projects / GitHub / mt8127 / android_kernel_alcatel_ttab.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Bluetooth: Remove redundant hdev->parent field
[GitHub/mt8127/android_kernel_alcatel_ttab.git] / net / bluetooth / hci_event.c
CommitLineData
8e87d142 1/*
1da177e4 2 BlueZ - Bluetooth protocol stack for Linux
2d0a0346 3 Copyright (c) 2000-2001, 2010, Code Aurora Forum. All rights reserved.
1da177e4
LT		 4
5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
8e87d142
YH		 15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
1da177e4
LT		 18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
8e87d142
YH		 20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
1da177e4
LT		 22 SOFTWARE IS DISCLAIMED.
23*/
24
25/* Bluetooth HCI event handling. */
26
1da177e4
LT		 27#include <linux/module.h>
28
29#include <linux/types.h>
30#include <linux/errno.h>
31#include <linux/kernel.h>
1da177e4
LT		 32#include <linux/slab.h>
33#include <linux/poll.h>
34#include <linux/fcntl.h>
35#include <linux/init.h>
36#include <linux/skbuff.h>
37#include <linux/interrupt.h>
1da177e4
LT		 38#include <net/sock.h>
39
70f23020 40#include <linux/uaccess.h>
1da177e4
LT		 41#include <asm/unaligned.h>
42
43#include <net/bluetooth/bluetooth.h>
44#include <net/bluetooth/hci_core.h>
45
1da177e4
LT		 46/* Handle HCI Event packets */
47
a9de9248 48static void hci_cc_inquiry_cancel(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 49{
a9de9248 50 __u8 status = *((__u8 *) skb->data);
1da177e4 51
a9de9248 52 BT_DBG("%s status 0x%x", hdev->name, status);
1da177e4 53
e6d465cb
AG		 54 if (status) {
55 hci_dev_lock(hdev);
56 mgmt_stop_discovery_failed(hdev, status);
57 hci_dev_unlock(hdev);
a9de9248 58 return;
e6d465cb 59 }
1da177e4 60
89352e7d
AG		 61 clear_bit(HCI_INQUIRY, &hdev->flags);
62
56e5cb86 63 hci_dev_lock(hdev);
ff9ef578 64 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
56e5cb86 65 hci_dev_unlock(hdev);
6bd57416 66
23bb5763 67 hci_req_complete(hdev, HCI_OP_INQUIRY_CANCEL, status);
a9de9248
MH		 68
69 hci_conn_check_pending(hdev);
70}
6bd57416 71
a9de9248
MH		 72static void hci_cc_exit_periodic_inq(struct hci_dev *hdev, struct sk_buff *skb)
73{
74 __u8 status = *((__u8 *) skb->data);
6bd57416 75
a9de9248 76 BT_DBG("%s status 0x%x", hdev->name, status);
6bd57416 77
a9de9248
MH		 78 if (status)
79 return;
1da177e4 80
a9de9248
MH		 81 hci_conn_check_pending(hdev);
82}
83
84static void hci_cc_remote_name_req_cancel(struct hci_dev *hdev, struct sk_buff *skb)
85{
86 BT_DBG("%s", hdev->name);
87}
88
89static void hci_cc_role_discovery(struct hci_dev *hdev, struct sk_buff *skb)
90{
91 struct hci_rp_role_discovery *rp = (void *) skb->data;
92 struct hci_conn *conn;
93
94 BT_DBG("%s status 0x%x", hdev->name, rp->status);
95
96 if (rp->status)
97 return;
98
99 hci_dev_lock(hdev);
100
101 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
102 if (conn) {
103 if (rp->role)
104 conn->link_mode &= ~HCI_LM_MASTER;
105 else
106 conn->link_mode |= HCI_LM_MASTER;
1da177e4 107 }
a9de9248
MH		 108
109 hci_dev_unlock(hdev);
1da177e4
LT		 110}
111
e4e8e37c
MH		 112static void hci_cc_read_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
113{
114 struct hci_rp_read_link_policy *rp = (void *) skb->data;
115 struct hci_conn *conn;
116
117 BT_DBG("%s status 0x%x", hdev->name, rp->status);
118
119 if (rp->status)
120 return;
121
122 hci_dev_lock(hdev);
123
124 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
125 if (conn)
126 conn->link_policy = __le16_to_cpu(rp->policy);
127
128 hci_dev_unlock(hdev);
129}
130
a9de9248 131static void hci_cc_write_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 132{
a9de9248 133 struct hci_rp_write_link_policy *rp = (void *) skb->data;
1da177e4 134 struct hci_conn *conn;
04837f64 135 void *sent;
1da177e4 136
a9de9248 137 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1da177e4 138
a9de9248
MH		 139 if (rp->status)
140 return;
1da177e4 141
a9de9248
MH		 142 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LINK_POLICY);
143 if (!sent)
144 return;
1da177e4 145
a9de9248 146 hci_dev_lock(hdev);
1da177e4 147
a9de9248 148 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
e4e8e37c 149 if (conn)
83985319 150 conn->link_policy = get_unaligned_le16(sent + 2);
1da177e4 151
a9de9248
MH		 152 hci_dev_unlock(hdev);
153}
1da177e4 154
e4e8e37c
MH		 155static void hci_cc_read_def_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
156{
157 struct hci_rp_read_def_link_policy *rp = (void *) skb->data;
158
159 BT_DBG("%s status 0x%x", hdev->name, rp->status);
160
161 if (rp->status)
162 return;
163
164 hdev->link_policy = __le16_to_cpu(rp->policy);
165}
166
167static void hci_cc_write_def_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
168{
169 __u8 status = *((__u8 *) skb->data);
170 void *sent;
171
172 BT_DBG("%s status 0x%x", hdev->name, status);
173
174 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_DEF_LINK_POLICY);
175 if (!sent)
176 return;
177
178 if (!status)
179 hdev->link_policy = get_unaligned_le16(sent);
180
23bb5763 181 hci_req_complete(hdev, HCI_OP_WRITE_DEF_LINK_POLICY, status);
e4e8e37c
MH		 182}
183
a9de9248
MH		 184static void hci_cc_reset(struct hci_dev *hdev, struct sk_buff *skb)
185{
186 __u8 status = *((__u8 *) skb->data);
04837f64 187
a9de9248 188 BT_DBG("%s status 0x%x", hdev->name, status);
04837f64 189
10572132
GP		 190 clear_bit(HCI_RESET, &hdev->flags);
191
23bb5763 192 hci_req_complete(hdev, HCI_OP_RESET, status);
d23264a8 193
a297e97c 194 /* Reset all non-persistent flags */
9f8ce967 195 hdev->dev_flags &= ~(BIT(HCI_LE_SCAN) | BIT(HCI_PENDING_CLASS));
69775ff6
AG		 196
197 hdev->discovery.state = DISCOVERY_STOPPED;
a9de9248 198}
04837f64 199
a9de9248
MH		 200static void hci_cc_write_local_name(struct hci_dev *hdev, struct sk_buff *skb)
201{
202 __u8 status = *((__u8 *) skb->data);
203 void *sent;
04837f64 204
a9de9248 205 BT_DBG("%s status 0x%x", hdev->name, status);
04837f64 206
a9de9248
MH		 207 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LOCAL_NAME);
208 if (!sent)
209 return;
04837f64 210
56e5cb86
JH		 211 hci_dev_lock(hdev);
212
f51d5b24
JH		 213 if (test_bit(HCI_MGMT, &hdev->dev_flags))
214 mgmt_set_local_name_complete(hdev, sent, status);
28cc7bde
JH		 215 else if (!status)
216 memcpy(hdev->dev_name, sent, HCI_MAX_NAME_LENGTH);
f51d5b24 217
56e5cb86 218 hci_dev_unlock(hdev);
3159d384
JH		 219
220 hci_req_complete(hdev, HCI_OP_WRITE_LOCAL_NAME, status);
a9de9248
MH		 221}
222
223static void hci_cc_read_local_name(struct hci_dev *hdev, struct sk_buff *skb)
224{
225 struct hci_rp_read_local_name *rp = (void *) skb->data;
226
227 BT_DBG("%s status 0x%x", hdev->name, rp->status);
228
229 if (rp->status)
230 return;
231
db99b5fc
JH		 232 if (test_bit(HCI_SETUP, &hdev->dev_flags))
233 memcpy(hdev->dev_name, rp->name, HCI_MAX_NAME_LENGTH);
a9de9248
MH		 234}
235
236static void hci_cc_write_auth_enable(struct hci_dev *hdev, struct sk_buff *skb)
237{
238 __u8 status = *((__u8 *) skb->data);
239 void *sent;
240
241 BT_DBG("%s status 0x%x", hdev->name, status);
242
243 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_AUTH_ENABLE);
244 if (!sent)
245 return;
246
247 if (!status) {
248 __u8 param = *((__u8 *) sent);
249
250 if (param == AUTH_ENABLED)
251 set_bit(HCI_AUTH, &hdev->flags);
252 else
253 clear_bit(HCI_AUTH, &hdev->flags);
1da177e4 254 }
a9de9248 255
33ef95ed
JH		 256 if (test_bit(HCI_MGMT, &hdev->dev_flags))
257 mgmt_auth_enable_complete(hdev, status);
258
23bb5763 259 hci_req_complete(hdev, HCI_OP_WRITE_AUTH_ENABLE, status);
1da177e4
LT		 260}
261
a9de9248 262static void hci_cc_write_encrypt_mode(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 263{
a9de9248 264 __u8 status = *((__u8 *) skb->data);
1da177e4
LT		 265 void *sent;
266
a9de9248 267 BT_DBG("%s status 0x%x", hdev->name, status);
1da177e4 268
a9de9248
MH		 269 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_ENCRYPT_MODE);
270 if (!sent)
271 return;
1da177e4 272
a9de9248
MH		 273 if (!status) {
274 __u8 param = *((__u8 *) sent);
275
276 if (param)
277 set_bit(HCI_ENCRYPT, &hdev->flags);
278 else
279 clear_bit(HCI_ENCRYPT, &hdev->flags);
280 }
1da177e4 281
23bb5763 282 hci_req_complete(hdev, HCI_OP_WRITE_ENCRYPT_MODE, status);
a9de9248 283}
1da177e4 284
a9de9248
MH		 285static void hci_cc_write_scan_enable(struct hci_dev *hdev, struct sk_buff *skb)
286{
36f7fc7e
JH		 287 __u8 param, status = *((__u8 *) skb->data);
288 int old_pscan, old_iscan;
a9de9248 289 void *sent;
1da177e4 290
a9de9248 291 BT_DBG("%s status 0x%x", hdev->name, status);
1da177e4 292
a9de9248
MH		 293 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SCAN_ENABLE);
294 if (!sent)
295 return;
1da177e4 296
36f7fc7e
JH		 297 param = *((__u8 *) sent);
298
56e5cb86
JH		 299 hci_dev_lock(hdev);
300
2d7cee58 301 if (status != 0) {
744cf19e 302 mgmt_write_scan_failed(hdev, param, status);
2d7cee58
JH		 303 hdev->discov_timeout = 0;
304 goto done;
305 }
306
36f7fc7e
JH		 307 old_pscan = test_and_clear_bit(HCI_PSCAN, &hdev->flags);
308 old_iscan = test_and_clear_bit(HCI_ISCAN, &hdev->flags);
309
310 if (param & SCAN_INQUIRY) {
311 set_bit(HCI_ISCAN, &hdev->flags);
312 if (!old_iscan)
744cf19e 313 mgmt_discoverable(hdev, 1);
16ab91ab
JH		 314 if (hdev->discov_timeout > 0) {
315 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
316 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
317 to);
318 }
36f7fc7e 319 } else if (old_iscan)
744cf19e 320 mgmt_discoverable(hdev, 0);
36f7fc7e
JH		 321
322 if (param & SCAN_PAGE) {
323 set_bit(HCI_PSCAN, &hdev->flags);
324 if (!old_pscan)
744cf19e 325 mgmt_connectable(hdev, 1);
36f7fc7e 326 } else if (old_pscan)
744cf19e 327 mgmt_connectable(hdev, 0);
1da177e4 328
36f7fc7e 329done:
56e5cb86 330 hci_dev_unlock(hdev);
23bb5763 331 hci_req_complete(hdev, HCI_OP_WRITE_SCAN_ENABLE, status);
a9de9248 332}
1da177e4 333
a9de9248
MH		 334static void hci_cc_read_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
335{
336 struct hci_rp_read_class_of_dev *rp = (void *) skb->data;
1da177e4 337
a9de9248 338 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1da177e4 339
a9de9248
MH		 340 if (rp->status)
341 return;
1da177e4 342
a9de9248 343 memcpy(hdev->dev_class, rp->dev_class, 3);
1da177e4 344
a9de9248
MH		 345 BT_DBG("%s class 0x%.2x%.2x%.2x", hdev->name,
346 hdev->dev_class[2], hdev->dev_class[1], hdev->dev_class[0]);
347}
1da177e4 348
a9de9248
MH		 349static void hci_cc_write_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
350{
351 __u8 status = *((__u8 *) skb->data);
352 void *sent;
1da177e4 353
a9de9248 354 BT_DBG("%s status 0x%x", hdev->name, status);
1da177e4 355
a9de9248
MH		 356 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_CLASS_OF_DEV);
357 if (!sent)
358 return;
1da177e4 359
7f9a903c
MH		 360 hci_dev_lock(hdev);
361
362 if (status == 0)
363 memcpy(hdev->dev_class, sent, 3);
364
365 if (test_bit(HCI_MGMT, &hdev->dev_flags))
366 mgmt_set_class_of_dev_complete(hdev, sent, status);
367
368 hci_dev_unlock(hdev);
a9de9248 369}
1da177e4 370
a9de9248
MH		 371static void hci_cc_read_voice_setting(struct hci_dev *hdev, struct sk_buff *skb)
372{
373 struct hci_rp_read_voice_setting *rp = (void *) skb->data;
374 __u16 setting;
375
376 BT_DBG("%s status 0x%x", hdev->name, rp->status);
377
378 if (rp->status)
379 return;
380
381 setting = __le16_to_cpu(rp->voice_setting);
382
f383f275 383 if (hdev->voice_setting == setting)
a9de9248
MH		 384 return;
385
386 hdev->voice_setting = setting;
387
388 BT_DBG("%s voice setting 0x%04x", hdev->name, setting);
389
3c54711c 390 if (hdev->notify)
a9de9248 391 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
a9de9248
MH		 392}
393
394static void hci_cc_write_voice_setting(struct hci_dev *hdev, struct sk_buff *skb)
395{
396 __u8 status = *((__u8 *) skb->data);
f383f275 397 __u16 setting;
a9de9248
MH		 398 void *sent;
399
400 BT_DBG("%s status 0x%x", hdev->name, status);
1da177e4 401
f383f275
MH		 402 if (status)
403 return;
404
a9de9248
MH		 405 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_VOICE_SETTING);
406 if (!sent)
407 return;
1da177e4 408
f383f275 409 setting = get_unaligned_le16(sent);
1da177e4 410
f383f275
MH		 411 if (hdev->voice_setting == setting)
412 return;
413
414 hdev->voice_setting = setting;
1da177e4 415
f383f275 416 BT_DBG("%s voice setting 0x%04x", hdev->name, setting);
1da177e4 417
3c54711c 418 if (hdev->notify)
f383f275 419 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
1da177e4
LT		 420}
421
a9de9248 422static void hci_cc_host_buffer_size(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 423{
a9de9248 424 __u8 status = *((__u8 *) skb->data);
1da177e4 425
a9de9248 426 BT_DBG("%s status 0x%x", hdev->name, status);
1da177e4 427
23bb5763 428 hci_req_complete(hdev, HCI_OP_HOST_BUFFER_SIZE, status);
a9de9248 429}
1143e5a6 430
333140b5
MH		 431static void hci_cc_write_ssp_mode(struct hci_dev *hdev, struct sk_buff *skb)
432{
433 __u8 status = *((__u8 *) skb->data);
434 void *sent;
435
436 BT_DBG("%s status 0x%x", hdev->name, status);
437
333140b5
MH		 438 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SSP_MODE);
439 if (!sent)
440 return;
441
ed2c4ee3 442 if (test_bit(HCI_MGMT, &hdev->dev_flags))
c0ecddc2
JH		 443 mgmt_ssp_enable_complete(hdev, *((u8 *) sent), status);
444 else if (!status) {
445 if (*((u8 *) sent))
446 set_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
447 else
448 clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
449 }
333140b5
MH		 450}
451
d5859e22
JH		 452static u8 hci_get_inquiry_mode(struct hci_dev *hdev)
453{
454 if (hdev->features[6] & LMP_EXT_INQ)
455 return 2;
456
457 if (hdev->features[3] & LMP_RSSI_INQ)
458 return 1;
459
460 if (hdev->manufacturer == 11 && hdev->hci_rev == 0x00 &&
461 hdev->lmp_subver == 0x0757)
462 return 1;
463
464 if (hdev->manufacturer == 15) {
465 if (hdev->hci_rev == 0x03 && hdev->lmp_subver == 0x6963)
466 return 1;
467 if (hdev->hci_rev == 0x09 && hdev->lmp_subver == 0x6963)
468 return 1;
469 if (hdev->hci_rev == 0x00 && hdev->lmp_subver == 0x6965)
470 return 1;
471 }
472
473 if (hdev->manufacturer == 31 && hdev->hci_rev == 0x2005 &&
474 hdev->lmp_subver == 0x1805)
475 return 1;
476
477 return 0;
478}
479
480static void hci_setup_inquiry_mode(struct hci_dev *hdev)
481{
482 u8 mode;
483
484 mode = hci_get_inquiry_mode(hdev);
485
486 hci_send_cmd(hdev, HCI_OP_WRITE_INQUIRY_MODE, 1, &mode);
487}
488
489static void hci_setup_event_mask(struct hci_dev *hdev)
490{
491 /* The second byte is 0xff instead of 0x9f (two reserved bits
492 * disabled) since a Broadcom 1.2 dongle doesn't respond to the
493 * command otherwise */
494 u8 events[8] = { 0xff, 0xff, 0xfb, 0xff, 0x00, 0x00, 0x00, 0x00 };
495
6de6c18d
VT		 496 /* CSR 1.1 dongles does not accept any bitfield so don't try to set
497 * any event mask for pre 1.2 devices */
5a13b095 498 if (hdev->hci_ver < BLUETOOTH_VER_1_2)
6de6c18d
VT		 499 return;
500
501 events[4] |= 0x01; /* Flow Specification Complete */
502 events[4] |= 0x02; /* Inquiry Result with RSSI */
503 events[4] |= 0x04; /* Read Remote Extended Features Complete */
504 events[5] |= 0x08; /* Synchronous Connection Complete */
505 events[5] |= 0x10; /* Synchronous Connection Changed */
d5859e22
JH		 506
507 if (hdev->features[3] & LMP_RSSI_INQ)
508 events[4] |= 0x04; /* Inquiry Result with RSSI */
509
510 if (hdev->features[5] & LMP_SNIFF_SUBR)
511 events[5] |= 0x20; /* Sniff Subrating */
512
513 if (hdev->features[5] & LMP_PAUSE_ENC)
514 events[5] |= 0x80; /* Encryption Key Refresh Complete */
515
516 if (hdev->features[6] & LMP_EXT_INQ)
517 events[5] |= 0x40; /* Extended Inquiry Result */
518
519 if (hdev->features[6] & LMP_NO_FLUSH)
520 events[7] |= 0x01; /* Enhanced Flush Complete */
521
522 if (hdev->features[7] & LMP_LSTO)
523 events[6] |= 0x80; /* Link Supervision Timeout Changed */
524
525 if (hdev->features[6] & LMP_SIMPLE_PAIR) {
526 events[6] |= 0x01; /* IO Capability Request */
527 events[6] |= 0x02; /* IO Capability Response */
528 events[6] |= 0x04; /* User Confirmation Request */
529 events[6] |= 0x08; /* User Passkey Request */
530 events[6] |= 0x10; /* Remote OOB Data Request */
531 events[6] |= 0x20; /* Simple Pairing Complete */
532 events[7] |= 0x04; /* User Passkey Notification */
533 events[7] |= 0x08; /* Keypress Notification */
534 events[7] |= 0x10; /* Remote Host Supported
535 * Features Notification */
536 }
537
538 if (hdev->features[4] & LMP_LE)
539 events[7] |= 0x20; /* LE Meta-Event */
540
541 hci_send_cmd(hdev, HCI_OP_SET_EVENT_MASK, sizeof(events), events);
542}
543
544static void hci_setup(struct hci_dev *hdev)
545{
e61ef499
AE		 546 if (hdev->dev_type != HCI_BREDR)
547 return;
548
d5859e22
JH		 549 hci_setup_event_mask(hdev);
550
d095c1eb 551 if (hdev->hci_ver > BLUETOOTH_VER_1_1)
d5859e22
JH		 552 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_COMMANDS, 0, NULL);
553
54d04dbb
JH		 554 if (hdev->features[6] & LMP_SIMPLE_PAIR) {
555 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
556 u8 mode = 0x01;
557 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE,
04124681 558 sizeof(mode), &mode);
54d04dbb
JH		 559 } else {
560 struct hci_cp_write_eir cp;
561
562 memset(hdev->eir, 0, sizeof(hdev->eir));
563 memset(&cp, 0, sizeof(cp));
564
565 hci_send_cmd(hdev, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
566 }
d5859e22
JH		 567 }
568
569 if (hdev->features[3] & LMP_RSSI_INQ)
570 hci_setup_inquiry_mode(hdev);
571
572 if (hdev->features[7] & LMP_INQ_TX_PWR)
573 hci_send_cmd(hdev, HCI_OP_READ_INQ_RSP_TX_POWER, 0, NULL);
971e3a4b
AG		 574
575 if (hdev->features[7] & LMP_EXTFEATURES) {
576 struct hci_cp_read_local_ext_features cp;
577
578 cp.page = 0x01;
04124681
GP		 579 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_EXT_FEATURES, sizeof(cp),
580 &cp);
971e3a4b 581 }
e6100a25 582
47990ea0
JH		 583 if (test_bit(HCI_LINK_SECURITY, &hdev->dev_flags)) {
584 u8 enable = 1;
04124681
GP		 585 hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(enable),
586 &enable);
47990ea0 587 }
d5859e22
JH		 588}
589
a9de9248
MH		 590static void hci_cc_read_local_version(struct hci_dev *hdev, struct sk_buff *skb)
591{
592 struct hci_rp_read_local_version *rp = (void *) skb->data;
1143e5a6 593
a9de9248 594 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1143e5a6 595
a9de9248 596 if (rp->status)
28b8df77 597 goto done;
1143e5a6 598
a9de9248 599 hdev->hci_ver = rp->hci_ver;
e4e8e37c 600 hdev->hci_rev = __le16_to_cpu(rp->hci_rev);
d5859e22 601 hdev->lmp_ver = rp->lmp_ver;
e4e8e37c 602 hdev->manufacturer = __le16_to_cpu(rp->manufacturer);
d5859e22 603 hdev->lmp_subver = __le16_to_cpu(rp->lmp_subver);
1143e5a6 604
a9de9248
MH		 605 BT_DBG("%s manufacturer %d hci ver %d:%d", hdev->name,
606 hdev->manufacturer,
607 hdev->hci_ver, hdev->hci_rev);
d5859e22
JH		 608
609 if (test_bit(HCI_INIT, &hdev->flags))
610 hci_setup(hdev);
28b8df77
AE		 611
612done:
613 hci_req_complete(hdev, HCI_OP_READ_LOCAL_VERSION, rp->status);
d5859e22
JH		 614}
615
616static void hci_setup_link_policy(struct hci_dev *hdev)
617{
618 u16 link_policy = 0;
619
620 if (hdev->features[0] & LMP_RSWITCH)
621 link_policy |= HCI_LP_RSWITCH;
622 if (hdev->features[0] & LMP_HOLD)
623 link_policy |= HCI_LP_HOLD;
624 if (hdev->features[0] & LMP_SNIFF)
625 link_policy |= HCI_LP_SNIFF;
626 if (hdev->features[1] & LMP_PARK)
627 link_policy |= HCI_LP_PARK;
628
629 link_policy = cpu_to_le16(link_policy);
04124681
GP		 630 hci_send_cmd(hdev, HCI_OP_WRITE_DEF_LINK_POLICY, sizeof(link_policy),
631 &link_policy);
a9de9248 632}
1da177e4 633
a9de9248
MH		 634static void hci_cc_read_local_commands(struct hci_dev *hdev, struct sk_buff *skb)
635{
636 struct hci_rp_read_local_commands *rp = (void *) skb->data;
1da177e4 637
a9de9248 638 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1da177e4 639
a9de9248 640 if (rp->status)
d5859e22 641 goto done;
1da177e4 642
a9de9248 643 memcpy(hdev->commands, rp->commands, sizeof(hdev->commands));
d5859e22
JH		 644
645 if (test_bit(HCI_INIT, &hdev->flags) && (hdev->commands[5] & 0x10))
646 hci_setup_link_policy(hdev);
647
648done:
649 hci_req_complete(hdev, HCI_OP_READ_LOCAL_COMMANDS, rp->status);
a9de9248 650}
1da177e4 651
a9de9248
MH		 652static void hci_cc_read_local_features(struct hci_dev *hdev, struct sk_buff *skb)
653{
654 struct hci_rp_read_local_features *rp = (void *) skb->data;
5b7f9909 655
a9de9248 656 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1da177e4 657
a9de9248
MH		 658 if (rp->status)
659 return;
5b7f9909 660
a9de9248 661 memcpy(hdev->features, rp->features, 8);
5b7f9909 662
a9de9248
MH		 663 /* Adjust default settings according to features
664 * supported by device. */
1da177e4 665
a9de9248
MH		 666 if (hdev->features[0] & LMP_3SLOT)
667 hdev->pkt_type |= (HCI_DM3 | HCI_DH3);
1da177e4 668
a9de9248
MH		 669 if (hdev->features[0] & LMP_5SLOT)
670 hdev->pkt_type |= (HCI_DM5 | HCI_DH5);
1da177e4 671
a9de9248
MH		 672 if (hdev->features[1] & LMP_HV2) {
673 hdev->pkt_type |= (HCI_HV2);
674 hdev->esco_type |= (ESCO_HV2);
675 }
1da177e4 676
a9de9248
MH		 677 if (hdev->features[1] & LMP_HV3) {
678 hdev->pkt_type |= (HCI_HV3);
679 hdev->esco_type |= (ESCO_HV3);
680 }
1da177e4 681
a9de9248
MH		 682 if (hdev->features[3] & LMP_ESCO)
683 hdev->esco_type |= (ESCO_EV3);
da1f5198 684
a9de9248
MH		 685 if (hdev->features[4] & LMP_EV4)
686 hdev->esco_type |= (ESCO_EV4);
da1f5198 687
a9de9248
MH		 688 if (hdev->features[4] & LMP_EV5)
689 hdev->esco_type |= (ESCO_EV5);
1da177e4 690
efc7688b
MH		 691 if (hdev->features[5] & LMP_EDR_ESCO_2M)
692 hdev->esco_type |= (ESCO_2EV3);
693
694 if (hdev->features[5] & LMP_EDR_ESCO_3M)
695 hdev->esco_type |= (ESCO_3EV3);
696
697 if (hdev->features[5] & LMP_EDR_3S_ESCO)
698 hdev->esco_type |= (ESCO_2EV5 | ESCO_3EV5);
699
a9de9248
MH		 700 BT_DBG("%s features 0x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x", hdev->name,
701 hdev->features[0], hdev->features[1],
702 hdev->features[2], hdev->features[3],
703 hdev->features[4], hdev->features[5],
704 hdev->features[6], hdev->features[7]);
705}
1da177e4 706
8f984dfa
JH		 707static void hci_set_le_support(struct hci_dev *hdev)
708{
709 struct hci_cp_write_le_host_supported cp;
710
711 memset(&cp, 0, sizeof(cp));
712
713 if (enable_le && test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
714 cp.le = 1;
715 cp.simul = !!(hdev->features[6] & LMP_SIMUL_LE_BR);
716 }
717
718 if (cp.le != !!(hdev->host_features[0] & LMP_HOST_LE))
04124681
GP		 719 hci_send_cmd(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(cp),
720 &cp);
8f984dfa
JH		 721}
722
971e3a4b
AG		 723static void hci_cc_read_local_ext_features(struct hci_dev *hdev,
724 struct sk_buff *skb)
725{
726 struct hci_rp_read_local_ext_features *rp = (void *) skb->data;
727
728 BT_DBG("%s status 0x%x", hdev->name, rp->status);
729
730 if (rp->status)
8f984dfa 731 goto done;
971e3a4b 732
b5b32b65
AG		 733 switch (rp->page) {
734 case 0:
735 memcpy(hdev->features, rp->features, 8);
736 break;
737 case 1:
738 memcpy(hdev->host_features, rp->features, 8);
739 break;
740 }
971e3a4b 741
8f984dfa
JH		 742 if (test_bit(HCI_INIT, &hdev->flags) && hdev->features[4] & LMP_LE)
743 hci_set_le_support(hdev);
744
745done:
971e3a4b
AG		 746 hci_req_complete(hdev, HCI_OP_READ_LOCAL_EXT_FEATURES, rp->status);
747}
748
1e89cffb
AE		 749static void hci_cc_read_flow_control_mode(struct hci_dev *hdev,
750 struct sk_buff *skb)
751{
752 struct hci_rp_read_flow_control_mode *rp = (void *) skb->data;
753
754 BT_DBG("%s status 0x%x", hdev->name, rp->status);
755
756 if (rp->status)
757 return;
758
759 hdev->flow_ctl_mode = rp->mode;
760
761 hci_req_complete(hdev, HCI_OP_READ_FLOW_CONTROL_MODE, rp->status);
762}
763
a9de9248
MH		 764static void hci_cc_read_buffer_size(struct hci_dev *hdev, struct sk_buff *skb)
765{
766 struct hci_rp_read_buffer_size *rp = (void *) skb->data;
1da177e4 767
a9de9248 768 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1da177e4 769
a9de9248
MH		 770 if (rp->status)
771 return;
1da177e4 772
a9de9248
MH		 773 hdev->acl_mtu = __le16_to_cpu(rp->acl_mtu);
774 hdev->sco_mtu = rp->sco_mtu;
775 hdev->acl_pkts = __le16_to_cpu(rp->acl_max_pkt);
776 hdev->sco_pkts = __le16_to_cpu(rp->sco_max_pkt);
777
778 if (test_bit(HCI_QUIRK_FIXUP_BUFFER_SIZE, &hdev->quirks)) {
779 hdev->sco_mtu = 64;
780 hdev->sco_pkts = 8;
1da177e4 781 }
a9de9248
MH		 782
783 hdev->acl_cnt = hdev->acl_pkts;
784 hdev->sco_cnt = hdev->sco_pkts;
785
786 BT_DBG("%s acl mtu %d:%d sco mtu %d:%d", hdev->name,
787 hdev->acl_mtu, hdev->acl_pkts,
788 hdev->sco_mtu, hdev->sco_pkts);
789}
790
791static void hci_cc_read_bd_addr(struct hci_dev *hdev, struct sk_buff *skb)
792{
793 struct hci_rp_read_bd_addr *rp = (void *) skb->data;
794
795 BT_DBG("%s status 0x%x", hdev->name, rp->status);
796
797 if (!rp->status)
798 bacpy(&hdev->bdaddr, &rp->bdaddr);
799
23bb5763
JH		 800 hci_req_complete(hdev, HCI_OP_READ_BD_ADDR, rp->status);
801}
802
350ee4cf
AE		 803static void hci_cc_read_data_block_size(struct hci_dev *hdev,
804 struct sk_buff *skb)
805{
806 struct hci_rp_read_data_block_size *rp = (void *) skb->data;
807
808 BT_DBG("%s status 0x%x", hdev->name, rp->status);
809
810 if (rp->status)
811 return;
812
813 hdev->block_mtu = __le16_to_cpu(rp->max_acl_len);
814 hdev->block_len = __le16_to_cpu(rp->block_len);
815 hdev->num_blocks = __le16_to_cpu(rp->num_blocks);
816
817 hdev->block_cnt = hdev->num_blocks;
818
819 BT_DBG("%s blk mtu %d cnt %d len %d", hdev->name, hdev->block_mtu,
820 hdev->block_cnt, hdev->block_len);
821
822 hci_req_complete(hdev, HCI_OP_READ_DATA_BLOCK_SIZE, rp->status);
823}
824
23bb5763
JH		 825static void hci_cc_write_ca_timeout(struct hci_dev *hdev, struct sk_buff *skb)
826{
827 __u8 status = *((__u8 *) skb->data);
828
829 BT_DBG("%s status 0x%x", hdev->name, status);
830
831 hci_req_complete(hdev, HCI_OP_WRITE_CA_TIMEOUT, status);
a9de9248
MH		 832}
833
928abaa7
AE		 834static void hci_cc_read_local_amp_info(struct hci_dev *hdev,
835 struct sk_buff *skb)
836{
837 struct hci_rp_read_local_amp_info *rp = (void *) skb->data;
838
839 BT_DBG("%s status 0x%x", hdev->name, rp->status);
840
841 if (rp->status)
842 return;
843
844 hdev->amp_status = rp->amp_status;
845 hdev->amp_total_bw = __le32_to_cpu(rp->total_bw);
846 hdev->amp_max_bw = __le32_to_cpu(rp->max_bw);
847 hdev->amp_min_latency = __le32_to_cpu(rp->min_latency);
848 hdev->amp_max_pdu = __le32_to_cpu(rp->max_pdu);
849 hdev->amp_type = rp->amp_type;
850 hdev->amp_pal_cap = __le16_to_cpu(rp->pal_cap);
851 hdev->amp_assoc_size = __le16_to_cpu(rp->max_assoc_size);
852 hdev->amp_be_flush_to = __le32_to_cpu(rp->be_flush_to);
853 hdev->amp_max_flush_to = __le32_to_cpu(rp->max_flush_to);
854
855 hci_req_complete(hdev, HCI_OP_READ_LOCAL_AMP_INFO, rp->status);
856}
857
b0916ea0
JH		 858static void hci_cc_delete_stored_link_key(struct hci_dev *hdev,
859 struct sk_buff *skb)
860{
861 __u8 status = *((__u8 *) skb->data);
862
863 BT_DBG("%s status 0x%x", hdev->name, status);
864
865 hci_req_complete(hdev, HCI_OP_DELETE_STORED_LINK_KEY, status);
866}
867
d5859e22
JH		 868static void hci_cc_set_event_mask(struct hci_dev *hdev, struct sk_buff *skb)
869{
870 __u8 status = *((__u8 *) skb->data);
871
872 BT_DBG("%s status 0x%x", hdev->name, status);
873
874 hci_req_complete(hdev, HCI_OP_SET_EVENT_MASK, status);
875}
876
877static void hci_cc_write_inquiry_mode(struct hci_dev *hdev,
878 struct sk_buff *skb)
879{
880 __u8 status = *((__u8 *) skb->data);
881
882 BT_DBG("%s status 0x%x", hdev->name, status);
883
884 hci_req_complete(hdev, HCI_OP_WRITE_INQUIRY_MODE, status);
885}
886
887static void hci_cc_read_inq_rsp_tx_power(struct hci_dev *hdev,
888 struct sk_buff *skb)
889{
890 __u8 status = *((__u8 *) skb->data);
891
892 BT_DBG("%s status 0x%x", hdev->name, status);
893
894 hci_req_complete(hdev, HCI_OP_READ_INQ_RSP_TX_POWER, status);
895}
896
897static void hci_cc_set_event_flt(struct hci_dev *hdev, struct sk_buff *skb)
898{
899 __u8 status = *((__u8 *) skb->data);
900
901 BT_DBG("%s status 0x%x", hdev->name, status);
902
903 hci_req_complete(hdev, HCI_OP_SET_EVENT_FLT, status);
904}
905
980e1a53
JH		 906static void hci_cc_pin_code_reply(struct hci_dev *hdev, struct sk_buff *skb)
907{
908 struct hci_rp_pin_code_reply *rp = (void *) skb->data;
909 struct hci_cp_pin_code_reply *cp;
910 struct hci_conn *conn;
911
912 BT_DBG("%s status 0x%x", hdev->name, rp->status);
913
56e5cb86
JH		 914 hci_dev_lock(hdev);
915
a8b2d5c2 916 if (test_bit(HCI_MGMT, &hdev->dev_flags))
744cf19e 917 mgmt_pin_code_reply_complete(hdev, &rp->bdaddr, rp->status);
980e1a53
JH		 918
919 if (rp->status != 0)
56e5cb86 920 goto unlock;
980e1a53
JH		 921
922 cp = hci_sent_cmd_data(hdev, HCI_OP_PIN_CODE_REPLY);
923 if (!cp)
56e5cb86 924 goto unlock;
980e1a53
JH		 925
926 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
927 if (conn)
928 conn->pin_length = cp->pin_len;
56e5cb86
JH		 929
930unlock:
931 hci_dev_unlock(hdev);
980e1a53
JH		 932}
933
934static void hci_cc_pin_code_neg_reply(struct hci_dev *hdev, struct sk_buff *skb)
935{
936 struct hci_rp_pin_code_neg_reply *rp = (void *) skb->data;
937
938 BT_DBG("%s status 0x%x", hdev->name, rp->status);
939
56e5cb86
JH		 940 hci_dev_lock(hdev);
941
a8b2d5c2 942 if (test_bit(HCI_MGMT, &hdev->dev_flags))
744cf19e 943 mgmt_pin_code_neg_reply_complete(hdev, &rp->bdaddr,
980e1a53 944 rp->status);
56e5cb86
JH		 945
946 hci_dev_unlock(hdev);
980e1a53 947}
56e5cb86 948
6ed58ec5
VT		 949static void hci_cc_le_read_buffer_size(struct hci_dev *hdev,
950 struct sk_buff *skb)
951{
952 struct hci_rp_le_read_buffer_size *rp = (void *) skb->data;
953
954 BT_DBG("%s status 0x%x", hdev->name, rp->status);
955
956 if (rp->status)
957 return;
958
959 hdev->le_mtu = __le16_to_cpu(rp->le_mtu);
960 hdev->le_pkts = rp->le_max_pkt;
961
962 hdev->le_cnt = hdev->le_pkts;
963
964 BT_DBG("%s le mtu %d:%d", hdev->name, hdev->le_mtu, hdev->le_pkts);
965
966 hci_req_complete(hdev, HCI_OP_LE_READ_BUFFER_SIZE, rp->status);
967}
980e1a53 968
a5c29683
JH		 969static void hci_cc_user_confirm_reply(struct hci_dev *hdev, struct sk_buff *skb)
970{
971 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
972
973 BT_DBG("%s status 0x%x", hdev->name, rp->status);
974
56e5cb86
JH		 975 hci_dev_lock(hdev);
976
a8b2d5c2 977 if (test_bit(HCI_MGMT, &hdev->dev_flags))
04124681
GP		 978 mgmt_user_confirm_reply_complete(hdev, &rp->bdaddr, ACL_LINK, 0,
979 rp->status);
56e5cb86
JH		 980
981 hci_dev_unlock(hdev);
a5c29683
JH		 982}
983
984static void hci_cc_user_confirm_neg_reply(struct hci_dev *hdev,
985 struct sk_buff *skb)
986{
987 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
988
989 BT_DBG("%s status 0x%x", hdev->name, rp->status);
990
56e5cb86
JH		 991 hci_dev_lock(hdev);
992
a8b2d5c2 993 if (test_bit(HCI_MGMT, &hdev->dev_flags))
744cf19e 994 mgmt_user_confirm_neg_reply_complete(hdev, &rp->bdaddr,
04124681 995 ACL_LINK, 0, rp->status);
56e5cb86
JH		 996
997 hci_dev_unlock(hdev);
a5c29683
JH		 998}
999
1143d458
BG		 1000static void hci_cc_user_passkey_reply(struct hci_dev *hdev, struct sk_buff *skb)
1001{
1002 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
1003
1004 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1005
1006 hci_dev_lock(hdev);
1007
a8b2d5c2 1008 if (test_bit(HCI_MGMT, &hdev->dev_flags))
272d90df 1009 mgmt_user_passkey_reply_complete(hdev, &rp->bdaddr, ACL_LINK,
04124681 1010 0, rp->status);
1143d458
BG		 1011
1012 hci_dev_unlock(hdev);
1013}
1014
1015static void hci_cc_user_passkey_neg_reply(struct hci_dev *hdev,
1016 struct sk_buff *skb)
1017{
1018 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
1019
1020 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1021
1022 hci_dev_lock(hdev);
1023
a8b2d5c2 1024 if (test_bit(HCI_MGMT, &hdev->dev_flags))
1143d458 1025 mgmt_user_passkey_neg_reply_complete(hdev, &rp->bdaddr,
04124681 1026 ACL_LINK, 0, rp->status);
1143d458
BG		 1027
1028 hci_dev_unlock(hdev);
1029}
1030
c35938b2
SJ		 1031static void hci_cc_read_local_oob_data_reply(struct hci_dev *hdev,
1032 struct sk_buff *skb)
1033{
1034 struct hci_rp_read_local_oob_data *rp = (void *) skb->data;
1035
1036 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1037
56e5cb86 1038 hci_dev_lock(hdev);
744cf19e 1039 mgmt_read_local_oob_data_reply_complete(hdev, rp->hash,
c35938b2 1040 rp->randomizer, rp->status);
56e5cb86 1041 hci_dev_unlock(hdev);
c35938b2
SJ		 1042}
1043
07f7fa5d
AG		 1044static void hci_cc_le_set_scan_param(struct hci_dev *hdev, struct sk_buff *skb)
1045{
1046 __u8 status = *((__u8 *) skb->data);
1047
1048 BT_DBG("%s status 0x%x", hdev->name, status);
7ba8b4be
AG		 1049
1050 hci_req_complete(hdev, HCI_OP_LE_SET_SCAN_PARAM, status);
3fd24153
AG		 1051
1052 if (status) {
1053 hci_dev_lock(hdev);
1054 mgmt_start_discovery_failed(hdev, status);
1055 hci_dev_unlock(hdev);
1056 return;
1057 }
07f7fa5d
AG		 1058}
1059
eb9d91f5
AG		 1060static void hci_cc_le_set_scan_enable(struct hci_dev *hdev,
1061 struct sk_buff *skb)
1062{
1063 struct hci_cp_le_set_scan_enable *cp;
1064 __u8 status = *((__u8 *) skb->data);
1065
1066 BT_DBG("%s status 0x%x", hdev->name, status);
1067
eb9d91f5
AG		 1068 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_SCAN_ENABLE);
1069 if (!cp)
1070 return;
1071
68a8aea4
AE		 1072 switch (cp->enable) {
1073 case LE_SCANNING_ENABLED:
7ba8b4be
AG		 1074 hci_req_complete(hdev, HCI_OP_LE_SET_SCAN_ENABLE, status);
1075
3fd24153
AG		 1076 if (status) {
1077 hci_dev_lock(hdev);
1078 mgmt_start_discovery_failed(hdev, status);
1079 hci_dev_unlock(hdev);
7ba8b4be 1080 return;
3fd24153 1081 }
7ba8b4be 1082
d23264a8
AG		 1083 set_bit(HCI_LE_SCAN, &hdev->dev_flags);
1084
db323f2f 1085 cancel_delayed_work_sync(&hdev->adv_work);
a8f13c8c
AG		 1086
1087 hci_dev_lock(hdev);
eb9d91f5 1088 hci_adv_entries_clear(hdev);
343f935b 1089 hci_discovery_set_state(hdev, DISCOVERY_FINDING);
a8f13c8c 1090 hci_dev_unlock(hdev);
68a8aea4
AE		 1091 break;
1092
1093 case LE_SCANNING_DISABLED:
7ba8b4be
AG		 1094 if (status)
1095 return;
1096
d23264a8
AG		 1097 clear_bit(HCI_LE_SCAN, &hdev->dev_flags);
1098
d084329e 1099 schedule_delayed_work(&hdev->adv_work, ADV_CLEAR_TIMEOUT);
5e0452c0 1100
bc3dd33c
AG		 1101 if (hdev->discovery.type == DISCOV_TYPE_INTERLEAVED &&
1102 hdev->discovery.state == DISCOVERY_FINDING) {
5e0452c0
AG		 1103 mgmt_interleaved_discovery(hdev);
1104 } else {
1105 hci_dev_lock(hdev);
1106 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1107 hci_dev_unlock(hdev);
1108 }
1109
68a8aea4
AE		 1110 break;
1111
1112 default:
1113 BT_ERR("Used reserved LE_Scan_Enable param %d", cp->enable);
1114 break;
35815085 1115 }
eb9d91f5
AG		 1116}
1117
a7a595f6
VCG		 1118static void hci_cc_le_ltk_reply(struct hci_dev *hdev, struct sk_buff *skb)
1119{
1120 struct hci_rp_le_ltk_reply *rp = (void *) skb->data;
1121
1122 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1123
1124 if (rp->status)
1125 return;
1126
1127 hci_req_complete(hdev, HCI_OP_LE_LTK_REPLY, rp->status);
1128}
1129
1130static void hci_cc_le_ltk_neg_reply(struct hci_dev *hdev, struct sk_buff *skb)
1131{
1132 struct hci_rp_le_ltk_neg_reply *rp = (void *) skb->data;
1133
1134 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1135
1136 if (rp->status)
1137 return;
1138
1139 hci_req_complete(hdev, HCI_OP_LE_LTK_NEG_REPLY, rp->status);
1140}
1141
f9b49306
AG		 1142static inline void hci_cc_write_le_host_supported(struct hci_dev *hdev,
1143 struct sk_buff *skb)
1144{
06199cf8 1145 struct hci_cp_write_le_host_supported *sent;
f9b49306
AG		 1146 __u8 status = *((__u8 *) skb->data);
1147
1148 BT_DBG("%s status 0x%x", hdev->name, status);
1149
06199cf8 1150 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED);
8f984dfa 1151 if (!sent)
f9b49306
AG		 1152 return;
1153
8f984dfa
JH		 1154 if (!status) {
1155 if (sent->le)
1156 hdev->host_features[0] |= LMP_HOST_LE;
1157 else
1158 hdev->host_features[0] &= ~LMP_HOST_LE;
1159 }
1160
1161 if (test_bit(HCI_MGMT, &hdev->dev_flags) &&
1162 !test_bit(HCI_INIT, &hdev->flags))
1163 mgmt_le_enable_complete(hdev, sent->le, status);
1164
1165 hci_req_complete(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED, status);
f9b49306
AG		 1166}
1167
a9de9248
MH		 1168static inline void hci_cs_inquiry(struct hci_dev *hdev, __u8 status)
1169{
1170 BT_DBG("%s status 0x%x", hdev->name, status);
1171
1172 if (status) {
23bb5763 1173 hci_req_complete(hdev, HCI_OP_INQUIRY, status);
a9de9248 1174 hci_conn_check_pending(hdev);
56e5cb86 1175 hci_dev_lock(hdev);
a8b2d5c2 1176 if (test_bit(HCI_MGMT, &hdev->dev_flags))
7a135109 1177 mgmt_start_discovery_failed(hdev, status);
56e5cb86 1178 hci_dev_unlock(hdev);
314b2381
JH		 1179 return;
1180 }
1181
89352e7d
AG		 1182 set_bit(HCI_INQUIRY, &hdev->flags);
1183
56e5cb86 1184 hci_dev_lock(hdev);
343f935b 1185 hci_discovery_set_state(hdev, DISCOVERY_FINDING);
56e5cb86 1186 hci_dev_unlock(hdev);
1da177e4
LT		 1187}
1188
1da177e4
LT		 1189static inline void hci_cs_create_conn(struct hci_dev *hdev, __u8 status)
1190{
a9de9248 1191 struct hci_cp_create_conn *cp;
1da177e4 1192 struct hci_conn *conn;
1da177e4 1193
a9de9248
MH		 1194 BT_DBG("%s status 0x%x", hdev->name, status);
1195
1196 cp = hci_sent_cmd_data(hdev, HCI_OP_CREATE_CONN);
1da177e4
LT		 1197 if (!cp)
1198 return;
1199
1200 hci_dev_lock(hdev);
1201
1202 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1203
a9de9248 1204 BT_DBG("%s bdaddr %s conn %p", hdev->name, batostr(&cp->bdaddr), conn);
1da177e4
LT		 1205
1206 if (status) {
1207 if (conn && conn->state == BT_CONNECT) {
4c67bc74
MH		 1208 if (status != 0x0c || conn->attempt > 2) {
1209 conn->state = BT_CLOSED;
1210 hci_proto_connect_cfm(conn, status);
1211 hci_conn_del(conn);
1212 } else
1213 conn->state = BT_CONNECT2;
1da177e4
LT		 1214 }
1215 } else {
1216 if (!conn) {
1217 conn = hci_conn_add(hdev, ACL_LINK, &cp->bdaddr);
1218 if (conn) {
a0c808b3 1219 conn->out = true;
1da177e4
LT		 1220 conn->link_mode |= HCI_LM_MASTER;
1221 } else
893ef971 1222 BT_ERR("No memory for new connection");
1da177e4
LT		 1223 }
1224 }
1225
1226 hci_dev_unlock(hdev);
1227}
1228
a9de9248 1229static void hci_cs_add_sco(struct hci_dev *hdev, __u8 status)
1da177e4 1230{
a9de9248
MH		 1231 struct hci_cp_add_sco *cp;
1232 struct hci_conn *acl, *sco;
1233 __u16 handle;
1da177e4 1234
b6a0dc82
MH		 1235 BT_DBG("%s status 0x%x", hdev->name, status);
1236
a9de9248
MH		 1237 if (!status)
1238 return;
1da177e4 1239
a9de9248
MH		 1240 cp = hci_sent_cmd_data(hdev, HCI_OP_ADD_SCO);
1241 if (!cp)
1242 return;
1da177e4 1243
a9de9248 1244 handle = __le16_to_cpu(cp->handle);
1da177e4 1245
a9de9248 1246 BT_DBG("%s handle %d", hdev->name, handle);
1da177e4 1247
a9de9248 1248 hci_dev_lock(hdev);
1da177e4 1249
a9de9248 1250 acl = hci_conn_hash_lookup_handle(hdev, handle);
5a08ecce
AE		 1251 if (acl) {
1252 sco = acl->link;
1253 if (sco) {
1254 sco->state = BT_CLOSED;
1da177e4 1255
5a08ecce
AE		 1256 hci_proto_connect_cfm(sco, status);
1257 hci_conn_del(sco);
1258 }
a9de9248 1259 }
1da177e4 1260
a9de9248
MH		 1261 hci_dev_unlock(hdev);
1262}
1da177e4 1263
f8558555
MH		 1264static void hci_cs_auth_requested(struct hci_dev *hdev, __u8 status)
1265{
1266 struct hci_cp_auth_requested *cp;
1267 struct hci_conn *conn;
1268
1269 BT_DBG("%s status 0x%x", hdev->name, status);
1270
1271 if (!status)
1272 return;
1273
1274 cp = hci_sent_cmd_data(hdev, HCI_OP_AUTH_REQUESTED);
1275 if (!cp)
1276 return;
1277
1278 hci_dev_lock(hdev);
1279
1280 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1281 if (conn) {
1282 if (conn->state == BT_CONFIG) {
1283 hci_proto_connect_cfm(conn, status);
1284 hci_conn_put(conn);
1285 }
1286 }
1287
1288 hci_dev_unlock(hdev);
1289}
1290
1291static void hci_cs_set_conn_encrypt(struct hci_dev *hdev, __u8 status)
1292{
1293 struct hci_cp_set_conn_encrypt *cp;
1294 struct hci_conn *conn;
1295
1296 BT_DBG("%s status 0x%x", hdev->name, status);
1297
1298 if (!status)
1299 return;
1300
1301 cp = hci_sent_cmd_data(hdev, HCI_OP_SET_CONN_ENCRYPT);
1302 if (!cp)
1303 return;
1304
1305 hci_dev_lock(hdev);
1306
1307 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1308 if (conn) {
1309 if (conn->state == BT_CONFIG) {
1310 hci_proto_connect_cfm(conn, status);
1311 hci_conn_put(conn);
1312 }
1313 }
1314
1315 hci_dev_unlock(hdev);
1316}
1317
127178d2 1318static int hci_outgoing_auth_needed(struct hci_dev *hdev,
138d22ef 1319 struct hci_conn *conn)
392599b9 1320{
392599b9
JH		 1321 if (conn->state != BT_CONFIG || !conn->out)
1322 return 0;
1323
765c2a96 1324 if (conn->pending_sec_level == BT_SECURITY_SDP)
392599b9
JH		 1325 return 0;
1326
1327 /* Only request authentication for SSP connections or non-SSP
e9bf2bf0 1328 * devices with sec_level HIGH or if MITM protection is requested */
aa64a8b5 1329 if (!hci_conn_ssp_enabled(conn) &&
e9bf2bf0
VCG		 1330 conn->pending_sec_level != BT_SECURITY_HIGH &&
1331 !(conn->auth_type & 0x01))
392599b9
JH		 1332 return 0;
1333
392599b9
JH		 1334 return 1;
1335}
1336
00abfe44 1337static inline int hci_resolve_name(struct hci_dev *hdev,
04124681 1338 struct inquiry_entry *e)
30dc78e1
JH		 1339{
1340 struct hci_cp_remote_name_req cp;
1341
1342 memset(&cp, 0, sizeof(cp));
1343
1344 bacpy(&cp.bdaddr, &e->data.bdaddr);
1345 cp.pscan_rep_mode = e->data.pscan_rep_mode;
1346 cp.pscan_mode = e->data.pscan_mode;
1347 cp.clock_offset = e->data.clock_offset;
1348
1349 return hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
1350}
1351
b644ba33 1352static bool hci_resolve_next_name(struct hci_dev *hdev)
30dc78e1
JH		 1353{
1354 struct discovery_state *discov = &hdev->discovery;
1355 struct inquiry_entry *e;
1356
b644ba33
JH		 1357 if (list_empty(&discov->resolve))
1358 return false;
1359
1360 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_NEEDED);
1361 if (hci_resolve_name(hdev, e) == 0) {
1362 e->name_state = NAME_PENDING;
1363 return true;
1364 }
1365
1366 return false;
1367}
1368
1369static void hci_check_pending_name(struct hci_dev *hdev, struct hci_conn *conn,
04124681 1370 bdaddr_t *bdaddr, u8 *name, u8 name_len)
b644ba33
JH		 1371{
1372 struct discovery_state *discov = &hdev->discovery;
1373 struct inquiry_entry *e;
1374
1375 if (conn && !test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
04124681
GP		 1376 mgmt_device_connected(hdev, bdaddr, ACL_LINK, 0x00, 0, name,
1377 name_len, conn->dev_class);
b644ba33
JH		 1378
1379 if (discov->state == DISCOVERY_STOPPED)
1380 return;
1381
30dc78e1
JH		 1382 if (discov->state == DISCOVERY_STOPPING)
1383 goto discov_complete;
1384
1385 if (discov->state != DISCOVERY_RESOLVING)
1386 return;
1387
1388 e = hci_inquiry_cache_lookup_resolve(hdev, bdaddr, NAME_PENDING);
1389 if (e) {
1390 e->name_state = NAME_KNOWN;
1391 list_del(&e->list);
b644ba33
JH		 1392 if (name)
1393 mgmt_remote_name(hdev, bdaddr, ACL_LINK, 0x00,
04124681 1394 e->data.rssi, name, name_len);
30dc78e1
JH		 1395 }
1396
b644ba33 1397 if (hci_resolve_next_name(hdev))
30dc78e1 1398 return;
30dc78e1
JH		 1399
1400discov_complete:
1401 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1402}
1403
a9de9248
MH		 1404static void hci_cs_remote_name_req(struct hci_dev *hdev, __u8 status)
1405{
127178d2
JH		 1406 struct hci_cp_remote_name_req *cp;
1407 struct hci_conn *conn;
1408
a9de9248 1409 BT_DBG("%s status 0x%x", hdev->name, status);
127178d2
JH		 1410
1411 /* If successful wait for the name req complete event before
1412 * checking for the need to do authentication */
1413 if (!status)
1414 return;
1415
1416 cp = hci_sent_cmd_data(hdev, HCI_OP_REMOTE_NAME_REQ);
1417 if (!cp)
1418 return;
1419
1420 hci_dev_lock(hdev);
1421
b644ba33
JH		 1422 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1423
a8b2d5c2 1424 if (test_bit(HCI_MGMT, &hdev->dev_flags))
b644ba33 1425 hci_check_pending_name(hdev, conn, &cp->bdaddr, NULL, 0);
30dc78e1 1426
79c6c70c
JH		 1427 if (!conn)
1428 goto unlock;
1429
1430 if (!hci_outgoing_auth_needed(hdev, conn))
1431 goto unlock;
1432
51a8efd7 1433 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
127178d2
JH		 1434 struct hci_cp_auth_requested cp;
1435 cp.handle = __cpu_to_le16(conn->handle);
1436 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp);
1437 }
1438
79c6c70c 1439unlock:
127178d2 1440 hci_dev_unlock(hdev);
a9de9248 1441}
1da177e4 1442
769be974
MH		 1443static void hci_cs_read_remote_features(struct hci_dev *hdev, __u8 status)
1444{
1445 struct hci_cp_read_remote_features *cp;
1446 struct hci_conn *conn;
1447
1448 BT_DBG("%s status 0x%x", hdev->name, status);
1449
1450 if (!status)
1451 return;
1452
1453 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_FEATURES);
1454 if (!cp)
1455 return;
1456
1457 hci_dev_lock(hdev);
1458
1459 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1460 if (conn) {
1461 if (conn->state == BT_CONFIG) {
769be974
MH		 1462 hci_proto_connect_cfm(conn, status);
1463 hci_conn_put(conn);
1464 }
1465 }
1466
1467 hci_dev_unlock(hdev);
1468}
1469
1470static void hci_cs_read_remote_ext_features(struct hci_dev *hdev, __u8 status)
1471{
1472 struct hci_cp_read_remote_ext_features *cp;
1473 struct hci_conn *conn;
1474
1475 BT_DBG("%s status 0x%x", hdev->name, status);
1476
1477 if (!status)
1478 return;
1479
1480 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES);
1481 if (!cp)
1482 return;
1483
1484 hci_dev_lock(hdev);
1485
1486 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1487 if (conn) {
1488 if (conn->state == BT_CONFIG) {
769be974
MH		 1489 hci_proto_connect_cfm(conn, status);
1490 hci_conn_put(conn);
1491 }
1492 }
1493
1494 hci_dev_unlock(hdev);
1495}
1496
a9de9248
MH		 1497static void hci_cs_setup_sync_conn(struct hci_dev *hdev, __u8 status)
1498{
b6a0dc82
MH		 1499 struct hci_cp_setup_sync_conn *cp;
1500 struct hci_conn *acl, *sco;
1501 __u16 handle;
1502
a9de9248 1503 BT_DBG("%s status 0x%x", hdev->name, status);
b6a0dc82
MH		 1504
1505 if (!status)
1506 return;
1507
1508 cp = hci_sent_cmd_data(hdev, HCI_OP_SETUP_SYNC_CONN);
1509 if (!cp)
1510 return;
1511
1512 handle = __le16_to_cpu(cp->handle);
1513
1514 BT_DBG("%s handle %d", hdev->name, handle);
1515
1516 hci_dev_lock(hdev);
1517
1518 acl = hci_conn_hash_lookup_handle(hdev, handle);
5a08ecce
AE		 1519 if (acl) {
1520 sco = acl->link;
1521 if (sco) {
1522 sco->state = BT_CLOSED;
b6a0dc82 1523
5a08ecce
AE		 1524 hci_proto_connect_cfm(sco, status);
1525 hci_conn_del(sco);
1526 }
b6a0dc82
MH		 1527 }
1528
1529 hci_dev_unlock(hdev);
1da177e4
LT		 1530}
1531
a9de9248 1532static void hci_cs_sniff_mode(struct hci_dev *hdev, __u8 status)
1da177e4 1533{
a9de9248
MH		 1534 struct hci_cp_sniff_mode *cp;
1535 struct hci_conn *conn;
1da177e4 1536
a9de9248 1537 BT_DBG("%s status 0x%x", hdev->name, status);
04837f64 1538
a9de9248
MH		 1539 if (!status)
1540 return;
04837f64 1541
a9de9248
MH		 1542 cp = hci_sent_cmd_data(hdev, HCI_OP_SNIFF_MODE);
1543 if (!cp)
1544 return;
04837f64 1545
a9de9248 1546 hci_dev_lock(hdev);
04837f64 1547
a9de9248 1548 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
e73439d8 1549 if (conn) {
51a8efd7 1550 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags);
04837f64 1551
51a8efd7 1552 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
e73439d8
MH		 1553 hci_sco_setup(conn, status);
1554 }
1555
a9de9248
MH		 1556 hci_dev_unlock(hdev);
1557}
04837f64 1558
a9de9248
MH		 1559static void hci_cs_exit_sniff_mode(struct hci_dev *hdev, __u8 status)
1560{
1561 struct hci_cp_exit_sniff_mode *cp;
1562 struct hci_conn *conn;
04837f64 1563
a9de9248 1564 BT_DBG("%s status 0x%x", hdev->name, status);
04837f64 1565
a9de9248
MH		 1566 if (!status)
1567 return;
04837f64 1568
a9de9248
MH		 1569 cp = hci_sent_cmd_data(hdev, HCI_OP_EXIT_SNIFF_MODE);
1570 if (!cp)
1571 return;
04837f64 1572
a9de9248 1573 hci_dev_lock(hdev);
1da177e4 1574
a9de9248 1575 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
e73439d8 1576 if (conn) {
51a8efd7 1577 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags);
1da177e4 1578
51a8efd7 1579 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
e73439d8
MH		 1580 hci_sco_setup(conn, status);
1581 }
1582
a9de9248 1583 hci_dev_unlock(hdev);
1da177e4
LT		 1584}
1585
88c3df13
JH		 1586static void hci_cs_disconnect(struct hci_dev *hdev, u8 status)
1587{
1588 struct hci_cp_disconnect *cp;
1589 struct hci_conn *conn;
1590
1591 if (!status)
1592 return;
1593
1594 cp = hci_sent_cmd_data(hdev, HCI_OP_DISCONNECT);
1595 if (!cp)
1596 return;
1597
1598 hci_dev_lock(hdev);
1599
1600 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1601 if (conn)
1602 mgmt_disconnect_failed(hdev, &conn->dst, conn->type,
04124681 1603 conn->dst_type, status);
88c3df13
JH		 1604
1605 hci_dev_unlock(hdev);
1606}
1607
fcd89c09
VT		 1608static void hci_cs_le_create_conn(struct hci_dev *hdev, __u8 status)
1609{
1610 struct hci_cp_le_create_conn *cp;
1611 struct hci_conn *conn;
1612
1613 BT_DBG("%s status 0x%x", hdev->name, status);
1614
1615 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_CREATE_CONN);
1616 if (!cp)
1617 return;
1618
1619 hci_dev_lock(hdev);
1620
1621 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->peer_addr);
1622
1623 BT_DBG("%s bdaddr %s conn %p", hdev->name, batostr(&cp->peer_addr),
1624 conn);
1625
1626 if (status) {
1627 if (conn && conn->state == BT_CONNECT) {
1628 conn->state = BT_CLOSED;
1629 hci_proto_connect_cfm(conn, status);
1630 hci_conn_del(conn);
1631 }
1632 } else {
1633 if (!conn) {
1634 conn = hci_conn_add(hdev, LE_LINK, &cp->peer_addr);
29b7988a
AG		 1635 if (conn) {
1636 conn->dst_type = cp->peer_addr_type;
a0c808b3 1637 conn->out = true;
29b7988a 1638 } else {
fcd89c09 1639 BT_ERR("No memory for new connection");
29b7988a 1640 }
fcd89c09
VT		 1641 }
1642 }
1643
1644 hci_dev_unlock(hdev);
1645}
1646
a7a595f6
VCG		 1647static void hci_cs_le_start_enc(struct hci_dev *hdev, u8 status)
1648{
1649 BT_DBG("%s status 0x%x", hdev->name, status);
1650}
1651
1da177e4
LT		 1652static inline void hci_inquiry_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1653{
1654 __u8 status = *((__u8 *) skb->data);
30dc78e1
JH		 1655 struct discovery_state *discov = &hdev->discovery;
1656 struct inquiry_entry *e;
1da177e4
LT		 1657
1658 BT_DBG("%s status %d", hdev->name, status);
1659
23bb5763 1660 hci_req_complete(hdev, HCI_OP_INQUIRY, status);
6bd57416 1661
a9de9248 1662 hci_conn_check_pending(hdev);
89352e7d
AG		 1663
1664 if (!test_and_clear_bit(HCI_INQUIRY, &hdev->flags))
1665 return;
1666
a8b2d5c2 1667 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
30dc78e1
JH		 1668 return;
1669
56e5cb86 1670 hci_dev_lock(hdev);
30dc78e1 1671
343f935b 1672 if (discov->state != DISCOVERY_FINDING)
30dc78e1
JH		 1673 goto unlock;
1674
1675 if (list_empty(&discov->resolve)) {
1676 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1677 goto unlock;
1678 }
1679
1680 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_NEEDED);
1681 if (e && hci_resolve_name(hdev, e) == 0) {
1682 e->name_state = NAME_PENDING;
1683 hci_discovery_set_state(hdev, DISCOVERY_RESOLVING);
1684 } else {
1685 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1686 }
1687
1688unlock:
56e5cb86 1689 hci_dev_unlock(hdev);
1da177e4
LT		 1690}
1691
1da177e4
LT		 1692static inline void hci_inquiry_result_evt(struct hci_dev *hdev, struct sk_buff *skb)
1693{
45bb4bf0 1694 struct inquiry_data data;
a9de9248 1695 struct inquiry_info *info = (void *) (skb->data + 1);
1da177e4
LT		 1696 int num_rsp = *((__u8 *) skb->data);
1697
1698 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
1699
45bb4bf0
MH		 1700 if (!num_rsp)
1701 return;
1702
1da177e4 1703 hci_dev_lock(hdev);
45bb4bf0 1704
e17acd40 1705 for (; num_rsp; num_rsp--, info++) {
388fc8fa 1706 bool name_known, ssp;
3175405b 1707
1da177e4
LT		 1708 bacpy(&data.bdaddr, &info->bdaddr);
1709 data.pscan_rep_mode = info->pscan_rep_mode;
1710 data.pscan_period_mode = info->pscan_period_mode;
1711 data.pscan_mode = info->pscan_mode;
1712 memcpy(data.dev_class, info->dev_class, 3);
1713 data.clock_offset = info->clock_offset;
1714 data.rssi = 0x00;
41a96212 1715 data.ssp_mode = 0x00;
3175405b 1716
388fc8fa 1717 name_known = hci_inquiry_cache_update(hdev, &data, false, &ssp);
48264f06 1718 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
04124681
GP		 1719 info->dev_class, 0, !name_known, ssp, NULL,
1720 0);
1da177e4 1721 }
45bb4bf0 1722
1da177e4
LT		 1723 hci_dev_unlock(hdev);
1724}
1725
1da177e4
LT		 1726static inline void hci_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1727{
a9de9248
MH		 1728 struct hci_ev_conn_complete *ev = (void *) skb->data;
1729 struct hci_conn *conn;
1da177e4
LT		 1730
1731 BT_DBG("%s", hdev->name);
1732
1733 hci_dev_lock(hdev);
1734
1735 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
9499237a
MH		 1736 if (!conn) {
1737 if (ev->link_type != SCO_LINK)
1738 goto unlock;
1739
1740 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
1741 if (!conn)
1742 goto unlock;
1743
1744 conn->type = SCO_LINK;
1745 }
1da177e4
LT		 1746
1747 if (!ev->status) {
1748 conn->handle = __le16_to_cpu(ev->handle);
769be974
MH		 1749
1750 if (conn->type == ACL_LINK) {
1751 conn->state = BT_CONFIG;
1752 hci_conn_hold(conn);
052b30b0 1753 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
769be974
MH		 1754 } else
1755 conn->state = BT_CONNECTED;
1da177e4 1756
9eba32b8 1757 hci_conn_hold_device(conn);
7d0db0a3
MH		 1758 hci_conn_add_sysfs(conn);
1759
1da177e4
LT		 1760 if (test_bit(HCI_AUTH, &hdev->flags))
1761 conn->link_mode |= HCI_LM_AUTH;
1762
1763 if (test_bit(HCI_ENCRYPT, &hdev->flags))
1764 conn->link_mode |= HCI_LM_ENCRYPT;
1765
04837f64
MH		 1766 /* Get remote features */
1767 if (conn->type == ACL_LINK) {
1768 struct hci_cp_read_remote_features cp;
1769 cp.handle = ev->handle;
769be974 1770 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_FEATURES,
04124681 1771 sizeof(cp), &cp);
04837f64
MH		 1772 }
1773
1da177e4 1774 /* Set packet type for incoming connection */
d095c1eb 1775 if (!conn->out && hdev->hci_ver < BLUETOOTH_VER_2_0) {
1da177e4
LT		 1776 struct hci_cp_change_conn_ptype cp;
1777 cp.handle = ev->handle;
a8746417 1778 cp.pkt_type = cpu_to_le16(conn->pkt_type);
04124681
GP		 1779 hci_send_cmd(hdev, HCI_OP_CHANGE_CONN_PTYPE, sizeof(cp),
1780 &cp);
1da177e4 1781 }
17d5c04c 1782 } else {
1da177e4 1783 conn->state = BT_CLOSED;
17d5c04c 1784 if (conn->type == ACL_LINK)
744cf19e 1785 mgmt_connect_failed(hdev, &ev->bdaddr, conn->type,
04124681 1786 conn->dst_type, ev->status);
17d5c04c 1787 }
1da177e4 1788
e73439d8
MH		 1789 if (conn->type == ACL_LINK)
1790 hci_sco_setup(conn, ev->status);
1da177e4 1791
769be974
MH		 1792 if (ev->status) {
1793 hci_proto_connect_cfm(conn, ev->status);
1da177e4 1794 hci_conn_del(conn);
c89b6e6b
MH		 1795 } else if (ev->link_type != ACL_LINK)
1796 hci_proto_connect_cfm(conn, ev->status);
1da177e4 1797
a9de9248 1798unlock:
1da177e4 1799 hci_dev_unlock(hdev);
1da177e4 1800
a9de9248 1801 hci_conn_check_pending(hdev);
1da177e4
LT		 1802}
1803
a9de9248 1804static inline void hci_conn_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 1805{
a9de9248
MH		 1806 struct hci_ev_conn_request *ev = (void *) skb->data;
1807 int mask = hdev->link_mode;
1da177e4 1808
a9de9248
MH		 1809 BT_DBG("%s bdaddr %s type 0x%x", hdev->name,
1810 batostr(&ev->bdaddr), ev->link_type);
1da177e4 1811
a9de9248 1812 mask |= hci_proto_connect_ind(hdev, &ev->bdaddr, ev->link_type);
1da177e4 1813
138d22ef
SJ		 1814 if ((mask & HCI_LM_ACCEPT) &&
1815 !hci_blacklist_lookup(hdev, &ev->bdaddr)) {
a9de9248 1816 /* Connection accepted */
c7bdd502 1817 struct inquiry_entry *ie;
1da177e4 1818 struct hci_conn *conn;
1da177e4 1819
a9de9248 1820 hci_dev_lock(hdev);
b6a0dc82 1821
cc11b9c1
AE		 1822 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
1823 if (ie)
c7bdd502
MH		 1824 memcpy(ie->data.dev_class, ev->dev_class, 3);
1825
a9de9248
MH		 1826 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
1827 if (!conn) {
cc11b9c1
AE		 1828 conn = hci_conn_add(hdev, ev->link_type, &ev->bdaddr);
1829 if (!conn) {
893ef971 1830 BT_ERR("No memory for new connection");
a9de9248
MH		 1831 hci_dev_unlock(hdev);
1832 return;
1da177e4
LT		 1833 }
1834 }
b6a0dc82 1835
a9de9248
MH		 1836 memcpy(conn->dev_class, ev->dev_class, 3);
1837 conn->state = BT_CONNECT;
b6a0dc82 1838
a9de9248 1839 hci_dev_unlock(hdev);
1da177e4 1840
b6a0dc82
MH		 1841 if (ev->link_type == ACL_LINK || !lmp_esco_capable(hdev)) {
1842 struct hci_cp_accept_conn_req cp;
1da177e4 1843
b6a0dc82
MH		 1844 bacpy(&cp.bdaddr, &ev->bdaddr);
1845
1846 if (lmp_rswitch_capable(hdev) && (mask & HCI_LM_MASTER))
1847 cp.role = 0x00; /* Become master */
1848 else
1849 cp.role = 0x01; /* Remain slave */
1850
04124681
GP		 1851 hci_send_cmd(hdev, HCI_OP_ACCEPT_CONN_REQ, sizeof(cp),
1852 &cp);
b6a0dc82
MH		 1853 } else {
1854 struct hci_cp_accept_sync_conn_req cp;
1855
1856 bacpy(&cp.bdaddr, &ev->bdaddr);
a8746417 1857 cp.pkt_type = cpu_to_le16(conn->pkt_type);
b6a0dc82
MH		 1858
1859 cp.tx_bandwidth = cpu_to_le32(0x00001f40);
1860 cp.rx_bandwidth = cpu_to_le32(0x00001f40);
1861 cp.max_latency = cpu_to_le16(0xffff);
1862 cp.content_format = cpu_to_le16(hdev->voice_setting);
1863 cp.retrans_effort = 0xff;
1da177e4 1864
b6a0dc82 1865 hci_send_cmd(hdev, HCI_OP_ACCEPT_SYNC_CONN_REQ,
04124681 1866 sizeof(cp), &cp);
b6a0dc82 1867 }
a9de9248
MH		 1868 } else {
1869 /* Connection rejected */
1870 struct hci_cp_reject_conn_req cp;
1da177e4 1871
a9de9248 1872 bacpy(&cp.bdaddr, &ev->bdaddr);
9f5a0d7b 1873 cp.reason = HCI_ERROR_REJ_BAD_ADDR;
a9de9248 1874 hci_send_cmd(hdev, HCI_OP_REJECT_CONN_REQ, sizeof(cp), &cp);
1da177e4 1875 }
1da177e4
LT		 1876}
1877
a9de9248 1878static inline void hci_disconn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
04837f64 1879{
a9de9248 1880 struct hci_ev_disconn_complete *ev = (void *) skb->data;
04837f64
MH		 1881 struct hci_conn *conn;
1882
1883 BT_DBG("%s status %d", hdev->name, ev->status);
1884
1885 hci_dev_lock(hdev);
1886
1887 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
f7520543
JH		 1888 if (!conn)
1889 goto unlock;
7d0db0a3 1890
37d9ef76
JH		 1891 if (ev->status == 0)
1892 conn->state = BT_CLOSED;
04837f64 1893
b644ba33
JH		 1894 if (test_and_clear_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags) &&
1895 (conn->type == ACL_LINK || conn->type == LE_LINK)) {
37d9ef76 1896 if (ev->status != 0)
88c3df13
JH		 1897 mgmt_disconnect_failed(hdev, &conn->dst, conn->type,
1898 conn->dst_type, ev->status);
37d9ef76 1899 else
afc747a6 1900 mgmt_device_disconnected(hdev, &conn->dst, conn->type,
04124681 1901 conn->dst_type);
37d9ef76 1902 }
f7520543 1903
37d9ef76 1904 if (ev->status == 0) {
6ec5bcad
VA		 1905 if (conn->type == ACL_LINK && conn->flush_key)
1906 hci_remove_link_key(hdev, &conn->dst);
37d9ef76
JH		 1907 hci_proto_disconn_cfm(conn, ev->reason);
1908 hci_conn_del(conn);
1909 }
f7520543
JH		 1910
1911unlock:
04837f64
MH		 1912 hci_dev_unlock(hdev);
1913}
1914
1da177e4
LT		 1915static inline void hci_auth_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1916{
a9de9248 1917 struct hci_ev_auth_complete *ev = (void *) skb->data;
04837f64 1918 struct hci_conn *conn;
1da177e4
LT		 1919
1920 BT_DBG("%s status %d", hdev->name, ev->status);
1921
1922 hci_dev_lock(hdev);
1923
04837f64 1924 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
d7556e20
WR		 1925 if (!conn)
1926 goto unlock;
1927
1928 if (!ev->status) {
aa64a8b5
JH		 1929 if (!hci_conn_ssp_enabled(conn) &&
1930 test_bit(HCI_CONN_REAUTH_PEND, &conn->flags)) {
d7556e20 1931 BT_INFO("re-auth of legacy device is not possible.");
2a611692 1932 } else {
d7556e20
WR		 1933 conn->link_mode |= HCI_LM_AUTH;
1934 conn->sec_level = conn->pending_sec_level;
2a611692 1935 }
d7556e20 1936 } else {
bab73cb6 1937 mgmt_auth_failed(hdev, &conn->dst, conn->type, conn->dst_type,
04124681 1938 ev->status);
d7556e20 1939 }
1da177e4 1940
51a8efd7
JH		 1941 clear_bit(HCI_CONN_AUTH_PEND, &conn->flags);
1942 clear_bit(HCI_CONN_REAUTH_PEND, &conn->flags);
1da177e4 1943
d7556e20 1944 if (conn->state == BT_CONFIG) {
aa64a8b5 1945 if (!ev->status && hci_conn_ssp_enabled(conn)) {
d7556e20
WR		 1946 struct hci_cp_set_conn_encrypt cp;
1947 cp.handle = ev->handle;
1948 cp.encrypt = 0x01;
1949 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
1950 &cp);
052b30b0 1951 } else {
d7556e20
WR		 1952 conn->state = BT_CONNECTED;
1953 hci_proto_connect_cfm(conn, ev->status);
052b30b0
MH		 1954 hci_conn_put(conn);
1955 }
d7556e20
WR		 1956 } else {
1957 hci_auth_cfm(conn, ev->status);
052b30b0 1958
d7556e20
WR		 1959 hci_conn_hold(conn);
1960 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
1961 hci_conn_put(conn);
1962 }
1963
51a8efd7 1964 if (test_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags)) {
d7556e20
WR		 1965 if (!ev->status) {
1966 struct hci_cp_set_conn_encrypt cp;
1967 cp.handle = ev->handle;
1968 cp.encrypt = 0x01;
1969 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
1970 &cp);
1971 } else {
51a8efd7 1972 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
d7556e20 1973 hci_encrypt_cfm(conn, ev->status, 0x00);
1da177e4
LT		 1974 }
1975 }
1976
d7556e20 1977unlock:
1da177e4
LT		 1978 hci_dev_unlock(hdev);
1979}
1980
a9de9248 1981static inline void hci_remote_name_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 1982{
127178d2
JH		 1983 struct hci_ev_remote_name *ev = (void *) skb->data;
1984 struct hci_conn *conn;
1985
a9de9248 1986 BT_DBG("%s", hdev->name);
1da177e4 1987
a9de9248 1988 hci_conn_check_pending(hdev);
127178d2
JH		 1989
1990 hci_dev_lock(hdev);
1991
b644ba33 1992 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
30dc78e1 1993
b644ba33
JH		 1994 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
1995 goto check_auth;
a88a9652 1996
b644ba33
JH		 1997 if (ev->status == 0)
1998 hci_check_pending_name(hdev, conn, &ev->bdaddr, ev->name,
04124681 1999 strnlen(ev->name, HCI_MAX_NAME_LENGTH));
b644ba33
JH		 2000 else
2001 hci_check_pending_name(hdev, conn, &ev->bdaddr, NULL, 0);
2002
2003check_auth:
79c6c70c
JH		 2004 if (!conn)
2005 goto unlock;
2006
2007 if (!hci_outgoing_auth_needed(hdev, conn))
2008 goto unlock;
2009
51a8efd7 2010 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
127178d2
JH		 2011 struct hci_cp_auth_requested cp;
2012 cp.handle = __cpu_to_le16(conn->handle);
2013 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp);
2014 }
2015
79c6c70c 2016unlock:
127178d2 2017 hci_dev_unlock(hdev);
a9de9248
MH		 2018}
2019
2020static inline void hci_encrypt_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2021{
2022 struct hci_ev_encrypt_change *ev = (void *) skb->data;
2023 struct hci_conn *conn;
2024
2025 BT_DBG("%s status %d", hdev->name, ev->status);
1da177e4
LT		 2026
2027 hci_dev_lock(hdev);
2028
04837f64 2029 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1da177e4
LT		 2030 if (conn) {
2031 if (!ev->status) {
ae293196
MH		 2032 if (ev->encrypt) {
2033 /* Encryption implies authentication */
2034 conn->link_mode |= HCI_LM_AUTH;
1da177e4 2035 conn->link_mode |= HCI_LM_ENCRYPT;
da85e5e5 2036 conn->sec_level = conn->pending_sec_level;
ae293196 2037 } else
1da177e4
LT		 2038 conn->link_mode &= ~HCI_LM_ENCRYPT;
2039 }
2040
51a8efd7 2041 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
1da177e4 2042
f8558555
MH		 2043 if (conn->state == BT_CONFIG) {
2044 if (!ev->status)
2045 conn->state = BT_CONNECTED;
2046
2047 hci_proto_connect_cfm(conn, ev->status);
2048 hci_conn_put(conn);
2049 } else
2050 hci_encrypt_cfm(conn, ev->status, ev->encrypt);
1da177e4
LT		 2051 }
2052
2053 hci_dev_unlock(hdev);
2054}
2055
a9de9248 2056static inline void hci_change_link_key_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 2057{
a9de9248 2058 struct hci_ev_change_link_key_complete *ev = (void *) skb->data;
04837f64 2059 struct hci_conn *conn;
1da177e4
LT		 2060
2061 BT_DBG("%s status %d", hdev->name, ev->status);
2062
2063 hci_dev_lock(hdev);
2064
04837f64 2065 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1da177e4
LT		 2066 if (conn) {
2067 if (!ev->status)
2068 conn->link_mode |= HCI_LM_SECURE;
2069
51a8efd7 2070 clear_bit(HCI_CONN_AUTH_PEND, &conn->flags);
1da177e4
LT		 2071
2072 hci_key_change_cfm(conn, ev->status);
2073 }
2074
2075 hci_dev_unlock(hdev);
2076}
2077
a9de9248 2078static inline void hci_remote_features_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 2079{
a9de9248
MH		 2080 struct hci_ev_remote_features *ev = (void *) skb->data;
2081 struct hci_conn *conn;
2082
2083 BT_DBG("%s status %d", hdev->name, ev->status);
2084
a9de9248
MH		 2085 hci_dev_lock(hdev);
2086
2087 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
ccd556fe
JH		 2088 if (!conn)
2089 goto unlock;
769be974 2090
ccd556fe
JH		 2091 if (!ev->status)
2092 memcpy(conn->features, ev->features, 8);
2093
2094 if (conn->state != BT_CONFIG)
2095 goto unlock;
2096
2097 if (!ev->status && lmp_ssp_capable(hdev) && lmp_ssp_capable(conn)) {
2098 struct hci_cp_read_remote_ext_features cp;
2099 cp.handle = ev->handle;
2100 cp.page = 0x01;
2101 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES,
bdb7524a 2102 sizeof(cp), &cp);
392599b9
JH		 2103 goto unlock;
2104 }
2105
127178d2
JH		 2106 if (!ev->status) {
2107 struct hci_cp_remote_name_req cp;
2108 memset(&cp, 0, sizeof(cp));
2109 bacpy(&cp.bdaddr, &conn->dst);
2110 cp.pscan_rep_mode = 0x02;
2111 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
b644ba33
JH		 2112 } else if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
2113 mgmt_device_connected(hdev, &conn->dst, conn->type,
04124681
GP		 2114 conn->dst_type, 0, NULL, 0,
2115 conn->dev_class);
392599b9 2116
127178d2 2117 if (!hci_outgoing_auth_needed(hdev, conn)) {
ccd556fe
JH		 2118 conn->state = BT_CONNECTED;
2119 hci_proto_connect_cfm(conn, ev->status);
2120 hci_conn_put(conn);
769be974 2121 }
a9de9248 2122
ccd556fe 2123unlock:
a9de9248 2124 hci_dev_unlock(hdev);
1da177e4
LT		 2125}
2126
a9de9248 2127static inline void hci_remote_version_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 2128{
a9de9248 2129 BT_DBG("%s", hdev->name);
1da177e4
LT		 2130}
2131
a9de9248 2132static inline void hci_qos_setup_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 2133{
a9de9248 2134 BT_DBG("%s", hdev->name);
1da177e4
LT		 2135}
2136
a9de9248
MH		 2137static inline void hci_cmd_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2138{
2139 struct hci_ev_cmd_complete *ev = (void *) skb->data;
2140 __u16 opcode;
2141
2142 skb_pull(skb, sizeof(*ev));
2143
2144 opcode = __le16_to_cpu(ev->opcode);
2145
2146 switch (opcode) {
2147 case HCI_OP_INQUIRY_CANCEL:
2148 hci_cc_inquiry_cancel(hdev, skb);
2149 break;
2150
2151 case HCI_OP_EXIT_PERIODIC_INQ:
2152 hci_cc_exit_periodic_inq(hdev, skb);
2153 break;
2154
2155 case HCI_OP_REMOTE_NAME_REQ_CANCEL:
2156 hci_cc_remote_name_req_cancel(hdev, skb);
2157 break;
2158
2159 case HCI_OP_ROLE_DISCOVERY:
2160 hci_cc_role_discovery(hdev, skb);
2161 break;
2162
e4e8e37c
MH		 2163 case HCI_OP_READ_LINK_POLICY:
2164 hci_cc_read_link_policy(hdev, skb);
2165 break;
2166
a9de9248
MH		 2167 case HCI_OP_WRITE_LINK_POLICY:
2168 hci_cc_write_link_policy(hdev, skb);
2169 break;
2170
e4e8e37c
MH		 2171 case HCI_OP_READ_DEF_LINK_POLICY:
2172 hci_cc_read_def_link_policy(hdev, skb);
2173 break;
2174
2175 case HCI_OP_WRITE_DEF_LINK_POLICY:
2176 hci_cc_write_def_link_policy(hdev, skb);
2177 break;
2178
a9de9248
MH		 2179 case HCI_OP_RESET:
2180 hci_cc_reset(hdev, skb);
2181 break;
2182
2183 case HCI_OP_WRITE_LOCAL_NAME:
2184 hci_cc_write_local_name(hdev, skb);
2185 break;
2186
2187 case HCI_OP_READ_LOCAL_NAME:
2188 hci_cc_read_local_name(hdev, skb);
2189 break;
2190
2191 case HCI_OP_WRITE_AUTH_ENABLE:
2192 hci_cc_write_auth_enable(hdev, skb);
2193 break;
2194
2195 case HCI_OP_WRITE_ENCRYPT_MODE:
2196 hci_cc_write_encrypt_mode(hdev, skb);
2197 break;
2198
2199 case HCI_OP_WRITE_SCAN_ENABLE:
2200 hci_cc_write_scan_enable(hdev, skb);
2201 break;
2202
2203 case HCI_OP_READ_CLASS_OF_DEV:
2204 hci_cc_read_class_of_dev(hdev, skb);
2205 break;
2206
2207 case HCI_OP_WRITE_CLASS_OF_DEV:
2208 hci_cc_write_class_of_dev(hdev, skb);
2209 break;
2210
2211 case HCI_OP_READ_VOICE_SETTING:
2212 hci_cc_read_voice_setting(hdev, skb);
2213 break;
2214
2215 case HCI_OP_WRITE_VOICE_SETTING:
2216 hci_cc_write_voice_setting(hdev, skb);
2217 break;
2218
2219 case HCI_OP_HOST_BUFFER_SIZE:
2220 hci_cc_host_buffer_size(hdev, skb);
2221 break;
2222
333140b5
MH		 2223 case HCI_OP_WRITE_SSP_MODE:
2224 hci_cc_write_ssp_mode(hdev, skb);
2225 break;
2226
a9de9248
MH		 2227 case HCI_OP_READ_LOCAL_VERSION:
2228 hci_cc_read_local_version(hdev, skb);
2229 break;
2230
2231 case HCI_OP_READ_LOCAL_COMMANDS:
2232 hci_cc_read_local_commands(hdev, skb);
2233 break;
2234
2235 case HCI_OP_READ_LOCAL_FEATURES:
2236 hci_cc_read_local_features(hdev, skb);
2237 break;
2238
971e3a4b
AG		 2239 case HCI_OP_READ_LOCAL_EXT_FEATURES:
2240 hci_cc_read_local_ext_features(hdev, skb);
2241 break;
2242
a9de9248
MH		 2243 case HCI_OP_READ_BUFFER_SIZE:
2244 hci_cc_read_buffer_size(hdev, skb);
2245 break;
2246
2247 case HCI_OP_READ_BD_ADDR:
2248 hci_cc_read_bd_addr(hdev, skb);
2249 break;
2250
350ee4cf
AE		 2251 case HCI_OP_READ_DATA_BLOCK_SIZE:
2252 hci_cc_read_data_block_size(hdev, skb);
2253 break;
2254
23bb5763
JH		 2255 case HCI_OP_WRITE_CA_TIMEOUT:
2256 hci_cc_write_ca_timeout(hdev, skb);
2257 break;
2258
1e89cffb
AE		 2259 case HCI_OP_READ_FLOW_CONTROL_MODE:
2260 hci_cc_read_flow_control_mode(hdev, skb);
2261 break;
2262
928abaa7
AE		 2263 case HCI_OP_READ_LOCAL_AMP_INFO:
2264 hci_cc_read_local_amp_info(hdev, skb);
2265 break;
2266
b0916ea0
JH		 2267 case HCI_OP_DELETE_STORED_LINK_KEY:
2268 hci_cc_delete_stored_link_key(hdev, skb);
2269 break;
2270
d5859e22
JH		 2271 case HCI_OP_SET_EVENT_MASK:
2272 hci_cc_set_event_mask(hdev, skb);
2273 break;
2274
2275 case HCI_OP_WRITE_INQUIRY_MODE:
2276 hci_cc_write_inquiry_mode(hdev, skb);
2277 break;
2278
2279 case HCI_OP_READ_INQ_RSP_TX_POWER:
2280 hci_cc_read_inq_rsp_tx_power(hdev, skb);
2281 break;
2282
2283 case HCI_OP_SET_EVENT_FLT:
2284 hci_cc_set_event_flt(hdev, skb);
2285 break;
2286
980e1a53
JH		 2287 case HCI_OP_PIN_CODE_REPLY:
2288 hci_cc_pin_code_reply(hdev, skb);
2289 break;
2290
2291 case HCI_OP_PIN_CODE_NEG_REPLY:
2292 hci_cc_pin_code_neg_reply(hdev, skb);
2293 break;
2294
c35938b2
SJ		 2295 case HCI_OP_READ_LOCAL_OOB_DATA:
2296 hci_cc_read_local_oob_data_reply(hdev, skb);
2297 break;
2298
6ed58ec5
VT		 2299 case HCI_OP_LE_READ_BUFFER_SIZE:
2300 hci_cc_le_read_buffer_size(hdev, skb);
2301 break;
2302
a5c29683
JH		 2303 case HCI_OP_USER_CONFIRM_REPLY:
2304 hci_cc_user_confirm_reply(hdev, skb);
2305 break;
2306
2307 case HCI_OP_USER_CONFIRM_NEG_REPLY:
2308 hci_cc_user_confirm_neg_reply(hdev, skb);
2309 break;
2310
1143d458
BG		 2311 case HCI_OP_USER_PASSKEY_REPLY:
2312 hci_cc_user_passkey_reply(hdev, skb);
2313 break;
2314
2315 case HCI_OP_USER_PASSKEY_NEG_REPLY:
2316 hci_cc_user_passkey_neg_reply(hdev, skb);
16cde993 2317 break;
07f7fa5d
AG		 2318
2319 case HCI_OP_LE_SET_SCAN_PARAM:
2320 hci_cc_le_set_scan_param(hdev, skb);
1143d458
BG		 2321 break;
2322
eb9d91f5
AG		 2323 case HCI_OP_LE_SET_SCAN_ENABLE:
2324 hci_cc_le_set_scan_enable(hdev, skb);
2325 break;
2326
a7a595f6
VCG		 2327 case HCI_OP_LE_LTK_REPLY:
2328 hci_cc_le_ltk_reply(hdev, skb);
2329 break;
2330
2331 case HCI_OP_LE_LTK_NEG_REPLY:
2332 hci_cc_le_ltk_neg_reply(hdev, skb);
2333 break;
2334
f9b49306
AG		 2335 case HCI_OP_WRITE_LE_HOST_SUPPORTED:
2336 hci_cc_write_le_host_supported(hdev, skb);
2337 break;
2338
a9de9248
MH		 2339 default:
2340 BT_DBG("%s opcode 0x%x", hdev->name, opcode);
2341 break;
2342 }
2343
6bd32326
VT		 2344 if (ev->opcode != HCI_OP_NOP)
2345 del_timer(&hdev->cmd_timer);
2346
a9de9248
MH		 2347 if (ev->ncmd) {
2348 atomic_set(&hdev->cmd_cnt, 1);
2349 if (!skb_queue_empty(&hdev->cmd_q))
c347b765 2350 queue_work(hdev->workqueue, &hdev->cmd_work);
a9de9248
MH		 2351 }
2352}
2353
2354static inline void hci_cmd_status_evt(struct hci_dev *hdev, struct sk_buff *skb)
2355{
2356 struct hci_ev_cmd_status *ev = (void *) skb->data;
2357 __u16 opcode;
2358
2359 skb_pull(skb, sizeof(*ev));
2360
2361 opcode = __le16_to_cpu(ev->opcode);
2362
2363 switch (opcode) {
2364 case HCI_OP_INQUIRY:
2365 hci_cs_inquiry(hdev, ev->status);
2366 break;
2367
2368 case HCI_OP_CREATE_CONN:
2369 hci_cs_create_conn(hdev, ev->status);
2370 break;
2371
2372 case HCI_OP_ADD_SCO:
2373 hci_cs_add_sco(hdev, ev->status);
2374 break;
2375
f8558555
MH		 2376 case HCI_OP_AUTH_REQUESTED:
2377 hci_cs_auth_requested(hdev, ev->status);
2378 break;
2379
2380 case HCI_OP_SET_CONN_ENCRYPT:
2381 hci_cs_set_conn_encrypt(hdev, ev->status);
2382 break;
2383
a9de9248
MH		 2384 case HCI_OP_REMOTE_NAME_REQ:
2385 hci_cs_remote_name_req(hdev, ev->status);
2386 break;
2387
769be974
MH		 2388 case HCI_OP_READ_REMOTE_FEATURES:
2389 hci_cs_read_remote_features(hdev, ev->status);
2390 break;
2391
2392 case HCI_OP_READ_REMOTE_EXT_FEATURES:
2393 hci_cs_read_remote_ext_features(hdev, ev->status);
2394 break;
2395
a9de9248
MH		 2396 case HCI_OP_SETUP_SYNC_CONN:
2397 hci_cs_setup_sync_conn(hdev, ev->status);
2398 break;
2399
2400 case HCI_OP_SNIFF_MODE:
2401 hci_cs_sniff_mode(hdev, ev->status);
2402 break;
2403
2404 case HCI_OP_EXIT_SNIFF_MODE:
2405 hci_cs_exit_sniff_mode(hdev, ev->status);
2406 break;
2407
8962ee74 2408 case HCI_OP_DISCONNECT:
88c3df13 2409 hci_cs_disconnect(hdev, ev->status);
8962ee74
JH		 2410 break;
2411
fcd89c09
VT		 2412 case HCI_OP_LE_CREATE_CONN:
2413 hci_cs_le_create_conn(hdev, ev->status);
2414 break;
2415
a7a595f6
VCG		 2416 case HCI_OP_LE_START_ENC:
2417 hci_cs_le_start_enc(hdev, ev->status);
2418 break;
2419
a9de9248
MH		 2420 default:
2421 BT_DBG("%s opcode 0x%x", hdev->name, opcode);
2422 break;
2423 }
2424
6bd32326
VT		 2425 if (ev->opcode != HCI_OP_NOP)
2426 del_timer(&hdev->cmd_timer);
2427
10572132 2428 if (ev->ncmd && !test_bit(HCI_RESET, &hdev->flags)) {
a9de9248
MH		 2429 atomic_set(&hdev->cmd_cnt, 1);
2430 if (!skb_queue_empty(&hdev->cmd_q))
c347b765 2431 queue_work(hdev->workqueue, &hdev->cmd_work);
a9de9248
MH		 2432 }
2433}
2434
2435static inline void hci_role_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2436{
2437 struct hci_ev_role_change *ev = (void *) skb->data;
2438 struct hci_conn *conn;
2439
2440 BT_DBG("%s status %d", hdev->name, ev->status);
2441
2442 hci_dev_lock(hdev);
2443
2444 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2445 if (conn) {
2446 if (!ev->status) {
2447 if (ev->role)
2448 conn->link_mode &= ~HCI_LM_MASTER;
2449 else
2450 conn->link_mode |= HCI_LM_MASTER;
2451 }
2452
51a8efd7 2453 clear_bit(HCI_CONN_RSWITCH_PEND, &conn->flags);
a9de9248
MH		 2454
2455 hci_role_switch_cfm(conn, ev->status, ev->role);
2456 }
2457
2458 hci_dev_unlock(hdev);
2459}
2460
2461static inline void hci_num_comp_pkts_evt(struct hci_dev *hdev, struct sk_buff *skb)
2462{
2463 struct hci_ev_num_comp_pkts *ev = (void *) skb->data;
a9de9248
MH		 2464 int i;
2465
32ac5b9b
AE		 2466 if (hdev->flow_ctl_mode != HCI_FLOW_CTL_MODE_PACKET_BASED) {
2467 BT_ERR("Wrong event for mode %d", hdev->flow_ctl_mode);
2468 return;
2469 }
2470
c5993de8
AE		 2471 if (skb->len < sizeof(*ev) || skb->len < sizeof(*ev) +
2472 ev->num_hndl * sizeof(struct hci_comp_pkts_info)) {
a9de9248
MH		 2473 BT_DBG("%s bad parameters", hdev->name);
2474 return;
2475 }
2476
c5993de8
AE		 2477 BT_DBG("%s num_hndl %d", hdev->name, ev->num_hndl);
2478
613a1c0c
AE		 2479 for (i = 0; i < ev->num_hndl; i++) {
2480 struct hci_comp_pkts_info *info = &ev->handles[i];
a9de9248
MH		 2481 struct hci_conn *conn;
2482 __u16 handle, count;
2483
613a1c0c
AE		 2484 handle = __le16_to_cpu(info->handle);
2485 count = __le16_to_cpu(info->count);
a9de9248
MH		 2486
2487 conn = hci_conn_hash_lookup_handle(hdev, handle);
f4280918
AE		 2488 if (!conn)
2489 continue;
2490
2491 conn->sent -= count;
2492
2493 switch (conn->type) {
2494 case ACL_LINK:
2495 hdev->acl_cnt += count;
2496 if (hdev->acl_cnt > hdev->acl_pkts)
2497 hdev->acl_cnt = hdev->acl_pkts;
2498 break;
2499
2500 case LE_LINK:
2501 if (hdev->le_pkts) {
2502 hdev->le_cnt += count;
2503 if (hdev->le_cnt > hdev->le_pkts)
2504 hdev->le_cnt = hdev->le_pkts;
2505 } else {
70f23020
AE		 2506 hdev->acl_cnt += count;
2507 if (hdev->acl_cnt > hdev->acl_pkts)
a9de9248 2508 hdev->acl_cnt = hdev->acl_pkts;
a9de9248 2509 }
f4280918
AE		 2510 break;
2511
2512 case SCO_LINK:
2513 hdev->sco_cnt += count;
2514 if (hdev->sco_cnt > hdev->sco_pkts)
2515 hdev->sco_cnt = hdev->sco_pkts;
2516 break;
2517
2518 default:
2519 BT_ERR("Unknown type %d conn %p", conn->type, conn);
2520 break;
a9de9248
MH		 2521 }
2522 }
2523
3eff45ea 2524 queue_work(hdev->workqueue, &hdev->tx_work);
a9de9248
MH		 2525}
2526
25e89e99 2527static inline void hci_num_comp_blocks_evt(struct hci_dev *hdev,
04124681 2528 struct sk_buff *skb)
25e89e99
AE		 2529{
2530 struct hci_ev_num_comp_blocks *ev = (void *) skb->data;
2531 int i;
2532
2533 if (hdev->flow_ctl_mode != HCI_FLOW_CTL_MODE_BLOCK_BASED) {
2534 BT_ERR("Wrong event for mode %d", hdev->flow_ctl_mode);
2535 return;
2536 }
2537
2538 if (skb->len < sizeof(*ev) || skb->len < sizeof(*ev) +
2539 ev->num_hndl * sizeof(struct hci_comp_blocks_info)) {
2540 BT_DBG("%s bad parameters", hdev->name);
2541 return;
2542 }
2543
2544 BT_DBG("%s num_blocks %d num_hndl %d", hdev->name, ev->num_blocks,
2545 ev->num_hndl);
2546
2547 for (i = 0; i < ev->num_hndl; i++) {
2548 struct hci_comp_blocks_info *info = &ev->handles[i];
2549 struct hci_conn *conn;
2550 __u16 handle, block_count;
2551
2552 handle = __le16_to_cpu(info->handle);
2553 block_count = __le16_to_cpu(info->blocks);
2554
2555 conn = hci_conn_hash_lookup_handle(hdev, handle);
2556 if (!conn)
2557 continue;
2558
2559 conn->sent -= block_count;
2560
2561 switch (conn->type) {
2562 case ACL_LINK:
2563 hdev->block_cnt += block_count;
2564 if (hdev->block_cnt > hdev->num_blocks)
2565 hdev->block_cnt = hdev->num_blocks;
2566 break;
2567
2568 default:
2569 BT_ERR("Unknown type %d conn %p", conn->type, conn);
2570 break;
2571 }
2572 }
2573
2574 queue_work(hdev->workqueue, &hdev->tx_work);
2575}
2576
a9de9248 2577static inline void hci_mode_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
04837f64 2578{
a9de9248 2579 struct hci_ev_mode_change *ev = (void *) skb->data;
04837f64
MH		 2580 struct hci_conn *conn;
2581
2582 BT_DBG("%s status %d", hdev->name, ev->status);
2583
2584 hci_dev_lock(hdev);
2585
2586 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
a9de9248
MH		 2587 if (conn) {
2588 conn->mode = ev->mode;
2589 conn->interval = __le16_to_cpu(ev->interval);
2590
51a8efd7 2591 if (!test_and_clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags)) {
a9de9248 2592 if (conn->mode == HCI_CM_ACTIVE)
58a681ef 2593 set_bit(HCI_CONN_POWER_SAVE, &conn->flags);
a9de9248 2594 else
58a681ef 2595 clear_bit(HCI_CONN_POWER_SAVE, &conn->flags);
a9de9248 2596 }
e73439d8 2597
51a8efd7 2598 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
e73439d8 2599 hci_sco_setup(conn, ev->status);
04837f64
MH		 2600 }
2601
2602 hci_dev_unlock(hdev);
2603}
2604
a9de9248
MH		 2605static inline void hci_pin_code_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
2606{
052b30b0
MH		 2607 struct hci_ev_pin_code_req *ev = (void *) skb->data;
2608 struct hci_conn *conn;
2609
a9de9248 2610 BT_DBG("%s", hdev->name);
052b30b0
MH		 2611
2612 hci_dev_lock(hdev);
2613
2614 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
b6f98044
WR		 2615 if (!conn)
2616 goto unlock;
2617
2618 if (conn->state == BT_CONNECTED) {
052b30b0
MH		 2619 hci_conn_hold(conn);
2620 conn->disc_timeout = HCI_PAIRING_TIMEOUT;
2621 hci_conn_put(conn);
2622 }
2623
a8b2d5c2 2624 if (!test_bit(HCI_PAIRABLE, &hdev->dev_flags))
03b555e1
JH		 2625 hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
2626 sizeof(ev->bdaddr), &ev->bdaddr);
a8b2d5c2 2627 else if (test_bit(HCI_MGMT, &hdev->dev_flags)) {
a770bb5a
WR		 2628 u8 secure;
2629
2630 if (conn->pending_sec_level == BT_SECURITY_HIGH)
2631 secure = 1;
2632 else
2633 secure = 0;
2634
744cf19e 2635 mgmt_pin_code_request(hdev, &ev->bdaddr, secure);
a770bb5a 2636 }
980e1a53 2637
b6f98044 2638unlock:
052b30b0 2639 hci_dev_unlock(hdev);
a9de9248
MH		 2640}
2641
2642static inline void hci_link_key_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
2643{
55ed8ca1
JH		 2644 struct hci_ev_link_key_req *ev = (void *) skb->data;
2645 struct hci_cp_link_key_reply cp;
2646 struct hci_conn *conn;
2647 struct link_key *key;
2648
a9de9248 2649 BT_DBG("%s", hdev->name);
55ed8ca1 2650
a8b2d5c2 2651 if (!test_bit(HCI_LINK_KEYS, &hdev->dev_flags))
55ed8ca1
JH		 2652 return;
2653
2654 hci_dev_lock(hdev);
2655
2656 key = hci_find_link_key(hdev, &ev->bdaddr);
2657 if (!key) {
2658 BT_DBG("%s link key not found for %s", hdev->name,
2659 batostr(&ev->bdaddr));
2660 goto not_found;
2661 }
2662
2663 BT_DBG("%s found key type %u for %s", hdev->name, key->type,
2664 batostr(&ev->bdaddr));
2665
a8b2d5c2 2666 if (!test_bit(HCI_DEBUG_KEYS, &hdev->dev_flags) &&
b6020ba0 2667 key->type == HCI_LK_DEBUG_COMBINATION) {
55ed8ca1
JH		 2668 BT_DBG("%s ignoring debug key", hdev->name);
2669 goto not_found;
2670 }
2671
2672 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
60b83f57
WR		 2673 if (conn) {
2674 if (key->type == HCI_LK_UNAUTH_COMBINATION &&
2675 conn->auth_type != 0xff &&
2676 (conn->auth_type & 0x01)) {
2677 BT_DBG("%s ignoring unauthenticated key", hdev->name);
2678 goto not_found;
2679 }
55ed8ca1 2680
60b83f57
WR		 2681 if (key->type == HCI_LK_COMBINATION && key->pin_len < 16 &&
2682 conn->pending_sec_level == BT_SECURITY_HIGH) {
2683 BT_DBG("%s ignoring key unauthenticated for high \
2684 security", hdev->name);
2685 goto not_found;
2686 }
2687
2688 conn->key_type = key->type;
2689 conn->pin_length = key->pin_len;
55ed8ca1
JH		 2690 }
2691
2692 bacpy(&cp.bdaddr, &ev->bdaddr);
2693 memcpy(cp.link_key, key->val, 16);
2694
2695 hci_send_cmd(hdev, HCI_OP_LINK_KEY_REPLY, sizeof(cp), &cp);
2696
2697 hci_dev_unlock(hdev);
2698
2699 return;
2700
2701not_found:
2702 hci_send_cmd(hdev, HCI_OP_LINK_KEY_NEG_REPLY, 6, &ev->bdaddr);
2703 hci_dev_unlock(hdev);
a9de9248
MH		 2704}
2705
2706static inline void hci_link_key_notify_evt(struct hci_dev *hdev, struct sk_buff *skb)
2707{
052b30b0
MH		 2708 struct hci_ev_link_key_notify *ev = (void *) skb->data;
2709 struct hci_conn *conn;
55ed8ca1 2710 u8 pin_len = 0;
052b30b0 2711
a9de9248 2712 BT_DBG("%s", hdev->name);
052b30b0
MH		 2713
2714 hci_dev_lock(hdev);
2715
2716 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2717 if (conn) {
2718 hci_conn_hold(conn);
2719 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
980e1a53 2720 pin_len = conn->pin_length;
13d39315
WR		 2721
2722 if (ev->key_type != HCI_LK_CHANGED_COMBINATION)
2723 conn->key_type = ev->key_type;
2724
052b30b0
MH		 2725 hci_conn_put(conn);
2726 }
2727
a8b2d5c2 2728 if (test_bit(HCI_LINK_KEYS, &hdev->dev_flags))
d25e28ab 2729 hci_add_link_key(hdev, conn, 1, &ev->bdaddr, ev->link_key,
55ed8ca1
JH		 2730 ev->key_type, pin_len);
2731
052b30b0 2732 hci_dev_unlock(hdev);
a9de9248
MH		 2733}
2734
1da177e4
LT		 2735static inline void hci_clock_offset_evt(struct hci_dev *hdev, struct sk_buff *skb)
2736{
a9de9248 2737 struct hci_ev_clock_offset *ev = (void *) skb->data;
04837f64 2738 struct hci_conn *conn;
1da177e4
LT		 2739
2740 BT_DBG("%s status %d", hdev->name, ev->status);
2741
2742 hci_dev_lock(hdev);
2743
04837f64 2744 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1da177e4
LT		 2745 if (conn && !ev->status) {
2746 struct inquiry_entry *ie;
2747
cc11b9c1
AE		 2748 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
2749 if (ie) {
1da177e4
LT		 2750 ie->data.clock_offset = ev->clock_offset;
2751 ie->timestamp = jiffies;
2752 }
2753 }
2754
2755 hci_dev_unlock(hdev);
2756}
2757
a8746417
MH		 2758static inline void hci_pkt_type_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2759{
2760 struct hci_ev_pkt_type_change *ev = (void *) skb->data;
2761 struct hci_conn *conn;
2762
2763 BT_DBG("%s status %d", hdev->name, ev->status);
2764
2765 hci_dev_lock(hdev);
2766
2767 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2768 if (conn && !ev->status)
2769 conn->pkt_type = __le16_to_cpu(ev->pkt_type);
2770
2771 hci_dev_unlock(hdev);
2772}
2773
85a1e930
MH		 2774static inline void hci_pscan_rep_mode_evt(struct hci_dev *hdev, struct sk_buff *skb)
2775{
a9de9248 2776 struct hci_ev_pscan_rep_mode *ev = (void *) skb->data;
85a1e930
MH		 2777 struct inquiry_entry *ie;
2778
2779 BT_DBG("%s", hdev->name);
2780
2781 hci_dev_lock(hdev);
2782
cc11b9c1
AE		 2783 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
2784 if (ie) {
85a1e930
MH		 2785 ie->data.pscan_rep_mode = ev->pscan_rep_mode;
2786 ie->timestamp = jiffies;
2787 }
2788
2789 hci_dev_unlock(hdev);
2790}
2791
a9de9248
MH		 2792static inline void hci_inquiry_result_with_rssi_evt(struct hci_dev *hdev, struct sk_buff *skb)
2793{
2794 struct inquiry_data data;
2795 int num_rsp = *((__u8 *) skb->data);
388fc8fa 2796 bool name_known, ssp;
a9de9248
MH		 2797
2798 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
2799
2800 if (!num_rsp)
2801 return;
2802
2803 hci_dev_lock(hdev);
2804
2805 if ((skb->len - 1) / num_rsp != sizeof(struct inquiry_info_with_rssi)) {
138d22ef
SJ		 2806 struct inquiry_info_with_rssi_and_pscan_mode *info;
2807 info = (void *) (skb->data + 1);
a9de9248 2808
e17acd40 2809 for (; num_rsp; num_rsp--, info++) {
a9de9248
MH		 2810 bacpy(&data.bdaddr, &info->bdaddr);
2811 data.pscan_rep_mode = info->pscan_rep_mode;
2812 data.pscan_period_mode = info->pscan_period_mode;
2813 data.pscan_mode = info->pscan_mode;
2814 memcpy(data.dev_class, info->dev_class, 3);
2815 data.clock_offset = info->clock_offset;
2816 data.rssi = info->rssi;
41a96212 2817 data.ssp_mode = 0x00;
3175405b
JH		 2818
2819 name_known = hci_inquiry_cache_update(hdev, &data,
04124681 2820 false, &ssp);
48264f06 2821 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
04124681
GP		 2822 info->dev_class, info->rssi,
2823 !name_known, ssp, NULL, 0);
a9de9248
MH		 2824 }
2825 } else {
2826 struct inquiry_info_with_rssi *info = (void *) (skb->data + 1);
2827
e17acd40 2828 for (; num_rsp; num_rsp--, info++) {
a9de9248
MH		 2829 bacpy(&data.bdaddr, &info->bdaddr);
2830 data.pscan_rep_mode = info->pscan_rep_mode;
2831 data.pscan_period_mode = info->pscan_period_mode;
2832 data.pscan_mode = 0x00;
2833 memcpy(data.dev_class, info->dev_class, 3);
2834 data.clock_offset = info->clock_offset;
2835 data.rssi = info->rssi;
41a96212 2836 data.ssp_mode = 0x00;
3175405b 2837 name_known = hci_inquiry_cache_update(hdev, &data,
04124681 2838 false, &ssp);
48264f06 2839 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
04124681
GP		 2840 info->dev_class, info->rssi,
2841 !name_known, ssp, NULL, 0);
a9de9248
MH		 2842 }
2843 }
2844
2845 hci_dev_unlock(hdev);
2846}
2847
2848static inline void hci_remote_ext_features_evt(struct hci_dev *hdev, struct sk_buff *skb)
2849{
41a96212
MH		 2850 struct hci_ev_remote_ext_features *ev = (void *) skb->data;
2851 struct hci_conn *conn;
2852
a9de9248 2853 BT_DBG("%s", hdev->name);
41a96212 2854
41a96212
MH		 2855 hci_dev_lock(hdev);
2856
2857 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
ccd556fe
JH		 2858 if (!conn)
2859 goto unlock;
41a96212 2860
ccd556fe
JH		 2861 if (!ev->status && ev->page == 0x01) {
2862 struct inquiry_entry *ie;
41a96212 2863
cc11b9c1
AE		 2864 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
2865 if (ie)
02b7cc62 2866 ie->data.ssp_mode = (ev->features[0] & LMP_HOST_SSP);
769be974 2867
02b7cc62 2868 if (ev->features[0] & LMP_HOST_SSP)
58a681ef 2869 set_bit(HCI_CONN_SSP_ENABLED, &conn->flags);
ccd556fe
JH		 2870 }
2871
2872 if (conn->state != BT_CONFIG)
2873 goto unlock;
2874
127178d2
JH		 2875 if (!ev->status) {
2876 struct hci_cp_remote_name_req cp;
2877 memset(&cp, 0, sizeof(cp));
2878 bacpy(&cp.bdaddr, &conn->dst);
2879 cp.pscan_rep_mode = 0x02;
2880 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
b644ba33
JH		 2881 } else if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
2882 mgmt_device_connected(hdev, &conn->dst, conn->type,
04124681
GP		 2883 conn->dst_type, 0, NULL, 0,
2884 conn->dev_class);
392599b9 2885
127178d2 2886 if (!hci_outgoing_auth_needed(hdev, conn)) {
ccd556fe
JH		 2887 conn->state = BT_CONNECTED;
2888 hci_proto_connect_cfm(conn, ev->status);
2889 hci_conn_put(conn);
41a96212
MH		 2890 }
2891
ccd556fe 2892unlock:
41a96212 2893 hci_dev_unlock(hdev);
a9de9248
MH		 2894}
2895
2896static inline void hci_sync_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2897{
b6a0dc82
MH		 2898 struct hci_ev_sync_conn_complete *ev = (void *) skb->data;
2899 struct hci_conn *conn;
2900
2901 BT_DBG("%s status %d", hdev->name, ev->status);
2902
2903 hci_dev_lock(hdev);
2904
2905 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
9dc0a3af
MH		 2906 if (!conn) {
2907 if (ev->link_type == ESCO_LINK)
2908 goto unlock;
2909
2910 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
2911 if (!conn)
2912 goto unlock;
2913
2914 conn->type = SCO_LINK;
2915 }
b6a0dc82 2916
732547f9
MH		 2917 switch (ev->status) {
2918 case 0x00:
b6a0dc82
MH		 2919 conn->handle = __le16_to_cpu(ev->handle);
2920 conn->state = BT_CONNECTED;
7d0db0a3 2921
9eba32b8 2922 hci_conn_hold_device(conn);
7d0db0a3 2923 hci_conn_add_sysfs(conn);
732547f9
MH		 2924 break;
2925
705e5711 2926 case 0x11: /* Unsupported Feature or Parameter Value */
732547f9 2927 case 0x1c: /* SCO interval rejected */
1038a00b 2928 case 0x1a: /* Unsupported Remote Feature */
732547f9
MH		 2929 case 0x1f: /* Unspecified error */
2930 if (conn->out && conn->attempt < 2) {
2931 conn->pkt_type = (hdev->esco_type & SCO_ESCO_MASK) |
2932 (hdev->esco_type & EDR_ESCO_MASK);
2933 hci_setup_sync(conn, conn->link->handle);
2934 goto unlock;
2935 }
2936 /* fall through */
2937
2938 default:
b6a0dc82 2939 conn->state = BT_CLOSED;
732547f9
MH		 2940 break;
2941 }
b6a0dc82
MH		 2942
2943 hci_proto_connect_cfm(conn, ev->status);
2944 if (ev->status)
2945 hci_conn_del(conn);
2946
2947unlock:
2948 hci_dev_unlock(hdev);
a9de9248
MH		 2949}
2950
2951static inline void hci_sync_conn_changed_evt(struct hci_dev *hdev, struct sk_buff *skb)
2952{
2953 BT_DBG("%s", hdev->name);
2954}
2955
04837f64
MH		 2956static inline void hci_sniff_subrate_evt(struct hci_dev *hdev, struct sk_buff *skb)
2957{
a9de9248 2958 struct hci_ev_sniff_subrate *ev = (void *) skb->data;
04837f64
MH		 2959
2960 BT_DBG("%s status %d", hdev->name, ev->status);
04837f64
MH		 2961}
2962
a9de9248 2963static inline void hci_extended_inquiry_result_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 2964{
a9de9248
MH		 2965 struct inquiry_data data;
2966 struct extended_inquiry_info *info = (void *) (skb->data + 1);
2967 int num_rsp = *((__u8 *) skb->data);
1da177e4 2968
a9de9248 2969 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
1da177e4 2970
a9de9248
MH		 2971 if (!num_rsp)
2972 return;
1da177e4 2973
a9de9248
MH		 2974 hci_dev_lock(hdev);
2975
e17acd40 2976 for (; num_rsp; num_rsp--, info++) {
388fc8fa 2977 bool name_known, ssp;
561aafbc 2978
a9de9248 2979 bacpy(&data.bdaddr, &info->bdaddr);
138d22ef
SJ		 2980 data.pscan_rep_mode = info->pscan_rep_mode;
2981 data.pscan_period_mode = info->pscan_period_mode;
2982 data.pscan_mode = 0x00;
a9de9248 2983 memcpy(data.dev_class, info->dev_class, 3);
138d22ef
SJ		 2984 data.clock_offset = info->clock_offset;
2985 data.rssi = info->rssi;
41a96212 2986 data.ssp_mode = 0x01;
561aafbc 2987
a8b2d5c2 2988 if (test_bit(HCI_MGMT, &hdev->dev_flags))
4ddb1930 2989 name_known = eir_has_data_type(info->data,
04124681
GP		 2990 sizeof(info->data),
2991 EIR_NAME_COMPLETE);
561aafbc
JH		 2992 else
2993 name_known = true;
2994
388fc8fa 2995 name_known = hci_inquiry_cache_update(hdev, &data, name_known,
04124681 2996 &ssp);
48264f06 2997 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
04124681
GP		 2998 info->dev_class, info->rssi, !name_known,
2999 ssp, info->data, sizeof(info->data));
a9de9248
MH		 3000 }
3001
3002 hci_dev_unlock(hdev);
3003}
1da177e4 3004
17fa4b9d
JH		 3005static inline u8 hci_get_auth_req(struct hci_conn *conn)
3006{
3007 /* If remote requests dedicated bonding follow that lead */
3008 if (conn->remote_auth == 0x02 || conn->remote_auth == 0x03) {
3009 /* If both remote and local IO capabilities allow MITM
3010 * protection then require it, otherwise don't */
3011 if (conn->remote_cap == 0x03 || conn->io_capability == 0x03)
3012 return 0x02;
3013 else
3014 return 0x03;
3015 }
3016
3017 /* If remote requests no-bonding follow that lead */
3018 if (conn->remote_auth == 0x00 || conn->remote_auth == 0x01)
58797bf7 3019 return conn->remote_auth | (conn->auth_type & 0x01);
17fa4b9d
JH		 3020
3021 return conn->auth_type;
3022}
3023
0493684e
MH		 3024static inline void hci_io_capa_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
3025{
3026 struct hci_ev_io_capa_request *ev = (void *) skb->data;
3027 struct hci_conn *conn;
3028
3029 BT_DBG("%s", hdev->name);
3030
3031 hci_dev_lock(hdev);
3032
3033 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
03b555e1
JH		 3034 if (!conn)
3035 goto unlock;
3036
3037 hci_conn_hold(conn);
3038
a8b2d5c2 3039 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
03b555e1
JH		 3040 goto unlock;
3041
a8b2d5c2 3042 if (test_bit(HCI_PAIRABLE, &hdev->dev_flags) ||
03b555e1 3043 (conn->remote_auth & ~0x01) == HCI_AT_NO_BONDING) {
17fa4b9d
JH		 3044 struct hci_cp_io_capability_reply cp;
3045
3046 bacpy(&cp.bdaddr, &ev->bdaddr);
7a7f1e7c
HG		 3047 /* Change the IO capability from KeyboardDisplay
3048 * to DisplayYesNo as it is not supported by BT spec. */
3049 cp.capability = (conn->io_capability == 0x04) ?
3050 0x01 : conn->io_capability;
7cbc9bd9
JH		 3051 conn->auth_type = hci_get_auth_req(conn);
3052 cp.authentication = conn->auth_type;
17fa4b9d 3053
58a681ef 3054 if ((conn->out || test_bit(HCI_CONN_REMOTE_OOB, &conn->flags)) &&
ce85ee13
SJ		 3055 hci_find_remote_oob_data(hdev, &conn->dst))
3056 cp.oob_data = 0x01;
3057 else
3058 cp.oob_data = 0x00;
3059
17fa4b9d
JH		 3060 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_REPLY,
3061 sizeof(cp), &cp);
03b555e1
JH		 3062 } else {
3063 struct hci_cp_io_capability_neg_reply cp;
3064
3065 bacpy(&cp.bdaddr, &ev->bdaddr);
9f5a0d7b 3066 cp.reason = HCI_ERROR_PAIRING_NOT_ALLOWED;
0493684e 3067
03b555e1
JH		 3068 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_NEG_REPLY,
3069 sizeof(cp), &cp);
3070 }
3071
3072unlock:
3073 hci_dev_unlock(hdev);
3074}
3075
3076static inline void hci_io_capa_reply_evt(struct hci_dev *hdev, struct sk_buff *skb)
3077{
3078 struct hci_ev_io_capa_reply *ev = (void *) skb->data;
3079 struct hci_conn *conn;
3080
3081 BT_DBG("%s", hdev->name);
3082
3083 hci_dev_lock(hdev);
3084
3085 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3086 if (!conn)
3087 goto unlock;
3088
03b555e1 3089 conn->remote_cap = ev->capability;
03b555e1 3090 conn->remote_auth = ev->authentication;
58a681ef
JH		 3091 if (ev->oob_data)
3092 set_bit(HCI_CONN_REMOTE_OOB, &conn->flags);
03b555e1
JH		 3093
3094unlock:
0493684e
MH		 3095 hci_dev_unlock(hdev);
3096}
3097
a5c29683
JH		 3098static inline void hci_user_confirm_request_evt(struct hci_dev *hdev,
3099 struct sk_buff *skb)
3100{
3101 struct hci_ev_user_confirm_req *ev = (void *) skb->data;
55bc1a37 3102 int loc_mitm, rem_mitm, confirm_hint = 0;
7a828908 3103 struct hci_conn *conn;
a5c29683
JH		 3104
3105 BT_DBG("%s", hdev->name);
3106
3107 hci_dev_lock(hdev);
3108
a8b2d5c2 3109 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
7a828908 3110 goto unlock;
a5c29683 3111
7a828908
JH		 3112 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3113 if (!conn)
3114 goto unlock;
3115
3116 loc_mitm = (conn->auth_type & 0x01);
3117 rem_mitm = (conn->remote_auth & 0x01);
3118
3119 /* If we require MITM but the remote device can't provide that
3120 * (it has NoInputNoOutput) then reject the confirmation
3121 * request. The only exception is when we're dedicated bonding
3122 * initiators (connect_cfm_cb set) since then we always have the MITM
3123 * bit set. */
3124 if (!conn->connect_cfm_cb && loc_mitm && conn->remote_cap == 0x03) {
3125 BT_DBG("Rejecting request: remote device can't provide MITM");
3126 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_NEG_REPLY,
3127 sizeof(ev->bdaddr), &ev->bdaddr);
3128 goto unlock;
3129 }
3130
3131 /* If no side requires MITM protection; auto-accept */
3132 if ((!loc_mitm || conn->remote_cap == 0x03) &&
3133 (!rem_mitm || conn->io_capability == 0x03)) {
55bc1a37
JH		 3134
3135 /* If we're not the initiators request authorization to
3136 * proceed from user space (mgmt_user_confirm with
3137 * confirm_hint set to 1). */
51a8efd7 3138 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
55bc1a37
JH		 3139 BT_DBG("Confirming auto-accept as acceptor");
3140 confirm_hint = 1;
3141 goto confirm;
3142 }
3143
9f61656a
JH		 3144 BT_DBG("Auto-accept of user confirmation with %ums delay",
3145 hdev->auto_accept_delay);
3146
3147 if (hdev->auto_accept_delay > 0) {
3148 int delay = msecs_to_jiffies(hdev->auto_accept_delay);
3149 mod_timer(&conn->auto_accept_timer, jiffies + delay);
3150 goto unlock;
3151 }
3152
7a828908
JH		 3153 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_REPLY,
3154 sizeof(ev->bdaddr), &ev->bdaddr);
3155 goto unlock;
3156 }
3157
55bc1a37 3158confirm:
272d90df 3159 mgmt_user_confirm_request(hdev, &ev->bdaddr, ACL_LINK, 0, ev->passkey,
04124681 3160 confirm_hint);
7a828908
JH		 3161
3162unlock:
a5c29683
JH		 3163 hci_dev_unlock(hdev);
3164}
3165
1143d458
BG		 3166static inline void hci_user_passkey_request_evt(struct hci_dev *hdev,
3167 struct sk_buff *skb)
3168{
3169 struct hci_ev_user_passkey_req *ev = (void *) skb->data;
3170
3171 BT_DBG("%s", hdev->name);
3172
3173 hci_dev_lock(hdev);
3174
a8b2d5c2 3175 if (test_bit(HCI_MGMT, &hdev->dev_flags))
272d90df 3176 mgmt_user_passkey_request(hdev, &ev->bdaddr, ACL_LINK, 0);
1143d458
BG		 3177
3178 hci_dev_unlock(hdev);
3179}
3180
0493684e
MH		 3181static inline void hci_simple_pair_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
3182{
3183 struct hci_ev_simple_pair_complete *ev = (void *) skb->data;
3184 struct hci_conn *conn;
3185
3186 BT_DBG("%s", hdev->name);
3187
3188 hci_dev_lock(hdev);
3189
3190 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2a611692
JH		 3191 if (!conn)
3192 goto unlock;
3193
3194 /* To avoid duplicate auth_failed events to user space we check
3195 * the HCI_CONN_AUTH_PEND flag which will be set if we
3196 * initiated the authentication. A traditional auth_complete
3197 * event gets always produced as initiator and is also mapped to
3198 * the mgmt_auth_failed event */
51a8efd7 3199 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->flags) && ev->status != 0)
bab73cb6 3200 mgmt_auth_failed(hdev, &conn->dst, conn->type, conn->dst_type,
04124681 3201 ev->status);
0493684e 3202
2a611692
JH		 3203 hci_conn_put(conn);
3204
3205unlock:
0493684e
MH		 3206 hci_dev_unlock(hdev);
3207}
3208
41a96212
MH		 3209static inline void hci_remote_host_features_evt(struct hci_dev *hdev, struct sk_buff *skb)
3210{
3211 struct hci_ev_remote_host_features *ev = (void *) skb->data;
3212 struct inquiry_entry *ie;
3213
3214 BT_DBG("%s", hdev->name);
3215
3216 hci_dev_lock(hdev);
3217
cc11b9c1
AE		 3218 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
3219 if (ie)
02b7cc62 3220 ie->data.ssp_mode = (ev->features[0] & LMP_HOST_SSP);
41a96212
MH		 3221
3222 hci_dev_unlock(hdev);
3223}
3224
2763eda6 3225static inline void hci_remote_oob_data_request_evt(struct hci_dev *hdev,
04124681 3226 struct sk_buff *skb)
2763eda6
SJ		 3227{
3228 struct hci_ev_remote_oob_data_request *ev = (void *) skb->data;
3229 struct oob_data *data;
3230
3231 BT_DBG("%s", hdev->name);
3232
3233 hci_dev_lock(hdev);
3234
a8b2d5c2 3235 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
e1ba1f15
SJ		 3236 goto unlock;
3237
2763eda6
SJ		 3238 data = hci_find_remote_oob_data(hdev, &ev->bdaddr);
3239 if (data) {
3240 struct hci_cp_remote_oob_data_reply cp;
3241
3242 bacpy(&cp.bdaddr, &ev->bdaddr);
3243 memcpy(cp.hash, data->hash, sizeof(cp.hash));
3244 memcpy(cp.randomizer, data->randomizer, sizeof(cp.randomizer));
3245
3246 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_REPLY, sizeof(cp),
3247 &cp);
3248 } else {
3249 struct hci_cp_remote_oob_data_neg_reply cp;
3250
3251 bacpy(&cp.bdaddr, &ev->bdaddr);
3252 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_NEG_REPLY, sizeof(cp),
3253 &cp);
3254 }
3255
e1ba1f15 3256unlock:
2763eda6
SJ		 3257 hci_dev_unlock(hdev);
3258}
3259
fcd89c09
VT		 3260static inline void hci_le_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
3261{
3262 struct hci_ev_le_conn_complete *ev = (void *) skb->data;
3263 struct hci_conn *conn;
3264
3265 BT_DBG("%s status %d", hdev->name, ev->status);
3266
3267 hci_dev_lock(hdev);
3268
3269 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &ev->bdaddr);
b62f328b
VT		 3270 if (!conn) {
3271 conn = hci_conn_add(hdev, LE_LINK, &ev->bdaddr);
3272 if (!conn) {
3273 BT_ERR("No memory for new connection");
3274 hci_dev_unlock(hdev);
3275 return;
3276 }
29b7988a
AG		 3277
3278 conn->dst_type = ev->bdaddr_type;
b62f328b 3279 }
fcd89c09
VT		 3280
3281 if (ev->status) {
48264f06
JH		 3282 mgmt_connect_failed(hdev, &ev->bdaddr, conn->type,
3283 conn->dst_type, ev->status);
fcd89c09
VT		 3284 hci_proto_connect_cfm(conn, ev->status);
3285 conn->state = BT_CLOSED;
3286 hci_conn_del(conn);
3287 goto unlock;
3288 }
3289
b644ba33
JH		 3290 if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
3291 mgmt_device_connected(hdev, &ev->bdaddr, conn->type,
04124681 3292 conn->dst_type, 0, NULL, 0, NULL);
83bc71b4 3293
7b5c0d52 3294 conn->sec_level = BT_SECURITY_LOW;
fcd89c09
VT		 3295 conn->handle = __le16_to_cpu(ev->handle);
3296 conn->state = BT_CONNECTED;
3297
3298 hci_conn_hold_device(conn);
3299 hci_conn_add_sysfs(conn);
3300
3301 hci_proto_connect_cfm(conn, ev->status);
3302
3303unlock:
3304 hci_dev_unlock(hdev);
3305}
3306
9aa04c91
AG		 3307static inline void hci_le_adv_report_evt(struct hci_dev *hdev,
3308 struct sk_buff *skb)
3309{
e95beb41
AG		 3310 u8 num_reports = skb->data[0];
3311 void *ptr = &skb->data[1];
3c9e9195 3312 s8 rssi;
9aa04c91
AG		 3313
3314 hci_dev_lock(hdev);
3315
e95beb41
AG		 3316 while (num_reports--) {
3317 struct hci_ev_le_advertising_info *ev = ptr;
9aa04c91 3318
9aa04c91 3319 hci_add_adv_entry(hdev, ev);
e95beb41 3320
3c9e9195
AG		 3321 rssi = ev->data[ev->length];
3322 mgmt_device_found(hdev, &ev->bdaddr, LE_LINK, ev->bdaddr_type,
04124681 3323 NULL, rssi, 0, 1, ev->data, ev->length);
3c9e9195 3324
e95beb41 3325 ptr += sizeof(*ev) + ev->length + 1;
9aa04c91
AG		 3326 }
3327
3328 hci_dev_unlock(hdev);
3329}
3330
a7a595f6
VCG		 3331static inline void hci_le_ltk_request_evt(struct hci_dev *hdev,
3332 struct sk_buff *skb)
3333{
3334 struct hci_ev_le_ltk_req *ev = (void *) skb->data;
3335 struct hci_cp_le_ltk_reply cp;
bea710fe 3336 struct hci_cp_le_ltk_neg_reply neg;
a7a595f6 3337 struct hci_conn *conn;
c9839a11 3338 struct smp_ltk *ltk;
a7a595f6 3339
e4666881 3340 BT_DBG("%s handle %d", hdev->name, __le16_to_cpu(ev->handle));
a7a595f6
VCG		 3341
3342 hci_dev_lock(hdev);
3343
3344 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
bea710fe
VCG		 3345 if (conn == NULL)
3346 goto not_found;
a7a595f6 3347
bea710fe
VCG		 3348 ltk = hci_find_ltk(hdev, ev->ediv, ev->random);
3349 if (ltk == NULL)
3350 goto not_found;
3351
3352 memcpy(cp.ltk, ltk->val, sizeof(ltk->val));
a7a595f6 3353 cp.handle = cpu_to_le16(conn->handle);
c9839a11
VCG		 3354
3355 if (ltk->authenticated)
3356 conn->sec_level = BT_SECURITY_HIGH;
a7a595f6
VCG		 3357
3358 hci_send_cmd(hdev, HCI_OP_LE_LTK_REPLY, sizeof(cp), &cp);
3359
c9839a11
VCG		 3360 if (ltk->type & HCI_SMP_STK) {
3361 list_del(&ltk->list);
3362 kfree(ltk);
3363 }
3364
a7a595f6 3365 hci_dev_unlock(hdev);
bea710fe
VCG		 3366
3367 return;
3368
3369not_found:
3370 neg.handle = ev->handle;
3371 hci_send_cmd(hdev, HCI_OP_LE_LTK_NEG_REPLY, sizeof(neg), &neg);
3372 hci_dev_unlock(hdev);
a7a595f6
VCG		 3373}
3374
fcd89c09
VT		 3375static inline void hci_le_meta_evt(struct hci_dev *hdev, struct sk_buff *skb)
3376{
3377 struct hci_ev_le_meta *le_ev = (void *) skb->data;
3378
3379 skb_pull(skb, sizeof(*le_ev));
3380
3381 switch (le_ev->subevent) {
3382 case HCI_EV_LE_CONN_COMPLETE:
3383 hci_le_conn_complete_evt(hdev, skb);
3384 break;
3385
9aa04c91
AG		 3386 case HCI_EV_LE_ADVERTISING_REPORT:
3387 hci_le_adv_report_evt(hdev, skb);
3388 break;
3389
a7a595f6
VCG		 3390 case HCI_EV_LE_LTK_REQ:
3391 hci_le_ltk_request_evt(hdev, skb);
3392 break;
3393
fcd89c09
VT		 3394 default:
3395 break;
3396 }
3397}
3398
a9de9248
MH		 3399void hci_event_packet(struct hci_dev *hdev, struct sk_buff *skb)
3400{
3401 struct hci_event_hdr *hdr = (void *) skb->data;
3402 __u8 event = hdr->evt;
3403
3404 skb_pull(skb, HCI_EVENT_HDR_SIZE);
3405
3406 switch (event) {
1da177e4
LT		 3407 case HCI_EV_INQUIRY_COMPLETE:
3408 hci_inquiry_complete_evt(hdev, skb);
3409 break;
3410
3411 case HCI_EV_INQUIRY_RESULT:
3412 hci_inquiry_result_evt(hdev, skb);
3413 break;
3414
a9de9248
MH		 3415 case HCI_EV_CONN_COMPLETE:
3416 hci_conn_complete_evt(hdev, skb);
21d9e30e
MH		 3417 break;
3418
1da177e4
LT		 3419 case HCI_EV_CONN_REQUEST:
3420 hci_conn_request_evt(hdev, skb);
3421 break;
3422
1da177e4
LT		 3423 case HCI_EV_DISCONN_COMPLETE:
3424 hci_disconn_complete_evt(hdev, skb);
3425 break;
3426
1da177e4
LT		 3427 case HCI_EV_AUTH_COMPLETE:
3428 hci_auth_complete_evt(hdev, skb);
3429 break;
3430
a9de9248
MH		 3431 case HCI_EV_REMOTE_NAME:
3432 hci_remote_name_evt(hdev, skb);
3433 break;
3434
1da177e4
LT		 3435 case HCI_EV_ENCRYPT_CHANGE:
3436 hci_encrypt_change_evt(hdev, skb);
3437 break;
3438
a9de9248
MH		 3439 case HCI_EV_CHANGE_LINK_KEY_COMPLETE:
3440 hci_change_link_key_complete_evt(hdev, skb);
3441 break;
3442
3443 case HCI_EV_REMOTE_FEATURES:
3444 hci_remote_features_evt(hdev, skb);
3445 break;
3446
3447 case HCI_EV_REMOTE_VERSION:
3448 hci_remote_version_evt(hdev, skb);
3449 break;
3450
3451 case HCI_EV_QOS_SETUP_COMPLETE:
3452 hci_qos_setup_complete_evt(hdev, skb);
3453 break;
3454
3455 case HCI_EV_CMD_COMPLETE:
3456 hci_cmd_complete_evt(hdev, skb);
3457 break;
3458
3459 case HCI_EV_CMD_STATUS:
3460 hci_cmd_status_evt(hdev, skb);
3461 break;
3462
3463 case HCI_EV_ROLE_CHANGE:
3464 hci_role_change_evt(hdev, skb);
3465 break;
3466
3467 case HCI_EV_NUM_COMP_PKTS:
3468 hci_num_comp_pkts_evt(hdev, skb);
3469 break;
3470
3471 case HCI_EV_MODE_CHANGE:
3472 hci_mode_change_evt(hdev, skb);
1da177e4
LT		 3473 break;
3474
3475 case HCI_EV_PIN_CODE_REQ:
3476 hci_pin_code_request_evt(hdev, skb);
3477 break;
3478
3479 case HCI_EV_LINK_KEY_REQ:
3480 hci_link_key_request_evt(hdev, skb);
3481 break;
3482
3483 case HCI_EV_LINK_KEY_NOTIFY:
3484 hci_link_key_notify_evt(hdev, skb);
3485 break;
3486
3487 case HCI_EV_CLOCK_OFFSET:
3488 hci_clock_offset_evt(hdev, skb);
3489 break;
3490
a8746417
MH		 3491 case HCI_EV_PKT_TYPE_CHANGE:
3492 hci_pkt_type_change_evt(hdev, skb);
3493 break;
3494
85a1e930
MH		 3495 case HCI_EV_PSCAN_REP_MODE:
3496 hci_pscan_rep_mode_evt(hdev, skb);
3497 break;
3498
a9de9248
MH		 3499 case HCI_EV_INQUIRY_RESULT_WITH_RSSI:
3500 hci_inquiry_result_with_rssi_evt(hdev, skb);
04837f64
MH		 3501 break;
3502
a9de9248
MH		 3503 case HCI_EV_REMOTE_EXT_FEATURES:
3504 hci_remote_ext_features_evt(hdev, skb);
1da177e4
LT		 3505 break;
3506
a9de9248
MH		 3507 case HCI_EV_SYNC_CONN_COMPLETE:
3508 hci_sync_conn_complete_evt(hdev, skb);
3509 break;
1da177e4 3510
a9de9248
MH		 3511 case HCI_EV_SYNC_CONN_CHANGED:
3512 hci_sync_conn_changed_evt(hdev, skb);
3513 break;
1da177e4 3514
a9de9248
MH		 3515 case HCI_EV_SNIFF_SUBRATE:
3516 hci_sniff_subrate_evt(hdev, skb);
3517 break;
1da177e4 3518
a9de9248
MH		 3519 case HCI_EV_EXTENDED_INQUIRY_RESULT:
3520 hci_extended_inquiry_result_evt(hdev, skb);
3521 break;
1da177e4 3522
0493684e
MH		 3523 case HCI_EV_IO_CAPA_REQUEST:
3524 hci_io_capa_request_evt(hdev, skb);
3525 break;
3526
03b555e1
JH		 3527 case HCI_EV_IO_CAPA_REPLY:
3528 hci_io_capa_reply_evt(hdev, skb);
3529 break;
3530
a5c29683
JH		 3531 case HCI_EV_USER_CONFIRM_REQUEST:
3532 hci_user_confirm_request_evt(hdev, skb);
3533 break;
3534
1143d458
BG		 3535 case HCI_EV_USER_PASSKEY_REQUEST:
3536 hci_user_passkey_request_evt(hdev, skb);
3537 break;
3538
0493684e
MH		 3539 case HCI_EV_SIMPLE_PAIR_COMPLETE:
3540 hci_simple_pair_complete_evt(hdev, skb);
3541 break;
3542
41a96212
MH		 3543 case HCI_EV_REMOTE_HOST_FEATURES:
3544 hci_remote_host_features_evt(hdev, skb);
3545 break;
3546
fcd89c09
VT		 3547 case HCI_EV_LE_META:
3548 hci_le_meta_evt(hdev, skb);
3549 break;
3550
2763eda6
SJ		 3551 case HCI_EV_REMOTE_OOB_DATA_REQUEST:
3552 hci_remote_oob_data_request_evt(hdev, skb);
3553 break;
3554
25e89e99
AE		 3555 case HCI_EV_NUM_COMP_BLOCKS:
3556 hci_num_comp_blocks_evt(hdev, skb);
3557 break;
3558
a9de9248
MH		 3559 default:
3560 BT_DBG("%s event 0x%x", hdev->name, event);
1da177e4
LT		 3561 break;
3562 }
3563
3564 kfree_skb(skb);
3565 hdev->stat.evt_rx++;
3566}
kernel source for telekom puls (alcatel/mediatek)