projects / cascardo / linux.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Merge remote-tracking branches 'asoc/topic/tlv', 'asoc/topic/tlv320aic23', 'asoc...
[cascardo/linux.git] / net / bluetooth / hci_event.c
1 /*
2    BlueZ - Bluetooth protocol stack for Linux
3    Copyright (c) 2000-2001, 2010, Code Aurora Forum. All rights reserved.
4
5    Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
6
7    This program is free software; you can redistribute it and/or modify
8    it under the terms of the GNU General Public License version 2 as
9    published by the Free Software Foundation;
10
11    THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12    OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13    FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14    IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15    CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16    WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17    ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18    OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
20    ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21    COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22    SOFTWARE IS DISCLAIMED.
23 */
24
25 /* Bluetooth HCI event handling. */
26
27 #include <asm/unaligned.h>
28
29 #include <net/bluetooth/bluetooth.h>
30 #include <net/bluetooth/hci_core.h>
31 #include <net/bluetooth/mgmt.h>
32
33 #include "a2mp.h"
34 #include "amp.h"
35
36 /* Handle HCI Event packets */
37
38 static void hci_cc_inquiry_cancel(struct hci_dev *hdev, struct sk_buff *skb)
39 {
40         __u8 status = *((__u8 *) skb->data);
41
42         BT_DBG("%s status 0x%2.2x", hdev->name, status);
43
44         if (status)
45                 return;
46
47         clear_bit(HCI_INQUIRY, &hdev->flags);
48         smp_mb__after_atomic(); /* wake_up_bit advises about this barrier */
49         wake_up_bit(&hdev->flags, HCI_INQUIRY);
50
51         hci_dev_lock(hdev);
52         hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
53         hci_dev_unlock(hdev);
54
55         hci_conn_check_pending(hdev);
56 }
57
58 static void hci_cc_periodic_inq(struct hci_dev *hdev, struct sk_buff *skb)
59 {
60         __u8 status = *((__u8 *) skb->data);
61
62         BT_DBG("%s status 0x%2.2x", hdev->name, status);
63
64         if (status)
65                 return;
66
67         set_bit(HCI_PERIODIC_INQ, &hdev->dev_flags);
68 }
69
70 static void hci_cc_exit_periodic_inq(struct hci_dev *hdev, struct sk_buff *skb)
71 {
72         __u8 status = *((__u8 *) skb->data);
73
74         BT_DBG("%s status 0x%2.2x", hdev->name, status);
75
76         if (status)
77                 return;
78
79         clear_bit(HCI_PERIODIC_INQ, &hdev->dev_flags);
80
81         hci_conn_check_pending(hdev);
82 }
83
84 static void hci_cc_remote_name_req_cancel(struct hci_dev *hdev,
85                                           struct sk_buff *skb)
86 {
87         BT_DBG("%s", hdev->name);
88 }
89
90 static void hci_cc_role_discovery(struct hci_dev *hdev, struct sk_buff *skb)
91 {
92         struct hci_rp_role_discovery *rp = (void *) skb->data;
93         struct hci_conn *conn;
94
95         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
96
97         if (rp->status)
98                 return;
99
100         hci_dev_lock(hdev);
101
102         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
103         if (conn) {
104                 if (rp->role)
105                         conn->link_mode &= ~HCI_LM_MASTER;
106                 else
107                         conn->link_mode |= HCI_LM_MASTER;
108         }
109
110         hci_dev_unlock(hdev);
111 }
112
113 static void hci_cc_read_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
114 {
115         struct hci_rp_read_link_policy *rp = (void *) skb->data;
116         struct hci_conn *conn;
117
118         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
119
120         if (rp->status)
121                 return;
122
123         hci_dev_lock(hdev);
124
125         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
126         if (conn)
127                 conn->link_policy = __le16_to_cpu(rp->policy);
128
129         hci_dev_unlock(hdev);
130 }
131
132 static void hci_cc_write_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
133 {
134         struct hci_rp_write_link_policy *rp = (void *) skb->data;
135         struct hci_conn *conn;
136         void *sent;
137
138         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
139
140         if (rp->status)
141                 return;
142
143         sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LINK_POLICY);
144         if (!sent)
145                 return;
146
147         hci_dev_lock(hdev);
148
149         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
150         if (conn)
151                 conn->link_policy = get_unaligned_le16(sent + 2);
152
153         hci_dev_unlock(hdev);
154 }
155
156 static void hci_cc_read_def_link_policy(struct hci_dev *hdev,
157                                         struct sk_buff *skb)
158 {
159         struct hci_rp_read_def_link_policy *rp = (void *) skb->data;
160
161         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
162
163         if (rp->status)
164                 return;
165
166         hdev->link_policy = __le16_to_cpu(rp->policy);
167 }
168
169 static void hci_cc_write_def_link_policy(struct hci_dev *hdev,
170                                          struct sk_buff *skb)
171 {
172         __u8 status = *((__u8 *) skb->data);
173         void *sent;
174
175         BT_DBG("%s status 0x%2.2x", hdev->name, status);
176
177         sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_DEF_LINK_POLICY);
178         if (!sent)
179                 return;
180
181         if (!status)
182                 hdev->link_policy = get_unaligned_le16(sent);
183 }
184
185 static void hci_cc_reset(struct hci_dev *hdev, struct sk_buff *skb)
186 {
187         __u8 status = *((__u8 *) skb->data);
188
189         BT_DBG("%s status 0x%2.2x", hdev->name, status);
190
191         clear_bit(HCI_RESET, &hdev->flags);
192
193         /* Reset all non-persistent flags */
194         hdev->dev_flags &= ~HCI_PERSISTENT_MASK;
195
196         hdev->discovery.state = DISCOVERY_STOPPED;
197         hdev->inq_tx_power = HCI_TX_POWER_INVALID;
198         hdev->adv_tx_power = HCI_TX_POWER_INVALID;
199
200         memset(hdev->adv_data, 0, sizeof(hdev->adv_data));
201         hdev->adv_data_len = 0;
202
203         memset(hdev->scan_rsp_data, 0, sizeof(hdev->scan_rsp_data));
204         hdev->scan_rsp_data_len = 0;
205
206         hdev->le_scan_type = LE_SCAN_PASSIVE;
207
208         hdev->ssp_debug_mode = 0;
209 }
210
211 static void hci_cc_write_local_name(struct hci_dev *hdev, struct sk_buff *skb)
212 {
213         __u8 status = *((__u8 *) skb->data);
214         void *sent;
215
216         BT_DBG("%s status 0x%2.2x", hdev->name, status);
217
218         sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LOCAL_NAME);
219         if (!sent)
220                 return;
221
222         hci_dev_lock(hdev);
223
224         if (test_bit(HCI_MGMT, &hdev->dev_flags))
225                 mgmt_set_local_name_complete(hdev, sent, status);
226         else if (!status)
227                 memcpy(hdev->dev_name, sent, HCI_MAX_NAME_LENGTH);
228
229         hci_dev_unlock(hdev);
230 }
231
232 static void hci_cc_read_local_name(struct hci_dev *hdev, struct sk_buff *skb)
233 {
234         struct hci_rp_read_local_name *rp = (void *) skb->data;
235
236         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
237
238         if (rp->status)
239                 return;
240
241         if (test_bit(HCI_SETUP, &hdev->dev_flags))
242                 memcpy(hdev->dev_name, rp->name, HCI_MAX_NAME_LENGTH);
243 }
244
245 static void hci_cc_write_auth_enable(struct hci_dev *hdev, struct sk_buff *skb)
246 {
247         __u8 status = *((__u8 *) skb->data);
248         void *sent;
249
250         BT_DBG("%s status 0x%2.2x", hdev->name, status);
251
252         sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_AUTH_ENABLE);
253         if (!sent)
254                 return;
255
256         if (!status) {
257                 __u8 param = *((__u8 *) sent);
258
259                 if (param == AUTH_ENABLED)
260                         set_bit(HCI_AUTH, &hdev->flags);
261                 else
262                         clear_bit(HCI_AUTH, &hdev->flags);
263         }
264
265         if (test_bit(HCI_MGMT, &hdev->dev_flags))
266                 mgmt_auth_enable_complete(hdev, status);
267 }
268
269 static void hci_cc_write_encrypt_mode(struct hci_dev *hdev, struct sk_buff *skb)
270 {
271         __u8 status = *((__u8 *) skb->data);
272         void *sent;
273
274         BT_DBG("%s status 0x%2.2x", hdev->name, status);
275
276         sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_ENCRYPT_MODE);
277         if (!sent)
278                 return;
279
280         if (!status) {
281                 __u8 param = *((__u8 *) sent);
282
283                 if (param)
284                         set_bit(HCI_ENCRYPT, &hdev->flags);
285                 else
286                         clear_bit(HCI_ENCRYPT, &hdev->flags);
287         }
288 }
289
290 static void hci_cc_write_scan_enable(struct hci_dev *hdev, struct sk_buff *skb)
291 {
292         __u8 param, status = *((__u8 *) skb->data);
293         int old_pscan, old_iscan;
294         void *sent;
295
296         BT_DBG("%s status 0x%2.2x", hdev->name, status);
297
298         sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SCAN_ENABLE);
299         if (!sent)
300                 return;
301
302         param = *((__u8 *) sent);
303
304         hci_dev_lock(hdev);
305
306         if (status) {
307                 mgmt_write_scan_failed(hdev, param, status);
308                 hdev->discov_timeout = 0;
309                 goto done;
310         }
311
312         /* We need to ensure that we set this back on if someone changed
313          * the scan mode through a raw HCI socket.
314          */
315         set_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
316
317         old_pscan = test_and_clear_bit(HCI_PSCAN, &hdev->flags);
318         old_iscan = test_and_clear_bit(HCI_ISCAN, &hdev->flags);
319
320         if (param & SCAN_INQUIRY) {
321                 set_bit(HCI_ISCAN, &hdev->flags);
322                 if (!old_iscan)
323                         mgmt_discoverable(hdev, 1);
324         } else if (old_iscan)
325                 mgmt_discoverable(hdev, 0);
326
327         if (param & SCAN_PAGE) {
328                 set_bit(HCI_PSCAN, &hdev->flags);
329                 if (!old_pscan)
330                         mgmt_connectable(hdev, 1);
331         } else if (old_pscan)
332                 mgmt_connectable(hdev, 0);
333
334 done:
335         hci_dev_unlock(hdev);
336 }
337
338 static void hci_cc_read_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
339 {
340         struct hci_rp_read_class_of_dev *rp = (void *) skb->data;
341
342         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
343
344         if (rp->status)
345                 return;
346
347         memcpy(hdev->dev_class, rp->dev_class, 3);
348
349         BT_DBG("%s class 0x%.2x%.2x%.2x", hdev->name,
350                hdev->dev_class[2], hdev->dev_class[1], hdev->dev_class[0]);
351 }
352
353 static void hci_cc_write_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
354 {
355         __u8 status = *((__u8 *) skb->data);
356         void *sent;
357
358         BT_DBG("%s status 0x%2.2x", hdev->name, status);
359
360         sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_CLASS_OF_DEV);
361         if (!sent)
362                 return;
363
364         hci_dev_lock(hdev);
365
366         if (status == 0)
367                 memcpy(hdev->dev_class, sent, 3);
368
369         if (test_bit(HCI_MGMT, &hdev->dev_flags))
370                 mgmt_set_class_of_dev_complete(hdev, sent, status);
371
372         hci_dev_unlock(hdev);
373 }
374
375 static void hci_cc_read_voice_setting(struct hci_dev *hdev, struct sk_buff *skb)
376 {
377         struct hci_rp_read_voice_setting *rp = (void *) skb->data;
378         __u16 setting;
379
380         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
381
382         if (rp->status)
383                 return;
384
385         setting = __le16_to_cpu(rp->voice_setting);
386
387         if (hdev->voice_setting == setting)
388                 return;
389
390         hdev->voice_setting = setting;
391
392         BT_DBG("%s voice setting 0x%4.4x", hdev->name, setting);
393
394         if (hdev->notify)
395                 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
396 }
397
398 static void hci_cc_write_voice_setting(struct hci_dev *hdev,
399                                        struct sk_buff *skb)
400 {
401         __u8 status = *((__u8 *) skb->data);
402         __u16 setting;
403         void *sent;
404
405         BT_DBG("%s status 0x%2.2x", hdev->name, status);
406
407         if (status)
408                 return;
409
410         sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_VOICE_SETTING);
411         if (!sent)
412                 return;
413
414         setting = get_unaligned_le16(sent);
415
416         if (hdev->voice_setting == setting)
417                 return;
418
419         hdev->voice_setting = setting;
420
421         BT_DBG("%s voice setting 0x%4.4x", hdev->name, setting);
422
423         if (hdev->notify)
424                 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
425 }
426
427 static void hci_cc_read_num_supported_iac(struct hci_dev *hdev,
428                                           struct sk_buff *skb)
429 {
430         struct hci_rp_read_num_supported_iac *rp = (void *) skb->data;
431
432         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
433
434         if (rp->status)
435                 return;
436
437         hdev->num_iac = rp->num_iac;
438
439         BT_DBG("%s num iac %d", hdev->name, hdev->num_iac);
440 }
441
442 static void hci_cc_write_ssp_mode(struct hci_dev *hdev, struct sk_buff *skb)
443 {
444         __u8 status = *((__u8 *) skb->data);
445         struct hci_cp_write_ssp_mode *sent;
446
447         BT_DBG("%s status 0x%2.2x", hdev->name, status);
448
449         sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SSP_MODE);
450         if (!sent)
451                 return;
452
453         if (!status) {
454                 if (sent->mode)
455                         hdev->features[1][0] |= LMP_HOST_SSP;
456                 else
457                         hdev->features[1][0] &= ~LMP_HOST_SSP;
458         }
459
460         if (test_bit(HCI_MGMT, &hdev->dev_flags))
461                 mgmt_ssp_enable_complete(hdev, sent->mode, status);
462         else if (!status) {
463                 if (sent->mode)
464                         set_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
465                 else
466                         clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
467         }
468 }
469
470 static void hci_cc_write_sc_support(struct hci_dev *hdev, struct sk_buff *skb)
471 {
472         u8 status = *((u8 *) skb->data);
473         struct hci_cp_write_sc_support *sent;
474
475         BT_DBG("%s status 0x%2.2x", hdev->name, status);
476
477         sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SC_SUPPORT);
478         if (!sent)
479                 return;
480
481         if (!status) {
482                 if (sent->support)
483                         hdev->features[1][0] |= LMP_HOST_SC;
484                 else
485                         hdev->features[1][0] &= ~LMP_HOST_SC;
486         }
487
488         if (test_bit(HCI_MGMT, &hdev->dev_flags))
489                 mgmt_sc_enable_complete(hdev, sent->support, status);
490         else if (!status) {
491                 if (sent->support)
492                         set_bit(HCI_SC_ENABLED, &hdev->dev_flags);
493                 else
494                         clear_bit(HCI_SC_ENABLED, &hdev->dev_flags);
495         }
496 }
497
498 static void hci_cc_read_local_version(struct hci_dev *hdev, struct sk_buff *skb)
499 {
500         struct hci_rp_read_local_version *rp = (void *) skb->data;
501
502         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
503
504         if (rp->status)
505                 return;
506
507         if (test_bit(HCI_SETUP, &hdev->dev_flags)) {
508                 hdev->hci_ver = rp->hci_ver;
509                 hdev->hci_rev = __le16_to_cpu(rp->hci_rev);
510                 hdev->lmp_ver = rp->lmp_ver;
511                 hdev->manufacturer = __le16_to_cpu(rp->manufacturer);
512                 hdev->lmp_subver = __le16_to_cpu(rp->lmp_subver);
513         }
514 }
515
516 static void hci_cc_read_local_commands(struct hci_dev *hdev,
517                                        struct sk_buff *skb)
518 {
519         struct hci_rp_read_local_commands *rp = (void *) skb->data;
520
521         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
522
523         if (rp->status)
524                 return;
525
526         if (test_bit(HCI_SETUP, &hdev->dev_flags))
527                 memcpy(hdev->commands, rp->commands, sizeof(hdev->commands));
528 }
529
530 static void hci_cc_read_local_features(struct hci_dev *hdev,
531                                        struct sk_buff *skb)
532 {
533         struct hci_rp_read_local_features *rp = (void *) skb->data;
534
535         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
536
537         if (rp->status)
538                 return;
539
540         memcpy(hdev->features, rp->features, 8);
541
542         /* Adjust default settings according to features
543          * supported by device. */
544
545         if (hdev->features[0][0] & LMP_3SLOT)
546                 hdev->pkt_type |= (HCI_DM3 | HCI_DH3);
547
548         if (hdev->features[0][0] & LMP_5SLOT)
549                 hdev->pkt_type |= (HCI_DM5 | HCI_DH5);
550
551         if (hdev->features[0][1] & LMP_HV2) {
552                 hdev->pkt_type  |= (HCI_HV2);
553                 hdev->esco_type |= (ESCO_HV2);
554         }
555
556         if (hdev->features[0][1] & LMP_HV3) {
557                 hdev->pkt_type  |= (HCI_HV3);
558                 hdev->esco_type |= (ESCO_HV3);
559         }
560
561         if (lmp_esco_capable(hdev))
562                 hdev->esco_type |= (ESCO_EV3);
563
564         if (hdev->features[0][4] & LMP_EV4)
565                 hdev->esco_type |= (ESCO_EV4);
566
567         if (hdev->features[0][4] & LMP_EV5)
568                 hdev->esco_type |= (ESCO_EV5);
569
570         if (hdev->features[0][5] & LMP_EDR_ESCO_2M)
571                 hdev->esco_type |= (ESCO_2EV3);
572
573         if (hdev->features[0][5] & LMP_EDR_ESCO_3M)
574                 hdev->esco_type |= (ESCO_3EV3);
575
576         if (hdev->features[0][5] & LMP_EDR_3S_ESCO)
577                 hdev->esco_type |= (ESCO_2EV5 | ESCO_3EV5);
578 }
579
580 static void hci_cc_read_local_ext_features(struct hci_dev *hdev,
581                                            struct sk_buff *skb)
582 {
583         struct hci_rp_read_local_ext_features *rp = (void *) skb->data;
584
585         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
586
587         if (rp->status)
588                 return;
589
590         if (hdev->max_page < rp->max_page)
591                 hdev->max_page = rp->max_page;
592
593         if (rp->page < HCI_MAX_PAGES)
594                 memcpy(hdev->features[rp->page], rp->features, 8);
595 }
596
597 static void hci_cc_read_flow_control_mode(struct hci_dev *hdev,
598                                           struct sk_buff *skb)
599 {
600         struct hci_rp_read_flow_control_mode *rp = (void *) skb->data;
601
602         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
603
604         if (!rp->status)
605                 hdev->flow_ctl_mode = rp->mode;
606 }
607
608 static void hci_cc_read_buffer_size(struct hci_dev *hdev, struct sk_buff *skb)
609 {
610         struct hci_rp_read_buffer_size *rp = (void *) skb->data;
611
612         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
613
614         if (rp->status)
615                 return;
616
617         hdev->acl_mtu  = __le16_to_cpu(rp->acl_mtu);
618         hdev->sco_mtu  = rp->sco_mtu;
619         hdev->acl_pkts = __le16_to_cpu(rp->acl_max_pkt);
620         hdev->sco_pkts = __le16_to_cpu(rp->sco_max_pkt);
621
622         if (test_bit(HCI_QUIRK_FIXUP_BUFFER_SIZE, &hdev->quirks)) {
623                 hdev->sco_mtu  = 64;
624                 hdev->sco_pkts = 8;
625         }
626
627         hdev->acl_cnt = hdev->acl_pkts;
628         hdev->sco_cnt = hdev->sco_pkts;
629
630         BT_DBG("%s acl mtu %d:%d sco mtu %d:%d", hdev->name, hdev->acl_mtu,
631                hdev->acl_pkts, hdev->sco_mtu, hdev->sco_pkts);
632 }
633
634 static void hci_cc_read_bd_addr(struct hci_dev *hdev, struct sk_buff *skb)
635 {
636         struct hci_rp_read_bd_addr *rp = (void *) skb->data;
637
638         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
639
640         if (!rp->status)
641                 bacpy(&hdev->bdaddr, &rp->bdaddr);
642 }
643
644 static void hci_cc_read_page_scan_activity(struct hci_dev *hdev,
645                                            struct sk_buff *skb)
646 {
647         struct hci_rp_read_page_scan_activity *rp = (void *) skb->data;
648
649         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
650
651         if (test_bit(HCI_INIT, &hdev->flags) && !rp->status) {
652                 hdev->page_scan_interval = __le16_to_cpu(rp->interval);
653                 hdev->page_scan_window = __le16_to_cpu(rp->window);
654         }
655 }
656
657 static void hci_cc_write_page_scan_activity(struct hci_dev *hdev,
658                                             struct sk_buff *skb)
659 {
660         u8 status = *((u8 *) skb->data);
661         struct hci_cp_write_page_scan_activity *sent;
662
663         BT_DBG("%s status 0x%2.2x", hdev->name, status);
664
665         if (status)
666                 return;
667
668         sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY);
669         if (!sent)
670                 return;
671
672         hdev->page_scan_interval = __le16_to_cpu(sent->interval);
673         hdev->page_scan_window = __le16_to_cpu(sent->window);
674 }
675
676 static void hci_cc_read_page_scan_type(struct hci_dev *hdev,
677                                            struct sk_buff *skb)
678 {
679         struct hci_rp_read_page_scan_type *rp = (void *) skb->data;
680
681         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
682
683         if (test_bit(HCI_INIT, &hdev->flags) && !rp->status)
684                 hdev->page_scan_type = rp->type;
685 }
686
687 static void hci_cc_write_page_scan_type(struct hci_dev *hdev,
688                                         struct sk_buff *skb)
689 {
690         u8 status = *((u8 *) skb->data);
691         u8 *type;
692
693         BT_DBG("%s status 0x%2.2x", hdev->name, status);
694
695         if (status)
696                 return;
697
698         type = hci_sent_cmd_data(hdev, HCI_OP_WRITE_PAGE_SCAN_TYPE);
699         if (type)
700                 hdev->page_scan_type = *type;
701 }
702
703 static void hci_cc_read_data_block_size(struct hci_dev *hdev,
704                                         struct sk_buff *skb)
705 {
706         struct hci_rp_read_data_block_size *rp = (void *) skb->data;
707
708         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
709
710         if (rp->status)
711                 return;
712
713         hdev->block_mtu = __le16_to_cpu(rp->max_acl_len);
714         hdev->block_len = __le16_to_cpu(rp->block_len);
715         hdev->num_blocks = __le16_to_cpu(rp->num_blocks);
716
717         hdev->block_cnt = hdev->num_blocks;
718
719         BT_DBG("%s blk mtu %d cnt %d len %d", hdev->name, hdev->block_mtu,
720                hdev->block_cnt, hdev->block_len);
721 }
722
723 static void hci_cc_read_local_amp_info(struct hci_dev *hdev,
724                                        struct sk_buff *skb)
725 {
726         struct hci_rp_read_local_amp_info *rp = (void *) skb->data;
727
728         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
729
730         if (rp->status)
731                 goto a2mp_rsp;
732
733         hdev->amp_status = rp->amp_status;
734         hdev->amp_total_bw = __le32_to_cpu(rp->total_bw);
735         hdev->amp_max_bw = __le32_to_cpu(rp->max_bw);
736         hdev->amp_min_latency = __le32_to_cpu(rp->min_latency);
737         hdev->amp_max_pdu = __le32_to_cpu(rp->max_pdu);
738         hdev->amp_type = rp->amp_type;
739         hdev->amp_pal_cap = __le16_to_cpu(rp->pal_cap);
740         hdev->amp_assoc_size = __le16_to_cpu(rp->max_assoc_size);
741         hdev->amp_be_flush_to = __le32_to_cpu(rp->be_flush_to);
742         hdev->amp_max_flush_to = __le32_to_cpu(rp->max_flush_to);
743
744 a2mp_rsp:
745         a2mp_send_getinfo_rsp(hdev);
746 }
747
748 static void hci_cc_read_local_amp_assoc(struct hci_dev *hdev,
749                                         struct sk_buff *skb)
750 {
751         struct hci_rp_read_local_amp_assoc *rp = (void *) skb->data;
752         struct amp_assoc *assoc = &hdev->loc_assoc;
753         size_t rem_len, frag_len;
754
755         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
756
757         if (rp->status)
758                 goto a2mp_rsp;
759
760         frag_len = skb->len - sizeof(*rp);
761         rem_len = __le16_to_cpu(rp->rem_len);
762
763         if (rem_len > frag_len) {
764                 BT_DBG("frag_len %zu rem_len %zu", frag_len, rem_len);
765
766                 memcpy(assoc->data + assoc->offset, rp->frag, frag_len);
767                 assoc->offset += frag_len;
768
769                 /* Read other fragments */
770                 amp_read_loc_assoc_frag(hdev, rp->phy_handle);
771
772                 return;
773         }
774
775         memcpy(assoc->data + assoc->offset, rp->frag, rem_len);
776         assoc->len = assoc->offset + rem_len;
777         assoc->offset = 0;
778
779 a2mp_rsp:
780         /* Send A2MP Rsp when all fragments are received */
781         a2mp_send_getampassoc_rsp(hdev, rp->status);
782         a2mp_send_create_phy_link_req(hdev, rp->status);
783 }
784
785 static void hci_cc_read_inq_rsp_tx_power(struct hci_dev *hdev,
786                                          struct sk_buff *skb)
787 {
788         struct hci_rp_read_inq_rsp_tx_power *rp = (void *) skb->data;
789
790         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
791
792         if (!rp->status)
793                 hdev->inq_tx_power = rp->tx_power;
794 }
795
796 static void hci_cc_pin_code_reply(struct hci_dev *hdev, struct sk_buff *skb)
797 {
798         struct hci_rp_pin_code_reply *rp = (void *) skb->data;
799         struct hci_cp_pin_code_reply *cp;
800         struct hci_conn *conn;
801
802         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
803
804         hci_dev_lock(hdev);
805
806         if (test_bit(HCI_MGMT, &hdev->dev_flags))
807                 mgmt_pin_code_reply_complete(hdev, &rp->bdaddr, rp->status);
808
809         if (rp->status)
810                 goto unlock;
811
812         cp = hci_sent_cmd_data(hdev, HCI_OP_PIN_CODE_REPLY);
813         if (!cp)
814                 goto unlock;
815
816         conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
817         if (conn)
818                 conn->pin_length = cp->pin_len;
819
820 unlock:
821         hci_dev_unlock(hdev);
822 }
823
824 static void hci_cc_pin_code_neg_reply(struct hci_dev *hdev, struct sk_buff *skb)
825 {
826         struct hci_rp_pin_code_neg_reply *rp = (void *) skb->data;
827
828         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
829
830         hci_dev_lock(hdev);
831
832         if (test_bit(HCI_MGMT, &hdev->dev_flags))
833                 mgmt_pin_code_neg_reply_complete(hdev, &rp->bdaddr,
834                                                  rp->status);
835
836         hci_dev_unlock(hdev);
837 }
838
839 static void hci_cc_le_read_buffer_size(struct hci_dev *hdev,
840                                        struct sk_buff *skb)
841 {
842         struct hci_rp_le_read_buffer_size *rp = (void *) skb->data;
843
844         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
845
846         if (rp->status)
847                 return;
848
849         hdev->le_mtu = __le16_to_cpu(rp->le_mtu);
850         hdev->le_pkts = rp->le_max_pkt;
851
852         hdev->le_cnt = hdev->le_pkts;
853
854         BT_DBG("%s le mtu %d:%d", hdev->name, hdev->le_mtu, hdev->le_pkts);
855 }
856
857 static void hci_cc_le_read_local_features(struct hci_dev *hdev,
858                                           struct sk_buff *skb)
859 {
860         struct hci_rp_le_read_local_features *rp = (void *) skb->data;
861
862         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
863
864         if (!rp->status)
865                 memcpy(hdev->le_features, rp->features, 8);
866 }
867
868 static void hci_cc_le_read_adv_tx_power(struct hci_dev *hdev,
869                                         struct sk_buff *skb)
870 {
871         struct hci_rp_le_read_adv_tx_power *rp = (void *) skb->data;
872
873         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
874
875         if (!rp->status)
876                 hdev->adv_tx_power = rp->tx_power;
877 }
878
879 static void hci_cc_user_confirm_reply(struct hci_dev *hdev, struct sk_buff *skb)
880 {
881         struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
882
883         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
884
885         hci_dev_lock(hdev);
886
887         if (test_bit(HCI_MGMT, &hdev->dev_flags))
888                 mgmt_user_confirm_reply_complete(hdev, &rp->bdaddr, ACL_LINK, 0,
889                                                  rp->status);
890
891         hci_dev_unlock(hdev);
892 }
893
894 static void hci_cc_user_confirm_neg_reply(struct hci_dev *hdev,
895                                           struct sk_buff *skb)
896 {
897         struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
898
899         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
900
901         hci_dev_lock(hdev);
902
903         if (test_bit(HCI_MGMT, &hdev->dev_flags))
904                 mgmt_user_confirm_neg_reply_complete(hdev, &rp->bdaddr,
905                                                      ACL_LINK, 0, rp->status);
906
907         hci_dev_unlock(hdev);
908 }
909
910 static void hci_cc_user_passkey_reply(struct hci_dev *hdev, struct sk_buff *skb)
911 {
912         struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
913
914         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
915
916         hci_dev_lock(hdev);
917
918         if (test_bit(HCI_MGMT, &hdev->dev_flags))
919                 mgmt_user_passkey_reply_complete(hdev, &rp->bdaddr, ACL_LINK,
920                                                  0, rp->status);
921
922         hci_dev_unlock(hdev);
923 }
924
925 static void hci_cc_user_passkey_neg_reply(struct hci_dev *hdev,
926                                           struct sk_buff *skb)
927 {
928         struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
929
930         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
931
932         hci_dev_lock(hdev);
933
934         if (test_bit(HCI_MGMT, &hdev->dev_flags))
935                 mgmt_user_passkey_neg_reply_complete(hdev, &rp->bdaddr,
936                                                      ACL_LINK, 0, rp->status);
937
938         hci_dev_unlock(hdev);
939 }
940
941 static void hci_cc_read_local_oob_data(struct hci_dev *hdev,
942                                        struct sk_buff *skb)
943 {
944         struct hci_rp_read_local_oob_data *rp = (void *) skb->data;
945
946         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
947
948         hci_dev_lock(hdev);
949         mgmt_read_local_oob_data_complete(hdev, rp->hash, rp->randomizer,
950                                           NULL, NULL, rp->status);
951         hci_dev_unlock(hdev);
952 }
953
954 static void hci_cc_read_local_oob_ext_data(struct hci_dev *hdev,
955                                            struct sk_buff *skb)
956 {
957         struct hci_rp_read_local_oob_ext_data *rp = (void *) skb->data;
958
959         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
960
961         hci_dev_lock(hdev);
962         mgmt_read_local_oob_data_complete(hdev, rp->hash192, rp->randomizer192,
963                                           rp->hash256, rp->randomizer256,
964                                           rp->status);
965         hci_dev_unlock(hdev);
966 }
967
968
969 static void hci_cc_le_set_random_addr(struct hci_dev *hdev, struct sk_buff *skb)
970 {
971         __u8 status = *((__u8 *) skb->data);
972         bdaddr_t *sent;
973
974         BT_DBG("%s status 0x%2.2x", hdev->name, status);
975
976         sent = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_RANDOM_ADDR);
977         if (!sent)
978                 return;
979
980         hci_dev_lock(hdev);
981
982         if (!status)
983                 bacpy(&hdev->random_addr, sent);
984
985         hci_dev_unlock(hdev);
986 }
987
988 static void hci_cc_le_set_adv_enable(struct hci_dev *hdev, struct sk_buff *skb)
989 {
990         __u8 *sent, status = *((__u8 *) skb->data);
991
992         BT_DBG("%s status 0x%2.2x", hdev->name, status);
993
994         sent = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_ADV_ENABLE);
995         if (!sent)
996                 return;
997
998         if (status)
999                 return;
1000
1001         hci_dev_lock(hdev);
1002
1003         /* If we're doing connection initation as peripheral. Set a
1004          * timeout in case something goes wrong.
1005          */
1006         if (*sent) {
1007                 struct hci_conn *conn;
1008
1009                 conn = hci_conn_hash_lookup_state(hdev, LE_LINK, BT_CONNECT);
1010                 if (conn)
1011                         queue_delayed_work(hdev->workqueue,
1012                                            &conn->le_conn_timeout,
1013                                            HCI_LE_CONN_TIMEOUT);
1014         }
1015
1016         mgmt_advertising(hdev, *sent);
1017
1018         hci_dev_unlock(hdev);
1019 }
1020
1021 static void hci_cc_le_set_scan_param(struct hci_dev *hdev, struct sk_buff *skb)
1022 {
1023         struct hci_cp_le_set_scan_param *cp;
1024         __u8 status = *((__u8 *) skb->data);
1025
1026         BT_DBG("%s status 0x%2.2x", hdev->name, status);
1027
1028         cp = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_SCAN_PARAM);
1029         if (!cp)
1030                 return;
1031
1032         hci_dev_lock(hdev);
1033
1034         if (!status)
1035                 hdev->le_scan_type = cp->type;
1036
1037         hci_dev_unlock(hdev);
1038 }
1039
1040 static bool has_pending_adv_report(struct hci_dev *hdev)
1041 {
1042         struct discovery_state *d = &hdev->discovery;
1043
1044         return bacmp(&d->last_adv_addr, BDADDR_ANY);
1045 }
1046
1047 static void clear_pending_adv_report(struct hci_dev *hdev)
1048 {
1049         struct discovery_state *d = &hdev->discovery;
1050
1051         bacpy(&d->last_adv_addr, BDADDR_ANY);
1052         d->last_adv_data_len = 0;
1053 }
1054
1055 static void store_pending_adv_report(struct hci_dev *hdev, bdaddr_t *bdaddr,
1056                                      u8 bdaddr_type, s8 rssi, u8 *data, u8 len)
1057 {
1058         struct discovery_state *d = &hdev->discovery;
1059
1060         bacpy(&d->last_adv_addr, bdaddr);
1061         d->last_adv_addr_type = bdaddr_type;
1062         d->last_adv_rssi = rssi;
1063         memcpy(d->last_adv_data, data, len);
1064         d->last_adv_data_len = len;
1065 }
1066
1067 static void hci_cc_le_set_scan_enable(struct hci_dev *hdev,
1068                                       struct sk_buff *skb)
1069 {
1070         struct hci_cp_le_set_scan_enable *cp;
1071         __u8 status = *((__u8 *) skb->data);
1072
1073         BT_DBG("%s status 0x%2.2x", hdev->name, status);
1074
1075         cp = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_SCAN_ENABLE);
1076         if (!cp)
1077                 return;
1078
1079         if (status)
1080                 return;
1081
1082         switch (cp->enable) {
1083         case LE_SCAN_ENABLE:
1084                 set_bit(HCI_LE_SCAN, &hdev->dev_flags);
1085                 if (hdev->le_scan_type == LE_SCAN_ACTIVE)
1086                         clear_pending_adv_report(hdev);
1087                 break;
1088
1089         case LE_SCAN_DISABLE:
1090                 /* We do this here instead of when setting DISCOVERY_STOPPED
1091                  * since the latter would potentially require waiting for
1092                  * inquiry to stop too.
1093                  */
1094                 if (has_pending_adv_report(hdev)) {
1095                         struct discovery_state *d = &hdev->discovery;
1096
1097                         mgmt_device_found(hdev, &d->last_adv_addr, LE_LINK,
1098                                           d->last_adv_addr_type, NULL,
1099                                           d->last_adv_rssi, 0, 1,
1100                                           d->last_adv_data,
1101                                           d->last_adv_data_len, NULL, 0);
1102                 }
1103
1104                 /* Cancel this timer so that we don't try to disable scanning
1105                  * when it's already disabled.
1106                  */
1107                 cancel_delayed_work(&hdev->le_scan_disable);
1108
1109                 clear_bit(HCI_LE_SCAN, &hdev->dev_flags);
1110                 /* The HCI_LE_SCAN_INTERRUPTED flag indicates that we
1111                  * interrupted scanning due to a connect request. Mark
1112                  * therefore discovery as stopped.
1113                  */
1114                 if (test_and_clear_bit(HCI_LE_SCAN_INTERRUPTED,
1115                                        &hdev->dev_flags))
1116                         hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1117                 break;
1118
1119         default:
1120                 BT_ERR("Used reserved LE_Scan_Enable param %d", cp->enable);
1121                 break;
1122         }
1123 }
1124
1125 static void hci_cc_le_read_white_list_size(struct hci_dev *hdev,
1126                                            struct sk_buff *skb)
1127 {
1128         struct hci_rp_le_read_white_list_size *rp = (void *) skb->data;
1129
1130         BT_DBG("%s status 0x%2.2x size %u", hdev->name, rp->status, rp->size);
1131
1132         if (!rp->status)
1133                 hdev->le_white_list_size = rp->size;
1134 }
1135
1136 static void hci_cc_le_clear_white_list(struct hci_dev *hdev,
1137                                        struct sk_buff *skb)
1138 {
1139         __u8 status = *((__u8 *) skb->data);
1140
1141         BT_DBG("%s status 0x%2.2x", hdev->name, status);
1142
1143         if (!status)
1144                 hci_white_list_clear(hdev);
1145 }
1146
1147 static void hci_cc_le_add_to_white_list(struct hci_dev *hdev,
1148                                         struct sk_buff *skb)
1149 {
1150         struct hci_cp_le_add_to_white_list *sent;
1151         __u8 status = *((__u8 *) skb->data);
1152
1153         BT_DBG("%s status 0x%2.2x", hdev->name, status);
1154
1155         sent = hci_sent_cmd_data(hdev, HCI_OP_LE_ADD_TO_WHITE_LIST);
1156         if (!sent)
1157                 return;
1158
1159         if (!status)
1160                 hci_white_list_add(hdev, &sent->bdaddr, sent->bdaddr_type);
1161 }
1162
1163 static void hci_cc_le_del_from_white_list(struct hci_dev *hdev,
1164                                           struct sk_buff *skb)
1165 {
1166         struct hci_cp_le_del_from_white_list *sent;
1167         __u8 status = *((__u8 *) skb->data);
1168
1169         BT_DBG("%s status 0x%2.2x", hdev->name, status);
1170
1171         sent = hci_sent_cmd_data(hdev, HCI_OP_LE_DEL_FROM_WHITE_LIST);
1172         if (!sent)
1173                 return;
1174
1175         if (!status)
1176                 hci_white_list_del(hdev, &sent->bdaddr, sent->bdaddr_type);
1177 }
1178
1179 static void hci_cc_le_read_supported_states(struct hci_dev *hdev,
1180                                             struct sk_buff *skb)
1181 {
1182         struct hci_rp_le_read_supported_states *rp = (void *) skb->data;
1183
1184         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1185
1186         if (!rp->status)
1187                 memcpy(hdev->le_states, rp->le_states, 8);
1188 }
1189
1190 static void hci_cc_write_le_host_supported(struct hci_dev *hdev,
1191                                            struct sk_buff *skb)
1192 {
1193         struct hci_cp_write_le_host_supported *sent;
1194         __u8 status = *((__u8 *) skb->data);
1195
1196         BT_DBG("%s status 0x%2.2x", hdev->name, status);
1197
1198         sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED);
1199         if (!sent)
1200                 return;
1201
1202         if (!status) {
1203                 if (sent->le) {
1204                         hdev->features[1][0] |= LMP_HOST_LE;
1205                         set_bit(HCI_LE_ENABLED, &hdev->dev_flags);
1206                 } else {
1207                         hdev->features[1][0] &= ~LMP_HOST_LE;
1208                         clear_bit(HCI_LE_ENABLED, &hdev->dev_flags);
1209                         clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
1210                 }
1211
1212                 if (sent->simul)
1213                         hdev->features[1][0] |= LMP_HOST_LE_BREDR;
1214                 else
1215                         hdev->features[1][0] &= ~LMP_HOST_LE_BREDR;
1216         }
1217 }
1218
1219 static void hci_cc_set_adv_param(struct hci_dev *hdev, struct sk_buff *skb)
1220 {
1221         struct hci_cp_le_set_adv_param *cp;
1222         u8 status = *((u8 *) skb->data);
1223
1224         BT_DBG("%s status 0x%2.2x", hdev->name, status);
1225
1226         if (status)
1227                 return;
1228
1229         cp = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_ADV_PARAM);
1230         if (!cp)
1231                 return;
1232
1233         hci_dev_lock(hdev);
1234         hdev->adv_addr_type = cp->own_address_type;
1235         hci_dev_unlock(hdev);
1236 }
1237
1238 static void hci_cc_write_remote_amp_assoc(struct hci_dev *hdev,
1239                                           struct sk_buff *skb)
1240 {
1241         struct hci_rp_write_remote_amp_assoc *rp = (void *) skb->data;
1242
1243         BT_DBG("%s status 0x%2.2x phy_handle 0x%2.2x",
1244                hdev->name, rp->status, rp->phy_handle);
1245
1246         if (rp->status)
1247                 return;
1248
1249         amp_write_rem_assoc_continue(hdev, rp->phy_handle);
1250 }
1251
1252 static void hci_cc_read_rssi(struct hci_dev *hdev, struct sk_buff *skb)
1253 {
1254         struct hci_rp_read_rssi *rp = (void *) skb->data;
1255         struct hci_conn *conn;
1256
1257         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1258
1259         if (rp->status)
1260                 return;
1261
1262         hci_dev_lock(hdev);
1263
1264         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
1265         if (conn)
1266                 conn->rssi = rp->rssi;
1267
1268         hci_dev_unlock(hdev);
1269 }
1270
1271 static void hci_cc_read_tx_power(struct hci_dev *hdev, struct sk_buff *skb)
1272 {
1273         struct hci_cp_read_tx_power *sent;
1274         struct hci_rp_read_tx_power *rp = (void *) skb->data;
1275         struct hci_conn *conn;
1276
1277         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1278
1279         if (rp->status)
1280                 return;
1281
1282         sent = hci_sent_cmd_data(hdev, HCI_OP_READ_TX_POWER);
1283         if (!sent)
1284                 return;
1285
1286         hci_dev_lock(hdev);
1287
1288         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
1289         if (!conn)
1290                 goto unlock;
1291
1292         switch (sent->type) {
1293         case 0x00:
1294                 conn->tx_power = rp->tx_power;
1295                 break;
1296         case 0x01:
1297                 conn->max_tx_power = rp->tx_power;
1298                 break;
1299         }
1300
1301 unlock:
1302         hci_dev_unlock(hdev);
1303 }
1304
1305 static void hci_cs_inquiry(struct hci_dev *hdev, __u8 status)
1306 {
1307         BT_DBG("%s status 0x%2.2x", hdev->name, status);
1308
1309         if (status) {
1310                 hci_conn_check_pending(hdev);
1311                 return;
1312         }
1313
1314         set_bit(HCI_INQUIRY, &hdev->flags);
1315 }
1316
1317 static void hci_cs_create_conn(struct hci_dev *hdev, __u8 status)
1318 {
1319         struct hci_cp_create_conn *cp;
1320         struct hci_conn *conn;
1321
1322         BT_DBG("%s status 0x%2.2x", hdev->name, status);
1323
1324         cp = hci_sent_cmd_data(hdev, HCI_OP_CREATE_CONN);
1325         if (!cp)
1326                 return;
1327
1328         hci_dev_lock(hdev);
1329
1330         conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1331
1332         BT_DBG("%s bdaddr %pMR hcon %p", hdev->name, &cp->bdaddr, conn);
1333
1334         if (status) {
1335                 if (conn && conn->state == BT_CONNECT) {
1336                         if (status != 0x0c || conn->attempt > 2) {
1337                                 conn->state = BT_CLOSED;
1338                                 hci_proto_connect_cfm(conn, status);
1339                                 hci_conn_del(conn);
1340                         } else
1341                                 conn->state = BT_CONNECT2;
1342                 }
1343         } else {
1344                 if (!conn) {
1345                         conn = hci_conn_add(hdev, ACL_LINK, &cp->bdaddr);
1346                         if (conn) {
1347                                 conn->out = true;
1348                                 conn->link_mode |= HCI_LM_MASTER;
1349                         } else
1350                                 BT_ERR("No memory for new connection");
1351                 }
1352         }
1353
1354         hci_dev_unlock(hdev);
1355 }
1356
1357 static void hci_cs_add_sco(struct hci_dev *hdev, __u8 status)
1358 {
1359         struct hci_cp_add_sco *cp;
1360         struct hci_conn *acl, *sco;
1361         __u16 handle;
1362
1363         BT_DBG("%s status 0x%2.2x", hdev->name, status);
1364
1365         if (!status)
1366                 return;
1367
1368         cp = hci_sent_cmd_data(hdev, HCI_OP_ADD_SCO);
1369         if (!cp)
1370                 return;
1371
1372         handle = __le16_to_cpu(cp->handle);
1373
1374         BT_DBG("%s handle 0x%4.4x", hdev->name, handle);
1375
1376         hci_dev_lock(hdev);
1377
1378         acl = hci_conn_hash_lookup_handle(hdev, handle);
1379         if (acl) {
1380                 sco = acl->link;
1381                 if (sco) {
1382                         sco->state = BT_CLOSED;
1383
1384                         hci_proto_connect_cfm(sco, status);
1385                         hci_conn_del(sco);
1386                 }
1387         }
1388
1389         hci_dev_unlock(hdev);
1390 }
1391
1392 static void hci_cs_auth_requested(struct hci_dev *hdev, __u8 status)
1393 {
1394         struct hci_cp_auth_requested *cp;
1395         struct hci_conn *conn;
1396
1397         BT_DBG("%s status 0x%2.2x", hdev->name, status);
1398
1399         if (!status)
1400                 return;
1401
1402         cp = hci_sent_cmd_data(hdev, HCI_OP_AUTH_REQUESTED);
1403         if (!cp)
1404                 return;
1405
1406         hci_dev_lock(hdev);
1407
1408         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1409         if (conn) {
1410                 if (conn->state == BT_CONFIG) {
1411                         hci_proto_connect_cfm(conn, status);
1412                         hci_conn_drop(conn);
1413                 }
1414         }
1415
1416         hci_dev_unlock(hdev);
1417 }
1418
1419 static void hci_cs_set_conn_encrypt(struct hci_dev *hdev, __u8 status)
1420 {
1421         struct hci_cp_set_conn_encrypt *cp;
1422         struct hci_conn *conn;
1423
1424         BT_DBG("%s status 0x%2.2x", hdev->name, status);
1425
1426         if (!status)
1427                 return;
1428
1429         cp = hci_sent_cmd_data(hdev, HCI_OP_SET_CONN_ENCRYPT);
1430         if (!cp)
1431                 return;
1432
1433         hci_dev_lock(hdev);
1434
1435         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1436         if (conn) {
1437                 if (conn->state == BT_CONFIG) {
1438                         hci_proto_connect_cfm(conn, status);
1439                         hci_conn_drop(conn);
1440                 }
1441         }
1442
1443         hci_dev_unlock(hdev);
1444 }
1445
1446 static int hci_outgoing_auth_needed(struct hci_dev *hdev,
1447                                     struct hci_conn *conn)
1448 {
1449         if (conn->state != BT_CONFIG || !conn->out)
1450                 return 0;
1451
1452         if (conn->pending_sec_level == BT_SECURITY_SDP)
1453                 return 0;
1454
1455         /* Only request authentication for SSP connections or non-SSP
1456          * devices with sec_level MEDIUM or HIGH or if MITM protection
1457          * is requested.
1458          */
1459         if (!hci_conn_ssp_enabled(conn) && !(conn->auth_type & 0x01) &&
1460             conn->pending_sec_level != BT_SECURITY_FIPS &&
1461             conn->pending_sec_level != BT_SECURITY_HIGH &&
1462             conn->pending_sec_level != BT_SECURITY_MEDIUM)
1463                 return 0;
1464
1465         return 1;
1466 }
1467
1468 static int hci_resolve_name(struct hci_dev *hdev,
1469                                    struct inquiry_entry *e)
1470 {
1471         struct hci_cp_remote_name_req cp;
1472
1473         memset(&cp, 0, sizeof(cp));
1474
1475         bacpy(&cp.bdaddr, &e->data.bdaddr);
1476         cp.pscan_rep_mode = e->data.pscan_rep_mode;
1477         cp.pscan_mode = e->data.pscan_mode;
1478         cp.clock_offset = e->data.clock_offset;
1479
1480         return hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
1481 }
1482
1483 static bool hci_resolve_next_name(struct hci_dev *hdev)
1484 {
1485         struct discovery_state *discov = &hdev->discovery;
1486         struct inquiry_entry *e;
1487
1488         if (list_empty(&discov->resolve))
1489                 return false;
1490
1491         e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_NEEDED);
1492         if (!e)
1493                 return false;
1494
1495         if (hci_resolve_name(hdev, e) == 0) {
1496                 e->name_state = NAME_PENDING;
1497                 return true;
1498         }
1499
1500         return false;
1501 }
1502
1503 static void hci_check_pending_name(struct hci_dev *hdev, struct hci_conn *conn,
1504                                    bdaddr_t *bdaddr, u8 *name, u8 name_len)
1505 {
1506         struct discovery_state *discov = &hdev->discovery;
1507         struct inquiry_entry *e;
1508
1509         if (conn && !test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
1510                 mgmt_device_connected(hdev, bdaddr, ACL_LINK, 0x00, 0, name,
1511                                       name_len, conn->dev_class);
1512
1513         if (discov->state == DISCOVERY_STOPPED)
1514                 return;
1515
1516         if (discov->state == DISCOVERY_STOPPING)
1517                 goto discov_complete;
1518
1519         if (discov->state != DISCOVERY_RESOLVING)
1520                 return;
1521
1522         e = hci_inquiry_cache_lookup_resolve(hdev, bdaddr, NAME_PENDING);
1523         /* If the device was not found in a list of found devices names of which
1524          * are pending. there is no need to continue resolving a next name as it
1525          * will be done upon receiving another Remote Name Request Complete
1526          * Event */
1527         if (!e)
1528                 return;
1529
1530         list_del(&e->list);
1531         if (name) {
1532                 e->name_state = NAME_KNOWN;
1533                 mgmt_remote_name(hdev, bdaddr, ACL_LINK, 0x00,
1534                                  e->data.rssi, name, name_len);
1535         } else {
1536                 e->name_state = NAME_NOT_KNOWN;
1537         }
1538
1539         if (hci_resolve_next_name(hdev))
1540                 return;
1541
1542 discov_complete:
1543         hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1544 }
1545
1546 static void hci_cs_remote_name_req(struct hci_dev *hdev, __u8 status)
1547 {
1548         struct hci_cp_remote_name_req *cp;
1549         struct hci_conn *conn;
1550
1551         BT_DBG("%s status 0x%2.2x", hdev->name, status);
1552
1553         /* If successful wait for the name req complete event before
1554          * checking for the need to do authentication */
1555         if (!status)
1556                 return;
1557
1558         cp = hci_sent_cmd_data(hdev, HCI_OP_REMOTE_NAME_REQ);
1559         if (!cp)
1560                 return;
1561
1562         hci_dev_lock(hdev);
1563
1564         conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1565
1566         if (test_bit(HCI_MGMT, &hdev->dev_flags))
1567                 hci_check_pending_name(hdev, conn, &cp->bdaddr, NULL, 0);
1568
1569         if (!conn)
1570                 goto unlock;
1571
1572         if (!hci_outgoing_auth_needed(hdev, conn))
1573                 goto unlock;
1574
1575         if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
1576                 struct hci_cp_auth_requested auth_cp;
1577
1578                 auth_cp.handle = __cpu_to_le16(conn->handle);
1579                 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED,
1580                              sizeof(auth_cp), &auth_cp);
1581         }
1582
1583 unlock:
1584         hci_dev_unlock(hdev);
1585 }
1586
1587 static void hci_cs_read_remote_features(struct hci_dev *hdev, __u8 status)
1588 {
1589         struct hci_cp_read_remote_features *cp;
1590         struct hci_conn *conn;
1591
1592         BT_DBG("%s status 0x%2.2x", hdev->name, status);
1593
1594         if (!status)
1595                 return;
1596
1597         cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_FEATURES);
1598         if (!cp)
1599                 return;
1600
1601         hci_dev_lock(hdev);
1602
1603         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1604         if (conn) {
1605                 if (conn->state == BT_CONFIG) {
1606                         hci_proto_connect_cfm(conn, status);
1607                         hci_conn_drop(conn);
1608                 }
1609         }
1610
1611         hci_dev_unlock(hdev);
1612 }
1613
1614 static void hci_cs_read_remote_ext_features(struct hci_dev *hdev, __u8 status)
1615 {
1616         struct hci_cp_read_remote_ext_features *cp;
1617         struct hci_conn *conn;
1618
1619         BT_DBG("%s status 0x%2.2x", hdev->name, status);
1620
1621         if (!status)
1622                 return;
1623
1624         cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES);
1625         if (!cp)
1626                 return;
1627
1628         hci_dev_lock(hdev);
1629
1630         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1631         if (conn) {
1632                 if (conn->state == BT_CONFIG) {
1633                         hci_proto_connect_cfm(conn, status);
1634                         hci_conn_drop(conn);
1635                 }
1636         }
1637
1638         hci_dev_unlock(hdev);
1639 }
1640
1641 static void hci_cs_setup_sync_conn(struct hci_dev *hdev, __u8 status)
1642 {
1643         struct hci_cp_setup_sync_conn *cp;
1644         struct hci_conn *acl, *sco;
1645         __u16 handle;
1646
1647         BT_DBG("%s status 0x%2.2x", hdev->name, status);
1648
1649         if (!status)
1650                 return;
1651
1652         cp = hci_sent_cmd_data(hdev, HCI_OP_SETUP_SYNC_CONN);
1653         if (!cp)
1654                 return;
1655
1656         handle = __le16_to_cpu(cp->handle);
1657
1658         BT_DBG("%s handle 0x%4.4x", hdev->name, handle);
1659
1660         hci_dev_lock(hdev);
1661
1662         acl = hci_conn_hash_lookup_handle(hdev, handle);
1663         if (acl) {
1664                 sco = acl->link;
1665                 if (sco) {
1666                         sco->state = BT_CLOSED;
1667
1668                         hci_proto_connect_cfm(sco, status);
1669                         hci_conn_del(sco);
1670                 }
1671         }
1672
1673         hci_dev_unlock(hdev);
1674 }
1675
1676 static void hci_cs_sniff_mode(struct hci_dev *hdev, __u8 status)
1677 {
1678         struct hci_cp_sniff_mode *cp;
1679         struct hci_conn *conn;
1680
1681         BT_DBG("%s status 0x%2.2x", hdev->name, status);
1682
1683         if (!status)
1684                 return;
1685
1686         cp = hci_sent_cmd_data(hdev, HCI_OP_SNIFF_MODE);
1687         if (!cp)
1688                 return;
1689
1690         hci_dev_lock(hdev);
1691
1692         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1693         if (conn) {
1694                 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags);
1695
1696                 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
1697                         hci_sco_setup(conn, status);
1698         }
1699
1700         hci_dev_unlock(hdev);
1701 }
1702
1703 static void hci_cs_exit_sniff_mode(struct hci_dev *hdev, __u8 status)
1704 {
1705         struct hci_cp_exit_sniff_mode *cp;
1706         struct hci_conn *conn;
1707
1708         BT_DBG("%s status 0x%2.2x", hdev->name, status);
1709
1710         if (!status)
1711                 return;
1712
1713         cp = hci_sent_cmd_data(hdev, HCI_OP_EXIT_SNIFF_MODE);
1714         if (!cp)
1715                 return;
1716
1717         hci_dev_lock(hdev);
1718
1719         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1720         if (conn) {
1721                 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags);
1722
1723                 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
1724                         hci_sco_setup(conn, status);
1725         }
1726
1727         hci_dev_unlock(hdev);
1728 }
1729
1730 static void hci_cs_disconnect(struct hci_dev *hdev, u8 status)
1731 {
1732         struct hci_cp_disconnect *cp;
1733         struct hci_conn *conn;
1734
1735         if (!status)
1736                 return;
1737
1738         cp = hci_sent_cmd_data(hdev, HCI_OP_DISCONNECT);
1739         if (!cp)
1740                 return;
1741
1742         hci_dev_lock(hdev);
1743
1744         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1745         if (conn)
1746                 mgmt_disconnect_failed(hdev, &conn->dst, conn->type,
1747                                        conn->dst_type, status);
1748
1749         hci_dev_unlock(hdev);
1750 }
1751
1752 static void hci_cs_create_phylink(struct hci_dev *hdev, u8 status)
1753 {
1754         struct hci_cp_create_phy_link *cp;
1755
1756         BT_DBG("%s status 0x%2.2x", hdev->name, status);
1757
1758         cp = hci_sent_cmd_data(hdev, HCI_OP_CREATE_PHY_LINK);
1759         if (!cp)
1760                 return;
1761
1762         hci_dev_lock(hdev);
1763
1764         if (status) {
1765                 struct hci_conn *hcon;
1766
1767                 hcon = hci_conn_hash_lookup_handle(hdev, cp->phy_handle);
1768                 if (hcon)
1769                         hci_conn_del(hcon);
1770         } else {
1771                 amp_write_remote_assoc(hdev, cp->phy_handle);
1772         }
1773
1774         hci_dev_unlock(hdev);
1775 }
1776
1777 static void hci_cs_accept_phylink(struct hci_dev *hdev, u8 status)
1778 {
1779         struct hci_cp_accept_phy_link *cp;
1780
1781         BT_DBG("%s status 0x%2.2x", hdev->name, status);
1782
1783         if (status)
1784                 return;
1785
1786         cp = hci_sent_cmd_data(hdev, HCI_OP_ACCEPT_PHY_LINK);
1787         if (!cp)
1788                 return;
1789
1790         amp_write_remote_assoc(hdev, cp->phy_handle);
1791 }
1792
1793 static void hci_cs_le_create_conn(struct hci_dev *hdev, u8 status)
1794 {
1795         struct hci_cp_le_create_conn *cp;
1796         struct hci_conn *conn;
1797
1798         BT_DBG("%s status 0x%2.2x", hdev->name, status);
1799
1800         /* All connection failure handling is taken care of by the
1801          * hci_le_conn_failed function which is triggered by the HCI
1802          * request completion callbacks used for connecting.
1803          */
1804         if (status)
1805                 return;
1806
1807         cp = hci_sent_cmd_data(hdev, HCI_OP_LE_CREATE_CONN);
1808         if (!cp)
1809                 return;
1810
1811         hci_dev_lock(hdev);
1812
1813         conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->peer_addr);
1814         if (!conn)
1815                 goto unlock;
1816
1817         /* Store the initiator and responder address information which
1818          * is needed for SMP. These values will not change during the
1819          * lifetime of the connection.
1820          */
1821         conn->init_addr_type = cp->own_address_type;
1822         if (cp->own_address_type == ADDR_LE_DEV_RANDOM)
1823                 bacpy(&conn->init_addr, &hdev->random_addr);
1824         else
1825                 bacpy(&conn->init_addr, &hdev->bdaddr);
1826
1827         conn->resp_addr_type = cp->peer_addr_type;
1828         bacpy(&conn->resp_addr, &cp->peer_addr);
1829
1830         /* We don't want the connection attempt to stick around
1831          * indefinitely since LE doesn't have a page timeout concept
1832          * like BR/EDR. Set a timer for any connection that doesn't use
1833          * the white list for connecting.
1834          */
1835         if (cp->filter_policy == HCI_LE_USE_PEER_ADDR)
1836                 queue_delayed_work(conn->hdev->workqueue,
1837                                    &conn->le_conn_timeout,
1838                                    HCI_LE_CONN_TIMEOUT);
1839
1840 unlock:
1841         hci_dev_unlock(hdev);
1842 }
1843
1844 static void hci_cs_le_start_enc(struct hci_dev *hdev, u8 status)
1845 {
1846         struct hci_cp_le_start_enc *cp;
1847         struct hci_conn *conn;
1848
1849         BT_DBG("%s status 0x%2.2x", hdev->name, status);
1850
1851         if (!status)
1852                 return;
1853
1854         hci_dev_lock(hdev);
1855
1856         cp = hci_sent_cmd_data(hdev, HCI_OP_LE_START_ENC);
1857         if (!cp)
1858                 goto unlock;
1859
1860         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1861         if (!conn)
1862                 goto unlock;
1863
1864         if (conn->state != BT_CONNECTED)
1865                 goto unlock;
1866
1867         hci_disconnect(conn, HCI_ERROR_AUTH_FAILURE);
1868         hci_conn_drop(conn);
1869
1870 unlock:
1871         hci_dev_unlock(hdev);
1872 }
1873
1874 static void hci_inquiry_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1875 {
1876         __u8 status = *((__u8 *) skb->data);
1877         struct discovery_state *discov = &hdev->discovery;
1878         struct inquiry_entry *e;
1879
1880         BT_DBG("%s status 0x%2.2x", hdev->name, status);
1881
1882         hci_conn_check_pending(hdev);
1883
1884         if (!test_and_clear_bit(HCI_INQUIRY, &hdev->flags))
1885                 return;
1886
1887         smp_mb__after_atomic(); /* wake_up_bit advises about this barrier */
1888         wake_up_bit(&hdev->flags, HCI_INQUIRY);
1889
1890         if (!test_bit(HCI_MGMT, &hdev->dev_flags))
1891                 return;
1892
1893         hci_dev_lock(hdev);
1894
1895         if (discov->state != DISCOVERY_FINDING)
1896                 goto unlock;
1897
1898         if (list_empty(&discov->resolve)) {
1899                 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1900                 goto unlock;
1901         }
1902
1903         e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_NEEDED);
1904         if (e && hci_resolve_name(hdev, e) == 0) {
1905                 e->name_state = NAME_PENDING;
1906                 hci_discovery_set_state(hdev, DISCOVERY_RESOLVING);
1907         } else {
1908                 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1909         }
1910
1911 unlock:
1912         hci_dev_unlock(hdev);
1913 }
1914
1915 static void hci_inquiry_result_evt(struct hci_dev *hdev, struct sk_buff *skb)
1916 {
1917         struct inquiry_data data;
1918         struct inquiry_info *info = (void *) (skb->data + 1);
1919         int num_rsp = *((__u8 *) skb->data);
1920
1921         BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
1922
1923         if (!num_rsp)
1924                 return;
1925
1926         if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags))
1927                 return;
1928
1929         hci_dev_lock(hdev);
1930
1931         for (; num_rsp; num_rsp--, info++) {
1932                 bool name_known, ssp;
1933
1934                 bacpy(&data.bdaddr, &info->bdaddr);
1935                 data.pscan_rep_mode     = info->pscan_rep_mode;
1936                 data.pscan_period_mode  = info->pscan_period_mode;
1937                 data.pscan_mode         = info->pscan_mode;
1938                 memcpy(data.dev_class, info->dev_class, 3);
1939                 data.clock_offset       = info->clock_offset;
1940                 data.rssi               = 0x00;
1941                 data.ssp_mode           = 0x00;
1942
1943                 name_known = hci_inquiry_cache_update(hdev, &data, false, &ssp);
1944                 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
1945                                   info->dev_class, 0, !name_known, ssp, NULL,
1946                                   0, NULL, 0);
1947         }
1948
1949         hci_dev_unlock(hdev);
1950 }
1951
1952 static void hci_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1953 {
1954         struct hci_ev_conn_complete *ev = (void *) skb->data;
1955         struct hci_conn *conn;
1956
1957         BT_DBG("%s", hdev->name);
1958
1959         hci_dev_lock(hdev);
1960
1961         conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
1962         if (!conn) {
1963                 if (ev->link_type != SCO_LINK)
1964                         goto unlock;
1965
1966                 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
1967                 if (!conn)
1968                         goto unlock;
1969
1970                 conn->type = SCO_LINK;
1971         }
1972
1973         if (!ev->status) {
1974                 conn->handle = __le16_to_cpu(ev->handle);
1975
1976                 if (conn->type == ACL_LINK) {
1977                         conn->state = BT_CONFIG;
1978                         hci_conn_hold(conn);
1979
1980                         if (!conn->out && !hci_conn_ssp_enabled(conn) &&
1981                             !hci_find_link_key(hdev, &ev->bdaddr))
1982                                 conn->disc_timeout = HCI_PAIRING_TIMEOUT;
1983                         else
1984                                 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
1985                 } else
1986                         conn->state = BT_CONNECTED;
1987
1988                 hci_conn_add_sysfs(conn);
1989
1990                 if (test_bit(HCI_AUTH, &hdev->flags))
1991                         conn->link_mode |= HCI_LM_AUTH;
1992
1993                 if (test_bit(HCI_ENCRYPT, &hdev->flags))
1994                         conn->link_mode |= HCI_LM_ENCRYPT;
1995
1996                 /* Get remote features */
1997                 if (conn->type == ACL_LINK) {
1998                         struct hci_cp_read_remote_features cp;
1999                         cp.handle = ev->handle;
2000                         hci_send_cmd(hdev, HCI_OP_READ_REMOTE_FEATURES,
2001                                      sizeof(cp), &cp);
2002                 }
2003
2004                 /* Set packet type for incoming connection */
2005                 if (!conn->out && hdev->hci_ver < BLUETOOTH_VER_2_0) {
2006                         struct hci_cp_change_conn_ptype cp;
2007                         cp.handle = ev->handle;
2008                         cp.pkt_type = cpu_to_le16(conn->pkt_type);
2009                         hci_send_cmd(hdev, HCI_OP_CHANGE_CONN_PTYPE, sizeof(cp),
2010                                      &cp);
2011                 }
2012         } else {
2013                 conn->state = BT_CLOSED;
2014                 if (conn->type == ACL_LINK)
2015                         mgmt_connect_failed(hdev, &conn->dst, conn->type,
2016                                             conn->dst_type, ev->status);
2017         }
2018
2019         if (conn->type == ACL_LINK)
2020                 hci_sco_setup(conn, ev->status);
2021
2022         if (ev->status) {
2023                 hci_proto_connect_cfm(conn, ev->status);
2024                 hci_conn_del(conn);
2025         } else if (ev->link_type != ACL_LINK)
2026                 hci_proto_connect_cfm(conn, ev->status);
2027
2028 unlock:
2029         hci_dev_unlock(hdev);
2030
2031         hci_conn_check_pending(hdev);
2032 }
2033
2034 static void hci_conn_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
2035 {
2036         struct hci_ev_conn_request *ev = (void *) skb->data;
2037         int mask = hdev->link_mode;
2038         __u8 flags = 0;
2039
2040         BT_DBG("%s bdaddr %pMR type 0x%x", hdev->name, &ev->bdaddr,
2041                ev->link_type);
2042
2043         mask |= hci_proto_connect_ind(hdev, &ev->bdaddr, ev->link_type,
2044                                       &flags);
2045
2046         if ((mask & HCI_LM_ACCEPT) &&
2047             !hci_blacklist_lookup(hdev, &ev->bdaddr, BDADDR_BREDR)) {
2048                 /* Connection accepted */
2049                 struct inquiry_entry *ie;
2050                 struct hci_conn *conn;
2051
2052                 hci_dev_lock(hdev);
2053
2054                 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
2055                 if (ie)
2056                         memcpy(ie->data.dev_class, ev->dev_class, 3);
2057
2058                 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type,
2059                                                &ev->bdaddr);
2060                 if (!conn) {
2061                         conn = hci_conn_add(hdev, ev->link_type, &ev->bdaddr);
2062                         if (!conn) {
2063                                 BT_ERR("No memory for new connection");
2064                                 hci_dev_unlock(hdev);
2065                                 return;
2066                         }
2067                 }
2068
2069                 memcpy(conn->dev_class, ev->dev_class, 3);
2070
2071                 hci_dev_unlock(hdev);
2072
2073                 if (ev->link_type == ACL_LINK ||
2074                     (!(flags & HCI_PROTO_DEFER) && !lmp_esco_capable(hdev))) {
2075                         struct hci_cp_accept_conn_req cp;
2076                         conn->state = BT_CONNECT;
2077
2078                         bacpy(&cp.bdaddr, &ev->bdaddr);
2079
2080                         if (lmp_rswitch_capable(hdev) && (mask & HCI_LM_MASTER))
2081                                 cp.role = 0x00; /* Become master */
2082                         else
2083                                 cp.role = 0x01; /* Remain slave */
2084
2085                         hci_send_cmd(hdev, HCI_OP_ACCEPT_CONN_REQ, sizeof(cp),
2086                                      &cp);
2087                 } else if (!(flags & HCI_PROTO_DEFER)) {
2088                         struct hci_cp_accept_sync_conn_req cp;
2089                         conn->state = BT_CONNECT;
2090
2091                         bacpy(&cp.bdaddr, &ev->bdaddr);
2092                         cp.pkt_type = cpu_to_le16(conn->pkt_type);
2093
2094                         cp.tx_bandwidth   = cpu_to_le32(0x00001f40);
2095                         cp.rx_bandwidth   = cpu_to_le32(0x00001f40);
2096                         cp.max_latency    = cpu_to_le16(0xffff);
2097                         cp.content_format = cpu_to_le16(hdev->voice_setting);
2098                         cp.retrans_effort = 0xff;
2099
2100                         hci_send_cmd(hdev, HCI_OP_ACCEPT_SYNC_CONN_REQ,
2101                                      sizeof(cp), &cp);
2102                 } else {
2103                         conn->state = BT_CONNECT2;
2104                         hci_proto_connect_cfm(conn, 0);
2105                 }
2106         } else {
2107                 /* Connection rejected */
2108                 struct hci_cp_reject_conn_req cp;
2109
2110                 bacpy(&cp.bdaddr, &ev->bdaddr);
2111                 cp.reason = HCI_ERROR_REJ_BAD_ADDR;
2112                 hci_send_cmd(hdev, HCI_OP_REJECT_CONN_REQ, sizeof(cp), &cp);
2113         }
2114 }
2115
2116 static u8 hci_to_mgmt_reason(u8 err)
2117 {
2118         switch (err) {
2119         case HCI_ERROR_CONNECTION_TIMEOUT:
2120                 return MGMT_DEV_DISCONN_TIMEOUT;
2121         case HCI_ERROR_REMOTE_USER_TERM:
2122         case HCI_ERROR_REMOTE_LOW_RESOURCES:
2123         case HCI_ERROR_REMOTE_POWER_OFF:
2124                 return MGMT_DEV_DISCONN_REMOTE;
2125         case HCI_ERROR_LOCAL_HOST_TERM:
2126                 return MGMT_DEV_DISCONN_LOCAL_HOST;
2127         default:
2128                 return MGMT_DEV_DISCONN_UNKNOWN;
2129         }
2130 }
2131
2132 static void hci_disconn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2133 {
2134         struct hci_ev_disconn_complete *ev = (void *) skb->data;
2135         u8 reason = hci_to_mgmt_reason(ev->reason);
2136         struct hci_conn_params *params;
2137         struct hci_conn *conn;
2138         bool mgmt_connected;
2139         u8 type;
2140
2141         BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2142
2143         hci_dev_lock(hdev);
2144
2145         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2146         if (!conn)
2147                 goto unlock;
2148
2149         if (ev->status) {
2150                 mgmt_disconnect_failed(hdev, &conn->dst, conn->type,
2151                                        conn->dst_type, ev->status);
2152                 goto unlock;
2153         }
2154
2155         conn->state = BT_CLOSED;
2156
2157         mgmt_connected = test_and_clear_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags);
2158         mgmt_device_disconnected(hdev, &conn->dst, conn->type, conn->dst_type,
2159                                 reason, mgmt_connected);
2160
2161         if (conn->type == ACL_LINK && conn->flush_key)
2162                 hci_remove_link_key(hdev, &conn->dst);
2163
2164         params = hci_conn_params_lookup(hdev, &conn->dst, conn->dst_type);
2165         if (params) {
2166                 switch (params->auto_connect) {
2167                 case HCI_AUTO_CONN_LINK_LOSS:
2168                         if (ev->reason != HCI_ERROR_CONNECTION_TIMEOUT)
2169                                 break;
2170                         /* Fall through */
2171
2172                 case HCI_AUTO_CONN_ALWAYS:
2173                         hci_pend_le_conn_add(hdev, &conn->dst, conn->dst_type);
2174                         break;
2175
2176                 default:
2177                         break;
2178                 }
2179         }
2180
2181         type = conn->type;
2182
2183         hci_proto_disconn_cfm(conn, ev->reason);
2184         hci_conn_del(conn);
2185
2186         /* Re-enable advertising if necessary, since it might
2187          * have been disabled by the connection. From the
2188          * HCI_LE_Set_Advertise_Enable command description in
2189          * the core specification (v4.0):
2190          * "The Controller shall continue advertising until the Host
2191          * issues an LE_Set_Advertise_Enable command with
2192          * Advertising_Enable set to 0x00 (Advertising is disabled)
2193          * or until a connection is created or until the Advertising
2194          * is timed out due to Directed Advertising."
2195          */
2196         if (type == LE_LINK)
2197                 mgmt_reenable_advertising(hdev);
2198
2199 unlock:
2200         hci_dev_unlock(hdev);
2201 }
2202
2203 static void hci_auth_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2204 {
2205         struct hci_ev_auth_complete *ev = (void *) skb->data;
2206         struct hci_conn *conn;
2207
2208         BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2209
2210         hci_dev_lock(hdev);
2211
2212         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2213         if (!conn)
2214                 goto unlock;
2215
2216         if (!ev->status) {
2217                 if (!hci_conn_ssp_enabled(conn) &&
2218                     test_bit(HCI_CONN_REAUTH_PEND, &conn->flags)) {
2219                         BT_INFO("re-auth of legacy device is not possible.");
2220                 } else {
2221                         conn->link_mode |= HCI_LM_AUTH;
2222                         conn->sec_level = conn->pending_sec_level;
2223                 }
2224         } else {
2225                 mgmt_auth_failed(hdev, &conn->dst, conn->type, conn->dst_type,
2226                                  ev->status);
2227         }
2228
2229         clear_bit(HCI_CONN_AUTH_PEND, &conn->flags);
2230         clear_bit(HCI_CONN_REAUTH_PEND, &conn->flags);
2231
2232         if (conn->state == BT_CONFIG) {
2233                 if (!ev->status && hci_conn_ssp_enabled(conn)) {
2234                         struct hci_cp_set_conn_encrypt cp;
2235                         cp.handle  = ev->handle;
2236                         cp.encrypt = 0x01;
2237                         hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
2238                                      &cp);
2239                 } else {
2240                         conn->state = BT_CONNECTED;
2241                         hci_proto_connect_cfm(conn, ev->status);
2242                         hci_conn_drop(conn);
2243                 }
2244         } else {
2245                 hci_auth_cfm(conn, ev->status);
2246
2247                 hci_conn_hold(conn);
2248                 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
2249                 hci_conn_drop(conn);
2250         }
2251
2252         if (test_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags)) {
2253                 if (!ev->status) {
2254                         struct hci_cp_set_conn_encrypt cp;
2255                         cp.handle  = ev->handle;
2256                         cp.encrypt = 0x01;
2257                         hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
2258                                      &cp);
2259                 } else {
2260                         clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
2261                         hci_encrypt_cfm(conn, ev->status, 0x00);
2262                 }
2263         }
2264
2265 unlock:
2266         hci_dev_unlock(hdev);
2267 }
2268
2269 static void hci_remote_name_evt(struct hci_dev *hdev, struct sk_buff *skb)
2270 {
2271         struct hci_ev_remote_name *ev = (void *) skb->data;
2272         struct hci_conn *conn;
2273
2274         BT_DBG("%s", hdev->name);
2275
2276         hci_conn_check_pending(hdev);
2277
2278         hci_dev_lock(hdev);
2279
2280         conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2281
2282         if (!test_bit(HCI_MGMT, &hdev->dev_flags))
2283                 goto check_auth;
2284
2285         if (ev->status == 0)
2286                 hci_check_pending_name(hdev, conn, &ev->bdaddr, ev->name,
2287                                        strnlen(ev->name, HCI_MAX_NAME_LENGTH));
2288         else
2289                 hci_check_pending_name(hdev, conn, &ev->bdaddr, NULL, 0);
2290
2291 check_auth:
2292         if (!conn)
2293                 goto unlock;
2294
2295         if (!hci_outgoing_auth_needed(hdev, conn))
2296                 goto unlock;
2297
2298         if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
2299                 struct hci_cp_auth_requested cp;
2300                 cp.handle = __cpu_to_le16(conn->handle);
2301                 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp);
2302         }
2303
2304 unlock:
2305         hci_dev_unlock(hdev);
2306 }
2307
2308 static void hci_encrypt_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2309 {
2310         struct hci_ev_encrypt_change *ev = (void *) skb->data;
2311         struct hci_conn *conn;
2312
2313         BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2314
2315         hci_dev_lock(hdev);
2316
2317         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2318         if (!conn)
2319                 goto unlock;
2320
2321         if (!ev->status) {
2322                 if (ev->encrypt) {
2323                         /* Encryption implies authentication */
2324                         conn->link_mode |= HCI_LM_AUTH;
2325                         conn->link_mode |= HCI_LM_ENCRYPT;
2326                         conn->sec_level = conn->pending_sec_level;
2327
2328                         /* P-256 authentication key implies FIPS */
2329                         if (conn->key_type == HCI_LK_AUTH_COMBINATION_P256)
2330                                 conn->link_mode |= HCI_LM_FIPS;
2331
2332                         if ((conn->type == ACL_LINK && ev->encrypt == 0x02) ||
2333                             conn->type == LE_LINK)
2334                                 set_bit(HCI_CONN_AES_CCM, &conn->flags);
2335                 } else {
2336                         conn->link_mode &= ~HCI_LM_ENCRYPT;
2337                         clear_bit(HCI_CONN_AES_CCM, &conn->flags);
2338                 }
2339         }
2340
2341         clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
2342
2343         if (ev->status && conn->state == BT_CONNECTED) {
2344                 hci_disconnect(conn, HCI_ERROR_AUTH_FAILURE);
2345                 hci_conn_drop(conn);
2346                 goto unlock;
2347         }
2348
2349         if (conn->state == BT_CONFIG) {
2350                 if (!ev->status)
2351                         conn->state = BT_CONNECTED;
2352
2353                 /* In Secure Connections Only mode, do not allow any
2354                  * connections that are not encrypted with AES-CCM
2355                  * using a P-256 authenticated combination key.
2356                  */
2357                 if (test_bit(HCI_SC_ONLY, &hdev->dev_flags) &&
2358                     (!test_bit(HCI_CONN_AES_CCM, &conn->flags) ||
2359                      conn->key_type != HCI_LK_AUTH_COMBINATION_P256)) {
2360                         hci_proto_connect_cfm(conn, HCI_ERROR_AUTH_FAILURE);
2361                         hci_conn_drop(conn);
2362                         goto unlock;
2363                 }
2364
2365                 hci_proto_connect_cfm(conn, ev->status);
2366                 hci_conn_drop(conn);
2367         } else
2368                 hci_encrypt_cfm(conn, ev->status, ev->encrypt);
2369
2370 unlock:
2371         hci_dev_unlock(hdev);
2372 }
2373
2374 static void hci_change_link_key_complete_evt(struct hci_dev *hdev,
2375                                              struct sk_buff *skb)
2376 {
2377         struct hci_ev_change_link_key_complete *ev = (void *) skb->data;
2378         struct hci_conn *conn;
2379
2380         BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2381
2382         hci_dev_lock(hdev);
2383
2384         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2385         if (conn) {
2386                 if (!ev->status)
2387                         conn->link_mode |= HCI_LM_SECURE;
2388
2389                 clear_bit(HCI_CONN_AUTH_PEND, &conn->flags);
2390
2391                 hci_key_change_cfm(conn, ev->status);
2392         }
2393
2394         hci_dev_unlock(hdev);
2395 }
2396
2397 static void hci_remote_features_evt(struct hci_dev *hdev,
2398                                     struct sk_buff *skb)
2399 {
2400         struct hci_ev_remote_features *ev = (void *) skb->data;
2401         struct hci_conn *conn;
2402
2403         BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2404
2405         hci_dev_lock(hdev);
2406
2407         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2408         if (!conn)
2409                 goto unlock;
2410
2411         if (!ev->status)
2412                 memcpy(conn->features[0], ev->features, 8);
2413
2414         if (conn->state != BT_CONFIG)
2415                 goto unlock;
2416
2417         if (!ev->status && lmp_ssp_capable(hdev) && lmp_ssp_capable(conn)) {
2418                 struct hci_cp_read_remote_ext_features cp;
2419                 cp.handle = ev->handle;
2420                 cp.page = 0x01;
2421                 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES,
2422                              sizeof(cp), &cp);
2423                 goto unlock;
2424         }
2425
2426         if (!ev->status && !test_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags)) {
2427                 struct hci_cp_remote_name_req cp;
2428                 memset(&cp, 0, sizeof(cp));
2429                 bacpy(&cp.bdaddr, &conn->dst);
2430                 cp.pscan_rep_mode = 0x02;
2431                 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
2432         } else if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
2433                 mgmt_device_connected(hdev, &conn->dst, conn->type,
2434                                       conn->dst_type, 0, NULL, 0,
2435                                       conn->dev_class);
2436
2437         if (!hci_outgoing_auth_needed(hdev, conn)) {
2438                 conn->state = BT_CONNECTED;
2439                 hci_proto_connect_cfm(conn, ev->status);
2440                 hci_conn_drop(conn);
2441         }
2442
2443 unlock:
2444         hci_dev_unlock(hdev);
2445 }
2446
2447 static void hci_cmd_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2448 {
2449         struct hci_ev_cmd_complete *ev = (void *) skb->data;
2450         u8 status = skb->data[sizeof(*ev)];
2451         __u16 opcode;
2452
2453         skb_pull(skb, sizeof(*ev));
2454
2455         opcode = __le16_to_cpu(ev->opcode);
2456
2457         switch (opcode) {
2458         case HCI_OP_INQUIRY_CANCEL:
2459                 hci_cc_inquiry_cancel(hdev, skb);
2460                 break;
2461
2462         case HCI_OP_PERIODIC_INQ:
2463                 hci_cc_periodic_inq(hdev, skb);
2464                 break;
2465
2466         case HCI_OP_EXIT_PERIODIC_INQ:
2467                 hci_cc_exit_periodic_inq(hdev, skb);
2468                 break;
2469
2470         case HCI_OP_REMOTE_NAME_REQ_CANCEL:
2471                 hci_cc_remote_name_req_cancel(hdev, skb);
2472                 break;
2473
2474         case HCI_OP_ROLE_DISCOVERY:
2475                 hci_cc_role_discovery(hdev, skb);
2476                 break;
2477
2478         case HCI_OP_READ_LINK_POLICY:
2479                 hci_cc_read_link_policy(hdev, skb);
2480                 break;
2481
2482         case HCI_OP_WRITE_LINK_POLICY:
2483                 hci_cc_write_link_policy(hdev, skb);
2484                 break;
2485
2486         case HCI_OP_READ_DEF_LINK_POLICY:
2487                 hci_cc_read_def_link_policy(hdev, skb);
2488                 break;
2489
2490         case HCI_OP_WRITE_DEF_LINK_POLICY:
2491                 hci_cc_write_def_link_policy(hdev, skb);
2492                 break;
2493
2494         case HCI_OP_RESET:
2495                 hci_cc_reset(hdev, skb);
2496                 break;
2497
2498         case HCI_OP_WRITE_LOCAL_NAME:
2499                 hci_cc_write_local_name(hdev, skb);
2500                 break;
2501
2502         case HCI_OP_READ_LOCAL_NAME:
2503                 hci_cc_read_local_name(hdev, skb);
2504                 break;
2505
2506         case HCI_OP_WRITE_AUTH_ENABLE:
2507                 hci_cc_write_auth_enable(hdev, skb);
2508                 break;
2509
2510         case HCI_OP_WRITE_ENCRYPT_MODE:
2511                 hci_cc_write_encrypt_mode(hdev, skb);
2512                 break;
2513
2514         case HCI_OP_WRITE_SCAN_ENABLE:
2515                 hci_cc_write_scan_enable(hdev, skb);
2516                 break;
2517
2518         case HCI_OP_READ_CLASS_OF_DEV:
2519                 hci_cc_read_class_of_dev(hdev, skb);
2520                 break;
2521
2522         case HCI_OP_WRITE_CLASS_OF_DEV:
2523                 hci_cc_write_class_of_dev(hdev, skb);
2524                 break;
2525
2526         case HCI_OP_READ_VOICE_SETTING:
2527                 hci_cc_read_voice_setting(hdev, skb);
2528                 break;
2529
2530         case HCI_OP_WRITE_VOICE_SETTING:
2531                 hci_cc_write_voice_setting(hdev, skb);
2532                 break;
2533
2534         case HCI_OP_READ_NUM_SUPPORTED_IAC:
2535                 hci_cc_read_num_supported_iac(hdev, skb);
2536                 break;
2537
2538         case HCI_OP_WRITE_SSP_MODE:
2539                 hci_cc_write_ssp_mode(hdev, skb);
2540                 break;
2541
2542         case HCI_OP_WRITE_SC_SUPPORT:
2543                 hci_cc_write_sc_support(hdev, skb);
2544                 break;
2545
2546         case HCI_OP_READ_LOCAL_VERSION:
2547                 hci_cc_read_local_version(hdev, skb);
2548                 break;
2549
2550         case HCI_OP_READ_LOCAL_COMMANDS:
2551                 hci_cc_read_local_commands(hdev, skb);
2552                 break;
2553
2554         case HCI_OP_READ_LOCAL_FEATURES:
2555                 hci_cc_read_local_features(hdev, skb);
2556                 break;
2557
2558         case HCI_OP_READ_LOCAL_EXT_FEATURES:
2559                 hci_cc_read_local_ext_features(hdev, skb);
2560                 break;
2561
2562         case HCI_OP_READ_BUFFER_SIZE:
2563                 hci_cc_read_buffer_size(hdev, skb);
2564                 break;
2565
2566         case HCI_OP_READ_BD_ADDR:
2567                 hci_cc_read_bd_addr(hdev, skb);
2568                 break;
2569
2570         case HCI_OP_READ_PAGE_SCAN_ACTIVITY:
2571                 hci_cc_read_page_scan_activity(hdev, skb);
2572                 break;
2573
2574         case HCI_OP_WRITE_PAGE_SCAN_ACTIVITY:
2575                 hci_cc_write_page_scan_activity(hdev, skb);
2576                 break;
2577
2578         case HCI_OP_READ_PAGE_SCAN_TYPE:
2579                 hci_cc_read_page_scan_type(hdev, skb);
2580                 break;
2581
2582         case HCI_OP_WRITE_PAGE_SCAN_TYPE:
2583                 hci_cc_write_page_scan_type(hdev, skb);
2584                 break;
2585
2586         case HCI_OP_READ_DATA_BLOCK_SIZE:
2587                 hci_cc_read_data_block_size(hdev, skb);
2588                 break;
2589
2590         case HCI_OP_READ_FLOW_CONTROL_MODE:
2591                 hci_cc_read_flow_control_mode(hdev, skb);
2592                 break;
2593
2594         case HCI_OP_READ_LOCAL_AMP_INFO:
2595                 hci_cc_read_local_amp_info(hdev, skb);
2596                 break;
2597
2598         case HCI_OP_READ_LOCAL_AMP_ASSOC:
2599                 hci_cc_read_local_amp_assoc(hdev, skb);
2600                 break;
2601
2602         case HCI_OP_READ_INQ_RSP_TX_POWER:
2603                 hci_cc_read_inq_rsp_tx_power(hdev, skb);
2604                 break;
2605
2606         case HCI_OP_PIN_CODE_REPLY:
2607                 hci_cc_pin_code_reply(hdev, skb);
2608                 break;
2609
2610         case HCI_OP_PIN_CODE_NEG_REPLY:
2611                 hci_cc_pin_code_neg_reply(hdev, skb);
2612                 break;
2613
2614         case HCI_OP_READ_LOCAL_OOB_DATA:
2615                 hci_cc_read_local_oob_data(hdev, skb);
2616                 break;
2617
2618         case HCI_OP_READ_LOCAL_OOB_EXT_DATA:
2619                 hci_cc_read_local_oob_ext_data(hdev, skb);
2620                 break;
2621
2622         case HCI_OP_LE_READ_BUFFER_SIZE:
2623                 hci_cc_le_read_buffer_size(hdev, skb);
2624                 break;
2625
2626         case HCI_OP_LE_READ_LOCAL_FEATURES:
2627                 hci_cc_le_read_local_features(hdev, skb);
2628                 break;
2629
2630         case HCI_OP_LE_READ_ADV_TX_POWER:
2631                 hci_cc_le_read_adv_tx_power(hdev, skb);
2632                 break;
2633
2634         case HCI_OP_USER_CONFIRM_REPLY:
2635                 hci_cc_user_confirm_reply(hdev, skb);
2636                 break;
2637
2638         case HCI_OP_USER_CONFIRM_NEG_REPLY:
2639                 hci_cc_user_confirm_neg_reply(hdev, skb);
2640                 break;
2641
2642         case HCI_OP_USER_PASSKEY_REPLY:
2643                 hci_cc_user_passkey_reply(hdev, skb);
2644                 break;
2645
2646         case HCI_OP_USER_PASSKEY_NEG_REPLY:
2647                 hci_cc_user_passkey_neg_reply(hdev, skb);
2648                 break;
2649
2650         case HCI_OP_LE_SET_RANDOM_ADDR:
2651                 hci_cc_le_set_random_addr(hdev, skb);
2652                 break;
2653
2654         case HCI_OP_LE_SET_ADV_ENABLE:
2655                 hci_cc_le_set_adv_enable(hdev, skb);
2656                 break;
2657
2658         case HCI_OP_LE_SET_SCAN_PARAM:
2659                 hci_cc_le_set_scan_param(hdev, skb);
2660                 break;
2661
2662         case HCI_OP_LE_SET_SCAN_ENABLE:
2663                 hci_cc_le_set_scan_enable(hdev, skb);
2664                 break;
2665
2666         case HCI_OP_LE_READ_WHITE_LIST_SIZE:
2667                 hci_cc_le_read_white_list_size(hdev, skb);
2668                 break;
2669
2670         case HCI_OP_LE_CLEAR_WHITE_LIST:
2671                 hci_cc_le_clear_white_list(hdev, skb);
2672                 break;
2673
2674         case HCI_OP_LE_ADD_TO_WHITE_LIST:
2675                 hci_cc_le_add_to_white_list(hdev, skb);
2676                 break;
2677
2678         case HCI_OP_LE_DEL_FROM_WHITE_LIST:
2679                 hci_cc_le_del_from_white_list(hdev, skb);
2680                 break;
2681
2682         case HCI_OP_LE_READ_SUPPORTED_STATES:
2683                 hci_cc_le_read_supported_states(hdev, skb);
2684                 break;
2685
2686         case HCI_OP_WRITE_LE_HOST_SUPPORTED:
2687                 hci_cc_write_le_host_supported(hdev, skb);
2688                 break;
2689
2690         case HCI_OP_LE_SET_ADV_PARAM:
2691                 hci_cc_set_adv_param(hdev, skb);
2692                 break;
2693
2694         case HCI_OP_WRITE_REMOTE_AMP_ASSOC:
2695                 hci_cc_write_remote_amp_assoc(hdev, skb);
2696                 break;
2697
2698         case HCI_OP_READ_RSSI:
2699                 hci_cc_read_rssi(hdev, skb);
2700                 break;
2701
2702         case HCI_OP_READ_TX_POWER:
2703                 hci_cc_read_tx_power(hdev, skb);
2704                 break;
2705
2706         default:
2707                 BT_DBG("%s opcode 0x%4.4x", hdev->name, opcode);
2708                 break;
2709         }
2710
2711         if (opcode != HCI_OP_NOP)
2712                 del_timer(&hdev->cmd_timer);
2713
2714         hci_req_cmd_complete(hdev, opcode, status);
2715
2716         if (ev->ncmd && !test_bit(HCI_RESET, &hdev->flags)) {
2717                 atomic_set(&hdev->cmd_cnt, 1);
2718                 if (!skb_queue_empty(&hdev->cmd_q))
2719                         queue_work(hdev->workqueue, &hdev->cmd_work);
2720         }
2721 }
2722
2723 static void hci_cmd_status_evt(struct hci_dev *hdev, struct sk_buff *skb)
2724 {
2725         struct hci_ev_cmd_status *ev = (void *) skb->data;
2726         __u16 opcode;
2727
2728         skb_pull(skb, sizeof(*ev));
2729
2730         opcode = __le16_to_cpu(ev->opcode);
2731
2732         switch (opcode) {
2733         case HCI_OP_INQUIRY:
2734                 hci_cs_inquiry(hdev, ev->status);
2735                 break;
2736
2737         case HCI_OP_CREATE_CONN:
2738                 hci_cs_create_conn(hdev, ev->status);
2739                 break;
2740
2741         case HCI_OP_ADD_SCO:
2742                 hci_cs_add_sco(hdev, ev->status);
2743                 break;
2744
2745         case HCI_OP_AUTH_REQUESTED:
2746                 hci_cs_auth_requested(hdev, ev->status);
2747                 break;
2748
2749         case HCI_OP_SET_CONN_ENCRYPT:
2750                 hci_cs_set_conn_encrypt(hdev, ev->status);
2751                 break;
2752
2753         case HCI_OP_REMOTE_NAME_REQ:
2754                 hci_cs_remote_name_req(hdev, ev->status);
2755                 break;
2756
2757         case HCI_OP_READ_REMOTE_FEATURES:
2758                 hci_cs_read_remote_features(hdev, ev->status);
2759                 break;
2760
2761         case HCI_OP_READ_REMOTE_EXT_FEATURES:
2762                 hci_cs_read_remote_ext_features(hdev, ev->status);
2763                 break;
2764
2765         case HCI_OP_SETUP_SYNC_CONN:
2766                 hci_cs_setup_sync_conn(hdev, ev->status);
2767                 break;
2768
2769         case HCI_OP_SNIFF_MODE:
2770                 hci_cs_sniff_mode(hdev, ev->status);
2771                 break;
2772
2773         case HCI_OP_EXIT_SNIFF_MODE:
2774                 hci_cs_exit_sniff_mode(hdev, ev->status);
2775                 break;
2776
2777         case HCI_OP_DISCONNECT:
2778                 hci_cs_disconnect(hdev, ev->status);
2779                 break;
2780
2781         case HCI_OP_CREATE_PHY_LINK:
2782                 hci_cs_create_phylink(hdev, ev->status);
2783                 break;
2784
2785         case HCI_OP_ACCEPT_PHY_LINK:
2786                 hci_cs_accept_phylink(hdev, ev->status);
2787                 break;
2788
2789         case HCI_OP_LE_CREATE_CONN:
2790                 hci_cs_le_create_conn(hdev, ev->status);
2791                 break;
2792
2793         case HCI_OP_LE_START_ENC:
2794                 hci_cs_le_start_enc(hdev, ev->status);
2795                 break;
2796
2797         default:
2798                 BT_DBG("%s opcode 0x%4.4x", hdev->name, opcode);
2799                 break;
2800         }
2801
2802         if (opcode != HCI_OP_NOP)
2803                 del_timer(&hdev->cmd_timer);
2804
2805         if (ev->status ||
2806             (hdev->sent_cmd && !bt_cb(hdev->sent_cmd)->req.event))
2807                 hci_req_cmd_complete(hdev, opcode, ev->status);
2808
2809         if (ev->ncmd && !test_bit(HCI_RESET, &hdev->flags)) {
2810                 atomic_set(&hdev->cmd_cnt, 1);
2811                 if (!skb_queue_empty(&hdev->cmd_q))
2812                         queue_work(hdev->workqueue, &hdev->cmd_work);
2813         }
2814 }
2815
2816 static void hci_role_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2817 {
2818         struct hci_ev_role_change *ev = (void *) skb->data;
2819         struct hci_conn *conn;
2820
2821         BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2822
2823         hci_dev_lock(hdev);
2824
2825         conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2826         if (conn) {
2827                 if (!ev->status) {
2828                         if (ev->role)
2829                                 conn->link_mode &= ~HCI_LM_MASTER;
2830                         else
2831                                 conn->link_mode |= HCI_LM_MASTER;
2832                 }
2833
2834                 clear_bit(HCI_CONN_RSWITCH_PEND, &conn->flags);
2835
2836                 hci_role_switch_cfm(conn, ev->status, ev->role);
2837         }
2838
2839         hci_dev_unlock(hdev);
2840 }
2841
2842 static void hci_num_comp_pkts_evt(struct hci_dev *hdev, struct sk_buff *skb)
2843 {
2844         struct hci_ev_num_comp_pkts *ev = (void *) skb->data;
2845         int i;
2846
2847         if (hdev->flow_ctl_mode != HCI_FLOW_CTL_MODE_PACKET_BASED) {
2848                 BT_ERR("Wrong event for mode %d", hdev->flow_ctl_mode);
2849                 return;
2850         }
2851
2852         if (skb->len < sizeof(*ev) || skb->len < sizeof(*ev) +
2853             ev->num_hndl * sizeof(struct hci_comp_pkts_info)) {
2854                 BT_DBG("%s bad parameters", hdev->name);
2855                 return;
2856         }
2857
2858         BT_DBG("%s num_hndl %d", hdev->name, ev->num_hndl);
2859
2860         for (i = 0; i < ev->num_hndl; i++) {
2861                 struct hci_comp_pkts_info *info = &ev->handles[i];
2862                 struct hci_conn *conn;
2863                 __u16  handle, count;
2864
2865                 handle = __le16_to_cpu(info->handle);
2866                 count  = __le16_to_cpu(info->count);
2867
2868                 conn = hci_conn_hash_lookup_handle(hdev, handle);
2869                 if (!conn)
2870                         continue;
2871
2872                 conn->sent -= count;
2873
2874                 switch (conn->type) {
2875                 case ACL_LINK:
2876                         hdev->acl_cnt += count;
2877                         if (hdev->acl_cnt > hdev->acl_pkts)
2878                                 hdev->acl_cnt = hdev->acl_pkts;
2879                         break;
2880
2881                 case LE_LINK:
2882                         if (hdev->le_pkts) {
2883                                 hdev->le_cnt += count;
2884                                 if (hdev->le_cnt > hdev->le_pkts)
2885                                         hdev->le_cnt = hdev->le_pkts;
2886                         } else {
2887                                 hdev->acl_cnt += count;
2888                                 if (hdev->acl_cnt > hdev->acl_pkts)
2889                                         hdev->acl_cnt = hdev->acl_pkts;
2890                         }
2891                         break;
2892
2893                 case SCO_LINK:
2894                         hdev->sco_cnt += count;
2895                         if (hdev->sco_cnt > hdev->sco_pkts)
2896                                 hdev->sco_cnt = hdev->sco_pkts;
2897                         break;
2898
2899                 default:
2900                         BT_ERR("Unknown type %d conn %p", conn->type, conn);
2901                         break;
2902                 }
2903         }
2904
2905         queue_work(hdev->workqueue, &hdev->tx_work);
2906 }
2907
2908 static struct hci_conn *__hci_conn_lookup_handle(struct hci_dev *hdev,
2909                                                  __u16 handle)
2910 {
2911         struct hci_chan *chan;
2912
2913         switch (hdev->dev_type) {
2914         case HCI_BREDR:
2915                 return hci_conn_hash_lookup_handle(hdev, handle);
2916         case HCI_AMP:
2917                 chan = hci_chan_lookup_handle(hdev, handle);
2918                 if (chan)
2919                         return chan->conn;
2920                 break;
2921         default:
2922                 BT_ERR("%s unknown dev_type %d", hdev->name, hdev->dev_type);
2923                 break;
2924         }
2925
2926         return NULL;
2927 }
2928
2929 static void hci_num_comp_blocks_evt(struct hci_dev *hdev, struct sk_buff *skb)
2930 {
2931         struct hci_ev_num_comp_blocks *ev = (void *) skb->data;
2932         int i;
2933
2934         if (hdev->flow_ctl_mode != HCI_FLOW_CTL_MODE_BLOCK_BASED) {
2935                 BT_ERR("Wrong event for mode %d", hdev->flow_ctl_mode);
2936                 return;
2937         }
2938
2939         if (skb->len < sizeof(*ev) || skb->len < sizeof(*ev) +
2940             ev->num_hndl * sizeof(struct hci_comp_blocks_info)) {
2941                 BT_DBG("%s bad parameters", hdev->name);
2942                 return;
2943         }
2944
2945         BT_DBG("%s num_blocks %d num_hndl %d", hdev->name, ev->num_blocks,
2946                ev->num_hndl);
2947
2948         for (i = 0; i < ev->num_hndl; i++) {
2949                 struct hci_comp_blocks_info *info = &ev->handles[i];
2950                 struct hci_conn *conn = NULL;
2951                 __u16  handle, block_count;
2952
2953                 handle = __le16_to_cpu(info->handle);
2954                 block_count = __le16_to_cpu(info->blocks);
2955
2956                 conn = __hci_conn_lookup_handle(hdev, handle);
2957                 if (!conn)
2958                         continue;
2959
2960                 conn->sent -= block_count;
2961
2962                 switch (conn->type) {
2963                 case ACL_LINK:
2964                 case AMP_LINK:
2965                         hdev->block_cnt += block_count;
2966                         if (hdev->block_cnt > hdev->num_blocks)
2967                                 hdev->block_cnt = hdev->num_blocks;
2968                         break;
2969
2970                 default:
2971                         BT_ERR("Unknown type %d conn %p", conn->type, conn);
2972                         break;
2973                 }
2974         }
2975
2976         queue_work(hdev->workqueue, &hdev->tx_work);
2977 }
2978
2979 static void hci_mode_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2980 {
2981         struct hci_ev_mode_change *ev = (void *) skb->data;
2982         struct hci_conn *conn;
2983
2984         BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2985
2986         hci_dev_lock(hdev);
2987
2988         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2989         if (conn) {
2990                 conn->mode = ev->mode;
2991
2992                 if (!test_and_clear_bit(HCI_CONN_MODE_CHANGE_PEND,
2993                                         &conn->flags)) {
2994                         if (conn->mode == HCI_CM_ACTIVE)
2995                                 set_bit(HCI_CONN_POWER_SAVE, &conn->flags);
2996                         else
2997                                 clear_bit(HCI_CONN_POWER_SAVE, &conn->flags);
2998                 }
2999
3000                 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
3001                         hci_sco_setup(conn, ev->status);
3002         }
3003
3004         hci_dev_unlock(hdev);
3005 }
3006
3007 static void hci_pin_code_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
3008 {
3009         struct hci_ev_pin_code_req *ev = (void *) skb->data;
3010         struct hci_conn *conn;
3011
3012         BT_DBG("%s", hdev->name);
3013
3014         hci_dev_lock(hdev);
3015
3016         conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3017         if (!conn)
3018                 goto unlock;
3019
3020         if (conn->state == BT_CONNECTED) {
3021                 hci_conn_hold(conn);
3022                 conn->disc_timeout = HCI_PAIRING_TIMEOUT;
3023                 hci_conn_drop(conn);
3024         }
3025
3026         if (!test_bit(HCI_PAIRABLE, &hdev->dev_flags))
3027                 hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
3028                              sizeof(ev->bdaddr), &ev->bdaddr);
3029         else if (test_bit(HCI_MGMT, &hdev->dev_flags)) {
3030                 u8 secure;
3031
3032                 if (conn->pending_sec_level == BT_SECURITY_HIGH)
3033                         secure = 1;
3034                 else
3035                         secure = 0;
3036
3037                 mgmt_pin_code_request(hdev, &ev->bdaddr, secure);
3038         }
3039
3040 unlock:
3041         hci_dev_unlock(hdev);
3042 }
3043
3044 static void hci_link_key_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
3045 {
3046         struct hci_ev_link_key_req *ev = (void *) skb->data;
3047         struct hci_cp_link_key_reply cp;
3048         struct hci_conn *conn;
3049         struct link_key *key;
3050
3051         BT_DBG("%s", hdev->name);
3052
3053         if (!test_bit(HCI_MGMT, &hdev->dev_flags))
3054                 return;
3055
3056         hci_dev_lock(hdev);
3057
3058         key = hci_find_link_key(hdev, &ev->bdaddr);
3059         if (!key) {
3060                 BT_DBG("%s link key not found for %pMR", hdev->name,
3061                        &ev->bdaddr);
3062                 goto not_found;
3063         }
3064
3065         BT_DBG("%s found key type %u for %pMR", hdev->name, key->type,
3066                &ev->bdaddr);
3067
3068         if (!test_bit(HCI_DEBUG_KEYS, &hdev->dev_flags) &&
3069             key->type == HCI_LK_DEBUG_COMBINATION) {
3070                 BT_DBG("%s ignoring debug key", hdev->name);
3071                 goto not_found;
3072         }
3073
3074         conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3075         if (conn) {
3076                 if ((key->type == HCI_LK_UNAUTH_COMBINATION_P192 ||
3077                      key->type == HCI_LK_UNAUTH_COMBINATION_P256) &&
3078                     conn->auth_type != 0xff && (conn->auth_type & 0x01)) {
3079                         BT_DBG("%s ignoring unauthenticated key", hdev->name);
3080                         goto not_found;
3081                 }
3082
3083                 if (key->type == HCI_LK_COMBINATION && key->pin_len < 16 &&
3084                     (conn->pending_sec_level == BT_SECURITY_HIGH ||
3085                      conn->pending_sec_level == BT_SECURITY_FIPS)) {
3086                         BT_DBG("%s ignoring key unauthenticated for high security",
3087                                hdev->name);
3088                         goto not_found;
3089                 }
3090
3091                 conn->key_type = key->type;
3092                 conn->pin_length = key->pin_len;
3093         }
3094
3095         bacpy(&cp.bdaddr, &ev->bdaddr);
3096         memcpy(cp.link_key, key->val, HCI_LINK_KEY_SIZE);
3097
3098         hci_send_cmd(hdev, HCI_OP_LINK_KEY_REPLY, sizeof(cp), &cp);
3099
3100         hci_dev_unlock(hdev);
3101
3102         return;
3103
3104 not_found:
3105         hci_send_cmd(hdev, HCI_OP_LINK_KEY_NEG_REPLY, 6, &ev->bdaddr);
3106         hci_dev_unlock(hdev);
3107 }
3108
3109 static void hci_link_key_notify_evt(struct hci_dev *hdev, struct sk_buff *skb)
3110 {
3111         struct hci_ev_link_key_notify *ev = (void *) skb->data;
3112         struct hci_conn *conn;
3113         u8 pin_len = 0;
3114
3115         BT_DBG("%s", hdev->name);
3116
3117         hci_dev_lock(hdev);
3118
3119         conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3120         if (conn) {
3121                 hci_conn_hold(conn);
3122                 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
3123                 pin_len = conn->pin_length;
3124
3125                 if (ev->key_type != HCI_LK_CHANGED_COMBINATION)
3126                         conn->key_type = ev->key_type;
3127
3128                 hci_conn_drop(conn);
3129         }
3130
3131         if (test_bit(HCI_MGMT, &hdev->dev_flags))
3132                 hci_add_link_key(hdev, conn, 1, &ev->bdaddr, ev->link_key,
3133                                  ev->key_type, pin_len);
3134
3135         hci_dev_unlock(hdev);
3136 }
3137
3138 static void hci_clock_offset_evt(struct hci_dev *hdev, struct sk_buff *skb)
3139 {
3140         struct hci_ev_clock_offset *ev = (void *) skb->data;
3141         struct hci_conn *conn;
3142
3143         BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
3144
3145         hci_dev_lock(hdev);
3146
3147         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
3148         if (conn && !ev->status) {
3149                 struct inquiry_entry *ie;
3150
3151                 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
3152                 if (ie) {
3153                         ie->data.clock_offset = ev->clock_offset;
3154                         ie->timestamp = jiffies;
3155                 }
3156         }
3157
3158         hci_dev_unlock(hdev);
3159 }
3160
3161 static void hci_pkt_type_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
3162 {
3163         struct hci_ev_pkt_type_change *ev = (void *) skb->data;
3164         struct hci_conn *conn;
3165
3166         BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
3167
3168         hci_dev_lock(hdev);
3169
3170         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
3171         if (conn && !ev->status)
3172                 conn->pkt_type = __le16_to_cpu(ev->pkt_type);
3173
3174         hci_dev_unlock(hdev);
3175 }
3176
3177 static void hci_pscan_rep_mode_evt(struct hci_dev *hdev, struct sk_buff *skb)
3178 {
3179         struct hci_ev_pscan_rep_mode *ev = (void *) skb->data;
3180         struct inquiry_entry *ie;
3181
3182         BT_DBG("%s", hdev->name);
3183
3184         hci_dev_lock(hdev);
3185
3186         ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
3187         if (ie) {
3188                 ie->data.pscan_rep_mode = ev->pscan_rep_mode;
3189                 ie->timestamp = jiffies;
3190         }
3191
3192         hci_dev_unlock(hdev);
3193 }
3194
3195 static void hci_inquiry_result_with_rssi_evt(struct hci_dev *hdev,
3196                                              struct sk_buff *skb)
3197 {
3198         struct inquiry_data data;
3199         int num_rsp = *((__u8 *) skb->data);
3200         bool name_known, ssp;
3201
3202         BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
3203
3204         if (!num_rsp)
3205                 return;
3206
3207         if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags))
3208                 return;
3209
3210         hci_dev_lock(hdev);
3211
3212         if ((skb->len - 1) / num_rsp != sizeof(struct inquiry_info_with_rssi)) {
3213                 struct inquiry_info_with_rssi_and_pscan_mode *info;
3214                 info = (void *) (skb->data + 1);
3215
3216                 for (; num_rsp; num_rsp--, info++) {
3217                         bacpy(&data.bdaddr, &info->bdaddr);
3218                         data.pscan_rep_mode     = info->pscan_rep_mode;
3219                         data.pscan_period_mode  = info->pscan_period_mode;
3220                         data.pscan_mode         = info->pscan_mode;
3221                         memcpy(data.dev_class, info->dev_class, 3);
3222                         data.clock_offset       = info->clock_offset;
3223                         data.rssi               = info->rssi;
3224                         data.ssp_mode           = 0x00;
3225
3226                         name_known = hci_inquiry_cache_update(hdev, &data,
3227                                                               false, &ssp);
3228                         mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
3229                                           info->dev_class, info->rssi,
3230                                           !name_known, ssp, NULL, 0, NULL, 0);
3231                 }
3232         } else {
3233                 struct inquiry_info_with_rssi *info = (void *) (skb->data + 1);
3234
3235                 for (; num_rsp; num_rsp--, info++) {
3236                         bacpy(&data.bdaddr, &info->bdaddr);
3237                         data.pscan_rep_mode     = info->pscan_rep_mode;
3238                         data.pscan_period_mode  = info->pscan_period_mode;
3239                         data.pscan_mode         = 0x00;
3240                         memcpy(data.dev_class, info->dev_class, 3);
3241                         data.clock_offset       = info->clock_offset;
3242                         data.rssi               = info->rssi;
3243                         data.ssp_mode           = 0x00;
3244                         name_known = hci_inquiry_cache_update(hdev, &data,
3245                                                               false, &ssp);
3246                         mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
3247                                           info->dev_class, info->rssi,
3248                                           !name_known, ssp, NULL, 0, NULL, 0);
3249                 }
3250         }
3251
3252         hci_dev_unlock(hdev);
3253 }
3254
3255 static void hci_remote_ext_features_evt(struct hci_dev *hdev,
3256                                         struct sk_buff *skb)
3257 {
3258         struct hci_ev_remote_ext_features *ev = (void *) skb->data;
3259         struct hci_conn *conn;
3260
3261         BT_DBG("%s", hdev->name);
3262
3263         hci_dev_lock(hdev);
3264
3265         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
3266         if (!conn)
3267                 goto unlock;
3268
3269         if (ev->page < HCI_MAX_PAGES)
3270                 memcpy(conn->features[ev->page], ev->features, 8);
3271
3272         if (!ev->status && ev->page == 0x01) {
3273                 struct inquiry_entry *ie;
3274
3275                 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
3276                 if (ie)
3277                         ie->data.ssp_mode = (ev->features[0] & LMP_HOST_SSP);
3278
3279                 if (ev->features[0] & LMP_HOST_SSP) {
3280                         set_bit(HCI_CONN_SSP_ENABLED, &conn->flags);
3281                 } else {
3282                         /* It is mandatory by the Bluetooth specification that
3283                          * Extended Inquiry Results are only used when Secure
3284                          * Simple Pairing is enabled, but some devices violate
3285                          * this.
3286                          *
3287                          * To make these devices work, the internal SSP
3288                          * enabled flag needs to be cleared if the remote host
3289                          * features do not indicate SSP support */
3290                         clear_bit(HCI_CONN_SSP_ENABLED, &conn->flags);
3291                 }
3292
3293                 if (ev->features[0] & LMP_HOST_SC)
3294                         set_bit(HCI_CONN_SC_ENABLED, &conn->flags);
3295         }
3296
3297         if (conn->state != BT_CONFIG)
3298                 goto unlock;
3299
3300         if (!ev->status && !test_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags)) {
3301                 struct hci_cp_remote_name_req cp;
3302                 memset(&cp, 0, sizeof(cp));
3303                 bacpy(&cp.bdaddr, &conn->dst);
3304                 cp.pscan_rep_mode = 0x02;
3305                 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
3306         } else if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
3307                 mgmt_device_connected(hdev, &conn->dst, conn->type,
3308                                       conn->dst_type, 0, NULL, 0,
3309                                       conn->dev_class);
3310
3311         if (!hci_outgoing_auth_needed(hdev, conn)) {
3312                 conn->state = BT_CONNECTED;
3313                 hci_proto_connect_cfm(conn, ev->status);
3314                 hci_conn_drop(conn);
3315         }
3316
3317 unlock:
3318         hci_dev_unlock(hdev);
3319 }
3320
3321 static void hci_sync_conn_complete_evt(struct hci_dev *hdev,
3322                                        struct sk_buff *skb)
3323 {
3324         struct hci_ev_sync_conn_complete *ev = (void *) skb->data;
3325         struct hci_conn *conn;
3326
3327         BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
3328
3329         hci_dev_lock(hdev);
3330
3331         conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
3332         if (!conn) {
3333                 if (ev->link_type == ESCO_LINK)
3334                         goto unlock;
3335
3336                 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
3337                 if (!conn)
3338                         goto unlock;
3339
3340                 conn->type = SCO_LINK;
3341         }
3342
3343         switch (ev->status) {
3344         case 0x00:
3345                 conn->handle = __le16_to_cpu(ev->handle);
3346                 conn->state  = BT_CONNECTED;
3347
3348                 hci_conn_add_sysfs(conn);
3349                 break;
3350
3351         case 0x0d:      /* Connection Rejected due to Limited Resources */
3352         case 0x11:      /* Unsupported Feature or Parameter Value */
3353         case 0x1c:      /* SCO interval rejected */
3354         case 0x1a:      /* Unsupported Remote Feature */
3355         case 0x1f:      /* Unspecified error */
3356         case 0x20:      /* Unsupported LMP Parameter value */
3357                 if (conn->out) {
3358                         conn->pkt_type = (hdev->esco_type & SCO_ESCO_MASK) |
3359                                         (hdev->esco_type & EDR_ESCO_MASK);
3360                         if (hci_setup_sync(conn, conn->link->handle))
3361                                 goto unlock;
3362                 }
3363                 /* fall through */
3364
3365         default:
3366                 conn->state = BT_CLOSED;
3367                 break;
3368         }
3369
3370         hci_proto_connect_cfm(conn, ev->status);
3371         if (ev->status)
3372                 hci_conn_del(conn);
3373
3374 unlock:
3375         hci_dev_unlock(hdev);
3376 }
3377
3378 static inline size_t eir_get_length(u8 *eir, size_t eir_len)
3379 {
3380         size_t parsed = 0;
3381
3382         while (parsed < eir_len) {
3383                 u8 field_len = eir[0];
3384
3385                 if (field_len == 0)
3386                         return parsed;
3387
3388                 parsed += field_len + 1;
3389                 eir += field_len + 1;
3390         }
3391
3392         return eir_len;
3393 }
3394
3395 static void hci_extended_inquiry_result_evt(struct hci_dev *hdev,
3396                                             struct sk_buff *skb)
3397 {
3398         struct inquiry_data data;
3399         struct extended_inquiry_info *info = (void *) (skb->data + 1);
3400         int num_rsp = *((__u8 *) skb->data);
3401         size_t eir_len;
3402
3403         BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
3404
3405         if (!num_rsp)
3406                 return;
3407
3408         if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags))
3409                 return;
3410
3411         hci_dev_lock(hdev);
3412
3413         for (; num_rsp; num_rsp--, info++) {
3414                 bool name_known, ssp;
3415
3416                 bacpy(&data.bdaddr, &info->bdaddr);
3417                 data.pscan_rep_mode     = info->pscan_rep_mode;
3418                 data.pscan_period_mode  = info->pscan_period_mode;
3419                 data.pscan_mode         = 0x00;
3420                 memcpy(data.dev_class, info->dev_class, 3);
3421                 data.clock_offset       = info->clock_offset;
3422                 data.rssi               = info->rssi;
3423                 data.ssp_mode           = 0x01;
3424
3425                 if (test_bit(HCI_MGMT, &hdev->dev_flags))
3426                         name_known = eir_has_data_type(info->data,
3427                                                        sizeof(info->data),
3428                                                        EIR_NAME_COMPLETE);
3429                 else
3430                         name_known = true;
3431
3432                 name_known = hci_inquiry_cache_update(hdev, &data, name_known,
3433                                                       &ssp);
3434                 eir_len = eir_get_length(info->data, sizeof(info->data));
3435                 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
3436                                   info->dev_class, info->rssi, !name_known,
3437                                   ssp, info->data, eir_len, NULL, 0);
3438         }
3439
3440         hci_dev_unlock(hdev);
3441 }
3442
3443 static void hci_key_refresh_complete_evt(struct hci_dev *hdev,
3444                                          struct sk_buff *skb)
3445 {
3446         struct hci_ev_key_refresh_complete *ev = (void *) skb->data;
3447         struct hci_conn *conn;
3448
3449         BT_DBG("%s status 0x%2.2x handle 0x%4.4x", hdev->name, ev->status,
3450                __le16_to_cpu(ev->handle));
3451
3452         hci_dev_lock(hdev);
3453
3454         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
3455         if (!conn)
3456                 goto unlock;
3457
3458         /* For BR/EDR the necessary steps are taken through the
3459          * auth_complete event.
3460          */
3461         if (conn->type != LE_LINK)
3462                 goto unlock;
3463
3464         if (!ev->status)
3465                 conn->sec_level = conn->pending_sec_level;
3466
3467         clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
3468
3469         if (ev->status && conn->state == BT_CONNECTED) {
3470                 hci_disconnect(conn, HCI_ERROR_AUTH_FAILURE);
3471                 hci_conn_drop(conn);
3472                 goto unlock;
3473         }
3474
3475         if (conn->state == BT_CONFIG) {
3476                 if (!ev->status)
3477                         conn->state = BT_CONNECTED;
3478
3479                 hci_proto_connect_cfm(conn, ev->status);
3480                 hci_conn_drop(conn);
3481         } else {
3482                 hci_auth_cfm(conn, ev->status);
3483
3484                 hci_conn_hold(conn);
3485                 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
3486                 hci_conn_drop(conn);
3487         }
3488
3489 unlock:
3490         hci_dev_unlock(hdev);
3491 }
3492
3493 static u8 hci_get_auth_req(struct hci_conn *conn)
3494 {
3495         /* If remote requests no-bonding follow that lead */
3496         if (conn->remote_auth == HCI_AT_NO_BONDING ||
3497             conn->remote_auth == HCI_AT_NO_BONDING_MITM)
3498                 return conn->remote_auth | (conn->auth_type & 0x01);
3499
3500         /* If both remote and local have enough IO capabilities, require
3501          * MITM protection
3502          */
3503         if (conn->remote_cap != HCI_IO_NO_INPUT_OUTPUT &&
3504             conn->io_capability != HCI_IO_NO_INPUT_OUTPUT)
3505                 return conn->remote_auth | 0x01;
3506
3507         /* No MITM protection possible so ignore remote requirement */
3508         return (conn->remote_auth & ~0x01) | (conn->auth_type & 0x01);
3509 }
3510
3511 static void hci_io_capa_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
3512 {
3513         struct hci_ev_io_capa_request *ev = (void *) skb->data;
3514         struct hci_conn *conn;
3515
3516         BT_DBG("%s", hdev->name);
3517
3518         hci_dev_lock(hdev);
3519
3520         conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3521         if (!conn)
3522                 goto unlock;
3523
3524         hci_conn_hold(conn);
3525
3526         if (!test_bit(HCI_MGMT, &hdev->dev_flags))
3527                 goto unlock;
3528
3529         if (test_bit(HCI_PAIRABLE, &hdev->dev_flags) ||
3530             (conn->remote_auth & ~0x01) == HCI_AT_NO_BONDING) {
3531                 struct hci_cp_io_capability_reply cp;
3532
3533                 bacpy(&cp.bdaddr, &ev->bdaddr);
3534                 /* Change the IO capability from KeyboardDisplay
3535                  * to DisplayYesNo as it is not supported by BT spec. */
3536                 cp.capability = (conn->io_capability == 0x04) ?
3537                                 HCI_IO_DISPLAY_YESNO : conn->io_capability;
3538
3539                 /* If we are initiators, there is no remote information yet */
3540                 if (conn->remote_auth == 0xff) {
3541                         cp.authentication = conn->auth_type;
3542
3543                         /* Request MITM protection if our IO caps allow it
3544                          * except for the no-bonding case.
3545                          * conn->auth_type is not updated here since
3546                          * that might cause the user confirmation to be
3547                          * rejected in case the remote doesn't have the
3548                          * IO capabilities for MITM.
3549                          */
3550                         if (conn->io_capability != HCI_IO_NO_INPUT_OUTPUT &&
3551                             cp.authentication != HCI_AT_NO_BONDING)
3552                                 cp.authentication |= 0x01;
3553                 } else {
3554                         conn->auth_type = hci_get_auth_req(conn);
3555                         cp.authentication = conn->auth_type;
3556                 }
3557
3558                 if (hci_find_remote_oob_data(hdev, &conn->dst) &&
3559                     (conn->out || test_bit(HCI_CONN_REMOTE_OOB, &conn->flags)))
3560                         cp.oob_data = 0x01;
3561                 else
3562                         cp.oob_data = 0x00;
3563
3564                 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_REPLY,
3565                              sizeof(cp), &cp);
3566         } else {
3567                 struct hci_cp_io_capability_neg_reply cp;
3568
3569                 bacpy(&cp.bdaddr, &ev->bdaddr);
3570                 cp.reason = HCI_ERROR_PAIRING_NOT_ALLOWED;
3571
3572                 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_NEG_REPLY,
3573                              sizeof(cp), &cp);
3574         }
3575
3576 unlock:
3577         hci_dev_unlock(hdev);
3578 }
3579
3580 static void hci_io_capa_reply_evt(struct hci_dev *hdev, struct sk_buff *skb)
3581 {
3582         struct hci_ev_io_capa_reply *ev = (void *) skb->data;
3583         struct hci_conn *conn;
3584
3585         BT_DBG("%s", hdev->name);
3586
3587         hci_dev_lock(hdev);
3588
3589         conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3590         if (!conn)
3591                 goto unlock;
3592
3593         conn->remote_cap = ev->capability;
3594         conn->remote_auth = ev->authentication;
3595         if (ev->oob_data)
3596                 set_bit(HCI_CONN_REMOTE_OOB, &conn->flags);
3597
3598 unlock:
3599         hci_dev_unlock(hdev);
3600 }
3601
3602 static void hci_user_confirm_request_evt(struct hci_dev *hdev,
3603                                          struct sk_buff *skb)
3604 {
3605         struct hci_ev_user_confirm_req *ev = (void *) skb->data;
3606         int loc_mitm, rem_mitm, confirm_hint = 0;
3607         struct hci_conn *conn;
3608
3609         BT_DBG("%s", hdev->name);
3610
3611         hci_dev_lock(hdev);
3612
3613         if (!test_bit(HCI_MGMT, &hdev->dev_flags))
3614                 goto unlock;
3615
3616         conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3617         if (!conn)
3618                 goto unlock;
3619
3620         loc_mitm = (conn->auth_type & 0x01);
3621         rem_mitm = (conn->remote_auth & 0x01);
3622
3623         /* If we require MITM but the remote device can't provide that
3624          * (it has NoInputNoOutput) then reject the confirmation request
3625          */
3626         if (loc_mitm && conn->remote_cap == HCI_IO_NO_INPUT_OUTPUT) {
3627                 BT_DBG("Rejecting request: remote device can't provide MITM");
3628                 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_NEG_REPLY,
3629                              sizeof(ev->bdaddr), &ev->bdaddr);
3630                 goto unlock;
3631         }
3632
3633         /* If no side requires MITM protection; auto-accept */
3634         if ((!loc_mitm || conn->remote_cap == HCI_IO_NO_INPUT_OUTPUT) &&
3635             (!rem_mitm || conn->io_capability == HCI_IO_NO_INPUT_OUTPUT)) {
3636
3637                 /* If we're not the initiators request authorization to
3638                  * proceed from user space (mgmt_user_confirm with
3639                  * confirm_hint set to 1). The exception is if neither
3640                  * side had MITM in which case we do auto-accept.
3641                  */
3642                 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->flags) &&
3643                     (loc_mitm || rem_mitm)) {
3644                         BT_DBG("Confirming auto-accept as acceptor");
3645                         confirm_hint = 1;
3646                         goto confirm;
3647                 }
3648
3649                 BT_DBG("Auto-accept of user confirmation with %ums delay",
3650                        hdev->auto_accept_delay);
3651
3652                 if (hdev->auto_accept_delay > 0) {
3653                         int delay = msecs_to_jiffies(hdev->auto_accept_delay);
3654                         queue_delayed_work(conn->hdev->workqueue,
3655                                            &conn->auto_accept_work, delay);
3656                         goto unlock;
3657                 }
3658
3659                 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_REPLY,
3660                              sizeof(ev->bdaddr), &ev->bdaddr);
3661                 goto unlock;
3662         }
3663
3664 confirm:
3665         mgmt_user_confirm_request(hdev, &ev->bdaddr, ACL_LINK, 0,
3666                                   le32_to_cpu(ev->passkey), confirm_hint);
3667
3668 unlock:
3669         hci_dev_unlock(hdev);
3670 }
3671
3672 static void hci_user_passkey_request_evt(struct hci_dev *hdev,
3673                                          struct sk_buff *skb)
3674 {
3675         struct hci_ev_user_passkey_req *ev = (void *) skb->data;
3676
3677         BT_DBG("%s", hdev->name);
3678
3679         if (test_bit(HCI_MGMT, &hdev->dev_flags))
3680                 mgmt_user_passkey_request(hdev, &ev->bdaddr, ACL_LINK, 0);
3681 }
3682
3683 static void hci_user_passkey_notify_evt(struct hci_dev *hdev,
3684                                         struct sk_buff *skb)
3685 {
3686         struct hci_ev_user_passkey_notify *ev = (void *) skb->data;
3687         struct hci_conn *conn;
3688
3689         BT_DBG("%s", hdev->name);
3690
3691         conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3692         if (!conn)
3693                 return;
3694
3695         conn->passkey_notify = __le32_to_cpu(ev->passkey);
3696         conn->passkey_entered = 0;
3697
3698         if (test_bit(HCI_MGMT, &hdev->dev_flags))
3699                 mgmt_user_passkey_notify(hdev, &conn->dst, conn->type,
3700                                          conn->dst_type, conn->passkey_notify,
3701                                          conn->passkey_entered);
3702 }
3703
3704 static void hci_keypress_notify_evt(struct hci_dev *hdev, struct sk_buff *skb)
3705 {
3706         struct hci_ev_keypress_notify *ev = (void *) skb->data;
3707         struct hci_conn *conn;
3708
3709         BT_DBG("%s", hdev->name);
3710
3711         conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3712         if (!conn)
3713                 return;
3714
3715         switch (ev->type) {
3716         case HCI_KEYPRESS_STARTED:
3717                 conn->passkey_entered = 0;
3718                 return;
3719
3720         case HCI_KEYPRESS_ENTERED:
3721                 conn->passkey_entered++;
3722                 break;
3723
3724         case HCI_KEYPRESS_ERASED:
3725                 conn->passkey_entered--;
3726                 break;
3727
3728         case HCI_KEYPRESS_CLEARED:
3729                 conn->passkey_entered = 0;
3730                 break;
3731
3732         case HCI_KEYPRESS_COMPLETED:
3733                 return;
3734         }
3735
3736         if (test_bit(HCI_MGMT, &hdev->dev_flags))
3737                 mgmt_user_passkey_notify(hdev, &conn->dst, conn->type,
3738                                          conn->dst_type, conn->passkey_notify,
3739                                          conn->passkey_entered);
3740 }
3741
3742 static void hci_simple_pair_complete_evt(struct hci_dev *hdev,
3743                                          struct sk_buff *skb)
3744 {
3745         struct hci_ev_simple_pair_complete *ev = (void *) skb->data;
3746         struct hci_conn *conn;
3747
3748         BT_DBG("%s", hdev->name);
3749
3750         hci_dev_lock(hdev);
3751
3752         conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3753         if (!conn)
3754                 goto unlock;
3755
3756         /* To avoid duplicate auth_failed events to user space we check
3757          * the HCI_CONN_AUTH_PEND flag which will be set if we
3758          * initiated the authentication. A traditional auth_complete
3759          * event gets always produced as initiator and is also mapped to
3760          * the mgmt_auth_failed event */
3761         if (!test_bit(HCI_CONN_AUTH_PEND, &conn->flags) && ev->status)
3762                 mgmt_auth_failed(hdev, &conn->dst, conn->type, conn->dst_type,
3763                                  ev->status);
3764
3765         hci_conn_drop(conn);
3766
3767 unlock:
3768         hci_dev_unlock(hdev);
3769 }
3770
3771 static void hci_remote_host_features_evt(struct hci_dev *hdev,
3772                                          struct sk_buff *skb)
3773 {
3774         struct hci_ev_remote_host_features *ev = (void *) skb->data;
3775         struct inquiry_entry *ie;
3776         struct hci_conn *conn;
3777
3778         BT_DBG("%s", hdev->name);
3779
3780         hci_dev_lock(hdev);
3781
3782         conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3783         if (conn)
3784                 memcpy(conn->features[1], ev->features, 8);
3785
3786         ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
3787         if (ie)
3788                 ie->data.ssp_mode = (ev->features[0] & LMP_HOST_SSP);
3789
3790         hci_dev_unlock(hdev);
3791 }
3792
3793 static void hci_remote_oob_data_request_evt(struct hci_dev *hdev,
3794                                             struct sk_buff *skb)
3795 {
3796         struct hci_ev_remote_oob_data_request *ev = (void *) skb->data;
3797         struct oob_data *data;
3798
3799         BT_DBG("%s", hdev->name);
3800
3801         hci_dev_lock(hdev);
3802
3803         if (!test_bit(HCI_MGMT, &hdev->dev_flags))
3804                 goto unlock;
3805
3806         data = hci_find_remote_oob_data(hdev, &ev->bdaddr);
3807         if (data) {
3808                 if (test_bit(HCI_SC_ENABLED, &hdev->dev_flags)) {
3809                         struct hci_cp_remote_oob_ext_data_reply cp;
3810
3811                         bacpy(&cp.bdaddr, &ev->bdaddr);
3812                         memcpy(cp.hash192, data->hash192, sizeof(cp.hash192));
3813                         memcpy(cp.randomizer192, data->randomizer192,
3814                                sizeof(cp.randomizer192));
3815                         memcpy(cp.hash256, data->hash256, sizeof(cp.hash256));
3816                         memcpy(cp.randomizer256, data->randomizer256,
3817                                sizeof(cp.randomizer256));
3818
3819                         hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_EXT_DATA_REPLY,
3820                                      sizeof(cp), &cp);
3821                 } else {
3822                         struct hci_cp_remote_oob_data_reply cp;
3823
3824                         bacpy(&cp.bdaddr, &ev->bdaddr);
3825                         memcpy(cp.hash, data->hash192, sizeof(cp.hash));
3826                         memcpy(cp.randomizer, data->randomizer192,
3827                                sizeof(cp.randomizer));
3828
3829                         hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_REPLY,
3830                                      sizeof(cp), &cp);
3831                 }
3832         } else {
3833                 struct hci_cp_remote_oob_data_neg_reply cp;
3834
3835                 bacpy(&cp.bdaddr, &ev->bdaddr);
3836                 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_NEG_REPLY,
3837                              sizeof(cp), &cp);
3838         }
3839
3840 unlock:
3841         hci_dev_unlock(hdev);
3842 }
3843
3844 static void hci_phy_link_complete_evt(struct hci_dev *hdev,
3845                                       struct sk_buff *skb)
3846 {
3847         struct hci_ev_phy_link_complete *ev = (void *) skb->data;
3848         struct hci_conn *hcon, *bredr_hcon;
3849
3850         BT_DBG("%s handle 0x%2.2x status 0x%2.2x", hdev->name, ev->phy_handle,
3851                ev->status);
3852
3853         hci_dev_lock(hdev);
3854
3855         hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
3856         if (!hcon) {
3857                 hci_dev_unlock(hdev);
3858                 return;
3859         }
3860
3861         if (ev->status) {
3862                 hci_conn_del(hcon);
3863                 hci_dev_unlock(hdev);
3864                 return;
3865         }
3866
3867         bredr_hcon = hcon->amp_mgr->l2cap_conn->hcon;
3868
3869         hcon->state = BT_CONNECTED;
3870         bacpy(&hcon->dst, &bredr_hcon->dst);
3871
3872         hci_conn_hold(hcon);
3873         hcon->disc_timeout = HCI_DISCONN_TIMEOUT;
3874         hci_conn_drop(hcon);
3875
3876         hci_conn_add_sysfs(hcon);
3877
3878         amp_physical_cfm(bredr_hcon, hcon);
3879
3880         hci_dev_unlock(hdev);
3881 }
3882
3883 static void hci_loglink_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
3884 {
3885         struct hci_ev_logical_link_complete *ev = (void *) skb->data;
3886         struct hci_conn *hcon;
3887         struct hci_chan *hchan;
3888         struct amp_mgr *mgr;
3889
3890         BT_DBG("%s log_handle 0x%4.4x phy_handle 0x%2.2x status 0x%2.2x",
3891                hdev->name, le16_to_cpu(ev->handle), ev->phy_handle,
3892                ev->status);
3893
3894         hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
3895         if (!hcon)
3896                 return;
3897
3898         /* Create AMP hchan */
3899         hchan = hci_chan_create(hcon);
3900         if (!hchan)
3901                 return;
3902
3903         hchan->handle = le16_to_cpu(ev->handle);
3904
3905         BT_DBG("hcon %p mgr %p hchan %p", hcon, hcon->amp_mgr, hchan);
3906
3907         mgr = hcon->amp_mgr;
3908         if (mgr && mgr->bredr_chan) {
3909                 struct l2cap_chan *bredr_chan = mgr->bredr_chan;
3910
3911                 l2cap_chan_lock(bredr_chan);
3912
3913                 bredr_chan->conn->mtu = hdev->block_mtu;
3914                 l2cap_logical_cfm(bredr_chan, hchan, 0);
3915                 hci_conn_hold(hcon);
3916
3917                 l2cap_chan_unlock(bredr_chan);
3918         }
3919 }
3920
3921 static void hci_disconn_loglink_complete_evt(struct hci_dev *hdev,
3922                                              struct sk_buff *skb)
3923 {
3924         struct hci_ev_disconn_logical_link_complete *ev = (void *) skb->data;
3925         struct hci_chan *hchan;
3926
3927         BT_DBG("%s log handle 0x%4.4x status 0x%2.2x", hdev->name,
3928                le16_to_cpu(ev->handle), ev->status);
3929
3930         if (ev->status)
3931                 return;
3932
3933         hci_dev_lock(hdev);
3934
3935         hchan = hci_chan_lookup_handle(hdev, le16_to_cpu(ev->handle));
3936         if (!hchan)
3937                 goto unlock;
3938
3939         amp_destroy_logical_link(hchan, ev->reason);
3940
3941 unlock:
3942         hci_dev_unlock(hdev);
3943 }
3944
3945 static void hci_disconn_phylink_complete_evt(struct hci_dev *hdev,
3946                                              struct sk_buff *skb)
3947 {
3948         struct hci_ev_disconn_phy_link_complete *ev = (void *) skb->data;
3949         struct hci_conn *hcon;
3950
3951         BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
3952
3953         if (ev->status)
3954                 return;
3955
3956         hci_dev_lock(hdev);
3957
3958         hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
3959         if (hcon) {
3960                 hcon->state = BT_CLOSED;
3961                 hci_conn_del(hcon);
3962         }
3963
3964         hci_dev_unlock(hdev);
3965 }
3966
3967 static void hci_le_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
3968 {
3969         struct hci_ev_le_conn_complete *ev = (void *) skb->data;
3970         struct hci_conn *conn;
3971         struct smp_irk *irk;
3972
3973         BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
3974
3975         hci_dev_lock(hdev);
3976
3977         conn = hci_conn_hash_lookup_state(hdev, LE_LINK, BT_CONNECT);
3978         if (!conn) {
3979                 conn = hci_conn_add(hdev, LE_LINK, &ev->bdaddr);
3980                 if (!conn) {
3981                         BT_ERR("No memory for new connection");
3982                         goto unlock;
3983                 }
3984
3985                 conn->dst_type = ev->bdaddr_type;
3986
3987                 if (ev->role == LE_CONN_ROLE_MASTER) {
3988                         conn->out = true;
3989                         conn->link_mode |= HCI_LM_MASTER;
3990                 }
3991
3992                 /* If we didn't have a hci_conn object previously
3993                  * but we're in master role this must be something
3994                  * initiated using a white list. Since white list based
3995                  * connections are not "first class citizens" we don't
3996                  * have full tracking of them. Therefore, we go ahead
3997                  * with a "best effort" approach of determining the
3998                  * initiator address based on the HCI_PRIVACY flag.
3999                  */
4000                 if (conn->out) {
4001                         conn->resp_addr_type = ev->bdaddr_type;
4002                         bacpy(&conn->resp_addr, &ev->bdaddr);
4003                         if (test_bit(HCI_PRIVACY, &hdev->dev_flags)) {
4004                                 conn->init_addr_type = ADDR_LE_DEV_RANDOM;
4005                                 bacpy(&conn->init_addr, &hdev->rpa);
4006                         } else {
4007                                 hci_copy_identity_address(hdev,
4008                                                           &conn->init_addr,
4009                                                           &conn->init_addr_type);
4010                         }
4011                 }
4012         } else {
4013                 cancel_delayed_work(&conn->le_conn_timeout);
4014         }
4015
4016         if (!conn->out) {
4017                 /* Set the responder (our side) address type based on
4018                  * the advertising address type.
4019                  */
4020                 conn->resp_addr_type = hdev->adv_addr_type;
4021                 if (hdev->adv_addr_type == ADDR_LE_DEV_RANDOM)
4022                         bacpy(&conn->resp_addr, &hdev->random_addr);
4023                 else
4024                         bacpy(&conn->resp_addr, &hdev->bdaddr);
4025
4026                 conn->init_addr_type = ev->bdaddr_type;
4027                 bacpy(&conn->init_addr, &ev->bdaddr);
4028         }
4029
4030         /* Lookup the identity address from the stored connection
4031          * address and address type.
4032          *
4033          * When establishing connections to an identity address, the
4034          * connection procedure will store the resolvable random
4035          * address first. Now if it can be converted back into the
4036          * identity address, start using the identity address from
4037          * now on.
4038          */
4039         irk = hci_get_irk(hdev, &conn->dst, conn->dst_type);
4040         if (irk) {
4041                 bacpy(&conn->dst, &irk->bdaddr);
4042                 conn->dst_type = irk->addr_type;
4043         }
4044
4045         if (ev->status) {
4046                 hci_le_conn_failed(conn, ev->status);
4047                 goto unlock;
4048         }
4049
4050         if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
4051                 mgmt_device_connected(hdev, &conn->dst, conn->type,
4052                                       conn->dst_type, 0, NULL, 0, NULL);
4053
4054         conn->sec_level = BT_SECURITY_LOW;
4055         conn->handle = __le16_to_cpu(ev->handle);
4056         conn->state = BT_CONNECTED;
4057
4058         if (test_bit(HCI_6LOWPAN_ENABLED, &hdev->dev_flags))
4059                 set_bit(HCI_CONN_6LOWPAN, &conn->flags);
4060
4061         hci_conn_add_sysfs(conn);
4062
4063         hci_proto_connect_cfm(conn, ev->status);
4064
4065         hci_pend_le_conn_del(hdev, &conn->dst, conn->dst_type);
4066
4067 unlock:
4068         hci_dev_unlock(hdev);
4069 }
4070
4071 /* This function requires the caller holds hdev->lock */
4072 static void check_pending_le_conn(struct hci_dev *hdev, bdaddr_t *addr,
4073                                   u8 addr_type)
4074 {
4075         struct hci_conn *conn;
4076         struct smp_irk *irk;
4077
4078         /* If this is a resolvable address, we should resolve it and then
4079          * update address and address type variables.
4080          */
4081         irk = hci_get_irk(hdev, addr, addr_type);
4082         if (irk) {
4083                 addr = &irk->bdaddr;
4084                 addr_type = irk->addr_type;
4085         }
4086
4087         if (!hci_pend_le_conn_lookup(hdev, addr, addr_type))
4088                 return;
4089
4090         conn = hci_connect_le(hdev, addr, addr_type, BT_SECURITY_LOW,
4091                               HCI_AT_NO_BONDING);
4092         if (!IS_ERR(conn))
4093                 return;
4094
4095         switch (PTR_ERR(conn)) {
4096         case -EBUSY:
4097                 /* If hci_connect() returns -EBUSY it means there is already
4098                  * an LE connection attempt going on. Since controllers don't
4099                  * support more than one connection attempt at the time, we
4100                  * don't consider this an error case.
4101                  */
4102                 break;
4103         default:
4104                 BT_DBG("Failed to connect: err %ld", PTR_ERR(conn));
4105         }
4106 }
4107
4108 static void process_adv_report(struct hci_dev *hdev, u8 type, bdaddr_t *bdaddr,
4109                                u8 bdaddr_type, s8 rssi, u8 *data, u8 len)
4110 {
4111         struct discovery_state *d = &hdev->discovery;
4112         bool match;
4113
4114         /* Passive scanning shouldn't trigger any device found events */
4115         if (hdev->le_scan_type == LE_SCAN_PASSIVE) {
4116                 if (type == LE_ADV_IND || type == LE_ADV_DIRECT_IND)
4117                         check_pending_le_conn(hdev, bdaddr, bdaddr_type);
4118                 return;
4119         }
4120
4121         /* If there's nothing pending either store the data from this
4122          * event or send an immediate device found event if the data
4123          * should not be stored for later.
4124          */
4125         if (!has_pending_adv_report(hdev)) {
4126                 /* If the report will trigger a SCAN_REQ store it for
4127                  * later merging.
4128                  */
4129                 if (type == LE_ADV_IND || type == LE_ADV_SCAN_IND) {
4130                         store_pending_adv_report(hdev, bdaddr, bdaddr_type,
4131                                                  rssi, data, len);
4132                         return;
4133                 }
4134
4135                 mgmt_device_found(hdev, bdaddr, LE_LINK, bdaddr_type, NULL,
4136                                   rssi, 0, 1, data, len, NULL, 0);
4137                 return;
4138         }
4139
4140         /* Check if the pending report is for the same device as the new one */
4141         match = (!bacmp(bdaddr, &d->last_adv_addr) &&
4142                  bdaddr_type == d->last_adv_addr_type);
4143
4144         /* If the pending data doesn't match this report or this isn't a
4145          * scan response (e.g. we got a duplicate ADV_IND) then force
4146          * sending of the pending data.
4147          */
4148         if (type != LE_ADV_SCAN_RSP || !match) {
4149                 /* Send out whatever is in the cache, but skip duplicates */
4150                 if (!match)
4151                         mgmt_device_found(hdev, &d->last_adv_addr, LE_LINK,
4152                                           d->last_adv_addr_type, NULL,
4153                                           d->last_adv_rssi, 0, 1,
4154                                           d->last_adv_data,
4155                                           d->last_adv_data_len, NULL, 0);
4156
4157                 /* If the new report will trigger a SCAN_REQ store it for
4158                  * later merging.
4159                  */
4160                 if (type == LE_ADV_IND || type == LE_ADV_SCAN_IND) {
4161                         store_pending_adv_report(hdev, bdaddr, bdaddr_type,
4162                                                  rssi, data, len);
4163                         return;
4164                 }
4165
4166                 /* The advertising reports cannot be merged, so clear
4167                  * the pending report and send out a device found event.
4168                  */
4169                 clear_pending_adv_report(hdev);
4170                 mgmt_device_found(hdev, bdaddr, LE_LINK, bdaddr_type, NULL,
4171                                   rssi, 0, 1, data, len, NULL, 0);
4172                 return;
4173         }
4174
4175         /* If we get here we've got a pending ADV_IND or ADV_SCAN_IND and
4176          * the new event is a SCAN_RSP. We can therefore proceed with
4177          * sending a merged device found event.
4178          */
4179         mgmt_device_found(hdev, &d->last_adv_addr, LE_LINK,
4180                           d->last_adv_addr_type, NULL, rssi, 0, 1, data, len,
4181                           d->last_adv_data, d->last_adv_data_len);
4182         clear_pending_adv_report(hdev);
4183 }
4184
4185 static void hci_le_adv_report_evt(struct hci_dev *hdev, struct sk_buff *skb)
4186 {
4187         u8 num_reports = skb->data[0];
4188         void *ptr = &skb->data[1];
4189
4190         hci_dev_lock(hdev);
4191
4192         while (num_reports--) {
4193                 struct hci_ev_le_advertising_info *ev = ptr;
4194                 s8 rssi;
4195
4196                 rssi = ev->data[ev->length];
4197                 process_adv_report(hdev, ev->evt_type, &ev->bdaddr,
4198                                    ev->bdaddr_type, rssi, ev->data, ev->length);
4199
4200                 ptr += sizeof(*ev) + ev->length + 1;
4201         }
4202
4203         hci_dev_unlock(hdev);
4204 }
4205
4206 static void hci_le_ltk_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
4207 {
4208         struct hci_ev_le_ltk_req *ev = (void *) skb->data;
4209         struct hci_cp_le_ltk_reply cp;
4210         struct hci_cp_le_ltk_neg_reply neg;
4211         struct hci_conn *conn;
4212         struct smp_ltk *ltk;
4213
4214         BT_DBG("%s handle 0x%4.4x", hdev->name, __le16_to_cpu(ev->handle));
4215
4216         hci_dev_lock(hdev);
4217
4218         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
4219         if (conn == NULL)
4220                 goto not_found;
4221
4222         ltk = hci_find_ltk(hdev, ev->ediv, ev->rand, conn->out);
4223         if (ltk == NULL)
4224                 goto not_found;
4225
4226         memcpy(cp.ltk, ltk->val, sizeof(ltk->val));
4227         cp.handle = cpu_to_le16(conn->handle);
4228
4229         if (ltk->authenticated)
4230                 conn->pending_sec_level = BT_SECURITY_HIGH;
4231         else
4232                 conn->pending_sec_level = BT_SECURITY_MEDIUM;
4233
4234         conn->enc_key_size = ltk->enc_size;
4235
4236         hci_send_cmd(hdev, HCI_OP_LE_LTK_REPLY, sizeof(cp), &cp);
4237
4238         /* Ref. Bluetooth Core SPEC pages 1975 and 2004. STK is a
4239          * temporary key used to encrypt a connection following
4240          * pairing. It is used during the Encrypted Session Setup to
4241          * distribute the keys. Later, security can be re-established
4242          * using a distributed LTK.
4243          */
4244         if (ltk->type == HCI_SMP_STK_SLAVE) {
4245                 list_del(&ltk->list);
4246                 kfree(ltk);
4247         }
4248
4249         hci_dev_unlock(hdev);
4250
4251         return;
4252
4253 not_found:
4254         neg.handle = ev->handle;
4255         hci_send_cmd(hdev, HCI_OP_LE_LTK_NEG_REPLY, sizeof(neg), &neg);
4256         hci_dev_unlock(hdev);
4257 }
4258
4259 static void hci_le_meta_evt(struct hci_dev *hdev, struct sk_buff *skb)
4260 {
4261         struct hci_ev_le_meta *le_ev = (void *) skb->data;
4262
4263         skb_pull(skb, sizeof(*le_ev));
4264
4265         switch (le_ev->subevent) {
4266         case HCI_EV_LE_CONN_COMPLETE:
4267                 hci_le_conn_complete_evt(hdev, skb);
4268                 break;
4269
4270         case HCI_EV_LE_ADVERTISING_REPORT:
4271                 hci_le_adv_report_evt(hdev, skb);
4272                 break;
4273
4274         case HCI_EV_LE_LTK_REQ:
4275                 hci_le_ltk_request_evt(hdev, skb);
4276                 break;
4277
4278         default:
4279                 break;
4280         }
4281 }
4282
4283 static void hci_chan_selected_evt(struct hci_dev *hdev, struct sk_buff *skb)
4284 {
4285         struct hci_ev_channel_selected *ev = (void *) skb->data;
4286         struct hci_conn *hcon;
4287
4288         BT_DBG("%s handle 0x%2.2x", hdev->name, ev->phy_handle);
4289
4290         skb_pull(skb, sizeof(*ev));
4291
4292         hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
4293         if (!hcon)
4294                 return;
4295
4296         amp_read_loc_assoc_final_data(hdev, hcon);
4297 }
4298
4299 void hci_event_packet(struct hci_dev *hdev, struct sk_buff *skb)
4300 {
4301         struct hci_event_hdr *hdr = (void *) skb->data;
4302         __u8 event = hdr->evt;
4303
4304         hci_dev_lock(hdev);
4305
4306         /* Received events are (currently) only needed when a request is
4307          * ongoing so avoid unnecessary memory allocation.
4308          */
4309         if (hdev->req_status == HCI_REQ_PEND) {
4310                 kfree_skb(hdev->recv_evt);
4311                 hdev->recv_evt = skb_clone(skb, GFP_KERNEL);
4312         }
4313
4314         hci_dev_unlock(hdev);
4315
4316         skb_pull(skb, HCI_EVENT_HDR_SIZE);
4317
4318         if (hdev->sent_cmd && bt_cb(hdev->sent_cmd)->req.event == event) {
4319                 struct hci_command_hdr *cmd_hdr = (void *) hdev->sent_cmd->data;
4320                 u16 opcode = __le16_to_cpu(cmd_hdr->opcode);
4321
4322                 hci_req_cmd_complete(hdev, opcode, 0);
4323         }
4324
4325         switch (event) {
4326         case HCI_EV_INQUIRY_COMPLETE:
4327                 hci_inquiry_complete_evt(hdev, skb);
4328                 break;
4329
4330         case HCI_EV_INQUIRY_RESULT:
4331                 hci_inquiry_result_evt(hdev, skb);
4332                 break;
4333
4334         case HCI_EV_CONN_COMPLETE:
4335                 hci_conn_complete_evt(hdev, skb);
4336                 break;
4337
4338         case HCI_EV_CONN_REQUEST:
4339                 hci_conn_request_evt(hdev, skb);
4340                 break;
4341
4342         case HCI_EV_DISCONN_COMPLETE:
4343                 hci_disconn_complete_evt(hdev, skb);
4344                 break;
4345
4346         case HCI_EV_AUTH_COMPLETE:
4347                 hci_auth_complete_evt(hdev, skb);
4348                 break;
4349
4350         case HCI_EV_REMOTE_NAME:
4351                 hci_remote_name_evt(hdev, skb);
4352                 break;
4353
4354         case HCI_EV_ENCRYPT_CHANGE:
4355                 hci_encrypt_change_evt(hdev, skb);
4356                 break;
4357
4358         case HCI_EV_CHANGE_LINK_KEY_COMPLETE:
4359                 hci_change_link_key_complete_evt(hdev, skb);
4360                 break;
4361
4362         case HCI_EV_REMOTE_FEATURES:
4363                 hci_remote_features_evt(hdev, skb);
4364                 break;
4365
4366         case HCI_EV_CMD_COMPLETE:
4367                 hci_cmd_complete_evt(hdev, skb);
4368                 break;
4369
4370         case HCI_EV_CMD_STATUS:
4371                 hci_cmd_status_evt(hdev, skb);
4372                 break;
4373
4374         case HCI_EV_ROLE_CHANGE:
4375                 hci_role_change_evt(hdev, skb);
4376                 break;
4377
4378         case HCI_EV_NUM_COMP_PKTS:
4379                 hci_num_comp_pkts_evt(hdev, skb);
4380                 break;
4381
4382         case HCI_EV_MODE_CHANGE:
4383                 hci_mode_change_evt(hdev, skb);
4384                 break;
4385
4386         case HCI_EV_PIN_CODE_REQ:
4387                 hci_pin_code_request_evt(hdev, skb);
4388                 break;
4389
4390         case HCI_EV_LINK_KEY_REQ:
4391                 hci_link_key_request_evt(hdev, skb);
4392                 break;
4393
4394         case HCI_EV_LINK_KEY_NOTIFY:
4395                 hci_link_key_notify_evt(hdev, skb);
4396                 break;
4397
4398         case HCI_EV_CLOCK_OFFSET:
4399                 hci_clock_offset_evt(hdev, skb);
4400                 break;
4401
4402         case HCI_EV_PKT_TYPE_CHANGE:
4403                 hci_pkt_type_change_evt(hdev, skb);
4404                 break;
4405
4406         case HCI_EV_PSCAN_REP_MODE:
4407                 hci_pscan_rep_mode_evt(hdev, skb);
4408                 break;
4409
4410         case HCI_EV_INQUIRY_RESULT_WITH_RSSI:
4411                 hci_inquiry_result_with_rssi_evt(hdev, skb);
4412                 break;
4413
4414         case HCI_EV_REMOTE_EXT_FEATURES:
4415                 hci_remote_ext_features_evt(hdev, skb);
4416                 break;
4417
4418         case HCI_EV_SYNC_CONN_COMPLETE:
4419                 hci_sync_conn_complete_evt(hdev, skb);
4420                 break;
4421
4422         case HCI_EV_EXTENDED_INQUIRY_RESULT:
4423                 hci_extended_inquiry_result_evt(hdev, skb);
4424                 break;
4425
4426         case HCI_EV_KEY_REFRESH_COMPLETE:
4427                 hci_key_refresh_complete_evt(hdev, skb);
4428                 break;
4429
4430         case HCI_EV_IO_CAPA_REQUEST:
4431                 hci_io_capa_request_evt(hdev, skb);
4432                 break;
4433
4434         case HCI_EV_IO_CAPA_REPLY:
4435                 hci_io_capa_reply_evt(hdev, skb);
4436                 break;
4437
4438         case HCI_EV_USER_CONFIRM_REQUEST:
4439                 hci_user_confirm_request_evt(hdev, skb);
4440                 break;
4441
4442         case HCI_EV_USER_PASSKEY_REQUEST:
4443                 hci_user_passkey_request_evt(hdev, skb);
4444                 break;
4445
4446         case HCI_EV_USER_PASSKEY_NOTIFY:
4447                 hci_user_passkey_notify_evt(hdev, skb);
4448                 break;
4449
4450         case HCI_EV_KEYPRESS_NOTIFY:
4451                 hci_keypress_notify_evt(hdev, skb);
4452                 break;
4453
4454         case HCI_EV_SIMPLE_PAIR_COMPLETE:
4455                 hci_simple_pair_complete_evt(hdev, skb);
4456                 break;
4457
4458         case HCI_EV_REMOTE_HOST_FEATURES:
4459                 hci_remote_host_features_evt(hdev, skb);
4460                 break;
4461
4462         case HCI_EV_LE_META:
4463                 hci_le_meta_evt(hdev, skb);
4464                 break;
4465
4466         case HCI_EV_CHANNEL_SELECTED:
4467                 hci_chan_selected_evt(hdev, skb);
4468                 break;
4469
4470         case HCI_EV_REMOTE_OOB_DATA_REQUEST:
4471                 hci_remote_oob_data_request_evt(hdev, skb);
4472                 break;
4473
4474         case HCI_EV_PHY_LINK_COMPLETE:
4475                 hci_phy_link_complete_evt(hdev, skb);
4476                 break;
4477
4478         case HCI_EV_LOGICAL_LINK_COMPLETE:
4479                 hci_loglink_complete_evt(hdev, skb);
4480                 break;
4481
4482         case HCI_EV_DISCONN_LOGICAL_LINK_COMPLETE:
4483                 hci_disconn_loglink_complete_evt(hdev, skb);
4484                 break;
4485
4486         case HCI_EV_DISCONN_PHY_LINK_COMPLETE:
4487                 hci_disconn_phylink_complete_evt(hdev, skb);
4488                 break;
4489
4490         case HCI_EV_NUM_COMP_BLOCKS:
4491                 hci_num_comp_blocks_evt(hdev, skb);
4492                 break;
4493
4494         default:
4495                 BT_DBG("%s event 0x%2.2x", hdev->name, event);
4496                 break;
4497         }
4498
4499         kfree_skb(skb);
4500         hdev->stat.evt_rx++;
4501 }
Unnamed repository; edit this file 'description' to name the repository.