Bluetooth: mgmt: Fix updating local name when powering on
[linux-2.6.git] / net / bluetooth / hci_event.c
1 /*
2    BlueZ - Bluetooth protocol stack for Linux
3    Copyright (c) 2000-2001, 2010, Code Aurora Forum. All rights reserved.
4
5    Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
6
7    This program is free software; you can redistribute it and/or modify
8    it under the terms of the GNU General Public License version 2 as
9    published by the Free Software Foundation;
10
11    THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12    OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13    FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14    IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15    CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16    WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17    ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18    OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
20    ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21    COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22    SOFTWARE IS DISCLAIMED.
23 */
24
25 /* Bluetooth HCI event handling. */
26
27 #include <linux/module.h>
28
29 #include <linux/types.h>
30 #include <linux/errno.h>
31 #include <linux/kernel.h>
32 #include <linux/slab.h>
33 #include <linux/poll.h>
34 #include <linux/fcntl.h>
35 #include <linux/init.h>
36 #include <linux/skbuff.h>
37 #include <linux/interrupt.h>
38 #include <net/sock.h>
39
40 #include <asm/system.h>
41 #include <linux/uaccess.h>
42 #include <asm/unaligned.h>
43
44 #include <net/bluetooth/bluetooth.h>
45 #include <net/bluetooth/hci_core.h>
46
47 /* Handle HCI Event packets */
48
49 static void hci_cc_inquiry_cancel(struct hci_dev *hdev, struct sk_buff *skb)
50 {
51         __u8 status = *((__u8 *) skb->data);
52
53         BT_DBG("%s status 0x%x", hdev->name, status);
54
55         if (status) {
56                 hci_dev_lock(hdev);
57                 mgmt_stop_discovery_failed(hdev, status);
58                 hci_dev_unlock(hdev);
59                 return;
60         }
61
62         clear_bit(HCI_INQUIRY, &hdev->flags);
63
64         hci_dev_lock(hdev);
65         hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
66         hci_dev_unlock(hdev);
67
68         hci_req_complete(hdev, HCI_OP_INQUIRY_CANCEL, status);
69
70         hci_conn_check_pending(hdev);
71 }
72
73 static void hci_cc_exit_periodic_inq(struct hci_dev *hdev, struct sk_buff *skb)
74 {
75         __u8 status = *((__u8 *) skb->data);
76
77         BT_DBG("%s status 0x%x", hdev->name, status);
78
79         if (status)
80                 return;
81
82         hci_conn_check_pending(hdev);
83 }
84
85 static void hci_cc_remote_name_req_cancel(struct hci_dev *hdev, struct sk_buff *skb)
86 {
87         BT_DBG("%s", hdev->name);
88 }
89
90 static void hci_cc_role_discovery(struct hci_dev *hdev, struct sk_buff *skb)
91 {
92         struct hci_rp_role_discovery *rp = (void *) skb->data;
93         struct hci_conn *conn;
94
95         BT_DBG("%s status 0x%x", hdev->name, rp->status);
96
97         if (rp->status)
98                 return;
99
100         hci_dev_lock(hdev);
101
102         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
103         if (conn) {
104                 if (rp->role)
105                         conn->link_mode &= ~HCI_LM_MASTER;
106                 else
107                         conn->link_mode |= HCI_LM_MASTER;
108         }
109
110         hci_dev_unlock(hdev);
111 }
112
113 static void hci_cc_read_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
114 {
115         struct hci_rp_read_link_policy *rp = (void *) skb->data;
116         struct hci_conn *conn;
117
118         BT_DBG("%s status 0x%x", hdev->name, rp->status);
119
120         if (rp->status)
121                 return;
122
123         hci_dev_lock(hdev);
124
125         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
126         if (conn)
127                 conn->link_policy = __le16_to_cpu(rp->policy);
128
129         hci_dev_unlock(hdev);
130 }
131
132 static void hci_cc_write_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
133 {
134         struct hci_rp_write_link_policy *rp = (void *) skb->data;
135         struct hci_conn *conn;
136         void *sent;
137
138         BT_DBG("%s status 0x%x", hdev->name, rp->status);
139
140         if (rp->status)
141                 return;
142
143         sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LINK_POLICY);
144         if (!sent)
145                 return;
146
147         hci_dev_lock(hdev);
148
149         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
150         if (conn)
151                 conn->link_policy = get_unaligned_le16(sent + 2);
152
153         hci_dev_unlock(hdev);
154 }
155
156 static void hci_cc_read_def_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
157 {
158         struct hci_rp_read_def_link_policy *rp = (void *) skb->data;
159
160         BT_DBG("%s status 0x%x", hdev->name, rp->status);
161
162         if (rp->status)
163                 return;
164
165         hdev->link_policy = __le16_to_cpu(rp->policy);
166 }
167
168 static void hci_cc_write_def_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
169 {
170         __u8 status = *((__u8 *) skb->data);
171         void *sent;
172
173         BT_DBG("%s status 0x%x", hdev->name, status);
174
175         sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_DEF_LINK_POLICY);
176         if (!sent)
177                 return;
178
179         if (!status)
180                 hdev->link_policy = get_unaligned_le16(sent);
181
182         hci_req_complete(hdev, HCI_OP_WRITE_DEF_LINK_POLICY, status);
183 }
184
185 static void hci_cc_reset(struct hci_dev *hdev, struct sk_buff *skb)
186 {
187         __u8 status = *((__u8 *) skb->data);
188
189         BT_DBG("%s status 0x%x", hdev->name, status);
190
191         clear_bit(HCI_RESET, &hdev->flags);
192
193         hci_req_complete(hdev, HCI_OP_RESET, status);
194
195         /* Reset all non-persistent flags */
196         hdev->dev_flags &= ~(BIT(HCI_LE_SCAN) | BIT(HCI_PENDING_CLASS));
197
198         hdev->discovery.state = DISCOVERY_STOPPED;
199 }
200
201 static void hci_cc_write_local_name(struct hci_dev *hdev, struct sk_buff *skb)
202 {
203         __u8 status = *((__u8 *) skb->data);
204         void *sent;
205
206         BT_DBG("%s status 0x%x", hdev->name, status);
207
208         sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LOCAL_NAME);
209         if (!sent)
210                 return;
211
212         hci_dev_lock(hdev);
213
214         if (test_bit(HCI_MGMT, &hdev->dev_flags))
215                 mgmt_set_local_name_complete(hdev, sent, status);
216         else if (!status)
217                 memcpy(hdev->dev_name, sent, HCI_MAX_NAME_LENGTH);
218
219         hci_dev_unlock(hdev);
220
221         hci_req_complete(hdev, HCI_OP_WRITE_LOCAL_NAME, status);
222 }
223
224 static void hci_cc_read_local_name(struct hci_dev *hdev, struct sk_buff *skb)
225 {
226         struct hci_rp_read_local_name *rp = (void *) skb->data;
227
228         BT_DBG("%s status 0x%x", hdev->name, rp->status);
229
230         if (rp->status)
231                 return;
232
233         if (test_bit(HCI_SETUP, &hdev->dev_flags))
234                 memcpy(hdev->dev_name, rp->name, HCI_MAX_NAME_LENGTH);
235 }
236
237 static void hci_cc_write_auth_enable(struct hci_dev *hdev, struct sk_buff *skb)
238 {
239         __u8 status = *((__u8 *) skb->data);
240         void *sent;
241
242         BT_DBG("%s status 0x%x", hdev->name, status);
243
244         sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_AUTH_ENABLE);
245         if (!sent)
246                 return;
247
248         if (!status) {
249                 __u8 param = *((__u8 *) sent);
250
251                 if (param == AUTH_ENABLED)
252                         set_bit(HCI_AUTH, &hdev->flags);
253                 else
254                         clear_bit(HCI_AUTH, &hdev->flags);
255         }
256
257         if (test_bit(HCI_MGMT, &hdev->dev_flags))
258                 mgmt_auth_enable_complete(hdev, status);
259
260         hci_req_complete(hdev, HCI_OP_WRITE_AUTH_ENABLE, status);
261 }
262
263 static void hci_cc_write_encrypt_mode(struct hci_dev *hdev, struct sk_buff *skb)
264 {
265         __u8 status = *((__u8 *) skb->data);
266         void *sent;
267
268         BT_DBG("%s status 0x%x", hdev->name, status);
269
270         sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_ENCRYPT_MODE);
271         if (!sent)
272                 return;
273
274         if (!status) {
275                 __u8 param = *((__u8 *) sent);
276
277                 if (param)
278                         set_bit(HCI_ENCRYPT, &hdev->flags);
279                 else
280                         clear_bit(HCI_ENCRYPT, &hdev->flags);
281         }
282
283         hci_req_complete(hdev, HCI_OP_WRITE_ENCRYPT_MODE, status);
284 }
285
286 static void hci_cc_write_scan_enable(struct hci_dev *hdev, struct sk_buff *skb)
287 {
288         __u8 param, status = *((__u8 *) skb->data);
289         int old_pscan, old_iscan;
290         void *sent;
291
292         BT_DBG("%s status 0x%x", hdev->name, status);
293
294         sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SCAN_ENABLE);
295         if (!sent)
296                 return;
297
298         param = *((__u8 *) sent);
299
300         hci_dev_lock(hdev);
301
302         if (status != 0) {
303                 mgmt_write_scan_failed(hdev, param, status);
304                 hdev->discov_timeout = 0;
305                 goto done;
306         }
307
308         old_pscan = test_and_clear_bit(HCI_PSCAN, &hdev->flags);
309         old_iscan = test_and_clear_bit(HCI_ISCAN, &hdev->flags);
310
311         if (param & SCAN_INQUIRY) {
312                 set_bit(HCI_ISCAN, &hdev->flags);
313                 if (!old_iscan)
314                         mgmt_discoverable(hdev, 1);
315                 if (hdev->discov_timeout > 0) {
316                         int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
317                         queue_delayed_work(hdev->workqueue, &hdev->discov_off,
318                                                                         to);
319                 }
320         } else if (old_iscan)
321                 mgmt_discoverable(hdev, 0);
322
323         if (param & SCAN_PAGE) {
324                 set_bit(HCI_PSCAN, &hdev->flags);
325                 if (!old_pscan)
326                         mgmt_connectable(hdev, 1);
327         } else if (old_pscan)
328                 mgmt_connectable(hdev, 0);
329
330 done:
331         hci_dev_unlock(hdev);
332         hci_req_complete(hdev, HCI_OP_WRITE_SCAN_ENABLE, status);
333 }
334
335 static void hci_cc_read_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
336 {
337         struct hci_rp_read_class_of_dev *rp = (void *) skb->data;
338
339         BT_DBG("%s status 0x%x", hdev->name, rp->status);
340
341         if (rp->status)
342                 return;
343
344         memcpy(hdev->dev_class, rp->dev_class, 3);
345
346         BT_DBG("%s class 0x%.2x%.2x%.2x", hdev->name,
347                 hdev->dev_class[2], hdev->dev_class[1], hdev->dev_class[0]);
348 }
349
350 static void hci_cc_write_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
351 {
352         __u8 status = *((__u8 *) skb->data);
353         void *sent;
354
355         BT_DBG("%s status 0x%x", hdev->name, status);
356
357         sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_CLASS_OF_DEV);
358         if (!sent)
359                 return;
360
361         hci_dev_lock(hdev);
362
363         if (status == 0)
364                 memcpy(hdev->dev_class, sent, 3);
365
366         if (test_bit(HCI_MGMT, &hdev->dev_flags))
367                 mgmt_set_class_of_dev_complete(hdev, sent, status);
368
369         hci_dev_unlock(hdev);
370 }
371
372 static void hci_cc_read_voice_setting(struct hci_dev *hdev, struct sk_buff *skb)
373 {
374         struct hci_rp_read_voice_setting *rp = (void *) skb->data;
375         __u16 setting;
376
377         BT_DBG("%s status 0x%x", hdev->name, rp->status);
378
379         if (rp->status)
380                 return;
381
382         setting = __le16_to_cpu(rp->voice_setting);
383
384         if (hdev->voice_setting == setting)
385                 return;
386
387         hdev->voice_setting = setting;
388
389         BT_DBG("%s voice setting 0x%04x", hdev->name, setting);
390
391         if (hdev->notify)
392                 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
393 }
394
395 static void hci_cc_write_voice_setting(struct hci_dev *hdev, struct sk_buff *skb)
396 {
397         __u8 status = *((__u8 *) skb->data);
398         __u16 setting;
399         void *sent;
400
401         BT_DBG("%s status 0x%x", hdev->name, status);
402
403         if (status)
404                 return;
405
406         sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_VOICE_SETTING);
407         if (!sent)
408                 return;
409
410         setting = get_unaligned_le16(sent);
411
412         if (hdev->voice_setting == setting)
413                 return;
414
415         hdev->voice_setting = setting;
416
417         BT_DBG("%s voice setting 0x%04x", hdev->name, setting);
418
419         if (hdev->notify)
420                 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
421 }
422
423 static void hci_cc_host_buffer_size(struct hci_dev *hdev, struct sk_buff *skb)
424 {
425         __u8 status = *((__u8 *) skb->data);
426
427         BT_DBG("%s status 0x%x", hdev->name, status);
428
429         hci_req_complete(hdev, HCI_OP_HOST_BUFFER_SIZE, status);
430 }
431
432 static void hci_cc_write_ssp_mode(struct hci_dev *hdev, struct sk_buff *skb)
433 {
434         __u8 status = *((__u8 *) skb->data);
435         void *sent;
436
437         BT_DBG("%s status 0x%x", hdev->name, status);
438
439         sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SSP_MODE);
440         if (!sent)
441                 return;
442
443         if (test_bit(HCI_MGMT, &hdev->dev_flags))
444                 mgmt_ssp_enable_complete(hdev, *((u8 *) sent), status);
445         else if (!status) {
446                 if (*((u8 *) sent))
447                         set_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
448                 else
449                         clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
450         }
451 }
452
453 static u8 hci_get_inquiry_mode(struct hci_dev *hdev)
454 {
455         if (hdev->features[6] & LMP_EXT_INQ)
456                 return 2;
457
458         if (hdev->features[3] & LMP_RSSI_INQ)
459                 return 1;
460
461         if (hdev->manufacturer == 11 && hdev->hci_rev == 0x00 &&
462                                                 hdev->lmp_subver == 0x0757)
463                 return 1;
464
465         if (hdev->manufacturer == 15) {
466                 if (hdev->hci_rev == 0x03 && hdev->lmp_subver == 0x6963)
467                         return 1;
468                 if (hdev->hci_rev == 0x09 && hdev->lmp_subver == 0x6963)
469                         return 1;
470                 if (hdev->hci_rev == 0x00 && hdev->lmp_subver == 0x6965)
471                         return 1;
472         }
473
474         if (hdev->manufacturer == 31 && hdev->hci_rev == 0x2005 &&
475                                                 hdev->lmp_subver == 0x1805)
476                 return 1;
477
478         return 0;
479 }
480
481 static void hci_setup_inquiry_mode(struct hci_dev *hdev)
482 {
483         u8 mode;
484
485         mode = hci_get_inquiry_mode(hdev);
486
487         hci_send_cmd(hdev, HCI_OP_WRITE_INQUIRY_MODE, 1, &mode);
488 }
489
490 static void hci_setup_event_mask(struct hci_dev *hdev)
491 {
492         /* The second byte is 0xff instead of 0x9f (two reserved bits
493          * disabled) since a Broadcom 1.2 dongle doesn't respond to the
494          * command otherwise */
495         u8 events[8] = { 0xff, 0xff, 0xfb, 0xff, 0x00, 0x00, 0x00, 0x00 };
496
497         /* CSR 1.1 dongles does not accept any bitfield so don't try to set
498          * any event mask for pre 1.2 devices */
499         if (hdev->hci_ver < BLUETOOTH_VER_1_2)
500                 return;
501
502         events[4] |= 0x01; /* Flow Specification Complete */
503         events[4] |= 0x02; /* Inquiry Result with RSSI */
504         events[4] |= 0x04; /* Read Remote Extended Features Complete */
505         events[5] |= 0x08; /* Synchronous Connection Complete */
506         events[5] |= 0x10; /* Synchronous Connection Changed */
507
508         if (hdev->features[3] & LMP_RSSI_INQ)
509                 events[4] |= 0x04; /* Inquiry Result with RSSI */
510
511         if (hdev->features[5] & LMP_SNIFF_SUBR)
512                 events[5] |= 0x20; /* Sniff Subrating */
513
514         if (hdev->features[5] & LMP_PAUSE_ENC)
515                 events[5] |= 0x80; /* Encryption Key Refresh Complete */
516
517         if (hdev->features[6] & LMP_EXT_INQ)
518                 events[5] |= 0x40; /* Extended Inquiry Result */
519
520         if (hdev->features[6] & LMP_NO_FLUSH)
521                 events[7] |= 0x01; /* Enhanced Flush Complete */
522
523         if (hdev->features[7] & LMP_LSTO)
524                 events[6] |= 0x80; /* Link Supervision Timeout Changed */
525
526         if (hdev->features[6] & LMP_SIMPLE_PAIR) {
527                 events[6] |= 0x01;      /* IO Capability Request */
528                 events[6] |= 0x02;      /* IO Capability Response */
529                 events[6] |= 0x04;      /* User Confirmation Request */
530                 events[6] |= 0x08;      /* User Passkey Request */
531                 events[6] |= 0x10;      /* Remote OOB Data Request */
532                 events[6] |= 0x20;      /* Simple Pairing Complete */
533                 events[7] |= 0x04;      /* User Passkey Notification */
534                 events[7] |= 0x08;      /* Keypress Notification */
535                 events[7] |= 0x10;      /* Remote Host Supported
536                                          * Features Notification */
537         }
538
539         if (hdev->features[4] & LMP_LE)
540                 events[7] |= 0x20;      /* LE Meta-Event */
541
542         hci_send_cmd(hdev, HCI_OP_SET_EVENT_MASK, sizeof(events), events);
543 }
544
545 static void hci_setup(struct hci_dev *hdev)
546 {
547         if (hdev->dev_type != HCI_BREDR)
548                 return;
549
550         hci_setup_event_mask(hdev);
551
552         if (hdev->hci_ver > BLUETOOTH_VER_1_1)
553                 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_COMMANDS, 0, NULL);
554
555         if (hdev->features[6] & LMP_SIMPLE_PAIR) {
556                 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
557                         u8 mode = 0x01;
558                         hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE,
559                                                         sizeof(mode), &mode);
560                 } else {
561                         struct hci_cp_write_eir cp;
562
563                         memset(hdev->eir, 0, sizeof(hdev->eir));
564                         memset(&cp, 0, sizeof(cp));
565
566                         hci_send_cmd(hdev, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
567                 }
568         }
569
570         if (hdev->features[3] & LMP_RSSI_INQ)
571                 hci_setup_inquiry_mode(hdev);
572
573         if (hdev->features[7] & LMP_INQ_TX_PWR)
574                 hci_send_cmd(hdev, HCI_OP_READ_INQ_RSP_TX_POWER, 0, NULL);
575
576         if (hdev->features[7] & LMP_EXTFEATURES) {
577                 struct hci_cp_read_local_ext_features cp;
578
579                 cp.page = 0x01;
580                 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_EXT_FEATURES,
581                                                         sizeof(cp), &cp);
582         }
583
584         if (test_bit(HCI_LINK_SECURITY, &hdev->dev_flags)) {
585                 u8 enable = 1;
586                 hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE,
587                                                 sizeof(enable), &enable);
588         }
589 }
590
591 static void hci_cc_read_local_version(struct hci_dev *hdev, struct sk_buff *skb)
592 {
593         struct hci_rp_read_local_version *rp = (void *) skb->data;
594
595         BT_DBG("%s status 0x%x", hdev->name, rp->status);
596
597         if (rp->status)
598                 goto done;
599
600         hdev->hci_ver = rp->hci_ver;
601         hdev->hci_rev = __le16_to_cpu(rp->hci_rev);
602         hdev->lmp_ver = rp->lmp_ver;
603         hdev->manufacturer = __le16_to_cpu(rp->manufacturer);
604         hdev->lmp_subver = __le16_to_cpu(rp->lmp_subver);
605
606         BT_DBG("%s manufacturer %d hci ver %d:%d", hdev->name,
607                                         hdev->manufacturer,
608                                         hdev->hci_ver, hdev->hci_rev);
609
610         if (test_bit(HCI_INIT, &hdev->flags))
611                 hci_setup(hdev);
612
613 done:
614         hci_req_complete(hdev, HCI_OP_READ_LOCAL_VERSION, rp->status);
615 }
616
617 static void hci_setup_link_policy(struct hci_dev *hdev)
618 {
619         u16 link_policy = 0;
620
621         if (hdev->features[0] & LMP_RSWITCH)
622                 link_policy |= HCI_LP_RSWITCH;
623         if (hdev->features[0] & LMP_HOLD)
624                 link_policy |= HCI_LP_HOLD;
625         if (hdev->features[0] & LMP_SNIFF)
626                 link_policy |= HCI_LP_SNIFF;
627         if (hdev->features[1] & LMP_PARK)
628                 link_policy |= HCI_LP_PARK;
629
630         link_policy = cpu_to_le16(link_policy);
631         hci_send_cmd(hdev, HCI_OP_WRITE_DEF_LINK_POLICY,
632                                         sizeof(link_policy), &link_policy);
633 }
634
635 static void hci_cc_read_local_commands(struct hci_dev *hdev, struct sk_buff *skb)
636 {
637         struct hci_rp_read_local_commands *rp = (void *) skb->data;
638
639         BT_DBG("%s status 0x%x", hdev->name, rp->status);
640
641         if (rp->status)
642                 goto done;
643
644         memcpy(hdev->commands, rp->commands, sizeof(hdev->commands));
645
646         if (test_bit(HCI_INIT, &hdev->flags) && (hdev->commands[5] & 0x10))
647                 hci_setup_link_policy(hdev);
648
649 done:
650         hci_req_complete(hdev, HCI_OP_READ_LOCAL_COMMANDS, rp->status);
651 }
652
653 static void hci_cc_read_local_features(struct hci_dev *hdev, struct sk_buff *skb)
654 {
655         struct hci_rp_read_local_features *rp = (void *) skb->data;
656
657         BT_DBG("%s status 0x%x", hdev->name, rp->status);
658
659         if (rp->status)
660                 return;
661
662         memcpy(hdev->features, rp->features, 8);
663
664         /* Adjust default settings according to features
665          * supported by device. */
666
667         if (hdev->features[0] & LMP_3SLOT)
668                 hdev->pkt_type |= (HCI_DM3 | HCI_DH3);
669
670         if (hdev->features[0] & LMP_5SLOT)
671                 hdev->pkt_type |= (HCI_DM5 | HCI_DH5);
672
673         if (hdev->features[1] & LMP_HV2) {
674                 hdev->pkt_type  |= (HCI_HV2);
675                 hdev->esco_type |= (ESCO_HV2);
676         }
677
678         if (hdev->features[1] & LMP_HV3) {
679                 hdev->pkt_type  |= (HCI_HV3);
680                 hdev->esco_type |= (ESCO_HV3);
681         }
682
683         if (hdev->features[3] & LMP_ESCO)
684                 hdev->esco_type |= (ESCO_EV3);
685
686         if (hdev->features[4] & LMP_EV4)
687                 hdev->esco_type |= (ESCO_EV4);
688
689         if (hdev->features[4] & LMP_EV5)
690                 hdev->esco_type |= (ESCO_EV5);
691
692         if (hdev->features[5] & LMP_EDR_ESCO_2M)
693                 hdev->esco_type |= (ESCO_2EV3);
694
695         if (hdev->features[5] & LMP_EDR_ESCO_3M)
696                 hdev->esco_type |= (ESCO_3EV3);
697
698         if (hdev->features[5] & LMP_EDR_3S_ESCO)
699                 hdev->esco_type |= (ESCO_2EV5 | ESCO_3EV5);
700
701         BT_DBG("%s features 0x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x", hdev->name,
702                                         hdev->features[0], hdev->features[1],
703                                         hdev->features[2], hdev->features[3],
704                                         hdev->features[4], hdev->features[5],
705                                         hdev->features[6], hdev->features[7]);
706 }
707
708 static void hci_set_le_support(struct hci_dev *hdev)
709 {
710         struct hci_cp_write_le_host_supported cp;
711
712         memset(&cp, 0, sizeof(cp));
713
714         if (enable_le && test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
715                 cp.le = 1;
716                 cp.simul = !!(hdev->features[6] & LMP_SIMUL_LE_BR);
717         }
718
719         if (cp.le != !!(hdev->host_features[0] & LMP_HOST_LE))
720                 hci_send_cmd(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED,
721                                                         sizeof(cp), &cp);
722 }
723
724 static void hci_cc_read_local_ext_features(struct hci_dev *hdev,
725                                                         struct sk_buff *skb)
726 {
727         struct hci_rp_read_local_ext_features *rp = (void *) skb->data;
728
729         BT_DBG("%s status 0x%x", hdev->name, rp->status);
730
731         if (rp->status)
732                 goto done;
733
734         switch (rp->page) {
735         case 0:
736                 memcpy(hdev->features, rp->features, 8);
737                 break;
738         case 1:
739                 memcpy(hdev->host_features, rp->features, 8);
740                 break;
741         }
742
743         if (test_bit(HCI_INIT, &hdev->flags) && hdev->features[4] & LMP_LE)
744                 hci_set_le_support(hdev);
745
746 done:
747         hci_req_complete(hdev, HCI_OP_READ_LOCAL_EXT_FEATURES, rp->status);
748 }
749
750 static void hci_cc_read_flow_control_mode(struct hci_dev *hdev,
751                                                 struct sk_buff *skb)
752 {
753         struct hci_rp_read_flow_control_mode *rp = (void *) skb->data;
754
755         BT_DBG("%s status 0x%x", hdev->name, rp->status);
756
757         if (rp->status)
758                 return;
759
760         hdev->flow_ctl_mode = rp->mode;
761
762         hci_req_complete(hdev, HCI_OP_READ_FLOW_CONTROL_MODE, rp->status);
763 }
764
765 static void hci_cc_read_buffer_size(struct hci_dev *hdev, struct sk_buff *skb)
766 {
767         struct hci_rp_read_buffer_size *rp = (void *) skb->data;
768
769         BT_DBG("%s status 0x%x", hdev->name, rp->status);
770
771         if (rp->status)
772                 return;
773
774         hdev->acl_mtu  = __le16_to_cpu(rp->acl_mtu);
775         hdev->sco_mtu  = rp->sco_mtu;
776         hdev->acl_pkts = __le16_to_cpu(rp->acl_max_pkt);
777         hdev->sco_pkts = __le16_to_cpu(rp->sco_max_pkt);
778
779         if (test_bit(HCI_QUIRK_FIXUP_BUFFER_SIZE, &hdev->quirks)) {
780                 hdev->sco_mtu  = 64;
781                 hdev->sco_pkts = 8;
782         }
783
784         hdev->acl_cnt = hdev->acl_pkts;
785         hdev->sco_cnt = hdev->sco_pkts;
786
787         BT_DBG("%s acl mtu %d:%d sco mtu %d:%d", hdev->name,
788                                         hdev->acl_mtu, hdev->acl_pkts,
789                                         hdev->sco_mtu, hdev->sco_pkts);
790 }
791
792 static void hci_cc_read_bd_addr(struct hci_dev *hdev, struct sk_buff *skb)
793 {
794         struct hci_rp_read_bd_addr *rp = (void *) skb->data;
795
796         BT_DBG("%s status 0x%x", hdev->name, rp->status);
797
798         if (!rp->status)
799                 bacpy(&hdev->bdaddr, &rp->bdaddr);
800
801         hci_req_complete(hdev, HCI_OP_READ_BD_ADDR, rp->status);
802 }
803
804 static void hci_cc_read_data_block_size(struct hci_dev *hdev,
805                                                         struct sk_buff *skb)
806 {
807         struct hci_rp_read_data_block_size *rp = (void *) skb->data;
808
809         BT_DBG("%s status 0x%x", hdev->name, rp->status);
810
811         if (rp->status)
812                 return;
813
814         hdev->block_mtu = __le16_to_cpu(rp->max_acl_len);
815         hdev->block_len = __le16_to_cpu(rp->block_len);
816         hdev->num_blocks = __le16_to_cpu(rp->num_blocks);
817
818         hdev->block_cnt = hdev->num_blocks;
819
820         BT_DBG("%s blk mtu %d cnt %d len %d", hdev->name, hdev->block_mtu,
821                                         hdev->block_cnt, hdev->block_len);
822
823         hci_req_complete(hdev, HCI_OP_READ_DATA_BLOCK_SIZE, rp->status);
824 }
825
826 static void hci_cc_write_ca_timeout(struct hci_dev *hdev, struct sk_buff *skb)
827 {
828         __u8 status = *((__u8 *) skb->data);
829
830         BT_DBG("%s status 0x%x", hdev->name, status);
831
832         hci_req_complete(hdev, HCI_OP_WRITE_CA_TIMEOUT, status);
833 }
834
835 static void hci_cc_read_local_amp_info(struct hci_dev *hdev,
836                 struct sk_buff *skb)
837 {
838         struct hci_rp_read_local_amp_info *rp = (void *) skb->data;
839
840         BT_DBG("%s status 0x%x", hdev->name, rp->status);
841
842         if (rp->status)
843                 return;
844
845         hdev->amp_status = rp->amp_status;
846         hdev->amp_total_bw = __le32_to_cpu(rp->total_bw);
847         hdev->amp_max_bw = __le32_to_cpu(rp->max_bw);
848         hdev->amp_min_latency = __le32_to_cpu(rp->min_latency);
849         hdev->amp_max_pdu = __le32_to_cpu(rp->max_pdu);
850         hdev->amp_type = rp->amp_type;
851         hdev->amp_pal_cap = __le16_to_cpu(rp->pal_cap);
852         hdev->amp_assoc_size = __le16_to_cpu(rp->max_assoc_size);
853         hdev->amp_be_flush_to = __le32_to_cpu(rp->be_flush_to);
854         hdev->amp_max_flush_to = __le32_to_cpu(rp->max_flush_to);
855
856         hci_req_complete(hdev, HCI_OP_READ_LOCAL_AMP_INFO, rp->status);
857 }
858
859 static void hci_cc_delete_stored_link_key(struct hci_dev *hdev,
860                                                         struct sk_buff *skb)
861 {
862         __u8 status = *((__u8 *) skb->data);
863
864         BT_DBG("%s status 0x%x", hdev->name, status);
865
866         hci_req_complete(hdev, HCI_OP_DELETE_STORED_LINK_KEY, status);
867 }
868
869 static void hci_cc_set_event_mask(struct hci_dev *hdev, struct sk_buff *skb)
870 {
871         __u8 status = *((__u8 *) skb->data);
872
873         BT_DBG("%s status 0x%x", hdev->name, status);
874
875         hci_req_complete(hdev, HCI_OP_SET_EVENT_MASK, status);
876 }
877
878 static void hci_cc_write_inquiry_mode(struct hci_dev *hdev,
879                                                         struct sk_buff *skb)
880 {
881         __u8 status = *((__u8 *) skb->data);
882
883         BT_DBG("%s status 0x%x", hdev->name, status);
884
885         hci_req_complete(hdev, HCI_OP_WRITE_INQUIRY_MODE, status);
886 }
887
888 static void hci_cc_read_inq_rsp_tx_power(struct hci_dev *hdev,
889                                                         struct sk_buff *skb)
890 {
891         __u8 status = *((__u8 *) skb->data);
892
893         BT_DBG("%s status 0x%x", hdev->name, status);
894
895         hci_req_complete(hdev, HCI_OP_READ_INQ_RSP_TX_POWER, status);
896 }
897
898 static void hci_cc_set_event_flt(struct hci_dev *hdev, struct sk_buff *skb)
899 {
900         __u8 status = *((__u8 *) skb->data);
901
902         BT_DBG("%s status 0x%x", hdev->name, status);
903
904         hci_req_complete(hdev, HCI_OP_SET_EVENT_FLT, status);
905 }
906
907 static void hci_cc_pin_code_reply(struct hci_dev *hdev, struct sk_buff *skb)
908 {
909         struct hci_rp_pin_code_reply *rp = (void *) skb->data;
910         struct hci_cp_pin_code_reply *cp;
911         struct hci_conn *conn;
912
913         BT_DBG("%s status 0x%x", hdev->name, rp->status);
914
915         hci_dev_lock(hdev);
916
917         if (test_bit(HCI_MGMT, &hdev->dev_flags))
918                 mgmt_pin_code_reply_complete(hdev, &rp->bdaddr, rp->status);
919
920         if (rp->status != 0)
921                 goto unlock;
922
923         cp = hci_sent_cmd_data(hdev, HCI_OP_PIN_CODE_REPLY);
924         if (!cp)
925                 goto unlock;
926
927         conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
928         if (conn)
929                 conn->pin_length = cp->pin_len;
930
931 unlock:
932         hci_dev_unlock(hdev);
933 }
934
935 static void hci_cc_pin_code_neg_reply(struct hci_dev *hdev, struct sk_buff *skb)
936 {
937         struct hci_rp_pin_code_neg_reply *rp = (void *) skb->data;
938
939         BT_DBG("%s status 0x%x", hdev->name, rp->status);
940
941         hci_dev_lock(hdev);
942
943         if (test_bit(HCI_MGMT, &hdev->dev_flags))
944                 mgmt_pin_code_neg_reply_complete(hdev, &rp->bdaddr,
945                                                                 rp->status);
946
947         hci_dev_unlock(hdev);
948 }
949
950 static void hci_cc_le_read_buffer_size(struct hci_dev *hdev,
951                                        struct sk_buff *skb)
952 {
953         struct hci_rp_le_read_buffer_size *rp = (void *) skb->data;
954
955         BT_DBG("%s status 0x%x", hdev->name, rp->status);
956
957         if (rp->status)
958                 return;
959
960         hdev->le_mtu = __le16_to_cpu(rp->le_mtu);
961         hdev->le_pkts = rp->le_max_pkt;
962
963         hdev->le_cnt = hdev->le_pkts;
964
965         BT_DBG("%s le mtu %d:%d", hdev->name, hdev->le_mtu, hdev->le_pkts);
966
967         hci_req_complete(hdev, HCI_OP_LE_READ_BUFFER_SIZE, rp->status);
968 }
969
970 static void hci_cc_user_confirm_reply(struct hci_dev *hdev, struct sk_buff *skb)
971 {
972         struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
973
974         BT_DBG("%s status 0x%x", hdev->name, rp->status);
975
976         hci_dev_lock(hdev);
977
978         if (test_bit(HCI_MGMT, &hdev->dev_flags))
979                 mgmt_user_confirm_reply_complete(hdev, &rp->bdaddr, ACL_LINK,
980                                                                 0, rp->status);
981
982         hci_dev_unlock(hdev);
983 }
984
985 static void hci_cc_user_confirm_neg_reply(struct hci_dev *hdev,
986                                                         struct sk_buff *skb)
987 {
988         struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
989
990         BT_DBG("%s status 0x%x", hdev->name, rp->status);
991
992         hci_dev_lock(hdev);
993
994         if (test_bit(HCI_MGMT, &hdev->dev_flags))
995                 mgmt_user_confirm_neg_reply_complete(hdev, &rp->bdaddr,
996                                                                 ACL_LINK, 0,
997                                                                 rp->status);
998
999         hci_dev_unlock(hdev);
1000 }
1001
1002 static void hci_cc_user_passkey_reply(struct hci_dev *hdev, struct sk_buff *skb)
1003 {
1004         struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
1005
1006         BT_DBG("%s status 0x%x", hdev->name, rp->status);
1007
1008         hci_dev_lock(hdev);
1009
1010         if (test_bit(HCI_MGMT, &hdev->dev_flags))
1011                 mgmt_user_passkey_reply_complete(hdev, &rp->bdaddr, ACL_LINK,
1012                                                                 0, rp->status);
1013
1014         hci_dev_unlock(hdev);
1015 }
1016
1017 static void hci_cc_user_passkey_neg_reply(struct hci_dev *hdev,
1018                                                         struct sk_buff *skb)
1019 {
1020         struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
1021
1022         BT_DBG("%s status 0x%x", hdev->name, rp->status);
1023
1024         hci_dev_lock(hdev);
1025
1026         if (test_bit(HCI_MGMT, &hdev->dev_flags))
1027                 mgmt_user_passkey_neg_reply_complete(hdev, &rp->bdaddr,
1028                                                                 ACL_LINK, 0,
1029                                                                 rp->status);
1030
1031         hci_dev_unlock(hdev);
1032 }
1033
1034 static void hci_cc_read_local_oob_data_reply(struct hci_dev *hdev,
1035                                                         struct sk_buff *skb)
1036 {
1037         struct hci_rp_read_local_oob_data *rp = (void *) skb->data;
1038
1039         BT_DBG("%s status 0x%x", hdev->name, rp->status);
1040
1041         hci_dev_lock(hdev);
1042         mgmt_read_local_oob_data_reply_complete(hdev, rp->hash,
1043                                                 rp->randomizer, rp->status);
1044         hci_dev_unlock(hdev);
1045 }
1046
1047 static void hci_cc_le_set_scan_param(struct hci_dev *hdev, struct sk_buff *skb)
1048 {
1049         __u8 status = *((__u8 *) skb->data);
1050
1051         BT_DBG("%s status 0x%x", hdev->name, status);
1052
1053         hci_req_complete(hdev, HCI_OP_LE_SET_SCAN_PARAM, status);
1054
1055         if (status) {
1056                 hci_dev_lock(hdev);
1057                 mgmt_start_discovery_failed(hdev, status);
1058                 hci_dev_unlock(hdev);
1059                 return;
1060         }
1061 }
1062
1063 static void hci_cc_le_set_scan_enable(struct hci_dev *hdev,
1064                                         struct sk_buff *skb)
1065 {
1066         struct hci_cp_le_set_scan_enable *cp;
1067         __u8 status = *((__u8 *) skb->data);
1068
1069         BT_DBG("%s status 0x%x", hdev->name, status);
1070
1071         cp = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_SCAN_ENABLE);
1072         if (!cp)
1073                 return;
1074
1075         switch (cp->enable) {
1076         case LE_SCANNING_ENABLED:
1077                 hci_req_complete(hdev, HCI_OP_LE_SET_SCAN_ENABLE, status);
1078
1079                 if (status) {
1080                         hci_dev_lock(hdev);
1081                         mgmt_start_discovery_failed(hdev, status);
1082                         hci_dev_unlock(hdev);
1083                         return;
1084                 }
1085
1086                 set_bit(HCI_LE_SCAN, &hdev->dev_flags);
1087
1088                 cancel_delayed_work_sync(&hdev->adv_work);
1089
1090                 hci_dev_lock(hdev);
1091                 hci_adv_entries_clear(hdev);
1092                 hci_discovery_set_state(hdev, DISCOVERY_FINDING);
1093                 hci_dev_unlock(hdev);
1094                 break;
1095
1096         case LE_SCANNING_DISABLED:
1097                 if (status)
1098                         return;
1099
1100                 clear_bit(HCI_LE_SCAN, &hdev->dev_flags);
1101
1102                 schedule_delayed_work(&hdev->adv_work, ADV_CLEAR_TIMEOUT);
1103
1104                 if (hdev->discovery.type == DISCOV_TYPE_INTERLEAVED) {
1105                         mgmt_interleaved_discovery(hdev);
1106                 } else {
1107                         hci_dev_lock(hdev);
1108                         hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1109                         hci_dev_unlock(hdev);
1110                 }
1111
1112                 break;
1113
1114         default:
1115                 BT_ERR("Used reserved LE_Scan_Enable param %d", cp->enable);
1116                 break;
1117         }
1118 }
1119
1120 static void hci_cc_le_ltk_reply(struct hci_dev *hdev, struct sk_buff *skb)
1121 {
1122         struct hci_rp_le_ltk_reply *rp = (void *) skb->data;
1123
1124         BT_DBG("%s status 0x%x", hdev->name, rp->status);
1125
1126         if (rp->status)
1127                 return;
1128
1129         hci_req_complete(hdev, HCI_OP_LE_LTK_REPLY, rp->status);
1130 }
1131
1132 static void hci_cc_le_ltk_neg_reply(struct hci_dev *hdev, struct sk_buff *skb)
1133 {
1134         struct hci_rp_le_ltk_neg_reply *rp = (void *) skb->data;
1135
1136         BT_DBG("%s status 0x%x", hdev->name, rp->status);
1137
1138         if (rp->status)
1139                 return;
1140
1141         hci_req_complete(hdev, HCI_OP_LE_LTK_NEG_REPLY, rp->status);
1142 }
1143
1144 static inline void hci_cc_write_le_host_supported(struct hci_dev *hdev,
1145                                                         struct sk_buff *skb)
1146 {
1147         struct hci_cp_write_le_host_supported *sent;
1148         __u8 status = *((__u8 *) skb->data);
1149
1150         BT_DBG("%s status 0x%x", hdev->name, status);
1151
1152         sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED);
1153         if (!sent)
1154                 return;
1155
1156         if (!status) {
1157                 if (sent->le)
1158                         hdev->host_features[0] |= LMP_HOST_LE;
1159                 else
1160                         hdev->host_features[0] &= ~LMP_HOST_LE;
1161         }
1162
1163         if (test_bit(HCI_MGMT, &hdev->dev_flags) &&
1164                                         !test_bit(HCI_INIT, &hdev->flags))
1165                 mgmt_le_enable_complete(hdev, sent->le, status);
1166
1167         hci_req_complete(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED, status);
1168 }
1169
1170 static inline void hci_cs_inquiry(struct hci_dev *hdev, __u8 status)
1171 {
1172         BT_DBG("%s status 0x%x", hdev->name, status);
1173
1174         if (status) {
1175                 hci_req_complete(hdev, HCI_OP_INQUIRY, status);
1176                 hci_conn_check_pending(hdev);
1177                 hci_dev_lock(hdev);
1178                 if (test_bit(HCI_MGMT, &hdev->dev_flags))
1179                         mgmt_start_discovery_failed(hdev, status);
1180                 hci_dev_unlock(hdev);
1181                 return;
1182         }
1183
1184         set_bit(HCI_INQUIRY, &hdev->flags);
1185
1186         hci_dev_lock(hdev);
1187         hci_discovery_set_state(hdev, DISCOVERY_FINDING);
1188         hci_dev_unlock(hdev);
1189 }
1190
1191 static inline void hci_cs_create_conn(struct hci_dev *hdev, __u8 status)
1192 {
1193         struct hci_cp_create_conn *cp;
1194         struct hci_conn *conn;
1195
1196         BT_DBG("%s status 0x%x", hdev->name, status);
1197
1198         cp = hci_sent_cmd_data(hdev, HCI_OP_CREATE_CONN);
1199         if (!cp)
1200                 return;
1201
1202         hci_dev_lock(hdev);
1203
1204         conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1205
1206         BT_DBG("%s bdaddr %s conn %p", hdev->name, batostr(&cp->bdaddr), conn);
1207
1208         if (status) {
1209                 if (conn && conn->state == BT_CONNECT) {
1210                         if (status != 0x0c || conn->attempt > 2) {
1211                                 conn->state = BT_CLOSED;
1212                                 hci_proto_connect_cfm(conn, status);
1213                                 hci_conn_del(conn);
1214                         } else
1215                                 conn->state = BT_CONNECT2;
1216                 }
1217         } else {
1218                 if (!conn) {
1219                         conn = hci_conn_add(hdev, ACL_LINK, &cp->bdaddr);
1220                         if (conn) {
1221                                 conn->out = true;
1222                                 conn->link_mode |= HCI_LM_MASTER;
1223                         } else
1224                                 BT_ERR("No memory for new connection");
1225                 }
1226         }
1227
1228         hci_dev_unlock(hdev);
1229 }
1230
1231 static void hci_cs_add_sco(struct hci_dev *hdev, __u8 status)
1232 {
1233         struct hci_cp_add_sco *cp;
1234         struct hci_conn *acl, *sco;
1235         __u16 handle;
1236
1237         BT_DBG("%s status 0x%x", hdev->name, status);
1238
1239         if (!status)
1240                 return;
1241
1242         cp = hci_sent_cmd_data(hdev, HCI_OP_ADD_SCO);
1243         if (!cp)
1244                 return;
1245
1246         handle = __le16_to_cpu(cp->handle);
1247
1248         BT_DBG("%s handle %d", hdev->name, handle);
1249
1250         hci_dev_lock(hdev);
1251
1252         acl = hci_conn_hash_lookup_handle(hdev, handle);
1253         if (acl) {
1254                 sco = acl->link;
1255                 if (sco) {
1256                         sco->state = BT_CLOSED;
1257
1258                         hci_proto_connect_cfm(sco, status);
1259                         hci_conn_del(sco);
1260                 }
1261         }
1262
1263         hci_dev_unlock(hdev);
1264 }
1265
1266 static void hci_cs_auth_requested(struct hci_dev *hdev, __u8 status)
1267 {
1268         struct hci_cp_auth_requested *cp;
1269         struct hci_conn *conn;
1270
1271         BT_DBG("%s status 0x%x", hdev->name, status);
1272
1273         if (!status)
1274                 return;
1275
1276         cp = hci_sent_cmd_data(hdev, HCI_OP_AUTH_REQUESTED);
1277         if (!cp)
1278                 return;
1279
1280         hci_dev_lock(hdev);
1281
1282         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1283         if (conn) {
1284                 if (conn->state == BT_CONFIG) {
1285                         hci_proto_connect_cfm(conn, status);
1286                         hci_conn_put(conn);
1287                 }
1288         }
1289
1290         hci_dev_unlock(hdev);
1291 }
1292
1293 static void hci_cs_set_conn_encrypt(struct hci_dev *hdev, __u8 status)
1294 {
1295         struct hci_cp_set_conn_encrypt *cp;
1296         struct hci_conn *conn;
1297
1298         BT_DBG("%s status 0x%x", hdev->name, status);
1299
1300         if (!status)
1301                 return;
1302
1303         cp = hci_sent_cmd_data(hdev, HCI_OP_SET_CONN_ENCRYPT);
1304         if (!cp)
1305                 return;
1306
1307         hci_dev_lock(hdev);
1308
1309         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1310         if (conn) {
1311                 if (conn->state == BT_CONFIG) {
1312                         hci_proto_connect_cfm(conn, status);
1313                         hci_conn_put(conn);
1314                 }
1315         }
1316
1317         hci_dev_unlock(hdev);
1318 }
1319
1320 static int hci_outgoing_auth_needed(struct hci_dev *hdev,
1321                                                         struct hci_conn *conn)
1322 {
1323         if (conn->state != BT_CONFIG || !conn->out)
1324                 return 0;
1325
1326         if (conn->pending_sec_level == BT_SECURITY_SDP)
1327                 return 0;
1328
1329         /* Only request authentication for SSP connections or non-SSP
1330          * devices with sec_level HIGH or if MITM protection is requested */
1331         if (!hci_conn_ssp_enabled(conn) &&
1332                                 conn->pending_sec_level != BT_SECURITY_HIGH &&
1333                                 !(conn->auth_type & 0x01))
1334                 return 0;
1335
1336         return 1;
1337 }
1338
1339 static inline int hci_resolve_name(struct hci_dev *hdev,
1340                                                 struct inquiry_entry *e)
1341 {
1342         struct hci_cp_remote_name_req cp;
1343
1344         memset(&cp, 0, sizeof(cp));
1345
1346         bacpy(&cp.bdaddr, &e->data.bdaddr);
1347         cp.pscan_rep_mode = e->data.pscan_rep_mode;
1348         cp.pscan_mode = e->data.pscan_mode;
1349         cp.clock_offset = e->data.clock_offset;
1350
1351         return hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
1352 }
1353
1354 static bool hci_resolve_next_name(struct hci_dev *hdev)
1355 {
1356         struct discovery_state *discov = &hdev->discovery;
1357         struct inquiry_entry *e;
1358
1359         if (list_empty(&discov->resolve))
1360                 return false;
1361
1362         e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_NEEDED);
1363         if (hci_resolve_name(hdev, e) == 0) {
1364                 e->name_state = NAME_PENDING;
1365                 return true;
1366         }
1367
1368         return false;
1369 }
1370
1371 static void hci_check_pending_name(struct hci_dev *hdev, struct hci_conn *conn,
1372                                         bdaddr_t *bdaddr, u8 *name, u8 name_len)
1373 {
1374         struct discovery_state *discov = &hdev->discovery;
1375         struct inquiry_entry *e;
1376
1377         if (conn && !test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
1378                 mgmt_device_connected(hdev, bdaddr, ACL_LINK, 0x00, 0,
1379                                         name, name_len, conn->dev_class);
1380
1381         if (discov->state == DISCOVERY_STOPPED)
1382                 return;
1383
1384         if (discov->state == DISCOVERY_STOPPING)
1385                 goto discov_complete;
1386
1387         if (discov->state != DISCOVERY_RESOLVING)
1388                 return;
1389
1390         e = hci_inquiry_cache_lookup_resolve(hdev, bdaddr, NAME_PENDING);
1391         if (e) {
1392                 e->name_state = NAME_KNOWN;
1393                 list_del(&e->list);
1394                 if (name)
1395                         mgmt_remote_name(hdev, bdaddr, ACL_LINK, 0x00,
1396                                         e->data.rssi, name, name_len);
1397         }
1398
1399         if (hci_resolve_next_name(hdev))
1400                 return;
1401
1402 discov_complete:
1403         hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1404 }
1405
1406 static void hci_cs_remote_name_req(struct hci_dev *hdev, __u8 status)
1407 {
1408         struct hci_cp_remote_name_req *cp;
1409         struct hci_conn *conn;
1410
1411         BT_DBG("%s status 0x%x", hdev->name, status);
1412
1413         /* If successful wait for the name req complete event before
1414          * checking for the need to do authentication */
1415         if (!status)
1416                 return;
1417
1418         cp = hci_sent_cmd_data(hdev, HCI_OP_REMOTE_NAME_REQ);
1419         if (!cp)
1420                 return;
1421
1422         hci_dev_lock(hdev);
1423
1424         conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1425
1426         if (test_bit(HCI_MGMT, &hdev->dev_flags))
1427                 hci_check_pending_name(hdev, conn, &cp->bdaddr, NULL, 0);
1428
1429         if (!conn)
1430                 goto unlock;
1431
1432         if (!hci_outgoing_auth_needed(hdev, conn))
1433                 goto unlock;
1434
1435         if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
1436                 struct hci_cp_auth_requested cp;
1437                 cp.handle = __cpu_to_le16(conn->handle);
1438                 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp);
1439         }
1440
1441 unlock:
1442         hci_dev_unlock(hdev);
1443 }
1444
1445 static void hci_cs_read_remote_features(struct hci_dev *hdev, __u8 status)
1446 {
1447         struct hci_cp_read_remote_features *cp;
1448         struct hci_conn *conn;
1449
1450         BT_DBG("%s status 0x%x", hdev->name, status);
1451
1452         if (!status)
1453                 return;
1454
1455         cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_FEATURES);
1456         if (!cp)
1457                 return;
1458
1459         hci_dev_lock(hdev);
1460
1461         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1462         if (conn) {
1463                 if (conn->state == BT_CONFIG) {
1464                         hci_proto_connect_cfm(conn, status);
1465                         hci_conn_put(conn);
1466                 }
1467         }
1468
1469         hci_dev_unlock(hdev);
1470 }
1471
1472 static void hci_cs_read_remote_ext_features(struct hci_dev *hdev, __u8 status)
1473 {
1474         struct hci_cp_read_remote_ext_features *cp;
1475         struct hci_conn *conn;
1476
1477         BT_DBG("%s status 0x%x", hdev->name, status);
1478
1479         if (!status)
1480                 return;
1481
1482         cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES);
1483         if (!cp)
1484                 return;
1485
1486         hci_dev_lock(hdev);
1487
1488         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1489         if (conn) {
1490                 if (conn->state == BT_CONFIG) {
1491                         hci_proto_connect_cfm(conn, status);
1492                         hci_conn_put(conn);
1493                 }
1494         }
1495
1496         hci_dev_unlock(hdev);
1497 }
1498
1499 static void hci_cs_setup_sync_conn(struct hci_dev *hdev, __u8 status)
1500 {
1501         struct hci_cp_setup_sync_conn *cp;
1502         struct hci_conn *acl, *sco;
1503         __u16 handle;
1504
1505         BT_DBG("%s status 0x%x", hdev->name, status);
1506
1507         if (!status)
1508                 return;
1509
1510         cp = hci_sent_cmd_data(hdev, HCI_OP_SETUP_SYNC_CONN);
1511         if (!cp)
1512                 return;
1513
1514         handle = __le16_to_cpu(cp->handle);
1515
1516         BT_DBG("%s handle %d", hdev->name, handle);
1517
1518         hci_dev_lock(hdev);
1519
1520         acl = hci_conn_hash_lookup_handle(hdev, handle);
1521         if (acl) {
1522                 sco = acl->link;
1523                 if (sco) {
1524                         sco->state = BT_CLOSED;
1525
1526                         hci_proto_connect_cfm(sco, status);
1527                         hci_conn_del(sco);
1528                 }
1529         }
1530
1531         hci_dev_unlock(hdev);
1532 }
1533
1534 static void hci_cs_sniff_mode(struct hci_dev *hdev, __u8 status)
1535 {
1536         struct hci_cp_sniff_mode *cp;
1537         struct hci_conn *conn;
1538
1539         BT_DBG("%s status 0x%x", hdev->name, status);
1540
1541         if (!status)
1542                 return;
1543
1544         cp = hci_sent_cmd_data(hdev, HCI_OP_SNIFF_MODE);
1545         if (!cp)
1546                 return;
1547
1548         hci_dev_lock(hdev);
1549
1550         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1551         if (conn) {
1552                 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags);
1553
1554                 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
1555                         hci_sco_setup(conn, status);
1556         }
1557
1558         hci_dev_unlock(hdev);
1559 }
1560
1561 static void hci_cs_exit_sniff_mode(struct hci_dev *hdev, __u8 status)
1562 {
1563         struct hci_cp_exit_sniff_mode *cp;
1564         struct hci_conn *conn;
1565
1566         BT_DBG("%s status 0x%x", hdev->name, status);
1567
1568         if (!status)
1569                 return;
1570
1571         cp = hci_sent_cmd_data(hdev, HCI_OP_EXIT_SNIFF_MODE);
1572         if (!cp)
1573                 return;
1574
1575         hci_dev_lock(hdev);
1576
1577         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1578         if (conn) {
1579                 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags);
1580
1581                 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
1582                         hci_sco_setup(conn, status);
1583         }
1584
1585         hci_dev_unlock(hdev);
1586 }
1587
1588 static void hci_cs_disconnect(struct hci_dev *hdev, u8 status)
1589 {
1590         struct hci_cp_disconnect *cp;
1591         struct hci_conn *conn;
1592
1593         if (!status)
1594                 return;
1595
1596         cp = hci_sent_cmd_data(hdev, HCI_OP_DISCONNECT);
1597         if (!cp)
1598                 return;
1599
1600         hci_dev_lock(hdev);
1601
1602         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1603         if (conn)
1604                 mgmt_disconnect_failed(hdev, &conn->dst, conn->type,
1605                                                 conn->dst_type, status);
1606
1607         hci_dev_unlock(hdev);
1608 }
1609
1610 static void hci_cs_le_create_conn(struct hci_dev *hdev, __u8 status)
1611 {
1612         struct hci_cp_le_create_conn *cp;
1613         struct hci_conn *conn;
1614
1615         BT_DBG("%s status 0x%x", hdev->name, status);
1616
1617         cp = hci_sent_cmd_data(hdev, HCI_OP_LE_CREATE_CONN);
1618         if (!cp)
1619                 return;
1620
1621         hci_dev_lock(hdev);
1622
1623         conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->peer_addr);
1624
1625         BT_DBG("%s bdaddr %s conn %p", hdev->name, batostr(&cp->peer_addr),
1626                 conn);
1627
1628         if (status) {
1629                 if (conn && conn->state == BT_CONNECT) {
1630                         conn->state = BT_CLOSED;
1631                         hci_proto_connect_cfm(conn, status);
1632                         hci_conn_del(conn);
1633                 }
1634         } else {
1635                 if (!conn) {
1636                         conn = hci_conn_add(hdev, LE_LINK, &cp->peer_addr);
1637                         if (conn) {
1638                                 conn->dst_type = cp->peer_addr_type;
1639                                 conn->out = true;
1640                         } else {
1641                                 BT_ERR("No memory for new connection");
1642                         }
1643                 }
1644         }
1645
1646         hci_dev_unlock(hdev);
1647 }
1648
1649 static void hci_cs_le_start_enc(struct hci_dev *hdev, u8 status)
1650 {
1651         BT_DBG("%s status 0x%x", hdev->name, status);
1652 }
1653
1654 static inline void hci_inquiry_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1655 {
1656         __u8 status = *((__u8 *) skb->data);
1657         struct discovery_state *discov = &hdev->discovery;
1658         struct inquiry_entry *e;
1659
1660         BT_DBG("%s status %d", hdev->name, status);
1661
1662         hci_req_complete(hdev, HCI_OP_INQUIRY, status);
1663
1664         hci_conn_check_pending(hdev);
1665
1666         if (!test_and_clear_bit(HCI_INQUIRY, &hdev->flags))
1667                 return;
1668
1669         if (!test_bit(HCI_MGMT, &hdev->dev_flags))
1670                 return;
1671
1672         hci_dev_lock(hdev);
1673
1674         if (discov->state != DISCOVERY_FINDING)
1675                 goto unlock;
1676
1677         if (list_empty(&discov->resolve)) {
1678                 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1679                 goto unlock;
1680         }
1681
1682         e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_NEEDED);
1683         if (e && hci_resolve_name(hdev, e) == 0) {
1684                 e->name_state = NAME_PENDING;
1685                 hci_discovery_set_state(hdev, DISCOVERY_RESOLVING);
1686         } else {
1687                 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1688         }
1689
1690 unlock:
1691         hci_dev_unlock(hdev);
1692 }
1693
1694 static inline void hci_inquiry_result_evt(struct hci_dev *hdev, struct sk_buff *skb)
1695 {
1696         struct inquiry_data data;
1697         struct inquiry_info *info = (void *) (skb->data + 1);
1698         int num_rsp = *((__u8 *) skb->data);
1699
1700         BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
1701
1702         if (!num_rsp)
1703                 return;
1704
1705         hci_dev_lock(hdev);
1706
1707         for (; num_rsp; num_rsp--, info++) {
1708                 bool name_known, ssp;
1709
1710                 bacpy(&data.bdaddr, &info->bdaddr);
1711                 data.pscan_rep_mode     = info->pscan_rep_mode;
1712                 data.pscan_period_mode  = info->pscan_period_mode;
1713                 data.pscan_mode         = info->pscan_mode;
1714                 memcpy(data.dev_class, info->dev_class, 3);
1715                 data.clock_offset       = info->clock_offset;
1716                 data.rssi               = 0x00;
1717                 data.ssp_mode           = 0x00;
1718
1719                 name_known = hci_inquiry_cache_update(hdev, &data, false, &ssp);
1720                 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
1721                                         info->dev_class, 0, !name_known, ssp,
1722                                         NULL, 0);
1723         }
1724
1725         hci_dev_unlock(hdev);
1726 }
1727
1728 static inline void hci_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1729 {
1730         struct hci_ev_conn_complete *ev = (void *) skb->data;
1731         struct hci_conn *conn;
1732
1733         BT_DBG("%s", hdev->name);
1734
1735         hci_dev_lock(hdev);
1736
1737         conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
1738         if (!conn) {
1739                 if (ev->link_type != SCO_LINK)
1740                         goto unlock;
1741
1742                 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
1743                 if (!conn)
1744                         goto unlock;
1745
1746                 conn->type = SCO_LINK;
1747         }
1748
1749         if (!ev->status) {
1750                 conn->handle = __le16_to_cpu(ev->handle);
1751
1752                 if (conn->type == ACL_LINK) {
1753                         conn->state = BT_CONFIG;
1754                         hci_conn_hold(conn);
1755                         conn->disc_timeout = HCI_DISCONN_TIMEOUT;
1756                 } else
1757                         conn->state = BT_CONNECTED;
1758
1759                 hci_conn_hold_device(conn);
1760                 hci_conn_add_sysfs(conn);
1761
1762                 if (test_bit(HCI_AUTH, &hdev->flags))
1763                         conn->link_mode |= HCI_LM_AUTH;
1764
1765                 if (test_bit(HCI_ENCRYPT, &hdev->flags))
1766                         conn->link_mode |= HCI_LM_ENCRYPT;
1767
1768                 /* Get remote features */
1769                 if (conn->type == ACL_LINK) {
1770                         struct hci_cp_read_remote_features cp;
1771                         cp.handle = ev->handle;
1772                         hci_send_cmd(hdev, HCI_OP_READ_REMOTE_FEATURES,
1773                                                         sizeof(cp), &cp);
1774                 }
1775
1776                 /* Set packet type for incoming connection */
1777                 if (!conn->out && hdev->hci_ver < BLUETOOTH_VER_2_0) {
1778                         struct hci_cp_change_conn_ptype cp;
1779                         cp.handle = ev->handle;
1780                         cp.pkt_type = cpu_to_le16(conn->pkt_type);
1781                         hci_send_cmd(hdev, HCI_OP_CHANGE_CONN_PTYPE,
1782                                                         sizeof(cp), &cp);
1783                 }
1784         } else {
1785                 conn->state = BT_CLOSED;
1786                 if (conn->type == ACL_LINK)
1787                         mgmt_connect_failed(hdev, &ev->bdaddr, conn->type,
1788                                                 conn->dst_type, ev->status);
1789         }
1790
1791         if (conn->type == ACL_LINK)
1792                 hci_sco_setup(conn, ev->status);
1793
1794         if (ev->status) {
1795                 hci_proto_connect_cfm(conn, ev->status);
1796                 hci_conn_del(conn);
1797         } else if (ev->link_type != ACL_LINK)
1798                 hci_proto_connect_cfm(conn, ev->status);
1799
1800 unlock:
1801         hci_dev_unlock(hdev);
1802
1803         hci_conn_check_pending(hdev);
1804 }
1805
1806 static inline void hci_conn_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
1807 {
1808         struct hci_ev_conn_request *ev = (void *) skb->data;
1809         int mask = hdev->link_mode;
1810
1811         BT_DBG("%s bdaddr %s type 0x%x", hdev->name,
1812                                         batostr(&ev->bdaddr), ev->link_type);
1813
1814         mask |= hci_proto_connect_ind(hdev, &ev->bdaddr, ev->link_type);
1815
1816         if ((mask & HCI_LM_ACCEPT) &&
1817                         !hci_blacklist_lookup(hdev, &ev->bdaddr)) {
1818                 /* Connection accepted */
1819                 struct inquiry_entry *ie;
1820                 struct hci_conn *conn;
1821
1822                 hci_dev_lock(hdev);
1823
1824                 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
1825                 if (ie)
1826                         memcpy(ie->data.dev_class, ev->dev_class, 3);
1827
1828                 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
1829                 if (!conn) {
1830                         conn = hci_conn_add(hdev, ev->link_type, &ev->bdaddr);
1831                         if (!conn) {
1832                                 BT_ERR("No memory for new connection");
1833                                 hci_dev_unlock(hdev);
1834                                 return;
1835                         }
1836                 }
1837
1838                 memcpy(conn->dev_class, ev->dev_class, 3);
1839                 conn->state = BT_CONNECT;
1840
1841                 hci_dev_unlock(hdev);
1842
1843                 if (ev->link_type == ACL_LINK || !lmp_esco_capable(hdev)) {
1844                         struct hci_cp_accept_conn_req cp;
1845
1846                         bacpy(&cp.bdaddr, &ev->bdaddr);
1847
1848                         if (lmp_rswitch_capable(hdev) && (mask & HCI_LM_MASTER))
1849                                 cp.role = 0x00; /* Become master */
1850                         else
1851                                 cp.role = 0x01; /* Remain slave */
1852
1853                         hci_send_cmd(hdev, HCI_OP_ACCEPT_CONN_REQ,
1854                                                         sizeof(cp), &cp);
1855                 } else {
1856                         struct hci_cp_accept_sync_conn_req cp;
1857
1858                         bacpy(&cp.bdaddr, &ev->bdaddr);
1859                         cp.pkt_type = cpu_to_le16(conn->pkt_type);
1860
1861                         cp.tx_bandwidth   = cpu_to_le32(0x00001f40);
1862                         cp.rx_bandwidth   = cpu_to_le32(0x00001f40);
1863                         cp.max_latency    = cpu_to_le16(0xffff);
1864                         cp.content_format = cpu_to_le16(hdev->voice_setting);
1865                         cp.retrans_effort = 0xff;
1866
1867                         hci_send_cmd(hdev, HCI_OP_ACCEPT_SYNC_CONN_REQ,
1868                                                         sizeof(cp), &cp);
1869                 }
1870         } else {
1871                 /* Connection rejected */
1872                 struct hci_cp_reject_conn_req cp;
1873
1874                 bacpy(&cp.bdaddr, &ev->bdaddr);
1875                 cp.reason = HCI_ERROR_REJ_BAD_ADDR;
1876                 hci_send_cmd(hdev, HCI_OP_REJECT_CONN_REQ, sizeof(cp), &cp);
1877         }
1878 }
1879
1880 static inline void hci_disconn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1881 {
1882         struct hci_ev_disconn_complete *ev = (void *) skb->data;
1883         struct hci_conn *conn;
1884
1885         BT_DBG("%s status %d", hdev->name, ev->status);
1886
1887         hci_dev_lock(hdev);
1888
1889         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1890         if (!conn)
1891                 goto unlock;
1892
1893         if (ev->status == 0)
1894                 conn->state = BT_CLOSED;
1895
1896         if (test_and_clear_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags) &&
1897                         (conn->type == ACL_LINK || conn->type == LE_LINK)) {
1898                 if (ev->status != 0)
1899                         mgmt_disconnect_failed(hdev, &conn->dst, conn->type,
1900                                                 conn->dst_type, ev->status);
1901                 else
1902                         mgmt_device_disconnected(hdev, &conn->dst, conn->type,
1903                                                         conn->dst_type);
1904         }
1905
1906         if (ev->status == 0) {
1907                 hci_proto_disconn_cfm(conn, ev->reason);
1908                 hci_conn_del(conn);
1909         }
1910
1911 unlock:
1912         hci_dev_unlock(hdev);
1913 }
1914
1915 static inline void hci_auth_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1916 {
1917         struct hci_ev_auth_complete *ev = (void *) skb->data;
1918         struct hci_conn *conn;
1919
1920         BT_DBG("%s status %d", hdev->name, ev->status);
1921
1922         hci_dev_lock(hdev);
1923
1924         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1925         if (!conn)
1926                 goto unlock;
1927
1928         if (!ev->status) {
1929                 if (!hci_conn_ssp_enabled(conn) &&
1930                                 test_bit(HCI_CONN_REAUTH_PEND, &conn->flags)) {
1931                         BT_INFO("re-auth of legacy device is not possible.");
1932                 } else {
1933                         conn->link_mode |= HCI_LM_AUTH;
1934                         conn->sec_level = conn->pending_sec_level;
1935                 }
1936         } else {
1937                 mgmt_auth_failed(hdev, &conn->dst, conn->type, conn->dst_type,
1938                                                                 ev->status);
1939         }
1940
1941         clear_bit(HCI_CONN_AUTH_PEND, &conn->flags);
1942         clear_bit(HCI_CONN_REAUTH_PEND, &conn->flags);
1943
1944         if (conn->state == BT_CONFIG) {
1945                 if (!ev->status && hci_conn_ssp_enabled(conn)) {
1946                         struct hci_cp_set_conn_encrypt cp;
1947                         cp.handle  = ev->handle;
1948                         cp.encrypt = 0x01;
1949                         hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
1950                                                                         &cp);
1951                 } else {
1952                         conn->state = BT_CONNECTED;
1953                         hci_proto_connect_cfm(conn, ev->status);
1954                         hci_conn_put(conn);
1955                 }
1956         } else {
1957                 hci_auth_cfm(conn, ev->status);
1958
1959                 hci_conn_hold(conn);
1960                 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
1961                 hci_conn_put(conn);
1962         }
1963
1964         if (test_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags)) {
1965                 if (!ev->status) {
1966                         struct hci_cp_set_conn_encrypt cp;
1967                         cp.handle  = ev->handle;
1968                         cp.encrypt = 0x01;
1969                         hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
1970                                                                         &cp);
1971                 } else {
1972                         clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
1973                         hci_encrypt_cfm(conn, ev->status, 0x00);
1974                 }
1975         }
1976
1977 unlock:
1978         hci_dev_unlock(hdev);
1979 }
1980
1981 static inline void hci_remote_name_evt(struct hci_dev *hdev, struct sk_buff *skb)
1982 {
1983         struct hci_ev_remote_name *ev = (void *) skb->data;
1984         struct hci_conn *conn;
1985
1986         BT_DBG("%s", hdev->name);
1987
1988         hci_conn_check_pending(hdev);
1989
1990         hci_dev_lock(hdev);
1991
1992         conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
1993
1994         if (!test_bit(HCI_MGMT, &hdev->dev_flags))
1995                 goto check_auth;
1996
1997         if (ev->status == 0)
1998                 hci_check_pending_name(hdev, conn, &ev->bdaddr, ev->name,
1999                                         strnlen(ev->name, HCI_MAX_NAME_LENGTH));
2000         else
2001                 hci_check_pending_name(hdev, conn, &ev->bdaddr, NULL, 0);
2002
2003 check_auth:
2004         if (!conn)
2005                 goto unlock;
2006
2007         if (!hci_outgoing_auth_needed(hdev, conn))
2008                 goto unlock;
2009
2010         if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
2011                 struct hci_cp_auth_requested cp;
2012                 cp.handle = __cpu_to_le16(conn->handle);
2013                 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp);
2014         }
2015
2016 unlock:
2017         hci_dev_unlock(hdev);
2018 }
2019
2020 static inline void hci_encrypt_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2021 {
2022         struct hci_ev_encrypt_change *ev = (void *) skb->data;
2023         struct hci_conn *conn;
2024
2025         BT_DBG("%s status %d", hdev->name, ev->status);
2026
2027         hci_dev_lock(hdev);
2028
2029         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2030         if (conn) {
2031                 if (!ev->status) {
2032                         if (ev->encrypt) {
2033                                 /* Encryption implies authentication */
2034                                 conn->link_mode |= HCI_LM_AUTH;
2035                                 conn->link_mode |= HCI_LM_ENCRYPT;
2036                                 conn->sec_level = conn->pending_sec_level;
2037                         } else
2038                                 conn->link_mode &= ~HCI_LM_ENCRYPT;
2039                 }
2040
2041                 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
2042
2043                 if (conn->state == BT_CONFIG) {
2044                         if (!ev->status)
2045                                 conn->state = BT_CONNECTED;
2046
2047                         hci_proto_connect_cfm(conn, ev->status);
2048                         hci_conn_put(conn);
2049                 } else
2050                         hci_encrypt_cfm(conn, ev->status, ev->encrypt);
2051         }
2052
2053         hci_dev_unlock(hdev);
2054 }
2055
2056 static inline void hci_change_link_key_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2057 {
2058         struct hci_ev_change_link_key_complete *ev = (void *) skb->data;
2059         struct hci_conn *conn;
2060
2061         BT_DBG("%s status %d", hdev->name, ev->status);
2062
2063         hci_dev_lock(hdev);
2064
2065         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2066         if (conn) {
2067                 if (!ev->status)
2068                         conn->link_mode |= HCI_LM_SECURE;
2069
2070                 clear_bit(HCI_CONN_AUTH_PEND, &conn->flags);
2071
2072                 hci_key_change_cfm(conn, ev->status);
2073         }
2074
2075         hci_dev_unlock(hdev);
2076 }
2077
2078 static inline void hci_remote_features_evt(struct hci_dev *hdev, struct sk_buff *skb)
2079 {
2080         struct hci_ev_remote_features *ev = (void *) skb->data;
2081         struct hci_conn *conn;
2082
2083         BT_DBG("%s status %d", hdev->name, ev->status);
2084
2085         hci_dev_lock(hdev);
2086
2087         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2088         if (!conn)
2089                 goto unlock;
2090
2091         if (!ev->status)
2092                 memcpy(conn->features, ev->features, 8);
2093
2094         if (conn->state != BT_CONFIG)
2095                 goto unlock;
2096
2097         if (!ev->status && lmp_ssp_capable(hdev) && lmp_ssp_capable(conn)) {
2098                 struct hci_cp_read_remote_ext_features cp;
2099                 cp.handle = ev->handle;
2100                 cp.page = 0x01;
2101                 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES,
2102                                                         sizeof(cp), &cp);
2103                 goto unlock;
2104         }
2105
2106         if (!ev->status) {
2107                 struct hci_cp_remote_name_req cp;
2108                 memset(&cp, 0, sizeof(cp));
2109                 bacpy(&cp.bdaddr, &conn->dst);
2110                 cp.pscan_rep_mode = 0x02;
2111                 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
2112         } else if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
2113                 mgmt_device_connected(hdev, &conn->dst, conn->type,
2114                                                 conn->dst_type, 0, NULL, 0,
2115                                                 conn->dev_class);
2116
2117         if (!hci_outgoing_auth_needed(hdev, conn)) {
2118                 conn->state = BT_CONNECTED;
2119                 hci_proto_connect_cfm(conn, ev->status);
2120                 hci_conn_put(conn);
2121         }
2122
2123 unlock:
2124         hci_dev_unlock(hdev);
2125 }
2126
2127 static inline void hci_remote_version_evt(struct hci_dev *hdev, struct sk_buff *skb)
2128 {
2129         BT_DBG("%s", hdev->name);
2130 }
2131
2132 static inline void hci_qos_setup_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2133 {
2134         BT_DBG("%s", hdev->name);
2135 }
2136
2137 static inline void hci_cmd_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2138 {
2139         struct hci_ev_cmd_complete *ev = (void *) skb->data;
2140         __u16 opcode;
2141
2142         skb_pull(skb, sizeof(*ev));
2143
2144         opcode = __le16_to_cpu(ev->opcode);
2145
2146         switch (opcode) {
2147         case HCI_OP_INQUIRY_CANCEL:
2148                 hci_cc_inquiry_cancel(hdev, skb);
2149                 break;
2150
2151         case HCI_OP_EXIT_PERIODIC_INQ:
2152                 hci_cc_exit_periodic_inq(hdev, skb);
2153                 break;
2154
2155         case HCI_OP_REMOTE_NAME_REQ_CANCEL:
2156                 hci_cc_remote_name_req_cancel(hdev, skb);
2157                 break;
2158
2159         case HCI_OP_ROLE_DISCOVERY:
2160                 hci_cc_role_discovery(hdev, skb);
2161                 break;
2162
2163         case HCI_OP_READ_LINK_POLICY:
2164                 hci_cc_read_link_policy(hdev, skb);
2165                 break;
2166
2167         case HCI_OP_WRITE_LINK_POLICY:
2168                 hci_cc_write_link_policy(hdev, skb);
2169                 break;
2170
2171         case HCI_OP_READ_DEF_LINK_POLICY:
2172                 hci_cc_read_def_link_policy(hdev, skb);
2173                 break;
2174
2175         case HCI_OP_WRITE_DEF_LINK_POLICY:
2176                 hci_cc_write_def_link_policy(hdev, skb);
2177                 break;
2178
2179         case HCI_OP_RESET:
2180                 hci_cc_reset(hdev, skb);
2181                 break;
2182
2183         case HCI_OP_WRITE_LOCAL_NAME:
2184                 hci_cc_write_local_name(hdev, skb);
2185                 break;
2186
2187         case HCI_OP_READ_LOCAL_NAME:
2188                 hci_cc_read_local_name(hdev, skb);
2189                 break;
2190
2191         case HCI_OP_WRITE_AUTH_ENABLE:
2192                 hci_cc_write_auth_enable(hdev, skb);
2193                 break;
2194
2195         case HCI_OP_WRITE_ENCRYPT_MODE:
2196                 hci_cc_write_encrypt_mode(hdev, skb);
2197                 break;
2198
2199         case HCI_OP_WRITE_SCAN_ENABLE:
2200                 hci_cc_write_scan_enable(hdev, skb);
2201                 break;
2202
2203         case HCI_OP_READ_CLASS_OF_DEV:
2204                 hci_cc_read_class_of_dev(hdev, skb);
2205                 break;
2206
2207         case HCI_OP_WRITE_CLASS_OF_DEV:
2208                 hci_cc_write_class_of_dev(hdev, skb);
2209                 break;
2210
2211         case HCI_OP_READ_VOICE_SETTING:
2212                 hci_cc_read_voice_setting(hdev, skb);
2213                 break;
2214
2215         case HCI_OP_WRITE_VOICE_SETTING:
2216                 hci_cc_write_voice_setting(hdev, skb);
2217                 break;
2218
2219         case HCI_OP_HOST_BUFFER_SIZE:
2220                 hci_cc_host_buffer_size(hdev, skb);
2221                 break;
2222
2223         case HCI_OP_WRITE_SSP_MODE:
2224                 hci_cc_write_ssp_mode(hdev, skb);
2225                 break;
2226
2227         case HCI_OP_READ_LOCAL_VERSION:
2228                 hci_cc_read_local_version(hdev, skb);
2229                 break;
2230
2231         case HCI_OP_READ_LOCAL_COMMANDS:
2232                 hci_cc_read_local_commands(hdev, skb);
2233                 break;
2234
2235         case HCI_OP_READ_LOCAL_FEATURES:
2236                 hci_cc_read_local_features(hdev, skb);
2237                 break;
2238
2239         case HCI_OP_READ_LOCAL_EXT_FEATURES:
2240                 hci_cc_read_local_ext_features(hdev, skb);
2241                 break;
2242
2243         case HCI_OP_READ_BUFFER_SIZE:
2244                 hci_cc_read_buffer_size(hdev, skb);
2245                 break;
2246
2247         case HCI_OP_READ_BD_ADDR:
2248                 hci_cc_read_bd_addr(hdev, skb);
2249                 break;
2250
2251         case HCI_OP_READ_DATA_BLOCK_SIZE:
2252                 hci_cc_read_data_block_size(hdev, skb);
2253                 break;
2254
2255         case HCI_OP_WRITE_CA_TIMEOUT:
2256                 hci_cc_write_ca_timeout(hdev, skb);
2257                 break;
2258
2259         case HCI_OP_READ_FLOW_CONTROL_MODE:
2260                 hci_cc_read_flow_control_mode(hdev, skb);
2261                 break;
2262
2263         case HCI_OP_READ_LOCAL_AMP_INFO:
2264                 hci_cc_read_local_amp_info(hdev, skb);
2265                 break;
2266
2267         case HCI_OP_DELETE_STORED_LINK_KEY:
2268                 hci_cc_delete_stored_link_key(hdev, skb);
2269                 break;
2270
2271         case HCI_OP_SET_EVENT_MASK:
2272                 hci_cc_set_event_mask(hdev, skb);
2273                 break;
2274
2275         case HCI_OP_WRITE_INQUIRY_MODE:
2276                 hci_cc_write_inquiry_mode(hdev, skb);
2277                 break;
2278
2279         case HCI_OP_READ_INQ_RSP_TX_POWER:
2280                 hci_cc_read_inq_rsp_tx_power(hdev, skb);
2281                 break;
2282
2283         case HCI_OP_SET_EVENT_FLT:
2284                 hci_cc_set_event_flt(hdev, skb);
2285                 break;
2286
2287         case HCI_OP_PIN_CODE_REPLY:
2288                 hci_cc_pin_code_reply(hdev, skb);
2289                 break;
2290
2291         case HCI_OP_PIN_CODE_NEG_REPLY:
2292                 hci_cc_pin_code_neg_reply(hdev, skb);
2293                 break;
2294
2295         case HCI_OP_READ_LOCAL_OOB_DATA:
2296                 hci_cc_read_local_oob_data_reply(hdev, skb);
2297                 break;
2298
2299         case HCI_OP_LE_READ_BUFFER_SIZE:
2300                 hci_cc_le_read_buffer_size(hdev, skb);
2301                 break;
2302
2303         case HCI_OP_USER_CONFIRM_REPLY:
2304                 hci_cc_user_confirm_reply(hdev, skb);
2305                 break;
2306
2307         case HCI_OP_USER_CONFIRM_NEG_REPLY:
2308                 hci_cc_user_confirm_neg_reply(hdev, skb);
2309                 break;
2310
2311         case HCI_OP_USER_PASSKEY_REPLY:
2312                 hci_cc_user_passkey_reply(hdev, skb);
2313                 break;
2314
2315         case HCI_OP_USER_PASSKEY_NEG_REPLY:
2316                 hci_cc_user_passkey_neg_reply(hdev, skb);
2317
2318         case HCI_OP_LE_SET_SCAN_PARAM:
2319                 hci_cc_le_set_scan_param(hdev, skb);
2320                 break;
2321
2322         case HCI_OP_LE_SET_SCAN_ENABLE:
2323                 hci_cc_le_set_scan_enable(hdev, skb);
2324                 break;
2325
2326         case HCI_OP_LE_LTK_REPLY:
2327                 hci_cc_le_ltk_reply(hdev, skb);
2328                 break;
2329
2330         case HCI_OP_LE_LTK_NEG_REPLY:
2331                 hci_cc_le_ltk_neg_reply(hdev, skb);
2332                 break;
2333
2334         case HCI_OP_WRITE_LE_HOST_SUPPORTED:
2335                 hci_cc_write_le_host_supported(hdev, skb);
2336                 break;
2337
2338         default:
2339                 BT_DBG("%s opcode 0x%x", hdev->name, opcode);
2340                 break;
2341         }
2342
2343         if (ev->opcode != HCI_OP_NOP)
2344                 del_timer(&hdev->cmd_timer);
2345
2346         if (ev->ncmd) {
2347                 atomic_set(&hdev->cmd_cnt, 1);
2348                 if (!skb_queue_empty(&hdev->cmd_q))
2349                         queue_work(hdev->workqueue, &hdev->cmd_work);
2350         }
2351 }
2352
2353 static inline void hci_cmd_status_evt(struct hci_dev *hdev, struct sk_buff *skb)
2354 {
2355         struct hci_ev_cmd_status *ev = (void *) skb->data;
2356         __u16 opcode;
2357
2358         skb_pull(skb, sizeof(*ev));
2359
2360         opcode = __le16_to_cpu(ev->opcode);
2361
2362         switch (opcode) {
2363         case HCI_OP_INQUIRY:
2364                 hci_cs_inquiry(hdev, ev->status);
2365                 break;
2366
2367         case HCI_OP_CREATE_CONN:
2368                 hci_cs_create_conn(hdev, ev->status);
2369                 break;
2370
2371         case HCI_OP_ADD_SCO:
2372                 hci_cs_add_sco(hdev, ev->status);
2373                 break;
2374
2375         case HCI_OP_AUTH_REQUESTED:
2376                 hci_cs_auth_requested(hdev, ev->status);
2377                 break;
2378
2379         case HCI_OP_SET_CONN_ENCRYPT:
2380                 hci_cs_set_conn_encrypt(hdev, ev->status);
2381                 break;
2382
2383         case HCI_OP_REMOTE_NAME_REQ:
2384                 hci_cs_remote_name_req(hdev, ev->status);
2385                 break;
2386
2387         case HCI_OP_READ_REMOTE_FEATURES:
2388                 hci_cs_read_remote_features(hdev, ev->status);
2389                 break;
2390
2391         case HCI_OP_READ_REMOTE_EXT_FEATURES:
2392                 hci_cs_read_remote_ext_features(hdev, ev->status);
2393                 break;
2394
2395         case HCI_OP_SETUP_SYNC_CONN:
2396                 hci_cs_setup_sync_conn(hdev, ev->status);
2397                 break;
2398
2399         case HCI_OP_SNIFF_MODE:
2400                 hci_cs_sniff_mode(hdev, ev->status);
2401                 break;
2402
2403         case HCI_OP_EXIT_SNIFF_MODE:
2404                 hci_cs_exit_sniff_mode(hdev, ev->status);
2405                 break;
2406
2407         case HCI_OP_DISCONNECT:
2408                 hci_cs_disconnect(hdev, ev->status);
2409                 break;
2410
2411         case HCI_OP_LE_CREATE_CONN:
2412                 hci_cs_le_create_conn(hdev, ev->status);
2413                 break;
2414
2415         case HCI_OP_LE_START_ENC:
2416                 hci_cs_le_start_enc(hdev, ev->status);
2417                 break;
2418
2419         default:
2420                 BT_DBG("%s opcode 0x%x", hdev->name, opcode);
2421                 break;
2422         }
2423
2424         if (ev->opcode != HCI_OP_NOP)
2425                 del_timer(&hdev->cmd_timer);
2426
2427         if (ev->ncmd && !test_bit(HCI_RESET, &hdev->flags)) {
2428                 atomic_set(&hdev->cmd_cnt, 1);
2429                 if (!skb_queue_empty(&hdev->cmd_q))
2430                         queue_work(hdev->workqueue, &hdev->cmd_work);
2431         }
2432 }
2433
2434 static inline void hci_role_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2435 {
2436         struct hci_ev_role_change *ev = (void *) skb->data;
2437         struct hci_conn *conn;
2438
2439         BT_DBG("%s status %d", hdev->name, ev->status);
2440
2441         hci_dev_lock(hdev);
2442
2443         conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2444         if (conn) {
2445                 if (!ev->status) {
2446                         if (ev->role)
2447                                 conn->link_mode &= ~HCI_LM_MASTER;
2448                         else
2449                                 conn->link_mode |= HCI_LM_MASTER;
2450                 }
2451
2452                 clear_bit(HCI_CONN_RSWITCH_PEND, &conn->flags);
2453
2454                 hci_role_switch_cfm(conn, ev->status, ev->role);
2455         }
2456
2457         hci_dev_unlock(hdev);
2458 }
2459
2460 static inline void hci_num_comp_pkts_evt(struct hci_dev *hdev, struct sk_buff *skb)
2461 {
2462         struct hci_ev_num_comp_pkts *ev = (void *) skb->data;
2463         int i;
2464
2465         if (hdev->flow_ctl_mode != HCI_FLOW_CTL_MODE_PACKET_BASED) {
2466                 BT_ERR("Wrong event for mode %d", hdev->flow_ctl_mode);
2467                 return;
2468         }
2469
2470         if (skb->len < sizeof(*ev) || skb->len < sizeof(*ev) +
2471                         ev->num_hndl * sizeof(struct hci_comp_pkts_info)) {
2472                 BT_DBG("%s bad parameters", hdev->name);
2473                 return;
2474         }
2475
2476         BT_DBG("%s num_hndl %d", hdev->name, ev->num_hndl);
2477
2478         for (i = 0; i < ev->num_hndl; i++) {
2479                 struct hci_comp_pkts_info *info = &ev->handles[i];
2480                 struct hci_conn *conn;
2481                 __u16  handle, count;
2482
2483                 handle = __le16_to_cpu(info->handle);
2484                 count  = __le16_to_cpu(info->count);
2485
2486                 conn = hci_conn_hash_lookup_handle(hdev, handle);
2487                 if (!conn)
2488                         continue;
2489
2490                 conn->sent -= count;
2491
2492                 switch (conn->type) {
2493                 case ACL_LINK:
2494                         hdev->acl_cnt += count;
2495                         if (hdev->acl_cnt > hdev->acl_pkts)
2496                                 hdev->acl_cnt = hdev->acl_pkts;
2497                         break;
2498
2499                 case LE_LINK:
2500                         if (hdev->le_pkts) {
2501                                 hdev->le_cnt += count;
2502                                 if (hdev->le_cnt > hdev->le_pkts)
2503                                         hdev->le_cnt = hdev->le_pkts;
2504                         } else {
2505                                 hdev->acl_cnt += count;
2506                                 if (hdev->acl_cnt > hdev->acl_pkts)
2507                                         hdev->acl_cnt = hdev->acl_pkts;
2508                         }
2509                         break;
2510
2511                 case SCO_LINK:
2512                         hdev->sco_cnt += count;
2513                         if (hdev->sco_cnt > hdev->sco_pkts)
2514                                 hdev->sco_cnt = hdev->sco_pkts;
2515                         break;
2516
2517                 default:
2518                         BT_ERR("Unknown type %d conn %p", conn->type, conn);
2519                         break;
2520                 }
2521         }
2522
2523         queue_work(hdev->workqueue, &hdev->tx_work);
2524 }
2525
2526 static inline void hci_num_comp_blocks_evt(struct hci_dev *hdev,
2527                                                         struct sk_buff *skb)
2528 {
2529         struct hci_ev_num_comp_blocks *ev = (void *) skb->data;
2530         int i;
2531
2532         if (hdev->flow_ctl_mode != HCI_FLOW_CTL_MODE_BLOCK_BASED) {
2533                 BT_ERR("Wrong event for mode %d", hdev->flow_ctl_mode);
2534                 return;
2535         }
2536
2537         if (skb->len < sizeof(*ev) || skb->len < sizeof(*ev) +
2538                         ev->num_hndl * sizeof(struct hci_comp_blocks_info)) {
2539                 BT_DBG("%s bad parameters", hdev->name);
2540                 return;
2541         }
2542
2543         BT_DBG("%s num_blocks %d num_hndl %d", hdev->name, ev->num_blocks,
2544                                                                 ev->num_hndl);
2545
2546         for (i = 0; i < ev->num_hndl; i++) {
2547                 struct hci_comp_blocks_info *info = &ev->handles[i];
2548                 struct hci_conn *conn;
2549                 __u16  handle, block_count;
2550
2551                 handle = __le16_to_cpu(info->handle);
2552                 block_count = __le16_to_cpu(info->blocks);
2553
2554                 conn = hci_conn_hash_lookup_handle(hdev, handle);
2555                 if (!conn)
2556                         continue;
2557
2558                 conn->sent -= block_count;
2559
2560                 switch (conn->type) {
2561                 case ACL_LINK:
2562                         hdev->block_cnt += block_count;
2563                         if (hdev->block_cnt > hdev->num_blocks)
2564                                 hdev->block_cnt = hdev->num_blocks;
2565                         break;
2566
2567                 default:
2568                         BT_ERR("Unknown type %d conn %p", conn->type, conn);
2569                         break;
2570                 }
2571         }
2572
2573         queue_work(hdev->workqueue, &hdev->tx_work);
2574 }
2575
2576 static inline void hci_mode_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2577 {
2578         struct hci_ev_mode_change *ev = (void *) skb->data;
2579         struct hci_conn *conn;
2580
2581         BT_DBG("%s status %d", hdev->name, ev->status);
2582
2583         hci_dev_lock(hdev);
2584
2585         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2586         if (conn) {
2587                 conn->mode = ev->mode;
2588                 conn->interval = __le16_to_cpu(ev->interval);
2589
2590                 if (!test_and_clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags)) {
2591                         if (conn->mode == HCI_CM_ACTIVE)
2592                                 set_bit(HCI_CONN_POWER_SAVE, &conn->flags);
2593                         else
2594                                 clear_bit(HCI_CONN_POWER_SAVE, &conn->flags);
2595                 }
2596
2597                 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
2598                         hci_sco_setup(conn, ev->status);
2599         }
2600
2601         hci_dev_unlock(hdev);
2602 }
2603
2604 static inline void hci_pin_code_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
2605 {
2606         struct hci_ev_pin_code_req *ev = (void *) skb->data;
2607         struct hci_conn *conn;
2608
2609         BT_DBG("%s", hdev->name);
2610
2611         hci_dev_lock(hdev);
2612
2613         conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2614         if (!conn)
2615                 goto unlock;
2616
2617         if (conn->state == BT_CONNECTED) {
2618                 hci_conn_hold(conn);
2619                 conn->disc_timeout = HCI_PAIRING_TIMEOUT;
2620                 hci_conn_put(conn);
2621         }
2622
2623         if (!test_bit(HCI_PAIRABLE, &hdev->dev_flags))
2624                 hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
2625                                         sizeof(ev->bdaddr), &ev->bdaddr);
2626         else if (test_bit(HCI_MGMT, &hdev->dev_flags)) {
2627                 u8 secure;
2628
2629                 if (conn->pending_sec_level == BT_SECURITY_HIGH)
2630                         secure = 1;
2631                 else
2632                         secure = 0;
2633
2634                 mgmt_pin_code_request(hdev, &ev->bdaddr, secure);
2635         }
2636
2637 unlock:
2638         hci_dev_unlock(hdev);
2639 }
2640
2641 static inline void hci_link_key_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
2642 {
2643         struct hci_ev_link_key_req *ev = (void *) skb->data;
2644         struct hci_cp_link_key_reply cp;
2645         struct hci_conn *conn;
2646         struct link_key *key;
2647
2648         BT_DBG("%s", hdev->name);
2649
2650         if (!test_bit(HCI_LINK_KEYS, &hdev->dev_flags))
2651                 return;
2652
2653         hci_dev_lock(hdev);
2654
2655         key = hci_find_link_key(hdev, &ev->bdaddr);
2656         if (!key) {
2657                 BT_DBG("%s link key not found for %s", hdev->name,
2658                                                         batostr(&ev->bdaddr));
2659                 goto not_found;
2660         }
2661
2662         BT_DBG("%s found key type %u for %s", hdev->name, key->type,
2663                                                         batostr(&ev->bdaddr));
2664
2665         if (!test_bit(HCI_DEBUG_KEYS, &hdev->dev_flags) &&
2666                                 key->type == HCI_LK_DEBUG_COMBINATION) {
2667                 BT_DBG("%s ignoring debug key", hdev->name);
2668                 goto not_found;
2669         }
2670
2671         conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2672         if (conn) {
2673                 if (key->type == HCI_LK_UNAUTH_COMBINATION &&
2674                                 conn->auth_type != 0xff &&
2675                                 (conn->auth_type & 0x01)) {
2676                         BT_DBG("%s ignoring unauthenticated key", hdev->name);
2677                         goto not_found;
2678                 }
2679
2680                 if (key->type == HCI_LK_COMBINATION && key->pin_len < 16 &&
2681                                 conn->pending_sec_level == BT_SECURITY_HIGH) {
2682                         BT_DBG("%s ignoring key unauthenticated for high \
2683                                                         security", hdev->name);
2684                         goto not_found;
2685                 }
2686
2687                 conn->key_type = key->type;
2688                 conn->pin_length = key->pin_len;
2689         }
2690
2691         bacpy(&cp.bdaddr, &ev->bdaddr);
2692         memcpy(cp.link_key, key->val, 16);
2693
2694         hci_send_cmd(hdev, HCI_OP_LINK_KEY_REPLY, sizeof(cp), &cp);
2695
2696         hci_dev_unlock(hdev);
2697
2698         return;
2699
2700 not_found:
2701         hci_send_cmd(hdev, HCI_OP_LINK_KEY_NEG_REPLY, 6, &ev->bdaddr);
2702         hci_dev_unlock(hdev);
2703 }
2704
2705 static inline void hci_link_key_notify_evt(struct hci_dev *hdev, struct sk_buff *skb)
2706 {
2707         struct hci_ev_link_key_notify *ev = (void *) skb->data;
2708         struct hci_conn *conn;
2709         u8 pin_len = 0;
2710
2711         BT_DBG("%s", hdev->name);
2712
2713         hci_dev_lock(hdev);
2714
2715         conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2716         if (conn) {
2717                 hci_conn_hold(conn);
2718                 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
2719                 pin_len = conn->pin_length;
2720
2721                 if (ev->key_type != HCI_LK_CHANGED_COMBINATION)
2722                         conn->key_type = ev->key_type;
2723
2724                 hci_conn_put(conn);
2725         }
2726
2727         if (test_bit(HCI_LINK_KEYS, &hdev->dev_flags))
2728                 hci_add_link_key(hdev, conn, 1, &ev->bdaddr, ev->link_key,
2729                                                         ev->key_type, pin_len);
2730
2731         hci_dev_unlock(hdev);
2732 }
2733
2734 static inline void hci_clock_offset_evt(struct hci_dev *hdev, struct sk_buff *skb)
2735 {
2736         struct hci_ev_clock_offset *ev = (void *) skb->data;
2737         struct hci_conn *conn;
2738
2739         BT_DBG("%s status %d", hdev->name, ev->status);
2740
2741         hci_dev_lock(hdev);
2742
2743         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2744         if (conn && !ev->status) {
2745                 struct inquiry_entry *ie;
2746
2747                 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
2748                 if (ie) {
2749                         ie->data.clock_offset = ev->clock_offset;
2750                         ie->timestamp = jiffies;
2751                 }
2752         }
2753
2754         hci_dev_unlock(hdev);
2755 }
2756
2757 static inline void hci_pkt_type_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2758 {
2759         struct hci_ev_pkt_type_change *ev = (void *) skb->data;
2760         struct hci_conn *conn;
2761
2762         BT_DBG("%s status %d", hdev->name, ev->status);
2763
2764         hci_dev_lock(hdev);
2765
2766         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2767         if (conn && !ev->status)
2768                 conn->pkt_type = __le16_to_cpu(ev->pkt_type);
2769
2770         hci_dev_unlock(hdev);
2771 }
2772
2773 static inline void hci_pscan_rep_mode_evt(struct hci_dev *hdev, struct sk_buff *skb)
2774 {
2775         struct hci_ev_pscan_rep_mode *ev = (void *) skb->data;
2776         struct inquiry_entry *ie;
2777
2778         BT_DBG("%s", hdev->name);
2779
2780         hci_dev_lock(hdev);
2781
2782         ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
2783         if (ie) {
2784                 ie->data.pscan_rep_mode = ev->pscan_rep_mode;
2785                 ie->timestamp = jiffies;
2786         }
2787
2788         hci_dev_unlock(hdev);
2789 }
2790
2791 static inline void hci_inquiry_result_with_rssi_evt(struct hci_dev *hdev, struct sk_buff *skb)
2792 {
2793         struct inquiry_data data;
2794         int num_rsp = *((__u8 *) skb->data);
2795         bool name_known, ssp;
2796
2797         BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
2798
2799         if (!num_rsp)
2800                 return;
2801
2802         hci_dev_lock(hdev);
2803
2804         if ((skb->len - 1) / num_rsp != sizeof(struct inquiry_info_with_rssi)) {
2805                 struct inquiry_info_with_rssi_and_pscan_mode *info;
2806                 info = (void *) (skb->data + 1);
2807
2808                 for (; num_rsp; num_rsp--, info++) {
2809                         bacpy(&data.bdaddr, &info->bdaddr);
2810                         data.pscan_rep_mode     = info->pscan_rep_mode;
2811                         data.pscan_period_mode  = info->pscan_period_mode;
2812                         data.pscan_mode         = info->pscan_mode;
2813                         memcpy(data.dev_class, info->dev_class, 3);
2814                         data.clock_offset       = info->clock_offset;
2815                         data.rssi               = info->rssi;
2816                         data.ssp_mode           = 0x00;
2817
2818                         name_known = hci_inquiry_cache_update(hdev, &data,
2819                                                                 false, &ssp);
2820                         mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
2821                                                 info->dev_class, info->rssi,
2822                                                 !name_known, ssp, NULL, 0);
2823                 }
2824         } else {
2825                 struct inquiry_info_with_rssi *info = (void *) (skb->data + 1);
2826
2827                 for (; num_rsp; num_rsp--, info++) {
2828                         bacpy(&data.bdaddr, &info->bdaddr);
2829                         data.pscan_rep_mode     = info->pscan_rep_mode;
2830                         data.pscan_period_mode  = info->pscan_period_mode;
2831                         data.pscan_mode         = 0x00;
2832                         memcpy(data.dev_class, info->dev_class, 3);
2833                         data.clock_offset       = info->clock_offset;
2834                         data.rssi               = info->rssi;
2835                         data.ssp_mode           = 0x00;
2836                         name_known = hci_inquiry_cache_update(hdev, &data,
2837                                                                 false, &ssp);
2838                         mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
2839                                                 info->dev_class, info->rssi,
2840                                                 !name_known, ssp, NULL, 0);
2841                 }
2842         }
2843
2844         hci_dev_unlock(hdev);
2845 }
2846
2847 static inline void hci_remote_ext_features_evt(struct hci_dev *hdev, struct sk_buff *skb)
2848 {
2849         struct hci_ev_remote_ext_features *ev = (void *) skb->data;
2850         struct hci_conn *conn;
2851
2852         BT_DBG("%s", hdev->name);
2853
2854         hci_dev_lock(hdev);
2855
2856         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2857         if (!conn)
2858                 goto unlock;
2859
2860         if (!ev->status && ev->page == 0x01) {
2861                 struct inquiry_entry *ie;
2862
2863                 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
2864                 if (ie)
2865                         ie->data.ssp_mode = (ev->features[0] & LMP_HOST_SSP);
2866
2867                 if (ev->features[0] & LMP_HOST_SSP)
2868                         set_bit(HCI_CONN_SSP_ENABLED, &conn->flags);
2869         }
2870
2871         if (conn->state != BT_CONFIG)
2872                 goto unlock;
2873
2874         if (!ev->status) {
2875                 struct hci_cp_remote_name_req cp;
2876                 memset(&cp, 0, sizeof(cp));
2877                 bacpy(&cp.bdaddr, &conn->dst);
2878                 cp.pscan_rep_mode = 0x02;
2879                 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
2880         } else if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
2881                 mgmt_device_connected(hdev, &conn->dst, conn->type,
2882                                                 conn->dst_type, 0, NULL, 0,
2883                                                 conn->dev_class);
2884
2885         if (!hci_outgoing_auth_needed(hdev, conn)) {
2886                 conn->state = BT_CONNECTED;
2887                 hci_proto_connect_cfm(conn, ev->status);
2888                 hci_conn_put(conn);
2889         }
2890
2891 unlock:
2892         hci_dev_unlock(hdev);
2893 }
2894
2895 static inline void hci_sync_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2896 {
2897         struct hci_ev_sync_conn_complete *ev = (void *) skb->data;
2898         struct hci_conn *conn;
2899
2900         BT_DBG("%s status %d", hdev->name, ev->status);
2901
2902         hci_dev_lock(hdev);
2903
2904         conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
2905         if (!conn) {
2906                 if (ev->link_type == ESCO_LINK)
2907                         goto unlock;
2908
2909                 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
2910                 if (!conn)
2911                         goto unlock;
2912
2913                 conn->type = SCO_LINK;
2914         }
2915
2916         switch (ev->status) {
2917         case 0x00:
2918                 conn->handle = __le16_to_cpu(ev->handle);
2919                 conn->state  = BT_CONNECTED;
2920
2921                 hci_conn_hold_device(conn);
2922                 hci_conn_add_sysfs(conn);
2923                 break;
2924
2925         case 0x11:      /* Unsupported Feature or Parameter Value */
2926         case 0x1c:      /* SCO interval rejected */
2927         case 0x1a:      /* Unsupported Remote Feature */
2928         case 0x1f:      /* Unspecified error */
2929                 if (conn->out && conn->attempt < 2) {
2930                         conn->pkt_type = (hdev->esco_type & SCO_ESCO_MASK) |
2931                                         (hdev->esco_type & EDR_ESCO_MASK);
2932                         hci_setup_sync(conn, conn->link->handle);
2933                         goto unlock;
2934                 }
2935                 /* fall through */
2936
2937         default:
2938                 conn->state = BT_CLOSED;
2939                 break;
2940         }
2941
2942         hci_proto_connect_cfm(conn, ev->status);
2943         if (ev->status)
2944                 hci_conn_del(conn);
2945
2946 unlock:
2947         hci_dev_unlock(hdev);
2948 }
2949
2950 static inline void hci_sync_conn_changed_evt(struct hci_dev *hdev, struct sk_buff *skb)
2951 {
2952         BT_DBG("%s", hdev->name);
2953 }
2954
2955 static inline void hci_sniff_subrate_evt(struct hci_dev *hdev, struct sk_buff *skb)
2956 {
2957         struct hci_ev_sniff_subrate *ev = (void *) skb->data;
2958
2959         BT_DBG("%s status %d", hdev->name, ev->status);
2960 }
2961
2962 static inline void hci_extended_inquiry_result_evt(struct hci_dev *hdev, struct sk_buff *skb)
2963 {
2964         struct inquiry_data data;
2965         struct extended_inquiry_info *info = (void *) (skb->data + 1);
2966         int num_rsp = *((__u8 *) skb->data);
2967
2968         BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
2969
2970         if (!num_rsp)
2971                 return;
2972
2973         hci_dev_lock(hdev);
2974
2975         for (; num_rsp; num_rsp--, info++) {
2976                 bool name_known, ssp;
2977
2978                 bacpy(&data.bdaddr, &info->bdaddr);
2979                 data.pscan_rep_mode     = info->pscan_rep_mode;
2980                 data.pscan_period_mode  = info->pscan_period_mode;
2981                 data.pscan_mode         = 0x00;
2982                 memcpy(data.dev_class, info->dev_class, 3);
2983                 data.clock_offset       = info->clock_offset;
2984                 data.rssi               = info->rssi;
2985                 data.ssp_mode           = 0x01;
2986
2987                 if (test_bit(HCI_MGMT, &hdev->dev_flags))
2988                         name_known = eir_has_data_type(info->data,
2989                                                         sizeof(info->data),
2990                                                         EIR_NAME_COMPLETE);
2991                 else
2992                         name_known = true;
2993
2994                 name_known = hci_inquiry_cache_update(hdev, &data, name_known,
2995                                                                         &ssp);
2996                 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
2997                                                 info->dev_class, info->rssi,
2998                                                 !name_known, ssp, info->data,
2999                                                 sizeof(info->data));
3000         }
3001
3002         hci_dev_unlock(hdev);
3003 }
3004
3005 static inline u8 hci_get_auth_req(struct hci_conn *conn)
3006 {
3007         /* If remote requests dedicated bonding follow that lead */
3008         if (conn->remote_auth == 0x02 || conn->remote_auth == 0x03) {
3009                 /* If both remote and local IO capabilities allow MITM
3010                  * protection then require it, otherwise don't */
3011                 if (conn->remote_cap == 0x03 || conn->io_capability == 0x03)
3012                         return 0x02;
3013                 else
3014                         return 0x03;
3015         }
3016
3017         /* If remote requests no-bonding follow that lead */
3018         if (conn->remote_auth == 0x00 || conn->remote_auth == 0x01)
3019                 return conn->remote_auth | (conn->auth_type & 0x01);
3020
3021         return conn->auth_type;
3022 }
3023
3024 static inline void hci_io_capa_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
3025 {
3026         struct hci_ev_io_capa_request *ev = (void *) skb->data;
3027         struct hci_conn *conn;
3028
3029         BT_DBG("%s", hdev->name);
3030
3031         hci_dev_lock(hdev);
3032
3033         conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3034         if (!conn)
3035                 goto unlock;
3036
3037         hci_conn_hold(conn);
3038
3039         if (!test_bit(HCI_MGMT, &hdev->dev_flags))
3040                 goto unlock;
3041
3042         if (test_bit(HCI_PAIRABLE, &hdev->dev_flags) ||
3043                         (conn->remote_auth & ~0x01) == HCI_AT_NO_BONDING) {
3044                 struct hci_cp_io_capability_reply cp;
3045
3046                 bacpy(&cp.bdaddr, &ev->bdaddr);
3047                 /* Change the IO capability from KeyboardDisplay
3048                  * to DisplayYesNo as it is not supported by BT spec. */
3049                 cp.capability = (conn->io_capability == 0x04) ?
3050                                                 0x01 : conn->io_capability;
3051                 conn->auth_type = hci_get_auth_req(conn);
3052                 cp.authentication = conn->auth_type;
3053
3054                 if ((conn->out || test_bit(HCI_CONN_REMOTE_OOB, &conn->flags)) &&
3055                                 hci_find_remote_oob_data(hdev, &conn->dst))
3056                         cp.oob_data = 0x01;
3057                 else
3058                         cp.oob_data = 0x00;
3059
3060                 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_REPLY,
3061                                                         sizeof(cp), &cp);
3062         } else {
3063                 struct hci_cp_io_capability_neg_reply cp;
3064
3065                 bacpy(&cp.bdaddr, &ev->bdaddr);
3066                 cp.reason = HCI_ERROR_PAIRING_NOT_ALLOWED;
3067
3068                 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_NEG_REPLY,
3069                                                         sizeof(cp), &cp);
3070         }
3071
3072 unlock:
3073         hci_dev_unlock(hdev);
3074 }
3075
3076 static inline void hci_io_capa_reply_evt(struct hci_dev *hdev, struct sk_buff *skb)
3077 {
3078         struct hci_ev_io_capa_reply *ev = (void *) skb->data;
3079         struct hci_conn *conn;
3080
3081         BT_DBG("%s", hdev->name);
3082
3083         hci_dev_lock(hdev);
3084
3085         conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3086         if (!conn)
3087                 goto unlock;
3088
3089         conn->remote_cap = ev->capability;
3090         conn->remote_auth = ev->authentication;
3091         if (ev->oob_data)
3092                 set_bit(HCI_CONN_REMOTE_OOB, &conn->flags);
3093
3094 unlock:
3095         hci_dev_unlock(hdev);
3096 }
3097
3098 static inline void hci_user_confirm_request_evt(struct hci_dev *hdev,
3099                                                         struct sk_buff *skb)
3100 {
3101         struct hci_ev_user_confirm_req *ev = (void *) skb->data;
3102         int loc_mitm, rem_mitm, confirm_hint = 0;
3103         struct hci_conn *conn;
3104
3105         BT_DBG("%s", hdev->name);
3106
3107         hci_dev_lock(hdev);
3108
3109         if (!test_bit(HCI_MGMT, &hdev->dev_flags))
3110                 goto unlock;
3111
3112         conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3113         if (!conn)
3114                 goto unlock;
3115
3116         loc_mitm = (conn->auth_type & 0x01);
3117         rem_mitm = (conn->remote_auth & 0x01);
3118
3119         /* If we require MITM but the remote device can't provide that
3120          * (it has NoInputNoOutput) then reject the confirmation
3121          * request. The only exception is when we're dedicated bonding
3122          * initiators (connect_cfm_cb set) since then we always have the MITM
3123          * bit set. */
3124         if (!conn->connect_cfm_cb && loc_mitm && conn->remote_cap == 0x03) {
3125                 BT_DBG("Rejecting request: remote device can't provide MITM");
3126                 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_NEG_REPLY,
3127                                         sizeof(ev->bdaddr), &ev->bdaddr);
3128                 goto unlock;
3129         }
3130
3131         /* If no side requires MITM protection; auto-accept */
3132         if ((!loc_mitm || conn->remote_cap == 0x03) &&
3133                                 (!rem_mitm || conn->io_capability == 0x03)) {
3134
3135                 /* If we're not the initiators request authorization to
3136                  * proceed from user space (mgmt_user_confirm with
3137                  * confirm_hint set to 1). */
3138                 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
3139                         BT_DBG("Confirming auto-accept as acceptor");
3140                         confirm_hint = 1;
3141                         goto confirm;
3142                 }
3143
3144                 BT_DBG("Auto-accept of user confirmation with %ums delay",
3145                                                 hdev->auto_accept_delay);
3146
3147                 if (hdev->auto_accept_delay > 0) {
3148                         int delay = msecs_to_jiffies(hdev->auto_accept_delay);
3149                         mod_timer(&conn->auto_accept_timer, jiffies + delay);
3150                         goto unlock;
3151                 }
3152
3153                 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_REPLY,
3154                                                 sizeof(ev->bdaddr), &ev->bdaddr);
3155                 goto unlock;
3156         }
3157
3158 confirm:
3159         mgmt_user_confirm_request(hdev, &ev->bdaddr, ACL_LINK, 0, ev->passkey,
3160                                                                 confirm_hint);
3161
3162 unlock:
3163         hci_dev_unlock(hdev);
3164 }
3165
3166 static inline void hci_user_passkey_request_evt(struct hci_dev *hdev,
3167                                                         struct sk_buff *skb)
3168 {
3169         struct hci_ev_user_passkey_req *ev = (void *) skb->data;
3170
3171         BT_DBG("%s", hdev->name);
3172
3173         hci_dev_lock(hdev);
3174
3175         if (test_bit(HCI_MGMT, &hdev->dev_flags))
3176                 mgmt_user_passkey_request(hdev, &ev->bdaddr, ACL_LINK, 0);
3177
3178         hci_dev_unlock(hdev);
3179 }
3180
3181 static inline void hci_simple_pair_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
3182 {
3183         struct hci_ev_simple_pair_complete *ev = (void *) skb->data;
3184         struct hci_conn *conn;
3185
3186         BT_DBG("%s", hdev->name);
3187
3188         hci_dev_lock(hdev);
3189
3190         conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3191         if (!conn)
3192                 goto unlock;
3193
3194         /* To avoid duplicate auth_failed events to user space we check
3195          * the HCI_CONN_AUTH_PEND flag which will be set if we
3196          * initiated the authentication. A traditional auth_complete
3197          * event gets always produced as initiator and is also mapped to
3198          * the mgmt_auth_failed event */
3199         if (!test_bit(HCI_CONN_AUTH_PEND, &conn->flags) && ev->status != 0)
3200                 mgmt_auth_failed(hdev, &conn->dst, conn->type, conn->dst_type,
3201                                                                 ev->status);
3202
3203         hci_conn_put(conn);
3204
3205 unlock:
3206         hci_dev_unlock(hdev);
3207 }
3208
3209 static inline void hci_remote_host_features_evt(struct hci_dev *hdev, struct sk_buff *skb)
3210 {
3211         struct hci_ev_remote_host_features *ev = (void *) skb->data;
3212         struct inquiry_entry *ie;
3213
3214         BT_DBG("%s", hdev->name);
3215
3216         hci_dev_lock(hdev);
3217
3218         ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
3219         if (ie)
3220                 ie->data.ssp_mode = (ev->features[0] & LMP_HOST_SSP);
3221
3222         hci_dev_unlock(hdev);
3223 }
3224
3225 static inline void hci_remote_oob_data_request_evt(struct hci_dev *hdev,
3226                                                         struct sk_buff *skb)
3227 {
3228         struct hci_ev_remote_oob_data_request *ev = (void *) skb->data;
3229         struct oob_data *data;
3230
3231         BT_DBG("%s", hdev->name);
3232
3233         hci_dev_lock(hdev);
3234
3235         if (!test_bit(HCI_MGMT, &hdev->dev_flags))
3236                 goto unlock;
3237
3238         data = hci_find_remote_oob_data(hdev, &ev->bdaddr);
3239         if (data) {
3240                 struct hci_cp_remote_oob_data_reply cp;
3241
3242                 bacpy(&cp.bdaddr, &ev->bdaddr);
3243                 memcpy(cp.hash, data->hash, sizeof(cp.hash));
3244                 memcpy(cp.randomizer, data->randomizer, sizeof(cp.randomizer));
3245
3246                 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_REPLY, sizeof(cp),
3247                                                                         &cp);
3248         } else {
3249                 struct hci_cp_remote_oob_data_neg_reply cp;
3250
3251                 bacpy(&cp.bdaddr, &ev->bdaddr);
3252                 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_NEG_REPLY, sizeof(cp),
3253                                                                         &cp);
3254         }
3255
3256 unlock:
3257         hci_dev_unlock(hdev);
3258 }
3259
3260 static inline void hci_le_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
3261 {
3262         struct hci_ev_le_conn_complete *ev = (void *) skb->data;
3263         struct hci_conn *conn;
3264
3265         BT_DBG("%s status %d", hdev->name, ev->status);
3266
3267         hci_dev_lock(hdev);
3268
3269         conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &ev->bdaddr);
3270         if (!conn) {
3271                 conn = hci_conn_add(hdev, LE_LINK, &ev->bdaddr);
3272                 if (!conn) {
3273                         BT_ERR("No memory for new connection");
3274                         hci_dev_unlock(hdev);
3275                         return;
3276                 }
3277
3278                 conn->dst_type = ev->bdaddr_type;
3279         }
3280
3281         if (ev->status) {
3282                 mgmt_connect_failed(hdev, &ev->bdaddr, conn->type,
3283                                                 conn->dst_type, ev->status);
3284                 hci_proto_connect_cfm(conn, ev->status);
3285                 conn->state = BT_CLOSED;
3286                 hci_conn_del(conn);
3287                 goto unlock;
3288         }
3289
3290         if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
3291                 mgmt_device_connected(hdev, &ev->bdaddr, conn->type,
3292                                         conn->dst_type, 0, NULL, 0, NULL);
3293
3294         conn->sec_level = BT_SECURITY_LOW;
3295         conn->handle = __le16_to_cpu(ev->handle);
3296         conn->state = BT_CONNECTED;
3297
3298         hci_conn_hold_device(conn);
3299         hci_conn_add_sysfs(conn);
3300
3301         hci_proto_connect_cfm(conn, ev->status);
3302
3303 unlock:
3304         hci_dev_unlock(hdev);
3305 }
3306
3307 static inline void hci_le_adv_report_evt(struct hci_dev *hdev,
3308                                                 struct sk_buff *skb)
3309 {
3310         u8 num_reports = skb->data[0];
3311         void *ptr = &skb->data[1];
3312         s8 rssi;
3313
3314         hci_dev_lock(hdev);
3315
3316         while (num_reports--) {
3317                 struct hci_ev_le_advertising_info *ev = ptr;
3318
3319                 hci_add_adv_entry(hdev, ev);
3320
3321                 rssi = ev->data[ev->length];
3322                 mgmt_device_found(hdev, &ev->bdaddr, LE_LINK, ev->bdaddr_type,
3323                                         NULL, rssi, 0, 1, ev->data,
3324                                         ev->length);
3325
3326                 ptr += sizeof(*ev) + ev->length + 1;
3327         }
3328
3329         hci_dev_unlock(hdev);
3330 }
3331
3332 static inline void hci_le_ltk_request_evt(struct hci_dev *hdev,
3333                                                 struct sk_buff *skb)
3334 {
3335         struct hci_ev_le_ltk_req *ev = (void *) skb->data;
3336         struct hci_cp_le_ltk_reply cp;
3337         struct hci_cp_le_ltk_neg_reply neg;
3338         struct hci_conn *conn;
3339         struct smp_ltk *ltk;
3340
3341         BT_DBG("%s handle %d", hdev->name, cpu_to_le16(ev->handle));
3342
3343         hci_dev_lock(hdev);
3344
3345         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
3346         if (conn == NULL)
3347                 goto not_found;
3348
3349         ltk = hci_find_ltk(hdev, ev->ediv, ev->random);
3350         if (ltk == NULL)
3351                 goto not_found;
3352
3353         memcpy(cp.ltk, ltk->val, sizeof(ltk->val));
3354         cp.handle = cpu_to_le16(conn->handle);
3355
3356         if (ltk->authenticated)
3357                 conn->sec_level = BT_SECURITY_HIGH;
3358
3359         hci_send_cmd(hdev, HCI_OP_LE_LTK_REPLY, sizeof(cp), &cp);
3360
3361         if (ltk->type & HCI_SMP_STK) {
3362                 list_del(&ltk->list);
3363                 kfree(ltk);
3364         }
3365
3366         hci_dev_unlock(hdev);
3367
3368         return;
3369
3370 not_found:
3371         neg.handle = ev->handle;
3372         hci_send_cmd(hdev, HCI_OP_LE_LTK_NEG_REPLY, sizeof(neg), &neg);
3373         hci_dev_unlock(hdev);
3374 }
3375
3376 static inline void hci_le_meta_evt(struct hci_dev *hdev, struct sk_buff *skb)
3377 {
3378         struct hci_ev_le_meta *le_ev = (void *) skb->data;
3379
3380         skb_pull(skb, sizeof(*le_ev));
3381
3382         switch (le_ev->subevent) {
3383         case HCI_EV_LE_CONN_COMPLETE:
3384                 hci_le_conn_complete_evt(hdev, skb);
3385                 break;
3386
3387         case HCI_EV_LE_ADVERTISING_REPORT:
3388                 hci_le_adv_report_evt(hdev, skb);
3389                 break;
3390
3391         case HCI_EV_LE_LTK_REQ:
3392                 hci_le_ltk_request_evt(hdev, skb);
3393                 break;
3394
3395         default:
3396                 break;
3397         }
3398 }
3399
3400 void hci_event_packet(struct hci_dev *hdev, struct sk_buff *skb)
3401 {
3402         struct hci_event_hdr *hdr = (void *) skb->data;
3403         __u8 event = hdr->evt;
3404
3405         skb_pull(skb, HCI_EVENT_HDR_SIZE);
3406
3407         switch (event) {
3408         case HCI_EV_INQUIRY_COMPLETE:
3409                 hci_inquiry_complete_evt(hdev, skb);
3410                 break;
3411
3412         case HCI_EV_INQUIRY_RESULT:
3413                 hci_inquiry_result_evt(hdev, skb);
3414                 break;
3415
3416         case HCI_EV_CONN_COMPLETE:
3417                 hci_conn_complete_evt(hdev, skb);
3418                 break;
3419
3420         case HCI_EV_CONN_REQUEST:
3421                 hci_conn_request_evt(hdev, skb);
3422                 break;
3423
3424         case HCI_EV_DISCONN_COMPLETE:
3425                 hci_disconn_complete_evt(hdev, skb);
3426                 break;
3427
3428         case HCI_EV_AUTH_COMPLETE:
3429                 hci_auth_complete_evt(hdev, skb);
3430                 break;
3431
3432         case HCI_EV_REMOTE_NAME:
3433                 hci_remote_name_evt(hdev, skb);
3434                 break;
3435
3436         case HCI_EV_ENCRYPT_CHANGE:
3437                 hci_encrypt_change_evt(hdev, skb);
3438                 break;
3439
3440         case HCI_EV_CHANGE_LINK_KEY_COMPLETE:
3441                 hci_change_link_key_complete_evt(hdev, skb);
3442                 break;
3443
3444         case HCI_EV_REMOTE_FEATURES:
3445                 hci_remote_features_evt(hdev, skb);
3446                 break;
3447
3448         case HCI_EV_REMOTE_VERSION:
3449                 hci_remote_version_evt(hdev, skb);
3450                 break;
3451
3452         case HCI_EV_QOS_SETUP_COMPLETE:
3453                 hci_qos_setup_complete_evt(hdev, skb);
3454                 break;
3455
3456         case HCI_EV_CMD_COMPLETE:
3457                 hci_cmd_complete_evt(hdev, skb);
3458                 break;
3459
3460         case HCI_EV_CMD_STATUS:
3461                 hci_cmd_status_evt(hdev, skb);
3462                 break;
3463
3464         case HCI_EV_ROLE_CHANGE:
3465                 hci_role_change_evt(hdev, skb);
3466                 break;
3467
3468         case HCI_EV_NUM_COMP_PKTS:
3469                 hci_num_comp_pkts_evt(hdev, skb);
3470                 break;
3471
3472         case HCI_EV_MODE_CHANGE:
3473                 hci_mode_change_evt(hdev, skb);
3474                 break;
3475
3476         case HCI_EV_PIN_CODE_REQ:
3477                 hci_pin_code_request_evt(hdev, skb);
3478                 break;
3479
3480         case HCI_EV_LINK_KEY_REQ:
3481                 hci_link_key_request_evt(hdev, skb);
3482                 break;
3483
3484         case HCI_EV_LINK_KEY_NOTIFY:
3485                 hci_link_key_notify_evt(hdev, skb);
3486                 break;
3487
3488         case HCI_EV_CLOCK_OFFSET:
3489                 hci_clock_offset_evt(hdev, skb);
3490                 break;
3491
3492         case HCI_EV_PKT_TYPE_CHANGE:
3493                 hci_pkt_type_change_evt(hdev, skb);
3494                 break;
3495
3496         case HCI_EV_PSCAN_REP_MODE:
3497                 hci_pscan_rep_mode_evt(hdev, skb);
3498                 break;
3499
3500         case HCI_EV_INQUIRY_RESULT_WITH_RSSI:
3501                 hci_inquiry_result_with_rssi_evt(hdev, skb);
3502                 break;
3503
3504         case HCI_EV_REMOTE_EXT_FEATURES:
3505                 hci_remote_ext_features_evt(hdev, skb);
3506                 break;
3507
3508         case HCI_EV_SYNC_CONN_COMPLETE:
3509                 hci_sync_conn_complete_evt(hdev, skb);
3510                 break;
3511
3512         case HCI_EV_SYNC_CONN_CHANGED:
3513                 hci_sync_conn_changed_evt(hdev, skb);
3514                 break;
3515
3516         case HCI_EV_SNIFF_SUBRATE:
3517                 hci_sniff_subrate_evt(hdev, skb);
3518                 break;
3519
3520         case HCI_EV_EXTENDED_INQUIRY_RESULT:
3521                 hci_extended_inquiry_result_evt(hdev, skb);
3522                 break;
3523
3524         case HCI_EV_IO_CAPA_REQUEST:
3525                 hci_io_capa_request_evt(hdev, skb);
3526                 break;
3527
3528         case HCI_EV_IO_CAPA_REPLY:
3529                 hci_io_capa_reply_evt(hdev, skb);
3530                 break;
3531
3532         case HCI_EV_USER_CONFIRM_REQUEST:
3533                 hci_user_confirm_request_evt(hdev, skb);
3534                 break;
3535
3536         case HCI_EV_USER_PASSKEY_REQUEST:
3537                 hci_user_passkey_request_evt(hdev, skb);
3538                 break;
3539
3540         case HCI_EV_SIMPLE_PAIR_COMPLETE:
3541                 hci_simple_pair_complete_evt(hdev, skb);
3542                 break;
3543
3544         case HCI_EV_REMOTE_HOST_FEATURES:
3545                 hci_remote_host_features_evt(hdev, skb);
3546                 break;
3547
3548         case HCI_EV_LE_META:
3549                 hci_le_meta_evt(hdev, skb);
3550                 break;
3551
3552         case HCI_EV_REMOTE_OOB_DATA_REQUEST:
3553                 hci_remote_oob_data_request_evt(hdev, skb);
3554                 break;
3555
3556         case HCI_EV_NUM_COMP_BLOCKS:
3557                 hci_num_comp_blocks_evt(hdev, skb);
3558                 break;
3559
3560         default:
3561                 BT_DBG("%s event 0x%x", hdev->name, event);
3562                 break;
3563         }
3564
3565         kfree_skb(skb);
3566         hdev->stat.evt_rx++;
3567 }