projects / GitHub / mt8127 / android_kernel_alcatel_ttab.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Bluetooth: Fix Inquiry with RSSI event mask
[GitHub/mt8127/android_kernel_alcatel_ttab.git] / net / bluetooth / hci_event.c
CommitLineData
8e87d142 1/*
1da177e4 2 BlueZ - Bluetooth protocol stack for Linux
2d0a0346 3 Copyright (c) 2000-2001, 2010, Code Aurora Forum. All rights reserved.
1da177e4
LT		 4
5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
8e87d142
YH		 15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
1da177e4
LT		 18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
8e87d142
YH		 20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
1da177e4
LT		 22 SOFTWARE IS DISCLAIMED.
23*/
24
25/* Bluetooth HCI event handling. */
26
1da177e4
LT		 27#include <linux/module.h>
28
29#include <linux/types.h>
30#include <linux/errno.h>
31#include <linux/kernel.h>
1da177e4
LT		 32#include <linux/slab.h>
33#include <linux/poll.h>
34#include <linux/fcntl.h>
35#include <linux/init.h>
36#include <linux/skbuff.h>
37#include <linux/interrupt.h>
1da177e4
LT		 38#include <net/sock.h>
39
70f23020 40#include <linux/uaccess.h>
1da177e4
LT		 41#include <asm/unaligned.h>
42
43#include <net/bluetooth/bluetooth.h>
44#include <net/bluetooth/hci_core.h>
45
1da177e4
LT		 46/* Handle HCI Event packets */
47
a9de9248 48static void hci_cc_inquiry_cancel(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 49{
a9de9248 50 __u8 status = *((__u8 *) skb->data);
1da177e4 51
a9de9248 52 BT_DBG("%s status 0x%x", hdev->name, status);
1da177e4 53
e6d465cb
AG		 54 if (status) {
55 hci_dev_lock(hdev);
56 mgmt_stop_discovery_failed(hdev, status);
57 hci_dev_unlock(hdev);
a9de9248 58 return;
e6d465cb 59 }
1da177e4 60
89352e7d
AG		 61 clear_bit(HCI_INQUIRY, &hdev->flags);
62
56e5cb86 63 hci_dev_lock(hdev);
ff9ef578 64 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
56e5cb86 65 hci_dev_unlock(hdev);
6bd57416 66
23bb5763 67 hci_req_complete(hdev, HCI_OP_INQUIRY_CANCEL, status);
a9de9248
MH		 68
69 hci_conn_check_pending(hdev);
70}
6bd57416 71
4d93483b
AG		 72static void hci_cc_periodic_inq(struct hci_dev *hdev, struct sk_buff *skb)
73{
74 __u8 status = *((__u8 *) skb->data);
75
76 BT_DBG("%s status 0x%x", hdev->name, status);
ae854a70
AG		 77
78 if (status)
79 return;
80
81 set_bit(HCI_PERIODIC_INQ, &hdev->dev_flags);
4d93483b
AG		 82}
83
a9de9248
MH		 84static void hci_cc_exit_periodic_inq(struct hci_dev *hdev, struct sk_buff *skb)
85{
86 __u8 status = *((__u8 *) skb->data);
6bd57416 87
a9de9248 88 BT_DBG("%s status 0x%x", hdev->name, status);
6bd57416 89
a9de9248
MH		 90 if (status)
91 return;
1da177e4 92
ae854a70
AG		 93 clear_bit(HCI_PERIODIC_INQ, &hdev->dev_flags);
94
a9de9248
MH		 95 hci_conn_check_pending(hdev);
96}
97
98static void hci_cc_remote_name_req_cancel(struct hci_dev *hdev, struct sk_buff *skb)
99{
100 BT_DBG("%s", hdev->name);
101}
102
103static void hci_cc_role_discovery(struct hci_dev *hdev, struct sk_buff *skb)
104{
105 struct hci_rp_role_discovery *rp = (void *) skb->data;
106 struct hci_conn *conn;
107
108 BT_DBG("%s status 0x%x", hdev->name, rp->status);
109
110 if (rp->status)
111 return;
112
113 hci_dev_lock(hdev);
114
115 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
116 if (conn) {
117 if (rp->role)
118 conn->link_mode &= ~HCI_LM_MASTER;
119 else
120 conn->link_mode |= HCI_LM_MASTER;
1da177e4 121 }
a9de9248
MH		 122
123 hci_dev_unlock(hdev);
1da177e4
LT		 124}
125
e4e8e37c
MH		 126static void hci_cc_read_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
127{
128 struct hci_rp_read_link_policy *rp = (void *) skb->data;
129 struct hci_conn *conn;
130
131 BT_DBG("%s status 0x%x", hdev->name, rp->status);
132
133 if (rp->status)
134 return;
135
136 hci_dev_lock(hdev);
137
138 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
139 if (conn)
140 conn->link_policy = __le16_to_cpu(rp->policy);
141
142 hci_dev_unlock(hdev);
143}
144
a9de9248 145static void hci_cc_write_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 146{
a9de9248 147 struct hci_rp_write_link_policy *rp = (void *) skb->data;
1da177e4 148 struct hci_conn *conn;
04837f64 149 void *sent;
1da177e4 150
a9de9248 151 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1da177e4 152
a9de9248
MH		 153 if (rp->status)
154 return;
1da177e4 155
a9de9248
MH		 156 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LINK_POLICY);
157 if (!sent)
158 return;
1da177e4 159
a9de9248 160 hci_dev_lock(hdev);
1da177e4 161
a9de9248 162 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
e4e8e37c 163 if (conn)
83985319 164 conn->link_policy = get_unaligned_le16(sent + 2);
1da177e4 165
a9de9248
MH		 166 hci_dev_unlock(hdev);
167}
1da177e4 168
e4e8e37c
MH		 169static void hci_cc_read_def_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
170{
171 struct hci_rp_read_def_link_policy *rp = (void *) skb->data;
172
173 BT_DBG("%s status 0x%x", hdev->name, rp->status);
174
175 if (rp->status)
176 return;
177
178 hdev->link_policy = __le16_to_cpu(rp->policy);
179}
180
181static void hci_cc_write_def_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
182{
183 __u8 status = *((__u8 *) skb->data);
184 void *sent;
185
186 BT_DBG("%s status 0x%x", hdev->name, status);
187
188 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_DEF_LINK_POLICY);
189 if (!sent)
190 return;
191
192 if (!status)
193 hdev->link_policy = get_unaligned_le16(sent);
194
23bb5763 195 hci_req_complete(hdev, HCI_OP_WRITE_DEF_LINK_POLICY, status);
e4e8e37c
MH		 196}
197
a9de9248
MH		 198static void hci_cc_reset(struct hci_dev *hdev, struct sk_buff *skb)
199{
200 __u8 status = *((__u8 *) skb->data);
04837f64 201
a9de9248 202 BT_DBG("%s status 0x%x", hdev->name, status);
04837f64 203
10572132
GP		 204 clear_bit(HCI_RESET, &hdev->flags);
205
23bb5763 206 hci_req_complete(hdev, HCI_OP_RESET, status);
d23264a8 207
a297e97c 208 /* Reset all non-persistent flags */
ae854a70
AG		 209 hdev->dev_flags &= ~(BIT(HCI_LE_SCAN) | BIT(HCI_PENDING_CLASS) |
210 BIT(HCI_PERIODIC_INQ));
69775ff6
AG		 211
212 hdev->discovery.state = DISCOVERY_STOPPED;
a9de9248 213}
04837f64 214
a9de9248
MH		 215static void hci_cc_write_local_name(struct hci_dev *hdev, struct sk_buff *skb)
216{
217 __u8 status = *((__u8 *) skb->data);
218 void *sent;
04837f64 219
a9de9248 220 BT_DBG("%s status 0x%x", hdev->name, status);
04837f64 221
a9de9248
MH		 222 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LOCAL_NAME);
223 if (!sent)
224 return;
04837f64 225
56e5cb86
JH		 226 hci_dev_lock(hdev);
227
f51d5b24
JH		 228 if (test_bit(HCI_MGMT, &hdev->dev_flags))
229 mgmt_set_local_name_complete(hdev, sent, status);
28cc7bde
JH		 230 else if (!status)
231 memcpy(hdev->dev_name, sent, HCI_MAX_NAME_LENGTH);
f51d5b24 232
56e5cb86 233 hci_dev_unlock(hdev);
3159d384
JH		 234
235 hci_req_complete(hdev, HCI_OP_WRITE_LOCAL_NAME, status);
a9de9248
MH		 236}
237
238static void hci_cc_read_local_name(struct hci_dev *hdev, struct sk_buff *skb)
239{
240 struct hci_rp_read_local_name *rp = (void *) skb->data;
241
242 BT_DBG("%s status 0x%x", hdev->name, rp->status);
243
244 if (rp->status)
245 return;
246
db99b5fc
JH		 247 if (test_bit(HCI_SETUP, &hdev->dev_flags))
248 memcpy(hdev->dev_name, rp->name, HCI_MAX_NAME_LENGTH);
a9de9248
MH		 249}
250
251static void hci_cc_write_auth_enable(struct hci_dev *hdev, struct sk_buff *skb)
252{
253 __u8 status = *((__u8 *) skb->data);
254 void *sent;
255
256 BT_DBG("%s status 0x%x", hdev->name, status);
257
258 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_AUTH_ENABLE);
259 if (!sent)
260 return;
261
262 if (!status) {
263 __u8 param = *((__u8 *) sent);
264
265 if (param == AUTH_ENABLED)
266 set_bit(HCI_AUTH, &hdev->flags);
267 else
268 clear_bit(HCI_AUTH, &hdev->flags);
1da177e4 269 }
a9de9248 270
33ef95ed
JH		 271 if (test_bit(HCI_MGMT, &hdev->dev_flags))
272 mgmt_auth_enable_complete(hdev, status);
273
23bb5763 274 hci_req_complete(hdev, HCI_OP_WRITE_AUTH_ENABLE, status);
1da177e4
LT		 275}
276
a9de9248 277static void hci_cc_write_encrypt_mode(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 278{
a9de9248 279 __u8 status = *((__u8 *) skb->data);
1da177e4
LT		 280 void *sent;
281
a9de9248 282 BT_DBG("%s status 0x%x", hdev->name, status);
1da177e4 283
a9de9248
MH		 284 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_ENCRYPT_MODE);
285 if (!sent)
286 return;
1da177e4 287
a9de9248
MH		 288 if (!status) {
289 __u8 param = *((__u8 *) sent);
290
291 if (param)
292 set_bit(HCI_ENCRYPT, &hdev->flags);
293 else
294 clear_bit(HCI_ENCRYPT, &hdev->flags);
295 }
1da177e4 296
23bb5763 297 hci_req_complete(hdev, HCI_OP_WRITE_ENCRYPT_MODE, status);
a9de9248 298}
1da177e4 299
a9de9248
MH		 300static void hci_cc_write_scan_enable(struct hci_dev *hdev, struct sk_buff *skb)
301{
36f7fc7e
JH		 302 __u8 param, status = *((__u8 *) skb->data);
303 int old_pscan, old_iscan;
a9de9248 304 void *sent;
1da177e4 305
a9de9248 306 BT_DBG("%s status 0x%x", hdev->name, status);
1da177e4 307
a9de9248
MH		 308 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SCAN_ENABLE);
309 if (!sent)
310 return;
1da177e4 311
36f7fc7e
JH		 312 param = *((__u8 *) sent);
313
56e5cb86
JH		 314 hci_dev_lock(hdev);
315
2d7cee58 316 if (status != 0) {
744cf19e 317 mgmt_write_scan_failed(hdev, param, status);
2d7cee58
JH		 318 hdev->discov_timeout = 0;
319 goto done;
320 }
321
36f7fc7e
JH		 322 old_pscan = test_and_clear_bit(HCI_PSCAN, &hdev->flags);
323 old_iscan = test_and_clear_bit(HCI_ISCAN, &hdev->flags);
324
325 if (param & SCAN_INQUIRY) {
326 set_bit(HCI_ISCAN, &hdev->flags);
327 if (!old_iscan)
744cf19e 328 mgmt_discoverable(hdev, 1);
16ab91ab
JH		 329 if (hdev->discov_timeout > 0) {
330 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
331 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
332 to);
333 }
36f7fc7e 334 } else if (old_iscan)
744cf19e 335 mgmt_discoverable(hdev, 0);
36f7fc7e
JH		 336
337 if (param & SCAN_PAGE) {
338 set_bit(HCI_PSCAN, &hdev->flags);
339 if (!old_pscan)
744cf19e 340 mgmt_connectable(hdev, 1);
36f7fc7e 341 } else if (old_pscan)
744cf19e 342 mgmt_connectable(hdev, 0);
1da177e4 343
36f7fc7e 344done:
56e5cb86 345 hci_dev_unlock(hdev);
23bb5763 346 hci_req_complete(hdev, HCI_OP_WRITE_SCAN_ENABLE, status);
a9de9248 347}
1da177e4 348
a9de9248
MH		 349static void hci_cc_read_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
350{
351 struct hci_rp_read_class_of_dev *rp = (void *) skb->data;
1da177e4 352
a9de9248 353 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1da177e4 354
a9de9248
MH		 355 if (rp->status)
356 return;
1da177e4 357
a9de9248 358 memcpy(hdev->dev_class, rp->dev_class, 3);
1da177e4 359
a9de9248
MH		 360 BT_DBG("%s class 0x%.2x%.2x%.2x", hdev->name,
361 hdev->dev_class[2], hdev->dev_class[1], hdev->dev_class[0]);
362}
1da177e4 363
a9de9248
MH		 364static void hci_cc_write_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
365{
366 __u8 status = *((__u8 *) skb->data);
367 void *sent;
1da177e4 368
a9de9248 369 BT_DBG("%s status 0x%x", hdev->name, status);
1da177e4 370
a9de9248
MH		 371 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_CLASS_OF_DEV);
372 if (!sent)
373 return;
1da177e4 374
7f9a903c
MH		 375 hci_dev_lock(hdev);
376
377 if (status == 0)
378 memcpy(hdev->dev_class, sent, 3);
379
380 if (test_bit(HCI_MGMT, &hdev->dev_flags))
381 mgmt_set_class_of_dev_complete(hdev, sent, status);
382
383 hci_dev_unlock(hdev);
a9de9248 384}
1da177e4 385
a9de9248
MH		 386static void hci_cc_read_voice_setting(struct hci_dev *hdev, struct sk_buff *skb)
387{
388 struct hci_rp_read_voice_setting *rp = (void *) skb->data;
389 __u16 setting;
390
391 BT_DBG("%s status 0x%x", hdev->name, rp->status);
392
393 if (rp->status)
394 return;
395
396 setting = __le16_to_cpu(rp->voice_setting);
397
f383f275 398 if (hdev->voice_setting == setting)
a9de9248
MH		 399 return;
400
401 hdev->voice_setting = setting;
402
403 BT_DBG("%s voice setting 0x%04x", hdev->name, setting);
404
3c54711c 405 if (hdev->notify)
a9de9248 406 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
a9de9248
MH		 407}
408
409static void hci_cc_write_voice_setting(struct hci_dev *hdev, struct sk_buff *skb)
410{
411 __u8 status = *((__u8 *) skb->data);
f383f275 412 __u16 setting;
a9de9248
MH		 413 void *sent;
414
415 BT_DBG("%s status 0x%x", hdev->name, status);
1da177e4 416
f383f275
MH		 417 if (status)
418 return;
419
a9de9248
MH		 420 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_VOICE_SETTING);
421 if (!sent)
422 return;
1da177e4 423
f383f275 424 setting = get_unaligned_le16(sent);
1da177e4 425
f383f275
MH		 426 if (hdev->voice_setting == setting)
427 return;
428
429 hdev->voice_setting = setting;
1da177e4 430
f383f275 431 BT_DBG("%s voice setting 0x%04x", hdev->name, setting);
1da177e4 432
3c54711c 433 if (hdev->notify)
f383f275 434 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
1da177e4
LT		 435}
436
a9de9248 437static void hci_cc_host_buffer_size(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 438{
a9de9248 439 __u8 status = *((__u8 *) skb->data);
1da177e4 440
a9de9248 441 BT_DBG("%s status 0x%x", hdev->name, status);
1da177e4 442
23bb5763 443 hci_req_complete(hdev, HCI_OP_HOST_BUFFER_SIZE, status);
a9de9248 444}
1143e5a6 445
333140b5
MH		 446static void hci_cc_write_ssp_mode(struct hci_dev *hdev, struct sk_buff *skb)
447{
448 __u8 status = *((__u8 *) skb->data);
449 void *sent;
450
451 BT_DBG("%s status 0x%x", hdev->name, status);
452
333140b5
MH		 453 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SSP_MODE);
454 if (!sent)
455 return;
456
ed2c4ee3 457 if (test_bit(HCI_MGMT, &hdev->dev_flags))
c0ecddc2
JH		 458 mgmt_ssp_enable_complete(hdev, *((u8 *) sent), status);
459 else if (!status) {
460 if (*((u8 *) sent))
461 set_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
462 else
463 clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
464 }
333140b5
MH		 465}
466
d5859e22
JH		 467static u8 hci_get_inquiry_mode(struct hci_dev *hdev)
468{
469 if (hdev->features[6] & LMP_EXT_INQ)
470 return 2;
471
472 if (hdev->features[3] & LMP_RSSI_INQ)
473 return 1;
474
475 if (hdev->manufacturer == 11 && hdev->hci_rev == 0x00 &&
476 hdev->lmp_subver == 0x0757)
477 return 1;
478
479 if (hdev->manufacturer == 15) {
480 if (hdev->hci_rev == 0x03 && hdev->lmp_subver == 0x6963)
481 return 1;
482 if (hdev->hci_rev == 0x09 && hdev->lmp_subver == 0x6963)
483 return 1;
484 if (hdev->hci_rev == 0x00 && hdev->lmp_subver == 0x6965)
485 return 1;
486 }
487
488 if (hdev->manufacturer == 31 && hdev->hci_rev == 0x2005 &&
489 hdev->lmp_subver == 0x1805)
490 return 1;
491
492 return 0;
493}
494
495static void hci_setup_inquiry_mode(struct hci_dev *hdev)
496{
497 u8 mode;
498
499 mode = hci_get_inquiry_mode(hdev);
500
501 hci_send_cmd(hdev, HCI_OP_WRITE_INQUIRY_MODE, 1, &mode);
502}
503
504static void hci_setup_event_mask(struct hci_dev *hdev)
505{
506 /* The second byte is 0xff instead of 0x9f (two reserved bits
507 * disabled) since a Broadcom 1.2 dongle doesn't respond to the
508 * command otherwise */
509 u8 events[8] = { 0xff, 0xff, 0xfb, 0xff, 0x00, 0x00, 0x00, 0x00 };
510
6de6c18d
VT		 511 /* CSR 1.1 dongles does not accept any bitfield so don't try to set
512 * any event mask for pre 1.2 devices */
5a13b095 513 if (hdev->hci_ver < BLUETOOTH_VER_1_2)
6de6c18d
VT		 514 return;
515
516 events[4] |= 0x01; /* Flow Specification Complete */
517 events[4] |= 0x02; /* Inquiry Result with RSSI */
518 events[4] |= 0x04; /* Read Remote Extended Features Complete */
519 events[5] |= 0x08; /* Synchronous Connection Complete */
520 events[5] |= 0x10; /* Synchronous Connection Changed */
d5859e22
JH		 521
522 if (hdev->features[3] & LMP_RSSI_INQ)
a24299e6 523 events[4] |= 0x02; /* Inquiry Result with RSSI */
d5859e22
JH		 524
525 if (hdev->features[5] & LMP_SNIFF_SUBR)
526 events[5] |= 0x20; /* Sniff Subrating */
527
528 if (hdev->features[5] & LMP_PAUSE_ENC)
529 events[5] |= 0x80; /* Encryption Key Refresh Complete */
530
531 if (hdev->features[6] & LMP_EXT_INQ)
532 events[5] |= 0x40; /* Extended Inquiry Result */
533
534 if (hdev->features[6] & LMP_NO_FLUSH)
535 events[7] |= 0x01; /* Enhanced Flush Complete */
536
537 if (hdev->features[7] & LMP_LSTO)
538 events[6] |= 0x80; /* Link Supervision Timeout Changed */
539
540 if (hdev->features[6] & LMP_SIMPLE_PAIR) {
541 events[6] |= 0x01; /* IO Capability Request */
542 events[6] |= 0x02; /* IO Capability Response */
543 events[6] |= 0x04; /* User Confirmation Request */
544 events[6] |= 0x08; /* User Passkey Request */
545 events[6] |= 0x10; /* Remote OOB Data Request */
546 events[6] |= 0x20; /* Simple Pairing Complete */
547 events[7] |= 0x04; /* User Passkey Notification */
548 events[7] |= 0x08; /* Keypress Notification */
549 events[7] |= 0x10; /* Remote Host Supported
550 * Features Notification */
551 }
552
553 if (hdev->features[4] & LMP_LE)
554 events[7] |= 0x20; /* LE Meta-Event */
555
556 hci_send_cmd(hdev, HCI_OP_SET_EVENT_MASK, sizeof(events), events);
557}
558
559static void hci_setup(struct hci_dev *hdev)
560{
e61ef499
AE		 561 if (hdev->dev_type != HCI_BREDR)
562 return;
563
d5859e22
JH		 564 hci_setup_event_mask(hdev);
565
d095c1eb 566 if (hdev->hci_ver > BLUETOOTH_VER_1_1)
d5859e22
JH		 567 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_COMMANDS, 0, NULL);
568
54d04dbb
JH		 569 if (hdev->features[6] & LMP_SIMPLE_PAIR) {
570 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
571 u8 mode = 0x01;
572 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE,
04124681 573 sizeof(mode), &mode);
54d04dbb
JH		 574 } else {
575 struct hci_cp_write_eir cp;
576
577 memset(hdev->eir, 0, sizeof(hdev->eir));
578 memset(&cp, 0, sizeof(cp));
579
580 hci_send_cmd(hdev, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
581 }
d5859e22
JH		 582 }
583
584 if (hdev->features[3] & LMP_RSSI_INQ)
585 hci_setup_inquiry_mode(hdev);
586
587 if (hdev->features[7] & LMP_INQ_TX_PWR)
588 hci_send_cmd(hdev, HCI_OP_READ_INQ_RSP_TX_POWER, 0, NULL);
971e3a4b
AG		 589
590 if (hdev->features[7] & LMP_EXTFEATURES) {
591 struct hci_cp_read_local_ext_features cp;
592
593 cp.page = 0x01;
04124681
GP		 594 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_EXT_FEATURES, sizeof(cp),
595 &cp);
971e3a4b 596 }
e6100a25 597
47990ea0
JH		 598 if (test_bit(HCI_LINK_SECURITY, &hdev->dev_flags)) {
599 u8 enable = 1;
04124681
GP		 600 hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(enable),
601 &enable);
47990ea0 602 }
d5859e22
JH		 603}
604
a9de9248
MH		 605static void hci_cc_read_local_version(struct hci_dev *hdev, struct sk_buff *skb)
606{
607 struct hci_rp_read_local_version *rp = (void *) skb->data;
1143e5a6 608
a9de9248 609 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1143e5a6 610
a9de9248 611 if (rp->status)
28b8df77 612 goto done;
1143e5a6 613
a9de9248 614 hdev->hci_ver = rp->hci_ver;
e4e8e37c 615 hdev->hci_rev = __le16_to_cpu(rp->hci_rev);
d5859e22 616 hdev->lmp_ver = rp->lmp_ver;
e4e8e37c 617 hdev->manufacturer = __le16_to_cpu(rp->manufacturer);
d5859e22 618 hdev->lmp_subver = __le16_to_cpu(rp->lmp_subver);
1143e5a6 619
a9de9248
MH		 620 BT_DBG("%s manufacturer %d hci ver %d:%d", hdev->name,
621 hdev->manufacturer,
622 hdev->hci_ver, hdev->hci_rev);
d5859e22
JH		 623
624 if (test_bit(HCI_INIT, &hdev->flags))
625 hci_setup(hdev);
28b8df77
AE		 626
627done:
628 hci_req_complete(hdev, HCI_OP_READ_LOCAL_VERSION, rp->status);
d5859e22
JH		 629}
630
631static void hci_setup_link_policy(struct hci_dev *hdev)
632{
035100c8 633 struct hci_cp_write_def_link_policy cp;
d5859e22
JH		 634 u16 link_policy = 0;
635
636 if (hdev->features[0] & LMP_RSWITCH)
637 link_policy |= HCI_LP_RSWITCH;
638 if (hdev->features[0] & LMP_HOLD)
639 link_policy |= HCI_LP_HOLD;
640 if (hdev->features[0] & LMP_SNIFF)
641 link_policy |= HCI_LP_SNIFF;
642 if (hdev->features[1] & LMP_PARK)
643 link_policy |= HCI_LP_PARK;
644
035100c8
AE		 645 cp.policy = cpu_to_le16(link_policy);
646 hci_send_cmd(hdev, HCI_OP_WRITE_DEF_LINK_POLICY, sizeof(cp), &cp);
a9de9248 647}
1da177e4 648
a9de9248
MH		 649static void hci_cc_read_local_commands(struct hci_dev *hdev, struct sk_buff *skb)
650{
651 struct hci_rp_read_local_commands *rp = (void *) skb->data;
1da177e4 652
a9de9248 653 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1da177e4 654
a9de9248 655 if (rp->status)
d5859e22 656 goto done;
1da177e4 657
a9de9248 658 memcpy(hdev->commands, rp->commands, sizeof(hdev->commands));
d5859e22
JH		 659
660 if (test_bit(HCI_INIT, &hdev->flags) && (hdev->commands[5] & 0x10))
661 hci_setup_link_policy(hdev);
662
663done:
664 hci_req_complete(hdev, HCI_OP_READ_LOCAL_COMMANDS, rp->status);
a9de9248 665}
1da177e4 666
a9de9248
MH		 667static void hci_cc_read_local_features(struct hci_dev *hdev, struct sk_buff *skb)
668{
669 struct hci_rp_read_local_features *rp = (void *) skb->data;
5b7f9909 670
a9de9248 671 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1da177e4 672
a9de9248
MH		 673 if (rp->status)
674 return;
5b7f9909 675
a9de9248 676 memcpy(hdev->features, rp->features, 8);
5b7f9909 677
a9de9248
MH		 678 /* Adjust default settings according to features
679 * supported by device. */
1da177e4 680
a9de9248
MH		 681 if (hdev->features[0] & LMP_3SLOT)
682 hdev->pkt_type |= (HCI_DM3 | HCI_DH3);
1da177e4 683
a9de9248
MH		 684 if (hdev->features[0] & LMP_5SLOT)
685 hdev->pkt_type |= (HCI_DM5 | HCI_DH5);
1da177e4 686
a9de9248
MH		 687 if (hdev->features[1] & LMP_HV2) {
688 hdev->pkt_type |= (HCI_HV2);
689 hdev->esco_type |= (ESCO_HV2);
690 }
1da177e4 691
a9de9248
MH		 692 if (hdev->features[1] & LMP_HV3) {
693 hdev->pkt_type |= (HCI_HV3);
694 hdev->esco_type |= (ESCO_HV3);
695 }
1da177e4 696
a9de9248
MH		 697 if (hdev->features[3] & LMP_ESCO)
698 hdev->esco_type |= (ESCO_EV3);
da1f5198 699
a9de9248
MH		 700 if (hdev->features[4] & LMP_EV4)
701 hdev->esco_type |= (ESCO_EV4);
da1f5198 702
a9de9248
MH		 703 if (hdev->features[4] & LMP_EV5)
704 hdev->esco_type |= (ESCO_EV5);
1da177e4 705
efc7688b
MH		 706 if (hdev->features[5] & LMP_EDR_ESCO_2M)
707 hdev->esco_type |= (ESCO_2EV3);
708
709 if (hdev->features[5] & LMP_EDR_ESCO_3M)
710 hdev->esco_type |= (ESCO_3EV3);
711
712 if (hdev->features[5] & LMP_EDR_3S_ESCO)
713 hdev->esco_type |= (ESCO_2EV5 | ESCO_3EV5);
714
a9de9248
MH		 715 BT_DBG("%s features 0x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x", hdev->name,
716 hdev->features[0], hdev->features[1],
717 hdev->features[2], hdev->features[3],
718 hdev->features[4], hdev->features[5],
719 hdev->features[6], hdev->features[7]);
720}
1da177e4 721
8f984dfa
JH		 722static void hci_set_le_support(struct hci_dev *hdev)
723{
724 struct hci_cp_write_le_host_supported cp;
725
726 memset(&cp, 0, sizeof(cp));
727
9d42820f 728 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
8f984dfa
JH		 729 cp.le = 1;
730 cp.simul = !!(hdev->features[6] & LMP_SIMUL_LE_BR);
731 }
732
733 if (cp.le != !!(hdev->host_features[0] & LMP_HOST_LE))
04124681
GP		 734 hci_send_cmd(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(cp),
735 &cp);
8f984dfa
JH		 736}
737
971e3a4b
AG		 738static void hci_cc_read_local_ext_features(struct hci_dev *hdev,
739 struct sk_buff *skb)
740{
741 struct hci_rp_read_local_ext_features *rp = (void *) skb->data;
742
743 BT_DBG("%s status 0x%x", hdev->name, rp->status);
744
745 if (rp->status)
8f984dfa 746 goto done;
971e3a4b 747
b5b32b65
AG		 748 switch (rp->page) {
749 case 0:
750 memcpy(hdev->features, rp->features, 8);
751 break;
752 case 1:
753 memcpy(hdev->host_features, rp->features, 8);
754 break;
755 }
971e3a4b 756
8f984dfa
JH		 757 if (test_bit(HCI_INIT, &hdev->flags) && hdev->features[4] & LMP_LE)
758 hci_set_le_support(hdev);
759
760done:
971e3a4b
AG		 761 hci_req_complete(hdev, HCI_OP_READ_LOCAL_EXT_FEATURES, rp->status);
762}
763
1e89cffb
AE		 764static void hci_cc_read_flow_control_mode(struct hci_dev *hdev,
765 struct sk_buff *skb)
766{
767 struct hci_rp_read_flow_control_mode *rp = (void *) skb->data;
768
769 BT_DBG("%s status 0x%x", hdev->name, rp->status);
770
771 if (rp->status)
772 return;
773
774 hdev->flow_ctl_mode = rp->mode;
775
776 hci_req_complete(hdev, HCI_OP_READ_FLOW_CONTROL_MODE, rp->status);
777}
778
a9de9248
MH		 779static void hci_cc_read_buffer_size(struct hci_dev *hdev, struct sk_buff *skb)
780{
781 struct hci_rp_read_buffer_size *rp = (void *) skb->data;
1da177e4 782
a9de9248 783 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1da177e4 784
a9de9248
MH		 785 if (rp->status)
786 return;
1da177e4 787
a9de9248
MH		 788 hdev->acl_mtu = __le16_to_cpu(rp->acl_mtu);
789 hdev->sco_mtu = rp->sco_mtu;
790 hdev->acl_pkts = __le16_to_cpu(rp->acl_max_pkt);
791 hdev->sco_pkts = __le16_to_cpu(rp->sco_max_pkt);
792
793 if (test_bit(HCI_QUIRK_FIXUP_BUFFER_SIZE, &hdev->quirks)) {
794 hdev->sco_mtu = 64;
795 hdev->sco_pkts = 8;
1da177e4 796 }
a9de9248
MH		 797
798 hdev->acl_cnt = hdev->acl_pkts;
799 hdev->sco_cnt = hdev->sco_pkts;
800
801 BT_DBG("%s acl mtu %d:%d sco mtu %d:%d", hdev->name,
802 hdev->acl_mtu, hdev->acl_pkts,
803 hdev->sco_mtu, hdev->sco_pkts);
804}
805
806static void hci_cc_read_bd_addr(struct hci_dev *hdev, struct sk_buff *skb)
807{
808 struct hci_rp_read_bd_addr *rp = (void *) skb->data;
809
810 BT_DBG("%s status 0x%x", hdev->name, rp->status);
811
812 if (!rp->status)
813 bacpy(&hdev->bdaddr, &rp->bdaddr);
814
23bb5763
JH		 815 hci_req_complete(hdev, HCI_OP_READ_BD_ADDR, rp->status);
816}
817
350ee4cf
AE		 818static void hci_cc_read_data_block_size(struct hci_dev *hdev,
819 struct sk_buff *skb)
820{
821 struct hci_rp_read_data_block_size *rp = (void *) skb->data;
822
823 BT_DBG("%s status 0x%x", hdev->name, rp->status);
824
825 if (rp->status)
826 return;
827
828 hdev->block_mtu = __le16_to_cpu(rp->max_acl_len);
829 hdev->block_len = __le16_to_cpu(rp->block_len);
830 hdev->num_blocks = __le16_to_cpu(rp->num_blocks);
831
832 hdev->block_cnt = hdev->num_blocks;
833
834 BT_DBG("%s blk mtu %d cnt %d len %d", hdev->name, hdev->block_mtu,
835 hdev->block_cnt, hdev->block_len);
836
837 hci_req_complete(hdev, HCI_OP_READ_DATA_BLOCK_SIZE, rp->status);
838}
839
23bb5763
JH		 840static void hci_cc_write_ca_timeout(struct hci_dev *hdev, struct sk_buff *skb)
841{
842 __u8 status = *((__u8 *) skb->data);
843
844 BT_DBG("%s status 0x%x", hdev->name, status);
845
846 hci_req_complete(hdev, HCI_OP_WRITE_CA_TIMEOUT, status);
a9de9248
MH		 847}
848
928abaa7
AE		 849static void hci_cc_read_local_amp_info(struct hci_dev *hdev,
850 struct sk_buff *skb)
851{
852 struct hci_rp_read_local_amp_info *rp = (void *) skb->data;
853
854 BT_DBG("%s status 0x%x", hdev->name, rp->status);
855
856 if (rp->status)
857 return;
858
859 hdev->amp_status = rp->amp_status;
860 hdev->amp_total_bw = __le32_to_cpu(rp->total_bw);
861 hdev->amp_max_bw = __le32_to_cpu(rp->max_bw);
862 hdev->amp_min_latency = __le32_to_cpu(rp->min_latency);
863 hdev->amp_max_pdu = __le32_to_cpu(rp->max_pdu);
864 hdev->amp_type = rp->amp_type;
865 hdev->amp_pal_cap = __le16_to_cpu(rp->pal_cap);
866 hdev->amp_assoc_size = __le16_to_cpu(rp->max_assoc_size);
867 hdev->amp_be_flush_to = __le32_to_cpu(rp->be_flush_to);
868 hdev->amp_max_flush_to = __le32_to_cpu(rp->max_flush_to);
869
870 hci_req_complete(hdev, HCI_OP_READ_LOCAL_AMP_INFO, rp->status);
871}
872
b0916ea0
JH		 873static void hci_cc_delete_stored_link_key(struct hci_dev *hdev,
874 struct sk_buff *skb)
875{
876 __u8 status = *((__u8 *) skb->data);
877
878 BT_DBG("%s status 0x%x", hdev->name, status);
879
880 hci_req_complete(hdev, HCI_OP_DELETE_STORED_LINK_KEY, status);
881}
882
d5859e22
JH		 883static void hci_cc_set_event_mask(struct hci_dev *hdev, struct sk_buff *skb)
884{
885 __u8 status = *((__u8 *) skb->data);
886
887 BT_DBG("%s status 0x%x", hdev->name, status);
888
889 hci_req_complete(hdev, HCI_OP_SET_EVENT_MASK, status);
890}
891
892static void hci_cc_write_inquiry_mode(struct hci_dev *hdev,
893 struct sk_buff *skb)
894{
895 __u8 status = *((__u8 *) skb->data);
896
897 BT_DBG("%s status 0x%x", hdev->name, status);
898
899 hci_req_complete(hdev, HCI_OP_WRITE_INQUIRY_MODE, status);
900}
901
902static void hci_cc_read_inq_rsp_tx_power(struct hci_dev *hdev,
903 struct sk_buff *skb)
904{
91c4e9b1 905 struct hci_rp_read_inq_rsp_tx_power *rp = (void *) skb->data;
d5859e22 906
91c4e9b1
MH		 907 BT_DBG("%s status 0x%x", hdev->name, rp->status);
908
909 if (!rp->status)
910 hdev->inq_tx_power = rp->tx_power;
d5859e22 911
91c4e9b1 912 hci_req_complete(hdev, HCI_OP_READ_INQ_RSP_TX_POWER, rp->status);
d5859e22
JH		 913}
914
915static void hci_cc_set_event_flt(struct hci_dev *hdev, struct sk_buff *skb)
916{
917 __u8 status = *((__u8 *) skb->data);
918
919 BT_DBG("%s status 0x%x", hdev->name, status);
920
921 hci_req_complete(hdev, HCI_OP_SET_EVENT_FLT, status);
922}
923
980e1a53
JH		 924static void hci_cc_pin_code_reply(struct hci_dev *hdev, struct sk_buff *skb)
925{
926 struct hci_rp_pin_code_reply *rp = (void *) skb->data;
927 struct hci_cp_pin_code_reply *cp;
928 struct hci_conn *conn;
929
930 BT_DBG("%s status 0x%x", hdev->name, rp->status);
931
56e5cb86
JH		 932 hci_dev_lock(hdev);
933
a8b2d5c2 934 if (test_bit(HCI_MGMT, &hdev->dev_flags))
744cf19e 935 mgmt_pin_code_reply_complete(hdev, &rp->bdaddr, rp->status);
980e1a53
JH		 936
937 if (rp->status != 0)
56e5cb86 938 goto unlock;
980e1a53
JH		 939
940 cp = hci_sent_cmd_data(hdev, HCI_OP_PIN_CODE_REPLY);
941 if (!cp)
56e5cb86 942 goto unlock;
980e1a53
JH		 943
944 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
945 if (conn)
946 conn->pin_length = cp->pin_len;
56e5cb86
JH		 947
948unlock:
949 hci_dev_unlock(hdev);
980e1a53
JH		 950}
951
952static void hci_cc_pin_code_neg_reply(struct hci_dev *hdev, struct sk_buff *skb)
953{
954 struct hci_rp_pin_code_neg_reply *rp = (void *) skb->data;
955
956 BT_DBG("%s status 0x%x", hdev->name, rp->status);
957
56e5cb86
JH		 958 hci_dev_lock(hdev);
959
a8b2d5c2 960 if (test_bit(HCI_MGMT, &hdev->dev_flags))
744cf19e 961 mgmt_pin_code_neg_reply_complete(hdev, &rp->bdaddr,
980e1a53 962 rp->status);
56e5cb86
JH		 963
964 hci_dev_unlock(hdev);
980e1a53 965}
56e5cb86 966
6ed58ec5
VT		 967static void hci_cc_le_read_buffer_size(struct hci_dev *hdev,
968 struct sk_buff *skb)
969{
970 struct hci_rp_le_read_buffer_size *rp = (void *) skb->data;
971
972 BT_DBG("%s status 0x%x", hdev->name, rp->status);
973
974 if (rp->status)
975 return;
976
977 hdev->le_mtu = __le16_to_cpu(rp->le_mtu);
978 hdev->le_pkts = rp->le_max_pkt;
979
980 hdev->le_cnt = hdev->le_pkts;
981
982 BT_DBG("%s le mtu %d:%d", hdev->name, hdev->le_mtu, hdev->le_pkts);
983
984 hci_req_complete(hdev, HCI_OP_LE_READ_BUFFER_SIZE, rp->status);
985}
980e1a53 986
a5c29683
JH		 987static void hci_cc_user_confirm_reply(struct hci_dev *hdev, struct sk_buff *skb)
988{
989 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
990
991 BT_DBG("%s status 0x%x", hdev->name, rp->status);
992
56e5cb86
JH		 993 hci_dev_lock(hdev);
994
a8b2d5c2 995 if (test_bit(HCI_MGMT, &hdev->dev_flags))
04124681
GP		 996 mgmt_user_confirm_reply_complete(hdev, &rp->bdaddr, ACL_LINK, 0,
997 rp->status);
56e5cb86
JH		 998
999 hci_dev_unlock(hdev);
a5c29683
JH		 1000}
1001
1002static void hci_cc_user_confirm_neg_reply(struct hci_dev *hdev,
1003 struct sk_buff *skb)
1004{
1005 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
1006
1007 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1008
56e5cb86
JH		 1009 hci_dev_lock(hdev);
1010
a8b2d5c2 1011 if (test_bit(HCI_MGMT, &hdev->dev_flags))
744cf19e 1012 mgmt_user_confirm_neg_reply_complete(hdev, &rp->bdaddr,
04124681 1013 ACL_LINK, 0, rp->status);
56e5cb86
JH		 1014
1015 hci_dev_unlock(hdev);
a5c29683
JH		 1016}
1017
1143d458
BG		 1018static void hci_cc_user_passkey_reply(struct hci_dev *hdev, struct sk_buff *skb)
1019{
1020 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
1021
1022 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1023
1024 hci_dev_lock(hdev);
1025
a8b2d5c2 1026 if (test_bit(HCI_MGMT, &hdev->dev_flags))
272d90df 1027 mgmt_user_passkey_reply_complete(hdev, &rp->bdaddr, ACL_LINK,
04124681 1028 0, rp->status);
1143d458
BG		 1029
1030 hci_dev_unlock(hdev);
1031}
1032
1033static void hci_cc_user_passkey_neg_reply(struct hci_dev *hdev,
1034 struct sk_buff *skb)
1035{
1036 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
1037
1038 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1039
1040 hci_dev_lock(hdev);
1041
a8b2d5c2 1042 if (test_bit(HCI_MGMT, &hdev->dev_flags))
1143d458 1043 mgmt_user_passkey_neg_reply_complete(hdev, &rp->bdaddr,
04124681 1044 ACL_LINK, 0, rp->status);
1143d458
BG		 1045
1046 hci_dev_unlock(hdev);
1047}
1048
c35938b2
SJ		 1049static void hci_cc_read_local_oob_data_reply(struct hci_dev *hdev,
1050 struct sk_buff *skb)
1051{
1052 struct hci_rp_read_local_oob_data *rp = (void *) skb->data;
1053
1054 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1055
56e5cb86 1056 hci_dev_lock(hdev);
744cf19e 1057 mgmt_read_local_oob_data_reply_complete(hdev, rp->hash,
c35938b2 1058 rp->randomizer, rp->status);
56e5cb86 1059 hci_dev_unlock(hdev);
c35938b2
SJ		 1060}
1061
07f7fa5d
AG		 1062static void hci_cc_le_set_scan_param(struct hci_dev *hdev, struct sk_buff *skb)
1063{
1064 __u8 status = *((__u8 *) skb->data);
1065
1066 BT_DBG("%s status 0x%x", hdev->name, status);
7ba8b4be
AG		 1067
1068 hci_req_complete(hdev, HCI_OP_LE_SET_SCAN_PARAM, status);
3fd24153
AG		 1069
1070 if (status) {
1071 hci_dev_lock(hdev);
1072 mgmt_start_discovery_failed(hdev, status);
1073 hci_dev_unlock(hdev);
1074 return;
1075 }
07f7fa5d
AG		 1076}
1077
eb9d91f5
AG		 1078static void hci_cc_le_set_scan_enable(struct hci_dev *hdev,
1079 struct sk_buff *skb)
1080{
1081 struct hci_cp_le_set_scan_enable *cp;
1082 __u8 status = *((__u8 *) skb->data);
1083
1084 BT_DBG("%s status 0x%x", hdev->name, status);
1085
eb9d91f5
AG		 1086 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_SCAN_ENABLE);
1087 if (!cp)
1088 return;
1089
68a8aea4
AE		 1090 switch (cp->enable) {
1091 case LE_SCANNING_ENABLED:
7ba8b4be
AG		 1092 hci_req_complete(hdev, HCI_OP_LE_SET_SCAN_ENABLE, status);
1093
3fd24153
AG		 1094 if (status) {
1095 hci_dev_lock(hdev);
1096 mgmt_start_discovery_failed(hdev, status);
1097 hci_dev_unlock(hdev);
7ba8b4be 1098 return;
3fd24153 1099 }
7ba8b4be 1100
d23264a8
AG		 1101 set_bit(HCI_LE_SCAN, &hdev->dev_flags);
1102
a8f13c8c 1103 hci_dev_lock(hdev);
343f935b 1104 hci_discovery_set_state(hdev, DISCOVERY_FINDING);
a8f13c8c 1105 hci_dev_unlock(hdev);
68a8aea4
AE		 1106 break;
1107
1108 case LE_SCANNING_DISABLED:
c9ecc48e
AG		 1109 if (status) {
1110 hci_dev_lock(hdev);
1111 mgmt_stop_discovery_failed(hdev, status);
1112 hci_dev_unlock(hdev);
7ba8b4be 1113 return;
c9ecc48e 1114 }
7ba8b4be 1115
d23264a8
AG		 1116 clear_bit(HCI_LE_SCAN, &hdev->dev_flags);
1117
bc3dd33c
AG		 1118 if (hdev->discovery.type == DISCOV_TYPE_INTERLEAVED &&
1119 hdev->discovery.state == DISCOVERY_FINDING) {
5e0452c0
AG		 1120 mgmt_interleaved_discovery(hdev);
1121 } else {
1122 hci_dev_lock(hdev);
1123 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1124 hci_dev_unlock(hdev);
1125 }
1126
68a8aea4
AE		 1127 break;
1128
1129 default:
1130 BT_ERR("Used reserved LE_Scan_Enable param %d", cp->enable);
1131 break;
35815085 1132 }
eb9d91f5
AG		 1133}
1134
a7a595f6
VCG		 1135static void hci_cc_le_ltk_reply(struct hci_dev *hdev, struct sk_buff *skb)
1136{
1137 struct hci_rp_le_ltk_reply *rp = (void *) skb->data;
1138
1139 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1140
1141 if (rp->status)
1142 return;
1143
1144 hci_req_complete(hdev, HCI_OP_LE_LTK_REPLY, rp->status);
1145}
1146
1147static void hci_cc_le_ltk_neg_reply(struct hci_dev *hdev, struct sk_buff *skb)
1148{
1149 struct hci_rp_le_ltk_neg_reply *rp = (void *) skb->data;
1150
1151 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1152
1153 if (rp->status)
1154 return;
1155
1156 hci_req_complete(hdev, HCI_OP_LE_LTK_NEG_REPLY, rp->status);
1157}
1158
f9b49306
AG		 1159static inline void hci_cc_write_le_host_supported(struct hci_dev *hdev,
1160 struct sk_buff *skb)
1161{
06199cf8 1162 struct hci_cp_write_le_host_supported *sent;
f9b49306
AG		 1163 __u8 status = *((__u8 *) skb->data);
1164
1165 BT_DBG("%s status 0x%x", hdev->name, status);
1166
06199cf8 1167 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED);
8f984dfa 1168 if (!sent)
f9b49306
AG		 1169 return;
1170
8f984dfa
JH		 1171 if (!status) {
1172 if (sent->le)
1173 hdev->host_features[0] |= LMP_HOST_LE;
1174 else
1175 hdev->host_features[0] &= ~LMP_HOST_LE;
1176 }
1177
1178 if (test_bit(HCI_MGMT, &hdev->dev_flags) &&
1179 !test_bit(HCI_INIT, &hdev->flags))
1180 mgmt_le_enable_complete(hdev, sent->le, status);
1181
1182 hci_req_complete(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED, status);
f9b49306
AG		 1183}
1184
a9de9248
MH		 1185static inline void hci_cs_inquiry(struct hci_dev *hdev, __u8 status)
1186{
1187 BT_DBG("%s status 0x%x", hdev->name, status);
1188
1189 if (status) {
23bb5763 1190 hci_req_complete(hdev, HCI_OP_INQUIRY, status);
a9de9248 1191 hci_conn_check_pending(hdev);
56e5cb86 1192 hci_dev_lock(hdev);
a8b2d5c2 1193 if (test_bit(HCI_MGMT, &hdev->dev_flags))
7a135109 1194 mgmt_start_discovery_failed(hdev, status);
56e5cb86 1195 hci_dev_unlock(hdev);
314b2381
JH		 1196 return;
1197 }
1198
89352e7d
AG		 1199 set_bit(HCI_INQUIRY, &hdev->flags);
1200
56e5cb86 1201 hci_dev_lock(hdev);
343f935b 1202 hci_discovery_set_state(hdev, DISCOVERY_FINDING);
56e5cb86 1203 hci_dev_unlock(hdev);
1da177e4
LT		 1204}
1205
1da177e4
LT		 1206static inline void hci_cs_create_conn(struct hci_dev *hdev, __u8 status)
1207{
a9de9248 1208 struct hci_cp_create_conn *cp;
1da177e4 1209 struct hci_conn *conn;
1da177e4 1210
a9de9248
MH		 1211 BT_DBG("%s status 0x%x", hdev->name, status);
1212
1213 cp = hci_sent_cmd_data(hdev, HCI_OP_CREATE_CONN);
1da177e4
LT		 1214 if (!cp)
1215 return;
1216
1217 hci_dev_lock(hdev);
1218
1219 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1220
a9de9248 1221 BT_DBG("%s bdaddr %s conn %p", hdev->name, batostr(&cp->bdaddr), conn);
1da177e4
LT		 1222
1223 if (status) {
1224 if (conn && conn->state == BT_CONNECT) {
4c67bc74
MH		 1225 if (status != 0x0c || conn->attempt > 2) {
1226 conn->state = BT_CLOSED;
1227 hci_proto_connect_cfm(conn, status);
1228 hci_conn_del(conn);
1229 } else
1230 conn->state = BT_CONNECT2;
1da177e4
LT		 1231 }
1232 } else {
1233 if (!conn) {
1234 conn = hci_conn_add(hdev, ACL_LINK, &cp->bdaddr);
1235 if (conn) {
a0c808b3 1236 conn->out = true;
1da177e4
LT		 1237 conn->link_mode |= HCI_LM_MASTER;
1238 } else
893ef971 1239 BT_ERR("No memory for new connection");
1da177e4
LT		 1240 }
1241 }
1242
1243 hci_dev_unlock(hdev);
1244}
1245
a9de9248 1246static void hci_cs_add_sco(struct hci_dev *hdev, __u8 status)
1da177e4 1247{
a9de9248
MH		 1248 struct hci_cp_add_sco *cp;
1249 struct hci_conn *acl, *sco;
1250 __u16 handle;
1da177e4 1251
b6a0dc82
MH		 1252 BT_DBG("%s status 0x%x", hdev->name, status);
1253
a9de9248
MH		 1254 if (!status)
1255 return;
1da177e4 1256
a9de9248
MH		 1257 cp = hci_sent_cmd_data(hdev, HCI_OP_ADD_SCO);
1258 if (!cp)
1259 return;
1da177e4 1260
a9de9248 1261 handle = __le16_to_cpu(cp->handle);
1da177e4 1262
a9de9248 1263 BT_DBG("%s handle %d", hdev->name, handle);
1da177e4 1264
a9de9248 1265 hci_dev_lock(hdev);
1da177e4 1266
a9de9248 1267 acl = hci_conn_hash_lookup_handle(hdev, handle);
5a08ecce
AE		 1268 if (acl) {
1269 sco = acl->link;
1270 if (sco) {
1271 sco->state = BT_CLOSED;
1da177e4 1272
5a08ecce
AE		 1273 hci_proto_connect_cfm(sco, status);
1274 hci_conn_del(sco);
1275 }
a9de9248 1276 }
1da177e4 1277
a9de9248
MH		 1278 hci_dev_unlock(hdev);
1279}
1da177e4 1280
f8558555
MH		 1281static void hci_cs_auth_requested(struct hci_dev *hdev, __u8 status)
1282{
1283 struct hci_cp_auth_requested *cp;
1284 struct hci_conn *conn;
1285
1286 BT_DBG("%s status 0x%x", hdev->name, status);
1287
1288 if (!status)
1289 return;
1290
1291 cp = hci_sent_cmd_data(hdev, HCI_OP_AUTH_REQUESTED);
1292 if (!cp)
1293 return;
1294
1295 hci_dev_lock(hdev);
1296
1297 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1298 if (conn) {
1299 if (conn->state == BT_CONFIG) {
1300 hci_proto_connect_cfm(conn, status);
1301 hci_conn_put(conn);
1302 }
1303 }
1304
1305 hci_dev_unlock(hdev);
1306}
1307
1308static void hci_cs_set_conn_encrypt(struct hci_dev *hdev, __u8 status)
1309{
1310 struct hci_cp_set_conn_encrypt *cp;
1311 struct hci_conn *conn;
1312
1313 BT_DBG("%s status 0x%x", hdev->name, status);
1314
1315 if (!status)
1316 return;
1317
1318 cp = hci_sent_cmd_data(hdev, HCI_OP_SET_CONN_ENCRYPT);
1319 if (!cp)
1320 return;
1321
1322 hci_dev_lock(hdev);
1323
1324 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1325 if (conn) {
1326 if (conn->state == BT_CONFIG) {
1327 hci_proto_connect_cfm(conn, status);
1328 hci_conn_put(conn);
1329 }
1330 }
1331
1332 hci_dev_unlock(hdev);
1333}
1334
127178d2 1335static int hci_outgoing_auth_needed(struct hci_dev *hdev,
138d22ef 1336 struct hci_conn *conn)
392599b9 1337{
392599b9
JH		 1338 if (conn->state != BT_CONFIG || !conn->out)
1339 return 0;
1340
765c2a96 1341 if (conn->pending_sec_level == BT_SECURITY_SDP)
392599b9
JH		 1342 return 0;
1343
1344 /* Only request authentication for SSP connections or non-SSP
e9bf2bf0 1345 * devices with sec_level HIGH or if MITM protection is requested */
aa64a8b5 1346 if (!hci_conn_ssp_enabled(conn) &&
e9bf2bf0
VCG		 1347 conn->pending_sec_level != BT_SECURITY_HIGH &&
1348 !(conn->auth_type & 0x01))
392599b9
JH		 1349 return 0;
1350
392599b9
JH		 1351 return 1;
1352}
1353
00abfe44 1354static inline int hci_resolve_name(struct hci_dev *hdev,
04124681 1355 struct inquiry_entry *e)
30dc78e1
JH		 1356{
1357 struct hci_cp_remote_name_req cp;
1358
1359 memset(&cp, 0, sizeof(cp));
1360
1361 bacpy(&cp.bdaddr, &e->data.bdaddr);
1362 cp.pscan_rep_mode = e->data.pscan_rep_mode;
1363 cp.pscan_mode = e->data.pscan_mode;
1364 cp.clock_offset = e->data.clock_offset;
1365
1366 return hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
1367}
1368
b644ba33 1369static bool hci_resolve_next_name(struct hci_dev *hdev)
30dc78e1
JH		 1370{
1371 struct discovery_state *discov = &hdev->discovery;
1372 struct inquiry_entry *e;
1373
b644ba33
JH		 1374 if (list_empty(&discov->resolve))
1375 return false;
1376
1377 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_NEEDED);
1378 if (hci_resolve_name(hdev, e) == 0) {
1379 e->name_state = NAME_PENDING;
1380 return true;
1381 }
1382
1383 return false;
1384}
1385
1386static void hci_check_pending_name(struct hci_dev *hdev, struct hci_conn *conn,
04124681 1387 bdaddr_t *bdaddr, u8 *name, u8 name_len)
b644ba33
JH		 1388{
1389 struct discovery_state *discov = &hdev->discovery;
1390 struct inquiry_entry *e;
1391
1392 if (conn && !test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
04124681
GP		 1393 mgmt_device_connected(hdev, bdaddr, ACL_LINK, 0x00, 0, name,
1394 name_len, conn->dev_class);
b644ba33
JH		 1395
1396 if (discov->state == DISCOVERY_STOPPED)
1397 return;
1398
30dc78e1
JH		 1399 if (discov->state == DISCOVERY_STOPPING)
1400 goto discov_complete;
1401
1402 if (discov->state != DISCOVERY_RESOLVING)
1403 return;
1404
1405 e = hci_inquiry_cache_lookup_resolve(hdev, bdaddr, NAME_PENDING);
1406 if (e) {
1407 e->name_state = NAME_KNOWN;
1408 list_del(&e->list);
b644ba33
JH		 1409 if (name)
1410 mgmt_remote_name(hdev, bdaddr, ACL_LINK, 0x00,
04124681 1411 e->data.rssi, name, name_len);
30dc78e1
JH		 1412 }
1413
b644ba33 1414 if (hci_resolve_next_name(hdev))
30dc78e1 1415 return;
30dc78e1
JH		 1416
1417discov_complete:
1418 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1419}
1420
a9de9248
MH		 1421static void hci_cs_remote_name_req(struct hci_dev *hdev, __u8 status)
1422{
127178d2
JH		 1423 struct hci_cp_remote_name_req *cp;
1424 struct hci_conn *conn;
1425
a9de9248 1426 BT_DBG("%s status 0x%x", hdev->name, status);
127178d2
JH		 1427
1428 /* If successful wait for the name req complete event before
1429 * checking for the need to do authentication */
1430 if (!status)
1431 return;
1432
1433 cp = hci_sent_cmd_data(hdev, HCI_OP_REMOTE_NAME_REQ);
1434 if (!cp)
1435 return;
1436
1437 hci_dev_lock(hdev);
1438
b644ba33
JH		 1439 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1440
a8b2d5c2 1441 if (test_bit(HCI_MGMT, &hdev->dev_flags))
b644ba33 1442 hci_check_pending_name(hdev, conn, &cp->bdaddr, NULL, 0);
30dc78e1 1443
79c6c70c
JH		 1444 if (!conn)
1445 goto unlock;
1446
1447 if (!hci_outgoing_auth_needed(hdev, conn))
1448 goto unlock;
1449
51a8efd7 1450 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
127178d2
JH		 1451 struct hci_cp_auth_requested cp;
1452 cp.handle = __cpu_to_le16(conn->handle);
1453 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp);
1454 }
1455
79c6c70c 1456unlock:
127178d2 1457 hci_dev_unlock(hdev);
a9de9248 1458}
1da177e4 1459
769be974
MH		 1460static void hci_cs_read_remote_features(struct hci_dev *hdev, __u8 status)
1461{
1462 struct hci_cp_read_remote_features *cp;
1463 struct hci_conn *conn;
1464
1465 BT_DBG("%s status 0x%x", hdev->name, status);
1466
1467 if (!status)
1468 return;
1469
1470 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_FEATURES);
1471 if (!cp)
1472 return;
1473
1474 hci_dev_lock(hdev);
1475
1476 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1477 if (conn) {
1478 if (conn->state == BT_CONFIG) {
769be974
MH		 1479 hci_proto_connect_cfm(conn, status);
1480 hci_conn_put(conn);
1481 }
1482 }
1483
1484 hci_dev_unlock(hdev);
1485}
1486
1487static void hci_cs_read_remote_ext_features(struct hci_dev *hdev, __u8 status)
1488{
1489 struct hci_cp_read_remote_ext_features *cp;
1490 struct hci_conn *conn;
1491
1492 BT_DBG("%s status 0x%x", hdev->name, status);
1493
1494 if (!status)
1495 return;
1496
1497 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES);
1498 if (!cp)
1499 return;
1500
1501 hci_dev_lock(hdev);
1502
1503 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1504 if (conn) {
1505 if (conn->state == BT_CONFIG) {
769be974
MH		 1506 hci_proto_connect_cfm(conn, status);
1507 hci_conn_put(conn);
1508 }
1509 }
1510
1511 hci_dev_unlock(hdev);
1512}
1513
a9de9248
MH		 1514static void hci_cs_setup_sync_conn(struct hci_dev *hdev, __u8 status)
1515{
b6a0dc82
MH		 1516 struct hci_cp_setup_sync_conn *cp;
1517 struct hci_conn *acl, *sco;
1518 __u16 handle;
1519
a9de9248 1520 BT_DBG("%s status 0x%x", hdev->name, status);
b6a0dc82
MH		 1521
1522 if (!status)
1523 return;
1524
1525 cp = hci_sent_cmd_data(hdev, HCI_OP_SETUP_SYNC_CONN);
1526 if (!cp)
1527 return;
1528
1529 handle = __le16_to_cpu(cp->handle);
1530
1531 BT_DBG("%s handle %d", hdev->name, handle);
1532
1533 hci_dev_lock(hdev);
1534
1535 acl = hci_conn_hash_lookup_handle(hdev, handle);
5a08ecce
AE		 1536 if (acl) {
1537 sco = acl->link;
1538 if (sco) {
1539 sco->state = BT_CLOSED;
b6a0dc82 1540
5a08ecce
AE		 1541 hci_proto_connect_cfm(sco, status);
1542 hci_conn_del(sco);
1543 }
b6a0dc82
MH		 1544 }
1545
1546 hci_dev_unlock(hdev);
1da177e4
LT		 1547}
1548
a9de9248 1549static void hci_cs_sniff_mode(struct hci_dev *hdev, __u8 status)
1da177e4 1550{
a9de9248
MH		 1551 struct hci_cp_sniff_mode *cp;
1552 struct hci_conn *conn;
1da177e4 1553
a9de9248 1554 BT_DBG("%s status 0x%x", hdev->name, status);
04837f64 1555
a9de9248
MH		 1556 if (!status)
1557 return;
04837f64 1558
a9de9248
MH		 1559 cp = hci_sent_cmd_data(hdev, HCI_OP_SNIFF_MODE);
1560 if (!cp)
1561 return;
04837f64 1562
a9de9248 1563 hci_dev_lock(hdev);
04837f64 1564
a9de9248 1565 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
e73439d8 1566 if (conn) {
51a8efd7 1567 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags);
04837f64 1568
51a8efd7 1569 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
e73439d8
MH		 1570 hci_sco_setup(conn, status);
1571 }
1572
a9de9248
MH		 1573 hci_dev_unlock(hdev);
1574}
04837f64 1575
a9de9248
MH		 1576static void hci_cs_exit_sniff_mode(struct hci_dev *hdev, __u8 status)
1577{
1578 struct hci_cp_exit_sniff_mode *cp;
1579 struct hci_conn *conn;
04837f64 1580
a9de9248 1581 BT_DBG("%s status 0x%x", hdev->name, status);
04837f64 1582
a9de9248
MH		 1583 if (!status)
1584 return;
04837f64 1585
a9de9248
MH		 1586 cp = hci_sent_cmd_data(hdev, HCI_OP_EXIT_SNIFF_MODE);
1587 if (!cp)
1588 return;
04837f64 1589
a9de9248 1590 hci_dev_lock(hdev);
1da177e4 1591
a9de9248 1592 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
e73439d8 1593 if (conn) {
51a8efd7 1594 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags);
1da177e4 1595
51a8efd7 1596 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
e73439d8
MH		 1597 hci_sco_setup(conn, status);
1598 }
1599
a9de9248 1600 hci_dev_unlock(hdev);
1da177e4
LT		 1601}
1602
88c3df13
JH		 1603static void hci_cs_disconnect(struct hci_dev *hdev, u8 status)
1604{
1605 struct hci_cp_disconnect *cp;
1606 struct hci_conn *conn;
1607
1608 if (!status)
1609 return;
1610
1611 cp = hci_sent_cmd_data(hdev, HCI_OP_DISCONNECT);
1612 if (!cp)
1613 return;
1614
1615 hci_dev_lock(hdev);
1616
1617 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1618 if (conn)
1619 mgmt_disconnect_failed(hdev, &conn->dst, conn->type,
04124681 1620 conn->dst_type, status);
88c3df13
JH		 1621
1622 hci_dev_unlock(hdev);
1623}
1624
fcd89c09
VT		 1625static void hci_cs_le_create_conn(struct hci_dev *hdev, __u8 status)
1626{
1627 struct hci_cp_le_create_conn *cp;
1628 struct hci_conn *conn;
1629
1630 BT_DBG("%s status 0x%x", hdev->name, status);
1631
1632 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_CREATE_CONN);
1633 if (!cp)
1634 return;
1635
1636 hci_dev_lock(hdev);
1637
1638 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->peer_addr);
1639
1640 BT_DBG("%s bdaddr %s conn %p", hdev->name, batostr(&cp->peer_addr),
1641 conn);
1642
1643 if (status) {
1644 if (conn && conn->state == BT_CONNECT) {
1645 conn->state = BT_CLOSED;
328c9248
HG		 1646 mgmt_connect_failed(hdev, &cp->peer_addr, conn->type,
1647 conn->dst_type, status);
fcd89c09
VT		 1648 hci_proto_connect_cfm(conn, status);
1649 hci_conn_del(conn);
1650 }
1651 } else {
1652 if (!conn) {
1653 conn = hci_conn_add(hdev, LE_LINK, &cp->peer_addr);
29b7988a
AG		 1654 if (conn) {
1655 conn->dst_type = cp->peer_addr_type;
a0c808b3 1656 conn->out = true;
29b7988a 1657 } else {
fcd89c09 1658 BT_ERR("No memory for new connection");
29b7988a 1659 }
fcd89c09
VT		 1660 }
1661 }
1662
1663 hci_dev_unlock(hdev);
1664}
1665
a7a595f6
VCG		 1666static void hci_cs_le_start_enc(struct hci_dev *hdev, u8 status)
1667{
1668 BT_DBG("%s status 0x%x", hdev->name, status);
1669}
1670
1da177e4
LT		 1671static inline void hci_inquiry_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1672{
1673 __u8 status = *((__u8 *) skb->data);
30dc78e1
JH		 1674 struct discovery_state *discov = &hdev->discovery;
1675 struct inquiry_entry *e;
1da177e4
LT		 1676
1677 BT_DBG("%s status %d", hdev->name, status);
1678
23bb5763 1679 hci_req_complete(hdev, HCI_OP_INQUIRY, status);
6bd57416 1680
a9de9248 1681 hci_conn_check_pending(hdev);
89352e7d
AG		 1682
1683 if (!test_and_clear_bit(HCI_INQUIRY, &hdev->flags))
1684 return;
1685
a8b2d5c2 1686 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
30dc78e1
JH		 1687 return;
1688
56e5cb86 1689 hci_dev_lock(hdev);
30dc78e1 1690
343f935b 1691 if (discov->state != DISCOVERY_FINDING)
30dc78e1
JH		 1692 goto unlock;
1693
1694 if (list_empty(&discov->resolve)) {
1695 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1696 goto unlock;
1697 }
1698
1699 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_NEEDED);
1700 if (e && hci_resolve_name(hdev, e) == 0) {
1701 e->name_state = NAME_PENDING;
1702 hci_discovery_set_state(hdev, DISCOVERY_RESOLVING);
1703 } else {
1704 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1705 }
1706
1707unlock:
56e5cb86 1708 hci_dev_unlock(hdev);
1da177e4
LT		 1709}
1710
1da177e4
LT		 1711static inline void hci_inquiry_result_evt(struct hci_dev *hdev, struct sk_buff *skb)
1712{
45bb4bf0 1713 struct inquiry_data data;
a9de9248 1714 struct inquiry_info *info = (void *) (skb->data + 1);
1da177e4
LT		 1715 int num_rsp = *((__u8 *) skb->data);
1716
1717 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
1718
45bb4bf0
MH		 1719 if (!num_rsp)
1720 return;
1721
1519cc17
AG		 1722 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags))
1723 return;
1724
1da177e4 1725 hci_dev_lock(hdev);
45bb4bf0 1726
e17acd40 1727 for (; num_rsp; num_rsp--, info++) {
388fc8fa 1728 bool name_known, ssp;
3175405b 1729
1da177e4
LT		 1730 bacpy(&data.bdaddr, &info->bdaddr);
1731 data.pscan_rep_mode = info->pscan_rep_mode;
1732 data.pscan_period_mode = info->pscan_period_mode;
1733 data.pscan_mode = info->pscan_mode;
1734 memcpy(data.dev_class, info->dev_class, 3);
1735 data.clock_offset = info->clock_offset;
1736 data.rssi = 0x00;
41a96212 1737 data.ssp_mode = 0x00;
3175405b 1738
388fc8fa 1739 name_known = hci_inquiry_cache_update(hdev, &data, false, &ssp);
48264f06 1740 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
04124681
GP		 1741 info->dev_class, 0, !name_known, ssp, NULL,
1742 0);
1da177e4 1743 }
45bb4bf0 1744
1da177e4
LT		 1745 hci_dev_unlock(hdev);
1746}
1747
1da177e4
LT		 1748static inline void hci_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1749{
a9de9248
MH		 1750 struct hci_ev_conn_complete *ev = (void *) skb->data;
1751 struct hci_conn *conn;
1da177e4
LT		 1752
1753 BT_DBG("%s", hdev->name);
1754
1755 hci_dev_lock(hdev);
1756
1757 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
9499237a
MH		 1758 if (!conn) {
1759 if (ev->link_type != SCO_LINK)
1760 goto unlock;
1761
1762 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
1763 if (!conn)
1764 goto unlock;
1765
1766 conn->type = SCO_LINK;
1767 }
1da177e4
LT		 1768
1769 if (!ev->status) {
1770 conn->handle = __le16_to_cpu(ev->handle);
769be974
MH		 1771
1772 if (conn->type == ACL_LINK) {
1773 conn->state = BT_CONFIG;
1774 hci_conn_hold(conn);
052b30b0 1775 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
769be974
MH		 1776 } else
1777 conn->state = BT_CONNECTED;
1da177e4 1778
9eba32b8 1779 hci_conn_hold_device(conn);
7d0db0a3
MH		 1780 hci_conn_add_sysfs(conn);
1781
1da177e4
LT		 1782 if (test_bit(HCI_AUTH, &hdev->flags))
1783 conn->link_mode |= HCI_LM_AUTH;
1784
1785 if (test_bit(HCI_ENCRYPT, &hdev->flags))
1786 conn->link_mode |= HCI_LM_ENCRYPT;
1787
04837f64
MH		 1788 /* Get remote features */
1789 if (conn->type == ACL_LINK) {
1790 struct hci_cp_read_remote_features cp;
1791 cp.handle = ev->handle;
769be974 1792 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_FEATURES,
04124681 1793 sizeof(cp), &cp);
04837f64
MH		 1794 }
1795
1da177e4 1796 /* Set packet type for incoming connection */
d095c1eb 1797 if (!conn->out && hdev->hci_ver < BLUETOOTH_VER_2_0) {
1da177e4
LT		 1798 struct hci_cp_change_conn_ptype cp;
1799 cp.handle = ev->handle;
a8746417 1800 cp.pkt_type = cpu_to_le16(conn->pkt_type);
04124681
GP		 1801 hci_send_cmd(hdev, HCI_OP_CHANGE_CONN_PTYPE, sizeof(cp),
1802 &cp);
1da177e4 1803 }
17d5c04c 1804 } else {
1da177e4 1805 conn->state = BT_CLOSED;
17d5c04c 1806 if (conn->type == ACL_LINK)
744cf19e 1807 mgmt_connect_failed(hdev, &ev->bdaddr, conn->type,
04124681 1808 conn->dst_type, ev->status);
17d5c04c 1809 }
1da177e4 1810
e73439d8
MH		 1811 if (conn->type == ACL_LINK)
1812 hci_sco_setup(conn, ev->status);
1da177e4 1813
769be974
MH		 1814 if (ev->status) {
1815 hci_proto_connect_cfm(conn, ev->status);
1da177e4 1816 hci_conn_del(conn);
c89b6e6b
MH		 1817 } else if (ev->link_type != ACL_LINK)
1818 hci_proto_connect_cfm(conn, ev->status);
1da177e4 1819
a9de9248 1820unlock:
1da177e4 1821 hci_dev_unlock(hdev);
1da177e4 1822
a9de9248 1823 hci_conn_check_pending(hdev);
1da177e4
LT		 1824}
1825
a9de9248 1826static inline void hci_conn_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 1827{
a9de9248
MH		 1828 struct hci_ev_conn_request *ev = (void *) skb->data;
1829 int mask = hdev->link_mode;
1da177e4 1830
a9de9248
MH		 1831 BT_DBG("%s bdaddr %s type 0x%x", hdev->name,
1832 batostr(&ev->bdaddr), ev->link_type);
1da177e4 1833
a9de9248 1834 mask |= hci_proto_connect_ind(hdev, &ev->bdaddr, ev->link_type);
1da177e4 1835
138d22ef
SJ		 1836 if ((mask & HCI_LM_ACCEPT) &&
1837 !hci_blacklist_lookup(hdev, &ev->bdaddr)) {
a9de9248 1838 /* Connection accepted */
c7bdd502 1839 struct inquiry_entry *ie;
1da177e4 1840 struct hci_conn *conn;
1da177e4 1841
a9de9248 1842 hci_dev_lock(hdev);
b6a0dc82 1843
cc11b9c1
AE		 1844 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
1845 if (ie)
c7bdd502
MH		 1846 memcpy(ie->data.dev_class, ev->dev_class, 3);
1847
a9de9248
MH		 1848 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
1849 if (!conn) {
cc11b9c1
AE		 1850 conn = hci_conn_add(hdev, ev->link_type, &ev->bdaddr);
1851 if (!conn) {
893ef971 1852 BT_ERR("No memory for new connection");
a9de9248
MH		 1853 hci_dev_unlock(hdev);
1854 return;
1da177e4
LT		 1855 }
1856 }
b6a0dc82 1857
a9de9248
MH		 1858 memcpy(conn->dev_class, ev->dev_class, 3);
1859 conn->state = BT_CONNECT;
b6a0dc82 1860
a9de9248 1861 hci_dev_unlock(hdev);
1da177e4 1862
b6a0dc82
MH		 1863 if (ev->link_type == ACL_LINK || !lmp_esco_capable(hdev)) {
1864 struct hci_cp_accept_conn_req cp;
1da177e4 1865
b6a0dc82
MH		 1866 bacpy(&cp.bdaddr, &ev->bdaddr);
1867
1868 if (lmp_rswitch_capable(hdev) && (mask & HCI_LM_MASTER))
1869 cp.role = 0x00; /* Become master */
1870 else
1871 cp.role = 0x01; /* Remain slave */
1872
04124681
GP		 1873 hci_send_cmd(hdev, HCI_OP_ACCEPT_CONN_REQ, sizeof(cp),
1874 &cp);
b6a0dc82
MH		 1875 } else {
1876 struct hci_cp_accept_sync_conn_req cp;
1877
1878 bacpy(&cp.bdaddr, &ev->bdaddr);
a8746417 1879 cp.pkt_type = cpu_to_le16(conn->pkt_type);
b6a0dc82
MH		 1880
1881 cp.tx_bandwidth = cpu_to_le32(0x00001f40);
1882 cp.rx_bandwidth = cpu_to_le32(0x00001f40);
1883 cp.max_latency = cpu_to_le16(0xffff);
1884 cp.content_format = cpu_to_le16(hdev->voice_setting);
1885 cp.retrans_effort = 0xff;
1da177e4 1886
b6a0dc82 1887 hci_send_cmd(hdev, HCI_OP_ACCEPT_SYNC_CONN_REQ,
04124681 1888 sizeof(cp), &cp);
b6a0dc82 1889 }
a9de9248
MH		 1890 } else {
1891 /* Connection rejected */
1892 struct hci_cp_reject_conn_req cp;
1da177e4 1893
a9de9248 1894 bacpy(&cp.bdaddr, &ev->bdaddr);
9f5a0d7b 1895 cp.reason = HCI_ERROR_REJ_BAD_ADDR;
a9de9248 1896 hci_send_cmd(hdev, HCI_OP_REJECT_CONN_REQ, sizeof(cp), &cp);
1da177e4 1897 }
1da177e4
LT		 1898}
1899
a9de9248 1900static inline void hci_disconn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
04837f64 1901{
a9de9248 1902 struct hci_ev_disconn_complete *ev = (void *) skb->data;
04837f64
MH		 1903 struct hci_conn *conn;
1904
1905 BT_DBG("%s status %d", hdev->name, ev->status);
1906
1907 hci_dev_lock(hdev);
1908
1909 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
f7520543
JH		 1910 if (!conn)
1911 goto unlock;
7d0db0a3 1912
37d9ef76
JH		 1913 if (ev->status == 0)
1914 conn->state = BT_CLOSED;
04837f64 1915
b644ba33
JH		 1916 if (test_and_clear_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags) &&
1917 (conn->type == ACL_LINK || conn->type == LE_LINK)) {
37d9ef76 1918 if (ev->status != 0)
88c3df13
JH		 1919 mgmt_disconnect_failed(hdev, &conn->dst, conn->type,
1920 conn->dst_type, ev->status);
37d9ef76 1921 else
afc747a6 1922 mgmt_device_disconnected(hdev, &conn->dst, conn->type,
04124681 1923 conn->dst_type);
37d9ef76 1924 }
f7520543 1925
37d9ef76 1926 if (ev->status == 0) {
6ec5bcad
VA		 1927 if (conn->type == ACL_LINK && conn->flush_key)
1928 hci_remove_link_key(hdev, &conn->dst);
37d9ef76
JH		 1929 hci_proto_disconn_cfm(conn, ev->reason);
1930 hci_conn_del(conn);
1931 }
f7520543
JH		 1932
1933unlock:
04837f64
MH		 1934 hci_dev_unlock(hdev);
1935}
1936
1da177e4
LT		 1937static inline void hci_auth_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1938{
a9de9248 1939 struct hci_ev_auth_complete *ev = (void *) skb->data;
04837f64 1940 struct hci_conn *conn;
1da177e4
LT		 1941
1942 BT_DBG("%s status %d", hdev->name, ev->status);
1943
1944 hci_dev_lock(hdev);
1945
04837f64 1946 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
d7556e20
WR		 1947 if (!conn)
1948 goto unlock;
1949
1950 if (!ev->status) {
aa64a8b5
JH		 1951 if (!hci_conn_ssp_enabled(conn) &&
1952 test_bit(HCI_CONN_REAUTH_PEND, &conn->flags)) {
d7556e20 1953 BT_INFO("re-auth of legacy device is not possible.");
2a611692 1954 } else {
d7556e20
WR		 1955 conn->link_mode |= HCI_LM_AUTH;
1956 conn->sec_level = conn->pending_sec_level;
2a611692 1957 }
d7556e20 1958 } else {
bab73cb6 1959 mgmt_auth_failed(hdev, &conn->dst, conn->type, conn->dst_type,
04124681 1960 ev->status);
d7556e20 1961 }
1da177e4 1962
51a8efd7
JH		 1963 clear_bit(HCI_CONN_AUTH_PEND, &conn->flags);
1964 clear_bit(HCI_CONN_REAUTH_PEND, &conn->flags);
1da177e4 1965
d7556e20 1966 if (conn->state == BT_CONFIG) {
aa64a8b5 1967 if (!ev->status && hci_conn_ssp_enabled(conn)) {
d7556e20
WR		 1968 struct hci_cp_set_conn_encrypt cp;
1969 cp.handle = ev->handle;
1970 cp.encrypt = 0x01;
1971 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
1972 &cp);
052b30b0 1973 } else {
d7556e20
WR		 1974 conn->state = BT_CONNECTED;
1975 hci_proto_connect_cfm(conn, ev->status);
052b30b0
MH		 1976 hci_conn_put(conn);
1977 }
d7556e20
WR		 1978 } else {
1979 hci_auth_cfm(conn, ev->status);
052b30b0 1980
d7556e20
WR		 1981 hci_conn_hold(conn);
1982 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
1983 hci_conn_put(conn);
1984 }
1985
51a8efd7 1986 if (test_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags)) {
d7556e20
WR		 1987 if (!ev->status) {
1988 struct hci_cp_set_conn_encrypt cp;
1989 cp.handle = ev->handle;
1990 cp.encrypt = 0x01;
1991 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
1992 &cp);
1993 } else {
51a8efd7 1994 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
d7556e20 1995 hci_encrypt_cfm(conn, ev->status, 0x00);
1da177e4
LT		 1996 }
1997 }
1998
d7556e20 1999unlock:
1da177e4
LT		 2000 hci_dev_unlock(hdev);
2001}
2002
a9de9248 2003static inline void hci_remote_name_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 2004{
127178d2
JH		 2005 struct hci_ev_remote_name *ev = (void *) skb->data;
2006 struct hci_conn *conn;
2007
a9de9248 2008 BT_DBG("%s", hdev->name);
1da177e4 2009
a9de9248 2010 hci_conn_check_pending(hdev);
127178d2
JH		 2011
2012 hci_dev_lock(hdev);
2013
b644ba33 2014 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
30dc78e1 2015
b644ba33
JH		 2016 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
2017 goto check_auth;
a88a9652 2018
b644ba33
JH		 2019 if (ev->status == 0)
2020 hci_check_pending_name(hdev, conn, &ev->bdaddr, ev->name,
04124681 2021 strnlen(ev->name, HCI_MAX_NAME_LENGTH));
b644ba33
JH		 2022 else
2023 hci_check_pending_name(hdev, conn, &ev->bdaddr, NULL, 0);
2024
2025check_auth:
79c6c70c
JH		 2026 if (!conn)
2027 goto unlock;
2028
2029 if (!hci_outgoing_auth_needed(hdev, conn))
2030 goto unlock;
2031
51a8efd7 2032 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
127178d2
JH		 2033 struct hci_cp_auth_requested cp;
2034 cp.handle = __cpu_to_le16(conn->handle);
2035 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp);
2036 }
2037
79c6c70c 2038unlock:
127178d2 2039 hci_dev_unlock(hdev);
a9de9248
MH		 2040}
2041
2042static inline void hci_encrypt_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2043{
2044 struct hci_ev_encrypt_change *ev = (void *) skb->data;
2045 struct hci_conn *conn;
2046
2047 BT_DBG("%s status %d", hdev->name, ev->status);
1da177e4
LT		 2048
2049 hci_dev_lock(hdev);
2050
04837f64 2051 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1da177e4
LT		 2052 if (conn) {
2053 if (!ev->status) {
ae293196
MH		 2054 if (ev->encrypt) {
2055 /* Encryption implies authentication */
2056 conn->link_mode |= HCI_LM_AUTH;
1da177e4 2057 conn->link_mode |= HCI_LM_ENCRYPT;
da85e5e5 2058 conn->sec_level = conn->pending_sec_level;
ae293196 2059 } else
1da177e4
LT		 2060 conn->link_mode &= ~HCI_LM_ENCRYPT;
2061 }
2062
51a8efd7 2063 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
1da177e4 2064
a7d7723a
GP		 2065 if (ev->status && conn->state == BT_CONNECTED) {
2066 hci_acl_disconn(conn, 0x13);
2067 hci_conn_put(conn);
2068 goto unlock;
2069 }
2070
f8558555
MH		 2071 if (conn->state == BT_CONFIG) {
2072 if (!ev->status)
2073 conn->state = BT_CONNECTED;
2074
2075 hci_proto_connect_cfm(conn, ev->status);
2076 hci_conn_put(conn);
2077 } else
2078 hci_encrypt_cfm(conn, ev->status, ev->encrypt);
1da177e4
LT		 2079 }
2080
a7d7723a 2081unlock:
1da177e4
LT		 2082 hci_dev_unlock(hdev);
2083}
2084
a9de9248 2085static inline void hci_change_link_key_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 2086{
a9de9248 2087 struct hci_ev_change_link_key_complete *ev = (void *) skb->data;
04837f64 2088 struct hci_conn *conn;
1da177e4
LT		 2089
2090 BT_DBG("%s status %d", hdev->name, ev->status);
2091
2092 hci_dev_lock(hdev);
2093
04837f64 2094 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1da177e4
LT		 2095 if (conn) {
2096 if (!ev->status)
2097 conn->link_mode |= HCI_LM_SECURE;
2098
51a8efd7 2099 clear_bit(HCI_CONN_AUTH_PEND, &conn->flags);
1da177e4
LT		 2100
2101 hci_key_change_cfm(conn, ev->status);
2102 }
2103
2104 hci_dev_unlock(hdev);
2105}
2106
a9de9248 2107static inline void hci_remote_features_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 2108{
a9de9248
MH		 2109 struct hci_ev_remote_features *ev = (void *) skb->data;
2110 struct hci_conn *conn;
2111
2112 BT_DBG("%s status %d", hdev->name, ev->status);
2113
a9de9248
MH		 2114 hci_dev_lock(hdev);
2115
2116 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
ccd556fe
JH		 2117 if (!conn)
2118 goto unlock;
769be974 2119
ccd556fe
JH		 2120 if (!ev->status)
2121 memcpy(conn->features, ev->features, 8);
2122
2123 if (conn->state != BT_CONFIG)
2124 goto unlock;
2125
2126 if (!ev->status && lmp_ssp_capable(hdev) && lmp_ssp_capable(conn)) {
2127 struct hci_cp_read_remote_ext_features cp;
2128 cp.handle = ev->handle;
2129 cp.page = 0x01;
2130 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES,
bdb7524a 2131 sizeof(cp), &cp);
392599b9
JH		 2132 goto unlock;
2133 }
2134
671267bf 2135 if (!ev->status && !test_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags)) {
127178d2
JH		 2136 struct hci_cp_remote_name_req cp;
2137 memset(&cp, 0, sizeof(cp));
2138 bacpy(&cp.bdaddr, &conn->dst);
2139 cp.pscan_rep_mode = 0x02;
2140 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
b644ba33
JH		 2141 } else if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
2142 mgmt_device_connected(hdev, &conn->dst, conn->type,
04124681
GP		 2143 conn->dst_type, 0, NULL, 0,
2144 conn->dev_class);
392599b9 2145
127178d2 2146 if (!hci_outgoing_auth_needed(hdev, conn)) {
ccd556fe
JH		 2147 conn->state = BT_CONNECTED;
2148 hci_proto_connect_cfm(conn, ev->status);
2149 hci_conn_put(conn);
769be974 2150 }
a9de9248 2151
ccd556fe 2152unlock:
a9de9248 2153 hci_dev_unlock(hdev);
1da177e4
LT		 2154}
2155
a9de9248 2156static inline void hci_remote_version_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 2157{
a9de9248 2158 BT_DBG("%s", hdev->name);
1da177e4
LT		 2159}
2160
a9de9248 2161static inline void hci_qos_setup_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 2162{
a9de9248 2163 BT_DBG("%s", hdev->name);
1da177e4
LT		 2164}
2165
a9de9248
MH		 2166static inline void hci_cmd_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2167{
2168 struct hci_ev_cmd_complete *ev = (void *) skb->data;
2169 __u16 opcode;
2170
2171 skb_pull(skb, sizeof(*ev));
2172
2173 opcode = __le16_to_cpu(ev->opcode);
2174
2175 switch (opcode) {
2176 case HCI_OP_INQUIRY_CANCEL:
2177 hci_cc_inquiry_cancel(hdev, skb);
2178 break;
2179
4d93483b
AG		 2180 case HCI_OP_PERIODIC_INQ:
2181 hci_cc_periodic_inq(hdev, skb);
2182 break;
2183
a9de9248
MH		 2184 case HCI_OP_EXIT_PERIODIC_INQ:
2185 hci_cc_exit_periodic_inq(hdev, skb);
2186 break;
2187
2188 case HCI_OP_REMOTE_NAME_REQ_CANCEL:
2189 hci_cc_remote_name_req_cancel(hdev, skb);
2190 break;
2191
2192 case HCI_OP_ROLE_DISCOVERY:
2193 hci_cc_role_discovery(hdev, skb);
2194 break;
2195
e4e8e37c
MH		 2196 case HCI_OP_READ_LINK_POLICY:
2197 hci_cc_read_link_policy(hdev, skb);
2198 break;
2199
a9de9248
MH		 2200 case HCI_OP_WRITE_LINK_POLICY:
2201 hci_cc_write_link_policy(hdev, skb);
2202 break;
2203
e4e8e37c
MH		 2204 case HCI_OP_READ_DEF_LINK_POLICY:
2205 hci_cc_read_def_link_policy(hdev, skb);
2206 break;
2207
2208 case HCI_OP_WRITE_DEF_LINK_POLICY:
2209 hci_cc_write_def_link_policy(hdev, skb);
2210 break;
2211
a9de9248
MH		 2212 case HCI_OP_RESET:
2213 hci_cc_reset(hdev, skb);
2214 break;
2215
2216 case HCI_OP_WRITE_LOCAL_NAME:
2217 hci_cc_write_local_name(hdev, skb);
2218 break;
2219
2220 case HCI_OP_READ_LOCAL_NAME:
2221 hci_cc_read_local_name(hdev, skb);
2222 break;
2223
2224 case HCI_OP_WRITE_AUTH_ENABLE:
2225 hci_cc_write_auth_enable(hdev, skb);
2226 break;
2227
2228 case HCI_OP_WRITE_ENCRYPT_MODE:
2229 hci_cc_write_encrypt_mode(hdev, skb);
2230 break;
2231
2232 case HCI_OP_WRITE_SCAN_ENABLE:
2233 hci_cc_write_scan_enable(hdev, skb);
2234 break;
2235
2236 case HCI_OP_READ_CLASS_OF_DEV:
2237 hci_cc_read_class_of_dev(hdev, skb);
2238 break;
2239
2240 case HCI_OP_WRITE_CLASS_OF_DEV:
2241 hci_cc_write_class_of_dev(hdev, skb);
2242 break;
2243
2244 case HCI_OP_READ_VOICE_SETTING:
2245 hci_cc_read_voice_setting(hdev, skb);
2246 break;
2247
2248 case HCI_OP_WRITE_VOICE_SETTING:
2249 hci_cc_write_voice_setting(hdev, skb);
2250 break;
2251
2252 case HCI_OP_HOST_BUFFER_SIZE:
2253 hci_cc_host_buffer_size(hdev, skb);
2254 break;
2255
333140b5
MH		 2256 case HCI_OP_WRITE_SSP_MODE:
2257 hci_cc_write_ssp_mode(hdev, skb);
2258 break;
2259
a9de9248
MH		 2260 case HCI_OP_READ_LOCAL_VERSION:
2261 hci_cc_read_local_version(hdev, skb);
2262 break;
2263
2264 case HCI_OP_READ_LOCAL_COMMANDS:
2265 hci_cc_read_local_commands(hdev, skb);
2266 break;
2267
2268 case HCI_OP_READ_LOCAL_FEATURES:
2269 hci_cc_read_local_features(hdev, skb);
2270 break;
2271
971e3a4b
AG		 2272 case HCI_OP_READ_LOCAL_EXT_FEATURES:
2273 hci_cc_read_local_ext_features(hdev, skb);
2274 break;
2275
a9de9248
MH		 2276 case HCI_OP_READ_BUFFER_SIZE:
2277 hci_cc_read_buffer_size(hdev, skb);
2278 break;
2279
2280 case HCI_OP_READ_BD_ADDR:
2281 hci_cc_read_bd_addr(hdev, skb);
2282 break;
2283
350ee4cf
AE		 2284 case HCI_OP_READ_DATA_BLOCK_SIZE:
2285 hci_cc_read_data_block_size(hdev, skb);
2286 break;
2287
23bb5763
JH		 2288 case HCI_OP_WRITE_CA_TIMEOUT:
2289 hci_cc_write_ca_timeout(hdev, skb);
2290 break;
2291
1e89cffb
AE		 2292 case HCI_OP_READ_FLOW_CONTROL_MODE:
2293 hci_cc_read_flow_control_mode(hdev, skb);
2294 break;
2295
928abaa7
AE		 2296 case HCI_OP_READ_LOCAL_AMP_INFO:
2297 hci_cc_read_local_amp_info(hdev, skb);
2298 break;
2299
b0916ea0
JH		 2300 case HCI_OP_DELETE_STORED_LINK_KEY:
2301 hci_cc_delete_stored_link_key(hdev, skb);
2302 break;
2303
d5859e22
JH		 2304 case HCI_OP_SET_EVENT_MASK:
2305 hci_cc_set_event_mask(hdev, skb);
2306 break;
2307
2308 case HCI_OP_WRITE_INQUIRY_MODE:
2309 hci_cc_write_inquiry_mode(hdev, skb);
2310 break;
2311
2312 case HCI_OP_READ_INQ_RSP_TX_POWER:
2313 hci_cc_read_inq_rsp_tx_power(hdev, skb);
2314 break;
2315
2316 case HCI_OP_SET_EVENT_FLT:
2317 hci_cc_set_event_flt(hdev, skb);
2318 break;
2319
980e1a53
JH		 2320 case HCI_OP_PIN_CODE_REPLY:
2321 hci_cc_pin_code_reply(hdev, skb);
2322 break;
2323
2324 case HCI_OP_PIN_CODE_NEG_REPLY:
2325 hci_cc_pin_code_neg_reply(hdev, skb);
2326 break;
2327
c35938b2
SJ		 2328 case HCI_OP_READ_LOCAL_OOB_DATA:
2329 hci_cc_read_local_oob_data_reply(hdev, skb);
2330 break;
2331
6ed58ec5
VT		 2332 case HCI_OP_LE_READ_BUFFER_SIZE:
2333 hci_cc_le_read_buffer_size(hdev, skb);
2334 break;
2335
a5c29683
JH		 2336 case HCI_OP_USER_CONFIRM_REPLY:
2337 hci_cc_user_confirm_reply(hdev, skb);
2338 break;
2339
2340 case HCI_OP_USER_CONFIRM_NEG_REPLY:
2341 hci_cc_user_confirm_neg_reply(hdev, skb);
2342 break;
2343
1143d458
BG		 2344 case HCI_OP_USER_PASSKEY_REPLY:
2345 hci_cc_user_passkey_reply(hdev, skb);
2346 break;
2347
2348 case HCI_OP_USER_PASSKEY_NEG_REPLY:
2349 hci_cc_user_passkey_neg_reply(hdev, skb);
16cde993 2350 break;
07f7fa5d
AG		 2351
2352 case HCI_OP_LE_SET_SCAN_PARAM:
2353 hci_cc_le_set_scan_param(hdev, skb);
1143d458
BG		 2354 break;
2355
eb9d91f5
AG		 2356 case HCI_OP_LE_SET_SCAN_ENABLE:
2357 hci_cc_le_set_scan_enable(hdev, skb);
2358 break;
2359
a7a595f6
VCG		 2360 case HCI_OP_LE_LTK_REPLY:
2361 hci_cc_le_ltk_reply(hdev, skb);
2362 break;
2363
2364 case HCI_OP_LE_LTK_NEG_REPLY:
2365 hci_cc_le_ltk_neg_reply(hdev, skb);
2366 break;
2367
f9b49306
AG		 2368 case HCI_OP_WRITE_LE_HOST_SUPPORTED:
2369 hci_cc_write_le_host_supported(hdev, skb);
2370 break;
2371
a9de9248
MH		 2372 default:
2373 BT_DBG("%s opcode 0x%x", hdev->name, opcode);
2374 break;
2375 }
2376
6bd32326
VT		 2377 if (ev->opcode != HCI_OP_NOP)
2378 del_timer(&hdev->cmd_timer);
2379
a9de9248
MH		 2380 if (ev->ncmd) {
2381 atomic_set(&hdev->cmd_cnt, 1);
2382 if (!skb_queue_empty(&hdev->cmd_q))
c347b765 2383 queue_work(hdev->workqueue, &hdev->cmd_work);
a9de9248
MH		 2384 }
2385}
2386
2387static inline void hci_cmd_status_evt(struct hci_dev *hdev, struct sk_buff *skb)
2388{
2389 struct hci_ev_cmd_status *ev = (void *) skb->data;
2390 __u16 opcode;
2391
2392 skb_pull(skb, sizeof(*ev));
2393
2394 opcode = __le16_to_cpu(ev->opcode);
2395
2396 switch (opcode) {
2397 case HCI_OP_INQUIRY:
2398 hci_cs_inquiry(hdev, ev->status);
2399 break;
2400
2401 case HCI_OP_CREATE_CONN:
2402 hci_cs_create_conn(hdev, ev->status);
2403 break;
2404
2405 case HCI_OP_ADD_SCO:
2406 hci_cs_add_sco(hdev, ev->status);
2407 break;
2408
f8558555
MH		 2409 case HCI_OP_AUTH_REQUESTED:
2410 hci_cs_auth_requested(hdev, ev->status);
2411 break;
2412
2413 case HCI_OP_SET_CONN_ENCRYPT:
2414 hci_cs_set_conn_encrypt(hdev, ev->status);
2415 break;
2416
a9de9248
MH		 2417 case HCI_OP_REMOTE_NAME_REQ:
2418 hci_cs_remote_name_req(hdev, ev->status);
2419 break;
2420
769be974
MH		 2421 case HCI_OP_READ_REMOTE_FEATURES:
2422 hci_cs_read_remote_features(hdev, ev->status);
2423 break;
2424
2425 case HCI_OP_READ_REMOTE_EXT_FEATURES:
2426 hci_cs_read_remote_ext_features(hdev, ev->status);
2427 break;
2428
a9de9248
MH		 2429 case HCI_OP_SETUP_SYNC_CONN:
2430 hci_cs_setup_sync_conn(hdev, ev->status);
2431 break;
2432
2433 case HCI_OP_SNIFF_MODE:
2434 hci_cs_sniff_mode(hdev, ev->status);
2435 break;
2436
2437 case HCI_OP_EXIT_SNIFF_MODE:
2438 hci_cs_exit_sniff_mode(hdev, ev->status);
2439 break;
2440
8962ee74 2441 case HCI_OP_DISCONNECT:
88c3df13 2442 hci_cs_disconnect(hdev, ev->status);
8962ee74
JH		 2443 break;
2444
fcd89c09
VT		 2445 case HCI_OP_LE_CREATE_CONN:
2446 hci_cs_le_create_conn(hdev, ev->status);
2447 break;
2448
a7a595f6
VCG		 2449 case HCI_OP_LE_START_ENC:
2450 hci_cs_le_start_enc(hdev, ev->status);
2451 break;
2452
a9de9248
MH		 2453 default:
2454 BT_DBG("%s opcode 0x%x", hdev->name, opcode);
2455 break;
2456 }
2457
6bd32326
VT		 2458 if (ev->opcode != HCI_OP_NOP)
2459 del_timer(&hdev->cmd_timer);
2460
10572132 2461 if (ev->ncmd && !test_bit(HCI_RESET, &hdev->flags)) {
a9de9248
MH		 2462 atomic_set(&hdev->cmd_cnt, 1);
2463 if (!skb_queue_empty(&hdev->cmd_q))
c347b765 2464 queue_work(hdev->workqueue, &hdev->cmd_work);
a9de9248
MH		 2465 }
2466}
2467
2468static inline void hci_role_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2469{
2470 struct hci_ev_role_change *ev = (void *) skb->data;
2471 struct hci_conn *conn;
2472
2473 BT_DBG("%s status %d", hdev->name, ev->status);
2474
2475 hci_dev_lock(hdev);
2476
2477 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2478 if (conn) {
2479 if (!ev->status) {
2480 if (ev->role)
2481 conn->link_mode &= ~HCI_LM_MASTER;
2482 else
2483 conn->link_mode |= HCI_LM_MASTER;
2484 }
2485
51a8efd7 2486 clear_bit(HCI_CONN_RSWITCH_PEND, &conn->flags);
a9de9248
MH		 2487
2488 hci_role_switch_cfm(conn, ev->status, ev->role);
2489 }
2490
2491 hci_dev_unlock(hdev);
2492}
2493
2494static inline void hci_num_comp_pkts_evt(struct hci_dev *hdev, struct sk_buff *skb)
2495{
2496 struct hci_ev_num_comp_pkts *ev = (void *) skb->data;
a9de9248
MH		 2497 int i;
2498
32ac5b9b
AE		 2499 if (hdev->flow_ctl_mode != HCI_FLOW_CTL_MODE_PACKET_BASED) {
2500 BT_ERR("Wrong event for mode %d", hdev->flow_ctl_mode);
2501 return;
2502 }
2503
c5993de8
AE		 2504 if (skb->len < sizeof(*ev) || skb->len < sizeof(*ev) +
2505 ev->num_hndl * sizeof(struct hci_comp_pkts_info)) {
a9de9248
MH		 2506 BT_DBG("%s bad parameters", hdev->name);
2507 return;
2508 }
2509
c5993de8
AE		 2510 BT_DBG("%s num_hndl %d", hdev->name, ev->num_hndl);
2511
613a1c0c
AE		 2512 for (i = 0; i < ev->num_hndl; i++) {
2513 struct hci_comp_pkts_info *info = &ev->handles[i];
a9de9248
MH		 2514 struct hci_conn *conn;
2515 __u16 handle, count;
2516
613a1c0c
AE		 2517 handle = __le16_to_cpu(info->handle);
2518 count = __le16_to_cpu(info->count);
a9de9248
MH		 2519
2520 conn = hci_conn_hash_lookup_handle(hdev, handle);
f4280918
AE		 2521 if (!conn)
2522 continue;
2523
2524 conn->sent -= count;
2525
2526 switch (conn->type) {
2527 case ACL_LINK:
2528 hdev->acl_cnt += count;
2529 if (hdev->acl_cnt > hdev->acl_pkts)
2530 hdev->acl_cnt = hdev->acl_pkts;
2531 break;
2532
2533 case LE_LINK:
2534 if (hdev->le_pkts) {
2535 hdev->le_cnt += count;
2536 if (hdev->le_cnt > hdev->le_pkts)
2537 hdev->le_cnt = hdev->le_pkts;
2538 } else {
70f23020
AE		 2539 hdev->acl_cnt += count;
2540 if (hdev->acl_cnt > hdev->acl_pkts)
a9de9248 2541 hdev->acl_cnt = hdev->acl_pkts;
a9de9248 2542 }
f4280918
AE		 2543 break;
2544
2545 case SCO_LINK:
2546 hdev->sco_cnt += count;
2547 if (hdev->sco_cnt > hdev->sco_pkts)
2548 hdev->sco_cnt = hdev->sco_pkts;
2549 break;
2550
2551 default:
2552 BT_ERR("Unknown type %d conn %p", conn->type, conn);
2553 break;
a9de9248
MH		 2554 }
2555 }
2556
3eff45ea 2557 queue_work(hdev->workqueue, &hdev->tx_work);
a9de9248
MH		 2558}
2559
25e89e99 2560static inline void hci_num_comp_blocks_evt(struct hci_dev *hdev,
04124681 2561 struct sk_buff *skb)
25e89e99
AE		 2562{
2563 struct hci_ev_num_comp_blocks *ev = (void *) skb->data;
2564 int i;
2565
2566 if (hdev->flow_ctl_mode != HCI_FLOW_CTL_MODE_BLOCK_BASED) {
2567 BT_ERR("Wrong event for mode %d", hdev->flow_ctl_mode);
2568 return;
2569 }
2570
2571 if (skb->len < sizeof(*ev) || skb->len < sizeof(*ev) +
2572 ev->num_hndl * sizeof(struct hci_comp_blocks_info)) {
2573 BT_DBG("%s bad parameters", hdev->name);
2574 return;
2575 }
2576
2577 BT_DBG("%s num_blocks %d num_hndl %d", hdev->name, ev->num_blocks,
2578 ev->num_hndl);
2579
2580 for (i = 0; i < ev->num_hndl; i++) {
2581 struct hci_comp_blocks_info *info = &ev->handles[i];
2582 struct hci_conn *conn;
2583 __u16 handle, block_count;
2584
2585 handle = __le16_to_cpu(info->handle);
2586 block_count = __le16_to_cpu(info->blocks);
2587
2588 conn = hci_conn_hash_lookup_handle(hdev, handle);
2589 if (!conn)
2590 continue;
2591
2592 conn->sent -= block_count;
2593
2594 switch (conn->type) {
2595 case ACL_LINK:
2596 hdev->block_cnt += block_count;
2597 if (hdev->block_cnt > hdev->num_blocks)
2598 hdev->block_cnt = hdev->num_blocks;
2599 break;
2600
2601 default:
2602 BT_ERR("Unknown type %d conn %p", conn->type, conn);
2603 break;
2604 }
2605 }
2606
2607 queue_work(hdev->workqueue, &hdev->tx_work);
2608}
2609
a9de9248 2610static inline void hci_mode_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
04837f64 2611{
a9de9248 2612 struct hci_ev_mode_change *ev = (void *) skb->data;
04837f64
MH		 2613 struct hci_conn *conn;
2614
2615 BT_DBG("%s status %d", hdev->name, ev->status);
2616
2617 hci_dev_lock(hdev);
2618
2619 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
a9de9248
MH		 2620 if (conn) {
2621 conn->mode = ev->mode;
2622 conn->interval = __le16_to_cpu(ev->interval);
2623
51a8efd7 2624 if (!test_and_clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags)) {
a9de9248 2625 if (conn->mode == HCI_CM_ACTIVE)
58a681ef 2626 set_bit(HCI_CONN_POWER_SAVE, &conn->flags);
a9de9248 2627 else
58a681ef 2628 clear_bit(HCI_CONN_POWER_SAVE, &conn->flags);
a9de9248 2629 }
e73439d8 2630
51a8efd7 2631 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
e73439d8 2632 hci_sco_setup(conn, ev->status);
04837f64
MH		 2633 }
2634
2635 hci_dev_unlock(hdev);
2636}
2637
a9de9248
MH		 2638static inline void hci_pin_code_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
2639{
052b30b0
MH		 2640 struct hci_ev_pin_code_req *ev = (void *) skb->data;
2641 struct hci_conn *conn;
2642
a9de9248 2643 BT_DBG("%s", hdev->name);
052b30b0
MH		 2644
2645 hci_dev_lock(hdev);
2646
2647 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
b6f98044
WR		 2648 if (!conn)
2649 goto unlock;
2650
2651 if (conn->state == BT_CONNECTED) {
052b30b0
MH		 2652 hci_conn_hold(conn);
2653 conn->disc_timeout = HCI_PAIRING_TIMEOUT;
2654 hci_conn_put(conn);
2655 }
2656
a8b2d5c2 2657 if (!test_bit(HCI_PAIRABLE, &hdev->dev_flags))
03b555e1
JH		 2658 hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
2659 sizeof(ev->bdaddr), &ev->bdaddr);
a8b2d5c2 2660 else if (test_bit(HCI_MGMT, &hdev->dev_flags)) {
a770bb5a
WR		 2661 u8 secure;
2662
2663 if (conn->pending_sec_level == BT_SECURITY_HIGH)
2664 secure = 1;
2665 else
2666 secure = 0;
2667
744cf19e 2668 mgmt_pin_code_request(hdev, &ev->bdaddr, secure);
a770bb5a 2669 }
980e1a53 2670
b6f98044 2671unlock:
052b30b0 2672 hci_dev_unlock(hdev);
a9de9248
MH		 2673}
2674
2675static inline void hci_link_key_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
2676{
55ed8ca1
JH		 2677 struct hci_ev_link_key_req *ev = (void *) skb->data;
2678 struct hci_cp_link_key_reply cp;
2679 struct hci_conn *conn;
2680 struct link_key *key;
2681
a9de9248 2682 BT_DBG("%s", hdev->name);
55ed8ca1 2683
a8b2d5c2 2684 if (!test_bit(HCI_LINK_KEYS, &hdev->dev_flags))
55ed8ca1
JH		 2685 return;
2686
2687 hci_dev_lock(hdev);
2688
2689 key = hci_find_link_key(hdev, &ev->bdaddr);
2690 if (!key) {
2691 BT_DBG("%s link key not found for %s", hdev->name,
2692 batostr(&ev->bdaddr));
2693 goto not_found;
2694 }
2695
2696 BT_DBG("%s found key type %u for %s", hdev->name, key->type,
2697 batostr(&ev->bdaddr));
2698
a8b2d5c2 2699 if (!test_bit(HCI_DEBUG_KEYS, &hdev->dev_flags) &&
b6020ba0 2700 key->type == HCI_LK_DEBUG_COMBINATION) {
55ed8ca1
JH		 2701 BT_DBG("%s ignoring debug key", hdev->name);
2702 goto not_found;
2703 }
2704
2705 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
60b83f57
WR		 2706 if (conn) {
2707 if (key->type == HCI_LK_UNAUTH_COMBINATION &&
2708 conn->auth_type != 0xff &&
2709 (conn->auth_type & 0x01)) {
2710 BT_DBG("%s ignoring unauthenticated key", hdev->name);
2711 goto not_found;
2712 }
55ed8ca1 2713
60b83f57
WR		 2714 if (key->type == HCI_LK_COMBINATION && key->pin_len < 16 &&
2715 conn->pending_sec_level == BT_SECURITY_HIGH) {
2716 BT_DBG("%s ignoring key unauthenticated for high \
2717 security", hdev->name);
2718 goto not_found;
2719 }
2720
2721 conn->key_type = key->type;
2722 conn->pin_length = key->pin_len;
55ed8ca1
JH		 2723 }
2724
2725 bacpy(&cp.bdaddr, &ev->bdaddr);
2726 memcpy(cp.link_key, key->val, 16);
2727
2728 hci_send_cmd(hdev, HCI_OP_LINK_KEY_REPLY, sizeof(cp), &cp);
2729
2730 hci_dev_unlock(hdev);
2731
2732 return;
2733
2734not_found:
2735 hci_send_cmd(hdev, HCI_OP_LINK_KEY_NEG_REPLY, 6, &ev->bdaddr);
2736 hci_dev_unlock(hdev);
a9de9248
MH		 2737}
2738
2739static inline void hci_link_key_notify_evt(struct hci_dev *hdev, struct sk_buff *skb)
2740{
052b30b0
MH		 2741 struct hci_ev_link_key_notify *ev = (void *) skb->data;
2742 struct hci_conn *conn;
55ed8ca1 2743 u8 pin_len = 0;
052b30b0 2744
a9de9248 2745 BT_DBG("%s", hdev->name);
052b30b0
MH		 2746
2747 hci_dev_lock(hdev);
2748
2749 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2750 if (conn) {
2751 hci_conn_hold(conn);
2752 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
980e1a53 2753 pin_len = conn->pin_length;
13d39315
WR		 2754
2755 if (ev->key_type != HCI_LK_CHANGED_COMBINATION)
2756 conn->key_type = ev->key_type;
2757
052b30b0
MH		 2758 hci_conn_put(conn);
2759 }
2760
a8b2d5c2 2761 if (test_bit(HCI_LINK_KEYS, &hdev->dev_flags))
d25e28ab 2762 hci_add_link_key(hdev, conn, 1, &ev->bdaddr, ev->link_key,
55ed8ca1
JH		 2763 ev->key_type, pin_len);
2764
052b30b0 2765 hci_dev_unlock(hdev);
a9de9248
MH		 2766}
2767
1da177e4
LT		 2768static inline void hci_clock_offset_evt(struct hci_dev *hdev, struct sk_buff *skb)
2769{
a9de9248 2770 struct hci_ev_clock_offset *ev = (void *) skb->data;
04837f64 2771 struct hci_conn *conn;
1da177e4
LT		 2772
2773 BT_DBG("%s status %d", hdev->name, ev->status);
2774
2775 hci_dev_lock(hdev);
2776
04837f64 2777 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1da177e4
LT		 2778 if (conn && !ev->status) {
2779 struct inquiry_entry *ie;
2780
cc11b9c1
AE		 2781 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
2782 if (ie) {
1da177e4
LT		 2783 ie->data.clock_offset = ev->clock_offset;
2784 ie->timestamp = jiffies;
2785 }
2786 }
2787
2788 hci_dev_unlock(hdev);
2789}
2790
a8746417
MH		 2791static inline void hci_pkt_type_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2792{
2793 struct hci_ev_pkt_type_change *ev = (void *) skb->data;
2794 struct hci_conn *conn;
2795
2796 BT_DBG("%s status %d", hdev->name, ev->status);
2797
2798 hci_dev_lock(hdev);
2799
2800 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2801 if (conn && !ev->status)
2802 conn->pkt_type = __le16_to_cpu(ev->pkt_type);
2803
2804 hci_dev_unlock(hdev);
2805}
2806
85a1e930
MH		 2807static inline void hci_pscan_rep_mode_evt(struct hci_dev *hdev, struct sk_buff *skb)
2808{
a9de9248 2809 struct hci_ev_pscan_rep_mode *ev = (void *) skb->data;
85a1e930
MH		 2810 struct inquiry_entry *ie;
2811
2812 BT_DBG("%s", hdev->name);
2813
2814 hci_dev_lock(hdev);
2815
cc11b9c1
AE		 2816 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
2817 if (ie) {
85a1e930
MH		 2818 ie->data.pscan_rep_mode = ev->pscan_rep_mode;
2819 ie->timestamp = jiffies;
2820 }
2821
2822 hci_dev_unlock(hdev);
2823}
2824
a9de9248
MH		 2825static inline void hci_inquiry_result_with_rssi_evt(struct hci_dev *hdev, struct sk_buff *skb)
2826{
2827 struct inquiry_data data;
2828 int num_rsp = *((__u8 *) skb->data);
388fc8fa 2829 bool name_known, ssp;
a9de9248
MH		 2830
2831 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
2832
2833 if (!num_rsp)
2834 return;
2835
1519cc17
AG		 2836 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags))
2837 return;
2838
a9de9248
MH		 2839 hci_dev_lock(hdev);
2840
2841 if ((skb->len - 1) / num_rsp != sizeof(struct inquiry_info_with_rssi)) {
138d22ef
SJ		 2842 struct inquiry_info_with_rssi_and_pscan_mode *info;
2843 info = (void *) (skb->data + 1);
a9de9248 2844
e17acd40 2845 for (; num_rsp; num_rsp--, info++) {
a9de9248
MH		 2846 bacpy(&data.bdaddr, &info->bdaddr);
2847 data.pscan_rep_mode = info->pscan_rep_mode;
2848 data.pscan_period_mode = info->pscan_period_mode;
2849 data.pscan_mode = info->pscan_mode;
2850 memcpy(data.dev_class, info->dev_class, 3);
2851 data.clock_offset = info->clock_offset;
2852 data.rssi = info->rssi;
41a96212 2853 data.ssp_mode = 0x00;
3175405b
JH		 2854
2855 name_known = hci_inquiry_cache_update(hdev, &data,
04124681 2856 false, &ssp);
48264f06 2857 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
04124681
GP		 2858 info->dev_class, info->rssi,
2859 !name_known, ssp, NULL, 0);
a9de9248
MH		 2860 }
2861 } else {
2862 struct inquiry_info_with_rssi *info = (void *) (skb->data + 1);
2863
e17acd40 2864 for (; num_rsp; num_rsp--, info++) {
a9de9248
MH		 2865 bacpy(&data.bdaddr, &info->bdaddr);
2866 data.pscan_rep_mode = info->pscan_rep_mode;
2867 data.pscan_period_mode = info->pscan_period_mode;
2868 data.pscan_mode = 0x00;
2869 memcpy(data.dev_class, info->dev_class, 3);
2870 data.clock_offset = info->clock_offset;
2871 data.rssi = info->rssi;
41a96212 2872 data.ssp_mode = 0x00;
3175405b 2873 name_known = hci_inquiry_cache_update(hdev, &data,
04124681 2874 false, &ssp);
48264f06 2875 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
04124681
GP		 2876 info->dev_class, info->rssi,
2877 !name_known, ssp, NULL, 0);
a9de9248
MH		 2878 }
2879 }
2880
2881 hci_dev_unlock(hdev);
2882}
2883
2884static inline void hci_remote_ext_features_evt(struct hci_dev *hdev, struct sk_buff *skb)
2885{
41a96212
MH		 2886 struct hci_ev_remote_ext_features *ev = (void *) skb->data;
2887 struct hci_conn *conn;
2888
a9de9248 2889 BT_DBG("%s", hdev->name);
41a96212 2890
41a96212
MH		 2891 hci_dev_lock(hdev);
2892
2893 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
ccd556fe
JH		 2894 if (!conn)
2895 goto unlock;
41a96212 2896
ccd556fe
JH		 2897 if (!ev->status && ev->page == 0x01) {
2898 struct inquiry_entry *ie;
41a96212 2899
cc11b9c1
AE		 2900 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
2901 if (ie)
02b7cc62 2902 ie->data.ssp_mode = (ev->features[0] & LMP_HOST_SSP);
769be974 2903
02b7cc62 2904 if (ev->features[0] & LMP_HOST_SSP)
58a681ef 2905 set_bit(HCI_CONN_SSP_ENABLED, &conn->flags);
ccd556fe
JH		 2906 }
2907
2908 if (conn->state != BT_CONFIG)
2909 goto unlock;
2910
671267bf 2911 if (!ev->status && !test_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags)) {
127178d2
JH		 2912 struct hci_cp_remote_name_req cp;
2913 memset(&cp, 0, sizeof(cp));
2914 bacpy(&cp.bdaddr, &conn->dst);
2915 cp.pscan_rep_mode = 0x02;
2916 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
b644ba33
JH		 2917 } else if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
2918 mgmt_device_connected(hdev, &conn->dst, conn->type,
04124681
GP		 2919 conn->dst_type, 0, NULL, 0,
2920 conn->dev_class);
392599b9 2921
127178d2 2922 if (!hci_outgoing_auth_needed(hdev, conn)) {
ccd556fe
JH		 2923 conn->state = BT_CONNECTED;
2924 hci_proto_connect_cfm(conn, ev->status);
2925 hci_conn_put(conn);
41a96212
MH		 2926 }
2927
ccd556fe 2928unlock:
41a96212 2929 hci_dev_unlock(hdev);
a9de9248
MH		 2930}
2931
2932static inline void hci_sync_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2933{
b6a0dc82
MH		 2934 struct hci_ev_sync_conn_complete *ev = (void *) skb->data;
2935 struct hci_conn *conn;
2936
2937 BT_DBG("%s status %d", hdev->name, ev->status);
2938
2939 hci_dev_lock(hdev);
2940
2941 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
9dc0a3af
MH		 2942 if (!conn) {
2943 if (ev->link_type == ESCO_LINK)
2944 goto unlock;
2945
2946 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
2947 if (!conn)
2948 goto unlock;
2949
2950 conn->type = SCO_LINK;
2951 }
b6a0dc82 2952
732547f9
MH		 2953 switch (ev->status) {
2954 case 0x00:
b6a0dc82
MH		 2955 conn->handle = __le16_to_cpu(ev->handle);
2956 conn->state = BT_CONNECTED;
7d0db0a3 2957
9eba32b8 2958 hci_conn_hold_device(conn);
7d0db0a3 2959 hci_conn_add_sysfs(conn);
732547f9
MH		 2960 break;
2961
705e5711 2962 case 0x11: /* Unsupported Feature or Parameter Value */
732547f9 2963 case 0x1c: /* SCO interval rejected */
1038a00b 2964 case 0x1a: /* Unsupported Remote Feature */
732547f9
MH		 2965 case 0x1f: /* Unspecified error */
2966 if (conn->out && conn->attempt < 2) {
2967 conn->pkt_type = (hdev->esco_type & SCO_ESCO_MASK) |
2968 (hdev->esco_type & EDR_ESCO_MASK);
2969 hci_setup_sync(conn, conn->link->handle);
2970 goto unlock;
2971 }
2972 /* fall through */
2973
2974 default:
b6a0dc82 2975 conn->state = BT_CLOSED;
732547f9
MH		 2976 break;
2977 }
b6a0dc82
MH		 2978
2979 hci_proto_connect_cfm(conn, ev->status);
2980 if (ev->status)
2981 hci_conn_del(conn);
2982
2983unlock:
2984 hci_dev_unlock(hdev);
a9de9248
MH		 2985}
2986
2987static inline void hci_sync_conn_changed_evt(struct hci_dev *hdev, struct sk_buff *skb)
2988{
2989 BT_DBG("%s", hdev->name);
2990}
2991
04837f64
MH		 2992static inline void hci_sniff_subrate_evt(struct hci_dev *hdev, struct sk_buff *skb)
2993{
a9de9248 2994 struct hci_ev_sniff_subrate *ev = (void *) skb->data;
04837f64
MH		 2995
2996 BT_DBG("%s status %d", hdev->name, ev->status);
04837f64
MH		 2997}
2998
a9de9248 2999static inline void hci_extended_inquiry_result_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 3000{
a9de9248
MH		 3001 struct inquiry_data data;
3002 struct extended_inquiry_info *info = (void *) (skb->data + 1);
3003 int num_rsp = *((__u8 *) skb->data);
1da177e4 3004
a9de9248 3005 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
1da177e4 3006
a9de9248
MH		 3007 if (!num_rsp)
3008 return;
1da177e4 3009
1519cc17
AG		 3010 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags))
3011 return;
3012
a9de9248
MH		 3013 hci_dev_lock(hdev);
3014
e17acd40 3015 for (; num_rsp; num_rsp--, info++) {
388fc8fa 3016 bool name_known, ssp;
561aafbc 3017
a9de9248 3018 bacpy(&data.bdaddr, &info->bdaddr);
138d22ef
SJ		 3019 data.pscan_rep_mode = info->pscan_rep_mode;
3020 data.pscan_period_mode = info->pscan_period_mode;
3021 data.pscan_mode = 0x00;
a9de9248 3022 memcpy(data.dev_class, info->dev_class, 3);
138d22ef
SJ		 3023 data.clock_offset = info->clock_offset;
3024 data.rssi = info->rssi;
41a96212 3025 data.ssp_mode = 0x01;
561aafbc 3026
a8b2d5c2 3027 if (test_bit(HCI_MGMT, &hdev->dev_flags))
4ddb1930 3028 name_known = eir_has_data_type(info->data,
04124681
GP		 3029 sizeof(info->data),
3030 EIR_NAME_COMPLETE);
561aafbc
JH		 3031 else
3032 name_known = true;
3033
388fc8fa 3034 name_known = hci_inquiry_cache_update(hdev, &data, name_known,
04124681 3035 &ssp);
48264f06 3036 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
04124681
GP		 3037 info->dev_class, info->rssi, !name_known,
3038 ssp, info->data, sizeof(info->data));
a9de9248
MH		 3039 }
3040
3041 hci_dev_unlock(hdev);
3042}
1da177e4 3043
17fa4b9d
JH		 3044static inline u8 hci_get_auth_req(struct hci_conn *conn)
3045{
3046 /* If remote requests dedicated bonding follow that lead */
3047 if (conn->remote_auth == 0x02 || conn->remote_auth == 0x03) {
3048 /* If both remote and local IO capabilities allow MITM
3049 * protection then require it, otherwise don't */
3050 if (conn->remote_cap == 0x03 || conn->io_capability == 0x03)
3051 return 0x02;
3052 else
3053 return 0x03;
3054 }
3055
3056 /* If remote requests no-bonding follow that lead */
3057 if (conn->remote_auth == 0x00 || conn->remote_auth == 0x01)
58797bf7 3058 return conn->remote_auth | (conn->auth_type & 0x01);
17fa4b9d
JH		 3059
3060 return conn->auth_type;
3061}
3062
0493684e
MH		 3063static inline void hci_io_capa_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
3064{
3065 struct hci_ev_io_capa_request *ev = (void *) skb->data;
3066 struct hci_conn *conn;
3067
3068 BT_DBG("%s", hdev->name);
3069
3070 hci_dev_lock(hdev);
3071
3072 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
03b555e1
JH		 3073 if (!conn)
3074 goto unlock;
3075
3076 hci_conn_hold(conn);
3077
a8b2d5c2 3078 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
03b555e1
JH		 3079 goto unlock;
3080
a8b2d5c2 3081 if (test_bit(HCI_PAIRABLE, &hdev->dev_flags) ||
03b555e1 3082 (conn->remote_auth & ~0x01) == HCI_AT_NO_BONDING) {
17fa4b9d
JH		 3083 struct hci_cp_io_capability_reply cp;
3084
3085 bacpy(&cp.bdaddr, &ev->bdaddr);
7a7f1e7c
HG		 3086 /* Change the IO capability from KeyboardDisplay
3087 * to DisplayYesNo as it is not supported by BT spec. */
3088 cp.capability = (conn->io_capability == 0x04) ?
3089 0x01 : conn->io_capability;
7cbc9bd9
JH		 3090 conn->auth_type = hci_get_auth_req(conn);
3091 cp.authentication = conn->auth_type;
17fa4b9d 3092
58a681ef 3093 if ((conn->out || test_bit(HCI_CONN_REMOTE_OOB, &conn->flags)) &&
ce85ee13
SJ		 3094 hci_find_remote_oob_data(hdev, &conn->dst))
3095 cp.oob_data = 0x01;
3096 else
3097 cp.oob_data = 0x00;
3098
17fa4b9d
JH		 3099 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_REPLY,
3100 sizeof(cp), &cp);
03b555e1
JH		 3101 } else {
3102 struct hci_cp_io_capability_neg_reply cp;
3103
3104 bacpy(&cp.bdaddr, &ev->bdaddr);
9f5a0d7b 3105 cp.reason = HCI_ERROR_PAIRING_NOT_ALLOWED;
0493684e 3106
03b555e1
JH		 3107 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_NEG_REPLY,
3108 sizeof(cp), &cp);
3109 }
3110
3111unlock:
3112 hci_dev_unlock(hdev);
3113}
3114
3115static inline void hci_io_capa_reply_evt(struct hci_dev *hdev, struct sk_buff *skb)
3116{
3117 struct hci_ev_io_capa_reply *ev = (void *) skb->data;
3118 struct hci_conn *conn;
3119
3120 BT_DBG("%s", hdev->name);
3121
3122 hci_dev_lock(hdev);
3123
3124 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3125 if (!conn)
3126 goto unlock;
3127
03b555e1 3128 conn->remote_cap = ev->capability;
03b555e1 3129 conn->remote_auth = ev->authentication;
58a681ef
JH		 3130 if (ev->oob_data)
3131 set_bit(HCI_CONN_REMOTE_OOB, &conn->flags);
03b555e1
JH		 3132
3133unlock:
0493684e
MH		 3134 hci_dev_unlock(hdev);
3135}
3136
a5c29683
JH		 3137static inline void hci_user_confirm_request_evt(struct hci_dev *hdev,
3138 struct sk_buff *skb)
3139{
3140 struct hci_ev_user_confirm_req *ev = (void *) skb->data;
55bc1a37 3141 int loc_mitm, rem_mitm, confirm_hint = 0;
7a828908 3142 struct hci_conn *conn;
a5c29683
JH		 3143
3144 BT_DBG("%s", hdev->name);
3145
3146 hci_dev_lock(hdev);
3147
a8b2d5c2 3148 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
7a828908 3149 goto unlock;
a5c29683 3150
7a828908
JH		 3151 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3152 if (!conn)
3153 goto unlock;
3154
3155 loc_mitm = (conn->auth_type & 0x01);
3156 rem_mitm = (conn->remote_auth & 0x01);
3157
3158 /* If we require MITM but the remote device can't provide that
3159 * (it has NoInputNoOutput) then reject the confirmation
3160 * request. The only exception is when we're dedicated bonding
3161 * initiators (connect_cfm_cb set) since then we always have the MITM
3162 * bit set. */
3163 if (!conn->connect_cfm_cb && loc_mitm && conn->remote_cap == 0x03) {
3164 BT_DBG("Rejecting request: remote device can't provide MITM");
3165 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_NEG_REPLY,
3166 sizeof(ev->bdaddr), &ev->bdaddr);
3167 goto unlock;
3168 }
3169
3170 /* If no side requires MITM protection; auto-accept */
3171 if ((!loc_mitm || conn->remote_cap == 0x03) &&
3172 (!rem_mitm || conn->io_capability == 0x03)) {
55bc1a37
JH		 3173
3174 /* If we're not the initiators request authorization to
3175 * proceed from user space (mgmt_user_confirm with
3176 * confirm_hint set to 1). */
51a8efd7 3177 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
55bc1a37
JH		 3178 BT_DBG("Confirming auto-accept as acceptor");
3179 confirm_hint = 1;
3180 goto confirm;
3181 }
3182
9f61656a
JH		 3183 BT_DBG("Auto-accept of user confirmation with %ums delay",
3184 hdev->auto_accept_delay);
3185
3186 if (hdev->auto_accept_delay > 0) {
3187 int delay = msecs_to_jiffies(hdev->auto_accept_delay);
3188 mod_timer(&conn->auto_accept_timer, jiffies + delay);
3189 goto unlock;
3190 }
3191
7a828908
JH		 3192 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_REPLY,
3193 sizeof(ev->bdaddr), &ev->bdaddr);
3194 goto unlock;
3195 }
3196
55bc1a37 3197confirm:
272d90df 3198 mgmt_user_confirm_request(hdev, &ev->bdaddr, ACL_LINK, 0, ev->passkey,
04124681 3199 confirm_hint);
7a828908
JH		 3200
3201unlock:
a5c29683
JH		 3202 hci_dev_unlock(hdev);
3203}
3204
1143d458
BG		 3205static inline void hci_user_passkey_request_evt(struct hci_dev *hdev,
3206 struct sk_buff *skb)
3207{
3208 struct hci_ev_user_passkey_req *ev = (void *) skb->data;
3209
3210 BT_DBG("%s", hdev->name);
3211
3212 hci_dev_lock(hdev);
3213
a8b2d5c2 3214 if (test_bit(HCI_MGMT, &hdev->dev_flags))
272d90df 3215 mgmt_user_passkey_request(hdev, &ev->bdaddr, ACL_LINK, 0);
1143d458
BG		 3216
3217 hci_dev_unlock(hdev);
3218}
3219
0493684e
MH		 3220static inline void hci_simple_pair_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
3221{
3222 struct hci_ev_simple_pair_complete *ev = (void *) skb->data;
3223 struct hci_conn *conn;
3224
3225 BT_DBG("%s", hdev->name);
3226
3227 hci_dev_lock(hdev);
3228
3229 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2a611692
JH		 3230 if (!conn)
3231 goto unlock;
3232
3233 /* To avoid duplicate auth_failed events to user space we check
3234 * the HCI_CONN_AUTH_PEND flag which will be set if we
3235 * initiated the authentication. A traditional auth_complete
3236 * event gets always produced as initiator and is also mapped to
3237 * the mgmt_auth_failed event */
51a8efd7 3238 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->flags) && ev->status != 0)
bab73cb6 3239 mgmt_auth_failed(hdev, &conn->dst, conn->type, conn->dst_type,
04124681 3240 ev->status);
0493684e 3241
2a611692
JH		 3242 hci_conn_put(conn);
3243
3244unlock:
0493684e
MH		 3245 hci_dev_unlock(hdev);
3246}
3247
41a96212
MH		 3248static inline void hci_remote_host_features_evt(struct hci_dev *hdev, struct sk_buff *skb)
3249{
3250 struct hci_ev_remote_host_features *ev = (void *) skb->data;
3251 struct inquiry_entry *ie;
3252
3253 BT_DBG("%s", hdev->name);
3254
3255 hci_dev_lock(hdev);
3256
cc11b9c1
AE		 3257 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
3258 if (ie)
02b7cc62 3259 ie->data.ssp_mode = (ev->features[0] & LMP_HOST_SSP);
41a96212
MH		 3260
3261 hci_dev_unlock(hdev);
3262}
3263
2763eda6 3264static inline void hci_remote_oob_data_request_evt(struct hci_dev *hdev,
04124681 3265 struct sk_buff *skb)
2763eda6
SJ		 3266{
3267 struct hci_ev_remote_oob_data_request *ev = (void *) skb->data;
3268 struct oob_data *data;
3269
3270 BT_DBG("%s", hdev->name);
3271
3272 hci_dev_lock(hdev);
3273
a8b2d5c2 3274 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
e1ba1f15
SJ		 3275 goto unlock;
3276
2763eda6
SJ		 3277 data = hci_find_remote_oob_data(hdev, &ev->bdaddr);
3278 if (data) {
3279 struct hci_cp_remote_oob_data_reply cp;
3280
3281 bacpy(&cp.bdaddr, &ev->bdaddr);
3282 memcpy(cp.hash, data->hash, sizeof(cp.hash));
3283 memcpy(cp.randomizer, data->randomizer, sizeof(cp.randomizer));
3284
3285 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_REPLY, sizeof(cp),
3286 &cp);
3287 } else {
3288 struct hci_cp_remote_oob_data_neg_reply cp;
3289
3290 bacpy(&cp.bdaddr, &ev->bdaddr);
3291 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_NEG_REPLY, sizeof(cp),
3292 &cp);
3293 }
3294
e1ba1f15 3295unlock:
2763eda6
SJ		 3296 hci_dev_unlock(hdev);
3297}
3298
fcd89c09
VT		 3299static inline void hci_le_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
3300{
3301 struct hci_ev_le_conn_complete *ev = (void *) skb->data;
3302 struct hci_conn *conn;
3303
3304 BT_DBG("%s status %d", hdev->name, ev->status);
3305
3306 hci_dev_lock(hdev);
3307
3308 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &ev->bdaddr);
b62f328b
VT		 3309 if (!conn) {
3310 conn = hci_conn_add(hdev, LE_LINK, &ev->bdaddr);
3311 if (!conn) {
3312 BT_ERR("No memory for new connection");
3313 hci_dev_unlock(hdev);
3314 return;
3315 }
29b7988a
AG		 3316
3317 conn->dst_type = ev->bdaddr_type;
b62f328b 3318 }
fcd89c09
VT		 3319
3320 if (ev->status) {
48264f06
JH		 3321 mgmt_connect_failed(hdev, &ev->bdaddr, conn->type,
3322 conn->dst_type, ev->status);
fcd89c09
VT		 3323 hci_proto_connect_cfm(conn, ev->status);
3324 conn->state = BT_CLOSED;
3325 hci_conn_del(conn);
3326 goto unlock;
3327 }
3328
b644ba33
JH		 3329 if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
3330 mgmt_device_connected(hdev, &ev->bdaddr, conn->type,
04124681 3331 conn->dst_type, 0, NULL, 0, NULL);
83bc71b4 3332
7b5c0d52 3333 conn->sec_level = BT_SECURITY_LOW;
fcd89c09
VT		 3334 conn->handle = __le16_to_cpu(ev->handle);
3335 conn->state = BT_CONNECTED;
3336
3337 hci_conn_hold_device(conn);
3338 hci_conn_add_sysfs(conn);
3339
3340 hci_proto_connect_cfm(conn, ev->status);
3341
3342unlock:
3343 hci_dev_unlock(hdev);
3344}
3345
9aa04c91
AG		 3346static inline void hci_le_adv_report_evt(struct hci_dev *hdev,
3347 struct sk_buff *skb)
3348{
e95beb41
AG		 3349 u8 num_reports = skb->data[0];
3350 void *ptr = &skb->data[1];
3c9e9195 3351 s8 rssi;
9aa04c91
AG		 3352
3353 hci_dev_lock(hdev);
3354
e95beb41
AG		 3355 while (num_reports--) {
3356 struct hci_ev_le_advertising_info *ev = ptr;
9aa04c91 3357
3c9e9195
AG		 3358 rssi = ev->data[ev->length];
3359 mgmt_device_found(hdev, &ev->bdaddr, LE_LINK, ev->bdaddr_type,
04124681 3360 NULL, rssi, 0, 1, ev->data, ev->length);
3c9e9195 3361
e95beb41 3362 ptr += sizeof(*ev) + ev->length + 1;
9aa04c91
AG		 3363 }
3364
3365 hci_dev_unlock(hdev);
3366}
3367
a7a595f6
VCG		 3368static inline void hci_le_ltk_request_evt(struct hci_dev *hdev,
3369 struct sk_buff *skb)
3370{
3371 struct hci_ev_le_ltk_req *ev = (void *) skb->data;
3372 struct hci_cp_le_ltk_reply cp;
bea710fe 3373 struct hci_cp_le_ltk_neg_reply neg;
a7a595f6 3374 struct hci_conn *conn;
c9839a11 3375 struct smp_ltk *ltk;
a7a595f6 3376
e4666881 3377 BT_DBG("%s handle %d", hdev->name, __le16_to_cpu(ev->handle));
a7a595f6
VCG		 3378
3379 hci_dev_lock(hdev);
3380
3381 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
bea710fe
VCG		 3382 if (conn == NULL)
3383 goto not_found;
a7a595f6 3384
bea710fe
VCG		 3385 ltk = hci_find_ltk(hdev, ev->ediv, ev->random);
3386 if (ltk == NULL)
3387 goto not_found;
3388
3389 memcpy(cp.ltk, ltk->val, sizeof(ltk->val));
a7a595f6 3390 cp.handle = cpu_to_le16(conn->handle);
c9839a11
VCG		 3391
3392 if (ltk->authenticated)
3393 conn->sec_level = BT_SECURITY_HIGH;
a7a595f6
VCG		 3394
3395 hci_send_cmd(hdev, HCI_OP_LE_LTK_REPLY, sizeof(cp), &cp);
3396
c9839a11
VCG		 3397 if (ltk->type & HCI_SMP_STK) {
3398 list_del(&ltk->list);
3399 kfree(ltk);
3400 }
3401
a7a595f6 3402 hci_dev_unlock(hdev);
bea710fe
VCG		 3403
3404 return;
3405
3406not_found:
3407 neg.handle = ev->handle;
3408 hci_send_cmd(hdev, HCI_OP_LE_LTK_NEG_REPLY, sizeof(neg), &neg);
3409 hci_dev_unlock(hdev);
a7a595f6
VCG		 3410}
3411
fcd89c09
VT		 3412static inline void hci_le_meta_evt(struct hci_dev *hdev, struct sk_buff *skb)
3413{
3414 struct hci_ev_le_meta *le_ev = (void *) skb->data;
3415
3416 skb_pull(skb, sizeof(*le_ev));
3417
3418 switch (le_ev->subevent) {
3419 case HCI_EV_LE_CONN_COMPLETE:
3420 hci_le_conn_complete_evt(hdev, skb);
3421 break;
3422
9aa04c91
AG		 3423 case HCI_EV_LE_ADVERTISING_REPORT:
3424 hci_le_adv_report_evt(hdev, skb);
3425 break;
3426
a7a595f6
VCG		 3427 case HCI_EV_LE_LTK_REQ:
3428 hci_le_ltk_request_evt(hdev, skb);
3429 break;
3430
fcd89c09
VT		 3431 default:
3432 break;
3433 }
3434}
3435
a9de9248
MH		 3436void hci_event_packet(struct hci_dev *hdev, struct sk_buff *skb)
3437{
3438 struct hci_event_hdr *hdr = (void *) skb->data;
3439 __u8 event = hdr->evt;
3440
3441 skb_pull(skb, HCI_EVENT_HDR_SIZE);
3442
3443 switch (event) {
1da177e4
LT		 3444 case HCI_EV_INQUIRY_COMPLETE:
3445 hci_inquiry_complete_evt(hdev, skb);
3446 break;
3447
3448 case HCI_EV_INQUIRY_RESULT:
3449 hci_inquiry_result_evt(hdev, skb);
3450 break;
3451
a9de9248
MH		 3452 case HCI_EV_CONN_COMPLETE:
3453 hci_conn_complete_evt(hdev, skb);
21d9e30e
MH		 3454 break;
3455
1da177e4
LT		 3456 case HCI_EV_CONN_REQUEST:
3457 hci_conn_request_evt(hdev, skb);
3458 break;
3459
1da177e4
LT		 3460 case HCI_EV_DISCONN_COMPLETE:
3461 hci_disconn_complete_evt(hdev, skb);
3462 break;
3463
1da177e4
LT		 3464 case HCI_EV_AUTH_COMPLETE:
3465 hci_auth_complete_evt(hdev, skb);
3466 break;
3467
a9de9248
MH		 3468 case HCI_EV_REMOTE_NAME:
3469 hci_remote_name_evt(hdev, skb);
3470 break;
3471
1da177e4
LT		 3472 case HCI_EV_ENCRYPT_CHANGE:
3473 hci_encrypt_change_evt(hdev, skb);
3474 break;
3475
a9de9248
MH		 3476 case HCI_EV_CHANGE_LINK_KEY_COMPLETE:
3477 hci_change_link_key_complete_evt(hdev, skb);
3478 break;
3479
3480 case HCI_EV_REMOTE_FEATURES:
3481 hci_remote_features_evt(hdev, skb);
3482 break;
3483
3484 case HCI_EV_REMOTE_VERSION:
3485 hci_remote_version_evt(hdev, skb);
3486 break;
3487
3488 case HCI_EV_QOS_SETUP_COMPLETE:
3489 hci_qos_setup_complete_evt(hdev, skb);
3490 break;
3491
3492 case HCI_EV_CMD_COMPLETE:
3493 hci_cmd_complete_evt(hdev, skb);
3494 break;
3495
3496 case HCI_EV_CMD_STATUS:
3497 hci_cmd_status_evt(hdev, skb);
3498 break;
3499
3500 case HCI_EV_ROLE_CHANGE:
3501 hci_role_change_evt(hdev, skb);
3502 break;
3503
3504 case HCI_EV_NUM_COMP_PKTS:
3505 hci_num_comp_pkts_evt(hdev, skb);
3506 break;
3507
3508 case HCI_EV_MODE_CHANGE:
3509 hci_mode_change_evt(hdev, skb);
1da177e4
LT		 3510 break;
3511
3512 case HCI_EV_PIN_CODE_REQ:
3513 hci_pin_code_request_evt(hdev, skb);
3514 break;
3515
3516 case HCI_EV_LINK_KEY_REQ:
3517 hci_link_key_request_evt(hdev, skb);
3518 break;
3519
3520 case HCI_EV_LINK_KEY_NOTIFY:
3521 hci_link_key_notify_evt(hdev, skb);
3522 break;
3523
3524 case HCI_EV_CLOCK_OFFSET:
3525 hci_clock_offset_evt(hdev, skb);
3526 break;
3527
a8746417
MH		 3528 case HCI_EV_PKT_TYPE_CHANGE:
3529 hci_pkt_type_change_evt(hdev, skb);
3530 break;
3531
85a1e930
MH		 3532 case HCI_EV_PSCAN_REP_MODE:
3533 hci_pscan_rep_mode_evt(hdev, skb);
3534 break;
3535
a9de9248
MH		 3536 case HCI_EV_INQUIRY_RESULT_WITH_RSSI:
3537 hci_inquiry_result_with_rssi_evt(hdev, skb);
04837f64
MH		 3538 break;
3539
a9de9248
MH		 3540 case HCI_EV_REMOTE_EXT_FEATURES:
3541 hci_remote_ext_features_evt(hdev, skb);
1da177e4
LT		 3542 break;
3543
a9de9248
MH		 3544 case HCI_EV_SYNC_CONN_COMPLETE:
3545 hci_sync_conn_complete_evt(hdev, skb);
3546 break;
1da177e4 3547
a9de9248
MH		 3548 case HCI_EV_SYNC_CONN_CHANGED:
3549 hci_sync_conn_changed_evt(hdev, skb);
3550 break;
1da177e4 3551
a9de9248
MH		 3552 case HCI_EV_SNIFF_SUBRATE:
3553 hci_sniff_subrate_evt(hdev, skb);
3554 break;
1da177e4 3555
a9de9248
MH		 3556 case HCI_EV_EXTENDED_INQUIRY_RESULT:
3557 hci_extended_inquiry_result_evt(hdev, skb);
3558 break;
1da177e4 3559
0493684e
MH		 3560 case HCI_EV_IO_CAPA_REQUEST:
3561 hci_io_capa_request_evt(hdev, skb);
3562 break;
3563
03b555e1
JH		 3564 case HCI_EV_IO_CAPA_REPLY:
3565 hci_io_capa_reply_evt(hdev, skb);
3566 break;
3567
a5c29683
JH		 3568 case HCI_EV_USER_CONFIRM_REQUEST:
3569 hci_user_confirm_request_evt(hdev, skb);
3570 break;
3571
1143d458
BG		 3572 case HCI_EV_USER_PASSKEY_REQUEST:
3573 hci_user_passkey_request_evt(hdev, skb);
3574 break;
3575
0493684e
MH		 3576 case HCI_EV_SIMPLE_PAIR_COMPLETE:
3577 hci_simple_pair_complete_evt(hdev, skb);
3578 break;
3579
41a96212
MH		 3580 case HCI_EV_REMOTE_HOST_FEATURES:
3581 hci_remote_host_features_evt(hdev, skb);
3582 break;
3583
fcd89c09
VT		 3584 case HCI_EV_LE_META:
3585 hci_le_meta_evt(hdev, skb);
3586 break;
3587
2763eda6
SJ		 3588 case HCI_EV_REMOTE_OOB_DATA_REQUEST:
3589 hci_remote_oob_data_request_evt(hdev, skb);
3590 break;
3591
25e89e99
AE		 3592 case HCI_EV_NUM_COMP_BLOCKS:
3593 hci_num_comp_blocks_evt(hdev, skb);
3594 break;
3595
a9de9248
MH		 3596 default:
3597 BT_DBG("%s event 0x%x", hdev->name, event);
1da177e4
LT		 3598 break;
3599 }
3600
3601 kfree_skb(skb);
3602 hdev->stat.evt_rx++;
3603}
kernel source for telekom puls (alcatel/mediatek)