projects / firefly-linux-kernel-4.4.55.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Merge remote-tracking branch 'lsk/v3.10/topic/libfdt' into linux-linaro-lsk
[firefly-linux-kernel-4.4.55.git] / net / bluetooth / hci_event.c
1 /*
2    BlueZ - Bluetooth protocol stack for Linux
3    Copyright (c) 2000-2001, 2010, Code Aurora Forum. All rights reserved.
4
5    Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
6
7    This program is free software; you can redistribute it and/or modify
8    it under the terms of the GNU General Public License version 2 as
9    published by the Free Software Foundation;
10
11    THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12    OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13    FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14    IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15    CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16    WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17    ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18    OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
20    ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21    COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22    SOFTWARE IS DISCLAIMED.
23 */
24
25 /* Bluetooth HCI event handling. */
26
27 #include <asm/unaligned.h>
28
29 #include <net/bluetooth/bluetooth.h>
30 #include <net/bluetooth/hci_core.h>
31 #include <net/bluetooth/mgmt.h>
32 #include <net/bluetooth/a2mp.h>
33 #include <net/bluetooth/amp.h>
34
35 /* Handle HCI Event packets */
36
37 static void hci_cc_inquiry_cancel(struct hci_dev *hdev, struct sk_buff *skb)
38 {
39         __u8 status = *((__u8 *) skb->data);
40
41         BT_DBG("%s status 0x%2.2x", hdev->name, status);
42
43         if (status) {
44                 hci_dev_lock(hdev);
45                 mgmt_stop_discovery_failed(hdev, status);
46                 hci_dev_unlock(hdev);
47                 return;
48         }
49
50         clear_bit(HCI_INQUIRY, &hdev->flags);
51         smp_mb__after_clear_bit(); /* wake_up_bit advises about this barrier */
52         wake_up_bit(&hdev->flags, HCI_INQUIRY);
53
54         hci_dev_lock(hdev);
55         hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
56         hci_dev_unlock(hdev);
57
58         hci_conn_check_pending(hdev);
59 }
60
61 static void hci_cc_periodic_inq(struct hci_dev *hdev, struct sk_buff *skb)
62 {
63         __u8 status = *((__u8 *) skb->data);
64
65         BT_DBG("%s status 0x%2.2x", hdev->name, status);
66
67         if (status)
68                 return;
69
70         set_bit(HCI_PERIODIC_INQ, &hdev->dev_flags);
71 }
72
73 static void hci_cc_exit_periodic_inq(struct hci_dev *hdev, struct sk_buff *skb)
74 {
75         __u8 status = *((__u8 *) skb->data);
76
77         BT_DBG("%s status 0x%2.2x", hdev->name, status);
78
79         if (status)
80                 return;
81
82         clear_bit(HCI_PERIODIC_INQ, &hdev->dev_flags);
83
84         hci_conn_check_pending(hdev);
85 }
86
87 static void hci_cc_remote_name_req_cancel(struct hci_dev *hdev,
88                                           struct sk_buff *skb)
89 {
90         BT_DBG("%s", hdev->name);
91 }
92
93 static void hci_cc_role_discovery(struct hci_dev *hdev, struct sk_buff *skb)
94 {
95         struct hci_rp_role_discovery *rp = (void *) skb->data;
96         struct hci_conn *conn;
97
98         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
99
100         if (rp->status)
101                 return;
102
103         hci_dev_lock(hdev);
104
105         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
106         if (conn) {
107                 if (rp->role)
108                         conn->link_mode &= ~HCI_LM_MASTER;
109                 else
110                         conn->link_mode |= HCI_LM_MASTER;
111         }
112
113         hci_dev_unlock(hdev);
114 }
115
116 static void hci_cc_read_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
117 {
118         struct hci_rp_read_link_policy *rp = (void *) skb->data;
119         struct hci_conn *conn;
120
121         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
122
123         if (rp->status)
124                 return;
125
126         hci_dev_lock(hdev);
127
128         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
129         if (conn)
130                 conn->link_policy = __le16_to_cpu(rp->policy);
131
132         hci_dev_unlock(hdev);
133 }
134
135 static void hci_cc_write_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
136 {
137         struct hci_rp_write_link_policy *rp = (void *) skb->data;
138         struct hci_conn *conn;
139         void *sent;
140
141         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
142
143         if (rp->status)
144                 return;
145
146         sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LINK_POLICY);
147         if (!sent)
148                 return;
149
150         hci_dev_lock(hdev);
151
152         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
153         if (conn)
154                 conn->link_policy = get_unaligned_le16(sent + 2);
155
156         hci_dev_unlock(hdev);
157 }
158
159 static void hci_cc_read_def_link_policy(struct hci_dev *hdev,
160                                         struct sk_buff *skb)
161 {
162         struct hci_rp_read_def_link_policy *rp = (void *) skb->data;
163
164         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
165
166         if (rp->status)
167                 return;
168
169         hdev->link_policy = __le16_to_cpu(rp->policy);
170 }
171
172 static void hci_cc_write_def_link_policy(struct hci_dev *hdev,
173                                          struct sk_buff *skb)
174 {
175         __u8 status = *((__u8 *) skb->data);
176         void *sent;
177
178         BT_DBG("%s status 0x%2.2x", hdev->name, status);
179
180         sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_DEF_LINK_POLICY);
181         if (!sent)
182                 return;
183
184         if (!status)
185                 hdev->link_policy = get_unaligned_le16(sent);
186 }
187
188 static void hci_cc_reset(struct hci_dev *hdev, struct sk_buff *skb)
189 {
190         __u8 status = *((__u8 *) skb->data);
191
192         BT_DBG("%s status 0x%2.2x", hdev->name, status);
193
194         clear_bit(HCI_RESET, &hdev->flags);
195
196         /* Reset all non-persistent flags */
197         hdev->dev_flags &= ~HCI_PERSISTENT_MASK;
198
199         hdev->discovery.state = DISCOVERY_STOPPED;
200         hdev->inq_tx_power = HCI_TX_POWER_INVALID;
201         hdev->adv_tx_power = HCI_TX_POWER_INVALID;
202
203         memset(hdev->adv_data, 0, sizeof(hdev->adv_data));
204         hdev->adv_data_len = 0;
205 }
206
207 static void hci_cc_write_local_name(struct hci_dev *hdev, struct sk_buff *skb)
208 {
209         __u8 status = *((__u8 *) skb->data);
210         void *sent;
211
212         BT_DBG("%s status 0x%2.2x", hdev->name, status);
213
214         sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LOCAL_NAME);
215         if (!sent)
216                 return;
217
218         hci_dev_lock(hdev);
219
220         if (test_bit(HCI_MGMT, &hdev->dev_flags))
221                 mgmt_set_local_name_complete(hdev, sent, status);
222         else if (!status)
223                 memcpy(hdev->dev_name, sent, HCI_MAX_NAME_LENGTH);
224
225         hci_dev_unlock(hdev);
226 }
227
228 static void hci_cc_read_local_name(struct hci_dev *hdev, struct sk_buff *skb)
229 {
230         struct hci_rp_read_local_name *rp = (void *) skb->data;
231
232         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
233
234         if (rp->status)
235                 return;
236
237         if (test_bit(HCI_SETUP, &hdev->dev_flags))
238                 memcpy(hdev->dev_name, rp->name, HCI_MAX_NAME_LENGTH);
239 }
240
241 static void hci_cc_write_auth_enable(struct hci_dev *hdev, struct sk_buff *skb)
242 {
243         __u8 status = *((__u8 *) skb->data);
244         void *sent;
245
246         BT_DBG("%s status 0x%2.2x", hdev->name, status);
247
248         sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_AUTH_ENABLE);
249         if (!sent)
250                 return;
251
252         if (!status) {
253                 __u8 param = *((__u8 *) sent);
254
255                 if (param == AUTH_ENABLED)
256                         set_bit(HCI_AUTH, &hdev->flags);
257                 else
258                         clear_bit(HCI_AUTH, &hdev->flags);
259         }
260
261         if (test_bit(HCI_MGMT, &hdev->dev_flags))
262                 mgmt_auth_enable_complete(hdev, status);
263 }
264
265 static void hci_cc_write_encrypt_mode(struct hci_dev *hdev, struct sk_buff *skb)
266 {
267         __u8 status = *((__u8 *) skb->data);
268         void *sent;
269
270         BT_DBG("%s status 0x%2.2x", hdev->name, status);
271
272         sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_ENCRYPT_MODE);
273         if (!sent)
274                 return;
275
276         if (!status) {
277                 __u8 param = *((__u8 *) sent);
278
279                 if (param)
280                         set_bit(HCI_ENCRYPT, &hdev->flags);
281                 else
282                         clear_bit(HCI_ENCRYPT, &hdev->flags);
283         }
284 }
285
286 static void hci_cc_write_scan_enable(struct hci_dev *hdev, struct sk_buff *skb)
287 {
288         __u8 param, status = *((__u8 *) skb->data);
289         int old_pscan, old_iscan;
290         void *sent;
291
292         BT_DBG("%s status 0x%2.2x", hdev->name, status);
293
294         sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SCAN_ENABLE);
295         if (!sent)
296                 return;
297
298         param = *((__u8 *) sent);
299
300         hci_dev_lock(hdev);
301
302         if (status) {
303                 mgmt_write_scan_failed(hdev, param, status);
304                 hdev->discov_timeout = 0;
305                 goto done;
306         }
307
308         old_pscan = test_and_clear_bit(HCI_PSCAN, &hdev->flags);
309         old_iscan = test_and_clear_bit(HCI_ISCAN, &hdev->flags);
310
311         if (param & SCAN_INQUIRY) {
312                 set_bit(HCI_ISCAN, &hdev->flags);
313                 if (!old_iscan)
314                         mgmt_discoverable(hdev, 1);
315                 if (hdev->discov_timeout > 0) {
316                         int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
317                         queue_delayed_work(hdev->workqueue, &hdev->discov_off,
318                                            to);
319                 }
320         } else if (old_iscan)
321                 mgmt_discoverable(hdev, 0);
322
323         if (param & SCAN_PAGE) {
324                 set_bit(HCI_PSCAN, &hdev->flags);
325                 if (!old_pscan)
326                         mgmt_connectable(hdev, 1);
327         } else if (old_pscan)
328                 mgmt_connectable(hdev, 0);
329
330 done:
331         hci_dev_unlock(hdev);
332 }
333
334 static void hci_cc_read_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
335 {
336         struct hci_rp_read_class_of_dev *rp = (void *) skb->data;
337
338         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
339
340         if (rp->status)
341                 return;
342
343         memcpy(hdev->dev_class, rp->dev_class, 3);
344
345         BT_DBG("%s class 0x%.2x%.2x%.2x", hdev->name,
346                hdev->dev_class[2], hdev->dev_class[1], hdev->dev_class[0]);
347 }
348
349 static void hci_cc_write_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
350 {
351         __u8 status = *((__u8 *) skb->data);
352         void *sent;
353
354         BT_DBG("%s status 0x%2.2x", hdev->name, status);
355
356         sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_CLASS_OF_DEV);
357         if (!sent)
358                 return;
359
360         hci_dev_lock(hdev);
361
362         if (status == 0)
363                 memcpy(hdev->dev_class, sent, 3);
364
365         if (test_bit(HCI_MGMT, &hdev->dev_flags))
366                 mgmt_set_class_of_dev_complete(hdev, sent, status);
367
368         hci_dev_unlock(hdev);
369 }
370
371 static void hci_cc_read_voice_setting(struct hci_dev *hdev, struct sk_buff *skb)
372 {
373         struct hci_rp_read_voice_setting *rp = (void *) skb->data;
374         __u16 setting;
375
376         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
377
378         if (rp->status)
379                 return;
380
381         setting = __le16_to_cpu(rp->voice_setting);
382
383         if (hdev->voice_setting == setting)
384                 return;
385
386         hdev->voice_setting = setting;
387
388         BT_DBG("%s voice setting 0x%4.4x", hdev->name, setting);
389
390         if (hdev->notify)
391                 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
392 }
393
394 static void hci_cc_write_voice_setting(struct hci_dev *hdev,
395                                        struct sk_buff *skb)
396 {
397         __u8 status = *((__u8 *) skb->data);
398         __u16 setting;
399         void *sent;
400
401         BT_DBG("%s status 0x%2.2x", hdev->name, status);
402
403         if (status)
404                 return;
405
406         sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_VOICE_SETTING);
407         if (!sent)
408                 return;
409
410         setting = get_unaligned_le16(sent);
411
412         if (hdev->voice_setting == setting)
413                 return;
414
415         hdev->voice_setting = setting;
416
417         BT_DBG("%s voice setting 0x%4.4x", hdev->name, setting);
418
419         if (hdev->notify)
420                 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
421 }
422
423 static void hci_cc_write_ssp_mode(struct hci_dev *hdev, struct sk_buff *skb)
424 {
425         __u8 status = *((__u8 *) skb->data);
426         struct hci_cp_write_ssp_mode *sent;
427
428         BT_DBG("%s status 0x%2.2x", hdev->name, status);
429
430         sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SSP_MODE);
431         if (!sent)
432                 return;
433
434         if (!status) {
435                 if (sent->mode)
436                         hdev->features[1][0] |= LMP_HOST_SSP;
437                 else
438                         hdev->features[1][0] &= ~LMP_HOST_SSP;
439         }
440
441         if (test_bit(HCI_MGMT, &hdev->dev_flags))
442                 mgmt_ssp_enable_complete(hdev, sent->mode, status);
443         else if (!status) {
444                 if (sent->mode)
445                         set_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
446                 else
447                         clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
448         }
449 }
450
451 static void hci_cc_read_local_version(struct hci_dev *hdev, struct sk_buff *skb)
452 {
453         struct hci_rp_read_local_version *rp = (void *) skb->data;
454
455         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
456
457         if (rp->status)
458                 return;
459
460         hdev->hci_ver = rp->hci_ver;
461         hdev->hci_rev = __le16_to_cpu(rp->hci_rev);
462         hdev->lmp_ver = rp->lmp_ver;
463         hdev->manufacturer = __le16_to_cpu(rp->manufacturer);
464         hdev->lmp_subver = __le16_to_cpu(rp->lmp_subver);
465
466         BT_DBG("%s manufacturer 0x%4.4x hci ver %d:%d", hdev->name,
467                hdev->manufacturer, hdev->hci_ver, hdev->hci_rev);
468 }
469
470 static void hci_cc_read_local_commands(struct hci_dev *hdev,
471                                        struct sk_buff *skb)
472 {
473         struct hci_rp_read_local_commands *rp = (void *) skb->data;
474
475         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
476
477         if (!rp->status)
478                 memcpy(hdev->commands, rp->commands, sizeof(hdev->commands));
479 }
480
481 static void hci_cc_read_local_features(struct hci_dev *hdev,
482                                        struct sk_buff *skb)
483 {
484         struct hci_rp_read_local_features *rp = (void *) skb->data;
485
486         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
487
488         if (rp->status)
489                 return;
490
491         memcpy(hdev->features, rp->features, 8);
492
493         /* Adjust default settings according to features
494          * supported by device. */
495
496         if (hdev->features[0][0] & LMP_3SLOT)
497                 hdev->pkt_type |= (HCI_DM3 | HCI_DH3);
498
499         if (hdev->features[0][0] & LMP_5SLOT)
500                 hdev->pkt_type |= (HCI_DM5 | HCI_DH5);
501
502         if (hdev->features[0][1] & LMP_HV2) {
503                 hdev->pkt_type  |= (HCI_HV2);
504                 hdev->esco_type |= (ESCO_HV2);
505         }
506
507         if (hdev->features[0][1] & LMP_HV3) {
508                 hdev->pkt_type  |= (HCI_HV3);
509                 hdev->esco_type |= (ESCO_HV3);
510         }
511
512         if (lmp_esco_capable(hdev))
513                 hdev->esco_type |= (ESCO_EV3);
514
515         if (hdev->features[0][4] & LMP_EV4)
516                 hdev->esco_type |= (ESCO_EV4);
517
518         if (hdev->features[0][4] & LMP_EV5)
519                 hdev->esco_type |= (ESCO_EV5);
520
521         if (hdev->features[0][5] & LMP_EDR_ESCO_2M)
522                 hdev->esco_type |= (ESCO_2EV3);
523
524         if (hdev->features[0][5] & LMP_EDR_ESCO_3M)
525                 hdev->esco_type |= (ESCO_3EV3);
526
527         if (hdev->features[0][5] & LMP_EDR_3S_ESCO)
528                 hdev->esco_type |= (ESCO_2EV5 | ESCO_3EV5);
529
530         BT_DBG("%s features 0x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x", hdev->name,
531                hdev->features[0][0], hdev->features[0][1],
532                hdev->features[0][2], hdev->features[0][3],
533                hdev->features[0][4], hdev->features[0][5],
534                hdev->features[0][6], hdev->features[0][7]);
535 }
536
537 static void hci_cc_read_local_ext_features(struct hci_dev *hdev,
538                                            struct sk_buff *skb)
539 {
540         struct hci_rp_read_local_ext_features *rp = (void *) skb->data;
541
542         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
543
544         if (rp->status)
545                 return;
546
547         hdev->max_page = rp->max_page;
548
549         if (rp->page < HCI_MAX_PAGES)
550                 memcpy(hdev->features[rp->page], rp->features, 8);
551 }
552
553 static void hci_cc_read_flow_control_mode(struct hci_dev *hdev,
554                                           struct sk_buff *skb)
555 {
556         struct hci_rp_read_flow_control_mode *rp = (void *) skb->data;
557
558         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
559
560         if (!rp->status)
561                 hdev->flow_ctl_mode = rp->mode;
562 }
563
564 static void hci_cc_read_buffer_size(struct hci_dev *hdev, struct sk_buff *skb)
565 {
566         struct hci_rp_read_buffer_size *rp = (void *) skb->data;
567
568         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
569
570         if (rp->status)
571                 return;
572
573         hdev->acl_mtu  = __le16_to_cpu(rp->acl_mtu);
574         hdev->sco_mtu  = rp->sco_mtu;
575         hdev->acl_pkts = __le16_to_cpu(rp->acl_max_pkt);
576         hdev->sco_pkts = __le16_to_cpu(rp->sco_max_pkt);
577
578         if (test_bit(HCI_QUIRK_FIXUP_BUFFER_SIZE, &hdev->quirks)) {
579                 hdev->sco_mtu  = 64;
580                 hdev->sco_pkts = 8;
581         }
582
583         hdev->acl_cnt = hdev->acl_pkts;
584         hdev->sco_cnt = hdev->sco_pkts;
585
586         BT_DBG("%s acl mtu %d:%d sco mtu %d:%d", hdev->name, hdev->acl_mtu,
587                hdev->acl_pkts, hdev->sco_mtu, hdev->sco_pkts);
588 }
589
590 static void hci_cc_read_bd_addr(struct hci_dev *hdev, struct sk_buff *skb)
591 {
592         struct hci_rp_read_bd_addr *rp = (void *) skb->data;
593
594         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
595
596         if (!rp->status)
597                 bacpy(&hdev->bdaddr, &rp->bdaddr);
598 }
599
600 static void hci_cc_read_page_scan_activity(struct hci_dev *hdev,
601                                            struct sk_buff *skb)
602 {
603         struct hci_rp_read_page_scan_activity *rp = (void *) skb->data;
604
605         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
606
607         if (test_bit(HCI_INIT, &hdev->flags) && !rp->status) {
608                 hdev->page_scan_interval = __le16_to_cpu(rp->interval);
609                 hdev->page_scan_window = __le16_to_cpu(rp->window);
610         }
611 }
612
613 static void hci_cc_write_page_scan_activity(struct hci_dev *hdev,
614                                             struct sk_buff *skb)
615 {
616         u8 status = *((u8 *) skb->data);
617         struct hci_cp_write_page_scan_activity *sent;
618
619         BT_DBG("%s status 0x%2.2x", hdev->name, status);
620
621         if (status)
622                 return;
623
624         sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY);
625         if (!sent)
626                 return;
627
628         hdev->page_scan_interval = __le16_to_cpu(sent->interval);
629         hdev->page_scan_window = __le16_to_cpu(sent->window);
630 }
631
632 static void hci_cc_read_page_scan_type(struct hci_dev *hdev,
633                                            struct sk_buff *skb)
634 {
635         struct hci_rp_read_page_scan_type *rp = (void *) skb->data;
636
637         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
638
639         if (test_bit(HCI_INIT, &hdev->flags) && !rp->status)
640                 hdev->page_scan_type = rp->type;
641 }
642
643 static void hci_cc_write_page_scan_type(struct hci_dev *hdev,
644                                         struct sk_buff *skb)
645 {
646         u8 status = *((u8 *) skb->data);
647         u8 *type;
648
649         BT_DBG("%s status 0x%2.2x", hdev->name, status);
650
651         if (status)
652                 return;
653
654         type = hci_sent_cmd_data(hdev, HCI_OP_WRITE_PAGE_SCAN_TYPE);
655         if (type)
656                 hdev->page_scan_type = *type;
657 }
658
659 static void hci_cc_read_data_block_size(struct hci_dev *hdev,
660                                         struct sk_buff *skb)
661 {
662         struct hci_rp_read_data_block_size *rp = (void *) skb->data;
663
664         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
665
666         if (rp->status)
667                 return;
668
669         hdev->block_mtu = __le16_to_cpu(rp->max_acl_len);
670         hdev->block_len = __le16_to_cpu(rp->block_len);
671         hdev->num_blocks = __le16_to_cpu(rp->num_blocks);
672
673         hdev->block_cnt = hdev->num_blocks;
674
675         BT_DBG("%s blk mtu %d cnt %d len %d", hdev->name, hdev->block_mtu,
676                hdev->block_cnt, hdev->block_len);
677 }
678
679 static void hci_cc_read_local_amp_info(struct hci_dev *hdev,
680                                        struct sk_buff *skb)
681 {
682         struct hci_rp_read_local_amp_info *rp = (void *) skb->data;
683
684         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
685
686         if (rp->status)
687                 goto a2mp_rsp;
688
689         hdev->amp_status = rp->amp_status;
690         hdev->amp_total_bw = __le32_to_cpu(rp->total_bw);
691         hdev->amp_max_bw = __le32_to_cpu(rp->max_bw);
692         hdev->amp_min_latency = __le32_to_cpu(rp->min_latency);
693         hdev->amp_max_pdu = __le32_to_cpu(rp->max_pdu);
694         hdev->amp_type = rp->amp_type;
695         hdev->amp_pal_cap = __le16_to_cpu(rp->pal_cap);
696         hdev->amp_assoc_size = __le16_to_cpu(rp->max_assoc_size);
697         hdev->amp_be_flush_to = __le32_to_cpu(rp->be_flush_to);
698         hdev->amp_max_flush_to = __le32_to_cpu(rp->max_flush_to);
699
700 a2mp_rsp:
701         a2mp_send_getinfo_rsp(hdev);
702 }
703
704 static void hci_cc_read_local_amp_assoc(struct hci_dev *hdev,
705                                         struct sk_buff *skb)
706 {
707         struct hci_rp_read_local_amp_assoc *rp = (void *) skb->data;
708         struct amp_assoc *assoc = &hdev->loc_assoc;
709         size_t rem_len, frag_len;
710
711         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
712
713         if (rp->status)
714                 goto a2mp_rsp;
715
716         frag_len = skb->len - sizeof(*rp);
717         rem_len = __le16_to_cpu(rp->rem_len);
718
719         if (rem_len > frag_len) {
720                 BT_DBG("frag_len %zu rem_len %zu", frag_len, rem_len);
721
722                 memcpy(assoc->data + assoc->offset, rp->frag, frag_len);
723                 assoc->offset += frag_len;
724
725                 /* Read other fragments */
726                 amp_read_loc_assoc_frag(hdev, rp->phy_handle);
727
728                 return;
729         }
730
731         memcpy(assoc->data + assoc->offset, rp->frag, rem_len);
732         assoc->len = assoc->offset + rem_len;
733         assoc->offset = 0;
734
735 a2mp_rsp:
736         /* Send A2MP Rsp when all fragments are received */
737         a2mp_send_getampassoc_rsp(hdev, rp->status);
738         a2mp_send_create_phy_link_req(hdev, rp->status);
739 }
740
741 static void hci_cc_read_inq_rsp_tx_power(struct hci_dev *hdev,
742                                          struct sk_buff *skb)
743 {
744         struct hci_rp_read_inq_rsp_tx_power *rp = (void *) skb->data;
745
746         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
747
748         if (!rp->status)
749                 hdev->inq_tx_power = rp->tx_power;
750 }
751
752 static void hci_cc_pin_code_reply(struct hci_dev *hdev, struct sk_buff *skb)
753 {
754         struct hci_rp_pin_code_reply *rp = (void *) skb->data;
755         struct hci_cp_pin_code_reply *cp;
756         struct hci_conn *conn;
757
758         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
759
760         hci_dev_lock(hdev);
761
762         if (test_bit(HCI_MGMT, &hdev->dev_flags))
763                 mgmt_pin_code_reply_complete(hdev, &rp->bdaddr, rp->status);
764
765         if (rp->status)
766                 goto unlock;
767
768         cp = hci_sent_cmd_data(hdev, HCI_OP_PIN_CODE_REPLY);
769         if (!cp)
770                 goto unlock;
771
772         conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
773         if (conn)
774                 conn->pin_length = cp->pin_len;
775
776 unlock:
777         hci_dev_unlock(hdev);
778 }
779
780 static void hci_cc_pin_code_neg_reply(struct hci_dev *hdev, struct sk_buff *skb)
781 {
782         struct hci_rp_pin_code_neg_reply *rp = (void *) skb->data;
783
784         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
785
786         hci_dev_lock(hdev);
787
788         if (test_bit(HCI_MGMT, &hdev->dev_flags))
789                 mgmt_pin_code_neg_reply_complete(hdev, &rp->bdaddr,
790                                                  rp->status);
791
792         hci_dev_unlock(hdev);
793 }
794
795 static void hci_cc_le_read_buffer_size(struct hci_dev *hdev,
796                                        struct sk_buff *skb)
797 {
798         struct hci_rp_le_read_buffer_size *rp = (void *) skb->data;
799
800         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
801
802         if (rp->status)
803                 return;
804
805         hdev->le_mtu = __le16_to_cpu(rp->le_mtu);
806         hdev->le_pkts = rp->le_max_pkt;
807
808         hdev->le_cnt = hdev->le_pkts;
809
810         BT_DBG("%s le mtu %d:%d", hdev->name, hdev->le_mtu, hdev->le_pkts);
811 }
812
813 static void hci_cc_le_read_local_features(struct hci_dev *hdev,
814                                           struct sk_buff *skb)
815 {
816         struct hci_rp_le_read_local_features *rp = (void *) skb->data;
817
818         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
819
820         if (!rp->status)
821                 memcpy(hdev->le_features, rp->features, 8);
822 }
823
824 static void hci_cc_le_read_adv_tx_power(struct hci_dev *hdev,
825                                         struct sk_buff *skb)
826 {
827         struct hci_rp_le_read_adv_tx_power *rp = (void *) skb->data;
828
829         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
830
831         if (!rp->status)
832                 hdev->adv_tx_power = rp->tx_power;
833 }
834
835 static void hci_cc_user_confirm_reply(struct hci_dev *hdev, struct sk_buff *skb)
836 {
837         struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
838
839         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
840
841         hci_dev_lock(hdev);
842
843         if (test_bit(HCI_MGMT, &hdev->dev_flags))
844                 mgmt_user_confirm_reply_complete(hdev, &rp->bdaddr, ACL_LINK, 0,
845                                                  rp->status);
846
847         hci_dev_unlock(hdev);
848 }
849
850 static void hci_cc_user_confirm_neg_reply(struct hci_dev *hdev,
851                                           struct sk_buff *skb)
852 {
853         struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
854
855         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
856
857         hci_dev_lock(hdev);
858
859         if (test_bit(HCI_MGMT, &hdev->dev_flags))
860                 mgmt_user_confirm_neg_reply_complete(hdev, &rp->bdaddr,
861                                                      ACL_LINK, 0, rp->status);
862
863         hci_dev_unlock(hdev);
864 }
865
866 static void hci_cc_user_passkey_reply(struct hci_dev *hdev, struct sk_buff *skb)
867 {
868         struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
869
870         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
871
872         hci_dev_lock(hdev);
873
874         if (test_bit(HCI_MGMT, &hdev->dev_flags))
875                 mgmt_user_passkey_reply_complete(hdev, &rp->bdaddr, ACL_LINK,
876                                                  0, rp->status);
877
878         hci_dev_unlock(hdev);
879 }
880
881 static void hci_cc_user_passkey_neg_reply(struct hci_dev *hdev,
882                                           struct sk_buff *skb)
883 {
884         struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
885
886         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
887
888         hci_dev_lock(hdev);
889
890         if (test_bit(HCI_MGMT, &hdev->dev_flags))
891                 mgmt_user_passkey_neg_reply_complete(hdev, &rp->bdaddr,
892                                                      ACL_LINK, 0, rp->status);
893
894         hci_dev_unlock(hdev);
895 }
896
897 static void hci_cc_read_local_oob_data_reply(struct hci_dev *hdev,
898                                              struct sk_buff *skb)
899 {
900         struct hci_rp_read_local_oob_data *rp = (void *) skb->data;
901
902         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
903
904         hci_dev_lock(hdev);
905         mgmt_read_local_oob_data_reply_complete(hdev, rp->hash,
906                                                 rp->randomizer, rp->status);
907         hci_dev_unlock(hdev);
908 }
909
910 static void hci_cc_le_set_adv_enable(struct hci_dev *hdev, struct sk_buff *skb)
911 {
912         __u8 *sent, status = *((__u8 *) skb->data);
913
914         BT_DBG("%s status 0x%2.2x", hdev->name, status);
915
916         sent = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_ADV_ENABLE);
917         if (!sent)
918                 return;
919
920         hci_dev_lock(hdev);
921
922         if (!status) {
923                 if (*sent)
924                         set_bit(HCI_LE_PERIPHERAL, &hdev->dev_flags);
925                 else
926                         clear_bit(HCI_LE_PERIPHERAL, &hdev->dev_flags);
927         }
928
929         if (!test_bit(HCI_INIT, &hdev->flags)) {
930                 struct hci_request req;
931
932                 hci_req_init(&req, hdev);
933                 hci_update_ad(&req);
934                 hci_req_run(&req, NULL);
935         }
936
937         hci_dev_unlock(hdev);
938 }
939
940 static void hci_cc_le_set_scan_param(struct hci_dev *hdev, struct sk_buff *skb)
941 {
942         __u8 status = *((__u8 *) skb->data);
943
944         BT_DBG("%s status 0x%2.2x", hdev->name, status);
945
946         if (status) {
947                 hci_dev_lock(hdev);
948                 mgmt_start_discovery_failed(hdev, status);
949                 hci_dev_unlock(hdev);
950                 return;
951         }
952 }
953
954 static void hci_cc_le_set_scan_enable(struct hci_dev *hdev,
955                                       struct sk_buff *skb)
956 {
957         struct hci_cp_le_set_scan_enable *cp;
958         __u8 status = *((__u8 *) skb->data);
959
960         BT_DBG("%s status 0x%2.2x", hdev->name, status);
961
962         cp = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_SCAN_ENABLE);
963         if (!cp)
964                 return;
965
966         switch (cp->enable) {
967         case LE_SCAN_ENABLE:
968                 if (status) {
969                         hci_dev_lock(hdev);
970                         mgmt_start_discovery_failed(hdev, status);
971                         hci_dev_unlock(hdev);
972                         return;
973                 }
974
975                 set_bit(HCI_LE_SCAN, &hdev->dev_flags);
976
977                 hci_dev_lock(hdev);
978                 hci_discovery_set_state(hdev, DISCOVERY_FINDING);
979                 hci_dev_unlock(hdev);
980                 break;
981
982         case LE_SCAN_DISABLE:
983                 if (status) {
984                         hci_dev_lock(hdev);
985                         mgmt_stop_discovery_failed(hdev, status);
986                         hci_dev_unlock(hdev);
987                         return;
988                 }
989
990                 clear_bit(HCI_LE_SCAN, &hdev->dev_flags);
991
992                 if (hdev->discovery.type == DISCOV_TYPE_INTERLEAVED &&
993                     hdev->discovery.state == DISCOVERY_FINDING) {
994                         mgmt_interleaved_discovery(hdev);
995                 } else {
996                         hci_dev_lock(hdev);
997                         hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
998                         hci_dev_unlock(hdev);
999                 }
1000
1001                 break;
1002
1003         default:
1004                 BT_ERR("Used reserved LE_Scan_Enable param %d", cp->enable);
1005                 break;
1006         }
1007 }
1008
1009 static void hci_cc_le_read_white_list_size(struct hci_dev *hdev,
1010                                            struct sk_buff *skb)
1011 {
1012         struct hci_rp_le_read_white_list_size *rp = (void *) skb->data;
1013
1014         BT_DBG("%s status 0x%2.2x size %u", hdev->name, rp->status, rp->size);
1015
1016         if (!rp->status)
1017                 hdev->le_white_list_size = rp->size;
1018 }
1019
1020 static void hci_cc_le_read_supported_states(struct hci_dev *hdev,
1021                                             struct sk_buff *skb)
1022 {
1023         struct hci_rp_le_read_supported_states *rp = (void *) skb->data;
1024
1025         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1026
1027         if (!rp->status)
1028                 memcpy(hdev->le_states, rp->le_states, 8);
1029 }
1030
1031 static void hci_cc_write_le_host_supported(struct hci_dev *hdev,
1032                                            struct sk_buff *skb)
1033 {
1034         struct hci_cp_write_le_host_supported *sent;
1035         __u8 status = *((__u8 *) skb->data);
1036
1037         BT_DBG("%s status 0x%2.2x", hdev->name, status);
1038
1039         sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED);
1040         if (!sent)
1041                 return;
1042
1043         if (!status) {
1044                 if (sent->le)
1045                         hdev->features[1][0] |= LMP_HOST_LE;
1046                 else
1047                         hdev->features[1][0] &= ~LMP_HOST_LE;
1048
1049                 if (sent->simul)
1050                         hdev->features[1][0] |= LMP_HOST_LE_BREDR;
1051                 else
1052                         hdev->features[1][0] &= ~LMP_HOST_LE_BREDR;
1053         }
1054
1055         if (test_bit(HCI_MGMT, &hdev->dev_flags) &&
1056             !test_bit(HCI_INIT, &hdev->flags))
1057                 mgmt_le_enable_complete(hdev, sent->le, status);
1058 }
1059
1060 static void hci_cc_write_remote_amp_assoc(struct hci_dev *hdev,
1061                                           struct sk_buff *skb)
1062 {
1063         struct hci_rp_write_remote_amp_assoc *rp = (void *) skb->data;
1064
1065         BT_DBG("%s status 0x%2.2x phy_handle 0x%2.2x",
1066                hdev->name, rp->status, rp->phy_handle);
1067
1068         if (rp->status)
1069                 return;
1070
1071         amp_write_rem_assoc_continue(hdev, rp->phy_handle);
1072 }
1073
1074 static void hci_cs_inquiry(struct hci_dev *hdev, __u8 status)
1075 {
1076         BT_DBG("%s status 0x%2.2x", hdev->name, status);
1077
1078         if (status) {
1079                 hci_conn_check_pending(hdev);
1080                 hci_dev_lock(hdev);
1081                 if (test_bit(HCI_MGMT, &hdev->dev_flags))
1082                         mgmt_start_discovery_failed(hdev, status);
1083                 hci_dev_unlock(hdev);
1084                 return;
1085         }
1086
1087         set_bit(HCI_INQUIRY, &hdev->flags);
1088
1089         hci_dev_lock(hdev);
1090         hci_discovery_set_state(hdev, DISCOVERY_FINDING);
1091         hci_dev_unlock(hdev);
1092 }
1093
1094 static void hci_cs_create_conn(struct hci_dev *hdev, __u8 status)
1095 {
1096         struct hci_cp_create_conn *cp;
1097         struct hci_conn *conn;
1098
1099         BT_DBG("%s status 0x%2.2x", hdev->name, status);
1100
1101         cp = hci_sent_cmd_data(hdev, HCI_OP_CREATE_CONN);
1102         if (!cp)
1103                 return;
1104
1105         hci_dev_lock(hdev);
1106
1107         conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1108
1109         BT_DBG("%s bdaddr %pMR hcon %p", hdev->name, &cp->bdaddr, conn);
1110
1111         if (status) {
1112                 if (conn && conn->state == BT_CONNECT) {
1113                         if (status != 0x0c || conn->attempt > 2) {
1114                                 conn->state = BT_CLOSED;
1115                                 hci_proto_connect_cfm(conn, status);
1116                                 hci_conn_del(conn);
1117                         } else
1118                                 conn->state = BT_CONNECT2;
1119                 }
1120         } else {
1121                 if (!conn) {
1122                         conn = hci_conn_add(hdev, ACL_LINK, &cp->bdaddr);
1123                         if (conn) {
1124                                 conn->out = true;
1125                                 conn->link_mode |= HCI_LM_MASTER;
1126                         } else
1127                                 BT_ERR("No memory for new connection");
1128                 }
1129         }
1130
1131         hci_dev_unlock(hdev);
1132 }
1133
1134 static void hci_cs_add_sco(struct hci_dev *hdev, __u8 status)
1135 {
1136         struct hci_cp_add_sco *cp;
1137         struct hci_conn *acl, *sco;
1138         __u16 handle;
1139
1140         BT_DBG("%s status 0x%2.2x", hdev->name, status);
1141
1142         if (!status)
1143                 return;
1144
1145         cp = hci_sent_cmd_data(hdev, HCI_OP_ADD_SCO);
1146         if (!cp)
1147                 return;
1148
1149         handle = __le16_to_cpu(cp->handle);
1150
1151         BT_DBG("%s handle 0x%4.4x", hdev->name, handle);
1152
1153         hci_dev_lock(hdev);
1154
1155         acl = hci_conn_hash_lookup_handle(hdev, handle);
1156         if (acl) {
1157                 sco = acl->link;
1158                 if (sco) {
1159                         sco->state = BT_CLOSED;
1160
1161                         hci_proto_connect_cfm(sco, status);
1162                         hci_conn_del(sco);
1163                 }
1164         }
1165
1166         hci_dev_unlock(hdev);
1167 }
1168
1169 static void hci_cs_auth_requested(struct hci_dev *hdev, __u8 status)
1170 {
1171         struct hci_cp_auth_requested *cp;
1172         struct hci_conn *conn;
1173
1174         BT_DBG("%s status 0x%2.2x", hdev->name, status);
1175
1176         if (!status)
1177                 return;
1178
1179         cp = hci_sent_cmd_data(hdev, HCI_OP_AUTH_REQUESTED);
1180         if (!cp)
1181                 return;
1182
1183         hci_dev_lock(hdev);
1184
1185         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1186         if (conn) {
1187                 if (conn->state == BT_CONFIG) {
1188                         hci_proto_connect_cfm(conn, status);
1189                         hci_conn_drop(conn);
1190                 }
1191         }
1192
1193         hci_dev_unlock(hdev);
1194 }
1195
1196 static void hci_cs_set_conn_encrypt(struct hci_dev *hdev, __u8 status)
1197 {
1198         struct hci_cp_set_conn_encrypt *cp;
1199         struct hci_conn *conn;
1200
1201         BT_DBG("%s status 0x%2.2x", hdev->name, status);
1202
1203         if (!status)
1204                 return;
1205
1206         cp = hci_sent_cmd_data(hdev, HCI_OP_SET_CONN_ENCRYPT);
1207         if (!cp)
1208                 return;
1209
1210         hci_dev_lock(hdev);
1211
1212         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1213         if (conn) {
1214                 if (conn->state == BT_CONFIG) {
1215                         hci_proto_connect_cfm(conn, status);
1216                         hci_conn_drop(conn);
1217                 }
1218         }
1219
1220         hci_dev_unlock(hdev);
1221 }
1222
1223 static int hci_outgoing_auth_needed(struct hci_dev *hdev,
1224                                     struct hci_conn *conn)
1225 {
1226         if (conn->state != BT_CONFIG || !conn->out)
1227                 return 0;
1228
1229         if (conn->pending_sec_level == BT_SECURITY_SDP)
1230                 return 0;
1231
1232         /* Only request authentication for SSP connections or non-SSP
1233          * devices with sec_level HIGH or if MITM protection is requested */
1234         if (!hci_conn_ssp_enabled(conn) && !(conn->auth_type & 0x01) &&
1235             conn->pending_sec_level != BT_SECURITY_HIGH)
1236                 return 0;
1237
1238         return 1;
1239 }
1240
1241 static int hci_resolve_name(struct hci_dev *hdev,
1242                                    struct inquiry_entry *e)
1243 {
1244         struct hci_cp_remote_name_req cp;
1245
1246         memset(&cp, 0, sizeof(cp));
1247
1248         bacpy(&cp.bdaddr, &e->data.bdaddr);
1249         cp.pscan_rep_mode = e->data.pscan_rep_mode;
1250         cp.pscan_mode = e->data.pscan_mode;
1251         cp.clock_offset = e->data.clock_offset;
1252
1253         return hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
1254 }
1255
1256 static bool hci_resolve_next_name(struct hci_dev *hdev)
1257 {
1258         struct discovery_state *discov = &hdev->discovery;
1259         struct inquiry_entry *e;
1260
1261         if (list_empty(&discov->resolve))
1262                 return false;
1263
1264         e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_NEEDED);
1265         if (!e)
1266                 return false;
1267
1268         if (hci_resolve_name(hdev, e) == 0) {
1269                 e->name_state = NAME_PENDING;
1270                 return true;
1271         }
1272
1273         return false;
1274 }
1275
1276 static void hci_check_pending_name(struct hci_dev *hdev, struct hci_conn *conn,
1277                                    bdaddr_t *bdaddr, u8 *name, u8 name_len)
1278 {
1279         struct discovery_state *discov = &hdev->discovery;
1280         struct inquiry_entry *e;
1281
1282         if (conn && !test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
1283                 mgmt_device_connected(hdev, bdaddr, ACL_LINK, 0x00, 0, name,
1284                                       name_len, conn->dev_class);
1285
1286         if (discov->state == DISCOVERY_STOPPED)
1287                 return;
1288
1289         if (discov->state == DISCOVERY_STOPPING)
1290                 goto discov_complete;
1291
1292         if (discov->state != DISCOVERY_RESOLVING)
1293                 return;
1294
1295         e = hci_inquiry_cache_lookup_resolve(hdev, bdaddr, NAME_PENDING);
1296         /* If the device was not found in a list of found devices names of which
1297          * are pending. there is no need to continue resolving a next name as it
1298          * will be done upon receiving another Remote Name Request Complete
1299          * Event */
1300         if (!e)
1301                 return;
1302
1303         list_del(&e->list);
1304         if (name) {
1305                 e->name_state = NAME_KNOWN;
1306                 mgmt_remote_name(hdev, bdaddr, ACL_LINK, 0x00,
1307                                  e->data.rssi, name, name_len);
1308         } else {
1309                 e->name_state = NAME_NOT_KNOWN;
1310         }
1311
1312         if (hci_resolve_next_name(hdev))
1313                 return;
1314
1315 discov_complete:
1316         hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1317 }
1318
1319 static void hci_cs_remote_name_req(struct hci_dev *hdev, __u8 status)
1320 {
1321         struct hci_cp_remote_name_req *cp;
1322         struct hci_conn *conn;
1323
1324         BT_DBG("%s status 0x%2.2x", hdev->name, status);
1325
1326         /* If successful wait for the name req complete event before
1327          * checking for the need to do authentication */
1328         if (!status)
1329                 return;
1330
1331         cp = hci_sent_cmd_data(hdev, HCI_OP_REMOTE_NAME_REQ);
1332         if (!cp)
1333                 return;
1334
1335         hci_dev_lock(hdev);
1336
1337         conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1338
1339         if (test_bit(HCI_MGMT, &hdev->dev_flags))
1340                 hci_check_pending_name(hdev, conn, &cp->bdaddr, NULL, 0);
1341
1342         if (!conn)
1343                 goto unlock;
1344
1345         if (!hci_outgoing_auth_needed(hdev, conn))
1346                 goto unlock;
1347
1348         if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
1349                 struct hci_cp_auth_requested cp;
1350                 cp.handle = __cpu_to_le16(conn->handle);
1351                 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp);
1352         }
1353
1354 unlock:
1355         hci_dev_unlock(hdev);
1356 }
1357
1358 static void hci_cs_read_remote_features(struct hci_dev *hdev, __u8 status)
1359 {
1360         struct hci_cp_read_remote_features *cp;
1361         struct hci_conn *conn;
1362
1363         BT_DBG("%s status 0x%2.2x", hdev->name, status);
1364
1365         if (!status)
1366                 return;
1367
1368         cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_FEATURES);
1369         if (!cp)
1370                 return;
1371
1372         hci_dev_lock(hdev);
1373
1374         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1375         if (conn) {
1376                 if (conn->state == BT_CONFIG) {
1377                         hci_proto_connect_cfm(conn, status);
1378                         hci_conn_drop(conn);
1379                 }
1380         }
1381
1382         hci_dev_unlock(hdev);
1383 }
1384
1385 static void hci_cs_read_remote_ext_features(struct hci_dev *hdev, __u8 status)
1386 {
1387         struct hci_cp_read_remote_ext_features *cp;
1388         struct hci_conn *conn;
1389
1390         BT_DBG("%s status 0x%2.2x", hdev->name, status);
1391
1392         if (!status)
1393                 return;
1394
1395         cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES);
1396         if (!cp)
1397                 return;
1398
1399         hci_dev_lock(hdev);
1400
1401         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1402         if (conn) {
1403                 if (conn->state == BT_CONFIG) {
1404                         hci_proto_connect_cfm(conn, status);
1405                         hci_conn_drop(conn);
1406                 }
1407         }
1408
1409         hci_dev_unlock(hdev);
1410 }
1411
1412 static void hci_cs_setup_sync_conn(struct hci_dev *hdev, __u8 status)
1413 {
1414         struct hci_cp_setup_sync_conn *cp;
1415         struct hci_conn *acl, *sco;
1416         __u16 handle;
1417
1418         BT_DBG("%s status 0x%2.2x", hdev->name, status);
1419
1420         if (!status)
1421                 return;
1422
1423         cp = hci_sent_cmd_data(hdev, HCI_OP_SETUP_SYNC_CONN);
1424         if (!cp)
1425                 return;
1426
1427         handle = __le16_to_cpu(cp->handle);
1428
1429         BT_DBG("%s handle 0x%4.4x", hdev->name, handle);
1430
1431         hci_dev_lock(hdev);
1432
1433         acl = hci_conn_hash_lookup_handle(hdev, handle);
1434         if (acl) {
1435                 sco = acl->link;
1436                 if (sco) {
1437                         sco->state = BT_CLOSED;
1438
1439                         hci_proto_connect_cfm(sco, status);
1440                         hci_conn_del(sco);
1441                 }
1442         }
1443
1444         hci_dev_unlock(hdev);
1445 }
1446
1447 static void hci_cs_sniff_mode(struct hci_dev *hdev, __u8 status)
1448 {
1449         struct hci_cp_sniff_mode *cp;
1450         struct hci_conn *conn;
1451
1452         BT_DBG("%s status 0x%2.2x", hdev->name, status);
1453
1454         if (!status)
1455                 return;
1456
1457         cp = hci_sent_cmd_data(hdev, HCI_OP_SNIFF_MODE);
1458         if (!cp)
1459                 return;
1460
1461         hci_dev_lock(hdev);
1462
1463         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1464         if (conn) {
1465                 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags);
1466
1467                 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
1468                         hci_sco_setup(conn, status);
1469         }
1470
1471         hci_dev_unlock(hdev);
1472 }
1473
1474 static void hci_cs_exit_sniff_mode(struct hci_dev *hdev, __u8 status)
1475 {
1476         struct hci_cp_exit_sniff_mode *cp;
1477         struct hci_conn *conn;
1478
1479         BT_DBG("%s status 0x%2.2x", hdev->name, status);
1480
1481         if (!status)
1482                 return;
1483
1484         cp = hci_sent_cmd_data(hdev, HCI_OP_EXIT_SNIFF_MODE);
1485         if (!cp)
1486                 return;
1487
1488         hci_dev_lock(hdev);
1489
1490         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1491         if (conn) {
1492                 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags);
1493
1494                 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
1495                         hci_sco_setup(conn, status);
1496         }
1497
1498         hci_dev_unlock(hdev);
1499 }
1500
1501 static void hci_cs_disconnect(struct hci_dev *hdev, u8 status)
1502 {
1503         struct hci_cp_disconnect *cp;
1504         struct hci_conn *conn;
1505
1506         if (!status)
1507                 return;
1508
1509         cp = hci_sent_cmd_data(hdev, HCI_OP_DISCONNECT);
1510         if (!cp)
1511                 return;
1512
1513         hci_dev_lock(hdev);
1514
1515         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1516         if (conn)
1517                 mgmt_disconnect_failed(hdev, &conn->dst, conn->type,
1518                                        conn->dst_type, status);
1519
1520         hci_dev_unlock(hdev);
1521 }
1522
1523 static void hci_cs_le_create_conn(struct hci_dev *hdev, __u8 status)
1524 {
1525         struct hci_conn *conn;
1526
1527         BT_DBG("%s status 0x%2.2x", hdev->name, status);
1528
1529         if (status) {
1530                 hci_dev_lock(hdev);
1531
1532                 conn = hci_conn_hash_lookup_state(hdev, LE_LINK, BT_CONNECT);
1533                 if (!conn) {
1534                         hci_dev_unlock(hdev);
1535                         return;
1536                 }
1537
1538                 BT_DBG("%s bdaddr %pMR conn %p", hdev->name, &conn->dst, conn);
1539
1540                 conn->state = BT_CLOSED;
1541                 mgmt_connect_failed(hdev, &conn->dst, conn->type,
1542                                     conn->dst_type, status);
1543                 hci_proto_connect_cfm(conn, status);
1544                 hci_conn_del(conn);
1545
1546                 hci_dev_unlock(hdev);
1547         }
1548 }
1549
1550 static void hci_cs_create_phylink(struct hci_dev *hdev, u8 status)
1551 {
1552         struct hci_cp_create_phy_link *cp;
1553
1554         BT_DBG("%s status 0x%2.2x", hdev->name, status);
1555
1556         cp = hci_sent_cmd_data(hdev, HCI_OP_CREATE_PHY_LINK);
1557         if (!cp)
1558                 return;
1559
1560         hci_dev_lock(hdev);
1561
1562         if (status) {
1563                 struct hci_conn *hcon;
1564
1565                 hcon = hci_conn_hash_lookup_handle(hdev, cp->phy_handle);
1566                 if (hcon)
1567                         hci_conn_del(hcon);
1568         } else {
1569                 amp_write_remote_assoc(hdev, cp->phy_handle);
1570         }
1571
1572         hci_dev_unlock(hdev);
1573 }
1574
1575 static void hci_cs_accept_phylink(struct hci_dev *hdev, u8 status)
1576 {
1577         struct hci_cp_accept_phy_link *cp;
1578
1579         BT_DBG("%s status 0x%2.2x", hdev->name, status);
1580
1581         if (status)
1582                 return;
1583
1584         cp = hci_sent_cmd_data(hdev, HCI_OP_ACCEPT_PHY_LINK);
1585         if (!cp)
1586                 return;
1587
1588         amp_write_remote_assoc(hdev, cp->phy_handle);
1589 }
1590
1591 static void hci_inquiry_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1592 {
1593         __u8 status = *((__u8 *) skb->data);
1594         struct discovery_state *discov = &hdev->discovery;
1595         struct inquiry_entry *e;
1596
1597         BT_DBG("%s status 0x%2.2x", hdev->name, status);
1598
1599         hci_conn_check_pending(hdev);
1600
1601         if (!test_and_clear_bit(HCI_INQUIRY, &hdev->flags))
1602                 return;
1603
1604         smp_mb__after_clear_bit(); /* wake_up_bit advises about this barrier */
1605         wake_up_bit(&hdev->flags, HCI_INQUIRY);
1606
1607         if (!test_bit(HCI_MGMT, &hdev->dev_flags))
1608                 return;
1609
1610         hci_dev_lock(hdev);
1611
1612         if (discov->state != DISCOVERY_FINDING)
1613                 goto unlock;
1614
1615         if (list_empty(&discov->resolve)) {
1616                 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1617                 goto unlock;
1618         }
1619
1620         e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_NEEDED);
1621         if (e && hci_resolve_name(hdev, e) == 0) {
1622                 e->name_state = NAME_PENDING;
1623                 hci_discovery_set_state(hdev, DISCOVERY_RESOLVING);
1624         } else {
1625                 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1626         }
1627
1628 unlock:
1629         hci_dev_unlock(hdev);
1630 }
1631
1632 static void hci_inquiry_result_evt(struct hci_dev *hdev, struct sk_buff *skb)
1633 {
1634         struct inquiry_data data;
1635         struct inquiry_info *info = (void *) (skb->data + 1);
1636         int num_rsp = *((__u8 *) skb->data);
1637
1638         BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
1639
1640         if (!num_rsp)
1641                 return;
1642
1643         if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags))
1644                 return;
1645
1646         hci_dev_lock(hdev);
1647
1648         for (; num_rsp; num_rsp--, info++) {
1649                 bool name_known, ssp;
1650
1651                 bacpy(&data.bdaddr, &info->bdaddr);
1652                 data.pscan_rep_mode     = info->pscan_rep_mode;
1653                 data.pscan_period_mode  = info->pscan_period_mode;
1654                 data.pscan_mode         = info->pscan_mode;
1655                 memcpy(data.dev_class, info->dev_class, 3);
1656                 data.clock_offset       = info->clock_offset;
1657                 data.rssi               = 0x00;
1658                 data.ssp_mode           = 0x00;
1659
1660                 name_known = hci_inquiry_cache_update(hdev, &data, false, &ssp);
1661                 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
1662                                   info->dev_class, 0, !name_known, ssp, NULL,
1663                                   0);
1664         }
1665
1666         hci_dev_unlock(hdev);
1667 }
1668
1669 static void hci_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1670 {
1671         struct hci_ev_conn_complete *ev = (void *) skb->data;
1672         struct hci_conn *conn;
1673
1674         BT_DBG("%s", hdev->name);
1675
1676         hci_dev_lock(hdev);
1677
1678         conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
1679         if (!conn) {
1680                 if (ev->link_type != SCO_LINK)
1681                         goto unlock;
1682
1683                 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
1684                 if (!conn)
1685                         goto unlock;
1686
1687                 conn->type = SCO_LINK;
1688         }
1689
1690         if (!ev->status) {
1691                 conn->handle = __le16_to_cpu(ev->handle);
1692
1693                 if (conn->type == ACL_LINK) {
1694                         conn->state = BT_CONFIG;
1695                         hci_conn_hold(conn);
1696
1697                         if (!conn->out && !hci_conn_ssp_enabled(conn) &&
1698                             !hci_find_link_key(hdev, &ev->bdaddr))
1699                                 conn->disc_timeout = HCI_PAIRING_TIMEOUT;
1700                         else
1701                                 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
1702                 } else
1703                         conn->state = BT_CONNECTED;
1704
1705                 hci_conn_add_sysfs(conn);
1706
1707                 if (test_bit(HCI_AUTH, &hdev->flags))
1708                         conn->link_mode |= HCI_LM_AUTH;
1709
1710                 if (test_bit(HCI_ENCRYPT, &hdev->flags))
1711                         conn->link_mode |= HCI_LM_ENCRYPT;
1712
1713                 /* Get remote features */
1714                 if (conn->type == ACL_LINK) {
1715                         struct hci_cp_read_remote_features cp;
1716                         cp.handle = ev->handle;
1717                         hci_send_cmd(hdev, HCI_OP_READ_REMOTE_FEATURES,
1718                                      sizeof(cp), &cp);
1719                 }
1720
1721                 /* Set packet type for incoming connection */
1722                 if (!conn->out && hdev->hci_ver < BLUETOOTH_VER_2_0) {
1723                         struct hci_cp_change_conn_ptype cp;
1724                         cp.handle = ev->handle;
1725                         cp.pkt_type = cpu_to_le16(conn->pkt_type);
1726                         hci_send_cmd(hdev, HCI_OP_CHANGE_CONN_PTYPE, sizeof(cp),
1727                                      &cp);
1728                 }
1729         } else {
1730                 conn->state = BT_CLOSED;
1731                 if (conn->type == ACL_LINK)
1732                         mgmt_connect_failed(hdev, &ev->bdaddr, conn->type,
1733                                             conn->dst_type, ev->status);
1734         }
1735
1736         if (conn->type == ACL_LINK)
1737                 hci_sco_setup(conn, ev->status);
1738
1739         if (ev->status) {
1740                 hci_proto_connect_cfm(conn, ev->status);
1741                 hci_conn_del(conn);
1742         } else if (ev->link_type != ACL_LINK)
1743                 hci_proto_connect_cfm(conn, ev->status);
1744
1745 unlock:
1746         hci_dev_unlock(hdev);
1747
1748         hci_conn_check_pending(hdev);
1749 }
1750
1751 static void hci_conn_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
1752 {
1753         struct hci_ev_conn_request *ev = (void *) skb->data;
1754         int mask = hdev->link_mode;
1755         __u8 flags = 0;
1756
1757         BT_DBG("%s bdaddr %pMR type 0x%x", hdev->name, &ev->bdaddr,
1758                ev->link_type);
1759
1760         mask |= hci_proto_connect_ind(hdev, &ev->bdaddr, ev->link_type,
1761                                       &flags);
1762
1763         if ((mask & HCI_LM_ACCEPT) &&
1764             !hci_blacklist_lookup(hdev, &ev->bdaddr)) {
1765                 /* Connection accepted */
1766                 struct inquiry_entry *ie;
1767                 struct hci_conn *conn;
1768
1769                 hci_dev_lock(hdev);
1770
1771                 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
1772                 if (ie)
1773                         memcpy(ie->data.dev_class, ev->dev_class, 3);
1774
1775                 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type,
1776                                                &ev->bdaddr);
1777                 if (!conn) {
1778                         conn = hci_conn_add(hdev, ev->link_type, &ev->bdaddr);
1779                         if (!conn) {
1780                                 BT_ERR("No memory for new connection");
1781                                 hci_dev_unlock(hdev);
1782                                 return;
1783                         }
1784                 }
1785
1786                 memcpy(conn->dev_class, ev->dev_class, 3);
1787
1788                 hci_dev_unlock(hdev);
1789
1790                 if (ev->link_type == ACL_LINK ||
1791                     (!(flags & HCI_PROTO_DEFER) && !lmp_esco_capable(hdev))) {
1792                         struct hci_cp_accept_conn_req cp;
1793                         conn->state = BT_CONNECT;
1794
1795                         bacpy(&cp.bdaddr, &ev->bdaddr);
1796
1797                         if (lmp_rswitch_capable(hdev) && (mask & HCI_LM_MASTER))
1798                                 cp.role = 0x00; /* Become master */
1799                         else
1800                                 cp.role = 0x01; /* Remain slave */
1801
1802                         hci_send_cmd(hdev, HCI_OP_ACCEPT_CONN_REQ, sizeof(cp),
1803                                      &cp);
1804                 } else if (!(flags & HCI_PROTO_DEFER)) {
1805                         struct hci_cp_accept_sync_conn_req cp;
1806                         conn->state = BT_CONNECT;
1807
1808                         bacpy(&cp.bdaddr, &ev->bdaddr);
1809                         cp.pkt_type = cpu_to_le16(conn->pkt_type);
1810
1811                         cp.tx_bandwidth   = __constant_cpu_to_le32(0x00001f40);
1812                         cp.rx_bandwidth   = __constant_cpu_to_le32(0x00001f40);
1813                         cp.max_latency    = __constant_cpu_to_le16(0xffff);
1814                         cp.content_format = cpu_to_le16(hdev->voice_setting);
1815                         cp.retrans_effort = 0xff;
1816
1817                         hci_send_cmd(hdev, HCI_OP_ACCEPT_SYNC_CONN_REQ,
1818                                      sizeof(cp), &cp);
1819                 } else {
1820                         conn->state = BT_CONNECT2;
1821                         hci_proto_connect_cfm(conn, 0);
1822                 }
1823         } else {
1824                 /* Connection rejected */
1825                 struct hci_cp_reject_conn_req cp;
1826
1827                 bacpy(&cp.bdaddr, &ev->bdaddr);
1828                 cp.reason = HCI_ERROR_REJ_BAD_ADDR;
1829                 hci_send_cmd(hdev, HCI_OP_REJECT_CONN_REQ, sizeof(cp), &cp);
1830         }
1831 }
1832
1833 static u8 hci_to_mgmt_reason(u8 err)
1834 {
1835         switch (err) {
1836         case HCI_ERROR_CONNECTION_TIMEOUT:
1837                 return MGMT_DEV_DISCONN_TIMEOUT;
1838         case HCI_ERROR_REMOTE_USER_TERM:
1839         case HCI_ERROR_REMOTE_LOW_RESOURCES:
1840         case HCI_ERROR_REMOTE_POWER_OFF:
1841                 return MGMT_DEV_DISCONN_REMOTE;
1842         case HCI_ERROR_LOCAL_HOST_TERM:
1843                 return MGMT_DEV_DISCONN_LOCAL_HOST;
1844         default:
1845                 return MGMT_DEV_DISCONN_UNKNOWN;
1846         }
1847 }
1848
1849 static void hci_disconn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1850 {
1851         struct hci_ev_disconn_complete *ev = (void *) skb->data;
1852         struct hci_conn *conn;
1853
1854         BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
1855
1856         hci_dev_lock(hdev);
1857
1858         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1859         if (!conn)
1860                 goto unlock;
1861
1862         if (ev->status == 0)
1863                 conn->state = BT_CLOSED;
1864
1865         if (test_and_clear_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags) &&
1866             (conn->type == ACL_LINK || conn->type == LE_LINK)) {
1867                 if (ev->status) {
1868                         mgmt_disconnect_failed(hdev, &conn->dst, conn->type,
1869                                                conn->dst_type, ev->status);
1870                 } else {
1871                         u8 reason = hci_to_mgmt_reason(ev->reason);
1872
1873                         mgmt_device_disconnected(hdev, &conn->dst, conn->type,
1874                                                  conn->dst_type, reason);
1875                 }
1876         }
1877
1878         if (ev->status == 0) {
1879                 if (conn->type == ACL_LINK && conn->flush_key)
1880                         hci_remove_link_key(hdev, &conn->dst);
1881                 hci_proto_disconn_cfm(conn, ev->reason);
1882                 hci_conn_del(conn);
1883         }
1884
1885 unlock:
1886         hci_dev_unlock(hdev);
1887 }
1888
1889 static void hci_auth_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1890 {
1891         struct hci_ev_auth_complete *ev = (void *) skb->data;
1892         struct hci_conn *conn;
1893
1894         BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
1895
1896         hci_dev_lock(hdev);
1897
1898         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1899         if (!conn)
1900                 goto unlock;
1901
1902         if (!ev->status) {
1903                 if (!hci_conn_ssp_enabled(conn) &&
1904                     test_bit(HCI_CONN_REAUTH_PEND, &conn->flags)) {
1905                         BT_INFO("re-auth of legacy device is not possible.");
1906                 } else {
1907                         conn->link_mode |= HCI_LM_AUTH;
1908                         conn->sec_level = conn->pending_sec_level;
1909                 }
1910         } else {
1911                 mgmt_auth_failed(hdev, &conn->dst, conn->type, conn->dst_type,
1912                                  ev->status);
1913         }
1914
1915         clear_bit(HCI_CONN_AUTH_PEND, &conn->flags);
1916         clear_bit(HCI_CONN_REAUTH_PEND, &conn->flags);
1917
1918         if (conn->state == BT_CONFIG) {
1919                 if (!ev->status && hci_conn_ssp_enabled(conn)) {
1920                         struct hci_cp_set_conn_encrypt cp;
1921                         cp.handle  = ev->handle;
1922                         cp.encrypt = 0x01;
1923                         hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
1924                                      &cp);
1925                 } else {
1926                         conn->state = BT_CONNECTED;
1927                         hci_proto_connect_cfm(conn, ev->status);
1928                         hci_conn_drop(conn);
1929                 }
1930         } else {
1931                 hci_auth_cfm(conn, ev->status);
1932
1933                 hci_conn_hold(conn);
1934                 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
1935                 hci_conn_drop(conn);
1936         }
1937
1938         if (test_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags)) {
1939                 if (!ev->status) {
1940                         struct hci_cp_set_conn_encrypt cp;
1941                         cp.handle  = ev->handle;
1942                         cp.encrypt = 0x01;
1943                         hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
1944                                      &cp);
1945                 } else {
1946                         clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
1947                         hci_encrypt_cfm(conn, ev->status, 0x00);
1948                 }
1949         }
1950
1951 unlock:
1952         hci_dev_unlock(hdev);
1953 }
1954
1955 static void hci_remote_name_evt(struct hci_dev *hdev, struct sk_buff *skb)
1956 {
1957         struct hci_ev_remote_name *ev = (void *) skb->data;
1958         struct hci_conn *conn;
1959
1960         BT_DBG("%s", hdev->name);
1961
1962         hci_conn_check_pending(hdev);
1963
1964         hci_dev_lock(hdev);
1965
1966         conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
1967
1968         if (!test_bit(HCI_MGMT, &hdev->dev_flags))
1969                 goto check_auth;
1970
1971         if (ev->status == 0)
1972                 hci_check_pending_name(hdev, conn, &ev->bdaddr, ev->name,
1973                                        strnlen(ev->name, HCI_MAX_NAME_LENGTH));
1974         else
1975                 hci_check_pending_name(hdev, conn, &ev->bdaddr, NULL, 0);
1976
1977 check_auth:
1978         if (!conn)
1979                 goto unlock;
1980
1981         if (!hci_outgoing_auth_needed(hdev, conn))
1982                 goto unlock;
1983
1984         if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
1985                 struct hci_cp_auth_requested cp;
1986                 cp.handle = __cpu_to_le16(conn->handle);
1987                 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp);
1988         }
1989
1990 unlock:
1991         hci_dev_unlock(hdev);
1992 }
1993
1994 static void hci_encrypt_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
1995 {
1996         struct hci_ev_encrypt_change *ev = (void *) skb->data;
1997         struct hci_conn *conn;
1998
1999         BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2000
2001         hci_dev_lock(hdev);
2002
2003         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2004         if (conn) {
2005                 if (!ev->status) {
2006                         if (ev->encrypt) {
2007                                 /* Encryption implies authentication */
2008                                 conn->link_mode |= HCI_LM_AUTH;
2009                                 conn->link_mode |= HCI_LM_ENCRYPT;
2010                                 conn->sec_level = conn->pending_sec_level;
2011                         } else
2012                                 conn->link_mode &= ~HCI_LM_ENCRYPT;
2013                 }
2014
2015                 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
2016
2017                 if (ev->status && conn->state == BT_CONNECTED) {
2018                         hci_disconnect(conn, HCI_ERROR_AUTH_FAILURE);
2019                         hci_conn_drop(conn);
2020                         goto unlock;
2021                 }
2022
2023                 if (conn->state == BT_CONFIG) {
2024                         if (!ev->status)
2025                                 conn->state = BT_CONNECTED;
2026
2027                         hci_proto_connect_cfm(conn, ev->status);
2028                         hci_conn_drop(conn);
2029                 } else
2030                         hci_encrypt_cfm(conn, ev->status, ev->encrypt);
2031         }
2032
2033 unlock:
2034         hci_dev_unlock(hdev);
2035 }
2036
2037 static void hci_change_link_key_complete_evt(struct hci_dev *hdev,
2038                                              struct sk_buff *skb)
2039 {
2040         struct hci_ev_change_link_key_complete *ev = (void *) skb->data;
2041         struct hci_conn *conn;
2042
2043         BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2044
2045         hci_dev_lock(hdev);
2046
2047         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2048         if (conn) {
2049                 if (!ev->status)
2050                         conn->link_mode |= HCI_LM_SECURE;
2051
2052                 clear_bit(HCI_CONN_AUTH_PEND, &conn->flags);
2053
2054                 hci_key_change_cfm(conn, ev->status);
2055         }
2056
2057         hci_dev_unlock(hdev);
2058 }
2059
2060 static void hci_remote_features_evt(struct hci_dev *hdev,
2061                                     struct sk_buff *skb)
2062 {
2063         struct hci_ev_remote_features *ev = (void *) skb->data;
2064         struct hci_conn *conn;
2065
2066         BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2067
2068         hci_dev_lock(hdev);
2069
2070         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2071         if (!conn)
2072                 goto unlock;
2073
2074         if (!ev->status)
2075                 memcpy(conn->features[0], ev->features, 8);
2076
2077         if (conn->state != BT_CONFIG)
2078                 goto unlock;
2079
2080         if (!ev->status && lmp_ssp_capable(hdev) && lmp_ssp_capable(conn)) {
2081                 struct hci_cp_read_remote_ext_features cp;
2082                 cp.handle = ev->handle;
2083                 cp.page = 0x01;
2084                 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES,
2085                              sizeof(cp), &cp);
2086                 goto unlock;
2087         }
2088
2089         if (!ev->status && !test_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags)) {
2090                 struct hci_cp_remote_name_req cp;
2091                 memset(&cp, 0, sizeof(cp));
2092                 bacpy(&cp.bdaddr, &conn->dst);
2093                 cp.pscan_rep_mode = 0x02;
2094                 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
2095         } else if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
2096                 mgmt_device_connected(hdev, &conn->dst, conn->type,
2097                                       conn->dst_type, 0, NULL, 0,
2098                                       conn->dev_class);
2099
2100         if (!hci_outgoing_auth_needed(hdev, conn)) {
2101                 conn->state = BT_CONNECTED;
2102                 hci_proto_connect_cfm(conn, ev->status);
2103                 hci_conn_drop(conn);
2104         }
2105
2106 unlock:
2107         hci_dev_unlock(hdev);
2108 }
2109
2110 static void hci_cmd_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2111 {
2112         struct hci_ev_cmd_complete *ev = (void *) skb->data;
2113         u8 status = skb->data[sizeof(*ev)];
2114         __u16 opcode;
2115
2116         skb_pull(skb, sizeof(*ev));
2117
2118         opcode = __le16_to_cpu(ev->opcode);
2119
2120         switch (opcode) {
2121         case HCI_OP_INQUIRY_CANCEL:
2122                 hci_cc_inquiry_cancel(hdev, skb);
2123                 break;
2124
2125         case HCI_OP_PERIODIC_INQ:
2126                 hci_cc_periodic_inq(hdev, skb);
2127                 break;
2128
2129         case HCI_OP_EXIT_PERIODIC_INQ:
2130                 hci_cc_exit_periodic_inq(hdev, skb);
2131                 break;
2132
2133         case HCI_OP_REMOTE_NAME_REQ_CANCEL:
2134                 hci_cc_remote_name_req_cancel(hdev, skb);
2135                 break;
2136
2137         case HCI_OP_ROLE_DISCOVERY:
2138                 hci_cc_role_discovery(hdev, skb);
2139                 break;
2140
2141         case HCI_OP_READ_LINK_POLICY:
2142                 hci_cc_read_link_policy(hdev, skb);
2143                 break;
2144
2145         case HCI_OP_WRITE_LINK_POLICY:
2146                 hci_cc_write_link_policy(hdev, skb);
2147                 break;
2148
2149         case HCI_OP_READ_DEF_LINK_POLICY:
2150                 hci_cc_read_def_link_policy(hdev, skb);
2151                 break;
2152
2153         case HCI_OP_WRITE_DEF_LINK_POLICY:
2154                 hci_cc_write_def_link_policy(hdev, skb);
2155                 break;
2156
2157         case HCI_OP_RESET:
2158                 hci_cc_reset(hdev, skb);
2159                 break;
2160
2161         case HCI_OP_WRITE_LOCAL_NAME:
2162                 hci_cc_write_local_name(hdev, skb);
2163                 break;
2164
2165         case HCI_OP_READ_LOCAL_NAME:
2166                 hci_cc_read_local_name(hdev, skb);
2167                 break;
2168
2169         case HCI_OP_WRITE_AUTH_ENABLE:
2170                 hci_cc_write_auth_enable(hdev, skb);
2171                 break;
2172
2173         case HCI_OP_WRITE_ENCRYPT_MODE:
2174                 hci_cc_write_encrypt_mode(hdev, skb);
2175                 break;
2176
2177         case HCI_OP_WRITE_SCAN_ENABLE:
2178                 hci_cc_write_scan_enable(hdev, skb);
2179                 break;
2180
2181         case HCI_OP_READ_CLASS_OF_DEV:
2182                 hci_cc_read_class_of_dev(hdev, skb);
2183                 break;
2184
2185         case HCI_OP_WRITE_CLASS_OF_DEV:
2186                 hci_cc_write_class_of_dev(hdev, skb);
2187                 break;
2188
2189         case HCI_OP_READ_VOICE_SETTING:
2190                 hci_cc_read_voice_setting(hdev, skb);
2191                 break;
2192
2193         case HCI_OP_WRITE_VOICE_SETTING:
2194                 hci_cc_write_voice_setting(hdev, skb);
2195                 break;
2196
2197         case HCI_OP_WRITE_SSP_MODE:
2198                 hci_cc_write_ssp_mode(hdev, skb);
2199                 break;
2200
2201         case HCI_OP_READ_LOCAL_VERSION:
2202                 hci_cc_read_local_version(hdev, skb);
2203                 break;
2204
2205         case HCI_OP_READ_LOCAL_COMMANDS:
2206                 hci_cc_read_local_commands(hdev, skb);
2207                 break;
2208
2209         case HCI_OP_READ_LOCAL_FEATURES:
2210                 hci_cc_read_local_features(hdev, skb);
2211                 break;
2212
2213         case HCI_OP_READ_LOCAL_EXT_FEATURES:
2214                 hci_cc_read_local_ext_features(hdev, skb);
2215                 break;
2216
2217         case HCI_OP_READ_BUFFER_SIZE:
2218                 hci_cc_read_buffer_size(hdev, skb);
2219                 break;
2220
2221         case HCI_OP_READ_BD_ADDR:
2222                 hci_cc_read_bd_addr(hdev, skb);
2223                 break;
2224
2225         case HCI_OP_READ_PAGE_SCAN_ACTIVITY:
2226                 hci_cc_read_page_scan_activity(hdev, skb);
2227                 break;
2228
2229         case HCI_OP_WRITE_PAGE_SCAN_ACTIVITY:
2230                 hci_cc_write_page_scan_activity(hdev, skb);
2231                 break;
2232
2233         case HCI_OP_READ_PAGE_SCAN_TYPE:
2234                 hci_cc_read_page_scan_type(hdev, skb);
2235                 break;
2236
2237         case HCI_OP_WRITE_PAGE_SCAN_TYPE:
2238                 hci_cc_write_page_scan_type(hdev, skb);
2239                 break;
2240
2241         case HCI_OP_READ_DATA_BLOCK_SIZE:
2242                 hci_cc_read_data_block_size(hdev, skb);
2243                 break;
2244
2245         case HCI_OP_READ_FLOW_CONTROL_MODE:
2246                 hci_cc_read_flow_control_mode(hdev, skb);
2247                 break;
2248
2249         case HCI_OP_READ_LOCAL_AMP_INFO:
2250                 hci_cc_read_local_amp_info(hdev, skb);
2251                 break;
2252
2253         case HCI_OP_READ_LOCAL_AMP_ASSOC:
2254                 hci_cc_read_local_amp_assoc(hdev, skb);
2255                 break;
2256
2257         case HCI_OP_READ_INQ_RSP_TX_POWER:
2258                 hci_cc_read_inq_rsp_tx_power(hdev, skb);
2259                 break;
2260
2261         case HCI_OP_PIN_CODE_REPLY:
2262                 hci_cc_pin_code_reply(hdev, skb);
2263                 break;
2264
2265         case HCI_OP_PIN_CODE_NEG_REPLY:
2266                 hci_cc_pin_code_neg_reply(hdev, skb);
2267                 break;
2268
2269         case HCI_OP_READ_LOCAL_OOB_DATA:
2270                 hci_cc_read_local_oob_data_reply(hdev, skb);
2271                 break;
2272
2273         case HCI_OP_LE_READ_BUFFER_SIZE:
2274                 hci_cc_le_read_buffer_size(hdev, skb);
2275                 break;
2276
2277         case HCI_OP_LE_READ_LOCAL_FEATURES:
2278                 hci_cc_le_read_local_features(hdev, skb);
2279                 break;
2280
2281         case HCI_OP_LE_READ_ADV_TX_POWER:
2282                 hci_cc_le_read_adv_tx_power(hdev, skb);
2283                 break;
2284
2285         case HCI_OP_USER_CONFIRM_REPLY:
2286                 hci_cc_user_confirm_reply(hdev, skb);
2287                 break;
2288
2289         case HCI_OP_USER_CONFIRM_NEG_REPLY:
2290                 hci_cc_user_confirm_neg_reply(hdev, skb);
2291                 break;
2292
2293         case HCI_OP_USER_PASSKEY_REPLY:
2294                 hci_cc_user_passkey_reply(hdev, skb);
2295                 break;
2296
2297         case HCI_OP_USER_PASSKEY_NEG_REPLY:
2298                 hci_cc_user_passkey_neg_reply(hdev, skb);
2299                 break;
2300
2301         case HCI_OP_LE_SET_SCAN_PARAM:
2302                 hci_cc_le_set_scan_param(hdev, skb);
2303                 break;
2304
2305         case HCI_OP_LE_SET_ADV_ENABLE:
2306                 hci_cc_le_set_adv_enable(hdev, skb);
2307                 break;
2308
2309         case HCI_OP_LE_SET_SCAN_ENABLE:
2310                 hci_cc_le_set_scan_enable(hdev, skb);
2311                 break;
2312
2313         case HCI_OP_LE_READ_WHITE_LIST_SIZE:
2314                 hci_cc_le_read_white_list_size(hdev, skb);
2315                 break;
2316
2317         case HCI_OP_LE_READ_SUPPORTED_STATES:
2318                 hci_cc_le_read_supported_states(hdev, skb);
2319                 break;
2320
2321         case HCI_OP_WRITE_LE_HOST_SUPPORTED:
2322                 hci_cc_write_le_host_supported(hdev, skb);
2323                 break;
2324
2325         case HCI_OP_WRITE_REMOTE_AMP_ASSOC:
2326                 hci_cc_write_remote_amp_assoc(hdev, skb);
2327                 break;
2328
2329         default:
2330                 BT_DBG("%s opcode 0x%4.4x", hdev->name, opcode);
2331                 break;
2332         }
2333
2334         if (opcode != HCI_OP_NOP)
2335                 del_timer(&hdev->cmd_timer);
2336
2337         hci_req_cmd_complete(hdev, opcode, status);
2338
2339         if (ev->ncmd && !test_bit(HCI_RESET, &hdev->flags)) {
2340                 atomic_set(&hdev->cmd_cnt, 1);
2341                 if (!skb_queue_empty(&hdev->cmd_q))
2342                         queue_work(hdev->workqueue, &hdev->cmd_work);
2343         }
2344 }
2345
2346 static void hci_cmd_status_evt(struct hci_dev *hdev, struct sk_buff *skb)
2347 {
2348         struct hci_ev_cmd_status *ev = (void *) skb->data;
2349         __u16 opcode;
2350
2351         skb_pull(skb, sizeof(*ev));
2352
2353         opcode = __le16_to_cpu(ev->opcode);
2354
2355         switch (opcode) {
2356         case HCI_OP_INQUIRY:
2357                 hci_cs_inquiry(hdev, ev->status);
2358                 break;
2359
2360         case HCI_OP_CREATE_CONN:
2361                 hci_cs_create_conn(hdev, ev->status);
2362                 break;
2363
2364         case HCI_OP_ADD_SCO:
2365                 hci_cs_add_sco(hdev, ev->status);
2366                 break;
2367
2368         case HCI_OP_AUTH_REQUESTED:
2369                 hci_cs_auth_requested(hdev, ev->status);
2370                 break;
2371
2372         case HCI_OP_SET_CONN_ENCRYPT:
2373                 hci_cs_set_conn_encrypt(hdev, ev->status);
2374                 break;
2375
2376         case HCI_OP_REMOTE_NAME_REQ:
2377                 hci_cs_remote_name_req(hdev, ev->status);
2378                 break;
2379
2380         case HCI_OP_READ_REMOTE_FEATURES:
2381                 hci_cs_read_remote_features(hdev, ev->status);
2382                 break;
2383
2384         case HCI_OP_READ_REMOTE_EXT_FEATURES:
2385                 hci_cs_read_remote_ext_features(hdev, ev->status);
2386                 break;
2387
2388         case HCI_OP_SETUP_SYNC_CONN:
2389                 hci_cs_setup_sync_conn(hdev, ev->status);
2390                 break;
2391
2392         case HCI_OP_SNIFF_MODE:
2393                 hci_cs_sniff_mode(hdev, ev->status);
2394                 break;
2395
2396         case HCI_OP_EXIT_SNIFF_MODE:
2397                 hci_cs_exit_sniff_mode(hdev, ev->status);
2398                 break;
2399
2400         case HCI_OP_DISCONNECT:
2401                 hci_cs_disconnect(hdev, ev->status);
2402                 break;
2403
2404         case HCI_OP_LE_CREATE_CONN:
2405                 hci_cs_le_create_conn(hdev, ev->status);
2406                 break;
2407
2408         case HCI_OP_CREATE_PHY_LINK:
2409                 hci_cs_create_phylink(hdev, ev->status);
2410                 break;
2411
2412         case HCI_OP_ACCEPT_PHY_LINK:
2413                 hci_cs_accept_phylink(hdev, ev->status);
2414                 break;
2415
2416         default:
2417                 BT_DBG("%s opcode 0x%4.4x", hdev->name, opcode);
2418                 break;
2419         }
2420
2421         if (opcode != HCI_OP_NOP)
2422                 del_timer(&hdev->cmd_timer);
2423
2424         if (ev->status ||
2425             (hdev->sent_cmd && !bt_cb(hdev->sent_cmd)->req.event))
2426                 hci_req_cmd_complete(hdev, opcode, ev->status);
2427
2428         if (ev->ncmd && !test_bit(HCI_RESET, &hdev->flags)) {
2429                 atomic_set(&hdev->cmd_cnt, 1);
2430                 if (!skb_queue_empty(&hdev->cmd_q))
2431                         queue_work(hdev->workqueue, &hdev->cmd_work);
2432         }
2433 }
2434
2435 static void hci_role_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2436 {
2437         struct hci_ev_role_change *ev = (void *) skb->data;
2438         struct hci_conn *conn;
2439
2440         BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2441
2442         hci_dev_lock(hdev);
2443
2444         conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2445         if (conn) {
2446                 if (!ev->status) {
2447                         if (ev->role)
2448                                 conn->link_mode &= ~HCI_LM_MASTER;
2449                         else
2450                                 conn->link_mode |= HCI_LM_MASTER;
2451                 }
2452
2453                 clear_bit(HCI_CONN_RSWITCH_PEND, &conn->flags);
2454
2455                 hci_role_switch_cfm(conn, ev->status, ev->role);
2456         }
2457
2458         hci_dev_unlock(hdev);
2459 }
2460
2461 static void hci_num_comp_pkts_evt(struct hci_dev *hdev, struct sk_buff *skb)
2462 {
2463         struct hci_ev_num_comp_pkts *ev = (void *) skb->data;
2464         int i;
2465
2466         if (hdev->flow_ctl_mode != HCI_FLOW_CTL_MODE_PACKET_BASED) {
2467                 BT_ERR("Wrong event for mode %d", hdev->flow_ctl_mode);
2468                 return;
2469         }
2470
2471         if (skb->len < sizeof(*ev) || skb->len < sizeof(*ev) +
2472             ev->num_hndl * sizeof(struct hci_comp_pkts_info)) {
2473                 BT_DBG("%s bad parameters", hdev->name);
2474                 return;
2475         }
2476
2477         BT_DBG("%s num_hndl %d", hdev->name, ev->num_hndl);
2478
2479         for (i = 0; i < ev->num_hndl; i++) {
2480                 struct hci_comp_pkts_info *info = &ev->handles[i];
2481                 struct hci_conn *conn;
2482                 __u16  handle, count;
2483
2484                 handle = __le16_to_cpu(info->handle);
2485                 count  = __le16_to_cpu(info->count);
2486
2487                 conn = hci_conn_hash_lookup_handle(hdev, handle);
2488                 if (!conn)
2489                         continue;
2490
2491                 conn->sent -= count;
2492
2493                 switch (conn->type) {
2494                 case ACL_LINK:
2495                         hdev->acl_cnt += count;
2496                         if (hdev->acl_cnt > hdev->acl_pkts)
2497                                 hdev->acl_cnt = hdev->acl_pkts;
2498                         break;
2499
2500                 case LE_LINK:
2501                         if (hdev->le_pkts) {
2502                                 hdev->le_cnt += count;
2503                                 if (hdev->le_cnt > hdev->le_pkts)
2504                                         hdev->le_cnt = hdev->le_pkts;
2505                         } else {
2506                                 hdev->acl_cnt += count;
2507                                 if (hdev->acl_cnt > hdev->acl_pkts)
2508                                         hdev->acl_cnt = hdev->acl_pkts;
2509                         }
2510                         break;
2511
2512                 case SCO_LINK:
2513                         hdev->sco_cnt += count;
2514                         if (hdev->sco_cnt > hdev->sco_pkts)
2515                                 hdev->sco_cnt = hdev->sco_pkts;
2516                         break;
2517
2518                 default:
2519                         BT_ERR("Unknown type %d conn %p", conn->type, conn);
2520                         break;
2521                 }
2522         }
2523
2524         queue_work(hdev->workqueue, &hdev->tx_work);
2525 }
2526
2527 static struct hci_conn *__hci_conn_lookup_handle(struct hci_dev *hdev,
2528                                                  __u16 handle)
2529 {
2530         struct hci_chan *chan;
2531
2532         switch (hdev->dev_type) {
2533         case HCI_BREDR:
2534                 return hci_conn_hash_lookup_handle(hdev, handle);
2535         case HCI_AMP:
2536                 chan = hci_chan_lookup_handle(hdev, handle);
2537                 if (chan)
2538                         return chan->conn;
2539                 break;
2540         default:
2541                 BT_ERR("%s unknown dev_type %d", hdev->name, hdev->dev_type);
2542                 break;
2543         }
2544
2545         return NULL;
2546 }
2547
2548 static void hci_num_comp_blocks_evt(struct hci_dev *hdev, struct sk_buff *skb)
2549 {
2550         struct hci_ev_num_comp_blocks *ev = (void *) skb->data;
2551         int i;
2552
2553         if (hdev->flow_ctl_mode != HCI_FLOW_CTL_MODE_BLOCK_BASED) {
2554                 BT_ERR("Wrong event for mode %d", hdev->flow_ctl_mode);
2555                 return;
2556         }
2557
2558         if (skb->len < sizeof(*ev) || skb->len < sizeof(*ev) +
2559             ev->num_hndl * sizeof(struct hci_comp_blocks_info)) {
2560                 BT_DBG("%s bad parameters", hdev->name);
2561                 return;
2562         }
2563
2564         BT_DBG("%s num_blocks %d num_hndl %d", hdev->name, ev->num_blocks,
2565                ev->num_hndl);
2566
2567         for (i = 0; i < ev->num_hndl; i++) {
2568                 struct hci_comp_blocks_info *info = &ev->handles[i];
2569                 struct hci_conn *conn = NULL;
2570                 __u16  handle, block_count;
2571
2572                 handle = __le16_to_cpu(info->handle);
2573                 block_count = __le16_to_cpu(info->blocks);
2574
2575                 conn = __hci_conn_lookup_handle(hdev, handle);
2576                 if (!conn)
2577                         continue;
2578
2579                 conn->sent -= block_count;
2580
2581                 switch (conn->type) {
2582                 case ACL_LINK:
2583                 case AMP_LINK:
2584                         hdev->block_cnt += block_count;
2585                         if (hdev->block_cnt > hdev->num_blocks)
2586                                 hdev->block_cnt = hdev->num_blocks;
2587                         break;
2588
2589                 default:
2590                         BT_ERR("Unknown type %d conn %p", conn->type, conn);
2591                         break;
2592                 }
2593         }
2594
2595         queue_work(hdev->workqueue, &hdev->tx_work);
2596 }
2597
2598 static void hci_mode_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2599 {
2600         struct hci_ev_mode_change *ev = (void *) skb->data;
2601         struct hci_conn *conn;
2602
2603         BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2604
2605         hci_dev_lock(hdev);
2606
2607         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2608         if (conn) {
2609                 conn->mode = ev->mode;
2610                 conn->interval = __le16_to_cpu(ev->interval);
2611
2612                 if (!test_and_clear_bit(HCI_CONN_MODE_CHANGE_PEND,
2613                                         &conn->flags)) {
2614                         if (conn->mode == HCI_CM_ACTIVE)
2615                                 set_bit(HCI_CONN_POWER_SAVE, &conn->flags);
2616                         else
2617                                 clear_bit(HCI_CONN_POWER_SAVE, &conn->flags);
2618                 }
2619
2620                 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
2621                         hci_sco_setup(conn, ev->status);
2622         }
2623
2624         hci_dev_unlock(hdev);
2625 }
2626
2627 static void hci_pin_code_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
2628 {
2629         struct hci_ev_pin_code_req *ev = (void *) skb->data;
2630         struct hci_conn *conn;
2631
2632         BT_DBG("%s", hdev->name);
2633
2634         hci_dev_lock(hdev);
2635
2636         conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2637         if (!conn)
2638                 goto unlock;
2639
2640         if (conn->state == BT_CONNECTED) {
2641                 hci_conn_hold(conn);
2642                 conn->disc_timeout = HCI_PAIRING_TIMEOUT;
2643                 hci_conn_drop(conn);
2644         }
2645
2646         if (!test_bit(HCI_PAIRABLE, &hdev->dev_flags))
2647                 hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
2648                              sizeof(ev->bdaddr), &ev->bdaddr);
2649         else if (test_bit(HCI_MGMT, &hdev->dev_flags)) {
2650                 u8 secure;
2651
2652                 if (conn->pending_sec_level == BT_SECURITY_HIGH)
2653                         secure = 1;
2654                 else
2655                         secure = 0;
2656
2657                 mgmt_pin_code_request(hdev, &ev->bdaddr, secure);
2658         }
2659
2660 unlock:
2661         hci_dev_unlock(hdev);
2662 }
2663
2664 static void hci_link_key_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
2665 {
2666         struct hci_ev_link_key_req *ev = (void *) skb->data;
2667         struct hci_cp_link_key_reply cp;
2668         struct hci_conn *conn;
2669         struct link_key *key;
2670
2671         BT_DBG("%s", hdev->name);
2672
2673         if (!test_bit(HCI_LINK_KEYS, &hdev->dev_flags))
2674                 return;
2675
2676         hci_dev_lock(hdev);
2677
2678         key = hci_find_link_key(hdev, &ev->bdaddr);
2679         if (!key) {
2680                 BT_DBG("%s link key not found for %pMR", hdev->name,
2681                        &ev->bdaddr);
2682                 goto not_found;
2683         }
2684
2685         BT_DBG("%s found key type %u for %pMR", hdev->name, key->type,
2686                &ev->bdaddr);
2687
2688         if (!test_bit(HCI_DEBUG_KEYS, &hdev->dev_flags) &&
2689             key->type == HCI_LK_DEBUG_COMBINATION) {
2690                 BT_DBG("%s ignoring debug key", hdev->name);
2691                 goto not_found;
2692         }
2693
2694         conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2695         if (conn) {
2696                 if (key->type == HCI_LK_UNAUTH_COMBINATION &&
2697                     conn->auth_type != 0xff && (conn->auth_type & 0x01)) {
2698                         BT_DBG("%s ignoring unauthenticated key", hdev->name);
2699                         goto not_found;
2700                 }
2701
2702                 if (key->type == HCI_LK_COMBINATION && key->pin_len < 16 &&
2703                     conn->pending_sec_level == BT_SECURITY_HIGH) {
2704                         BT_DBG("%s ignoring key unauthenticated for high security",
2705                                hdev->name);
2706                         goto not_found;
2707                 }
2708
2709                 conn->key_type = key->type;
2710                 conn->pin_length = key->pin_len;
2711         }
2712
2713         bacpy(&cp.bdaddr, &ev->bdaddr);
2714         memcpy(cp.link_key, key->val, HCI_LINK_KEY_SIZE);
2715
2716         hci_send_cmd(hdev, HCI_OP_LINK_KEY_REPLY, sizeof(cp), &cp);
2717
2718         hci_dev_unlock(hdev);
2719
2720         return;
2721
2722 not_found:
2723         hci_send_cmd(hdev, HCI_OP_LINK_KEY_NEG_REPLY, 6, &ev->bdaddr);
2724         hci_dev_unlock(hdev);
2725 }
2726
2727 static void hci_link_key_notify_evt(struct hci_dev *hdev, struct sk_buff *skb)
2728 {
2729         struct hci_ev_link_key_notify *ev = (void *) skb->data;
2730         struct hci_conn *conn;
2731         u8 pin_len = 0;
2732
2733         BT_DBG("%s", hdev->name);
2734
2735         hci_dev_lock(hdev);
2736
2737         conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2738         if (conn) {
2739                 hci_conn_hold(conn);
2740                 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
2741                 pin_len = conn->pin_length;
2742
2743                 if (ev->key_type != HCI_LK_CHANGED_COMBINATION)
2744                         conn->key_type = ev->key_type;
2745
2746                 hci_conn_drop(conn);
2747         }
2748
2749         if (test_bit(HCI_LINK_KEYS, &hdev->dev_flags))
2750                 hci_add_link_key(hdev, conn, 1, &ev->bdaddr, ev->link_key,
2751                                  ev->key_type, pin_len);
2752
2753         hci_dev_unlock(hdev);
2754 }
2755
2756 static void hci_clock_offset_evt(struct hci_dev *hdev, struct sk_buff *skb)
2757 {
2758         struct hci_ev_clock_offset *ev = (void *) skb->data;
2759         struct hci_conn *conn;
2760
2761         BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2762
2763         hci_dev_lock(hdev);
2764
2765         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2766         if (conn && !ev->status) {
2767                 struct inquiry_entry *ie;
2768
2769                 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
2770                 if (ie) {
2771                         ie->data.clock_offset = ev->clock_offset;
2772                         ie->timestamp = jiffies;
2773                 }
2774         }
2775
2776         hci_dev_unlock(hdev);
2777 }
2778
2779 static void hci_pkt_type_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2780 {
2781         struct hci_ev_pkt_type_change *ev = (void *) skb->data;
2782         struct hci_conn *conn;
2783
2784         BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2785
2786         hci_dev_lock(hdev);
2787
2788         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2789         if (conn && !ev->status)
2790                 conn->pkt_type = __le16_to_cpu(ev->pkt_type);
2791
2792         hci_dev_unlock(hdev);
2793 }
2794
2795 static void hci_pscan_rep_mode_evt(struct hci_dev *hdev, struct sk_buff *skb)
2796 {
2797         struct hci_ev_pscan_rep_mode *ev = (void *) skb->data;
2798         struct inquiry_entry *ie;
2799
2800         BT_DBG("%s", hdev->name);
2801
2802         hci_dev_lock(hdev);
2803
2804         ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
2805         if (ie) {
2806                 ie->data.pscan_rep_mode = ev->pscan_rep_mode;
2807                 ie->timestamp = jiffies;
2808         }
2809
2810         hci_dev_unlock(hdev);
2811 }
2812
2813 static void hci_inquiry_result_with_rssi_evt(struct hci_dev *hdev,
2814                                              struct sk_buff *skb)
2815 {
2816         struct inquiry_data data;
2817         int num_rsp = *((__u8 *) skb->data);
2818         bool name_known, ssp;
2819
2820         BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
2821
2822         if (!num_rsp)
2823                 return;
2824
2825         if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags))
2826                 return;
2827
2828         hci_dev_lock(hdev);
2829
2830         if ((skb->len - 1) / num_rsp != sizeof(struct inquiry_info_with_rssi)) {
2831                 struct inquiry_info_with_rssi_and_pscan_mode *info;
2832                 info = (void *) (skb->data + 1);
2833
2834                 for (; num_rsp; num_rsp--, info++) {
2835                         bacpy(&data.bdaddr, &info->bdaddr);
2836                         data.pscan_rep_mode     = info->pscan_rep_mode;
2837                         data.pscan_period_mode  = info->pscan_period_mode;
2838                         data.pscan_mode         = info->pscan_mode;
2839                         memcpy(data.dev_class, info->dev_class, 3);
2840                         data.clock_offset       = info->clock_offset;
2841                         data.rssi               = info->rssi;
2842                         data.ssp_mode           = 0x00;
2843
2844                         name_known = hci_inquiry_cache_update(hdev, &data,
2845                                                               false, &ssp);
2846                         mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
2847                                           info->dev_class, info->rssi,
2848                                           !name_known, ssp, NULL, 0);
2849                 }
2850         } else {
2851                 struct inquiry_info_with_rssi *info = (void *) (skb->data + 1);
2852
2853                 for (; num_rsp; num_rsp--, info++) {
2854                         bacpy(&data.bdaddr, &info->bdaddr);
2855                         data.pscan_rep_mode     = info->pscan_rep_mode;
2856                         data.pscan_period_mode  = info->pscan_period_mode;
2857                         data.pscan_mode         = 0x00;
2858                         memcpy(data.dev_class, info->dev_class, 3);
2859                         data.clock_offset       = info->clock_offset;
2860                         data.rssi               = info->rssi;
2861                         data.ssp_mode           = 0x00;
2862                         name_known = hci_inquiry_cache_update(hdev, &data,
2863                                                               false, &ssp);
2864                         mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
2865                                           info->dev_class, info->rssi,
2866                                           !name_known, ssp, NULL, 0);
2867                 }
2868         }
2869
2870         hci_dev_unlock(hdev);
2871 }
2872
2873 static void hci_remote_ext_features_evt(struct hci_dev *hdev,
2874                                         struct sk_buff *skb)
2875 {
2876         struct hci_ev_remote_ext_features *ev = (void *) skb->data;
2877         struct hci_conn *conn;
2878
2879         BT_DBG("%s", hdev->name);
2880
2881         hci_dev_lock(hdev);
2882
2883         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2884         if (!conn)
2885                 goto unlock;
2886
2887         if (ev->page < HCI_MAX_PAGES)
2888                 memcpy(conn->features[ev->page], ev->features, 8);
2889
2890         if (!ev->status && ev->page == 0x01) {
2891                 struct inquiry_entry *ie;
2892
2893                 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
2894                 if (ie)
2895                         ie->data.ssp_mode = (ev->features[0] & LMP_HOST_SSP);
2896
2897                 if (ev->features[0] & LMP_HOST_SSP) {
2898                         set_bit(HCI_CONN_SSP_ENABLED, &conn->flags);
2899                 } else {
2900                         /* It is mandatory by the Bluetooth specification that
2901                          * Extended Inquiry Results are only used when Secure
2902                          * Simple Pairing is enabled, but some devices violate
2903                          * this.
2904                          *
2905                          * To make these devices work, the internal SSP
2906                          * enabled flag needs to be cleared if the remote host
2907                          * features do not indicate SSP support */
2908                         clear_bit(HCI_CONN_SSP_ENABLED, &conn->flags);
2909                 }
2910         }
2911
2912         if (conn->state != BT_CONFIG)
2913                 goto unlock;
2914
2915         if (!ev->status && !test_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags)) {
2916                 struct hci_cp_remote_name_req cp;
2917                 memset(&cp, 0, sizeof(cp));
2918                 bacpy(&cp.bdaddr, &conn->dst);
2919                 cp.pscan_rep_mode = 0x02;
2920                 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
2921         } else if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
2922                 mgmt_device_connected(hdev, &conn->dst, conn->type,
2923                                       conn->dst_type, 0, NULL, 0,
2924                                       conn->dev_class);
2925
2926         if (!hci_outgoing_auth_needed(hdev, conn)) {
2927                 conn->state = BT_CONNECTED;
2928                 hci_proto_connect_cfm(conn, ev->status);
2929                 hci_conn_drop(conn);
2930         }
2931
2932 unlock:
2933         hci_dev_unlock(hdev);
2934 }
2935
2936 static void hci_sync_conn_complete_evt(struct hci_dev *hdev,
2937                                        struct sk_buff *skb)
2938 {
2939         struct hci_ev_sync_conn_complete *ev = (void *) skb->data;
2940         struct hci_conn *conn;
2941
2942         BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2943
2944         hci_dev_lock(hdev);
2945
2946         conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
2947         if (!conn) {
2948                 if (ev->link_type == ESCO_LINK)
2949                         goto unlock;
2950
2951                 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
2952                 if (!conn)
2953                         goto unlock;
2954
2955                 conn->type = SCO_LINK;
2956         }
2957
2958         switch (ev->status) {
2959         case 0x00:
2960                 conn->handle = __le16_to_cpu(ev->handle);
2961                 conn->state  = BT_CONNECTED;
2962
2963                 hci_conn_add_sysfs(conn);
2964                 break;
2965
2966         case 0x11:      /* Unsupported Feature or Parameter Value */
2967         case 0x1c:      /* SCO interval rejected */
2968         case 0x1a:      /* Unsupported Remote Feature */
2969         case 0x1f:      /* Unspecified error */
2970                 if (conn->out && conn->attempt < 2) {
2971                         conn->pkt_type = (hdev->esco_type & SCO_ESCO_MASK) |
2972                                         (hdev->esco_type & EDR_ESCO_MASK);
2973                         hci_setup_sync(conn, conn->link->handle);
2974                         goto unlock;
2975                 }
2976                 /* fall through */
2977
2978         default:
2979                 conn->state = BT_CLOSED;
2980                 break;
2981         }
2982
2983         hci_proto_connect_cfm(conn, ev->status);
2984         if (ev->status)
2985                 hci_conn_del(conn);
2986
2987 unlock:
2988         hci_dev_unlock(hdev);
2989 }
2990
2991 static void hci_extended_inquiry_result_evt(struct hci_dev *hdev,
2992                                             struct sk_buff *skb)
2993 {
2994         struct inquiry_data data;
2995         struct extended_inquiry_info *info = (void *) (skb->data + 1);
2996         int num_rsp = *((__u8 *) skb->data);
2997         size_t eir_len;
2998
2999         BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
3000
3001         if (!num_rsp)
3002                 return;
3003
3004         if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags))
3005                 return;
3006
3007         hci_dev_lock(hdev);
3008
3009         for (; num_rsp; num_rsp--, info++) {
3010                 bool name_known, ssp;
3011
3012                 bacpy(&data.bdaddr, &info->bdaddr);
3013                 data.pscan_rep_mode     = info->pscan_rep_mode;
3014                 data.pscan_period_mode  = info->pscan_period_mode;
3015                 data.pscan_mode         = 0x00;
3016                 memcpy(data.dev_class, info->dev_class, 3);
3017                 data.clock_offset       = info->clock_offset;
3018                 data.rssi               = info->rssi;
3019                 data.ssp_mode           = 0x01;
3020
3021                 if (test_bit(HCI_MGMT, &hdev->dev_flags))
3022                         name_known = eir_has_data_type(info->data,
3023                                                        sizeof(info->data),
3024                                                        EIR_NAME_COMPLETE);
3025                 else
3026                         name_known = true;
3027
3028                 name_known = hci_inquiry_cache_update(hdev, &data, name_known,
3029                                                       &ssp);
3030                 eir_len = eir_get_length(info->data, sizeof(info->data));
3031                 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
3032                                   info->dev_class, info->rssi, !name_known,
3033                                   ssp, info->data, eir_len);
3034         }
3035
3036         hci_dev_unlock(hdev);
3037 }
3038
3039 static void hci_key_refresh_complete_evt(struct hci_dev *hdev,
3040                                          struct sk_buff *skb)
3041 {
3042         struct hci_ev_key_refresh_complete *ev = (void *) skb->data;
3043         struct hci_conn *conn;
3044
3045         BT_DBG("%s status 0x%2.2x handle 0x%4.4x", hdev->name, ev->status,
3046                __le16_to_cpu(ev->handle));
3047
3048         hci_dev_lock(hdev);
3049
3050         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
3051         if (!conn)
3052                 goto unlock;
3053
3054         /* For BR/EDR the necessary steps are taken through the
3055          * auth_complete event.
3056          */
3057         if (conn->type != LE_LINK)
3058                 goto unlock;
3059
3060         if (!ev->status)
3061                 conn->sec_level = conn->pending_sec_level;
3062
3063         clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
3064
3065         if (ev->status && conn->state == BT_CONNECTED) {
3066                 hci_disconnect(conn, HCI_ERROR_AUTH_FAILURE);
3067                 hci_conn_drop(conn);
3068                 goto unlock;
3069         }
3070
3071         if (conn->state == BT_CONFIG) {
3072                 if (!ev->status)
3073                         conn->state = BT_CONNECTED;
3074
3075                 hci_proto_connect_cfm(conn, ev->status);
3076                 hci_conn_drop(conn);
3077         } else {
3078                 hci_auth_cfm(conn, ev->status);
3079
3080                 hci_conn_hold(conn);
3081                 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
3082                 hci_conn_drop(conn);
3083         }
3084
3085 unlock:
3086         hci_dev_unlock(hdev);
3087 }
3088
3089 static u8 hci_get_auth_req(struct hci_conn *conn)
3090 {
3091         /* If remote requests dedicated bonding follow that lead */
3092         if (conn->remote_auth == 0x02 || conn->remote_auth == 0x03) {
3093                 /* If both remote and local IO capabilities allow MITM
3094                  * protection then require it, otherwise don't */
3095                 if (conn->remote_cap == 0x03 || conn->io_capability == 0x03)
3096                         return 0x02;
3097                 else
3098                         return 0x03;
3099         }
3100
3101         /* If remote requests no-bonding follow that lead */
3102         if (conn->remote_auth == 0x00 || conn->remote_auth == 0x01)
3103                 return conn->remote_auth | (conn->auth_type & 0x01);
3104
3105         return conn->auth_type;
3106 }
3107
3108 static void hci_io_capa_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
3109 {
3110         struct hci_ev_io_capa_request *ev = (void *) skb->data;
3111         struct hci_conn *conn;
3112
3113         BT_DBG("%s", hdev->name);
3114
3115         hci_dev_lock(hdev);
3116
3117         conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3118         if (!conn)
3119                 goto unlock;
3120
3121         hci_conn_hold(conn);
3122
3123         if (!test_bit(HCI_MGMT, &hdev->dev_flags))
3124                 goto unlock;
3125
3126         if (test_bit(HCI_PAIRABLE, &hdev->dev_flags) ||
3127             (conn->remote_auth & ~0x01) == HCI_AT_NO_BONDING) {
3128                 struct hci_cp_io_capability_reply cp;
3129
3130                 bacpy(&cp.bdaddr, &ev->bdaddr);
3131                 /* Change the IO capability from KeyboardDisplay
3132                  * to DisplayYesNo as it is not supported by BT spec. */
3133                 cp.capability = (conn->io_capability == 0x04) ?
3134                                                 0x01 : conn->io_capability;
3135                 conn->auth_type = hci_get_auth_req(conn);
3136                 cp.authentication = conn->auth_type;
3137
3138                 if (hci_find_remote_oob_data(hdev, &conn->dst) &&
3139                     (conn->out || test_bit(HCI_CONN_REMOTE_OOB, &conn->flags)))
3140                         cp.oob_data = 0x01;
3141                 else
3142                         cp.oob_data = 0x00;
3143
3144                 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_REPLY,
3145                              sizeof(cp), &cp);
3146         } else {
3147                 struct hci_cp_io_capability_neg_reply cp;
3148
3149                 bacpy(&cp.bdaddr, &ev->bdaddr);
3150                 cp.reason = HCI_ERROR_PAIRING_NOT_ALLOWED;
3151
3152                 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_NEG_REPLY,
3153                              sizeof(cp), &cp);
3154         }
3155
3156 unlock:
3157         hci_dev_unlock(hdev);
3158 }
3159
3160 static void hci_io_capa_reply_evt(struct hci_dev *hdev, struct sk_buff *skb)
3161 {
3162         struct hci_ev_io_capa_reply *ev = (void *) skb->data;
3163         struct hci_conn *conn;
3164
3165         BT_DBG("%s", hdev->name);
3166
3167         hci_dev_lock(hdev);
3168
3169         conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3170         if (!conn)
3171                 goto unlock;
3172
3173         conn->remote_cap = ev->capability;
3174         conn->remote_auth = ev->authentication;
3175         if (ev->oob_data)
3176                 set_bit(HCI_CONN_REMOTE_OOB, &conn->flags);
3177
3178 unlock:
3179         hci_dev_unlock(hdev);
3180 }
3181
3182 static void hci_user_confirm_request_evt(struct hci_dev *hdev,
3183                                          struct sk_buff *skb)
3184 {
3185         struct hci_ev_user_confirm_req *ev = (void *) skb->data;
3186         int loc_mitm, rem_mitm, confirm_hint = 0;
3187         struct hci_conn *conn;
3188
3189         BT_DBG("%s", hdev->name);
3190
3191         hci_dev_lock(hdev);
3192
3193         if (!test_bit(HCI_MGMT, &hdev->dev_flags))
3194                 goto unlock;
3195
3196         conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3197         if (!conn)
3198                 goto unlock;
3199
3200         loc_mitm = (conn->auth_type & 0x01);
3201         rem_mitm = (conn->remote_auth & 0x01);
3202
3203         /* If we require MITM but the remote device can't provide that
3204          * (it has NoInputNoOutput) then reject the confirmation
3205          * request. The only exception is when we're dedicated bonding
3206          * initiators (connect_cfm_cb set) since then we always have the MITM
3207          * bit set. */
3208         if (!conn->connect_cfm_cb && loc_mitm && conn->remote_cap == 0x03) {
3209                 BT_DBG("Rejecting request: remote device can't provide MITM");
3210                 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_NEG_REPLY,
3211                              sizeof(ev->bdaddr), &ev->bdaddr);
3212                 goto unlock;
3213         }
3214
3215         /* If no side requires MITM protection; auto-accept */
3216         if ((!loc_mitm || conn->remote_cap == 0x03) &&
3217             (!rem_mitm || conn->io_capability == 0x03)) {
3218
3219                 /* If we're not the initiators request authorization to
3220                  * proceed from user space (mgmt_user_confirm with
3221                  * confirm_hint set to 1). The exception is if neither
3222                  * side had MITM in which case we do auto-accept.
3223                  */
3224                 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->flags) &&
3225                     (loc_mitm || rem_mitm)) {
3226                         BT_DBG("Confirming auto-accept as acceptor");
3227                         confirm_hint = 1;
3228                         goto confirm;
3229                 }
3230
3231                 BT_DBG("Auto-accept of user confirmation with %ums delay",
3232                        hdev->auto_accept_delay);
3233
3234                 if (hdev->auto_accept_delay > 0) {
3235                         int delay = msecs_to_jiffies(hdev->auto_accept_delay);
3236                         mod_timer(&conn->auto_accept_timer, jiffies + delay);
3237                         goto unlock;
3238                 }
3239
3240                 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_REPLY,
3241                              sizeof(ev->bdaddr), &ev->bdaddr);
3242                 goto unlock;
3243         }
3244
3245 confirm:
3246         mgmt_user_confirm_request(hdev, &ev->bdaddr, ACL_LINK, 0, ev->passkey,
3247                                   confirm_hint);
3248
3249 unlock:
3250         hci_dev_unlock(hdev);
3251 }
3252
3253 static void hci_user_passkey_request_evt(struct hci_dev *hdev,
3254                                          struct sk_buff *skb)
3255 {
3256         struct hci_ev_user_passkey_req *ev = (void *) skb->data;
3257
3258         BT_DBG("%s", hdev->name);
3259
3260         if (test_bit(HCI_MGMT, &hdev->dev_flags))
3261                 mgmt_user_passkey_request(hdev, &ev->bdaddr, ACL_LINK, 0);
3262 }
3263
3264 static void hci_user_passkey_notify_evt(struct hci_dev *hdev,
3265                                         struct sk_buff *skb)
3266 {
3267         struct hci_ev_user_passkey_notify *ev = (void *) skb->data;
3268         struct hci_conn *conn;
3269
3270         BT_DBG("%s", hdev->name);
3271
3272         conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3273         if (!conn)
3274                 return;
3275
3276         conn->passkey_notify = __le32_to_cpu(ev->passkey);
3277         conn->passkey_entered = 0;
3278
3279         if (test_bit(HCI_MGMT, &hdev->dev_flags))
3280                 mgmt_user_passkey_notify(hdev, &conn->dst, conn->type,
3281                                          conn->dst_type, conn->passkey_notify,
3282                                          conn->passkey_entered);
3283 }
3284
3285 static void hci_keypress_notify_evt(struct hci_dev *hdev, struct sk_buff *skb)
3286 {
3287         struct hci_ev_keypress_notify *ev = (void *) skb->data;
3288         struct hci_conn *conn;
3289
3290         BT_DBG("%s", hdev->name);
3291
3292         conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3293         if (!conn)
3294                 return;
3295
3296         switch (ev->type) {
3297         case HCI_KEYPRESS_STARTED:
3298                 conn->passkey_entered = 0;
3299                 return;
3300
3301         case HCI_KEYPRESS_ENTERED:
3302                 conn->passkey_entered++;
3303                 break;
3304
3305         case HCI_KEYPRESS_ERASED:
3306                 conn->passkey_entered--;
3307                 break;
3308
3309         case HCI_KEYPRESS_CLEARED:
3310                 conn->passkey_entered = 0;
3311                 break;
3312
3313         case HCI_KEYPRESS_COMPLETED:
3314                 return;
3315         }
3316
3317         if (test_bit(HCI_MGMT, &hdev->dev_flags))
3318                 mgmt_user_passkey_notify(hdev, &conn->dst, conn->type,
3319                                          conn->dst_type, conn->passkey_notify,
3320                                          conn->passkey_entered);
3321 }
3322
3323 static void hci_simple_pair_complete_evt(struct hci_dev *hdev,
3324                                          struct sk_buff *skb)
3325 {
3326         struct hci_ev_simple_pair_complete *ev = (void *) skb->data;
3327         struct hci_conn *conn;
3328
3329         BT_DBG("%s", hdev->name);
3330
3331         hci_dev_lock(hdev);
3332
3333         conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3334         if (!conn)
3335                 goto unlock;
3336
3337         /* To avoid duplicate auth_failed events to user space we check
3338          * the HCI_CONN_AUTH_PEND flag which will be set if we
3339          * initiated the authentication. A traditional auth_complete
3340          * event gets always produced as initiator and is also mapped to
3341          * the mgmt_auth_failed event */
3342         if (!test_bit(HCI_CONN_AUTH_PEND, &conn->flags) && ev->status)
3343                 mgmt_auth_failed(hdev, &conn->dst, conn->type, conn->dst_type,
3344                                  ev->status);
3345
3346         hci_conn_drop(conn);
3347
3348 unlock:
3349         hci_dev_unlock(hdev);
3350 }
3351
3352 static void hci_remote_host_features_evt(struct hci_dev *hdev,
3353                                          struct sk_buff *skb)
3354 {
3355         struct hci_ev_remote_host_features *ev = (void *) skb->data;
3356         struct inquiry_entry *ie;
3357         struct hci_conn *conn;
3358
3359         BT_DBG("%s", hdev->name);
3360
3361         hci_dev_lock(hdev);
3362
3363         conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3364         if (conn)
3365                 memcpy(conn->features[1], ev->features, 8);
3366
3367         ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
3368         if (ie)
3369                 ie->data.ssp_mode = (ev->features[0] & LMP_HOST_SSP);
3370
3371         hci_dev_unlock(hdev);
3372 }
3373
3374 static void hci_remote_oob_data_request_evt(struct hci_dev *hdev,
3375                                             struct sk_buff *skb)
3376 {
3377         struct hci_ev_remote_oob_data_request *ev = (void *) skb->data;
3378         struct oob_data *data;
3379
3380         BT_DBG("%s", hdev->name);
3381
3382         hci_dev_lock(hdev);
3383
3384         if (!test_bit(HCI_MGMT, &hdev->dev_flags))
3385                 goto unlock;
3386
3387         data = hci_find_remote_oob_data(hdev, &ev->bdaddr);
3388         if (data) {
3389                 struct hci_cp_remote_oob_data_reply cp;
3390
3391                 bacpy(&cp.bdaddr, &ev->bdaddr);
3392                 memcpy(cp.hash, data->hash, sizeof(cp.hash));
3393                 memcpy(cp.randomizer, data->randomizer, sizeof(cp.randomizer));
3394
3395                 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_REPLY, sizeof(cp),
3396                              &cp);
3397         } else {
3398                 struct hci_cp_remote_oob_data_neg_reply cp;
3399
3400                 bacpy(&cp.bdaddr, &ev->bdaddr);
3401                 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_NEG_REPLY, sizeof(cp),
3402                              &cp);
3403         }
3404
3405 unlock:
3406         hci_dev_unlock(hdev);
3407 }
3408
3409 static void hci_phy_link_complete_evt(struct hci_dev *hdev,
3410                                       struct sk_buff *skb)
3411 {
3412         struct hci_ev_phy_link_complete *ev = (void *) skb->data;
3413         struct hci_conn *hcon, *bredr_hcon;
3414
3415         BT_DBG("%s handle 0x%2.2x status 0x%2.2x", hdev->name, ev->phy_handle,
3416                ev->status);
3417
3418         hci_dev_lock(hdev);
3419
3420         hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
3421         if (!hcon) {
3422                 hci_dev_unlock(hdev);
3423                 return;
3424         }
3425
3426         if (ev->status) {
3427                 hci_conn_del(hcon);
3428                 hci_dev_unlock(hdev);
3429                 return;
3430         }
3431
3432         bredr_hcon = hcon->amp_mgr->l2cap_conn->hcon;
3433
3434         hcon->state = BT_CONNECTED;
3435         bacpy(&hcon->dst, &bredr_hcon->dst);
3436
3437         hci_conn_hold(hcon);
3438         hcon->disc_timeout = HCI_DISCONN_TIMEOUT;
3439         hci_conn_drop(hcon);
3440
3441         hci_conn_add_sysfs(hcon);
3442
3443         amp_physical_cfm(bredr_hcon, hcon);
3444
3445         hci_dev_unlock(hdev);
3446 }
3447
3448 static void hci_loglink_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
3449 {
3450         struct hci_ev_logical_link_complete *ev = (void *) skb->data;
3451         struct hci_conn *hcon;
3452         struct hci_chan *hchan;
3453         struct amp_mgr *mgr;
3454
3455         BT_DBG("%s log_handle 0x%4.4x phy_handle 0x%2.2x status 0x%2.2x",
3456                hdev->name, le16_to_cpu(ev->handle), ev->phy_handle,
3457                ev->status);
3458
3459         hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
3460         if (!hcon)
3461                 return;
3462
3463         /* Create AMP hchan */
3464         hchan = hci_chan_create(hcon);
3465         if (!hchan)
3466                 return;
3467
3468         hchan->handle = le16_to_cpu(ev->handle);
3469
3470         BT_DBG("hcon %p mgr %p hchan %p", hcon, hcon->amp_mgr, hchan);
3471
3472         mgr = hcon->amp_mgr;
3473         if (mgr && mgr->bredr_chan) {
3474                 struct l2cap_chan *bredr_chan = mgr->bredr_chan;
3475
3476                 l2cap_chan_lock(bredr_chan);
3477
3478                 bredr_chan->conn->mtu = hdev->block_mtu;
3479                 l2cap_logical_cfm(bredr_chan, hchan, 0);
3480                 hci_conn_hold(hcon);
3481
3482                 l2cap_chan_unlock(bredr_chan);
3483         }
3484 }
3485
3486 static void hci_disconn_loglink_complete_evt(struct hci_dev *hdev,
3487                                              struct sk_buff *skb)
3488 {
3489         struct hci_ev_disconn_logical_link_complete *ev = (void *) skb->data;
3490         struct hci_chan *hchan;
3491
3492         BT_DBG("%s log handle 0x%4.4x status 0x%2.2x", hdev->name,
3493                le16_to_cpu(ev->handle), ev->status);
3494
3495         if (ev->status)
3496                 return;
3497
3498         hci_dev_lock(hdev);
3499
3500         hchan = hci_chan_lookup_handle(hdev, le16_to_cpu(ev->handle));
3501         if (!hchan)
3502                 goto unlock;
3503
3504         amp_destroy_logical_link(hchan, ev->reason);
3505
3506 unlock:
3507         hci_dev_unlock(hdev);
3508 }
3509
3510 static void hci_disconn_phylink_complete_evt(struct hci_dev *hdev,
3511                                              struct sk_buff *skb)
3512 {
3513         struct hci_ev_disconn_phy_link_complete *ev = (void *) skb->data;
3514         struct hci_conn *hcon;
3515
3516         BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
3517
3518         if (ev->status)
3519                 return;
3520
3521         hci_dev_lock(hdev);
3522
3523         hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
3524         if (hcon) {
3525                 hcon->state = BT_CLOSED;
3526                 hci_conn_del(hcon);
3527         }
3528
3529         hci_dev_unlock(hdev);
3530 }
3531
3532 static void hci_le_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
3533 {
3534         struct hci_ev_le_conn_complete *ev = (void *) skb->data;
3535         struct hci_conn *conn;
3536
3537         BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
3538
3539         hci_dev_lock(hdev);
3540
3541         conn = hci_conn_hash_lookup_state(hdev, LE_LINK, BT_CONNECT);
3542         if (!conn) {
3543                 conn = hci_conn_add(hdev, LE_LINK, &ev->bdaddr);
3544                 if (!conn) {
3545                         BT_ERR("No memory for new connection");
3546                         goto unlock;
3547                 }
3548
3549                 conn->dst_type = ev->bdaddr_type;
3550
3551                 if (ev->role == LE_CONN_ROLE_MASTER) {
3552                         conn->out = true;
3553                         conn->link_mode |= HCI_LM_MASTER;
3554                 }
3555         }
3556
3557         if (ev->status) {
3558                 mgmt_connect_failed(hdev, &conn->dst, conn->type,
3559                                     conn->dst_type, ev->status);
3560                 hci_proto_connect_cfm(conn, ev->status);
3561                 conn->state = BT_CLOSED;
3562                 hci_conn_del(conn);
3563                 goto unlock;
3564         }
3565
3566         if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
3567                 mgmt_device_connected(hdev, &ev->bdaddr, conn->type,
3568                                       conn->dst_type, 0, NULL, 0, NULL);
3569
3570         conn->sec_level = BT_SECURITY_LOW;
3571         conn->handle = __le16_to_cpu(ev->handle);
3572         conn->state = BT_CONNECTED;
3573
3574         hci_conn_add_sysfs(conn);
3575
3576         hci_proto_connect_cfm(conn, ev->status);
3577
3578 unlock:
3579         hci_dev_unlock(hdev);
3580 }
3581
3582 static void hci_le_adv_report_evt(struct hci_dev *hdev, struct sk_buff *skb)
3583 {
3584         u8 num_reports = skb->data[0];
3585         void *ptr = &skb->data[1];
3586         s8 rssi;
3587
3588         while (num_reports--) {
3589                 struct hci_ev_le_advertising_info *ev = ptr;
3590
3591                 rssi = ev->data[ev->length];
3592                 mgmt_device_found(hdev, &ev->bdaddr, LE_LINK, ev->bdaddr_type,
3593                                   NULL, rssi, 0, 1, ev->data, ev->length);
3594
3595                 ptr += sizeof(*ev) + ev->length + 1;
3596         }
3597 }
3598
3599 static void hci_le_ltk_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
3600 {
3601         struct hci_ev_le_ltk_req *ev = (void *) skb->data;
3602         struct hci_cp_le_ltk_reply cp;
3603         struct hci_cp_le_ltk_neg_reply neg;
3604         struct hci_conn *conn;
3605         struct smp_ltk *ltk;
3606
3607         BT_DBG("%s handle 0x%4.4x", hdev->name, __le16_to_cpu(ev->handle));
3608
3609         hci_dev_lock(hdev);
3610
3611         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
3612         if (conn == NULL)
3613                 goto not_found;
3614
3615         ltk = hci_find_ltk(hdev, ev->ediv, ev->random);
3616         if (ltk == NULL)
3617                 goto not_found;
3618
3619         memcpy(cp.ltk, ltk->val, sizeof(ltk->val));
3620         cp.handle = cpu_to_le16(conn->handle);
3621
3622         if (ltk->authenticated)
3623                 conn->pending_sec_level = BT_SECURITY_HIGH;
3624         else
3625                 conn->pending_sec_level = BT_SECURITY_MEDIUM;
3626
3627         conn->enc_key_size = ltk->enc_size;
3628
3629         hci_send_cmd(hdev, HCI_OP_LE_LTK_REPLY, sizeof(cp), &cp);
3630
3631         /* Ref. Bluetooth Core SPEC pages 1975 and 2004. STK is a
3632          * temporary key used to encrypt a connection following
3633          * pairing. It is used during the Encrypted Session Setup to
3634          * distribute the keys. Later, security can be re-established
3635          * using a distributed LTK.
3636          */
3637         if (ltk->type == HCI_SMP_STK_SLAVE) {
3638                 list_del(&ltk->list);
3639                 kfree(ltk);
3640         }
3641
3642         hci_dev_unlock(hdev);
3643
3644         return;
3645
3646 not_found:
3647         neg.handle = ev->handle;
3648         hci_send_cmd(hdev, HCI_OP_LE_LTK_NEG_REPLY, sizeof(neg), &neg);
3649         hci_dev_unlock(hdev);
3650 }
3651
3652 static void hci_le_meta_evt(struct hci_dev *hdev, struct sk_buff *skb)
3653 {
3654         struct hci_ev_le_meta *le_ev = (void *) skb->data;
3655
3656         skb_pull(skb, sizeof(*le_ev));
3657
3658         switch (le_ev->subevent) {
3659         case HCI_EV_LE_CONN_COMPLETE:
3660                 hci_le_conn_complete_evt(hdev, skb);
3661                 break;
3662
3663         case HCI_EV_LE_ADVERTISING_REPORT:
3664                 hci_le_adv_report_evt(hdev, skb);
3665                 break;
3666
3667         case HCI_EV_LE_LTK_REQ:
3668                 hci_le_ltk_request_evt(hdev, skb);
3669                 break;
3670
3671         default:
3672                 break;
3673         }
3674 }
3675
3676 static void hci_chan_selected_evt(struct hci_dev *hdev, struct sk_buff *skb)
3677 {
3678         struct hci_ev_channel_selected *ev = (void *) skb->data;
3679         struct hci_conn *hcon;
3680
3681         BT_DBG("%s handle 0x%2.2x", hdev->name, ev->phy_handle);
3682
3683         skb_pull(skb, sizeof(*ev));
3684
3685         hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
3686         if (!hcon)
3687                 return;
3688
3689         amp_read_loc_assoc_final_data(hdev, hcon);
3690 }
3691
3692 void hci_event_packet(struct hci_dev *hdev, struct sk_buff *skb)
3693 {
3694         struct hci_event_hdr *hdr = (void *) skb->data;
3695         __u8 event = hdr->evt;
3696
3697         hci_dev_lock(hdev);
3698
3699         /* Received events are (currently) only needed when a request is
3700          * ongoing so avoid unnecessary memory allocation.
3701          */
3702         if (hdev->req_status == HCI_REQ_PEND) {
3703                 kfree_skb(hdev->recv_evt);
3704                 hdev->recv_evt = skb_clone(skb, GFP_KERNEL);
3705         }
3706
3707         hci_dev_unlock(hdev);
3708
3709         skb_pull(skb, HCI_EVENT_HDR_SIZE);
3710
3711         if (hdev->sent_cmd && bt_cb(hdev->sent_cmd)->req.event == event) {
3712                 struct hci_command_hdr *hdr = (void *) hdev->sent_cmd->data;
3713                 u16 opcode = __le16_to_cpu(hdr->opcode);
3714
3715                 hci_req_cmd_complete(hdev, opcode, 0);
3716         }
3717
3718         switch (event) {
3719         case HCI_EV_INQUIRY_COMPLETE:
3720                 hci_inquiry_complete_evt(hdev, skb);
3721                 break;
3722
3723         case HCI_EV_INQUIRY_RESULT:
3724                 hci_inquiry_result_evt(hdev, skb);
3725                 break;
3726
3727         case HCI_EV_CONN_COMPLETE:
3728                 hci_conn_complete_evt(hdev, skb);
3729                 break;
3730
3731         case HCI_EV_CONN_REQUEST:
3732                 hci_conn_request_evt(hdev, skb);
3733                 break;
3734
3735         case HCI_EV_DISCONN_COMPLETE:
3736                 hci_disconn_complete_evt(hdev, skb);
3737                 break;
3738
3739         case HCI_EV_AUTH_COMPLETE:
3740                 hci_auth_complete_evt(hdev, skb);
3741                 break;
3742
3743         case HCI_EV_REMOTE_NAME:
3744                 hci_remote_name_evt(hdev, skb);
3745                 break;
3746
3747         case HCI_EV_ENCRYPT_CHANGE:
3748                 hci_encrypt_change_evt(hdev, skb);
3749                 break;
3750
3751         case HCI_EV_CHANGE_LINK_KEY_COMPLETE:
3752                 hci_change_link_key_complete_evt(hdev, skb);
3753                 break;
3754
3755         case HCI_EV_REMOTE_FEATURES:
3756                 hci_remote_features_evt(hdev, skb);
3757                 break;
3758
3759         case HCI_EV_CMD_COMPLETE:
3760                 hci_cmd_complete_evt(hdev, skb);
3761                 break;
3762
3763         case HCI_EV_CMD_STATUS:
3764                 hci_cmd_status_evt(hdev, skb);
3765                 break;
3766
3767         case HCI_EV_ROLE_CHANGE:
3768                 hci_role_change_evt(hdev, skb);
3769                 break;
3770
3771         case HCI_EV_NUM_COMP_PKTS:
3772                 hci_num_comp_pkts_evt(hdev, skb);
3773                 break;
3774
3775         case HCI_EV_MODE_CHANGE:
3776                 hci_mode_change_evt(hdev, skb);
3777                 break;
3778
3779         case HCI_EV_PIN_CODE_REQ:
3780                 hci_pin_code_request_evt(hdev, skb);
3781                 break;
3782
3783         case HCI_EV_LINK_KEY_REQ:
3784                 hci_link_key_request_evt(hdev, skb);
3785                 break;
3786
3787         case HCI_EV_LINK_KEY_NOTIFY:
3788                 hci_link_key_notify_evt(hdev, skb);
3789                 break;
3790
3791         case HCI_EV_CLOCK_OFFSET:
3792                 hci_clock_offset_evt(hdev, skb);
3793                 break;
3794
3795         case HCI_EV_PKT_TYPE_CHANGE:
3796                 hci_pkt_type_change_evt(hdev, skb);
3797                 break;
3798
3799         case HCI_EV_PSCAN_REP_MODE:
3800                 hci_pscan_rep_mode_evt(hdev, skb);
3801                 break;
3802
3803         case HCI_EV_INQUIRY_RESULT_WITH_RSSI:
3804                 hci_inquiry_result_with_rssi_evt(hdev, skb);
3805                 break;
3806
3807         case HCI_EV_REMOTE_EXT_FEATURES:
3808                 hci_remote_ext_features_evt(hdev, skb);
3809                 break;
3810
3811         case HCI_EV_SYNC_CONN_COMPLETE:
3812                 hci_sync_conn_complete_evt(hdev, skb);
3813                 break;
3814
3815         case HCI_EV_EXTENDED_INQUIRY_RESULT:
3816                 hci_extended_inquiry_result_evt(hdev, skb);
3817                 break;
3818
3819         case HCI_EV_KEY_REFRESH_COMPLETE:
3820                 hci_key_refresh_complete_evt(hdev, skb);
3821                 break;
3822
3823         case HCI_EV_IO_CAPA_REQUEST:
3824                 hci_io_capa_request_evt(hdev, skb);
3825                 break;
3826
3827         case HCI_EV_IO_CAPA_REPLY:
3828                 hci_io_capa_reply_evt(hdev, skb);
3829                 break;
3830
3831         case HCI_EV_USER_CONFIRM_REQUEST:
3832                 hci_user_confirm_request_evt(hdev, skb);
3833                 break;
3834
3835         case HCI_EV_USER_PASSKEY_REQUEST:
3836                 hci_user_passkey_request_evt(hdev, skb);
3837                 break;
3838
3839         case HCI_EV_USER_PASSKEY_NOTIFY:
3840                 hci_user_passkey_notify_evt(hdev, skb);
3841                 break;
3842
3843         case HCI_EV_KEYPRESS_NOTIFY:
3844                 hci_keypress_notify_evt(hdev, skb);
3845                 break;
3846
3847         case HCI_EV_SIMPLE_PAIR_COMPLETE:
3848                 hci_simple_pair_complete_evt(hdev, skb);
3849                 break;
3850
3851         case HCI_EV_REMOTE_HOST_FEATURES:
3852                 hci_remote_host_features_evt(hdev, skb);
3853                 break;
3854
3855         case HCI_EV_LE_META:
3856                 hci_le_meta_evt(hdev, skb);
3857                 break;
3858
3859         case HCI_EV_CHANNEL_SELECTED:
3860                 hci_chan_selected_evt(hdev, skb);
3861                 break;
3862
3863         case HCI_EV_REMOTE_OOB_DATA_REQUEST:
3864                 hci_remote_oob_data_request_evt(hdev, skb);
3865                 break;
3866
3867         case HCI_EV_PHY_LINK_COMPLETE:
3868                 hci_phy_link_complete_evt(hdev, skb);
3869                 break;
3870
3871         case HCI_EV_LOGICAL_LINK_COMPLETE:
3872                 hci_loglink_complete_evt(hdev, skb);
3873                 break;
3874
3875         case HCI_EV_DISCONN_LOGICAL_LINK_COMPLETE:
3876                 hci_disconn_loglink_complete_evt(hdev, skb);
3877                 break;
3878
3879         case HCI_EV_DISCONN_PHY_LINK_COMPLETE:
3880                 hci_disconn_phylink_complete_evt(hdev, skb);
3881                 break;
3882
3883         case HCI_EV_NUM_COMP_BLOCKS:
3884                 hci_num_comp_blocks_evt(hdev, skb);
3885                 break;
3886
3887         default:
3888                 BT_DBG("%s event 0x%2.2x", hdev->name, event);
3889                 break;
3890         }
3891
3892         kfree_skb(skb);
3893         hdev->stat.evt_rx++;
3894 }
Unnamed repository; edit this file 'description' to name the repository.