projects / GitHub / mt8127 / android_kernel_alcatel_ttab.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Bluetooth: Use proper invalid value for tx_power
[GitHub/mt8127/android_kernel_alcatel_ttab.git] / net / bluetooth / hci_event.c
CommitLineData
8e87d142 1/*
1da177e4 2 BlueZ - Bluetooth protocol stack for Linux
2d0a0346 3 Copyright (c) 2000-2001, 2010, Code Aurora Forum. All rights reserved.
1da177e4
LT		 4
5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
8e87d142
YH		 15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
1da177e4
LT		 18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
8e87d142
YH		 20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
1da177e4
LT		 22 SOFTWARE IS DISCLAIMED.
23*/
24
25/* Bluetooth HCI event handling. */
26
1da177e4
LT		 27#include <asm/unaligned.h>
28
29#include <net/bluetooth/bluetooth.h>
30#include <net/bluetooth/hci_core.h>
f0d6a0ea 31#include <net/bluetooth/mgmt.h>
8e2a0d92 32#include <net/bluetooth/a2mp.h>
903e4541 33#include <net/bluetooth/amp.h>
1da177e4 34
1da177e4
LT		 35/* Handle HCI Event packets */
36
a9de9248 37static void hci_cc_inquiry_cancel(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 38{
a9de9248 39 __u8 status = *((__u8 *) skb->data);
1da177e4 40
9f1db00c 41 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1da177e4 42
e6d465cb
AG		 43 if (status) {
44 hci_dev_lock(hdev);
45 mgmt_stop_discovery_failed(hdev, status);
46 hci_dev_unlock(hdev);
a9de9248 47 return;
e6d465cb 48 }
1da177e4 49
89352e7d
AG		 50 clear_bit(HCI_INQUIRY, &hdev->flags);
51
56e5cb86 52 hci_dev_lock(hdev);
ff9ef578 53 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
56e5cb86 54 hci_dev_unlock(hdev);
6bd57416 55
23bb5763 56 hci_req_complete(hdev, HCI_OP_INQUIRY_CANCEL, status);
a9de9248
MH		 57
58 hci_conn_check_pending(hdev);
59}
6bd57416 60
4d93483b
AG		 61static void hci_cc_periodic_inq(struct hci_dev *hdev, struct sk_buff *skb)
62{
63 __u8 status = *((__u8 *) skb->data);
64
9f1db00c 65 BT_DBG("%s status 0x%2.2x", hdev->name, status);
ae854a70
AG		 66
67 if (status)
68 return;
69
70 set_bit(HCI_PERIODIC_INQ, &hdev->dev_flags);
4d93483b
AG		 71}
72
a9de9248
MH		 73static void hci_cc_exit_periodic_inq(struct hci_dev *hdev, struct sk_buff *skb)
74{
75 __u8 status = *((__u8 *) skb->data);
6bd57416 76
9f1db00c 77 BT_DBG("%s status 0x%2.2x", hdev->name, status);
6bd57416 78
a9de9248
MH		 79 if (status)
80 return;
1da177e4 81
ae854a70
AG		 82 clear_bit(HCI_PERIODIC_INQ, &hdev->dev_flags);
83
a9de9248
MH		 84 hci_conn_check_pending(hdev);
85}
86
807deac2
GP		 87static void hci_cc_remote_name_req_cancel(struct hci_dev *hdev,
88 struct sk_buff *skb)
a9de9248
MH		 89{
90 BT_DBG("%s", hdev->name);
91}
92
93static void hci_cc_role_discovery(struct hci_dev *hdev, struct sk_buff *skb)
94{
95 struct hci_rp_role_discovery *rp = (void *) skb->data;
96 struct hci_conn *conn;
97
9f1db00c 98 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
a9de9248
MH		 99
100 if (rp->status)
101 return;
102
103 hci_dev_lock(hdev);
104
105 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
106 if (conn) {
107 if (rp->role)
108 conn->link_mode &= ~HCI_LM_MASTER;
109 else
110 conn->link_mode |= HCI_LM_MASTER;
1da177e4 111 }
a9de9248
MH		 112
113 hci_dev_unlock(hdev);
1da177e4
LT		 114}
115
e4e8e37c
MH		 116static void hci_cc_read_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
117{
118 struct hci_rp_read_link_policy *rp = (void *) skb->data;
119 struct hci_conn *conn;
120
9f1db00c 121 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
e4e8e37c
MH		 122
123 if (rp->status)
124 return;
125
126 hci_dev_lock(hdev);
127
128 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
129 if (conn)
130 conn->link_policy = __le16_to_cpu(rp->policy);
131
132 hci_dev_unlock(hdev);
133}
134
a9de9248 135static void hci_cc_write_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 136{
a9de9248 137 struct hci_rp_write_link_policy *rp = (void *) skb->data;
1da177e4 138 struct hci_conn *conn;
04837f64 139 void *sent;
1da177e4 140
9f1db00c 141 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1da177e4 142
a9de9248
MH		 143 if (rp->status)
144 return;
1da177e4 145
a9de9248
MH		 146 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LINK_POLICY);
147 if (!sent)
148 return;
1da177e4 149
a9de9248 150 hci_dev_lock(hdev);
1da177e4 151
a9de9248 152 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
e4e8e37c 153 if (conn)
83985319 154 conn->link_policy = get_unaligned_le16(sent + 2);
1da177e4 155
a9de9248
MH		 156 hci_dev_unlock(hdev);
157}
1da177e4 158
807deac2
GP		 159static void hci_cc_read_def_link_policy(struct hci_dev *hdev,
160 struct sk_buff *skb)
e4e8e37c
MH		 161{
162 struct hci_rp_read_def_link_policy *rp = (void *) skb->data;
163
9f1db00c 164 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
e4e8e37c
MH		 165
166 if (rp->status)
167 return;
168
169 hdev->link_policy = __le16_to_cpu(rp->policy);
170}
171
807deac2
GP		 172static void hci_cc_write_def_link_policy(struct hci_dev *hdev,
173 struct sk_buff *skb)
e4e8e37c
MH		 174{
175 __u8 status = *((__u8 *) skb->data);
176 void *sent;
177
9f1db00c 178 BT_DBG("%s status 0x%2.2x", hdev->name, status);
e4e8e37c
MH		 179
180 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_DEF_LINK_POLICY);
181 if (!sent)
182 return;
183
184 if (!status)
185 hdev->link_policy = get_unaligned_le16(sent);
186
23bb5763 187 hci_req_complete(hdev, HCI_OP_WRITE_DEF_LINK_POLICY, status);
e4e8e37c
MH		 188}
189
a9de9248
MH		 190static void hci_cc_reset(struct hci_dev *hdev, struct sk_buff *skb)
191{
192 __u8 status = *((__u8 *) skb->data);
04837f64 193
9f1db00c 194 BT_DBG("%s status 0x%2.2x", hdev->name, status);
04837f64 195
10572132
GP		 196 clear_bit(HCI_RESET, &hdev->flags);
197
23bb5763 198 hci_req_complete(hdev, HCI_OP_RESET, status);
d23264a8 199
a297e97c 200 /* Reset all non-persistent flags */
ae854a70
AG		 201 hdev->dev_flags &= ~(BIT(HCI_LE_SCAN) | BIT(HCI_PENDING_CLASS) |
202 BIT(HCI_PERIODIC_INQ));
69775ff6
AG		 203
204 hdev->discovery.state = DISCOVERY_STOPPED;
bbaf444a
JH		 205 hdev->inq_tx_power = HCI_TX_POWER_INVALID;
206 hdev->adv_tx_power = HCI_TX_POWER_INVALID;
a9de9248 207}
04837f64 208
a9de9248
MH		 209static void hci_cc_write_local_name(struct hci_dev *hdev, struct sk_buff *skb)
210{
211 __u8 status = *((__u8 *) skb->data);
212 void *sent;
04837f64 213
9f1db00c 214 BT_DBG("%s status 0x%2.2x", hdev->name, status);
04837f64 215
a9de9248
MH		 216 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LOCAL_NAME);
217 if (!sent)
218 return;
04837f64 219
56e5cb86
JH		 220 hci_dev_lock(hdev);
221
f51d5b24
JH		 222 if (test_bit(HCI_MGMT, &hdev->dev_flags))
223 mgmt_set_local_name_complete(hdev, sent, status);
28cc7bde
JH		 224 else if (!status)
225 memcpy(hdev->dev_name, sent, HCI_MAX_NAME_LENGTH);
f51d5b24 226
56e5cb86 227 hci_dev_unlock(hdev);
3159d384
JH		 228
229 hci_req_complete(hdev, HCI_OP_WRITE_LOCAL_NAME, status);
a9de9248
MH		 230}
231
232static void hci_cc_read_local_name(struct hci_dev *hdev, struct sk_buff *skb)
233{
234 struct hci_rp_read_local_name *rp = (void *) skb->data;
235
9f1db00c 236 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
a9de9248
MH		 237
238 if (rp->status)
239 return;
240
db99b5fc
JH		 241 if (test_bit(HCI_SETUP, &hdev->dev_flags))
242 memcpy(hdev->dev_name, rp->name, HCI_MAX_NAME_LENGTH);
a9de9248
MH		 243}
244
245static void hci_cc_write_auth_enable(struct hci_dev *hdev, struct sk_buff *skb)
246{
247 __u8 status = *((__u8 *) skb->data);
248 void *sent;
249
9f1db00c 250 BT_DBG("%s status 0x%2.2x", hdev->name, status);
a9de9248
MH		 251
252 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_AUTH_ENABLE);
253 if (!sent)
254 return;
255
256 if (!status) {
257 __u8 param = *((__u8 *) sent);
258
259 if (param == AUTH_ENABLED)
260 set_bit(HCI_AUTH, &hdev->flags);
261 else
262 clear_bit(HCI_AUTH, &hdev->flags);
1da177e4 263 }
a9de9248 264
33ef95ed
JH		 265 if (test_bit(HCI_MGMT, &hdev->dev_flags))
266 mgmt_auth_enable_complete(hdev, status);
267
23bb5763 268 hci_req_complete(hdev, HCI_OP_WRITE_AUTH_ENABLE, status);
1da177e4
LT		 269}
270
a9de9248 271static void hci_cc_write_encrypt_mode(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 272{
a9de9248 273 __u8 status = *((__u8 *) skb->data);
1da177e4
LT		 274 void *sent;
275
9f1db00c 276 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1da177e4 277
a9de9248
MH		 278 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_ENCRYPT_MODE);
279 if (!sent)
280 return;
1da177e4 281
a9de9248
MH		 282 if (!status) {
283 __u8 param = *((__u8 *) sent);
284
285 if (param)
286 set_bit(HCI_ENCRYPT, &hdev->flags);
287 else
288 clear_bit(HCI_ENCRYPT, &hdev->flags);
289 }
1da177e4 290
23bb5763 291 hci_req_complete(hdev, HCI_OP_WRITE_ENCRYPT_MODE, status);
a9de9248 292}
1da177e4 293
a9de9248
MH		 294static void hci_cc_write_scan_enable(struct hci_dev *hdev, struct sk_buff *skb)
295{
36f7fc7e
JH		 296 __u8 param, status = *((__u8 *) skb->data);
297 int old_pscan, old_iscan;
a9de9248 298 void *sent;
1da177e4 299
9f1db00c 300 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1da177e4 301
a9de9248
MH		 302 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SCAN_ENABLE);
303 if (!sent)
304 return;
1da177e4 305
36f7fc7e
JH		 306 param = *((__u8 *) sent);
307
56e5cb86
JH		 308 hci_dev_lock(hdev);
309
fa1bd918 310 if (status) {
744cf19e 311 mgmt_write_scan_failed(hdev, param, status);
2d7cee58
JH		 312 hdev->discov_timeout = 0;
313 goto done;
314 }
315
36f7fc7e
JH		 316 old_pscan = test_and_clear_bit(HCI_PSCAN, &hdev->flags);
317 old_iscan = test_and_clear_bit(HCI_ISCAN, &hdev->flags);
318
319 if (param & SCAN_INQUIRY) {
320 set_bit(HCI_ISCAN, &hdev->flags);
321 if (!old_iscan)
744cf19e 322 mgmt_discoverable(hdev, 1);
16ab91ab
JH		 323 if (hdev->discov_timeout > 0) {
324 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
325 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
807deac2 326 to);
16ab91ab 327 }
36f7fc7e 328 } else if (old_iscan)
744cf19e 329 mgmt_discoverable(hdev, 0);
36f7fc7e
JH		 330
331 if (param & SCAN_PAGE) {
332 set_bit(HCI_PSCAN, &hdev->flags);
333 if (!old_pscan)
744cf19e 334 mgmt_connectable(hdev, 1);
36f7fc7e 335 } else if (old_pscan)
744cf19e 336 mgmt_connectable(hdev, 0);
1da177e4 337
36f7fc7e 338done:
56e5cb86 339 hci_dev_unlock(hdev);
23bb5763 340 hci_req_complete(hdev, HCI_OP_WRITE_SCAN_ENABLE, status);
a9de9248 341}
1da177e4 342
a9de9248
MH		 343static void hci_cc_read_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
344{
345 struct hci_rp_read_class_of_dev *rp = (void *) skb->data;
1da177e4 346
9f1db00c 347 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1da177e4 348
a9de9248
MH		 349 if (rp->status)
350 return;
1da177e4 351
a9de9248 352 memcpy(hdev->dev_class, rp->dev_class, 3);
1da177e4 353
a9de9248 354 BT_DBG("%s class 0x%.2x%.2x%.2x", hdev->name,
807deac2 355 hdev->dev_class[2], hdev->dev_class[1], hdev->dev_class[0]);
a9de9248 356}
1da177e4 357
a9de9248
MH		 358static void hci_cc_write_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
359{
360 __u8 status = *((__u8 *) skb->data);
361 void *sent;
1da177e4 362
9f1db00c 363 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1da177e4 364
a9de9248
MH		 365 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_CLASS_OF_DEV);
366 if (!sent)
367 return;
1da177e4 368
7f9a903c
MH		 369 hci_dev_lock(hdev);
370
371 if (status == 0)
372 memcpy(hdev->dev_class, sent, 3);
373
374 if (test_bit(HCI_MGMT, &hdev->dev_flags))
375 mgmt_set_class_of_dev_complete(hdev, sent, status);
376
377 hci_dev_unlock(hdev);
a9de9248 378}
1da177e4 379
a9de9248
MH		 380static void hci_cc_read_voice_setting(struct hci_dev *hdev, struct sk_buff *skb)
381{
382 struct hci_rp_read_voice_setting *rp = (void *) skb->data;
383 __u16 setting;
384
9f1db00c 385 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
a9de9248
MH		 386
387 if (rp->status)
388 return;
389
390 setting = __le16_to_cpu(rp->voice_setting);
391
f383f275 392 if (hdev->voice_setting == setting)
a9de9248
MH		 393 return;
394
395 hdev->voice_setting = setting;
396
9f1db00c 397 BT_DBG("%s voice setting 0x%4.4x", hdev->name, setting);
a9de9248 398
3c54711c 399 if (hdev->notify)
a9de9248 400 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
a9de9248
MH		 401}
402
8fc9ced3
GP		 403static void hci_cc_write_voice_setting(struct hci_dev *hdev,
404 struct sk_buff *skb)
a9de9248
MH		 405{
406 __u8 status = *((__u8 *) skb->data);
f383f275 407 __u16 setting;
a9de9248
MH		 408 void *sent;
409
9f1db00c 410 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1da177e4 411
f383f275
MH		 412 if (status)
413 return;
414
a9de9248
MH		 415 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_VOICE_SETTING);
416 if (!sent)
417 return;
1da177e4 418
f383f275 419 setting = get_unaligned_le16(sent);
1da177e4 420
f383f275
MH		 421 if (hdev->voice_setting == setting)
422 return;
423
424 hdev->voice_setting = setting;
1da177e4 425
9f1db00c 426 BT_DBG("%s voice setting 0x%4.4x", hdev->name, setting);
1da177e4 427
3c54711c 428 if (hdev->notify)
f383f275 429 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
1da177e4
LT		 430}
431
a9de9248 432static void hci_cc_host_buffer_size(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 433{
a9de9248 434 __u8 status = *((__u8 *) skb->data);
1da177e4 435
9f1db00c 436 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1da177e4 437
23bb5763 438 hci_req_complete(hdev, HCI_OP_HOST_BUFFER_SIZE, status);
a9de9248 439}
1143e5a6 440
333140b5
MH		 441static void hci_cc_write_ssp_mode(struct hci_dev *hdev, struct sk_buff *skb)
442{
443 __u8 status = *((__u8 *) skb->data);
5ed8eb2f 444 struct hci_cp_write_ssp_mode *sent;
333140b5 445
9f1db00c 446 BT_DBG("%s status 0x%2.2x", hdev->name, status);
333140b5 447
333140b5
MH		 448 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SSP_MODE);
449 if (!sent)
450 return;
451
5ed8eb2f
JH		 452 if (!status) {
453 if (sent->mode)
454 hdev->host_features[0] |= LMP_HOST_SSP;
455 else
456 hdev->host_features[0] &= ~LMP_HOST_SSP;
457 }
458
ed2c4ee3 459 if (test_bit(HCI_MGMT, &hdev->dev_flags))
5ed8eb2f 460 mgmt_ssp_enable_complete(hdev, sent->mode, status);
c0ecddc2 461 else if (!status) {
5ed8eb2f 462 if (sent->mode)
c0ecddc2
JH		 463 set_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
464 else
465 clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
466 }
333140b5
MH		 467}
468
d5859e22
JH		 469static u8 hci_get_inquiry_mode(struct hci_dev *hdev)
470{
976eb20e 471 if (lmp_ext_inq_capable(hdev))
d5859e22
JH		 472 return 2;
473
976eb20e 474 if (lmp_inq_rssi_capable(hdev))
d5859e22
JH		 475 return 1;
476
477 if (hdev->manufacturer == 11 && hdev->hci_rev == 0x00 &&
807deac2 478 hdev->lmp_subver == 0x0757)
d5859e22
JH		 479 return 1;
480
481 if (hdev->manufacturer == 15) {
482 if (hdev->hci_rev == 0x03 && hdev->lmp_subver == 0x6963)
483 return 1;
484 if (hdev->hci_rev == 0x09 && hdev->lmp_subver == 0x6963)
485 return 1;
486 if (hdev->hci_rev == 0x00 && hdev->lmp_subver == 0x6965)
487 return 1;
488 }
489
490 if (hdev->manufacturer == 31 && hdev->hci_rev == 0x2005 &&
807deac2 491 hdev->lmp_subver == 0x1805)
d5859e22
JH		 492 return 1;
493
494 return 0;
495}
496
497static void hci_setup_inquiry_mode(struct hci_dev *hdev)
498{
499 u8 mode;
500
501 mode = hci_get_inquiry_mode(hdev);
502
503 hci_send_cmd(hdev, HCI_OP_WRITE_INQUIRY_MODE, 1, &mode);
504}
505
506static void hci_setup_event_mask(struct hci_dev *hdev)
507{
508 /* The second byte is 0xff instead of 0x9f (two reserved bits
509 * disabled) since a Broadcom 1.2 dongle doesn't respond to the
510 * command otherwise */
511 u8 events[8] = { 0xff, 0xff, 0xfb, 0xff, 0x00, 0x00, 0x00, 0x00 };
512
6de6c18d
VT		 513 /* CSR 1.1 dongles does not accept any bitfield so don't try to set
514 * any event mask for pre 1.2 devices */
5a13b095 515 if (hdev->hci_ver < BLUETOOTH_VER_1_2)
6de6c18d
VT		 516 return;
517
e1171e8d
JH		 518 if (lmp_bredr_capable(hdev)) {
519 events[4] |= 0x01; /* Flow Specification Complete */
520 events[4] |= 0x02; /* Inquiry Result with RSSI */
521 events[4] |= 0x04; /* Read Remote Extended Features Complete */
522 events[5] |= 0x08; /* Synchronous Connection Complete */
523 events[5] |= 0x10; /* Synchronous Connection Changed */
524 }
d5859e22 525
976eb20e 526 if (lmp_inq_rssi_capable(hdev))
a24299e6 527 events[4] |= 0x02; /* Inquiry Result with RSSI */
d5859e22 528
999dcd10 529 if (lmp_sniffsubr_capable(hdev))
d5859e22
JH		 530 events[5] |= 0x20; /* Sniff Subrating */
531
976eb20e 532 if (lmp_pause_enc_capable(hdev))
d5859e22
JH		 533 events[5] |= 0x80; /* Encryption Key Refresh Complete */
534
976eb20e 535 if (lmp_ext_inq_capable(hdev))
d5859e22
JH		 536 events[5] |= 0x40; /* Extended Inquiry Result */
537
c58e810e 538 if (lmp_no_flush_capable(hdev))
d5859e22
JH		 539 events[7] |= 0x01; /* Enhanced Flush Complete */
540
976eb20e 541 if (lmp_lsto_capable(hdev))
d5859e22
JH		 542 events[6] |= 0x80; /* Link Supervision Timeout Changed */
543
9a1a1996 544 if (lmp_ssp_capable(hdev)) {
d5859e22
JH		 545 events[6] |= 0x01; /* IO Capability Request */
546 events[6] |= 0x02; /* IO Capability Response */
547 events[6] |= 0x04; /* User Confirmation Request */
548 events[6] |= 0x08; /* User Passkey Request */
549 events[6] |= 0x10; /* Remote OOB Data Request */
550 events[6] |= 0x20; /* Simple Pairing Complete */
551 events[7] |= 0x04; /* User Passkey Notification */
552 events[7] |= 0x08; /* Keypress Notification */
553 events[7] |= 0x10; /* Remote Host Supported
554 * Features Notification */
555 }
556
c383ddc4 557 if (lmp_le_capable(hdev))
d5859e22
JH		 558 events[7] |= 0x20; /* LE Meta-Event */
559
560 hci_send_cmd(hdev, HCI_OP_SET_EVENT_MASK, sizeof(events), events);
e36b04c8
JH		 561
562 if (lmp_le_capable(hdev)) {
563 memset(events, 0, sizeof(events));
564 events[0] = 0x1f;
565 hci_send_cmd(hdev, HCI_OP_LE_SET_EVENT_MASK,
566 sizeof(events), events);
567 }
d5859e22
JH		 568}
569
4611dfa8 570static void bredr_setup(struct hci_dev *hdev)
e1171e8d
JH		 571{
572 struct hci_cp_delete_stored_link_key cp;
573 __le16 param;
574 __u8 flt_type;
575
576 /* Read Buffer Size (ACL mtu, max pkt, etc.) */
577 hci_send_cmd(hdev, HCI_OP_READ_BUFFER_SIZE, 0, NULL);
578
579 /* Read Class of Device */
580 hci_send_cmd(hdev, HCI_OP_READ_CLASS_OF_DEV, 0, NULL);
581
582 /* Read Local Name */
583 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_NAME, 0, NULL);
584
585 /* Read Voice Setting */
586 hci_send_cmd(hdev, HCI_OP_READ_VOICE_SETTING, 0, NULL);
587
588 /* Clear Event Filters */
589 flt_type = HCI_FLT_CLEAR_ALL;
590 hci_send_cmd(hdev, HCI_OP_SET_EVENT_FLT, 1, &flt_type);
591
592 /* Connection accept timeout ~20 secs */
593 param = __constant_cpu_to_le16(0x7d00);
594 hci_send_cmd(hdev, HCI_OP_WRITE_CA_TIMEOUT, 2, &param);
595
596 bacpy(&cp.bdaddr, BDADDR_ANY);
597 cp.delete_all = 1;
598 hci_send_cmd(hdev, HCI_OP_DELETE_STORED_LINK_KEY, sizeof(cp), &cp);
599}
600
4611dfa8 601static void le_setup(struct hci_dev *hdev)
e1171e8d
JH		 602{
603 /* Read LE Buffer Size */
604 hci_send_cmd(hdev, HCI_OP_LE_READ_BUFFER_SIZE, 0, NULL);
8fa19098
JH		 605
606 /* Read LE Advertising Channel TX Power */
607 hci_send_cmd(hdev, HCI_OP_LE_READ_ADV_TX_POWER, 0, NULL);
e1171e8d
JH		 608}
609
d5859e22
JH		 610static void hci_setup(struct hci_dev *hdev)
611{
e61ef499
AE		 612 if (hdev->dev_type != HCI_BREDR)
613 return;
614
e1171e8d
JH		 615 /* Read BD Address */
616 hci_send_cmd(hdev, HCI_OP_READ_BD_ADDR, 0, NULL);
617
618 if (lmp_bredr_capable(hdev))
4611dfa8 619 bredr_setup(hdev);
e1171e8d
JH		 620
621 if (lmp_le_capable(hdev))
4611dfa8 622 le_setup(hdev);
e1171e8d 623
d5859e22
JH		 624 hci_setup_event_mask(hdev);
625
d095c1eb 626 if (hdev->hci_ver > BLUETOOTH_VER_1_1)
d5859e22
JH		 627 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_COMMANDS, 0, NULL);
628
6d3c730f 629 if (lmp_ssp_capable(hdev)) {
54d04dbb
JH		 630 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
631 u8 mode = 0x01;
632 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE,
04124681 633 sizeof(mode), &mode);
54d04dbb
JH		 634 } else {
635 struct hci_cp_write_eir cp;
636
637 memset(hdev->eir, 0, sizeof(hdev->eir));
638 memset(&cp, 0, sizeof(cp));
639
640 hci_send_cmd(hdev, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
641 }
d5859e22
JH		 642 }
643
976eb20e 644 if (lmp_inq_rssi_capable(hdev))
d5859e22
JH		 645 hci_setup_inquiry_mode(hdev);
646
976eb20e 647 if (lmp_inq_tx_pwr_capable(hdev))
d5859e22 648 hci_send_cmd(hdev, HCI_OP_READ_INQ_RSP_TX_POWER, 0, NULL);
971e3a4b 649
976eb20e 650 if (lmp_ext_feat_capable(hdev)) {
971e3a4b
AG		 651 struct hci_cp_read_local_ext_features cp;
652
653 cp.page = 0x01;
04124681
GP		 654 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_EXT_FEATURES, sizeof(cp),
655 &cp);
971e3a4b 656 }
e6100a25 657
47990ea0
JH		 658 if (test_bit(HCI_LINK_SECURITY, &hdev->dev_flags)) {
659 u8 enable = 1;
04124681
GP		 660 hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(enable),
661 &enable);
47990ea0 662 }
d5859e22
JH		 663}
664
a9de9248
MH		 665static void hci_cc_read_local_version(struct hci_dev *hdev, struct sk_buff *skb)
666{
667 struct hci_rp_read_local_version *rp = (void *) skb->data;
1143e5a6 668
9f1db00c 669 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1143e5a6 670
a9de9248 671 if (rp->status)
28b8df77 672 goto done;
1143e5a6 673
a9de9248 674 hdev->hci_ver = rp->hci_ver;
e4e8e37c 675 hdev->hci_rev = __le16_to_cpu(rp->hci_rev);
d5859e22 676 hdev->lmp_ver = rp->lmp_ver;
e4e8e37c 677 hdev->manufacturer = __le16_to_cpu(rp->manufacturer);
d5859e22 678 hdev->lmp_subver = __le16_to_cpu(rp->lmp_subver);
1143e5a6 679
9f1db00c 680 BT_DBG("%s manufacturer 0x%4.4x hci ver %d:%d", hdev->name,
807deac2 681 hdev->manufacturer, hdev->hci_ver, hdev->hci_rev);
d5859e22
JH		 682
683 if (test_bit(HCI_INIT, &hdev->flags))
684 hci_setup(hdev);
28b8df77
AE		 685
686done:
687 hci_req_complete(hdev, HCI_OP_READ_LOCAL_VERSION, rp->status);
d5859e22
JH		 688}
689
690static void hci_setup_link_policy(struct hci_dev *hdev)
691{
035100c8 692 struct hci_cp_write_def_link_policy cp;
d5859e22
JH		 693 u16 link_policy = 0;
694
9f92ebf6 695 if (lmp_rswitch_capable(hdev))
d5859e22 696 link_policy |= HCI_LP_RSWITCH;
976eb20e 697 if (lmp_hold_capable(hdev))
d5859e22 698 link_policy |= HCI_LP_HOLD;
6eded100 699 if (lmp_sniff_capable(hdev))
d5859e22 700 link_policy |= HCI_LP_SNIFF;
976eb20e 701 if (lmp_park_capable(hdev))
d5859e22
JH		 702 link_policy |= HCI_LP_PARK;
703
035100c8
AE		 704 cp.policy = cpu_to_le16(link_policy);
705 hci_send_cmd(hdev, HCI_OP_WRITE_DEF_LINK_POLICY, sizeof(cp), &cp);
a9de9248 706}
1da177e4 707
8fc9ced3
GP		 708static void hci_cc_read_local_commands(struct hci_dev *hdev,
709 struct sk_buff *skb)
a9de9248
MH		 710{
711 struct hci_rp_read_local_commands *rp = (void *) skb->data;
1da177e4 712
9f1db00c 713 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1da177e4 714
a9de9248 715 if (rp->status)
d5859e22 716 goto done;
1da177e4 717
a9de9248 718 memcpy(hdev->commands, rp->commands, sizeof(hdev->commands));
d5859e22
JH		 719
720 if (test_bit(HCI_INIT, &hdev->flags) && (hdev->commands[5] & 0x10))
721 hci_setup_link_policy(hdev);
722
723done:
724 hci_req_complete(hdev, HCI_OP_READ_LOCAL_COMMANDS, rp->status);
a9de9248 725}
1da177e4 726
8fc9ced3
GP		 727static void hci_cc_read_local_features(struct hci_dev *hdev,
728 struct sk_buff *skb)
a9de9248
MH		 729{
730 struct hci_rp_read_local_features *rp = (void *) skb->data;
5b7f9909 731
9f1db00c 732 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1da177e4 733
a9de9248
MH		 734 if (rp->status)
735 return;
5b7f9909 736
a9de9248 737 memcpy(hdev->features, rp->features, 8);
5b7f9909 738
a9de9248
MH		 739 /* Adjust default settings according to features
740 * supported by device. */
1da177e4 741
a9de9248
MH		 742 if (hdev->features[0] & LMP_3SLOT)
743 hdev->pkt_type |= (HCI_DM3 | HCI_DH3);
1da177e4 744
a9de9248
MH		 745 if (hdev->features[0] & LMP_5SLOT)
746 hdev->pkt_type |= (HCI_DM5 | HCI_DH5);
1da177e4 747
a9de9248
MH		 748 if (hdev->features[1] & LMP_HV2) {
749 hdev->pkt_type |= (HCI_HV2);
750 hdev->esco_type |= (ESCO_HV2);
751 }
1da177e4 752
a9de9248
MH		 753 if (hdev->features[1] & LMP_HV3) {
754 hdev->pkt_type |= (HCI_HV3);
755 hdev->esco_type |= (ESCO_HV3);
756 }
1da177e4 757
45db810f 758 if (lmp_esco_capable(hdev))
a9de9248 759 hdev->esco_type |= (ESCO_EV3);
da1f5198 760
a9de9248
MH		 761 if (hdev->features[4] & LMP_EV4)
762 hdev->esco_type |= (ESCO_EV4);
da1f5198 763
a9de9248
MH		 764 if (hdev->features[4] & LMP_EV5)
765 hdev->esco_type |= (ESCO_EV5);
1da177e4 766
efc7688b
MH		 767 if (hdev->features[5] & LMP_EDR_ESCO_2M)
768 hdev->esco_type |= (ESCO_2EV3);
769
770 if (hdev->features[5] & LMP_EDR_ESCO_3M)
771 hdev->esco_type |= (ESCO_3EV3);
772
773 if (hdev->features[5] & LMP_EDR_3S_ESCO)
774 hdev->esco_type |= (ESCO_2EV5 | ESCO_3EV5);
775
a9de9248 776 BT_DBG("%s features 0x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x", hdev->name,
807deac2
GP		 777 hdev->features[0], hdev->features[1],
778 hdev->features[2], hdev->features[3],
779 hdev->features[4], hdev->features[5],
780 hdev->features[6], hdev->features[7]);
a9de9248 781}
1da177e4 782
8f984dfa
JH		 783static void hci_set_le_support(struct hci_dev *hdev)
784{
785 struct hci_cp_write_le_host_supported cp;
786
787 memset(&cp, 0, sizeof(cp));
788
9d42820f 789 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
8f984dfa 790 cp.le = 1;
976eb20e 791 cp.simul = !!lmp_le_br_capable(hdev);
8f984dfa
JH		 792 }
793
976eb20e 794 if (cp.le != !!lmp_host_le_capable(hdev))
04124681
GP		 795 hci_send_cmd(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(cp),
796 &cp);
8f984dfa
JH		 797}
798
971e3a4b 799static void hci_cc_read_local_ext_features(struct hci_dev *hdev,
807deac2 800 struct sk_buff *skb)
971e3a4b
AG		 801{
802 struct hci_rp_read_local_ext_features *rp = (void *) skb->data;
803
9f1db00c 804 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
971e3a4b
AG		 805
806 if (rp->status)
8f984dfa 807 goto done;
971e3a4b 808
b5b32b65
AG		 809 switch (rp->page) {
810 case 0:
811 memcpy(hdev->features, rp->features, 8);
812 break;
813 case 1:
814 memcpy(hdev->host_features, rp->features, 8);
815 break;
816 }
971e3a4b 817
c383ddc4 818 if (test_bit(HCI_INIT, &hdev->flags) && lmp_le_capable(hdev))
8f984dfa
JH		 819 hci_set_le_support(hdev);
820
821done:
971e3a4b
AG		 822 hci_req_complete(hdev, HCI_OP_READ_LOCAL_EXT_FEATURES, rp->status);
823}
824
1e89cffb 825static void hci_cc_read_flow_control_mode(struct hci_dev *hdev,
807deac2 826 struct sk_buff *skb)
1e89cffb
AE		 827{
828 struct hci_rp_read_flow_control_mode *rp = (void *) skb->data;
829
9f1db00c 830 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1e89cffb
AE		 831
832 if (rp->status)
833 return;
834
835 hdev->flow_ctl_mode = rp->mode;
836
837 hci_req_complete(hdev, HCI_OP_READ_FLOW_CONTROL_MODE, rp->status);
838}
839
a9de9248
MH		 840static void hci_cc_read_buffer_size(struct hci_dev *hdev, struct sk_buff *skb)
841{
842 struct hci_rp_read_buffer_size *rp = (void *) skb->data;
1da177e4 843
9f1db00c 844 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1da177e4 845
a9de9248
MH		 846 if (rp->status)
847 return;
1da177e4 848
a9de9248
MH		 849 hdev->acl_mtu = __le16_to_cpu(rp->acl_mtu);
850 hdev->sco_mtu = rp->sco_mtu;
851 hdev->acl_pkts = __le16_to_cpu(rp->acl_max_pkt);
852 hdev->sco_pkts = __le16_to_cpu(rp->sco_max_pkt);
853
854 if (test_bit(HCI_QUIRK_FIXUP_BUFFER_SIZE, &hdev->quirks)) {
855 hdev->sco_mtu = 64;
856 hdev->sco_pkts = 8;
1da177e4 857 }
a9de9248
MH		 858
859 hdev->acl_cnt = hdev->acl_pkts;
860 hdev->sco_cnt = hdev->sco_pkts;
861
807deac2
GP		 862 BT_DBG("%s acl mtu %d:%d sco mtu %d:%d", hdev->name, hdev->acl_mtu,
863 hdev->acl_pkts, hdev->sco_mtu, hdev->sco_pkts);
a9de9248
MH		 864}
865
866static void hci_cc_read_bd_addr(struct hci_dev *hdev, struct sk_buff *skb)
867{
868 struct hci_rp_read_bd_addr *rp = (void *) skb->data;
869
9f1db00c 870 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
a9de9248
MH		 871
872 if (!rp->status)
873 bacpy(&hdev->bdaddr, &rp->bdaddr);
874
23bb5763
JH		 875 hci_req_complete(hdev, HCI_OP_READ_BD_ADDR, rp->status);
876}
877
350ee4cf 878static void hci_cc_read_data_block_size(struct hci_dev *hdev,
807deac2 879 struct sk_buff *skb)
350ee4cf
AE		 880{
881 struct hci_rp_read_data_block_size *rp = (void *) skb->data;
882
9f1db00c 883 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
350ee4cf
AE		 884
885 if (rp->status)
886 return;
887
888 hdev->block_mtu = __le16_to_cpu(rp->max_acl_len);
889 hdev->block_len = __le16_to_cpu(rp->block_len);
890 hdev->num_blocks = __le16_to_cpu(rp->num_blocks);
891
892 hdev->block_cnt = hdev->num_blocks;
893
894 BT_DBG("%s blk mtu %d cnt %d len %d", hdev->name, hdev->block_mtu,
807deac2 895 hdev->block_cnt, hdev->block_len);
350ee4cf
AE		 896
897 hci_req_complete(hdev, HCI_OP_READ_DATA_BLOCK_SIZE, rp->status);
898}
899
23bb5763
JH		 900static void hci_cc_write_ca_timeout(struct hci_dev *hdev, struct sk_buff *skb)
901{
902 __u8 status = *((__u8 *) skb->data);
903
9f1db00c 904 BT_DBG("%s status 0x%2.2x", hdev->name, status);
23bb5763
JH		 905
906 hci_req_complete(hdev, HCI_OP_WRITE_CA_TIMEOUT, status);
a9de9248
MH		 907}
908
928abaa7 909static void hci_cc_read_local_amp_info(struct hci_dev *hdev,
807deac2 910 struct sk_buff *skb)
928abaa7
AE		 911{
912 struct hci_rp_read_local_amp_info *rp = (void *) skb->data;
913
9f1db00c 914 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
928abaa7
AE		 915
916 if (rp->status)
8e2a0d92 917 goto a2mp_rsp;
928abaa7
AE		 918
919 hdev->amp_status = rp->amp_status;
920 hdev->amp_total_bw = __le32_to_cpu(rp->total_bw);
921 hdev->amp_max_bw = __le32_to_cpu(rp->max_bw);
922 hdev->amp_min_latency = __le32_to_cpu(rp->min_latency);
923 hdev->amp_max_pdu = __le32_to_cpu(rp->max_pdu);
924 hdev->amp_type = rp->amp_type;
925 hdev->amp_pal_cap = __le16_to_cpu(rp->pal_cap);
926 hdev->amp_assoc_size = __le16_to_cpu(rp->max_assoc_size);
927 hdev->amp_be_flush_to = __le32_to_cpu(rp->be_flush_to);
928 hdev->amp_max_flush_to = __le32_to_cpu(rp->max_flush_to);
929
930 hci_req_complete(hdev, HCI_OP_READ_LOCAL_AMP_INFO, rp->status);
8e2a0d92
AE		 931
932a2mp_rsp:
933 a2mp_send_getinfo_rsp(hdev);
928abaa7
AE		 934}
935
903e4541
AE		 936static void hci_cc_read_local_amp_assoc(struct hci_dev *hdev,
937 struct sk_buff *skb)
938{
939 struct hci_rp_read_local_amp_assoc *rp = (void *) skb->data;
940 struct amp_assoc *assoc = &hdev->loc_assoc;
941 size_t rem_len, frag_len;
942
943 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
944
945 if (rp->status)
946 goto a2mp_rsp;
947
948 frag_len = skb->len - sizeof(*rp);
949 rem_len = __le16_to_cpu(rp->rem_len);
950
951 if (rem_len > frag_len) {
2e430be3 952 BT_DBG("frag_len %zu rem_len %zu", frag_len, rem_len);
903e4541
AE		 953
954 memcpy(assoc->data + assoc->offset, rp->frag, frag_len);
955 assoc->offset += frag_len;
956
957 /* Read other fragments */
958 amp_read_loc_assoc_frag(hdev, rp->phy_handle);
959
960 return;
961 }
962
963 memcpy(assoc->data + assoc->offset, rp->frag, rem_len);
964 assoc->len = assoc->offset + rem_len;
965 assoc->offset = 0;
966
967a2mp_rsp:
968 /* Send A2MP Rsp when all fragments are received */
969 a2mp_send_getampassoc_rsp(hdev, rp->status);
9495b2ee 970 a2mp_send_create_phy_link_req(hdev, rp->status);
903e4541
AE		 971}
972
b0916ea0 973static void hci_cc_delete_stored_link_key(struct hci_dev *hdev,
807deac2 974 struct sk_buff *skb)
b0916ea0
JH		 975{
976 __u8 status = *((__u8 *) skb->data);
977
9f1db00c 978 BT_DBG("%s status 0x%2.2x", hdev->name, status);
b0916ea0
JH		 979
980 hci_req_complete(hdev, HCI_OP_DELETE_STORED_LINK_KEY, status);
981}
982
d5859e22
JH		 983static void hci_cc_set_event_mask(struct hci_dev *hdev, struct sk_buff *skb)
984{
985 __u8 status = *((__u8 *) skb->data);
986
9f1db00c 987 BT_DBG("%s status 0x%2.2x", hdev->name, status);
d5859e22
JH		 988
989 hci_req_complete(hdev, HCI_OP_SET_EVENT_MASK, status);
990}
991
992static void hci_cc_write_inquiry_mode(struct hci_dev *hdev,
807deac2 993 struct sk_buff *skb)
d5859e22
JH		 994{
995 __u8 status = *((__u8 *) skb->data);
996
9f1db00c 997 BT_DBG("%s status 0x%2.2x", hdev->name, status);
d5859e22
JH		 998
999 hci_req_complete(hdev, HCI_OP_WRITE_INQUIRY_MODE, status);
1000}
1001
1002static void hci_cc_read_inq_rsp_tx_power(struct hci_dev *hdev,
807deac2 1003 struct sk_buff *skb)
d5859e22 1004{
91c4e9b1 1005 struct hci_rp_read_inq_rsp_tx_power *rp = (void *) skb->data;
d5859e22 1006
9f1db00c 1007 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
91c4e9b1
MH		 1008
1009 if (!rp->status)
1010 hdev->inq_tx_power = rp->tx_power;
d5859e22 1011
91c4e9b1 1012 hci_req_complete(hdev, HCI_OP_READ_INQ_RSP_TX_POWER, rp->status);
d5859e22
JH		 1013}
1014
1015static void hci_cc_set_event_flt(struct hci_dev *hdev, struct sk_buff *skb)
1016{
1017 __u8 status = *((__u8 *) skb->data);
1018
9f1db00c 1019 BT_DBG("%s status 0x%2.2x", hdev->name, status);
d5859e22
JH		 1020
1021 hci_req_complete(hdev, HCI_OP_SET_EVENT_FLT, status);
1022}
1023
980e1a53
JH		 1024static void hci_cc_pin_code_reply(struct hci_dev *hdev, struct sk_buff *skb)
1025{
1026 struct hci_rp_pin_code_reply *rp = (void *) skb->data;
1027 struct hci_cp_pin_code_reply *cp;
1028 struct hci_conn *conn;
1029
9f1db00c 1030 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
980e1a53 1031
56e5cb86
JH		 1032 hci_dev_lock(hdev);
1033
a8b2d5c2 1034 if (test_bit(HCI_MGMT, &hdev->dev_flags))
744cf19e 1035 mgmt_pin_code_reply_complete(hdev, &rp->bdaddr, rp->status);
980e1a53 1036
fa1bd918 1037 if (rp->status)
56e5cb86 1038 goto unlock;
980e1a53
JH		 1039
1040 cp = hci_sent_cmd_data(hdev, HCI_OP_PIN_CODE_REPLY);
1041 if (!cp)
56e5cb86 1042 goto unlock;
980e1a53
JH		 1043
1044 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1045 if (conn)
1046 conn->pin_length = cp->pin_len;
56e5cb86
JH		 1047
1048unlock:
1049 hci_dev_unlock(hdev);
980e1a53
JH		 1050}
1051
1052static void hci_cc_pin_code_neg_reply(struct hci_dev *hdev, struct sk_buff *skb)
1053{
1054 struct hci_rp_pin_code_neg_reply *rp = (void *) skb->data;
1055
9f1db00c 1056 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
980e1a53 1057
56e5cb86
JH		 1058 hci_dev_lock(hdev);
1059
a8b2d5c2 1060 if (test_bit(HCI_MGMT, &hdev->dev_flags))
744cf19e 1061 mgmt_pin_code_neg_reply_complete(hdev, &rp->bdaddr,
807deac2 1062 rp->status);
56e5cb86
JH		 1063
1064 hci_dev_unlock(hdev);
980e1a53 1065}
56e5cb86 1066
6ed58ec5
VT		 1067static void hci_cc_le_read_buffer_size(struct hci_dev *hdev,
1068 struct sk_buff *skb)
1069{
1070 struct hci_rp_le_read_buffer_size *rp = (void *) skb->data;
1071
9f1db00c 1072 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
6ed58ec5
VT		 1073
1074 if (rp->status)
1075 return;
1076
1077 hdev->le_mtu = __le16_to_cpu(rp->le_mtu);
1078 hdev->le_pkts = rp->le_max_pkt;
1079
1080 hdev->le_cnt = hdev->le_pkts;
1081
1082 BT_DBG("%s le mtu %d:%d", hdev->name, hdev->le_mtu, hdev->le_pkts);
1083
1084 hci_req_complete(hdev, HCI_OP_LE_READ_BUFFER_SIZE, rp->status);
1085}
980e1a53 1086
8fa19098
JH		 1087static void hci_cc_le_read_adv_tx_power(struct hci_dev *hdev,
1088 struct sk_buff *skb)
1089{
1090 struct hci_rp_le_read_adv_tx_power *rp = (void *) skb->data;
1091
1092 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1093
1094 if (!rp->status)
1095 hdev->adv_tx_power = rp->tx_power;
1096
1097 hci_req_complete(hdev, HCI_OP_LE_READ_ADV_TX_POWER, rp->status);
1098}
1099
e36b04c8
JH		 1100static void hci_cc_le_set_event_mask(struct hci_dev *hdev, struct sk_buff *skb)
1101{
1102 __u8 status = *((__u8 *) skb->data);
1103
1104 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1105
1106 hci_req_complete(hdev, HCI_OP_LE_SET_EVENT_MASK, status);
1107}
1108
a5c29683
JH		 1109static void hci_cc_user_confirm_reply(struct hci_dev *hdev, struct sk_buff *skb)
1110{
1111 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
1112
9f1db00c 1113 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
a5c29683 1114
56e5cb86
JH		 1115 hci_dev_lock(hdev);
1116
a8b2d5c2 1117 if (test_bit(HCI_MGMT, &hdev->dev_flags))
04124681
GP		 1118 mgmt_user_confirm_reply_complete(hdev, &rp->bdaddr, ACL_LINK, 0,
1119 rp->status);
56e5cb86
JH		 1120
1121 hci_dev_unlock(hdev);
a5c29683
JH		 1122}
1123
1124static void hci_cc_user_confirm_neg_reply(struct hci_dev *hdev,
807deac2 1125 struct sk_buff *skb)
a5c29683
JH		 1126{
1127 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
1128
9f1db00c 1129 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
a5c29683 1130
56e5cb86
JH		 1131 hci_dev_lock(hdev);
1132
a8b2d5c2 1133 if (test_bit(HCI_MGMT, &hdev->dev_flags))
744cf19e 1134 mgmt_user_confirm_neg_reply_complete(hdev, &rp->bdaddr,
04124681 1135 ACL_LINK, 0, rp->status);
56e5cb86
JH		 1136
1137 hci_dev_unlock(hdev);
a5c29683
JH		 1138}
1139
1143d458
BG		 1140static void hci_cc_user_passkey_reply(struct hci_dev *hdev, struct sk_buff *skb)
1141{
1142 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
1143
9f1db00c 1144 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1143d458
BG		 1145
1146 hci_dev_lock(hdev);
1147
a8b2d5c2 1148 if (test_bit(HCI_MGMT, &hdev->dev_flags))
272d90df 1149 mgmt_user_passkey_reply_complete(hdev, &rp->bdaddr, ACL_LINK,
04124681 1150 0, rp->status);
1143d458
BG		 1151
1152 hci_dev_unlock(hdev);
1153}
1154
1155static void hci_cc_user_passkey_neg_reply(struct hci_dev *hdev,
807deac2 1156 struct sk_buff *skb)
1143d458
BG		 1157{
1158 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
1159
9f1db00c 1160 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1143d458
BG		 1161
1162 hci_dev_lock(hdev);
1163
a8b2d5c2 1164 if (test_bit(HCI_MGMT, &hdev->dev_flags))
1143d458 1165 mgmt_user_passkey_neg_reply_complete(hdev, &rp->bdaddr,
04124681 1166 ACL_LINK, 0, rp->status);
1143d458
BG		 1167
1168 hci_dev_unlock(hdev);
1169}
1170
c35938b2 1171static void hci_cc_read_local_oob_data_reply(struct hci_dev *hdev,
807deac2 1172 struct sk_buff *skb)
c35938b2
SJ		 1173{
1174 struct hci_rp_read_local_oob_data *rp = (void *) skb->data;
1175
9f1db00c 1176 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
c35938b2 1177
56e5cb86 1178 hci_dev_lock(hdev);
744cf19e 1179 mgmt_read_local_oob_data_reply_complete(hdev, rp->hash,
c35938b2 1180 rp->randomizer, rp->status);
56e5cb86 1181 hci_dev_unlock(hdev);
c35938b2
SJ		 1182}
1183
07f7fa5d
AG		 1184static void hci_cc_le_set_scan_param(struct hci_dev *hdev, struct sk_buff *skb)
1185{
1186 __u8 status = *((__u8 *) skb->data);
1187
9f1db00c 1188 BT_DBG("%s status 0x%2.2x", hdev->name, status);
7ba8b4be
AG		 1189
1190 hci_req_complete(hdev, HCI_OP_LE_SET_SCAN_PARAM, status);
3fd24153
AG		 1191
1192 if (status) {
1193 hci_dev_lock(hdev);
1194 mgmt_start_discovery_failed(hdev, status);
1195 hci_dev_unlock(hdev);
1196 return;
1197 }
07f7fa5d
AG		 1198}
1199
eb9d91f5 1200static void hci_cc_le_set_scan_enable(struct hci_dev *hdev,
807deac2 1201 struct sk_buff *skb)
eb9d91f5
AG		 1202{
1203 struct hci_cp_le_set_scan_enable *cp;
1204 __u8 status = *((__u8 *) skb->data);
1205
9f1db00c 1206 BT_DBG("%s status 0x%2.2x", hdev->name, status);
eb9d91f5 1207
eb9d91f5
AG		 1208 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_SCAN_ENABLE);
1209 if (!cp)
1210 return;
1211
68a8aea4
AE		 1212 switch (cp->enable) {
1213 case LE_SCANNING_ENABLED:
7ba8b4be
AG		 1214 hci_req_complete(hdev, HCI_OP_LE_SET_SCAN_ENABLE, status);
1215
3fd24153
AG		 1216 if (status) {
1217 hci_dev_lock(hdev);
1218 mgmt_start_discovery_failed(hdev, status);
1219 hci_dev_unlock(hdev);
7ba8b4be 1220 return;
3fd24153 1221 }
7ba8b4be 1222
d23264a8
AG		 1223 set_bit(HCI_LE_SCAN, &hdev->dev_flags);
1224
a8f13c8c 1225 hci_dev_lock(hdev);
343f935b 1226 hci_discovery_set_state(hdev, DISCOVERY_FINDING);
a8f13c8c 1227 hci_dev_unlock(hdev);
68a8aea4
AE		 1228 break;
1229
1230 case LE_SCANNING_DISABLED:
c9ecc48e
AG		 1231 if (status) {
1232 hci_dev_lock(hdev);
1233 mgmt_stop_discovery_failed(hdev, status);
1234 hci_dev_unlock(hdev);
7ba8b4be 1235 return;
c9ecc48e 1236 }
7ba8b4be 1237
d23264a8
AG		 1238 clear_bit(HCI_LE_SCAN, &hdev->dev_flags);
1239
bc3dd33c
AG		 1240 if (hdev->discovery.type == DISCOV_TYPE_INTERLEAVED &&
1241 hdev->discovery.state == DISCOVERY_FINDING) {
5e0452c0
AG		 1242 mgmt_interleaved_discovery(hdev);
1243 } else {
1244 hci_dev_lock(hdev);
1245 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1246 hci_dev_unlock(hdev);
1247 }
1248
68a8aea4
AE		 1249 break;
1250
1251 default:
1252 BT_ERR("Used reserved LE_Scan_Enable param %d", cp->enable);
1253 break;
35815085 1254 }
eb9d91f5
AG		 1255}
1256
a7a595f6
VCG		 1257static void hci_cc_le_ltk_reply(struct hci_dev *hdev, struct sk_buff *skb)
1258{
1259 struct hci_rp_le_ltk_reply *rp = (void *) skb->data;
1260
9f1db00c 1261 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
a7a595f6
VCG		 1262
1263 if (rp->status)
1264 return;
1265
1266 hci_req_complete(hdev, HCI_OP_LE_LTK_REPLY, rp->status);
1267}
1268
1269static void hci_cc_le_ltk_neg_reply(struct hci_dev *hdev, struct sk_buff *skb)
1270{
1271 struct hci_rp_le_ltk_neg_reply *rp = (void *) skb->data;
1272
9f1db00c 1273 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
a7a595f6
VCG		 1274
1275 if (rp->status)
1276 return;
1277
1278 hci_req_complete(hdev, HCI_OP_LE_LTK_NEG_REPLY, rp->status);
1279}
1280
6039aa73
GP		 1281static void hci_cc_write_le_host_supported(struct hci_dev *hdev,
1282 struct sk_buff *skb)
f9b49306 1283{
06199cf8 1284 struct hci_cp_write_le_host_supported *sent;
f9b49306
AG		 1285 __u8 status = *((__u8 *) skb->data);
1286
9f1db00c 1287 BT_DBG("%s status 0x%2.2x", hdev->name, status);
f9b49306 1288
06199cf8 1289 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED);
8f984dfa 1290 if (!sent)
f9b49306
AG		 1291 return;
1292
8f984dfa
JH		 1293 if (!status) {
1294 if (sent->le)
1295 hdev->host_features[0] |= LMP_HOST_LE;
1296 else
1297 hdev->host_features[0] &= ~LMP_HOST_LE;
53b2caab
JH		 1298
1299 if (sent->simul)
1300 hdev->host_features[0] |= LMP_HOST_LE_BREDR;
1301 else
1302 hdev->host_features[0] &= ~LMP_HOST_LE_BREDR;
8f984dfa
JH		 1303 }
1304
1305 if (test_bit(HCI_MGMT, &hdev->dev_flags) &&
807deac2 1306 !test_bit(HCI_INIT, &hdev->flags))
8f984dfa
JH		 1307 mgmt_le_enable_complete(hdev, sent->le, status);
1308
1309 hci_req_complete(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED, status);
f9b49306
AG		 1310}
1311
93c284ee
AE		 1312static void hci_cc_write_remote_amp_assoc(struct hci_dev *hdev,
1313 struct sk_buff *skb)
1314{
1315 struct hci_rp_write_remote_amp_assoc *rp = (void *) skb->data;
1316
1317 BT_DBG("%s status 0x%2.2x phy_handle 0x%2.2x",
1318 hdev->name, rp->status, rp->phy_handle);
1319
1320 if (rp->status)
1321 return;
1322
1323 amp_write_rem_assoc_continue(hdev, rp->phy_handle);
1324}
1325
6039aa73 1326static void hci_cs_inquiry(struct hci_dev *hdev, __u8 status)
a9de9248 1327{
9f1db00c 1328 BT_DBG("%s status 0x%2.2x", hdev->name, status);
a9de9248
MH		 1329
1330 if (status) {
23bb5763 1331 hci_req_complete(hdev, HCI_OP_INQUIRY, status);
a9de9248 1332 hci_conn_check_pending(hdev);
56e5cb86 1333 hci_dev_lock(hdev);
a8b2d5c2 1334 if (test_bit(HCI_MGMT, &hdev->dev_flags))
7a135109 1335 mgmt_start_discovery_failed(hdev, status);
56e5cb86 1336 hci_dev_unlock(hdev);
314b2381
JH		 1337 return;
1338 }
1339
89352e7d
AG		 1340 set_bit(HCI_INQUIRY, &hdev->flags);
1341
56e5cb86 1342 hci_dev_lock(hdev);
343f935b 1343 hci_discovery_set_state(hdev, DISCOVERY_FINDING);
56e5cb86 1344 hci_dev_unlock(hdev);
1da177e4
LT		 1345}
1346
6039aa73 1347static void hci_cs_create_conn(struct hci_dev *hdev, __u8 status)
1da177e4 1348{
a9de9248 1349 struct hci_cp_create_conn *cp;
1da177e4 1350 struct hci_conn *conn;
1da177e4 1351
9f1db00c 1352 BT_DBG("%s status 0x%2.2x", hdev->name, status);
a9de9248
MH		 1353
1354 cp = hci_sent_cmd_data(hdev, HCI_OP_CREATE_CONN);
1da177e4
LT		 1355 if (!cp)
1356 return;
1357
1358 hci_dev_lock(hdev);
1359
1360 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1361
6ed93dc6 1362 BT_DBG("%s bdaddr %pMR hcon %p", hdev->name, &cp->bdaddr, conn);
1da177e4
LT		 1363
1364 if (status) {
1365 if (conn && conn->state == BT_CONNECT) {
4c67bc74
MH		 1366 if (status != 0x0c || conn->attempt > 2) {
1367 conn->state = BT_CLOSED;
1368 hci_proto_connect_cfm(conn, status);
1369 hci_conn_del(conn);
1370 } else
1371 conn->state = BT_CONNECT2;
1da177e4
LT		 1372 }
1373 } else {
1374 if (!conn) {
1375 conn = hci_conn_add(hdev, ACL_LINK, &cp->bdaddr);
1376 if (conn) {
a0c808b3 1377 conn->out = true;
1da177e4
LT		 1378 conn->link_mode |= HCI_LM_MASTER;
1379 } else
893ef971 1380 BT_ERR("No memory for new connection");
1da177e4
LT		 1381 }
1382 }
1383
1384 hci_dev_unlock(hdev);
1385}
1386
a9de9248 1387static void hci_cs_add_sco(struct hci_dev *hdev, __u8 status)
1da177e4 1388{
a9de9248
MH		 1389 struct hci_cp_add_sco *cp;
1390 struct hci_conn *acl, *sco;
1391 __u16 handle;
1da177e4 1392
9f1db00c 1393 BT_DBG("%s status 0x%2.2x", hdev->name, status);
b6a0dc82 1394
a9de9248
MH		 1395 if (!status)
1396 return;
1da177e4 1397
a9de9248
MH		 1398 cp = hci_sent_cmd_data(hdev, HCI_OP_ADD_SCO);
1399 if (!cp)
1400 return;
1da177e4 1401
a9de9248 1402 handle = __le16_to_cpu(cp->handle);
1da177e4 1403
9f1db00c 1404 BT_DBG("%s handle 0x%4.4x", hdev->name, handle);
1da177e4 1405
a9de9248 1406 hci_dev_lock(hdev);
1da177e4 1407
a9de9248 1408 acl = hci_conn_hash_lookup_handle(hdev, handle);
5a08ecce
AE		 1409 if (acl) {
1410 sco = acl->link;
1411 if (sco) {
1412 sco->state = BT_CLOSED;
1da177e4 1413
5a08ecce
AE		 1414 hci_proto_connect_cfm(sco, status);
1415 hci_conn_del(sco);
1416 }
a9de9248 1417 }
1da177e4 1418
a9de9248
MH		 1419 hci_dev_unlock(hdev);
1420}
1da177e4 1421
f8558555
MH		 1422static void hci_cs_auth_requested(struct hci_dev *hdev, __u8 status)
1423{
1424 struct hci_cp_auth_requested *cp;
1425 struct hci_conn *conn;
1426
9f1db00c 1427 BT_DBG("%s status 0x%2.2x", hdev->name, status);
f8558555
MH		 1428
1429 if (!status)
1430 return;
1431
1432 cp = hci_sent_cmd_data(hdev, HCI_OP_AUTH_REQUESTED);
1433 if (!cp)
1434 return;
1435
1436 hci_dev_lock(hdev);
1437
1438 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1439 if (conn) {
1440 if (conn->state == BT_CONFIG) {
1441 hci_proto_connect_cfm(conn, status);
1442 hci_conn_put(conn);
1443 }
1444 }
1445
1446 hci_dev_unlock(hdev);
1447}
1448
1449static void hci_cs_set_conn_encrypt(struct hci_dev *hdev, __u8 status)
1450{
1451 struct hci_cp_set_conn_encrypt *cp;
1452 struct hci_conn *conn;
1453
9f1db00c 1454 BT_DBG("%s status 0x%2.2x", hdev->name, status);
f8558555
MH		 1455
1456 if (!status)
1457 return;
1458
1459 cp = hci_sent_cmd_data(hdev, HCI_OP_SET_CONN_ENCRYPT);
1460 if (!cp)
1461 return;
1462
1463 hci_dev_lock(hdev);
1464
1465 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1466 if (conn) {
1467 if (conn->state == BT_CONFIG) {
1468 hci_proto_connect_cfm(conn, status);
1469 hci_conn_put(conn);
1470 }
1471 }
1472
1473 hci_dev_unlock(hdev);
1474}
1475
127178d2 1476static int hci_outgoing_auth_needed(struct hci_dev *hdev,
807deac2 1477 struct hci_conn *conn)
392599b9 1478{
392599b9
JH		 1479 if (conn->state != BT_CONFIG || !conn->out)
1480 return 0;
1481
765c2a96 1482 if (conn->pending_sec_level == BT_SECURITY_SDP)
392599b9
JH		 1483 return 0;
1484
1485 /* Only request authentication for SSP connections or non-SSP
e9bf2bf0 1486 * devices with sec_level HIGH or if MITM protection is requested */
807deac2
GP		 1487 if (!hci_conn_ssp_enabled(conn) && !(conn->auth_type & 0x01) &&
1488 conn->pending_sec_level != BT_SECURITY_HIGH)
392599b9
JH		 1489 return 0;
1490
392599b9
JH		 1491 return 1;
1492}
1493
6039aa73 1494static int hci_resolve_name(struct hci_dev *hdev,
04124681 1495 struct inquiry_entry *e)
30dc78e1
JH		 1496{
1497 struct hci_cp_remote_name_req cp;
1498
1499 memset(&cp, 0, sizeof(cp));
1500
1501 bacpy(&cp.bdaddr, &e->data.bdaddr);
1502 cp.pscan_rep_mode = e->data.pscan_rep_mode;
1503 cp.pscan_mode = e->data.pscan_mode;
1504 cp.clock_offset = e->data.clock_offset;
1505
1506 return hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
1507}
1508
b644ba33 1509static bool hci_resolve_next_name(struct hci_dev *hdev)
30dc78e1
JH		 1510{
1511 struct discovery_state *discov = &hdev->discovery;
1512 struct inquiry_entry *e;
1513
b644ba33
JH		 1514 if (list_empty(&discov->resolve))
1515 return false;
1516
1517 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_NEEDED);
c810089c
RM		 1518 if (!e)
1519 return false;
1520
b644ba33
JH		 1521 if (hci_resolve_name(hdev, e) == 0) {
1522 e->name_state = NAME_PENDING;
1523 return true;
1524 }
1525
1526 return false;
1527}
1528
1529static void hci_check_pending_name(struct hci_dev *hdev, struct hci_conn *conn,
04124681 1530 bdaddr_t *bdaddr, u8 *name, u8 name_len)
b644ba33
JH		 1531{
1532 struct discovery_state *discov = &hdev->discovery;
1533 struct inquiry_entry *e;
1534
1535 if (conn && !test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
04124681
GP		 1536 mgmt_device_connected(hdev, bdaddr, ACL_LINK, 0x00, 0, name,
1537 name_len, conn->dev_class);
b644ba33
JH		 1538
1539 if (discov->state == DISCOVERY_STOPPED)
1540 return;
1541
30dc78e1
JH		 1542 if (discov->state == DISCOVERY_STOPPING)
1543 goto discov_complete;
1544
1545 if (discov->state != DISCOVERY_RESOLVING)
1546 return;
1547
1548 e = hci_inquiry_cache_lookup_resolve(hdev, bdaddr, NAME_PENDING);
7cc8380e
RM		 1549 /* If the device was not found in a list of found devices names of which
1550 * are pending. there is no need to continue resolving a next name as it
1551 * will be done upon receiving another Remote Name Request Complete
1552 * Event */
1553 if (!e)
1554 return;
1555
1556 list_del(&e->list);
1557 if (name) {
30dc78e1 1558 e->name_state = NAME_KNOWN;
7cc8380e
RM		 1559 mgmt_remote_name(hdev, bdaddr, ACL_LINK, 0x00,
1560 e->data.rssi, name, name_len);
c3e7c0d9
RM		 1561 } else {
1562 e->name_state = NAME_NOT_KNOWN;
30dc78e1
JH		 1563 }
1564
b644ba33 1565 if (hci_resolve_next_name(hdev))
30dc78e1 1566 return;
30dc78e1
JH		 1567
1568discov_complete:
1569 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1570}
1571
a9de9248
MH		 1572static void hci_cs_remote_name_req(struct hci_dev *hdev, __u8 status)
1573{
127178d2
JH		 1574 struct hci_cp_remote_name_req *cp;
1575 struct hci_conn *conn;
1576
9f1db00c 1577 BT_DBG("%s status 0x%2.2x", hdev->name, status);
127178d2
JH		 1578
1579 /* If successful wait for the name req complete event before
1580 * checking for the need to do authentication */
1581 if (!status)
1582 return;
1583
1584 cp = hci_sent_cmd_data(hdev, HCI_OP_REMOTE_NAME_REQ);
1585 if (!cp)
1586 return;
1587
1588 hci_dev_lock(hdev);
1589
b644ba33
JH		 1590 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1591
a8b2d5c2 1592 if (test_bit(HCI_MGMT, &hdev->dev_flags))
b644ba33 1593 hci_check_pending_name(hdev, conn, &cp->bdaddr, NULL, 0);
30dc78e1 1594
79c6c70c
JH		 1595 if (!conn)
1596 goto unlock;
1597
1598 if (!hci_outgoing_auth_needed(hdev, conn))
1599 goto unlock;
1600
51a8efd7 1601 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
127178d2
JH		 1602 struct hci_cp_auth_requested cp;
1603 cp.handle = __cpu_to_le16(conn->handle);
1604 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp);
1605 }
1606
79c6c70c 1607unlock:
127178d2 1608 hci_dev_unlock(hdev);
a9de9248 1609}
1da177e4 1610
769be974
MH		 1611static void hci_cs_read_remote_features(struct hci_dev *hdev, __u8 status)
1612{
1613 struct hci_cp_read_remote_features *cp;
1614 struct hci_conn *conn;
1615
9f1db00c 1616 BT_DBG("%s status 0x%2.2x", hdev->name, status);
769be974
MH		 1617
1618 if (!status)
1619 return;
1620
1621 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_FEATURES);
1622 if (!cp)
1623 return;
1624
1625 hci_dev_lock(hdev);
1626
1627 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1628 if (conn) {
1629 if (conn->state == BT_CONFIG) {
769be974
MH		 1630 hci_proto_connect_cfm(conn, status);
1631 hci_conn_put(conn);
1632 }
1633 }
1634
1635 hci_dev_unlock(hdev);
1636}
1637
1638static void hci_cs_read_remote_ext_features(struct hci_dev *hdev, __u8 status)
1639{
1640 struct hci_cp_read_remote_ext_features *cp;
1641 struct hci_conn *conn;
1642
9f1db00c 1643 BT_DBG("%s status 0x%2.2x", hdev->name, status);
769be974
MH		 1644
1645 if (!status)
1646 return;
1647
1648 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES);
1649 if (!cp)
1650 return;
1651
1652 hci_dev_lock(hdev);
1653
1654 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1655 if (conn) {
1656 if (conn->state == BT_CONFIG) {
769be974
MH		 1657 hci_proto_connect_cfm(conn, status);
1658 hci_conn_put(conn);
1659 }
1660 }
1661
1662 hci_dev_unlock(hdev);
1663}
1664
a9de9248
MH		 1665static void hci_cs_setup_sync_conn(struct hci_dev *hdev, __u8 status)
1666{
b6a0dc82
MH		 1667 struct hci_cp_setup_sync_conn *cp;
1668 struct hci_conn *acl, *sco;
1669 __u16 handle;
1670
9f1db00c 1671 BT_DBG("%s status 0x%2.2x", hdev->name, status);
b6a0dc82
MH		 1672
1673 if (!status)
1674 return;
1675
1676 cp = hci_sent_cmd_data(hdev, HCI_OP_SETUP_SYNC_CONN);
1677 if (!cp)
1678 return;
1679
1680 handle = __le16_to_cpu(cp->handle);
1681
9f1db00c 1682 BT_DBG("%s handle 0x%4.4x", hdev->name, handle);
b6a0dc82
MH		 1683
1684 hci_dev_lock(hdev);
1685
1686 acl = hci_conn_hash_lookup_handle(hdev, handle);
5a08ecce
AE		 1687 if (acl) {
1688 sco = acl->link;
1689 if (sco) {
1690 sco->state = BT_CLOSED;
b6a0dc82 1691
5a08ecce
AE		 1692 hci_proto_connect_cfm(sco, status);
1693 hci_conn_del(sco);
1694 }
b6a0dc82
MH		 1695 }
1696
1697 hci_dev_unlock(hdev);
1da177e4
LT		 1698}
1699
a9de9248 1700static void hci_cs_sniff_mode(struct hci_dev *hdev, __u8 status)
1da177e4 1701{
a9de9248
MH		 1702 struct hci_cp_sniff_mode *cp;
1703 struct hci_conn *conn;
1da177e4 1704
9f1db00c 1705 BT_DBG("%s status 0x%2.2x", hdev->name, status);
04837f64 1706
a9de9248
MH		 1707 if (!status)
1708 return;
04837f64 1709
a9de9248
MH		 1710 cp = hci_sent_cmd_data(hdev, HCI_OP_SNIFF_MODE);
1711 if (!cp)
1712 return;
04837f64 1713
a9de9248 1714 hci_dev_lock(hdev);
04837f64 1715
a9de9248 1716 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
e73439d8 1717 if (conn) {
51a8efd7 1718 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags);
04837f64 1719
51a8efd7 1720 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
e73439d8
MH		 1721 hci_sco_setup(conn, status);
1722 }
1723
a9de9248
MH		 1724 hci_dev_unlock(hdev);
1725}
04837f64 1726
a9de9248
MH		 1727static void hci_cs_exit_sniff_mode(struct hci_dev *hdev, __u8 status)
1728{
1729 struct hci_cp_exit_sniff_mode *cp;
1730 struct hci_conn *conn;
04837f64 1731
9f1db00c 1732 BT_DBG("%s status 0x%2.2x", hdev->name, status);
04837f64 1733
a9de9248
MH		 1734 if (!status)
1735 return;
04837f64 1736
a9de9248
MH		 1737 cp = hci_sent_cmd_data(hdev, HCI_OP_EXIT_SNIFF_MODE);
1738 if (!cp)
1739 return;
04837f64 1740
a9de9248 1741 hci_dev_lock(hdev);
1da177e4 1742
a9de9248 1743 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
e73439d8 1744 if (conn) {
51a8efd7 1745 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags);
1da177e4 1746
51a8efd7 1747 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
e73439d8
MH		 1748 hci_sco_setup(conn, status);
1749 }
1750
a9de9248 1751 hci_dev_unlock(hdev);
1da177e4
LT		 1752}
1753
88c3df13
JH		 1754static void hci_cs_disconnect(struct hci_dev *hdev, u8 status)
1755{
1756 struct hci_cp_disconnect *cp;
1757 struct hci_conn *conn;
1758
1759 if (!status)
1760 return;
1761
1762 cp = hci_sent_cmd_data(hdev, HCI_OP_DISCONNECT);
1763 if (!cp)
1764 return;
1765
1766 hci_dev_lock(hdev);
1767
1768 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1769 if (conn)
1770 mgmt_disconnect_failed(hdev, &conn->dst, conn->type,
04124681 1771 conn->dst_type, status);
88c3df13
JH		 1772
1773 hci_dev_unlock(hdev);
1774}
1775
fcd89c09
VT		 1776static void hci_cs_le_create_conn(struct hci_dev *hdev, __u8 status)
1777{
fcd89c09
VT		 1778 struct hci_conn *conn;
1779
9f1db00c 1780 BT_DBG("%s status 0x%2.2x", hdev->name, status);
fcd89c09 1781
f00a06ac
AG		 1782 if (status) {
1783 hci_dev_lock(hdev);
fcd89c09 1784
0c95ab78 1785 conn = hci_conn_hash_lookup_state(hdev, LE_LINK, BT_CONNECT);
f00a06ac
AG		 1786 if (!conn) {
1787 hci_dev_unlock(hdev);
1788 return;
1789 }
fcd89c09 1790
6ed93dc6 1791 BT_DBG("%s bdaddr %pMR conn %p", hdev->name, &conn->dst, conn);
fcd89c09 1792
f00a06ac 1793 conn->state = BT_CLOSED;
0c95ab78 1794 mgmt_connect_failed(hdev, &conn->dst, conn->type,
f00a06ac
AG		 1795 conn->dst_type, status);
1796 hci_proto_connect_cfm(conn, status);
1797 hci_conn_del(conn);
fcd89c09 1798
f00a06ac
AG		 1799 hci_dev_unlock(hdev);
1800 }
fcd89c09
VT		 1801}
1802
a7a595f6
VCG		 1803static void hci_cs_le_start_enc(struct hci_dev *hdev, u8 status)
1804{
9f1db00c 1805 BT_DBG("%s status 0x%2.2x", hdev->name, status);
a7a595f6
VCG		 1806}
1807
a02226d6
AE		 1808static void hci_cs_create_phylink(struct hci_dev *hdev, u8 status)
1809{
93c284ee
AE		 1810 struct hci_cp_create_phy_link *cp;
1811
a02226d6 1812 BT_DBG("%s status 0x%2.2x", hdev->name, status);
93c284ee 1813
93c284ee
AE		 1814 cp = hci_sent_cmd_data(hdev, HCI_OP_CREATE_PHY_LINK);
1815 if (!cp)
1816 return;
1817
e58917b9
AE		 1818 hci_dev_lock(hdev);
1819
1820 if (status) {
1821 struct hci_conn *hcon;
1822
1823 hcon = hci_conn_hash_lookup_handle(hdev, cp->phy_handle);
1824 if (hcon)
1825 hci_conn_del(hcon);
1826 } else {
1827 amp_write_remote_assoc(hdev, cp->phy_handle);
1828 }
1829
1830 hci_dev_unlock(hdev);
a02226d6
AE		 1831}
1832
0b26ab9d
AE		 1833static void hci_cs_accept_phylink(struct hci_dev *hdev, u8 status)
1834{
1835 struct hci_cp_accept_phy_link *cp;
1836
1837 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1838
1839 if (status)
1840 return;
1841
1842 cp = hci_sent_cmd_data(hdev, HCI_OP_ACCEPT_PHY_LINK);
1843 if (!cp)
1844 return;
1845
1846 amp_write_remote_assoc(hdev, cp->phy_handle);
1847}
1848
5ce66b59
AE		 1849static void hci_cs_create_logical_link(struct hci_dev *hdev, u8 status)
1850{
1851 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1852}
1853
6039aa73 1854static void hci_inquiry_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4
LT		 1855{
1856 __u8 status = *((__u8 *) skb->data);
30dc78e1
JH		 1857 struct discovery_state *discov = &hdev->discovery;
1858 struct inquiry_entry *e;
1da177e4 1859
9f1db00c 1860 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1da177e4 1861
23bb5763 1862 hci_req_complete(hdev, HCI_OP_INQUIRY, status);
6bd57416 1863
a9de9248 1864 hci_conn_check_pending(hdev);
89352e7d
AG		 1865
1866 if (!test_and_clear_bit(HCI_INQUIRY, &hdev->flags))
1867 return;
1868
a8b2d5c2 1869 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
30dc78e1
JH		 1870 return;
1871
56e5cb86 1872 hci_dev_lock(hdev);
30dc78e1 1873
343f935b 1874 if (discov->state != DISCOVERY_FINDING)
30dc78e1
JH		 1875 goto unlock;
1876
1877 if (list_empty(&discov->resolve)) {
1878 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1879 goto unlock;
1880 }
1881
1882 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_NEEDED);
1883 if (e && hci_resolve_name(hdev, e) == 0) {
1884 e->name_state = NAME_PENDING;
1885 hci_discovery_set_state(hdev, DISCOVERY_RESOLVING);
1886 } else {
1887 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1888 }
1889
1890unlock:
56e5cb86 1891 hci_dev_unlock(hdev);
1da177e4
LT		 1892}
1893
6039aa73 1894static void hci_inquiry_result_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 1895{
45bb4bf0 1896 struct inquiry_data data;
a9de9248 1897 struct inquiry_info *info = (void *) (skb->data + 1);
1da177e4
LT		 1898 int num_rsp = *((__u8 *) skb->data);
1899
1900 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
1901
45bb4bf0
MH		 1902 if (!num_rsp)
1903 return;
1904
1519cc17
AG		 1905 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags))
1906 return;
1907
1da177e4 1908 hci_dev_lock(hdev);
45bb4bf0 1909
e17acd40 1910 for (; num_rsp; num_rsp--, info++) {
388fc8fa 1911 bool name_known, ssp;
3175405b 1912
1da177e4
LT		 1913 bacpy(&data.bdaddr, &info->bdaddr);
1914 data.pscan_rep_mode = info->pscan_rep_mode;
1915 data.pscan_period_mode = info->pscan_period_mode;
1916 data.pscan_mode = info->pscan_mode;
1917 memcpy(data.dev_class, info->dev_class, 3);
1918 data.clock_offset = info->clock_offset;
1919 data.rssi = 0x00;
41a96212 1920 data.ssp_mode = 0x00;
3175405b 1921
388fc8fa 1922 name_known = hci_inquiry_cache_update(hdev, &data, false, &ssp);
48264f06 1923 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
04124681
GP		 1924 info->dev_class, 0, !name_known, ssp, NULL,
1925 0);
1da177e4 1926 }
45bb4bf0 1927
1da177e4
LT		 1928 hci_dev_unlock(hdev);
1929}
1930
6039aa73 1931static void hci_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 1932{
a9de9248
MH		 1933 struct hci_ev_conn_complete *ev = (void *) skb->data;
1934 struct hci_conn *conn;
1da177e4
LT		 1935
1936 BT_DBG("%s", hdev->name);
1937
1938 hci_dev_lock(hdev);
1939
1940 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
9499237a
MH		 1941 if (!conn) {
1942 if (ev->link_type != SCO_LINK)
1943 goto unlock;
1944
1945 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
1946 if (!conn)
1947 goto unlock;
1948
1949 conn->type = SCO_LINK;
1950 }
1da177e4
LT		 1951
1952 if (!ev->status) {
1953 conn->handle = __le16_to_cpu(ev->handle);
769be974
MH		 1954
1955 if (conn->type == ACL_LINK) {
1956 conn->state = BT_CONFIG;
1957 hci_conn_hold(conn);
a9ea3ed9
SJ		 1958
1959 if (!conn->out && !hci_conn_ssp_enabled(conn) &&
1960 !hci_find_link_key(hdev, &ev->bdaddr))
1961 conn->disc_timeout = HCI_PAIRING_TIMEOUT;
1962 else
1963 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
769be974
MH		 1964 } else
1965 conn->state = BT_CONNECTED;
1da177e4 1966
9eba32b8 1967 hci_conn_hold_device(conn);
7d0db0a3
MH		 1968 hci_conn_add_sysfs(conn);
1969
1da177e4
LT		 1970 if (test_bit(HCI_AUTH, &hdev->flags))
1971 conn->link_mode |= HCI_LM_AUTH;
1972
1973 if (test_bit(HCI_ENCRYPT, &hdev->flags))
1974 conn->link_mode |= HCI_LM_ENCRYPT;
1975
04837f64
MH		 1976 /* Get remote features */
1977 if (conn->type == ACL_LINK) {
1978 struct hci_cp_read_remote_features cp;
1979 cp.handle = ev->handle;
769be974 1980 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_FEATURES,
04124681 1981 sizeof(cp), &cp);
04837f64
MH		 1982 }
1983
1da177e4 1984 /* Set packet type for incoming connection */
d095c1eb 1985 if (!conn->out && hdev->hci_ver < BLUETOOTH_VER_2_0) {
1da177e4
LT		 1986 struct hci_cp_change_conn_ptype cp;
1987 cp.handle = ev->handle;
a8746417 1988 cp.pkt_type = cpu_to_le16(conn->pkt_type);
04124681
GP		 1989 hci_send_cmd(hdev, HCI_OP_CHANGE_CONN_PTYPE, sizeof(cp),
1990 &cp);
1da177e4 1991 }
17d5c04c 1992 } else {
1da177e4 1993 conn->state = BT_CLOSED;
17d5c04c 1994 if (conn->type == ACL_LINK)
744cf19e 1995 mgmt_connect_failed(hdev, &ev->bdaddr, conn->type,
04124681 1996 conn->dst_type, ev->status);
17d5c04c 1997 }
1da177e4 1998
e73439d8
MH		 1999 if (conn->type == ACL_LINK)
2000 hci_sco_setup(conn, ev->status);
1da177e4 2001
769be974
MH		 2002 if (ev->status) {
2003 hci_proto_connect_cfm(conn, ev->status);
1da177e4 2004 hci_conn_del(conn);
c89b6e6b
MH		 2005 } else if (ev->link_type != ACL_LINK)
2006 hci_proto_connect_cfm(conn, ev->status);
1da177e4 2007
a9de9248 2008unlock:
1da177e4 2009 hci_dev_unlock(hdev);
1da177e4 2010
a9de9248 2011 hci_conn_check_pending(hdev);
1da177e4
LT		 2012}
2013
6039aa73 2014static void hci_conn_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 2015{
a9de9248
MH		 2016 struct hci_ev_conn_request *ev = (void *) skb->data;
2017 int mask = hdev->link_mode;
1da177e4 2018
6ed93dc6 2019 BT_DBG("%s bdaddr %pMR type 0x%x", hdev->name, &ev->bdaddr,
807deac2 2020 ev->link_type);
1da177e4 2021
a9de9248 2022 mask |= hci_proto_connect_ind(hdev, &ev->bdaddr, ev->link_type);
1da177e4 2023
138d22ef 2024 if ((mask & HCI_LM_ACCEPT) &&
807deac2 2025 !hci_blacklist_lookup(hdev, &ev->bdaddr)) {
a9de9248 2026 /* Connection accepted */
c7bdd502 2027 struct inquiry_entry *ie;
1da177e4 2028 struct hci_conn *conn;
1da177e4 2029
a9de9248 2030 hci_dev_lock(hdev);
b6a0dc82 2031
cc11b9c1
AE		 2032 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
2033 if (ie)
c7bdd502
MH		 2034 memcpy(ie->data.dev_class, ev->dev_class, 3);
2035
8fc9ced3
GP		 2036 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type,
2037 &ev->bdaddr);
a9de9248 2038 if (!conn) {
cc11b9c1
AE		 2039 conn = hci_conn_add(hdev, ev->link_type, &ev->bdaddr);
2040 if (!conn) {
893ef971 2041 BT_ERR("No memory for new connection");
a9de9248
MH		 2042 hci_dev_unlock(hdev);
2043 return;
1da177e4
LT		 2044 }
2045 }
b6a0dc82 2046
a9de9248
MH		 2047 memcpy(conn->dev_class, ev->dev_class, 3);
2048 conn->state = BT_CONNECT;
b6a0dc82 2049
a9de9248 2050 hci_dev_unlock(hdev);
1da177e4 2051
b6a0dc82
MH		 2052 if (ev->link_type == ACL_LINK || !lmp_esco_capable(hdev)) {
2053 struct hci_cp_accept_conn_req cp;
1da177e4 2054
b6a0dc82
MH		 2055 bacpy(&cp.bdaddr, &ev->bdaddr);
2056
2057 if (lmp_rswitch_capable(hdev) && (mask & HCI_LM_MASTER))
2058 cp.role = 0x00; /* Become master */
2059 else
2060 cp.role = 0x01; /* Remain slave */
2061
04124681
GP		 2062 hci_send_cmd(hdev, HCI_OP_ACCEPT_CONN_REQ, sizeof(cp),
2063 &cp);
b6a0dc82
MH		 2064 } else {
2065 struct hci_cp_accept_sync_conn_req cp;
2066
2067 bacpy(&cp.bdaddr, &ev->bdaddr);
a8746417 2068 cp.pkt_type = cpu_to_le16(conn->pkt_type);
b6a0dc82 2069
82781e63
AE		 2070 cp.tx_bandwidth = __constant_cpu_to_le32(0x00001f40);
2071 cp.rx_bandwidth = __constant_cpu_to_le32(0x00001f40);
2072 cp.max_latency = __constant_cpu_to_le16(0xffff);
b6a0dc82
MH		 2073 cp.content_format = cpu_to_le16(hdev->voice_setting);
2074 cp.retrans_effort = 0xff;
1da177e4 2075
b6a0dc82 2076 hci_send_cmd(hdev, HCI_OP_ACCEPT_SYNC_CONN_REQ,
04124681 2077 sizeof(cp), &cp);
b6a0dc82 2078 }
a9de9248
MH		 2079 } else {
2080 /* Connection rejected */
2081 struct hci_cp_reject_conn_req cp;
1da177e4 2082
a9de9248 2083 bacpy(&cp.bdaddr, &ev->bdaddr);
9f5a0d7b 2084 cp.reason = HCI_ERROR_REJ_BAD_ADDR;
a9de9248 2085 hci_send_cmd(hdev, HCI_OP_REJECT_CONN_REQ, sizeof(cp), &cp);
1da177e4 2086 }
1da177e4
LT		 2087}
2088
f0d6a0ea
MA		 2089static u8 hci_to_mgmt_reason(u8 err)
2090{
2091 switch (err) {
2092 case HCI_ERROR_CONNECTION_TIMEOUT:
2093 return MGMT_DEV_DISCONN_TIMEOUT;
2094 case HCI_ERROR_REMOTE_USER_TERM:
2095 case HCI_ERROR_REMOTE_LOW_RESOURCES:
2096 case HCI_ERROR_REMOTE_POWER_OFF:
2097 return MGMT_DEV_DISCONN_REMOTE;
2098 case HCI_ERROR_LOCAL_HOST_TERM:
2099 return MGMT_DEV_DISCONN_LOCAL_HOST;
2100 default:
2101 return MGMT_DEV_DISCONN_UNKNOWN;
2102 }
2103}
2104
6039aa73 2105static void hci_disconn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
04837f64 2106{
a9de9248 2107 struct hci_ev_disconn_complete *ev = (void *) skb->data;
04837f64
MH		 2108 struct hci_conn *conn;
2109
9f1db00c 2110 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
04837f64
MH		 2111
2112 hci_dev_lock(hdev);
2113
2114 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
f7520543
JH		 2115 if (!conn)
2116 goto unlock;
7d0db0a3 2117
37d9ef76
JH		 2118 if (ev->status == 0)
2119 conn->state = BT_CLOSED;
04837f64 2120
b644ba33 2121 if (test_and_clear_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags) &&
807deac2 2122 (conn->type == ACL_LINK || conn->type == LE_LINK)) {
f0d6a0ea 2123 if (ev->status) {
88c3df13 2124 mgmt_disconnect_failed(hdev, &conn->dst, conn->type,
807deac2 2125 conn->dst_type, ev->status);
f0d6a0ea
MA		 2126 } else {
2127 u8 reason = hci_to_mgmt_reason(ev->reason);
2128
afc747a6 2129 mgmt_device_disconnected(hdev, &conn->dst, conn->type,
f0d6a0ea
MA		 2130 conn->dst_type, reason);
2131 }
37d9ef76 2132 }
f7520543 2133
37d9ef76 2134 if (ev->status == 0) {
6ec5bcad
VA		 2135 if (conn->type == ACL_LINK && conn->flush_key)
2136 hci_remove_link_key(hdev, &conn->dst);
37d9ef76
JH		 2137 hci_proto_disconn_cfm(conn, ev->reason);
2138 hci_conn_del(conn);
2139 }
f7520543
JH		 2140
2141unlock:
04837f64
MH		 2142 hci_dev_unlock(hdev);
2143}
2144
6039aa73 2145static void hci_auth_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 2146{
a9de9248 2147 struct hci_ev_auth_complete *ev = (void *) skb->data;
04837f64 2148 struct hci_conn *conn;
1da177e4 2149
9f1db00c 2150 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
1da177e4
LT		 2151
2152 hci_dev_lock(hdev);
2153
04837f64 2154 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
d7556e20
WR		 2155 if (!conn)
2156 goto unlock;
2157
2158 if (!ev->status) {
aa64a8b5 2159 if (!hci_conn_ssp_enabled(conn) &&
807deac2 2160 test_bit(HCI_CONN_REAUTH_PEND, &conn->flags)) {
d7556e20 2161 BT_INFO("re-auth of legacy device is not possible.");
2a611692 2162 } else {
d7556e20
WR		 2163 conn->link_mode |= HCI_LM_AUTH;
2164 conn->sec_level = conn->pending_sec_level;
2a611692 2165 }
d7556e20 2166 } else {
bab73cb6 2167 mgmt_auth_failed(hdev, &conn->dst, conn->type, conn->dst_type,
04124681 2168 ev->status);
d7556e20 2169 }
1da177e4 2170
51a8efd7
JH		 2171 clear_bit(HCI_CONN_AUTH_PEND, &conn->flags);
2172 clear_bit(HCI_CONN_REAUTH_PEND, &conn->flags);
1da177e4 2173
d7556e20 2174 if (conn->state == BT_CONFIG) {
aa64a8b5 2175 if (!ev->status && hci_conn_ssp_enabled(conn)) {
d7556e20
WR		 2176 struct hci_cp_set_conn_encrypt cp;
2177 cp.handle = ev->handle;
2178 cp.encrypt = 0x01;
2179 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
807deac2 2180 &cp);
052b30b0 2181 } else {
d7556e20
WR		 2182 conn->state = BT_CONNECTED;
2183 hci_proto_connect_cfm(conn, ev->status);
052b30b0
MH		 2184 hci_conn_put(conn);
2185 }
d7556e20
WR		 2186 } else {
2187 hci_auth_cfm(conn, ev->status);
052b30b0 2188
d7556e20
WR		 2189 hci_conn_hold(conn);
2190 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
2191 hci_conn_put(conn);
2192 }
2193
51a8efd7 2194 if (test_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags)) {
d7556e20
WR		 2195 if (!ev->status) {
2196 struct hci_cp_set_conn_encrypt cp;
2197 cp.handle = ev->handle;
2198 cp.encrypt = 0x01;
2199 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
807deac2 2200 &cp);
d7556e20 2201 } else {
51a8efd7 2202 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
d7556e20 2203 hci_encrypt_cfm(conn, ev->status, 0x00);
1da177e4
LT		 2204 }
2205 }
2206
d7556e20 2207unlock:
1da177e4
LT		 2208 hci_dev_unlock(hdev);
2209}
2210
6039aa73 2211static void hci_remote_name_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 2212{
127178d2
JH		 2213 struct hci_ev_remote_name *ev = (void *) skb->data;
2214 struct hci_conn *conn;
2215
a9de9248 2216 BT_DBG("%s", hdev->name);
1da177e4 2217
a9de9248 2218 hci_conn_check_pending(hdev);
127178d2
JH		 2219
2220 hci_dev_lock(hdev);
2221
b644ba33 2222 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
30dc78e1 2223
b644ba33
JH		 2224 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
2225 goto check_auth;
a88a9652 2226
b644ba33
JH		 2227 if (ev->status == 0)
2228 hci_check_pending_name(hdev, conn, &ev->bdaddr, ev->name,
04124681 2229 strnlen(ev->name, HCI_MAX_NAME_LENGTH));
b644ba33
JH		 2230 else
2231 hci_check_pending_name(hdev, conn, &ev->bdaddr, NULL, 0);
2232
2233check_auth:
79c6c70c
JH		 2234 if (!conn)
2235 goto unlock;
2236
2237 if (!hci_outgoing_auth_needed(hdev, conn))
2238 goto unlock;
2239
51a8efd7 2240 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
127178d2
JH		 2241 struct hci_cp_auth_requested cp;
2242 cp.handle = __cpu_to_le16(conn->handle);
2243 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp);
2244 }
2245
79c6c70c 2246unlock:
127178d2 2247 hci_dev_unlock(hdev);
a9de9248
MH		 2248}
2249
6039aa73 2250static void hci_encrypt_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248
MH		 2251{
2252 struct hci_ev_encrypt_change *ev = (void *) skb->data;
2253 struct hci_conn *conn;
2254
9f1db00c 2255 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
1da177e4
LT		 2256
2257 hci_dev_lock(hdev);
2258
04837f64 2259 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1da177e4
LT		 2260 if (conn) {
2261 if (!ev->status) {
ae293196
MH		 2262 if (ev->encrypt) {
2263 /* Encryption implies authentication */
2264 conn->link_mode |= HCI_LM_AUTH;
1da177e4 2265 conn->link_mode |= HCI_LM_ENCRYPT;
da85e5e5 2266 conn->sec_level = conn->pending_sec_level;
ae293196 2267 } else
1da177e4
LT		 2268 conn->link_mode &= ~HCI_LM_ENCRYPT;
2269 }
2270
51a8efd7 2271 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
1da177e4 2272
a7d7723a 2273 if (ev->status && conn->state == BT_CONNECTED) {
d839c813 2274 hci_acl_disconn(conn, HCI_ERROR_AUTH_FAILURE);
a7d7723a
GP		 2275 hci_conn_put(conn);
2276 goto unlock;
2277 }
2278
f8558555
MH		 2279 if (conn->state == BT_CONFIG) {
2280 if (!ev->status)
2281 conn->state = BT_CONNECTED;
2282
2283 hci_proto_connect_cfm(conn, ev->status);
2284 hci_conn_put(conn);
2285 } else
2286 hci_encrypt_cfm(conn, ev->status, ev->encrypt);
1da177e4
LT		 2287 }
2288
a7d7723a 2289unlock:
1da177e4
LT		 2290 hci_dev_unlock(hdev);
2291}
2292
6039aa73
GP		 2293static void hci_change_link_key_complete_evt(struct hci_dev *hdev,
2294 struct sk_buff *skb)
1da177e4 2295{
a9de9248 2296 struct hci_ev_change_link_key_complete *ev = (void *) skb->data;
04837f64 2297 struct hci_conn *conn;
1da177e4 2298
9f1db00c 2299 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
1da177e4
LT		 2300
2301 hci_dev_lock(hdev);
2302
04837f64 2303 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1da177e4
LT		 2304 if (conn) {
2305 if (!ev->status)
2306 conn->link_mode |= HCI_LM_SECURE;
2307
51a8efd7 2308 clear_bit(HCI_CONN_AUTH_PEND, &conn->flags);
1da177e4
LT		 2309
2310 hci_key_change_cfm(conn, ev->status);
2311 }
2312
2313 hci_dev_unlock(hdev);
2314}
2315
6039aa73
GP		 2316static void hci_remote_features_evt(struct hci_dev *hdev,
2317 struct sk_buff *skb)
1da177e4 2318{
a9de9248
MH		 2319 struct hci_ev_remote_features *ev = (void *) skb->data;
2320 struct hci_conn *conn;
2321
9f1db00c 2322 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
a9de9248 2323
a9de9248
MH		 2324 hci_dev_lock(hdev);
2325
2326 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
ccd556fe
JH		 2327 if (!conn)
2328 goto unlock;
769be974 2329
ccd556fe
JH		 2330 if (!ev->status)
2331 memcpy(conn->features, ev->features, 8);
2332
2333 if (conn->state != BT_CONFIG)
2334 goto unlock;
2335
2336 if (!ev->status && lmp_ssp_capable(hdev) && lmp_ssp_capable(conn)) {
2337 struct hci_cp_read_remote_ext_features cp;
2338 cp.handle = ev->handle;
2339 cp.page = 0x01;
2340 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES,
807deac2 2341 sizeof(cp), &cp);
392599b9
JH		 2342 goto unlock;
2343 }
2344
671267bf 2345 if (!ev->status && !test_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags)) {
127178d2
JH		 2346 struct hci_cp_remote_name_req cp;
2347 memset(&cp, 0, sizeof(cp));
2348 bacpy(&cp.bdaddr, &conn->dst);
2349 cp.pscan_rep_mode = 0x02;
2350 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
b644ba33
JH		 2351 } else if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
2352 mgmt_device_connected(hdev, &conn->dst, conn->type,
04124681
GP		 2353 conn->dst_type, 0, NULL, 0,
2354 conn->dev_class);
392599b9 2355
127178d2 2356 if (!hci_outgoing_auth_needed(hdev, conn)) {
ccd556fe
JH		 2357 conn->state = BT_CONNECTED;
2358 hci_proto_connect_cfm(conn, ev->status);
2359 hci_conn_put(conn);
769be974 2360 }
a9de9248 2361
ccd556fe 2362unlock:
a9de9248 2363 hci_dev_unlock(hdev);
1da177e4
LT		 2364}
2365
6039aa73 2366static void hci_remote_version_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 2367{
a9de9248 2368 BT_DBG("%s", hdev->name);
1da177e4
LT		 2369}
2370
6039aa73
GP		 2371static void hci_qos_setup_complete_evt(struct hci_dev *hdev,
2372 struct sk_buff *skb)
1da177e4 2373{
a9de9248 2374 BT_DBG("%s", hdev->name);
1da177e4
LT		 2375}
2376
6039aa73 2377static void hci_cmd_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248
MH		 2378{
2379 struct hci_ev_cmd_complete *ev = (void *) skb->data;
2380 __u16 opcode;
2381
2382 skb_pull(skb, sizeof(*ev));
2383
2384 opcode = __le16_to_cpu(ev->opcode);
2385
2386 switch (opcode) {
2387 case HCI_OP_INQUIRY_CANCEL:
2388 hci_cc_inquiry_cancel(hdev, skb);
2389 break;
2390
4d93483b
AG		 2391 case HCI_OP_PERIODIC_INQ:
2392 hci_cc_periodic_inq(hdev, skb);
2393 break;
2394
a9de9248
MH		 2395 case HCI_OP_EXIT_PERIODIC_INQ:
2396 hci_cc_exit_periodic_inq(hdev, skb);
2397 break;
2398
2399 case HCI_OP_REMOTE_NAME_REQ_CANCEL:
2400 hci_cc_remote_name_req_cancel(hdev, skb);
2401 break;
2402
2403 case HCI_OP_ROLE_DISCOVERY:
2404 hci_cc_role_discovery(hdev, skb);
2405 break;
2406
e4e8e37c
MH		 2407 case HCI_OP_READ_LINK_POLICY:
2408 hci_cc_read_link_policy(hdev, skb);
2409 break;
2410
a9de9248
MH		 2411 case HCI_OP_WRITE_LINK_POLICY:
2412 hci_cc_write_link_policy(hdev, skb);
2413 break;
2414
e4e8e37c
MH		 2415 case HCI_OP_READ_DEF_LINK_POLICY:
2416 hci_cc_read_def_link_policy(hdev, skb);
2417 break;
2418
2419 case HCI_OP_WRITE_DEF_LINK_POLICY:
2420 hci_cc_write_def_link_policy(hdev, skb);
2421 break;
2422
a9de9248
MH		 2423 case HCI_OP_RESET:
2424 hci_cc_reset(hdev, skb);
2425 break;
2426
2427 case HCI_OP_WRITE_LOCAL_NAME:
2428 hci_cc_write_local_name(hdev, skb);
2429 break;
2430
2431 case HCI_OP_READ_LOCAL_NAME:
2432 hci_cc_read_local_name(hdev, skb);
2433 break;
2434
2435 case HCI_OP_WRITE_AUTH_ENABLE:
2436 hci_cc_write_auth_enable(hdev, skb);
2437 break;
2438
2439 case HCI_OP_WRITE_ENCRYPT_MODE:
2440 hci_cc_write_encrypt_mode(hdev, skb);
2441 break;
2442
2443 case HCI_OP_WRITE_SCAN_ENABLE:
2444 hci_cc_write_scan_enable(hdev, skb);
2445 break;
2446
2447 case HCI_OP_READ_CLASS_OF_DEV:
2448 hci_cc_read_class_of_dev(hdev, skb);
2449 break;
2450
2451 case HCI_OP_WRITE_CLASS_OF_DEV:
2452 hci_cc_write_class_of_dev(hdev, skb);
2453 break;
2454
2455 case HCI_OP_READ_VOICE_SETTING:
2456 hci_cc_read_voice_setting(hdev, skb);
2457 break;
2458
2459 case HCI_OP_WRITE_VOICE_SETTING:
2460 hci_cc_write_voice_setting(hdev, skb);
2461 break;
2462
2463 case HCI_OP_HOST_BUFFER_SIZE:
2464 hci_cc_host_buffer_size(hdev, skb);
2465 break;
2466
333140b5
MH		 2467 case HCI_OP_WRITE_SSP_MODE:
2468 hci_cc_write_ssp_mode(hdev, skb);
2469 break;
2470
a9de9248
MH		 2471 case HCI_OP_READ_LOCAL_VERSION:
2472 hci_cc_read_local_version(hdev, skb);
2473 break;
2474
2475 case HCI_OP_READ_LOCAL_COMMANDS:
2476 hci_cc_read_local_commands(hdev, skb);
2477 break;
2478
2479 case HCI_OP_READ_LOCAL_FEATURES:
2480 hci_cc_read_local_features(hdev, skb);
2481 break;
2482
971e3a4b
AG		 2483 case HCI_OP_READ_LOCAL_EXT_FEATURES:
2484 hci_cc_read_local_ext_features(hdev, skb);
2485 break;
2486
a9de9248
MH		 2487 case HCI_OP_READ_BUFFER_SIZE:
2488 hci_cc_read_buffer_size(hdev, skb);
2489 break;
2490
2491 case HCI_OP_READ_BD_ADDR:
2492 hci_cc_read_bd_addr(hdev, skb);
2493 break;
2494
350ee4cf
AE		 2495 case HCI_OP_READ_DATA_BLOCK_SIZE:
2496 hci_cc_read_data_block_size(hdev, skb);
2497 break;
2498
23bb5763
JH		 2499 case HCI_OP_WRITE_CA_TIMEOUT:
2500 hci_cc_write_ca_timeout(hdev, skb);
2501 break;
2502
1e89cffb
AE		 2503 case HCI_OP_READ_FLOW_CONTROL_MODE:
2504 hci_cc_read_flow_control_mode(hdev, skb);
2505 break;
2506
928abaa7
AE		 2507 case HCI_OP_READ_LOCAL_AMP_INFO:
2508 hci_cc_read_local_amp_info(hdev, skb);
2509 break;
2510
903e4541
AE		 2511 case HCI_OP_READ_LOCAL_AMP_ASSOC:
2512 hci_cc_read_local_amp_assoc(hdev, skb);
2513 break;
2514
b0916ea0
JH		 2515 case HCI_OP_DELETE_STORED_LINK_KEY:
2516 hci_cc_delete_stored_link_key(hdev, skb);
2517 break;
2518
d5859e22
JH		 2519 case HCI_OP_SET_EVENT_MASK:
2520 hci_cc_set_event_mask(hdev, skb);
2521 break;
2522
2523 case HCI_OP_WRITE_INQUIRY_MODE:
2524 hci_cc_write_inquiry_mode(hdev, skb);
2525 break;
2526
2527 case HCI_OP_READ_INQ_RSP_TX_POWER:
2528 hci_cc_read_inq_rsp_tx_power(hdev, skb);
2529 break;
2530
2531 case HCI_OP_SET_EVENT_FLT:
2532 hci_cc_set_event_flt(hdev, skb);
2533 break;
2534
980e1a53
JH		 2535 case HCI_OP_PIN_CODE_REPLY:
2536 hci_cc_pin_code_reply(hdev, skb);
2537 break;
2538
2539 case HCI_OP_PIN_CODE_NEG_REPLY:
2540 hci_cc_pin_code_neg_reply(hdev, skb);
2541 break;
2542
c35938b2
SJ		 2543 case HCI_OP_READ_LOCAL_OOB_DATA:
2544 hci_cc_read_local_oob_data_reply(hdev, skb);
2545 break;
2546
6ed58ec5
VT		 2547 case HCI_OP_LE_READ_BUFFER_SIZE:
2548 hci_cc_le_read_buffer_size(hdev, skb);
2549 break;
2550
8fa19098
JH		 2551 case HCI_OP_LE_READ_ADV_TX_POWER:
2552 hci_cc_le_read_adv_tx_power(hdev, skb);
2553 break;
2554
e36b04c8
JH		 2555 case HCI_OP_LE_SET_EVENT_MASK:
2556 hci_cc_le_set_event_mask(hdev, skb);
2557 break;
2558
a5c29683
JH		 2559 case HCI_OP_USER_CONFIRM_REPLY:
2560 hci_cc_user_confirm_reply(hdev, skb);
2561 break;
2562
2563 case HCI_OP_USER_CONFIRM_NEG_REPLY:
2564 hci_cc_user_confirm_neg_reply(hdev, skb);
2565 break;
2566
1143d458
BG		 2567 case HCI_OP_USER_PASSKEY_REPLY:
2568 hci_cc_user_passkey_reply(hdev, skb);
2569 break;
2570
2571 case HCI_OP_USER_PASSKEY_NEG_REPLY:
2572 hci_cc_user_passkey_neg_reply(hdev, skb);
16cde993 2573 break;
07f7fa5d
AG		 2574
2575 case HCI_OP_LE_SET_SCAN_PARAM:
2576 hci_cc_le_set_scan_param(hdev, skb);
1143d458
BG		 2577 break;
2578
eb9d91f5
AG		 2579 case HCI_OP_LE_SET_SCAN_ENABLE:
2580 hci_cc_le_set_scan_enable(hdev, skb);
2581 break;
2582
a7a595f6
VCG		 2583 case HCI_OP_LE_LTK_REPLY:
2584 hci_cc_le_ltk_reply(hdev, skb);
2585 break;
2586
2587 case HCI_OP_LE_LTK_NEG_REPLY:
2588 hci_cc_le_ltk_neg_reply(hdev, skb);
2589 break;
2590
f9b49306
AG		 2591 case HCI_OP_WRITE_LE_HOST_SUPPORTED:
2592 hci_cc_write_le_host_supported(hdev, skb);
2593 break;
2594
93c284ee
AE		 2595 case HCI_OP_WRITE_REMOTE_AMP_ASSOC:
2596 hci_cc_write_remote_amp_assoc(hdev, skb);
2597 break;
2598
a9de9248 2599 default:
9f1db00c 2600 BT_DBG("%s opcode 0x%4.4x", hdev->name, opcode);
a9de9248
MH		 2601 break;
2602 }
2603
6bd32326
VT		 2604 if (ev->opcode != HCI_OP_NOP)
2605 del_timer(&hdev->cmd_timer);
2606
a9de9248
MH		 2607 if (ev->ncmd) {
2608 atomic_set(&hdev->cmd_cnt, 1);
2609 if (!skb_queue_empty(&hdev->cmd_q))
c347b765 2610 queue_work(hdev->workqueue, &hdev->cmd_work);
a9de9248
MH		 2611 }
2612}
2613
6039aa73 2614static void hci_cmd_status_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248
MH		 2615{
2616 struct hci_ev_cmd_status *ev = (void *) skb->data;
2617 __u16 opcode;
2618
2619 skb_pull(skb, sizeof(*ev));
2620
2621 opcode = __le16_to_cpu(ev->opcode);
2622
2623 switch (opcode) {
2624 case HCI_OP_INQUIRY:
2625 hci_cs_inquiry(hdev, ev->status);
2626 break;
2627
2628 case HCI_OP_CREATE_CONN:
2629 hci_cs_create_conn(hdev, ev->status);
2630 break;
2631
2632 case HCI_OP_ADD_SCO:
2633 hci_cs_add_sco(hdev, ev->status);
2634 break;
2635
f8558555
MH		 2636 case HCI_OP_AUTH_REQUESTED:
2637 hci_cs_auth_requested(hdev, ev->status);
2638 break;
2639
2640 case HCI_OP_SET_CONN_ENCRYPT:
2641 hci_cs_set_conn_encrypt(hdev, ev->status);
2642 break;
2643
a9de9248
MH		 2644 case HCI_OP_REMOTE_NAME_REQ:
2645 hci_cs_remote_name_req(hdev, ev->status);
2646 break;
2647
769be974
MH		 2648 case HCI_OP_READ_REMOTE_FEATURES:
2649 hci_cs_read_remote_features(hdev, ev->status);
2650 break;
2651
2652 case HCI_OP_READ_REMOTE_EXT_FEATURES:
2653 hci_cs_read_remote_ext_features(hdev, ev->status);
2654 break;
2655
a9de9248
MH		 2656 case HCI_OP_SETUP_SYNC_CONN:
2657 hci_cs_setup_sync_conn(hdev, ev->status);
2658 break;
2659
2660 case HCI_OP_SNIFF_MODE:
2661 hci_cs_sniff_mode(hdev, ev->status);
2662 break;
2663
2664 case HCI_OP_EXIT_SNIFF_MODE:
2665 hci_cs_exit_sniff_mode(hdev, ev->status);
2666 break;
2667
8962ee74 2668 case HCI_OP_DISCONNECT:
88c3df13 2669 hci_cs_disconnect(hdev, ev->status);
8962ee74
JH		 2670 break;
2671
fcd89c09
VT		 2672 case HCI_OP_LE_CREATE_CONN:
2673 hci_cs_le_create_conn(hdev, ev->status);
2674 break;
2675
a7a595f6
VCG		 2676 case HCI_OP_LE_START_ENC:
2677 hci_cs_le_start_enc(hdev, ev->status);
2678 break;
2679
a02226d6
AE		 2680 case HCI_OP_CREATE_PHY_LINK:
2681 hci_cs_create_phylink(hdev, ev->status);
2682 break;
2683
0b26ab9d
AE		 2684 case HCI_OP_ACCEPT_PHY_LINK:
2685 hci_cs_accept_phylink(hdev, ev->status);
2686 break;
2687
5ce66b59
AE		 2688 case HCI_OP_CREATE_LOGICAL_LINK:
2689 hci_cs_create_logical_link(hdev, ev->status);
2690 break;
2691
a9de9248 2692 default:
9f1db00c 2693 BT_DBG("%s opcode 0x%4.4x", hdev->name, opcode);
a9de9248
MH		 2694 break;
2695 }
2696
6bd32326
VT		 2697 if (ev->opcode != HCI_OP_NOP)
2698 del_timer(&hdev->cmd_timer);
2699
10572132 2700 if (ev->ncmd && !test_bit(HCI_RESET, &hdev->flags)) {
a9de9248
MH		 2701 atomic_set(&hdev->cmd_cnt, 1);
2702 if (!skb_queue_empty(&hdev->cmd_q))
c347b765 2703 queue_work(hdev->workqueue, &hdev->cmd_work);
a9de9248
MH		 2704 }
2705}
2706
6039aa73 2707static void hci_role_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248
MH		 2708{
2709 struct hci_ev_role_change *ev = (void *) skb->data;
2710 struct hci_conn *conn;
2711
9f1db00c 2712 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
a9de9248
MH		 2713
2714 hci_dev_lock(hdev);
2715
2716 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2717 if (conn) {
2718 if (!ev->status) {
2719 if (ev->role)
2720 conn->link_mode &= ~HCI_LM_MASTER;
2721 else
2722 conn->link_mode |= HCI_LM_MASTER;
2723 }
2724
51a8efd7 2725 clear_bit(HCI_CONN_RSWITCH_PEND, &conn->flags);
a9de9248
MH		 2726
2727 hci_role_switch_cfm(conn, ev->status, ev->role);
2728 }
2729
2730 hci_dev_unlock(hdev);
2731}
2732
6039aa73 2733static void hci_num_comp_pkts_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248
MH		 2734{
2735 struct hci_ev_num_comp_pkts *ev = (void *) skb->data;
a9de9248
MH		 2736 int i;
2737
32ac5b9b
AE		 2738 if (hdev->flow_ctl_mode != HCI_FLOW_CTL_MODE_PACKET_BASED) {
2739 BT_ERR("Wrong event for mode %d", hdev->flow_ctl_mode);
2740 return;
2741 }
2742
c5993de8 2743 if (skb->len < sizeof(*ev) || skb->len < sizeof(*ev) +
807deac2 2744 ev->num_hndl * sizeof(struct hci_comp_pkts_info)) {
a9de9248
MH		 2745 BT_DBG("%s bad parameters", hdev->name);
2746 return;
2747 }
2748
c5993de8
AE		 2749 BT_DBG("%s num_hndl %d", hdev->name, ev->num_hndl);
2750
613a1c0c
AE		 2751 for (i = 0; i < ev->num_hndl; i++) {
2752 struct hci_comp_pkts_info *info = &ev->handles[i];
a9de9248
MH		 2753 struct hci_conn *conn;
2754 __u16 handle, count;
2755
613a1c0c
AE		 2756 handle = __le16_to_cpu(info->handle);
2757 count = __le16_to_cpu(info->count);
a9de9248
MH		 2758
2759 conn = hci_conn_hash_lookup_handle(hdev, handle);
f4280918
AE		 2760 if (!conn)
2761 continue;
2762
2763 conn->sent -= count;
2764
2765 switch (conn->type) {
2766 case ACL_LINK:
2767 hdev->acl_cnt += count;
2768 if (hdev->acl_cnt > hdev->acl_pkts)
2769 hdev->acl_cnt = hdev->acl_pkts;
2770 break;
2771
2772 case LE_LINK:
2773 if (hdev->le_pkts) {
2774 hdev->le_cnt += count;
2775 if (hdev->le_cnt > hdev->le_pkts)
2776 hdev->le_cnt = hdev->le_pkts;
2777 } else {
70f23020
AE		 2778 hdev->acl_cnt += count;
2779 if (hdev->acl_cnt > hdev->acl_pkts)
a9de9248 2780 hdev->acl_cnt = hdev->acl_pkts;
a9de9248 2781 }
f4280918
AE		 2782 break;
2783
2784 case SCO_LINK:
2785 hdev->sco_cnt += count;
2786 if (hdev->sco_cnt > hdev->sco_pkts)
2787 hdev->sco_cnt = hdev->sco_pkts;
2788 break;
2789
2790 default:
2791 BT_ERR("Unknown type %d conn %p", conn->type, conn);
2792 break;
a9de9248
MH		 2793 }
2794 }
2795
3eff45ea 2796 queue_work(hdev->workqueue, &hdev->tx_work);
a9de9248
MH		 2797}
2798
76ef7cf7
AE		 2799static struct hci_conn *__hci_conn_lookup_handle(struct hci_dev *hdev,
2800 __u16 handle)
2801{
2802 struct hci_chan *chan;
2803
2804 switch (hdev->dev_type) {
2805 case HCI_BREDR:
2806 return hci_conn_hash_lookup_handle(hdev, handle);
2807 case HCI_AMP:
2808 chan = hci_chan_lookup_handle(hdev, handle);
2809 if (chan)
2810 return chan->conn;
2811 break;
2812 default:
2813 BT_ERR("%s unknown dev_type %d", hdev->name, hdev->dev_type);
2814 break;
2815 }
2816
2817 return NULL;
2818}
2819
6039aa73 2820static void hci_num_comp_blocks_evt(struct hci_dev *hdev, struct sk_buff *skb)
25e89e99
AE		 2821{
2822 struct hci_ev_num_comp_blocks *ev = (void *) skb->data;
2823 int i;
2824
2825 if (hdev->flow_ctl_mode != HCI_FLOW_CTL_MODE_BLOCK_BASED) {
2826 BT_ERR("Wrong event for mode %d", hdev->flow_ctl_mode);
2827 return;
2828 }
2829
2830 if (skb->len < sizeof(*ev) || skb->len < sizeof(*ev) +
807deac2 2831 ev->num_hndl * sizeof(struct hci_comp_blocks_info)) {
25e89e99
AE		 2832 BT_DBG("%s bad parameters", hdev->name);
2833 return;
2834 }
2835
2836 BT_DBG("%s num_blocks %d num_hndl %d", hdev->name, ev->num_blocks,
807deac2 2837 ev->num_hndl);
25e89e99
AE		 2838
2839 for (i = 0; i < ev->num_hndl; i++) {
2840 struct hci_comp_blocks_info *info = &ev->handles[i];
76ef7cf7 2841 struct hci_conn *conn = NULL;
25e89e99
AE		 2842 __u16 handle, block_count;
2843
2844 handle = __le16_to_cpu(info->handle);
2845 block_count = __le16_to_cpu(info->blocks);
2846
76ef7cf7 2847 conn = __hci_conn_lookup_handle(hdev, handle);
25e89e99
AE		 2848 if (!conn)
2849 continue;
2850
2851 conn->sent -= block_count;
2852
2853 switch (conn->type) {
2854 case ACL_LINK:
bd1eb66b 2855 case AMP_LINK:
25e89e99
AE		 2856 hdev->block_cnt += block_count;
2857 if (hdev->block_cnt > hdev->num_blocks)
2858 hdev->block_cnt = hdev->num_blocks;
2859 break;
2860
2861 default:
2862 BT_ERR("Unknown type %d conn %p", conn->type, conn);
2863 break;
2864 }
2865 }
2866
2867 queue_work(hdev->workqueue, &hdev->tx_work);
2868}
2869
6039aa73 2870static void hci_mode_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
04837f64 2871{
a9de9248 2872 struct hci_ev_mode_change *ev = (void *) skb->data;
04837f64
MH		 2873 struct hci_conn *conn;
2874
9f1db00c 2875 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
04837f64
MH		 2876
2877 hci_dev_lock(hdev);
2878
2879 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
a9de9248
MH		 2880 if (conn) {
2881 conn->mode = ev->mode;
2882 conn->interval = __le16_to_cpu(ev->interval);
2883
8fc9ced3
GP		 2884 if (!test_and_clear_bit(HCI_CONN_MODE_CHANGE_PEND,
2885 &conn->flags)) {
a9de9248 2886 if (conn->mode == HCI_CM_ACTIVE)
58a681ef 2887 set_bit(HCI_CONN_POWER_SAVE, &conn->flags);
a9de9248 2888 else
58a681ef 2889 clear_bit(HCI_CONN_POWER_SAVE, &conn->flags);
a9de9248 2890 }
e73439d8 2891
51a8efd7 2892 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
e73439d8 2893 hci_sco_setup(conn, ev->status);
04837f64
MH		 2894 }
2895
2896 hci_dev_unlock(hdev);
2897}
2898
6039aa73 2899static void hci_pin_code_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248 2900{
052b30b0
MH		 2901 struct hci_ev_pin_code_req *ev = (void *) skb->data;
2902 struct hci_conn *conn;
2903
a9de9248 2904 BT_DBG("%s", hdev->name);
052b30b0
MH		 2905
2906 hci_dev_lock(hdev);
2907
2908 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
b6f98044
WR		 2909 if (!conn)
2910 goto unlock;
2911
2912 if (conn->state == BT_CONNECTED) {
052b30b0
MH		 2913 hci_conn_hold(conn);
2914 conn->disc_timeout = HCI_PAIRING_TIMEOUT;
2915 hci_conn_put(conn);
2916 }
2917
a8b2d5c2 2918 if (!test_bit(HCI_PAIRABLE, &hdev->dev_flags))
03b555e1 2919 hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
807deac2 2920 sizeof(ev->bdaddr), &ev->bdaddr);
a8b2d5c2 2921 else if (test_bit(HCI_MGMT, &hdev->dev_flags)) {
a770bb5a
WR		 2922 u8 secure;
2923
2924 if (conn->pending_sec_level == BT_SECURITY_HIGH)
2925 secure = 1;
2926 else
2927 secure = 0;
2928
744cf19e 2929 mgmt_pin_code_request(hdev, &ev->bdaddr, secure);
a770bb5a 2930 }
980e1a53 2931
b6f98044 2932unlock:
052b30b0 2933 hci_dev_unlock(hdev);
a9de9248
MH		 2934}
2935
6039aa73 2936static void hci_link_key_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248 2937{
55ed8ca1
JH		 2938 struct hci_ev_link_key_req *ev = (void *) skb->data;
2939 struct hci_cp_link_key_reply cp;
2940 struct hci_conn *conn;
2941 struct link_key *key;
2942
a9de9248 2943 BT_DBG("%s", hdev->name);
55ed8ca1 2944
a8b2d5c2 2945 if (!test_bit(HCI_LINK_KEYS, &hdev->dev_flags))
55ed8ca1
JH		 2946 return;
2947
2948 hci_dev_lock(hdev);
2949
2950 key = hci_find_link_key(hdev, &ev->bdaddr);
2951 if (!key) {
6ed93dc6
AE		 2952 BT_DBG("%s link key not found for %pMR", hdev->name,
2953 &ev->bdaddr);
55ed8ca1
JH		 2954 goto not_found;
2955 }
2956
6ed93dc6
AE		 2957 BT_DBG("%s found key type %u for %pMR", hdev->name, key->type,
2958 &ev->bdaddr);
55ed8ca1 2959
a8b2d5c2 2960 if (!test_bit(HCI_DEBUG_KEYS, &hdev->dev_flags) &&
807deac2 2961 key->type == HCI_LK_DEBUG_COMBINATION) {
55ed8ca1
JH		 2962 BT_DBG("%s ignoring debug key", hdev->name);
2963 goto not_found;
2964 }
2965
2966 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
60b83f57
WR		 2967 if (conn) {
2968 if (key->type == HCI_LK_UNAUTH_COMBINATION &&
807deac2 2969 conn->auth_type != 0xff && (conn->auth_type & 0x01)) {
60b83f57
WR		 2970 BT_DBG("%s ignoring unauthenticated key", hdev->name);
2971 goto not_found;
2972 }
55ed8ca1 2973
60b83f57 2974 if (key->type == HCI_LK_COMBINATION && key->pin_len < 16 &&
807deac2 2975 conn->pending_sec_level == BT_SECURITY_HIGH) {
8fc9ced3
GP		 2976 BT_DBG("%s ignoring key unauthenticated for high security",
2977 hdev->name);
60b83f57
WR		 2978 goto not_found;
2979 }
2980
2981 conn->key_type = key->type;
2982 conn->pin_length = key->pin_len;
55ed8ca1
JH		 2983 }
2984
2985 bacpy(&cp.bdaddr, &ev->bdaddr);
9b3b4460 2986 memcpy(cp.link_key, key->val, HCI_LINK_KEY_SIZE);
55ed8ca1
JH		 2987
2988 hci_send_cmd(hdev, HCI_OP_LINK_KEY_REPLY, sizeof(cp), &cp);
2989
2990 hci_dev_unlock(hdev);
2991
2992 return;
2993
2994not_found:
2995 hci_send_cmd(hdev, HCI_OP_LINK_KEY_NEG_REPLY, 6, &ev->bdaddr);
2996 hci_dev_unlock(hdev);
a9de9248
MH		 2997}
2998
6039aa73 2999static void hci_link_key_notify_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248 3000{
052b30b0
MH		 3001 struct hci_ev_link_key_notify *ev = (void *) skb->data;
3002 struct hci_conn *conn;
55ed8ca1 3003 u8 pin_len = 0;
052b30b0 3004
a9de9248 3005 BT_DBG("%s", hdev->name);
052b30b0
MH		 3006
3007 hci_dev_lock(hdev);
3008
3009 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3010 if (conn) {
3011 hci_conn_hold(conn);
3012 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
980e1a53 3013 pin_len = conn->pin_length;
13d39315
WR		 3014
3015 if (ev->key_type != HCI_LK_CHANGED_COMBINATION)
3016 conn->key_type = ev->key_type;
3017
052b30b0
MH		 3018 hci_conn_put(conn);
3019 }
3020
a8b2d5c2 3021 if (test_bit(HCI_LINK_KEYS, &hdev->dev_flags))
d25e28ab 3022 hci_add_link_key(hdev, conn, 1, &ev->bdaddr, ev->link_key,
807deac2 3023 ev->key_type, pin_len);
55ed8ca1 3024
052b30b0 3025 hci_dev_unlock(hdev);
a9de9248
MH		 3026}
3027
6039aa73 3028static void hci_clock_offset_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 3029{
a9de9248 3030 struct hci_ev_clock_offset *ev = (void *) skb->data;
04837f64 3031 struct hci_conn *conn;
1da177e4 3032
9f1db00c 3033 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
1da177e4
LT		 3034
3035 hci_dev_lock(hdev);
3036
04837f64 3037 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1da177e4
LT		 3038 if (conn && !ev->status) {
3039 struct inquiry_entry *ie;
3040
cc11b9c1
AE		 3041 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
3042 if (ie) {
1da177e4
LT		 3043 ie->data.clock_offset = ev->clock_offset;
3044 ie->timestamp = jiffies;
3045 }
3046 }
3047
3048 hci_dev_unlock(hdev);
3049}
3050
6039aa73 3051static void hci_pkt_type_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
a8746417
MH		 3052{
3053 struct hci_ev_pkt_type_change *ev = (void *) skb->data;
3054 struct hci_conn *conn;
3055
9f1db00c 3056 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
a8746417
MH		 3057
3058 hci_dev_lock(hdev);
3059
3060 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
3061 if (conn && !ev->status)
3062 conn->pkt_type = __le16_to_cpu(ev->pkt_type);
3063
3064 hci_dev_unlock(hdev);
3065}
3066
6039aa73 3067static void hci_pscan_rep_mode_evt(struct hci_dev *hdev, struct sk_buff *skb)
85a1e930 3068{
a9de9248 3069 struct hci_ev_pscan_rep_mode *ev = (void *) skb->data;
85a1e930
MH		 3070 struct inquiry_entry *ie;
3071
3072 BT_DBG("%s", hdev->name);
3073
3074 hci_dev_lock(hdev);
3075
cc11b9c1
AE		 3076 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
3077 if (ie) {
85a1e930
MH		 3078 ie->data.pscan_rep_mode = ev->pscan_rep_mode;
3079 ie->timestamp = jiffies;
3080 }
3081
3082 hci_dev_unlock(hdev);
3083}
3084
6039aa73
GP		 3085static void hci_inquiry_result_with_rssi_evt(struct hci_dev *hdev,
3086 struct sk_buff *skb)
a9de9248
MH		 3087{
3088 struct inquiry_data data;
3089 int num_rsp = *((__u8 *) skb->data);
388fc8fa 3090 bool name_known, ssp;
a9de9248
MH		 3091
3092 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
3093
3094 if (!num_rsp)
3095 return;
3096
1519cc17
AG		 3097 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags))
3098 return;
3099
a9de9248
MH		 3100 hci_dev_lock(hdev);
3101
3102 if ((skb->len - 1) / num_rsp != sizeof(struct inquiry_info_with_rssi)) {
138d22ef
SJ		 3103 struct inquiry_info_with_rssi_and_pscan_mode *info;
3104 info = (void *) (skb->data + 1);
a9de9248 3105
e17acd40 3106 for (; num_rsp; num_rsp--, info++) {
a9de9248
MH		 3107 bacpy(&data.bdaddr, &info->bdaddr);
3108 data.pscan_rep_mode = info->pscan_rep_mode;
3109 data.pscan_period_mode = info->pscan_period_mode;
3110 data.pscan_mode = info->pscan_mode;
3111 memcpy(data.dev_class, info->dev_class, 3);
3112 data.clock_offset = info->clock_offset;
3113 data.rssi = info->rssi;
41a96212 3114 data.ssp_mode = 0x00;
3175405b
JH		 3115
3116 name_known = hci_inquiry_cache_update(hdev, &data,
04124681 3117 false, &ssp);
48264f06 3118 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
04124681
GP		 3119 info->dev_class, info->rssi,
3120 !name_known, ssp, NULL, 0);
a9de9248
MH		 3121 }
3122 } else {
3123 struct inquiry_info_with_rssi *info = (void *) (skb->data + 1);
3124
e17acd40 3125 for (; num_rsp; num_rsp--, info++) {
a9de9248
MH		 3126 bacpy(&data.bdaddr, &info->bdaddr);
3127 data.pscan_rep_mode = info->pscan_rep_mode;
3128 data.pscan_period_mode = info->pscan_period_mode;
3129 data.pscan_mode = 0x00;
3130 memcpy(data.dev_class, info->dev_class, 3);
3131 data.clock_offset = info->clock_offset;
3132 data.rssi = info->rssi;
41a96212 3133 data.ssp_mode = 0x00;
3175405b 3134 name_known = hci_inquiry_cache_update(hdev, &data,
04124681 3135 false, &ssp);
48264f06 3136 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
04124681
GP		 3137 info->dev_class, info->rssi,
3138 !name_known, ssp, NULL, 0);
a9de9248
MH		 3139 }
3140 }
3141
3142 hci_dev_unlock(hdev);
3143}
3144
6039aa73
GP		 3145static void hci_remote_ext_features_evt(struct hci_dev *hdev,
3146 struct sk_buff *skb)
a9de9248 3147{
41a96212
MH		 3148 struct hci_ev_remote_ext_features *ev = (void *) skb->data;
3149 struct hci_conn *conn;
3150
a9de9248 3151 BT_DBG("%s", hdev->name);
41a96212 3152
41a96212
MH		 3153 hci_dev_lock(hdev);
3154
3155 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
ccd556fe
JH		 3156 if (!conn)
3157 goto unlock;
41a96212 3158
ccd556fe
JH		 3159 if (!ev->status && ev->page == 0x01) {
3160 struct inquiry_entry *ie;
41a96212 3161
cc11b9c1
AE		 3162 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
3163 if (ie)
02b7cc62 3164 ie->data.ssp_mode = (ev->features[0] & LMP_HOST_SSP);
769be974 3165
02b7cc62 3166 if (ev->features[0] & LMP_HOST_SSP)
58a681ef 3167 set_bit(HCI_CONN_SSP_ENABLED, &conn->flags);
ccd556fe
JH		 3168 }
3169
3170 if (conn->state != BT_CONFIG)
3171 goto unlock;
3172
671267bf 3173 if (!ev->status && !test_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags)) {
127178d2
JH		 3174 struct hci_cp_remote_name_req cp;
3175 memset(&cp, 0, sizeof(cp));
3176 bacpy(&cp.bdaddr, &conn->dst);
3177 cp.pscan_rep_mode = 0x02;
3178 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
b644ba33
JH		 3179 } else if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
3180 mgmt_device_connected(hdev, &conn->dst, conn->type,
04124681
GP		 3181 conn->dst_type, 0, NULL, 0,
3182 conn->dev_class);
392599b9 3183
127178d2 3184 if (!hci_outgoing_auth_needed(hdev, conn)) {
ccd556fe
JH		 3185 conn->state = BT_CONNECTED;
3186 hci_proto_connect_cfm(conn, ev->status);
3187 hci_conn_put(conn);
41a96212
MH		 3188 }
3189
ccd556fe 3190unlock:
41a96212 3191 hci_dev_unlock(hdev);
a9de9248
MH		 3192}
3193
6039aa73
GP		 3194static void hci_sync_conn_complete_evt(struct hci_dev *hdev,
3195 struct sk_buff *skb)
a9de9248 3196{
b6a0dc82
MH		 3197 struct hci_ev_sync_conn_complete *ev = (void *) skb->data;
3198 struct hci_conn *conn;
3199
9f1db00c 3200 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
b6a0dc82
MH		 3201
3202 hci_dev_lock(hdev);
3203
3204 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
9dc0a3af
MH		 3205 if (!conn) {
3206 if (ev->link_type == ESCO_LINK)
3207 goto unlock;
3208
3209 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
3210 if (!conn)
3211 goto unlock;
3212
3213 conn->type = SCO_LINK;
3214 }
b6a0dc82 3215
732547f9
MH		 3216 switch (ev->status) {
3217 case 0x00:
b6a0dc82
MH		 3218 conn->handle = __le16_to_cpu(ev->handle);
3219 conn->state = BT_CONNECTED;
7d0db0a3 3220
9eba32b8 3221 hci_conn_hold_device(conn);
7d0db0a3 3222 hci_conn_add_sysfs(conn);
732547f9
MH		 3223 break;
3224
705e5711 3225 case 0x11: /* Unsupported Feature or Parameter Value */
732547f9 3226 case 0x1c: /* SCO interval rejected */
1038a00b 3227 case 0x1a: /* Unsupported Remote Feature */
732547f9
MH		 3228 case 0x1f: /* Unspecified error */
3229 if (conn->out && conn->attempt < 2) {
3230 conn->pkt_type = (hdev->esco_type & SCO_ESCO_MASK) |
3231 (hdev->esco_type & EDR_ESCO_MASK);
3232 hci_setup_sync(conn, conn->link->handle);
3233 goto unlock;
3234 }
3235 /* fall through */
3236
3237 default:
b6a0dc82 3238 conn->state = BT_CLOSED;
732547f9
MH		 3239 break;
3240 }
b6a0dc82
MH		 3241
3242 hci_proto_connect_cfm(conn, ev->status);
3243 if (ev->status)
3244 hci_conn_del(conn);
3245
3246unlock:
3247 hci_dev_unlock(hdev);
a9de9248
MH		 3248}
3249
6039aa73 3250static void hci_sync_conn_changed_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248
MH		 3251{
3252 BT_DBG("%s", hdev->name);
3253}
3254
6039aa73 3255static void hci_sniff_subrate_evt(struct hci_dev *hdev, struct sk_buff *skb)
04837f64 3256{
a9de9248 3257 struct hci_ev_sniff_subrate *ev = (void *) skb->data;
04837f64 3258
9f1db00c 3259 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
04837f64
MH		 3260}
3261
6039aa73
GP		 3262static void hci_extended_inquiry_result_evt(struct hci_dev *hdev,
3263 struct sk_buff *skb)
1da177e4 3264{
a9de9248
MH		 3265 struct inquiry_data data;
3266 struct extended_inquiry_info *info = (void *) (skb->data + 1);
3267 int num_rsp = *((__u8 *) skb->data);
9d939d94 3268 size_t eir_len;
1da177e4 3269
a9de9248 3270 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
1da177e4 3271
a9de9248
MH		 3272 if (!num_rsp)
3273 return;
1da177e4 3274
1519cc17
AG		 3275 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags))
3276 return;
3277
a9de9248
MH		 3278 hci_dev_lock(hdev);
3279
e17acd40 3280 for (; num_rsp; num_rsp--, info++) {
388fc8fa 3281 bool name_known, ssp;
561aafbc 3282
a9de9248 3283 bacpy(&data.bdaddr, &info->bdaddr);
138d22ef
SJ		 3284 data.pscan_rep_mode = info->pscan_rep_mode;
3285 data.pscan_period_mode = info->pscan_period_mode;
3286 data.pscan_mode = 0x00;
a9de9248 3287 memcpy(data.dev_class, info->dev_class, 3);
138d22ef
SJ		 3288 data.clock_offset = info->clock_offset;
3289 data.rssi = info->rssi;
41a96212 3290 data.ssp_mode = 0x01;
561aafbc 3291
a8b2d5c2 3292 if (test_bit(HCI_MGMT, &hdev->dev_flags))
4ddb1930 3293 name_known = eir_has_data_type(info->data,
04124681
GP		 3294 sizeof(info->data),
3295 EIR_NAME_COMPLETE);
561aafbc
JH		 3296 else
3297 name_known = true;
3298
388fc8fa 3299 name_known = hci_inquiry_cache_update(hdev, &data, name_known,
04124681 3300 &ssp);
9d939d94 3301 eir_len = eir_get_length(info->data, sizeof(info->data));
48264f06 3302 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
04124681 3303 info->dev_class, info->rssi, !name_known,
9d939d94 3304 ssp, info->data, eir_len);
a9de9248
MH		 3305 }
3306
3307 hci_dev_unlock(hdev);
3308}
1da177e4 3309
1c2e0041
JH		 3310static void hci_key_refresh_complete_evt(struct hci_dev *hdev,
3311 struct sk_buff *skb)
3312{
3313 struct hci_ev_key_refresh_complete *ev = (void *) skb->data;
3314 struct hci_conn *conn;
3315
9f1db00c 3316 BT_DBG("%s status 0x%2.2x handle 0x%4.4x", hdev->name, ev->status,
1c2e0041
JH		 3317 __le16_to_cpu(ev->handle));
3318
3319 hci_dev_lock(hdev);
3320
3321 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
3322 if (!conn)
3323 goto unlock;
3324
3325 if (!ev->status)
3326 conn->sec_level = conn->pending_sec_level;
3327
3328 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
3329
3330 if (ev->status && conn->state == BT_CONNECTED) {
3331 hci_acl_disconn(conn, HCI_ERROR_AUTH_FAILURE);
3332 hci_conn_put(conn);
3333 goto unlock;
3334 }
3335
3336 if (conn->state == BT_CONFIG) {
3337 if (!ev->status)
3338 conn->state = BT_CONNECTED;
3339
3340 hci_proto_connect_cfm(conn, ev->status);
3341 hci_conn_put(conn);
3342 } else {
3343 hci_auth_cfm(conn, ev->status);
3344
3345 hci_conn_hold(conn);
3346 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
3347 hci_conn_put(conn);
3348 }
3349
3350unlock:
3351 hci_dev_unlock(hdev);
3352}
3353
6039aa73 3354static u8 hci_get_auth_req(struct hci_conn *conn)
17fa4b9d
JH		 3355{
3356 /* If remote requests dedicated bonding follow that lead */
3357 if (conn->remote_auth == 0x02 || conn->remote_auth == 0x03) {
3358 /* If both remote and local IO capabilities allow MITM
3359 * protection then require it, otherwise don't */
3360 if (conn->remote_cap == 0x03 || conn->io_capability == 0x03)
3361 return 0x02;
3362 else
3363 return 0x03;
3364 }
3365
3366 /* If remote requests no-bonding follow that lead */
3367 if (conn->remote_auth == 0x00 || conn->remote_auth == 0x01)
58797bf7 3368 return conn->remote_auth | (conn->auth_type & 0x01);
17fa4b9d
JH		 3369
3370 return conn->auth_type;
3371}
3372
6039aa73 3373static void hci_io_capa_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
0493684e
MH		 3374{
3375 struct hci_ev_io_capa_request *ev = (void *) skb->data;
3376 struct hci_conn *conn;
3377
3378 BT_DBG("%s", hdev->name);
3379
3380 hci_dev_lock(hdev);
3381
3382 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
03b555e1
JH		 3383 if (!conn)
3384 goto unlock;
3385
3386 hci_conn_hold(conn);
3387
a8b2d5c2 3388 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
03b555e1
JH		 3389 goto unlock;
3390
a8b2d5c2 3391 if (test_bit(HCI_PAIRABLE, &hdev->dev_flags) ||
807deac2 3392 (conn->remote_auth & ~0x01) == HCI_AT_NO_BONDING) {
17fa4b9d
JH		 3393 struct hci_cp_io_capability_reply cp;
3394
3395 bacpy(&cp.bdaddr, &ev->bdaddr);
7a7f1e7c
HG		 3396 /* Change the IO capability from KeyboardDisplay
3397 * to DisplayYesNo as it is not supported by BT spec. */
3398 cp.capability = (conn->io_capability == 0x04) ?
3399 0x01 : conn->io_capability;
7cbc9bd9
JH		 3400 conn->auth_type = hci_get_auth_req(conn);
3401 cp.authentication = conn->auth_type;
17fa4b9d 3402
8fc9ced3
GP		 3403 if (hci_find_remote_oob_data(hdev, &conn->dst) &&
3404 (conn->out || test_bit(HCI_CONN_REMOTE_OOB, &conn->flags)))
ce85ee13
SJ		 3405 cp.oob_data = 0x01;
3406 else
3407 cp.oob_data = 0x00;
3408
17fa4b9d 3409 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_REPLY,
807deac2 3410 sizeof(cp), &cp);
03b555e1
JH		 3411 } else {
3412 struct hci_cp_io_capability_neg_reply cp;
3413
3414 bacpy(&cp.bdaddr, &ev->bdaddr);
9f5a0d7b 3415 cp.reason = HCI_ERROR_PAIRING_NOT_ALLOWED;
0493684e 3416
03b555e1 3417 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_NEG_REPLY,
807deac2 3418 sizeof(cp), &cp);
03b555e1
JH		 3419 }
3420
3421unlock:
3422 hci_dev_unlock(hdev);
3423}
3424
6039aa73 3425static void hci_io_capa_reply_evt(struct hci_dev *hdev, struct sk_buff *skb)
03b555e1
JH		 3426{
3427 struct hci_ev_io_capa_reply *ev = (void *) skb->data;
3428 struct hci_conn *conn;
3429
3430 BT_DBG("%s", hdev->name);
3431
3432 hci_dev_lock(hdev);
3433
3434 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3435 if (!conn)
3436 goto unlock;
3437
03b555e1 3438 conn->remote_cap = ev->capability;
03b555e1 3439 conn->remote_auth = ev->authentication;
58a681ef
JH		 3440 if (ev->oob_data)
3441 set_bit(HCI_CONN_REMOTE_OOB, &conn->flags);
03b555e1
JH		 3442
3443unlock:
0493684e
MH		 3444 hci_dev_unlock(hdev);
3445}
3446
6039aa73
GP		 3447static void hci_user_confirm_request_evt(struct hci_dev *hdev,
3448 struct sk_buff *skb)
a5c29683
JH		 3449{
3450 struct hci_ev_user_confirm_req *ev = (void *) skb->data;
55bc1a37 3451 int loc_mitm, rem_mitm, confirm_hint = 0;
7a828908 3452 struct hci_conn *conn;
a5c29683
JH		 3453
3454 BT_DBG("%s", hdev->name);
3455
3456 hci_dev_lock(hdev);
3457
a8b2d5c2 3458 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
7a828908 3459 goto unlock;
a5c29683 3460
7a828908
JH		 3461 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3462 if (!conn)
3463 goto unlock;
3464
3465 loc_mitm = (conn->auth_type & 0x01);
3466 rem_mitm = (conn->remote_auth & 0x01);
3467
3468 /* If we require MITM but the remote device can't provide that
3469 * (it has NoInputNoOutput) then reject the confirmation
3470 * request. The only exception is when we're dedicated bonding
3471 * initiators (connect_cfm_cb set) since then we always have the MITM
3472 * bit set. */
3473 if (!conn->connect_cfm_cb && loc_mitm && conn->remote_cap == 0x03) {
3474 BT_DBG("Rejecting request: remote device can't provide MITM");
3475 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_NEG_REPLY,
807deac2 3476 sizeof(ev->bdaddr), &ev->bdaddr);
7a828908
JH		 3477 goto unlock;
3478 }
3479
3480 /* If no side requires MITM protection; auto-accept */
3481 if ((!loc_mitm || conn->remote_cap == 0x03) &&
807deac2 3482 (!rem_mitm || conn->io_capability == 0x03)) {
55bc1a37
JH		 3483
3484 /* If we're not the initiators request authorization to
3485 * proceed from user space (mgmt_user_confirm with
3486 * confirm_hint set to 1). */
51a8efd7 3487 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
55bc1a37
JH		 3488 BT_DBG("Confirming auto-accept as acceptor");
3489 confirm_hint = 1;
3490 goto confirm;
3491 }
3492
9f61656a 3493 BT_DBG("Auto-accept of user confirmation with %ums delay",
807deac2 3494 hdev->auto_accept_delay);
9f61656a
JH		 3495
3496 if (hdev->auto_accept_delay > 0) {
3497 int delay = msecs_to_jiffies(hdev->auto_accept_delay);
3498 mod_timer(&conn->auto_accept_timer, jiffies + delay);
3499 goto unlock;
3500 }
3501
7a828908 3502 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_REPLY,
807deac2 3503 sizeof(ev->bdaddr), &ev->bdaddr);
7a828908
JH		 3504 goto unlock;
3505 }
3506
55bc1a37 3507confirm:
272d90df 3508 mgmt_user_confirm_request(hdev, &ev->bdaddr, ACL_LINK, 0, ev->passkey,
04124681 3509 confirm_hint);
7a828908
JH		 3510
3511unlock:
a5c29683
JH		 3512 hci_dev_unlock(hdev);
3513}
3514
6039aa73
GP		 3515static void hci_user_passkey_request_evt(struct hci_dev *hdev,
3516 struct sk_buff *skb)
1143d458
BG		 3517{
3518 struct hci_ev_user_passkey_req *ev = (void *) skb->data;
3519
3520 BT_DBG("%s", hdev->name);
3521
a8b2d5c2 3522 if (test_bit(HCI_MGMT, &hdev->dev_flags))
272d90df 3523 mgmt_user_passkey_request(hdev, &ev->bdaddr, ACL_LINK, 0);
1143d458
BG		 3524}
3525
92a25256
JH		 3526static void hci_user_passkey_notify_evt(struct hci_dev *hdev,
3527 struct sk_buff *skb)
3528{
3529 struct hci_ev_user_passkey_notify *ev = (void *) skb->data;
3530 struct hci_conn *conn;
3531
3532 BT_DBG("%s", hdev->name);
3533
3534 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3535 if (!conn)
3536 return;
3537
3538 conn->passkey_notify = __le32_to_cpu(ev->passkey);
3539 conn->passkey_entered = 0;
3540
3541 if (test_bit(HCI_MGMT, &hdev->dev_flags))
3542 mgmt_user_passkey_notify(hdev, &conn->dst, conn->type,
3543 conn->dst_type, conn->passkey_notify,
3544 conn->passkey_entered);
3545}
3546
3547static void hci_keypress_notify_evt(struct hci_dev *hdev, struct sk_buff *skb)
3548{
3549 struct hci_ev_keypress_notify *ev = (void *) skb->data;
3550 struct hci_conn *conn;
3551
3552 BT_DBG("%s", hdev->name);
3553
3554 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3555 if (!conn)
3556 return;
3557
3558 switch (ev->type) {
3559 case HCI_KEYPRESS_STARTED:
3560 conn->passkey_entered = 0;
3561 return;
3562
3563 case HCI_KEYPRESS_ENTERED:
3564 conn->passkey_entered++;
3565 break;
3566
3567 case HCI_KEYPRESS_ERASED:
3568 conn->passkey_entered--;
3569 break;
3570
3571 case HCI_KEYPRESS_CLEARED:
3572 conn->passkey_entered = 0;
3573 break;
3574
3575 case HCI_KEYPRESS_COMPLETED:
3576 return;
3577 }
3578
3579 if (test_bit(HCI_MGMT, &hdev->dev_flags))
3580 mgmt_user_passkey_notify(hdev, &conn->dst, conn->type,
3581 conn->dst_type, conn->passkey_notify,
3582 conn->passkey_entered);
3583}
3584
6039aa73
GP		 3585static void hci_simple_pair_complete_evt(struct hci_dev *hdev,
3586 struct sk_buff *skb)
0493684e
MH		 3587{
3588 struct hci_ev_simple_pair_complete *ev = (void *) skb->data;
3589 struct hci_conn *conn;
3590
3591 BT_DBG("%s", hdev->name);
3592
3593 hci_dev_lock(hdev);
3594
3595 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2a611692
JH		 3596 if (!conn)
3597 goto unlock;
3598
3599 /* To avoid duplicate auth_failed events to user space we check
3600 * the HCI_CONN_AUTH_PEND flag which will be set if we
3601 * initiated the authentication. A traditional auth_complete
3602 * event gets always produced as initiator and is also mapped to
3603 * the mgmt_auth_failed event */
fa1bd918 3604 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->flags) && ev->status)
bab73cb6 3605 mgmt_auth_failed(hdev, &conn->dst, conn->type, conn->dst_type,
04124681 3606 ev->status);
0493684e 3607
2a611692
JH		 3608 hci_conn_put(conn);
3609
3610unlock:
0493684e
MH		 3611 hci_dev_unlock(hdev);
3612}
3613
6039aa73
GP		 3614static void hci_remote_host_features_evt(struct hci_dev *hdev,
3615 struct sk_buff *skb)
41a96212
MH		 3616{
3617 struct hci_ev_remote_host_features *ev = (void *) skb->data;
3618 struct inquiry_entry *ie;
3619
3620 BT_DBG("%s", hdev->name);
3621
3622 hci_dev_lock(hdev);
3623
cc11b9c1
AE		 3624 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
3625 if (ie)
02b7cc62 3626 ie->data.ssp_mode = (ev->features[0] & LMP_HOST_SSP);
41a96212
MH		 3627
3628 hci_dev_unlock(hdev);
3629}
3630
6039aa73
GP		 3631static void hci_remote_oob_data_request_evt(struct hci_dev *hdev,
3632 struct sk_buff *skb)
2763eda6
SJ		 3633{
3634 struct hci_ev_remote_oob_data_request *ev = (void *) skb->data;
3635 struct oob_data *data;
3636
3637 BT_DBG("%s", hdev->name);
3638
3639 hci_dev_lock(hdev);
3640
a8b2d5c2 3641 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
e1ba1f15
SJ		 3642 goto unlock;
3643
2763eda6
SJ		 3644 data = hci_find_remote_oob_data(hdev, &ev->bdaddr);
3645 if (data) {
3646 struct hci_cp_remote_oob_data_reply cp;
3647
3648 bacpy(&cp.bdaddr, &ev->bdaddr);
3649 memcpy(cp.hash, data->hash, sizeof(cp.hash));
3650 memcpy(cp.randomizer, data->randomizer, sizeof(cp.randomizer));
3651
3652 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_REPLY, sizeof(cp),
807deac2 3653 &cp);
2763eda6
SJ		 3654 } else {
3655 struct hci_cp_remote_oob_data_neg_reply cp;
3656
3657 bacpy(&cp.bdaddr, &ev->bdaddr);
3658 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_NEG_REPLY, sizeof(cp),
807deac2 3659 &cp);
2763eda6
SJ		 3660 }
3661
e1ba1f15 3662unlock:
2763eda6
SJ		 3663 hci_dev_unlock(hdev);
3664}
3665
d5e91192
AE		 3666static void hci_phy_link_complete_evt(struct hci_dev *hdev,
3667 struct sk_buff *skb)
3668{
3669 struct hci_ev_phy_link_complete *ev = (void *) skb->data;
3670 struct hci_conn *hcon, *bredr_hcon;
3671
3672 BT_DBG("%s handle 0x%2.2x status 0x%2.2x", hdev->name, ev->phy_handle,
3673 ev->status);
3674
3675 hci_dev_lock(hdev);
3676
3677 hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
3678 if (!hcon) {
3679 hci_dev_unlock(hdev);
3680 return;
3681 }
3682
3683 if (ev->status) {
3684 hci_conn_del(hcon);
3685 hci_dev_unlock(hdev);
3686 return;
3687 }
3688
3689 bredr_hcon = hcon->amp_mgr->l2cap_conn->hcon;
3690
3691 hcon->state = BT_CONNECTED;
3692 bacpy(&hcon->dst, &bredr_hcon->dst);
3693
3694 hci_conn_hold(hcon);
3695 hcon->disc_timeout = HCI_DISCONN_TIMEOUT;
3696 hci_conn_put(hcon);
3697
3698 hci_conn_hold_device(hcon);
3699 hci_conn_add_sysfs(hcon);
3700
cf70ff22 3701 amp_physical_cfm(bredr_hcon, hcon);
d5e91192 3702
cf70ff22 3703 hci_dev_unlock(hdev);
d5e91192
AE		 3704}
3705
27695fb4
AE		 3706static void hci_loglink_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
3707{
3708 struct hci_ev_logical_link_complete *ev = (void *) skb->data;
3709 struct hci_conn *hcon;
3710 struct hci_chan *hchan;
3711 struct amp_mgr *mgr;
3712
3713 BT_DBG("%s log_handle 0x%4.4x phy_handle 0x%2.2x status 0x%2.2x",
3714 hdev->name, le16_to_cpu(ev->handle), ev->phy_handle,
3715 ev->status);
3716
3717 hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
3718 if (!hcon)
3719 return;
3720
3721 /* Create AMP hchan */
3722 hchan = hci_chan_create(hcon);
3723 if (!hchan)
3724 return;
3725
3726 hchan->handle = le16_to_cpu(ev->handle);
3727
3728 BT_DBG("hcon %p mgr %p hchan %p", hcon, hcon->amp_mgr, hchan);
3729
3730 mgr = hcon->amp_mgr;
3731 if (mgr && mgr->bredr_chan) {
3732 struct l2cap_chan *bredr_chan = mgr->bredr_chan;
3733
3734 l2cap_chan_lock(bredr_chan);
3735
3736 bredr_chan->conn->mtu = hdev->block_mtu;
3737 l2cap_logical_cfm(bredr_chan, hchan, 0);
3738 hci_conn_hold(hcon);
3739
3740 l2cap_chan_unlock(bredr_chan);
3741 }
3742}
3743
606e2a10
AE		 3744static void hci_disconn_loglink_complete_evt(struct hci_dev *hdev,
3745 struct sk_buff *skb)
3746{
3747 struct hci_ev_disconn_logical_link_complete *ev = (void *) skb->data;
3748 struct hci_chan *hchan;
3749
3750 BT_DBG("%s log handle 0x%4.4x status 0x%2.2x", hdev->name,
3751 le16_to_cpu(ev->handle), ev->status);
3752
3753 if (ev->status)
3754 return;
3755
3756 hci_dev_lock(hdev);
3757
3758 hchan = hci_chan_lookup_handle(hdev, le16_to_cpu(ev->handle));
3759 if (!hchan)
3760 goto unlock;
3761
3762 amp_destroy_logical_link(hchan, ev->reason);
3763
3764unlock:
3765 hci_dev_unlock(hdev);
3766}
3767
9eef6b3a
AE		 3768static void hci_disconn_phylink_complete_evt(struct hci_dev *hdev,
3769 struct sk_buff *skb)
3770{
3771 struct hci_ev_disconn_phy_link_complete *ev = (void *) skb->data;
3772 struct hci_conn *hcon;
3773
3774 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
3775
3776 if (ev->status)
3777 return;
3778
3779 hci_dev_lock(hdev);
3780
3781 hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
3782 if (hcon) {
3783 hcon->state = BT_CLOSED;
3784 hci_conn_del(hcon);
3785 }
3786
3787 hci_dev_unlock(hdev);
3788}
3789
6039aa73 3790static void hci_le_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
fcd89c09
VT		 3791{
3792 struct hci_ev_le_conn_complete *ev = (void *) skb->data;
3793 struct hci_conn *conn;
3794
9f1db00c 3795 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
fcd89c09
VT		 3796
3797 hci_dev_lock(hdev);
3798
b47a09b3 3799 conn = hci_conn_hash_lookup_state(hdev, LE_LINK, BT_CONNECT);
b62f328b
VT		 3800 if (!conn) {
3801 conn = hci_conn_add(hdev, LE_LINK, &ev->bdaddr);
3802 if (!conn) {
3803 BT_ERR("No memory for new connection");
230fd16a 3804 goto unlock;
b62f328b 3805 }
29b7988a
AG		 3806
3807 conn->dst_type = ev->bdaddr_type;
b9b343d2
AG		 3808
3809 if (ev->role == LE_CONN_ROLE_MASTER) {
3810 conn->out = true;
3811 conn->link_mode |= HCI_LM_MASTER;
3812 }
b62f328b 3813 }
fcd89c09 3814
cd17decb
AG		 3815 if (ev->status) {
3816 mgmt_connect_failed(hdev, &conn->dst, conn->type,
3817 conn->dst_type, ev->status);
3818 hci_proto_connect_cfm(conn, ev->status);
3819 conn->state = BT_CLOSED;
3820 hci_conn_del(conn);
3821 goto unlock;
3822 }
3823
b644ba33
JH		 3824 if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
3825 mgmt_device_connected(hdev, &ev->bdaddr, conn->type,
04124681 3826 conn->dst_type, 0, NULL, 0, NULL);
83bc71b4 3827
7b5c0d52 3828 conn->sec_level = BT_SECURITY_LOW;
fcd89c09
VT		 3829 conn->handle = __le16_to_cpu(ev->handle);
3830 conn->state = BT_CONNECTED;
3831
3832 hci_conn_hold_device(conn);
3833 hci_conn_add_sysfs(conn);
3834
3835 hci_proto_connect_cfm(conn, ev->status);
3836
3837unlock:
3838 hci_dev_unlock(hdev);
3839}
3840
6039aa73 3841static void hci_le_adv_report_evt(struct hci_dev *hdev, struct sk_buff *skb)
9aa04c91 3842{
e95beb41
AG		 3843 u8 num_reports = skb->data[0];
3844 void *ptr = &skb->data[1];
3c9e9195 3845 s8 rssi;
9aa04c91
AG		 3846
3847 hci_dev_lock(hdev);
3848
e95beb41
AG		 3849 while (num_reports--) {
3850 struct hci_ev_le_advertising_info *ev = ptr;
9aa04c91 3851
3c9e9195
AG		 3852 rssi = ev->data[ev->length];
3853 mgmt_device_found(hdev, &ev->bdaddr, LE_LINK, ev->bdaddr_type,
04124681 3854 NULL, rssi, 0, 1, ev->data, ev->length);
3c9e9195 3855
e95beb41 3856 ptr += sizeof(*ev) + ev->length + 1;
9aa04c91
AG		 3857 }
3858
3859 hci_dev_unlock(hdev);
3860}
3861
6039aa73 3862static void hci_le_ltk_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
a7a595f6
VCG		 3863{
3864 struct hci_ev_le_ltk_req *ev = (void *) skb->data;
3865 struct hci_cp_le_ltk_reply cp;
bea710fe 3866 struct hci_cp_le_ltk_neg_reply neg;
a7a595f6 3867 struct hci_conn *conn;
c9839a11 3868 struct smp_ltk *ltk;
a7a595f6 3869
9f1db00c 3870 BT_DBG("%s handle 0x%4.4x", hdev->name, __le16_to_cpu(ev->handle));
a7a595f6
VCG		 3871
3872 hci_dev_lock(hdev);
3873
3874 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
bea710fe
VCG		 3875 if (conn == NULL)
3876 goto not_found;
a7a595f6 3877
bea710fe
VCG		 3878 ltk = hci_find_ltk(hdev, ev->ediv, ev->random);
3879 if (ltk == NULL)
3880 goto not_found;
3881
3882 memcpy(cp.ltk, ltk->val, sizeof(ltk->val));
a7a595f6 3883 cp.handle = cpu_to_le16(conn->handle);
c9839a11
VCG		 3884
3885 if (ltk->authenticated)
3886 conn->sec_level = BT_SECURITY_HIGH;
a7a595f6
VCG		 3887
3888 hci_send_cmd(hdev, HCI_OP_LE_LTK_REPLY, sizeof(cp), &cp);
3889
c9839a11
VCG		 3890 if (ltk->type & HCI_SMP_STK) {
3891 list_del(&ltk->list);
3892 kfree(ltk);
3893 }
3894
a7a595f6 3895 hci_dev_unlock(hdev);
bea710fe
VCG		 3896
3897 return;
3898
3899not_found:
3900 neg.handle = ev->handle;
3901 hci_send_cmd(hdev, HCI_OP_LE_LTK_NEG_REPLY, sizeof(neg), &neg);
3902 hci_dev_unlock(hdev);
a7a595f6
VCG		 3903}
3904
6039aa73 3905static void hci_le_meta_evt(struct hci_dev *hdev, struct sk_buff *skb)
fcd89c09
VT		 3906{
3907 struct hci_ev_le_meta *le_ev = (void *) skb->data;
3908
3909 skb_pull(skb, sizeof(*le_ev));
3910
3911 switch (le_ev->subevent) {
3912 case HCI_EV_LE_CONN_COMPLETE:
3913 hci_le_conn_complete_evt(hdev, skb);
3914 break;
3915
9aa04c91
AG		 3916 case HCI_EV_LE_ADVERTISING_REPORT:
3917 hci_le_adv_report_evt(hdev, skb);
3918 break;
3919
a7a595f6
VCG		 3920 case HCI_EV_LE_LTK_REQ:
3921 hci_le_ltk_request_evt(hdev, skb);
3922 break;
3923
fcd89c09
VT		 3924 default:
3925 break;
3926 }
3927}
3928
9495b2ee
AE		 3929static void hci_chan_selected_evt(struct hci_dev *hdev, struct sk_buff *skb)
3930{
3931 struct hci_ev_channel_selected *ev = (void *) skb->data;
3932 struct hci_conn *hcon;
3933
3934 BT_DBG("%s handle 0x%2.2x", hdev->name, ev->phy_handle);
3935
3936 skb_pull(skb, sizeof(*ev));
3937
3938 hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
3939 if (!hcon)
3940 return;
3941
3942 amp_read_loc_assoc_final_data(hdev, hcon);
3943}
3944
a9de9248
MH		 3945void hci_event_packet(struct hci_dev *hdev, struct sk_buff *skb)
3946{
3947 struct hci_event_hdr *hdr = (void *) skb->data;
3948 __u8 event = hdr->evt;
3949
3950 skb_pull(skb, HCI_EVENT_HDR_SIZE);
3951
3952 switch (event) {
1da177e4
LT		 3953 case HCI_EV_INQUIRY_COMPLETE:
3954 hci_inquiry_complete_evt(hdev, skb);
3955 break;
3956
3957 case HCI_EV_INQUIRY_RESULT:
3958 hci_inquiry_result_evt(hdev, skb);
3959 break;
3960
a9de9248
MH		 3961 case HCI_EV_CONN_COMPLETE:
3962 hci_conn_complete_evt(hdev, skb);
21d9e30e
MH		 3963 break;
3964
1da177e4
LT		 3965 case HCI_EV_CONN_REQUEST:
3966 hci_conn_request_evt(hdev, skb);
3967 break;
3968
1da177e4
LT		 3969 case HCI_EV_DISCONN_COMPLETE:
3970 hci_disconn_complete_evt(hdev, skb);
3971 break;
3972
1da177e4
LT		 3973 case HCI_EV_AUTH_COMPLETE:
3974 hci_auth_complete_evt(hdev, skb);
3975 break;
3976
a9de9248
MH		 3977 case HCI_EV_REMOTE_NAME:
3978 hci_remote_name_evt(hdev, skb);
3979 break;
3980
1da177e4
LT		 3981 case HCI_EV_ENCRYPT_CHANGE:
3982 hci_encrypt_change_evt(hdev, skb);
3983 break;
3984
a9de9248
MH		 3985 case HCI_EV_CHANGE_LINK_KEY_COMPLETE:
3986 hci_change_link_key_complete_evt(hdev, skb);
3987 break;
3988
3989 case HCI_EV_REMOTE_FEATURES:
3990 hci_remote_features_evt(hdev, skb);
3991 break;
3992
3993 case HCI_EV_REMOTE_VERSION:
3994 hci_remote_version_evt(hdev, skb);
3995 break;
3996
3997 case HCI_EV_QOS_SETUP_COMPLETE:
3998 hci_qos_setup_complete_evt(hdev, skb);
3999 break;
4000
4001 case HCI_EV_CMD_COMPLETE:
4002 hci_cmd_complete_evt(hdev, skb);
4003 break;
4004
4005 case HCI_EV_CMD_STATUS:
4006 hci_cmd_status_evt(hdev, skb);
4007 break;
4008
4009 case HCI_EV_ROLE_CHANGE:
4010 hci_role_change_evt(hdev, skb);
4011 break;
4012
4013 case HCI_EV_NUM_COMP_PKTS:
4014 hci_num_comp_pkts_evt(hdev, skb);
4015 break;
4016
4017 case HCI_EV_MODE_CHANGE:
4018 hci_mode_change_evt(hdev, skb);
1da177e4
LT		 4019 break;
4020
4021 case HCI_EV_PIN_CODE_REQ:
4022 hci_pin_code_request_evt(hdev, skb);
4023 break;
4024
4025 case HCI_EV_LINK_KEY_REQ:
4026 hci_link_key_request_evt(hdev, skb);
4027 break;
4028
4029 case HCI_EV_LINK_KEY_NOTIFY:
4030 hci_link_key_notify_evt(hdev, skb);
4031 break;
4032
4033 case HCI_EV_CLOCK_OFFSET:
4034 hci_clock_offset_evt(hdev, skb);
4035 break;
4036
a8746417
MH		 4037 case HCI_EV_PKT_TYPE_CHANGE:
4038 hci_pkt_type_change_evt(hdev, skb);
4039 break;
4040
85a1e930
MH		 4041 case HCI_EV_PSCAN_REP_MODE:
4042 hci_pscan_rep_mode_evt(hdev, skb);
4043 break;
4044
a9de9248
MH		 4045 case HCI_EV_INQUIRY_RESULT_WITH_RSSI:
4046 hci_inquiry_result_with_rssi_evt(hdev, skb);
04837f64
MH		 4047 break;
4048
a9de9248
MH		 4049 case HCI_EV_REMOTE_EXT_FEATURES:
4050 hci_remote_ext_features_evt(hdev, skb);
1da177e4
LT		 4051 break;
4052
a9de9248
MH		 4053 case HCI_EV_SYNC_CONN_COMPLETE:
4054 hci_sync_conn_complete_evt(hdev, skb);
4055 break;
1da177e4 4056
a9de9248
MH		 4057 case HCI_EV_SYNC_CONN_CHANGED:
4058 hci_sync_conn_changed_evt(hdev, skb);
4059 break;
1da177e4 4060
a9de9248
MH		 4061 case HCI_EV_SNIFF_SUBRATE:
4062 hci_sniff_subrate_evt(hdev, skb);
4063 break;
1da177e4 4064
a9de9248
MH		 4065 case HCI_EV_EXTENDED_INQUIRY_RESULT:
4066 hci_extended_inquiry_result_evt(hdev, skb);
4067 break;
1da177e4 4068
1c2e0041
JH		 4069 case HCI_EV_KEY_REFRESH_COMPLETE:
4070 hci_key_refresh_complete_evt(hdev, skb);
4071 break;
4072
0493684e
MH		 4073 case HCI_EV_IO_CAPA_REQUEST:
4074 hci_io_capa_request_evt(hdev, skb);
4075 break;
4076
03b555e1
JH		 4077 case HCI_EV_IO_CAPA_REPLY:
4078 hci_io_capa_reply_evt(hdev, skb);
4079 break;
4080
a5c29683
JH		 4081 case HCI_EV_USER_CONFIRM_REQUEST:
4082 hci_user_confirm_request_evt(hdev, skb);
4083 break;
4084
1143d458
BG		 4085 case HCI_EV_USER_PASSKEY_REQUEST:
4086 hci_user_passkey_request_evt(hdev, skb);
4087 break;
4088
92a25256
JH		 4089 case HCI_EV_USER_PASSKEY_NOTIFY:
4090 hci_user_passkey_notify_evt(hdev, skb);
4091 break;
4092
4093 case HCI_EV_KEYPRESS_NOTIFY:
4094 hci_keypress_notify_evt(hdev, skb);
4095 break;
4096
0493684e
MH		 4097 case HCI_EV_SIMPLE_PAIR_COMPLETE:
4098 hci_simple_pair_complete_evt(hdev, skb);
4099 break;
4100
41a96212
MH		 4101 case HCI_EV_REMOTE_HOST_FEATURES:
4102 hci_remote_host_features_evt(hdev, skb);
4103 break;
4104
fcd89c09
VT		 4105 case HCI_EV_LE_META:
4106 hci_le_meta_evt(hdev, skb);
4107 break;
4108
9495b2ee
AE		 4109 case HCI_EV_CHANNEL_SELECTED:
4110 hci_chan_selected_evt(hdev, skb);
4111 break;
4112
2763eda6
SJ		 4113 case HCI_EV_REMOTE_OOB_DATA_REQUEST:
4114 hci_remote_oob_data_request_evt(hdev, skb);
4115 break;
4116
d5e91192
AE		 4117 case HCI_EV_PHY_LINK_COMPLETE:
4118 hci_phy_link_complete_evt(hdev, skb);
4119 break;
4120
27695fb4
AE		 4121 case HCI_EV_LOGICAL_LINK_COMPLETE:
4122 hci_loglink_complete_evt(hdev, skb);
4123 break;
4124
606e2a10
AE		 4125 case HCI_EV_DISCONN_LOGICAL_LINK_COMPLETE:
4126 hci_disconn_loglink_complete_evt(hdev, skb);
4127 break;
4128
9eef6b3a
AE		 4129 case HCI_EV_DISCONN_PHY_LINK_COMPLETE:
4130 hci_disconn_phylink_complete_evt(hdev, skb);
4131 break;
4132
25e89e99
AE		 4133 case HCI_EV_NUM_COMP_BLOCKS:
4134 hci_num_comp_blocks_evt(hdev, skb);
4135 break;
4136
a9de9248 4137 default:
9f1db00c 4138 BT_DBG("%s event 0x%2.2x", hdev->name, event);
1da177e4
LT		 4139 break;
4140 }
4141
4142 kfree_skb(skb);
4143 hdev->stat.evt_rx++;
4144}
kernel source for telekom puls (alcatel/mediatek)