402
3403         /* Create AMP hchan */
3404         hchan = hci_chan_create(hcon);
3405         if (!hchan)
3406                 return;
3407
3408         hchan->handle = le16_to_cpu(ev->handle);
3409
3410         BT_DBG("hcon %p mgr %p hchan %p", hcon, hcon->amp_mgr, hchan);
3411
3412         mgr = hcon->amp_mgr;
3413         if (mgr && mgr->bredr_chan) {
3414                 struct l2cap_chan *bredr_chan = mgr->bredr_chan;
3415
3416                 l2cap_chan_lock(bredr_chan);
3417
3418                 bredr_chan->conn->mtu = hdev->block_mtu;
3419                 l2cap_logical_cfm(bredr_chan, hchan, 0);
3420                 hci_conn_hold(hcon);
3421
3422                 l2cap_chan_unlock(bredr_chan);
3423         }
3424 }
3425
3426 static void hci_disconn_loglink_complete_evt(struct hci_dev *hdev,
3427                                              struct sk_buff *skb)
3428 {
3429         struct hci_ev_disconn_logical_link_complete *ev = (void *) skb->data;
3430         struct hci_chan *hchan;
3431
3432         BT_DBG("%s log handle 0x%4.4x status 0x%2.2x", hdev->name,
3433                le16_to_cpu(ev->handle), ev->status);
3434
3435         if (ev->status)
3436                 return;
3437
3438         hci_dev_lock(hdev);
3439
3440         hchan = hci_chan_lookup_handle(hdev, le16_to_cpu(ev->handle));
3441         if (!hchan)
3442                 goto unlock;
3443
3444         amp_destroy_logical_link(hchan, ev->reason);
3445
3446 unlock:
3447         hci_dev_unlock(hdev);
3448 }
3449
3450 static void hci_disconn_phylink_complete_evt(struct hci_dev *hdev,
3451                                              struct sk_buff *skb)
3452 {
3453         struct hci_ev_disconn_phy_link_complete *ev = (void *) skb->data;
3454         struct hci_conn *hcon;
3455
3456         BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
3457
3458         if (ev->status)
3459                 return;
3460
3461         hci_dev_lock(hdev);
3462
3463         hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
3464         if (hcon) {
3465                 hcon->state = BT_CLOSED;
3466                 hci_conn_del(hcon);
3467         }
3468
3469         hci_dev_unlock(hdev);
3470 }
3471
3472 static void hci_le_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
3473 {
3474         struct hci_ev_le_conn_complete *ev = (void *) skb->data;
3475         struct hci_conn *conn;
3476
3477         BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
3478
3479         hci_dev_lock(hdev);
3480
3481         conn = hci_conn_hash_lookup_state(hdev, LE_LINK, BT_CONNECT);
3482         if (!conn) {
3483                 conn = hci_conn_add(hdev, LE_LINK, &ev->bdaddr);
3484                 if (!conn) {
3485                         BT_ERR("No memory for new connection");
3486                         goto unlock;
3487                 }
3488
3489                 conn->dst_type = ev->bdaddr_type;
3490
3491                 if (ev->role == LE_CONN_ROLE_MASTER) {
3492                         conn->out = true;
3493                         conn->link_mode |= HCI_LM_MASTER;
3494                 }
3495         }
3496
3497         if (ev->status) {
3498                 mgmt_connect_failed(hdev, &conn->dst, conn->type,
3499                                     conn->dst_type, ev->status);
3500                 hci_proto_connect_cfm(conn, ev->status);
3501                 conn->state = BT_CLOSED;
3502                 hci_conn_del(conn);
3503                 goto unlock;
3504         }
3505
3506         if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
3507                 mgmt_device_connected(hdev, &ev->bdaddr, conn->type,
3508                                       conn->dst_type, 0, NULL, 0, NULL);
3509
3510         conn->sec_level = BT_SECURITY_LOW;
3511         conn->handle = __le16_to_cpu(ev->handle);
3512         conn->state = BT_CONNECTED;
3513
3514         hci_conn_hold_device(conn);
3515         hci_conn_add_sysfs(conn);
3516
3517         hci_proto_connect_cfm(conn, ev->status);
3518
3519 unlock:
3520         hci_dev_unlock(hdev);
3521 }
3522
3523 static void hci_le_adv_report_evt(struct hci_dev *hdev, struct sk_buff *skb)
3524 {
3525         u8 num_reports = skb->data[0];
3526         void *ptr = &skb->data[1];
3527         s8 rssi;
3528
3529         while (num_reports--) {
3530                 struct hci_ev_le_advertising_info *ev = ptr;
3531
3532                 rssi = ev->data[ev->length];
3533                 mgmt_device_found(hdev, &ev->bdaddr, LE_LINK, ev->bdaddr_type,
3534                                   NULL, rssi, 0, 1, ev->data, ev->length);
3535
3536                 ptr += sizeof(*ev) + ev->length + 1;
3537         }
3538 }
3539
3540 static void hci_le_ltk_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
3541 {
3542         struct hci_ev_le_ltk_req *ev = (void *) skb->data;
3543         struct hci_cp_le_ltk_reply cp;
3544         struct hci_cp_le_ltk_neg_reply neg;
3545         struct hci_conn *conn;
3546         struct smp_ltk *ltk;
3547
3548         BT_DBG("%s handle 0x%4.4x", hdev->name, __le16_to_cpu(ev->handle));
3549
3550         hci_dev_lock(hdev);
3551
3552         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
3553         if (conn == NULL)
3554                 goto not_found;
3555
3556         ltk = hci_find_ltk(hdev, ev->ediv, ev->random);
3557         if (ltk == NULL)
3558                 goto not_found;
3559
3560         memcpy(cp.ltk, ltk->val, sizeof(ltk->val));
3561         cp.handle = cpu_to_le16(conn->handle);
3562
3563         if (ltk->authenticated)
3564                 conn->sec_level = BT_SECURITY_HIGH;
3565
3566         hci_send_cmd(hdev, HCI_OP_LE_LTK_REPLY, sizeof(cp), &cp);
3567
3568         if (ltk->type & HCI_SMP_STK) {
3569                 list_del(&ltk->list);
3570                 kfree(ltk);
3571         }
3572
3573         hci_dev_unlock(hdev);
3574
3575         return;
3576
3577 not_found:
3578         neg.handle = ev->handle;
3579         hci_send_cmd(hdev, HCI_OP_LE_LTK_NEG_REPLY, sizeof(neg), &neg);
3580         hci_dev_unlock(hdev);
3581 }
3582
3583 static void hci_le_meta_evt(struct hci_dev *hdev, struct sk_buff *skb)
3584 {
3585         struct hci_ev_le_meta *le_ev = (void *) skb->data;
3586
3587         skb_pull(skb, sizeof(*le_ev));
3588
3589         switch (le_ev->subevent) {
3590         case HCI_EV_LE_CONN_COMPLETE:
3591                 hci_le_conn_complete_evt(hdev, skb);
3592                 break;
3593
3594         case HCI_EV_LE_ADVERTISING_REPORT:
3595                 hci_le_adv_report_evt(hdev, skb);
3596                 break;
3597
3598         case HCI_EV_LE_LTK_REQ:
3599                 hci_le_ltk_request_evt(hdev, skb);
3600                 break;
3601
3602         default:
3603                 break;
3604         }
3605 }
3606
3607 static void hci_chan_selected_evt(struct hci_dev *hdev, struct sk_buff *skb)
3608 {
3609         struct hci_ev_channel_selected *ev = (void *) skb->data;
3610         struct hci_conn *hcon;
3611
3612         BT_DBG("%s handle 0x%2.2x", hdev->name, ev->phy_handle);
3613
3614         skb_pull(skb, sizeof(*ev));
3615
3616         hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
3617         if (!hcon)
3618                 return;
3619
3620         amp_read_loc_assoc_final_data(hdev, hcon);
3621 }
3622
3623 void hci_event_packet(struct hci_dev *hdev, struct sk_buff *skb)
3624 {
3625         struct hci_event_hdr *hdr = (void *) skb->data;
3626         __u8 event = hdr->evt;
3627
3628         skb_pull(skb, HCI_EVENT_HDR_SIZE);
3629
3630         switch (event) {
3631         case HCI_EV_INQUIRY_COMPLETE:
3632                 hci_inquiry_complete_evt(hdev, skb);
3633                 break;
3634
3635         case HCI_EV_INQUIRY_RESULT:
3636                 hci_inquiry_result_evt(hdev, skb);
3637                 break;
3638
3639         case HCI_EV_CONN_COMPLETE:
3640                 hci_conn_complete_evt(hdev, skb);
3641                 break;
3642
3643         case HCI_EV_CONN_REQUEST:
3644                 hci_conn_request_evt(hdev, skb);
3645                 break;
3646
3647         case HCI_EV_DISCONN_COMPLETE:
3648                 hci_disconn_complete_evt(hdev, skb);
3649                 break;
3650
3651         case HCI_EV_AUTH_COMPLETE:
3652                 hci_auth_complete_evt(hdev, skb);
3653                 break;
3654
3655         case HCI_EV_REMOTE_NAME:
3656                 hci_remote_name_evt(hdev, skb);
3657                 break;
3658
3659         case HCI_EV_ENCRYPT_CHANGE:
3660                 hci_encrypt_change_evt(hdev, skb);
3661                 break;
3662
3663         case HCI_EV_CHANGE_LINK_KEY_COMPLETE:
3664                 hci_change_link_key_complete_evt(hdev, skb);
3665                 break;
3666
3667         case HCI_EV_REMOTE_FEATURES:
3668                 hci_remote_features_evt(hdev, skb);
3669                 break;
3670
3671         case HCI_EV_CMD_COMPLETE:
3672                 hci_cmd_complete_evt(hdev, skb);
3673                 break;
3674
3675         case HCI_EV_CMD_STATUS:
3676                 hci_cmd_status_evt(hdev, skb);
3677                 break;
3678
3679         case HCI_EV_ROLE_CHANGE:
3680                 hci_role_change_evt(hdev, skb);
3681                 break;
3682
3683         case HCI_EV_NUM_COMP_PKTS:
3684                 hci_num_comp_pkts_evt(hdev, skb);
3685                 break;
3686
3687         case HCI_EV_MODE_CHANGE:
3688                 hci_mode_change_evt(hdev, skb);
3689                 break;
3690
3691         case HCI_EV_PIN_CODE_REQ:
3692                 hci_pin_code_request_evt(hdev, skb);
3693                 break;
3694
3695         case HCI_EV_LINK_KEY_REQ:
3696                 hci_link_key_request_evt(hdev, skb);
3697                 break;
3698
3699         case HCI_EV_LINK_KEY_NOTIFY:
3700                 hci_link_key_notify_evt(hdev, skb);
3701                 break;
3702
3703         case HCI_EV_CLOCK_OFFSET:
3704                 hci_clock_offset_evt(hdev, skb);
3705                 break;
3706
3707         case HCI_EV_PKT_TYPE_CHANGE:
3708                 hci_pkt_type_change_evt(hdev, skb);
3709                 break;
3710
3711         case HCI_EV_PSCAN_REP_MODE:
3712                 hci_pscan_rep_mode_evt(hdev, skb);
3713                 break;
3714
3715         case HCI_EV_INQUIRY_RESULT_WITH_RSSI:
3716                 hci_inquiry_result_with_rssi_evt(hdev, skb);
3717                 break;
3718
3719         case HCI_EV_REMOTE_EXT_FEATURES:
3720                 hci_remote_ext_features_evt(hdev, skb);
3721                 break;
3722
3723         case HCI_EV_SYNC_CONN_COMPLETE:
3724                 hci_sync_conn_complete_evt(hdev, skb);
3725                 break;
3726
3727         case HCI_EV_EXTENDED_INQUIRY_RESULT:
3728                 hci_extended_inquiry_result_evt(hdev, skb);
3729                 break;
3730
3731         case HCI_EV_KEY_REFRESH_COMPLETE:
3732                 hci_key_refresh_complete_evt(hdev, skb);
3733                 break;
3734
3735         case HCI_EV_IO_CAPA_REQUEST:
3736                 hci_io_capa_request_evt(hdev, skb);
3737                 break;
3738
3739         case HCI_EV_IO_CAPA_REPLY:
3740                 hci_io_capa_reply_evt(hdev, skb);
3741                 break;
3742
3743         case HCI_EV_USER_CONFIRM_REQUEST:
3744                 hci_user_confirm_request_evt(hdev, skb);
3745                 break;
3746
3747         case HCI_EV_USER_PASSKEY_REQUEST:
3748                 hci_user_passkey_request_evt(hdev, skb);
3749                 break;
3750
3751         case HCI_EV_USER_PASSKEY_NOTIFY:
3752                 hci_user_passkey_notify_evt(hdev, skb);
3753                 break;
3754
3755         case HCI_EV_KEYPRESS_NOTIFY:
3756                 hci_keypress_notify_evt(hdev, skb);
3757                 break;
3758
3759         case HCI_EV_SIMPLE_PAIR_COMPLETE:
3760                 hci_simple_pair_complete_evt(hdev, skb);
3761                 break;
3762
3763         case HCI_EV_REMOTE_HOST_FEATURES:
3764                 hci_remote_host_features_evt(hdev, skb);
3765                 break;
3766
3767         case HCI_EV_LE_META:
3768                 hci_le_meta_evt(hdev, skb);
3769                 break;
3770
3771         case HCI_EV_CHANNEL_SELECTED:
3772                 hci_chan_selected_evt(hdev, skb);
3773                 break;
3774
3775         case HCI_EV_REMOTE_OOB_DATA_REQUEST:
3776                 hci_remote_oob_data_request_evt(hdev, skb);
3777                 break;
3778
3779         case HCI_EV_PHY_LINK_COMPLETE:
3780                 hci_phy_link_complete_evt(hdev, skb);
3781                 break;
3782
3783         case HCI_EV_LOGICAL_LINK_COMPLETE:
3784                 hci_loglink_complete_evt(hdev, skb);
3785                 break;
3786
3787         case HCI_EV_DISCONN_LOGICAL_LINK_COMPLETE:
3788                 hci_disconn_loglink_complete_evt(hdev, skb);
3789                 break;
3790
3791         case HCI_EV_DISCONN_PHY_LINK_COMPLETE:
3792                 hci_disconn_phylink_complete_evt(hdev, skb);
3793                 break;
3794
3795         case HCI_EV_NUM_COMP_BLOCKS:
3796                 hci_num_comp_blocks_evt(hdev, skb);
3797                 break;
3798
3799         default:
3800                 BT_DBG("%s event 0x%2.2x", hdev->name, event);
3801                 break;
3802         }
3803
3804         kfree_skb(skb);
3805         hdev->stat.evt_rx++;
3806 }
Unnamed repository; edit this file 'description' to name the repository.