projects / GitHub / mt8127 / android_kernel_alcatel_ttab.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Bluetooth: Disallow LE scanning and connecting in peripheral role
[GitHub/mt8127/android_kernel_alcatel_ttab.git] / net / bluetooth / hci_event.c
CommitLineData
8e87d142 1/*
1da177e4 2 BlueZ - Bluetooth protocol stack for Linux
2d0a0346 3 Copyright (c) 2000-2001, 2010, Code Aurora Forum. All rights reserved.
1da177e4
LT		 4
5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
8e87d142
YH		 15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
1da177e4
LT		 18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
8e87d142
YH		 20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
1da177e4
LT		 22 SOFTWARE IS DISCLAIMED.
23*/
24
25/* Bluetooth HCI event handling. */
26
8c520a59 27#include <linux/export.h>
1da177e4
LT		 28#include <asm/unaligned.h>
29
30#include <net/bluetooth/bluetooth.h>
31#include <net/bluetooth/hci_core.h>
f0d6a0ea 32#include <net/bluetooth/mgmt.h>
8e2a0d92 33#include <net/bluetooth/a2mp.h>
903e4541 34#include <net/bluetooth/amp.h>
1da177e4 35
1da177e4
LT		 36/* Handle HCI Event packets */
37
a9de9248 38static void hci_cc_inquiry_cancel(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 39{
a9de9248 40 __u8 status = *((__u8 *) skb->data);
1da177e4 41
9f1db00c 42 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1da177e4 43
e6d465cb
AG		 44 if (status) {
45 hci_dev_lock(hdev);
46 mgmt_stop_discovery_failed(hdev, status);
47 hci_dev_unlock(hdev);
a9de9248 48 return;
e6d465cb 49 }
1da177e4 50
89352e7d
AG		 51 clear_bit(HCI_INQUIRY, &hdev->flags);
52
56e5cb86 53 hci_dev_lock(hdev);
ff9ef578 54 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
56e5cb86 55 hci_dev_unlock(hdev);
6bd57416 56
23bb5763 57 hci_req_complete(hdev, HCI_OP_INQUIRY_CANCEL, status);
a9de9248
MH		 58
59 hci_conn_check_pending(hdev);
60}
6bd57416 61
4d93483b
AG		 62static void hci_cc_periodic_inq(struct hci_dev *hdev, struct sk_buff *skb)
63{
64 __u8 status = *((__u8 *) skb->data);
65
9f1db00c 66 BT_DBG("%s status 0x%2.2x", hdev->name, status);
ae854a70
AG		 67
68 if (status)
69 return;
70
71 set_bit(HCI_PERIODIC_INQ, &hdev->dev_flags);
4d93483b
AG		 72}
73
a9de9248
MH		 74static void hci_cc_exit_periodic_inq(struct hci_dev *hdev, struct sk_buff *skb)
75{
76 __u8 status = *((__u8 *) skb->data);
6bd57416 77
9f1db00c 78 BT_DBG("%s status 0x%2.2x", hdev->name, status);
6bd57416 79
a9de9248
MH		 80 if (status)
81 return;
1da177e4 82
ae854a70
AG		 83 clear_bit(HCI_PERIODIC_INQ, &hdev->dev_flags);
84
a9de9248
MH		 85 hci_conn_check_pending(hdev);
86}
87
807deac2
GP		 88static void hci_cc_remote_name_req_cancel(struct hci_dev *hdev,
89 struct sk_buff *skb)
a9de9248
MH		 90{
91 BT_DBG("%s", hdev->name);
92}
93
94static void hci_cc_role_discovery(struct hci_dev *hdev, struct sk_buff *skb)
95{
96 struct hci_rp_role_discovery *rp = (void *) skb->data;
97 struct hci_conn *conn;
98
9f1db00c 99 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
a9de9248
MH		 100
101 if (rp->status)
102 return;
103
104 hci_dev_lock(hdev);
105
106 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
107 if (conn) {
108 if (rp->role)
109 conn->link_mode &= ~HCI_LM_MASTER;
110 else
111 conn->link_mode |= HCI_LM_MASTER;
1da177e4 112 }
a9de9248
MH		 113
114 hci_dev_unlock(hdev);
1da177e4
LT		 115}
116
e4e8e37c
MH		 117static void hci_cc_read_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
118{
119 struct hci_rp_read_link_policy *rp = (void *) skb->data;
120 struct hci_conn *conn;
121
9f1db00c 122 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
e4e8e37c
MH		 123
124 if (rp->status)
125 return;
126
127 hci_dev_lock(hdev);
128
129 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
130 if (conn)
131 conn->link_policy = __le16_to_cpu(rp->policy);
132
133 hci_dev_unlock(hdev);
134}
135
a9de9248 136static void hci_cc_write_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 137{
a9de9248 138 struct hci_rp_write_link_policy *rp = (void *) skb->data;
1da177e4 139 struct hci_conn *conn;
04837f64 140 void *sent;
1da177e4 141
9f1db00c 142 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1da177e4 143
a9de9248
MH		 144 if (rp->status)
145 return;
1da177e4 146
a9de9248
MH		 147 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LINK_POLICY);
148 if (!sent)
149 return;
1da177e4 150
a9de9248 151 hci_dev_lock(hdev);
1da177e4 152
a9de9248 153 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
e4e8e37c 154 if (conn)
83985319 155 conn->link_policy = get_unaligned_le16(sent + 2);
1da177e4 156
a9de9248
MH		 157 hci_dev_unlock(hdev);
158}
1da177e4 159
807deac2
GP		 160static void hci_cc_read_def_link_policy(struct hci_dev *hdev,
161 struct sk_buff *skb)
e4e8e37c
MH		 162{
163 struct hci_rp_read_def_link_policy *rp = (void *) skb->data;
164
9f1db00c 165 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
e4e8e37c
MH		 166
167 if (rp->status)
168 return;
169
170 hdev->link_policy = __le16_to_cpu(rp->policy);
171}
172
807deac2
GP		 173static void hci_cc_write_def_link_policy(struct hci_dev *hdev,
174 struct sk_buff *skb)
e4e8e37c
MH		 175{
176 __u8 status = *((__u8 *) skb->data);
177 void *sent;
178
9f1db00c 179 BT_DBG("%s status 0x%2.2x", hdev->name, status);
e4e8e37c
MH		 180
181 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_DEF_LINK_POLICY);
182 if (!sent)
183 return;
184
185 if (!status)
186 hdev->link_policy = get_unaligned_le16(sent);
187
23bb5763 188 hci_req_complete(hdev, HCI_OP_WRITE_DEF_LINK_POLICY, status);
e4e8e37c
MH		 189}
190
a9de9248
MH		 191static void hci_cc_reset(struct hci_dev *hdev, struct sk_buff *skb)
192{
193 __u8 status = *((__u8 *) skb->data);
04837f64 194
9f1db00c 195 BT_DBG("%s status 0x%2.2x", hdev->name, status);
04837f64 196
10572132
GP		 197 clear_bit(HCI_RESET, &hdev->flags);
198
23bb5763 199 hci_req_complete(hdev, HCI_OP_RESET, status);
d23264a8 200
a297e97c 201 /* Reset all non-persistent flags */
ae854a70
AG		 202 hdev->dev_flags &= ~(BIT(HCI_LE_SCAN) | BIT(HCI_PENDING_CLASS) |
203 BIT(HCI_PERIODIC_INQ));
69775ff6
AG		 204
205 hdev->discovery.state = DISCOVERY_STOPPED;
a9de9248 206}
04837f64 207
a9de9248
MH		 208static void hci_cc_write_local_name(struct hci_dev *hdev, struct sk_buff *skb)
209{
210 __u8 status = *((__u8 *) skb->data);
211 void *sent;
04837f64 212
9f1db00c 213 BT_DBG("%s status 0x%2.2x", hdev->name, status);
04837f64 214
a9de9248
MH		 215 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LOCAL_NAME);
216 if (!sent)
217 return;
04837f64 218
56e5cb86
JH		 219 hci_dev_lock(hdev);
220
f51d5b24
JH		 221 if (test_bit(HCI_MGMT, &hdev->dev_flags))
222 mgmt_set_local_name_complete(hdev, sent, status);
28cc7bde
JH		 223 else if (!status)
224 memcpy(hdev->dev_name, sent, HCI_MAX_NAME_LENGTH);
f51d5b24 225
56e5cb86 226 hci_dev_unlock(hdev);
3159d384
JH		 227
228 hci_req_complete(hdev, HCI_OP_WRITE_LOCAL_NAME, status);
a9de9248
MH		 229}
230
231static void hci_cc_read_local_name(struct hci_dev *hdev, struct sk_buff *skb)
232{
233 struct hci_rp_read_local_name *rp = (void *) skb->data;
234
9f1db00c 235 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
a9de9248
MH		 236
237 if (rp->status)
238 return;
239
db99b5fc
JH		 240 if (test_bit(HCI_SETUP, &hdev->dev_flags))
241 memcpy(hdev->dev_name, rp->name, HCI_MAX_NAME_LENGTH);
a9de9248
MH		 242}
243
244static void hci_cc_write_auth_enable(struct hci_dev *hdev, struct sk_buff *skb)
245{
246 __u8 status = *((__u8 *) skb->data);
247 void *sent;
248
9f1db00c 249 BT_DBG("%s status 0x%2.2x", hdev->name, status);
a9de9248
MH		 250
251 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_AUTH_ENABLE);
252 if (!sent)
253 return;
254
255 if (!status) {
256 __u8 param = *((__u8 *) sent);
257
258 if (param == AUTH_ENABLED)
259 set_bit(HCI_AUTH, &hdev->flags);
260 else
261 clear_bit(HCI_AUTH, &hdev->flags);
1da177e4 262 }
a9de9248 263
33ef95ed
JH		 264 if (test_bit(HCI_MGMT, &hdev->dev_flags))
265 mgmt_auth_enable_complete(hdev, status);
266
23bb5763 267 hci_req_complete(hdev, HCI_OP_WRITE_AUTH_ENABLE, status);
1da177e4
LT		 268}
269
a9de9248 270static void hci_cc_write_encrypt_mode(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 271{
a9de9248 272 __u8 status = *((__u8 *) skb->data);
1da177e4
LT		 273 void *sent;
274
9f1db00c 275 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1da177e4 276
a9de9248
MH		 277 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_ENCRYPT_MODE);
278 if (!sent)
279 return;
1da177e4 280
a9de9248
MH		 281 if (!status) {
282 __u8 param = *((__u8 *) sent);
283
284 if (param)
285 set_bit(HCI_ENCRYPT, &hdev->flags);
286 else
287 clear_bit(HCI_ENCRYPT, &hdev->flags);
288 }
1da177e4 289
23bb5763 290 hci_req_complete(hdev, HCI_OP_WRITE_ENCRYPT_MODE, status);
a9de9248 291}
1da177e4 292
a9de9248
MH		 293static void hci_cc_write_scan_enable(struct hci_dev *hdev, struct sk_buff *skb)
294{
36f7fc7e
JH		 295 __u8 param, status = *((__u8 *) skb->data);
296 int old_pscan, old_iscan;
a9de9248 297 void *sent;
1da177e4 298
9f1db00c 299 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1da177e4 300
a9de9248
MH		 301 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SCAN_ENABLE);
302 if (!sent)
303 return;
1da177e4 304
36f7fc7e
JH		 305 param = *((__u8 *) sent);
306
56e5cb86
JH		 307 hci_dev_lock(hdev);
308
fa1bd918 309 if (status) {
744cf19e 310 mgmt_write_scan_failed(hdev, param, status);
2d7cee58
JH		 311 hdev->discov_timeout = 0;
312 goto done;
313 }
314
36f7fc7e
JH		 315 old_pscan = test_and_clear_bit(HCI_PSCAN, &hdev->flags);
316 old_iscan = test_and_clear_bit(HCI_ISCAN, &hdev->flags);
317
318 if (param & SCAN_INQUIRY) {
319 set_bit(HCI_ISCAN, &hdev->flags);
320 if (!old_iscan)
744cf19e 321 mgmt_discoverable(hdev, 1);
16ab91ab
JH		 322 if (hdev->discov_timeout > 0) {
323 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
324 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
807deac2 325 to);
16ab91ab 326 }
36f7fc7e 327 } else if (old_iscan)
744cf19e 328 mgmt_discoverable(hdev, 0);
36f7fc7e
JH		 329
330 if (param & SCAN_PAGE) {
331 set_bit(HCI_PSCAN, &hdev->flags);
332 if (!old_pscan)
744cf19e 333 mgmt_connectable(hdev, 1);
36f7fc7e 334 } else if (old_pscan)
744cf19e 335 mgmt_connectable(hdev, 0);
1da177e4 336
36f7fc7e 337done:
56e5cb86 338 hci_dev_unlock(hdev);
23bb5763 339 hci_req_complete(hdev, HCI_OP_WRITE_SCAN_ENABLE, status);
a9de9248 340}
1da177e4 341
a9de9248
MH		 342static void hci_cc_read_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
343{
344 struct hci_rp_read_class_of_dev *rp = (void *) skb->data;
1da177e4 345
9f1db00c 346 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1da177e4 347
a9de9248
MH		 348 if (rp->status)
349 return;
1da177e4 350
a9de9248 351 memcpy(hdev->dev_class, rp->dev_class, 3);
1da177e4 352
a9de9248 353 BT_DBG("%s class 0x%.2x%.2x%.2x", hdev->name,
807deac2 354 hdev->dev_class[2], hdev->dev_class[1], hdev->dev_class[0]);
a9de9248 355}
1da177e4 356
a9de9248
MH		 357static void hci_cc_write_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
358{
359 __u8 status = *((__u8 *) skb->data);
360 void *sent;
1da177e4 361
9f1db00c 362 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1da177e4 363
a9de9248
MH		 364 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_CLASS_OF_DEV);
365 if (!sent)
366 return;
1da177e4 367
7f9a903c
MH		 368 hci_dev_lock(hdev);
369
370 if (status == 0)
371 memcpy(hdev->dev_class, sent, 3);
372
373 if (test_bit(HCI_MGMT, &hdev->dev_flags))
374 mgmt_set_class_of_dev_complete(hdev, sent, status);
375
376 hci_dev_unlock(hdev);
a9de9248 377}
1da177e4 378
a9de9248
MH		 379static void hci_cc_read_voice_setting(struct hci_dev *hdev, struct sk_buff *skb)
380{
381 struct hci_rp_read_voice_setting *rp = (void *) skb->data;
382 __u16 setting;
383
9f1db00c 384 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
a9de9248
MH		 385
386 if (rp->status)
387 return;
388
389 setting = __le16_to_cpu(rp->voice_setting);
390
f383f275 391 if (hdev->voice_setting == setting)
a9de9248
MH		 392 return;
393
394 hdev->voice_setting = setting;
395
9f1db00c 396 BT_DBG("%s voice setting 0x%4.4x", hdev->name, setting);
a9de9248 397
3c54711c 398 if (hdev->notify)
a9de9248 399 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
a9de9248
MH		 400}
401
8fc9ced3
GP		 402static void hci_cc_write_voice_setting(struct hci_dev *hdev,
403 struct sk_buff *skb)
a9de9248
MH		 404{
405 __u8 status = *((__u8 *) skb->data);
f383f275 406 __u16 setting;
a9de9248
MH		 407 void *sent;
408
9f1db00c 409 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1da177e4 410
f383f275
MH		 411 if (status)
412 return;
413
a9de9248
MH		 414 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_VOICE_SETTING);
415 if (!sent)
416 return;
1da177e4 417
f383f275 418 setting = get_unaligned_le16(sent);
1da177e4 419
f383f275
MH		 420 if (hdev->voice_setting == setting)
421 return;
422
423 hdev->voice_setting = setting;
1da177e4 424
9f1db00c 425 BT_DBG("%s voice setting 0x%4.4x", hdev->name, setting);
1da177e4 426
3c54711c 427 if (hdev->notify)
f383f275 428 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
1da177e4
LT		 429}
430
a9de9248 431static void hci_cc_host_buffer_size(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 432{
a9de9248 433 __u8 status = *((__u8 *) skb->data);
1da177e4 434
9f1db00c 435 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1da177e4 436
23bb5763 437 hci_req_complete(hdev, HCI_OP_HOST_BUFFER_SIZE, status);
a9de9248 438}
1143e5a6 439
333140b5
MH		 440static void hci_cc_write_ssp_mode(struct hci_dev *hdev, struct sk_buff *skb)
441{
442 __u8 status = *((__u8 *) skb->data);
443 void *sent;
444
9f1db00c 445 BT_DBG("%s status 0x%2.2x", hdev->name, status);
333140b5 446
333140b5
MH		 447 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SSP_MODE);
448 if (!sent)
449 return;
450
ed2c4ee3 451 if (test_bit(HCI_MGMT, &hdev->dev_flags))
c0ecddc2
JH		 452 mgmt_ssp_enable_complete(hdev, *((u8 *) sent), status);
453 else if (!status) {
454 if (*((u8 *) sent))
455 set_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
456 else
457 clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
458 }
333140b5
MH		 459}
460
d5859e22
JH		 461static u8 hci_get_inquiry_mode(struct hci_dev *hdev)
462{
976eb20e 463 if (lmp_ext_inq_capable(hdev))
d5859e22
JH		 464 return 2;
465
976eb20e 466 if (lmp_inq_rssi_capable(hdev))
d5859e22
JH		 467 return 1;
468
469 if (hdev->manufacturer == 11 && hdev->hci_rev == 0x00 &&
807deac2 470 hdev->lmp_subver == 0x0757)
d5859e22
JH		 471 return 1;
472
473 if (hdev->manufacturer == 15) {
474 if (hdev->hci_rev == 0x03 && hdev->lmp_subver == 0x6963)
475 return 1;
476 if (hdev->hci_rev == 0x09 && hdev->lmp_subver == 0x6963)
477 return 1;
478 if (hdev->hci_rev == 0x00 && hdev->lmp_subver == 0x6965)
479 return 1;
480 }
481
482 if (hdev->manufacturer == 31 && hdev->hci_rev == 0x2005 &&
807deac2 483 hdev->lmp_subver == 0x1805)
d5859e22
JH		 484 return 1;
485
486 return 0;
487}
488
489static void hci_setup_inquiry_mode(struct hci_dev *hdev)
490{
491 u8 mode;
492
493 mode = hci_get_inquiry_mode(hdev);
494
495 hci_send_cmd(hdev, HCI_OP_WRITE_INQUIRY_MODE, 1, &mode);
496}
497
498static void hci_setup_event_mask(struct hci_dev *hdev)
499{
500 /* The second byte is 0xff instead of 0x9f (two reserved bits
501 * disabled) since a Broadcom 1.2 dongle doesn't respond to the
502 * command otherwise */
503 u8 events[8] = { 0xff, 0xff, 0xfb, 0xff, 0x00, 0x00, 0x00, 0x00 };
504
6de6c18d
VT		 505 /* CSR 1.1 dongles does not accept any bitfield so don't try to set
506 * any event mask for pre 1.2 devices */
5a13b095 507 if (hdev->hci_ver < BLUETOOTH_VER_1_2)
6de6c18d
VT		 508 return;
509
e1171e8d
JH		 510 if (lmp_bredr_capable(hdev)) {
511 events[4] |= 0x01; /* Flow Specification Complete */
512 events[4] |= 0x02; /* Inquiry Result with RSSI */
513 events[4] |= 0x04; /* Read Remote Extended Features Complete */
514 events[5] |= 0x08; /* Synchronous Connection Complete */
515 events[5] |= 0x10; /* Synchronous Connection Changed */
516 }
d5859e22 517
976eb20e 518 if (lmp_inq_rssi_capable(hdev))
a24299e6 519 events[4] |= 0x02; /* Inquiry Result with RSSI */
d5859e22 520
999dcd10 521 if (lmp_sniffsubr_capable(hdev))
d5859e22
JH		 522 events[5] |= 0x20; /* Sniff Subrating */
523
976eb20e 524 if (lmp_pause_enc_capable(hdev))
d5859e22
JH		 525 events[5] |= 0x80; /* Encryption Key Refresh Complete */
526
976eb20e 527 if (lmp_ext_inq_capable(hdev))
d5859e22
JH		 528 events[5] |= 0x40; /* Extended Inquiry Result */
529
c58e810e 530 if (lmp_no_flush_capable(hdev))
d5859e22
JH		 531 events[7] |= 0x01; /* Enhanced Flush Complete */
532
976eb20e 533 if (lmp_lsto_capable(hdev))
d5859e22
JH		 534 events[6] |= 0x80; /* Link Supervision Timeout Changed */
535
9a1a1996 536 if (lmp_ssp_capable(hdev)) {
d5859e22
JH		 537 events[6] |= 0x01; /* IO Capability Request */
538 events[6] |= 0x02; /* IO Capability Response */
539 events[6] |= 0x04; /* User Confirmation Request */
540 events[6] |= 0x08; /* User Passkey Request */
541 events[6] |= 0x10; /* Remote OOB Data Request */
542 events[6] |= 0x20; /* Simple Pairing Complete */
543 events[7] |= 0x04; /* User Passkey Notification */
544 events[7] |= 0x08; /* Keypress Notification */
545 events[7] |= 0x10; /* Remote Host Supported
546 * Features Notification */
547 }
548
c383ddc4 549 if (lmp_le_capable(hdev))
d5859e22
JH		 550 events[7] |= 0x20; /* LE Meta-Event */
551
552 hci_send_cmd(hdev, HCI_OP_SET_EVENT_MASK, sizeof(events), events);
e36b04c8
JH		 553
554 if (lmp_le_capable(hdev)) {
555 memset(events, 0, sizeof(events));
556 events[0] = 0x1f;
557 hci_send_cmd(hdev, HCI_OP_LE_SET_EVENT_MASK,
558 sizeof(events), events);
559 }
d5859e22
JH		 560}
561
4611dfa8 562static void bredr_setup(struct hci_dev *hdev)
e1171e8d
JH		 563{
564 struct hci_cp_delete_stored_link_key cp;
565 __le16 param;
566 __u8 flt_type;
567
568 /* Read Buffer Size (ACL mtu, max pkt, etc.) */
569 hci_send_cmd(hdev, HCI_OP_READ_BUFFER_SIZE, 0, NULL);
570
571 /* Read Class of Device */
572 hci_send_cmd(hdev, HCI_OP_READ_CLASS_OF_DEV, 0, NULL);
573
574 /* Read Local Name */
575 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_NAME, 0, NULL);
576
577 /* Read Voice Setting */
578 hci_send_cmd(hdev, HCI_OP_READ_VOICE_SETTING, 0, NULL);
579
580 /* Clear Event Filters */
581 flt_type = HCI_FLT_CLEAR_ALL;
582 hci_send_cmd(hdev, HCI_OP_SET_EVENT_FLT, 1, &flt_type);
583
584 /* Connection accept timeout ~20 secs */
585 param = __constant_cpu_to_le16(0x7d00);
586 hci_send_cmd(hdev, HCI_OP_WRITE_CA_TIMEOUT, 2, &param);
587
588 bacpy(&cp.bdaddr, BDADDR_ANY);
589 cp.delete_all = 1;
590 hci_send_cmd(hdev, HCI_OP_DELETE_STORED_LINK_KEY, sizeof(cp), &cp);
591}
592
4611dfa8 593static void le_setup(struct hci_dev *hdev)
e1171e8d
JH		 594{
595 /* Read LE Buffer Size */
596 hci_send_cmd(hdev, HCI_OP_LE_READ_BUFFER_SIZE, 0, NULL);
8fa19098
JH		 597
598 /* Read LE Advertising Channel TX Power */
599 hci_send_cmd(hdev, HCI_OP_LE_READ_ADV_TX_POWER, 0, NULL);
e1171e8d
JH		 600}
601
d5859e22
JH		 602static void hci_setup(struct hci_dev *hdev)
603{
e61ef499
AE		 604 if (hdev->dev_type != HCI_BREDR)
605 return;
606
e1171e8d
JH		 607 /* Read BD Address */
608 hci_send_cmd(hdev, HCI_OP_READ_BD_ADDR, 0, NULL);
609
610 if (lmp_bredr_capable(hdev))
4611dfa8 611 bredr_setup(hdev);
e1171e8d
JH		 612
613 if (lmp_le_capable(hdev))
4611dfa8 614 le_setup(hdev);
e1171e8d 615
d5859e22
JH		 616 hci_setup_event_mask(hdev);
617
d095c1eb 618 if (hdev->hci_ver > BLUETOOTH_VER_1_1)
d5859e22
JH		 619 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_COMMANDS, 0, NULL);
620
6d3c730f 621 if (lmp_ssp_capable(hdev)) {
54d04dbb
JH		 622 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
623 u8 mode = 0x01;
624 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE,
04124681 625 sizeof(mode), &mode);
54d04dbb
JH		 626 } else {
627 struct hci_cp_write_eir cp;
628
629 memset(hdev->eir, 0, sizeof(hdev->eir));
630 memset(&cp, 0, sizeof(cp));
631
632 hci_send_cmd(hdev, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
633 }
d5859e22
JH		 634 }
635
976eb20e 636 if (lmp_inq_rssi_capable(hdev))
d5859e22
JH		 637 hci_setup_inquiry_mode(hdev);
638
976eb20e 639 if (lmp_inq_tx_pwr_capable(hdev))
d5859e22 640 hci_send_cmd(hdev, HCI_OP_READ_INQ_RSP_TX_POWER, 0, NULL);
971e3a4b 641
976eb20e 642 if (lmp_ext_feat_capable(hdev)) {
971e3a4b
AG		 643 struct hci_cp_read_local_ext_features cp;
644
645 cp.page = 0x01;
04124681
GP		 646 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_EXT_FEATURES, sizeof(cp),
647 &cp);
971e3a4b 648 }
e6100a25 649
47990ea0
JH		 650 if (test_bit(HCI_LINK_SECURITY, &hdev->dev_flags)) {
651 u8 enable = 1;
04124681
GP		 652 hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(enable),
653 &enable);
47990ea0 654 }
d5859e22
JH		 655}
656
a9de9248
MH		 657static void hci_cc_read_local_version(struct hci_dev *hdev, struct sk_buff *skb)
658{
659 struct hci_rp_read_local_version *rp = (void *) skb->data;
1143e5a6 660
9f1db00c 661 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1143e5a6 662
a9de9248 663 if (rp->status)
28b8df77 664 goto done;
1143e5a6 665
a9de9248 666 hdev->hci_ver = rp->hci_ver;
e4e8e37c 667 hdev->hci_rev = __le16_to_cpu(rp->hci_rev);
d5859e22 668 hdev->lmp_ver = rp->lmp_ver;
e4e8e37c 669 hdev->manufacturer = __le16_to_cpu(rp->manufacturer);
d5859e22 670 hdev->lmp_subver = __le16_to_cpu(rp->lmp_subver);
1143e5a6 671
9f1db00c 672 BT_DBG("%s manufacturer 0x%4.4x hci ver %d:%d", hdev->name,
807deac2 673 hdev->manufacturer, hdev->hci_ver, hdev->hci_rev);
d5859e22
JH		 674
675 if (test_bit(HCI_INIT, &hdev->flags))
676 hci_setup(hdev);
28b8df77
AE		 677
678done:
679 hci_req_complete(hdev, HCI_OP_READ_LOCAL_VERSION, rp->status);
d5859e22
JH		 680}
681
682static void hci_setup_link_policy(struct hci_dev *hdev)
683{
035100c8 684 struct hci_cp_write_def_link_policy cp;
d5859e22
JH		 685 u16 link_policy = 0;
686
9f92ebf6 687 if (lmp_rswitch_capable(hdev))
d5859e22 688 link_policy |= HCI_LP_RSWITCH;
976eb20e 689 if (lmp_hold_capable(hdev))
d5859e22 690 link_policy |= HCI_LP_HOLD;
6eded100 691 if (lmp_sniff_capable(hdev))
d5859e22 692 link_policy |= HCI_LP_SNIFF;
976eb20e 693 if (lmp_park_capable(hdev))
d5859e22
JH		 694 link_policy |= HCI_LP_PARK;
695
035100c8
AE		 696 cp.policy = cpu_to_le16(link_policy);
697 hci_send_cmd(hdev, HCI_OP_WRITE_DEF_LINK_POLICY, sizeof(cp), &cp);
a9de9248 698}
1da177e4 699
8fc9ced3
GP		 700static void hci_cc_read_local_commands(struct hci_dev *hdev,
701 struct sk_buff *skb)
a9de9248
MH		 702{
703 struct hci_rp_read_local_commands *rp = (void *) skb->data;
1da177e4 704
9f1db00c 705 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1da177e4 706
a9de9248 707 if (rp->status)
d5859e22 708 goto done;
1da177e4 709
a9de9248 710 memcpy(hdev->commands, rp->commands, sizeof(hdev->commands));
d5859e22
JH		 711
712 if (test_bit(HCI_INIT, &hdev->flags) && (hdev->commands[5] & 0x10))
713 hci_setup_link_policy(hdev);
714
715done:
716 hci_req_complete(hdev, HCI_OP_READ_LOCAL_COMMANDS, rp->status);
a9de9248 717}
1da177e4 718
8fc9ced3
GP		 719static void hci_cc_read_local_features(struct hci_dev *hdev,
720 struct sk_buff *skb)
a9de9248
MH		 721{
722 struct hci_rp_read_local_features *rp = (void *) skb->data;
5b7f9909 723
9f1db00c 724 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1da177e4 725
a9de9248
MH		 726 if (rp->status)
727 return;
5b7f9909 728
a9de9248 729 memcpy(hdev->features, rp->features, 8);
5b7f9909 730
a9de9248
MH		 731 /* Adjust default settings according to features
732 * supported by device. */
1da177e4 733
a9de9248
MH		 734 if (hdev->features[0] & LMP_3SLOT)
735 hdev->pkt_type |= (HCI_DM3 | HCI_DH3);
1da177e4 736
a9de9248
MH		 737 if (hdev->features[0] & LMP_5SLOT)
738 hdev->pkt_type |= (HCI_DM5 | HCI_DH5);
1da177e4 739
a9de9248
MH		 740 if (hdev->features[1] & LMP_HV2) {
741 hdev->pkt_type |= (HCI_HV2);
742 hdev->esco_type |= (ESCO_HV2);
743 }
1da177e4 744
a9de9248
MH		 745 if (hdev->features[1] & LMP_HV3) {
746 hdev->pkt_type |= (HCI_HV3);
747 hdev->esco_type |= (ESCO_HV3);
748 }
1da177e4 749
45db810f 750 if (lmp_esco_capable(hdev))
a9de9248 751 hdev->esco_type |= (ESCO_EV3);
da1f5198 752
a9de9248
MH		 753 if (hdev->features[4] & LMP_EV4)
754 hdev->esco_type |= (ESCO_EV4);
da1f5198 755
a9de9248
MH		 756 if (hdev->features[4] & LMP_EV5)
757 hdev->esco_type |= (ESCO_EV5);
1da177e4 758
efc7688b
MH		 759 if (hdev->features[5] & LMP_EDR_ESCO_2M)
760 hdev->esco_type |= (ESCO_2EV3);
761
762 if (hdev->features[5] & LMP_EDR_ESCO_3M)
763 hdev->esco_type |= (ESCO_3EV3);
764
765 if (hdev->features[5] & LMP_EDR_3S_ESCO)
766 hdev->esco_type |= (ESCO_2EV5 | ESCO_3EV5);
767
a9de9248 768 BT_DBG("%s features 0x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x", hdev->name,
807deac2
GP		 769 hdev->features[0], hdev->features[1],
770 hdev->features[2], hdev->features[3],
771 hdev->features[4], hdev->features[5],
772 hdev->features[6], hdev->features[7]);
a9de9248 773}
1da177e4 774
8f984dfa
JH		 775static void hci_set_le_support(struct hci_dev *hdev)
776{
777 struct hci_cp_write_le_host_supported cp;
778
779 memset(&cp, 0, sizeof(cp));
780
9d42820f 781 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
8f984dfa 782 cp.le = 1;
976eb20e 783 cp.simul = !!lmp_le_br_capable(hdev);
8f984dfa
JH		 784 }
785
976eb20e 786 if (cp.le != !!lmp_host_le_capable(hdev))
04124681
GP		 787 hci_send_cmd(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(cp),
788 &cp);
8f984dfa
JH		 789}
790
971e3a4b 791static void hci_cc_read_local_ext_features(struct hci_dev *hdev,
807deac2 792 struct sk_buff *skb)
971e3a4b
AG		 793{
794 struct hci_rp_read_local_ext_features *rp = (void *) skb->data;
795
9f1db00c 796 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
971e3a4b
AG		 797
798 if (rp->status)
8f984dfa 799 goto done;
971e3a4b 800
b5b32b65
AG		 801 switch (rp->page) {
802 case 0:
803 memcpy(hdev->features, rp->features, 8);
804 break;
805 case 1:
806 memcpy(hdev->host_features, rp->features, 8);
807 break;
808 }
971e3a4b 809
c383ddc4 810 if (test_bit(HCI_INIT, &hdev->flags) && lmp_le_capable(hdev))
8f984dfa
JH		 811 hci_set_le_support(hdev);
812
813done:
971e3a4b
AG		 814 hci_req_complete(hdev, HCI_OP_READ_LOCAL_EXT_FEATURES, rp->status);
815}
816
1e89cffb 817static void hci_cc_read_flow_control_mode(struct hci_dev *hdev,
807deac2 818 struct sk_buff *skb)
1e89cffb
AE		 819{
820 struct hci_rp_read_flow_control_mode *rp = (void *) skb->data;
821
9f1db00c 822 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1e89cffb
AE		 823
824 if (rp->status)
825 return;
826
827 hdev->flow_ctl_mode = rp->mode;
828
829 hci_req_complete(hdev, HCI_OP_READ_FLOW_CONTROL_MODE, rp->status);
830}
831
a9de9248
MH		 832static void hci_cc_read_buffer_size(struct hci_dev *hdev, struct sk_buff *skb)
833{
834 struct hci_rp_read_buffer_size *rp = (void *) skb->data;
1da177e4 835
9f1db00c 836 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1da177e4 837
a9de9248
MH		 838 if (rp->status)
839 return;
1da177e4 840
a9de9248
MH		 841 hdev->acl_mtu = __le16_to_cpu(rp->acl_mtu);
842 hdev->sco_mtu = rp->sco_mtu;
843 hdev->acl_pkts = __le16_to_cpu(rp->acl_max_pkt);
844 hdev->sco_pkts = __le16_to_cpu(rp->sco_max_pkt);
845
846 if (test_bit(HCI_QUIRK_FIXUP_BUFFER_SIZE, &hdev->quirks)) {
847 hdev->sco_mtu = 64;
848 hdev->sco_pkts = 8;
1da177e4 849 }
a9de9248
MH		 850
851 hdev->acl_cnt = hdev->acl_pkts;
852 hdev->sco_cnt = hdev->sco_pkts;
853
807deac2
GP		 854 BT_DBG("%s acl mtu %d:%d sco mtu %d:%d", hdev->name, hdev->acl_mtu,
855 hdev->acl_pkts, hdev->sco_mtu, hdev->sco_pkts);
a9de9248
MH		 856}
857
858static void hci_cc_read_bd_addr(struct hci_dev *hdev, struct sk_buff *skb)
859{
860 struct hci_rp_read_bd_addr *rp = (void *) skb->data;
861
9f1db00c 862 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
a9de9248
MH		 863
864 if (!rp->status)
865 bacpy(&hdev->bdaddr, &rp->bdaddr);
866
23bb5763
JH		 867 hci_req_complete(hdev, HCI_OP_READ_BD_ADDR, rp->status);
868}
869
350ee4cf 870static void hci_cc_read_data_block_size(struct hci_dev *hdev,
807deac2 871 struct sk_buff *skb)
350ee4cf
AE		 872{
873 struct hci_rp_read_data_block_size *rp = (void *) skb->data;
874
9f1db00c 875 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
350ee4cf
AE		 876
877 if (rp->status)
878 return;
879
880 hdev->block_mtu = __le16_to_cpu(rp->max_acl_len);
881 hdev->block_len = __le16_to_cpu(rp->block_len);
882 hdev->num_blocks = __le16_to_cpu(rp->num_blocks);
883
884 hdev->block_cnt = hdev->num_blocks;
885
886 BT_DBG("%s blk mtu %d cnt %d len %d", hdev->name, hdev->block_mtu,
807deac2 887 hdev->block_cnt, hdev->block_len);
350ee4cf
AE		 888
889 hci_req_complete(hdev, HCI_OP_READ_DATA_BLOCK_SIZE, rp->status);
890}
891
23bb5763
JH		 892static void hci_cc_write_ca_timeout(struct hci_dev *hdev, struct sk_buff *skb)
893{
894 __u8 status = *((__u8 *) skb->data);
895
9f1db00c 896 BT_DBG("%s status 0x%2.2x", hdev->name, status);
23bb5763
JH		 897
898 hci_req_complete(hdev, HCI_OP_WRITE_CA_TIMEOUT, status);
a9de9248
MH		 899}
900
928abaa7 901static void hci_cc_read_local_amp_info(struct hci_dev *hdev,
807deac2 902 struct sk_buff *skb)
928abaa7
AE		 903{
904 struct hci_rp_read_local_amp_info *rp = (void *) skb->data;
905
9f1db00c 906 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
928abaa7
AE		 907
908 if (rp->status)
8e2a0d92 909 goto a2mp_rsp;
928abaa7
AE		 910
911 hdev->amp_status = rp->amp_status;
912 hdev->amp_total_bw = __le32_to_cpu(rp->total_bw);
913 hdev->amp_max_bw = __le32_to_cpu(rp->max_bw);
914 hdev->amp_min_latency = __le32_to_cpu(rp->min_latency);
915 hdev->amp_max_pdu = __le32_to_cpu(rp->max_pdu);
916 hdev->amp_type = rp->amp_type;
917 hdev->amp_pal_cap = __le16_to_cpu(rp->pal_cap);
918 hdev->amp_assoc_size = __le16_to_cpu(rp->max_assoc_size);
919 hdev->amp_be_flush_to = __le32_to_cpu(rp->be_flush_to);
920 hdev->amp_max_flush_to = __le32_to_cpu(rp->max_flush_to);
921
922 hci_req_complete(hdev, HCI_OP_READ_LOCAL_AMP_INFO, rp->status);
8e2a0d92
AE		 923
924a2mp_rsp:
925 a2mp_send_getinfo_rsp(hdev);
928abaa7
AE		 926}
927
903e4541
AE		 928static void hci_cc_read_local_amp_assoc(struct hci_dev *hdev,
929 struct sk_buff *skb)
930{
931 struct hci_rp_read_local_amp_assoc *rp = (void *) skb->data;
932 struct amp_assoc *assoc = &hdev->loc_assoc;
933 size_t rem_len, frag_len;
934
935 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
936
937 if (rp->status)
938 goto a2mp_rsp;
939
940 frag_len = skb->len - sizeof(*rp);
941 rem_len = __le16_to_cpu(rp->rem_len);
942
943 if (rem_len > frag_len) {
2e430be3 944 BT_DBG("frag_len %zu rem_len %zu", frag_len, rem_len);
903e4541
AE		 945
946 memcpy(assoc->data + assoc->offset, rp->frag, frag_len);
947 assoc->offset += frag_len;
948
949 /* Read other fragments */
950 amp_read_loc_assoc_frag(hdev, rp->phy_handle);
951
952 return;
953 }
954
955 memcpy(assoc->data + assoc->offset, rp->frag, rem_len);
956 assoc->len = assoc->offset + rem_len;
957 assoc->offset = 0;
958
959a2mp_rsp:
960 /* Send A2MP Rsp when all fragments are received */
961 a2mp_send_getampassoc_rsp(hdev, rp->status);
9495b2ee 962 a2mp_send_create_phy_link_req(hdev, rp->status);
903e4541
AE		 963}
964
b0916ea0 965static void hci_cc_delete_stored_link_key(struct hci_dev *hdev,
807deac2 966 struct sk_buff *skb)
b0916ea0
JH		 967{
968 __u8 status = *((__u8 *) skb->data);
969
9f1db00c 970 BT_DBG("%s status 0x%2.2x", hdev->name, status);
b0916ea0
JH		 971
972 hci_req_complete(hdev, HCI_OP_DELETE_STORED_LINK_KEY, status);
973}
974
d5859e22
JH		 975static void hci_cc_set_event_mask(struct hci_dev *hdev, struct sk_buff *skb)
976{
977 __u8 status = *((__u8 *) skb->data);
978
9f1db00c 979 BT_DBG("%s status 0x%2.2x", hdev->name, status);
d5859e22
JH		 980
981 hci_req_complete(hdev, HCI_OP_SET_EVENT_MASK, status);
982}
983
984static void hci_cc_write_inquiry_mode(struct hci_dev *hdev,
807deac2 985 struct sk_buff *skb)
d5859e22
JH		 986{
987 __u8 status = *((__u8 *) skb->data);
988
9f1db00c 989 BT_DBG("%s status 0x%2.2x", hdev->name, status);
d5859e22
JH		 990
991 hci_req_complete(hdev, HCI_OP_WRITE_INQUIRY_MODE, status);
992}
993
994static void hci_cc_read_inq_rsp_tx_power(struct hci_dev *hdev,
807deac2 995 struct sk_buff *skb)
d5859e22 996{
91c4e9b1 997 struct hci_rp_read_inq_rsp_tx_power *rp = (void *) skb->data;
d5859e22 998
9f1db00c 999 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
91c4e9b1
MH		 1000
1001 if (!rp->status)
1002 hdev->inq_tx_power = rp->tx_power;
d5859e22 1003
91c4e9b1 1004 hci_req_complete(hdev, HCI_OP_READ_INQ_RSP_TX_POWER, rp->status);
d5859e22
JH		 1005}
1006
1007static void hci_cc_set_event_flt(struct hci_dev *hdev, struct sk_buff *skb)
1008{
1009 __u8 status = *((__u8 *) skb->data);
1010
9f1db00c 1011 BT_DBG("%s status 0x%2.2x", hdev->name, status);
d5859e22
JH		 1012
1013 hci_req_complete(hdev, HCI_OP_SET_EVENT_FLT, status);
1014}
1015
980e1a53
JH		 1016static void hci_cc_pin_code_reply(struct hci_dev *hdev, struct sk_buff *skb)
1017{
1018 struct hci_rp_pin_code_reply *rp = (void *) skb->data;
1019 struct hci_cp_pin_code_reply *cp;
1020 struct hci_conn *conn;
1021
9f1db00c 1022 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
980e1a53 1023
56e5cb86
JH		 1024 hci_dev_lock(hdev);
1025
a8b2d5c2 1026 if (test_bit(HCI_MGMT, &hdev->dev_flags))
744cf19e 1027 mgmt_pin_code_reply_complete(hdev, &rp->bdaddr, rp->status);
980e1a53 1028
fa1bd918 1029 if (rp->status)
56e5cb86 1030 goto unlock;
980e1a53
JH		 1031
1032 cp = hci_sent_cmd_data(hdev, HCI_OP_PIN_CODE_REPLY);
1033 if (!cp)
56e5cb86 1034 goto unlock;
980e1a53
JH		 1035
1036 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1037 if (conn)
1038 conn->pin_length = cp->pin_len;
56e5cb86
JH		 1039
1040unlock:
1041 hci_dev_unlock(hdev);
980e1a53
JH		 1042}
1043
1044static void hci_cc_pin_code_neg_reply(struct hci_dev *hdev, struct sk_buff *skb)
1045{
1046 struct hci_rp_pin_code_neg_reply *rp = (void *) skb->data;
1047
9f1db00c 1048 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
980e1a53 1049
56e5cb86
JH		 1050 hci_dev_lock(hdev);
1051
a8b2d5c2 1052 if (test_bit(HCI_MGMT, &hdev->dev_flags))
744cf19e 1053 mgmt_pin_code_neg_reply_complete(hdev, &rp->bdaddr,
807deac2 1054 rp->status);
56e5cb86
JH		 1055
1056 hci_dev_unlock(hdev);
980e1a53 1057}
56e5cb86 1058
6ed58ec5
VT		 1059static void hci_cc_le_read_buffer_size(struct hci_dev *hdev,
1060 struct sk_buff *skb)
1061{
1062 struct hci_rp_le_read_buffer_size *rp = (void *) skb->data;
1063
9f1db00c 1064 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
6ed58ec5
VT		 1065
1066 if (rp->status)
1067 return;
1068
1069 hdev->le_mtu = __le16_to_cpu(rp->le_mtu);
1070 hdev->le_pkts = rp->le_max_pkt;
1071
1072 hdev->le_cnt = hdev->le_pkts;
1073
1074 BT_DBG("%s le mtu %d:%d", hdev->name, hdev->le_mtu, hdev->le_pkts);
1075
1076 hci_req_complete(hdev, HCI_OP_LE_READ_BUFFER_SIZE, rp->status);
1077}
980e1a53 1078
8fa19098
JH		 1079static void hci_cc_le_read_adv_tx_power(struct hci_dev *hdev,
1080 struct sk_buff *skb)
1081{
1082 struct hci_rp_le_read_adv_tx_power *rp = (void *) skb->data;
1083
1084 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1085
1086 if (!rp->status)
1087 hdev->adv_tx_power = rp->tx_power;
1088
1089 hci_req_complete(hdev, HCI_OP_LE_READ_ADV_TX_POWER, rp->status);
1090}
1091
e36b04c8
JH		 1092static void hci_cc_le_set_event_mask(struct hci_dev *hdev, struct sk_buff *skb)
1093{
1094 __u8 status = *((__u8 *) skb->data);
1095
1096 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1097
1098 hci_req_complete(hdev, HCI_OP_LE_SET_EVENT_MASK, status);
1099}
1100
a5c29683
JH		 1101static void hci_cc_user_confirm_reply(struct hci_dev *hdev, struct sk_buff *skb)
1102{
1103 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
1104
9f1db00c 1105 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
a5c29683 1106
56e5cb86
JH		 1107 hci_dev_lock(hdev);
1108
a8b2d5c2 1109 if (test_bit(HCI_MGMT, &hdev->dev_flags))
04124681
GP		 1110 mgmt_user_confirm_reply_complete(hdev, &rp->bdaddr, ACL_LINK, 0,
1111 rp->status);
56e5cb86
JH		 1112
1113 hci_dev_unlock(hdev);
a5c29683
JH		 1114}
1115
1116static void hci_cc_user_confirm_neg_reply(struct hci_dev *hdev,
807deac2 1117 struct sk_buff *skb)
a5c29683
JH		 1118{
1119 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
1120
9f1db00c 1121 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
a5c29683 1122
56e5cb86
JH		 1123 hci_dev_lock(hdev);
1124
a8b2d5c2 1125 if (test_bit(HCI_MGMT, &hdev->dev_flags))
744cf19e 1126 mgmt_user_confirm_neg_reply_complete(hdev, &rp->bdaddr,
04124681 1127 ACL_LINK, 0, rp->status);
56e5cb86
JH		 1128
1129 hci_dev_unlock(hdev);
a5c29683
JH		 1130}
1131
1143d458
BG		 1132static void hci_cc_user_passkey_reply(struct hci_dev *hdev, struct sk_buff *skb)
1133{
1134 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
1135
9f1db00c 1136 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1143d458
BG		 1137
1138 hci_dev_lock(hdev);
1139
a8b2d5c2 1140 if (test_bit(HCI_MGMT, &hdev->dev_flags))
272d90df 1141 mgmt_user_passkey_reply_complete(hdev, &rp->bdaddr, ACL_LINK,
04124681 1142 0, rp->status);
1143d458
BG		 1143
1144 hci_dev_unlock(hdev);
1145}
1146
1147static void hci_cc_user_passkey_neg_reply(struct hci_dev *hdev,
807deac2 1148 struct sk_buff *skb)
1143d458
BG		 1149{
1150 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
1151
9f1db00c 1152 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1143d458
BG		 1153
1154 hci_dev_lock(hdev);
1155
a8b2d5c2 1156 if (test_bit(HCI_MGMT, &hdev->dev_flags))
1143d458 1157 mgmt_user_passkey_neg_reply_complete(hdev, &rp->bdaddr,
04124681 1158 ACL_LINK, 0, rp->status);
1143d458
BG		 1159
1160 hci_dev_unlock(hdev);
1161}
1162
c35938b2 1163static void hci_cc_read_local_oob_data_reply(struct hci_dev *hdev,
807deac2 1164 struct sk_buff *skb)
c35938b2
SJ		 1165{
1166 struct hci_rp_read_local_oob_data *rp = (void *) skb->data;
1167
9f1db00c 1168 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
c35938b2 1169
56e5cb86 1170 hci_dev_lock(hdev);
744cf19e 1171 mgmt_read_local_oob_data_reply_complete(hdev, rp->hash,
c35938b2 1172 rp->randomizer, rp->status);
56e5cb86 1173 hci_dev_unlock(hdev);
c35938b2
SJ		 1174}
1175
07f7fa5d
AG		 1176static void hci_cc_le_set_scan_param(struct hci_dev *hdev, struct sk_buff *skb)
1177{
1178 __u8 status = *((__u8 *) skb->data);
1179
9f1db00c 1180 BT_DBG("%s status 0x%2.2x", hdev->name, status);
7ba8b4be
AG		 1181
1182 hci_req_complete(hdev, HCI_OP_LE_SET_SCAN_PARAM, status);
3fd24153
AG		 1183
1184 if (status) {
1185 hci_dev_lock(hdev);
1186 mgmt_start_discovery_failed(hdev, status);
1187 hci_dev_unlock(hdev);
1188 return;
1189 }
07f7fa5d
AG		 1190}
1191
eb9d91f5 1192static void hci_cc_le_set_scan_enable(struct hci_dev *hdev,
807deac2 1193 struct sk_buff *skb)
eb9d91f5
AG		 1194{
1195 struct hci_cp_le_set_scan_enable *cp;
1196 __u8 status = *((__u8 *) skb->data);
1197
9f1db00c 1198 BT_DBG("%s status 0x%2.2x", hdev->name, status);
eb9d91f5 1199
eb9d91f5
AG		 1200 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_SCAN_ENABLE);
1201 if (!cp)
1202 return;
1203
68a8aea4
AE		 1204 switch (cp->enable) {
1205 case LE_SCANNING_ENABLED:
7ba8b4be
AG		 1206 hci_req_complete(hdev, HCI_OP_LE_SET_SCAN_ENABLE, status);
1207
3fd24153
AG		 1208 if (status) {
1209 hci_dev_lock(hdev);
1210 mgmt_start_discovery_failed(hdev, status);
1211 hci_dev_unlock(hdev);
7ba8b4be 1212 return;
3fd24153 1213 }
7ba8b4be 1214
d23264a8
AG		 1215 set_bit(HCI_LE_SCAN, &hdev->dev_flags);
1216
a8f13c8c 1217 hci_dev_lock(hdev);
343f935b 1218 hci_discovery_set_state(hdev, DISCOVERY_FINDING);
a8f13c8c 1219 hci_dev_unlock(hdev);
68a8aea4
AE		 1220 break;
1221
1222 case LE_SCANNING_DISABLED:
c9ecc48e
AG		 1223 if (status) {
1224 hci_dev_lock(hdev);
1225 mgmt_stop_discovery_failed(hdev, status);
1226 hci_dev_unlock(hdev);
7ba8b4be 1227 return;
c9ecc48e 1228 }
7ba8b4be 1229
d23264a8
AG		 1230 clear_bit(HCI_LE_SCAN, &hdev->dev_flags);
1231
bc3dd33c
AG		 1232 if (hdev->discovery.type == DISCOV_TYPE_INTERLEAVED &&
1233 hdev->discovery.state == DISCOVERY_FINDING) {
5e0452c0
AG		 1234 mgmt_interleaved_discovery(hdev);
1235 } else {
1236 hci_dev_lock(hdev);
1237 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1238 hci_dev_unlock(hdev);
1239 }
1240
68a8aea4
AE		 1241 break;
1242
1243 default:
1244 BT_ERR("Used reserved LE_Scan_Enable param %d", cp->enable);
1245 break;
35815085 1246 }
eb9d91f5
AG		 1247}
1248
a7a595f6
VCG		 1249static void hci_cc_le_ltk_reply(struct hci_dev *hdev, struct sk_buff *skb)
1250{
1251 struct hci_rp_le_ltk_reply *rp = (void *) skb->data;
1252
9f1db00c 1253 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
a7a595f6
VCG		 1254
1255 if (rp->status)
1256 return;
1257
1258 hci_req_complete(hdev, HCI_OP_LE_LTK_REPLY, rp->status);
1259}
1260
1261static void hci_cc_le_ltk_neg_reply(struct hci_dev *hdev, struct sk_buff *skb)
1262{
1263 struct hci_rp_le_ltk_neg_reply *rp = (void *) skb->data;
1264
9f1db00c 1265 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
a7a595f6
VCG		 1266
1267 if (rp->status)
1268 return;
1269
1270 hci_req_complete(hdev, HCI_OP_LE_LTK_NEG_REPLY, rp->status);
1271}
1272
6039aa73
GP		 1273static void hci_cc_write_le_host_supported(struct hci_dev *hdev,
1274 struct sk_buff *skb)
f9b49306 1275{
06199cf8 1276 struct hci_cp_write_le_host_supported *sent;
f9b49306
AG		 1277 __u8 status = *((__u8 *) skb->data);
1278
9f1db00c 1279 BT_DBG("%s status 0x%2.2x", hdev->name, status);
f9b49306 1280
06199cf8 1281 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED);
8f984dfa 1282 if (!sent)
f9b49306
AG		 1283 return;
1284
8f984dfa
JH		 1285 if (!status) {
1286 if (sent->le)
1287 hdev->host_features[0] |= LMP_HOST_LE;
1288 else
1289 hdev->host_features[0] &= ~LMP_HOST_LE;
53b2caab
JH		 1290
1291 if (sent->simul)
1292 hdev->host_features[0] |= LMP_HOST_LE_BREDR;
1293 else
1294 hdev->host_features[0] &= ~LMP_HOST_LE_BREDR;
8f984dfa
JH		 1295 }
1296
1297 if (test_bit(HCI_MGMT, &hdev->dev_flags) &&
807deac2 1298 !test_bit(HCI_INIT, &hdev->flags))
8f984dfa
JH		 1299 mgmt_le_enable_complete(hdev, sent->le, status);
1300
1301 hci_req_complete(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED, status);
f9b49306
AG		 1302}
1303
93c284ee
AE		 1304static void hci_cc_write_remote_amp_assoc(struct hci_dev *hdev,
1305 struct sk_buff *skb)
1306{
1307 struct hci_rp_write_remote_amp_assoc *rp = (void *) skb->data;
1308
1309 BT_DBG("%s status 0x%2.2x phy_handle 0x%2.2x",
1310 hdev->name, rp->status, rp->phy_handle);
1311
1312 if (rp->status)
1313 return;
1314
1315 amp_write_rem_assoc_continue(hdev, rp->phy_handle);
1316}
1317
6039aa73 1318static void hci_cs_inquiry(struct hci_dev *hdev, __u8 status)
a9de9248 1319{
9f1db00c 1320 BT_DBG("%s status 0x%2.2x", hdev->name, status);
a9de9248
MH		 1321
1322 if (status) {
23bb5763 1323 hci_req_complete(hdev, HCI_OP_INQUIRY, status);
a9de9248 1324 hci_conn_check_pending(hdev);
56e5cb86 1325 hci_dev_lock(hdev);
a8b2d5c2 1326 if (test_bit(HCI_MGMT, &hdev->dev_flags))
7a135109 1327 mgmt_start_discovery_failed(hdev, status);
56e5cb86 1328 hci_dev_unlock(hdev);
314b2381
JH		 1329 return;
1330 }
1331
89352e7d
AG		 1332 set_bit(HCI_INQUIRY, &hdev->flags);
1333
56e5cb86 1334 hci_dev_lock(hdev);
343f935b 1335 hci_discovery_set_state(hdev, DISCOVERY_FINDING);
56e5cb86 1336 hci_dev_unlock(hdev);
1da177e4
LT		 1337}
1338
6039aa73 1339static void hci_cs_create_conn(struct hci_dev *hdev, __u8 status)
1da177e4 1340{
a9de9248 1341 struct hci_cp_create_conn *cp;
1da177e4 1342 struct hci_conn *conn;
1da177e4 1343
9f1db00c 1344 BT_DBG("%s status 0x%2.2x", hdev->name, status);
a9de9248
MH		 1345
1346 cp = hci_sent_cmd_data(hdev, HCI_OP_CREATE_CONN);
1da177e4
LT		 1347 if (!cp)
1348 return;
1349
1350 hci_dev_lock(hdev);
1351
1352 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1353
6ed93dc6 1354 BT_DBG("%s bdaddr %pMR hcon %p", hdev->name, &cp->bdaddr, conn);
1da177e4
LT		 1355
1356 if (status) {
1357 if (conn && conn->state == BT_CONNECT) {
4c67bc74
MH		 1358 if (status != 0x0c || conn->attempt > 2) {
1359 conn->state = BT_CLOSED;
1360 hci_proto_connect_cfm(conn, status);
1361 hci_conn_del(conn);
1362 } else
1363 conn->state = BT_CONNECT2;
1da177e4
LT		 1364 }
1365 } else {
1366 if (!conn) {
1367 conn = hci_conn_add(hdev, ACL_LINK, &cp->bdaddr);
1368 if (conn) {
a0c808b3 1369 conn->out = true;
1da177e4
LT		 1370 conn->link_mode |= HCI_LM_MASTER;
1371 } else
893ef971 1372 BT_ERR("No memory for new connection");
1da177e4
LT		 1373 }
1374 }
1375
1376 hci_dev_unlock(hdev);
1377}
1378
a9de9248 1379static void hci_cs_add_sco(struct hci_dev *hdev, __u8 status)
1da177e4 1380{
a9de9248
MH		 1381 struct hci_cp_add_sco *cp;
1382 struct hci_conn *acl, *sco;
1383 __u16 handle;
1da177e4 1384
9f1db00c 1385 BT_DBG("%s status 0x%2.2x", hdev->name, status);
b6a0dc82 1386
a9de9248
MH		 1387 if (!status)
1388 return;
1da177e4 1389
a9de9248
MH		 1390 cp = hci_sent_cmd_data(hdev, HCI_OP_ADD_SCO);
1391 if (!cp)
1392 return;
1da177e4 1393
a9de9248 1394 handle = __le16_to_cpu(cp->handle);
1da177e4 1395
9f1db00c 1396 BT_DBG("%s handle 0x%4.4x", hdev->name, handle);
1da177e4 1397
a9de9248 1398 hci_dev_lock(hdev);
1da177e4 1399
a9de9248 1400 acl = hci_conn_hash_lookup_handle(hdev, handle);
5a08ecce
AE		 1401 if (acl) {
1402 sco = acl->link;
1403 if (sco) {
1404 sco->state = BT_CLOSED;
1da177e4 1405
5a08ecce
AE		 1406 hci_proto_connect_cfm(sco, status);
1407 hci_conn_del(sco);
1408 }
a9de9248 1409 }
1da177e4 1410
a9de9248
MH		 1411 hci_dev_unlock(hdev);
1412}
1da177e4 1413
f8558555
MH		 1414static void hci_cs_auth_requested(struct hci_dev *hdev, __u8 status)
1415{
1416 struct hci_cp_auth_requested *cp;
1417 struct hci_conn *conn;
1418
9f1db00c 1419 BT_DBG("%s status 0x%2.2x", hdev->name, status);
f8558555
MH		 1420
1421 if (!status)
1422 return;
1423
1424 cp = hci_sent_cmd_data(hdev, HCI_OP_AUTH_REQUESTED);
1425 if (!cp)
1426 return;
1427
1428 hci_dev_lock(hdev);
1429
1430 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1431 if (conn) {
1432 if (conn->state == BT_CONFIG) {
1433 hci_proto_connect_cfm(conn, status);
1434 hci_conn_put(conn);
1435 }
1436 }
1437
1438 hci_dev_unlock(hdev);
1439}
1440
1441static void hci_cs_set_conn_encrypt(struct hci_dev *hdev, __u8 status)
1442{
1443 struct hci_cp_set_conn_encrypt *cp;
1444 struct hci_conn *conn;
1445
9f1db00c 1446 BT_DBG("%s status 0x%2.2x", hdev->name, status);
f8558555
MH		 1447
1448 if (!status)
1449 return;
1450
1451 cp = hci_sent_cmd_data(hdev, HCI_OP_SET_CONN_ENCRYPT);
1452 if (!cp)
1453 return;
1454
1455 hci_dev_lock(hdev);
1456
1457 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1458 if (conn) {
1459 if (conn->state == BT_CONFIG) {
1460 hci_proto_connect_cfm(conn, status);
1461 hci_conn_put(conn);
1462 }
1463 }
1464
1465 hci_dev_unlock(hdev);
1466}
1467
127178d2 1468static int hci_outgoing_auth_needed(struct hci_dev *hdev,
807deac2 1469 struct hci_conn *conn)
392599b9 1470{
392599b9
JH		 1471 if (conn->state != BT_CONFIG || !conn->out)
1472 return 0;
1473
765c2a96 1474 if (conn->pending_sec_level == BT_SECURITY_SDP)
392599b9
JH		 1475 return 0;
1476
1477 /* Only request authentication for SSP connections or non-SSP
e9bf2bf0 1478 * devices with sec_level HIGH or if MITM protection is requested */
807deac2
GP		 1479 if (!hci_conn_ssp_enabled(conn) && !(conn->auth_type & 0x01) &&
1480 conn->pending_sec_level != BT_SECURITY_HIGH)
392599b9
JH		 1481 return 0;
1482
392599b9
JH		 1483 return 1;
1484}
1485
6039aa73 1486static int hci_resolve_name(struct hci_dev *hdev,
04124681 1487 struct inquiry_entry *e)
30dc78e1
JH		 1488{
1489 struct hci_cp_remote_name_req cp;
1490
1491 memset(&cp, 0, sizeof(cp));
1492
1493 bacpy(&cp.bdaddr, &e->data.bdaddr);
1494 cp.pscan_rep_mode = e->data.pscan_rep_mode;
1495 cp.pscan_mode = e->data.pscan_mode;
1496 cp.clock_offset = e->data.clock_offset;
1497
1498 return hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
1499}
1500
b644ba33 1501static bool hci_resolve_next_name(struct hci_dev *hdev)
30dc78e1
JH		 1502{
1503 struct discovery_state *discov = &hdev->discovery;
1504 struct inquiry_entry *e;
1505
b644ba33
JH		 1506 if (list_empty(&discov->resolve))
1507 return false;
1508
1509 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_NEEDED);
c810089c
RM		 1510 if (!e)
1511 return false;
1512
b644ba33
JH		 1513 if (hci_resolve_name(hdev, e) == 0) {
1514 e->name_state = NAME_PENDING;
1515 return true;
1516 }
1517
1518 return false;
1519}
1520
1521static void hci_check_pending_name(struct hci_dev *hdev, struct hci_conn *conn,
04124681 1522 bdaddr_t *bdaddr, u8 *name, u8 name_len)
b644ba33
JH		 1523{
1524 struct discovery_state *discov = &hdev->discovery;
1525 struct inquiry_entry *e;
1526
1527 if (conn && !test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
04124681
GP		 1528 mgmt_device_connected(hdev, bdaddr, ACL_LINK, 0x00, 0, name,
1529 name_len, conn->dev_class);
b644ba33
JH		 1530
1531 if (discov->state == DISCOVERY_STOPPED)
1532 return;
1533
30dc78e1
JH		 1534 if (discov->state == DISCOVERY_STOPPING)
1535 goto discov_complete;
1536
1537 if (discov->state != DISCOVERY_RESOLVING)
1538 return;
1539
1540 e = hci_inquiry_cache_lookup_resolve(hdev, bdaddr, NAME_PENDING);
7cc8380e
RM		 1541 /* If the device was not found in a list of found devices names of which
1542 * are pending. there is no need to continue resolving a next name as it
1543 * will be done upon receiving another Remote Name Request Complete
1544 * Event */
1545 if (!e)
1546 return;
1547
1548 list_del(&e->list);
1549 if (name) {
30dc78e1 1550 e->name_state = NAME_KNOWN;
7cc8380e
RM		 1551 mgmt_remote_name(hdev, bdaddr, ACL_LINK, 0x00,
1552 e->data.rssi, name, name_len);
c3e7c0d9
RM		 1553 } else {
1554 e->name_state = NAME_NOT_KNOWN;
30dc78e1
JH		 1555 }
1556
b644ba33 1557 if (hci_resolve_next_name(hdev))
30dc78e1 1558 return;
30dc78e1
JH		 1559
1560discov_complete:
1561 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1562}
1563
a9de9248
MH		 1564static void hci_cs_remote_name_req(struct hci_dev *hdev, __u8 status)
1565{
127178d2
JH		 1566 struct hci_cp_remote_name_req *cp;
1567 struct hci_conn *conn;
1568
9f1db00c 1569 BT_DBG("%s status 0x%2.2x", hdev->name, status);
127178d2
JH		 1570
1571 /* If successful wait for the name req complete event before
1572 * checking for the need to do authentication */
1573 if (!status)
1574 return;
1575
1576 cp = hci_sent_cmd_data(hdev, HCI_OP_REMOTE_NAME_REQ);
1577 if (!cp)
1578 return;
1579
1580 hci_dev_lock(hdev);
1581
b644ba33
JH		 1582 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1583
a8b2d5c2 1584 if (test_bit(HCI_MGMT, &hdev->dev_flags))
b644ba33 1585 hci_check_pending_name(hdev, conn, &cp->bdaddr, NULL, 0);
30dc78e1 1586
79c6c70c
JH		 1587 if (!conn)
1588 goto unlock;
1589
1590 if (!hci_outgoing_auth_needed(hdev, conn))
1591 goto unlock;
1592
51a8efd7 1593 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
127178d2
JH		 1594 struct hci_cp_auth_requested cp;
1595 cp.handle = __cpu_to_le16(conn->handle);
1596 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp);
1597 }
1598
79c6c70c 1599unlock:
127178d2 1600 hci_dev_unlock(hdev);
a9de9248 1601}
1da177e4 1602
769be974
MH		 1603static void hci_cs_read_remote_features(struct hci_dev *hdev, __u8 status)
1604{
1605 struct hci_cp_read_remote_features *cp;
1606 struct hci_conn *conn;
1607
9f1db00c 1608 BT_DBG("%s status 0x%2.2x", hdev->name, status);
769be974
MH		 1609
1610 if (!status)
1611 return;
1612
1613 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_FEATURES);
1614 if (!cp)
1615 return;
1616
1617 hci_dev_lock(hdev);
1618
1619 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1620 if (conn) {
1621 if (conn->state == BT_CONFIG) {
769be974
MH		 1622 hci_proto_connect_cfm(conn, status);
1623 hci_conn_put(conn);
1624 }
1625 }
1626
1627 hci_dev_unlock(hdev);
1628}
1629
1630static void hci_cs_read_remote_ext_features(struct hci_dev *hdev, __u8 status)
1631{
1632 struct hci_cp_read_remote_ext_features *cp;
1633 struct hci_conn *conn;
1634
9f1db00c 1635 BT_DBG("%s status 0x%2.2x", hdev->name, status);
769be974
MH		 1636
1637 if (!status)
1638 return;
1639
1640 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES);
1641 if (!cp)
1642 return;
1643
1644 hci_dev_lock(hdev);
1645
1646 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1647 if (conn) {
1648 if (conn->state == BT_CONFIG) {
769be974
MH		 1649 hci_proto_connect_cfm(conn, status);
1650 hci_conn_put(conn);
1651 }
1652 }
1653
1654 hci_dev_unlock(hdev);
1655}
1656
a9de9248
MH		 1657static void hci_cs_setup_sync_conn(struct hci_dev *hdev, __u8 status)
1658{
b6a0dc82
MH		 1659 struct hci_cp_setup_sync_conn *cp;
1660 struct hci_conn *acl, *sco;
1661 __u16 handle;
1662
9f1db00c 1663 BT_DBG("%s status 0x%2.2x", hdev->name, status);
b6a0dc82
MH		 1664
1665 if (!status)
1666 return;
1667
1668 cp = hci_sent_cmd_data(hdev, HCI_OP_SETUP_SYNC_CONN);
1669 if (!cp)
1670 return;
1671
1672 handle = __le16_to_cpu(cp->handle);
1673
9f1db00c 1674 BT_DBG("%s handle 0x%4.4x", hdev->name, handle);
b6a0dc82
MH		 1675
1676 hci_dev_lock(hdev);
1677
1678 acl = hci_conn_hash_lookup_handle(hdev, handle);
5a08ecce
AE		 1679 if (acl) {
1680 sco = acl->link;
1681 if (sco) {
1682 sco->state = BT_CLOSED;
b6a0dc82 1683
5a08ecce
AE		 1684 hci_proto_connect_cfm(sco, status);
1685 hci_conn_del(sco);
1686 }
b6a0dc82
MH		 1687 }
1688
1689 hci_dev_unlock(hdev);
1da177e4
LT		 1690}
1691
a9de9248 1692static void hci_cs_sniff_mode(struct hci_dev *hdev, __u8 status)
1da177e4 1693{
a9de9248
MH		 1694 struct hci_cp_sniff_mode *cp;
1695 struct hci_conn *conn;
1da177e4 1696
9f1db00c 1697 BT_DBG("%s status 0x%2.2x", hdev->name, status);
04837f64 1698
a9de9248
MH		 1699 if (!status)
1700 return;
04837f64 1701
a9de9248
MH		 1702 cp = hci_sent_cmd_data(hdev, HCI_OP_SNIFF_MODE);
1703 if (!cp)
1704 return;
04837f64 1705
a9de9248 1706 hci_dev_lock(hdev);
04837f64 1707
a9de9248 1708 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
e73439d8 1709 if (conn) {
51a8efd7 1710 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags);
04837f64 1711
51a8efd7 1712 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
e73439d8
MH		 1713 hci_sco_setup(conn, status);
1714 }
1715
a9de9248
MH		 1716 hci_dev_unlock(hdev);
1717}
04837f64 1718
a9de9248
MH		 1719static void hci_cs_exit_sniff_mode(struct hci_dev *hdev, __u8 status)
1720{
1721 struct hci_cp_exit_sniff_mode *cp;
1722 struct hci_conn *conn;
04837f64 1723
9f1db00c 1724 BT_DBG("%s status 0x%2.2x", hdev->name, status);
04837f64 1725
a9de9248
MH		 1726 if (!status)
1727 return;
04837f64 1728
a9de9248
MH		 1729 cp = hci_sent_cmd_data(hdev, HCI_OP_EXIT_SNIFF_MODE);
1730 if (!cp)
1731 return;
04837f64 1732
a9de9248 1733 hci_dev_lock(hdev);
1da177e4 1734
a9de9248 1735 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
e73439d8 1736 if (conn) {
51a8efd7 1737 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags);
1da177e4 1738
51a8efd7 1739 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
e73439d8
MH		 1740 hci_sco_setup(conn, status);
1741 }
1742
a9de9248 1743 hci_dev_unlock(hdev);
1da177e4
LT		 1744}
1745
88c3df13
JH		 1746static void hci_cs_disconnect(struct hci_dev *hdev, u8 status)
1747{
1748 struct hci_cp_disconnect *cp;
1749 struct hci_conn *conn;
1750
1751 if (!status)
1752 return;
1753
1754 cp = hci_sent_cmd_data(hdev, HCI_OP_DISCONNECT);
1755 if (!cp)
1756 return;
1757
1758 hci_dev_lock(hdev);
1759
1760 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1761 if (conn)
1762 mgmt_disconnect_failed(hdev, &conn->dst, conn->type,
04124681 1763 conn->dst_type, status);
88c3df13
JH		 1764
1765 hci_dev_unlock(hdev);
1766}
1767
fcd89c09
VT		 1768static void hci_cs_le_create_conn(struct hci_dev *hdev, __u8 status)
1769{
fcd89c09
VT		 1770 struct hci_conn *conn;
1771
9f1db00c 1772 BT_DBG("%s status 0x%2.2x", hdev->name, status);
fcd89c09 1773
f00a06ac
AG		 1774 if (status) {
1775 hci_dev_lock(hdev);
fcd89c09 1776
0c95ab78 1777 conn = hci_conn_hash_lookup_state(hdev, LE_LINK, BT_CONNECT);
f00a06ac
AG		 1778 if (!conn) {
1779 hci_dev_unlock(hdev);
1780 return;
1781 }
fcd89c09 1782
6ed93dc6 1783 BT_DBG("%s bdaddr %pMR conn %p", hdev->name, &conn->dst, conn);
fcd89c09 1784
f00a06ac 1785 conn->state = BT_CLOSED;
0c95ab78 1786 mgmt_connect_failed(hdev, &conn->dst, conn->type,
f00a06ac
AG		 1787 conn->dst_type, status);
1788 hci_proto_connect_cfm(conn, status);
1789 hci_conn_del(conn);
fcd89c09 1790
f00a06ac
AG		 1791 hci_dev_unlock(hdev);
1792 }
fcd89c09
VT		 1793}
1794
a7a595f6
VCG		 1795static void hci_cs_le_start_enc(struct hci_dev *hdev, u8 status)
1796{
9f1db00c 1797 BT_DBG("%s status 0x%2.2x", hdev->name, status);
a7a595f6
VCG		 1798}
1799
a02226d6
AE		 1800static void hci_cs_create_phylink(struct hci_dev *hdev, u8 status)
1801{
93c284ee
AE		 1802 struct hci_cp_create_phy_link *cp;
1803
a02226d6 1804 BT_DBG("%s status 0x%2.2x", hdev->name, status);
93c284ee
AE		 1805
1806 if (status)
1807 return;
1808
1809 cp = hci_sent_cmd_data(hdev, HCI_OP_CREATE_PHY_LINK);
1810 if (!cp)
1811 return;
1812
1813 amp_write_remote_assoc(hdev, cp->phy_handle);
a02226d6
AE		 1814}
1815
0b26ab9d
AE		 1816static void hci_cs_accept_phylink(struct hci_dev *hdev, u8 status)
1817{
1818 struct hci_cp_accept_phy_link *cp;
1819
1820 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1821
1822 if (status)
1823 return;
1824
1825 cp = hci_sent_cmd_data(hdev, HCI_OP_ACCEPT_PHY_LINK);
1826 if (!cp)
1827 return;
1828
1829 amp_write_remote_assoc(hdev, cp->phy_handle);
1830}
1831
6039aa73 1832static void hci_inquiry_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4
LT		 1833{
1834 __u8 status = *((__u8 *) skb->data);
30dc78e1
JH		 1835 struct discovery_state *discov = &hdev->discovery;
1836 struct inquiry_entry *e;
1da177e4 1837
9f1db00c 1838 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1da177e4 1839
23bb5763 1840 hci_req_complete(hdev, HCI_OP_INQUIRY, status);
6bd57416 1841
a9de9248 1842 hci_conn_check_pending(hdev);
89352e7d
AG		 1843
1844 if (!test_and_clear_bit(HCI_INQUIRY, &hdev->flags))
1845 return;
1846
a8b2d5c2 1847 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
30dc78e1
JH		 1848 return;
1849
56e5cb86 1850 hci_dev_lock(hdev);
30dc78e1 1851
343f935b 1852 if (discov->state != DISCOVERY_FINDING)
30dc78e1
JH		 1853 goto unlock;
1854
1855 if (list_empty(&discov->resolve)) {
1856 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1857 goto unlock;
1858 }
1859
1860 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_NEEDED);
1861 if (e && hci_resolve_name(hdev, e) == 0) {
1862 e->name_state = NAME_PENDING;
1863 hci_discovery_set_state(hdev, DISCOVERY_RESOLVING);
1864 } else {
1865 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1866 }
1867
1868unlock:
56e5cb86 1869 hci_dev_unlock(hdev);
1da177e4
LT		 1870}
1871
6039aa73 1872static void hci_inquiry_result_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 1873{
45bb4bf0 1874 struct inquiry_data data;
a9de9248 1875 struct inquiry_info *info = (void *) (skb->data + 1);
1da177e4
LT		 1876 int num_rsp = *((__u8 *) skb->data);
1877
1878 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
1879
45bb4bf0
MH		 1880 if (!num_rsp)
1881 return;
1882
1519cc17
AG		 1883 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags))
1884 return;
1885
1da177e4 1886 hci_dev_lock(hdev);
45bb4bf0 1887
e17acd40 1888 for (; num_rsp; num_rsp--, info++) {
388fc8fa 1889 bool name_known, ssp;
3175405b 1890
1da177e4
LT		 1891 bacpy(&data.bdaddr, &info->bdaddr);
1892 data.pscan_rep_mode = info->pscan_rep_mode;
1893 data.pscan_period_mode = info->pscan_period_mode;
1894 data.pscan_mode = info->pscan_mode;
1895 memcpy(data.dev_class, info->dev_class, 3);
1896 data.clock_offset = info->clock_offset;
1897 data.rssi = 0x00;
41a96212 1898 data.ssp_mode = 0x00;
3175405b 1899
388fc8fa 1900 name_known = hci_inquiry_cache_update(hdev, &data, false, &ssp);
48264f06 1901 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
04124681
GP		 1902 info->dev_class, 0, !name_known, ssp, NULL,
1903 0);
1da177e4 1904 }
45bb4bf0 1905
1da177e4
LT		 1906 hci_dev_unlock(hdev);
1907}
1908
6039aa73 1909static void hci_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 1910{
a9de9248
MH		 1911 struct hci_ev_conn_complete *ev = (void *) skb->data;
1912 struct hci_conn *conn;
1da177e4
LT		 1913
1914 BT_DBG("%s", hdev->name);
1915
1916 hci_dev_lock(hdev);
1917
1918 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
9499237a
MH		 1919 if (!conn) {
1920 if (ev->link_type != SCO_LINK)
1921 goto unlock;
1922
1923 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
1924 if (!conn)
1925 goto unlock;
1926
1927 conn->type = SCO_LINK;
1928 }
1da177e4
LT		 1929
1930 if (!ev->status) {
1931 conn->handle = __le16_to_cpu(ev->handle);
769be974
MH		 1932
1933 if (conn->type == ACL_LINK) {
1934 conn->state = BT_CONFIG;
1935 hci_conn_hold(conn);
a9ea3ed9
SJ		 1936
1937 if (!conn->out && !hci_conn_ssp_enabled(conn) &&
1938 !hci_find_link_key(hdev, &ev->bdaddr))
1939 conn->disc_timeout = HCI_PAIRING_TIMEOUT;
1940 else
1941 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
769be974
MH		 1942 } else
1943 conn->state = BT_CONNECTED;
1da177e4 1944
9eba32b8 1945 hci_conn_hold_device(conn);
7d0db0a3
MH		 1946 hci_conn_add_sysfs(conn);
1947
1da177e4
LT		 1948 if (test_bit(HCI_AUTH, &hdev->flags))
1949 conn->link_mode |= HCI_LM_AUTH;
1950
1951 if (test_bit(HCI_ENCRYPT, &hdev->flags))
1952 conn->link_mode |= HCI_LM_ENCRYPT;
1953
04837f64
MH		 1954 /* Get remote features */
1955 if (conn->type == ACL_LINK) {
1956 struct hci_cp_read_remote_features cp;
1957 cp.handle = ev->handle;
769be974 1958 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_FEATURES,
04124681 1959 sizeof(cp), &cp);
04837f64
MH		 1960 }
1961
1da177e4 1962 /* Set packet type for incoming connection */
d095c1eb 1963 if (!conn->out && hdev->hci_ver < BLUETOOTH_VER_2_0) {
1da177e4
LT		 1964 struct hci_cp_change_conn_ptype cp;
1965 cp.handle = ev->handle;
a8746417 1966 cp.pkt_type = cpu_to_le16(conn->pkt_type);
04124681
GP		 1967 hci_send_cmd(hdev, HCI_OP_CHANGE_CONN_PTYPE, sizeof(cp),
1968 &cp);
1da177e4 1969 }
17d5c04c 1970 } else {
1da177e4 1971 conn->state = BT_CLOSED;
17d5c04c 1972 if (conn->type == ACL_LINK)
744cf19e 1973 mgmt_connect_failed(hdev, &ev->bdaddr, conn->type,
04124681 1974 conn->dst_type, ev->status);
17d5c04c 1975 }
1da177e4 1976
e73439d8
MH		 1977 if (conn->type == ACL_LINK)
1978 hci_sco_setup(conn, ev->status);
1da177e4 1979
769be974
MH		 1980 if (ev->status) {
1981 hci_proto_connect_cfm(conn, ev->status);
1da177e4 1982 hci_conn_del(conn);
c89b6e6b
MH		 1983 } else if (ev->link_type != ACL_LINK)
1984 hci_proto_connect_cfm(conn, ev->status);
1da177e4 1985
a9de9248 1986unlock:
1da177e4 1987 hci_dev_unlock(hdev);
1da177e4 1988
a9de9248 1989 hci_conn_check_pending(hdev);
1da177e4
LT		 1990}
1991
6039aa73 1992static void hci_conn_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 1993{
a9de9248
MH		 1994 struct hci_ev_conn_request *ev = (void *) skb->data;
1995 int mask = hdev->link_mode;
1da177e4 1996
6ed93dc6 1997 BT_DBG("%s bdaddr %pMR type 0x%x", hdev->name, &ev->bdaddr,
807deac2 1998 ev->link_type);
1da177e4 1999
a9de9248 2000 mask |= hci_proto_connect_ind(hdev, &ev->bdaddr, ev->link_type);
1da177e4 2001
138d22ef 2002 if ((mask & HCI_LM_ACCEPT) &&
807deac2 2003 !hci_blacklist_lookup(hdev, &ev->bdaddr)) {
a9de9248 2004 /* Connection accepted */
c7bdd502 2005 struct inquiry_entry *ie;
1da177e4 2006 struct hci_conn *conn;
1da177e4 2007
a9de9248 2008 hci_dev_lock(hdev);
b6a0dc82 2009
cc11b9c1
AE		 2010 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
2011 if (ie)
c7bdd502
MH		 2012 memcpy(ie->data.dev_class, ev->dev_class, 3);
2013
8fc9ced3
GP		 2014 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type,
2015 &ev->bdaddr);
a9de9248 2016 if (!conn) {
cc11b9c1
AE		 2017 conn = hci_conn_add(hdev, ev->link_type, &ev->bdaddr);
2018 if (!conn) {
893ef971 2019 BT_ERR("No memory for new connection");
a9de9248
MH		 2020 hci_dev_unlock(hdev);
2021 return;
1da177e4
LT		 2022 }
2023 }
b6a0dc82 2024
a9de9248
MH		 2025 memcpy(conn->dev_class, ev->dev_class, 3);
2026 conn->state = BT_CONNECT;
b6a0dc82 2027
a9de9248 2028 hci_dev_unlock(hdev);
1da177e4 2029
b6a0dc82
MH		 2030 if (ev->link_type == ACL_LINK || !lmp_esco_capable(hdev)) {
2031 struct hci_cp_accept_conn_req cp;
1da177e4 2032
b6a0dc82
MH		 2033 bacpy(&cp.bdaddr, &ev->bdaddr);
2034
2035 if (lmp_rswitch_capable(hdev) && (mask & HCI_LM_MASTER))
2036 cp.role = 0x00; /* Become master */
2037 else
2038 cp.role = 0x01; /* Remain slave */
2039
04124681
GP		 2040 hci_send_cmd(hdev, HCI_OP_ACCEPT_CONN_REQ, sizeof(cp),
2041 &cp);
b6a0dc82
MH		 2042 } else {
2043 struct hci_cp_accept_sync_conn_req cp;
2044
2045 bacpy(&cp.bdaddr, &ev->bdaddr);
a8746417 2046 cp.pkt_type = cpu_to_le16(conn->pkt_type);
b6a0dc82 2047
82781e63
AE		 2048 cp.tx_bandwidth = __constant_cpu_to_le32(0x00001f40);
2049 cp.rx_bandwidth = __constant_cpu_to_le32(0x00001f40);
2050 cp.max_latency = __constant_cpu_to_le16(0xffff);
b6a0dc82
MH		 2051 cp.content_format = cpu_to_le16(hdev->voice_setting);
2052 cp.retrans_effort = 0xff;
1da177e4 2053
b6a0dc82 2054 hci_send_cmd(hdev, HCI_OP_ACCEPT_SYNC_CONN_REQ,
04124681 2055 sizeof(cp), &cp);
b6a0dc82 2056 }
a9de9248
MH		 2057 } else {
2058 /* Connection rejected */
2059 struct hci_cp_reject_conn_req cp;
1da177e4 2060
a9de9248 2061 bacpy(&cp.bdaddr, &ev->bdaddr);
9f5a0d7b 2062 cp.reason = HCI_ERROR_REJ_BAD_ADDR;
a9de9248 2063 hci_send_cmd(hdev, HCI_OP_REJECT_CONN_REQ, sizeof(cp), &cp);
1da177e4 2064 }
1da177e4
LT		 2065}
2066
f0d6a0ea
MA		 2067static u8 hci_to_mgmt_reason(u8 err)
2068{
2069 switch (err) {
2070 case HCI_ERROR_CONNECTION_TIMEOUT:
2071 return MGMT_DEV_DISCONN_TIMEOUT;
2072 case HCI_ERROR_REMOTE_USER_TERM:
2073 case HCI_ERROR_REMOTE_LOW_RESOURCES:
2074 case HCI_ERROR_REMOTE_POWER_OFF:
2075 return MGMT_DEV_DISCONN_REMOTE;
2076 case HCI_ERROR_LOCAL_HOST_TERM:
2077 return MGMT_DEV_DISCONN_LOCAL_HOST;
2078 default:
2079 return MGMT_DEV_DISCONN_UNKNOWN;
2080 }
2081}
2082
6039aa73 2083static void hci_disconn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
04837f64 2084{
a9de9248 2085 struct hci_ev_disconn_complete *ev = (void *) skb->data;
04837f64
MH		 2086 struct hci_conn *conn;
2087
9f1db00c 2088 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
04837f64
MH		 2089
2090 hci_dev_lock(hdev);
2091
2092 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
f7520543
JH		 2093 if (!conn)
2094 goto unlock;
7d0db0a3 2095
37d9ef76
JH		 2096 if (ev->status == 0)
2097 conn->state = BT_CLOSED;
04837f64 2098
b644ba33 2099 if (test_and_clear_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags) &&
807deac2 2100 (conn->type == ACL_LINK || conn->type == LE_LINK)) {
f0d6a0ea 2101 if (ev->status) {
88c3df13 2102 mgmt_disconnect_failed(hdev, &conn->dst, conn->type,
807deac2 2103 conn->dst_type, ev->status);
f0d6a0ea
MA		 2104 } else {
2105 u8 reason = hci_to_mgmt_reason(ev->reason);
2106
afc747a6 2107 mgmt_device_disconnected(hdev, &conn->dst, conn->type,
f0d6a0ea
MA		 2108 conn->dst_type, reason);
2109 }
37d9ef76 2110 }
f7520543 2111
37d9ef76 2112 if (ev->status == 0) {
6ec5bcad
VA		 2113 if (conn->type == ACL_LINK && conn->flush_key)
2114 hci_remove_link_key(hdev, &conn->dst);
37d9ef76
JH		 2115 hci_proto_disconn_cfm(conn, ev->reason);
2116 hci_conn_del(conn);
2117 }
f7520543
JH		 2118
2119unlock:
04837f64
MH		 2120 hci_dev_unlock(hdev);
2121}
2122
6039aa73 2123static void hci_auth_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 2124{
a9de9248 2125 struct hci_ev_auth_complete *ev = (void *) skb->data;
04837f64 2126 struct hci_conn *conn;
1da177e4 2127
9f1db00c 2128 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
1da177e4
LT		 2129
2130 hci_dev_lock(hdev);
2131
04837f64 2132 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
d7556e20
WR		 2133 if (!conn)
2134 goto unlock;
2135
2136 if (!ev->status) {
aa64a8b5 2137 if (!hci_conn_ssp_enabled(conn) &&
807deac2 2138 test_bit(HCI_CONN_REAUTH_PEND, &conn->flags)) {
d7556e20 2139 BT_INFO("re-auth of legacy device is not possible.");
2a611692 2140 } else {
d7556e20
WR		 2141 conn->link_mode |= HCI_LM_AUTH;
2142 conn->sec_level = conn->pending_sec_level;
2a611692 2143 }
d7556e20 2144 } else {
bab73cb6 2145 mgmt_auth_failed(hdev, &conn->dst, conn->type, conn->dst_type,
04124681 2146 ev->status);
d7556e20 2147 }
1da177e4 2148
51a8efd7
JH		 2149 clear_bit(HCI_CONN_AUTH_PEND, &conn->flags);
2150 clear_bit(HCI_CONN_REAUTH_PEND, &conn->flags);
1da177e4 2151
d7556e20 2152 if (conn->state == BT_CONFIG) {
aa64a8b5 2153 if (!ev->status && hci_conn_ssp_enabled(conn)) {
d7556e20
WR		 2154 struct hci_cp_set_conn_encrypt cp;
2155 cp.handle = ev->handle;
2156 cp.encrypt = 0x01;
2157 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
807deac2 2158 &cp);
052b30b0 2159 } else {
d7556e20
WR		 2160 conn->state = BT_CONNECTED;
2161 hci_proto_connect_cfm(conn, ev->status);
052b30b0
MH		 2162 hci_conn_put(conn);
2163 }
d7556e20
WR		 2164 } else {
2165 hci_auth_cfm(conn, ev->status);
052b30b0 2166
d7556e20
WR		 2167 hci_conn_hold(conn);
2168 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
2169 hci_conn_put(conn);
2170 }
2171
51a8efd7 2172 if (test_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags)) {
d7556e20
WR		 2173 if (!ev->status) {
2174 struct hci_cp_set_conn_encrypt cp;
2175 cp.handle = ev->handle;
2176 cp.encrypt = 0x01;
2177 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
807deac2 2178 &cp);
d7556e20 2179 } else {
51a8efd7 2180 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
d7556e20 2181 hci_encrypt_cfm(conn, ev->status, 0x00);
1da177e4
LT		 2182 }
2183 }
2184
d7556e20 2185unlock:
1da177e4
LT		 2186 hci_dev_unlock(hdev);
2187}
2188
6039aa73 2189static void hci_remote_name_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 2190{
127178d2
JH		 2191 struct hci_ev_remote_name *ev = (void *) skb->data;
2192 struct hci_conn *conn;
2193
a9de9248 2194 BT_DBG("%s", hdev->name);
1da177e4 2195
a9de9248 2196 hci_conn_check_pending(hdev);
127178d2
JH		 2197
2198 hci_dev_lock(hdev);
2199
b644ba33 2200 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
30dc78e1 2201
b644ba33
JH		 2202 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
2203 goto check_auth;
a88a9652 2204
b644ba33
JH		 2205 if (ev->status == 0)
2206 hci_check_pending_name(hdev, conn, &ev->bdaddr, ev->name,
04124681 2207 strnlen(ev->name, HCI_MAX_NAME_LENGTH));
b644ba33
JH		 2208 else
2209 hci_check_pending_name(hdev, conn, &ev->bdaddr, NULL, 0);
2210
2211check_auth:
79c6c70c
JH		 2212 if (!conn)
2213 goto unlock;
2214
2215 if (!hci_outgoing_auth_needed(hdev, conn))
2216 goto unlock;
2217
51a8efd7 2218 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
127178d2
JH		 2219 struct hci_cp_auth_requested cp;
2220 cp.handle = __cpu_to_le16(conn->handle);
2221 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp);
2222 }
2223
79c6c70c 2224unlock:
127178d2 2225 hci_dev_unlock(hdev);
a9de9248
MH		 2226}
2227
6039aa73 2228static void hci_encrypt_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248
MH		 2229{
2230 struct hci_ev_encrypt_change *ev = (void *) skb->data;
2231 struct hci_conn *conn;
2232
9f1db00c 2233 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
1da177e4
LT		 2234
2235 hci_dev_lock(hdev);
2236
04837f64 2237 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1da177e4
LT		 2238 if (conn) {
2239 if (!ev->status) {
ae293196
MH		 2240 if (ev->encrypt) {
2241 /* Encryption implies authentication */
2242 conn->link_mode |= HCI_LM_AUTH;
1da177e4 2243 conn->link_mode |= HCI_LM_ENCRYPT;
da85e5e5 2244 conn->sec_level = conn->pending_sec_level;
ae293196 2245 } else
1da177e4
LT		 2246 conn->link_mode &= ~HCI_LM_ENCRYPT;
2247 }
2248
51a8efd7 2249 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
1da177e4 2250
a7d7723a 2251 if (ev->status && conn->state == BT_CONNECTED) {
d839c813 2252 hci_acl_disconn(conn, HCI_ERROR_AUTH_FAILURE);
a7d7723a
GP		 2253 hci_conn_put(conn);
2254 goto unlock;
2255 }
2256
f8558555
MH		 2257 if (conn->state == BT_CONFIG) {
2258 if (!ev->status)
2259 conn->state = BT_CONNECTED;
2260
2261 hci_proto_connect_cfm(conn, ev->status);
2262 hci_conn_put(conn);
2263 } else
2264 hci_encrypt_cfm(conn, ev->status, ev->encrypt);
1da177e4
LT		 2265 }
2266
a7d7723a 2267unlock:
1da177e4
LT		 2268 hci_dev_unlock(hdev);
2269}
2270
6039aa73
GP		 2271static void hci_change_link_key_complete_evt(struct hci_dev *hdev,
2272 struct sk_buff *skb)
1da177e4 2273{
a9de9248 2274 struct hci_ev_change_link_key_complete *ev = (void *) skb->data;
04837f64 2275 struct hci_conn *conn;
1da177e4 2276
9f1db00c 2277 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
1da177e4
LT		 2278
2279 hci_dev_lock(hdev);
2280
04837f64 2281 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1da177e4
LT		 2282 if (conn) {
2283 if (!ev->status)
2284 conn->link_mode |= HCI_LM_SECURE;
2285
51a8efd7 2286 clear_bit(HCI_CONN_AUTH_PEND, &conn->flags);
1da177e4
LT		 2287
2288 hci_key_change_cfm(conn, ev->status);
2289 }
2290
2291 hci_dev_unlock(hdev);
2292}
2293
6039aa73
GP		 2294static void hci_remote_features_evt(struct hci_dev *hdev,
2295 struct sk_buff *skb)
1da177e4 2296{
a9de9248
MH		 2297 struct hci_ev_remote_features *ev = (void *) skb->data;
2298 struct hci_conn *conn;
2299
9f1db00c 2300 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
a9de9248 2301
a9de9248
MH		 2302 hci_dev_lock(hdev);
2303
2304 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
ccd556fe
JH		 2305 if (!conn)
2306 goto unlock;
769be974 2307
ccd556fe
JH		 2308 if (!ev->status)
2309 memcpy(conn->features, ev->features, 8);
2310
2311 if (conn->state != BT_CONFIG)
2312 goto unlock;
2313
2314 if (!ev->status && lmp_ssp_capable(hdev) && lmp_ssp_capable(conn)) {
2315 struct hci_cp_read_remote_ext_features cp;
2316 cp.handle = ev->handle;
2317 cp.page = 0x01;
2318 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES,
807deac2 2319 sizeof(cp), &cp);
392599b9
JH		 2320 goto unlock;
2321 }
2322
671267bf 2323 if (!ev->status && !test_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags)) {
127178d2
JH		 2324 struct hci_cp_remote_name_req cp;
2325 memset(&cp, 0, sizeof(cp));
2326 bacpy(&cp.bdaddr, &conn->dst);
2327 cp.pscan_rep_mode = 0x02;
2328 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
b644ba33
JH		 2329 } else if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
2330 mgmt_device_connected(hdev, &conn->dst, conn->type,
04124681
GP		 2331 conn->dst_type, 0, NULL, 0,
2332 conn->dev_class);
392599b9 2333
127178d2 2334 if (!hci_outgoing_auth_needed(hdev, conn)) {
ccd556fe
JH		 2335 conn->state = BT_CONNECTED;
2336 hci_proto_connect_cfm(conn, ev->status);
2337 hci_conn_put(conn);
769be974 2338 }
a9de9248 2339
ccd556fe 2340unlock:
a9de9248 2341 hci_dev_unlock(hdev);
1da177e4
LT		 2342}
2343
6039aa73 2344static void hci_remote_version_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 2345{
a9de9248 2346 BT_DBG("%s", hdev->name);
1da177e4
LT		 2347}
2348
6039aa73
GP		 2349static void hci_qos_setup_complete_evt(struct hci_dev *hdev,
2350 struct sk_buff *skb)
1da177e4 2351{
a9de9248 2352 BT_DBG("%s", hdev->name);
1da177e4
LT		 2353}
2354
6039aa73 2355static void hci_cmd_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248
MH		 2356{
2357 struct hci_ev_cmd_complete *ev = (void *) skb->data;
2358 __u16 opcode;
2359
2360 skb_pull(skb, sizeof(*ev));
2361
2362 opcode = __le16_to_cpu(ev->opcode);
2363
2364 switch (opcode) {
2365 case HCI_OP_INQUIRY_CANCEL:
2366 hci_cc_inquiry_cancel(hdev, skb);
2367 break;
2368
4d93483b
AG		 2369 case HCI_OP_PERIODIC_INQ:
2370 hci_cc_periodic_inq(hdev, skb);
2371 break;
2372
a9de9248
MH		 2373 case HCI_OP_EXIT_PERIODIC_INQ:
2374 hci_cc_exit_periodic_inq(hdev, skb);
2375 break;
2376
2377 case HCI_OP_REMOTE_NAME_REQ_CANCEL:
2378 hci_cc_remote_name_req_cancel(hdev, skb);
2379 break;
2380
2381 case HCI_OP_ROLE_DISCOVERY:
2382 hci_cc_role_discovery(hdev, skb);
2383 break;
2384
e4e8e37c
MH		 2385 case HCI_OP_READ_LINK_POLICY:
2386 hci_cc_read_link_policy(hdev, skb);
2387 break;
2388
a9de9248
MH		 2389 case HCI_OP_WRITE_LINK_POLICY:
2390 hci_cc_write_link_policy(hdev, skb);
2391 break;
2392
e4e8e37c
MH		 2393 case HCI_OP_READ_DEF_LINK_POLICY:
2394 hci_cc_read_def_link_policy(hdev, skb);
2395 break;
2396
2397 case HCI_OP_WRITE_DEF_LINK_POLICY:
2398 hci_cc_write_def_link_policy(hdev, skb);
2399 break;
2400
a9de9248
MH		 2401 case HCI_OP_RESET:
2402 hci_cc_reset(hdev, skb);
2403 break;
2404
2405 case HCI_OP_WRITE_LOCAL_NAME:
2406 hci_cc_write_local_name(hdev, skb);
2407 break;
2408
2409 case HCI_OP_READ_LOCAL_NAME:
2410 hci_cc_read_local_name(hdev, skb);
2411 break;
2412
2413 case HCI_OP_WRITE_AUTH_ENABLE:
2414 hci_cc_write_auth_enable(hdev, skb);
2415 break;
2416
2417 case HCI_OP_WRITE_ENCRYPT_MODE:
2418 hci_cc_write_encrypt_mode(hdev, skb);
2419 break;
2420
2421 case HCI_OP_WRITE_SCAN_ENABLE:
2422 hci_cc_write_scan_enable(hdev, skb);
2423 break;
2424
2425 case HCI_OP_READ_CLASS_OF_DEV:
2426 hci_cc_read_class_of_dev(hdev, skb);
2427 break;
2428
2429 case HCI_OP_WRITE_CLASS_OF_DEV:
2430 hci_cc_write_class_of_dev(hdev, skb);
2431 break;
2432
2433 case HCI_OP_READ_VOICE_SETTING:
2434 hci_cc_read_voice_setting(hdev, skb);
2435 break;
2436
2437 case HCI_OP_WRITE_VOICE_SETTING:
2438 hci_cc_write_voice_setting(hdev, skb);
2439 break;
2440
2441 case HCI_OP_HOST_BUFFER_SIZE:
2442 hci_cc_host_buffer_size(hdev, skb);
2443 break;
2444
333140b5
MH		 2445 case HCI_OP_WRITE_SSP_MODE:
2446 hci_cc_write_ssp_mode(hdev, skb);
2447 break;
2448
a9de9248
MH		 2449 case HCI_OP_READ_LOCAL_VERSION:
2450 hci_cc_read_local_version(hdev, skb);
2451 break;
2452
2453 case HCI_OP_READ_LOCAL_COMMANDS:
2454 hci_cc_read_local_commands(hdev, skb);
2455 break;
2456
2457 case HCI_OP_READ_LOCAL_FEATURES:
2458 hci_cc_read_local_features(hdev, skb);
2459 break;
2460
971e3a4b
AG		 2461 case HCI_OP_READ_LOCAL_EXT_FEATURES:
2462 hci_cc_read_local_ext_features(hdev, skb);
2463 break;
2464
a9de9248
MH		 2465 case HCI_OP_READ_BUFFER_SIZE:
2466 hci_cc_read_buffer_size(hdev, skb);
2467 break;
2468
2469 case HCI_OP_READ_BD_ADDR:
2470 hci_cc_read_bd_addr(hdev, skb);
2471 break;
2472
350ee4cf
AE		 2473 case HCI_OP_READ_DATA_BLOCK_SIZE:
2474 hci_cc_read_data_block_size(hdev, skb);
2475 break;
2476
23bb5763
JH		 2477 case HCI_OP_WRITE_CA_TIMEOUT:
2478 hci_cc_write_ca_timeout(hdev, skb);
2479 break;
2480
1e89cffb
AE		 2481 case HCI_OP_READ_FLOW_CONTROL_MODE:
2482 hci_cc_read_flow_control_mode(hdev, skb);
2483 break;
2484
928abaa7
AE		 2485 case HCI_OP_READ_LOCAL_AMP_INFO:
2486 hci_cc_read_local_amp_info(hdev, skb);
2487 break;
2488
903e4541
AE		 2489 case HCI_OP_READ_LOCAL_AMP_ASSOC:
2490 hci_cc_read_local_amp_assoc(hdev, skb);
2491 break;
2492
b0916ea0
JH		 2493 case HCI_OP_DELETE_STORED_LINK_KEY:
2494 hci_cc_delete_stored_link_key(hdev, skb);
2495 break;
2496
d5859e22
JH		 2497 case HCI_OP_SET_EVENT_MASK:
2498 hci_cc_set_event_mask(hdev, skb);
2499 break;
2500
2501 case HCI_OP_WRITE_INQUIRY_MODE:
2502 hci_cc_write_inquiry_mode(hdev, skb);
2503 break;
2504
2505 case HCI_OP_READ_INQ_RSP_TX_POWER:
2506 hci_cc_read_inq_rsp_tx_power(hdev, skb);
2507 break;
2508
2509 case HCI_OP_SET_EVENT_FLT:
2510 hci_cc_set_event_flt(hdev, skb);
2511 break;
2512
980e1a53
JH		 2513 case HCI_OP_PIN_CODE_REPLY:
2514 hci_cc_pin_code_reply(hdev, skb);
2515 break;
2516
2517 case HCI_OP_PIN_CODE_NEG_REPLY:
2518 hci_cc_pin_code_neg_reply(hdev, skb);
2519 break;
2520
c35938b2
SJ		 2521 case HCI_OP_READ_LOCAL_OOB_DATA:
2522 hci_cc_read_local_oob_data_reply(hdev, skb);
2523 break;
2524
6ed58ec5
VT		 2525 case HCI_OP_LE_READ_BUFFER_SIZE:
2526 hci_cc_le_read_buffer_size(hdev, skb);
2527 break;
2528
8fa19098
JH		 2529 case HCI_OP_LE_READ_ADV_TX_POWER:
2530 hci_cc_le_read_adv_tx_power(hdev, skb);
2531 break;
2532
e36b04c8
JH		 2533 case HCI_OP_LE_SET_EVENT_MASK:
2534 hci_cc_le_set_event_mask(hdev, skb);
2535 break;
2536
a5c29683
JH		 2537 case HCI_OP_USER_CONFIRM_REPLY:
2538 hci_cc_user_confirm_reply(hdev, skb);
2539 break;
2540
2541 case HCI_OP_USER_CONFIRM_NEG_REPLY:
2542 hci_cc_user_confirm_neg_reply(hdev, skb);
2543 break;
2544
1143d458
BG		 2545 case HCI_OP_USER_PASSKEY_REPLY:
2546 hci_cc_user_passkey_reply(hdev, skb);
2547 break;
2548
2549 case HCI_OP_USER_PASSKEY_NEG_REPLY:
2550 hci_cc_user_passkey_neg_reply(hdev, skb);
16cde993 2551 break;
07f7fa5d
AG		 2552
2553 case HCI_OP_LE_SET_SCAN_PARAM:
2554 hci_cc_le_set_scan_param(hdev, skb);
1143d458
BG		 2555 break;
2556
eb9d91f5
AG		 2557 case HCI_OP_LE_SET_SCAN_ENABLE:
2558 hci_cc_le_set_scan_enable(hdev, skb);
2559 break;
2560
a7a595f6
VCG		 2561 case HCI_OP_LE_LTK_REPLY:
2562 hci_cc_le_ltk_reply(hdev, skb);
2563 break;
2564
2565 case HCI_OP_LE_LTK_NEG_REPLY:
2566 hci_cc_le_ltk_neg_reply(hdev, skb);
2567 break;
2568
f9b49306
AG		 2569 case HCI_OP_WRITE_LE_HOST_SUPPORTED:
2570 hci_cc_write_le_host_supported(hdev, skb);
2571 break;
2572
93c284ee
AE		 2573 case HCI_OP_WRITE_REMOTE_AMP_ASSOC:
2574 hci_cc_write_remote_amp_assoc(hdev, skb);
2575 break;
2576
a9de9248 2577 default:
9f1db00c 2578 BT_DBG("%s opcode 0x%4.4x", hdev->name, opcode);
a9de9248
MH		 2579 break;
2580 }
2581
6bd32326
VT		 2582 if (ev->opcode != HCI_OP_NOP)
2583 del_timer(&hdev->cmd_timer);
2584
a9de9248
MH		 2585 if (ev->ncmd) {
2586 atomic_set(&hdev->cmd_cnt, 1);
2587 if (!skb_queue_empty(&hdev->cmd_q))
c347b765 2588 queue_work(hdev->workqueue, &hdev->cmd_work);
a9de9248
MH		 2589 }
2590}
2591
6039aa73 2592static void hci_cmd_status_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248
MH		 2593{
2594 struct hci_ev_cmd_status *ev = (void *) skb->data;
2595 __u16 opcode;
2596
2597 skb_pull(skb, sizeof(*ev));
2598
2599 opcode = __le16_to_cpu(ev->opcode);
2600
2601 switch (opcode) {
2602 case HCI_OP_INQUIRY:
2603 hci_cs_inquiry(hdev, ev->status);
2604 break;
2605
2606 case HCI_OP_CREATE_CONN:
2607 hci_cs_create_conn(hdev, ev->status);
2608 break;
2609
2610 case HCI_OP_ADD_SCO:
2611 hci_cs_add_sco(hdev, ev->status);
2612 break;
2613
f8558555
MH		 2614 case HCI_OP_AUTH_REQUESTED:
2615 hci_cs_auth_requested(hdev, ev->status);
2616 break;
2617
2618 case HCI_OP_SET_CONN_ENCRYPT:
2619 hci_cs_set_conn_encrypt(hdev, ev->status);
2620 break;
2621
a9de9248
MH		 2622 case HCI_OP_REMOTE_NAME_REQ:
2623 hci_cs_remote_name_req(hdev, ev->status);
2624 break;
2625
769be974
MH		 2626 case HCI_OP_READ_REMOTE_FEATURES:
2627 hci_cs_read_remote_features(hdev, ev->status);
2628 break;
2629
2630 case HCI_OP_READ_REMOTE_EXT_FEATURES:
2631 hci_cs_read_remote_ext_features(hdev, ev->status);
2632 break;
2633
a9de9248
MH		 2634 case HCI_OP_SETUP_SYNC_CONN:
2635 hci_cs_setup_sync_conn(hdev, ev->status);
2636 break;
2637
2638 case HCI_OP_SNIFF_MODE:
2639 hci_cs_sniff_mode(hdev, ev->status);
2640 break;
2641
2642 case HCI_OP_EXIT_SNIFF_MODE:
2643 hci_cs_exit_sniff_mode(hdev, ev->status);
2644 break;
2645
8962ee74 2646 case HCI_OP_DISCONNECT:
88c3df13 2647 hci_cs_disconnect(hdev, ev->status);
8962ee74
JH		 2648 break;
2649
fcd89c09
VT		 2650 case HCI_OP_LE_CREATE_CONN:
2651 hci_cs_le_create_conn(hdev, ev->status);
2652 break;
2653
a7a595f6
VCG		 2654 case HCI_OP_LE_START_ENC:
2655 hci_cs_le_start_enc(hdev, ev->status);
2656 break;
2657
a02226d6
AE		 2658 case HCI_OP_CREATE_PHY_LINK:
2659 hci_cs_create_phylink(hdev, ev->status);
2660 break;
2661
0b26ab9d
AE		 2662 case HCI_OP_ACCEPT_PHY_LINK:
2663 hci_cs_accept_phylink(hdev, ev->status);
2664 break;
2665
a9de9248 2666 default:
9f1db00c 2667 BT_DBG("%s opcode 0x%4.4x", hdev->name, opcode);
a9de9248
MH		 2668 break;
2669 }
2670
6bd32326
VT		 2671 if (ev->opcode != HCI_OP_NOP)
2672 del_timer(&hdev->cmd_timer);
2673
10572132 2674 if (ev->ncmd && !test_bit(HCI_RESET, &hdev->flags)) {
a9de9248
MH		 2675 atomic_set(&hdev->cmd_cnt, 1);
2676 if (!skb_queue_empty(&hdev->cmd_q))
c347b765 2677 queue_work(hdev->workqueue, &hdev->cmd_work);
a9de9248
MH		 2678 }
2679}
2680
6039aa73 2681static void hci_role_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248
MH		 2682{
2683 struct hci_ev_role_change *ev = (void *) skb->data;
2684 struct hci_conn *conn;
2685
9f1db00c 2686 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
a9de9248
MH		 2687
2688 hci_dev_lock(hdev);
2689
2690 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2691 if (conn) {
2692 if (!ev->status) {
2693 if (ev->role)
2694 conn->link_mode &= ~HCI_LM_MASTER;
2695 else
2696 conn->link_mode |= HCI_LM_MASTER;
2697 }
2698
51a8efd7 2699 clear_bit(HCI_CONN_RSWITCH_PEND, &conn->flags);
a9de9248
MH		 2700
2701 hci_role_switch_cfm(conn, ev->status, ev->role);
2702 }
2703
2704 hci_dev_unlock(hdev);
2705}
2706
6039aa73 2707static void hci_num_comp_pkts_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248
MH		 2708{
2709 struct hci_ev_num_comp_pkts *ev = (void *) skb->data;
a9de9248
MH		 2710 int i;
2711
32ac5b9b
AE		 2712 if (hdev->flow_ctl_mode != HCI_FLOW_CTL_MODE_PACKET_BASED) {
2713 BT_ERR("Wrong event for mode %d", hdev->flow_ctl_mode);
2714 return;
2715 }
2716
c5993de8 2717 if (skb->len < sizeof(*ev) || skb->len < sizeof(*ev) +
807deac2 2718 ev->num_hndl * sizeof(struct hci_comp_pkts_info)) {
a9de9248
MH		 2719 BT_DBG("%s bad parameters", hdev->name);
2720 return;
2721 }
2722
c5993de8
AE		 2723 BT_DBG("%s num_hndl %d", hdev->name, ev->num_hndl);
2724
613a1c0c
AE		 2725 for (i = 0; i < ev->num_hndl; i++) {
2726 struct hci_comp_pkts_info *info = &ev->handles[i];
a9de9248
MH		 2727 struct hci_conn *conn;
2728 __u16 handle, count;
2729
613a1c0c
AE		 2730 handle = __le16_to_cpu(info->handle);
2731 count = __le16_to_cpu(info->count);
a9de9248
MH		 2732
2733 conn = hci_conn_hash_lookup_handle(hdev, handle);
f4280918
AE		 2734 if (!conn)
2735 continue;
2736
2737 conn->sent -= count;
2738
2739 switch (conn->type) {
2740 case ACL_LINK:
2741 hdev->acl_cnt += count;
2742 if (hdev->acl_cnt > hdev->acl_pkts)
2743 hdev->acl_cnt = hdev->acl_pkts;
2744 break;
2745
2746 case LE_LINK:
2747 if (hdev->le_pkts) {
2748 hdev->le_cnt += count;
2749 if (hdev->le_cnt > hdev->le_pkts)
2750 hdev->le_cnt = hdev->le_pkts;
2751 } else {
70f23020
AE		 2752 hdev->acl_cnt += count;
2753 if (hdev->acl_cnt > hdev->acl_pkts)
a9de9248 2754 hdev->acl_cnt = hdev->acl_pkts;
a9de9248 2755 }
f4280918
AE		 2756 break;
2757
2758 case SCO_LINK:
2759 hdev->sco_cnt += count;
2760 if (hdev->sco_cnt > hdev->sco_pkts)
2761 hdev->sco_cnt = hdev->sco_pkts;
2762 break;
2763
2764 default:
2765 BT_ERR("Unknown type %d conn %p", conn->type, conn);
2766 break;
a9de9248
MH		 2767 }
2768 }
2769
3eff45ea 2770 queue_work(hdev->workqueue, &hdev->tx_work);
a9de9248
MH		 2771}
2772
76ef7cf7
AE		 2773static struct hci_conn *__hci_conn_lookup_handle(struct hci_dev *hdev,
2774 __u16 handle)
2775{
2776 struct hci_chan *chan;
2777
2778 switch (hdev->dev_type) {
2779 case HCI_BREDR:
2780 return hci_conn_hash_lookup_handle(hdev, handle);
2781 case HCI_AMP:
2782 chan = hci_chan_lookup_handle(hdev, handle);
2783 if (chan)
2784 return chan->conn;
2785 break;
2786 default:
2787 BT_ERR("%s unknown dev_type %d", hdev->name, hdev->dev_type);
2788 break;
2789 }
2790
2791 return NULL;
2792}
2793
6039aa73 2794static void hci_num_comp_blocks_evt(struct hci_dev *hdev, struct sk_buff *skb)
25e89e99
AE		 2795{
2796 struct hci_ev_num_comp_blocks *ev = (void *) skb->data;
2797 int i;
2798
2799 if (hdev->flow_ctl_mode != HCI_FLOW_CTL_MODE_BLOCK_BASED) {
2800 BT_ERR("Wrong event for mode %d", hdev->flow_ctl_mode);
2801 return;
2802 }
2803
2804 if (skb->len < sizeof(*ev) || skb->len < sizeof(*ev) +
807deac2 2805 ev->num_hndl * sizeof(struct hci_comp_blocks_info)) {
25e89e99
AE		 2806 BT_DBG("%s bad parameters", hdev->name);
2807 return;
2808 }
2809
2810 BT_DBG("%s num_blocks %d num_hndl %d", hdev->name, ev->num_blocks,
807deac2 2811 ev->num_hndl);
25e89e99
AE		 2812
2813 for (i = 0; i < ev->num_hndl; i++) {
2814 struct hci_comp_blocks_info *info = &ev->handles[i];
76ef7cf7 2815 struct hci_conn *conn = NULL;
25e89e99
AE		 2816 __u16 handle, block_count;
2817
2818 handle = __le16_to_cpu(info->handle);
2819 block_count = __le16_to_cpu(info->blocks);
2820
76ef7cf7 2821 conn = __hci_conn_lookup_handle(hdev, handle);
25e89e99
AE		 2822 if (!conn)
2823 continue;
2824
2825 conn->sent -= block_count;
2826
2827 switch (conn->type) {
2828 case ACL_LINK:
bd1eb66b 2829 case AMP_LINK:
25e89e99
AE		 2830 hdev->block_cnt += block_count;
2831 if (hdev->block_cnt > hdev->num_blocks)
2832 hdev->block_cnt = hdev->num_blocks;
2833 break;
2834
2835 default:
2836 BT_ERR("Unknown type %d conn %p", conn->type, conn);
2837 break;
2838 }
2839 }
2840
2841 queue_work(hdev->workqueue, &hdev->tx_work);
2842}
2843
6039aa73 2844static void hci_mode_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
04837f64 2845{
a9de9248 2846 struct hci_ev_mode_change *ev = (void *) skb->data;
04837f64
MH		 2847 struct hci_conn *conn;
2848
9f1db00c 2849 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
04837f64
MH		 2850
2851 hci_dev_lock(hdev);
2852
2853 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
a9de9248
MH		 2854 if (conn) {
2855 conn->mode = ev->mode;
2856 conn->interval = __le16_to_cpu(ev->interval);
2857
8fc9ced3
GP		 2858 if (!test_and_clear_bit(HCI_CONN_MODE_CHANGE_PEND,
2859 &conn->flags)) {
a9de9248 2860 if (conn->mode == HCI_CM_ACTIVE)
58a681ef 2861 set_bit(HCI_CONN_POWER_SAVE, &conn->flags);
a9de9248 2862 else
58a681ef 2863 clear_bit(HCI_CONN_POWER_SAVE, &conn->flags);
a9de9248 2864 }
e73439d8 2865
51a8efd7 2866 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
e73439d8 2867 hci_sco_setup(conn, ev->status);
04837f64
MH		 2868 }
2869
2870 hci_dev_unlock(hdev);
2871}
2872
6039aa73 2873static void hci_pin_code_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248 2874{
052b30b0
MH		 2875 struct hci_ev_pin_code_req *ev = (void *) skb->data;
2876 struct hci_conn *conn;
2877
a9de9248 2878 BT_DBG("%s", hdev->name);
052b30b0
MH		 2879
2880 hci_dev_lock(hdev);
2881
2882 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
b6f98044
WR		 2883 if (!conn)
2884 goto unlock;
2885
2886 if (conn->state == BT_CONNECTED) {
052b30b0
MH		 2887 hci_conn_hold(conn);
2888 conn->disc_timeout = HCI_PAIRING_TIMEOUT;
2889 hci_conn_put(conn);
2890 }
2891
a8b2d5c2 2892 if (!test_bit(HCI_PAIRABLE, &hdev->dev_flags))
03b555e1 2893 hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
807deac2 2894 sizeof(ev->bdaddr), &ev->bdaddr);
a8b2d5c2 2895 else if (test_bit(HCI_MGMT, &hdev->dev_flags)) {
a770bb5a
WR		 2896 u8 secure;
2897
2898 if (conn->pending_sec_level == BT_SECURITY_HIGH)
2899 secure = 1;
2900 else
2901 secure = 0;
2902
744cf19e 2903 mgmt_pin_code_request(hdev, &ev->bdaddr, secure);
a770bb5a 2904 }
980e1a53 2905
b6f98044 2906unlock:
052b30b0 2907 hci_dev_unlock(hdev);
a9de9248
MH		 2908}
2909
6039aa73 2910static void hci_link_key_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248 2911{
55ed8ca1
JH		 2912 struct hci_ev_link_key_req *ev = (void *) skb->data;
2913 struct hci_cp_link_key_reply cp;
2914 struct hci_conn *conn;
2915 struct link_key *key;
2916
a9de9248 2917 BT_DBG("%s", hdev->name);
55ed8ca1 2918
a8b2d5c2 2919 if (!test_bit(HCI_LINK_KEYS, &hdev->dev_flags))
55ed8ca1
JH		 2920 return;
2921
2922 hci_dev_lock(hdev);
2923
2924 key = hci_find_link_key(hdev, &ev->bdaddr);
2925 if (!key) {
6ed93dc6
AE		 2926 BT_DBG("%s link key not found for %pMR", hdev->name,
2927 &ev->bdaddr);
55ed8ca1
JH		 2928 goto not_found;
2929 }
2930
6ed93dc6
AE		 2931 BT_DBG("%s found key type %u for %pMR", hdev->name, key->type,
2932 &ev->bdaddr);
55ed8ca1 2933
a8b2d5c2 2934 if (!test_bit(HCI_DEBUG_KEYS, &hdev->dev_flags) &&
807deac2 2935 key->type == HCI_LK_DEBUG_COMBINATION) {
55ed8ca1
JH		 2936 BT_DBG("%s ignoring debug key", hdev->name);
2937 goto not_found;
2938 }
2939
2940 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
60b83f57
WR		 2941 if (conn) {
2942 if (key->type == HCI_LK_UNAUTH_COMBINATION &&
807deac2 2943 conn->auth_type != 0xff && (conn->auth_type & 0x01)) {
60b83f57
WR		 2944 BT_DBG("%s ignoring unauthenticated key", hdev->name);
2945 goto not_found;
2946 }
55ed8ca1 2947
60b83f57 2948 if (key->type == HCI_LK_COMBINATION && key->pin_len < 16 &&
807deac2 2949 conn->pending_sec_level == BT_SECURITY_HIGH) {
8fc9ced3
GP		 2950 BT_DBG("%s ignoring key unauthenticated for high security",
2951 hdev->name);
60b83f57
WR		 2952 goto not_found;
2953 }
2954
2955 conn->key_type = key->type;
2956 conn->pin_length = key->pin_len;
55ed8ca1
JH		 2957 }
2958
2959 bacpy(&cp.bdaddr, &ev->bdaddr);
9b3b4460 2960 memcpy(cp.link_key, key->val, HCI_LINK_KEY_SIZE);
55ed8ca1
JH		 2961
2962 hci_send_cmd(hdev, HCI_OP_LINK_KEY_REPLY, sizeof(cp), &cp);
2963
2964 hci_dev_unlock(hdev);
2965
2966 return;
2967
2968not_found:
2969 hci_send_cmd(hdev, HCI_OP_LINK_KEY_NEG_REPLY, 6, &ev->bdaddr);
2970 hci_dev_unlock(hdev);
a9de9248
MH		 2971}
2972
6039aa73 2973static void hci_link_key_notify_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248 2974{
052b30b0
MH		 2975 struct hci_ev_link_key_notify *ev = (void *) skb->data;
2976 struct hci_conn *conn;
55ed8ca1 2977 u8 pin_len = 0;
052b30b0 2978
a9de9248 2979 BT_DBG("%s", hdev->name);
052b30b0
MH		 2980
2981 hci_dev_lock(hdev);
2982
2983 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2984 if (conn) {
2985 hci_conn_hold(conn);
2986 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
980e1a53 2987 pin_len = conn->pin_length;
13d39315
WR		 2988
2989 if (ev->key_type != HCI_LK_CHANGED_COMBINATION)
2990 conn->key_type = ev->key_type;
2991
052b30b0
MH		 2992 hci_conn_put(conn);
2993 }
2994
a8b2d5c2 2995 if (test_bit(HCI_LINK_KEYS, &hdev->dev_flags))
d25e28ab 2996 hci_add_link_key(hdev, conn, 1, &ev->bdaddr, ev->link_key,
807deac2 2997 ev->key_type, pin_len);
55ed8ca1 2998
052b30b0 2999 hci_dev_unlock(hdev);
a9de9248
MH		 3000}
3001
6039aa73 3002static void hci_clock_offset_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 3003{
a9de9248 3004 struct hci_ev_clock_offset *ev = (void *) skb->data;
04837f64 3005 struct hci_conn *conn;
1da177e4 3006
9f1db00c 3007 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
1da177e4
LT		 3008
3009 hci_dev_lock(hdev);
3010
04837f64 3011 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1da177e4
LT		 3012 if (conn && !ev->status) {
3013 struct inquiry_entry *ie;
3014
cc11b9c1
AE		 3015 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
3016 if (ie) {
1da177e4
LT		 3017 ie->data.clock_offset = ev->clock_offset;
3018 ie->timestamp = jiffies;
3019 }
3020 }
3021
3022 hci_dev_unlock(hdev);
3023}
3024
6039aa73 3025static void hci_pkt_type_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
a8746417
MH		 3026{
3027 struct hci_ev_pkt_type_change *ev = (void *) skb->data;
3028 struct hci_conn *conn;
3029
9f1db00c 3030 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
a8746417
MH		 3031
3032 hci_dev_lock(hdev);
3033
3034 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
3035 if (conn && !ev->status)
3036 conn->pkt_type = __le16_to_cpu(ev->pkt_type);
3037
3038 hci_dev_unlock(hdev);
3039}
3040
6039aa73 3041static void hci_pscan_rep_mode_evt(struct hci_dev *hdev, struct sk_buff *skb)
85a1e930 3042{
a9de9248 3043 struct hci_ev_pscan_rep_mode *ev = (void *) skb->data;
85a1e930
MH		 3044 struct inquiry_entry *ie;
3045
3046 BT_DBG("%s", hdev->name);
3047
3048 hci_dev_lock(hdev);
3049
cc11b9c1
AE		 3050 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
3051 if (ie) {
85a1e930
MH		 3052 ie->data.pscan_rep_mode = ev->pscan_rep_mode;
3053 ie->timestamp = jiffies;
3054 }
3055
3056 hci_dev_unlock(hdev);
3057}
3058
6039aa73
GP		 3059static void hci_inquiry_result_with_rssi_evt(struct hci_dev *hdev,
3060 struct sk_buff *skb)
a9de9248
MH		 3061{
3062 struct inquiry_data data;
3063 int num_rsp = *((__u8 *) skb->data);
388fc8fa 3064 bool name_known, ssp;
a9de9248
MH		 3065
3066 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
3067
3068 if (!num_rsp)
3069 return;
3070
1519cc17
AG		 3071 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags))
3072 return;
3073
a9de9248
MH		 3074 hci_dev_lock(hdev);
3075
3076 if ((skb->len - 1) / num_rsp != sizeof(struct inquiry_info_with_rssi)) {
138d22ef
SJ		 3077 struct inquiry_info_with_rssi_and_pscan_mode *info;
3078 info = (void *) (skb->data + 1);
a9de9248 3079
e17acd40 3080 for (; num_rsp; num_rsp--, info++) {
a9de9248
MH		 3081 bacpy(&data.bdaddr, &info->bdaddr);
3082 data.pscan_rep_mode = info->pscan_rep_mode;
3083 data.pscan_period_mode = info->pscan_period_mode;
3084 data.pscan_mode = info->pscan_mode;
3085 memcpy(data.dev_class, info->dev_class, 3);
3086 data.clock_offset = info->clock_offset;
3087 data.rssi = info->rssi;
41a96212 3088 data.ssp_mode = 0x00;
3175405b
JH		 3089
3090 name_known = hci_inquiry_cache_update(hdev, &data,
04124681 3091 false, &ssp);
48264f06 3092 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
04124681
GP		 3093 info->dev_class, info->rssi,
3094 !name_known, ssp, NULL, 0);
a9de9248
MH		 3095 }
3096 } else {
3097 struct inquiry_info_with_rssi *info = (void *) (skb->data + 1);
3098
e17acd40 3099 for (; num_rsp; num_rsp--, info++) {
a9de9248
MH		 3100 bacpy(&data.bdaddr, &info->bdaddr);
3101 data.pscan_rep_mode = info->pscan_rep_mode;
3102 data.pscan_period_mode = info->pscan_period_mode;
3103 data.pscan_mode = 0x00;
3104 memcpy(data.dev_class, info->dev_class, 3);
3105 data.clock_offset = info->clock_offset;
3106 data.rssi = info->rssi;
41a96212 3107 data.ssp_mode = 0x00;
3175405b 3108 name_known = hci_inquiry_cache_update(hdev, &data,
04124681 3109 false, &ssp);
48264f06 3110 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
04124681
GP		 3111 info->dev_class, info->rssi,
3112 !name_known, ssp, NULL, 0);
a9de9248
MH		 3113 }
3114 }
3115
3116 hci_dev_unlock(hdev);
3117}
3118
6039aa73
GP		 3119static void hci_remote_ext_features_evt(struct hci_dev *hdev,
3120 struct sk_buff *skb)
a9de9248 3121{
41a96212
MH		 3122 struct hci_ev_remote_ext_features *ev = (void *) skb->data;
3123 struct hci_conn *conn;
3124
a9de9248 3125 BT_DBG("%s", hdev->name);
41a96212 3126
41a96212
MH		 3127 hci_dev_lock(hdev);
3128
3129 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
ccd556fe
JH		 3130 if (!conn)
3131 goto unlock;
41a96212 3132
ccd556fe
JH		 3133 if (!ev->status && ev->page == 0x01) {
3134 struct inquiry_entry *ie;
41a96212 3135
cc11b9c1
AE		 3136 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
3137 if (ie)
02b7cc62 3138 ie->data.ssp_mode = (ev->features[0] & LMP_HOST_SSP);
769be974 3139
02b7cc62 3140 if (ev->features[0] & LMP_HOST_SSP)
58a681ef 3141 set_bit(HCI_CONN_SSP_ENABLED, &conn->flags);
ccd556fe
JH		 3142 }
3143
3144 if (conn->state != BT_CONFIG)
3145 goto unlock;
3146
671267bf 3147 if (!ev->status && !test_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags)) {
127178d2
JH		 3148 struct hci_cp_remote_name_req cp;
3149 memset(&cp, 0, sizeof(cp));
3150 bacpy(&cp.bdaddr, &conn->dst);
3151 cp.pscan_rep_mode = 0x02;
3152 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
b644ba33
JH		 3153 } else if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
3154 mgmt_device_connected(hdev, &conn->dst, conn->type,
04124681
GP		 3155 conn->dst_type, 0, NULL, 0,
3156 conn->dev_class);
392599b9 3157
127178d2 3158 if (!hci_outgoing_auth_needed(hdev, conn)) {
ccd556fe
JH		 3159 conn->state = BT_CONNECTED;
3160 hci_proto_connect_cfm(conn, ev->status);
3161 hci_conn_put(conn);
41a96212
MH		 3162 }
3163
ccd556fe 3164unlock:
41a96212 3165 hci_dev_unlock(hdev);
a9de9248
MH		 3166}
3167
6039aa73
GP		 3168static void hci_sync_conn_complete_evt(struct hci_dev *hdev,
3169 struct sk_buff *skb)
a9de9248 3170{
b6a0dc82
MH		 3171 struct hci_ev_sync_conn_complete *ev = (void *) skb->data;
3172 struct hci_conn *conn;
3173
9f1db00c 3174 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
b6a0dc82
MH		 3175
3176 hci_dev_lock(hdev);
3177
3178 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
9dc0a3af
MH		 3179 if (!conn) {
3180 if (ev->link_type == ESCO_LINK)
3181 goto unlock;
3182
3183 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
3184 if (!conn)
3185 goto unlock;
3186
3187 conn->type = SCO_LINK;
3188 }
b6a0dc82 3189
732547f9
MH		 3190 switch (ev->status) {
3191 case 0x00:
b6a0dc82
MH		 3192 conn->handle = __le16_to_cpu(ev->handle);
3193 conn->state = BT_CONNECTED;
7d0db0a3 3194
9eba32b8 3195 hci_conn_hold_device(conn);
7d0db0a3 3196 hci_conn_add_sysfs(conn);
732547f9
MH		 3197 break;
3198
705e5711 3199 case 0x11: /* Unsupported Feature or Parameter Value */
732547f9 3200 case 0x1c: /* SCO interval rejected */
1038a00b 3201 case 0x1a: /* Unsupported Remote Feature */
732547f9
MH		 3202 case 0x1f: /* Unspecified error */
3203 if (conn->out && conn->attempt < 2) {
3204 conn->pkt_type = (hdev->esco_type & SCO_ESCO_MASK) |
3205 (hdev->esco_type & EDR_ESCO_MASK);
3206 hci_setup_sync(conn, conn->link->handle);
3207 goto unlock;
3208 }
3209 /* fall through */
3210
3211 default:
b6a0dc82 3212 conn->state = BT_CLOSED;
732547f9
MH		 3213 break;
3214 }
b6a0dc82
MH		 3215
3216 hci_proto_connect_cfm(conn, ev->status);
3217 if (ev->status)
3218 hci_conn_del(conn);
3219
3220unlock:
3221 hci_dev_unlock(hdev);
a9de9248
MH		 3222}
3223
6039aa73 3224static void hci_sync_conn_changed_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248
MH		 3225{
3226 BT_DBG("%s", hdev->name);
3227}
3228
6039aa73 3229static void hci_sniff_subrate_evt(struct hci_dev *hdev, struct sk_buff *skb)
04837f64 3230{
a9de9248 3231 struct hci_ev_sniff_subrate *ev = (void *) skb->data;
04837f64 3232
9f1db00c 3233 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
04837f64
MH		 3234}
3235
6039aa73
GP		 3236static void hci_extended_inquiry_result_evt(struct hci_dev *hdev,
3237 struct sk_buff *skb)
1da177e4 3238{
a9de9248
MH		 3239 struct inquiry_data data;
3240 struct extended_inquiry_info *info = (void *) (skb->data + 1);
3241 int num_rsp = *((__u8 *) skb->data);
9d939d94 3242 size_t eir_len;
1da177e4 3243
a9de9248 3244 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
1da177e4 3245
a9de9248
MH		 3246 if (!num_rsp)
3247 return;
1da177e4 3248
1519cc17
AG		 3249 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags))
3250 return;
3251
a9de9248
MH		 3252 hci_dev_lock(hdev);
3253
e17acd40 3254 for (; num_rsp; num_rsp--, info++) {
388fc8fa 3255 bool name_known, ssp;
561aafbc 3256
a9de9248 3257 bacpy(&data.bdaddr, &info->bdaddr);
138d22ef
SJ		 3258 data.pscan_rep_mode = info->pscan_rep_mode;
3259 data.pscan_period_mode = info->pscan_period_mode;
3260 data.pscan_mode = 0x00;
a9de9248 3261 memcpy(data.dev_class, info->dev_class, 3);
138d22ef
SJ		 3262 data.clock_offset = info->clock_offset;
3263 data.rssi = info->rssi;
41a96212 3264 data.ssp_mode = 0x01;
561aafbc 3265
a8b2d5c2 3266 if (test_bit(HCI_MGMT, &hdev->dev_flags))
4ddb1930 3267 name_known = eir_has_data_type(info->data,
04124681
GP		 3268 sizeof(info->data),
3269 EIR_NAME_COMPLETE);
561aafbc
JH		 3270 else
3271 name_known = true;
3272
388fc8fa 3273 name_known = hci_inquiry_cache_update(hdev, &data, name_known,
04124681 3274 &ssp);
9d939d94 3275 eir_len = eir_get_length(info->data, sizeof(info->data));
48264f06 3276 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
04124681 3277 info->dev_class, info->rssi, !name_known,
9d939d94 3278 ssp, info->data, eir_len);
a9de9248
MH		 3279 }
3280
3281 hci_dev_unlock(hdev);
3282}
1da177e4 3283
1c2e0041
JH		 3284static void hci_key_refresh_complete_evt(struct hci_dev *hdev,
3285 struct sk_buff *skb)
3286{
3287 struct hci_ev_key_refresh_complete *ev = (void *) skb->data;
3288 struct hci_conn *conn;
3289
9f1db00c 3290 BT_DBG("%s status 0x%2.2x handle 0x%4.4x", hdev->name, ev->status,
1c2e0041
JH		 3291 __le16_to_cpu(ev->handle));
3292
3293 hci_dev_lock(hdev);
3294
3295 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
3296 if (!conn)
3297 goto unlock;
3298
3299 if (!ev->status)
3300 conn->sec_level = conn->pending_sec_level;
3301
3302 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
3303
3304 if (ev->status && conn->state == BT_CONNECTED) {
3305 hci_acl_disconn(conn, HCI_ERROR_AUTH_FAILURE);
3306 hci_conn_put(conn);
3307 goto unlock;
3308 }
3309
3310 if (conn->state == BT_CONFIG) {
3311 if (!ev->status)
3312 conn->state = BT_CONNECTED;
3313
3314 hci_proto_connect_cfm(conn, ev->status);
3315 hci_conn_put(conn);
3316 } else {
3317 hci_auth_cfm(conn, ev->status);
3318
3319 hci_conn_hold(conn);
3320 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
3321 hci_conn_put(conn);
3322 }
3323
3324unlock:
3325 hci_dev_unlock(hdev);
3326}
3327
6039aa73 3328static u8 hci_get_auth_req(struct hci_conn *conn)
17fa4b9d
JH		 3329{
3330 /* If remote requests dedicated bonding follow that lead */
3331 if (conn->remote_auth == 0x02 || conn->remote_auth == 0x03) {
3332 /* If both remote and local IO capabilities allow MITM
3333 * protection then require it, otherwise don't */
3334 if (conn->remote_cap == 0x03 || conn->io_capability == 0x03)
3335 return 0x02;
3336 else
3337 return 0x03;
3338 }
3339
3340 /* If remote requests no-bonding follow that lead */
3341 if (conn->remote_auth == 0x00 || conn->remote_auth == 0x01)
58797bf7 3342 return conn->remote_auth | (conn->auth_type & 0x01);
17fa4b9d
JH		 3343
3344 return conn->auth_type;
3345}
3346
6039aa73 3347static void hci_io_capa_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
0493684e
MH		 3348{
3349 struct hci_ev_io_capa_request *ev = (void *) skb->data;
3350 struct hci_conn *conn;
3351
3352 BT_DBG("%s", hdev->name);
3353
3354 hci_dev_lock(hdev);
3355
3356 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
03b555e1
JH		 3357 if (!conn)
3358 goto unlock;
3359
3360 hci_conn_hold(conn);
3361
a8b2d5c2 3362 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
03b555e1
JH		 3363 goto unlock;
3364
a8b2d5c2 3365 if (test_bit(HCI_PAIRABLE, &hdev->dev_flags) ||
807deac2 3366 (conn->remote_auth & ~0x01) == HCI_AT_NO_BONDING) {
17fa4b9d
JH		 3367 struct hci_cp_io_capability_reply cp;
3368
3369 bacpy(&cp.bdaddr, &ev->bdaddr);
7a7f1e7c
HG		 3370 /* Change the IO capability from KeyboardDisplay
3371 * to DisplayYesNo as it is not supported by BT spec. */
3372 cp.capability = (conn->io_capability == 0x04) ?
3373 0x01 : conn->io_capability;
7cbc9bd9
JH		 3374 conn->auth_type = hci_get_auth_req(conn);
3375 cp.authentication = conn->auth_type;
17fa4b9d 3376
8fc9ced3
GP		 3377 if (hci_find_remote_oob_data(hdev, &conn->dst) &&
3378 (conn->out || test_bit(HCI_CONN_REMOTE_OOB, &conn->flags)))
ce85ee13
SJ		 3379 cp.oob_data = 0x01;
3380 else
3381 cp.oob_data = 0x00;
3382
17fa4b9d 3383 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_REPLY,
807deac2 3384 sizeof(cp), &cp);
03b555e1
JH		 3385 } else {
3386 struct hci_cp_io_capability_neg_reply cp;
3387
3388 bacpy(&cp.bdaddr, &ev->bdaddr);
9f5a0d7b 3389 cp.reason = HCI_ERROR_PAIRING_NOT_ALLOWED;
0493684e 3390
03b555e1 3391 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_NEG_REPLY,
807deac2 3392 sizeof(cp), &cp);
03b555e1
JH		 3393 }
3394
3395unlock:
3396 hci_dev_unlock(hdev);
3397}
3398
6039aa73 3399static void hci_io_capa_reply_evt(struct hci_dev *hdev, struct sk_buff *skb)
03b555e1
JH		 3400{
3401 struct hci_ev_io_capa_reply *ev = (void *) skb->data;
3402 struct hci_conn *conn;
3403
3404 BT_DBG("%s", hdev->name);
3405
3406 hci_dev_lock(hdev);
3407
3408 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3409 if (!conn)
3410 goto unlock;
3411
03b555e1 3412 conn->remote_cap = ev->capability;
03b555e1 3413 conn->remote_auth = ev->authentication;
58a681ef
JH		 3414 if (ev->oob_data)
3415 set_bit(HCI_CONN_REMOTE_OOB, &conn->flags);
03b555e1
JH		 3416
3417unlock:
0493684e
MH		 3418 hci_dev_unlock(hdev);
3419}
3420
6039aa73
GP		 3421static void hci_user_confirm_request_evt(struct hci_dev *hdev,
3422 struct sk_buff *skb)
a5c29683
JH		 3423{
3424 struct hci_ev_user_confirm_req *ev = (void *) skb->data;
55bc1a37 3425 int loc_mitm, rem_mitm, confirm_hint = 0;
7a828908 3426 struct hci_conn *conn;
a5c29683
JH		 3427
3428 BT_DBG("%s", hdev->name);
3429
3430 hci_dev_lock(hdev);
3431
a8b2d5c2 3432 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
7a828908 3433 goto unlock;
a5c29683 3434
7a828908
JH		 3435 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3436 if (!conn)
3437 goto unlock;
3438
3439 loc_mitm = (conn->auth_type & 0x01);
3440 rem_mitm = (conn->remote_auth & 0x01);
3441
3442 /* If we require MITM but the remote device can't provide that
3443 * (it has NoInputNoOutput) then reject the confirmation
3444 * request. The only exception is when we're dedicated bonding
3445 * initiators (connect_cfm_cb set) since then we always have the MITM
3446 * bit set. */
3447 if (!conn->connect_cfm_cb && loc_mitm && conn->remote_cap == 0x03) {
3448 BT_DBG("Rejecting request: remote device can't provide MITM");
3449 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_NEG_REPLY,
807deac2 3450 sizeof(ev->bdaddr), &ev->bdaddr);
7a828908
JH		 3451 goto unlock;
3452 }
3453
3454 /* If no side requires MITM protection; auto-accept */
3455 if ((!loc_mitm || conn->remote_cap == 0x03) &&
807deac2 3456 (!rem_mitm || conn->io_capability == 0x03)) {
55bc1a37
JH		 3457
3458 /* If we're not the initiators request authorization to
3459 * proceed from user space (mgmt_user_confirm with
3460 * confirm_hint set to 1). */
51a8efd7 3461 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
55bc1a37
JH		 3462 BT_DBG("Confirming auto-accept as acceptor");
3463 confirm_hint = 1;
3464 goto confirm;
3465 }
3466
9f61656a 3467 BT_DBG("Auto-accept of user confirmation with %ums delay",
807deac2 3468 hdev->auto_accept_delay);
9f61656a
JH		 3469
3470 if (hdev->auto_accept_delay > 0) {
3471 int delay = msecs_to_jiffies(hdev->auto_accept_delay);
3472 mod_timer(&conn->auto_accept_timer, jiffies + delay);
3473 goto unlock;
3474 }
3475
7a828908 3476 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_REPLY,
807deac2 3477 sizeof(ev->bdaddr), &ev->bdaddr);
7a828908
JH		 3478 goto unlock;
3479 }
3480
55bc1a37 3481confirm:
272d90df 3482 mgmt_user_confirm_request(hdev, &ev->bdaddr, ACL_LINK, 0, ev->passkey,
04124681 3483 confirm_hint);
7a828908
JH		 3484
3485unlock:
a5c29683
JH		 3486 hci_dev_unlock(hdev);
3487}
3488
6039aa73
GP		 3489static void hci_user_passkey_request_evt(struct hci_dev *hdev,
3490 struct sk_buff *skb)
1143d458
BG		 3491{
3492 struct hci_ev_user_passkey_req *ev = (void *) skb->data;
3493
3494 BT_DBG("%s", hdev->name);
3495
a8b2d5c2 3496 if (test_bit(HCI_MGMT, &hdev->dev_flags))
272d90df 3497 mgmt_user_passkey_request(hdev, &ev->bdaddr, ACL_LINK, 0);
1143d458
BG		 3498}
3499
92a25256
JH		 3500static void hci_user_passkey_notify_evt(struct hci_dev *hdev,
3501 struct sk_buff *skb)
3502{
3503 struct hci_ev_user_passkey_notify *ev = (void *) skb->data;
3504 struct hci_conn *conn;
3505
3506 BT_DBG("%s", hdev->name);
3507
3508 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3509 if (!conn)
3510 return;
3511
3512 conn->passkey_notify = __le32_to_cpu(ev->passkey);
3513 conn->passkey_entered = 0;
3514
3515 if (test_bit(HCI_MGMT, &hdev->dev_flags))
3516 mgmt_user_passkey_notify(hdev, &conn->dst, conn->type,
3517 conn->dst_type, conn->passkey_notify,
3518 conn->passkey_entered);
3519}
3520
3521static void hci_keypress_notify_evt(struct hci_dev *hdev, struct sk_buff *skb)
3522{
3523 struct hci_ev_keypress_notify *ev = (void *) skb->data;
3524 struct hci_conn *conn;
3525
3526 BT_DBG("%s", hdev->name);
3527
3528 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3529 if (!conn)
3530 return;
3531
3532 switch (ev->type) {
3533 case HCI_KEYPRESS_STARTED:
3534 conn->passkey_entered = 0;
3535 return;
3536
3537 case HCI_KEYPRESS_ENTERED:
3538 conn->passkey_entered++;
3539 break;
3540
3541 case HCI_KEYPRESS_ERASED:
3542 conn->passkey_entered--;
3543 break;
3544
3545 case HCI_KEYPRESS_CLEARED:
3546 conn->passkey_entered = 0;
3547 break;
3548
3549 case HCI_KEYPRESS_COMPLETED:
3550 return;
3551 }
3552
3553 if (test_bit(HCI_MGMT, &hdev->dev_flags))
3554 mgmt_user_passkey_notify(hdev, &conn->dst, conn->type,
3555 conn->dst_type, conn->passkey_notify,
3556 conn->passkey_entered);
3557}
3558
6039aa73
GP		 3559static void hci_simple_pair_complete_evt(struct hci_dev *hdev,
3560 struct sk_buff *skb)
0493684e
MH		 3561{
3562 struct hci_ev_simple_pair_complete *ev = (void *) skb->data;
3563 struct hci_conn *conn;
3564
3565 BT_DBG("%s", hdev->name);
3566
3567 hci_dev_lock(hdev);
3568
3569 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2a611692
JH		 3570 if (!conn)
3571 goto unlock;
3572
3573 /* To avoid duplicate auth_failed events to user space we check
3574 * the HCI_CONN_AUTH_PEND flag which will be set if we
3575 * initiated the authentication. A traditional auth_complete
3576 * event gets always produced as initiator and is also mapped to
3577 * the mgmt_auth_failed event */
fa1bd918 3578 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->flags) && ev->status)
bab73cb6 3579 mgmt_auth_failed(hdev, &conn->dst, conn->type, conn->dst_type,
04124681 3580 ev->status);
0493684e 3581
2a611692
JH		 3582 hci_conn_put(conn);
3583
3584unlock:
0493684e
MH		 3585 hci_dev_unlock(hdev);
3586}
3587
6039aa73
GP		 3588static void hci_remote_host_features_evt(struct hci_dev *hdev,
3589 struct sk_buff *skb)
41a96212
MH		 3590{
3591 struct hci_ev_remote_host_features *ev = (void *) skb->data;
3592 struct inquiry_entry *ie;
3593
3594 BT_DBG("%s", hdev->name);
3595
3596 hci_dev_lock(hdev);
3597
cc11b9c1
AE		 3598 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
3599 if (ie)
02b7cc62 3600 ie->data.ssp_mode = (ev->features[0] & LMP_HOST_SSP);
41a96212
MH		 3601
3602 hci_dev_unlock(hdev);
3603}
3604
6039aa73
GP		 3605static void hci_remote_oob_data_request_evt(struct hci_dev *hdev,
3606 struct sk_buff *skb)
2763eda6
SJ		 3607{
3608 struct hci_ev_remote_oob_data_request *ev = (void *) skb->data;
3609 struct oob_data *data;
3610
3611 BT_DBG("%s", hdev->name);
3612
3613 hci_dev_lock(hdev);
3614
a8b2d5c2 3615 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
e1ba1f15
SJ		 3616 goto unlock;
3617
2763eda6
SJ		 3618 data = hci_find_remote_oob_data(hdev, &ev->bdaddr);
3619 if (data) {
3620 struct hci_cp_remote_oob_data_reply cp;
3621
3622 bacpy(&cp.bdaddr, &ev->bdaddr);
3623 memcpy(cp.hash, data->hash, sizeof(cp.hash));
3624 memcpy(cp.randomizer, data->randomizer, sizeof(cp.randomizer));
3625
3626 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_REPLY, sizeof(cp),
807deac2 3627 &cp);
2763eda6
SJ		 3628 } else {
3629 struct hci_cp_remote_oob_data_neg_reply cp;
3630
3631 bacpy(&cp.bdaddr, &ev->bdaddr);
3632 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_NEG_REPLY, sizeof(cp),
807deac2 3633 &cp);
2763eda6
SJ		 3634 }
3635
e1ba1f15 3636unlock:
2763eda6
SJ		 3637 hci_dev_unlock(hdev);
3638}
3639
6039aa73 3640static void hci_le_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
fcd89c09
VT		 3641{
3642 struct hci_ev_le_conn_complete *ev = (void *) skb->data;
3643 struct hci_conn *conn;
3644
9f1db00c 3645 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
fcd89c09
VT		 3646
3647 hci_dev_lock(hdev);
3648
b47a09b3 3649 conn = hci_conn_hash_lookup_state(hdev, LE_LINK, BT_CONNECT);
b62f328b
VT		 3650 if (!conn) {
3651 conn = hci_conn_add(hdev, LE_LINK, &ev->bdaddr);
3652 if (!conn) {
3653 BT_ERR("No memory for new connection");
230fd16a 3654 goto unlock;
b62f328b 3655 }
29b7988a
AG		 3656
3657 conn->dst_type = ev->bdaddr_type;
b9b343d2
AG		 3658
3659 if (ev->role == LE_CONN_ROLE_MASTER) {
3660 conn->out = true;
3661 conn->link_mode |= HCI_LM_MASTER;
3662 }
b62f328b 3663 }
fcd89c09 3664
cd17decb
AG		 3665 if (ev->status) {
3666 mgmt_connect_failed(hdev, &conn->dst, conn->type,
3667 conn->dst_type, ev->status);
3668 hci_proto_connect_cfm(conn, ev->status);
3669 conn->state = BT_CLOSED;
3670 hci_conn_del(conn);
3671 goto unlock;
3672 }
3673
b644ba33
JH		 3674 if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
3675 mgmt_device_connected(hdev, &ev->bdaddr, conn->type,
04124681 3676 conn->dst_type, 0, NULL, 0, NULL);
83bc71b4 3677
7b5c0d52 3678 conn->sec_level = BT_SECURITY_LOW;
fcd89c09
VT		 3679 conn->handle = __le16_to_cpu(ev->handle);
3680 conn->state = BT_CONNECTED;
3681
3682 hci_conn_hold_device(conn);
3683 hci_conn_add_sysfs(conn);
3684
3685 hci_proto_connect_cfm(conn, ev->status);
3686
3687unlock:
3688 hci_dev_unlock(hdev);
3689}
3690
6039aa73 3691static void hci_le_adv_report_evt(struct hci_dev *hdev, struct sk_buff *skb)
9aa04c91 3692{
e95beb41
AG		 3693 u8 num_reports = skb->data[0];
3694 void *ptr = &skb->data[1];
3c9e9195 3695 s8 rssi;
9aa04c91
AG		 3696
3697 hci_dev_lock(hdev);
3698
e95beb41
AG		 3699 while (num_reports--) {
3700 struct hci_ev_le_advertising_info *ev = ptr;
9aa04c91 3701
3c9e9195
AG		 3702 rssi = ev->data[ev->length];
3703 mgmt_device_found(hdev, &ev->bdaddr, LE_LINK, ev->bdaddr_type,
04124681 3704 NULL, rssi, 0, 1, ev->data, ev->length);
3c9e9195 3705
e95beb41 3706 ptr += sizeof(*ev) + ev->length + 1;
9aa04c91
AG		 3707 }
3708
3709 hci_dev_unlock(hdev);
3710}
3711
6039aa73 3712static void hci_le_ltk_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
a7a595f6
VCG		 3713{
3714 struct hci_ev_le_ltk_req *ev = (void *) skb->data;
3715 struct hci_cp_le_ltk_reply cp;
bea710fe 3716 struct hci_cp_le_ltk_neg_reply neg;
a7a595f6 3717 struct hci_conn *conn;
c9839a11 3718 struct smp_ltk *ltk;
a7a595f6 3719
9f1db00c 3720 BT_DBG("%s handle 0x%4.4x", hdev->name, __le16_to_cpu(ev->handle));
a7a595f6
VCG		 3721
3722 hci_dev_lock(hdev);
3723
3724 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
bea710fe
VCG		 3725 if (conn == NULL)
3726 goto not_found;
a7a595f6 3727
bea710fe
VCG		 3728 ltk = hci_find_ltk(hdev, ev->ediv, ev->random);
3729 if (ltk == NULL)
3730 goto not_found;
3731
3732 memcpy(cp.ltk, ltk->val, sizeof(ltk->val));
a7a595f6 3733 cp.handle = cpu_to_le16(conn->handle);
c9839a11
VCG		 3734
3735 if (ltk->authenticated)
3736 conn->sec_level = BT_SECURITY_HIGH;
a7a595f6
VCG		 3737
3738 hci_send_cmd(hdev, HCI_OP_LE_LTK_REPLY, sizeof(cp), &cp);
3739
c9839a11
VCG		 3740 if (ltk->type & HCI_SMP_STK) {
3741 list_del(&ltk->list);
3742 kfree(ltk);
3743 }
3744
a7a595f6 3745 hci_dev_unlock(hdev);
bea710fe
VCG		 3746
3747 return;
3748
3749not_found:
3750 neg.handle = ev->handle;
3751 hci_send_cmd(hdev, HCI_OP_LE_LTK_NEG_REPLY, sizeof(neg), &neg);
3752 hci_dev_unlock(hdev);
a7a595f6
VCG		 3753}
3754
6039aa73 3755static void hci_le_meta_evt(struct hci_dev *hdev, struct sk_buff *skb)
fcd89c09
VT		 3756{
3757 struct hci_ev_le_meta *le_ev = (void *) skb->data;
3758
3759 skb_pull(skb, sizeof(*le_ev));
3760
3761 switch (le_ev->subevent) {
3762 case HCI_EV_LE_CONN_COMPLETE:
3763 hci_le_conn_complete_evt(hdev, skb);
3764 break;
3765
9aa04c91
AG		 3766 case HCI_EV_LE_ADVERTISING_REPORT:
3767 hci_le_adv_report_evt(hdev, skb);
3768 break;
3769
a7a595f6
VCG		 3770 case HCI_EV_LE_LTK_REQ:
3771 hci_le_ltk_request_evt(hdev, skb);
3772 break;
3773
fcd89c09
VT		 3774 default:
3775 break;
3776 }
3777}
3778
9495b2ee
AE		 3779static void hci_chan_selected_evt(struct hci_dev *hdev, struct sk_buff *skb)
3780{
3781 struct hci_ev_channel_selected *ev = (void *) skb->data;
3782 struct hci_conn *hcon;
3783
3784 BT_DBG("%s handle 0x%2.2x", hdev->name, ev->phy_handle);
3785
3786 skb_pull(skb, sizeof(*ev));
3787
3788 hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
3789 if (!hcon)
3790 return;
3791
3792 amp_read_loc_assoc_final_data(hdev, hcon);
3793}
3794
a9de9248
MH		 3795void hci_event_packet(struct hci_dev *hdev, struct sk_buff *skb)
3796{
3797 struct hci_event_hdr *hdr = (void *) skb->data;
3798 __u8 event = hdr->evt;
3799
3800 skb_pull(skb, HCI_EVENT_HDR_SIZE);
3801
3802 switch (event) {
1da177e4
LT		 3803 case HCI_EV_INQUIRY_COMPLETE:
3804 hci_inquiry_complete_evt(hdev, skb);
3805 break;
3806
3807 case HCI_EV_INQUIRY_RESULT:
3808 hci_inquiry_result_evt(hdev, skb);
3809 break;
3810
a9de9248
MH		 3811 case HCI_EV_CONN_COMPLETE:
3812 hci_conn_complete_evt(hdev, skb);
21d9e30e
MH		 3813 break;
3814
1da177e4
LT		 3815 case HCI_EV_CONN_REQUEST:
3816 hci_conn_request_evt(hdev, skb);
3817 break;
3818
1da177e4
LT		 3819 case HCI_EV_DISCONN_COMPLETE:
3820 hci_disconn_complete_evt(hdev, skb);
3821 break;
3822
1da177e4
LT		 3823 case HCI_EV_AUTH_COMPLETE:
3824 hci_auth_complete_evt(hdev, skb);
3825 break;
3826
a9de9248
MH		 3827 case HCI_EV_REMOTE_NAME:
3828 hci_remote_name_evt(hdev, skb);
3829 break;
3830
1da177e4
LT		 3831 case HCI_EV_ENCRYPT_CHANGE:
3832 hci_encrypt_change_evt(hdev, skb);
3833 break;
3834
a9de9248
MH		 3835 case HCI_EV_CHANGE_LINK_KEY_COMPLETE:
3836 hci_change_link_key_complete_evt(hdev, skb);
3837 break;
3838
3839 case HCI_EV_REMOTE_FEATURES:
3840 hci_remote_features_evt(hdev, skb);
3841 break;
3842
3843 case HCI_EV_REMOTE_VERSION:
3844 hci_remote_version_evt(hdev, skb);
3845 break;
3846
3847 case HCI_EV_QOS_SETUP_COMPLETE:
3848 hci_qos_setup_complete_evt(hdev, skb);
3849 break;
3850
3851 case HCI_EV_CMD_COMPLETE:
3852 hci_cmd_complete_evt(hdev, skb);
3853 break;
3854
3855 case HCI_EV_CMD_STATUS:
3856 hci_cmd_status_evt(hdev, skb);
3857 break;
3858
3859 case HCI_EV_ROLE_CHANGE:
3860 hci_role_change_evt(hdev, skb);
3861 break;
3862
3863 case HCI_EV_NUM_COMP_PKTS:
3864 hci_num_comp_pkts_evt(hdev, skb);
3865 break;
3866
3867 case HCI_EV_MODE_CHANGE:
3868 hci_mode_change_evt(hdev, skb);
1da177e4
LT		 3869 break;
3870
3871 case HCI_EV_PIN_CODE_REQ:
3872 hci_pin_code_request_evt(hdev, skb);
3873 break;
3874
3875 case HCI_EV_LINK_KEY_REQ:
3876 hci_link_key_request_evt(hdev, skb);
3877 break;
3878
3879 case HCI_EV_LINK_KEY_NOTIFY:
3880 hci_link_key_notify_evt(hdev, skb);
3881 break;
3882
3883 case HCI_EV_CLOCK_OFFSET:
3884 hci_clock_offset_evt(hdev, skb);
3885 break;
3886
a8746417
MH		 3887 case HCI_EV_PKT_TYPE_CHANGE:
3888 hci_pkt_type_change_evt(hdev, skb);
3889 break;
3890
85a1e930
MH		 3891 case HCI_EV_PSCAN_REP_MODE:
3892 hci_pscan_rep_mode_evt(hdev, skb);
3893 break;
3894
a9de9248
MH		 3895 case HCI_EV_INQUIRY_RESULT_WITH_RSSI:
3896 hci_inquiry_result_with_rssi_evt(hdev, skb);
04837f64
MH		 3897 break;
3898
a9de9248
MH		 3899 case HCI_EV_REMOTE_EXT_FEATURES:
3900 hci_remote_ext_features_evt(hdev, skb);
1da177e4
LT		 3901 break;
3902
a9de9248
MH		 3903 case HCI_EV_SYNC_CONN_COMPLETE:
3904 hci_sync_conn_complete_evt(hdev, skb);
3905 break;
1da177e4 3906
a9de9248
MH		 3907 case HCI_EV_SYNC_CONN_CHANGED:
3908 hci_sync_conn_changed_evt(hdev, skb);
3909 break;
1da177e4 3910
a9de9248
MH		 3911 case HCI_EV_SNIFF_SUBRATE:
3912 hci_sniff_subrate_evt(hdev, skb);
3913 break;
1da177e4 3914
a9de9248
MH		 3915 case HCI_EV_EXTENDED_INQUIRY_RESULT:
3916 hci_extended_inquiry_result_evt(hdev, skb);
3917 break;
1da177e4 3918
1c2e0041
JH		 3919 case HCI_EV_KEY_REFRESH_COMPLETE:
3920 hci_key_refresh_complete_evt(hdev, skb);
3921 break;
3922
0493684e
MH		 3923 case HCI_EV_IO_CAPA_REQUEST:
3924 hci_io_capa_request_evt(hdev, skb);
3925 break;
3926
03b555e1
JH		 3927 case HCI_EV_IO_CAPA_REPLY:
3928 hci_io_capa_reply_evt(hdev, skb);
3929 break;
3930
a5c29683
JH		 3931 case HCI_EV_USER_CONFIRM_REQUEST:
3932 hci_user_confirm_request_evt(hdev, skb);
3933 break;
3934
1143d458
BG		 3935 case HCI_EV_USER_PASSKEY_REQUEST:
3936 hci_user_passkey_request_evt(hdev, skb);
3937 break;
3938
92a25256
JH		 3939 case HCI_EV_USER_PASSKEY_NOTIFY:
3940 hci_user_passkey_notify_evt(hdev, skb);
3941 break;
3942
3943 case HCI_EV_KEYPRESS_NOTIFY:
3944 hci_keypress_notify_evt(hdev, skb);
3945 break;
3946
0493684e
MH		 3947 case HCI_EV_SIMPLE_PAIR_COMPLETE:
3948 hci_simple_pair_complete_evt(hdev, skb);
3949 break;
3950
41a96212
MH		 3951 case HCI_EV_REMOTE_HOST_FEATURES:
3952 hci_remote_host_features_evt(hdev, skb);
3953 break;
3954
fcd89c09
VT		 3955 case HCI_EV_LE_META:
3956 hci_le_meta_evt(hdev, skb);
3957 break;
3958
9495b2ee
AE		 3959 case HCI_EV_CHANNEL_SELECTED:
3960 hci_chan_selected_evt(hdev, skb);
3961 break;
3962
2763eda6
SJ		 3963 case HCI_EV_REMOTE_OOB_DATA_REQUEST:
3964 hci_remote_oob_data_request_evt(hdev, skb);
3965 break;
3966
25e89e99
AE		 3967 case HCI_EV_NUM_COMP_BLOCKS:
3968 hci_num_comp_blocks_evt(hdev, skb);
3969 break;
3970
a9de9248 3971 default:
9f1db00c 3972 BT_DBG("%s event 0x%2.2x", hdev->name, event);
1da177e4
LT		 3973 break;
3974 }
3975
3976 kfree_skb(skb);
3977 hdev->stat.evt_rx++;
3978}
kernel source for telekom puls (alcatel/mediatek)