projects / firefly-linux-kernel-4.4.55.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Bluetooth: Handle AD updating through an async request
[firefly-linux-kernel-4.4.55.git] / net / bluetooth / hci_event.c
1 /*
2    BlueZ - Bluetooth protocol stack for Linux
3    Copyright (c) 2000-2001, 2010, Code Aurora Forum. All rights reserved.
4
5    Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
6
7    This program is free software; you can redistribute it and/or modify
8    it under the terms of the GNU General Public License version 2 as
9    published by the Free Software Foundation;
10
11    THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12    OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13    FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14    IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15    CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16    WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17    ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18    OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
20    ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21    COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22    SOFTWARE IS DISCLAIMED.
23 */
24
25 /* Bluetooth HCI event handling. */
26
27 #include <asm/unaligned.h>
28
29 #include <net/bluetooth/bluetooth.h>
30 #include <net/bluetooth/hci_core.h>
31 #include <net/bluetooth/mgmt.h>
32 #include <net/bluetooth/a2mp.h>
33 #include <net/bluetooth/amp.h>
34
35 /* Handle HCI Event packets */
36
37 static void hci_cc_inquiry_cancel(struct hci_dev *hdev, struct sk_buff *skb)
38 {
39         __u8 status = *((__u8 *) skb->data);
40
41         BT_DBG("%s status 0x%2.2x", hdev->name, status);
42
43         if (status) {
44                 hci_dev_lock(hdev);
45                 mgmt_stop_discovery_failed(hdev, status);
46                 hci_dev_unlock(hdev);
47                 return;
48         }
49
50         clear_bit(HCI_INQUIRY, &hdev->flags);
51
52         hci_dev_lock(hdev);
53         hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
54         hci_dev_unlock(hdev);
55
56         hci_req_cmd_complete(hdev, HCI_OP_INQUIRY, status);
57
58         hci_conn_check_pending(hdev);
59 }
60
61 static void hci_cc_periodic_inq(struct hci_dev *hdev, struct sk_buff *skb)
62 {
63         __u8 status = *((__u8 *) skb->data);
64
65         BT_DBG("%s status 0x%2.2x", hdev->name, status);
66
67         if (status)
68                 return;
69
70         set_bit(HCI_PERIODIC_INQ, &hdev->dev_flags);
71 }
72
73 static void hci_cc_exit_periodic_inq(struct hci_dev *hdev, struct sk_buff *skb)
74 {
75         __u8 status = *((__u8 *) skb->data);
76
77         BT_DBG("%s status 0x%2.2x", hdev->name, status);
78
79         if (status)
80                 return;
81
82         clear_bit(HCI_PERIODIC_INQ, &hdev->dev_flags);
83
84         hci_conn_check_pending(hdev);
85 }
86
87 static void hci_cc_remote_name_req_cancel(struct hci_dev *hdev,
88                                           struct sk_buff *skb)
89 {
90         BT_DBG("%s", hdev->name);
91 }
92
93 static void hci_cc_role_discovery(struct hci_dev *hdev, struct sk_buff *skb)
94 {
95         struct hci_rp_role_discovery *rp = (void *) skb->data;
96         struct hci_conn *conn;
97
98         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
99
100         if (rp->status)
101                 return;
102
103         hci_dev_lock(hdev);
104
105         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
106         if (conn) {
107                 if (rp->role)
108                         conn->link_mode &= ~HCI_LM_MASTER;
109                 else
110                         conn->link_mode |= HCI_LM_MASTER;
111         }
112
113         hci_dev_unlock(hdev);
114 }
115
116 static void hci_cc_read_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
117 {
118         struct hci_rp_read_link_policy *rp = (void *) skb->data;
119         struct hci_conn *conn;
120
121         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
122
123         if (rp->status)
124                 return;
125
126         hci_dev_lock(hdev);
127
128         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
129         if (conn)
130                 conn->link_policy = __le16_to_cpu(rp->policy);
131
132         hci_dev_unlock(hdev);
133 }
134
135 static void hci_cc_write_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
136 {
137         struct hci_rp_write_link_policy *rp = (void *) skb->data;
138         struct hci_conn *conn;
139         void *sent;
140
141         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
142
143         if (rp->status)
144                 return;
145
146         sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LINK_POLICY);
147         if (!sent)
148                 return;
149
150         hci_dev_lock(hdev);
151
152         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
153         if (conn)
154                 conn->link_policy = get_unaligned_le16(sent + 2);
155
156         hci_dev_unlock(hdev);
157 }
158
159 static void hci_cc_read_def_link_policy(struct hci_dev *hdev,
160                                         struct sk_buff *skb)
161 {
162         struct hci_rp_read_def_link_policy *rp = (void *) skb->data;
163
164         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
165
166         if (rp->status)
167                 return;
168
169         hdev->link_policy = __le16_to_cpu(rp->policy);
170 }
171
172 static void hci_cc_write_def_link_policy(struct hci_dev *hdev,
173                                          struct sk_buff *skb)
174 {
175         __u8 status = *((__u8 *) skb->data);
176         void *sent;
177
178         BT_DBG("%s status 0x%2.2x", hdev->name, status);
179
180         sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_DEF_LINK_POLICY);
181         if (!sent)
182                 return;
183
184         if (!status)
185                 hdev->link_policy = get_unaligned_le16(sent);
186 }
187
188 static void hci_cc_reset(struct hci_dev *hdev, struct sk_buff *skb)
189 {
190         __u8 status = *((__u8 *) skb->data);
191
192         BT_DBG("%s status 0x%2.2x", hdev->name, status);
193
194         clear_bit(HCI_RESET, &hdev->flags);
195
196         /* Reset all non-persistent flags */
197         hdev->dev_flags &= ~HCI_PERSISTENT_MASK;
198
199         hdev->discovery.state = DISCOVERY_STOPPED;
200         hdev->inq_tx_power = HCI_TX_POWER_INVALID;
201         hdev->adv_tx_power = HCI_TX_POWER_INVALID;
202
203         memset(hdev->adv_data, 0, sizeof(hdev->adv_data));
204         hdev->adv_data_len = 0;
205 }
206
207 static void hci_cc_write_local_name(struct hci_dev *hdev, struct sk_buff *skb)
208 {
209         __u8 status = *((__u8 *) skb->data);
210         void *sent;
211
212         BT_DBG("%s status 0x%2.2x", hdev->name, status);
213
214         sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LOCAL_NAME);
215         if (!sent)
216                 return;
217
218         hci_dev_lock(hdev);
219
220         if (test_bit(HCI_MGMT, &hdev->dev_flags))
221                 mgmt_set_local_name_complete(hdev, sent, status);
222         else if (!status)
223                 memcpy(hdev->dev_name, sent, HCI_MAX_NAME_LENGTH);
224
225         hci_dev_unlock(hdev);
226 }
227
228 static void hci_cc_read_local_name(struct hci_dev *hdev, struct sk_buff *skb)
229 {
230         struct hci_rp_read_local_name *rp = (void *) skb->data;
231
232         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
233
234         if (rp->status)
235                 return;
236
237         if (test_bit(HCI_SETUP, &hdev->dev_flags))
238                 memcpy(hdev->dev_name, rp->name, HCI_MAX_NAME_LENGTH);
239 }
240
241 static void hci_cc_write_auth_enable(struct hci_dev *hdev, struct sk_buff *skb)
242 {
243         __u8 status = *((__u8 *) skb->data);
244         void *sent;
245
246         BT_DBG("%s status 0x%2.2x", hdev->name, status);
247
248         sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_AUTH_ENABLE);
249         if (!sent)
250                 return;
251
252         if (!status) {
253                 __u8 param = *((__u8 *) sent);
254
255                 if (param == AUTH_ENABLED)
256                         set_bit(HCI_AUTH, &hdev->flags);
257                 else
258                         clear_bit(HCI_AUTH, &hdev->flags);
259         }
260
261         if (test_bit(HCI_MGMT, &hdev->dev_flags))
262                 mgmt_auth_enable_complete(hdev, status);
263 }
264
265 static void hci_cc_write_encrypt_mode(struct hci_dev *hdev, struct sk_buff *skb)
266 {
267         __u8 status = *((__u8 *) skb->data);
268         void *sent;
269
270         BT_DBG("%s status 0x%2.2x", hdev->name, status);
271
272         sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_ENCRYPT_MODE);
273         if (!sent)
274                 return;
275
276         if (!status) {
277                 __u8 param = *((__u8 *) sent);
278
279                 if (param)
280                         set_bit(HCI_ENCRYPT, &hdev->flags);
281                 else
282                         clear_bit(HCI_ENCRYPT, &hdev->flags);
283         }
284 }
285
286 static void hci_cc_write_scan_enable(struct hci_dev *hdev, struct sk_buff *skb)
287 {
288         __u8 param, status = *((__u8 *) skb->data);
289         int old_pscan, old_iscan;
290         void *sent;
291
292         BT_DBG("%s status 0x%2.2x", hdev->name, status);
293
294         sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SCAN_ENABLE);
295         if (!sent)
296                 return;
297
298         param = *((__u8 *) sent);
299
300         hci_dev_lock(hdev);
301
302         if (status) {
303                 mgmt_write_scan_failed(hdev, param, status);
304                 hdev->discov_timeout = 0;
305                 goto done;
306         }
307
308         old_pscan = test_and_clear_bit(HCI_PSCAN, &hdev->flags);
309         old_iscan = test_and_clear_bit(HCI_ISCAN, &hdev->flags);
310
311         if (param & SCAN_INQUIRY) {
312                 set_bit(HCI_ISCAN, &hdev->flags);
313                 if (!old_iscan)
314                         mgmt_discoverable(hdev, 1);
315                 if (hdev->discov_timeout > 0) {
316                         int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
317                         queue_delayed_work(hdev->workqueue, &hdev->discov_off,
318                                            to);
319                 }
320         } else if (old_iscan)
321                 mgmt_discoverable(hdev, 0);
322
323         if (param & SCAN_PAGE) {
324                 set_bit(HCI_PSCAN, &hdev->flags);
325                 if (!old_pscan)
326                         mgmt_connectable(hdev, 1);
327         } else if (old_pscan)
328                 mgmt_connectable(hdev, 0);
329
330 done:
331         hci_dev_unlock(hdev);
332 }
333
334 static void hci_cc_read_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
335 {
336         struct hci_rp_read_class_of_dev *rp = (void *) skb->data;
337
338         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
339
340         if (rp->status)
341                 return;
342
343         memcpy(hdev->dev_class, rp->dev_class, 3);
344
345         BT_DBG("%s class 0x%.2x%.2x%.2x", hdev->name,
346                hdev->dev_class[2], hdev->dev_class[1], hdev->dev_class[0]);
347 }
348
349 static void hci_cc_write_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
350 {
351         __u8 status = *((__u8 *) skb->data);
352         void *sent;
353
354         BT_DBG("%s status 0x%2.2x", hdev->name, status);
355
356         sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_CLASS_OF_DEV);
357         if (!sent)
358                 return;
359
360         hci_dev_lock(hdev);
361
362         if (status == 0)
363                 memcpy(hdev->dev_class, sent, 3);
364
365         if (test_bit(HCI_MGMT, &hdev->dev_flags))
366                 mgmt_set_class_of_dev_complete(hdev, sent, status);
367
368         hci_dev_unlock(hdev);
369 }
370
371 static void hci_cc_read_voice_setting(struct hci_dev *hdev, struct sk_buff *skb)
372 {
373         struct hci_rp_read_voice_setting *rp = (void *) skb->data;
374         __u16 setting;
375
376         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
377
378         if (rp->status)
379                 return;
380
381         setting = __le16_to_cpu(rp->voice_setting);
382
383         if (hdev->voice_setting == setting)
384                 return;
385
386         hdev->voice_setting = setting;
387
388         BT_DBG("%s voice setting 0x%4.4x", hdev->name, setting);
389
390         if (hdev->notify)
391                 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
392 }
393
394 static void hci_cc_write_voice_setting(struct hci_dev *hdev,
395                                        struct sk_buff *skb)
396 {
397         __u8 status = *((__u8 *) skb->data);
398         __u16 setting;
399         void *sent;
400
401         BT_DBG("%s status 0x%2.2x", hdev->name, status);
402
403         if (status)
404                 return;
405
406         sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_VOICE_SETTING);
407         if (!sent)
408                 return;
409
410         setting = get_unaligned_le16(sent);
411
412         if (hdev->voice_setting == setting)
413                 return;
414
415         hdev->voice_setting = setting;
416
417         BT_DBG("%s voice setting 0x%4.4x", hdev->name, setting);
418
419         if (hdev->notify)
420                 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
421 }
422
423 static void hci_cc_write_ssp_mode(struct hci_dev *hdev, struct sk_buff *skb)
424 {
425         __u8 status = *((__u8 *) skb->data);
426         struct hci_cp_write_ssp_mode *sent;
427
428         BT_DBG("%s status 0x%2.2x", hdev->name, status);
429
430         sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SSP_MODE);
431         if (!sent)
432                 return;
433
434         if (!status) {
435                 if (sent->mode)
436                         hdev->host_features[0] |= LMP_HOST_SSP;
437                 else
438                         hdev->host_features[0] &= ~LMP_HOST_SSP;
439         }
440
441         if (test_bit(HCI_MGMT, &hdev->dev_flags))
442                 mgmt_ssp_enable_complete(hdev, sent->mode, status);
443         else if (!status) {
444                 if (sent->mode)
445                         set_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
446                 else
447                         clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
448         }
449 }
450
451 static void hci_cc_read_local_version(struct hci_dev *hdev, struct sk_buff *skb)
452 {
453         struct hci_rp_read_local_version *rp = (void *) skb->data;
454
455         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
456
457         if (rp->status)
458                 return;
459
460         hdev->hci_ver = rp->hci_ver;
461         hdev->hci_rev = __le16_to_cpu(rp->hci_rev);
462         hdev->lmp_ver = rp->lmp_ver;
463         hdev->manufacturer = __le16_to_cpu(rp->manufacturer);
464         hdev->lmp_subver = __le16_to_cpu(rp->lmp_subver);
465
466         BT_DBG("%s manufacturer 0x%4.4x hci ver %d:%d", hdev->name,
467                hdev->manufacturer, hdev->hci_ver, hdev->hci_rev);
468 }
469
470 static void hci_cc_read_local_commands(struct hci_dev *hdev,
471                                        struct sk_buff *skb)
472 {
473         struct hci_rp_read_local_commands *rp = (void *) skb->data;
474
475         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
476
477         if (!rp->status)
478                 memcpy(hdev->commands, rp->commands, sizeof(hdev->commands));
479 }
480
481 static void hci_cc_read_local_features(struct hci_dev *hdev,
482                                        struct sk_buff *skb)
483 {
484         struct hci_rp_read_local_features *rp = (void *) skb->data;
485
486         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
487
488         if (rp->status)
489                 return;
490
491         memcpy(hdev->features, rp->features, 8);
492
493         /* Adjust default settings according to features
494          * supported by device. */
495
496         if (hdev->features[0] & LMP_3SLOT)
497                 hdev->pkt_type |= (HCI_DM3 | HCI_DH3);
498
499         if (hdev->features[0] & LMP_5SLOT)
500                 hdev->pkt_type |= (HCI_DM5 | HCI_DH5);
501
502         if (hdev->features[1] & LMP_HV2) {
503                 hdev->pkt_type  |= (HCI_HV2);
504                 hdev->esco_type |= (ESCO_HV2);
505         }
506
507         if (hdev->features[1] & LMP_HV3) {
508                 hdev->pkt_type  |= (HCI_HV3);
509                 hdev->esco_type |= (ESCO_HV3);
510         }
511
512         if (lmp_esco_capable(hdev))
513                 hdev->esco_type |= (ESCO_EV3);
514
515         if (hdev->features[4] & LMP_EV4)
516                 hdev->esco_type |= (ESCO_EV4);
517
518         if (hdev->features[4] & LMP_EV5)
519                 hdev->esco_type |= (ESCO_EV5);
520
521         if (hdev->features[5] & LMP_EDR_ESCO_2M)
522                 hdev->esco_type |= (ESCO_2EV3);
523
524         if (hdev->features[5] & LMP_EDR_ESCO_3M)
525                 hdev->esco_type |= (ESCO_3EV3);
526
527         if (hdev->features[5] & LMP_EDR_3S_ESCO)
528                 hdev->esco_type |= (ESCO_2EV5 | ESCO_3EV5);
529
530         BT_DBG("%s features 0x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x", hdev->name,
531                hdev->features[0], hdev->features[1],
532                hdev->features[2], hdev->features[3],
533                hdev->features[4], hdev->features[5],
534                hdev->features[6], hdev->features[7]);
535 }
536
537 static void hci_cc_read_local_ext_features(struct hci_dev *hdev,
538                                            struct sk_buff *skb)
539 {
540         struct hci_rp_read_local_ext_features *rp = (void *) skb->data;
541
542         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
543
544         if (rp->status)
545                 return;
546
547         switch (rp->page) {
548         case 0:
549                 memcpy(hdev->features, rp->features, 8);
550                 break;
551         case 1:
552                 memcpy(hdev->host_features, rp->features, 8);
553                 break;
554         }
555 }
556
557 static void hci_cc_read_flow_control_mode(struct hci_dev *hdev,
558                                           struct sk_buff *skb)
559 {
560         struct hci_rp_read_flow_control_mode *rp = (void *) skb->data;
561
562         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
563
564         if (!rp->status)
565                 hdev->flow_ctl_mode = rp->mode;
566 }
567
568 static void hci_cc_read_buffer_size(struct hci_dev *hdev, struct sk_buff *skb)
569 {
570         struct hci_rp_read_buffer_size *rp = (void *) skb->data;
571
572         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
573
574         if (rp->status)
575                 return;
576
577         hdev->acl_mtu  = __le16_to_cpu(rp->acl_mtu);
578         hdev->sco_mtu  = rp->sco_mtu;
579         hdev->acl_pkts = __le16_to_cpu(rp->acl_max_pkt);
580         hdev->sco_pkts = __le16_to_cpu(rp->sco_max_pkt);
581
582         if (test_bit(HCI_QUIRK_FIXUP_BUFFER_SIZE, &hdev->quirks)) {
583                 hdev->sco_mtu  = 64;
584                 hdev->sco_pkts = 8;
585         }
586
587         hdev->acl_cnt = hdev->acl_pkts;
588         hdev->sco_cnt = hdev->sco_pkts;
589
590         BT_DBG("%s acl mtu %d:%d sco mtu %d:%d", hdev->name, hdev->acl_mtu,
591                hdev->acl_pkts, hdev->sco_mtu, hdev->sco_pkts);
592 }
593
594 static void hci_cc_read_bd_addr(struct hci_dev *hdev, struct sk_buff *skb)
595 {
596         struct hci_rp_read_bd_addr *rp = (void *) skb->data;
597
598         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
599
600         if (!rp->status)
601                 bacpy(&hdev->bdaddr, &rp->bdaddr);
602 }
603
604 static void hci_cc_read_data_block_size(struct hci_dev *hdev,
605                                         struct sk_buff *skb)
606 {
607         struct hci_rp_read_data_block_size *rp = (void *) skb->data;
608
609         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
610
611         if (rp->status)
612                 return;
613
614         hdev->block_mtu = __le16_to_cpu(rp->max_acl_len);
615         hdev->block_len = __le16_to_cpu(rp->block_len);
616         hdev->num_blocks = __le16_to_cpu(rp->num_blocks);
617
618         hdev->block_cnt = hdev->num_blocks;
619
620         BT_DBG("%s blk mtu %d cnt %d len %d", hdev->name, hdev->block_mtu,
621                hdev->block_cnt, hdev->block_len);
622 }
623
624 static void hci_cc_read_local_amp_info(struct hci_dev *hdev,
625                                        struct sk_buff *skb)
626 {
627         struct hci_rp_read_local_amp_info *rp = (void *) skb->data;
628
629         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
630
631         if (rp->status)
632                 goto a2mp_rsp;
633
634         hdev->amp_status = rp->amp_status;
635         hdev->amp_total_bw = __le32_to_cpu(rp->total_bw);
636         hdev->amp_max_bw = __le32_to_cpu(rp->max_bw);
637         hdev->amp_min_latency = __le32_to_cpu(rp->min_latency);
638         hdev->amp_max_pdu = __le32_to_cpu(rp->max_pdu);
639         hdev->amp_type = rp->amp_type;
640         hdev->amp_pal_cap = __le16_to_cpu(rp->pal_cap);
641         hdev->amp_assoc_size = __le16_to_cpu(rp->max_assoc_size);
642         hdev->amp_be_flush_to = __le32_to_cpu(rp->be_flush_to);
643         hdev->amp_max_flush_to = __le32_to_cpu(rp->max_flush_to);
644
645 a2mp_rsp:
646         a2mp_send_getinfo_rsp(hdev);
647 }
648
649 static void hci_cc_read_local_amp_assoc(struct hci_dev *hdev,
650                                         struct sk_buff *skb)
651 {
652         struct hci_rp_read_local_amp_assoc *rp = (void *) skb->data;
653         struct amp_assoc *assoc = &hdev->loc_assoc;
654         size_t rem_len, frag_len;
655
656         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
657
658         if (rp->status)
659                 goto a2mp_rsp;
660
661         frag_len = skb->len - sizeof(*rp);
662         rem_len = __le16_to_cpu(rp->rem_len);
663
664         if (rem_len > frag_len) {
665                 BT_DBG("frag_len %zu rem_len %zu", frag_len, rem_len);
666
667                 memcpy(assoc->data + assoc->offset, rp->frag, frag_len);
668                 assoc->offset += frag_len;
669
670                 /* Read other fragments */
671                 amp_read_loc_assoc_frag(hdev, rp->phy_handle);
672
673                 return;
674         }
675
676         memcpy(assoc->data + assoc->offset, rp->frag, rem_len);
677         assoc->len = assoc->offset + rem_len;
678         assoc->offset = 0;
679
680 a2mp_rsp:
681         /* Send A2MP Rsp when all fragments are received */
682         a2mp_send_getampassoc_rsp(hdev, rp->status);
683         a2mp_send_create_phy_link_req(hdev, rp->status);
684 }
685
686 static void hci_cc_read_inq_rsp_tx_power(struct hci_dev *hdev,
687                                          struct sk_buff *skb)
688 {
689         struct hci_rp_read_inq_rsp_tx_power *rp = (void *) skb->data;
690
691         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
692
693         if (!rp->status)
694                 hdev->inq_tx_power = rp->tx_power;
695 }
696
697 static void hci_cc_pin_code_reply(struct hci_dev *hdev, struct sk_buff *skb)
698 {
699         struct hci_rp_pin_code_reply *rp = (void *) skb->data;
700         struct hci_cp_pin_code_reply *cp;
701         struct hci_conn *conn;
702
703         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
704
705         hci_dev_lock(hdev);
706
707         if (test_bit(HCI_MGMT, &hdev->dev_flags))
708                 mgmt_pin_code_reply_complete(hdev, &rp->bdaddr, rp->status);
709
710         if (rp->status)
711                 goto unlock;
712
713         cp = hci_sent_cmd_data(hdev, HCI_OP_PIN_CODE_REPLY);
714         if (!cp)
715                 goto unlock;
716
717         conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
718         if (conn)
719                 conn->pin_length = cp->pin_len;
720
721 unlock:
722         hci_dev_unlock(hdev);
723 }
724
725 static void hci_cc_pin_code_neg_reply(struct hci_dev *hdev, struct sk_buff *skb)
726 {
727         struct hci_rp_pin_code_neg_reply *rp = (void *) skb->data;
728
729         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
730
731         hci_dev_lock(hdev);
732
733         if (test_bit(HCI_MGMT, &hdev->dev_flags))
734                 mgmt_pin_code_neg_reply_complete(hdev, &rp->bdaddr,
735                                                  rp->status);
736
737         hci_dev_unlock(hdev);
738 }
739
740 static void hci_cc_le_read_buffer_size(struct hci_dev *hdev,
741                                        struct sk_buff *skb)
742 {
743         struct hci_rp_le_read_buffer_size *rp = (void *) skb->data;
744
745         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
746
747         if (rp->status)
748                 return;
749
750         hdev->le_mtu = __le16_to_cpu(rp->le_mtu);
751         hdev->le_pkts = rp->le_max_pkt;
752
753         hdev->le_cnt = hdev->le_pkts;
754
755         BT_DBG("%s le mtu %d:%d", hdev->name, hdev->le_mtu, hdev->le_pkts);
756 }
757
758 static void hci_cc_le_read_local_features(struct hci_dev *hdev,
759                                           struct sk_buff *skb)
760 {
761         struct hci_rp_le_read_local_features *rp = (void *) skb->data;
762
763         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
764
765         if (!rp->status)
766                 memcpy(hdev->le_features, rp->features, 8);
767 }
768
769 static void hci_cc_le_read_adv_tx_power(struct hci_dev *hdev,
770                                         struct sk_buff *skb)
771 {
772         struct hci_rp_le_read_adv_tx_power *rp = (void *) skb->data;
773
774         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
775
776         if (!rp->status)
777                 hdev->adv_tx_power = rp->tx_power;
778 }
779
780 static void hci_cc_user_confirm_reply(struct hci_dev *hdev, struct sk_buff *skb)
781 {
782         struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
783
784         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
785
786         hci_dev_lock(hdev);
787
788         if (test_bit(HCI_MGMT, &hdev->dev_flags))
789                 mgmt_user_confirm_reply_complete(hdev, &rp->bdaddr, ACL_LINK, 0,
790                                                  rp->status);
791
792         hci_dev_unlock(hdev);
793 }
794
795 static void hci_cc_user_confirm_neg_reply(struct hci_dev *hdev,
796                                           struct sk_buff *skb)
797 {
798         struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
799
800         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
801
802         hci_dev_lock(hdev);
803
804         if (test_bit(HCI_MGMT, &hdev->dev_flags))
805                 mgmt_user_confirm_neg_reply_complete(hdev, &rp->bdaddr,
806                                                      ACL_LINK, 0, rp->status);
807
808         hci_dev_unlock(hdev);
809 }
810
811 static void hci_cc_user_passkey_reply(struct hci_dev *hdev, struct sk_buff *skb)
812 {
813         struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
814
815         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
816
817         hci_dev_lock(hdev);
818
819         if (test_bit(HCI_MGMT, &hdev->dev_flags))
820                 mgmt_user_passkey_reply_complete(hdev, &rp->bdaddr, ACL_LINK,
821                                                  0, rp->status);
822
823         hci_dev_unlock(hdev);
824 }
825
826 static void hci_cc_user_passkey_neg_reply(struct hci_dev *hdev,
827                                           struct sk_buff *skb)
828 {
829         struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
830
831         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
832
833         hci_dev_lock(hdev);
834
835         if (test_bit(HCI_MGMT, &hdev->dev_flags))
836                 mgmt_user_passkey_neg_reply_complete(hdev, &rp->bdaddr,
837                                                      ACL_LINK, 0, rp->status);
838
839         hci_dev_unlock(hdev);
840 }
841
842 static void hci_cc_read_local_oob_data_reply(struct hci_dev *hdev,
843                                              struct sk_buff *skb)
844 {
845         struct hci_rp_read_local_oob_data *rp = (void *) skb->data;
846
847         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
848
849         hci_dev_lock(hdev);
850         mgmt_read_local_oob_data_reply_complete(hdev, rp->hash,
851                                                 rp->randomizer, rp->status);
852         hci_dev_unlock(hdev);
853 }
854
855 static void hci_cc_le_set_adv_enable(struct hci_dev *hdev, struct sk_buff *skb)
856 {
857         __u8 *sent, status = *((__u8 *) skb->data);
858
859         BT_DBG("%s status 0x%2.2x", hdev->name, status);
860
861         sent = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_ADV_ENABLE);
862         if (!sent)
863                 return;
864
865         hci_dev_lock(hdev);
866
867         if (!status) {
868                 if (*sent)
869                         set_bit(HCI_LE_PERIPHERAL, &hdev->dev_flags);
870                 else
871                         clear_bit(HCI_LE_PERIPHERAL, &hdev->dev_flags);
872         }
873
874         if (!test_bit(HCI_INIT, &hdev->flags)) {
875                 struct hci_request req;
876
877                 hci_req_init(&req, hdev);
878                 hci_update_ad(&req);
879                 hci_req_run(&req, NULL);
880         }
881
882         hci_dev_unlock(hdev);
883 }
884
885 static void hci_cc_le_set_scan_param(struct hci_dev *hdev, struct sk_buff *skb)
886 {
887         __u8 status = *((__u8 *) skb->data);
888
889         BT_DBG("%s status 0x%2.2x", hdev->name, status);
890
891         if (status) {
892                 hci_dev_lock(hdev);
893                 mgmt_start_discovery_failed(hdev, status);
894                 hci_dev_unlock(hdev);
895                 return;
896         }
897 }
898
899 static void hci_cc_le_set_scan_enable(struct hci_dev *hdev,
900                                       struct sk_buff *skb)
901 {
902         struct hci_cp_le_set_scan_enable *cp;
903         __u8 status = *((__u8 *) skb->data);
904
905         BT_DBG("%s status 0x%2.2x", hdev->name, status);
906
907         cp = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_SCAN_ENABLE);
908         if (!cp)
909                 return;
910
911         switch (cp->enable) {
912         case LE_SCANNING_ENABLED:
913                 if (status) {
914                         hci_dev_lock(hdev);
915                         mgmt_start_discovery_failed(hdev, status);
916                         hci_dev_unlock(hdev);
917                         return;
918                 }
919
920                 set_bit(HCI_LE_SCAN, &hdev->dev_flags);
921
922                 hci_dev_lock(hdev);
923                 hci_discovery_set_state(hdev, DISCOVERY_FINDING);
924                 hci_dev_unlock(hdev);
925                 break;
926
927         case LE_SCANNING_DISABLED:
928                 if (status) {
929                         hci_dev_lock(hdev);
930                         mgmt_stop_discovery_failed(hdev, status);
931                         hci_dev_unlock(hdev);
932                         return;
933                 }
934
935                 clear_bit(HCI_LE_SCAN, &hdev->dev_flags);
936
937                 if (hdev->discovery.type == DISCOV_TYPE_INTERLEAVED &&
938                     hdev->discovery.state == DISCOVERY_FINDING) {
939                         mgmt_interleaved_discovery(hdev);
940                 } else {
941                         hci_dev_lock(hdev);
942                         hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
943                         hci_dev_unlock(hdev);
944                 }
945
946                 break;
947
948         default:
949                 BT_ERR("Used reserved LE_Scan_Enable param %d", cp->enable);
950                 break;
951         }
952 }
953
954 static void hci_cc_le_read_white_list_size(struct hci_dev *hdev,
955                                            struct sk_buff *skb)
956 {
957         struct hci_rp_le_read_white_list_size *rp = (void *) skb->data;
958
959         BT_DBG("%s status 0x%2.2x size %u", hdev->name, rp->status, rp->size);
960
961         if (!rp->status)
962                 hdev->le_white_list_size = rp->size;
963 }
964
965 static void hci_cc_le_read_supported_states(struct hci_dev *hdev,
966                                             struct sk_buff *skb)
967 {
968         struct hci_rp_le_read_supported_states *rp = (void *) skb->data;
969
970         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
971
972         if (!rp->status)
973                 memcpy(hdev->le_states, rp->le_states, 8);
974 }
975
976 static void hci_cc_write_le_host_supported(struct hci_dev *hdev,
977                                            struct sk_buff *skb)
978 {
979         struct hci_cp_write_le_host_supported *sent;
980         __u8 status = *((__u8 *) skb->data);
981
982         BT_DBG("%s status 0x%2.2x", hdev->name, status);
983
984         sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED);
985         if (!sent)
986                 return;
987
988         if (!status) {
989                 if (sent->le)
990                         hdev->host_features[0] |= LMP_HOST_LE;
991                 else
992                         hdev->host_features[0] &= ~LMP_HOST_LE;
993
994                 if (sent->simul)
995                         hdev->host_features[0] |= LMP_HOST_LE_BREDR;
996                 else
997                         hdev->host_features[0] &= ~LMP_HOST_LE_BREDR;
998         }
999
1000         if (test_bit(HCI_MGMT, &hdev->dev_flags) &&
1001             !test_bit(HCI_INIT, &hdev->flags))
1002                 mgmt_le_enable_complete(hdev, sent->le, status);
1003 }
1004
1005 static void hci_cc_write_remote_amp_assoc(struct hci_dev *hdev,
1006                                           struct sk_buff *skb)
1007 {
1008         struct hci_rp_write_remote_amp_assoc *rp = (void *) skb->data;
1009
1010         BT_DBG("%s status 0x%2.2x phy_handle 0x%2.2x",
1011                hdev->name, rp->status, rp->phy_handle);
1012
1013         if (rp->status)
1014                 return;
1015
1016         amp_write_rem_assoc_continue(hdev, rp->phy_handle);
1017 }
1018
1019 static void hci_cs_inquiry(struct hci_dev *hdev, __u8 status)
1020 {
1021         BT_DBG("%s status 0x%2.2x", hdev->name, status);
1022
1023         if (status) {
1024                 hci_conn_check_pending(hdev);
1025                 hci_dev_lock(hdev);
1026                 if (test_bit(HCI_MGMT, &hdev->dev_flags))
1027                         mgmt_start_discovery_failed(hdev, status);
1028                 hci_dev_unlock(hdev);
1029                 return;
1030         }
1031
1032         set_bit(HCI_INQUIRY, &hdev->flags);
1033
1034         hci_dev_lock(hdev);
1035         hci_discovery_set_state(hdev, DISCOVERY_FINDING);
1036         hci_dev_unlock(hdev);
1037 }
1038
1039 static void hci_cs_create_conn(struct hci_dev *hdev, __u8 status)
1040 {
1041         struct hci_cp_create_conn *cp;
1042         struct hci_conn *conn;
1043
1044         BT_DBG("%s status 0x%2.2x", hdev->name, status);
1045
1046         cp = hci_sent_cmd_data(hdev, HCI_OP_CREATE_CONN);
1047         if (!cp)
1048                 return;
1049
1050         hci_dev_lock(hdev);
1051
1052         conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1053
1054         BT_DBG("%s bdaddr %pMR hcon %p", hdev->name, &cp->bdaddr, conn);
1055
1056         if (status) {
1057                 if (conn && conn->state == BT_CONNECT) {
1058                         if (status != 0x0c || conn->attempt > 2) {
1059                                 conn->state = BT_CLOSED;
1060                                 hci_proto_connect_cfm(conn, status);
1061                                 hci_conn_del(conn);
1062                         } else
1063                                 conn->state = BT_CONNECT2;
1064                 }
1065         } else {
1066                 if (!conn) {
1067                         conn = hci_conn_add(hdev, ACL_LINK, &cp->bdaddr);
1068                         if (conn) {
1069                                 conn->out = true;
1070                                 conn->link_mode |= HCI_LM_MASTER;
1071                         } else
1072                                 BT_ERR("No memory for new connection");
1073                 }
1074         }
1075
1076         hci_dev_unlock(hdev);
1077 }
1078
1079 static void hci_cs_add_sco(struct hci_dev *hdev, __u8 status)
1080 {
1081         struct hci_cp_add_sco *cp;
1082         struct hci_conn *acl, *sco;
1083         __u16 handle;
1084
1085         BT_DBG("%s status 0x%2.2x", hdev->name, status);
1086
1087         if (!status)
1088                 return;
1089
1090         cp = hci_sent_cmd_data(hdev, HCI_OP_ADD_SCO);
1091         if (!cp)
1092                 return;
1093
1094         handle = __le16_to_cpu(cp->handle);
1095
1096         BT_DBG("%s handle 0x%4.4x", hdev->name, handle);
1097
1098         hci_dev_lock(hdev);
1099
1100         acl = hci_conn_hash_lookup_handle(hdev, handle);
1101         if (acl) {
1102                 sco = acl->link;
1103                 if (sco) {
1104                         sco->state = BT_CLOSED;
1105
1106                         hci_proto_connect_cfm(sco, status);
1107                         hci_conn_del(sco);
1108                 }
1109         }
1110
1111         hci_dev_unlock(hdev);
1112 }
1113
1114 static void hci_cs_auth_requested(struct hci_dev *hdev, __u8 status)
1115 {
1116         struct hci_cp_auth_requested *cp;
1117         struct hci_conn *conn;
1118
1119         BT_DBG("%s status 0x%2.2x", hdev->name, status);
1120
1121         if (!status)
1122                 return;
1123
1124         cp = hci_sent_cmd_data(hdev, HCI_OP_AUTH_REQUESTED);
1125         if (!cp)
1126                 return;
1127
1128         hci_dev_lock(hdev);
1129
1130         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1131         if (conn) {
1132                 if (conn->state == BT_CONFIG) {
1133                         hci_proto_connect_cfm(conn, status);
1134                         hci_conn_put(conn);
1135                 }
1136         }
1137
1138         hci_dev_unlock(hdev);
1139 }
1140
1141 static void hci_cs_set_conn_encrypt(struct hci_dev *hdev, __u8 status)
1142 {
1143         struct hci_cp_set_conn_encrypt *cp;
1144         struct hci_conn *conn;
1145
1146         BT_DBG("%s status 0x%2.2x", hdev->name, status);
1147
1148         if (!status)
1149                 return;
1150
1151         cp = hci_sent_cmd_data(hdev, HCI_OP_SET_CONN_ENCRYPT);
1152         if (!cp)
1153                 return;
1154
1155         hci_dev_lock(hdev);
1156
1157         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1158         if (conn) {
1159                 if (conn->state == BT_CONFIG) {
1160                         hci_proto_connect_cfm(conn, status);
1161                         hci_conn_put(conn);
1162                 }
1163         }
1164
1165         hci_dev_unlock(hdev);
1166 }
1167
1168 static int hci_outgoing_auth_needed(struct hci_dev *hdev,
1169                                     struct hci_conn *conn)
1170 {
1171         if (conn->state != BT_CONFIG || !conn->out)
1172                 return 0;
1173
1174         if (conn->pending_sec_level == BT_SECURITY_SDP)
1175                 return 0;
1176
1177         /* Only request authentication for SSP connections or non-SSP
1178          * devices with sec_level HIGH or if MITM protection is requested */
1179         if (!hci_conn_ssp_enabled(conn) && !(conn->auth_type & 0x01) &&
1180             conn->pending_sec_level != BT_SECURITY_HIGH)
1181                 return 0;
1182
1183         return 1;
1184 }
1185
1186 static int hci_resolve_name(struct hci_dev *hdev,
1187                                    struct inquiry_entry *e)
1188 {
1189         struct hci_cp_remote_name_req cp;
1190
1191         memset(&cp, 0, sizeof(cp));
1192
1193         bacpy(&cp.bdaddr, &e->data.bdaddr);
1194         cp.pscan_rep_mode = e->data.pscan_rep_mode;
1195         cp.pscan_mode = e->data.pscan_mode;
1196         cp.clock_offset = e->data.clock_offset;
1197
1198         return hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
1199 }
1200
1201 static bool hci_resolve_next_name(struct hci_dev *hdev)
1202 {
1203         struct discovery_state *discov = &hdev->discovery;
1204         struct inquiry_entry *e;
1205
1206         if (list_empty(&discov->resolve))
1207                 return false;
1208
1209         e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_NEEDED);
1210         if (!e)
1211                 return false;
1212
1213         if (hci_resolve_name(hdev, e) == 0) {
1214                 e->name_state = NAME_PENDING;
1215                 return true;
1216         }
1217
1218         return false;
1219 }
1220
1221 static void hci_check_pending_name(struct hci_dev *hdev, struct hci_conn *conn,
1222                                    bdaddr_t *bdaddr, u8 *name, u8 name_len)
1223 {
1224         struct discovery_state *discov = &hdev->discovery;
1225         struct inquiry_entry *e;
1226
1227         if (conn && !test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
1228                 mgmt_device_connected(hdev, bdaddr, ACL_LINK, 0x00, 0, name,
1229                                       name_len, conn->dev_class);
1230
1231         if (discov->state == DISCOVERY_STOPPED)
1232                 return;
1233
1234         if (discov->state == DISCOVERY_STOPPING)
1235                 goto discov_complete;
1236
1237         if (discov->state != DISCOVERY_RESOLVING)
1238                 return;
1239
1240         e = hci_inquiry_cache_lookup_resolve(hdev, bdaddr, NAME_PENDING);
1241         /* If the device was not found in a list of found devices names of which
1242          * are pending. there is no need to continue resolving a next name as it
1243          * will be done upon receiving another Remote Name Request Complete
1244          * Event */
1245         if (!e)
1246                 return;
1247
1248         list_del(&e->list);
1249         if (name) {
1250                 e->name_state = NAME_KNOWN;
1251                 mgmt_remote_name(hdev, bdaddr, ACL_LINK, 0x00,
1252                                  e->data.rssi, name, name_len);
1253         } else {
1254                 e->name_state = NAME_NOT_KNOWN;
1255         }
1256
1257         if (hci_resolve_next_name(hdev))
1258                 return;
1259
1260 discov_complete:
1261         hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1262 }
1263
1264 static void hci_cs_remote_name_req(struct hci_dev *hdev, __u8 status)
1265 {
1266         struct hci_cp_remote_name_req *cp;
1267         struct hci_conn *conn;
1268
1269         BT_DBG("%s status 0x%2.2x", hdev->name, status);
1270
1271         /* If successful wait for the name req complete event before
1272          * checking for the need to do authentication */
1273         if (!status)
1274                 return;
1275
1276         cp = hci_sent_cmd_data(hdev, HCI_OP_REMOTE_NAME_REQ);
1277         if (!cp)
1278                 return;
1279
1280         hci_dev_lock(hdev);
1281
1282         conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1283
1284         if (test_bit(HCI_MGMT, &hdev->dev_flags))
1285                 hci_check_pending_name(hdev, conn, &cp->bdaddr, NULL, 0);
1286
1287         if (!conn)
1288                 goto unlock;
1289
1290         if (!hci_outgoing_auth_needed(hdev, conn))
1291                 goto unlock;
1292
1293         if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
1294                 struct hci_cp_auth_requested cp;
1295                 cp.handle = __cpu_to_le16(conn->handle);
1296                 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp);
1297         }
1298
1299 unlock:
1300         hci_dev_unlock(hdev);
1301 }
1302
1303 static void hci_cs_read_remote_features(struct hci_dev *hdev, __u8 status)
1304 {
1305         struct hci_cp_read_remote_features *cp;
1306         struct hci_conn *conn;
1307
1308         BT_DBG("%s status 0x%2.2x", hdev->name, status);
1309
1310         if (!status)
1311                 return;
1312
1313         cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_FEATURES);
1314         if (!cp)
1315                 return;
1316
1317         hci_dev_lock(hdev);
1318
1319         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1320         if (conn) {
1321                 if (conn->state == BT_CONFIG) {
1322                         hci_proto_connect_cfm(conn, status);
1323                         hci_conn_put(conn);
1324                 }
1325         }
1326
1327         hci_dev_unlock(hdev);
1328 }
1329
1330 static void hci_cs_read_remote_ext_features(struct hci_dev *hdev, __u8 status)
1331 {
1332         struct hci_cp_read_remote_ext_features *cp;
1333         struct hci_conn *conn;
1334
1335         BT_DBG("%s status 0x%2.2x", hdev->name, status);
1336
1337         if (!status)
1338                 return;
1339
1340         cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES);
1341         if (!cp)
1342                 return;
1343
1344         hci_dev_lock(hdev);
1345
1346         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1347         if (conn) {
1348                 if (conn->state == BT_CONFIG) {
1349                         hci_proto_connect_cfm(conn, status);
1350                         hci_conn_put(conn);
1351                 }
1352         }
1353
1354         hci_dev_unlock(hdev);
1355 }
1356
1357 static void hci_cs_setup_sync_conn(struct hci_dev *hdev, __u8 status)
1358 {
1359         struct hci_cp_setup_sync_conn *cp;
1360         struct hci_conn *acl, *sco;
1361         __u16 handle;
1362
1363         BT_DBG("%s status 0x%2.2x", hdev->name, status);
1364
1365         if (!status)
1366                 return;
1367
1368         cp = hci_sent_cmd_data(hdev, HCI_OP_SETUP_SYNC_CONN);
1369         if (!cp)
1370                 return;
1371
1372         handle = __le16_to_cpu(cp->handle);
1373
1374         BT_DBG("%s handle 0x%4.4x", hdev->name, handle);
1375
1376         hci_dev_lock(hdev);
1377
1378         acl = hci_conn_hash_lookup_handle(hdev, handle);
1379         if (acl) {
1380                 sco = acl->link;
1381                 if (sco) {
1382                         sco->state = BT_CLOSED;
1383
1384                         hci_proto_connect_cfm(sco, status);
1385                         hci_conn_del(sco);
1386                 }
1387         }
1388
1389         hci_dev_unlock(hdev);
1390 }
1391
1392 static void hci_cs_sniff_mode(struct hci_dev *hdev, __u8 status)
1393 {
1394         struct hci_cp_sniff_mode *cp;
1395         struct hci_conn *conn;
1396
1397         BT_DBG("%s status 0x%2.2x", hdev->name, status);
1398
1399         if (!status)
1400                 return;
1401
1402         cp = hci_sent_cmd_data(hdev, HCI_OP_SNIFF_MODE);
1403         if (!cp)
1404                 return;
1405
1406         hci_dev_lock(hdev);
1407
1408         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1409         if (conn) {
1410                 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags);
1411
1412                 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
1413                         hci_sco_setup(conn, status);
1414         }
1415
1416         hci_dev_unlock(hdev);
1417 }
1418
1419 static void hci_cs_exit_sniff_mode(struct hci_dev *hdev, __u8 status)
1420 {
1421         struct hci_cp_exit_sniff_mode *cp;
1422         struct hci_conn *conn;
1423
1424         BT_DBG("%s status 0x%2.2x", hdev->name, status);
1425
1426         if (!status)
1427                 return;
1428
1429         cp = hci_sent_cmd_data(hdev, HCI_OP_EXIT_SNIFF_MODE);
1430         if (!cp)
1431                 return;
1432
1433         hci_dev_lock(hdev);
1434
1435         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1436         if (conn) {
1437                 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags);
1438
1439                 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
1440                         hci_sco_setup(conn, status);
1441         }
1442
1443         hci_dev_unlock(hdev);
1444 }
1445
1446 static void hci_cs_disconnect(struct hci_dev *hdev, u8 status)
1447 {
1448         struct hci_cp_disconnect *cp;
1449         struct hci_conn *conn;
1450
1451         if (!status)
1452                 return;
1453
1454         cp = hci_sent_cmd_data(hdev, HCI_OP_DISCONNECT);
1455         if (!cp)
1456                 return;
1457
1458         hci_dev_lock(hdev);
1459
1460         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1461         if (conn)
1462                 mgmt_disconnect_failed(hdev, &conn->dst, conn->type,
1463                                        conn->dst_type, status);
1464
1465         hci_dev_unlock(hdev);
1466 }
1467
1468 static void hci_cs_le_create_conn(struct hci_dev *hdev, __u8 status)
1469 {
1470         struct hci_conn *conn;
1471
1472         BT_DBG("%s status 0x%2.2x", hdev->name, status);
1473
1474         if (status) {
1475                 hci_dev_lock(hdev);
1476
1477                 conn = hci_conn_hash_lookup_state(hdev, LE_LINK, BT_CONNECT);
1478                 if (!conn) {
1479                         hci_dev_unlock(hdev);
1480                         return;
1481                 }
1482
1483                 BT_DBG("%s bdaddr %pMR conn %p", hdev->name, &conn->dst, conn);
1484
1485                 conn->state = BT_CLOSED;
1486                 mgmt_connect_failed(hdev, &conn->dst, conn->type,
1487                                     conn->dst_type, status);
1488                 hci_proto_connect_cfm(conn, status);
1489                 hci_conn_del(conn);
1490
1491                 hci_dev_unlock(hdev);
1492         }
1493 }
1494
1495 static void hci_cs_create_phylink(struct hci_dev *hdev, u8 status)
1496 {
1497         struct hci_cp_create_phy_link *cp;
1498
1499         BT_DBG("%s status 0x%2.2x", hdev->name, status);
1500
1501         cp = hci_sent_cmd_data(hdev, HCI_OP_CREATE_PHY_LINK);
1502         if (!cp)
1503                 return;
1504
1505         hci_dev_lock(hdev);
1506
1507         if (status) {
1508                 struct hci_conn *hcon;
1509
1510                 hcon = hci_conn_hash_lookup_handle(hdev, cp->phy_handle);
1511                 if (hcon)
1512                         hci_conn_del(hcon);
1513         } else {
1514                 amp_write_remote_assoc(hdev, cp->phy_handle);
1515         }
1516
1517         hci_dev_unlock(hdev);
1518 }
1519
1520 static void hci_cs_accept_phylink(struct hci_dev *hdev, u8 status)
1521 {
1522         struct hci_cp_accept_phy_link *cp;
1523
1524         BT_DBG("%s status 0x%2.2x", hdev->name, status);
1525
1526         if (status)
1527                 return;
1528
1529         cp = hci_sent_cmd_data(hdev, HCI_OP_ACCEPT_PHY_LINK);
1530         if (!cp)
1531                 return;
1532
1533         amp_write_remote_assoc(hdev, cp->phy_handle);
1534 }
1535
1536 static void hci_inquiry_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1537 {
1538         __u8 status = *((__u8 *) skb->data);
1539         struct discovery_state *discov = &hdev->discovery;
1540         struct inquiry_entry *e;
1541
1542         BT_DBG("%s status 0x%2.2x", hdev->name, status);
1543
1544         hci_req_cmd_complete(hdev, HCI_OP_INQUIRY, status);
1545
1546         hci_conn_check_pending(hdev);
1547
1548         if (!test_and_clear_bit(HCI_INQUIRY, &hdev->flags))
1549                 return;
1550
1551         if (!test_bit(HCI_MGMT, &hdev->dev_flags))
1552                 return;
1553
1554         hci_dev_lock(hdev);
1555
1556         if (discov->state != DISCOVERY_FINDING)
1557                 goto unlock;
1558
1559         if (list_empty(&discov->resolve)) {
1560                 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1561                 goto unlock;
1562         }
1563
1564         e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_NEEDED);
1565         if (e && hci_resolve_name(hdev, e) == 0) {
1566                 e->name_state = NAME_PENDING;
1567                 hci_discovery_set_state(hdev, DISCOVERY_RESOLVING);
1568         } else {
1569                 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1570         }
1571
1572 unlock:
1573         hci_dev_unlock(hdev);
1574 }
1575
1576 static void hci_inquiry_result_evt(struct hci_dev *hdev, struct sk_buff *skb)
1577 {
1578         struct inquiry_data data;
1579         struct inquiry_info *info = (void *) (skb->data + 1);
1580         int num_rsp = *((__u8 *) skb->data);
1581
1582         BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
1583
1584         if (!num_rsp)
1585                 return;
1586
1587         if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags))
1588                 return;
1589
1590         hci_dev_lock(hdev);
1591
1592         for (; num_rsp; num_rsp--, info++) {
1593                 bool name_known, ssp;
1594
1595                 bacpy(&data.bdaddr, &info->bdaddr);
1596                 data.pscan_rep_mode     = info->pscan_rep_mode;
1597                 data.pscan_period_mode  = info->pscan_period_mode;
1598                 data.pscan_mode         = info->pscan_mode;
1599                 memcpy(data.dev_class, info->dev_class, 3);
1600                 data.clock_offset       = info->clock_offset;
1601                 data.rssi               = 0x00;
1602                 data.ssp_mode           = 0x00;
1603
1604                 name_known = hci_inquiry_cache_update(hdev, &data, false, &ssp);
1605                 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
1606                                   info->dev_class, 0, !name_known, ssp, NULL,
1607                                   0);
1608         }
1609
1610         hci_dev_unlock(hdev);
1611 }
1612
1613 static void hci_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1614 {
1615         struct hci_ev_conn_complete *ev = (void *) skb->data;
1616         struct hci_conn *conn;
1617
1618         BT_DBG("%s", hdev->name);
1619
1620         hci_dev_lock(hdev);
1621
1622         conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
1623         if (!conn) {
1624                 if (ev->link_type != SCO_LINK)
1625                         goto unlock;
1626
1627                 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
1628                 if (!conn)
1629                         goto unlock;
1630
1631                 conn->type = SCO_LINK;
1632         }
1633
1634         if (!ev->status) {
1635                 conn->handle = __le16_to_cpu(ev->handle);
1636
1637                 if (conn->type == ACL_LINK) {
1638                         conn->state = BT_CONFIG;
1639                         hci_conn_hold(conn);
1640
1641                         if (!conn->out && !hci_conn_ssp_enabled(conn) &&
1642                             !hci_find_link_key(hdev, &ev->bdaddr))
1643                                 conn->disc_timeout = HCI_PAIRING_TIMEOUT;
1644                         else
1645                                 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
1646                 } else
1647                         conn->state = BT_CONNECTED;
1648
1649                 hci_conn_hold_device(conn);
1650                 hci_conn_add_sysfs(conn);
1651
1652                 if (test_bit(HCI_AUTH, &hdev->flags))
1653                         conn->link_mode |= HCI_LM_AUTH;
1654
1655                 if (test_bit(HCI_ENCRYPT, &hdev->flags))
1656                         conn->link_mode |= HCI_LM_ENCRYPT;
1657
1658                 /* Get remote features */
1659                 if (conn->type == ACL_LINK) {
1660                         struct hci_cp_read_remote_features cp;
1661                         cp.handle = ev->handle;
1662                         hci_send_cmd(hdev, HCI_OP_READ_REMOTE_FEATURES,
1663                                      sizeof(cp), &cp);
1664                 }
1665
1666                 /* Set packet type for incoming connection */
1667                 if (!conn->out && hdev->hci_ver < BLUETOOTH_VER_2_0) {
1668                         struct hci_cp_change_conn_ptype cp;
1669                         cp.handle = ev->handle;
1670                         cp.pkt_type = cpu_to_le16(conn->pkt_type);
1671                         hci_send_cmd(hdev, HCI_OP_CHANGE_CONN_PTYPE, sizeof(cp),
1672                                      &cp);
1673                 }
1674         } else {
1675                 conn->state = BT_CLOSED;
1676                 if (conn->type == ACL_LINK)
1677                         mgmt_connect_failed(hdev, &ev->bdaddr, conn->type,
1678                                             conn->dst_type, ev->status);
1679         }
1680
1681         if (conn->type == ACL_LINK)
1682                 hci_sco_setup(conn, ev->status);
1683
1684         if (ev->status) {
1685                 hci_proto_connect_cfm(conn, ev->status);
1686                 hci_conn_del(conn);
1687         } else if (ev->link_type != ACL_LINK)
1688                 hci_proto_connect_cfm(conn, ev->status);
1689
1690 unlock:
1691         hci_dev_unlock(hdev);
1692
1693         hci_conn_check_pending(hdev);
1694 }
1695
1696 void hci_conn_accept(struct hci_conn *conn, int mask)
1697 {
1698         struct hci_dev *hdev = conn->hdev;
1699
1700         BT_DBG("conn %p", conn);
1701
1702         conn->state = BT_CONFIG;
1703
1704         if (!lmp_esco_capable(hdev)) {
1705                 struct hci_cp_accept_conn_req cp;
1706
1707                 bacpy(&cp.bdaddr, &conn->dst);
1708
1709                 if (lmp_rswitch_capable(hdev) && (mask & HCI_LM_MASTER))
1710                         cp.role = 0x00; /* Become master */
1711                 else
1712                         cp.role = 0x01; /* Remain slave */
1713
1714                 hci_send_cmd(hdev, HCI_OP_ACCEPT_CONN_REQ, sizeof(cp), &cp);
1715         } else /* lmp_esco_capable(hdev)) */ {
1716                 struct hci_cp_accept_sync_conn_req cp;
1717
1718                 bacpy(&cp.bdaddr, &conn->dst);
1719                 cp.pkt_type = cpu_to_le16(conn->pkt_type);
1720
1721                 cp.tx_bandwidth   = __constant_cpu_to_le32(0x00001f40);
1722                 cp.rx_bandwidth   = __constant_cpu_to_le32(0x00001f40);
1723                 cp.max_latency    = __constant_cpu_to_le16(0xffff);
1724                 cp.content_format = cpu_to_le16(hdev->voice_setting);
1725                 cp.retrans_effort = 0xff;
1726
1727                 hci_send_cmd(hdev, HCI_OP_ACCEPT_SYNC_CONN_REQ,
1728                              sizeof(cp), &cp);
1729         }
1730 }
1731
1732 static void hci_conn_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
1733 {
1734         struct hci_ev_conn_request *ev = (void *) skb->data;
1735         int mask = hdev->link_mode;
1736         __u8 flags = 0;
1737
1738         BT_DBG("%s bdaddr %pMR type 0x%x", hdev->name, &ev->bdaddr,
1739                ev->link_type);
1740
1741         mask |= hci_proto_connect_ind(hdev, &ev->bdaddr, ev->link_type,
1742                                       &flags);
1743
1744         if ((mask & HCI_LM_ACCEPT) &&
1745             !hci_blacklist_lookup(hdev, &ev->bdaddr)) {
1746                 /* Connection accepted */
1747                 struct inquiry_entry *ie;
1748                 struct hci_conn *conn;
1749
1750                 hci_dev_lock(hdev);
1751
1752                 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
1753                 if (ie)
1754                         memcpy(ie->data.dev_class, ev->dev_class, 3);
1755
1756                 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type,
1757                                                &ev->bdaddr);
1758                 if (!conn) {
1759                         conn = hci_conn_add(hdev, ev->link_type, &ev->bdaddr);
1760                         if (!conn) {
1761                                 BT_ERR("No memory for new connection");
1762                                 hci_dev_unlock(hdev);
1763                                 return;
1764                         }
1765                 }
1766
1767                 memcpy(conn->dev_class, ev->dev_class, 3);
1768
1769                 hci_dev_unlock(hdev);
1770
1771                 if (ev->link_type == ACL_LINK ||
1772                     (!(flags & HCI_PROTO_DEFER) && !lmp_esco_capable(hdev))) {
1773                         struct hci_cp_accept_conn_req cp;
1774                         conn->state = BT_CONNECT;
1775
1776                         bacpy(&cp.bdaddr, &ev->bdaddr);
1777
1778                         if (lmp_rswitch_capable(hdev) && (mask & HCI_LM_MASTER))
1779                                 cp.role = 0x00; /* Become master */
1780                         else
1781                                 cp.role = 0x01; /* Remain slave */
1782
1783                         hci_send_cmd(hdev, HCI_OP_ACCEPT_CONN_REQ, sizeof(cp),
1784                                      &cp);
1785                 } else if (!(flags & HCI_PROTO_DEFER)) {
1786                         struct hci_cp_accept_sync_conn_req cp;
1787                         conn->state = BT_CONNECT;
1788
1789                         bacpy(&cp.bdaddr, &ev->bdaddr);
1790                         cp.pkt_type = cpu_to_le16(conn->pkt_type);
1791
1792                         cp.tx_bandwidth   = __constant_cpu_to_le32(0x00001f40);
1793                         cp.rx_bandwidth   = __constant_cpu_to_le32(0x00001f40);
1794                         cp.max_latency    = __constant_cpu_to_le16(0xffff);
1795                         cp.content_format = cpu_to_le16(hdev->voice_setting);
1796                         cp.retrans_effort = 0xff;
1797
1798                         hci_send_cmd(hdev, HCI_OP_ACCEPT_SYNC_CONN_REQ,
1799                                      sizeof(cp), &cp);
1800                 } else {
1801                         conn->state = BT_CONNECT2;
1802                         hci_proto_connect_cfm(conn, 0);
1803                         hci_conn_put(conn);
1804                 }
1805         } else {
1806                 /* Connection rejected */
1807                 struct hci_cp_reject_conn_req cp;
1808
1809                 bacpy(&cp.bdaddr, &ev->bdaddr);
1810                 cp.reason = HCI_ERROR_REJ_BAD_ADDR;
1811                 hci_send_cmd(hdev, HCI_OP_REJECT_CONN_REQ, sizeof(cp), &cp);
1812         }
1813 }
1814
1815 static u8 hci_to_mgmt_reason(u8 err)
1816 {
1817         switch (err) {
1818         case HCI_ERROR_CONNECTION_TIMEOUT:
1819                 return MGMT_DEV_DISCONN_TIMEOUT;
1820         case HCI_ERROR_REMOTE_USER_TERM:
1821         case HCI_ERROR_REMOTE_LOW_RESOURCES:
1822         case HCI_ERROR_REMOTE_POWER_OFF:
1823                 return MGMT_DEV_DISCONN_REMOTE;
1824         case HCI_ERROR_LOCAL_HOST_TERM:
1825                 return MGMT_DEV_DISCONN_LOCAL_HOST;
1826         default:
1827                 return MGMT_DEV_DISCONN_UNKNOWN;
1828         }
1829 }
1830
1831 static void hci_disconn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1832 {
1833         struct hci_ev_disconn_complete *ev = (void *) skb->data;
1834         struct hci_conn *conn;
1835
1836         BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
1837
1838         hci_dev_lock(hdev);
1839
1840         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1841         if (!conn)
1842                 goto unlock;
1843
1844         if (ev->status == 0)
1845                 conn->state = BT_CLOSED;
1846
1847         if (test_and_clear_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags) &&
1848             (conn->type == ACL_LINK || conn->type == LE_LINK)) {
1849                 if (ev->status) {
1850                         mgmt_disconnect_failed(hdev, &conn->dst, conn->type,
1851                                                conn->dst_type, ev->status);
1852                 } else {
1853                         u8 reason = hci_to_mgmt_reason(ev->reason);
1854
1855                         mgmt_device_disconnected(hdev, &conn->dst, conn->type,
1856                                                  conn->dst_type, reason);
1857                 }
1858         }
1859
1860         if (ev->status == 0) {
1861                 if (conn->type == ACL_LINK && conn->flush_key)
1862                         hci_remove_link_key(hdev, &conn->dst);
1863                 hci_proto_disconn_cfm(conn, ev->reason);
1864                 hci_conn_del(conn);
1865         }
1866
1867 unlock:
1868         hci_dev_unlock(hdev);
1869 }
1870
1871 static void hci_auth_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1872 {
1873         struct hci_ev_auth_complete *ev = (void *) skb->data;
1874         struct hci_conn *conn;
1875
1876         BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
1877
1878         hci_dev_lock(hdev);
1879
1880         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1881         if (!conn)
1882                 goto unlock;
1883
1884         if (!ev->status) {
1885                 if (!hci_conn_ssp_enabled(conn) &&
1886                     test_bit(HCI_CONN_REAUTH_PEND, &conn->flags)) {
1887                         BT_INFO("re-auth of legacy device is not possible.");
1888                 } else {
1889                         conn->link_mode |= HCI_LM_AUTH;
1890                         conn->sec_level = conn->pending_sec_level;
1891                 }
1892         } else {
1893                 mgmt_auth_failed(hdev, &conn->dst, conn->type, conn->dst_type,
1894                                  ev->status);
1895         }
1896
1897         clear_bit(HCI_CONN_AUTH_PEND, &conn->flags);
1898         clear_bit(HCI_CONN_REAUTH_PEND, &conn->flags);
1899
1900         if (conn->state == BT_CONFIG) {
1901                 if (!ev->status && hci_conn_ssp_enabled(conn)) {
1902                         struct hci_cp_set_conn_encrypt cp;
1903                         cp.handle  = ev->handle;
1904                         cp.encrypt = 0x01;
1905                         hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
1906                                      &cp);
1907                 } else {
1908                         conn->state = BT_CONNECTED;
1909                         hci_proto_connect_cfm(conn, ev->status);
1910                         hci_conn_put(conn);
1911                 }
1912         } else {
1913                 hci_auth_cfm(conn, ev->status);
1914
1915                 hci_conn_hold(conn);
1916                 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
1917                 hci_conn_put(conn);
1918         }
1919
1920         if (test_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags)) {
1921                 if (!ev->status) {
1922                         struct hci_cp_set_conn_encrypt cp;
1923                         cp.handle  = ev->handle;
1924                         cp.encrypt = 0x01;
1925                         hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
1926                                      &cp);
1927                 } else {
1928                         clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
1929                         hci_encrypt_cfm(conn, ev->status, 0x00);
1930                 }
1931         }
1932
1933 unlock:
1934         hci_dev_unlock(hdev);
1935 }
1936
1937 static void hci_remote_name_evt(struct hci_dev *hdev, struct sk_buff *skb)
1938 {
1939         struct hci_ev_remote_name *ev = (void *) skb->data;
1940         struct hci_conn *conn;
1941
1942         BT_DBG("%s", hdev->name);
1943
1944         hci_conn_check_pending(hdev);
1945
1946         hci_dev_lock(hdev);
1947
1948         conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
1949
1950         if (!test_bit(HCI_MGMT, &hdev->dev_flags))
1951                 goto check_auth;
1952
1953         if (ev->status == 0)
1954                 hci_check_pending_name(hdev, conn, &ev->bdaddr, ev->name,
1955                                        strnlen(ev->name, HCI_MAX_NAME_LENGTH));
1956         else
1957                 hci_check_pending_name(hdev, conn, &ev->bdaddr, NULL, 0);
1958
1959 check_auth:
1960         if (!conn)
1961                 goto unlock;
1962
1963         if (!hci_outgoing_auth_needed(hdev, conn))
1964                 goto unlock;
1965
1966         if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
1967                 struct hci_cp_auth_requested cp;
1968                 cp.handle = __cpu_to_le16(conn->handle);
1969                 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp);
1970         }
1971
1972 unlock:
1973         hci_dev_unlock(hdev);
1974 }
1975
1976 static void hci_encrypt_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
1977 {
1978         struct hci_ev_encrypt_change *ev = (void *) skb->data;
1979         struct hci_conn *conn;
1980
1981         BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
1982
1983         hci_dev_lock(hdev);
1984
1985         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1986         if (conn) {
1987                 if (!ev->status) {
1988                         if (ev->encrypt) {
1989                                 /* Encryption implies authentication */
1990                                 conn->link_mode |= HCI_LM_AUTH;
1991                                 conn->link_mode |= HCI_LM_ENCRYPT;
1992                                 conn->sec_level = conn->pending_sec_level;
1993                         } else
1994                                 conn->link_mode &= ~HCI_LM_ENCRYPT;
1995                 }
1996
1997                 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
1998
1999                 if (ev->status && conn->state == BT_CONNECTED) {
2000                         hci_disconnect(conn, HCI_ERROR_AUTH_FAILURE);
2001                         hci_conn_put(conn);
2002                         goto unlock;
2003                 }
2004
2005                 if (conn->state == BT_CONFIG) {
2006                         if (!ev->status)
2007                                 conn->state = BT_CONNECTED;
2008
2009                         hci_proto_connect_cfm(conn, ev->status);
2010                         hci_conn_put(conn);
2011                 } else
2012                         hci_encrypt_cfm(conn, ev->status, ev->encrypt);
2013         }
2014
2015 unlock:
2016         hci_dev_unlock(hdev);
2017 }
2018
2019 static void hci_change_link_key_complete_evt(struct hci_dev *hdev,
2020                                              struct sk_buff *skb)
2021 {
2022         struct hci_ev_change_link_key_complete *ev = (void *) skb->data;
2023         struct hci_conn *conn;
2024
2025         BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2026
2027         hci_dev_lock(hdev);
2028
2029         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2030         if (conn) {
2031                 if (!ev->status)
2032                         conn->link_mode |= HCI_LM_SECURE;
2033
2034                 clear_bit(HCI_CONN_AUTH_PEND, &conn->flags);
2035
2036                 hci_key_change_cfm(conn, ev->status);
2037         }
2038
2039         hci_dev_unlock(hdev);
2040 }
2041
2042 static void hci_remote_features_evt(struct hci_dev *hdev,
2043                                     struct sk_buff *skb)
2044 {
2045         struct hci_ev_remote_features *ev = (void *) skb->data;
2046         struct hci_conn *conn;
2047
2048         BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2049
2050         hci_dev_lock(hdev);
2051
2052         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2053         if (!conn)
2054                 goto unlock;
2055
2056         if (!ev->status)
2057                 memcpy(conn->features, ev->features, 8);
2058
2059         if (conn->state != BT_CONFIG)
2060                 goto unlock;
2061
2062         if (!ev->status && lmp_ssp_capable(hdev) && lmp_ssp_capable(conn)) {
2063                 struct hci_cp_read_remote_ext_features cp;
2064                 cp.handle = ev->handle;
2065                 cp.page = 0x01;
2066                 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES,
2067                              sizeof(cp), &cp);
2068                 goto unlock;
2069         }
2070
2071         if (!ev->status && !test_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags)) {
2072                 struct hci_cp_remote_name_req cp;
2073                 memset(&cp, 0, sizeof(cp));
2074                 bacpy(&cp.bdaddr, &conn->dst);
2075                 cp.pscan_rep_mode = 0x02;
2076                 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
2077         } else if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
2078                 mgmt_device_connected(hdev, &conn->dst, conn->type,
2079                                       conn->dst_type, 0, NULL, 0,
2080                                       conn->dev_class);
2081
2082         if (!hci_outgoing_auth_needed(hdev, conn)) {
2083                 conn->state = BT_CONNECTED;
2084                 hci_proto_connect_cfm(conn, ev->status);
2085                 hci_conn_put(conn);
2086         }
2087
2088 unlock:
2089         hci_dev_unlock(hdev);
2090 }
2091
2092 static void hci_cmd_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2093 {
2094         struct hci_ev_cmd_complete *ev = (void *) skb->data;
2095         u8 status = skb->data[sizeof(*ev)];
2096         __u16 opcode;
2097
2098         skb_pull(skb, sizeof(*ev));
2099
2100         opcode = __le16_to_cpu(ev->opcode);
2101
2102         switch (opcode) {
2103         case HCI_OP_INQUIRY_CANCEL:
2104                 hci_cc_inquiry_cancel(hdev, skb);
2105                 break;
2106
2107         case HCI_OP_PERIODIC_INQ:
2108                 hci_cc_periodic_inq(hdev, skb);
2109                 break;
2110
2111         case HCI_OP_EXIT_PERIODIC_INQ:
2112                 hci_cc_exit_periodic_inq(hdev, skb);
2113                 break;
2114
2115         case HCI_OP_REMOTE_NAME_REQ_CANCEL:
2116                 hci_cc_remote_name_req_cancel(hdev, skb);
2117                 break;
2118
2119         case HCI_OP_ROLE_DISCOVERY:
2120                 hci_cc_role_discovery(hdev, skb);
2121                 break;
2122
2123         case HCI_OP_READ_LINK_POLICY:
2124                 hci_cc_read_link_policy(hdev, skb);
2125                 break;
2126
2127         case HCI_OP_WRITE_LINK_POLICY:
2128                 hci_cc_write_link_policy(hdev, skb);
2129                 break;
2130
2131         case HCI_OP_READ_DEF_LINK_POLICY:
2132                 hci_cc_read_def_link_policy(hdev, skb);
2133                 break;
2134
2135         case HCI_OP_WRITE_DEF_LINK_POLICY:
2136                 hci_cc_write_def_link_policy(hdev, skb);
2137                 break;
2138
2139         case HCI_OP_RESET:
2140                 hci_cc_reset(hdev, skb);
2141                 break;
2142
2143         case HCI_OP_WRITE_LOCAL_NAME:
2144                 hci_cc_write_local_name(hdev, skb);
2145                 break;
2146
2147         case HCI_OP_READ_LOCAL_NAME:
2148                 hci_cc_read_local_name(hdev, skb);
2149                 break;
2150
2151         case HCI_OP_WRITE_AUTH_ENABLE:
2152                 hci_cc_write_auth_enable(hdev, skb);
2153                 break;
2154
2155         case HCI_OP_WRITE_ENCRYPT_MODE:
2156                 hci_cc_write_encrypt_mode(hdev, skb);
2157                 break;
2158
2159         case HCI_OP_WRITE_SCAN_ENABLE:
2160                 hci_cc_write_scan_enable(hdev, skb);
2161                 break;
2162
2163         case HCI_OP_READ_CLASS_OF_DEV:
2164                 hci_cc_read_class_of_dev(hdev, skb);
2165                 break;
2166
2167         case HCI_OP_WRITE_CLASS_OF_DEV:
2168                 hci_cc_write_class_of_dev(hdev, skb);
2169                 break;
2170
2171         case HCI_OP_READ_VOICE_SETTING:
2172                 hci_cc_read_voice_setting(hdev, skb);
2173                 break;
2174
2175         case HCI_OP_WRITE_VOICE_SETTING:
2176                 hci_cc_write_voice_setting(hdev, skb);
2177                 break;
2178
2179         case HCI_OP_WRITE_SSP_MODE:
2180                 hci_cc_write_ssp_mode(hdev, skb);
2181                 break;
2182
2183         case HCI_OP_READ_LOCAL_VERSION:
2184                 hci_cc_read_local_version(hdev, skb);
2185                 break;
2186
2187         case HCI_OP_READ_LOCAL_COMMANDS:
2188                 hci_cc_read_local_commands(hdev, skb);
2189                 break;
2190
2191         case HCI_OP_READ_LOCAL_FEATURES:
2192                 hci_cc_read_local_features(hdev, skb);
2193                 break;
2194
2195         case HCI_OP_READ_LOCAL_EXT_FEATURES:
2196                 hci_cc_read_local_ext_features(hdev, skb);
2197                 break;
2198
2199         case HCI_OP_READ_BUFFER_SIZE:
2200                 hci_cc_read_buffer_size(hdev, skb);
2201                 break;
2202
2203         case HCI_OP_READ_BD_ADDR:
2204                 hci_cc_read_bd_addr(hdev, skb);
2205                 break;
2206
2207         case HCI_OP_READ_DATA_BLOCK_SIZE:
2208                 hci_cc_read_data_block_size(hdev, skb);
2209                 break;
2210
2211         case HCI_OP_READ_FLOW_CONTROL_MODE:
2212                 hci_cc_read_flow_control_mode(hdev, skb);
2213                 break;
2214
2215         case HCI_OP_READ_LOCAL_AMP_INFO:
2216                 hci_cc_read_local_amp_info(hdev, skb);
2217                 break;
2218
2219         case HCI_OP_READ_LOCAL_AMP_ASSOC:
2220                 hci_cc_read_local_amp_assoc(hdev, skb);
2221                 break;
2222
2223         case HCI_OP_READ_INQ_RSP_TX_POWER:
2224                 hci_cc_read_inq_rsp_tx_power(hdev, skb);
2225                 break;
2226
2227         case HCI_OP_PIN_CODE_REPLY:
2228                 hci_cc_pin_code_reply(hdev, skb);
2229                 break;
2230
2231         case HCI_OP_PIN_CODE_NEG_REPLY:
2232                 hci_cc_pin_code_neg_reply(hdev, skb);
2233                 break;
2234
2235         case HCI_OP_READ_LOCAL_OOB_DATA:
2236                 hci_cc_read_local_oob_data_reply(hdev, skb);
2237                 break;
2238
2239         case HCI_OP_LE_READ_BUFFER_SIZE:
2240                 hci_cc_le_read_buffer_size(hdev, skb);
2241                 break;
2242
2243         case HCI_OP_LE_READ_LOCAL_FEATURES:
2244                 hci_cc_le_read_local_features(hdev, skb);
2245                 break;
2246
2247         case HCI_OP_LE_READ_ADV_TX_POWER:
2248                 hci_cc_le_read_adv_tx_power(hdev, skb);
2249                 break;
2250
2251         case HCI_OP_USER_CONFIRM_REPLY:
2252                 hci_cc_user_confirm_reply(hdev, skb);
2253                 break;
2254
2255         case HCI_OP_USER_CONFIRM_NEG_REPLY:
2256                 hci_cc_user_confirm_neg_reply(hdev, skb);
2257                 break;
2258
2259         case HCI_OP_USER_PASSKEY_REPLY:
2260                 hci_cc_user_passkey_reply(hdev, skb);
2261                 break;
2262
2263         case HCI_OP_USER_PASSKEY_NEG_REPLY:
2264                 hci_cc_user_passkey_neg_reply(hdev, skb);
2265                 break;
2266
2267         case HCI_OP_LE_SET_SCAN_PARAM:
2268                 hci_cc_le_set_scan_param(hdev, skb);
2269                 break;
2270
2271         case HCI_OP_LE_SET_ADV_ENABLE:
2272                 hci_cc_le_set_adv_enable(hdev, skb);
2273                 break;
2274
2275         case HCI_OP_LE_SET_SCAN_ENABLE:
2276                 hci_cc_le_set_scan_enable(hdev, skb);
2277                 break;
2278
2279         case HCI_OP_LE_READ_WHITE_LIST_SIZE:
2280                 hci_cc_le_read_white_list_size(hdev, skb);
2281                 break;
2282
2283         case HCI_OP_LE_READ_SUPPORTED_STATES:
2284                 hci_cc_le_read_supported_states(hdev, skb);
2285                 break;
2286
2287         case HCI_OP_WRITE_LE_HOST_SUPPORTED:
2288                 hci_cc_write_le_host_supported(hdev, skb);
2289                 break;
2290
2291         case HCI_OP_WRITE_REMOTE_AMP_ASSOC:
2292                 hci_cc_write_remote_amp_assoc(hdev, skb);
2293                 break;
2294
2295         default:
2296                 BT_DBG("%s opcode 0x%4.4x", hdev->name, opcode);
2297                 break;
2298         }
2299
2300         if (opcode != HCI_OP_NOP)
2301                 del_timer(&hdev->cmd_timer);
2302
2303         hci_req_cmd_complete(hdev, opcode, status);
2304
2305         if (ev->ncmd && !test_bit(HCI_RESET, &hdev->flags)) {
2306                 atomic_set(&hdev->cmd_cnt, 1);
2307                 if (!skb_queue_empty(&hdev->cmd_q))
2308                         queue_work(hdev->workqueue, &hdev->cmd_work);
2309         }
2310 }
2311
2312 static void hci_cmd_status_evt(struct hci_dev *hdev, struct sk_buff *skb)
2313 {
2314         struct hci_ev_cmd_status *ev = (void *) skb->data;
2315         __u16 opcode;
2316
2317         skb_pull(skb, sizeof(*ev));
2318
2319         opcode = __le16_to_cpu(ev->opcode);
2320
2321         switch (opcode) {
2322         case HCI_OP_INQUIRY:
2323                 hci_cs_inquiry(hdev, ev->status);
2324                 break;
2325
2326         case HCI_OP_CREATE_CONN:
2327                 hci_cs_create_conn(hdev, ev->status);
2328                 break;
2329
2330         case HCI_OP_ADD_SCO:
2331                 hci_cs_add_sco(hdev, ev->status);
2332                 break;
2333
2334         case HCI_OP_AUTH_REQUESTED:
2335                 hci_cs_auth_requested(hdev, ev->status);
2336                 break;
2337
2338         case HCI_OP_SET_CONN_ENCRYPT:
2339                 hci_cs_set_conn_encrypt(hdev, ev->status);
2340                 break;
2341
2342         case HCI_OP_REMOTE_NAME_REQ:
2343                 hci_cs_remote_name_req(hdev, ev->status);
2344                 break;
2345
2346         case HCI_OP_READ_REMOTE_FEATURES:
2347                 hci_cs_read_remote_features(hdev, ev->status);
2348                 break;
2349
2350         case HCI_OP_READ_REMOTE_EXT_FEATURES:
2351                 hci_cs_read_remote_ext_features(hdev, ev->status);
2352                 break;
2353
2354         case HCI_OP_SETUP_SYNC_CONN:
2355                 hci_cs_setup_sync_conn(hdev, ev->status);
2356                 break;
2357
2358         case HCI_OP_SNIFF_MODE:
2359                 hci_cs_sniff_mode(hdev, ev->status);
2360                 break;
2361
2362         case HCI_OP_EXIT_SNIFF_MODE:
2363                 hci_cs_exit_sniff_mode(hdev, ev->status);
2364                 break;
2365
2366         case HCI_OP_DISCONNECT:
2367                 hci_cs_disconnect(hdev, ev->status);
2368                 break;
2369
2370         case HCI_OP_LE_CREATE_CONN:
2371                 hci_cs_le_create_conn(hdev, ev->status);
2372                 break;
2373
2374         case HCI_OP_CREATE_PHY_LINK:
2375                 hci_cs_create_phylink(hdev, ev->status);
2376                 break;
2377
2378         case HCI_OP_ACCEPT_PHY_LINK:
2379                 hci_cs_accept_phylink(hdev, ev->status);
2380                 break;
2381
2382         default:
2383                 BT_DBG("%s opcode 0x%4.4x", hdev->name, opcode);
2384                 break;
2385         }
2386
2387         if (opcode != HCI_OP_NOP)
2388                 del_timer(&hdev->cmd_timer);
2389
2390         hci_req_cmd_status(hdev, opcode, ev->status);
2391
2392         if (ev->ncmd && !test_bit(HCI_RESET, &hdev->flags)) {
2393                 atomic_set(&hdev->cmd_cnt, 1);
2394                 if (!skb_queue_empty(&hdev->cmd_q))
2395                         queue_work(hdev->workqueue, &hdev->cmd_work);
2396         }
2397 }
2398
2399 static void hci_role_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2400 {
2401         struct hci_ev_role_change *ev = (void *) skb->data;
2402         struct hci_conn *conn;
2403
2404         BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2405
2406         hci_dev_lock(hdev);
2407
2408         conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2409         if (conn) {
2410                 if (!ev->status) {
2411                         if (ev->role)
2412                                 conn->link_mode &= ~HCI_LM_MASTER;
2413                         else
2414                                 conn->link_mode |= HCI_LM_MASTER;
2415                 }
2416
2417                 clear_bit(HCI_CONN_RSWITCH_PEND, &conn->flags);
2418
2419                 hci_role_switch_cfm(conn, ev->status, ev->role);
2420         }
2421
2422         hci_dev_unlock(hdev);
2423 }
2424
2425 static void hci_num_comp_pkts_evt(struct hci_dev *hdev, struct sk_buff *skb)
2426 {
2427         struct hci_ev_num_comp_pkts *ev = (void *) skb->data;
2428         int i;
2429
2430         if (hdev->flow_ctl_mode != HCI_FLOW_CTL_MODE_PACKET_BASED) {
2431                 BT_ERR("Wrong event for mode %d", hdev->flow_ctl_mode);
2432                 return;
2433         }
2434
2435         if (skb->len < sizeof(*ev) || skb->len < sizeof(*ev) +
2436             ev->num_hndl * sizeof(struct hci_comp_pkts_info)) {
2437                 BT_DBG("%s bad parameters", hdev->name);
2438                 return;
2439         }
2440
2441         BT_DBG("%s num_hndl %d", hdev->name, ev->num_hndl);
2442
2443         for (i = 0; i < ev->num_hndl; i++) {
2444                 struct hci_comp_pkts_info *info = &ev->handles[i];
2445                 struct hci_conn *conn;
2446                 __u16  handle, count;
2447
2448                 handle = __le16_to_cpu(info->handle);
2449                 count  = __le16_to_cpu(info->count);
2450
2451                 conn = hci_conn_hash_lookup_handle(hdev, handle);
2452                 if (!conn)
2453                         continue;
2454
2455                 conn->sent -= count;
2456
2457                 switch (conn->type) {
2458                 case ACL_LINK:
2459                         hdev->acl_cnt += count;
2460                         if (hdev->acl_cnt > hdev->acl_pkts)
2461                                 hdev->acl_cnt = hdev->acl_pkts;
2462                         break;
2463
2464                 case LE_LINK:
2465                         if (hdev->le_pkts) {
2466                                 hdev->le_cnt += count;
2467                                 if (hdev->le_cnt > hdev->le_pkts)
2468                                         hdev->le_cnt = hdev->le_pkts;
2469                         } else {
2470                                 hdev->acl_cnt += count;
2471                                 if (hdev->acl_cnt > hdev->acl_pkts)
2472                                         hdev->acl_cnt = hdev->acl_pkts;
2473                         }
2474                         break;
2475
2476                 case SCO_LINK:
2477                         hdev->sco_cnt += count;
2478                         if (hdev->sco_cnt > hdev->sco_pkts)
2479                                 hdev->sco_cnt = hdev->sco_pkts;
2480                         break;
2481
2482                 default:
2483                         BT_ERR("Unknown type %d conn %p", conn->type, conn);
2484                         break;
2485                 }
2486         }
2487
2488         queue_work(hdev->workqueue, &hdev->tx_work);
2489 }
2490
2491 static struct hci_conn *__hci_conn_lookup_handle(struct hci_dev *hdev,
2492                                                  __u16 handle)
2493 {
2494         struct hci_chan *chan;
2495
2496         switch (hdev->dev_type) {
2497         case HCI_BREDR:
2498                 return hci_conn_hash_lookup_handle(hdev, handle);
2499         case HCI_AMP:
2500                 chan = hci_chan_lookup_handle(hdev, handle);
2501                 if (chan)
2502                         return chan->conn;
2503                 break;
2504         default:
2505                 BT_ERR("%s unknown dev_type %d", hdev->name, hdev->dev_type);
2506                 break;
2507         }
2508
2509         return NULL;
2510 }
2511
2512 static void hci_num_comp_blocks_evt(struct hci_dev *hdev, struct sk_buff *skb)
2513 {
2514         struct hci_ev_num_comp_blocks *ev = (void *) skb->data;
2515         int i;
2516
2517         if (hdev->flow_ctl_mode != HCI_FLOW_CTL_MODE_BLOCK_BASED) {
2518                 BT_ERR("Wrong event for mode %d", hdev->flow_ctl_mode);
2519                 return;
2520         }
2521
2522         if (skb->len < sizeof(*ev) || skb->len < sizeof(*ev) +
2523             ev->num_hndl * sizeof(struct hci_comp_blocks_info)) {
2524                 BT_DBG("%s bad parameters", hdev->name);
2525                 return;
2526         }
2527
2528         BT_DBG("%s num_blocks %d num_hndl %d", hdev->name, ev->num_blocks,
2529                ev->num_hndl);
2530
2531         for (i = 0; i < ev->num_hndl; i++) {
2532                 struct hci_comp_blocks_info *info = &ev->handles[i];
2533                 struct hci_conn *conn = NULL;
2534                 __u16  handle, block_count;
2535
2536                 handle = __le16_to_cpu(info->handle);
2537                 block_count = __le16_to_cpu(info->blocks);
2538
2539                 conn = __hci_conn_lookup_handle(hdev, handle);
2540                 if (!conn)
2541                         continue;
2542
2543                 conn->sent -= block_count;
2544
2545                 switch (conn->type) {
2546                 case ACL_LINK:
2547                 case AMP_LINK:
2548                         hdev->block_cnt += block_count;
2549                         if (hdev->block_cnt > hdev->num_blocks)
2550                                 hdev->block_cnt = hdev->num_blocks;
2551                         break;
2552
2553                 default:
2554                         BT_ERR("Unknown type %d conn %p", conn->type, conn);
2555                         break;
2556                 }
2557         }
2558
2559         queue_work(hdev->workqueue, &hdev->tx_work);
2560 }
2561
2562 static void hci_mode_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2563 {
2564         struct hci_ev_mode_change *ev = (void *) skb->data;
2565         struct hci_conn *conn;
2566
2567         BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2568
2569         hci_dev_lock(hdev);
2570
2571         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2572         if (conn) {
2573                 conn->mode = ev->mode;
2574                 conn->interval = __le16_to_cpu(ev->interval);
2575
2576                 if (!test_and_clear_bit(HCI_CONN_MODE_CHANGE_PEND,
2577                                         &conn->flags)) {
2578                         if (conn->mode == HCI_CM_ACTIVE)
2579                                 set_bit(HCI_CONN_POWER_SAVE, &conn->flags);
2580                         else
2581                                 clear_bit(HCI_CONN_POWER_SAVE, &conn->flags);
2582                 }
2583
2584                 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
2585                         hci_sco_setup(conn, ev->status);
2586         }
2587
2588         hci_dev_unlock(hdev);
2589 }
2590
2591 static void hci_pin_code_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
2592 {
2593         struct hci_ev_pin_code_req *ev = (void *) skb->data;
2594         struct hci_conn *conn;
2595
2596         BT_DBG("%s", hdev->name);
2597
2598         hci_dev_lock(hdev);
2599
2600         conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2601         if (!conn)
2602                 goto unlock;
2603
2604         if (conn->state == BT_CONNECTED) {
2605                 hci_conn_hold(conn);
2606                 conn->disc_timeout = HCI_PAIRING_TIMEOUT;
2607                 hci_conn_put(conn);
2608         }
2609
2610         if (!test_bit(HCI_PAIRABLE, &hdev->dev_flags))
2611                 hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
2612                              sizeof(ev->bdaddr), &ev->bdaddr);
2613         else if (test_bit(HCI_MGMT, &hdev->dev_flags)) {
2614                 u8 secure;
2615
2616                 if (conn->pending_sec_level == BT_SECURITY_HIGH)
2617                         secure = 1;
2618                 else
2619                         secure = 0;
2620
2621                 mgmt_pin_code_request(hdev, &ev->bdaddr, secure);
2622         }
2623
2624 unlock:
2625         hci_dev_unlock(hdev);
2626 }
2627
2628 static void hci_link_key_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
2629 {
2630         struct hci_ev_link_key_req *ev = (void *) skb->data;
2631         struct hci_cp_link_key_reply cp;
2632         struct hci_conn *conn;
2633         struct link_key *key;
2634
2635         BT_DBG("%s", hdev->name);
2636
2637         if (!test_bit(HCI_LINK_KEYS, &hdev->dev_flags))
2638                 return;
2639
2640         hci_dev_lock(hdev);
2641
2642         key = hci_find_link_key(hdev, &ev->bdaddr);
2643         if (!key) {
2644                 BT_DBG("%s link key not found for %pMR", hdev->name,
2645                        &ev->bdaddr);
2646                 goto not_found;
2647         }
2648
2649         BT_DBG("%s found key type %u for %pMR", hdev->name, key->type,
2650                &ev->bdaddr);
2651
2652         if (!test_bit(HCI_DEBUG_KEYS, &hdev->dev_flags) &&
2653             key->type == HCI_LK_DEBUG_COMBINATION) {
2654                 BT_DBG("%s ignoring debug key", hdev->name);
2655                 goto not_found;
2656         }
2657
2658         conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2659         if (conn) {
2660                 if (key->type == HCI_LK_UNAUTH_COMBINATION &&
2661                     conn->auth_type != 0xff && (conn->auth_type & 0x01)) {
2662                         BT_DBG("%s ignoring unauthenticated key", hdev->name);
2663                         goto not_found;
2664                 }
2665
2666                 if (key->type == HCI_LK_COMBINATION && key->pin_len < 16 &&
2667                     conn->pending_sec_level == BT_SECURITY_HIGH) {
2668                         BT_DBG("%s ignoring key unauthenticated for high security",
2669                                hdev->name);
2670                         goto not_found;
2671                 }
2672
2673                 conn->key_type = key->type;
2674                 conn->pin_length = key->pin_len;
2675         }
2676
2677         bacpy(&cp.bdaddr, &ev->bdaddr);
2678         memcpy(cp.link_key, key->val, HCI_LINK_KEY_SIZE);
2679
2680         hci_send_cmd(hdev, HCI_OP_LINK_KEY_REPLY, sizeof(cp), &cp);
2681
2682         hci_dev_unlock(hdev);
2683
2684         return;
2685
2686 not_found:
2687         hci_send_cmd(hdev, HCI_OP_LINK_KEY_NEG_REPLY, 6, &ev->bdaddr);
2688         hci_dev_unlock(hdev);
2689 }
2690
2691 static void hci_link_key_notify_evt(struct hci_dev *hdev, struct sk_buff *skb)
2692 {
2693         struct hci_ev_link_key_notify *ev = (void *) skb->data;
2694         struct hci_conn *conn;
2695         u8 pin_len = 0;
2696
2697         BT_DBG("%s", hdev->name);
2698
2699         hci_dev_lock(hdev);
2700
2701         conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2702         if (conn) {
2703                 hci_conn_hold(conn);
2704                 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
2705                 pin_len = conn->pin_length;
2706
2707                 if (ev->key_type != HCI_LK_CHANGED_COMBINATION)
2708                         conn->key_type = ev->key_type;
2709
2710                 hci_conn_put(conn);
2711         }
2712
2713         if (test_bit(HCI_LINK_KEYS, &hdev->dev_flags))
2714                 hci_add_link_key(hdev, conn, 1, &ev->bdaddr, ev->link_key,
2715                                  ev->key_type, pin_len);
2716
2717         hci_dev_unlock(hdev);
2718 }
2719
2720 static void hci_clock_offset_evt(struct hci_dev *hdev, struct sk_buff *skb)
2721 {
2722         struct hci_ev_clock_offset *ev = (void *) skb->data;
2723         struct hci_conn *conn;
2724
2725         BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2726
2727         hci_dev_lock(hdev);
2728
2729         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2730         if (conn && !ev->status) {
2731                 struct inquiry_entry *ie;
2732
2733                 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
2734                 if (ie) {
2735                         ie->data.clock_offset = ev->clock_offset;
2736                         ie->timestamp = jiffies;
2737                 }
2738         }
2739
2740         hci_dev_unlock(hdev);
2741 }
2742
2743 static void hci_pkt_type_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2744 {
2745         struct hci_ev_pkt_type_change *ev = (void *) skb->data;
2746         struct hci_conn *conn;
2747
2748         BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2749
2750         hci_dev_lock(hdev);
2751
2752         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2753         if (conn && !ev->status)
2754                 conn->pkt_type = __le16_to_cpu(ev->pkt_type);
2755
2756         hci_dev_unlock(hdev);
2757 }
2758
2759 static void hci_pscan_rep_mode_evt(struct hci_dev *hdev, struct sk_buff *skb)
2760 {
2761         struct hci_ev_pscan_rep_mode *ev = (void *) skb->data;
2762         struct inquiry_entry *ie;
2763
2764         BT_DBG("%s", hdev->name);
2765
2766         hci_dev_lock(hdev);
2767
2768         ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
2769         if (ie) {
2770                 ie->data.pscan_rep_mode = ev->pscan_rep_mode;
2771                 ie->timestamp = jiffies;
2772         }
2773
2774         hci_dev_unlock(hdev);
2775 }
2776
2777 static void hci_inquiry_result_with_rssi_evt(struct hci_dev *hdev,
2778                                              struct sk_buff *skb)
2779 {
2780         struct inquiry_data data;
2781         int num_rsp = *((__u8 *) skb->data);
2782         bool name_known, ssp;
2783
2784         BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
2785
2786         if (!num_rsp)
2787                 return;
2788
2789         if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags))
2790                 return;
2791
2792         hci_dev_lock(hdev);
2793
2794         if ((skb->len - 1) / num_rsp != sizeof(struct inquiry_info_with_rssi)) {
2795                 struct inquiry_info_with_rssi_and_pscan_mode *info;
2796                 info = (void *) (skb->data + 1);
2797
2798                 for (; num_rsp; num_rsp--, info++) {
2799                         bacpy(&data.bdaddr, &info->bdaddr);
2800                         data.pscan_rep_mode     = info->pscan_rep_mode;
2801                         data.pscan_period_mode  = info->pscan_period_mode;
2802                         data.pscan_mode         = info->pscan_mode;
2803                         memcpy(data.dev_class, info->dev_class, 3);
2804                         data.clock_offset       = info->clock_offset;
2805                         data.rssi               = info->rssi;
2806                         data.ssp_mode           = 0x00;
2807
2808                         name_known = hci_inquiry_cache_update(hdev, &data,
2809                                                               false, &ssp);
2810                         mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
2811                                           info->dev_class, info->rssi,
2812                                           !name_known, ssp, NULL, 0);
2813                 }
2814         } else {
2815                 struct inquiry_info_with_rssi *info = (void *) (skb->data + 1);
2816
2817                 for (; num_rsp; num_rsp--, info++) {
2818                         bacpy(&data.bdaddr, &info->bdaddr);
2819                         data.pscan_rep_mode     = info->pscan_rep_mode;
2820                         data.pscan_period_mode  = info->pscan_period_mode;
2821                         data.pscan_mode         = 0x00;
2822                         memcpy(data.dev_class, info->dev_class, 3);
2823                         data.clock_offset       = info->clock_offset;
2824                         data.rssi               = info->rssi;
2825                         data.ssp_mode           = 0x00;
2826                         name_known = hci_inquiry_cache_update(hdev, &data,
2827                                                               false, &ssp);
2828                         mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
2829                                           info->dev_class, info->rssi,
2830                                           !name_known, ssp, NULL, 0);
2831                 }
2832         }
2833
2834         hci_dev_unlock(hdev);
2835 }
2836
2837 static void hci_remote_ext_features_evt(struct hci_dev *hdev,
2838                                         struct sk_buff *skb)
2839 {
2840         struct hci_ev_remote_ext_features *ev = (void *) skb->data;
2841         struct hci_conn *conn;
2842
2843         BT_DBG("%s", hdev->name);
2844
2845         hci_dev_lock(hdev);
2846
2847         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2848         if (!conn)
2849                 goto unlock;
2850
2851         if (!ev->status && ev->page == 0x01) {
2852                 struct inquiry_entry *ie;
2853
2854                 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
2855                 if (ie)
2856                         ie->data.ssp_mode = (ev->features[0] & LMP_HOST_SSP);
2857
2858                 if (ev->features[0] & LMP_HOST_SSP)
2859                         set_bit(HCI_CONN_SSP_ENABLED, &conn->flags);
2860         }
2861
2862         if (conn->state != BT_CONFIG)
2863                 goto unlock;
2864
2865         if (!ev->status && !test_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags)) {
2866                 struct hci_cp_remote_name_req cp;
2867                 memset(&cp, 0, sizeof(cp));
2868                 bacpy(&cp.bdaddr, &conn->dst);
2869                 cp.pscan_rep_mode = 0x02;
2870                 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
2871         } else if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
2872                 mgmt_device_connected(hdev, &conn->dst, conn->type,
2873                                       conn->dst_type, 0, NULL, 0,
2874                                       conn->dev_class);
2875
2876         if (!hci_outgoing_auth_needed(hdev, conn)) {
2877                 conn->state = BT_CONNECTED;
2878                 hci_proto_connect_cfm(conn, ev->status);
2879                 hci_conn_put(conn);
2880         }
2881
2882 unlock:
2883         hci_dev_unlock(hdev);
2884 }
2885
2886 static void hci_sync_conn_complete_evt(struct hci_dev *hdev,
2887                                        struct sk_buff *skb)
2888 {
2889         struct hci_ev_sync_conn_complete *ev = (void *) skb->data;
2890         struct hci_conn *conn;
2891
2892         BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2893
2894         hci_dev_lock(hdev);
2895
2896         conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
2897         if (!conn) {
2898                 if (ev->link_type == ESCO_LINK)
2899                         goto unlock;
2900
2901                 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
2902                 if (!conn)
2903                         goto unlock;
2904
2905                 conn->type = SCO_LINK;
2906         }
2907
2908         switch (ev->status) {
2909         case 0x00:
2910                 conn->handle = __le16_to_cpu(ev->handle);
2911                 conn->state  = BT_CONNECTED;
2912
2913                 hci_conn_hold_device(conn);
2914                 hci_conn_add_sysfs(conn);
2915                 break;
2916
2917         case 0x11:      /* Unsupported Feature or Parameter Value */
2918         case 0x1c:      /* SCO interval rejected */
2919         case 0x1a:      /* Unsupported Remote Feature */
2920         case 0x1f:      /* Unspecified error */
2921                 if (conn->out && conn->attempt < 2) {
2922                         conn->pkt_type = (hdev->esco_type & SCO_ESCO_MASK) |
2923                                         (hdev->esco_type & EDR_ESCO_MASK);
2924                         hci_setup_sync(conn, conn->link->handle);
2925                         goto unlock;
2926                 }
2927                 /* fall through */
2928
2929         default:
2930                 conn->state = BT_CLOSED;
2931                 break;
2932         }
2933
2934         hci_proto_connect_cfm(conn, ev->status);
2935         if (ev->status)
2936                 hci_conn_del(conn);
2937
2938 unlock:
2939         hci_dev_unlock(hdev);
2940 }
2941
2942 static void hci_extended_inquiry_result_evt(struct hci_dev *hdev,
2943                                             struct sk_buff *skb)
2944 {
2945         struct inquiry_data data;
2946         struct extended_inquiry_info *info = (void *) (skb->data + 1);
2947         int num_rsp = *((__u8 *) skb->data);
2948         size_t eir_len;
2949
2950         BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
2951
2952         if (!num_rsp)
2953                 return;
2954
2955         if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags))
2956                 return;
2957
2958         hci_dev_lock(hdev);
2959
2960         for (; num_rsp; num_rsp--, info++) {
2961                 bool name_known, ssp;
2962
2963                 bacpy(&data.bdaddr, &info->bdaddr);
2964                 data.pscan_rep_mode     = info->pscan_rep_mode;
2965                 data.pscan_period_mode  = info->pscan_period_mode;
2966                 data.pscan_mode         = 0x00;
2967                 memcpy(data.dev_class, info->dev_class, 3);
2968                 data.clock_offset       = info->clock_offset;
2969                 data.rssi               = info->rssi;
2970                 data.ssp_mode           = 0x01;
2971
2972                 if (test_bit(HCI_MGMT, &hdev->dev_flags))
2973                         name_known = eir_has_data_type(info->data,
2974                                                        sizeof(info->data),
2975                                                        EIR_NAME_COMPLETE);
2976                 else
2977                         name_known = true;
2978
2979                 name_known = hci_inquiry_cache_update(hdev, &data, name_known,
2980                                                       &ssp);
2981                 eir_len = eir_get_length(info->data, sizeof(info->data));
2982                 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
2983                                   info->dev_class, info->rssi, !name_known,
2984                                   ssp, info->data, eir_len);
2985         }
2986
2987         hci_dev_unlock(hdev);
2988 }
2989
2990 static void hci_key_refresh_complete_evt(struct hci_dev *hdev,
2991                                          struct sk_buff *skb)
2992 {
2993         struct hci_ev_key_refresh_complete *ev = (void *) skb->data;
2994         struct hci_conn *conn;
2995
2996         BT_DBG("%s status 0x%2.2x handle 0x%4.4x", hdev->name, ev->status,
2997                __le16_to_cpu(ev->handle));
2998
2999         hci_dev_lock(hdev);
3000
3001         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
3002         if (!conn)
3003                 goto unlock;
3004
3005         if (!ev->status)
3006                 conn->sec_level = conn->pending_sec_level;
3007
3008         clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
3009
3010         if (ev->status && conn->state == BT_CONNECTED) {
3011                 hci_disconnect(conn, HCI_ERROR_AUTH_FAILURE);
3012                 hci_conn_put(conn);
3013                 goto unlock;
3014         }
3015
3016         if (conn->state == BT_CONFIG) {
3017                 if (!ev->status)
3018                         conn->state = BT_CONNECTED;
3019
3020                 hci_proto_connect_cfm(conn, ev->status);
3021                 hci_conn_put(conn);
3022         } else {
3023                 hci_auth_cfm(conn, ev->status);
3024
3025                 hci_conn_hold(conn);
3026                 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
3027                 hci_conn_put(conn);
3028         }
3029
3030 unlock:
3031         hci_dev_unlock(hdev);
3032 }
3033
3034 static u8 hci_get_auth_req(struct hci_conn *conn)
3035 {
3036         /* If remote requests dedicated bonding follow that lead */
3037         if (conn->remote_auth == 0x02 || conn->remote_auth == 0x03) {
3038                 /* If both remote and local IO capabilities allow MITM
3039                  * protection then require it, otherwise don't */
3040                 if (conn->remote_cap == 0x03 || conn->io_capability == 0x03)
3041                         return 0x02;
3042                 else
3043                         return 0x03;
3044         }
3045
3046         /* If remote requests no-bonding follow that lead */
3047         if (conn->remote_auth == 0x00 || conn->remote_auth == 0x01)
3048                 return conn->remote_auth | (conn->auth_type & 0x01);
3049
3050         return conn->auth_type;
3051 }
3052
3053 static void hci_io_capa_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
3054 {
3055         struct hci_ev_io_capa_request *ev = (void *) skb->data;
3056         struct hci_conn *conn;
3057
3058         BT_DBG("%s", hdev->name);
3059
3060         hci_dev_lock(hdev);
3061
3062         conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3063         if (!conn)
3064                 goto unlock;
3065
3066         hci_conn_hold(conn);
3067
3068         if (!test_bit(HCI_MGMT, &hdev->dev_flags))
3069                 goto unlock;
3070
3071         if (test_bit(HCI_PAIRABLE, &hdev->dev_flags) ||
3072             (conn->remote_auth & ~0x01) == HCI_AT_NO_BONDING) {
3073                 struct hci_cp_io_capability_reply cp;
3074
3075                 bacpy(&cp.bdaddr, &ev->bdaddr);
3076                 /* Change the IO capability from KeyboardDisplay
3077                  * to DisplayYesNo as it is not supported by BT spec. */
3078                 cp.capability = (conn->io_capability == 0x04) ?
3079                                                 0x01 : conn->io_capability;
3080                 conn->auth_type = hci_get_auth_req(conn);
3081                 cp.authentication = conn->auth_type;
3082
3083                 if (hci_find_remote_oob_data(hdev, &conn->dst) &&
3084                     (conn->out || test_bit(HCI_CONN_REMOTE_OOB, &conn->flags)))
3085                         cp.oob_data = 0x01;
3086                 else
3087                         cp.oob_data = 0x00;
3088
3089                 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_REPLY,
3090                              sizeof(cp), &cp);
3091         } else {
3092                 struct hci_cp_io_capability_neg_reply cp;
3093
3094                 bacpy(&cp.bdaddr, &ev->bdaddr);
3095                 cp.reason = HCI_ERROR_PAIRING_NOT_ALLOWED;
3096
3097                 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_NEG_REPLY,
3098                              sizeof(cp), &cp);
3099         }
3100
3101 unlock:
3102         hci_dev_unlock(hdev);
3103 }
3104
3105 static void hci_io_capa_reply_evt(struct hci_dev *hdev, struct sk_buff *skb)
3106 {
3107         struct hci_ev_io_capa_reply *ev = (void *) skb->data;
3108         struct hci_conn *conn;
3109
3110         BT_DBG("%s", hdev->name);
3111
3112         hci_dev_lock(hdev);
3113
3114         conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3115         if (!conn)
3116                 goto unlock;
3117
3118         conn->remote_cap = ev->capability;
3119         conn->remote_auth = ev->authentication;
3120         if (ev->oob_data)
3121                 set_bit(HCI_CONN_REMOTE_OOB, &conn->flags);
3122
3123 unlock:
3124         hci_dev_unlock(hdev);
3125 }
3126
3127 static void hci_user_confirm_request_evt(struct hci_dev *hdev,
3128                                          struct sk_buff *skb)
3129 {
3130         struct hci_ev_user_confirm_req *ev = (void *) skb->data;
3131         int loc_mitm, rem_mitm, confirm_hint = 0;
3132         struct hci_conn *conn;
3133
3134         BT_DBG("%s", hdev->name);
3135
3136         hci_dev_lock(hdev);
3137
3138         if (!test_bit(HCI_MGMT, &hdev->dev_flags))
3139                 goto unlock;
3140
3141         conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3142         if (!conn)
3143                 goto unlock;
3144
3145         loc_mitm = (conn->auth_type & 0x01);
3146         rem_mitm = (conn->remote_auth & 0x01);
3147
3148         /* If we require MITM but the remote device can't provide that
3149          * (it has NoInputNoOutput) then reject the confirmation
3150          * request. The only exception is when we're dedicated bonding
3151          * initiators (connect_cfm_cb set) since then we always have the MITM
3152          * bit set. */
3153         if (!conn->connect_cfm_cb && loc_mitm && conn->remote_cap == 0x03) {
3154                 BT_DBG("Rejecting request: remote device can't provide MITM");
3155                 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_NEG_REPLY,
3156                              sizeof(ev->bdaddr), &ev->bdaddr);
3157                 goto unlock;
3158         }
3159
3160         /* If no side requires MITM protection; auto-accept */
3161         if ((!loc_mitm || conn->remote_cap == 0x03) &&
3162             (!rem_mitm || conn->io_capability == 0x03)) {
3163
3164                 /* If we're not the initiators request authorization to
3165                  * proceed from user space (mgmt_user_confirm with
3166                  * confirm_hint set to 1). */
3167                 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
3168                         BT_DBG("Confirming auto-accept as acceptor");
3169                         confirm_hint = 1;
3170                         goto confirm;
3171                 }
3172
3173                 BT_DBG("Auto-accept of user confirmation with %ums delay",
3174                        hdev->auto_accept_delay);
3175
3176                 if (hdev->auto_accept_delay > 0) {
3177                         int delay = msecs_to_jiffies(hdev->auto_accept_delay);
3178                         mod_timer(&conn->auto_accept_timer, jiffies + delay);
3179                         goto unlock;
3180                 }
3181
3182                 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_REPLY,
3183                              sizeof(ev->bdaddr), &ev->bdaddr);
3184                 goto unlock;
3185         }
3186
3187 confirm:
3188         mgmt_user_confirm_request(hdev, &ev->bdaddr, ACL_LINK, 0, ev->passkey,
3189                                   confirm_hint);
3190
3191 unlock:
3192         hci_dev_unlock(hdev);
3193 }
3194
3195 static void hci_user_passkey_request_evt(struct hci_dev *hdev,
3196                                          struct sk_buff *skb)
3197 {
3198         struct hci_ev_user_passkey_req *ev = (void *) skb->data;
3199
3200         BT_DBG("%s", hdev->name);
3201
3202         if (test_bit(HCI_MGMT, &hdev->dev_flags))
3203                 mgmt_user_passkey_request(hdev, &ev->bdaddr, ACL_LINK, 0);
3204 }
3205
3206 static void hci_user_passkey_notify_evt(struct hci_dev *hdev,
3207                                         struct sk_buff *skb)
3208 {
3209         struct hci_ev_user_passkey_notify *ev = (void *) skb->data;
3210         struct hci_conn *conn;
3211
3212         BT_DBG("%s", hdev->name);
3213
3214         conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3215         if (!conn)
3216                 return;
3217
3218         conn->passkey_notify = __le32_to_cpu(ev->passkey);
3219         conn->passkey_entered = 0;
3220
3221         if (test_bit(HCI_MGMT, &hdev->dev_flags))
3222                 mgmt_user_passkey_notify(hdev, &conn->dst, conn->type,
3223                                          conn->dst_type, conn->passkey_notify,
3224                                          conn->passkey_entered);
3225 }
3226
3227 static void hci_keypress_notify_evt(struct hci_dev *hdev, struct sk_buff *skb)
3228 {
3229         struct hci_ev_keypress_notify *ev = (void *) skb->data;
3230         struct hci_conn *conn;
3231
3232         BT_DBG("%s", hdev->name);
3233
3234         conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3235         if (!conn)
3236                 return;
3237
3238         switch (ev->type) {
3239         case HCI_KEYPRESS_STARTED:
3240                 conn->passkey_entered = 0;
3241                 return;
3242
3243         case HCI_KEYPRESS_ENTERED:
3244                 conn->passkey_entered++;
3245                 break;
3246
3247         case HCI_KEYPRESS_ERASED:
3248                 conn->passkey_entered--;
3249                 break;
3250
3251         case HCI_KEYPRESS_CLEARED:
3252                 conn->passkey_entered = 0;
3253                 break;
3254
3255         case HCI_KEYPRESS_COMPLETED:
3256                 return;
3257         }
3258
3259         if (test_bit(HCI_MGMT, &hdev->dev_flags))
3260                 mgmt_user_passkey_notify(hdev, &conn->dst, conn->type,
3261                                          conn->dst_type, conn->passkey_notify,
3262                                          conn->passkey_entered);
3263 }
3264
3265 static void hci_simple_pair_complete_evt(struct hci_dev *hdev,
3266                                          struct sk_buff *skb)
3267 {
3268         struct hci_ev_simple_pair_complete *ev = (void *) skb->data;
3269         struct hci_conn *conn;
3270
3271         BT_DBG("%s", hdev->name);
3272
3273         hci_dev_lock(hdev);
3274
3275         conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3276         if (!conn)
3277                 goto unlock;
3278
3279         /* To avoid duplicate auth_failed events to user space we check
3280          * the HCI_CONN_AUTH_PEND flag which will be set if we
3281          * initiated the authentication. A traditional auth_complete
3282          * event gets always produced as initiator and is also mapped to
3283          * the mgmt_auth_failed event */
3284         if (!test_bit(HCI_CONN_AUTH_PEND, &conn->flags) && ev->status)
3285                 mgmt_auth_failed(hdev, &conn->dst, conn->type, conn->dst_type,
3286                                  ev->status);
3287
3288         hci_conn_put(conn);
3289
3290 unlock:
3291         hci_dev_unlock(hdev);
3292 }
3293
3294 static void hci_remote_host_features_evt(struct hci_dev *hdev,
3295                                          struct sk_buff *skb)
3296 {
3297         struct hci_ev_remote_host_features *ev = (void *) skb->data;
3298         struct inquiry_entry *ie;
3299
3300         BT_DBG("%s", hdev->name);
3301
3302         hci_dev_lock(hdev);
3303
3304         ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
3305         if (ie)
3306                 ie->data.ssp_mode = (ev->features[0] & LMP_HOST_SSP);
3307
3308         hci_dev_unlock(hdev);
3309 }
3310
3311 static void hci_remote_oob_data_request_evt(struct hci_dev *hdev,
3312                                             struct sk_buff *skb)
3313 {
3314         struct hci_ev_remote_oob_data_request *ev = (void *) skb->data;
3315         struct oob_data *data;
3316
3317         BT_DBG("%s", hdev->name);
3318
3319         hci_dev_lock(hdev);
3320
3321         if (!test_bit(HCI_MGMT, &hdev->dev_flags))
3322                 goto unlock;
3323
3324         data = hci_find_remote_oob_data(hdev, &ev->bdaddr);
3325         if (data) {
3326                 struct hci_cp_remote_oob_data_reply cp;
3327
3328                 bacpy(&cp.bdaddr, &ev->bdaddr);
3329                 memcpy(cp.hash, data->hash, sizeof(cp.hash));
3330                 memcpy(cp.randomizer, data->randomizer, sizeof(cp.randomizer));
3331
3332                 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_REPLY, sizeof(cp),
3333                              &cp);
3334         } else {
3335                 struct hci_cp_remote_oob_data_neg_reply cp;
3336
3337                 bacpy(&cp.bdaddr, &ev->bdaddr);
3338                 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_NEG_REPLY, sizeof(cp),
3339                              &cp);
3340         }
3341
3342 unlock:
3343         hci_dev_unlock(hdev);
3344 }
3345
3346 static void hci_phy_link_complete_evt(struct hci_dev *hdev,
3347                                       struct sk_buff *skb)
3348 {
3349         struct hci_ev_phy_link_complete *ev = (void *) skb->data;
3350         struct hci_conn *hcon, *bredr_hcon;
3351
3352         BT_DBG("%s handle 0x%2.2x status 0x%2.2x", hdev->name, ev->phy_handle,
3353                ev->status);
3354
3355         hci_dev_lock(hdev);
3356
3357         hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
3358         if (!hcon) {
3359                 hci_dev_unlock(hdev);
3360                 return;
3361         }
3362
3363         if (ev->status) {
3364                 hci_conn_del(hcon);
3365                 hci_dev_unlock(hdev);
3366                 return;
3367         }
3368
3369         bredr_hcon = hcon->amp_mgr->l2cap_conn->hcon;
3370
3371         hcon->state = BT_CONNECTED;
3372         bacpy(&hcon->dst, &bredr_hcon->dst);
3373
3374         hci_conn_hold(hcon);
3375         hcon->disc_timeout = HCI_DISCONN_TIMEOUT;
3376         hci_conn_put(hcon);
3377
3378         hci_conn_hold_device(hcon);
3379         hci_conn_add_sysfs(hcon);
3380
3381         amp_physical_cfm(bredr_hcon, hcon);
3382
3383         hci_dev_unlock(hdev);
3384 }
3385
3386 static void hci_loglink_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
3387 {
3388         struct hci_ev_logical_link_complete *ev = (void *) skb->data;
3389         struct hci_conn *hcon;
3390         struct hci_chan *hchan;
3391         struct amp_mgr *mgr;
3392
3393         BT_DBG("%s log_handle 0x%4.4x phy_handle 0x%2.2x status 0x%2.2x",
3394                hdev->name, le16_to_cpu(ev->handle), ev->phy_handle,
3395                ev->status);
3396
3397         hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
3398         if (!hcon)
3399                 return;
3400
3401         /* Create AMP hchan */
3402         hchan = hci_chan_create(hcon);
3403         if (!hchan)
3404                 return;
3405
3406         hchan->handle = le16_to_cpu(ev->handle);
3407
3408         BT_DBG("hcon %p mgr %p hchan %p", hcon, hcon->amp_mgr, hchan);
3409
3410         mgr = hcon->amp_mgr;
3411         if (mgr && mgr->bredr_chan) {
3412                 struct l2cap_chan *bredr_chan = mgr->bredr_chan;
3413
3414                 l2cap_chan_lock(bredr_chan);
3415
3416                 bredr_chan->conn->mtu = hdev->block_mtu;
3417                 l2cap_logical_cfm(bredr_chan, hchan, 0);
3418                 hci_conn_hold(hcon);
3419
3420                 l2cap_chan_unlock(bredr_chan);
3421         }
3422 }
3423
3424 static void hci_disconn_loglink_complete_evt(struct hci_dev *hdev,
3425                                              struct sk_buff *skb)
3426 {
3427         struct hci_ev_disconn_logical_link_complete *ev = (void *) skb->data;
3428         struct hci_chan *hchan;
3429
3430         BT_DBG("%s log handle 0x%4.4x status 0x%2.2x", hdev->name,
3431                le16_to_cpu(ev->handle), ev->status);
3432
3433         if (ev->status)
3434                 return;
3435
3436         hci_dev_lock(hdev);
3437
3438         hchan = hci_chan_lookup_handle(hdev, le16_to_cpu(ev->handle));
3439         if (!hchan)
3440                 goto unlock;
3441
3442         amp_destroy_logical_link(hchan, ev->reason);
3443
3444 unlock:
3445         hci_dev_unlock(hdev);
3446 }
3447
3448 static void hci_disconn_phylink_complete_evt(struct hci_dev *hdev,
3449                                              struct sk_buff *skb)
3450 {
3451         struct hci_ev_disconn_phy_link_complete *ev = (void *) skb->data;
3452         struct hci_conn *hcon;
3453
3454         BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
3455
3456         if (ev->status)
3457                 return;
3458
3459         hci_dev_lock(hdev);
3460
3461         hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
3462         if (hcon) {
3463                 hcon->state = BT_CLOSED;
3464                 hci_conn_del(hcon);
3465         }
3466
3467         hci_dev_unlock(hdev);
3468 }
3469
3470 static void hci_le_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
3471 {
3472         struct hci_ev_le_conn_complete *ev = (void *) skb->data;
3473         struct hci_conn *conn;
3474
3475         BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
3476
3477         hci_dev_lock(hdev);
3478
3479         conn = hci_conn_hash_lookup_state(hdev, LE_LINK, BT_CONNECT);
3480         if (!conn) {
3481                 conn = hci_conn_add(hdev, LE_LINK, &ev->bdaddr);
3482                 if (!conn) {
3483                         BT_ERR("No memory for new connection");
3484                         goto unlock;
3485                 }
3486
3487                 conn->dst_type = ev->bdaddr_type;
3488
3489                 if (ev->role == LE_CONN_ROLE_MASTER) {
3490                         conn->out = true;
3491                         conn->link_mode |= HCI_LM_MASTER;
3492                 }
3493         }
3494
3495         if (ev->status) {
3496                 mgmt_connect_failed(hdev, &conn->dst, conn->type,
3497                                     conn->dst_type, ev->status);
3498                 hci_proto_connect_cfm(conn, ev->status);
3499                 conn->state = BT_CLOSED;
3500                 hci_conn_del(conn);
3501                 goto unlock;
3502         }
3503
3504         if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
3505                 mgmt_device_connected(hdev, &ev->bdaddr, conn->type,
3506                                       conn->dst_type, 0, NULL, 0, NULL);
3507
3508         conn->sec_level = BT_SECURITY_LOW;
3509         conn->handle = __le16_to_cpu(ev->handle);
3510         conn->state = BT_CONNECTED;
3511
3512         hci_conn_hold_device(conn);
3513         hci_conn_add_sysfs(conn);
3514
3515         hci_proto_connect_cfm(conn, ev->status);
3516
3517 unlock:
3518         hci_dev_unlock(hdev);
3519 }
3520
3521 static void hci_le_adv_report_evt(struct hci_dev *hdev, struct sk_buff *skb)
3522 {
3523         u8 num_reports = skb->data[0];
3524         void *ptr = &skb->data[1];
3525         s8 rssi;
3526
3527         while (num_reports--) {
3528                 struct hci_ev_le_advertising_info *ev = ptr;
3529
3530                 rssi = ev->data[ev->length];
3531                 mgmt_device_found(hdev, &ev->bdaddr, LE_LINK, ev->bdaddr_type,
3532                                   NULL, rssi, 0, 1, ev->data, ev->length);
3533
3534                 ptr += sizeof(*ev) + ev->length + 1;
3535         }
3536 }
3537
3538 static void hci_le_ltk_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
3539 {
3540         struct hci_ev_le_ltk_req *ev = (void *) skb->data;
3541         struct hci_cp_le_ltk_reply cp;
3542         struct hci_cp_le_ltk_neg_reply neg;
3543         struct hci_conn *conn;
3544         struct smp_ltk *ltk;
3545
3546         BT_DBG("%s handle 0x%4.4x", hdev->name, __le16_to_cpu(ev->handle));
3547
3548         hci_dev_lock(hdev);
3549
3550         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
3551         if (conn == NULL)
3552                 goto not_found;
3553
3554         ltk = hci_find_ltk(hdev, ev->ediv, ev->random);
3555         if (ltk == NULL)
3556                 goto not_found;
3557
3558         memcpy(cp.ltk, ltk->val, sizeof(ltk->val));
3559         cp.handle = cpu_to_le16(conn->handle);
3560
3561         if (ltk->authenticated)
3562                 conn->sec_level = BT_SECURITY_HIGH;
3563
3564         hci_send_cmd(hdev, HCI_OP_LE_LTK_REPLY, sizeof(cp), &cp);
3565
3566         if (ltk->type & HCI_SMP_STK) {
3567                 list_del(&ltk->list);
3568                 kfree(ltk);
3569         }
3570
3571         hci_dev_unlock(hdev);
3572
3573         return;
3574
3575 not_found:
3576         neg.handle = ev->handle;
3577         hci_send_cmd(hdev, HCI_OP_LE_LTK_NEG_REPLY, sizeof(neg), &neg);
3578         hci_dev_unlock(hdev);
3579 }
3580
3581 static void hci_le_meta_evt(struct hci_dev *hdev, struct sk_buff *skb)
3582 {
3583         struct hci_ev_le_meta *le_ev = (void *) skb->data;
3584
3585         skb_pull(skb, sizeof(*le_ev));
3586
3587         switch (le_ev->subevent) {
3588         case HCI_EV_LE_CONN_COMPLETE:
3589                 hci_le_conn_complete_evt(hdev, skb);
3590                 break;
3591
3592         case HCI_EV_LE_ADVERTISING_REPORT:
3593                 hci_le_adv_report_evt(hdev, skb);
3594                 break;
3595
3596         case HCI_EV_LE_LTK_REQ:
3597                 hci_le_ltk_request_evt(hdev, skb);
3598                 break;
3599
3600         default:
3601                 break;
3602         }
3603 }
3604
3605 static void hci_chan_selected_evt(struct hci_dev *hdev, struct sk_buff *skb)
3606 {
3607         struct hci_ev_channel_selected *ev = (void *) skb->data;
3608         struct hci_conn *hcon;
3609
3610         BT_DBG("%s handle 0x%2.2x", hdev->name, ev->phy_handle);
3611
3612         skb_pull(skb, sizeof(*ev));
3613
3614         hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
3615         if (!hcon)
3616                 return;
3617
3618         amp_read_loc_assoc_final_data(hdev, hcon);
3619 }
3620
3621 void hci_event_packet(struct hci_dev *hdev, struct sk_buff *skb)
3622 {
3623         struct hci_event_hdr *hdr = (void *) skb->data;
3624         __u8 event = hdr->evt;
3625
3626         skb_pull(skb, HCI_EVENT_HDR_SIZE);
3627
3628         switch (event) {
3629         case HCI_EV_INQUIRY_COMPLETE:
3630                 hci_inquiry_complete_evt(hdev, skb);
3631                 break;
3632
3633         case HCI_EV_INQUIRY_RESULT:
3634                 hci_inquiry_result_evt(hdev, skb);
3635                 break;
3636
3637         case HCI_EV_CONN_COMPLETE:
3638                 hci_conn_complete_evt(hdev, skb);
3639                 break;
3640
3641         case HCI_EV_CONN_REQUEST:
3642                 hci_conn_request_evt(hdev, skb);
3643                 break;
3644
3645         case HCI_EV_DISCONN_COMPLETE:
3646                 hci_disconn_complete_evt(hdev, skb);
3647                 break;
3648
3649         case HCI_EV_AUTH_COMPLETE:
3650                 hci_auth_complete_evt(hdev, skb);
3651                 break;
3652
3653         case HCI_EV_REMOTE_NAME:
3654                 hci_remote_name_evt(hdev, skb);
3655                 break;
3656
3657         case HCI_EV_ENCRYPT_CHANGE:
3658                 hci_encrypt_change_evt(hdev, skb);
3659                 break;
3660
3661         case HCI_EV_CHANGE_LINK_KEY_COMPLETE:
3662                 hci_change_link_key_complete_evt(hdev, skb);
3663                 break;
3664
3665         case HCI_EV_REMOTE_FEATURES:
3666                 hci_remote_features_evt(hdev, skb);
3667                 break;
3668
3669         case HCI_EV_CMD_COMPLETE:
3670                 hci_cmd_complete_evt(hdev, skb);
3671                 break;
3672
3673         case HCI_EV_CMD_STATUS:
3674                 hci_cmd_status_evt(hdev, skb);
3675                 break;
3676
3677         case HCI_EV_ROLE_CHANGE:
3678                 hci_role_change_evt(hdev, skb);
3679                 break;
3680
3681         case HCI_EV_NUM_COMP_PKTS:
3682                 hci_num_comp_pkts_evt(hdev, skb);
3683                 break;
3684
3685         case HCI_EV_MODE_CHANGE:
3686                 hci_mode_change_evt(hdev, skb);
3687                 break;
3688
3689         case HCI_EV_PIN_CODE_REQ:
3690                 hci_pin_code_request_evt(hdev, skb);
3691                 break;
3692
3693         case HCI_EV_LINK_KEY_REQ:
3694                 hci_link_key_request_evt(hdev, skb);
3695                 break;
3696
3697         case HCI_EV_LINK_KEY_NOTIFY:
3698                 hci_link_key_notify_evt(hdev, skb);
3699                 break;
3700
3701         case HCI_EV_CLOCK_OFFSET:
3702                 hci_clock_offset_evt(hdev, skb);
3703                 break;
3704
3705         case HCI_EV_PKT_TYPE_CHANGE:
3706                 hci_pkt_type_change_evt(hdev, skb);
3707                 break;
3708
3709         case HCI_EV_PSCAN_REP_MODE:
3710                 hci_pscan_rep_mode_evt(hdev, skb);
3711                 break;
3712
3713         case HCI_EV_INQUIRY_RESULT_WITH_RSSI:
3714                 hci_inquiry_result_with_rssi_evt(hdev, skb);
3715                 break;
3716
3717         case HCI_EV_REMOTE_EXT_FEATURES:
3718                 hci_remote_ext_features_evt(hdev, skb);
3719                 break;
3720
3721         case HCI_EV_SYNC_CONN_COMPLETE:
3722                 hci_sync_conn_complete_evt(hdev, skb);
3723                 break;
3724
3725         case HCI_EV_EXTENDED_INQUIRY_RESULT:
3726                 hci_extended_inquiry_result_evt(hdev, skb);
3727                 break;
3728
3729         case HCI_EV_KEY_REFRESH_COMPLETE:
3730                 hci_key_refresh_complete_evt(hdev, skb);
3731                 break;
3732
3733         case HCI_EV_IO_CAPA_REQUEST:
3734                 hci_io_capa_request_evt(hdev, skb);
3735                 break;
3736
3737         case HCI_EV_IO_CAPA_REPLY:
3738                 hci_io_capa_reply_evt(hdev, skb);
3739                 break;
3740
3741         case HCI_EV_USER_CONFIRM_REQUEST:
3742                 hci_user_confirm_request_evt(hdev, skb);
3743                 break;
3744
3745         case HCI_EV_USER_PASSKEY_REQUEST:
3746                 hci_user_passkey_request_evt(hdev, skb);
3747                 break;
3748
3749         case HCI_EV_USER_PASSKEY_NOTIFY:
3750                 hci_user_passkey_notify_evt(hdev, skb);
3751                 break;
3752
3753         case HCI_EV_KEYPRESS_NOTIFY:
3754                 hci_keypress_notify_evt(hdev, skb);
3755                 break;
3756
3757         case HCI_EV_SIMPLE_PAIR_COMPLETE:
3758                 hci_simple_pair_complete_evt(hdev, skb);
3759                 break;
3760
3761         case HCI_EV_REMOTE_HOST_FEATURES:
3762                 hci_remote_host_features_evt(hdev, skb);
3763                 break;
3764
3765         case HCI_EV_LE_META:
3766                 hci_le_meta_evt(hdev, skb);
3767                 break;
3768
3769         case HCI_EV_CHANNEL_SELECTED:
3770                 hci_chan_selected_evt(hdev, skb);
3771                 break;
3772
3773         case HCI_EV_REMOTE_OOB_DATA_REQUEST:
3774                 hci_remote_oob_data_request_evt(hdev, skb);
3775                 break;
3776
3777         case HCI_EV_PHY_LINK_COMPLETE:
3778                 hci_phy_link_complete_evt(hdev, skb);
3779                 break;
3780
3781         case HCI_EV_LOGICAL_LINK_COMPLETE:
3782                 hci_loglink_complete_evt(hdev, skb);
3783                 break;
3784
3785         case HCI_EV_DISCONN_LOGICAL_LINK_COMPLETE:
3786                 hci_disconn_loglink_complete_evt(hdev, skb);
3787                 break;
3788
3789         case HCI_EV_DISCONN_PHY_LINK_COMPLETE:
3790                 hci_disconn_phylink_complete_evt(hdev, skb);
3791                 break;
3792
3793         case HCI_EV_NUM_COMP_BLOCKS:
3794                 hci_num_comp_blocks_evt(hdev, skb);
3795                 break;
3796
3797         default:
3798                 BT_DBG("%s event 0x%2.2x", hdev->name, event);
3799                 break;
3800         }
3801
3802         kfree_skb(skb);
3803         hdev->stat.evt_rx++;
3804 }
Unnamed repository; edit this file 'description' to name the repository.