Bluetooth: Fix hci_inquiry ioctl usage
[linux-3.10.git] / net / bluetooth / hci_event.c
1 /*
2    BlueZ - Bluetooth protocol stack for Linux
3    Copyright (c) 2000-2001, 2010, Code Aurora Forum. All rights reserved.
4
5    Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
6
7    This program is free software; you can redistribute it and/or modify
8    it under the terms of the GNU General Public License version 2 as
9    published by the Free Software Foundation;
10
11    THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12    OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13    FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14    IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15    CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16    WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17    ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18    OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
20    ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21    COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22    SOFTWARE IS DISCLAIMED.
23 */
24
25 /* Bluetooth HCI event handling. */
26
27 #include <asm/unaligned.h>
28
29 #include <net/bluetooth/bluetooth.h>
30 #include <net/bluetooth/hci_core.h>
31 #include <net/bluetooth/mgmt.h>
32 #include <net/bluetooth/a2mp.h>
33 #include <net/bluetooth/amp.h>
34
35 /* Handle HCI Event packets */
36
37 static void hci_cc_inquiry_cancel(struct hci_dev *hdev, struct sk_buff *skb)
38 {
39         __u8 status = *((__u8 *) skb->data);
40
41         BT_DBG("%s status 0x%2.2x", hdev->name, status);
42
43         if (status) {
44                 hci_dev_lock(hdev);
45                 mgmt_stop_discovery_failed(hdev, status);
46                 hci_dev_unlock(hdev);
47                 return;
48         }
49
50         clear_bit(HCI_INQUIRY, &hdev->flags);
51         smp_mb__after_clear_bit(); /* wake_up_bit advises about this barrier */
52         wake_up_bit(&hdev->flags, HCI_INQUIRY);
53
54         hci_dev_lock(hdev);
55         hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
56         hci_dev_unlock(hdev);
57
58         hci_conn_check_pending(hdev);
59 }
60
61 static void hci_cc_periodic_inq(struct hci_dev *hdev, struct sk_buff *skb)
62 {
63         __u8 status = *((__u8 *) skb->data);
64
65         BT_DBG("%s status 0x%2.2x", hdev->name, status);
66
67         if (status)
68                 return;
69
70         set_bit(HCI_PERIODIC_INQ, &hdev->dev_flags);
71 }
72
73 static void hci_cc_exit_periodic_inq(struct hci_dev *hdev, struct sk_buff *skb)
74 {
75         __u8 status = *((__u8 *) skb->data);
76
77         BT_DBG("%s status 0x%2.2x", hdev->name, status);
78
79         if (status)
80                 return;
81
82         clear_bit(HCI_PERIODIC_INQ, &hdev->dev_flags);
83
84         hci_conn_check_pending(hdev);
85 }
86
87 static void hci_cc_remote_name_req_cancel(struct hci_dev *hdev,
88                                           struct sk_buff *skb)
89 {
90         BT_DBG("%s", hdev->name);
91 }
92
93 static void hci_cc_role_discovery(struct hci_dev *hdev, struct sk_buff *skb)
94 {
95         struct hci_rp_role_discovery *rp = (void *) skb->data;
96         struct hci_conn *conn;
97
98         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
99
100         if (rp->status)
101                 return;
102
103         hci_dev_lock(hdev);
104
105         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
106         if (conn) {
107                 if (rp->role)
108                         conn->link_mode &= ~HCI_LM_MASTER;
109                 else
110                         conn->link_mode |= HCI_LM_MASTER;
111         }
112
113         hci_dev_unlock(hdev);
114 }
115
116 static void hci_cc_read_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
117 {
118         struct hci_rp_read_link_policy *rp = (void *) skb->data;
119         struct hci_conn *conn;
120
121         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
122
123         if (rp->status)
124                 return;
125
126         hci_dev_lock(hdev);
127
128         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
129         if (conn)
130                 conn->link_policy = __le16_to_cpu(rp->policy);
131
132         hci_dev_unlock(hdev);
133 }
134
135 static void hci_cc_write_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
136 {
137         struct hci_rp_write_link_policy *rp = (void *) skb->data;
138         struct hci_conn *conn;
139         void *sent;
140
141         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
142
143         if (rp->status)
144                 return;
145
146         sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LINK_POLICY);
147         if (!sent)
148                 return;
149
150         hci_dev_lock(hdev);
151
152         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
153         if (conn)
154                 conn->link_policy = get_unaligned_le16(sent + 2);
155
156         hci_dev_unlock(hdev);
157 }
158
159 static void hci_cc_read_def_link_policy(struct hci_dev *hdev,
160                                         struct sk_buff *skb)
161 {
162         struct hci_rp_read_def_link_policy *rp = (void *) skb->data;
163
164         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
165
166         if (rp->status)
167                 return;
168
169         hdev->link_policy = __le16_to_cpu(rp->policy);
170 }
171
172 static void hci_cc_write_def_link_policy(struct hci_dev *hdev,
173                                          struct sk_buff *skb)
174 {
175         __u8 status = *((__u8 *) skb->data);
176         void *sent;
177
178         BT_DBG("%s status 0x%2.2x", hdev->name, status);
179
180         sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_DEF_LINK_POLICY);
181         if (!sent)
182                 return;
183
184         if (!status)
185                 hdev->link_policy = get_unaligned_le16(sent);
186 }
187
188 static void hci_cc_reset(struct hci_dev *hdev, struct sk_buff *skb)
189 {
190         __u8 status = *((__u8 *) skb->data);
191
192         BT_DBG("%s status 0x%2.2x", hdev->name, status);
193
194         clear_bit(HCI_RESET, &hdev->flags);
195
196         /* Reset all non-persistent flags */
197         hdev->dev_flags &= ~HCI_PERSISTENT_MASK;
198
199         hdev->discovery.state = DISCOVERY_STOPPED;
200         hdev->inq_tx_power = HCI_TX_POWER_INVALID;
201         hdev->adv_tx_power = HCI_TX_POWER_INVALID;
202
203         memset(hdev->adv_data, 0, sizeof(hdev->adv_data));
204         hdev->adv_data_len = 0;
205 }
206
207 static void hci_cc_write_local_name(struct hci_dev *hdev, struct sk_buff *skb)
208 {
209         __u8 status = *((__u8 *) skb->data);
210         void *sent;
211
212         BT_DBG("%s status 0x%2.2x", hdev->name, status);
213
214         sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LOCAL_NAME);
215         if (!sent)
216                 return;
217
218         hci_dev_lock(hdev);
219
220         if (test_bit(HCI_MGMT, &hdev->dev_flags))
221                 mgmt_set_local_name_complete(hdev, sent, status);
222         else if (!status)
223                 memcpy(hdev->dev_name, sent, HCI_MAX_NAME_LENGTH);
224
225         hci_dev_unlock(hdev);
226 }
227
228 static void hci_cc_read_local_name(struct hci_dev *hdev, struct sk_buff *skb)
229 {
230         struct hci_rp_read_local_name *rp = (void *) skb->data;
231
232         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
233
234         if (rp->status)
235                 return;
236
237         if (test_bit(HCI_SETUP, &hdev->dev_flags))
238                 memcpy(hdev->dev_name, rp->name, HCI_MAX_NAME_LENGTH);
239 }
240
241 static void hci_cc_write_auth_enable(struct hci_dev *hdev, struct sk_buff *skb)
242 {
243         __u8 status = *((__u8 *) skb->data);
244         void *sent;
245
246         BT_DBG("%s status 0x%2.2x", hdev->name, status);
247
248         sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_AUTH_ENABLE);
249         if (!sent)
250                 return;
251
252         if (!status) {
253                 __u8 param = *((__u8 *) sent);
254
255                 if (param == AUTH_ENABLED)
256                         set_bit(HCI_AUTH, &hdev->flags);
257                 else
258                         clear_bit(HCI_AUTH, &hdev->flags);
259         }
260
261         if (test_bit(HCI_MGMT, &hdev->dev_flags))
262                 mgmt_auth_enable_complete(hdev, status);
263 }
264
265 static void hci_cc_write_encrypt_mode(struct hci_dev *hdev, struct sk_buff *skb)
266 {
267         __u8 status = *((__u8 *) skb->data);
268         void *sent;
269
270         BT_DBG("%s status 0x%2.2x", hdev->name, status);
271
272         sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_ENCRYPT_MODE);
273         if (!sent)
274                 return;
275
276         if (!status) {
277                 __u8 param = *((__u8 *) sent);
278
279                 if (param)
280                         set_bit(HCI_ENCRYPT, &hdev->flags);
281                 else
282                         clear_bit(HCI_ENCRYPT, &hdev->flags);
283         }
284 }
285
286 static void hci_cc_write_scan_enable(struct hci_dev *hdev, struct sk_buff *skb)
287 {
288         __u8 param, status = *((__u8 *) skb->data);
289         int old_pscan, old_iscan;
290         void *sent;
291
292         BT_DBG("%s status 0x%2.2x", hdev->name, status);
293
294         sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SCAN_ENABLE);
295         if (!sent)
296                 return;
297
298         param = *((__u8 *) sent);
299
300         hci_dev_lock(hdev);
301
302         if (status) {
303                 mgmt_write_scan_failed(hdev, param, status);
304                 hdev->discov_timeout = 0;
305                 goto done;
306         }
307
308         old_pscan = test_and_clear_bit(HCI_PSCAN, &hdev->flags);
309         old_iscan = test_and_clear_bit(HCI_ISCAN, &hdev->flags);
310
311         if (param & SCAN_INQUIRY) {
312                 set_bit(HCI_ISCAN, &hdev->flags);
313                 if (!old_iscan)
314                         mgmt_discoverable(hdev, 1);
315                 if (hdev->discov_timeout > 0) {
316                         int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
317                         queue_delayed_work(hdev->workqueue, &hdev->discov_off,
318                                            to);
319                 }
320         } else if (old_iscan)
321                 mgmt_discoverable(hdev, 0);
322
323         if (param & SCAN_PAGE) {
324                 set_bit(HCI_PSCAN, &hdev->flags);
325                 if (!old_pscan)
326                         mgmt_connectable(hdev, 1);
327         } else if (old_pscan)
328                 mgmt_connectable(hdev, 0);
329
330 done:
331         hci_dev_unlock(hdev);
332 }
333
334 static void hci_cc_read_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
335 {
336         struct hci_rp_read_class_of_dev *rp = (void *) skb->data;
337
338         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
339
340         if (rp->status)
341                 return;
342
343         memcpy(hdev->dev_class, rp->dev_class, 3);
344
345         BT_DBG("%s class 0x%.2x%.2x%.2x", hdev->name,
346                hdev->dev_class[2], hdev->dev_class[1], hdev->dev_class[0]);
347 }
348
349 static void hci_cc_write_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
350 {
351         __u8 status = *((__u8 *) skb->data);
352         void *sent;
353
354         BT_DBG("%s status 0x%2.2x", hdev->name, status);
355
356         sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_CLASS_OF_DEV);
357         if (!sent)
358                 return;
359
360         hci_dev_lock(hdev);
361
362         if (status == 0)
363                 memcpy(hdev->dev_class, sent, 3);
364
365         if (test_bit(HCI_MGMT, &hdev->dev_flags))
366                 mgmt_set_class_of_dev_complete(hdev, sent, status);
367
368         hci_dev_unlock(hdev);
369 }
370
371 static void hci_cc_read_voice_setting(struct hci_dev *hdev, struct sk_buff *skb)
372 {
373         struct hci_rp_read_voice_setting *rp = (void *) skb->data;
374         __u16 setting;
375
376         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
377
378         if (rp->status)
379                 return;
380
381         setting = __le16_to_cpu(rp->voice_setting);
382
383         if (hdev->voice_setting == setting)
384                 return;
385
386         hdev->voice_setting = setting;
387
388         BT_DBG("%s voice setting 0x%4.4x", hdev->name, setting);
389
390         if (hdev->notify)
391                 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
392 }
393
394 static void hci_cc_write_voice_setting(struct hci_dev *hdev,
395                                        struct sk_buff *skb)
396 {
397         __u8 status = *((__u8 *) skb->data);
398         __u16 setting;
399         void *sent;
400
401         BT_DBG("%s status 0x%2.2x", hdev->name, status);
402
403         if (status)
404                 return;
405
406         sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_VOICE_SETTING);
407         if (!sent)
408                 return;
409
410         setting = get_unaligned_le16(sent);
411
412         if (hdev->voice_setting == setting)
413                 return;
414
415         hdev->voice_setting = setting;
416
417         BT_DBG("%s voice setting 0x%4.4x", hdev->name, setting);
418
419         if (hdev->notify)
420                 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
421 }
422
423 static void hci_cc_write_ssp_mode(struct hci_dev *hdev, struct sk_buff *skb)
424 {
425         __u8 status = *((__u8 *) skb->data);
426         struct hci_cp_write_ssp_mode *sent;
427
428         BT_DBG("%s status 0x%2.2x", hdev->name, status);
429
430         sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SSP_MODE);
431         if (!sent)
432                 return;
433
434         if (!status) {
435                 if (sent->mode)
436                         hdev->host_features[0] |= LMP_HOST_SSP;
437                 else
438                         hdev->host_features[0] &= ~LMP_HOST_SSP;
439         }
440
441         if (test_bit(HCI_MGMT, &hdev->dev_flags))
442                 mgmt_ssp_enable_complete(hdev, sent->mode, status);
443         else if (!status) {
444                 if (sent->mode)
445                         set_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
446                 else
447                         clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
448         }
449 }
450
451 static void hci_cc_read_local_version(struct hci_dev *hdev, struct sk_buff *skb)
452 {
453         struct hci_rp_read_local_version *rp = (void *) skb->data;
454
455         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
456
457         if (rp->status)
458                 return;
459
460         hdev->hci_ver = rp->hci_ver;
461         hdev->hci_rev = __le16_to_cpu(rp->hci_rev);
462         hdev->lmp_ver = rp->lmp_ver;
463         hdev->manufacturer = __le16_to_cpu(rp->manufacturer);
464         hdev->lmp_subver = __le16_to_cpu(rp->lmp_subver);
465
466         BT_DBG("%s manufacturer 0x%4.4x hci ver %d:%d", hdev->name,
467                hdev->manufacturer, hdev->hci_ver, hdev->hci_rev);
468 }
469
470 static void hci_cc_read_local_commands(struct hci_dev *hdev,
471                                        struct sk_buff *skb)
472 {
473         struct hci_rp_read_local_commands *rp = (void *) skb->data;
474
475         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
476
477         if (!rp->status)
478                 memcpy(hdev->commands, rp->commands, sizeof(hdev->commands));
479 }
480
481 static void hci_cc_read_local_features(struct hci_dev *hdev,
482                                        struct sk_buff *skb)
483 {
484         struct hci_rp_read_local_features *rp = (void *) skb->data;
485
486         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
487
488         if (rp->status)
489                 return;
490
491         memcpy(hdev->features, rp->features, 8);
492
493         /* Adjust default settings according to features
494          * supported by device. */
495
496         if (hdev->features[0] & LMP_3SLOT)
497                 hdev->pkt_type |= (HCI_DM3 | HCI_DH3);
498
499         if (hdev->features[0] & LMP_5SLOT)
500                 hdev->pkt_type |= (HCI_DM5 | HCI_DH5);
501
502         if (hdev->features[1] & LMP_HV2) {
503                 hdev->pkt_type  |= (HCI_HV2);
504                 hdev->esco_type |= (ESCO_HV2);
505         }
506
507         if (hdev->features[1] & LMP_HV3) {
508                 hdev->pkt_type  |= (HCI_HV3);
509                 hdev->esco_type |= (ESCO_HV3);
510         }
511
512         if (lmp_esco_capable(hdev))
513                 hdev->esco_type |= (ESCO_EV3);
514
515         if (hdev->features[4] & LMP_EV4)
516                 hdev->esco_type |= (ESCO_EV4);
517
518         if (hdev->features[4] & LMP_EV5)
519                 hdev->esco_type |= (ESCO_EV5);
520
521         if (hdev->features[5] & LMP_EDR_ESCO_2M)
522                 hdev->esco_type |= (ESCO_2EV3);
523
524         if (hdev->features[5] & LMP_EDR_ESCO_3M)
525                 hdev->esco_type |= (ESCO_3EV3);
526
527         if (hdev->features[5] & LMP_EDR_3S_ESCO)
528                 hdev->esco_type |= (ESCO_2EV5 | ESCO_3EV5);
529
530         BT_DBG("%s features 0x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x", hdev->name,
531                hdev->features[0], hdev->features[1],
532                hdev->features[2], hdev->features[3],
533                hdev->features[4], hdev->features[5],
534                hdev->features[6], hdev->features[7]);
535 }
536
537 static void hci_cc_read_local_ext_features(struct hci_dev *hdev,
538                                            struct sk_buff *skb)
539 {
540         struct hci_rp_read_local_ext_features *rp = (void *) skb->data;
541
542         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
543
544         if (rp->status)
545                 return;
546
547         switch (rp->page) {
548         case 0:
549                 memcpy(hdev->features, rp->features, 8);
550                 break;
551         case 1:
552                 memcpy(hdev->host_features, rp->features, 8);
553                 break;
554         }
555 }
556
557 static void hci_cc_read_flow_control_mode(struct hci_dev *hdev,
558                                           struct sk_buff *skb)
559 {
560         struct hci_rp_read_flow_control_mode *rp = (void *) skb->data;
561
562         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
563
564         if (!rp->status)
565                 hdev->flow_ctl_mode = rp->mode;
566 }
567
568 static void hci_cc_read_buffer_size(struct hci_dev *hdev, struct sk_buff *skb)
569 {
570         struct hci_rp_read_buffer_size *rp = (void *) skb->data;
571
572         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
573
574         if (rp->status)
575                 return;
576
577         hdev->acl_mtu  = __le16_to_cpu(rp->acl_mtu);
578         hdev->sco_mtu  = rp->sco_mtu;
579         hdev->acl_pkts = __le16_to_cpu(rp->acl_max_pkt);
580         hdev->sco_pkts = __le16_to_cpu(rp->sco_max_pkt);
581
582         if (test_bit(HCI_QUIRK_FIXUP_BUFFER_SIZE, &hdev->quirks)) {
583                 hdev->sco_mtu  = 64;
584                 hdev->sco_pkts = 8;
585         }
586
587         hdev->acl_cnt = hdev->acl_pkts;
588         hdev->sco_cnt = hdev->sco_pkts;
589
590         BT_DBG("%s acl mtu %d:%d sco mtu %d:%d", hdev->name, hdev->acl_mtu,
591                hdev->acl_pkts, hdev->sco_mtu, hdev->sco_pkts);
592 }
593
594 static void hci_cc_read_bd_addr(struct hci_dev *hdev, struct sk_buff *skb)
595 {
596         struct hci_rp_read_bd_addr *rp = (void *) skb->data;
597
598         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
599
600         if (!rp->status)
601                 bacpy(&hdev->bdaddr, &rp->bdaddr);
602 }
603
604 static void hci_cc_read_page_scan_activity(struct hci_dev *hdev,
605                                            struct sk_buff *skb)
606 {
607         struct hci_rp_read_page_scan_activity *rp = (void *) skb->data;
608
609         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
610
611         if (test_bit(HCI_INIT, &hdev->flags) && !rp->status) {
612                 hdev->page_scan_interval = __le16_to_cpu(rp->interval);
613                 hdev->page_scan_window = __le16_to_cpu(rp->window);
614         }
615 }
616
617 static void hci_cc_write_page_scan_activity(struct hci_dev *hdev,
618                                             struct sk_buff *skb)
619 {
620         u8 status = *((u8 *) skb->data);
621         struct hci_cp_write_page_scan_activity *sent;
622
623         BT_DBG("%s status 0x%2.2x", hdev->name, status);
624
625         if (status)
626                 return;
627
628         sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY);
629         if (!sent)
630                 return;
631
632         hdev->page_scan_interval = __le16_to_cpu(sent->interval);
633         hdev->page_scan_window = __le16_to_cpu(sent->window);
634 }
635
636 static void hci_cc_read_page_scan_type(struct hci_dev *hdev,
637                                            struct sk_buff *skb)
638 {
639         struct hci_rp_read_page_scan_type *rp = (void *) skb->data;
640
641         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
642
643         if (test_bit(HCI_INIT, &hdev->flags) && !rp->status)
644                 hdev->page_scan_type = rp->type;
645 }
646
647 static void hci_cc_write_page_scan_type(struct hci_dev *hdev,
648                                         struct sk_buff *skb)
649 {
650         u8 status = *((u8 *) skb->data);
651         u8 *type;
652
653         BT_DBG("%s status 0x%2.2x", hdev->name, status);
654
655         if (status)
656                 return;
657
658         type = hci_sent_cmd_data(hdev, HCI_OP_WRITE_PAGE_SCAN_TYPE);
659         if (type)
660                 hdev->page_scan_type = *type;
661 }
662
663 static void hci_cc_read_data_block_size(struct hci_dev *hdev,
664                                         struct sk_buff *skb)
665 {
666         struct hci_rp_read_data_block_size *rp = (void *) skb->data;
667
668         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
669
670         if (rp->status)
671                 return;
672
673         hdev->block_mtu = __le16_to_cpu(rp->max_acl_len);
674         hdev->block_len = __le16_to_cpu(rp->block_len);
675         hdev->num_blocks = __le16_to_cpu(rp->num_blocks);
676
677         hdev->block_cnt = hdev->num_blocks;
678
679         BT_DBG("%s blk mtu %d cnt %d len %d", hdev->name, hdev->block_mtu,
680                hdev->block_cnt, hdev->block_len);
681 }
682
683 static void hci_cc_read_local_amp_info(struct hci_dev *hdev,
684                                        struct sk_buff *skb)
685 {
686         struct hci_rp_read_local_amp_info *rp = (void *) skb->data;
687
688         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
689
690         if (rp->status)
691                 goto a2mp_rsp;
692
693         hdev->amp_status = rp->amp_status;
694         hdev->amp_total_bw = __le32_to_cpu(rp->total_bw);
695         hdev->amp_max_bw = __le32_to_cpu(rp->max_bw);
696         hdev->amp_min_latency = __le32_to_cpu(rp->min_latency);
697         hdev->amp_max_pdu = __le32_to_cpu(rp->max_pdu);
698         hdev->amp_type = rp->amp_type;
699         hdev->amp_pal_cap = __le16_to_cpu(rp->pal_cap);
700         hdev->amp_assoc_size = __le16_to_cpu(rp->max_assoc_size);
701         hdev->amp_be_flush_to = __le32_to_cpu(rp->be_flush_to);
702         hdev->amp_max_flush_to = __le32_to_cpu(rp->max_flush_to);
703
704 a2mp_rsp:
705         a2mp_send_getinfo_rsp(hdev);
706 }
707
708 static void hci_cc_read_local_amp_assoc(struct hci_dev *hdev,
709                                         struct sk_buff *skb)
710 {
711         struct hci_rp_read_local_amp_assoc *rp = (void *) skb->data;
712         struct amp_assoc *assoc = &hdev->loc_assoc;
713         size_t rem_len, frag_len;
714
715         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
716
717         if (rp->status)
718                 goto a2mp_rsp;
719
720         frag_len = skb->len - sizeof(*rp);
721         rem_len = __le16_to_cpu(rp->rem_len);
722
723         if (rem_len > frag_len) {
724                 BT_DBG("frag_len %zu rem_len %zu", frag_len, rem_len);
725
726                 memcpy(assoc->data + assoc->offset, rp->frag, frag_len);
727                 assoc->offset += frag_len;
728
729                 /* Read other fragments */
730                 amp_read_loc_assoc_frag(hdev, rp->phy_handle);
731
732                 return;
733         }
734
735         memcpy(assoc->data + assoc->offset, rp->frag, rem_len);
736         assoc->len = assoc->offset + rem_len;
737         assoc->offset = 0;
738
739 a2mp_rsp:
740         /* Send A2MP Rsp when all fragments are received */
741         a2mp_send_getampassoc_rsp(hdev, rp->status);
742         a2mp_send_create_phy_link_req(hdev, rp->status);
743 }
744
745 static void hci_cc_read_inq_rsp_tx_power(struct hci_dev *hdev,
746                                          struct sk_buff *skb)
747 {
748         struct hci_rp_read_inq_rsp_tx_power *rp = (void *) skb->data;
749
750         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
751
752         if (!rp->status)
753                 hdev->inq_tx_power = rp->tx_power;
754 }
755
756 static void hci_cc_pin_code_reply(struct hci_dev *hdev, struct sk_buff *skb)
757 {
758         struct hci_rp_pin_code_reply *rp = (void *) skb->data;
759         struct hci_cp_pin_code_reply *cp;
760         struct hci_conn *conn;
761
762         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
763
764         hci_dev_lock(hdev);
765
766         if (test_bit(HCI_MGMT, &hdev->dev_flags))
767                 mgmt_pin_code_reply_complete(hdev, &rp->bdaddr, rp->status);
768
769         if (rp->status)
770                 goto unlock;
771
772         cp = hci_sent_cmd_data(hdev, HCI_OP_PIN_CODE_REPLY);
773         if (!cp)
774                 goto unlock;
775
776         conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
777         if (conn)
778                 conn->pin_length = cp->pin_len;
779
780 unlock:
781         hci_dev_unlock(hdev);
782 }
783
784 static void hci_cc_pin_code_neg_reply(struct hci_dev *hdev, struct sk_buff *skb)
785 {
786         struct hci_rp_pin_code_neg_reply *rp = (void *) skb->data;
787
788         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
789
790         hci_dev_lock(hdev);
791
792         if (test_bit(HCI_MGMT, &hdev->dev_flags))
793                 mgmt_pin_code_neg_reply_complete(hdev, &rp->bdaddr,
794                                                  rp->status);
795
796         hci_dev_unlock(hdev);
797 }
798
799 static void hci_cc_le_read_buffer_size(struct hci_dev *hdev,
800                                        struct sk_buff *skb)
801 {
802         struct hci_rp_le_read_buffer_size *rp = (void *) skb->data;
803
804         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
805
806         if (rp->status)
807                 return;
808
809         hdev->le_mtu = __le16_to_cpu(rp->le_mtu);
810         hdev->le_pkts = rp->le_max_pkt;
811
812         hdev->le_cnt = hdev->le_pkts;
813
814         BT_DBG("%s le mtu %d:%d", hdev->name, hdev->le_mtu, hdev->le_pkts);
815 }
816
817 static void hci_cc_le_read_local_features(struct hci_dev *hdev,
818                                           struct sk_buff *skb)
819 {
820         struct hci_rp_le_read_local_features *rp = (void *) skb->data;
821
822         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
823
824         if (!rp->status)
825                 memcpy(hdev->le_features, rp->features, 8);
826 }
827
828 static void hci_cc_le_read_adv_tx_power(struct hci_dev *hdev,
829                                         struct sk_buff *skb)
830 {
831         struct hci_rp_le_read_adv_tx_power *rp = (void *) skb->data;
832
833         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
834
835         if (!rp->status)
836                 hdev->adv_tx_power = rp->tx_power;
837 }
838
839 static void hci_cc_user_confirm_reply(struct hci_dev *hdev, struct sk_buff *skb)
840 {
841         struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
842
843         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
844
845         hci_dev_lock(hdev);
846
847         if (test_bit(HCI_MGMT, &hdev->dev_flags))
848                 mgmt_user_confirm_reply_complete(hdev, &rp->bdaddr, ACL_LINK, 0,
849                                                  rp->status);
850
851         hci_dev_unlock(hdev);
852 }
853
854 static void hci_cc_user_confirm_neg_reply(struct hci_dev *hdev,
855                                           struct sk_buff *skb)
856 {
857         struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
858
859         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
860
861         hci_dev_lock(hdev);
862
863         if (test_bit(HCI_MGMT, &hdev->dev_flags))
864                 mgmt_user_confirm_neg_reply_complete(hdev, &rp->bdaddr,
865                                                      ACL_LINK, 0, rp->status);
866
867         hci_dev_unlock(hdev);
868 }
869
870 static void hci_cc_user_passkey_reply(struct hci_dev *hdev, struct sk_buff *skb)
871 {
872         struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
873
874         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
875
876         hci_dev_lock(hdev);
877
878         if (test_bit(HCI_MGMT, &hdev->dev_flags))
879                 mgmt_user_passkey_reply_complete(hdev, &rp->bdaddr, ACL_LINK,
880                                                  0, rp->status);
881
882         hci_dev_unlock(hdev);
883 }
884
885 static void hci_cc_user_passkey_neg_reply(struct hci_dev *hdev,
886                                           struct sk_buff *skb)
887 {
888         struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
889
890         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
891
892         hci_dev_lock(hdev);
893
894         if (test_bit(HCI_MGMT, &hdev->dev_flags))
895                 mgmt_user_passkey_neg_reply_complete(hdev, &rp->bdaddr,
896                                                      ACL_LINK, 0, rp->status);
897
898         hci_dev_unlock(hdev);
899 }
900
901 static void hci_cc_read_local_oob_data_reply(struct hci_dev *hdev,
902                                              struct sk_buff *skb)
903 {
904         struct hci_rp_read_local_oob_data *rp = (void *) skb->data;
905
906         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
907
908         hci_dev_lock(hdev);
909         mgmt_read_local_oob_data_reply_complete(hdev, rp->hash,
910                                                 rp->randomizer, rp->status);
911         hci_dev_unlock(hdev);
912 }
913
914 static void hci_cc_le_set_adv_enable(struct hci_dev *hdev, struct sk_buff *skb)
915 {
916         __u8 *sent, status = *((__u8 *) skb->data);
917
918         BT_DBG("%s status 0x%2.2x", hdev->name, status);
919
920         sent = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_ADV_ENABLE);
921         if (!sent)
922                 return;
923
924         hci_dev_lock(hdev);
925
926         if (!status) {
927                 if (*sent)
928                         set_bit(HCI_LE_PERIPHERAL, &hdev->dev_flags);
929                 else
930                         clear_bit(HCI_LE_PERIPHERAL, &hdev->dev_flags);
931         }
932
933         if (!test_bit(HCI_INIT, &hdev->flags)) {
934                 struct hci_request req;
935
936                 hci_req_init(&req, hdev);
937                 hci_update_ad(&req);
938                 hci_req_run(&req, NULL);
939         }
940
941         hci_dev_unlock(hdev);
942 }
943
944 static void hci_cc_le_set_scan_param(struct hci_dev *hdev, struct sk_buff *skb)
945 {
946         __u8 status = *((__u8 *) skb->data);
947
948         BT_DBG("%s status 0x%2.2x", hdev->name, status);
949
950         if (status) {
951                 hci_dev_lock(hdev);
952                 mgmt_start_discovery_failed(hdev, status);
953                 hci_dev_unlock(hdev);
954                 return;
955         }
956 }
957
958 static void hci_cc_le_set_scan_enable(struct hci_dev *hdev,
959                                       struct sk_buff *skb)
960 {
961         struct hci_cp_le_set_scan_enable *cp;
962         __u8 status = *((__u8 *) skb->data);
963
964         BT_DBG("%s status 0x%2.2x", hdev->name, status);
965
966         cp = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_SCAN_ENABLE);
967         if (!cp)
968                 return;
969
970         switch (cp->enable) {
971         case LE_SCANNING_ENABLED:
972                 if (status) {
973                         hci_dev_lock(hdev);
974                         mgmt_start_discovery_failed(hdev, status);
975                         hci_dev_unlock(hdev);
976                         return;
977                 }
978
979                 set_bit(HCI_LE_SCAN, &hdev->dev_flags);
980
981                 hci_dev_lock(hdev);
982                 hci_discovery_set_state(hdev, DISCOVERY_FINDING);
983                 hci_dev_unlock(hdev);
984                 break;
985
986         case LE_SCANNING_DISABLED:
987                 if (status) {
988                         hci_dev_lock(hdev);
989                         mgmt_stop_discovery_failed(hdev, status);
990                         hci_dev_unlock(hdev);
991                         return;
992                 }
993
994                 clear_bit(HCI_LE_SCAN, &hdev->dev_flags);
995
996                 if (hdev->discovery.type == DISCOV_TYPE_INTERLEAVED &&
997                     hdev->discovery.state == DISCOVERY_FINDING) {
998                         mgmt_interleaved_discovery(hdev);
999                 } else {
1000                         hci_dev_lock(hdev);
1001                         hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1002                         hci_dev_unlock(hdev);
1003                 }
1004
1005                 break;
1006
1007         default:
1008                 BT_ERR("Used reserved LE_Scan_Enable param %d", cp->enable);
1009                 break;
1010         }
1011 }
1012
1013 static void hci_cc_le_read_white_list_size(struct hci_dev *hdev,
1014                                            struct sk_buff *skb)
1015 {
1016         struct hci_rp_le_read_white_list_size *rp = (void *) skb->data;
1017
1018         BT_DBG("%s status 0x%2.2x size %u", hdev->name, rp->status, rp->size);
1019
1020         if (!rp->status)
1021                 hdev->le_white_list_size = rp->size;
1022 }
1023
1024 static void hci_cc_le_read_supported_states(struct hci_dev *hdev,
1025                                             struct sk_buff *skb)
1026 {
1027         struct hci_rp_le_read_supported_states *rp = (void *) skb->data;
1028
1029         BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1030
1031         if (!rp->status)
1032                 memcpy(hdev->le_states, rp->le_states, 8);
1033 }
1034
1035 static void hci_cc_write_le_host_supported(struct hci_dev *hdev,
1036                                            struct sk_buff *skb)
1037 {
1038         struct hci_cp_write_le_host_supported *sent;
1039         __u8 status = *((__u8 *) skb->data);
1040
1041         BT_DBG("%s status 0x%2.2x", hdev->name, status);
1042
1043         sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED);
1044         if (!sent)
1045                 return;
1046
1047         if (!status) {
1048                 if (sent->le)
1049                         hdev->host_features[0] |= LMP_HOST_LE;
1050                 else
1051                         hdev->host_features[0] &= ~LMP_HOST_LE;
1052
1053                 if (sent->simul)
1054                         hdev->host_features[0] |= LMP_HOST_LE_BREDR;
1055                 else
1056                         hdev->host_features[0] &= ~LMP_HOST_LE_BREDR;
1057         }
1058
1059         if (test_bit(HCI_MGMT, &hdev->dev_flags) &&
1060             !test_bit(HCI_INIT, &hdev->flags))
1061                 mgmt_le_enable_complete(hdev, sent->le, status);
1062 }
1063
1064 static void hci_cc_write_remote_amp_assoc(struct hci_dev *hdev,
1065                                           struct sk_buff *skb)
1066 {
1067         struct hci_rp_write_remote_amp_assoc *rp = (void *) skb->data;
1068
1069         BT_DBG("%s status 0x%2.2x phy_handle 0x%2.2x",
1070                hdev->name, rp->status, rp->phy_handle);
1071
1072         if (rp->status)
1073                 return;
1074
1075         amp_write_rem_assoc_continue(hdev, rp->phy_handle);
1076 }
1077
1078 static void hci_cs_inquiry(struct hci_dev *hdev, __u8 status)
1079 {
1080         BT_DBG("%s status 0x%2.2x", hdev->name, status);
1081
1082         if (status) {
1083                 hci_conn_check_pending(hdev);
1084                 hci_dev_lock(hdev);
1085                 if (test_bit(HCI_MGMT, &hdev->dev_flags))
1086                         mgmt_start_discovery_failed(hdev, status);
1087                 hci_dev_unlock(hdev);
1088                 return;
1089         }
1090
1091         set_bit(HCI_INQUIRY, &hdev->flags);
1092
1093         hci_dev_lock(hdev);
1094         hci_discovery_set_state(hdev, DISCOVERY_FINDING);
1095         hci_dev_unlock(hdev);
1096 }
1097
1098 static void hci_cs_create_conn(struct hci_dev *hdev, __u8 status)
1099 {
1100         struct hci_cp_create_conn *cp;
1101         struct hci_conn *conn;
1102
1103         BT_DBG("%s status 0x%2.2x", hdev->name, status);
1104
1105         cp = hci_sent_cmd_data(hdev, HCI_OP_CREATE_CONN);
1106         if (!cp)
1107                 return;
1108
1109         hci_dev_lock(hdev);
1110
1111         conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1112
1113         BT_DBG("%s bdaddr %pMR hcon %p", hdev->name, &cp->bdaddr, conn);
1114
1115         if (status) {
1116                 if (conn && conn->state == BT_CONNECT) {
1117                         if (status != 0x0c || conn->attempt > 2) {
1118                                 conn->state = BT_CLOSED;
1119                                 hci_proto_connect_cfm(conn, status);
1120                                 hci_conn_del(conn);
1121                         } else
1122                                 conn->state = BT_CONNECT2;
1123                 }
1124         } else {
1125                 if (!conn) {
1126                         conn = hci_conn_add(hdev, ACL_LINK, &cp->bdaddr);
1127                         if (conn) {
1128                                 conn->out = true;
1129                                 conn->link_mode |= HCI_LM_MASTER;
1130                         } else
1131                                 BT_ERR("No memory for new connection");
1132                 }
1133         }
1134
1135         hci_dev_unlock(hdev);
1136 }
1137
1138 static void hci_cs_add_sco(struct hci_dev *hdev, __u8 status)
1139 {
1140         struct hci_cp_add_sco *cp;
1141         struct hci_conn *acl, *sco;
1142         __u16 handle;
1143
1144         BT_DBG("%s status 0x%2.2x", hdev->name, status);
1145
1146         if (!status)
1147                 return;
1148
1149         cp = hci_sent_cmd_data(hdev, HCI_OP_ADD_SCO);
1150         if (!cp)
1151                 return;
1152
1153         handle = __le16_to_cpu(cp->handle);
1154
1155         BT_DBG("%s handle 0x%4.4x", hdev->name, handle);
1156
1157         hci_dev_lock(hdev);
1158
1159         acl = hci_conn_hash_lookup_handle(hdev, handle);
1160         if (acl) {
1161                 sco = acl->link;
1162                 if (sco) {
1163                         sco->state = BT_CLOSED;
1164
1165                         hci_proto_connect_cfm(sco, status);
1166                         hci_conn_del(sco);
1167                 }
1168         }
1169
1170         hci_dev_unlock(hdev);
1171 }
1172
1173 static void hci_cs_auth_requested(struct hci_dev *hdev, __u8 status)
1174 {
1175         struct hci_cp_auth_requested *cp;
1176         struct hci_conn *conn;
1177
1178         BT_DBG("%s status 0x%2.2x", hdev->name, status);
1179
1180         if (!status)
1181                 return;
1182
1183         cp = hci_sent_cmd_data(hdev, HCI_OP_AUTH_REQUESTED);
1184         if (!cp)
1185                 return;
1186
1187         hci_dev_lock(hdev);
1188
1189         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1190         if (conn) {
1191                 if (conn->state == BT_CONFIG) {
1192                         hci_proto_connect_cfm(conn, status);
1193                         hci_conn_put(conn);
1194                 }
1195         }
1196
1197         hci_dev_unlock(hdev);
1198 }
1199
1200 static void hci_cs_set_conn_encrypt(struct hci_dev *hdev, __u8 status)
1201 {
1202         struct hci_cp_set_conn_encrypt *cp;
1203         struct hci_conn *conn;
1204
1205         BT_DBG("%s status 0x%2.2x", hdev->name, status);
1206
1207         if (!status)
1208                 return;
1209
1210         cp = hci_sent_cmd_data(hdev, HCI_OP_SET_CONN_ENCRYPT);
1211         if (!cp)
1212                 return;
1213
1214         hci_dev_lock(hdev);
1215
1216         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1217         if (conn) {
1218                 if (conn->state == BT_CONFIG) {
1219                         hci_proto_connect_cfm(conn, status);
1220                         hci_conn_put(conn);
1221                 }
1222         }
1223
1224         hci_dev_unlock(hdev);
1225 }
1226
1227 static int hci_outgoing_auth_needed(struct hci_dev *hdev,
1228                                     struct hci_conn *conn)
1229 {
1230         if (conn->state != BT_CONFIG || !conn->out)
1231                 return 0;
1232
1233         if (conn->pending_sec_level == BT_SECURITY_SDP)
1234                 return 0;
1235
1236         /* Only request authentication for SSP connections or non-SSP
1237          * devices with sec_level HIGH or if MITM protection is requested */
1238         if (!hci_conn_ssp_enabled(conn) && !(conn->auth_type & 0x01) &&
1239             conn->pending_sec_level != BT_SECURITY_HIGH)
1240                 return 0;
1241
1242         return 1;
1243 }
1244
1245 static int hci_resolve_name(struct hci_dev *hdev,
1246                                    struct inquiry_entry *e)
1247 {
1248         struct hci_cp_remote_name_req cp;
1249
1250         memset(&cp, 0, sizeof(cp));
1251
1252         bacpy(&cp.bdaddr, &e->data.bdaddr);
1253         cp.pscan_rep_mode = e->data.pscan_rep_mode;
1254         cp.pscan_mode = e->data.pscan_mode;
1255         cp.clock_offset = e->data.clock_offset;
1256
1257         return hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
1258 }
1259
1260 static bool hci_resolve_next_name(struct hci_dev *hdev)
1261 {
1262         struct discovery_state *discov = &hdev->discovery;
1263         struct inquiry_entry *e;
1264
1265         if (list_empty(&discov->resolve))
1266                 return false;
1267
1268         e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_NEEDED);
1269         if (!e)
1270                 return false;
1271
1272         if (hci_resolve_name(hdev, e) == 0) {
1273                 e->name_state = NAME_PENDING;
1274                 return true;
1275         }
1276
1277         return false;
1278 }
1279
1280 static void hci_check_pending_name(struct hci_dev *hdev, struct hci_conn *conn,
1281                                    bdaddr_t *bdaddr, u8 *name, u8 name_len)
1282 {
1283         struct discovery_state *discov = &hdev->discovery;
1284         struct inquiry_entry *e;
1285
1286         if (conn && !test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
1287                 mgmt_device_connected(hdev, bdaddr, ACL_LINK, 0x00, 0, name,
1288                                       name_len, conn->dev_class);
1289
1290         if (discov->state == DISCOVERY_STOPPED)
1291                 return;
1292
1293         if (discov->state == DISCOVERY_STOPPING)
1294                 goto discov_complete;
1295
1296         if (discov->state != DISCOVERY_RESOLVING)
1297                 return;
1298
1299         e = hci_inquiry_cache_lookup_resolve(hdev, bdaddr, NAME_PENDING);
1300         /* If the device was not found in a list of found devices names of which
1301          * are pending. there is no need to continue resolving a next name as it
1302          * will be done upon receiving another Remote Name Request Complete
1303          * Event */
1304         if (!e)
1305                 return;
1306
1307         list_del(&e->list);
1308         if (name) {
1309                 e->name_state = NAME_KNOWN;
1310                 mgmt_remote_name(hdev, bdaddr, ACL_LINK, 0x00,
1311                                  e->data.rssi, name, name_len);
1312         } else {
1313                 e->name_state = NAME_NOT_KNOWN;
1314         }
1315
1316         if (hci_resolve_next_name(hdev))
1317                 return;
1318
1319 discov_complete:
1320         hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1321 }
1322
1323 static void hci_cs_remote_name_req(struct hci_dev *hdev, __u8 status)
1324 {
1325         struct hci_cp_remote_name_req *cp;
1326         struct hci_conn *conn;
1327
1328         BT_DBG("%s status 0x%2.2x", hdev->name, status);
1329
1330         /* If successful wait for the name req complete event before
1331          * checking for the need to do authentication */
1332         if (!status)
1333                 return;
1334
1335         cp = hci_sent_cmd_data(hdev, HCI_OP_REMOTE_NAME_REQ);
1336         if (!cp)
1337                 return;
1338
1339         hci_dev_lock(hdev);
1340
1341         conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1342
1343         if (test_bit(HCI_MGMT, &hdev->dev_flags))
1344                 hci_check_pending_name(hdev, conn, &cp->bdaddr, NULL, 0);
1345
1346         if (!conn)
1347                 goto unlock;
1348
1349         if (!hci_outgoing_auth_needed(hdev, conn))
1350                 goto unlock;
1351
1352         if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
1353                 struct hci_cp_auth_requested cp;
1354                 cp.handle = __cpu_to_le16(conn->handle);
1355                 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp);
1356         }
1357
1358 unlock:
1359         hci_dev_unlock(hdev);
1360 }
1361
1362 static void hci_cs_read_remote_features(struct hci_dev *hdev, __u8 status)
1363 {
1364         struct hci_cp_read_remote_features *cp;
1365         struct hci_conn *conn;
1366
1367         BT_DBG("%s status 0x%2.2x", hdev->name, status);
1368
1369         if (!status)
1370                 return;
1371
1372         cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_FEATURES);
1373         if (!cp)
1374                 return;
1375
1376         hci_dev_lock(hdev);
1377
1378         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1379         if (conn) {
1380                 if (conn->state == BT_CONFIG) {
1381                         hci_proto_connect_cfm(conn, status);
1382                         hci_conn_put(conn);
1383                 }
1384         }
1385
1386         hci_dev_unlock(hdev);
1387 }
1388
1389 static void hci_cs_read_remote_ext_features(struct hci_dev *hdev, __u8 status)
1390 {
1391         struct hci_cp_read_remote_ext_features *cp;
1392         struct hci_conn *conn;
1393
1394         BT_DBG("%s status 0x%2.2x", hdev->name, status);
1395
1396         if (!status)
1397                 return;
1398
1399         cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES);
1400         if (!cp)
1401                 return;
1402
1403         hci_dev_lock(hdev);
1404
1405         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1406         if (conn) {
1407                 if (conn->state == BT_CONFIG) {
1408                         hci_proto_connect_cfm(conn, status);
1409                         hci_conn_put(conn);
1410                 }
1411         }
1412
1413         hci_dev_unlock(hdev);
1414 }
1415
1416 static void hci_cs_setup_sync_conn(struct hci_dev *hdev, __u8 status)
1417 {
1418         struct hci_cp_setup_sync_conn *cp;
1419         struct hci_conn *acl, *sco;
1420         __u16 handle;
1421
1422         BT_DBG("%s status 0x%2.2x", hdev->name, status);
1423
1424         if (!status)
1425                 return;
1426
1427         cp = hci_sent_cmd_data(hdev, HCI_OP_SETUP_SYNC_CONN);
1428         if (!cp)
1429                 return;
1430
1431         handle = __le16_to_cpu(cp->handle);
1432
1433         BT_DBG("%s handle 0x%4.4x", hdev->name, handle);
1434
1435         hci_dev_lock(hdev);
1436
1437         acl = hci_conn_hash_lookup_handle(hdev, handle);
1438         if (acl) {
1439                 sco = acl->link;
1440                 if (sco) {
1441                         sco->state = BT_CLOSED;
1442
1443                         hci_proto_connect_cfm(sco, status);
1444                         hci_conn_del(sco);
1445                 }
1446         }
1447
1448         hci_dev_unlock(hdev);
1449 }
1450
1451 static void hci_cs_sniff_mode(struct hci_dev *hdev, __u8 status)
1452 {
1453         struct hci_cp_sniff_mode *cp;
1454         struct hci_conn *conn;
1455
1456         BT_DBG("%s status 0x%2.2x", hdev->name, status);
1457
1458         if (!status)
1459                 return;
1460
1461         cp = hci_sent_cmd_data(hdev, HCI_OP_SNIFF_MODE);
1462         if (!cp)
1463                 return;
1464
1465         hci_dev_lock(hdev);
1466
1467         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1468         if (conn) {
1469                 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags);
1470
1471                 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
1472                         hci_sco_setup(conn, status);
1473         }
1474
1475         hci_dev_unlock(hdev);
1476 }
1477
1478 static void hci_cs_exit_sniff_mode(struct hci_dev *hdev, __u8 status)
1479 {
1480         struct hci_cp_exit_sniff_mode *cp;
1481         struct hci_conn *conn;
1482
1483         BT_DBG("%s status 0x%2.2x", hdev->name, status);
1484
1485         if (!status)
1486                 return;
1487
1488         cp = hci_sent_cmd_data(hdev, HCI_OP_EXIT_SNIFF_MODE);
1489         if (!cp)
1490                 return;
1491
1492         hci_dev_lock(hdev);
1493
1494         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1495         if (conn) {
1496                 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags);
1497
1498                 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
1499                         hci_sco_setup(conn, status);
1500         }
1501
1502         hci_dev_unlock(hdev);
1503 }
1504
1505 static void hci_cs_disconnect(struct hci_dev *hdev, u8 status)
1506 {
1507         struct hci_cp_disconnect *cp;
1508         struct hci_conn *conn;
1509
1510         if (!status)
1511                 return;
1512
1513         cp = hci_sent_cmd_data(hdev, HCI_OP_DISCONNECT);
1514         if (!cp)
1515                 return;
1516
1517         hci_dev_lock(hdev);
1518
1519         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1520         if (conn)
1521                 mgmt_disconnect_failed(hdev, &conn->dst, conn->type,
1522                                        conn->dst_type, status);
1523
1524         hci_dev_unlock(hdev);
1525 }
1526
1527 static void hci_cs_le_create_conn(struct hci_dev *hdev, __u8 status)
1528 {
1529         struct hci_conn *conn;
1530
1531         BT_DBG("%s status 0x%2.2x", hdev->name, status);
1532
1533         if (status) {
1534                 hci_dev_lock(hdev);
1535
1536                 conn = hci_conn_hash_lookup_state(hdev, LE_LINK, BT_CONNECT);
1537                 if (!conn) {
1538                         hci_dev_unlock(hdev);
1539                         return;
1540                 }
1541
1542                 BT_DBG("%s bdaddr %pMR conn %p", hdev->name, &conn->dst, conn);
1543
1544                 conn->state = BT_CLOSED;
1545                 mgmt_connect_failed(hdev, &conn->dst, conn->type,
1546                                     conn->dst_type, status);
1547                 hci_proto_connect_cfm(conn, status);
1548                 hci_conn_del(conn);
1549
1550                 hci_dev_unlock(hdev);
1551         }
1552 }
1553
1554 static void hci_cs_create_phylink(struct hci_dev *hdev, u8 status)
1555 {
1556         struct hci_cp_create_phy_link *cp;
1557
1558         BT_DBG("%s status 0x%2.2x", hdev->name, status);
1559
1560         cp = hci_sent_cmd_data(hdev, HCI_OP_CREATE_PHY_LINK);
1561         if (!cp)
1562                 return;
1563
1564         hci_dev_lock(hdev);
1565
1566         if (status) {
1567                 struct hci_conn *hcon;
1568
1569                 hcon = hci_conn_hash_lookup_handle(hdev, cp->phy_handle);
1570                 if (hcon)
1571                         hci_conn_del(hcon);
1572         } else {
1573                 amp_write_remote_assoc(hdev, cp->phy_handle);
1574         }
1575
1576         hci_dev_unlock(hdev);
1577 }
1578
1579 static void hci_cs_accept_phylink(struct hci_dev *hdev, u8 status)
1580 {
1581         struct hci_cp_accept_phy_link *cp;
1582
1583         BT_DBG("%s status 0x%2.2x", hdev->name, status);
1584
1585         if (status)
1586                 return;
1587
1588         cp = hci_sent_cmd_data(hdev, HCI_OP_ACCEPT_PHY_LINK);
1589         if (!cp)
1590                 return;
1591
1592         amp_write_remote_assoc(hdev, cp->phy_handle);
1593 }
1594
1595 static void hci_inquiry_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1596 {
1597         __u8 status = *((__u8 *) skb->data);
1598         struct discovery_state *discov = &hdev->discovery;
1599         struct inquiry_entry *e;
1600
1601         BT_DBG("%s status 0x%2.2x", hdev->name, status);
1602
1603         hci_conn_check_pending(hdev);
1604
1605         if (!test_and_clear_bit(HCI_INQUIRY, &hdev->flags))
1606                 return;
1607
1608         smp_mb__after_clear_bit(); /* wake_up_bit advises about this barrier */
1609         wake_up_bit(&hdev->flags, HCI_INQUIRY);
1610
1611         if (!test_bit(HCI_MGMT, &hdev->dev_flags))
1612                 return;
1613
1614         hci_dev_lock(hdev);
1615
1616         if (discov->state != DISCOVERY_FINDING)
1617                 goto unlock;
1618
1619         if (list_empty(&discov->resolve)) {
1620                 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1621                 goto unlock;
1622         }
1623
1624         e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_NEEDED);
1625         if (e && hci_resolve_name(hdev, e) == 0) {
1626                 e->name_state = NAME_PENDING;
1627                 hci_discovery_set_state(hdev, DISCOVERY_RESOLVING);
1628         } else {
1629                 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1630         }
1631
1632 unlock:
1633         hci_dev_unlock(hdev);
1634 }
1635
1636 static void hci_inquiry_result_evt(struct hci_dev *hdev, struct sk_buff *skb)
1637 {
1638         struct inquiry_data data;
1639         struct inquiry_info *info = (void *) (skb->data + 1);
1640         int num_rsp = *((__u8 *) skb->data);
1641
1642         BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
1643
1644         if (!num_rsp)
1645                 return;
1646
1647         if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags))
1648                 return;
1649
1650         hci_dev_lock(hdev);
1651
1652         for (; num_rsp; num_rsp--, info++) {
1653                 bool name_known, ssp;
1654
1655                 bacpy(&data.bdaddr, &info->bdaddr);
1656                 data.pscan_rep_mode     = info->pscan_rep_mode;
1657                 data.pscan_period_mode  = info->pscan_period_mode;
1658                 data.pscan_mode         = info->pscan_mode;
1659                 memcpy(data.dev_class, info->dev_class, 3);
1660                 data.clock_offset       = info->clock_offset;
1661                 data.rssi               = 0x00;
1662                 data.ssp_mode           = 0x00;
1663
1664                 name_known = hci_inquiry_cache_update(hdev, &data, false, &ssp);
1665                 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
1666                                   info->dev_class, 0, !name_known, ssp, NULL,
1667                                   0);
1668         }
1669
1670         hci_dev_unlock(hdev);
1671 }
1672
1673 static void hci_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1674 {
1675         struct hci_ev_conn_complete *ev = (void *) skb->data;
1676         struct hci_conn *conn;
1677
1678         BT_DBG("%s", hdev->name);
1679
1680         hci_dev_lock(hdev);
1681
1682         conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
1683         if (!conn) {
1684                 if (ev->link_type != SCO_LINK)
1685                         goto unlock;
1686
1687                 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
1688                 if (!conn)
1689                         goto unlock;
1690
1691                 conn->type = SCO_LINK;
1692         }
1693
1694         if (!ev->status) {
1695                 conn->handle = __le16_to_cpu(ev->handle);
1696
1697                 if (conn->type == ACL_LINK) {
1698                         conn->state = BT_CONFIG;
1699                         hci_conn_hold(conn);
1700
1701                         if (!conn->out && !hci_conn_ssp_enabled(conn) &&
1702                             !hci_find_link_key(hdev, &ev->bdaddr))
1703                                 conn->disc_timeout = HCI_PAIRING_TIMEOUT;
1704                         else
1705                                 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
1706                 } else
1707                         conn->state = BT_CONNECTED;
1708
1709                 hci_conn_hold_device(conn);
1710                 hci_conn_add_sysfs(conn);
1711
1712                 if (test_bit(HCI_AUTH, &hdev->flags))
1713                         conn->link_mode |= HCI_LM_AUTH;
1714
1715                 if (test_bit(HCI_ENCRYPT, &hdev->flags))
1716                         conn->link_mode |= HCI_LM_ENCRYPT;
1717
1718                 /* Get remote features */
1719                 if (conn->type == ACL_LINK) {
1720                         struct hci_cp_read_remote_features cp;
1721                         cp.handle = ev->handle;
1722                         hci_send_cmd(hdev, HCI_OP_READ_REMOTE_FEATURES,
1723                                      sizeof(cp), &cp);
1724                 }
1725
1726                 /* Set packet type for incoming connection */
1727                 if (!conn->out && hdev->hci_ver < BLUETOOTH_VER_2_0) {
1728                         struct hci_cp_change_conn_ptype cp;
1729                         cp.handle = ev->handle;
1730                         cp.pkt_type = cpu_to_le16(conn->pkt_type);
1731                         hci_send_cmd(hdev, HCI_OP_CHANGE_CONN_PTYPE, sizeof(cp),
1732                                      &cp);
1733                 }
1734         } else {
1735                 conn->state = BT_CLOSED;
1736                 if (conn->type == ACL_LINK)
1737                         mgmt_connect_failed(hdev, &ev->bdaddr, conn->type,
1738                                             conn->dst_type, ev->status);
1739         }
1740
1741         if (conn->type == ACL_LINK)
1742                 hci_sco_setup(conn, ev->status);
1743
1744         if (ev->status) {
1745                 hci_proto_connect_cfm(conn, ev->status);
1746                 hci_conn_del(conn);
1747         } else if (ev->link_type != ACL_LINK)
1748                 hci_proto_connect_cfm(conn, ev->status);
1749
1750 unlock:
1751         hci_dev_unlock(hdev);
1752
1753         hci_conn_check_pending(hdev);
1754 }
1755
1756 void hci_conn_accept(struct hci_conn *conn, int mask)
1757 {
1758         struct hci_dev *hdev = conn->hdev;
1759
1760         BT_DBG("conn %p", conn);
1761
1762         conn->state = BT_CONFIG;
1763
1764         if (!lmp_esco_capable(hdev)) {
1765                 struct hci_cp_accept_conn_req cp;
1766
1767                 bacpy(&cp.bdaddr, &conn->dst);
1768
1769                 if (lmp_rswitch_capable(hdev) && (mask & HCI_LM_MASTER))
1770                         cp.role = 0x00; /* Become master */
1771                 else
1772                         cp.role = 0x01; /* Remain slave */
1773
1774                 hci_send_cmd(hdev, HCI_OP_ACCEPT_CONN_REQ, sizeof(cp), &cp);
1775         } else /* lmp_esco_capable(hdev)) */ {
1776                 struct hci_cp_accept_sync_conn_req cp;
1777
1778                 bacpy(&cp.bdaddr, &conn->dst);
1779                 cp.pkt_type = cpu_to_le16(conn->pkt_type);
1780
1781                 cp.tx_bandwidth   = __constant_cpu_to_le32(0x00001f40);
1782                 cp.rx_bandwidth   = __constant_cpu_to_le32(0x00001f40);
1783                 cp.max_latency    = __constant_cpu_to_le16(0xffff);
1784                 cp.content_format = cpu_to_le16(hdev->voice_setting);
1785                 cp.retrans_effort = 0xff;
1786
1787                 hci_send_cmd(hdev, HCI_OP_ACCEPT_SYNC_CONN_REQ,
1788                              sizeof(cp), &cp);
1789         }
1790 }
1791
1792 static void hci_conn_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
1793 {
1794         struct hci_ev_conn_request *ev = (void *) skb->data;
1795         int mask = hdev->link_mode;
1796         __u8 flags = 0;
1797
1798         BT_DBG("%s bdaddr %pMR type 0x%x", hdev->name, &ev->bdaddr,
1799                ev->link_type);
1800
1801         mask |= hci_proto_connect_ind(hdev, &ev->bdaddr, ev->link_type,
1802                                       &flags);
1803
1804         if ((mask & HCI_LM_ACCEPT) &&
1805             !hci_blacklist_lookup(hdev, &ev->bdaddr)) {
1806                 /* Connection accepted */
1807                 struct inquiry_entry *ie;
1808                 struct hci_conn *conn;
1809
1810                 hci_dev_lock(hdev);
1811
1812                 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
1813                 if (ie)
1814                         memcpy(ie->data.dev_class, ev->dev_class, 3);
1815
1816                 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type,
1817                                                &ev->bdaddr);
1818                 if (!conn) {
1819                         conn = hci_conn_add(hdev, ev->link_type, &ev->bdaddr);
1820                         if (!conn) {
1821                                 BT_ERR("No memory for new connection");
1822                                 hci_dev_unlock(hdev);
1823                                 return;
1824                         }
1825                 }
1826
1827                 memcpy(conn->dev_class, ev->dev_class, 3);
1828
1829                 hci_dev_unlock(hdev);
1830
1831                 if (ev->link_type == ACL_LINK ||
1832                     (!(flags & HCI_PROTO_DEFER) && !lmp_esco_capable(hdev))) {
1833                         struct hci_cp_accept_conn_req cp;
1834                         conn->state = BT_CONNECT;
1835
1836                         bacpy(&cp.bdaddr, &ev->bdaddr);
1837
1838                         if (lmp_rswitch_capable(hdev) && (mask & HCI_LM_MASTER))
1839                                 cp.role = 0x00; /* Become master */
1840                         else
1841                                 cp.role = 0x01; /* Remain slave */
1842
1843                         hci_send_cmd(hdev, HCI_OP_ACCEPT_CONN_REQ, sizeof(cp),
1844                                      &cp);
1845                 } else if (!(flags & HCI_PROTO_DEFER)) {
1846                         struct hci_cp_accept_sync_conn_req cp;
1847                         conn->state = BT_CONNECT;
1848
1849                         bacpy(&cp.bdaddr, &ev->bdaddr);
1850                         cp.pkt_type = cpu_to_le16(conn->pkt_type);
1851
1852                         cp.tx_bandwidth   = __constant_cpu_to_le32(0x00001f40);
1853                         cp.rx_bandwidth   = __constant_cpu_to_le32(0x00001f40);
1854                         cp.max_latency    = __constant_cpu_to_le16(0xffff);
1855                         cp.content_format = cpu_to_le16(hdev->voice_setting);
1856                         cp.retrans_effort = 0xff;
1857
1858                         hci_send_cmd(hdev, HCI_OP_ACCEPT_SYNC_CONN_REQ,
1859                                      sizeof(cp), &cp);
1860                 } else {
1861                         conn->state = BT_CONNECT2;
1862                         hci_proto_connect_cfm(conn, 0);
1863                         hci_conn_put(conn);
1864                 }
1865         } else {
1866                 /* Connection rejected */
1867                 struct hci_cp_reject_conn_req cp;
1868
1869                 bacpy(&cp.bdaddr, &ev->bdaddr);
1870                 cp.reason = HCI_ERROR_REJ_BAD_ADDR;
1871                 hci_send_cmd(hdev, HCI_OP_REJECT_CONN_REQ, sizeof(cp), &cp);
1872         }
1873 }
1874
1875 static u8 hci_to_mgmt_reason(u8 err)
1876 {
1877         switch (err) {
1878         case HCI_ERROR_CONNECTION_TIMEOUT:
1879                 return MGMT_DEV_DISCONN_TIMEOUT;
1880         case HCI_ERROR_REMOTE_USER_TERM:
1881         case HCI_ERROR_REMOTE_LOW_RESOURCES:
1882         case HCI_ERROR_REMOTE_POWER_OFF:
1883                 return MGMT_DEV_DISCONN_REMOTE;
1884         case HCI_ERROR_LOCAL_HOST_TERM:
1885                 return MGMT_DEV_DISCONN_LOCAL_HOST;
1886         default:
1887                 return MGMT_DEV_DISCONN_UNKNOWN;
1888         }
1889 }
1890
1891 static void hci_disconn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1892 {
1893         struct hci_ev_disconn_complete *ev = (void *) skb->data;
1894         struct hci_conn *conn;
1895
1896         BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
1897
1898         hci_dev_lock(hdev);
1899
1900         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1901         if (!conn)
1902                 goto unlock;
1903
1904         if (ev->status == 0)
1905                 conn->state = BT_CLOSED;
1906
1907         if (test_and_clear_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags) &&
1908             (conn->type == ACL_LINK || conn->type == LE_LINK)) {
1909                 if (ev->status) {
1910                         mgmt_disconnect_failed(hdev, &conn->dst, conn->type,
1911                                                conn->dst_type, ev->status);
1912                 } else {
1913                         u8 reason = hci_to_mgmt_reason(ev->reason);
1914
1915                         mgmt_device_disconnected(hdev, &conn->dst, conn->type,
1916                                                  conn->dst_type, reason);
1917                 }
1918         }
1919
1920         if (ev->status == 0) {
1921                 if (conn->type == ACL_LINK && conn->flush_key)
1922                         hci_remove_link_key(hdev, &conn->dst);
1923                 hci_proto_disconn_cfm(conn, ev->reason);
1924                 hci_conn_del(conn);
1925         }
1926
1927 unlock:
1928         hci_dev_unlock(hdev);
1929 }
1930
1931 static void hci_auth_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1932 {
1933         struct hci_ev_auth_complete *ev = (void *) skb->data;
1934         struct hci_conn *conn;
1935
1936         BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
1937
1938         hci_dev_lock(hdev);
1939
1940         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1941         if (!conn)
1942                 goto unlock;
1943
1944         if (!ev->status) {
1945                 if (!hci_conn_ssp_enabled(conn) &&
1946                     test_bit(HCI_CONN_REAUTH_PEND, &conn->flags)) {
1947                         BT_INFO("re-auth of legacy device is not possible.");
1948                 } else {
1949                         conn->link_mode |= HCI_LM_AUTH;
1950                         conn->sec_level = conn->pending_sec_level;
1951                 }
1952         } else {
1953                 mgmt_auth_failed(hdev, &conn->dst, conn->type, conn->dst_type,
1954                                  ev->status);
1955         }
1956
1957         clear_bit(HCI_CONN_AUTH_PEND, &conn->flags);
1958         clear_bit(HCI_CONN_REAUTH_PEND, &conn->flags);
1959
1960         if (conn->state == BT_CONFIG) {
1961                 if (!ev->status && hci_conn_ssp_enabled(conn)) {
1962                         struct hci_cp_set_conn_encrypt cp;
1963                         cp.handle  = ev->handle;
1964                         cp.encrypt = 0x01;
1965                         hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
1966                                      &cp);
1967                 } else {
1968                         conn->state = BT_CONNECTED;
1969                         hci_proto_connect_cfm(conn, ev->status);
1970                         hci_conn_put(conn);
1971                 }
1972         } else {
1973                 hci_auth_cfm(conn, ev->status);
1974
1975                 hci_conn_hold(conn);
1976                 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
1977                 hci_conn_put(conn);
1978         }
1979
1980         if (test_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags)) {
1981                 if (!ev->status) {
1982                         struct hci_cp_set_conn_encrypt cp;
1983                         cp.handle  = ev->handle;
1984                         cp.encrypt = 0x01;
1985                         hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
1986                                      &cp);
1987                 } else {
1988                         clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
1989                         hci_encrypt_cfm(conn, ev->status, 0x00);
1990                 }
1991         }
1992
1993 unlock:
1994         hci_dev_unlock(hdev);
1995 }
1996
1997 static void hci_remote_name_evt(struct hci_dev *hdev, struct sk_buff *skb)
1998 {
1999         struct hci_ev_remote_name *ev = (void *) skb->data;
2000         struct hci_conn *conn;
2001
2002         BT_DBG("%s", hdev->name);
2003
2004         hci_conn_check_pending(hdev);
2005
2006         hci_dev_lock(hdev);
2007
2008         conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2009
2010         if (!test_bit(HCI_MGMT, &hdev->dev_flags))
2011                 goto check_auth;
2012
2013         if (ev->status == 0)
2014                 hci_check_pending_name(hdev, conn, &ev->bdaddr, ev->name,
2015                                        strnlen(ev->name, HCI_MAX_NAME_LENGTH));
2016         else
2017                 hci_check_pending_name(hdev, conn, &ev->bdaddr, NULL, 0);
2018
2019 check_auth:
2020         if (!conn)
2021                 goto unlock;
2022
2023         if (!hci_outgoing_auth_needed(hdev, conn))
2024                 goto unlock;
2025
2026         if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
2027                 struct hci_cp_auth_requested cp;
2028                 cp.handle = __cpu_to_le16(conn->handle);
2029                 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp);
2030         }
2031
2032 unlock:
2033         hci_dev_unlock(hdev);
2034 }
2035
2036 static void hci_encrypt_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2037 {
2038         struct hci_ev_encrypt_change *ev = (void *) skb->data;
2039         struct hci_conn *conn;
2040
2041         BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2042
2043         hci_dev_lock(hdev);
2044
2045         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2046         if (conn) {
2047                 if (!ev->status) {
2048                         if (ev->encrypt) {
2049                                 /* Encryption implies authentication */
2050                                 conn->link_mode |= HCI_LM_AUTH;
2051                                 conn->link_mode |= HCI_LM_ENCRYPT;
2052                                 conn->sec_level = conn->pending_sec_level;
2053                         } else
2054                                 conn->link_mode &= ~HCI_LM_ENCRYPT;
2055                 }
2056
2057                 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
2058
2059                 if (ev->status && conn->state == BT_CONNECTED) {
2060                         hci_disconnect(conn, HCI_ERROR_AUTH_FAILURE);
2061                         hci_conn_put(conn);
2062                         goto unlock;
2063                 }
2064
2065                 if (conn->state == BT_CONFIG) {
2066                         if (!ev->status)
2067                                 conn->state = BT_CONNECTED;
2068
2069                         hci_proto_connect_cfm(conn, ev->status);
2070                         hci_conn_put(conn);
2071                 } else
2072                         hci_encrypt_cfm(conn, ev->status, ev->encrypt);
2073         }
2074
2075 unlock:
2076         hci_dev_unlock(hdev);
2077 }
2078
2079 static void hci_change_link_key_complete_evt(struct hci_dev *hdev,
2080                                              struct sk_buff *skb)
2081 {
2082         struct hci_ev_change_link_key_complete *ev = (void *) skb->data;
2083         struct hci_conn *conn;
2084
2085         BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2086
2087         hci_dev_lock(hdev);
2088
2089         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2090         if (conn) {
2091                 if (!ev->status)
2092                         conn->link_mode |= HCI_LM_SECURE;
2093
2094                 clear_bit(HCI_CONN_AUTH_PEND, &conn->flags);
2095
2096                 hci_key_change_cfm(conn, ev->status);
2097         }
2098
2099         hci_dev_unlock(hdev);
2100 }
2101
2102 static void hci_remote_features_evt(struct hci_dev *hdev,
2103                                     struct sk_buff *skb)
2104 {
2105         struct hci_ev_remote_features *ev = (void *) skb->data;
2106         struct hci_conn *conn;
2107
2108         BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2109
2110         hci_dev_lock(hdev);
2111
2112         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2113         if (!conn)
2114                 goto unlock;
2115
2116         if (!ev->status)
2117                 memcpy(conn->features, ev->features, 8);
2118
2119         if (conn->state != BT_CONFIG)
2120                 goto unlock;
2121
2122         if (!ev->status && lmp_ssp_capable(hdev) && lmp_ssp_capable(conn)) {
2123                 struct hci_cp_read_remote_ext_features cp;
2124                 cp.handle = ev->handle;
2125                 cp.page = 0x01;
2126                 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES,
2127                              sizeof(cp), &cp);
2128                 goto unlock;
2129         }
2130
2131         if (!ev->status && !test_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags)) {
2132                 struct hci_cp_remote_name_req cp;
2133                 memset(&cp, 0, sizeof(cp));
2134                 bacpy(&cp.bdaddr, &conn->dst);
2135                 cp.pscan_rep_mode = 0x02;
2136                 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
2137         } else if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
2138                 mgmt_device_connected(hdev, &conn->dst, conn->type,
2139                                       conn->dst_type, 0, NULL, 0,
2140                                       conn->dev_class);
2141
2142         if (!hci_outgoing_auth_needed(hdev, conn)) {
2143                 conn->state = BT_CONNECTED;
2144                 hci_proto_connect_cfm(conn, ev->status);
2145                 hci_conn_put(conn);
2146         }
2147
2148 unlock:
2149         hci_dev_unlock(hdev);
2150 }
2151
2152 static void hci_cmd_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2153 {
2154         struct hci_ev_cmd_complete *ev = (void *) skb->data;
2155         u8 status = skb->data[sizeof(*ev)];
2156         __u16 opcode;
2157
2158         skb_pull(skb, sizeof(*ev));
2159
2160         opcode = __le16_to_cpu(ev->opcode);
2161
2162         switch (opcode) {
2163         case HCI_OP_INQUIRY_CANCEL:
2164                 hci_cc_inquiry_cancel(hdev, skb);
2165                 break;
2166
2167         case HCI_OP_PERIODIC_INQ:
2168                 hci_cc_periodic_inq(hdev, skb);
2169                 break;
2170
2171         case HCI_OP_EXIT_PERIODIC_INQ:
2172                 hci_cc_exit_periodic_inq(hdev, skb);
2173                 break;
2174
2175         case HCI_OP_REMOTE_NAME_REQ_CANCEL:
2176                 hci_cc_remote_name_req_cancel(hdev, skb);
2177                 break;
2178
2179         case HCI_OP_ROLE_DISCOVERY:
2180                 hci_cc_role_discovery(hdev, skb);
2181                 break;
2182
2183         case HCI_OP_READ_LINK_POLICY:
2184                 hci_cc_read_link_policy(hdev, skb);
2185                 break;
2186
2187         case HCI_OP_WRITE_LINK_POLICY:
2188                 hci_cc_write_link_policy(hdev, skb);
2189                 break;
2190
2191         case HCI_OP_READ_DEF_LINK_POLICY:
2192                 hci_cc_read_def_link_policy(hdev, skb);
2193                 break;
2194
2195         case HCI_OP_WRITE_DEF_LINK_POLICY:
2196                 hci_cc_write_def_link_policy(hdev, skb);
2197                 break;
2198
2199         case HCI_OP_RESET:
2200                 hci_cc_reset(hdev, skb);
2201                 break;
2202
2203         case HCI_OP_WRITE_LOCAL_NAME:
2204                 hci_cc_write_local_name(hdev, skb);
2205                 break;
2206
2207         case HCI_OP_READ_LOCAL_NAME:
2208                 hci_cc_read_local_name(hdev, skb);
2209                 break;
2210
2211         case HCI_OP_WRITE_AUTH_ENABLE:
2212                 hci_cc_write_auth_enable(hdev, skb);
2213                 break;
2214
2215         case HCI_OP_WRITE_ENCRYPT_MODE:
2216                 hci_cc_write_encrypt_mode(hdev, skb);
2217                 break;
2218
2219         case HCI_OP_WRITE_SCAN_ENABLE:
2220                 hci_cc_write_scan_enable(hdev, skb);
2221                 break;
2222
2223         case HCI_OP_READ_CLASS_OF_DEV:
2224                 hci_cc_read_class_of_dev(hdev, skb);
2225                 break;
2226
2227         case HCI_OP_WRITE_CLASS_OF_DEV:
2228                 hci_cc_write_class_of_dev(hdev, skb);
2229                 break;
2230
2231         case HCI_OP_READ_VOICE_SETTING:
2232                 hci_cc_read_voice_setting(hdev, skb);
2233                 break;
2234
2235         case HCI_OP_WRITE_VOICE_SETTING:
2236                 hci_cc_write_voice_setting(hdev, skb);
2237                 break;
2238
2239         case HCI_OP_WRITE_SSP_MODE:
2240                 hci_cc_write_ssp_mode(hdev, skb);
2241                 break;
2242
2243         case HCI_OP_READ_LOCAL_VERSION:
2244                 hci_cc_read_local_version(hdev, skb);
2245                 break;
2246
2247         case HCI_OP_READ_LOCAL_COMMANDS:
2248                 hci_cc_read_local_commands(hdev, skb);
2249                 break;
2250
2251         case HCI_OP_READ_LOCAL_FEATURES:
2252                 hci_cc_read_local_features(hdev, skb);
2253                 break;
2254
2255         case HCI_OP_READ_LOCAL_EXT_FEATURES:
2256                 hci_cc_read_local_ext_features(hdev, skb);
2257                 break;
2258
2259         case HCI_OP_READ_BUFFER_SIZE:
2260                 hci_cc_read_buffer_size(hdev, skb);
2261                 break;
2262
2263         case HCI_OP_READ_BD_ADDR:
2264                 hci_cc_read_bd_addr(hdev, skb);
2265                 break;
2266
2267         case HCI_OP_READ_PAGE_SCAN_ACTIVITY:
2268                 hci_cc_read_page_scan_activity(hdev, skb);
2269                 break;
2270
2271         case HCI_OP_WRITE_PAGE_SCAN_ACTIVITY:
2272                 hci_cc_write_page_scan_activity(hdev, skb);
2273                 break;
2274
2275         case HCI_OP_READ_PAGE_SCAN_TYPE:
2276                 hci_cc_read_page_scan_type(hdev, skb);
2277                 break;
2278
2279         case HCI_OP_WRITE_PAGE_SCAN_TYPE:
2280                 hci_cc_write_page_scan_type(hdev, skb);
2281                 break;
2282
2283         case HCI_OP_READ_DATA_BLOCK_SIZE:
2284                 hci_cc_read_data_block_size(hdev, skb);
2285                 break;
2286
2287         case HCI_OP_READ_FLOW_CONTROL_MODE:
2288                 hci_cc_read_flow_control_mode(hdev, skb);
2289                 break;
2290
2291         case HCI_OP_READ_LOCAL_AMP_INFO:
2292                 hci_cc_read_local_amp_info(hdev, skb);
2293                 break;
2294
2295         case HCI_OP_READ_LOCAL_AMP_ASSOC:
2296                 hci_cc_read_local_amp_assoc(hdev, skb);
2297                 break;
2298
2299         case HCI_OP_READ_INQ_RSP_TX_POWER:
2300                 hci_cc_read_inq_rsp_tx_power(hdev, skb);
2301                 break;
2302
2303         case HCI_OP_PIN_CODE_REPLY:
2304                 hci_cc_pin_code_reply(hdev, skb);
2305                 break;
2306
2307         case HCI_OP_PIN_CODE_NEG_REPLY:
2308                 hci_cc_pin_code_neg_reply(hdev, skb);
2309                 break;
2310
2311         case HCI_OP_READ_LOCAL_OOB_DATA:
2312                 hci_cc_read_local_oob_data_reply(hdev, skb);
2313                 break;
2314
2315         case HCI_OP_LE_READ_BUFFER_SIZE:
2316                 hci_cc_le_read_buffer_size(hdev, skb);
2317                 break;
2318
2319         case HCI_OP_LE_READ_LOCAL_FEATURES:
2320                 hci_cc_le_read_local_features(hdev, skb);
2321                 break;
2322
2323         case HCI_OP_LE_READ_ADV_TX_POWER:
2324                 hci_cc_le_read_adv_tx_power(hdev, skb);
2325                 break;
2326
2327         case HCI_OP_USER_CONFIRM_REPLY:
2328                 hci_cc_user_confirm_reply(hdev, skb);
2329                 break;
2330
2331         case HCI_OP_USER_CONFIRM_NEG_REPLY:
2332                 hci_cc_user_confirm_neg_reply(hdev, skb);
2333                 break;
2334
2335         case HCI_OP_USER_PASSKEY_REPLY:
2336                 hci_cc_user_passkey_reply(hdev, skb);
2337                 break;
2338
2339         case HCI_OP_USER_PASSKEY_NEG_REPLY:
2340                 hci_cc_user_passkey_neg_reply(hdev, skb);
2341                 break;
2342
2343         case HCI_OP_LE_SET_SCAN_PARAM:
2344                 hci_cc_le_set_scan_param(hdev, skb);
2345                 break;
2346
2347         case HCI_OP_LE_SET_ADV_ENABLE:
2348                 hci_cc_le_set_adv_enable(hdev, skb);
2349                 break;
2350
2351         case HCI_OP_LE_SET_SCAN_ENABLE:
2352                 hci_cc_le_set_scan_enable(hdev, skb);
2353                 break;
2354
2355         case HCI_OP_LE_READ_WHITE_LIST_SIZE:
2356                 hci_cc_le_read_white_list_size(hdev, skb);
2357                 break;
2358
2359         case HCI_OP_LE_READ_SUPPORTED_STATES:
2360                 hci_cc_le_read_supported_states(hdev, skb);
2361                 break;
2362
2363         case HCI_OP_WRITE_LE_HOST_SUPPORTED:
2364                 hci_cc_write_le_host_supported(hdev, skb);
2365                 break;
2366
2367         case HCI_OP_WRITE_REMOTE_AMP_ASSOC:
2368                 hci_cc_write_remote_amp_assoc(hdev, skb);
2369                 break;
2370
2371         default:
2372                 BT_DBG("%s opcode 0x%4.4x", hdev->name, opcode);
2373                 break;
2374         }
2375
2376         if (opcode != HCI_OP_NOP)
2377                 del_timer(&hdev->cmd_timer);
2378
2379         hci_req_cmd_complete(hdev, opcode, status);
2380
2381         if (ev->ncmd && !test_bit(HCI_RESET, &hdev->flags)) {
2382                 atomic_set(&hdev->cmd_cnt, 1);
2383                 if (!skb_queue_empty(&hdev->cmd_q))
2384                         queue_work(hdev->workqueue, &hdev->cmd_work);
2385         }
2386 }
2387
2388 static void hci_cmd_status_evt(struct hci_dev *hdev, struct sk_buff *skb)
2389 {
2390         struct hci_ev_cmd_status *ev = (void *) skb->data;
2391         __u16 opcode;
2392
2393         skb_pull(skb, sizeof(*ev));
2394
2395         opcode = __le16_to_cpu(ev->opcode);
2396
2397         switch (opcode) {
2398         case HCI_OP_INQUIRY:
2399                 hci_cs_inquiry(hdev, ev->status);
2400                 break;
2401
2402         case HCI_OP_CREATE_CONN:
2403                 hci_cs_create_conn(hdev, ev->status);
2404                 break;
2405
2406         case HCI_OP_ADD_SCO:
2407                 hci_cs_add_sco(hdev, ev->status);
2408                 break;
2409
2410         case HCI_OP_AUTH_REQUESTED:
2411                 hci_cs_auth_requested(hdev, ev->status);
2412                 break;
2413
2414         case HCI_OP_SET_CONN_ENCRYPT:
2415                 hci_cs_set_conn_encrypt(hdev, ev->status);
2416                 break;
2417
2418         case HCI_OP_REMOTE_NAME_REQ:
2419                 hci_cs_remote_name_req(hdev, ev->status);
2420                 break;
2421
2422         case HCI_OP_READ_REMOTE_FEATURES:
2423                 hci_cs_read_remote_features(hdev, ev->status);
2424                 break;
2425
2426         case HCI_OP_READ_REMOTE_EXT_FEATURES:
2427                 hci_cs_read_remote_ext_features(hdev, ev->status);
2428                 break;
2429
2430         case HCI_OP_SETUP_SYNC_CONN:
2431                 hci_cs_setup_sync_conn(hdev, ev->status);
2432                 break;
2433
2434         case HCI_OP_SNIFF_MODE:
2435                 hci_cs_sniff_mode(hdev, ev->status);
2436                 break;
2437
2438         case HCI_OP_EXIT_SNIFF_MODE:
2439                 hci_cs_exit_sniff_mode(hdev, ev->status);
2440                 break;
2441
2442         case HCI_OP_DISCONNECT:
2443                 hci_cs_disconnect(hdev, ev->status);
2444                 break;
2445
2446         case HCI_OP_LE_CREATE_CONN:
2447                 hci_cs_le_create_conn(hdev, ev->status);
2448                 break;
2449
2450         case HCI_OP_CREATE_PHY_LINK:
2451                 hci_cs_create_phylink(hdev, ev->status);
2452                 break;
2453
2454         case HCI_OP_ACCEPT_PHY_LINK:
2455                 hci_cs_accept_phylink(hdev, ev->status);
2456                 break;
2457
2458         default:
2459                 BT_DBG("%s opcode 0x%4.4x", hdev->name, opcode);
2460                 break;
2461         }
2462
2463         if (opcode != HCI_OP_NOP)
2464                 del_timer(&hdev->cmd_timer);
2465
2466         hci_req_cmd_complete(hdev, opcode, ev->status);
2467
2468         if (ev->ncmd && !test_bit(HCI_RESET, &hdev->flags)) {
2469                 atomic_set(&hdev->cmd_cnt, 1);
2470                 if (!skb_queue_empty(&hdev->cmd_q))
2471                         queue_work(hdev->workqueue, &hdev->cmd_work);
2472         }
2473 }
2474
2475 static void hci_role_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2476 {
2477         struct hci_ev_role_change *ev = (void *) skb->data;
2478         struct hci_conn *conn;
2479
2480         BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2481
2482         hci_dev_lock(hdev);
2483
2484         conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2485         if (conn) {
2486                 if (!ev->status) {
2487                         if (ev->role)
2488                                 conn->link_mode &= ~HCI_LM_MASTER;
2489                         else
2490                                 conn->link_mode |= HCI_LM_MASTER;
2491                 }
2492
2493                 clear_bit(HCI_CONN_RSWITCH_PEND, &conn->flags);
2494
2495                 hci_role_switch_cfm(conn, ev->status, ev->role);
2496         }
2497
2498         hci_dev_unlock(hdev);
2499 }
2500
2501 static void hci_num_comp_pkts_evt(struct hci_dev *hdev, struct sk_buff *skb)
2502 {
2503         struct hci_ev_num_comp_pkts *ev = (void *) skb->data;
2504         int i;
2505
2506         if (hdev->flow_ctl_mode != HCI_FLOW_CTL_MODE_PACKET_BASED) {
2507                 BT_ERR("Wrong event for mode %d", hdev->flow_ctl_mode);
2508                 return;
2509         }
2510
2511         if (skb->len < sizeof(*ev) || skb->len < sizeof(*ev) +
2512             ev->num_hndl * sizeof(struct hci_comp_pkts_info)) {
2513                 BT_DBG("%s bad parameters", hdev->name);
2514                 return;
2515         }
2516
2517         BT_DBG("%s num_hndl %d", hdev->name, ev->num_hndl);
2518
2519         for (i = 0; i < ev->num_hndl; i++) {
2520                 struct hci_comp_pkts_info *info = &ev->handles[i];
2521                 struct hci_conn *conn;
2522                 __u16  handle, count;
2523
2524                 handle = __le16_to_cpu(info->handle);
2525                 count  = __le16_to_cpu(info->count);
2526
2527                 conn = hci_conn_hash_lookup_handle(hdev, handle);
2528                 if (!conn)
2529                         continue;
2530
2531                 conn->sent -= count;
2532
2533                 switch (conn->type) {
2534                 case ACL_LINK:
2535                         hdev->acl_cnt += count;
2536                         if (hdev->acl_cnt > hdev->acl_pkts)
2537                                 hdev->acl_cnt = hdev->acl_pkts;
2538                         break;
2539
2540                 case LE_LINK:
2541                         if (hdev->le_pkts) {
2542                                 hdev->le_cnt += count;
2543                                 if (hdev->le_cnt > hdev->le_pkts)
2544                                         hdev->le_cnt = hdev->le_pkts;
2545                         } else {
2546                                 hdev->acl_cnt += count;
2547                                 if (hdev->acl_cnt > hdev->acl_pkts)
2548                                         hdev->acl_cnt = hdev->acl_pkts;
2549                         }
2550                         break;
2551
2552                 case SCO_LINK:
2553                         hdev->sco_cnt += count;
2554                         if (hdev->sco_cnt > hdev->sco_pkts)
2555                                 hdev->sco_cnt = hdev->sco_pkts;
2556                         break;
2557
2558                 default:
2559                         BT_ERR("Unknown type %d conn %p", conn->type, conn);
2560                         break;
2561                 }
2562         }
2563
2564         queue_work(hdev->workqueue, &hdev->tx_work);
2565 }
2566
2567 static struct hci_conn *__hci_conn_lookup_handle(struct hci_dev *hdev,
2568                                                  __u16 handle)
2569 {
2570         struct hci_chan *chan;
2571
2572         switch (hdev->dev_type) {
2573         case HCI_BREDR:
2574                 return hci_conn_hash_lookup_handle(hdev, handle);
2575         case HCI_AMP:
2576                 chan = hci_chan_lookup_handle(hdev, handle);
2577                 if (chan)
2578                         return chan->conn;
2579                 break;
2580         default:
2581                 BT_ERR("%s unknown dev_type %d", hdev->name, hdev->dev_type);
2582                 break;
2583         }
2584
2585         return NULL;
2586 }
2587
2588 static void hci_num_comp_blocks_evt(struct hci_dev *hdev, struct sk_buff *skb)
2589 {
2590         struct hci_ev_num_comp_blocks *ev = (void *) skb->data;
2591         int i;
2592
2593         if (hdev->flow_ctl_mode != HCI_FLOW_CTL_MODE_BLOCK_BASED) {
2594                 BT_ERR("Wrong event for mode %d", hdev->flow_ctl_mode);
2595                 return;
2596         }
2597
2598         if (skb->len < sizeof(*ev) || skb->len < sizeof(*ev) +
2599             ev->num_hndl * sizeof(struct hci_comp_blocks_info)) {
2600                 BT_DBG("%s bad parameters", hdev->name);
2601                 return;
2602         }
2603
2604         BT_DBG("%s num_blocks %d num_hndl %d", hdev->name, ev->num_blocks,
2605                ev->num_hndl);
2606
2607         for (i = 0; i < ev->num_hndl; i++) {
2608                 struct hci_comp_blocks_info *info = &ev->handles[i];
2609                 struct hci_conn *conn = NULL;
2610                 __u16  handle, block_count;
2611
2612                 handle = __le16_to_cpu(info->handle);
2613                 block_count = __le16_to_cpu(info->blocks);
2614
2615                 conn = __hci_conn_lookup_handle(hdev, handle);
2616                 if (!conn)
2617                         continue;
2618
2619                 conn->sent -= block_count;
2620
2621                 switch (conn->type) {
2622                 case ACL_LINK:
2623                 case AMP_LINK:
2624                         hdev->block_cnt += block_count;
2625                         if (hdev->block_cnt > hdev->num_blocks)
2626                                 hdev->block_cnt = hdev->num_blocks;
2627                         break;
2628
2629                 default:
2630                         BT_ERR("Unknown type %d conn %p", conn->type, conn);
2631                         break;
2632                 }
2633         }
2634
2635         queue_work(hdev->workqueue, &hdev->tx_work);
2636 }
2637
2638 static void hci_mode_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2639 {
2640         struct hci_ev_mode_change *ev = (void *) skb->data;
2641         struct hci_conn *conn;
2642
2643         BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2644
2645         hci_dev_lock(hdev);
2646
2647         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2648         if (conn) {
2649                 conn->mode = ev->mode;
2650                 conn->interval = __le16_to_cpu(ev->interval);
2651
2652                 if (!test_and_clear_bit(HCI_CONN_MODE_CHANGE_PEND,
2653                                         &conn->flags)) {
2654                         if (conn->mode == HCI_CM_ACTIVE)
2655                                 set_bit(HCI_CONN_POWER_SAVE, &conn->flags);
2656                         else
2657                                 clear_bit(HCI_CONN_POWER_SAVE, &conn->flags);
2658                 }
2659
2660                 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
2661                         hci_sco_setup(conn, ev->status);
2662         }
2663
2664         hci_dev_unlock(hdev);
2665 }
2666
2667 static void hci_pin_code_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
2668 {
2669         struct hci_ev_pin_code_req *ev = (void *) skb->data;
2670         struct hci_conn *conn;
2671
2672         BT_DBG("%s", hdev->name);
2673
2674         hci_dev_lock(hdev);
2675
2676         conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2677         if (!conn)
2678                 goto unlock;
2679
2680         if (conn->state == BT_CONNECTED) {
2681                 hci_conn_hold(conn);
2682                 conn->disc_timeout = HCI_PAIRING_TIMEOUT;
2683                 hci_conn_put(conn);
2684         }
2685
2686         if (!test_bit(HCI_PAIRABLE, &hdev->dev_flags))
2687                 hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
2688                              sizeof(ev->bdaddr), &ev->bdaddr);
2689         else if (test_bit(HCI_MGMT, &hdev->dev_flags)) {
2690                 u8 secure;
2691
2692                 if (conn->pending_sec_level == BT_SECURITY_HIGH)
2693                         secure = 1;
2694                 else
2695                         secure = 0;
2696
2697                 mgmt_pin_code_request(hdev, &ev->bdaddr, secure);
2698         }
2699
2700 unlock:
2701         hci_dev_unlock(hdev);
2702 }
2703
2704 static void hci_link_key_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
2705 {
2706         struct hci_ev_link_key_req *ev = (void *) skb->data;
2707         struct hci_cp_link_key_reply cp;
2708         struct hci_conn *conn;
2709         struct link_key *key;
2710
2711         BT_DBG("%s", hdev->name);
2712
2713         if (!test_bit(HCI_LINK_KEYS, &hdev->dev_flags))
2714                 return;
2715
2716         hci_dev_lock(hdev);
2717
2718         key = hci_find_link_key(hdev, &ev->bdaddr);
2719         if (!key) {
2720                 BT_DBG("%s link key not found for %pMR", hdev->name,
2721                        &ev->bdaddr);
2722                 goto not_found;
2723         }
2724
2725         BT_DBG("%s found key type %u for %pMR", hdev->name, key->type,
2726                &ev->bdaddr);
2727
2728         if (!test_bit(HCI_DEBUG_KEYS, &hdev->dev_flags) &&
2729             key->type == HCI_LK_DEBUG_COMBINATION) {
2730                 BT_DBG("%s ignoring debug key", hdev->name);
2731                 goto not_found;
2732         }
2733
2734         conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2735         if (conn) {
2736                 if (key->type == HCI_LK_UNAUTH_COMBINATION &&
2737                     conn->auth_type != 0xff && (conn->auth_type & 0x01)) {
2738                         BT_DBG("%s ignoring unauthenticated key", hdev->name);
2739                         goto not_found;
2740                 }
2741
2742                 if (key->type == HCI_LK_COMBINATION && key->pin_len < 16 &&
2743                     conn->pending_sec_level == BT_SECURITY_HIGH) {
2744                         BT_DBG("%s ignoring key unauthenticated for high security",
2745                                hdev->name);
2746                         goto not_found;
2747                 }
2748
2749                 conn->key_type = key->type;
2750                 conn->pin_length = key->pin_len;
2751         }
2752
2753         bacpy(&cp.bdaddr, &ev->bdaddr);
2754         memcpy(cp.link_key, key->val, HCI_LINK_KEY_SIZE);
2755
2756         hci_send_cmd(hdev, HCI_OP_LINK_KEY_REPLY, sizeof(cp), &cp);
2757
2758         hci_dev_unlock(hdev);
2759
2760         return;
2761
2762 not_found:
2763         hci_send_cmd(hdev, HCI_OP_LINK_KEY_NEG_REPLY, 6, &ev->bdaddr);
2764         hci_dev_unlock(hdev);
2765 }
2766
2767 static void hci_link_key_notify_evt(struct hci_dev *hdev, struct sk_buff *skb)
2768 {
2769         struct hci_ev_link_key_notify *ev = (void *) skb->data;
2770         struct hci_conn *conn;
2771         u8 pin_len = 0;
2772
2773         BT_DBG("%s", hdev->name);
2774
2775         hci_dev_lock(hdev);
2776
2777         conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2778         if (conn) {
2779                 hci_conn_hold(conn);
2780                 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
2781                 pin_len = conn->pin_length;
2782
2783                 if (ev->key_type != HCI_LK_CHANGED_COMBINATION)
2784                         conn->key_type = ev->key_type;
2785
2786                 hci_conn_put(conn);
2787         }
2788
2789         if (test_bit(HCI_LINK_KEYS, &hdev->dev_flags))
2790                 hci_add_link_key(hdev, conn, 1, &ev->bdaddr, ev->link_key,
2791                                  ev->key_type, pin_len);
2792
2793         hci_dev_unlock(hdev);
2794 }
2795
2796 static void hci_clock_offset_evt(struct hci_dev *hdev, struct sk_buff *skb)
2797 {
2798         struct hci_ev_clock_offset *ev = (void *) skb->data;
2799         struct hci_conn *conn;
2800
2801         BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2802
2803         hci_dev_lock(hdev);
2804
2805         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2806         if (conn && !ev->status) {
2807                 struct inquiry_entry *ie;
2808
2809                 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
2810                 if (ie) {
2811                         ie->data.clock_offset = ev->clock_offset;
2812                         ie->timestamp = jiffies;
2813                 }
2814         }
2815
2816         hci_dev_unlock(hdev);
2817 }
2818
2819 static void hci_pkt_type_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2820 {
2821         struct hci_ev_pkt_type_change *ev = (void *) skb->data;
2822         struct hci_conn *conn;
2823
2824         BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2825
2826         hci_dev_lock(hdev);
2827
2828         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2829         if (conn && !ev->status)
2830                 conn->pkt_type = __le16_to_cpu(ev->pkt_type);
2831
2832         hci_dev_unlock(hdev);
2833 }
2834
2835 static void hci_pscan_rep_mode_evt(struct hci_dev *hdev, struct sk_buff *skb)
2836 {
2837         struct hci_ev_pscan_rep_mode *ev = (void *) skb->data;
2838         struct inquiry_entry *ie;
2839
2840         BT_DBG("%s", hdev->name);
2841
2842         hci_dev_lock(hdev);
2843
2844         ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
2845         if (ie) {
2846                 ie->data.pscan_rep_mode = ev->pscan_rep_mode;
2847                 ie->timestamp = jiffies;
2848         }
2849
2850         hci_dev_unlock(hdev);
2851 }
2852
2853 static void hci_inquiry_result_with_rssi_evt(struct hci_dev *hdev,
2854                                              struct sk_buff *skb)
2855 {
2856         struct inquiry_data data;
2857         int num_rsp = *((__u8 *) skb->data);
2858         bool name_known, ssp;
2859
2860         BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
2861
2862         if (!num_rsp)
2863                 return;
2864
2865         if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags))
2866                 return;
2867
2868         hci_dev_lock(hdev);
2869
2870         if ((skb->len - 1) / num_rsp != sizeof(struct inquiry_info_with_rssi)) {
2871                 struct inquiry_info_with_rssi_and_pscan_mode *info;
2872                 info = (void *) (skb->data + 1);
2873
2874                 for (; num_rsp; num_rsp--, info++) {
2875                         bacpy(&data.bdaddr, &info->bdaddr);
2876                         data.pscan_rep_mode     = info->pscan_rep_mode;
2877                         data.pscan_period_mode  = info->pscan_period_mode;
2878                         data.pscan_mode         = info->pscan_mode;
2879                         memcpy(data.dev_class, info->dev_class, 3);
2880                         data.clock_offset       = info->clock_offset;
2881                         data.rssi               = info->rssi;
2882                         data.ssp_mode           = 0x00;
2883
2884                         name_known = hci_inquiry_cache_update(hdev, &data,
2885                                                               false, &ssp);
2886                         mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
2887                                           info->dev_class, info->rssi,
2888                                           !name_known, ssp, NULL, 0);
2889                 }
2890         } else {
2891                 struct inquiry_info_with_rssi *info = (void *) (skb->data + 1);
2892
2893                 for (; num_rsp; num_rsp--, info++) {
2894                         bacpy(&data.bdaddr, &info->bdaddr);
2895                         data.pscan_rep_mode     = info->pscan_rep_mode;
2896                         data.pscan_period_mode  = info->pscan_period_mode;
2897                         data.pscan_mode         = 0x00;
2898                         memcpy(data.dev_class, info->dev_class, 3);
2899                         data.clock_offset       = info->clock_offset;
2900                         data.rssi               = info->rssi;
2901                         data.ssp_mode           = 0x00;
2902                         name_known = hci_inquiry_cache_update(hdev, &data,
2903                                                               false, &ssp);
2904                         mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
2905                                           info->dev_class, info->rssi,
2906                                           !name_known, ssp, NULL, 0);
2907                 }
2908         }
2909
2910         hci_dev_unlock(hdev);
2911 }
2912
2913 static void hci_remote_ext_features_evt(struct hci_dev *hdev,
2914                                         struct sk_buff *skb)
2915 {
2916         struct hci_ev_remote_ext_features *ev = (void *) skb->data;
2917         struct hci_conn *conn;
2918
2919         BT_DBG("%s", hdev->name);
2920
2921         hci_dev_lock(hdev);
2922
2923         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2924         if (!conn)
2925                 goto unlock;
2926
2927         if (!ev->status && ev->page == 0x01) {
2928                 struct inquiry_entry *ie;
2929
2930                 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
2931                 if (ie)
2932                         ie->data.ssp_mode = (ev->features[0] & LMP_HOST_SSP);
2933
2934                 if (ev->features[0] & LMP_HOST_SSP)
2935                         set_bit(HCI_CONN_SSP_ENABLED, &conn->flags);
2936         }
2937
2938         if (conn->state != BT_CONFIG)
2939                 goto unlock;
2940
2941         if (!ev->status && !test_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags)) {
2942                 struct hci_cp_remote_name_req cp;
2943                 memset(&cp, 0, sizeof(cp));
2944                 bacpy(&cp.bdaddr, &conn->dst);
2945                 cp.pscan_rep_mode = 0x02;
2946                 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
2947         } else if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
2948                 mgmt_device_connected(hdev, &conn->dst, conn->type,
2949                                       conn->dst_type, 0, NULL, 0,
2950                                       conn->dev_class);
2951
2952         if (!hci_outgoing_auth_needed(hdev, conn)) {
2953                 conn->state = BT_CONNECTED;
2954                 hci_proto_connect_cfm(conn, ev->status);
2955                 hci_conn_put(conn);
2956         }
2957
2958 unlock:
2959         hci_dev_unlock(hdev);
2960 }
2961
2962 static void hci_sync_conn_complete_evt(struct hci_dev *hdev,
2963                                        struct sk_buff *skb)
2964 {
2965         struct hci_ev_sync_conn_complete *ev = (void *) skb->data;
2966         struct hci_conn *conn;
2967
2968         BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2969
2970         hci_dev_lock(hdev);
2971
2972         conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
2973         if (!conn) {
2974                 if (ev->link_type == ESCO_LINK)
2975                         goto unlock;
2976
2977                 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
2978                 if (!conn)
2979                         goto unlock;
2980
2981                 conn->type = SCO_LINK;
2982         }
2983
2984         switch (ev->status) {
2985         case 0x00:
2986                 conn->handle = __le16_to_cpu(ev->handle);
2987                 conn->state  = BT_CONNECTED;
2988
2989                 hci_conn_hold_device(conn);
2990                 hci_conn_add_sysfs(conn);
2991                 break;
2992
2993         case 0x11:      /* Unsupported Feature or Parameter Value */
2994         case 0x1c:      /* SCO interval rejected */
2995         case 0x1a:      /* Unsupported Remote Feature */
2996         case 0x1f:      /* Unspecified error */
2997                 if (conn->out && conn->attempt < 2) {
2998                         conn->pkt_type = (hdev->esco_type & SCO_ESCO_MASK) |
2999                                         (hdev->esco_type & EDR_ESCO_MASK);
3000                         hci_setup_sync(conn, conn->link->handle);
3001                         goto unlock;
3002                 }
3003                 /* fall through */
3004
3005         default:
3006                 conn->state = BT_CLOSED;
3007                 break;
3008         }
3009
3010         hci_proto_connect_cfm(conn, ev->status);
3011         if (ev->status)
3012                 hci_conn_del(conn);
3013
3014 unlock:
3015         hci_dev_unlock(hdev);
3016 }
3017
3018 static void hci_extended_inquiry_result_evt(struct hci_dev *hdev,
3019                                             struct sk_buff *skb)
3020 {
3021         struct inquiry_data data;
3022         struct extended_inquiry_info *info = (void *) (skb->data + 1);
3023         int num_rsp = *((__u8 *) skb->data);
3024         size_t eir_len;
3025
3026         BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
3027
3028         if (!num_rsp)
3029                 return;
3030
3031         if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags))
3032                 return;
3033
3034         hci_dev_lock(hdev);
3035
3036         for (; num_rsp; num_rsp--, info++) {
3037                 bool name_known, ssp;
3038
3039                 bacpy(&data.bdaddr, &info->bdaddr);
3040                 data.pscan_rep_mode     = info->pscan_rep_mode;
3041                 data.pscan_period_mode  = info->pscan_period_mode;
3042                 data.pscan_mode         = 0x00;
3043                 memcpy(data.dev_class, info->dev_class, 3);
3044                 data.clock_offset       = info->clock_offset;
3045                 data.rssi               = info->rssi;
3046                 data.ssp_mode           = 0x01;
3047
3048                 if (test_bit(HCI_MGMT, &hdev->dev_flags))
3049                         name_known = eir_has_data_type(info->data,
3050                                                        sizeof(info->data),
3051                                                        EIR_NAME_COMPLETE);
3052                 else
3053                         name_known = true;
3054
3055                 name_known = hci_inquiry_cache_update(hdev, &data, name_known,
3056                                                       &ssp);
3057                 eir_len = eir_get_length(info->data, sizeof(info->data));
3058                 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
3059                                   info->dev_class, info->rssi, !name_known,
3060                                   ssp, info->data, eir_len);
3061         }
3062
3063         hci_dev_unlock(hdev);
3064 }
3065
3066 static void hci_key_refresh_complete_evt(struct hci_dev *hdev,
3067                                          struct sk_buff *skb)
3068 {
3069         struct hci_ev_key_refresh_complete *ev = (void *) skb->data;
3070         struct hci_conn *conn;
3071
3072         BT_DBG("%s status 0x%2.2x handle 0x%4.4x", hdev->name, ev->status,
3073                __le16_to_cpu(ev->handle));
3074
3075         hci_dev_lock(hdev);
3076
3077         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
3078         if (!conn)
3079                 goto unlock;
3080
3081         if (!ev->status)
3082                 conn->sec_level = conn->pending_sec_level;
3083
3084         clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
3085
3086         if (ev->status && conn->state == BT_CONNECTED) {
3087                 hci_disconnect(conn, HCI_ERROR_AUTH_FAILURE);
3088                 hci_conn_put(conn);
3089                 goto unlock;
3090         }
3091
3092         if (conn->state == BT_CONFIG) {
3093                 if (!ev->status)
3094                         conn->state = BT_CONNECTED;
3095
3096                 hci_proto_connect_cfm(conn, ev->status);
3097                 hci_conn_put(conn);
3098         } else {
3099                 hci_auth_cfm(conn, ev->status);
3100
3101                 hci_conn_hold(conn);
3102                 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
3103                 hci_conn_put(conn);
3104         }
3105
3106 unlock:
3107         hci_dev_unlock(hdev);
3108 }
3109
3110 static u8 hci_get_auth_req(struct hci_conn *conn)
3111 {
3112         /* If remote requests dedicated bonding follow that lead */
3113         if (conn->remote_auth == 0x02 || conn->remote_auth == 0x03) {
3114                 /* If both remote and local IO capabilities allow MITM
3115                  * protection then require it, otherwise don't */
3116                 if (conn->remote_cap == 0x03 || conn->io_capability == 0x03)
3117                         return 0x02;
3118                 else
3119                         return 0x03;
3120         }
3121
3122         /* If remote requests no-bonding follow that lead */
3123         if (conn->remote_auth == 0x00 || conn->remote_auth == 0x01)
3124                 return conn->remote_auth | (conn->auth_type & 0x01);
3125
3126         return conn->auth_type;
3127 }
3128
3129 static void hci_io_capa_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
3130 {
3131         struct hci_ev_io_capa_request *ev = (void *) skb->data;
3132         struct hci_conn *conn;
3133
3134         BT_DBG("%s", hdev->name);
3135
3136         hci_dev_lock(hdev);
3137
3138         conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3139         if (!conn)
3140                 goto unlock;
3141
3142         hci_conn_hold(conn);
3143
3144         if (!test_bit(HCI_MGMT, &hdev->dev_flags))
3145                 goto unlock;
3146
3147         if (test_bit(HCI_PAIRABLE, &hdev->dev_flags) ||
3148             (conn->remote_auth & ~0x01) == HCI_AT_NO_BONDING) {
3149                 struct hci_cp_io_capability_reply cp;
3150
3151                 bacpy(&cp.bdaddr, &ev->bdaddr);
3152                 /* Change the IO capability from KeyboardDisplay
3153                  * to DisplayYesNo as it is not supported by BT spec. */
3154                 cp.capability = (conn->io_capability == 0x04) ?
3155                                                 0x01 : conn->io_capability;
3156                 conn->auth_type = hci_get_auth_req(conn);
3157                 cp.authentication = conn->auth_type;
3158
3159                 if (hci_find_remote_oob_data(hdev, &conn->dst) &&
3160                     (conn->out || test_bit(HCI_CONN_REMOTE_OOB, &conn->flags)))
3161                         cp.oob_data = 0x01;
3162                 else
3163                         cp.oob_data = 0x00;
3164
3165                 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_REPLY,
3166                              sizeof(cp), &cp);
3167         } else {
3168                 struct hci_cp_io_capability_neg_reply cp;
3169
3170                 bacpy(&cp.bdaddr, &ev->bdaddr);
3171                 cp.reason = HCI_ERROR_PAIRING_NOT_ALLOWED;
3172
3173                 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_NEG_REPLY,
3174                              sizeof(cp), &cp);
3175         }
3176
3177 unlock:
3178         hci_dev_unlock(hdev);
3179 }
3180
3181 static void hci_io_capa_reply_evt(struct hci_dev *hdev, struct sk_buff *skb)
3182 {
3183         struct hci_ev_io_capa_reply *ev = (void *) skb->data;
3184         struct hci_conn *conn;
3185
3186         BT_DBG("%s", hdev->name);
3187
3188         hci_dev_lock(hdev);
3189
3190         conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3191         if (!conn)
3192                 goto unlock;
3193
3194         conn->remote_cap = ev->capability;
3195         conn->remote_auth = ev->authentication;
3196         if (ev->oob_data)
3197                 set_bit(HCI_CONN_REMOTE_OOB, &conn->flags);
3198
3199 unlock:
3200         hci_dev_unlock(hdev);
3201 }
3202
3203 static void hci_user_confirm_request_evt(struct hci_dev *hdev,
3204                                          struct sk_buff *skb)
3205 {
3206         struct hci_ev_user_confirm_req *ev = (void *) skb->data;
3207         int loc_mitm, rem_mitm, confirm_hint = 0;
3208         struct hci_conn *conn;
3209
3210         BT_DBG("%s", hdev->name);
3211
3212         hci_dev_lock(hdev);
3213
3214         if (!test_bit(HCI_MGMT, &hdev->dev_flags))
3215                 goto unlock;
3216
3217         conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3218         if (!conn)
3219                 goto unlock;
3220
3221         loc_mitm = (conn->auth_type & 0x01);
3222         rem_mitm = (conn->remote_auth & 0x01);
3223
3224         /* If we require MITM but the remote device can't provide that
3225          * (it has NoInputNoOutput) then reject the confirmation
3226          * request. The only exception is when we're dedicated bonding
3227          * initiators (connect_cfm_cb set) since then we always have the MITM
3228          * bit set. */
3229         if (!conn->connect_cfm_cb && loc_mitm && conn->remote_cap == 0x03) {
3230                 BT_DBG("Rejecting request: remote device can't provide MITM");
3231                 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_NEG_REPLY,
3232                              sizeof(ev->bdaddr), &ev->bdaddr);
3233                 goto unlock;
3234         }
3235
3236         /* If no side requires MITM protection; auto-accept */
3237         if ((!loc_mitm || conn->remote_cap == 0x03) &&
3238             (!rem_mitm || conn->io_capability == 0x03)) {
3239
3240                 /* If we're not the initiators request authorization to
3241                  * proceed from user space (mgmt_user_confirm with
3242                  * confirm_hint set to 1). */
3243                 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
3244                         BT_DBG("Confirming auto-accept as acceptor");
3245                         confirm_hint = 1;
3246                         goto confirm;
3247                 }
3248
3249                 BT_DBG("Auto-accept of user confirmation with %ums delay",
3250                        hdev->auto_accept_delay);
3251
3252                 if (hdev->auto_accept_delay > 0) {
3253                         int delay = msecs_to_jiffies(hdev->auto_accept_delay);
3254                         mod_timer(&conn->auto_accept_timer, jiffies + delay);
3255                         goto unlock;
3256                 }
3257
3258                 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_REPLY,
3259                              sizeof(ev->bdaddr), &ev->bdaddr);
3260                 goto unlock;
3261         }
3262
3263 confirm:
3264         mgmt_user_confirm_request(hdev, &ev->bdaddr, ACL_LINK, 0, ev->passkey,
3265                                   confirm_hint);
3266
3267 unlock:
3268         hci_dev_unlock(hdev);
3269 }
3270
3271 static void hci_user_passkey_request_evt(struct hci_dev *hdev,
3272                                          struct sk_buff *skb)
3273 {
3274         struct hci_ev_user_passkey_req *ev = (void *) skb->data;
3275
3276         BT_DBG("%s", hdev->name);
3277
3278         if (test_bit(HCI_MGMT, &hdev->dev_flags))
3279                 mgmt_user_passkey_request(hdev, &ev->bdaddr, ACL_LINK, 0);
3280 }
3281
3282 static void hci_user_passkey_notify_evt(struct hci_dev *hdev,
3283                                         struct sk_buff *skb)
3284 {
3285         struct hci_ev_user_passkey_notify *ev = (void *) skb->data;
3286         struct hci_conn *conn;
3287
3288         BT_DBG("%s", hdev->name);
3289
3290         conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3291         if (!conn)
3292                 return;
3293
3294         conn->passkey_notify = __le32_to_cpu(ev->passkey);
3295         conn->passkey_entered = 0;
3296
3297         if (test_bit(HCI_MGMT, &hdev->dev_flags))
3298                 mgmt_user_passkey_notify(hdev, &conn->dst, conn->type,
3299                                          conn->dst_type, conn->passkey_notify,
3300                                          conn->passkey_entered);
3301 }
3302
3303 static void hci_keypress_notify_evt(struct hci_dev *hdev, struct sk_buff *skb)
3304 {
3305         struct hci_ev_keypress_notify *ev = (void *) skb->data;
3306         struct hci_conn *conn;
3307
3308         BT_DBG("%s", hdev->name);
3309
3310         conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3311         if (!conn)
3312                 return;
3313
3314         switch (ev->type) {
3315         case HCI_KEYPRESS_STARTED:
3316                 conn->passkey_entered = 0;
3317                 return;
3318
3319         case HCI_KEYPRESS_ENTERED:
3320                 conn->passkey_entered++;
3321                 break;
3322
3323         case HCI_KEYPRESS_ERASED:
3324                 conn->passkey_entered--;
3325                 break;
3326
3327         case HCI_KEYPRESS_CLEARED:
3328                 conn->passkey_entered = 0;
3329                 break;
3330
3331         case HCI_KEYPRESS_COMPLETED:
3332                 return;
3333         }
3334
3335         if (test_bit(HCI_MGMT, &hdev->dev_flags))
3336                 mgmt_user_passkey_notify(hdev, &conn->dst, conn->type,
3337                                          conn->dst_type, conn->passkey_notify,
3338                                          conn->passkey_entered);
3339 }
3340
3341 static void hci_simple_pair_complete_evt(struct hci_dev *hdev,
3342                                          struct sk_buff *skb)
3343 {
3344         struct hci_ev_simple_pair_complete *ev = (void *) skb->data;
3345         struct hci_conn *conn;
3346
3347         BT_DBG("%s", hdev->name);
3348
3349         hci_dev_lock(hdev);
3350
3351         conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3352         if (!conn)
3353                 goto unlock;
3354
3355         /* To avoid duplicate auth_failed events to user space we check
3356          * the HCI_CONN_AUTH_PEND flag which will be set if we
3357          * initiated the authentication. A traditional auth_complete
3358          * event gets always produced as initiator and is also mapped to
3359          * the mgmt_auth_failed event */
3360         if (!test_bit(HCI_CONN_AUTH_PEND, &conn->flags) && ev->status)
3361                 mgmt_auth_failed(hdev, &conn->dst, conn->type, conn->dst_type,
3362                                  ev->status);
3363
3364         hci_conn_put(conn);
3365
3366 unlock:
3367         hci_dev_unlock(hdev);
3368 }
3369
3370 static void hci_remote_host_features_evt(struct hci_dev *hdev,
3371                                          struct sk_buff *skb)
3372 {
3373         struct hci_ev_remote_host_features *ev = (void *) skb->data;
3374         struct inquiry_entry *ie;
3375
3376         BT_DBG("%s", hdev->name);
3377
3378         hci_dev_lock(hdev);
3379
3380         ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
3381         if (ie)
3382                 ie->data.ssp_mode = (ev->features[0] & LMP_HOST_SSP);
3383
3384         hci_dev_unlock(hdev);
3385 }
3386
3387 static void hci_remote_oob_data_request_evt(struct hci_dev *hdev,
3388                                             struct sk_buff *skb)
3389 {
3390         struct hci_ev_remote_oob_data_request *ev = (void *) skb->data;
3391         struct oob_data *data;
3392
3393         BT_DBG("%s", hdev->name);
3394
3395         hci_dev_lock(hdev);
3396
3397         if (!test_bit(HCI_MGMT, &hdev->dev_flags))
3398                 goto unlock;
3399
3400         data = hci_find_remote_oob_data(hdev, &ev->bdaddr);
3401         if (data) {
3402                 struct hci_cp_remote_oob_data_reply cp;
3403
3404                 bacpy(&cp.bdaddr, &ev->bdaddr);
3405                 memcpy(cp.hash, data->hash, sizeof(cp.hash));
3406                 memcpy(cp.randomizer, data->randomizer, sizeof(cp.randomizer));
3407
3408                 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_REPLY, sizeof(cp),
3409                              &cp);
3410         } else {
3411                 struct hci_cp_remote_oob_data_neg_reply cp;
3412
3413                 bacpy(&cp.bdaddr, &ev->bdaddr);
3414                 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_NEG_REPLY, sizeof(cp),
3415                              &cp);
3416         }
3417
3418 unlock:
3419         hci_dev_unlock(hdev);
3420 }
3421
3422 static void hci_phy_link_complete_evt(struct hci_dev *hdev,
3423                                       struct sk_buff *skb)
3424 {
3425         struct hci_ev_phy_link_complete *ev = (void *) skb->data;
3426         struct hci_conn *hcon, *bredr_hcon;
3427
3428         BT_DBG("%s handle 0x%2.2x status 0x%2.2x", hdev->name, ev->phy_handle,
3429                ev->status);
3430
3431         hci_dev_lock(hdev);
3432
3433         hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
3434         if (!hcon) {
3435                 hci_dev_unlock(hdev);
3436                 return;
3437         }
3438
3439         if (ev->status) {
3440                 hci_conn_del(hcon);
3441                 hci_dev_unlock(hdev);
3442                 return;
3443         }
3444
3445         bredr_hcon = hcon->amp_mgr->l2cap_conn->hcon;
3446
3447         hcon->state = BT_CONNECTED;
3448         bacpy(&hcon->dst, &bredr_hcon->dst);
3449
3450         hci_conn_hold(hcon);
3451         hcon->disc_timeout = HCI_DISCONN_TIMEOUT;
3452         hci_conn_put(hcon);
3453
3454         hci_conn_hold_device(hcon);
3455         hci_conn_add_sysfs(hcon);
3456
3457         amp_physical_cfm(bredr_hcon, hcon);
3458
3459         hci_dev_unlock(hdev);
3460 }
3461
3462 static void hci_loglink_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
3463 {
3464         struct hci_ev_logical_link_complete *ev = (void *) skb->data;
3465         struct hci_conn *hcon;
3466         struct hci_chan *hchan;
3467         struct amp_mgr *mgr;
3468
3469         BT_DBG("%s log_handle 0x%4.4x phy_handle 0x%2.2x status 0x%2.2x",
3470                hdev->name, le16_to_cpu(ev->handle), ev->phy_handle,
3471                ev->status);
3472
3473         hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
3474         if (!hcon)
3475                 return;
3476
3477         /* Create AMP hchan */
3478         hchan = hci_chan_create(hcon);
3479         if (!hchan)
3480                 return;
3481
3482         hchan->handle = le16_to_cpu(ev->handle);
3483
3484         BT_DBG("hcon %p mgr %p hchan %p", hcon, hcon->amp_mgr, hchan);
3485
3486         mgr = hcon->amp_mgr;
3487         if (mgr && mgr->bredr_chan) {
3488                 struct l2cap_chan *bredr_chan = mgr->bredr_chan;
3489
3490                 l2cap_chan_lock(bredr_chan);
3491
3492                 bredr_chan->conn->mtu = hdev->block_mtu;
3493                 l2cap_logical_cfm(bredr_chan, hchan, 0);
3494                 hci_conn_hold(hcon);
3495
3496                 l2cap_chan_unlock(bredr_chan);
3497         }
3498 }
3499
3500 static void hci_disconn_loglink_complete_evt(struct hci_dev *hdev,
3501                                              struct sk_buff *skb)
3502 {
3503         struct hci_ev_disconn_logical_link_complete *ev = (void *) skb->data;
3504         struct hci_chan *hchan;
3505
3506         BT_DBG("%s log handle 0x%4.4x status 0x%2.2x", hdev->name,
3507                le16_to_cpu(ev->handle), ev->status);
3508
3509         if (ev->status)
3510                 return;
3511
3512         hci_dev_lock(hdev);
3513
3514         hchan = hci_chan_lookup_handle(hdev, le16_to_cpu(ev->handle));
3515         if (!hchan)
3516                 goto unlock;
3517
3518         amp_destroy_logical_link(hchan, ev->reason);
3519
3520 unlock:
3521         hci_dev_unlock(hdev);
3522 }
3523
3524 static void hci_disconn_phylink_complete_evt(struct hci_dev *hdev,
3525                                              struct sk_buff *skb)
3526 {
3527         struct hci_ev_disconn_phy_link_complete *ev = (void *) skb->data;
3528         struct hci_conn *hcon;
3529
3530         BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
3531
3532         if (ev->status)
3533                 return;
3534
3535         hci_dev_lock(hdev);
3536
3537         hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
3538         if (hcon) {
3539                 hcon->state = BT_CLOSED;
3540                 hci_conn_del(hcon);
3541         }
3542
3543         hci_dev_unlock(hdev);
3544 }
3545
3546 static void hci_le_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
3547 {
3548         struct hci_ev_le_conn_complete *ev = (void *) skb->data;
3549         struct hci_conn *conn;
3550
3551         BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
3552
3553         hci_dev_lock(hdev);
3554
3555         conn = hci_conn_hash_lookup_state(hdev, LE_LINK, BT_CONNECT);
3556         if (!conn) {
3557                 conn = hci_conn_add(hdev, LE_LINK, &ev->bdaddr);
3558                 if (!conn) {
3559                         BT_ERR("No memory for new connection");
3560                         goto unlock;
3561                 }
3562
3563                 conn->dst_type = ev->bdaddr_type;
3564
3565                 if (ev->role == LE_CONN_ROLE_MASTER) {
3566                         conn->out = true;
3567                         conn->link_mode |= HCI_LM_MASTER;
3568                 }
3569         }
3570
3571         if (ev->status) {
3572                 mgmt_connect_failed(hdev, &conn->dst, conn->type,
3573                                     conn->dst_type, ev->status);
3574                 hci_proto_connect_cfm(conn, ev->status);
3575                 conn->state = BT_CLOSED;
3576                 hci_conn_del(conn);
3577                 goto unlock;
3578         }
3579
3580         if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
3581                 mgmt_device_connected(hdev, &ev->bdaddr, conn->type,
3582                                       conn->dst_type, 0, NULL, 0, NULL);
3583
3584         conn->sec_level = BT_SECURITY_LOW;
3585         conn->handle = __le16_to_cpu(ev->handle);
3586         conn->state = BT_CONNECTED;
3587
3588         hci_conn_hold_device(conn);
3589         hci_conn_add_sysfs(conn);
3590
3591         hci_proto_connect_cfm(conn, ev->status);
3592
3593 unlock:
3594         hci_dev_unlock(hdev);
3595 }
3596
3597 static void hci_le_adv_report_evt(struct hci_dev *hdev, struct sk_buff *skb)
3598 {
3599         u8 num_reports = skb->data[0];
3600         void *ptr = &skb->data[1];
3601         s8 rssi;
3602
3603         while (num_reports--) {
3604                 struct hci_ev_le_advertising_info *ev = ptr;
3605
3606                 rssi = ev->data[ev->length];
3607                 mgmt_device_found(hdev, &ev->bdaddr, LE_LINK, ev->bdaddr_type,
3608                                   NULL, rssi, 0, 1, ev->data, ev->length);
3609
3610                 ptr += sizeof(*ev) + ev->length + 1;
3611         }
3612 }
3613
3614 static void hci_le_ltk_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
3615 {
3616         struct hci_ev_le_ltk_req *ev = (void *) skb->data;
3617         struct hci_cp_le_ltk_reply cp;
3618         struct hci_cp_le_ltk_neg_reply neg;
3619         struct hci_conn *conn;
3620         struct smp_ltk *ltk;
3621
3622         BT_DBG("%s handle 0x%4.4x", hdev->name, __le16_to_cpu(ev->handle));
3623
3624         hci_dev_lock(hdev);
3625
3626         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
3627         if (conn == NULL)
3628                 goto not_found;
3629
3630         ltk = hci_find_ltk(hdev, ev->ediv, ev->random);
3631         if (ltk == NULL)
3632                 goto not_found;
3633
3634         memcpy(cp.ltk, ltk->val, sizeof(ltk->val));
3635         cp.handle = cpu_to_le16(conn->handle);
3636
3637         if (ltk->authenticated)
3638                 conn->sec_level = BT_SECURITY_HIGH;
3639
3640         hci_send_cmd(hdev, HCI_OP_LE_LTK_REPLY, sizeof(cp), &cp);
3641
3642         if (ltk->type & HCI_SMP_STK) {
3643                 list_del(&ltk->list);
3644                 kfree(ltk);
3645         }
3646
3647         hci_dev_unlock(hdev);
3648
3649         return;
3650
3651 not_found:
3652         neg.handle = ev->handle;
3653         hci_send_cmd(hdev, HCI_OP_LE_LTK_NEG_REPLY, sizeof(neg), &neg);
3654         hci_dev_unlock(hdev);
3655 }
3656
3657 static void hci_le_meta_evt(struct hci_dev *hdev, struct sk_buff *skb)
3658 {
3659         struct hci_ev_le_meta *le_ev = (void *) skb->data;
3660
3661         skb_pull(skb, sizeof(*le_ev));
3662
3663         switch (le_ev->subevent) {
3664         case HCI_EV_LE_CONN_COMPLETE:
3665                 hci_le_conn_complete_evt(hdev, skb);
3666                 break;
3667
3668         case HCI_EV_LE_ADVERTISING_REPORT:
3669                 hci_le_adv_report_evt(hdev, skb);
3670                 break;
3671
3672         case HCI_EV_LE_LTK_REQ:
3673                 hci_le_ltk_request_evt(hdev, skb);
3674                 break;
3675
3676         default:
3677                 break;
3678         }
3679 }
3680
3681 static void hci_chan_selected_evt(struct hci_dev *hdev, struct sk_buff *skb)
3682 {
3683         struct hci_ev_channel_selected *ev = (void *) skb->data;
3684         struct hci_conn *hcon;
3685
3686         BT_DBG("%s handle 0x%2.2x", hdev->name, ev->phy_handle);
3687
3688         skb_pull(skb, sizeof(*ev));
3689
3690         hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
3691         if (!hcon)
3692                 return;
3693
3694         amp_read_loc_assoc_final_data(hdev, hcon);
3695 }
3696
3697 void hci_event_packet(struct hci_dev *hdev, struct sk_buff *skb)
3698 {
3699         struct hci_event_hdr *hdr = (void *) skb->data;
3700         __u8 event = hdr->evt;
3701
3702         skb_pull(skb, HCI_EVENT_HDR_SIZE);
3703
3704         switch (event) {
3705         case HCI_EV_INQUIRY_COMPLETE:
3706                 hci_inquiry_complete_evt(hdev, skb);
3707                 break;
3708
3709         case HCI_EV_INQUIRY_RESULT:
3710                 hci_inquiry_result_evt(hdev, skb);
3711                 break;
3712
3713         case HCI_EV_CONN_COMPLETE:
3714                 hci_conn_complete_evt(hdev, skb);
3715                 break;
3716
3717         case HCI_EV_CONN_REQUEST:
3718                 hci_conn_request_evt(hdev, skb);
3719                 break;
3720
3721         case HCI_EV_DISCONN_COMPLETE:
3722                 hci_disconn_complete_evt(hdev, skb);
3723                 break;
3724
3725         case HCI_EV_AUTH_COMPLETE:
3726                 hci_auth_complete_evt(hdev, skb);
3727                 break;
3728
3729         case HCI_EV_REMOTE_NAME:
3730                 hci_remote_name_evt(hdev, skb);
3731                 break;
3732
3733         case HCI_EV_ENCRYPT_CHANGE:
3734                 hci_encrypt_change_evt(hdev, skb);
3735                 break;
3736
3737         case HCI_EV_CHANGE_LINK_KEY_COMPLETE:
3738                 hci_change_link_key_complete_evt(hdev, skb);
3739                 break;
3740
3741         case HCI_EV_REMOTE_FEATURES:
3742                 hci_remote_features_evt(hdev, skb);
3743                 break;
3744
3745         case HCI_EV_CMD_COMPLETE:
3746                 hci_cmd_complete_evt(hdev, skb);
3747                 break;
3748
3749         case HCI_EV_CMD_STATUS:
3750                 hci_cmd_status_evt(hdev, skb);
3751                 break;
3752
3753         case HCI_EV_ROLE_CHANGE:
3754                 hci_role_change_evt(hdev, skb);
3755                 break;
3756
3757         case HCI_EV_NUM_COMP_PKTS:
3758                 hci_num_comp_pkts_evt(hdev, skb);
3759                 break;
3760
3761         case HCI_EV_MODE_CHANGE:
3762                 hci_mode_change_evt(hdev, skb);
3763                 break;
3764
3765         case HCI_EV_PIN_CODE_REQ:
3766                 hci_pin_code_request_evt(hdev, skb);
3767                 break;
3768
3769         case HCI_EV_LINK_KEY_REQ:
3770                 hci_link_key_request_evt(hdev, skb);
3771                 break;
3772
3773         case HCI_EV_LINK_KEY_NOTIFY:
3774                 hci_link_key_notify_evt(hdev, skb);
3775                 break;
3776
3777         case HCI_EV_CLOCK_OFFSET:
3778                 hci_clock_offset_evt(hdev, skb);
3779                 break;
3780
3781         case HCI_EV_PKT_TYPE_CHANGE:
3782                 hci_pkt_type_change_evt(hdev, skb);
3783                 break;
3784
3785         case HCI_EV_PSCAN_REP_MODE:
3786                 hci_pscan_rep_mode_evt(hdev, skb);
3787                 break;
3788
3789         case HCI_EV_INQUIRY_RESULT_WITH_RSSI:
3790                 hci_inquiry_result_with_rssi_evt(hdev, skb);
3791                 break;
3792
3793         case HCI_EV_REMOTE_EXT_FEATURES:
3794                 hci_remote_ext_features_evt(hdev, skb);
3795                 break;
3796
3797         case HCI_EV_SYNC_CONN_COMPLETE:
3798                 hci_sync_conn_complete_evt(hdev, skb);
3799                 break;
3800
3801         case HCI_EV_EXTENDED_INQUIRY_RESULT:
3802                 hci_extended_inquiry_result_evt(hdev, skb);
3803                 break;
3804
3805         case HCI_EV_KEY_REFRESH_COMPLETE:
3806                 hci_key_refresh_complete_evt(hdev, skb);
3807                 break;
3808
3809         case HCI_EV_IO_CAPA_REQUEST:
3810                 hci_io_capa_request_evt(hdev, skb);
3811                 break;
3812
3813         case HCI_EV_IO_CAPA_REPLY:
3814                 hci_io_capa_reply_evt(hdev, skb);
3815                 break;
3816
3817         case HCI_EV_USER_CONFIRM_REQUEST:
3818                 hci_user_confirm_request_evt(hdev, skb);
3819                 break;
3820
3821         case HCI_EV_USER_PASSKEY_REQUEST:
3822                 hci_user_passkey_request_evt(hdev, skb);
3823                 break;
3824
3825         case HCI_EV_USER_PASSKEY_NOTIFY:
3826                 hci_user_passkey_notify_evt(hdev, skb);
3827                 break;
3828
3829         case HCI_EV_KEYPRESS_NOTIFY:
3830                 hci_keypress_notify_evt(hdev, skb);
3831                 break;
3832
3833         case HCI_EV_SIMPLE_PAIR_COMPLETE:
3834                 hci_simple_pair_complete_evt(hdev, skb);
3835                 break;
3836
3837         case HCI_EV_REMOTE_HOST_FEATURES:
3838                 hci_remote_host_features_evt(hdev, skb);
3839                 break;
3840
3841         case HCI_EV_LE_META:
3842                 hci_le_meta_evt(hdev, skb);
3843                 break;
3844
3845         case HCI_EV_CHANNEL_SELECTED:
3846                 hci_chan_selected_evt(hdev, skb);
3847                 break;
3848
3849         case HCI_EV_REMOTE_OOB_DATA_REQUEST:
3850                 hci_remote_oob_data_request_evt(hdev, skb);
3851                 break;
3852
3853         case HCI_EV_PHY_LINK_COMPLETE:
3854                 hci_phy_link_complete_evt(hdev, skb);
3855                 break;
3856
3857         case HCI_EV_LOGICAL_LINK_COMPLETE:
3858                 hci_loglink_complete_evt(hdev, skb);
3859                 break;
3860
3861         case HCI_EV_DISCONN_LOGICAL_LINK_COMPLETE:
3862                 hci_disconn_loglink_complete_evt(hdev, skb);
3863                 break;
3864
3865         case HCI_EV_DISCONN_PHY_LINK_COMPLETE:
3866                 hci_disconn_phylink_complete_evt(hdev, skb);
3867                 break;
3868
3869         case HCI_EV_NUM_COMP_BLOCKS:
3870                 hci_num_comp_blocks_evt(hdev, skb);
3871                 break;
3872
3873         default:
3874                 BT_DBG("%s event 0x%2.2x", hdev->name, event);
3875                 break;
3876         }
3877
3878         kfree_skb(skb);
3879         hdev->stat.evt_rx++;
3880 }