projects / firefly-linux-kernel-4.4.55.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Bluetooth: Remove useless HCI_PENDING_CLASS flag
[firefly-linux-kernel-4.4.55.git] / net / bluetooth / hci_event.c
1 /*
2    BlueZ - Bluetooth protocol stack for Linux
3    Copyright (c) 2000-2001, 2010, Code Aurora Forum. All rights reserved.
4
5    Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
6
7    This program is free software; you can redistribute it and/or modify
8    it under the terms of the GNU General Public License version 2 as
9    published by the Free Software Foundation;
10
11    THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12    OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13    FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14    IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15    CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16    WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17    ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18    OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
20    ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21    COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22    SOFTWARE IS DISCLAIMED.
23 */
24
25 /* Bluetooth HCI event handling. */
26
27 #include <asm/unaligned.h>
28
29 #include <net/bluetooth/bluetooth.h>
30 #include <net/bluetooth/hci_core.h>
31 #include <net/bluetooth/mgmt.h>
32 #include <net/bluetooth/a2mp.h>
33 #include <net/bluetooth/amp.h>
34
35 /* Handle HCI Event packets */
36
37 static void hci_cc_inquiry_cancel(struct hci_dev *hdev, struct sk_buff *skb)
38 {
39         __u8 status = *((__u8 *) skb->data);
40
41         BT_DBG("%s status 0x%2.2x", hdev->name, status);
42
43         if (status) {
44                 hci_dev_lock(hdev);
45                 mgmt_stop_discovery_failed(hdev, status);
46                 hci_dev_unlock(hdev);
47                 return;
48         }
49
50         clear_bit(HCI_INQUIRY, &hdev->flags);
51
52         hci_dev_lock(hdev);
53         hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
54         hci_dev_unlock(hdev);
55
56         hci_req_cmd_complete(hdev, HCI_OP_INQUIRY, status);
57
58         hci_conn_check_pending(hdev);
59 }
60
61 static void hci_cc_periodic_inq(struct hci_dev *hdev, struct sk_buff *skb)
62 {
63         __u8 status = *((__u8 *) skb->data);
64
65         BT_DBG("%s status 0x%2.2x", hdev->name, status);
66
67         if (status)
68                 return;
69
70         set_bit(HCI_PERIODIC_INQ, &hdev->dev_flags);
71 }
72
73 static void hci_cc_exit_periodic_inq(struct hci_dev *hdev, struct sk_buff *skb)
74 {
75         __u8 status = *((__u8 *) skb->data);
76
77         BT_DBG("%s status 0x%2.2x", hdev->name, status);
78
79         if (status)
80                 return;
81
82         clear_bit(HCI_PERIODIC_INQ, &hdev->dev_flags);
83
84         hci_conn_check_pending(hdev);
85 }
86
87 static void hci_cc_remote_name_req_cancel(struct hci_dev *hdev,
88                                           struct sk_buff *skb)
89 {
90         BT_DBG("%s", hdev->name);
91 }
92
93 static void hci_cc_role_discovery(struct hci_dev *hdev, struct sk_buff *skb)
94 {
95         struct hci_rp_role_discovery *rp = (void *) skb->data;
96         struct hci_conn *conn;
97
98         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
99
100         if (rp->status)
101                 return;
102
103         hci_dev_lock(hdev);
104
105         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
106         if (conn) {
107                 if (rp->role)
108                         conn->link_mode &= ~HCI_LM_MASTER;
109                 else
110                         conn->link_mode |= HCI_LM_MASTER;
111         }
112
113         hci_dev_unlock(hdev);
114 }
115
116 static void hci_cc_read_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
117 {
118         struct hci_rp_read_link_policy *rp = (void *) skb->data;
119         struct hci_conn *conn;
120
121         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
122
123         if (rp->status)
124                 return;
125
126         hci_dev_lock(hdev);
127
128         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
129         if (conn)
130                 conn->link_policy = __le16_to_cpu(rp->policy);
131
132         hci_dev_unlock(hdev);
133 }
134
135 static void hci_cc_write_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
136 {
137         struct hci_rp_write_link_policy *rp = (void *) skb->data;
138         struct hci_conn *conn;
139         void *sent;
140
141         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
142
143         if (rp->status)
144                 return;
145
146         sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LINK_POLICY);
147         if (!sent)
148                 return;
149
150         hci_dev_lock(hdev);
151
152         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
153         if (conn)
154                 conn->link_policy = get_unaligned_le16(sent + 2);
155
156         hci_dev_unlock(hdev);
157 }
158
159 static void hci_cc_read_def_link_policy(struct hci_dev *hdev,
160                                         struct sk_buff *skb)
161 {
162         struct hci_rp_read_def_link_policy *rp = (void *) skb->data;
163
164         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
165
166         if (rp->status)
167                 return;
168
169         hdev->link_policy = __le16_to_cpu(rp->policy);
170 }
171
172 static void hci_cc_write_def_link_policy(struct hci_dev *hdev,
173                                          struct sk_buff *skb)
174 {
175         __u8 status = *((__u8 *) skb->data);
176         void *sent;
177
178         BT_DBG("%s status 0x%2.2x", hdev->name, status);
179
180         sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_DEF_LINK_POLICY);
181         if (!sent)
182                 return;
183
184         if (!status)
185                 hdev->link_policy = get_unaligned_le16(sent);
186 }
187
188 static void hci_cc_reset(struct hci_dev *hdev, struct sk_buff *skb)
189 {
190         __u8 status = *((__u8 *) skb->data);
191
192         BT_DBG("%s status 0x%2.2x", hdev->name, status);
193
194         clear_bit(HCI_RESET, &hdev->flags);
195
196         /* Reset all non-persistent flags */
197         hdev->dev_flags &= ~(BIT(HCI_LE_SCAN) | BIT(HCI_PERIODIC_INQ));
198
199         hdev->discovery.state = DISCOVERY_STOPPED;
200         hdev->inq_tx_power = HCI_TX_POWER_INVALID;
201         hdev->adv_tx_power = HCI_TX_POWER_INVALID;
202
203         memset(hdev->adv_data, 0, sizeof(hdev->adv_data));
204         hdev->adv_data_len = 0;
205 }
206
207 static void hci_cc_write_local_name(struct hci_dev *hdev, struct sk_buff *skb)
208 {
209         __u8 status = *((__u8 *) skb->data);
210         void *sent;
211
212         BT_DBG("%s status 0x%2.2x", hdev->name, status);
213
214         sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LOCAL_NAME);
215         if (!sent)
216                 return;
217
218         hci_dev_lock(hdev);
219
220         if (test_bit(HCI_MGMT, &hdev->dev_flags))
221                 mgmt_set_local_name_complete(hdev, sent, status);
222         else if (!status)
223                 memcpy(hdev->dev_name, sent, HCI_MAX_NAME_LENGTH);
224
225         hci_dev_unlock(hdev);
226
227         if (!status && !test_bit(HCI_INIT, &hdev->flags))
228                 hci_update_ad(hdev);
229 }
230
231 static void hci_cc_read_local_name(struct hci_dev *hdev, struct sk_buff *skb)
232 {
233         struct hci_rp_read_local_name *rp = (void *) skb->data;
234
235         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
236
237         if (rp->status)
238                 return;
239
240         if (test_bit(HCI_SETUP, &hdev->dev_flags))
241                 memcpy(hdev->dev_name, rp->name, HCI_MAX_NAME_LENGTH);
242 }
243
244 static void hci_cc_write_auth_enable(struct hci_dev *hdev, struct sk_buff *skb)
245 {
246         __u8 status = *((__u8 *) skb->data);
247         void *sent;
248
249         BT_DBG("%s status 0x%2.2x", hdev->name, status);
250
251         sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_AUTH_ENABLE);
252         if (!sent)
253                 return;
254
255         if (!status) {
256                 __u8 param = *((__u8 *) sent);
257
258                 if (param == AUTH_ENABLED)
259                         set_bit(HCI_AUTH, &hdev->flags);
260                 else
261                         clear_bit(HCI_AUTH, &hdev->flags);
262         }
263
264         if (test_bit(HCI_MGMT, &hdev->dev_flags))
265                 mgmt_auth_enable_complete(hdev, status);
266 }
267
268 static void hci_cc_write_encrypt_mode(struct hci_dev *hdev, struct sk_buff *skb)
269 {
270         __u8 status = *((__u8 *) skb->data);
271         void *sent;
272
273         BT_DBG("%s status 0x%2.2x", hdev->name, status);
274
275         sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_ENCRYPT_MODE);
276         if (!sent)
277                 return;
278
279         if (!status) {
280                 __u8 param = *((__u8 *) sent);
281
282                 if (param)
283                         set_bit(HCI_ENCRYPT, &hdev->flags);
284                 else
285                         clear_bit(HCI_ENCRYPT, &hdev->flags);
286         }
287 }
288
289 static void hci_cc_write_scan_enable(struct hci_dev *hdev, struct sk_buff *skb)
290 {
291         __u8 param, status = *((__u8 *) skb->data);
292         int old_pscan, old_iscan;
293         void *sent;
294
295         BT_DBG("%s status 0x%2.2x", hdev->name, status);
296
297         sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SCAN_ENABLE);
298         if (!sent)
299                 return;
300
301         param = *((__u8 *) sent);
302
303         hci_dev_lock(hdev);
304
305         if (status) {
306                 mgmt_write_scan_failed(hdev, param, status);
307                 hdev->discov_timeout = 0;
308                 goto done;
309         }
310
311         old_pscan = test_and_clear_bit(HCI_PSCAN, &hdev->flags);
312         old_iscan = test_and_clear_bit(HCI_ISCAN, &hdev->flags);
313
314         if (param & SCAN_INQUIRY) {
315                 set_bit(HCI_ISCAN, &hdev->flags);
316                 if (!old_iscan)
317                         mgmt_discoverable(hdev, 1);
318                 if (hdev->discov_timeout > 0) {
319                         int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
320                         queue_delayed_work(hdev->workqueue, &hdev->discov_off,
321                                            to);
322                 }
323         } else if (old_iscan)
324                 mgmt_discoverable(hdev, 0);
325
326         if (param & SCAN_PAGE) {
327                 set_bit(HCI_PSCAN, &hdev->flags);
328                 if (!old_pscan)
329                         mgmt_connectable(hdev, 1);
330         } else if (old_pscan)
331                 mgmt_connectable(hdev, 0);
332
333 done:
334         hci_dev_unlock(hdev);
335 }
336
337 static void hci_cc_read_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
338 {
339         struct hci_rp_read_class_of_dev *rp = (void *) skb->data;
340
341         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
342
343         if (rp->status)
344                 return;
345
346         memcpy(hdev->dev_class, rp->dev_class, 3);
347
348         BT_DBG("%s class 0x%.2x%.2x%.2x", hdev->name,
349                hdev->dev_class[2], hdev->dev_class[1], hdev->dev_class[0]);
350 }
351
352 static void hci_cc_write_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
353 {
354         __u8 status = *((__u8 *) skb->data);
355         void *sent;
356
357         BT_DBG("%s status 0x%2.2x", hdev->name, status);
358
359         sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_CLASS_OF_DEV);
360         if (!sent)
361                 return;
362
363         hci_dev_lock(hdev);
364
365         if (status == 0)
366                 memcpy(hdev->dev_class, sent, 3);
367
368         if (test_bit(HCI_MGMT, &hdev->dev_flags))
369                 mgmt_set_class_of_dev_complete(hdev, sent, status);
370
371         hci_dev_unlock(hdev);
372 }
373
374 static void hci_cc_read_voice_setting(struct hci_dev *hdev, struct sk_buff *skb)
375 {
376         struct hci_rp_read_voice_setting *rp = (void *) skb->data;
377         __u16 setting;
378
379         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
380
381         if (rp->status)
382                 return;
383
384         setting = __le16_to_cpu(rp->voice_setting);
385
386         if (hdev->voice_setting == setting)
387                 return;
388
389         hdev->voice_setting = setting;
390
391         BT_DBG("%s voice setting 0x%4.4x", hdev->name, setting);
392
393         if (hdev->notify)
394                 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
395 }
396
397 static void hci_cc_write_voice_setting(struct hci_dev *hdev,
398                                        struct sk_buff *skb)
399 {
400         __u8 status = *((__u8 *) skb->data);
401         __u16 setting;
402         void *sent;
403
404         BT_DBG("%s status 0x%2.2x", hdev->name, status);
405
406         if (status)
407                 return;
408
409         sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_VOICE_SETTING);
410         if (!sent)
411                 return;
412
413         setting = get_unaligned_le16(sent);
414
415         if (hdev->voice_setting == setting)
416                 return;
417
418         hdev->voice_setting = setting;
419
420         BT_DBG("%s voice setting 0x%4.4x", hdev->name, setting);
421
422         if (hdev->notify)
423                 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
424 }
425
426 static void hci_cc_write_ssp_mode(struct hci_dev *hdev, struct sk_buff *skb)
427 {
428         __u8 status = *((__u8 *) skb->data);
429         struct hci_cp_write_ssp_mode *sent;
430
431         BT_DBG("%s status 0x%2.2x", hdev->name, status);
432
433         sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SSP_MODE);
434         if (!sent)
435                 return;
436
437         if (!status) {
438                 if (sent->mode)
439                         hdev->host_features[0] |= LMP_HOST_SSP;
440                 else
441                         hdev->host_features[0] &= ~LMP_HOST_SSP;
442         }
443
444         if (test_bit(HCI_MGMT, &hdev->dev_flags))
445                 mgmt_ssp_enable_complete(hdev, sent->mode, status);
446         else if (!status) {
447                 if (sent->mode)
448                         set_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
449                 else
450                         clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
451         }
452 }
453
454 static void hci_cc_read_local_version(struct hci_dev *hdev, struct sk_buff *skb)
455 {
456         struct hci_rp_read_local_version *rp = (void *) skb->data;
457
458         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
459
460         if (rp->status)
461                 return;
462
463         hdev->hci_ver = rp->hci_ver;
464         hdev->hci_rev = __le16_to_cpu(rp->hci_rev);
465         hdev->lmp_ver = rp->lmp_ver;
466         hdev->manufacturer = __le16_to_cpu(rp->manufacturer);
467         hdev->lmp_subver = __le16_to_cpu(rp->lmp_subver);
468
469         BT_DBG("%s manufacturer 0x%4.4x hci ver %d:%d", hdev->name,
470                hdev->manufacturer, hdev->hci_ver, hdev->hci_rev);
471 }
472
473 static void hci_cc_read_local_commands(struct hci_dev *hdev,
474                                        struct sk_buff *skb)
475 {
476         struct hci_rp_read_local_commands *rp = (void *) skb->data;
477
478         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
479
480         if (!rp->status)
481                 memcpy(hdev->commands, rp->commands, sizeof(hdev->commands));
482 }
483
484 static void hci_cc_read_local_features(struct hci_dev *hdev,
485                                        struct sk_buff *skb)
486 {
487         struct hci_rp_read_local_features *rp = (void *) skb->data;
488
489         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
490
491         if (rp->status)
492                 return;
493
494         memcpy(hdev->features, rp->features, 8);
495
496         /* Adjust default settings according to features
497          * supported by device. */
498
499         if (hdev->features[0] & LMP_3SLOT)
500                 hdev->pkt_type |= (HCI_DM3 | HCI_DH3);
501
502         if (hdev->features[0] & LMP_5SLOT)
503                 hdev->pkt_type |= (HCI_DM5 | HCI_DH5);
504
505         if (hdev->features[1] & LMP_HV2) {
506                 hdev->pkt_type  |= (HCI_HV2);
507                 hdev->esco_type |= (ESCO_HV2);
508         }
509
510         if (hdev->features[1] & LMP_HV3) {
511                 hdev->pkt_type  |= (HCI_HV3);
512                 hdev->esco_type |= (ESCO_HV3);
513         }
514
515         if (lmp_esco_capable(hdev))
516                 hdev->esco_type |= (ESCO_EV3);
517
518         if (hdev->features[4] & LMP_EV4)
519                 hdev->esco_type |= (ESCO_EV4);
520
521         if (hdev->features[4] & LMP_EV5)
522                 hdev->esco_type |= (ESCO_EV5);
523
524         if (hdev->features[5] & LMP_EDR_ESCO_2M)
525                 hdev->esco_type |= (ESCO_2EV3);
526
527         if (hdev->features[5] & LMP_EDR_ESCO_3M)
528                 hdev->esco_type |= (ESCO_3EV3);
529
530         if (hdev->features[5] & LMP_EDR_3S_ESCO)
531                 hdev->esco_type |= (ESCO_2EV5 | ESCO_3EV5);
532
533         BT_DBG("%s features 0x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x", hdev->name,
534                hdev->features[0], hdev->features[1],
535                hdev->features[2], hdev->features[3],
536                hdev->features[4], hdev->features[5],
537                hdev->features[6], hdev->features[7]);
538 }
539
540 static void hci_cc_read_local_ext_features(struct hci_dev *hdev,
541                                            struct sk_buff *skb)
542 {
543         struct hci_rp_read_local_ext_features *rp = (void *) skb->data;
544
545         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
546
547         if (rp->status)
548                 return;
549
550         switch (rp->page) {
551         case 0:
552                 memcpy(hdev->features, rp->features, 8);
553                 break;
554         case 1:
555                 memcpy(hdev->host_features, rp->features, 8);
556                 break;
557         }
558 }
559
560 static void hci_cc_read_flow_control_mode(struct hci_dev *hdev,
561                                           struct sk_buff *skb)
562 {
563         struct hci_rp_read_flow_control_mode *rp = (void *) skb->data;
564
565         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
566
567         if (!rp->status)
568                 hdev->flow_ctl_mode = rp->mode;
569 }
570
571 static void hci_cc_read_buffer_size(struct hci_dev *hdev, struct sk_buff *skb)
572 {
573         struct hci_rp_read_buffer_size *rp = (void *) skb->data;
574
575         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
576
577         if (rp->status)
578                 return;
579
580         hdev->acl_mtu  = __le16_to_cpu(rp->acl_mtu);
581         hdev->sco_mtu  = rp->sco_mtu;
582         hdev->acl_pkts = __le16_to_cpu(rp->acl_max_pkt);
583         hdev->sco_pkts = __le16_to_cpu(rp->sco_max_pkt);
584
585         if (test_bit(HCI_QUIRK_FIXUP_BUFFER_SIZE, &hdev->quirks)) {
586                 hdev->sco_mtu  = 64;
587                 hdev->sco_pkts = 8;
588         }
589
590         hdev->acl_cnt = hdev->acl_pkts;
591         hdev->sco_cnt = hdev->sco_pkts;
592
593         BT_DBG("%s acl mtu %d:%d sco mtu %d:%d", hdev->name, hdev->acl_mtu,
594                hdev->acl_pkts, hdev->sco_mtu, hdev->sco_pkts);
595 }
596
597 static void hci_cc_read_bd_addr(struct hci_dev *hdev, struct sk_buff *skb)
598 {
599         struct hci_rp_read_bd_addr *rp = (void *) skb->data;
600
601         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
602
603         if (!rp->status)
604                 bacpy(&hdev->bdaddr, &rp->bdaddr);
605 }
606
607 static void hci_cc_read_data_block_size(struct hci_dev *hdev,
608                                         struct sk_buff *skb)
609 {
610         struct hci_rp_read_data_block_size *rp = (void *) skb->data;
611
612         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
613
614         if (rp->status)
615                 return;
616
617         hdev->block_mtu = __le16_to_cpu(rp->max_acl_len);
618         hdev->block_len = __le16_to_cpu(rp->block_len);
619         hdev->num_blocks = __le16_to_cpu(rp->num_blocks);
620
621         hdev->block_cnt = hdev->num_blocks;
622
623         BT_DBG("%s blk mtu %d cnt %d len %d", hdev->name, hdev->block_mtu,
624                hdev->block_cnt, hdev->block_len);
625 }
626
627 static void hci_cc_read_local_amp_info(struct hci_dev *hdev,
628                                        struct sk_buff *skb)
629 {
630         struct hci_rp_read_local_amp_info *rp = (void *) skb->data;
631
632         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
633
634         if (rp->status)
635                 goto a2mp_rsp;
636
637         hdev->amp_status = rp->amp_status;
638         hdev->amp_total_bw = __le32_to_cpu(rp->total_bw);
639         hdev->amp_max_bw = __le32_to_cpu(rp->max_bw);
640         hdev->amp_min_latency = __le32_to_cpu(rp->min_latency);
641         hdev->amp_max_pdu = __le32_to_cpu(rp->max_pdu);
642         hdev->amp_type = rp->amp_type;
643         hdev->amp_pal_cap = __le16_to_cpu(rp->pal_cap);
644         hdev->amp_assoc_size = __le16_to_cpu(rp->max_assoc_size);
645         hdev->amp_be_flush_to = __le32_to_cpu(rp->be_flush_to);
646         hdev->amp_max_flush_to = __le32_to_cpu(rp->max_flush_to);
647
648 a2mp_rsp:
649         a2mp_send_getinfo_rsp(hdev);
650 }
651
652 static void hci_cc_read_local_amp_assoc(struct hci_dev *hdev,
653                                         struct sk_buff *skb)
654 {
655         struct hci_rp_read_local_amp_assoc *rp = (void *) skb->data;
656         struct amp_assoc *assoc = &hdev->loc_assoc;
657         size_t rem_len, frag_len;
658
659         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
660
661         if (rp->status)
662                 goto a2mp_rsp;
663
664         frag_len = skb->len - sizeof(*rp);
665         rem_len = __le16_to_cpu(rp->rem_len);
666
667         if (rem_len > frag_len) {
668                 BT_DBG("frag_len %zu rem_len %zu", frag_len, rem_len);
669
670                 memcpy(assoc->data + assoc->offset, rp->frag, frag_len);
671                 assoc->offset += frag_len;
672
673                 /* Read other fragments */
674                 amp_read_loc_assoc_frag(hdev, rp->phy_handle);
675
676                 return;
677         }
678
679         memcpy(assoc->data + assoc->offset, rp->frag, rem_len);
680         assoc->len = assoc->offset + rem_len;
681         assoc->offset = 0;
682
683 a2mp_rsp:
684         /* Send A2MP Rsp when all fragments are received */
685         a2mp_send_getampassoc_rsp(hdev, rp->status);
686         a2mp_send_create_phy_link_req(hdev, rp->status);
687 }
688
689 static void hci_cc_read_inq_rsp_tx_power(struct hci_dev *hdev,
690                                          struct sk_buff *skb)
691 {
692         struct hci_rp_read_inq_rsp_tx_power *rp = (void *) skb->data;
693
694         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
695
696         if (!rp->status)
697                 hdev->inq_tx_power = rp->tx_power;
698 }
699
700 static void hci_cc_pin_code_reply(struct hci_dev *hdev, struct sk_buff *skb)
701 {
702         struct hci_rp_pin_code_reply *rp = (void *) skb->data;
703         struct hci_cp_pin_code_reply *cp;
704         struct hci_conn *conn;
705
706         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
707
708         hci_dev_lock(hdev);
709
710         if (test_bit(HCI_MGMT, &hdev->dev_flags))
711                 mgmt_pin_code_reply_complete(hdev, &rp->bdaddr, rp->status);
712
713         if (rp->status)
714                 goto unlock;
715
716         cp = hci_sent_cmd_data(hdev, HCI_OP_PIN_CODE_REPLY);
717         if (!cp)
718                 goto unlock;
719
720         conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
721         if (conn)
722                 conn->pin_length = cp->pin_len;
723
724 unlock:
725         hci_dev_unlock(hdev);
726 }
727
728 static void hci_cc_pin_code_neg_reply(struct hci_dev *hdev, struct sk_buff *skb)
729 {
730         struct hci_rp_pin_code_neg_reply *rp = (void *) skb->data;
731
732         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
733
734         hci_dev_lock(hdev);
735
736         if (test_bit(HCI_MGMT, &hdev->dev_flags))
737                 mgmt_pin_code_neg_reply_complete(hdev, &rp->bdaddr,
738                                                  rp->status);
739
740         hci_dev_unlock(hdev);
741 }
742
743 static void hci_cc_le_read_buffer_size(struct hci_dev *hdev,
744                                        struct sk_buff *skb)
745 {
746         struct hci_rp_le_read_buffer_size *rp = (void *) skb->data;
747
748         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
749
750         if (rp->status)
751                 return;
752
753         hdev->le_mtu = __le16_to_cpu(rp->le_mtu);
754         hdev->le_pkts = rp->le_max_pkt;
755
756         hdev->le_cnt = hdev->le_pkts;
757
758         BT_DBG("%s le mtu %d:%d", hdev->name, hdev->le_mtu, hdev->le_pkts);
759 }
760
761 static void hci_cc_le_read_local_features(struct hci_dev *hdev,
762                                           struct sk_buff *skb)
763 {
764         struct hci_rp_le_read_local_features *rp = (void *) skb->data;
765
766         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
767
768         if (!rp->status)
769                 memcpy(hdev->le_features, rp->features, 8);
770 }
771
772 static void hci_cc_le_read_adv_tx_power(struct hci_dev *hdev,
773                                         struct sk_buff *skb)
774 {
775         struct hci_rp_le_read_adv_tx_power *rp = (void *) skb->data;
776
777         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
778
779         if (!rp->status) {
780                 hdev->adv_tx_power = rp->tx_power;
781                 if (!test_bit(HCI_INIT, &hdev->flags))
782                         hci_update_ad(hdev);
783         }
784 }
785
786 static void hci_cc_user_confirm_reply(struct hci_dev *hdev, struct sk_buff *skb)
787 {
788         struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
789
790         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
791
792         hci_dev_lock(hdev);
793
794         if (test_bit(HCI_MGMT, &hdev->dev_flags))
795                 mgmt_user_confirm_reply_complete(hdev, &rp->bdaddr, ACL_LINK, 0,
796                                                  rp->status);
797
798         hci_dev_unlock(hdev);
799 }
800
801 static void hci_cc_user_confirm_neg_reply(struct hci_dev *hdev,
802                                           struct sk_buff *skb)
803 {
804         struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
805
806         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
807
808         hci_dev_lock(hdev);
809
810         if (test_bit(HCI_MGMT, &hdev->dev_flags))
811                 mgmt_user_confirm_neg_reply_complete(hdev, &rp->bdaddr,
812                                                      ACL_LINK, 0, rp->status);
813
814         hci_dev_unlock(hdev);
815 }
816
817 static void hci_cc_user_passkey_reply(struct hci_dev *hdev, struct sk_buff *skb)
818 {
819         struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
820
821         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
822
823         hci_dev_lock(hdev);
824
825         if (test_bit(HCI_MGMT, &hdev->dev_flags))
826                 mgmt_user_passkey_reply_complete(hdev, &rp->bdaddr, ACL_LINK,
827                                                  0, rp->status);
828
829         hci_dev_unlock(hdev);
830 }
831
832 static void hci_cc_user_passkey_neg_reply(struct hci_dev *hdev,
833                                           struct sk_buff *skb)
834 {
835         struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
836
837         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
838
839         hci_dev_lock(hdev);
840
841         if (test_bit(HCI_MGMT, &hdev->dev_flags))
842                 mgmt_user_passkey_neg_reply_complete(hdev, &rp->bdaddr,
843                                                      ACL_LINK, 0, rp->status);
844
845         hci_dev_unlock(hdev);
846 }
847
848 static void hci_cc_read_local_oob_data_reply(struct hci_dev *hdev,
849                                              struct sk_buff *skb)
850 {
851         struct hci_rp_read_local_oob_data *rp = (void *) skb->data;
852
853         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
854
855         hci_dev_lock(hdev);
856         mgmt_read_local_oob_data_reply_complete(hdev, rp->hash,
857                                                 rp->randomizer, rp->status);
858         hci_dev_unlock(hdev);
859 }
860
861 static void hci_cc_le_set_adv_enable(struct hci_dev *hdev, struct sk_buff *skb)
862 {
863         __u8 *sent, status = *((__u8 *) skb->data);
864
865         BT_DBG("%s status 0x%2.2x", hdev->name, status);
866
867         sent = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_ADV_ENABLE);
868         if (!sent)
869                 return;
870
871         hci_dev_lock(hdev);
872
873         if (!status) {
874                 if (*sent)
875                         set_bit(HCI_LE_PERIPHERAL, &hdev->dev_flags);
876                 else
877                         clear_bit(HCI_LE_PERIPHERAL, &hdev->dev_flags);
878         }
879
880         hci_dev_unlock(hdev);
881
882         if (!test_bit(HCI_INIT, &hdev->flags))
883                 hci_update_ad(hdev);
884 }
885
886 static void hci_cc_le_set_scan_param(struct hci_dev *hdev, struct sk_buff *skb)
887 {
888         __u8 status = *((__u8 *) skb->data);
889
890         BT_DBG("%s status 0x%2.2x", hdev->name, status);
891
892         if (status) {
893                 hci_dev_lock(hdev);
894                 mgmt_start_discovery_failed(hdev, status);
895                 hci_dev_unlock(hdev);
896                 return;
897         }
898 }
899
900 static void hci_cc_le_set_scan_enable(struct hci_dev *hdev,
901                                       struct sk_buff *skb)
902 {
903         struct hci_cp_le_set_scan_enable *cp;
904         __u8 status = *((__u8 *) skb->data);
905
906         BT_DBG("%s status 0x%2.2x", hdev->name, status);
907
908         cp = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_SCAN_ENABLE);
909         if (!cp)
910                 return;
911
912         switch (cp->enable) {
913         case LE_SCANNING_ENABLED:
914                 if (status) {
915                         hci_dev_lock(hdev);
916                         mgmt_start_discovery_failed(hdev, status);
917                         hci_dev_unlock(hdev);
918                         return;
919                 }
920
921                 set_bit(HCI_LE_SCAN, &hdev->dev_flags);
922
923                 hci_dev_lock(hdev);
924                 hci_discovery_set_state(hdev, DISCOVERY_FINDING);
925                 hci_dev_unlock(hdev);
926                 break;
927
928         case LE_SCANNING_DISABLED:
929                 if (status) {
930                         hci_dev_lock(hdev);
931                         mgmt_stop_discovery_failed(hdev, status);
932                         hci_dev_unlock(hdev);
933                         return;
934                 }
935
936                 clear_bit(HCI_LE_SCAN, &hdev->dev_flags);
937
938                 if (hdev->discovery.type == DISCOV_TYPE_INTERLEAVED &&
939                     hdev->discovery.state == DISCOVERY_FINDING) {
940                         mgmt_interleaved_discovery(hdev);
941                 } else {
942                         hci_dev_lock(hdev);
943                         hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
944                         hci_dev_unlock(hdev);
945                 }
946
947                 break;
948
949         default:
950                 BT_ERR("Used reserved LE_Scan_Enable param %d", cp->enable);
951                 break;
952         }
953 }
954
955 static void hci_cc_le_read_white_list_size(struct hci_dev *hdev,
956                                            struct sk_buff *skb)
957 {
958         struct hci_rp_le_read_white_list_size *rp = (void *) skb->data;
959
960         BT_DBG("%s status 0x%2.2x size %u", hdev->name, rp->status, rp->size);
961
962         if (!rp->status)
963                 hdev->le_white_list_size = rp->size;
964 }
965
966 static void hci_cc_le_read_supported_states(struct hci_dev *hdev,
967                                             struct sk_buff *skb)
968 {
969         struct hci_rp_le_read_supported_states *rp = (void *) skb->data;
970
971         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
972
973         if (!rp->status)
974                 memcpy(hdev->le_states, rp->le_states, 8);
975 }
976
977 static void hci_cc_write_le_host_supported(struct hci_dev *hdev,
978                                            struct sk_buff *skb)
979 {
980         struct hci_cp_write_le_host_supported *sent;
981         __u8 status = *((__u8 *) skb->data);
982
983         BT_DBG("%s status 0x%2.2x", hdev->name, status);
984
985         sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED);
986         if (!sent)
987                 return;
988
989         if (!status) {
990                 if (sent->le)
991                         hdev->host_features[0] |= LMP_HOST_LE;
992                 else
993                         hdev->host_features[0] &= ~LMP_HOST_LE;
994
995                 if (sent->simul)
996                         hdev->host_features[0] |= LMP_HOST_LE_BREDR;
997                 else
998                         hdev->host_features[0] &= ~LMP_HOST_LE_BREDR;
999         }
1000
1001         if (test_bit(HCI_MGMT, &hdev->dev_flags) &&
1002             !test_bit(HCI_INIT, &hdev->flags))
1003                 mgmt_le_enable_complete(hdev, sent->le, status);
1004 }
1005
1006 static void hci_cc_write_remote_amp_assoc(struct hci_dev *hdev,
1007                                           struct sk_buff *skb)
1008 {
1009         struct hci_rp_write_remote_amp_assoc *rp = (void *) skb->data;
1010
1011         BT_DBG("%s status 0x%2.2x phy_handle 0x%2.2x",
1012                hdev->name, rp->status, rp->phy_handle);
1013
1014         if (rp->status)
1015                 return;
1016
1017         amp_write_rem_assoc_continue(hdev, rp->phy_handle);
1018 }
1019
1020 static void hci_cs_inquiry(struct hci_dev *hdev, __u8 status)
1021 {
1022         BT_DBG("%s status 0x%2.2x", hdev->name, status);
1023
1024         if (status) {
1025                 hci_conn_check_pending(hdev);
1026                 hci_dev_lock(hdev);
1027                 if (test_bit(HCI_MGMT, &hdev->dev_flags))
1028                         mgmt_start_discovery_failed(hdev, status);
1029                 hci_dev_unlock(hdev);
1030                 return;
1031         }
1032
1033         set_bit(HCI_INQUIRY, &hdev->flags);
1034
1035         hci_dev_lock(hdev);
1036         hci_discovery_set_state(hdev, DISCOVERY_FINDING);
1037         hci_dev_unlock(hdev);
1038 }
1039
1040 static void hci_cs_create_conn(struct hci_dev *hdev, __u8 status)
1041 {
1042         struct hci_cp_create_conn *cp;
1043         struct hci_conn *conn;
1044
1045         BT_DBG("%s status 0x%2.2x", hdev->name, status);
1046
1047         cp = hci_sent_cmd_data(hdev, HCI_OP_CREATE_CONN);
1048         if (!cp)
1049                 return;
1050
1051         hci_dev_lock(hdev);
1052
1053         conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1054
1055         BT_DBG("%s bdaddr %pMR hcon %p", hdev->name, &cp->bdaddr, conn);
1056
1057         if (status) {
1058                 if (conn && conn->state == BT_CONNECT) {
1059                         if (status != 0x0c || conn->attempt > 2) {
1060                                 conn->state = BT_CLOSED;
1061                                 hci_proto_connect_cfm(conn, status);
1062                                 hci_conn_del(conn);
1063                         } else
1064                                 conn->state = BT_CONNECT2;
1065                 }
1066         } else {
1067                 if (!conn) {
1068                         conn = hci_conn_add(hdev, ACL_LINK, &cp->bdaddr);
1069                         if (conn) {
1070                                 conn->out = true;
1071                                 conn->link_mode |= HCI_LM_MASTER;
1072                         } else
1073                                 BT_ERR("No memory for new connection");
1074                 }
1075         }
1076
1077         hci_dev_unlock(hdev);
1078 }
1079
1080 static void hci_cs_add_sco(struct hci_dev *hdev, __u8 status)
1081 {
1082         struct hci_cp_add_sco *cp;
1083         struct hci_conn *acl, *sco;
1084         __u16 handle;
1085
1086         BT_DBG("%s status 0x%2.2x", hdev->name, status);
1087
1088         if (!status)
1089                 return;
1090
1091         cp = hci_sent_cmd_data(hdev, HCI_OP_ADD_SCO);
1092         if (!cp)
1093                 return;
1094
1095         handle = __le16_to_cpu(cp->handle);
1096
1097         BT_DBG("%s handle 0x%4.4x", hdev->name, handle);
1098
1099         hci_dev_lock(hdev);
1100
1101         acl = hci_conn_hash_lookup_handle(hdev, handle);
1102         if (acl) {
1103                 sco = acl->link;
1104                 if (sco) {
1105                         sco->state = BT_CLOSED;
1106
1107                         hci_proto_connect_cfm(sco, status);
1108                         hci_conn_del(sco);
1109                 }
1110         }
1111
1112         hci_dev_unlock(hdev);
1113 }
1114
1115 static void hci_cs_auth_requested(struct hci_dev *hdev, __u8 status)
1116 {
1117         struct hci_cp_auth_requested *cp;
1118         struct hci_conn *conn;
1119
1120         BT_DBG("%s status 0x%2.2x", hdev->name, status);
1121
1122         if (!status)
1123                 return;
1124
1125         cp = hci_sent_cmd_data(hdev, HCI_OP_AUTH_REQUESTED);
1126         if (!cp)
1127                 return;
1128
1129         hci_dev_lock(hdev);
1130
1131         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1132         if (conn) {
1133                 if (conn->state == BT_CONFIG) {
1134                         hci_proto_connect_cfm(conn, status);
1135                         hci_conn_put(conn);
1136                 }
1137         }
1138
1139         hci_dev_unlock(hdev);
1140 }
1141
1142 static void hci_cs_set_conn_encrypt(struct hci_dev *hdev, __u8 status)
1143 {
1144         struct hci_cp_set_conn_encrypt *cp;
1145         struct hci_conn *conn;
1146
1147         BT_DBG("%s status 0x%2.2x", hdev->name, status);
1148
1149         if (!status)
1150                 return;
1151
1152         cp = hci_sent_cmd_data(hdev, HCI_OP_SET_CONN_ENCRYPT);
1153         if (!cp)
1154                 return;
1155
1156         hci_dev_lock(hdev);
1157
1158         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1159         if (conn) {
1160                 if (conn->state == BT_CONFIG) {
1161                         hci_proto_connect_cfm(conn, status);
1162                         hci_conn_put(conn);
1163                 }
1164         }
1165
1166         hci_dev_unlock(hdev);
1167 }
1168
1169 static int hci_outgoing_auth_needed(struct hci_dev *hdev,
1170                                     struct hci_conn *conn)
1171 {
1172         if (conn->state != BT_CONFIG || !conn->out)
1173                 return 0;
1174
1175         if (conn->pending_sec_level == BT_SECURITY_SDP)
1176                 return 0;
1177
1178         /* Only request authentication for SSP connections or non-SSP
1179          * devices with sec_level HIGH or if MITM protection is requested */
1180         if (!hci_conn_ssp_enabled(conn) && !(conn->auth_type & 0x01) &&
1181             conn->pending_sec_level != BT_SECURITY_HIGH)
1182                 return 0;
1183
1184         return 1;
1185 }
1186
1187 static int hci_resolve_name(struct hci_dev *hdev,
1188                                    struct inquiry_entry *e)
1189 {
1190         struct hci_cp_remote_name_req cp;
1191
1192         memset(&cp, 0, sizeof(cp));
1193
1194         bacpy(&cp.bdaddr, &e->data.bdaddr);
1195         cp.pscan_rep_mode = e->data.pscan_rep_mode;
1196         cp.pscan_mode = e->data.pscan_mode;
1197         cp.clock_offset = e->data.clock_offset;
1198
1199         return hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
1200 }
1201
1202 static bool hci_resolve_next_name(struct hci_dev *hdev)
1203 {
1204         struct discovery_state *discov = &hdev->discovery;
1205         struct inquiry_entry *e;
1206
1207         if (list_empty(&discov->resolve))
1208                 return false;
1209
1210         e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_NEEDED);
1211         if (!e)
1212                 return false;
1213
1214         if (hci_resolve_name(hdev, e) == 0) {
1215                 e->name_state = NAME_PENDING;
1216                 return true;
1217         }
1218
1219         return false;
1220 }
1221
1222 static void hci_check_pending_name(struct hci_dev *hdev, struct hci_conn *conn,
1223                                    bdaddr_t *bdaddr, u8 *name, u8 name_len)
1224 {
1225         struct discovery_state *discov = &hdev->discovery;
1226         struct inquiry_entry *e;
1227
1228         if (conn && !test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
1229                 mgmt_device_connected(hdev, bdaddr, ACL_LINK, 0x00, 0, name,
1230                                       name_len, conn->dev_class);
1231
1232         if (discov->state == DISCOVERY_STOPPED)
1233                 return;
1234
1235         if (discov->state == DISCOVERY_STOPPING)
1236                 goto discov_complete;
1237
1238         if (discov->state != DISCOVERY_RESOLVING)
1239                 return;
1240
1241         e = hci_inquiry_cache_lookup_resolve(hdev, bdaddr, NAME_PENDING);
1242         /* If the device was not found in a list of found devices names of which
1243          * are pending. there is no need to continue resolving a next name as it
1244          * will be done upon receiving another Remote Name Request Complete
1245          * Event */
1246         if (!e)
1247                 return;
1248
1249         list_del(&e->list);
1250         if (name) {
1251                 e->name_state = NAME_KNOWN;
1252                 mgmt_remote_name(hdev, bdaddr, ACL_LINK, 0x00,
1253                                  e->data.rssi, name, name_len);
1254         } else {
1255                 e->name_state = NAME_NOT_KNOWN;
1256         }
1257
1258         if (hci_resolve_next_name(hdev))
1259                 return;
1260
1261 discov_complete:
1262         hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1263 }
1264
1265 static void hci_cs_remote_name_req(struct hci_dev *hdev, __u8 status)
1266 {
1267         struct hci_cp_remote_name_req *cp;
1268         struct hci_conn *conn;
1269
1270         BT_DBG("%s status 0x%2.2x", hdev->name, status);
1271
1272         /* If successful wait for the name req complete event before
1273          * checking for the need to do authentication */
1274         if (!status)
1275                 return;
1276
1277         cp = hci_sent_cmd_data(hdev, HCI_OP_REMOTE_NAME_REQ);
1278         if (!cp)
1279                 return;
1280
1281         hci_dev_lock(hdev);
1282
1283         conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1284
1285         if (test_bit(HCI_MGMT, &hdev->dev_flags))
1286                 hci_check_pending_name(hdev, conn, &cp->bdaddr, NULL, 0);
1287
1288         if (!conn)
1289                 goto unlock;
1290
1291         if (!hci_outgoing_auth_needed(hdev, conn))
1292                 goto unlock;
1293
1294         if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
1295                 struct hci_cp_auth_requested cp;
1296                 cp.handle = __cpu_to_le16(conn->handle);
1297                 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp);
1298         }
1299
1300 unlock:
1301         hci_dev_unlock(hdev);
1302 }
1303
1304 static void hci_cs_read_remote_features(struct hci_dev *hdev, __u8 status)
1305 {
1306         struct hci_cp_read_remote_features *cp;
1307         struct hci_conn *conn;
1308
1309         BT_DBG("%s status 0x%2.2x", hdev->name, status);
1310
1311         if (!status)
1312                 return;
1313
1314         cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_FEATURES);
1315         if (!cp)
1316                 return;
1317
1318         hci_dev_lock(hdev);
1319
1320         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1321         if (conn) {
1322                 if (conn->state == BT_CONFIG) {
1323                         hci_proto_connect_cfm(conn, status);
1324                         hci_conn_put(conn);
1325                 }
1326         }
1327
1328         hci_dev_unlock(hdev);
1329 }
1330
1331 static void hci_cs_read_remote_ext_features(struct hci_dev *hdev, __u8 status)
1332 {
1333         struct hci_cp_read_remote_ext_features *cp;
1334         struct hci_conn *conn;
1335
1336         BT_DBG("%s status 0x%2.2x", hdev->name, status);
1337
1338         if (!status)
1339                 return;
1340
1341         cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES);
1342         if (!cp)
1343                 return;
1344
1345         hci_dev_lock(hdev);
1346
1347         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1348         if (conn) {
1349                 if (conn->state == BT_CONFIG) {
1350                         hci_proto_connect_cfm(conn, status);
1351                         hci_conn_put(conn);
1352                 }
1353         }
1354
1355         hci_dev_unlock(hdev);
1356 }
1357
1358 static void hci_cs_setup_sync_conn(struct hci_dev *hdev, __u8 status)
1359 {
1360         struct hci_cp_setup_sync_conn *cp;
1361         struct hci_conn *acl, *sco;
1362         __u16 handle;
1363
1364         BT_DBG("%s status 0x%2.2x", hdev->name, status);
1365
1366         if (!status)
1367                 return;
1368
1369         cp = hci_sent_cmd_data(hdev, HCI_OP_SETUP_SYNC_CONN);
1370         if (!cp)
1371                 return;
1372
1373         handle = __le16_to_cpu(cp->handle);
1374
1375         BT_DBG("%s handle 0x%4.4x", hdev->name, handle);
1376
1377         hci_dev_lock(hdev);
1378
1379         acl = hci_conn_hash_lookup_handle(hdev, handle);
1380         if (acl) {
1381                 sco = acl->link;
1382                 if (sco) {
1383                         sco->state = BT_CLOSED;
1384
1385                         hci_proto_connect_cfm(sco, status);
1386                         hci_conn_del(sco);
1387                 }
1388         }
1389
1390         hci_dev_unlock(hdev);
1391 }
1392
1393 static void hci_cs_sniff_mode(struct hci_dev *hdev, __u8 status)
1394 {
1395         struct hci_cp_sniff_mode *cp;
1396         struct hci_conn *conn;
1397
1398         BT_DBG("%s status 0x%2.2x", hdev->name, status);
1399
1400         if (!status)
1401                 return;
1402
1403         cp = hci_sent_cmd_data(hdev, HCI_OP_SNIFF_MODE);
1404         if (!cp)
1405                 return;
1406
1407         hci_dev_lock(hdev);
1408
1409         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1410         if (conn) {
1411                 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags);
1412
1413                 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
1414                         hci_sco_setup(conn, status);
1415         }
1416
1417         hci_dev_unlock(hdev);
1418 }
1419
1420 static void hci_cs_exit_sniff_mode(struct hci_dev *hdev, __u8 status)
1421 {
1422         struct hci_cp_exit_sniff_mode *cp;
1423         struct hci_conn *conn;
1424
1425         BT_DBG("%s status 0x%2.2x", hdev->name, status);
1426
1427         if (!status)
1428                 return;
1429
1430         cp = hci_sent_cmd_data(hdev, HCI_OP_EXIT_SNIFF_MODE);
1431         if (!cp)
1432                 return;
1433
1434         hci_dev_lock(hdev);
1435
1436         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1437         if (conn) {
1438                 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags);
1439
1440                 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
1441                         hci_sco_setup(conn, status);
1442         }
1443
1444         hci_dev_unlock(hdev);
1445 }
1446
1447 static void hci_cs_disconnect(struct hci_dev *hdev, u8 status)
1448 {
1449         struct hci_cp_disconnect *cp;
1450         struct hci_conn *conn;
1451
1452         if (!status)
1453                 return;
1454
1455         cp = hci_sent_cmd_data(hdev, HCI_OP_DISCONNECT);
1456         if (!cp)
1457                 return;
1458
1459         hci_dev_lock(hdev);
1460
1461         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1462         if (conn)
1463                 mgmt_disconnect_failed(hdev, &conn->dst, conn->type,
1464                                        conn->dst_type, status);
1465
1466         hci_dev_unlock(hdev);
1467 }
1468
1469 static void hci_cs_le_create_conn(struct hci_dev *hdev, __u8 status)
1470 {
1471         struct hci_conn *conn;
1472
1473         BT_DBG("%s status 0x%2.2x", hdev->name, status);
1474
1475         if (status) {
1476                 hci_dev_lock(hdev);
1477
1478                 conn = hci_conn_hash_lookup_state(hdev, LE_LINK, BT_CONNECT);
1479                 if (!conn) {
1480                         hci_dev_unlock(hdev);
1481                         return;
1482                 }
1483
1484                 BT_DBG("%s bdaddr %pMR conn %p", hdev->name, &conn->dst, conn);
1485
1486                 conn->state = BT_CLOSED;
1487                 mgmt_connect_failed(hdev, &conn->dst, conn->type,
1488                                     conn->dst_type, status);
1489                 hci_proto_connect_cfm(conn, status);
1490                 hci_conn_del(conn);
1491
1492                 hci_dev_unlock(hdev);
1493         }
1494 }
1495
1496 static void hci_cs_create_phylink(struct hci_dev *hdev, u8 status)
1497 {
1498         struct hci_cp_create_phy_link *cp;
1499
1500         BT_DBG("%s status 0x%2.2x", hdev->name, status);
1501
1502         cp = hci_sent_cmd_data(hdev, HCI_OP_CREATE_PHY_LINK);
1503         if (!cp)
1504                 return;
1505
1506         hci_dev_lock(hdev);
1507
1508         if (status) {
1509                 struct hci_conn *hcon;
1510
1511                 hcon = hci_conn_hash_lookup_handle(hdev, cp->phy_handle);
1512                 if (hcon)
1513                         hci_conn_del(hcon);
1514         } else {
1515                 amp_write_remote_assoc(hdev, cp->phy_handle);
1516         }
1517
1518         hci_dev_unlock(hdev);
1519 }
1520
1521 static void hci_cs_accept_phylink(struct hci_dev *hdev, u8 status)
1522 {
1523         struct hci_cp_accept_phy_link *cp;
1524
1525         BT_DBG("%s status 0x%2.2x", hdev->name, status);
1526
1527         if (status)
1528                 return;
1529
1530         cp = hci_sent_cmd_data(hdev, HCI_OP_ACCEPT_PHY_LINK);
1531         if (!cp)
1532                 return;
1533
1534         amp_write_remote_assoc(hdev, cp->phy_handle);
1535 }
1536
1537 static void hci_inquiry_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1538 {
1539         __u8 status = *((__u8 *) skb->data);
1540         struct discovery_state *discov = &hdev->discovery;
1541         struct inquiry_entry *e;
1542
1543         BT_DBG("%s status 0x%2.2x", hdev->name, status);
1544
1545         hci_req_cmd_complete(hdev, HCI_OP_INQUIRY, status);
1546
1547         hci_conn_check_pending(hdev);
1548
1549         if (!test_and_clear_bit(HCI_INQUIRY, &hdev->flags))
1550                 return;
1551
1552         if (!test_bit(HCI_MGMT, &hdev->dev_flags))
1553                 return;
1554
1555         hci_dev_lock(hdev);
1556
1557         if (discov->state != DISCOVERY_FINDING)
1558                 goto unlock;
1559
1560         if (list_empty(&discov->resolve)) {
1561                 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1562                 goto unlock;
1563         }
1564
1565         e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_NEEDED);
1566         if (e && hci_resolve_name(hdev, e) == 0) {
1567                 e->name_state = NAME_PENDING;
1568                 hci_discovery_set_state(hdev, DISCOVERY_RESOLVING);
1569         } else {
1570                 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1571         }
1572
1573 unlock:
1574         hci_dev_unlock(hdev);
1575 }
1576
1577 static void hci_inquiry_result_evt(struct hci_dev *hdev, struct sk_buff *skb)
1578 {
1579         struct inquiry_data data;
1580         struct inquiry_info *info = (void *) (skb->data + 1);
1581         int num_rsp = *((__u8 *) skb->data);
1582
1583         BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
1584
1585         if (!num_rsp)
1586                 return;
1587
1588         if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags))
1589                 return;
1590
1591         hci_dev_lock(hdev);
1592
1593         for (; num_rsp; num_rsp--, info++) {
1594                 bool name_known, ssp;
1595
1596                 bacpy(&data.bdaddr, &info->bdaddr);
1597                 data.pscan_rep_mode     = info->pscan_rep_mode;
1598                 data.pscan_period_mode  = info->pscan_period_mode;
1599                 data.pscan_mode         = info->pscan_mode;
1600                 memcpy(data.dev_class, info->dev_class, 3);
1601                 data.clock_offset       = info->clock_offset;
1602                 data.rssi               = 0x00;
1603                 data.ssp_mode           = 0x00;
1604
1605                 name_known = hci_inquiry_cache_update(hdev, &data, false, &ssp);
1606                 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
1607                                   info->dev_class, 0, !name_known, ssp, NULL,
1608                                   0);
1609         }
1610
1611         hci_dev_unlock(hdev);
1612 }
1613
1614 static void hci_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1615 {
1616         struct hci_ev_conn_complete *ev = (void *) skb->data;
1617         struct hci_conn *conn;
1618
1619         BT_DBG("%s", hdev->name);
1620
1621         hci_dev_lock(hdev);
1622
1623         conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
1624         if (!conn) {
1625                 if (ev->link_type != SCO_LINK)
1626                         goto unlock;
1627
1628                 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
1629                 if (!conn)
1630                         goto unlock;
1631
1632                 conn->type = SCO_LINK;
1633         }
1634
1635         if (!ev->status) {
1636                 conn->handle = __le16_to_cpu(ev->handle);
1637
1638                 if (conn->type == ACL_LINK) {
1639                         conn->state = BT_CONFIG;
1640                         hci_conn_hold(conn);
1641
1642                         if (!conn->out && !hci_conn_ssp_enabled(conn) &&
1643                             !hci_find_link_key(hdev, &ev->bdaddr))
1644                                 conn->disc_timeout = HCI_PAIRING_TIMEOUT;
1645                         else
1646                                 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
1647                 } else
1648                         conn->state = BT_CONNECTED;
1649
1650                 hci_conn_hold_device(conn);
1651                 hci_conn_add_sysfs(conn);
1652
1653                 if (test_bit(HCI_AUTH, &hdev->flags))
1654                         conn->link_mode |= HCI_LM_AUTH;
1655
1656                 if (test_bit(HCI_ENCRYPT, &hdev->flags))
1657                         conn->link_mode |= HCI_LM_ENCRYPT;
1658
1659                 /* Get remote features */
1660                 if (conn->type == ACL_LINK) {
1661                         struct hci_cp_read_remote_features cp;
1662                         cp.handle = ev->handle;
1663                         hci_send_cmd(hdev, HCI_OP_READ_REMOTE_FEATURES,
1664                                      sizeof(cp), &cp);
1665                 }
1666
1667                 /* Set packet type for incoming connection */
1668                 if (!conn->out && hdev->hci_ver < BLUETOOTH_VER_2_0) {
1669                         struct hci_cp_change_conn_ptype cp;
1670                         cp.handle = ev->handle;
1671                         cp.pkt_type = cpu_to_le16(conn->pkt_type);
1672                         hci_send_cmd(hdev, HCI_OP_CHANGE_CONN_PTYPE, sizeof(cp),
1673                                      &cp);
1674                 }
1675         } else {
1676                 conn->state = BT_CLOSED;
1677                 if (conn->type == ACL_LINK)
1678                         mgmt_connect_failed(hdev, &ev->bdaddr, conn->type,
1679                                             conn->dst_type, ev->status);
1680         }
1681
1682         if (conn->type == ACL_LINK)
1683                 hci_sco_setup(conn, ev->status);
1684
1685         if (ev->status) {
1686                 hci_proto_connect_cfm(conn, ev->status);
1687                 hci_conn_del(conn);
1688         } else if (ev->link_type != ACL_LINK)
1689                 hci_proto_connect_cfm(conn, ev->status);
1690
1691 unlock:
1692         hci_dev_unlock(hdev);
1693
1694         hci_conn_check_pending(hdev);
1695 }
1696
1697 void hci_conn_accept(struct hci_conn *conn, int mask)
1698 {
1699         struct hci_dev *hdev = conn->hdev;
1700
1701         BT_DBG("conn %p", conn);
1702
1703         conn->state = BT_CONFIG;
1704
1705         if (!lmp_esco_capable(hdev)) {
1706                 struct hci_cp_accept_conn_req cp;
1707
1708                 bacpy(&cp.bdaddr, &conn->dst);
1709
1710                 if (lmp_rswitch_capable(hdev) && (mask & HCI_LM_MASTER))
1711                         cp.role = 0x00; /* Become master */
1712                 else
1713                         cp.role = 0x01; /* Remain slave */
1714
1715                 hci_send_cmd(hdev, HCI_OP_ACCEPT_CONN_REQ, sizeof(cp), &cp);
1716         } else /* lmp_esco_capable(hdev)) */ {
1717                 struct hci_cp_accept_sync_conn_req cp;
1718
1719                 bacpy(&cp.bdaddr, &conn->dst);
1720                 cp.pkt_type = cpu_to_le16(conn->pkt_type);
1721
1722                 cp.tx_bandwidth   = __constant_cpu_to_le32(0x00001f40);
1723                 cp.rx_bandwidth   = __constant_cpu_to_le32(0x00001f40);
1724                 cp.max_latency    = __constant_cpu_to_le16(0xffff);
1725                 cp.content_format = cpu_to_le16(hdev->voice_setting);
1726                 cp.retrans_effort = 0xff;
1727
1728                 hci_send_cmd(hdev, HCI_OP_ACCEPT_SYNC_CONN_REQ,
1729                              sizeof(cp), &cp);
1730         }
1731 }
1732
1733 static void hci_conn_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
1734 {
1735         struct hci_ev_conn_request *ev = (void *) skb->data;
1736         int mask = hdev->link_mode;
1737         __u8 flags = 0;
1738
1739         BT_DBG("%s bdaddr %pMR type 0x%x", hdev->name, &ev->bdaddr,
1740                ev->link_type);
1741
1742         mask |= hci_proto_connect_ind(hdev, &ev->bdaddr, ev->link_type,
1743                                       &flags);
1744
1745         if ((mask & HCI_LM_ACCEPT) &&
1746             !hci_blacklist_lookup(hdev, &ev->bdaddr)) {
1747                 /* Connection accepted */
1748                 struct inquiry_entry *ie;
1749                 struct hci_conn *conn;
1750
1751                 hci_dev_lock(hdev);
1752
1753                 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
1754                 if (ie)
1755                         memcpy(ie->data.dev_class, ev->dev_class, 3);
1756
1757                 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type,
1758                                                &ev->bdaddr);
1759                 if (!conn) {
1760                         conn = hci_conn_add(hdev, ev->link_type, &ev->bdaddr);
1761                         if (!conn) {
1762                                 BT_ERR("No memory for new connection");
1763                                 hci_dev_unlock(hdev);
1764                                 return;
1765                         }
1766                 }
1767
1768                 memcpy(conn->dev_class, ev->dev_class, 3);
1769
1770                 hci_dev_unlock(hdev);
1771
1772                 if (ev->link_type == ACL_LINK ||
1773                     (!(flags & HCI_PROTO_DEFER) && !lmp_esco_capable(hdev))) {
1774                         struct hci_cp_accept_conn_req cp;
1775                         conn->state = BT_CONNECT;
1776
1777                         bacpy(&cp.bdaddr, &ev->bdaddr);
1778
1779                         if (lmp_rswitch_capable(hdev) && (mask & HCI_LM_MASTER))
1780                                 cp.role = 0x00; /* Become master */
1781                         else
1782                                 cp.role = 0x01; /* Remain slave */
1783
1784                         hci_send_cmd(hdev, HCI_OP_ACCEPT_CONN_REQ, sizeof(cp),
1785                                      &cp);
1786                 } else if (!(flags & HCI_PROTO_DEFER)) {
1787                         struct hci_cp_accept_sync_conn_req cp;
1788                         conn->state = BT_CONNECT;
1789
1790                         bacpy(&cp.bdaddr, &ev->bdaddr);
1791                         cp.pkt_type = cpu_to_le16(conn->pkt_type);
1792
1793                         cp.tx_bandwidth   = __constant_cpu_to_le32(0x00001f40);
1794                         cp.rx_bandwidth   = __constant_cpu_to_le32(0x00001f40);
1795                         cp.max_latency    = __constant_cpu_to_le16(0xffff);
1796                         cp.content_format = cpu_to_le16(hdev->voice_setting);
1797                         cp.retrans_effort = 0xff;
1798
1799                         hci_send_cmd(hdev, HCI_OP_ACCEPT_SYNC_CONN_REQ,
1800                                      sizeof(cp), &cp);
1801                 } else {
1802                         conn->state = BT_CONNECT2;
1803                         hci_proto_connect_cfm(conn, 0);
1804                         hci_conn_put(conn);
1805                 }
1806         } else {
1807                 /* Connection rejected */
1808                 struct hci_cp_reject_conn_req cp;
1809
1810                 bacpy(&cp.bdaddr, &ev->bdaddr);
1811                 cp.reason = HCI_ERROR_REJ_BAD_ADDR;
1812                 hci_send_cmd(hdev, HCI_OP_REJECT_CONN_REQ, sizeof(cp), &cp);
1813         }
1814 }
1815
1816 static u8 hci_to_mgmt_reason(u8 err)
1817 {
1818         switch (err) {
1819         case HCI_ERROR_CONNECTION_TIMEOUT:
1820                 return MGMT_DEV_DISCONN_TIMEOUT;
1821         case HCI_ERROR_REMOTE_USER_TERM:
1822         case HCI_ERROR_REMOTE_LOW_RESOURCES:
1823         case HCI_ERROR_REMOTE_POWER_OFF:
1824                 return MGMT_DEV_DISCONN_REMOTE;
1825         case HCI_ERROR_LOCAL_HOST_TERM:
1826                 return MGMT_DEV_DISCONN_LOCAL_HOST;
1827         default:
1828                 return MGMT_DEV_DISCONN_UNKNOWN;
1829         }
1830 }
1831
1832 static void hci_disconn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1833 {
1834         struct hci_ev_disconn_complete *ev = (void *) skb->data;
1835         struct hci_conn *conn;
1836
1837         BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
1838
1839         hci_dev_lock(hdev);
1840
1841         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1842         if (!conn)
1843                 goto unlock;
1844
1845         if (ev->status == 0)
1846                 conn->state = BT_CLOSED;
1847
1848         if (test_and_clear_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags) &&
1849             (conn->type == ACL_LINK || conn->type == LE_LINK)) {
1850                 if (ev->status) {
1851                         mgmt_disconnect_failed(hdev, &conn->dst, conn->type,
1852                                                conn->dst_type, ev->status);
1853                 } else {
1854                         u8 reason = hci_to_mgmt_reason(ev->reason);
1855
1856                         mgmt_device_disconnected(hdev, &conn->dst, conn->type,
1857                                                  conn->dst_type, reason);
1858                 }
1859         }
1860
1861         if (ev->status == 0) {
1862                 if (conn->type == ACL_LINK && conn->flush_key)
1863                         hci_remove_link_key(hdev, &conn->dst);
1864                 hci_proto_disconn_cfm(conn, ev->reason);
1865                 hci_conn_del(conn);
1866         }
1867
1868 unlock:
1869         hci_dev_unlock(hdev);
1870 }
1871
1872 static void hci_auth_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1873 {
1874         struct hci_ev_auth_complete *ev = (void *) skb->data;
1875         struct hci_conn *conn;
1876
1877         BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
1878
1879         hci_dev_lock(hdev);
1880
1881         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1882         if (!conn)
1883                 goto unlock;
1884
1885         if (!ev->status) {
1886                 if (!hci_conn_ssp_enabled(conn) &&
1887                     test_bit(HCI_CONN_REAUTH_PEND, &conn->flags)) {
1888                         BT_INFO("re-auth of legacy device is not possible.");
1889                 } else {
1890                         conn->link_mode |= HCI_LM_AUTH;
1891                         conn->sec_level = conn->pending_sec_level;
1892                 }
1893         } else {
1894                 mgmt_auth_failed(hdev, &conn->dst, conn->type, conn->dst_type,
1895                                  ev->status);
1896         }
1897
1898         clear_bit(HCI_CONN_AUTH_PEND, &conn->flags);
1899         clear_bit(HCI_CONN_REAUTH_PEND, &conn->flags);
1900
1901         if (conn->state == BT_CONFIG) {
1902                 if (!ev->status && hci_conn_ssp_enabled(conn)) {
1903                         struct hci_cp_set_conn_encrypt cp;
1904                         cp.handle  = ev->handle;
1905                         cp.encrypt = 0x01;
1906                         hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
1907                                      &cp);
1908                 } else {
1909                         conn->state = BT_CONNECTED;
1910                         hci_proto_connect_cfm(conn, ev->status);
1911                         hci_conn_put(conn);
1912                 }
1913         } else {
1914                 hci_auth_cfm(conn, ev->status);
1915
1916                 hci_conn_hold(conn);
1917                 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
1918                 hci_conn_put(conn);
1919         }
1920
1921         if (test_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags)) {
1922                 if (!ev->status) {
1923                         struct hci_cp_set_conn_encrypt cp;
1924                         cp.handle  = ev->handle;
1925                         cp.encrypt = 0x01;
1926                         hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
1927                                      &cp);
1928                 } else {
1929                         clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
1930                         hci_encrypt_cfm(conn, ev->status, 0x00);
1931                 }
1932         }
1933
1934 unlock:
1935         hci_dev_unlock(hdev);
1936 }
1937
1938 static void hci_remote_name_evt(struct hci_dev *hdev, struct sk_buff *skb)
1939 {
1940         struct hci_ev_remote_name *ev = (void *) skb->data;
1941         struct hci_conn *conn;
1942
1943         BT_DBG("%s", hdev->name);
1944
1945         hci_conn_check_pending(hdev);
1946
1947         hci_dev_lock(hdev);
1948
1949         conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
1950
1951         if (!test_bit(HCI_MGMT, &hdev->dev_flags))
1952                 goto check_auth;
1953
1954         if (ev->status == 0)
1955                 hci_check_pending_name(hdev, conn, &ev->bdaddr, ev->name,
1956                                        strnlen(ev->name, HCI_MAX_NAME_LENGTH));
1957         else
1958                 hci_check_pending_name(hdev, conn, &ev->bdaddr, NULL, 0);
1959
1960 check_auth:
1961         if (!conn)
1962                 goto unlock;
1963
1964         if (!hci_outgoing_auth_needed(hdev, conn))
1965                 goto unlock;
1966
1967         if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
1968                 struct hci_cp_auth_requested cp;
1969                 cp.handle = __cpu_to_le16(conn->handle);
1970                 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp);
1971         }
1972
1973 unlock:
1974         hci_dev_unlock(hdev);
1975 }
1976
1977 static void hci_encrypt_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
1978 {
1979         struct hci_ev_encrypt_change *ev = (void *) skb->data;
1980         struct hci_conn *conn;
1981
1982         BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
1983
1984         hci_dev_lock(hdev);
1985
1986         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1987         if (conn) {
1988                 if (!ev->status) {
1989                         if (ev->encrypt) {
1990                                 /* Encryption implies authentication */
1991                                 conn->link_mode |= HCI_LM_AUTH;
1992                                 conn->link_mode |= HCI_LM_ENCRYPT;
1993                                 conn->sec_level = conn->pending_sec_level;
1994                         } else
1995                                 conn->link_mode &= ~HCI_LM_ENCRYPT;
1996                 }
1997
1998                 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
1999
2000                 if (ev->status && conn->state == BT_CONNECTED) {
2001                         hci_disconnect(conn, HCI_ERROR_AUTH_FAILURE);
2002                         hci_conn_put(conn);
2003                         goto unlock;
2004                 }
2005
2006                 if (conn->state == BT_CONFIG) {
2007                         if (!ev->status)
2008                                 conn->state = BT_CONNECTED;
2009
2010                         hci_proto_connect_cfm(conn, ev->status);
2011                         hci_conn_put(conn);
2012                 } else
2013                         hci_encrypt_cfm(conn, ev->status, ev->encrypt);
2014         }
2015
2016 unlock:
2017         hci_dev_unlock(hdev);
2018 }
2019
2020 static void hci_change_link_key_complete_evt(struct hci_dev *hdev,
2021                                              struct sk_buff *skb)
2022 {
2023         struct hci_ev_change_link_key_complete *ev = (void *) skb->data;
2024         struct hci_conn *conn;
2025
2026         BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2027
2028         hci_dev_lock(hdev);
2029
2030         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2031         if (conn) {
2032                 if (!ev->status)
2033                         conn->link_mode |= HCI_LM_SECURE;
2034
2035                 clear_bit(HCI_CONN_AUTH_PEND, &conn->flags);
2036
2037                 hci_key_change_cfm(conn, ev->status);
2038         }
2039
2040         hci_dev_unlock(hdev);
2041 }
2042
2043 static void hci_remote_features_evt(struct hci_dev *hdev,
2044                                     struct sk_buff *skb)
2045 {
2046         struct hci_ev_remote_features *ev = (void *) skb->data;
2047         struct hci_conn *conn;
2048
2049         BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2050
2051         hci_dev_lock(hdev);
2052
2053         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2054         if (!conn)
2055                 goto unlock;
2056
2057         if (!ev->status)
2058                 memcpy(conn->features, ev->features, 8);
2059
2060         if (conn->state != BT_CONFIG)
2061                 goto unlock;
2062
2063         if (!ev->status && lmp_ssp_capable(hdev) && lmp_ssp_capable(conn)) {
2064                 struct hci_cp_read_remote_ext_features cp;
2065                 cp.handle = ev->handle;
2066                 cp.page = 0x01;
2067                 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES,
2068                              sizeof(cp), &cp);
2069                 goto unlock;
2070         }
2071
2072         if (!ev->status && !test_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags)) {
2073                 struct hci_cp_remote_name_req cp;
2074                 memset(&cp, 0, sizeof(cp));
2075                 bacpy(&cp.bdaddr, &conn->dst);
2076                 cp.pscan_rep_mode = 0x02;
2077                 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
2078         } else if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
2079                 mgmt_device_connected(hdev, &conn->dst, conn->type,
2080                                       conn->dst_type, 0, NULL, 0,
2081                                       conn->dev_class);
2082
2083         if (!hci_outgoing_auth_needed(hdev, conn)) {
2084                 conn->state = BT_CONNECTED;
2085                 hci_proto_connect_cfm(conn, ev->status);
2086                 hci_conn_put(conn);
2087         }
2088
2089 unlock:
2090         hci_dev_unlock(hdev);
2091 }
2092
2093 static void hci_cmd_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2094 {
2095         struct hci_ev_cmd_complete *ev = (void *) skb->data;
2096         u8 status = skb->data[sizeof(*ev)];
2097         __u16 opcode;
2098
2099         skb_pull(skb, sizeof(*ev));
2100
2101         opcode = __le16_to_cpu(ev->opcode);
2102
2103         switch (opcode) {
2104         case HCI_OP_INQUIRY_CANCEL:
2105                 hci_cc_inquiry_cancel(hdev, skb);
2106                 break;
2107
2108         case HCI_OP_PERIODIC_INQ:
2109                 hci_cc_periodic_inq(hdev, skb);
2110                 break;
2111
2112         case HCI_OP_EXIT_PERIODIC_INQ:
2113                 hci_cc_exit_periodic_inq(hdev, skb);
2114                 break;
2115
2116         case HCI_OP_REMOTE_NAME_REQ_CANCEL:
2117                 hci_cc_remote_name_req_cancel(hdev, skb);
2118                 break;
2119
2120         case HCI_OP_ROLE_DISCOVERY:
2121                 hci_cc_role_discovery(hdev, skb);
2122                 break;
2123
2124         case HCI_OP_READ_LINK_POLICY:
2125                 hci_cc_read_link_policy(hdev, skb);
2126                 break;
2127
2128         case HCI_OP_WRITE_LINK_POLICY:
2129                 hci_cc_write_link_policy(hdev, skb);
2130                 break;
2131
2132         case HCI_OP_READ_DEF_LINK_POLICY:
2133                 hci_cc_read_def_link_policy(hdev, skb);
2134                 break;
2135
2136         case HCI_OP_WRITE_DEF_LINK_POLICY:
2137                 hci_cc_write_def_link_policy(hdev, skb);
2138                 break;
2139
2140         case HCI_OP_RESET:
2141                 hci_cc_reset(hdev, skb);
2142                 break;
2143
2144         case HCI_OP_WRITE_LOCAL_NAME:
2145                 hci_cc_write_local_name(hdev, skb);
2146                 break;
2147
2148         case HCI_OP_READ_LOCAL_NAME:
2149                 hci_cc_read_local_name(hdev, skb);
2150                 break;
2151
2152         case HCI_OP_WRITE_AUTH_ENABLE:
2153                 hci_cc_write_auth_enable(hdev, skb);
2154                 break;
2155
2156         case HCI_OP_WRITE_ENCRYPT_MODE:
2157                 hci_cc_write_encrypt_mode(hdev, skb);
2158                 break;
2159
2160         case HCI_OP_WRITE_SCAN_ENABLE:
2161                 hci_cc_write_scan_enable(hdev, skb);
2162                 break;
2163
2164         case HCI_OP_READ_CLASS_OF_DEV:
2165                 hci_cc_read_class_of_dev(hdev, skb);
2166                 break;
2167
2168         case HCI_OP_WRITE_CLASS_OF_DEV:
2169                 hci_cc_write_class_of_dev(hdev, skb);
2170                 break;
2171
2172         case HCI_OP_READ_VOICE_SETTING:
2173                 hci_cc_read_voice_setting(hdev, skb);
2174                 break;
2175
2176         case HCI_OP_WRITE_VOICE_SETTING:
2177                 hci_cc_write_voice_setting(hdev, skb);
2178                 break;
2179
2180         case HCI_OP_WRITE_SSP_MODE:
2181                 hci_cc_write_ssp_mode(hdev, skb);
2182                 break;
2183
2184         case HCI_OP_READ_LOCAL_VERSION:
2185                 hci_cc_read_local_version(hdev, skb);
2186                 break;
2187
2188         case HCI_OP_READ_LOCAL_COMMANDS:
2189                 hci_cc_read_local_commands(hdev, skb);
2190                 break;
2191
2192         case HCI_OP_READ_LOCAL_FEATURES:
2193                 hci_cc_read_local_features(hdev, skb);
2194                 break;
2195
2196         case HCI_OP_READ_LOCAL_EXT_FEATURES:
2197                 hci_cc_read_local_ext_features(hdev, skb);
2198                 break;
2199
2200         case HCI_OP_READ_BUFFER_SIZE:
2201                 hci_cc_read_buffer_size(hdev, skb);
2202                 break;
2203
2204         case HCI_OP_READ_BD_ADDR:
2205                 hci_cc_read_bd_addr(hdev, skb);
2206                 break;
2207
2208         case HCI_OP_READ_DATA_BLOCK_SIZE:
2209                 hci_cc_read_data_block_size(hdev, skb);
2210                 break;
2211
2212         case HCI_OP_READ_FLOW_CONTROL_MODE:
2213                 hci_cc_read_flow_control_mode(hdev, skb);
2214                 break;
2215
2216         case HCI_OP_READ_LOCAL_AMP_INFO:
2217                 hci_cc_read_local_amp_info(hdev, skb);
2218                 break;
2219
2220         case HCI_OP_READ_LOCAL_AMP_ASSOC:
2221                 hci_cc_read_local_amp_assoc(hdev, skb);
2222                 break;
2223
2224         case HCI_OP_READ_INQ_RSP_TX_POWER:
2225                 hci_cc_read_inq_rsp_tx_power(hdev, skb);
2226                 break;
2227
2228         case HCI_OP_PIN_CODE_REPLY:
2229                 hci_cc_pin_code_reply(hdev, skb);
2230                 break;
2231
2232         case HCI_OP_PIN_CODE_NEG_REPLY:
2233                 hci_cc_pin_code_neg_reply(hdev, skb);
2234                 break;
2235
2236         case HCI_OP_READ_LOCAL_OOB_DATA:
2237                 hci_cc_read_local_oob_data_reply(hdev, skb);
2238                 break;
2239
2240         case HCI_OP_LE_READ_BUFFER_SIZE:
2241                 hci_cc_le_read_buffer_size(hdev, skb);
2242                 break;
2243
2244         case HCI_OP_LE_READ_LOCAL_FEATURES:
2245                 hci_cc_le_read_local_features(hdev, skb);
2246                 break;
2247
2248         case HCI_OP_LE_READ_ADV_TX_POWER:
2249                 hci_cc_le_read_adv_tx_power(hdev, skb);
2250                 break;
2251
2252         case HCI_OP_USER_CONFIRM_REPLY:
2253                 hci_cc_user_confirm_reply(hdev, skb);
2254                 break;
2255
2256         case HCI_OP_USER_CONFIRM_NEG_REPLY:
2257                 hci_cc_user_confirm_neg_reply(hdev, skb);
2258                 break;
2259
2260         case HCI_OP_USER_PASSKEY_REPLY:
2261                 hci_cc_user_passkey_reply(hdev, skb);
2262                 break;
2263
2264         case HCI_OP_USER_PASSKEY_NEG_REPLY:
2265                 hci_cc_user_passkey_neg_reply(hdev, skb);
2266                 break;
2267
2268         case HCI_OP_LE_SET_SCAN_PARAM:
2269                 hci_cc_le_set_scan_param(hdev, skb);
2270                 break;
2271
2272         case HCI_OP_LE_SET_ADV_ENABLE:
2273                 hci_cc_le_set_adv_enable(hdev, skb);
2274                 break;
2275
2276         case HCI_OP_LE_SET_SCAN_ENABLE:
2277                 hci_cc_le_set_scan_enable(hdev, skb);
2278                 break;
2279
2280         case HCI_OP_LE_READ_WHITE_LIST_SIZE:
2281                 hci_cc_le_read_white_list_size(hdev, skb);
2282                 break;
2283
2284         case HCI_OP_LE_READ_SUPPORTED_STATES:
2285                 hci_cc_le_read_supported_states(hdev, skb);
2286                 break;
2287
2288         case HCI_OP_WRITE_LE_HOST_SUPPORTED:
2289                 hci_cc_write_le_host_supported(hdev, skb);
2290                 break;
2291
2292         case HCI_OP_WRITE_REMOTE_AMP_ASSOC:
2293                 hci_cc_write_remote_amp_assoc(hdev, skb);
2294                 break;
2295
2296         default:
2297                 BT_DBG("%s opcode 0x%4.4x", hdev->name, opcode);
2298                 break;
2299         }
2300
2301         if (opcode != HCI_OP_NOP)
2302                 del_timer(&hdev->cmd_timer);
2303
2304         hci_req_cmd_complete(hdev, opcode, status);
2305
2306         if (ev->ncmd && !test_bit(HCI_RESET, &hdev->flags)) {
2307                 atomic_set(&hdev->cmd_cnt, 1);
2308                 if (!skb_queue_empty(&hdev->cmd_q))
2309                         queue_work(hdev->workqueue, &hdev->cmd_work);
2310         }
2311 }
2312
2313 static void hci_cmd_status_evt(struct hci_dev *hdev, struct sk_buff *skb)
2314 {
2315         struct hci_ev_cmd_status *ev = (void *) skb->data;
2316         __u16 opcode;
2317
2318         skb_pull(skb, sizeof(*ev));
2319
2320         opcode = __le16_to_cpu(ev->opcode);
2321
2322         switch (opcode) {
2323         case HCI_OP_INQUIRY:
2324                 hci_cs_inquiry(hdev, ev->status);
2325                 break;
2326
2327         case HCI_OP_CREATE_CONN:
2328                 hci_cs_create_conn(hdev, ev->status);
2329                 break;
2330
2331         case HCI_OP_ADD_SCO:
2332                 hci_cs_add_sco(hdev, ev->status);
2333                 break;
2334
2335         case HCI_OP_AUTH_REQUESTED:
2336                 hci_cs_auth_requested(hdev, ev->status);
2337                 break;
2338
2339         case HCI_OP_SET_CONN_ENCRYPT:
2340                 hci_cs_set_conn_encrypt(hdev, ev->status);
2341                 break;
2342
2343         case HCI_OP_REMOTE_NAME_REQ:
2344                 hci_cs_remote_name_req(hdev, ev->status);
2345                 break;
2346
2347         case HCI_OP_READ_REMOTE_FEATURES:
2348                 hci_cs_read_remote_features(hdev, ev->status);
2349                 break;
2350
2351         case HCI_OP_READ_REMOTE_EXT_FEATURES:
2352                 hci_cs_read_remote_ext_features(hdev, ev->status);
2353                 break;
2354
2355         case HCI_OP_SETUP_SYNC_CONN:
2356                 hci_cs_setup_sync_conn(hdev, ev->status);
2357                 break;
2358
2359         case HCI_OP_SNIFF_MODE:
2360                 hci_cs_sniff_mode(hdev, ev->status);
2361                 break;
2362
2363         case HCI_OP_EXIT_SNIFF_MODE:
2364                 hci_cs_exit_sniff_mode(hdev, ev->status);
2365                 break;
2366
2367         case HCI_OP_DISCONNECT:
2368                 hci_cs_disconnect(hdev, ev->status);
2369                 break;
2370
2371         case HCI_OP_LE_CREATE_CONN:
2372                 hci_cs_le_create_conn(hdev, ev->status);
2373                 break;
2374
2375         case HCI_OP_CREATE_PHY_LINK:
2376                 hci_cs_create_phylink(hdev, ev->status);
2377                 break;
2378
2379         case HCI_OP_ACCEPT_PHY_LINK:
2380                 hci_cs_accept_phylink(hdev, ev->status);
2381                 break;
2382
2383         default:
2384                 BT_DBG("%s opcode 0x%4.4x", hdev->name, opcode);
2385                 break;
2386         }
2387
2388         if (opcode != HCI_OP_NOP)
2389                 del_timer(&hdev->cmd_timer);
2390
2391         hci_req_cmd_status(hdev, opcode, ev->status);
2392
2393         if (ev->ncmd && !test_bit(HCI_RESET, &hdev->flags)) {
2394                 atomic_set(&hdev->cmd_cnt, 1);
2395                 if (!skb_queue_empty(&hdev->cmd_q))
2396                         queue_work(hdev->workqueue, &hdev->cmd_work);
2397         }
2398 }
2399
2400 static void hci_role_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2401 {
2402         struct hci_ev_role_change *ev = (void *) skb->data;
2403         struct hci_conn *conn;
2404
2405         BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2406
2407         hci_dev_lock(hdev);
2408
2409         conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2410         if (conn) {
2411                 if (!ev->status) {
2412                         if (ev->role)
2413                                 conn->link_mode &= ~HCI_LM_MASTER;
2414                         else
2415                                 conn->link_mode |= HCI_LM_MASTER;
2416                 }
2417
2418                 clear_bit(HCI_CONN_RSWITCH_PEND, &conn->flags);
2419
2420                 hci_role_switch_cfm(conn, ev->status, ev->role);
2421         }
2422
2423         hci_dev_unlock(hdev);
2424 }
2425
2426 static void hci_num_comp_pkts_evt(struct hci_dev *hdev, struct sk_buff *skb)
2427 {
2428         struct hci_ev_num_comp_pkts *ev = (void *) skb->data;
2429         int i;
2430
2431         if (hdev->flow_ctl_mode != HCI_FLOW_CTL_MODE_PACKET_BASED) {
2432                 BT_ERR("Wrong event for mode %d", hdev->flow_ctl_mode);
2433                 return;
2434         }
2435
2436         if (skb->len < sizeof(*ev) || skb->len < sizeof(*ev) +
2437             ev->num_hndl * sizeof(struct hci_comp_pkts_info)) {
2438                 BT_DBG("%s bad parameters", hdev->name);
2439                 return;
2440         }
2441
2442         BT_DBG("%s num_hndl %d", hdev->name, ev->num_hndl);
2443
2444         for (i = 0; i < ev->num_hndl; i++) {
2445                 struct hci_comp_pkts_info *info = &ev->handles[i];
2446                 struct hci_conn *conn;
2447                 __u16  handle, count;
2448
2449                 handle = __le16_to_cpu(info->handle);
2450                 count  = __le16_to_cpu(info->count);
2451
2452                 conn = hci_conn_hash_lookup_handle(hdev, handle);
2453                 if (!conn)
2454                         continue;
2455
2456                 conn->sent -= count;
2457
2458                 switch (conn->type) {
2459                 case ACL_LINK:
2460                         hdev->acl_cnt += count;
2461                         if (hdev->acl_cnt > hdev->acl_pkts)
2462                                 hdev->acl_cnt = hdev->acl_pkts;
2463                         break;
2464
2465                 case LE_LINK:
2466                         if (hdev->le_pkts) {
2467                                 hdev->le_cnt += count;
2468                                 if (hdev->le_cnt > hdev->le_pkts)
2469                                         hdev->le_cnt = hdev->le_pkts;
2470                         } else {
2471                                 hdev->acl_cnt += count;
2472                                 if (hdev->acl_cnt > hdev->acl_pkts)
2473                                         hdev->acl_cnt = hdev->acl_pkts;
2474                         }
2475                         break;
2476
2477                 case SCO_LINK:
2478                         hdev->sco_cnt += count;
2479                         if (hdev->sco_cnt > hdev->sco_pkts)
2480                                 hdev->sco_cnt = hdev->sco_pkts;
2481                         break;
2482
2483                 default:
2484                         BT_ERR("Unknown type %d conn %p", conn->type, conn);
2485                         break;
2486                 }
2487         }
2488
2489         queue_work(hdev->workqueue, &hdev->tx_work);
2490 }
2491
2492 static struct hci_conn *__hci_conn_lookup_handle(struct hci_dev *hdev,
2493                                                  __u16 handle)
2494 {
2495         struct hci_chan *chan;
2496
2497         switch (hdev->dev_type) {
2498         case HCI_BREDR:
2499                 return hci_conn_hash_lookup_handle(hdev, handle);
2500         case HCI_AMP:
2501                 chan = hci_chan_lookup_handle(hdev, handle);
2502                 if (chan)
2503                         return chan->conn;
2504                 break;
2505         default:
2506                 BT_ERR("%s unknown dev_type %d", hdev->name, hdev->dev_type);
2507                 break;
2508         }
2509
2510         return NULL;
2511 }
2512
2513 static void hci_num_comp_blocks_evt(struct hci_dev *hdev, struct sk_buff *skb)
2514 {
2515         struct hci_ev_num_comp_blocks *ev = (void *) skb->data;
2516         int i;
2517
2518         if (hdev->flow_ctl_mode != HCI_FLOW_CTL_MODE_BLOCK_BASED) {
2519                 BT_ERR("Wrong event for mode %d", hdev->flow_ctl_mode);
2520                 return;
2521         }
2522
2523         if (skb->len < sizeof(*ev) || skb->len < sizeof(*ev) +
2524             ev->num_hndl * sizeof(struct hci_comp_blocks_info)) {
2525                 BT_DBG("%s bad parameters", hdev->name);
2526                 return;
2527         }
2528
2529         BT_DBG("%s num_blocks %d num_hndl %d", hdev->name, ev->num_blocks,
2530                ev->num_hndl);
2531
2532         for (i = 0; i < ev->num_hndl; i++) {
2533                 struct hci_comp_blocks_info *info = &ev->handles[i];
2534                 struct hci_conn *conn = NULL;
2535                 __u16  handle, block_count;
2536
2537                 handle = __le16_to_cpu(info->handle);
2538                 block_count = __le16_to_cpu(info->blocks);
2539
2540                 conn = __hci_conn_lookup_handle(hdev, handle);
2541                 if (!conn)
2542                         continue;
2543
2544                 conn->sent -= block_count;
2545
2546                 switch (conn->type) {
2547                 case ACL_LINK:
2548                 case AMP_LINK:
2549                         hdev->block_cnt += block_count;
2550                         if (hdev->block_cnt > hdev->num_blocks)
2551                                 hdev->block_cnt = hdev->num_blocks;
2552                         break;
2553
2554                 default:
2555                         BT_ERR("Unknown type %d conn %p", conn->type, conn);
2556                         break;
2557                 }
2558         }
2559
2560         queue_work(hdev->workqueue, &hdev->tx_work);
2561 }
2562
2563 static void hci_mode_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2564 {
2565         struct hci_ev_mode_change *ev = (void *) skb->data;
2566         struct hci_conn *conn;
2567
2568         BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2569
2570         hci_dev_lock(hdev);
2571
2572         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2573         if (conn) {
2574                 conn->mode = ev->mode;
2575                 conn->interval = __le16_to_cpu(ev->interval);
2576
2577                 if (!test_and_clear_bit(HCI_CONN_MODE_CHANGE_PEND,
2578                                         &conn->flags)) {
2579                         if (conn->mode == HCI_CM_ACTIVE)
2580                                 set_bit(HCI_CONN_POWER_SAVE, &conn->flags);
2581                         else
2582                                 clear_bit(HCI_CONN_POWER_SAVE, &conn->flags);
2583                 }
2584
2585                 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
2586                         hci_sco_setup(conn, ev->status);
2587         }
2588
2589         hci_dev_unlock(hdev);
2590 }
2591
2592 static void hci_pin_code_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
2593 {
2594         struct hci_ev_pin_code_req *ev = (void *) skb->data;
2595         struct hci_conn *conn;
2596
2597         BT_DBG("%s", hdev->name);
2598
2599         hci_dev_lock(hdev);
2600
2601         conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2602         if (!conn)
2603                 goto unlock;
2604
2605         if (conn->state == BT_CONNECTED) {
2606                 hci_conn_hold(conn);
2607                 conn->disc_timeout = HCI_PAIRING_TIMEOUT;
2608                 hci_conn_put(conn);
2609         }
2610
2611         if (!test_bit(HCI_PAIRABLE, &hdev->dev_flags))
2612                 hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
2613                              sizeof(ev->bdaddr), &ev->bdaddr);
2614         else if (test_bit(HCI_MGMT, &hdev->dev_flags)) {
2615                 u8 secure;
2616
2617                 if (conn->pending_sec_level == BT_SECURITY_HIGH)
2618                         secure = 1;
2619                 else
2620                         secure = 0;
2621
2622                 mgmt_pin_code_request(hdev, &ev->bdaddr, secure);
2623         }
2624
2625 unlock:
2626         hci_dev_unlock(hdev);
2627 }
2628
2629 static void hci_link_key_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
2630 {
2631         struct hci_ev_link_key_req *ev = (void *) skb->data;
2632         struct hci_cp_link_key_reply cp;
2633         struct hci_conn *conn;
2634         struct link_key *key;
2635
2636         BT_DBG("%s", hdev->name);
2637
2638         if (!test_bit(HCI_LINK_KEYS, &hdev->dev_flags))
2639                 return;
2640
2641         hci_dev_lock(hdev);
2642
2643         key = hci_find_link_key(hdev, &ev->bdaddr);
2644         if (!key) {
2645                 BT_DBG("%s link key not found for %pMR", hdev->name,
2646                        &ev->bdaddr);
2647                 goto not_found;
2648         }
2649
2650         BT_DBG("%s found key type %u for %pMR", hdev->name, key->type,
2651                &ev->bdaddr);
2652
2653         if (!test_bit(HCI_DEBUG_KEYS, &hdev->dev_flags) &&
2654             key->type == HCI_LK_DEBUG_COMBINATION) {
2655                 BT_DBG("%s ignoring debug key", hdev->name);
2656                 goto not_found;
2657         }
2658
2659         conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2660         if (conn) {
2661                 if (key->type == HCI_LK_UNAUTH_COMBINATION &&
2662                     conn->auth_type != 0xff && (conn->auth_type & 0x01)) {
2663                         BT_DBG("%s ignoring unauthenticated key", hdev->name);
2664                         goto not_found;
2665                 }
2666
2667                 if (key->type == HCI_LK_COMBINATION && key->pin_len < 16 &&
2668                     conn->pending_sec_level == BT_SECURITY_HIGH) {
2669                         BT_DBG("%s ignoring key unauthenticated for high security",
2670                                hdev->name);
2671                         goto not_found;
2672                 }
2673
2674                 conn->key_type = key->type;
2675                 conn->pin_length = key->pin_len;
2676         }
2677
2678         bacpy(&cp.bdaddr, &ev->bdaddr);
2679         memcpy(cp.link_key, key->val, HCI_LINK_KEY_SIZE);
2680
2681         hci_send_cmd(hdev, HCI_OP_LINK_KEY_REPLY, sizeof(cp), &cp);
2682
2683         hci_dev_unlock(hdev);
2684
2685         return;
2686
2687 not_found:
2688         hci_send_cmd(hdev, HCI_OP_LINK_KEY_NEG_REPLY, 6, &ev->bdaddr);
2689         hci_dev_unlock(hdev);
2690 }
2691
2692 static void hci_link_key_notify_evt(struct hci_dev *hdev, struct sk_buff *skb)
2693 {
2694         struct hci_ev_link_key_notify *ev = (void *) skb->data;
2695         struct hci_conn *conn;
2696         u8 pin_len = 0;
2697
2698         BT_DBG("%s", hdev->name);
2699
2700         hci_dev_lock(hdev);
2701
2702         conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2703         if (conn) {
2704                 hci_conn_hold(conn);
2705                 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
2706                 pin_len = conn->pin_length;
2707
2708                 if (ev->key_type != HCI_LK_CHANGED_COMBINATION)
2709                         conn->key_type = ev->key_type;
2710
2711                 hci_conn_put(conn);
2712         }
2713
2714         if (test_bit(HCI_LINK_KEYS, &hdev->dev_flags))
2715                 hci_add_link_key(hdev, conn, 1, &ev->bdaddr, ev->link_key,
2716                                  ev->key_type, pin_len);
2717
2718         hci_dev_unlock(hdev);
2719 }
2720
2721 static void hci_clock_offset_evt(struct hci_dev *hdev, struct sk_buff *skb)
2722 {
2723         struct hci_ev_clock_offset *ev = (void *) skb->data;
2724         struct hci_conn *conn;
2725
2726         BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2727
2728         hci_dev_lock(hdev);
2729
2730         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2731         if (conn && !ev->status) {
2732                 struct inquiry_entry *ie;
2733
2734                 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
2735                 if (ie) {
2736                         ie->data.clock_offset = ev->clock_offset;
2737                         ie->timestamp = jiffies;
2738                 }
2739         }
2740
2741         hci_dev_unlock(hdev);
2742 }
2743
2744 static void hci_pkt_type_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2745 {
2746         struct hci_ev_pkt_type_change *ev = (void *) skb->data;
2747         struct hci_conn *conn;
2748
2749         BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2750
2751         hci_dev_lock(hdev);
2752
2753         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2754         if (conn && !ev->status)
2755                 conn->pkt_type = __le16_to_cpu(ev->pkt_type);
2756
2757         hci_dev_unlock(hdev);
2758 }
2759
2760 static void hci_pscan_rep_mode_evt(struct hci_dev *hdev, struct sk_buff *skb)
2761 {
2762         struct hci_ev_pscan_rep_mode *ev = (void *) skb->data;
2763         struct inquiry_entry *ie;
2764
2765         BT_DBG("%s", hdev->name);
2766
2767         hci_dev_lock(hdev);
2768
2769         ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
2770         if (ie) {
2771                 ie->data.pscan_rep_mode = ev->pscan_rep_mode;
2772                 ie->timestamp = jiffies;
2773         }
2774
2775         hci_dev_unlock(hdev);
2776 }
2777
2778 static void hci_inquiry_result_with_rssi_evt(struct hci_dev *hdev,
2779                                              struct sk_buff *skb)
2780 {
2781         struct inquiry_data data;
2782         int num_rsp = *((__u8 *) skb->data);
2783         bool name_known, ssp;
2784
2785         BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
2786
2787         if (!num_rsp)
2788                 return;
2789
2790         if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags))
2791                 return;
2792
2793         hci_dev_lock(hdev);
2794
2795         if ((skb->len - 1) / num_rsp != sizeof(struct inquiry_info_with_rssi)) {
2796                 struct inquiry_info_with_rssi_and_pscan_mode *info;
2797                 info = (void *) (skb->data + 1);
2798
2799                 for (; num_rsp; num_rsp--, info++) {
2800                         bacpy(&data.bdaddr, &info->bdaddr);
2801                         data.pscan_rep_mode     = info->pscan_rep_mode;
2802                         data.pscan_period_mode  = info->pscan_period_mode;
2803                         data.pscan_mode         = info->pscan_mode;
2804                         memcpy(data.dev_class, info->dev_class, 3);
2805                         data.clock_offset       = info->clock_offset;
2806                         data.rssi               = info->rssi;
2807                         data.ssp_mode           = 0x00;
2808
2809                         name_known = hci_inquiry_cache_update(hdev, &data,
2810                                                               false, &ssp);
2811                         mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
2812                                           info->dev_class, info->rssi,
2813                                           !name_known, ssp, NULL, 0);
2814                 }
2815         } else {
2816                 struct inquiry_info_with_rssi *info = (void *) (skb->data + 1);
2817
2818                 for (; num_rsp; num_rsp--, info++) {
2819                         bacpy(&data.bdaddr, &info->bdaddr);
2820                         data.pscan_rep_mode     = info->pscan_rep_mode;
2821                         data.pscan_period_mode  = info->pscan_period_mode;
2822                         data.pscan_mode         = 0x00;
2823                         memcpy(data.dev_class, info->dev_class, 3);
2824                         data.clock_offset       = info->clock_offset;
2825                         data.rssi               = info->rssi;
2826                         data.ssp_mode           = 0x00;
2827                         name_known = hci_inquiry_cache_update(hdev, &data,
2828                                                               false, &ssp);
2829                         mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
2830                                           info->dev_class, info->rssi,
2831                                           !name_known, ssp, NULL, 0);
2832                 }
2833         }
2834
2835         hci_dev_unlock(hdev);
2836 }
2837
2838 static void hci_remote_ext_features_evt(struct hci_dev *hdev,
2839                                         struct sk_buff *skb)
2840 {
2841         struct hci_ev_remote_ext_features *ev = (void *) skb->data;
2842         struct hci_conn *conn;
2843
2844         BT_DBG("%s", hdev->name);
2845
2846         hci_dev_lock(hdev);
2847
2848         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2849         if (!conn)
2850                 goto unlock;
2851
2852         if (!ev->status && ev->page == 0x01) {
2853                 struct inquiry_entry *ie;
2854
2855                 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
2856                 if (ie)
2857                         ie->data.ssp_mode = (ev->features[0] & LMP_HOST_SSP);
2858
2859                 if (ev->features[0] & LMP_HOST_SSP)
2860                         set_bit(HCI_CONN_SSP_ENABLED, &conn->flags);
2861         }
2862
2863         if (conn->state != BT_CONFIG)
2864                 goto unlock;
2865
2866         if (!ev->status && !test_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags)) {
2867                 struct hci_cp_remote_name_req cp;
2868                 memset(&cp, 0, sizeof(cp));
2869                 bacpy(&cp.bdaddr, &conn->dst);
2870                 cp.pscan_rep_mode = 0x02;
2871                 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
2872         } else if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
2873                 mgmt_device_connected(hdev, &conn->dst, conn->type,
2874                                       conn->dst_type, 0, NULL, 0,
2875                                       conn->dev_class);
2876
2877         if (!hci_outgoing_auth_needed(hdev, conn)) {
2878                 conn->state = BT_CONNECTED;
2879                 hci_proto_connect_cfm(conn, ev->status);
2880                 hci_conn_put(conn);
2881         }
2882
2883 unlock:
2884         hci_dev_unlock(hdev);
2885 }
2886
2887 static void hci_sync_conn_complete_evt(struct hci_dev *hdev,
2888                                        struct sk_buff *skb)
2889 {
2890         struct hci_ev_sync_conn_complete *ev = (void *) skb->data;
2891         struct hci_conn *conn;
2892
2893         BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2894
2895         hci_dev_lock(hdev);
2896
2897         conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
2898         if (!conn) {
2899                 if (ev->link_type == ESCO_LINK)
2900                         goto unlock;
2901
2902                 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
2903                 if (!conn)
2904                         goto unlock;
2905
2906                 conn->type = SCO_LINK;
2907         }
2908
2909         switch (ev->status) {
2910         case 0x00:
2911                 conn->handle = __le16_to_cpu(ev->handle);
2912                 conn->state  = BT_CONNECTED;
2913
2914                 hci_conn_hold_device(conn);
2915                 hci_conn_add_sysfs(conn);
2916                 break;
2917
2918         case 0x11:      /* Unsupported Feature or Parameter Value */
2919         case 0x1c:      /* SCO interval rejected */
2920         case 0x1a:      /* Unsupported Remote Feature */
2921         case 0x1f:      /* Unspecified error */
2922                 if (conn->out && conn->attempt < 2) {
2923                         conn->pkt_type = (hdev->esco_type & SCO_ESCO_MASK) |
2924                                         (hdev->esco_type & EDR_ESCO_MASK);
2925                         hci_setup_sync(conn, conn->link->handle);
2926                         goto unlock;
2927                 }
2928                 /* fall through */
2929
2930         default:
2931                 conn->state = BT_CLOSED;
2932                 break;
2933         }
2934
2935         hci_proto_connect_cfm(conn, ev->status);
2936         if (ev->status)
2937                 hci_conn_del(conn);
2938
2939 unlock:
2940         hci_dev_unlock(hdev);
2941 }
2942
2943 static void hci_extended_inquiry_result_evt(struct hci_dev *hdev,
2944                                             struct sk_buff *skb)
2945 {
2946         struct inquiry_data data;
2947         struct extended_inquiry_info *info = (void *) (skb->data + 1);
2948         int num_rsp = *((__u8 *) skb->data);
2949         size_t eir_len;
2950
2951         BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
2952
2953         if (!num_rsp)
2954                 return;
2955
2956         if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags))
2957                 return;
2958
2959         hci_dev_lock(hdev);
2960
2961         for (; num_rsp; num_rsp--, info++) {
2962                 bool name_known, ssp;
2963
2964                 bacpy(&data.bdaddr, &info->bdaddr);
2965                 data.pscan_rep_mode     = info->pscan_rep_mode;
2966                 data.pscan_period_mode  = info->pscan_period_mode;
2967                 data.pscan_mode         = 0x00;
2968                 memcpy(data.dev_class, info->dev_class, 3);
2969                 data.clock_offset       = info->clock_offset;
2970                 data.rssi               = info->rssi;
2971                 data.ssp_mode           = 0x01;
2972
2973                 if (test_bit(HCI_MGMT, &hdev->dev_flags))
2974                         name_known = eir_has_data_type(info->data,
2975                                                        sizeof(info->data),
2976                                                        EIR_NAME_COMPLETE);
2977                 else
2978                         name_known = true;
2979
2980                 name_known = hci_inquiry_cache_update(hdev, &data, name_known,
2981                                                       &ssp);
2982                 eir_len = eir_get_length(info->data, sizeof(info->data));
2983                 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
2984                                   info->dev_class, info->rssi, !name_known,
2985                                   ssp, info->data, eir_len);
2986         }
2987
2988         hci_dev_unlock(hdev);
2989 }
2990
2991 static void hci_key_refresh_complete_evt(struct hci_dev *hdev,
2992                                          struct sk_buff *skb)
2993 {
2994         struct hci_ev_key_refresh_complete *ev = (void *) skb->data;
2995         struct hci_conn *conn;
2996
2997         BT_DBG("%s status 0x%2.2x handle 0x%4.4x", hdev->name, ev->status,
2998                __le16_to_cpu(ev->handle));
2999
3000         hci_dev_lock(hdev);
3001
3002         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
3003         if (!conn)
3004                 goto unlock;
3005
3006         if (!ev->status)
3007                 conn->sec_level = conn->pending_sec_level;
3008
3009         clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
3010
3011         if (ev->status && conn->state == BT_CONNECTED) {
3012                 hci_disconnect(conn, HCI_ERROR_AUTH_FAILURE);
3013                 hci_conn_put(conn);
3014                 goto unlock;
3015         }
3016
3017         if (conn->state == BT_CONFIG) {
3018                 if (!ev->status)
3019                         conn->state = BT_CONNECTED;
3020
3021                 hci_proto_connect_cfm(conn, ev->status);
3022                 hci_conn_put(conn);
3023         } else {
3024                 hci_auth_cfm(conn, ev->status);
3025
3026                 hci_conn_hold(conn);
3027                 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
3028                 hci_conn_put(conn);
3029         }
3030
3031 unlock:
3032         hci_dev_unlock(hdev);
3033 }
3034
3035 static u8 hci_get_auth_req(struct hci_conn *conn)
3036 {
3037         /* If remote requests dedicated bonding follow that lead */
3038         if (conn->remote_auth == 0x02 || conn->remote_auth == 0x03) {
3039                 /* If both remote and local IO capabilities allow MITM
3040                  * protection then require it, otherwise don't */
3041                 if (conn->remote_cap == 0x03 || conn->io_capability == 0x03)
3042                         return 0x02;
3043                 else
3044                         return 0x03;
3045         }
3046
3047         /* If remote requests no-bonding follow that lead */
3048         if (conn->remote_auth == 0x00 || conn->remote_auth == 0x01)
3049                 return conn->remote_auth | (conn->auth_type & 0x01);
3050
3051         return conn->auth_type;
3052 }
3053
3054 static void hci_io_capa_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
3055 {
3056         struct hci_ev_io_capa_request *ev = (void *) skb->data;
3057         struct hci_conn *conn;
3058
3059         BT_DBG("%s", hdev->name);
3060
3061         hci_dev_lock(hdev);
3062
3063         conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3064         if (!conn)
3065                 goto unlock;
3066
3067         hci_conn_hold(conn);
3068
3069         if (!test_bit(HCI_MGMT, &hdev->dev_flags))
3070                 goto unlock;
3071
3072         if (test_bit(HCI_PAIRABLE, &hdev->dev_flags) ||
3073             (conn->remote_auth & ~0x01) == HCI_AT_NO_BONDING) {
3074                 struct hci_cp_io_capability_reply cp;
3075
3076                 bacpy(&cp.bdaddr, &ev->bdaddr);
3077                 /* Change the IO capability from KeyboardDisplay
3078                  * to DisplayYesNo as it is not supported by BT spec. */
3079                 cp.capability = (conn->io_capability == 0x04) ?
3080                                                 0x01 : conn->io_capability;
3081                 conn->auth_type = hci_get_auth_req(conn);
3082                 cp.authentication = conn->auth_type;
3083
3084                 if (hci_find_remote_oob_data(hdev, &conn->dst) &&
3085                     (conn->out || test_bit(HCI_CONN_REMOTE_OOB, &conn->flags)))
3086                         cp.oob_data = 0x01;
3087                 else
3088                         cp.oob_data = 0x00;
3089
3090                 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_REPLY,
3091                              sizeof(cp), &cp);
3092         } else {
3093                 struct hci_cp_io_capability_neg_reply cp;
3094
3095                 bacpy(&cp.bdaddr, &ev->bdaddr);
3096                 cp.reason = HCI_ERROR_PAIRING_NOT_ALLOWED;
3097
3098                 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_NEG_REPLY,
3099                              sizeof(cp), &cp);
3100         }
3101
3102 unlock:
3103         hci_dev_unlock(hdev);
3104 }
3105
3106 static void hci_io_capa_reply_evt(struct hci_dev *hdev, struct sk_buff *skb)
3107 {
3108         struct hci_ev_io_capa_reply *ev = (void *) skb->data;
3109         struct hci_conn *conn;
3110
3111         BT_DBG("%s", hdev->name);
3112
3113         hci_dev_lock(hdev);
3114
3115         conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3116         if (!conn)
3117                 goto unlock;
3118
3119         conn->remote_cap = ev->capability;
3120         conn->remote_auth = ev->authentication;
3121         if (ev->oob_data)
3122                 set_bit(HCI_CONN_REMOTE_OOB, &conn->flags);
3123
3124 unlock:
3125         hci_dev_unlock(hdev);
3126 }
3127
3128 static void hci_user_confirm_request_evt(struct hci_dev *hdev,
3129                                          struct sk_buff *skb)
3130 {
3131         struct hci_ev_user_confirm_req *ev = (void *) skb->data;
3132         int loc_mitm, rem_mitm, confirm_hint = 0;
3133         struct hci_conn *conn;
3134
3135         BT_DBG("%s", hdev->name);
3136
3137         hci_dev_lock(hdev);
3138
3139         if (!test_bit(HCI_MGMT, &hdev->dev_flags))
3140                 goto unlock;
3141
3142         conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3143         if (!conn)
3144                 goto unlock;
3145
3146         loc_mitm = (conn->auth_type & 0x01);
3147         rem_mitm = (conn->remote_auth & 0x01);
3148
3149         /* If we require MITM but the remote device can't provide that
3150          * (it has NoInputNoOutput) then reject the confirmation
3151          * request. The only exception is when we're dedicated bonding
3152          * initiators (connect_cfm_cb set) since then we always have the MITM
3153          * bit set. */
3154         if (!conn->connect_cfm_cb && loc_mitm && conn->remote_cap == 0x03) {
3155                 BT_DBG("Rejecting request: remote device can't provide MITM");
3156                 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_NEG_REPLY,
3157                              sizeof(ev->bdaddr), &ev->bdaddr);
3158                 goto unlock;
3159         }
3160
3161         /* If no side requires MITM protection; auto-accept */
3162         if ((!loc_mitm || conn->remote_cap == 0x03) &&
3163             (!rem_mitm || conn->io_capability == 0x03)) {
3164
3165                 /* If we're not the initiators request authorization to
3166                  * proceed from user space (mgmt_user_confirm with
3167                  * confirm_hint set to 1). */
3168                 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
3169                         BT_DBG("Confirming auto-accept as acceptor");
3170                         confirm_hint = 1;
3171                         goto confirm;
3172                 }
3173
3174                 BT_DBG("Auto-accept of user confirmation with %ums delay",
3175                        hdev->auto_accept_delay);
3176
3177                 if (hdev->auto_accept_delay > 0) {
3178                         int delay = msecs_to_jiffies(hdev->auto_accept_delay);
3179                         mod_timer(&conn->auto_accept_timer, jiffies + delay);
3180                         goto unlock;
3181                 }
3182
3183                 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_REPLY,
3184                              sizeof(ev->bdaddr), &ev->bdaddr);
3185                 goto unlock;
3186         }
3187
3188 confirm:
3189         mgmt_user_confirm_request(hdev, &ev->bdaddr, ACL_LINK, 0, ev->passkey,
3190                                   confirm_hint);
3191
3192 unlock:
3193         hci_dev_unlock(hdev);
3194 }
3195
3196 static void hci_user_passkey_request_evt(struct hci_dev *hdev,
3197                                          struct sk_buff *skb)
3198 {
3199         struct hci_ev_user_passkey_req *ev = (void *) skb->data;
3200
3201         BT_DBG("%s", hdev->name);
3202
3203         if (test_bit(HCI_MGMT, &hdev->dev_flags))
3204                 mgmt_user_passkey_request(hdev, &ev->bdaddr, ACL_LINK, 0);
3205 }
3206
3207 static void hci_user_passkey_notify_evt(struct hci_dev *hdev,
3208                                         struct sk_buff *skb)
3209 {
3210         struct hci_ev_user_passkey_notify *ev = (void *) skb->data;
3211         struct hci_conn *conn;
3212
3213         BT_DBG("%s", hdev->name);
3214
3215         conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3216         if (!conn)
3217                 return;
3218
3219         conn->passkey_notify = __le32_to_cpu(ev->passkey);
3220         conn->passkey_entered = 0;
3221
3222         if (test_bit(HCI_MGMT, &hdev->dev_flags))
3223                 mgmt_user_passkey_notify(hdev, &conn->dst, conn->type,
3224                                          conn->dst_type, conn->passkey_notify,
3225                                          conn->passkey_entered);
3226 }
3227
3228 static void hci_keypress_notify_evt(struct hci_dev *hdev, struct sk_buff *skb)
3229 {
3230         struct hci_ev_keypress_notify *ev = (void *) skb->data;
3231         struct hci_conn *conn;
3232
3233         BT_DBG("%s", hdev->name);
3234
3235         conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3236         if (!conn)
3237                 return;
3238
3239         switch (ev->type) {
3240         case HCI_KEYPRESS_STARTED:
3241                 conn->passkey_entered = 0;
3242                 return;
3243
3244         case HCI_KEYPRESS_ENTERED:
3245                 conn->passkey_entered++;
3246                 break;
3247
3248         case HCI_KEYPRESS_ERASED:
3249                 conn->passkey_entered--;
3250                 break;
3251
3252         case HCI_KEYPRESS_CLEARED:
3253                 conn->passkey_entered = 0;
3254                 break;
3255
3256         case HCI_KEYPRESS_COMPLETED:
3257                 return;
3258         }
3259
3260         if (test_bit(HCI_MGMT, &hdev->dev_flags))
3261                 mgmt_user_passkey_notify(hdev, &conn->dst, conn->type,
3262                                          conn->dst_type, conn->passkey_notify,
3263                                          conn->passkey_entered);
3264 }
3265
3266 static void hci_simple_pair_complete_evt(struct hci_dev *hdev,
3267                                          struct sk_buff *skb)
3268 {
3269         struct hci_ev_simple_pair_complete *ev = (void *) skb->data;
3270         struct hci_conn *conn;
3271
3272         BT_DBG("%s", hdev->name);
3273
3274         hci_dev_lock(hdev);
3275
3276         conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3277         if (!conn)
3278                 goto unlock;
3279
3280         /* To avoid duplicate auth_failed events to user space we check
3281          * the HCI_CONN_AUTH_PEND flag which will be set if we
3282          * initiated the authentication. A traditional auth_complete
3283          * event gets always produced as initiator and is also mapped to
3284          * the mgmt_auth_failed event */
3285         if (!test_bit(HCI_CONN_AUTH_PEND, &conn->flags) && ev->status)
3286                 mgmt_auth_failed(hdev, &conn->dst, conn->type, conn->dst_type,
3287                                  ev->status);
3288
3289         hci_conn_put(conn);
3290
3291 unlock:
3292         hci_dev_unlock(hdev);
3293 }
3294
3295 static void hci_remote_host_features_evt(struct hci_dev *hdev,
3296                                          struct sk_buff *skb)
3297 {
3298         struct hci_ev_remote_host_features *ev = (void *) skb->data;
3299         struct inquiry_entry *ie;
3300
3301         BT_DBG("%s", hdev->name);
3302
3303         hci_dev_lock(hdev);
3304
3305         ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
3306         if (ie)
3307                 ie->data.ssp_mode = (ev->features[0] & LMP_HOST_SSP);
3308
3309         hci_dev_unlock(hdev);
3310 }
3311
3312 static void hci_remote_oob_data_request_evt(struct hci_dev *hdev,
3313                                             struct sk_buff *skb)
3314 {
3315         struct hci_ev_remote_oob_data_request *ev = (void *) skb->data;
3316         struct oob_data *data;
3317
3318         BT_DBG("%s", hdev->name);
3319
3320         hci_dev_lock(hdev);
3321
3322         if (!test_bit(HCI_MGMT, &hdev->dev_flags))
3323                 goto unlock;
3324
3325         data = hci_find_remote_oob_data(hdev, &ev->bdaddr);
3326         if (data) {
3327                 struct hci_cp_remote_oob_data_reply cp;
3328
3329                 bacpy(&cp.bdaddr, &ev->bdaddr);
3330                 memcpy(cp.hash, data->hash, sizeof(cp.hash));
3331                 memcpy(cp.randomizer, data->randomizer, sizeof(cp.randomizer));
3332
3333                 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_REPLY, sizeof(cp),
3334                              &cp);
3335         } else {
3336                 struct hci_cp_remote_oob_data_neg_reply cp;
3337
3338                 bacpy(&cp.bdaddr, &ev->bdaddr);
3339                 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_NEG_REPLY, sizeof(cp),
3340                              &cp);
3341         }
3342
3343 unlock:
3344         hci_dev_unlock(hdev);
3345 }
3346
3347 static void hci_phy_link_complete_evt(struct hci_dev *hdev,
3348                                       struct sk_buff *skb)
3349 {
3350         struct hci_ev_phy_link_complete *ev = (void *) skb->data;
3351         struct hci_conn *hcon, *bredr_hcon;
3352
3353         BT_DBG("%s handle 0x%2.2x status 0x%2.2x", hdev->name, ev->phy_handle,
3354                ev->status);
3355
3356         hci_dev_lock(hdev);
3357
3358         hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
3359         if (!hcon) {
3360                 hci_dev_unlock(hdev);
3361                 return;
3362         }
3363
3364         if (ev->status) {
3365                 hci_conn_del(hcon);
3366                 hci_dev_unlock(hdev);
3367                 return;
3368         }
3369
3370         bredr_hcon = hcon->amp_mgr->l2cap_conn->hcon;
3371
3372         hcon->state = BT_CONNECTED;
3373         bacpy(&hcon->dst, &bredr_hcon->dst);
3374
3375         hci_conn_hold(hcon);
3376         hcon->disc_timeout = HCI_DISCONN_TIMEOUT;
3377         hci_conn_put(hcon);
3378
3379         hci_conn_hold_device(hcon);
3380         hci_conn_add_sysfs(hcon);
3381
3382         amp_physical_cfm(bredr_hcon, hcon);
3383
3384         hci_dev_unlock(hdev);
3385 }
3386
3387 static void hci_loglink_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
3388 {
3389         struct hci_ev_logical_link_complete *ev = (void *) skb->data;
3390         struct hci_conn *hcon;
3391         struct hci_chan *hchan;
3392         struct amp_mgr *mgr;
3393
3394         BT_DBG("%s log_handle 0x%4.4x phy_handle 0x%2.2x status 0x%2.2x",
3395                hdev->name, le16_to_cpu(ev->handle), ev->phy_handle,
3396                ev->status);
3397
3398         hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
3399         if (!hcon)
3400                 return;
3401
3402         /* Create AMP hchan */
3403         hchan = hci_chan_create(hcon);
3404         if (!hchan)
3405                 return;
3406
3407         hchan->handle = le16_to_cpu(ev->handle);
3408
3409         BT_DBG("hcon %p mgr %p hchan %p", hcon, hcon->amp_mgr, hchan);
3410
3411         mgr = hcon->amp_mgr;
3412         if (mgr && mgr->bredr_chan) {
3413                 struct l2cap_chan *bredr_chan = mgr->bredr_chan;
3414
3415                 l2cap_chan_lock(bredr_chan);
3416
3417                 bredr_chan->conn->mtu = hdev->block_mtu;
3418                 l2cap_logical_cfm(bredr_chan, hchan, 0);
3419                 hci_conn_hold(hcon);
3420
3421                 l2cap_chan_unlock(bredr_chan);
3422         }
3423 }
3424
3425 static void hci_disconn_loglink_complete_evt(struct hci_dev *hdev,
3426                                              struct sk_buff *skb)
3427 {
3428         struct hci_ev_disconn_logical_link_complete *ev = (void *) skb->data;
3429         struct hci_chan *hchan;
3430
3431         BT_DBG("%s log handle 0x%4.4x status 0x%2.2x", hdev->name,
3432                le16_to_cpu(ev->handle), ev->status);
3433
3434         if (ev->status)
3435                 return;
3436
3437         hci_dev_lock(hdev);
3438
3439         hchan = hci_chan_lookup_handle(hdev, le16_to_cpu(ev->handle));
3440         if (!hchan)
3441                 goto unlock;
3442
3443         amp_destroy_logical_link(hchan, ev->reason);
3444
3445 unlock:
3446         hci_dev_unlock(hdev);
3447 }
3448
3449 static void hci_disconn_phylink_complete_evt(struct hci_dev *hdev,
3450                                              struct sk_buff *skb)
3451 {
3452         struct hci_ev_disconn_phy_link_complete *ev = (void *) skb->data;
3453         struct hci_conn *hcon;
3454
3455         BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
3456
3457         if (ev->status)
3458                 return;
3459
3460         hci_dev_lock(hdev);
3461
3462         hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
3463         if (hcon) {
3464                 hcon->state = BT_CLOSED;
3465                 hci_conn_del(hcon);
3466         }
3467
3468         hci_dev_unlock(hdev);
3469 }
3470
3471 static void hci_le_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
3472 {
3473         struct hci_ev_le_conn_complete *ev = (void *) skb->data;
3474         struct hci_conn *conn;
3475
3476         BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
3477
3478         hci_dev_lock(hdev);
3479
3480         conn = hci_conn_hash_lookup_state(hdev, LE_LINK, BT_CONNECT);
3481         if (!conn) {
3482                 conn = hci_conn_add(hdev, LE_LINK, &ev->bdaddr);
3483                 if (!conn) {
3484                         BT_ERR("No memory for new connection");
3485                         goto unlock;
3486                 }
3487
3488                 conn->dst_type = ev->bdaddr_type;
3489
3490                 if (ev->role == LE_CONN_ROLE_MASTER) {
3491                         conn->out = true;
3492                         conn->link_mode |= HCI_LM_MASTER;
3493                 }
3494         }
3495
3496         if (ev->status) {
3497                 mgmt_connect_failed(hdev, &conn->dst, conn->type,
3498                                     conn->dst_type, ev->status);
3499                 hci_proto_connect_cfm(conn, ev->status);
3500                 conn->state = BT_CLOSED;
3501                 hci_conn_del(conn);
3502                 goto unlock;
3503         }
3504
3505         if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
3506                 mgmt_device_connected(hdev, &ev->bdaddr, conn->type,
3507                                       conn->dst_type, 0, NULL, 0, NULL);
3508
3509         conn->sec_level = BT_SECURITY_LOW;
3510         conn->handle = __le16_to_cpu(ev->handle);
3511         conn->state = BT_CONNECTED;
3512
3513         hci_conn_hold_device(conn);
3514         hci_conn_add_sysfs(conn);
3515
3516         hci_proto_connect_cfm(conn, ev->status);
3517
3518 unlock:
3519         hci_dev_unlock(hdev);
3520 }
3521
3522 static void hci_le_adv_report_evt(struct hci_dev *hdev, struct sk_buff *skb)
3523 {
3524         u8 num_reports = skb->data[0];
3525         void *ptr = &skb->data[1];
3526         s8 rssi;
3527
3528         while (num_reports--) {
3529                 struct hci_ev_le_advertising_info *ev = ptr;
3530
3531                 rssi = ev->data[ev->length];
3532                 mgmt_device_found(hdev, &ev->bdaddr, LE_LINK, ev->bdaddr_type,
3533                                   NULL, rssi, 0, 1, ev->data, ev->length);
3534
3535                 ptr += sizeof(*ev) + ev->length + 1;
3536         }
3537 }
3538
3539 static void hci_le_ltk_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
3540 {
3541         struct hci_ev_le_ltk_req *ev = (void *) skb->data;
3542         struct hci_cp_le_ltk_reply cp;
3543         struct hci_cp_le_ltk_neg_reply neg;
3544         struct hci_conn *conn;
3545         struct smp_ltk *ltk;
3546
3547         BT_DBG("%s handle 0x%4.4x", hdev->name, __le16_to_cpu(ev->handle));
3548
3549         hci_dev_lock(hdev);
3550
3551         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
3552         if (conn == NULL)
3553                 goto not_found;
3554
3555         ltk = hci_find_ltk(hdev, ev->ediv, ev->random);
3556         if (ltk == NULL)
3557                 goto not_found;
3558
3559         memcpy(cp.ltk, ltk->val, sizeof(ltk->val));
3560         cp.handle = cpu_to_le16(conn->handle);
3561
3562         if (ltk->authenticated)
3563                 conn->sec_level = BT_SECURITY_HIGH;
3564
3565         hci_send_cmd(hdev, HCI_OP_LE_LTK_REPLY, sizeof(cp), &cp);
3566
3567         if (ltk->type & HCI_SMP_STK) {
3568                 list_del(&ltk->list);
3569                 kfree(ltk);
3570         }
3571
3572         hci_dev_unlock(hdev);
3573
3574         return;
3575
3576 not_found:
3577         neg.handle = ev->handle;
3578         hci_send_cmd(hdev, HCI_OP_LE_LTK_NEG_REPLY, sizeof(neg), &neg);
3579         hci_dev_unlock(hdev);
3580 }
3581
3582 static void hci_le_meta_evt(struct hci_dev *hdev, struct sk_buff *skb)
3583 {
3584         struct hci_ev_le_meta *le_ev = (void *) skb->data;
3585
3586         skb_pull(skb, sizeof(*le_ev));
3587
3588         switch (le_ev->subevent) {
3589         case HCI_EV_LE_CONN_COMPLETE:
3590                 hci_le_conn_complete_evt(hdev, skb);
3591                 break;
3592
3593         case HCI_EV_LE_ADVERTISING_REPORT:
3594                 hci_le_adv_report_evt(hdev, skb);
3595                 break;
3596
3597         case HCI_EV_LE_LTK_REQ:
3598                 hci_le_ltk_request_evt(hdev, skb);
3599                 break;
3600
3601         default:
3602                 break;
3603         }
3604 }
3605
3606 static void hci_chan_selected_evt(struct hci_dev *hdev, struct sk_buff *skb)
3607 {
3608         struct hci_ev_channel_selected *ev = (void *) skb->data;
3609         struct hci_conn *hcon;
3610
3611         BT_DBG("%s handle 0x%2.2x", hdev->name, ev->phy_handle);
3612
3613         skb_pull(skb, sizeof(*ev));
3614
3615         hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
3616         if (!hcon)
3617                 return;
3618
3619         amp_read_loc_assoc_final_data(hdev, hcon);
3620 }
3621
3622 void hci_event_packet(struct hci_dev *hdev, struct sk_buff *skb)
3623 {
3624         struct hci_event_hdr *hdr = (void *) skb->data;
3625         __u8 event = hdr->evt;
3626
3627         skb_pull(skb, HCI_EVENT_HDR_SIZE);
3628
3629         switch (event) {
3630         case HCI_EV_INQUIRY_COMPLETE:
3631                 hci_inquiry_complete_evt(hdev, skb);
3632                 break;
3633
3634         case HCI_EV_INQUIRY_RESULT:
3635                 hci_inquiry_result_evt(hdev, skb);
3636                 break;
3637
3638         case HCI_EV_CONN_COMPLETE:
3639                 hci_conn_complete_evt(hdev, skb);
3640                 break;
3641
3642         case HCI_EV_CONN_REQUEST:
3643                 hci_conn_request_evt(hdev, skb);
3644                 break;
3645
3646         case HCI_EV_DISCONN_COMPLETE:
3647                 hci_disconn_complete_evt(hdev, skb);
3648                 break;
3649
3650         case HCI_EV_AUTH_COMPLETE:
3651                 hci_auth_complete_evt(hdev, skb);
3652                 break;
3653
3654         case HCI_EV_REMOTE_NAME:
3655                 hci_remote_name_evt(hdev, skb);
3656                 break;
3657
3658         case HCI_EV_ENCRYPT_CHANGE:
3659                 hci_encrypt_change_evt(hdev, skb);
3660                 break;
3661
3662         case HCI_EV_CHANGE_LINK_KEY_COMPLETE:
3663                 hci_change_link_key_complete_evt(hdev, skb);
3664                 break;
3665
3666         case HCI_EV_REMOTE_FEATURES:
3667                 hci_remote_features_evt(hdev, skb);
3668                 break;
3669
3670         case HCI_EV_CMD_COMPLETE:
3671                 hci_cmd_complete_evt(hdev, skb);
3672                 break;
3673
3674         case HCI_EV_CMD_STATUS:
3675                 hci_cmd_status_evt(hdev, skb);
3676                 break;
3677
3678         case HCI_EV_ROLE_CHANGE:
3679                 hci_role_change_evt(hdev, skb);
3680                 break;
3681
3682         case HCI_EV_NUM_COMP_PKTS:
3683                 hci_num_comp_pkts_evt(hdev, skb);
3684                 break;
3685
3686         case HCI_EV_MODE_CHANGE:
3687                 hci_mode_change_evt(hdev, skb);
3688                 break;
3689
3690         case HCI_EV_PIN_CODE_REQ:
3691                 hci_pin_code_request_evt(hdev, skb);
3692                 break;
3693
3694         case HCI_EV_LINK_KEY_REQ:
3695                 hci_link_key_request_evt(hdev, skb);
3696                 break;
3697
3698         case HCI_EV_LINK_KEY_NOTIFY:
3699                 hci_link_key_notify_evt(hdev, skb);
3700                 break;
3701
3702         case HCI_EV_CLOCK_OFFSET:
3703                 hci_clock_offset_evt(hdev, skb);
3704                 break;
3705
3706         case HCI_EV_PKT_TYPE_CHANGE:
3707                 hci_pkt_type_change_evt(hdev, skb);
3708                 break;
3709
3710         case HCI_EV_PSCAN_REP_MODE:
3711                 hci_pscan_rep_mode_evt(hdev, skb);
3712                 break;
3713
3714         case HCI_EV_INQUIRY_RESULT_WITH_RSSI:
3715                 hci_inquiry_result_with_rssi_evt(hdev, skb);
3716                 break;
3717
3718         case HCI_EV_REMOTE_EXT_FEATURES:
3719                 hci_remote_ext_features_evt(hdev, skb);
3720                 break;
3721
3722         case HCI_EV_SYNC_CONN_COMPLETE:
3723                 hci_sync_conn_complete_evt(hdev, skb);
3724                 break;
3725
3726         case HCI_EV_EXTENDED_INQUIRY_RESULT:
3727                 hci_extended_inquiry_result_evt(hdev, skb);
3728                 break;
3729
3730         case HCI_EV_KEY_REFRESH_COMPLETE:
3731                 hci_key_refresh_complete_evt(hdev, skb);
3732                 break;
3733
3734         case HCI_EV_IO_CAPA_REQUEST:
3735                 hci_io_capa_request_evt(hdev, skb);
3736                 break;
3737
3738         case HCI_EV_IO_CAPA_REPLY:
3739                 hci_io_capa_reply_evt(hdev, skb);
3740                 break;
3741
3742         case HCI_EV_USER_CONFIRM_REQUEST:
3743                 hci_user_confirm_request_evt(hdev, skb);
3744                 break;
3745
3746         case HCI_EV_USER_PASSKEY_REQUEST:
3747                 hci_user_passkey_request_evt(hdev, skb);
3748                 break;
3749
3750         case HCI_EV_USER_PASSKEY_NOTIFY:
3751                 hci_user_passkey_notify_evt(hdev, skb);
3752                 break;
3753
3754         case HCI_EV_KEYPRESS_NOTIFY:
3755                 hci_keypress_notify_evt(hdev, skb);
3756                 break;
3757
3758         case HCI_EV_SIMPLE_PAIR_COMPLETE:
3759                 hci_simple_pair_complete_evt(hdev, skb);
3760                 break;
3761
3762         case HCI_EV_REMOTE_HOST_FEATURES:
3763                 hci_remote_host_features_evt(hdev, skb);
3764                 break;
3765
3766         case HCI_EV_LE_META:
3767                 hci_le_meta_evt(hdev, skb);
3768                 break;
3769
3770         case HCI_EV_CHANNEL_SELECTED:
3771                 hci_chan_selected_evt(hdev, skb);
3772                 break;
3773
3774         case HCI_EV_REMOTE_OOB_DATA_REQUEST:
3775                 hci_remote_oob_data_request_evt(hdev, skb);
3776                 break;
3777
3778         case HCI_EV_PHY_LINK_COMPLETE:
3779                 hci_phy_link_complete_evt(hdev, skb);
3780                 break;
3781
3782         case HCI_EV_LOGICAL_LINK_COMPLETE:
3783                 hci_loglink_complete_evt(hdev, skb);
3784                 break;
3785
3786         case HCI_EV_DISCONN_LOGICAL_LINK_COMPLETE:
3787                 hci_disconn_loglink_complete_evt(hdev, skb);
3788                 break;
3789
3790         case HCI_EV_DISCONN_PHY_LINK_COMPLETE:
3791                 hci_disconn_phylink_complete_evt(hdev, skb);
3792                 break;
3793
3794         case HCI_EV_NUM_COMP_BLOCKS:
3795                 hci_num_comp_blocks_evt(hdev, skb);
3796                 break;
3797
3798         default:
3799                 BT_DBG("%s event 0x%2.2x", hdev->name, event);
3800                 break;
3801         }
3802
3803         kfree_skb(skb);
3804         hdev->stat.evt_rx++;
3805 }
Unnamed repository; edit this file 'description' to name the repository.