projects / GitHub / mt8127 / android_kernel_alcatel_ttab.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Bluetooth: Update and rename mgmt_remove_keys to mgmt_unpair_device
[GitHub/mt8127/android_kernel_alcatel_ttab.git] / net / bluetooth / hci_event.c
CommitLineData
8e87d142 1/*
1da177e4 2 BlueZ - Bluetooth protocol stack for Linux
2d0a0346 3 Copyright (c) 2000-2001, 2010, Code Aurora Forum. All rights reserved.
1da177e4
LT		 4
5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
8e87d142
YH		 15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
1da177e4
LT		 18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
8e87d142
YH		 20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
1da177e4
LT		 22 SOFTWARE IS DISCLAIMED.
23*/
24
25/* Bluetooth HCI event handling. */
26
1da177e4
LT		 27#include <linux/module.h>
28
29#include <linux/types.h>
30#include <linux/errno.h>
31#include <linux/kernel.h>
1da177e4
LT		 32#include <linux/slab.h>
33#include <linux/poll.h>
34#include <linux/fcntl.h>
35#include <linux/init.h>
36#include <linux/skbuff.h>
37#include <linux/interrupt.h>
38#include <linux/notifier.h>
39#include <net/sock.h>
40
41#include <asm/system.h>
70f23020 42#include <linux/uaccess.h>
1da177e4
LT		 43#include <asm/unaligned.h>
44
45#include <net/bluetooth/bluetooth.h>
46#include <net/bluetooth/hci_core.h>
47
eb939922 48static bool enable_le;
e6100a25 49
1da177e4
LT		 50/* Handle HCI Event packets */
51
a9de9248 52static void hci_cc_inquiry_cancel(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 53{
a9de9248 54 __u8 status = *((__u8 *) skb->data);
1da177e4 55
a9de9248 56 BT_DBG("%s status 0x%x", hdev->name, status);
1da177e4 57
e6d465cb
AG		 58 if (status) {
59 hci_dev_lock(hdev);
60 mgmt_stop_discovery_failed(hdev, status);
61 hci_dev_unlock(hdev);
a9de9248 62 return;
e6d465cb 63 }
1da177e4 64
89352e7d
AG		 65 clear_bit(HCI_INQUIRY, &hdev->flags);
66
56e5cb86 67 hci_dev_lock(hdev);
ff9ef578 68 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
56e5cb86 69 hci_dev_unlock(hdev);
6bd57416 70
23bb5763 71 hci_req_complete(hdev, HCI_OP_INQUIRY_CANCEL, status);
a9de9248
MH		 72
73 hci_conn_check_pending(hdev);
74}
6bd57416 75
a9de9248
MH		 76static void hci_cc_exit_periodic_inq(struct hci_dev *hdev, struct sk_buff *skb)
77{
78 __u8 status = *((__u8 *) skb->data);
6bd57416 79
a9de9248 80 BT_DBG("%s status 0x%x", hdev->name, status);
6bd57416 81
a9de9248
MH		 82 if (status)
83 return;
1da177e4 84
a9de9248
MH		 85 hci_conn_check_pending(hdev);
86}
87
88static void hci_cc_remote_name_req_cancel(struct hci_dev *hdev, struct sk_buff *skb)
89{
90 BT_DBG("%s", hdev->name);
91}
92
93static void hci_cc_role_discovery(struct hci_dev *hdev, struct sk_buff *skb)
94{
95 struct hci_rp_role_discovery *rp = (void *) skb->data;
96 struct hci_conn *conn;
97
98 BT_DBG("%s status 0x%x", hdev->name, rp->status);
99
100 if (rp->status)
101 return;
102
103 hci_dev_lock(hdev);
104
105 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
106 if (conn) {
107 if (rp->role)
108 conn->link_mode &= ~HCI_LM_MASTER;
109 else
110 conn->link_mode |= HCI_LM_MASTER;
1da177e4 111 }
a9de9248
MH		 112
113 hci_dev_unlock(hdev);
1da177e4
LT		 114}
115
e4e8e37c
MH		 116static void hci_cc_read_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
117{
118 struct hci_rp_read_link_policy *rp = (void *) skb->data;
119 struct hci_conn *conn;
120
121 BT_DBG("%s status 0x%x", hdev->name, rp->status);
122
123 if (rp->status)
124 return;
125
126 hci_dev_lock(hdev);
127
128 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
129 if (conn)
130 conn->link_policy = __le16_to_cpu(rp->policy);
131
132 hci_dev_unlock(hdev);
133}
134
a9de9248 135static void hci_cc_write_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 136{
a9de9248 137 struct hci_rp_write_link_policy *rp = (void *) skb->data;
1da177e4 138 struct hci_conn *conn;
04837f64 139 void *sent;
1da177e4 140
a9de9248 141 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1da177e4 142
a9de9248
MH		 143 if (rp->status)
144 return;
1da177e4 145
a9de9248
MH		 146 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LINK_POLICY);
147 if (!sent)
148 return;
1da177e4 149
a9de9248 150 hci_dev_lock(hdev);
1da177e4 151
a9de9248 152 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
e4e8e37c 153 if (conn)
83985319 154 conn->link_policy = get_unaligned_le16(sent + 2);
1da177e4 155
a9de9248
MH		 156 hci_dev_unlock(hdev);
157}
1da177e4 158
e4e8e37c
MH		 159static void hci_cc_read_def_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
160{
161 struct hci_rp_read_def_link_policy *rp = (void *) skb->data;
162
163 BT_DBG("%s status 0x%x", hdev->name, rp->status);
164
165 if (rp->status)
166 return;
167
168 hdev->link_policy = __le16_to_cpu(rp->policy);
169}
170
171static void hci_cc_write_def_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
172{
173 __u8 status = *((__u8 *) skb->data);
174 void *sent;
175
176 BT_DBG("%s status 0x%x", hdev->name, status);
177
178 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_DEF_LINK_POLICY);
179 if (!sent)
180 return;
181
182 if (!status)
183 hdev->link_policy = get_unaligned_le16(sent);
184
23bb5763 185 hci_req_complete(hdev, HCI_OP_WRITE_DEF_LINK_POLICY, status);
e4e8e37c
MH		 186}
187
a9de9248
MH		 188static void hci_cc_reset(struct hci_dev *hdev, struct sk_buff *skb)
189{
190 __u8 status = *((__u8 *) skb->data);
04837f64 191
a9de9248 192 BT_DBG("%s status 0x%x", hdev->name, status);
04837f64 193
10572132
GP		 194 clear_bit(HCI_RESET, &hdev->flags);
195
23bb5763 196 hci_req_complete(hdev, HCI_OP_RESET, status);
d23264a8 197
7005ff17 198 /* Reset all flags, except persistent ones */
95947a39
HG		 199 hdev->dev_flags &= BIT(HCI_MGMT) | BIT(HCI_SETUP) | BIT(HCI_AUTO_OFF) |
200 BIT(HCI_LINK_KEYS) | BIT(HCI_DEBUG_KEYS);
a9de9248 201}
04837f64 202
a9de9248
MH		 203static void hci_cc_write_local_name(struct hci_dev *hdev, struct sk_buff *skb)
204{
205 __u8 status = *((__u8 *) skb->data);
206 void *sent;
04837f64 207
a9de9248 208 BT_DBG("%s status 0x%x", hdev->name, status);
04837f64 209
a9de9248
MH		 210 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LOCAL_NAME);
211 if (!sent)
212 return;
04837f64 213
56e5cb86
JH		 214 hci_dev_lock(hdev);
215
a8b2d5c2 216 if (test_bit(HCI_MGMT, &hdev->dev_flags))
744cf19e 217 mgmt_set_local_name_complete(hdev, sent, status);
b312b161 218
56e5cb86
JH		 219 if (status == 0)
220 memcpy(hdev->dev_name, sent, HCI_MAX_NAME_LENGTH);
b312b161 221
56e5cb86 222 hci_dev_unlock(hdev);
a9de9248
MH		 223}
224
225static void hci_cc_read_local_name(struct hci_dev *hdev, struct sk_buff *skb)
226{
227 struct hci_rp_read_local_name *rp = (void *) skb->data;
228
229 BT_DBG("%s status 0x%x", hdev->name, rp->status);
230
231 if (rp->status)
232 return;
233
1f6c6378 234 memcpy(hdev->dev_name, rp->name, HCI_MAX_NAME_LENGTH);
a9de9248
MH		 235}
236
237static void hci_cc_write_auth_enable(struct hci_dev *hdev, struct sk_buff *skb)
238{
239 __u8 status = *((__u8 *) skb->data);
240 void *sent;
241
242 BT_DBG("%s status 0x%x", hdev->name, status);
243
244 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_AUTH_ENABLE);
245 if (!sent)
246 return;
247
248 if (!status) {
249 __u8 param = *((__u8 *) sent);
250
251 if (param == AUTH_ENABLED)
252 set_bit(HCI_AUTH, &hdev->flags);
253 else
254 clear_bit(HCI_AUTH, &hdev->flags);
1da177e4 255 }
a9de9248 256
23bb5763 257 hci_req_complete(hdev, HCI_OP_WRITE_AUTH_ENABLE, status);
1da177e4
LT		 258}
259
a9de9248 260static void hci_cc_write_encrypt_mode(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 261{
a9de9248 262 __u8 status = *((__u8 *) skb->data);
1da177e4
LT		 263 void *sent;
264
a9de9248 265 BT_DBG("%s status 0x%x", hdev->name, status);
1da177e4 266
a9de9248
MH		 267 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_ENCRYPT_MODE);
268 if (!sent)
269 return;
1da177e4 270
a9de9248
MH		 271 if (!status) {
272 __u8 param = *((__u8 *) sent);
273
274 if (param)
275 set_bit(HCI_ENCRYPT, &hdev->flags);
276 else
277 clear_bit(HCI_ENCRYPT, &hdev->flags);
278 }
1da177e4 279
23bb5763 280 hci_req_complete(hdev, HCI_OP_WRITE_ENCRYPT_MODE, status);
a9de9248 281}
1da177e4 282
a9de9248
MH		 283static void hci_cc_write_scan_enable(struct hci_dev *hdev, struct sk_buff *skb)
284{
36f7fc7e
JH		 285 __u8 param, status = *((__u8 *) skb->data);
286 int old_pscan, old_iscan;
a9de9248 287 void *sent;
1da177e4 288
a9de9248 289 BT_DBG("%s status 0x%x", hdev->name, status);
1da177e4 290
a9de9248
MH		 291 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SCAN_ENABLE);
292 if (!sent)
293 return;
1da177e4 294
36f7fc7e
JH		 295 param = *((__u8 *) sent);
296
56e5cb86
JH		 297 hci_dev_lock(hdev);
298
2d7cee58 299 if (status != 0) {
744cf19e 300 mgmt_write_scan_failed(hdev, param, status);
2d7cee58
JH		 301 hdev->discov_timeout = 0;
302 goto done;
303 }
304
36f7fc7e
JH		 305 old_pscan = test_and_clear_bit(HCI_PSCAN, &hdev->flags);
306 old_iscan = test_and_clear_bit(HCI_ISCAN, &hdev->flags);
307
308 if (param & SCAN_INQUIRY) {
309 set_bit(HCI_ISCAN, &hdev->flags);
310 if (!old_iscan)
744cf19e 311 mgmt_discoverable(hdev, 1);
16ab91ab
JH		 312 if (hdev->discov_timeout > 0) {
313 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
314 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
315 to);
316 }
36f7fc7e 317 } else if (old_iscan)
744cf19e 318 mgmt_discoverable(hdev, 0);
36f7fc7e
JH		 319
320 if (param & SCAN_PAGE) {
321 set_bit(HCI_PSCAN, &hdev->flags);
322 if (!old_pscan)
744cf19e 323 mgmt_connectable(hdev, 1);
36f7fc7e 324 } else if (old_pscan)
744cf19e 325 mgmt_connectable(hdev, 0);
1da177e4 326
36f7fc7e 327done:
56e5cb86 328 hci_dev_unlock(hdev);
23bb5763 329 hci_req_complete(hdev, HCI_OP_WRITE_SCAN_ENABLE, status);
a9de9248 330}
1da177e4 331
a9de9248
MH		 332static void hci_cc_read_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
333{
334 struct hci_rp_read_class_of_dev *rp = (void *) skb->data;
1da177e4 335
a9de9248 336 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1da177e4 337
a9de9248
MH		 338 if (rp->status)
339 return;
1da177e4 340
a9de9248 341 memcpy(hdev->dev_class, rp->dev_class, 3);
1da177e4 342
a9de9248
MH		 343 BT_DBG("%s class 0x%.2x%.2x%.2x", hdev->name,
344 hdev->dev_class[2], hdev->dev_class[1], hdev->dev_class[0]);
345}
1da177e4 346
a9de9248
MH		 347static void hci_cc_write_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
348{
349 __u8 status = *((__u8 *) skb->data);
350 void *sent;
1da177e4 351
a9de9248 352 BT_DBG("%s status 0x%x", hdev->name, status);
1da177e4 353
f383f275
MH		 354 if (status)
355 return;
356
a9de9248
MH		 357 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_CLASS_OF_DEV);
358 if (!sent)
359 return;
1da177e4 360
f383f275 361 memcpy(hdev->dev_class, sent, 3);
a9de9248 362}
1da177e4 363
a9de9248
MH		 364static void hci_cc_read_voice_setting(struct hci_dev *hdev, struct sk_buff *skb)
365{
366 struct hci_rp_read_voice_setting *rp = (void *) skb->data;
367 __u16 setting;
368
369 BT_DBG("%s status 0x%x", hdev->name, rp->status);
370
371 if (rp->status)
372 return;
373
374 setting = __le16_to_cpu(rp->voice_setting);
375
f383f275 376 if (hdev->voice_setting == setting)
a9de9248
MH		 377 return;
378
379 hdev->voice_setting = setting;
380
381 BT_DBG("%s voice setting 0x%04x", hdev->name, setting);
382
3c54711c 383 if (hdev->notify)
a9de9248 384 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
a9de9248
MH		 385}
386
387static void hci_cc_write_voice_setting(struct hci_dev *hdev, struct sk_buff *skb)
388{
389 __u8 status = *((__u8 *) skb->data);
f383f275 390 __u16 setting;
a9de9248
MH		 391 void *sent;
392
393 BT_DBG("%s status 0x%x", hdev->name, status);
1da177e4 394
f383f275
MH		 395 if (status)
396 return;
397
a9de9248
MH		 398 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_VOICE_SETTING);
399 if (!sent)
400 return;
1da177e4 401
f383f275 402 setting = get_unaligned_le16(sent);
1da177e4 403
f383f275
MH		 404 if (hdev->voice_setting == setting)
405 return;
406
407 hdev->voice_setting = setting;
1da177e4 408
f383f275 409 BT_DBG("%s voice setting 0x%04x", hdev->name, setting);
1da177e4 410
3c54711c 411 if (hdev->notify)
f383f275 412 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
1da177e4
LT		 413}
414
a9de9248 415static void hci_cc_host_buffer_size(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 416{
a9de9248 417 __u8 status = *((__u8 *) skb->data);
1da177e4 418
a9de9248 419 BT_DBG("%s status 0x%x", hdev->name, status);
1da177e4 420
23bb5763 421 hci_req_complete(hdev, HCI_OP_HOST_BUFFER_SIZE, status);
a9de9248 422}
1143e5a6 423
333140b5
MH		 424static void hci_cc_read_ssp_mode(struct hci_dev *hdev, struct sk_buff *skb)
425{
426 struct hci_rp_read_ssp_mode *rp = (void *) skb->data;
427
428 BT_DBG("%s status 0x%x", hdev->name, rp->status);
429
430 if (rp->status)
431 return;
432
84bde9d6
JH		 433 if (rp->mode)
434 set_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
435 else
436 clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
333140b5
MH		 437}
438
439static void hci_cc_write_ssp_mode(struct hci_dev *hdev, struct sk_buff *skb)
440{
441 __u8 status = *((__u8 *) skb->data);
442 void *sent;
443
444 BT_DBG("%s status 0x%x", hdev->name, status);
445
446 if (status)
447 return;
448
449 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SSP_MODE);
450 if (!sent)
451 return;
452
84bde9d6
JH		 453 if (*((u8 *) sent))
454 set_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
455 else
456 clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
333140b5
MH		 457}
458
d5859e22
JH		 459static u8 hci_get_inquiry_mode(struct hci_dev *hdev)
460{
461 if (hdev->features[6] & LMP_EXT_INQ)
462 return 2;
463
464 if (hdev->features[3] & LMP_RSSI_INQ)
465 return 1;
466
467 if (hdev->manufacturer == 11 && hdev->hci_rev == 0x00 &&
468 hdev->lmp_subver == 0x0757)
469 return 1;
470
471 if (hdev->manufacturer == 15) {
472 if (hdev->hci_rev == 0x03 && hdev->lmp_subver == 0x6963)
473 return 1;
474 if (hdev->hci_rev == 0x09 && hdev->lmp_subver == 0x6963)
475 return 1;
476 if (hdev->hci_rev == 0x00 && hdev->lmp_subver == 0x6965)
477 return 1;
478 }
479
480 if (hdev->manufacturer == 31 && hdev->hci_rev == 0x2005 &&
481 hdev->lmp_subver == 0x1805)
482 return 1;
483
484 return 0;
485}
486
487static void hci_setup_inquiry_mode(struct hci_dev *hdev)
488{
489 u8 mode;
490
491 mode = hci_get_inquiry_mode(hdev);
492
493 hci_send_cmd(hdev, HCI_OP_WRITE_INQUIRY_MODE, 1, &mode);
494}
495
496static void hci_setup_event_mask(struct hci_dev *hdev)
497{
498 /* The second byte is 0xff instead of 0x9f (two reserved bits
499 * disabled) since a Broadcom 1.2 dongle doesn't respond to the
500 * command otherwise */
501 u8 events[8] = { 0xff, 0xff, 0xfb, 0xff, 0x00, 0x00, 0x00, 0x00 };
502
6de6c18d
VT		 503 /* CSR 1.1 dongles does not accept any bitfield so don't try to set
504 * any event mask for pre 1.2 devices */
5a13b095 505 if (hdev->hci_ver < BLUETOOTH_VER_1_2)
6de6c18d
VT		 506 return;
507
508 events[4] |= 0x01; /* Flow Specification Complete */
509 events[4] |= 0x02; /* Inquiry Result with RSSI */
510 events[4] |= 0x04; /* Read Remote Extended Features Complete */
511 events[5] |= 0x08; /* Synchronous Connection Complete */
512 events[5] |= 0x10; /* Synchronous Connection Changed */
d5859e22
JH		 513
514 if (hdev->features[3] & LMP_RSSI_INQ)
515 events[4] |= 0x04; /* Inquiry Result with RSSI */
516
517 if (hdev->features[5] & LMP_SNIFF_SUBR)
518 events[5] |= 0x20; /* Sniff Subrating */
519
520 if (hdev->features[5] & LMP_PAUSE_ENC)
521 events[5] |= 0x80; /* Encryption Key Refresh Complete */
522
523 if (hdev->features[6] & LMP_EXT_INQ)
524 events[5] |= 0x40; /* Extended Inquiry Result */
525
526 if (hdev->features[6] & LMP_NO_FLUSH)
527 events[7] |= 0x01; /* Enhanced Flush Complete */
528
529 if (hdev->features[7] & LMP_LSTO)
530 events[6] |= 0x80; /* Link Supervision Timeout Changed */
531
532 if (hdev->features[6] & LMP_SIMPLE_PAIR) {
533 events[6] |= 0x01; /* IO Capability Request */
534 events[6] |= 0x02; /* IO Capability Response */
535 events[6] |= 0x04; /* User Confirmation Request */
536 events[6] |= 0x08; /* User Passkey Request */
537 events[6] |= 0x10; /* Remote OOB Data Request */
538 events[6] |= 0x20; /* Simple Pairing Complete */
539 events[7] |= 0x04; /* User Passkey Notification */
540 events[7] |= 0x08; /* Keypress Notification */
541 events[7] |= 0x10; /* Remote Host Supported
542 * Features Notification */
543 }
544
545 if (hdev->features[4] & LMP_LE)
546 events[7] |= 0x20; /* LE Meta-Event */
547
548 hci_send_cmd(hdev, HCI_OP_SET_EVENT_MASK, sizeof(events), events);
549}
550
e6100a25
AG		 551static void hci_set_le_support(struct hci_dev *hdev)
552{
553 struct hci_cp_write_le_host_supported cp;
554
555 memset(&cp, 0, sizeof(cp));
556
557 if (enable_le) {
558 cp.le = 1;
559 cp.simul = !!(hdev->features[6] & LMP_SIMUL_LE_BR);
560 }
561
562 hci_send_cmd(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(cp), &cp);
563}
564
d5859e22
JH		 565static void hci_setup(struct hci_dev *hdev)
566{
e61ef499
AE		 567 if (hdev->dev_type != HCI_BREDR)
568 return;
569
d5859e22
JH		 570 hci_setup_event_mask(hdev);
571
d095c1eb 572 if (hdev->hci_ver > BLUETOOTH_VER_1_1)
d5859e22
JH		 573 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_COMMANDS, 0, NULL);
574
575 if (hdev->features[6] & LMP_SIMPLE_PAIR) {
576 u8 mode = 0x01;
577 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, sizeof(mode), &mode);
578 }
579
580 if (hdev->features[3] & LMP_RSSI_INQ)
581 hci_setup_inquiry_mode(hdev);
582
583 if (hdev->features[7] & LMP_INQ_TX_PWR)
584 hci_send_cmd(hdev, HCI_OP_READ_INQ_RSP_TX_POWER, 0, NULL);
971e3a4b
AG		 585
586 if (hdev->features[7] & LMP_EXTFEATURES) {
587 struct hci_cp_read_local_ext_features cp;
588
589 cp.page = 0x01;
590 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_EXT_FEATURES,
591 sizeof(cp), &cp);
592 }
e6100a25
AG		 593
594 if (hdev->features[4] & LMP_LE)
595 hci_set_le_support(hdev);
d5859e22
JH		 596}
597
a9de9248
MH		 598static void hci_cc_read_local_version(struct hci_dev *hdev, struct sk_buff *skb)
599{
600 struct hci_rp_read_local_version *rp = (void *) skb->data;
1143e5a6 601
a9de9248 602 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1143e5a6 603
a9de9248
MH		 604 if (rp->status)
605 return;
1143e5a6 606
a9de9248 607 hdev->hci_ver = rp->hci_ver;
e4e8e37c 608 hdev->hci_rev = __le16_to_cpu(rp->hci_rev);
d5859e22 609 hdev->lmp_ver = rp->lmp_ver;
e4e8e37c 610 hdev->manufacturer = __le16_to_cpu(rp->manufacturer);
d5859e22 611 hdev->lmp_subver = __le16_to_cpu(rp->lmp_subver);
1143e5a6 612
a9de9248
MH		 613 BT_DBG("%s manufacturer %d hci ver %d:%d", hdev->name,
614 hdev->manufacturer,
615 hdev->hci_ver, hdev->hci_rev);
d5859e22
JH		 616
617 if (test_bit(HCI_INIT, &hdev->flags))
618 hci_setup(hdev);
619}
620
621static void hci_setup_link_policy(struct hci_dev *hdev)
622{
623 u16 link_policy = 0;
624
625 if (hdev->features[0] & LMP_RSWITCH)
626 link_policy |= HCI_LP_RSWITCH;
627 if (hdev->features[0] & LMP_HOLD)
628 link_policy |= HCI_LP_HOLD;
629 if (hdev->features[0] & LMP_SNIFF)
630 link_policy |= HCI_LP_SNIFF;
631 if (hdev->features[1] & LMP_PARK)
632 link_policy |= HCI_LP_PARK;
633
634 link_policy = cpu_to_le16(link_policy);
635 hci_send_cmd(hdev, HCI_OP_WRITE_DEF_LINK_POLICY,
636 sizeof(link_policy), &link_policy);
a9de9248 637}
1da177e4 638
a9de9248
MH		 639static void hci_cc_read_local_commands(struct hci_dev *hdev, struct sk_buff *skb)
640{
641 struct hci_rp_read_local_commands *rp = (void *) skb->data;
1da177e4 642
a9de9248 643 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1da177e4 644
a9de9248 645 if (rp->status)
d5859e22 646 goto done;
1da177e4 647
a9de9248 648 memcpy(hdev->commands, rp->commands, sizeof(hdev->commands));
d5859e22
JH		 649
650 if (test_bit(HCI_INIT, &hdev->flags) && (hdev->commands[5] & 0x10))
651 hci_setup_link_policy(hdev);
652
653done:
654 hci_req_complete(hdev, HCI_OP_READ_LOCAL_COMMANDS, rp->status);
a9de9248 655}
1da177e4 656
a9de9248
MH		 657static void hci_cc_read_local_features(struct hci_dev *hdev, struct sk_buff *skb)
658{
659 struct hci_rp_read_local_features *rp = (void *) skb->data;
5b7f9909 660
a9de9248 661 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1da177e4 662
a9de9248
MH		 663 if (rp->status)
664 return;
5b7f9909 665
a9de9248 666 memcpy(hdev->features, rp->features, 8);
5b7f9909 667
a9de9248
MH		 668 /* Adjust default settings according to features
669 * supported by device. */
1da177e4 670
a9de9248
MH		 671 if (hdev->features[0] & LMP_3SLOT)
672 hdev->pkt_type |= (HCI_DM3 | HCI_DH3);
1da177e4 673
a9de9248
MH		 674 if (hdev->features[0] & LMP_5SLOT)
675 hdev->pkt_type |= (HCI_DM5 | HCI_DH5);
1da177e4 676
a9de9248
MH		 677 if (hdev->features[1] & LMP_HV2) {
678 hdev->pkt_type |= (HCI_HV2);
679 hdev->esco_type |= (ESCO_HV2);
680 }
1da177e4 681
a9de9248
MH		 682 if (hdev->features[1] & LMP_HV3) {
683 hdev->pkt_type |= (HCI_HV3);
684 hdev->esco_type |= (ESCO_HV3);
685 }
1da177e4 686
a9de9248
MH		 687 if (hdev->features[3] & LMP_ESCO)
688 hdev->esco_type |= (ESCO_EV3);
da1f5198 689
a9de9248
MH		 690 if (hdev->features[4] & LMP_EV4)
691 hdev->esco_type |= (ESCO_EV4);
da1f5198 692
a9de9248
MH		 693 if (hdev->features[4] & LMP_EV5)
694 hdev->esco_type |= (ESCO_EV5);
1da177e4 695
efc7688b
MH		 696 if (hdev->features[5] & LMP_EDR_ESCO_2M)
697 hdev->esco_type |= (ESCO_2EV3);
698
699 if (hdev->features[5] & LMP_EDR_ESCO_3M)
700 hdev->esco_type |= (ESCO_3EV3);
701
702 if (hdev->features[5] & LMP_EDR_3S_ESCO)
703 hdev->esco_type |= (ESCO_2EV5 | ESCO_3EV5);
704
a9de9248
MH		 705 BT_DBG("%s features 0x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x", hdev->name,
706 hdev->features[0], hdev->features[1],
707 hdev->features[2], hdev->features[3],
708 hdev->features[4], hdev->features[5],
709 hdev->features[6], hdev->features[7]);
710}
1da177e4 711
971e3a4b
AG		 712static void hci_cc_read_local_ext_features(struct hci_dev *hdev,
713 struct sk_buff *skb)
714{
715 struct hci_rp_read_local_ext_features *rp = (void *) skb->data;
716
717 BT_DBG("%s status 0x%x", hdev->name, rp->status);
718
719 if (rp->status)
720 return;
721
b5b32b65
AG		 722 switch (rp->page) {
723 case 0:
724 memcpy(hdev->features, rp->features, 8);
725 break;
726 case 1:
727 memcpy(hdev->host_features, rp->features, 8);
728 break;
729 }
971e3a4b
AG		 730
731 hci_req_complete(hdev, HCI_OP_READ_LOCAL_EXT_FEATURES, rp->status);
732}
733
1e89cffb
AE		 734static void hci_cc_read_flow_control_mode(struct hci_dev *hdev,
735 struct sk_buff *skb)
736{
737 struct hci_rp_read_flow_control_mode *rp = (void *) skb->data;
738
739 BT_DBG("%s status 0x%x", hdev->name, rp->status);
740
741 if (rp->status)
742 return;
743
744 hdev->flow_ctl_mode = rp->mode;
745
746 hci_req_complete(hdev, HCI_OP_READ_FLOW_CONTROL_MODE, rp->status);
747}
748
a9de9248
MH		 749static void hci_cc_read_buffer_size(struct hci_dev *hdev, struct sk_buff *skb)
750{
751 struct hci_rp_read_buffer_size *rp = (void *) skb->data;
1da177e4 752
a9de9248 753 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1da177e4 754
a9de9248
MH		 755 if (rp->status)
756 return;
1da177e4 757
a9de9248
MH		 758 hdev->acl_mtu = __le16_to_cpu(rp->acl_mtu);
759 hdev->sco_mtu = rp->sco_mtu;
760 hdev->acl_pkts = __le16_to_cpu(rp->acl_max_pkt);
761 hdev->sco_pkts = __le16_to_cpu(rp->sco_max_pkt);
762
763 if (test_bit(HCI_QUIRK_FIXUP_BUFFER_SIZE, &hdev->quirks)) {
764 hdev->sco_mtu = 64;
765 hdev->sco_pkts = 8;
1da177e4 766 }
a9de9248
MH		 767
768 hdev->acl_cnt = hdev->acl_pkts;
769 hdev->sco_cnt = hdev->sco_pkts;
770
771 BT_DBG("%s acl mtu %d:%d sco mtu %d:%d", hdev->name,
772 hdev->acl_mtu, hdev->acl_pkts,
773 hdev->sco_mtu, hdev->sco_pkts);
774}
775
776static void hci_cc_read_bd_addr(struct hci_dev *hdev, struct sk_buff *skb)
777{
778 struct hci_rp_read_bd_addr *rp = (void *) skb->data;
779
780 BT_DBG("%s status 0x%x", hdev->name, rp->status);
781
782 if (!rp->status)
783 bacpy(&hdev->bdaddr, &rp->bdaddr);
784
23bb5763
JH		 785 hci_req_complete(hdev, HCI_OP_READ_BD_ADDR, rp->status);
786}
787
350ee4cf
AE		 788static void hci_cc_read_data_block_size(struct hci_dev *hdev,
789 struct sk_buff *skb)
790{
791 struct hci_rp_read_data_block_size *rp = (void *) skb->data;
792
793 BT_DBG("%s status 0x%x", hdev->name, rp->status);
794
795 if (rp->status)
796 return;
797
798 hdev->block_mtu = __le16_to_cpu(rp->max_acl_len);
799 hdev->block_len = __le16_to_cpu(rp->block_len);
800 hdev->num_blocks = __le16_to_cpu(rp->num_blocks);
801
802 hdev->block_cnt = hdev->num_blocks;
803
804 BT_DBG("%s blk mtu %d cnt %d len %d", hdev->name, hdev->block_mtu,
805 hdev->block_cnt, hdev->block_len);
806
807 hci_req_complete(hdev, HCI_OP_READ_DATA_BLOCK_SIZE, rp->status);
808}
809
23bb5763
JH		 810static void hci_cc_write_ca_timeout(struct hci_dev *hdev, struct sk_buff *skb)
811{
812 __u8 status = *((__u8 *) skb->data);
813
814 BT_DBG("%s status 0x%x", hdev->name, status);
815
816 hci_req_complete(hdev, HCI_OP_WRITE_CA_TIMEOUT, status);
a9de9248
MH		 817}
818
928abaa7
AE		 819static void hci_cc_read_local_amp_info(struct hci_dev *hdev,
820 struct sk_buff *skb)
821{
822 struct hci_rp_read_local_amp_info *rp = (void *) skb->data;
823
824 BT_DBG("%s status 0x%x", hdev->name, rp->status);
825
826 if (rp->status)
827 return;
828
829 hdev->amp_status = rp->amp_status;
830 hdev->amp_total_bw = __le32_to_cpu(rp->total_bw);
831 hdev->amp_max_bw = __le32_to_cpu(rp->max_bw);
832 hdev->amp_min_latency = __le32_to_cpu(rp->min_latency);
833 hdev->amp_max_pdu = __le32_to_cpu(rp->max_pdu);
834 hdev->amp_type = rp->amp_type;
835 hdev->amp_pal_cap = __le16_to_cpu(rp->pal_cap);
836 hdev->amp_assoc_size = __le16_to_cpu(rp->max_assoc_size);
837 hdev->amp_be_flush_to = __le32_to_cpu(rp->be_flush_to);
838 hdev->amp_max_flush_to = __le32_to_cpu(rp->max_flush_to);
839
840 hci_req_complete(hdev, HCI_OP_READ_LOCAL_AMP_INFO, rp->status);
841}
842
b0916ea0
JH		 843static void hci_cc_delete_stored_link_key(struct hci_dev *hdev,
844 struct sk_buff *skb)
845{
846 __u8 status = *((__u8 *) skb->data);
847
848 BT_DBG("%s status 0x%x", hdev->name, status);
849
850 hci_req_complete(hdev, HCI_OP_DELETE_STORED_LINK_KEY, status);
851}
852
d5859e22
JH		 853static void hci_cc_set_event_mask(struct hci_dev *hdev, struct sk_buff *skb)
854{
855 __u8 status = *((__u8 *) skb->data);
856
857 BT_DBG("%s status 0x%x", hdev->name, status);
858
859 hci_req_complete(hdev, HCI_OP_SET_EVENT_MASK, status);
860}
861
862static void hci_cc_write_inquiry_mode(struct hci_dev *hdev,
863 struct sk_buff *skb)
864{
865 __u8 status = *((__u8 *) skb->data);
866
867 BT_DBG("%s status 0x%x", hdev->name, status);
868
869 hci_req_complete(hdev, HCI_OP_WRITE_INQUIRY_MODE, status);
870}
871
872static void hci_cc_read_inq_rsp_tx_power(struct hci_dev *hdev,
873 struct sk_buff *skb)
874{
875 __u8 status = *((__u8 *) skb->data);
876
877 BT_DBG("%s status 0x%x", hdev->name, status);
878
879 hci_req_complete(hdev, HCI_OP_READ_INQ_RSP_TX_POWER, status);
880}
881
882static void hci_cc_set_event_flt(struct hci_dev *hdev, struct sk_buff *skb)
883{
884 __u8 status = *((__u8 *) skb->data);
885
886 BT_DBG("%s status 0x%x", hdev->name, status);
887
888 hci_req_complete(hdev, HCI_OP_SET_EVENT_FLT, status);
889}
890
980e1a53
JH		 891static void hci_cc_pin_code_reply(struct hci_dev *hdev, struct sk_buff *skb)
892{
893 struct hci_rp_pin_code_reply *rp = (void *) skb->data;
894 struct hci_cp_pin_code_reply *cp;
895 struct hci_conn *conn;
896
897 BT_DBG("%s status 0x%x", hdev->name, rp->status);
898
56e5cb86
JH		 899 hci_dev_lock(hdev);
900
a8b2d5c2 901 if (test_bit(HCI_MGMT, &hdev->dev_flags))
744cf19e 902 mgmt_pin_code_reply_complete(hdev, &rp->bdaddr, rp->status);
980e1a53
JH		 903
904 if (rp->status != 0)
56e5cb86 905 goto unlock;
980e1a53
JH		 906
907 cp = hci_sent_cmd_data(hdev, HCI_OP_PIN_CODE_REPLY);
908 if (!cp)
56e5cb86 909 goto unlock;
980e1a53
JH		 910
911 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
912 if (conn)
913 conn->pin_length = cp->pin_len;
56e5cb86
JH		 914
915unlock:
916 hci_dev_unlock(hdev);
980e1a53
JH		 917}
918
919static void hci_cc_pin_code_neg_reply(struct hci_dev *hdev, struct sk_buff *skb)
920{
921 struct hci_rp_pin_code_neg_reply *rp = (void *) skb->data;
922
923 BT_DBG("%s status 0x%x", hdev->name, rp->status);
924
56e5cb86
JH		 925 hci_dev_lock(hdev);
926
a8b2d5c2 927 if (test_bit(HCI_MGMT, &hdev->dev_flags))
744cf19e 928 mgmt_pin_code_neg_reply_complete(hdev, &rp->bdaddr,
980e1a53 929 rp->status);
56e5cb86
JH		 930
931 hci_dev_unlock(hdev);
980e1a53 932}
56e5cb86 933
6ed58ec5
VT		 934static void hci_cc_le_read_buffer_size(struct hci_dev *hdev,
935 struct sk_buff *skb)
936{
937 struct hci_rp_le_read_buffer_size *rp = (void *) skb->data;
938
939 BT_DBG("%s status 0x%x", hdev->name, rp->status);
940
941 if (rp->status)
942 return;
943
944 hdev->le_mtu = __le16_to_cpu(rp->le_mtu);
945 hdev->le_pkts = rp->le_max_pkt;
946
947 hdev->le_cnt = hdev->le_pkts;
948
949 BT_DBG("%s le mtu %d:%d", hdev->name, hdev->le_mtu, hdev->le_pkts);
950
951 hci_req_complete(hdev, HCI_OP_LE_READ_BUFFER_SIZE, rp->status);
952}
980e1a53 953
a5c29683
JH		 954static void hci_cc_user_confirm_reply(struct hci_dev *hdev, struct sk_buff *skb)
955{
956 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
957
958 BT_DBG("%s status 0x%x", hdev->name, rp->status);
959
56e5cb86
JH		 960 hci_dev_lock(hdev);
961
a8b2d5c2 962 if (test_bit(HCI_MGMT, &hdev->dev_flags))
744cf19e 963 mgmt_user_confirm_reply_complete(hdev, &rp->bdaddr,
a5c29683 964 rp->status);
56e5cb86
JH		 965
966 hci_dev_unlock(hdev);
a5c29683
JH		 967}
968
969static void hci_cc_user_confirm_neg_reply(struct hci_dev *hdev,
970 struct sk_buff *skb)
971{
972 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
973
974 BT_DBG("%s status 0x%x", hdev->name, rp->status);
975
56e5cb86
JH		 976 hci_dev_lock(hdev);
977
a8b2d5c2 978 if (test_bit(HCI_MGMT, &hdev->dev_flags))
744cf19e 979 mgmt_user_confirm_neg_reply_complete(hdev, &rp->bdaddr,
a5c29683 980 rp->status);
56e5cb86
JH		 981
982 hci_dev_unlock(hdev);
a5c29683
JH		 983}
984
1143d458
BG		 985static void hci_cc_user_passkey_reply(struct hci_dev *hdev, struct sk_buff *skb)
986{
987 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
988
989 BT_DBG("%s status 0x%x", hdev->name, rp->status);
990
991 hci_dev_lock(hdev);
992
a8b2d5c2 993 if (test_bit(HCI_MGMT, &hdev->dev_flags))
1143d458
BG		 994 mgmt_user_passkey_reply_complete(hdev, &rp->bdaddr,
995 rp->status);
996
997 hci_dev_unlock(hdev);
998}
999
1000static void hci_cc_user_passkey_neg_reply(struct hci_dev *hdev,
1001 struct sk_buff *skb)
1002{
1003 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
1004
1005 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1006
1007 hci_dev_lock(hdev);
1008
a8b2d5c2 1009 if (test_bit(HCI_MGMT, &hdev->dev_flags))
1143d458
BG		 1010 mgmt_user_passkey_neg_reply_complete(hdev, &rp->bdaddr,
1011 rp->status);
1012
1013 hci_dev_unlock(hdev);
1014}
1015
c35938b2
SJ		 1016static void hci_cc_read_local_oob_data_reply(struct hci_dev *hdev,
1017 struct sk_buff *skb)
1018{
1019 struct hci_rp_read_local_oob_data *rp = (void *) skb->data;
1020
1021 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1022
56e5cb86 1023 hci_dev_lock(hdev);
744cf19e 1024 mgmt_read_local_oob_data_reply_complete(hdev, rp->hash,
c35938b2 1025 rp->randomizer, rp->status);
56e5cb86 1026 hci_dev_unlock(hdev);
c35938b2
SJ		 1027}
1028
07f7fa5d
AG		 1029static void hci_cc_le_set_scan_param(struct hci_dev *hdev, struct sk_buff *skb)
1030{
1031 __u8 status = *((__u8 *) skb->data);
1032
1033 BT_DBG("%s status 0x%x", hdev->name, status);
7ba8b4be
AG		 1034
1035 hci_req_complete(hdev, HCI_OP_LE_SET_SCAN_PARAM, status);
3fd24153
AG		 1036
1037 if (status) {
1038 hci_dev_lock(hdev);
1039 mgmt_start_discovery_failed(hdev, status);
1040 hci_dev_unlock(hdev);
1041 return;
1042 }
07f7fa5d
AG		 1043}
1044
eb9d91f5
AG		 1045static void hci_cc_le_set_scan_enable(struct hci_dev *hdev,
1046 struct sk_buff *skb)
1047{
1048 struct hci_cp_le_set_scan_enable *cp;
1049 __u8 status = *((__u8 *) skb->data);
1050
1051 BT_DBG("%s status 0x%x", hdev->name, status);
1052
eb9d91f5
AG		 1053 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_SCAN_ENABLE);
1054 if (!cp)
1055 return;
1056
68a8aea4
AE		 1057 switch (cp->enable) {
1058 case LE_SCANNING_ENABLED:
7ba8b4be
AG		 1059 hci_req_complete(hdev, HCI_OP_LE_SET_SCAN_ENABLE, status);
1060
3fd24153
AG		 1061 if (status) {
1062 hci_dev_lock(hdev);
1063 mgmt_start_discovery_failed(hdev, status);
1064 hci_dev_unlock(hdev);
7ba8b4be 1065 return;
3fd24153 1066 }
7ba8b4be 1067
d23264a8
AG		 1068 set_bit(HCI_LE_SCAN, &hdev->dev_flags);
1069
db323f2f 1070 cancel_delayed_work_sync(&hdev->adv_work);
a8f13c8c
AG		 1071
1072 hci_dev_lock(hdev);
eb9d91f5 1073 hci_adv_entries_clear(hdev);
c599008f 1074 hci_discovery_set_state(hdev, DISCOVERY_LE_SCAN);
a8f13c8c 1075 hci_dev_unlock(hdev);
68a8aea4
AE		 1076 break;
1077
1078 case LE_SCANNING_DISABLED:
7ba8b4be
AG		 1079 if (status)
1080 return;
1081
d23264a8
AG		 1082 clear_bit(HCI_LE_SCAN, &hdev->dev_flags);
1083
c599008f
AG		 1084 hci_dev_lock(hdev);
1085 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1086 hci_dev_unlock(hdev);
1087
d084329e 1088 schedule_delayed_work(&hdev->adv_work, ADV_CLEAR_TIMEOUT);
68a8aea4
AE		 1089 break;
1090
1091 default:
1092 BT_ERR("Used reserved LE_Scan_Enable param %d", cp->enable);
1093 break;
35815085 1094 }
eb9d91f5
AG		 1095}
1096
a7a595f6
VCG		 1097static void hci_cc_le_ltk_reply(struct hci_dev *hdev, struct sk_buff *skb)
1098{
1099 struct hci_rp_le_ltk_reply *rp = (void *) skb->data;
1100
1101 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1102
1103 if (rp->status)
1104 return;
1105
1106 hci_req_complete(hdev, HCI_OP_LE_LTK_REPLY, rp->status);
1107}
1108
1109static void hci_cc_le_ltk_neg_reply(struct hci_dev *hdev, struct sk_buff *skb)
1110{
1111 struct hci_rp_le_ltk_neg_reply *rp = (void *) skb->data;
1112
1113 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1114
1115 if (rp->status)
1116 return;
1117
1118 hci_req_complete(hdev, HCI_OP_LE_LTK_NEG_REPLY, rp->status);
1119}
1120
f9b49306
AG		 1121static inline void hci_cc_write_le_host_supported(struct hci_dev *hdev,
1122 struct sk_buff *skb)
1123{
1124 struct hci_cp_read_local_ext_features cp;
1125 __u8 status = *((__u8 *) skb->data);
1126
1127 BT_DBG("%s status 0x%x", hdev->name, status);
1128
1129 if (status)
1130 return;
1131
1132 cp.page = 0x01;
1133 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_EXT_FEATURES, sizeof(cp), &cp);
1134}
1135
a9de9248
MH		 1136static inline void hci_cs_inquiry(struct hci_dev *hdev, __u8 status)
1137{
1138 BT_DBG("%s status 0x%x", hdev->name, status);
1139
1140 if (status) {
23bb5763 1141 hci_req_complete(hdev, HCI_OP_INQUIRY, status);
a9de9248 1142 hci_conn_check_pending(hdev);
56e5cb86 1143 hci_dev_lock(hdev);
a8b2d5c2 1144 if (test_bit(HCI_MGMT, &hdev->dev_flags))
7a135109 1145 mgmt_start_discovery_failed(hdev, status);
56e5cb86 1146 hci_dev_unlock(hdev);
314b2381
JH		 1147 return;
1148 }
1149
89352e7d
AG		 1150 set_bit(HCI_INQUIRY, &hdev->flags);
1151
56e5cb86 1152 hci_dev_lock(hdev);
30dc78e1 1153 hci_discovery_set_state(hdev, DISCOVERY_INQUIRY);
56e5cb86 1154 hci_dev_unlock(hdev);
1da177e4
LT		 1155}
1156
1da177e4
LT		 1157static inline void hci_cs_create_conn(struct hci_dev *hdev, __u8 status)
1158{
a9de9248 1159 struct hci_cp_create_conn *cp;
1da177e4 1160 struct hci_conn *conn;
1da177e4 1161
a9de9248
MH		 1162 BT_DBG("%s status 0x%x", hdev->name, status);
1163
1164 cp = hci_sent_cmd_data(hdev, HCI_OP_CREATE_CONN);
1da177e4
LT		 1165 if (!cp)
1166 return;
1167
1168 hci_dev_lock(hdev);
1169
1170 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1171
a9de9248 1172 BT_DBG("%s bdaddr %s conn %p", hdev->name, batostr(&cp->bdaddr), conn);
1da177e4
LT		 1173
1174 if (status) {
1175 if (conn && conn->state == BT_CONNECT) {
4c67bc74
MH		 1176 if (status != 0x0c || conn->attempt > 2) {
1177 conn->state = BT_CLOSED;
1178 hci_proto_connect_cfm(conn, status);
1179 hci_conn_del(conn);
1180 } else
1181 conn->state = BT_CONNECT2;
1da177e4
LT		 1182 }
1183 } else {
1184 if (!conn) {
1185 conn = hci_conn_add(hdev, ACL_LINK, &cp->bdaddr);
1186 if (conn) {
a0c808b3 1187 conn->out = true;
1da177e4
LT		 1188 conn->link_mode |= HCI_LM_MASTER;
1189 } else
893ef971 1190 BT_ERR("No memory for new connection");
1da177e4
LT		 1191 }
1192 }
1193
1194 hci_dev_unlock(hdev);
1195}
1196
a9de9248 1197static void hci_cs_add_sco(struct hci_dev *hdev, __u8 status)
1da177e4 1198{
a9de9248
MH		 1199 struct hci_cp_add_sco *cp;
1200 struct hci_conn *acl, *sco;
1201 __u16 handle;
1da177e4 1202
b6a0dc82
MH		 1203 BT_DBG("%s status 0x%x", hdev->name, status);
1204
a9de9248
MH		 1205 if (!status)
1206 return;
1da177e4 1207
a9de9248
MH		 1208 cp = hci_sent_cmd_data(hdev, HCI_OP_ADD_SCO);
1209 if (!cp)
1210 return;
1da177e4 1211
a9de9248 1212 handle = __le16_to_cpu(cp->handle);
1da177e4 1213
a9de9248 1214 BT_DBG("%s handle %d", hdev->name, handle);
1da177e4 1215
a9de9248 1216 hci_dev_lock(hdev);
1da177e4 1217
a9de9248 1218 acl = hci_conn_hash_lookup_handle(hdev, handle);
5a08ecce
AE		 1219 if (acl) {
1220 sco = acl->link;
1221 if (sco) {
1222 sco->state = BT_CLOSED;
1da177e4 1223
5a08ecce
AE		 1224 hci_proto_connect_cfm(sco, status);
1225 hci_conn_del(sco);
1226 }
a9de9248 1227 }
1da177e4 1228
a9de9248
MH		 1229 hci_dev_unlock(hdev);
1230}
1da177e4 1231
f8558555
MH		 1232static void hci_cs_auth_requested(struct hci_dev *hdev, __u8 status)
1233{
1234 struct hci_cp_auth_requested *cp;
1235 struct hci_conn *conn;
1236
1237 BT_DBG("%s status 0x%x", hdev->name, status);
1238
1239 if (!status)
1240 return;
1241
1242 cp = hci_sent_cmd_data(hdev, HCI_OP_AUTH_REQUESTED);
1243 if (!cp)
1244 return;
1245
1246 hci_dev_lock(hdev);
1247
1248 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1249 if (conn) {
1250 if (conn->state == BT_CONFIG) {
1251 hci_proto_connect_cfm(conn, status);
1252 hci_conn_put(conn);
1253 }
1254 }
1255
1256 hci_dev_unlock(hdev);
1257}
1258
1259static void hci_cs_set_conn_encrypt(struct hci_dev *hdev, __u8 status)
1260{
1261 struct hci_cp_set_conn_encrypt *cp;
1262 struct hci_conn *conn;
1263
1264 BT_DBG("%s status 0x%x", hdev->name, status);
1265
1266 if (!status)
1267 return;
1268
1269 cp = hci_sent_cmd_data(hdev, HCI_OP_SET_CONN_ENCRYPT);
1270 if (!cp)
1271 return;
1272
1273 hci_dev_lock(hdev);
1274
1275 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1276 if (conn) {
1277 if (conn->state == BT_CONFIG) {
1278 hci_proto_connect_cfm(conn, status);
1279 hci_conn_put(conn);
1280 }
1281 }
1282
1283 hci_dev_unlock(hdev);
1284}
1285
127178d2 1286static int hci_outgoing_auth_needed(struct hci_dev *hdev,
138d22ef 1287 struct hci_conn *conn)
392599b9 1288{
392599b9
JH		 1289 if (conn->state != BT_CONFIG || !conn->out)
1290 return 0;
1291
765c2a96 1292 if (conn->pending_sec_level == BT_SECURITY_SDP)
392599b9
JH		 1293 return 0;
1294
1295 /* Only request authentication for SSP connections or non-SSP
e9bf2bf0 1296 * devices with sec_level HIGH or if MITM protection is requested */
aa64a8b5 1297 if (!hci_conn_ssp_enabled(conn) &&
e9bf2bf0
VCG		 1298 conn->pending_sec_level != BT_SECURITY_HIGH &&
1299 !(conn->auth_type & 0x01))
392599b9
JH		 1300 return 0;
1301
392599b9
JH		 1302 return 1;
1303}
1304
30dc78e1
JH		 1305static inline int hci_resolve_name(struct hci_dev *hdev, struct inquiry_entry *e)
1306{
1307 struct hci_cp_remote_name_req cp;
1308
1309 memset(&cp, 0, sizeof(cp));
1310
1311 bacpy(&cp.bdaddr, &e->data.bdaddr);
1312 cp.pscan_rep_mode = e->data.pscan_rep_mode;
1313 cp.pscan_mode = e->data.pscan_mode;
1314 cp.clock_offset = e->data.clock_offset;
1315
1316 return hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
1317}
1318
b644ba33 1319static bool hci_resolve_next_name(struct hci_dev *hdev)
30dc78e1
JH		 1320{
1321 struct discovery_state *discov = &hdev->discovery;
1322 struct inquiry_entry *e;
1323
b644ba33
JH		 1324 if (list_empty(&discov->resolve))
1325 return false;
1326
1327 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_NEEDED);
1328 if (hci_resolve_name(hdev, e) == 0) {
1329 e->name_state = NAME_PENDING;
1330 return true;
1331 }
1332
1333 return false;
1334}
1335
1336static void hci_check_pending_name(struct hci_dev *hdev, struct hci_conn *conn,
1337 bdaddr_t *bdaddr, u8 *name, u8 name_len)
1338{
1339 struct discovery_state *discov = &hdev->discovery;
1340 struct inquiry_entry *e;
1341
1342 if (conn && !test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
1343 mgmt_device_connected(hdev, bdaddr, ACL_LINK, 0x00,
1344 name, name_len, conn->dev_class);
1345
1346 if (discov->state == DISCOVERY_STOPPED)
1347 return;
1348
30dc78e1
JH		 1349 if (discov->state == DISCOVERY_STOPPING)
1350 goto discov_complete;
1351
1352 if (discov->state != DISCOVERY_RESOLVING)
1353 return;
1354
1355 e = hci_inquiry_cache_lookup_resolve(hdev, bdaddr, NAME_PENDING);
1356 if (e) {
1357 e->name_state = NAME_KNOWN;
1358 list_del(&e->list);
b644ba33
JH		 1359 if (name)
1360 mgmt_remote_name(hdev, bdaddr, ACL_LINK, 0x00,
1361 e->data.rssi, name, name_len);
30dc78e1
JH		 1362 }
1363
b644ba33 1364 if (hci_resolve_next_name(hdev))
30dc78e1 1365 return;
30dc78e1
JH		 1366
1367discov_complete:
1368 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1369}
1370
a9de9248
MH		 1371static void hci_cs_remote_name_req(struct hci_dev *hdev, __u8 status)
1372{
127178d2
JH		 1373 struct hci_cp_remote_name_req *cp;
1374 struct hci_conn *conn;
1375
a9de9248 1376 BT_DBG("%s status 0x%x", hdev->name, status);
127178d2
JH		 1377
1378 /* If successful wait for the name req complete event before
1379 * checking for the need to do authentication */
1380 if (!status)
1381 return;
1382
1383 cp = hci_sent_cmd_data(hdev, HCI_OP_REMOTE_NAME_REQ);
1384 if (!cp)
1385 return;
1386
1387 hci_dev_lock(hdev);
1388
b644ba33
JH		 1389 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1390
a8b2d5c2 1391 if (test_bit(HCI_MGMT, &hdev->dev_flags))
b644ba33 1392 hci_check_pending_name(hdev, conn, &cp->bdaddr, NULL, 0);
30dc78e1 1393
79c6c70c
JH		 1394 if (!conn)
1395 goto unlock;
1396
1397 if (!hci_outgoing_auth_needed(hdev, conn))
1398 goto unlock;
1399
51a8efd7 1400 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
127178d2
JH		 1401 struct hci_cp_auth_requested cp;
1402 cp.handle = __cpu_to_le16(conn->handle);
1403 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp);
1404 }
1405
79c6c70c 1406unlock:
127178d2 1407 hci_dev_unlock(hdev);
a9de9248 1408}
1da177e4 1409
769be974
MH		 1410static void hci_cs_read_remote_features(struct hci_dev *hdev, __u8 status)
1411{
1412 struct hci_cp_read_remote_features *cp;
1413 struct hci_conn *conn;
1414
1415 BT_DBG("%s status 0x%x", hdev->name, status);
1416
1417 if (!status)
1418 return;
1419
1420 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_FEATURES);
1421 if (!cp)
1422 return;
1423
1424 hci_dev_lock(hdev);
1425
1426 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1427 if (conn) {
1428 if (conn->state == BT_CONFIG) {
769be974
MH		 1429 hci_proto_connect_cfm(conn, status);
1430 hci_conn_put(conn);
1431 }
1432 }
1433
1434 hci_dev_unlock(hdev);
1435}
1436
1437static void hci_cs_read_remote_ext_features(struct hci_dev *hdev, __u8 status)
1438{
1439 struct hci_cp_read_remote_ext_features *cp;
1440 struct hci_conn *conn;
1441
1442 BT_DBG("%s status 0x%x", hdev->name, status);
1443
1444 if (!status)
1445 return;
1446
1447 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES);
1448 if (!cp)
1449 return;
1450
1451 hci_dev_lock(hdev);
1452
1453 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1454 if (conn) {
1455 if (conn->state == BT_CONFIG) {
769be974
MH		 1456 hci_proto_connect_cfm(conn, status);
1457 hci_conn_put(conn);
1458 }
1459 }
1460
1461 hci_dev_unlock(hdev);
1462}
1463
a9de9248
MH		 1464static void hci_cs_setup_sync_conn(struct hci_dev *hdev, __u8 status)
1465{
b6a0dc82
MH		 1466 struct hci_cp_setup_sync_conn *cp;
1467 struct hci_conn *acl, *sco;
1468 __u16 handle;
1469
a9de9248 1470 BT_DBG("%s status 0x%x", hdev->name, status);
b6a0dc82
MH		 1471
1472 if (!status)
1473 return;
1474
1475 cp = hci_sent_cmd_data(hdev, HCI_OP_SETUP_SYNC_CONN);
1476 if (!cp)
1477 return;
1478
1479 handle = __le16_to_cpu(cp->handle);
1480
1481 BT_DBG("%s handle %d", hdev->name, handle);
1482
1483 hci_dev_lock(hdev);
1484
1485 acl = hci_conn_hash_lookup_handle(hdev, handle);
5a08ecce
AE		 1486 if (acl) {
1487 sco = acl->link;
1488 if (sco) {
1489 sco->state = BT_CLOSED;
b6a0dc82 1490
5a08ecce
AE		 1491 hci_proto_connect_cfm(sco, status);
1492 hci_conn_del(sco);
1493 }
b6a0dc82
MH		 1494 }
1495
1496 hci_dev_unlock(hdev);
1da177e4
LT		 1497}
1498
a9de9248 1499static void hci_cs_sniff_mode(struct hci_dev *hdev, __u8 status)
1da177e4 1500{
a9de9248
MH		 1501 struct hci_cp_sniff_mode *cp;
1502 struct hci_conn *conn;
1da177e4 1503
a9de9248 1504 BT_DBG("%s status 0x%x", hdev->name, status);
04837f64 1505
a9de9248
MH		 1506 if (!status)
1507 return;
04837f64 1508
a9de9248
MH		 1509 cp = hci_sent_cmd_data(hdev, HCI_OP_SNIFF_MODE);
1510 if (!cp)
1511 return;
04837f64 1512
a9de9248 1513 hci_dev_lock(hdev);
04837f64 1514
a9de9248 1515 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
e73439d8 1516 if (conn) {
51a8efd7 1517 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags);
04837f64 1518
51a8efd7 1519 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
e73439d8
MH		 1520 hci_sco_setup(conn, status);
1521 }
1522
a9de9248
MH		 1523 hci_dev_unlock(hdev);
1524}
04837f64 1525
a9de9248
MH		 1526static void hci_cs_exit_sniff_mode(struct hci_dev *hdev, __u8 status)
1527{
1528 struct hci_cp_exit_sniff_mode *cp;
1529 struct hci_conn *conn;
04837f64 1530
a9de9248 1531 BT_DBG("%s status 0x%x", hdev->name, status);
04837f64 1532
a9de9248
MH		 1533 if (!status)
1534 return;
04837f64 1535
a9de9248
MH		 1536 cp = hci_sent_cmd_data(hdev, HCI_OP_EXIT_SNIFF_MODE);
1537 if (!cp)
1538 return;
04837f64 1539
a9de9248 1540 hci_dev_lock(hdev);
1da177e4 1541
a9de9248 1542 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
e73439d8 1543 if (conn) {
51a8efd7 1544 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags);
1da177e4 1545
51a8efd7 1546 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
e73439d8
MH		 1547 hci_sco_setup(conn, status);
1548 }
1549
a9de9248 1550 hci_dev_unlock(hdev);
1da177e4
LT		 1551}
1552
fcd89c09
VT		 1553static void hci_cs_le_create_conn(struct hci_dev *hdev, __u8 status)
1554{
1555 struct hci_cp_le_create_conn *cp;
1556 struct hci_conn *conn;
1557
1558 BT_DBG("%s status 0x%x", hdev->name, status);
1559
1560 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_CREATE_CONN);
1561 if (!cp)
1562 return;
1563
1564 hci_dev_lock(hdev);
1565
1566 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->peer_addr);
1567
1568 BT_DBG("%s bdaddr %s conn %p", hdev->name, batostr(&cp->peer_addr),
1569 conn);
1570
1571 if (status) {
1572 if (conn && conn->state == BT_CONNECT) {
1573 conn->state = BT_CLOSED;
1574 hci_proto_connect_cfm(conn, status);
1575 hci_conn_del(conn);
1576 }
1577 } else {
1578 if (!conn) {
1579 conn = hci_conn_add(hdev, LE_LINK, &cp->peer_addr);
29b7988a
AG		 1580 if (conn) {
1581 conn->dst_type = cp->peer_addr_type;
a0c808b3 1582 conn->out = true;
29b7988a 1583 } else {
fcd89c09 1584 BT_ERR("No memory for new connection");
29b7988a 1585 }
fcd89c09
VT		 1586 }
1587 }
1588
1589 hci_dev_unlock(hdev);
1590}
1591
a7a595f6
VCG		 1592static void hci_cs_le_start_enc(struct hci_dev *hdev, u8 status)
1593{
1594 BT_DBG("%s status 0x%x", hdev->name, status);
1595}
1596
1da177e4
LT		 1597static inline void hci_inquiry_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1598{
1599 __u8 status = *((__u8 *) skb->data);
30dc78e1
JH		 1600 struct discovery_state *discov = &hdev->discovery;
1601 struct inquiry_entry *e;
1da177e4
LT		 1602
1603 BT_DBG("%s status %d", hdev->name, status);
1604
23bb5763 1605 hci_req_complete(hdev, HCI_OP_INQUIRY, status);
6bd57416 1606
a9de9248 1607 hci_conn_check_pending(hdev);
89352e7d
AG		 1608
1609 if (!test_and_clear_bit(HCI_INQUIRY, &hdev->flags))
1610 return;
1611
a8b2d5c2 1612 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
30dc78e1
JH		 1613 return;
1614
56e5cb86 1615 hci_dev_lock(hdev);
30dc78e1
JH		 1616
1617 if (discov->state != DISCOVERY_INQUIRY)
1618 goto unlock;
1619
1620 if (list_empty(&discov->resolve)) {
1621 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1622 goto unlock;
1623 }
1624
1625 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_NEEDED);
1626 if (e && hci_resolve_name(hdev, e) == 0) {
1627 e->name_state = NAME_PENDING;
1628 hci_discovery_set_state(hdev, DISCOVERY_RESOLVING);
1629 } else {
1630 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1631 }
1632
1633unlock:
56e5cb86 1634 hci_dev_unlock(hdev);
1da177e4
LT		 1635}
1636
1da177e4
LT		 1637static inline void hci_inquiry_result_evt(struct hci_dev *hdev, struct sk_buff *skb)
1638{
45bb4bf0 1639 struct inquiry_data data;
a9de9248 1640 struct inquiry_info *info = (void *) (skb->data + 1);
1da177e4
LT		 1641 int num_rsp = *((__u8 *) skb->data);
1642
1643 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
1644
45bb4bf0
MH		 1645 if (!num_rsp)
1646 return;
1647
1da177e4 1648 hci_dev_lock(hdev);
45bb4bf0 1649
e17acd40 1650 for (; num_rsp; num_rsp--, info++) {
3175405b
JH		 1651 bool name_known;
1652
1da177e4
LT		 1653 bacpy(&data.bdaddr, &info->bdaddr);
1654 data.pscan_rep_mode = info->pscan_rep_mode;
1655 data.pscan_period_mode = info->pscan_period_mode;
1656 data.pscan_mode = info->pscan_mode;
1657 memcpy(data.dev_class, info->dev_class, 3);
1658 data.clock_offset = info->clock_offset;
1659 data.rssi = 0x00;
41a96212 1660 data.ssp_mode = 0x00;
3175405b
JH		 1661
1662 name_known = hci_inquiry_cache_update(hdev, &data, false);
48264f06 1663 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
7d262f86
AG		 1664 info->dev_class, 0, !name_known,
1665 NULL, 0);
1da177e4 1666 }
45bb4bf0 1667
1da177e4
LT		 1668 hci_dev_unlock(hdev);
1669}
1670
1da177e4
LT		 1671static inline void hci_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1672{
a9de9248
MH		 1673 struct hci_ev_conn_complete *ev = (void *) skb->data;
1674 struct hci_conn *conn;
1da177e4
LT		 1675
1676 BT_DBG("%s", hdev->name);
1677
1678 hci_dev_lock(hdev);
1679
1680 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
9499237a
MH		 1681 if (!conn) {
1682 if (ev->link_type != SCO_LINK)
1683 goto unlock;
1684
1685 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
1686 if (!conn)
1687 goto unlock;
1688
1689 conn->type = SCO_LINK;
1690 }
1da177e4
LT		 1691
1692 if (!ev->status) {
1693 conn->handle = __le16_to_cpu(ev->handle);
769be974
MH		 1694
1695 if (conn->type == ACL_LINK) {
1696 conn->state = BT_CONFIG;
1697 hci_conn_hold(conn);
052b30b0 1698 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
769be974
MH		 1699 } else
1700 conn->state = BT_CONNECTED;
1da177e4 1701
9eba32b8 1702 hci_conn_hold_device(conn);
7d0db0a3
MH		 1703 hci_conn_add_sysfs(conn);
1704
1da177e4
LT		 1705 if (test_bit(HCI_AUTH, &hdev->flags))
1706 conn->link_mode |= HCI_LM_AUTH;
1707
1708 if (test_bit(HCI_ENCRYPT, &hdev->flags))
1709 conn->link_mode |= HCI_LM_ENCRYPT;
1710
04837f64
MH		 1711 /* Get remote features */
1712 if (conn->type == ACL_LINK) {
1713 struct hci_cp_read_remote_features cp;
1714 cp.handle = ev->handle;
769be974
MH		 1715 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_FEATURES,
1716 sizeof(cp), &cp);
04837f64
MH		 1717 }
1718
1da177e4 1719 /* Set packet type for incoming connection */
d095c1eb 1720 if (!conn->out && hdev->hci_ver < BLUETOOTH_VER_2_0) {
1da177e4
LT		 1721 struct hci_cp_change_conn_ptype cp;
1722 cp.handle = ev->handle;
a8746417
MH		 1723 cp.pkt_type = cpu_to_le16(conn->pkt_type);
1724 hci_send_cmd(hdev, HCI_OP_CHANGE_CONN_PTYPE,
1725 sizeof(cp), &cp);
1da177e4 1726 }
17d5c04c 1727 } else {
1da177e4 1728 conn->state = BT_CLOSED;
17d5c04c 1729 if (conn->type == ACL_LINK)
744cf19e 1730 mgmt_connect_failed(hdev, &ev->bdaddr, conn->type,
48264f06 1731 conn->dst_type, ev->status);
17d5c04c 1732 }
1da177e4 1733
e73439d8
MH		 1734 if (conn->type == ACL_LINK)
1735 hci_sco_setup(conn, ev->status);
1da177e4 1736
769be974
MH		 1737 if (ev->status) {
1738 hci_proto_connect_cfm(conn, ev->status);
1da177e4 1739 hci_conn_del(conn);
c89b6e6b
MH		 1740 } else if (ev->link_type != ACL_LINK)
1741 hci_proto_connect_cfm(conn, ev->status);
1da177e4 1742
a9de9248 1743unlock:
1da177e4 1744 hci_dev_unlock(hdev);
1da177e4 1745
a9de9248 1746 hci_conn_check_pending(hdev);
1da177e4
LT		 1747}
1748
a9de9248 1749static inline void hci_conn_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 1750{
a9de9248
MH		 1751 struct hci_ev_conn_request *ev = (void *) skb->data;
1752 int mask = hdev->link_mode;
1da177e4 1753
a9de9248
MH		 1754 BT_DBG("%s bdaddr %s type 0x%x", hdev->name,
1755 batostr(&ev->bdaddr), ev->link_type);
1da177e4 1756
a9de9248 1757 mask |= hci_proto_connect_ind(hdev, &ev->bdaddr, ev->link_type);
1da177e4 1758
138d22ef
SJ		 1759 if ((mask & HCI_LM_ACCEPT) &&
1760 !hci_blacklist_lookup(hdev, &ev->bdaddr)) {
a9de9248 1761 /* Connection accepted */
c7bdd502 1762 struct inquiry_entry *ie;
1da177e4 1763 struct hci_conn *conn;
1da177e4 1764
a9de9248 1765 hci_dev_lock(hdev);
b6a0dc82 1766
cc11b9c1
AE		 1767 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
1768 if (ie)
c7bdd502
MH		 1769 memcpy(ie->data.dev_class, ev->dev_class, 3);
1770
a9de9248
MH		 1771 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
1772 if (!conn) {
cc11b9c1
AE		 1773 conn = hci_conn_add(hdev, ev->link_type, &ev->bdaddr);
1774 if (!conn) {
893ef971 1775 BT_ERR("No memory for new connection");
a9de9248
MH		 1776 hci_dev_unlock(hdev);
1777 return;
1da177e4
LT		 1778 }
1779 }
b6a0dc82 1780
a9de9248
MH		 1781 memcpy(conn->dev_class, ev->dev_class, 3);
1782 conn->state = BT_CONNECT;
b6a0dc82 1783
a9de9248 1784 hci_dev_unlock(hdev);
1da177e4 1785
b6a0dc82
MH		 1786 if (ev->link_type == ACL_LINK || !lmp_esco_capable(hdev)) {
1787 struct hci_cp_accept_conn_req cp;
1da177e4 1788
b6a0dc82
MH		 1789 bacpy(&cp.bdaddr, &ev->bdaddr);
1790
1791 if (lmp_rswitch_capable(hdev) && (mask & HCI_LM_MASTER))
1792 cp.role = 0x00; /* Become master */
1793 else
1794 cp.role = 0x01; /* Remain slave */
1795
1796 hci_send_cmd(hdev, HCI_OP_ACCEPT_CONN_REQ,
1797 sizeof(cp), &cp);
1798 } else {
1799 struct hci_cp_accept_sync_conn_req cp;
1800
1801 bacpy(&cp.bdaddr, &ev->bdaddr);
a8746417 1802 cp.pkt_type = cpu_to_le16(conn->pkt_type);
b6a0dc82
MH		 1803
1804 cp.tx_bandwidth = cpu_to_le32(0x00001f40);
1805 cp.rx_bandwidth = cpu_to_le32(0x00001f40);
1806 cp.max_latency = cpu_to_le16(0xffff);
1807 cp.content_format = cpu_to_le16(hdev->voice_setting);
1808 cp.retrans_effort = 0xff;
1da177e4 1809
b6a0dc82
MH		 1810 hci_send_cmd(hdev, HCI_OP_ACCEPT_SYNC_CONN_REQ,
1811 sizeof(cp), &cp);
1812 }
a9de9248
MH		 1813 } else {
1814 /* Connection rejected */
1815 struct hci_cp_reject_conn_req cp;
1da177e4 1816
a9de9248 1817 bacpy(&cp.bdaddr, &ev->bdaddr);
9f5a0d7b 1818 cp.reason = HCI_ERROR_REJ_BAD_ADDR;
a9de9248 1819 hci_send_cmd(hdev, HCI_OP_REJECT_CONN_REQ, sizeof(cp), &cp);
1da177e4 1820 }
1da177e4
LT		 1821}
1822
a9de9248 1823static inline void hci_disconn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
04837f64 1824{
a9de9248 1825 struct hci_ev_disconn_complete *ev = (void *) skb->data;
04837f64
MH		 1826 struct hci_conn *conn;
1827
1828 BT_DBG("%s status %d", hdev->name, ev->status);
1829
1830 hci_dev_lock(hdev);
1831
1832 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
f7520543
JH		 1833 if (!conn)
1834 goto unlock;
7d0db0a3 1835
37d9ef76
JH		 1836 if (ev->status == 0)
1837 conn->state = BT_CLOSED;
04837f64 1838
b644ba33
JH		 1839 if (test_and_clear_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags) &&
1840 (conn->type == ACL_LINK || conn->type == LE_LINK)) {
37d9ef76
JH		 1841 if (ev->status != 0)
1842 mgmt_disconnect_failed(hdev, &conn->dst, ev->status);
1843 else
afc747a6 1844 mgmt_device_disconnected(hdev, &conn->dst, conn->type,
48264f06 1845 conn->dst_type);
37d9ef76 1846 }
f7520543 1847
37d9ef76
JH		 1848 if (ev->status == 0) {
1849 hci_proto_disconn_cfm(conn, ev->reason);
1850 hci_conn_del(conn);
1851 }
f7520543
JH		 1852
1853unlock:
04837f64
MH		 1854 hci_dev_unlock(hdev);
1855}
1856
1da177e4
LT		 1857static inline void hci_auth_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1858{
a9de9248 1859 struct hci_ev_auth_complete *ev = (void *) skb->data;
04837f64 1860 struct hci_conn *conn;
1da177e4
LT		 1861
1862 BT_DBG("%s status %d", hdev->name, ev->status);
1863
1864 hci_dev_lock(hdev);
1865
04837f64 1866 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
d7556e20
WR		 1867 if (!conn)
1868 goto unlock;
1869
1870 if (!ev->status) {
aa64a8b5
JH		 1871 if (!hci_conn_ssp_enabled(conn) &&
1872 test_bit(HCI_CONN_REAUTH_PEND, &conn->flags)) {
d7556e20 1873 BT_INFO("re-auth of legacy device is not possible.");
2a611692 1874 } else {
d7556e20
WR		 1875 conn->link_mode |= HCI_LM_AUTH;
1876 conn->sec_level = conn->pending_sec_level;
2a611692 1877 }
d7556e20 1878 } else {
744cf19e 1879 mgmt_auth_failed(hdev, &conn->dst, ev->status);
d7556e20 1880 }
1da177e4 1881
51a8efd7
JH		 1882 clear_bit(HCI_CONN_AUTH_PEND, &conn->flags);
1883 clear_bit(HCI_CONN_REAUTH_PEND, &conn->flags);
1da177e4 1884
d7556e20 1885 if (conn->state == BT_CONFIG) {
aa64a8b5 1886 if (!ev->status && hci_conn_ssp_enabled(conn)) {
d7556e20
WR		 1887 struct hci_cp_set_conn_encrypt cp;
1888 cp.handle = ev->handle;
1889 cp.encrypt = 0x01;
1890 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
1891 &cp);
052b30b0 1892 } else {
d7556e20
WR		 1893 conn->state = BT_CONNECTED;
1894 hci_proto_connect_cfm(conn, ev->status);
052b30b0
MH		 1895 hci_conn_put(conn);
1896 }
d7556e20
WR		 1897 } else {
1898 hci_auth_cfm(conn, ev->status);
052b30b0 1899
d7556e20
WR		 1900 hci_conn_hold(conn);
1901 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
1902 hci_conn_put(conn);
1903 }
1904
51a8efd7 1905 if (test_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags)) {
d7556e20
WR		 1906 if (!ev->status) {
1907 struct hci_cp_set_conn_encrypt cp;
1908 cp.handle = ev->handle;
1909 cp.encrypt = 0x01;
1910 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
1911 &cp);
1912 } else {
51a8efd7 1913 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
d7556e20 1914 hci_encrypt_cfm(conn, ev->status, 0x00);
1da177e4
LT		 1915 }
1916 }
1917
d7556e20 1918unlock:
1da177e4
LT		 1919 hci_dev_unlock(hdev);
1920}
1921
a9de9248 1922static inline void hci_remote_name_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 1923{
127178d2
JH		 1924 struct hci_ev_remote_name *ev = (void *) skb->data;
1925 struct hci_conn *conn;
1926
a9de9248 1927 BT_DBG("%s", hdev->name);
1da177e4 1928
a9de9248 1929 hci_conn_check_pending(hdev);
127178d2
JH		 1930
1931 hci_dev_lock(hdev);
1932
b644ba33 1933 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
30dc78e1 1934
b644ba33
JH		 1935 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
1936 goto check_auth;
a88a9652 1937
b644ba33
JH		 1938 if (ev->status == 0)
1939 hci_check_pending_name(hdev, conn, &ev->bdaddr, ev->name,
1940 strnlen(ev->name, HCI_MAX_NAME_LENGTH));
1941 else
1942 hci_check_pending_name(hdev, conn, &ev->bdaddr, NULL, 0);
1943
1944check_auth:
79c6c70c
JH		 1945 if (!conn)
1946 goto unlock;
1947
1948 if (!hci_outgoing_auth_needed(hdev, conn))
1949 goto unlock;
1950
51a8efd7 1951 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
127178d2
JH		 1952 struct hci_cp_auth_requested cp;
1953 cp.handle = __cpu_to_le16(conn->handle);
1954 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp);
1955 }
1956
79c6c70c 1957unlock:
127178d2 1958 hci_dev_unlock(hdev);
a9de9248
MH		 1959}
1960
1961static inline void hci_encrypt_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
1962{
1963 struct hci_ev_encrypt_change *ev = (void *) skb->data;
1964 struct hci_conn *conn;
1965
1966 BT_DBG("%s status %d", hdev->name, ev->status);
1da177e4
LT		 1967
1968 hci_dev_lock(hdev);
1969
04837f64 1970 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1da177e4
LT		 1971 if (conn) {
1972 if (!ev->status) {
ae293196
MH		 1973 if (ev->encrypt) {
1974 /* Encryption implies authentication */
1975 conn->link_mode |= HCI_LM_AUTH;
1da177e4 1976 conn->link_mode |= HCI_LM_ENCRYPT;
da85e5e5 1977 conn->sec_level = conn->pending_sec_level;
ae293196 1978 } else
1da177e4
LT		 1979 conn->link_mode &= ~HCI_LM_ENCRYPT;
1980 }
1981
51a8efd7 1982 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
1da177e4 1983
f8558555
MH		 1984 if (conn->state == BT_CONFIG) {
1985 if (!ev->status)
1986 conn->state = BT_CONNECTED;
1987
1988 hci_proto_connect_cfm(conn, ev->status);
1989 hci_conn_put(conn);
1990 } else
1991 hci_encrypt_cfm(conn, ev->status, ev->encrypt);
1da177e4
LT		 1992 }
1993
1994 hci_dev_unlock(hdev);
1995}
1996
a9de9248 1997static inline void hci_change_link_key_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 1998{
a9de9248 1999 struct hci_ev_change_link_key_complete *ev = (void *) skb->data;
04837f64 2000 struct hci_conn *conn;
1da177e4
LT		 2001
2002 BT_DBG("%s status %d", hdev->name, ev->status);
2003
2004 hci_dev_lock(hdev);
2005
04837f64 2006 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1da177e4
LT		 2007 if (conn) {
2008 if (!ev->status)
2009 conn->link_mode |= HCI_LM_SECURE;
2010
51a8efd7 2011 clear_bit(HCI_CONN_AUTH_PEND, &conn->flags);
1da177e4
LT		 2012
2013 hci_key_change_cfm(conn, ev->status);
2014 }
2015
2016 hci_dev_unlock(hdev);
2017}
2018
a9de9248 2019static inline void hci_remote_features_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 2020{
a9de9248
MH		 2021 struct hci_ev_remote_features *ev = (void *) skb->data;
2022 struct hci_conn *conn;
2023
2024 BT_DBG("%s status %d", hdev->name, ev->status);
2025
a9de9248
MH		 2026 hci_dev_lock(hdev);
2027
2028 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
ccd556fe
JH		 2029 if (!conn)
2030 goto unlock;
769be974 2031
ccd556fe
JH		 2032 if (!ev->status)
2033 memcpy(conn->features, ev->features, 8);
2034
2035 if (conn->state != BT_CONFIG)
2036 goto unlock;
2037
2038 if (!ev->status && lmp_ssp_capable(hdev) && lmp_ssp_capable(conn)) {
2039 struct hci_cp_read_remote_ext_features cp;
2040 cp.handle = ev->handle;
2041 cp.page = 0x01;
2042 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES,
bdb7524a 2043 sizeof(cp), &cp);
392599b9
JH		 2044 goto unlock;
2045 }
2046
127178d2
JH		 2047 if (!ev->status) {
2048 struct hci_cp_remote_name_req cp;
2049 memset(&cp, 0, sizeof(cp));
2050 bacpy(&cp.bdaddr, &conn->dst);
2051 cp.pscan_rep_mode = 0x02;
2052 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
b644ba33
JH		 2053 } else if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
2054 mgmt_device_connected(hdev, &conn->dst, conn->type,
2055 conn->dst_type, NULL, 0,
2056 conn->dev_class);
392599b9 2057
127178d2 2058 if (!hci_outgoing_auth_needed(hdev, conn)) {
ccd556fe
JH		 2059 conn->state = BT_CONNECTED;
2060 hci_proto_connect_cfm(conn, ev->status);
2061 hci_conn_put(conn);
769be974 2062 }
a9de9248 2063
ccd556fe 2064unlock:
a9de9248 2065 hci_dev_unlock(hdev);
1da177e4
LT		 2066}
2067
a9de9248 2068static inline void hci_remote_version_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 2069{
a9de9248 2070 BT_DBG("%s", hdev->name);
1da177e4
LT		 2071}
2072
a9de9248 2073static inline void hci_qos_setup_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 2074{
a9de9248 2075 BT_DBG("%s", hdev->name);
1da177e4
LT		 2076}
2077
a9de9248
MH		 2078static inline void hci_cmd_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2079{
2080 struct hci_ev_cmd_complete *ev = (void *) skb->data;
2081 __u16 opcode;
2082
2083 skb_pull(skb, sizeof(*ev));
2084
2085 opcode = __le16_to_cpu(ev->opcode);
2086
2087 switch (opcode) {
2088 case HCI_OP_INQUIRY_CANCEL:
2089 hci_cc_inquiry_cancel(hdev, skb);
2090 break;
2091
2092 case HCI_OP_EXIT_PERIODIC_INQ:
2093 hci_cc_exit_periodic_inq(hdev, skb);
2094 break;
2095
2096 case HCI_OP_REMOTE_NAME_REQ_CANCEL:
2097 hci_cc_remote_name_req_cancel(hdev, skb);
2098 break;
2099
2100 case HCI_OP_ROLE_DISCOVERY:
2101 hci_cc_role_discovery(hdev, skb);
2102 break;
2103
e4e8e37c
MH		 2104 case HCI_OP_READ_LINK_POLICY:
2105 hci_cc_read_link_policy(hdev, skb);
2106 break;
2107
a9de9248
MH		 2108 case HCI_OP_WRITE_LINK_POLICY:
2109 hci_cc_write_link_policy(hdev, skb);
2110 break;
2111
e4e8e37c
MH		 2112 case HCI_OP_READ_DEF_LINK_POLICY:
2113 hci_cc_read_def_link_policy(hdev, skb);
2114 break;
2115
2116 case HCI_OP_WRITE_DEF_LINK_POLICY:
2117 hci_cc_write_def_link_policy(hdev, skb);
2118 break;
2119
a9de9248
MH		 2120 case HCI_OP_RESET:
2121 hci_cc_reset(hdev, skb);
2122 break;
2123
2124 case HCI_OP_WRITE_LOCAL_NAME:
2125 hci_cc_write_local_name(hdev, skb);
2126 break;
2127
2128 case HCI_OP_READ_LOCAL_NAME:
2129 hci_cc_read_local_name(hdev, skb);
2130 break;
2131
2132 case HCI_OP_WRITE_AUTH_ENABLE:
2133 hci_cc_write_auth_enable(hdev, skb);
2134 break;
2135
2136 case HCI_OP_WRITE_ENCRYPT_MODE:
2137 hci_cc_write_encrypt_mode(hdev, skb);
2138 break;
2139
2140 case HCI_OP_WRITE_SCAN_ENABLE:
2141 hci_cc_write_scan_enable(hdev, skb);
2142 break;
2143
2144 case HCI_OP_READ_CLASS_OF_DEV:
2145 hci_cc_read_class_of_dev(hdev, skb);
2146 break;
2147
2148 case HCI_OP_WRITE_CLASS_OF_DEV:
2149 hci_cc_write_class_of_dev(hdev, skb);
2150 break;
2151
2152 case HCI_OP_READ_VOICE_SETTING:
2153 hci_cc_read_voice_setting(hdev, skb);
2154 break;
2155
2156 case HCI_OP_WRITE_VOICE_SETTING:
2157 hci_cc_write_voice_setting(hdev, skb);
2158 break;
2159
2160 case HCI_OP_HOST_BUFFER_SIZE:
2161 hci_cc_host_buffer_size(hdev, skb);
2162 break;
2163
333140b5
MH		 2164 case HCI_OP_READ_SSP_MODE:
2165 hci_cc_read_ssp_mode(hdev, skb);
2166 break;
2167
2168 case HCI_OP_WRITE_SSP_MODE:
2169 hci_cc_write_ssp_mode(hdev, skb);
2170 break;
2171
a9de9248
MH		 2172 case HCI_OP_READ_LOCAL_VERSION:
2173 hci_cc_read_local_version(hdev, skb);
2174 break;
2175
2176 case HCI_OP_READ_LOCAL_COMMANDS:
2177 hci_cc_read_local_commands(hdev, skb);
2178 break;
2179
2180 case HCI_OP_READ_LOCAL_FEATURES:
2181 hci_cc_read_local_features(hdev, skb);
2182 break;
2183
971e3a4b
AG		 2184 case HCI_OP_READ_LOCAL_EXT_FEATURES:
2185 hci_cc_read_local_ext_features(hdev, skb);
2186 break;
2187
a9de9248
MH		 2188 case HCI_OP_READ_BUFFER_SIZE:
2189 hci_cc_read_buffer_size(hdev, skb);
2190 break;
2191
2192 case HCI_OP_READ_BD_ADDR:
2193 hci_cc_read_bd_addr(hdev, skb);
2194 break;
2195
350ee4cf
AE		 2196 case HCI_OP_READ_DATA_BLOCK_SIZE:
2197 hci_cc_read_data_block_size(hdev, skb);
2198 break;
2199
23bb5763
JH		 2200 case HCI_OP_WRITE_CA_TIMEOUT:
2201 hci_cc_write_ca_timeout(hdev, skb);
2202 break;
2203
1e89cffb
AE		 2204 case HCI_OP_READ_FLOW_CONTROL_MODE:
2205 hci_cc_read_flow_control_mode(hdev, skb);
2206 break;
2207
928abaa7
AE		 2208 case HCI_OP_READ_LOCAL_AMP_INFO:
2209 hci_cc_read_local_amp_info(hdev, skb);
2210 break;
2211
b0916ea0
JH		 2212 case HCI_OP_DELETE_STORED_LINK_KEY:
2213 hci_cc_delete_stored_link_key(hdev, skb);
2214 break;
2215
d5859e22
JH		 2216 case HCI_OP_SET_EVENT_MASK:
2217 hci_cc_set_event_mask(hdev, skb);
2218 break;
2219
2220 case HCI_OP_WRITE_INQUIRY_MODE:
2221 hci_cc_write_inquiry_mode(hdev, skb);
2222 break;
2223
2224 case HCI_OP_READ_INQ_RSP_TX_POWER:
2225 hci_cc_read_inq_rsp_tx_power(hdev, skb);
2226 break;
2227
2228 case HCI_OP_SET_EVENT_FLT:
2229 hci_cc_set_event_flt(hdev, skb);
2230 break;
2231
980e1a53
JH		 2232 case HCI_OP_PIN_CODE_REPLY:
2233 hci_cc_pin_code_reply(hdev, skb);
2234 break;
2235
2236 case HCI_OP_PIN_CODE_NEG_REPLY:
2237 hci_cc_pin_code_neg_reply(hdev, skb);
2238 break;
2239
c35938b2
SJ		 2240 case HCI_OP_READ_LOCAL_OOB_DATA:
2241 hci_cc_read_local_oob_data_reply(hdev, skb);
2242 break;
2243
6ed58ec5
VT		 2244 case HCI_OP_LE_READ_BUFFER_SIZE:
2245 hci_cc_le_read_buffer_size(hdev, skb);
2246 break;
2247
a5c29683
JH		 2248 case HCI_OP_USER_CONFIRM_REPLY:
2249 hci_cc_user_confirm_reply(hdev, skb);
2250 break;
2251
2252 case HCI_OP_USER_CONFIRM_NEG_REPLY:
2253 hci_cc_user_confirm_neg_reply(hdev, skb);
2254 break;
2255
1143d458
BG		 2256 case HCI_OP_USER_PASSKEY_REPLY:
2257 hci_cc_user_passkey_reply(hdev, skb);
2258 break;
2259
2260 case HCI_OP_USER_PASSKEY_NEG_REPLY:
2261 hci_cc_user_passkey_neg_reply(hdev, skb);
07f7fa5d
AG		 2262
2263 case HCI_OP_LE_SET_SCAN_PARAM:
2264 hci_cc_le_set_scan_param(hdev, skb);
1143d458
BG		 2265 break;
2266
eb9d91f5
AG		 2267 case HCI_OP_LE_SET_SCAN_ENABLE:
2268 hci_cc_le_set_scan_enable(hdev, skb);
2269 break;
2270
a7a595f6
VCG		 2271 case HCI_OP_LE_LTK_REPLY:
2272 hci_cc_le_ltk_reply(hdev, skb);
2273 break;
2274
2275 case HCI_OP_LE_LTK_NEG_REPLY:
2276 hci_cc_le_ltk_neg_reply(hdev, skb);
2277 break;
2278
f9b49306
AG		 2279 case HCI_OP_WRITE_LE_HOST_SUPPORTED:
2280 hci_cc_write_le_host_supported(hdev, skb);
2281 break;
2282
a9de9248
MH		 2283 default:
2284 BT_DBG("%s opcode 0x%x", hdev->name, opcode);
2285 break;
2286 }
2287
6bd32326
VT		 2288 if (ev->opcode != HCI_OP_NOP)
2289 del_timer(&hdev->cmd_timer);
2290
a9de9248
MH		 2291 if (ev->ncmd) {
2292 atomic_set(&hdev->cmd_cnt, 1);
2293 if (!skb_queue_empty(&hdev->cmd_q))
c347b765 2294 queue_work(hdev->workqueue, &hdev->cmd_work);
a9de9248
MH		 2295 }
2296}
2297
2298static inline void hci_cmd_status_evt(struct hci_dev *hdev, struct sk_buff *skb)
2299{
2300 struct hci_ev_cmd_status *ev = (void *) skb->data;
2301 __u16 opcode;
2302
2303 skb_pull(skb, sizeof(*ev));
2304
2305 opcode = __le16_to_cpu(ev->opcode);
2306
2307 switch (opcode) {
2308 case HCI_OP_INQUIRY:
2309 hci_cs_inquiry(hdev, ev->status);
2310 break;
2311
2312 case HCI_OP_CREATE_CONN:
2313 hci_cs_create_conn(hdev, ev->status);
2314 break;
2315
2316 case HCI_OP_ADD_SCO:
2317 hci_cs_add_sco(hdev, ev->status);
2318 break;
2319
f8558555
MH		 2320 case HCI_OP_AUTH_REQUESTED:
2321 hci_cs_auth_requested(hdev, ev->status);
2322 break;
2323
2324 case HCI_OP_SET_CONN_ENCRYPT:
2325 hci_cs_set_conn_encrypt(hdev, ev->status);
2326 break;
2327
a9de9248
MH		 2328 case HCI_OP_REMOTE_NAME_REQ:
2329 hci_cs_remote_name_req(hdev, ev->status);
2330 break;
2331
769be974
MH		 2332 case HCI_OP_READ_REMOTE_FEATURES:
2333 hci_cs_read_remote_features(hdev, ev->status);
2334 break;
2335
2336 case HCI_OP_READ_REMOTE_EXT_FEATURES:
2337 hci_cs_read_remote_ext_features(hdev, ev->status);
2338 break;
2339
a9de9248
MH		 2340 case HCI_OP_SETUP_SYNC_CONN:
2341 hci_cs_setup_sync_conn(hdev, ev->status);
2342 break;
2343
2344 case HCI_OP_SNIFF_MODE:
2345 hci_cs_sniff_mode(hdev, ev->status);
2346 break;
2347
2348 case HCI_OP_EXIT_SNIFF_MODE:
2349 hci_cs_exit_sniff_mode(hdev, ev->status);
2350 break;
2351
8962ee74
JH		 2352 case HCI_OP_DISCONNECT:
2353 if (ev->status != 0)
37d9ef76 2354 mgmt_disconnect_failed(hdev, NULL, ev->status);
8962ee74
JH		 2355 break;
2356
fcd89c09
VT		 2357 case HCI_OP_LE_CREATE_CONN:
2358 hci_cs_le_create_conn(hdev, ev->status);
2359 break;
2360
a7a595f6
VCG		 2361 case HCI_OP_LE_START_ENC:
2362 hci_cs_le_start_enc(hdev, ev->status);
2363 break;
2364
a9de9248
MH		 2365 default:
2366 BT_DBG("%s opcode 0x%x", hdev->name, opcode);
2367 break;
2368 }
2369
6bd32326
VT		 2370 if (ev->opcode != HCI_OP_NOP)
2371 del_timer(&hdev->cmd_timer);
2372
10572132 2373 if (ev->ncmd && !test_bit(HCI_RESET, &hdev->flags)) {
a9de9248
MH		 2374 atomic_set(&hdev->cmd_cnt, 1);
2375 if (!skb_queue_empty(&hdev->cmd_q))
c347b765 2376 queue_work(hdev->workqueue, &hdev->cmd_work);
a9de9248
MH		 2377 }
2378}
2379
2380static inline void hci_role_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2381{
2382 struct hci_ev_role_change *ev = (void *) skb->data;
2383 struct hci_conn *conn;
2384
2385 BT_DBG("%s status %d", hdev->name, ev->status);
2386
2387 hci_dev_lock(hdev);
2388
2389 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2390 if (conn) {
2391 if (!ev->status) {
2392 if (ev->role)
2393 conn->link_mode &= ~HCI_LM_MASTER;
2394 else
2395 conn->link_mode |= HCI_LM_MASTER;
2396 }
2397
51a8efd7 2398 clear_bit(HCI_CONN_RSWITCH_PEND, &conn->flags);
a9de9248
MH		 2399
2400 hci_role_switch_cfm(conn, ev->status, ev->role);
2401 }
2402
2403 hci_dev_unlock(hdev);
2404}
2405
2406static inline void hci_num_comp_pkts_evt(struct hci_dev *hdev, struct sk_buff *skb)
2407{
2408 struct hci_ev_num_comp_pkts *ev = (void *) skb->data;
a9de9248
MH		 2409 int i;
2410
32ac5b9b
AE		 2411 if (hdev->flow_ctl_mode != HCI_FLOW_CTL_MODE_PACKET_BASED) {
2412 BT_ERR("Wrong event for mode %d", hdev->flow_ctl_mode);
2413 return;
2414 }
2415
c5993de8
AE		 2416 if (skb->len < sizeof(*ev) || skb->len < sizeof(*ev) +
2417 ev->num_hndl * sizeof(struct hci_comp_pkts_info)) {
a9de9248
MH		 2418 BT_DBG("%s bad parameters", hdev->name);
2419 return;
2420 }
2421
c5993de8
AE		 2422 BT_DBG("%s num_hndl %d", hdev->name, ev->num_hndl);
2423
613a1c0c
AE		 2424 for (i = 0; i < ev->num_hndl; i++) {
2425 struct hci_comp_pkts_info *info = &ev->handles[i];
a9de9248
MH		 2426 struct hci_conn *conn;
2427 __u16 handle, count;
2428
613a1c0c
AE		 2429 handle = __le16_to_cpu(info->handle);
2430 count = __le16_to_cpu(info->count);
a9de9248
MH		 2431
2432 conn = hci_conn_hash_lookup_handle(hdev, handle);
f4280918
AE		 2433 if (!conn)
2434 continue;
2435
2436 conn->sent -= count;
2437
2438 switch (conn->type) {
2439 case ACL_LINK:
2440 hdev->acl_cnt += count;
2441 if (hdev->acl_cnt > hdev->acl_pkts)
2442 hdev->acl_cnt = hdev->acl_pkts;
2443 break;
2444
2445 case LE_LINK:
2446 if (hdev->le_pkts) {
2447 hdev->le_cnt += count;
2448 if (hdev->le_cnt > hdev->le_pkts)
2449 hdev->le_cnt = hdev->le_pkts;
2450 } else {
70f23020
AE		 2451 hdev->acl_cnt += count;
2452 if (hdev->acl_cnt > hdev->acl_pkts)
a9de9248 2453 hdev->acl_cnt = hdev->acl_pkts;
a9de9248 2454 }
f4280918
AE		 2455 break;
2456
2457 case SCO_LINK:
2458 hdev->sco_cnt += count;
2459 if (hdev->sco_cnt > hdev->sco_pkts)
2460 hdev->sco_cnt = hdev->sco_pkts;
2461 break;
2462
2463 default:
2464 BT_ERR("Unknown type %d conn %p", conn->type, conn);
2465 break;
a9de9248
MH		 2466 }
2467 }
2468
3eff45ea 2469 queue_work(hdev->workqueue, &hdev->tx_work);
a9de9248
MH		 2470}
2471
25e89e99
AE		 2472static inline void hci_num_comp_blocks_evt(struct hci_dev *hdev,
2473 struct sk_buff *skb)
2474{
2475 struct hci_ev_num_comp_blocks *ev = (void *) skb->data;
2476 int i;
2477
2478 if (hdev->flow_ctl_mode != HCI_FLOW_CTL_MODE_BLOCK_BASED) {
2479 BT_ERR("Wrong event for mode %d", hdev->flow_ctl_mode);
2480 return;
2481 }
2482
2483 if (skb->len < sizeof(*ev) || skb->len < sizeof(*ev) +
2484 ev->num_hndl * sizeof(struct hci_comp_blocks_info)) {
2485 BT_DBG("%s bad parameters", hdev->name);
2486 return;
2487 }
2488
2489 BT_DBG("%s num_blocks %d num_hndl %d", hdev->name, ev->num_blocks,
2490 ev->num_hndl);
2491
2492 for (i = 0; i < ev->num_hndl; i++) {
2493 struct hci_comp_blocks_info *info = &ev->handles[i];
2494 struct hci_conn *conn;
2495 __u16 handle, block_count;
2496
2497 handle = __le16_to_cpu(info->handle);
2498 block_count = __le16_to_cpu(info->blocks);
2499
2500 conn = hci_conn_hash_lookup_handle(hdev, handle);
2501 if (!conn)
2502 continue;
2503
2504 conn->sent -= block_count;
2505
2506 switch (conn->type) {
2507 case ACL_LINK:
2508 hdev->block_cnt += block_count;
2509 if (hdev->block_cnt > hdev->num_blocks)
2510 hdev->block_cnt = hdev->num_blocks;
2511 break;
2512
2513 default:
2514 BT_ERR("Unknown type %d conn %p", conn->type, conn);
2515 break;
2516 }
2517 }
2518
2519 queue_work(hdev->workqueue, &hdev->tx_work);
2520}
2521
a9de9248 2522static inline void hci_mode_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
04837f64 2523{
a9de9248 2524 struct hci_ev_mode_change *ev = (void *) skb->data;
04837f64
MH		 2525 struct hci_conn *conn;
2526
2527 BT_DBG("%s status %d", hdev->name, ev->status);
2528
2529 hci_dev_lock(hdev);
2530
2531 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
a9de9248
MH		 2532 if (conn) {
2533 conn->mode = ev->mode;
2534 conn->interval = __le16_to_cpu(ev->interval);
2535
51a8efd7 2536 if (!test_and_clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags)) {
a9de9248 2537 if (conn->mode == HCI_CM_ACTIVE)
58a681ef 2538 set_bit(HCI_CONN_POWER_SAVE, &conn->flags);
a9de9248 2539 else
58a681ef 2540 clear_bit(HCI_CONN_POWER_SAVE, &conn->flags);
a9de9248 2541 }
e73439d8 2542
51a8efd7 2543 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
e73439d8 2544 hci_sco_setup(conn, ev->status);
04837f64
MH		 2545 }
2546
2547 hci_dev_unlock(hdev);
2548}
2549
a9de9248
MH		 2550static inline void hci_pin_code_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
2551{
052b30b0
MH		 2552 struct hci_ev_pin_code_req *ev = (void *) skb->data;
2553 struct hci_conn *conn;
2554
a9de9248 2555 BT_DBG("%s", hdev->name);
052b30b0
MH		 2556
2557 hci_dev_lock(hdev);
2558
2559 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
b6f98044
WR		 2560 if (!conn)
2561 goto unlock;
2562
2563 if (conn->state == BT_CONNECTED) {
052b30b0
MH		 2564 hci_conn_hold(conn);
2565 conn->disc_timeout = HCI_PAIRING_TIMEOUT;
2566 hci_conn_put(conn);
2567 }
2568
a8b2d5c2 2569 if (!test_bit(HCI_PAIRABLE, &hdev->dev_flags))
03b555e1
JH		 2570 hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
2571 sizeof(ev->bdaddr), &ev->bdaddr);
a8b2d5c2 2572 else if (test_bit(HCI_MGMT, &hdev->dev_flags)) {
a770bb5a
WR		 2573 u8 secure;
2574
2575 if (conn->pending_sec_level == BT_SECURITY_HIGH)
2576 secure = 1;
2577 else
2578 secure = 0;
2579
744cf19e 2580 mgmt_pin_code_request(hdev, &ev->bdaddr, secure);
a770bb5a 2581 }
980e1a53 2582
b6f98044 2583unlock:
052b30b0 2584 hci_dev_unlock(hdev);
a9de9248
MH		 2585}
2586
2587static inline void hci_link_key_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
2588{
55ed8ca1
JH		 2589 struct hci_ev_link_key_req *ev = (void *) skb->data;
2590 struct hci_cp_link_key_reply cp;
2591 struct hci_conn *conn;
2592 struct link_key *key;
2593
a9de9248 2594 BT_DBG("%s", hdev->name);
55ed8ca1 2595
a8b2d5c2 2596 if (!test_bit(HCI_LINK_KEYS, &hdev->dev_flags))
55ed8ca1
JH		 2597 return;
2598
2599 hci_dev_lock(hdev);
2600
2601 key = hci_find_link_key(hdev, &ev->bdaddr);
2602 if (!key) {
2603 BT_DBG("%s link key not found for %s", hdev->name,
2604 batostr(&ev->bdaddr));
2605 goto not_found;
2606 }
2607
2608 BT_DBG("%s found key type %u for %s", hdev->name, key->type,
2609 batostr(&ev->bdaddr));
2610
a8b2d5c2 2611 if (!test_bit(HCI_DEBUG_KEYS, &hdev->dev_flags) &&
b6020ba0 2612 key->type == HCI_LK_DEBUG_COMBINATION) {
55ed8ca1
JH		 2613 BT_DBG("%s ignoring debug key", hdev->name);
2614 goto not_found;
2615 }
2616
2617 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
60b83f57
WR		 2618 if (conn) {
2619 if (key->type == HCI_LK_UNAUTH_COMBINATION &&
2620 conn->auth_type != 0xff &&
2621 (conn->auth_type & 0x01)) {
2622 BT_DBG("%s ignoring unauthenticated key", hdev->name);
2623 goto not_found;
2624 }
55ed8ca1 2625
60b83f57
WR		 2626 if (key->type == HCI_LK_COMBINATION && key->pin_len < 16 &&
2627 conn->pending_sec_level == BT_SECURITY_HIGH) {
2628 BT_DBG("%s ignoring key unauthenticated for high \
2629 security", hdev->name);
2630 goto not_found;
2631 }
2632
2633 conn->key_type = key->type;
2634 conn->pin_length = key->pin_len;
55ed8ca1
JH		 2635 }
2636
2637 bacpy(&cp.bdaddr, &ev->bdaddr);
2638 memcpy(cp.link_key, key->val, 16);
2639
2640 hci_send_cmd(hdev, HCI_OP_LINK_KEY_REPLY, sizeof(cp), &cp);
2641
2642 hci_dev_unlock(hdev);
2643
2644 return;
2645
2646not_found:
2647 hci_send_cmd(hdev, HCI_OP_LINK_KEY_NEG_REPLY, 6, &ev->bdaddr);
2648 hci_dev_unlock(hdev);
a9de9248
MH		 2649}
2650
2651static inline void hci_link_key_notify_evt(struct hci_dev *hdev, struct sk_buff *skb)
2652{
052b30b0
MH		 2653 struct hci_ev_link_key_notify *ev = (void *) skb->data;
2654 struct hci_conn *conn;
55ed8ca1 2655 u8 pin_len = 0;
052b30b0 2656
a9de9248 2657 BT_DBG("%s", hdev->name);
052b30b0
MH		 2658
2659 hci_dev_lock(hdev);
2660
2661 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2662 if (conn) {
2663 hci_conn_hold(conn);
2664 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
980e1a53 2665 pin_len = conn->pin_length;
13d39315
WR		 2666
2667 if (ev->key_type != HCI_LK_CHANGED_COMBINATION)
2668 conn->key_type = ev->key_type;
2669
052b30b0
MH		 2670 hci_conn_put(conn);
2671 }
2672
a8b2d5c2 2673 if (test_bit(HCI_LINK_KEYS, &hdev->dev_flags))
d25e28ab 2674 hci_add_link_key(hdev, conn, 1, &ev->bdaddr, ev->link_key,
55ed8ca1
JH		 2675 ev->key_type, pin_len);
2676
052b30b0 2677 hci_dev_unlock(hdev);
a9de9248
MH		 2678}
2679
1da177e4
LT		 2680static inline void hci_clock_offset_evt(struct hci_dev *hdev, struct sk_buff *skb)
2681{
a9de9248 2682 struct hci_ev_clock_offset *ev = (void *) skb->data;
04837f64 2683 struct hci_conn *conn;
1da177e4
LT		 2684
2685 BT_DBG("%s status %d", hdev->name, ev->status);
2686
2687 hci_dev_lock(hdev);
2688
04837f64 2689 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1da177e4
LT		 2690 if (conn && !ev->status) {
2691 struct inquiry_entry *ie;
2692
cc11b9c1
AE		 2693 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
2694 if (ie) {
1da177e4
LT		 2695 ie->data.clock_offset = ev->clock_offset;
2696 ie->timestamp = jiffies;
2697 }
2698 }
2699
2700 hci_dev_unlock(hdev);
2701}
2702
a8746417
MH		 2703static inline void hci_pkt_type_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2704{
2705 struct hci_ev_pkt_type_change *ev = (void *) skb->data;
2706 struct hci_conn *conn;
2707
2708 BT_DBG("%s status %d", hdev->name, ev->status);
2709
2710 hci_dev_lock(hdev);
2711
2712 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2713 if (conn && !ev->status)
2714 conn->pkt_type = __le16_to_cpu(ev->pkt_type);
2715
2716 hci_dev_unlock(hdev);
2717}
2718
85a1e930
MH		 2719static inline void hci_pscan_rep_mode_evt(struct hci_dev *hdev, struct sk_buff *skb)
2720{
a9de9248 2721 struct hci_ev_pscan_rep_mode *ev = (void *) skb->data;
85a1e930
MH		 2722 struct inquiry_entry *ie;
2723
2724 BT_DBG("%s", hdev->name);
2725
2726 hci_dev_lock(hdev);
2727
cc11b9c1
AE		 2728 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
2729 if (ie) {
85a1e930
MH		 2730 ie->data.pscan_rep_mode = ev->pscan_rep_mode;
2731 ie->timestamp = jiffies;
2732 }
2733
2734 hci_dev_unlock(hdev);
2735}
2736
a9de9248
MH		 2737static inline void hci_inquiry_result_with_rssi_evt(struct hci_dev *hdev, struct sk_buff *skb)
2738{
2739 struct inquiry_data data;
2740 int num_rsp = *((__u8 *) skb->data);
3175405b 2741 bool name_known;
a9de9248
MH		 2742
2743 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
2744
2745 if (!num_rsp)
2746 return;
2747
2748 hci_dev_lock(hdev);
2749
2750 if ((skb->len - 1) / num_rsp != sizeof(struct inquiry_info_with_rssi)) {
138d22ef
SJ		 2751 struct inquiry_info_with_rssi_and_pscan_mode *info;
2752 info = (void *) (skb->data + 1);
a9de9248 2753
e17acd40 2754 for (; num_rsp; num_rsp--, info++) {
a9de9248
MH		 2755 bacpy(&data.bdaddr, &info->bdaddr);
2756 data.pscan_rep_mode = info->pscan_rep_mode;
2757 data.pscan_period_mode = info->pscan_period_mode;
2758 data.pscan_mode = info->pscan_mode;
2759 memcpy(data.dev_class, info->dev_class, 3);
2760 data.clock_offset = info->clock_offset;
2761 data.rssi = info->rssi;
41a96212 2762 data.ssp_mode = 0x00;
3175405b
JH		 2763
2764 name_known = hci_inquiry_cache_update(hdev, &data,
2765 false);
48264f06 2766 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
e17acd40 2767 info->dev_class, info->rssi,
7d262f86 2768 !name_known, NULL, 0);
a9de9248
MH		 2769 }
2770 } else {
2771 struct inquiry_info_with_rssi *info = (void *) (skb->data + 1);
2772
e17acd40 2773 for (; num_rsp; num_rsp--, info++) {
a9de9248
MH		 2774 bacpy(&data.bdaddr, &info->bdaddr);
2775 data.pscan_rep_mode = info->pscan_rep_mode;
2776 data.pscan_period_mode = info->pscan_period_mode;
2777 data.pscan_mode = 0x00;
2778 memcpy(data.dev_class, info->dev_class, 3);
2779 data.clock_offset = info->clock_offset;
2780 data.rssi = info->rssi;
41a96212 2781 data.ssp_mode = 0x00;
3175405b
JH		 2782 name_known = hci_inquiry_cache_update(hdev, &data,
2783 false);
48264f06 2784 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
e17acd40 2785 info->dev_class, info->rssi,
7d262f86 2786 !name_known, NULL, 0);
a9de9248
MH		 2787 }
2788 }
2789
2790 hci_dev_unlock(hdev);
2791}
2792
2793static inline void hci_remote_ext_features_evt(struct hci_dev *hdev, struct sk_buff *skb)
2794{
41a96212
MH		 2795 struct hci_ev_remote_ext_features *ev = (void *) skb->data;
2796 struct hci_conn *conn;
2797
a9de9248 2798 BT_DBG("%s", hdev->name);
41a96212 2799
41a96212
MH		 2800 hci_dev_lock(hdev);
2801
2802 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
ccd556fe
JH		 2803 if (!conn)
2804 goto unlock;
41a96212 2805
ccd556fe
JH		 2806 if (!ev->status && ev->page == 0x01) {
2807 struct inquiry_entry *ie;
41a96212 2808
cc11b9c1
AE		 2809 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
2810 if (ie)
ccd556fe 2811 ie->data.ssp_mode = (ev->features[0] & 0x01);
769be974 2812
58a681ef
JH		 2813 if (ev->features[0] & 0x01)
2814 set_bit(HCI_CONN_SSP_ENABLED, &conn->flags);
ccd556fe
JH		 2815 }
2816
2817 if (conn->state != BT_CONFIG)
2818 goto unlock;
2819
127178d2
JH		 2820 if (!ev->status) {
2821 struct hci_cp_remote_name_req cp;
2822 memset(&cp, 0, sizeof(cp));
2823 bacpy(&cp.bdaddr, &conn->dst);
2824 cp.pscan_rep_mode = 0x02;
2825 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
b644ba33
JH		 2826 } else if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
2827 mgmt_device_connected(hdev, &conn->dst, conn->type,
2828 conn->dst_type, NULL, 0,
2829 conn->dev_class);
392599b9 2830
127178d2 2831 if (!hci_outgoing_auth_needed(hdev, conn)) {
ccd556fe
JH		 2832 conn->state = BT_CONNECTED;
2833 hci_proto_connect_cfm(conn, ev->status);
2834 hci_conn_put(conn);
41a96212
MH		 2835 }
2836
ccd556fe 2837unlock:
41a96212 2838 hci_dev_unlock(hdev);
a9de9248
MH		 2839}
2840
2841static inline void hci_sync_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2842{
b6a0dc82
MH		 2843 struct hci_ev_sync_conn_complete *ev = (void *) skb->data;
2844 struct hci_conn *conn;
2845
2846 BT_DBG("%s status %d", hdev->name, ev->status);
2847
2848 hci_dev_lock(hdev);
2849
2850 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
9dc0a3af
MH		 2851 if (!conn) {
2852 if (ev->link_type == ESCO_LINK)
2853 goto unlock;
2854
2855 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
2856 if (!conn)
2857 goto unlock;
2858
2859 conn->type = SCO_LINK;
2860 }
b6a0dc82 2861
732547f9
MH		 2862 switch (ev->status) {
2863 case 0x00:
b6a0dc82
MH		 2864 conn->handle = __le16_to_cpu(ev->handle);
2865 conn->state = BT_CONNECTED;
7d0db0a3 2866
9eba32b8 2867 hci_conn_hold_device(conn);
7d0db0a3 2868 hci_conn_add_sysfs(conn);
732547f9
MH		 2869 break;
2870
705e5711 2871 case 0x11: /* Unsupported Feature or Parameter Value */
732547f9 2872 case 0x1c: /* SCO interval rejected */
1038a00b 2873 case 0x1a: /* Unsupported Remote Feature */
732547f9
MH		 2874 case 0x1f: /* Unspecified error */
2875 if (conn->out && conn->attempt < 2) {
2876 conn->pkt_type = (hdev->esco_type & SCO_ESCO_MASK) |
2877 (hdev->esco_type & EDR_ESCO_MASK);
2878 hci_setup_sync(conn, conn->link->handle);
2879 goto unlock;
2880 }
2881 /* fall through */
2882
2883 default:
b6a0dc82 2884 conn->state = BT_CLOSED;
732547f9
MH		 2885 break;
2886 }
b6a0dc82
MH		 2887
2888 hci_proto_connect_cfm(conn, ev->status);
2889 if (ev->status)
2890 hci_conn_del(conn);
2891
2892unlock:
2893 hci_dev_unlock(hdev);
a9de9248
MH		 2894}
2895
2896static inline void hci_sync_conn_changed_evt(struct hci_dev *hdev, struct sk_buff *skb)
2897{
2898 BT_DBG("%s", hdev->name);
2899}
2900
04837f64
MH		 2901static inline void hci_sniff_subrate_evt(struct hci_dev *hdev, struct sk_buff *skb)
2902{
a9de9248 2903 struct hci_ev_sniff_subrate *ev = (void *) skb->data;
04837f64
MH		 2904
2905 BT_DBG("%s status %d", hdev->name, ev->status);
04837f64
MH		 2906}
2907
a9de9248 2908static inline void hci_extended_inquiry_result_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 2909{
a9de9248
MH		 2910 struct inquiry_data data;
2911 struct extended_inquiry_info *info = (void *) (skb->data + 1);
2912 int num_rsp = *((__u8 *) skb->data);
1da177e4 2913
a9de9248 2914 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
1da177e4 2915
a9de9248
MH		 2916 if (!num_rsp)
2917 return;
1da177e4 2918
a9de9248
MH		 2919 hci_dev_lock(hdev);
2920
e17acd40 2921 for (; num_rsp; num_rsp--, info++) {
561aafbc
JH		 2922 bool name_known;
2923
a9de9248 2924 bacpy(&data.bdaddr, &info->bdaddr);
138d22ef
SJ		 2925 data.pscan_rep_mode = info->pscan_rep_mode;
2926 data.pscan_period_mode = info->pscan_period_mode;
2927 data.pscan_mode = 0x00;
a9de9248 2928 memcpy(data.dev_class, info->dev_class, 3);
138d22ef
SJ		 2929 data.clock_offset = info->clock_offset;
2930 data.rssi = info->rssi;
41a96212 2931 data.ssp_mode = 0x01;
561aafbc 2932
a8b2d5c2 2933 if (test_bit(HCI_MGMT, &hdev->dev_flags))
4ddb1930
JH		 2934 name_known = eir_has_data_type(info->data,
2935 sizeof(info->data),
2936 EIR_NAME_COMPLETE);
561aafbc
JH		 2937 else
2938 name_known = true;
2939
3175405b 2940 name_known = hci_inquiry_cache_update(hdev, &data, name_known);
48264f06 2941 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
561aafbc 2942 info->dev_class, info->rssi,
7d262f86
AG		 2943 !name_known, info->data,
2944 sizeof(info->data));
a9de9248
MH		 2945 }
2946
2947 hci_dev_unlock(hdev);
2948}
1da177e4 2949
17fa4b9d
JH		 2950static inline u8 hci_get_auth_req(struct hci_conn *conn)
2951{
2952 /* If remote requests dedicated bonding follow that lead */
2953 if (conn->remote_auth == 0x02 || conn->remote_auth == 0x03) {
2954 /* If both remote and local IO capabilities allow MITM
2955 * protection then require it, otherwise don't */
2956 if (conn->remote_cap == 0x03 || conn->io_capability == 0x03)
2957 return 0x02;
2958 else
2959 return 0x03;
2960 }
2961
2962 /* If remote requests no-bonding follow that lead */
2963 if (conn->remote_auth == 0x00 || conn->remote_auth == 0x01)
58797bf7 2964 return conn->remote_auth | (conn->auth_type & 0x01);
17fa4b9d
JH		 2965
2966 return conn->auth_type;
2967}
2968
0493684e
MH		 2969static inline void hci_io_capa_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
2970{
2971 struct hci_ev_io_capa_request *ev = (void *) skb->data;
2972 struct hci_conn *conn;
2973
2974 BT_DBG("%s", hdev->name);
2975
2976 hci_dev_lock(hdev);
2977
2978 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
03b555e1
JH		 2979 if (!conn)
2980 goto unlock;
2981
2982 hci_conn_hold(conn);
2983
a8b2d5c2 2984 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
03b555e1
JH		 2985 goto unlock;
2986
a8b2d5c2 2987 if (test_bit(HCI_PAIRABLE, &hdev->dev_flags) ||
03b555e1 2988 (conn->remote_auth & ~0x01) == HCI_AT_NO_BONDING) {
17fa4b9d
JH		 2989 struct hci_cp_io_capability_reply cp;
2990
2991 bacpy(&cp.bdaddr, &ev->bdaddr);
7a7f1e7c
HG		 2992 /* Change the IO capability from KeyboardDisplay
2993 * to DisplayYesNo as it is not supported by BT spec. */
2994 cp.capability = (conn->io_capability == 0x04) ?
2995 0x01 : conn->io_capability;
7cbc9bd9
JH		 2996 conn->auth_type = hci_get_auth_req(conn);
2997 cp.authentication = conn->auth_type;
17fa4b9d 2998
58a681ef 2999 if ((conn->out || test_bit(HCI_CONN_REMOTE_OOB, &conn->flags)) &&
ce85ee13
SJ		 3000 hci_find_remote_oob_data(hdev, &conn->dst))
3001 cp.oob_data = 0x01;
3002 else
3003 cp.oob_data = 0x00;
3004
17fa4b9d
JH		 3005 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_REPLY,
3006 sizeof(cp), &cp);
03b555e1
JH		 3007 } else {
3008 struct hci_cp_io_capability_neg_reply cp;
3009
3010 bacpy(&cp.bdaddr, &ev->bdaddr);
9f5a0d7b 3011 cp.reason = HCI_ERROR_PAIRING_NOT_ALLOWED;
0493684e 3012
03b555e1
JH		 3013 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_NEG_REPLY,
3014 sizeof(cp), &cp);
3015 }
3016
3017unlock:
3018 hci_dev_unlock(hdev);
3019}
3020
3021static inline void hci_io_capa_reply_evt(struct hci_dev *hdev, struct sk_buff *skb)
3022{
3023 struct hci_ev_io_capa_reply *ev = (void *) skb->data;
3024 struct hci_conn *conn;
3025
3026 BT_DBG("%s", hdev->name);
3027
3028 hci_dev_lock(hdev);
3029
3030 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3031 if (!conn)
3032 goto unlock;
3033
03b555e1 3034 conn->remote_cap = ev->capability;
03b555e1 3035 conn->remote_auth = ev->authentication;
58a681ef
JH		 3036 if (ev->oob_data)
3037 set_bit(HCI_CONN_REMOTE_OOB, &conn->flags);
03b555e1
JH		 3038
3039unlock:
0493684e
MH		 3040 hci_dev_unlock(hdev);
3041}
3042
a5c29683
JH		 3043static inline void hci_user_confirm_request_evt(struct hci_dev *hdev,
3044 struct sk_buff *skb)
3045{
3046 struct hci_ev_user_confirm_req *ev = (void *) skb->data;
55bc1a37 3047 int loc_mitm, rem_mitm, confirm_hint = 0;
7a828908 3048 struct hci_conn *conn;
a5c29683
JH		 3049
3050 BT_DBG("%s", hdev->name);
3051
3052 hci_dev_lock(hdev);
3053
a8b2d5c2 3054 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
7a828908 3055 goto unlock;
a5c29683 3056
7a828908
JH		 3057 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3058 if (!conn)
3059 goto unlock;
3060
3061 loc_mitm = (conn->auth_type & 0x01);
3062 rem_mitm = (conn->remote_auth & 0x01);
3063
3064 /* If we require MITM but the remote device can't provide that
3065 * (it has NoInputNoOutput) then reject the confirmation
3066 * request. The only exception is when we're dedicated bonding
3067 * initiators (connect_cfm_cb set) since then we always have the MITM
3068 * bit set. */
3069 if (!conn->connect_cfm_cb && loc_mitm && conn->remote_cap == 0x03) {
3070 BT_DBG("Rejecting request: remote device can't provide MITM");
3071 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_NEG_REPLY,
3072 sizeof(ev->bdaddr), &ev->bdaddr);
3073 goto unlock;
3074 }
3075
3076 /* If no side requires MITM protection; auto-accept */
3077 if ((!loc_mitm || conn->remote_cap == 0x03) &&
3078 (!rem_mitm || conn->io_capability == 0x03)) {
55bc1a37
JH		 3079
3080 /* If we're not the initiators request authorization to
3081 * proceed from user space (mgmt_user_confirm with
3082 * confirm_hint set to 1). */
51a8efd7 3083 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
55bc1a37
JH		 3084 BT_DBG("Confirming auto-accept as acceptor");
3085 confirm_hint = 1;
3086 goto confirm;
3087 }
3088
9f61656a
JH		 3089 BT_DBG("Auto-accept of user confirmation with %ums delay",
3090 hdev->auto_accept_delay);
3091
3092 if (hdev->auto_accept_delay > 0) {
3093 int delay = msecs_to_jiffies(hdev->auto_accept_delay);
3094 mod_timer(&conn->auto_accept_timer, jiffies + delay);
3095 goto unlock;
3096 }
3097
7a828908
JH		 3098 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_REPLY,
3099 sizeof(ev->bdaddr), &ev->bdaddr);
3100 goto unlock;
3101 }
3102
55bc1a37 3103confirm:
744cf19e 3104 mgmt_user_confirm_request(hdev, &ev->bdaddr, ev->passkey,
55bc1a37 3105 confirm_hint);
7a828908
JH		 3106
3107unlock:
a5c29683
JH		 3108 hci_dev_unlock(hdev);
3109}
3110
1143d458
BG		 3111static inline void hci_user_passkey_request_evt(struct hci_dev *hdev,
3112 struct sk_buff *skb)
3113{
3114 struct hci_ev_user_passkey_req *ev = (void *) skb->data;
3115
3116 BT_DBG("%s", hdev->name);
3117
3118 hci_dev_lock(hdev);
3119
a8b2d5c2 3120 if (test_bit(HCI_MGMT, &hdev->dev_flags))
1143d458
BG		 3121 mgmt_user_passkey_request(hdev, &ev->bdaddr);
3122
3123 hci_dev_unlock(hdev);
3124}
3125
0493684e
MH		 3126static inline void hci_simple_pair_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
3127{
3128 struct hci_ev_simple_pair_complete *ev = (void *) skb->data;
3129 struct hci_conn *conn;
3130
3131 BT_DBG("%s", hdev->name);
3132
3133 hci_dev_lock(hdev);
3134
3135 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2a611692
JH		 3136 if (!conn)
3137 goto unlock;
3138
3139 /* To avoid duplicate auth_failed events to user space we check
3140 * the HCI_CONN_AUTH_PEND flag which will be set if we
3141 * initiated the authentication. A traditional auth_complete
3142 * event gets always produced as initiator and is also mapped to
3143 * the mgmt_auth_failed event */
51a8efd7 3144 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->flags) && ev->status != 0)
744cf19e 3145 mgmt_auth_failed(hdev, &conn->dst, ev->status);
0493684e 3146
2a611692
JH		 3147 hci_conn_put(conn);
3148
3149unlock:
0493684e
MH		 3150 hci_dev_unlock(hdev);
3151}
3152
41a96212
MH		 3153static inline void hci_remote_host_features_evt(struct hci_dev *hdev, struct sk_buff *skb)
3154{
3155 struct hci_ev_remote_host_features *ev = (void *) skb->data;
3156 struct inquiry_entry *ie;
3157
3158 BT_DBG("%s", hdev->name);
3159
3160 hci_dev_lock(hdev);
3161
cc11b9c1
AE		 3162 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
3163 if (ie)
41a96212
MH		 3164 ie->data.ssp_mode = (ev->features[0] & 0x01);
3165
3166 hci_dev_unlock(hdev);
3167}
3168
2763eda6
SJ		 3169static inline void hci_remote_oob_data_request_evt(struct hci_dev *hdev,
3170 struct sk_buff *skb)
3171{
3172 struct hci_ev_remote_oob_data_request *ev = (void *) skb->data;
3173 struct oob_data *data;
3174
3175 BT_DBG("%s", hdev->name);
3176
3177 hci_dev_lock(hdev);
3178
a8b2d5c2 3179 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
e1ba1f15
SJ		 3180 goto unlock;
3181
2763eda6
SJ		 3182 data = hci_find_remote_oob_data(hdev, &ev->bdaddr);
3183 if (data) {
3184 struct hci_cp_remote_oob_data_reply cp;
3185
3186 bacpy(&cp.bdaddr, &ev->bdaddr);
3187 memcpy(cp.hash, data->hash, sizeof(cp.hash));
3188 memcpy(cp.randomizer, data->randomizer, sizeof(cp.randomizer));
3189
3190 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_REPLY, sizeof(cp),
3191 &cp);
3192 } else {
3193 struct hci_cp_remote_oob_data_neg_reply cp;
3194
3195 bacpy(&cp.bdaddr, &ev->bdaddr);
3196 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_NEG_REPLY, sizeof(cp),
3197 &cp);
3198 }
3199
e1ba1f15 3200unlock:
2763eda6
SJ		 3201 hci_dev_unlock(hdev);
3202}
3203
fcd89c09
VT		 3204static inline void hci_le_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
3205{
3206 struct hci_ev_le_conn_complete *ev = (void *) skb->data;
3207 struct hci_conn *conn;
3208
3209 BT_DBG("%s status %d", hdev->name, ev->status);
3210
3211 hci_dev_lock(hdev);
3212
3213 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &ev->bdaddr);
b62f328b
VT		 3214 if (!conn) {
3215 conn = hci_conn_add(hdev, LE_LINK, &ev->bdaddr);
3216 if (!conn) {
3217 BT_ERR("No memory for new connection");
3218 hci_dev_unlock(hdev);
3219 return;
3220 }
29b7988a
AG		 3221
3222 conn->dst_type = ev->bdaddr_type;
b62f328b 3223 }
fcd89c09
VT		 3224
3225 if (ev->status) {
48264f06
JH		 3226 mgmt_connect_failed(hdev, &ev->bdaddr, conn->type,
3227 conn->dst_type, ev->status);
fcd89c09
VT		 3228 hci_proto_connect_cfm(conn, ev->status);
3229 conn->state = BT_CLOSED;
3230 hci_conn_del(conn);
3231 goto unlock;
3232 }
3233
b644ba33
JH		 3234 if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
3235 mgmt_device_connected(hdev, &ev->bdaddr, conn->type,
3236 conn->dst_type, NULL, 0, 0);
83bc71b4 3237
7b5c0d52 3238 conn->sec_level = BT_SECURITY_LOW;
fcd89c09
VT		 3239 conn->handle = __le16_to_cpu(ev->handle);
3240 conn->state = BT_CONNECTED;
3241
3242 hci_conn_hold_device(conn);
3243 hci_conn_add_sysfs(conn);
3244
3245 hci_proto_connect_cfm(conn, ev->status);
3246
3247unlock:
3248 hci_dev_unlock(hdev);
3249}
3250
9aa04c91
AG		 3251static inline void hci_le_adv_report_evt(struct hci_dev *hdev,
3252 struct sk_buff *skb)
3253{
e95beb41
AG		 3254 u8 num_reports = skb->data[0];
3255 void *ptr = &skb->data[1];
3c9e9195 3256 s8 rssi;
9aa04c91
AG		 3257
3258 hci_dev_lock(hdev);
3259
e95beb41
AG		 3260 while (num_reports--) {
3261 struct hci_ev_le_advertising_info *ev = ptr;
9aa04c91 3262
9aa04c91 3263 hci_add_adv_entry(hdev, ev);
e95beb41 3264
3c9e9195
AG		 3265 rssi = ev->data[ev->length];
3266 mgmt_device_found(hdev, &ev->bdaddr, LE_LINK, ev->bdaddr_type,
3267 NULL, rssi, 0, ev->data, ev->length);
3268
e95beb41 3269 ptr += sizeof(*ev) + ev->length + 1;
9aa04c91
AG		 3270 }
3271
3272 hci_dev_unlock(hdev);
3273}
3274
a7a595f6
VCG		 3275static inline void hci_le_ltk_request_evt(struct hci_dev *hdev,
3276 struct sk_buff *skb)
3277{
3278 struct hci_ev_le_ltk_req *ev = (void *) skb->data;
3279 struct hci_cp_le_ltk_reply cp;
bea710fe 3280 struct hci_cp_le_ltk_neg_reply neg;
a7a595f6 3281 struct hci_conn *conn;
c9839a11 3282 struct smp_ltk *ltk;
a7a595f6
VCG		 3283
3284 BT_DBG("%s handle %d", hdev->name, cpu_to_le16(ev->handle));
3285
3286 hci_dev_lock(hdev);
3287
3288 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
bea710fe
VCG		 3289 if (conn == NULL)
3290 goto not_found;
a7a595f6 3291
bea710fe
VCG		 3292 ltk = hci_find_ltk(hdev, ev->ediv, ev->random);
3293 if (ltk == NULL)
3294 goto not_found;
3295
3296 memcpy(cp.ltk, ltk->val, sizeof(ltk->val));
a7a595f6 3297 cp.handle = cpu_to_le16(conn->handle);
c9839a11
VCG		 3298
3299 if (ltk->authenticated)
3300 conn->sec_level = BT_SECURITY_HIGH;
a7a595f6
VCG		 3301
3302 hci_send_cmd(hdev, HCI_OP_LE_LTK_REPLY, sizeof(cp), &cp);
3303
c9839a11
VCG		 3304 if (ltk->type & HCI_SMP_STK) {
3305 list_del(&ltk->list);
3306 kfree(ltk);
3307 }
3308
a7a595f6 3309 hci_dev_unlock(hdev);
bea710fe
VCG		 3310
3311 return;
3312
3313not_found:
3314 neg.handle = ev->handle;
3315 hci_send_cmd(hdev, HCI_OP_LE_LTK_NEG_REPLY, sizeof(neg), &neg);
3316 hci_dev_unlock(hdev);
a7a595f6
VCG		 3317}
3318
fcd89c09
VT		 3319static inline void hci_le_meta_evt(struct hci_dev *hdev, struct sk_buff *skb)
3320{
3321 struct hci_ev_le_meta *le_ev = (void *) skb->data;
3322
3323 skb_pull(skb, sizeof(*le_ev));
3324
3325 switch (le_ev->subevent) {
3326 case HCI_EV_LE_CONN_COMPLETE:
3327 hci_le_conn_complete_evt(hdev, skb);
3328 break;
3329
9aa04c91
AG		 3330 case HCI_EV_LE_ADVERTISING_REPORT:
3331 hci_le_adv_report_evt(hdev, skb);
3332 break;
3333
a7a595f6
VCG		 3334 case HCI_EV_LE_LTK_REQ:
3335 hci_le_ltk_request_evt(hdev, skb);
3336 break;
3337
fcd89c09
VT		 3338 default:
3339 break;
3340 }
3341}
3342
a9de9248
MH		 3343void hci_event_packet(struct hci_dev *hdev, struct sk_buff *skb)
3344{
3345 struct hci_event_hdr *hdr = (void *) skb->data;
3346 __u8 event = hdr->evt;
3347
3348 skb_pull(skb, HCI_EVENT_HDR_SIZE);
3349
3350 switch (event) {
1da177e4
LT		 3351 case HCI_EV_INQUIRY_COMPLETE:
3352 hci_inquiry_complete_evt(hdev, skb);
3353 break;
3354
3355 case HCI_EV_INQUIRY_RESULT:
3356 hci_inquiry_result_evt(hdev, skb);
3357 break;
3358
a9de9248
MH		 3359 case HCI_EV_CONN_COMPLETE:
3360 hci_conn_complete_evt(hdev, skb);
21d9e30e
MH		 3361 break;
3362
1da177e4
LT		 3363 case HCI_EV_CONN_REQUEST:
3364 hci_conn_request_evt(hdev, skb);
3365 break;
3366
1da177e4
LT		 3367 case HCI_EV_DISCONN_COMPLETE:
3368 hci_disconn_complete_evt(hdev, skb);
3369 break;
3370
1da177e4
LT		 3371 case HCI_EV_AUTH_COMPLETE:
3372 hci_auth_complete_evt(hdev, skb);
3373 break;
3374
a9de9248
MH		 3375 case HCI_EV_REMOTE_NAME:
3376 hci_remote_name_evt(hdev, skb);
3377 break;
3378
1da177e4
LT		 3379 case HCI_EV_ENCRYPT_CHANGE:
3380 hci_encrypt_change_evt(hdev, skb);
3381 break;
3382
a9de9248
MH		 3383 case HCI_EV_CHANGE_LINK_KEY_COMPLETE:
3384 hci_change_link_key_complete_evt(hdev, skb);
3385 break;
3386
3387 case HCI_EV_REMOTE_FEATURES:
3388 hci_remote_features_evt(hdev, skb);
3389 break;
3390
3391 case HCI_EV_REMOTE_VERSION:
3392 hci_remote_version_evt(hdev, skb);
3393 break;
3394
3395 case HCI_EV_QOS_SETUP_COMPLETE:
3396 hci_qos_setup_complete_evt(hdev, skb);
3397 break;
3398
3399 case HCI_EV_CMD_COMPLETE:
3400 hci_cmd_complete_evt(hdev, skb);
3401 break;
3402
3403 case HCI_EV_CMD_STATUS:
3404 hci_cmd_status_evt(hdev, skb);
3405 break;
3406
3407 case HCI_EV_ROLE_CHANGE:
3408 hci_role_change_evt(hdev, skb);
3409 break;
3410
3411 case HCI_EV_NUM_COMP_PKTS:
3412 hci_num_comp_pkts_evt(hdev, skb);
3413 break;
3414
3415 case HCI_EV_MODE_CHANGE:
3416 hci_mode_change_evt(hdev, skb);
1da177e4
LT		 3417 break;
3418
3419 case HCI_EV_PIN_CODE_REQ:
3420 hci_pin_code_request_evt(hdev, skb);
3421 break;
3422
3423 case HCI_EV_LINK_KEY_REQ:
3424 hci_link_key_request_evt(hdev, skb);
3425 break;
3426
3427 case HCI_EV_LINK_KEY_NOTIFY:
3428 hci_link_key_notify_evt(hdev, skb);
3429 break;
3430
3431 case HCI_EV_CLOCK_OFFSET:
3432 hci_clock_offset_evt(hdev, skb);
3433 break;
3434
a8746417
MH		 3435 case HCI_EV_PKT_TYPE_CHANGE:
3436 hci_pkt_type_change_evt(hdev, skb);
3437 break;
3438
85a1e930
MH		 3439 case HCI_EV_PSCAN_REP_MODE:
3440 hci_pscan_rep_mode_evt(hdev, skb);
3441 break;
3442
a9de9248
MH		 3443 case HCI_EV_INQUIRY_RESULT_WITH_RSSI:
3444 hci_inquiry_result_with_rssi_evt(hdev, skb);
04837f64
MH		 3445 break;
3446
a9de9248
MH		 3447 case HCI_EV_REMOTE_EXT_FEATURES:
3448 hci_remote_ext_features_evt(hdev, skb);
1da177e4
LT		 3449 break;
3450
a9de9248
MH		 3451 case HCI_EV_SYNC_CONN_COMPLETE:
3452 hci_sync_conn_complete_evt(hdev, skb);
3453 break;
1da177e4 3454
a9de9248
MH		 3455 case HCI_EV_SYNC_CONN_CHANGED:
3456 hci_sync_conn_changed_evt(hdev, skb);
3457 break;
1da177e4 3458
a9de9248
MH		 3459 case HCI_EV_SNIFF_SUBRATE:
3460 hci_sniff_subrate_evt(hdev, skb);
3461 break;
1da177e4 3462
a9de9248
MH		 3463 case HCI_EV_EXTENDED_INQUIRY_RESULT:
3464 hci_extended_inquiry_result_evt(hdev, skb);
3465 break;
1da177e4 3466
0493684e
MH		 3467 case HCI_EV_IO_CAPA_REQUEST:
3468 hci_io_capa_request_evt(hdev, skb);
3469 break;
3470
03b555e1
JH		 3471 case HCI_EV_IO_CAPA_REPLY:
3472 hci_io_capa_reply_evt(hdev, skb);
3473 break;
3474
a5c29683
JH		 3475 case HCI_EV_USER_CONFIRM_REQUEST:
3476 hci_user_confirm_request_evt(hdev, skb);
3477 break;
3478
1143d458
BG		 3479 case HCI_EV_USER_PASSKEY_REQUEST:
3480 hci_user_passkey_request_evt(hdev, skb);
3481 break;
3482
0493684e
MH		 3483 case HCI_EV_SIMPLE_PAIR_COMPLETE:
3484 hci_simple_pair_complete_evt(hdev, skb);
3485 break;
3486
41a96212
MH		 3487 case HCI_EV_REMOTE_HOST_FEATURES:
3488 hci_remote_host_features_evt(hdev, skb);
3489 break;
3490
fcd89c09
VT		 3491 case HCI_EV_LE_META:
3492 hci_le_meta_evt(hdev, skb);
3493 break;
3494
2763eda6
SJ		 3495 case HCI_EV_REMOTE_OOB_DATA_REQUEST:
3496 hci_remote_oob_data_request_evt(hdev, skb);
3497 break;
3498
25e89e99
AE		 3499 case HCI_EV_NUM_COMP_BLOCKS:
3500 hci_num_comp_blocks_evt(hdev, skb);
3501 break;
3502
a9de9248
MH		 3503 default:
3504 BT_DBG("%s event 0x%x", hdev->name, event);
1da177e4
LT		 3505 break;
3506 }
3507
3508 kfree_skb(skb);
3509 hdev->stat.evt_rx++;
3510}
3511
3512/* Generate internal stack event */
3513void hci_si_event(struct hci_dev *hdev, int type, int dlen, void *data)
3514{
3515 struct hci_event_hdr *hdr;
3516 struct hci_ev_stack_internal *ev;
3517 struct sk_buff *skb;
3518
3519 skb = bt_skb_alloc(HCI_EVENT_HDR_SIZE + sizeof(*ev) + dlen, GFP_ATOMIC);
3520 if (!skb)
3521 return;
3522
3523 hdr = (void *) skb_put(skb, HCI_EVENT_HDR_SIZE);
3524 hdr->evt = HCI_EV_STACK_INTERNAL;
3525 hdr->plen = sizeof(*ev) + dlen;
3526
3527 ev = (void *) skb_put(skb, sizeof(*ev) + dlen);
3528 ev->type = type;
3529 memcpy(ev->data, data, dlen);
3530
576c7d85 3531 bt_cb(skb)->incoming = 1;
a61bbcf2 3532 __net_timestamp(skb);
576c7d85 3533
0d48d939 3534 bt_cb(skb)->pkt_type = HCI_EVENT_PKT;
1da177e4 3535 skb->dev = (void *) hdev;
eec8d2bc 3536 hci_send_to_sock(hdev, skb, NULL);
1da177e4
LT		 3537 kfree_skb(skb);
3538}
e6100a25 3539
669bb396 3540module_param(enable_le, bool, 0644);
e6100a25 3541MODULE_PARM_DESC(enable_le, "Enable LE support");
kernel source for telekom puls (alcatel/mediatek)