projects / GitHub / mt8127 / android_kernel_alcatel_ttab.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Merge tag 'v3.10.55' into update
[GitHub/mt8127/android_kernel_alcatel_ttab.git] / net / bluetooth / hci_event.c
CommitLineData
8e87d142 1/*
1da177e4 2 BlueZ - Bluetooth protocol stack for Linux
2d0a0346 3 Copyright (c) 2000-2001, 2010, Code Aurora Forum. All rights reserved.
1da177e4
LT		 4
5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
8e87d142
YH		 15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
1da177e4
LT		 18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
8e87d142
YH		 20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
1da177e4
LT		 22 SOFTWARE IS DISCLAIMED.
23*/
24
25/* Bluetooth HCI event handling. */
26
1da177e4
LT		 27#include <asm/unaligned.h>
28
29#include <net/bluetooth/bluetooth.h>
30#include <net/bluetooth/hci_core.h>
f0d6a0ea 31#include <net/bluetooth/mgmt.h>
8e2a0d92 32#include <net/bluetooth/a2mp.h>
903e4541 33#include <net/bluetooth/amp.h>
1da177e4 34
1da177e4
LT		 35/* Handle HCI Event packets */
36
a9de9248 37static void hci_cc_inquiry_cancel(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 38{
a9de9248 39 __u8 status = *((__u8 *) skb->data);
1da177e4 40
9f1db00c 41 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1da177e4 42
e6d465cb
AG		 43 if (status) {
44 hci_dev_lock(hdev);
45 mgmt_stop_discovery_failed(hdev, status);
46 hci_dev_unlock(hdev);
a9de9248 47 return;
e6d465cb 48 }
1da177e4 49
89352e7d 50 clear_bit(HCI_INQUIRY, &hdev->flags);
3e13fa1e
AG		 51 smp_mb__after_clear_bit(); /* wake_up_bit advises about this barrier */
52 wake_up_bit(&hdev->flags, HCI_INQUIRY);
89352e7d 53
56e5cb86 54 hci_dev_lock(hdev);
ff9ef578 55 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
56e5cb86 56 hci_dev_unlock(hdev);
6bd57416 57
a9de9248
MH		 58 hci_conn_check_pending(hdev);
59}
6bd57416 60
4d93483b
AG		 61static void hci_cc_periodic_inq(struct hci_dev *hdev, struct sk_buff *skb)
62{
63 __u8 status = *((__u8 *) skb->data);
64
9f1db00c 65 BT_DBG("%s status 0x%2.2x", hdev->name, status);
ae854a70
AG		 66
67 if (status)
68 return;
69
70 set_bit(HCI_PERIODIC_INQ, &hdev->dev_flags);
4d93483b
AG		 71}
72
a9de9248
MH		 73static void hci_cc_exit_periodic_inq(struct hci_dev *hdev, struct sk_buff *skb)
74{
75 __u8 status = *((__u8 *) skb->data);
6bd57416 76
9f1db00c 77 BT_DBG("%s status 0x%2.2x", hdev->name, status);
6bd57416 78
a9de9248
MH		 79 if (status)
80 return;
1da177e4 81
ae854a70
AG		 82 clear_bit(HCI_PERIODIC_INQ, &hdev->dev_flags);
83
a9de9248
MH		 84 hci_conn_check_pending(hdev);
85}
86
807deac2
GP		 87static void hci_cc_remote_name_req_cancel(struct hci_dev *hdev,
88 struct sk_buff *skb)
a9de9248
MH		 89{
90 BT_DBG("%s", hdev->name);
91}
92
93static void hci_cc_role_discovery(struct hci_dev *hdev, struct sk_buff *skb)
94{
95 struct hci_rp_role_discovery *rp = (void *) skb->data;
96 struct hci_conn *conn;
97
9f1db00c 98 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
a9de9248
MH		 99
100 if (rp->status)
101 return;
102
103 hci_dev_lock(hdev);
104
105 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
106 if (conn) {
107 if (rp->role)
108 conn->link_mode &= ~HCI_LM_MASTER;
109 else
110 conn->link_mode |= HCI_LM_MASTER;
1da177e4 111 }
a9de9248
MH		 112
113 hci_dev_unlock(hdev);
1da177e4
LT		 114}
115
e4e8e37c
MH		 116static void hci_cc_read_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
117{
118 struct hci_rp_read_link_policy *rp = (void *) skb->data;
119 struct hci_conn *conn;
120
9f1db00c 121 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
e4e8e37c
MH		 122
123 if (rp->status)
124 return;
125
126 hci_dev_lock(hdev);
127
128 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
129 if (conn)
130 conn->link_policy = __le16_to_cpu(rp->policy);
131
132 hci_dev_unlock(hdev);
133}
134
a9de9248 135static void hci_cc_write_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 136{
a9de9248 137 struct hci_rp_write_link_policy *rp = (void *) skb->data;
1da177e4 138 struct hci_conn *conn;
04837f64 139 void *sent;
1da177e4 140
9f1db00c 141 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1da177e4 142
a9de9248
MH		 143 if (rp->status)
144 return;
1da177e4 145
a9de9248
MH		 146 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LINK_POLICY);
147 if (!sent)
148 return;
1da177e4 149
a9de9248 150 hci_dev_lock(hdev);
1da177e4 151
a9de9248 152 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
e4e8e37c 153 if (conn)
83985319 154 conn->link_policy = get_unaligned_le16(sent + 2);
1da177e4 155
a9de9248
MH		 156 hci_dev_unlock(hdev);
157}
1da177e4 158
807deac2
GP		 159static void hci_cc_read_def_link_policy(struct hci_dev *hdev,
160 struct sk_buff *skb)
e4e8e37c
MH		 161{
162 struct hci_rp_read_def_link_policy *rp = (void *) skb->data;
163
9f1db00c 164 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
e4e8e37c
MH		 165
166 if (rp->status)
167 return;
168
169 hdev->link_policy = __le16_to_cpu(rp->policy);
170}
171
807deac2
GP		 172static void hci_cc_write_def_link_policy(struct hci_dev *hdev,
173 struct sk_buff *skb)
e4e8e37c
MH		 174{
175 __u8 status = *((__u8 *) skb->data);
176 void *sent;
177
9f1db00c 178 BT_DBG("%s status 0x%2.2x", hdev->name, status);
e4e8e37c
MH		 179
180 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_DEF_LINK_POLICY);
181 if (!sent)
182 return;
183
184 if (!status)
185 hdev->link_policy = get_unaligned_le16(sent);
e4e8e37c
MH		 186}
187
a9de9248
MH		 188static void hci_cc_reset(struct hci_dev *hdev, struct sk_buff *skb)
189{
190 __u8 status = *((__u8 *) skb->data);
04837f64 191
9f1db00c 192 BT_DBG("%s status 0x%2.2x", hdev->name, status);
04837f64 193
10572132
GP		 194 clear_bit(HCI_RESET, &hdev->flags);
195
a297e97c 196 /* Reset all non-persistent flags */
2cc6fb00 197 hdev->dev_flags &= ~HCI_PERSISTENT_MASK;
69775ff6
AG		 198
199 hdev->discovery.state = DISCOVERY_STOPPED;
bbaf444a
JH		 200 hdev->inq_tx_power = HCI_TX_POWER_INVALID;
201 hdev->adv_tx_power = HCI_TX_POWER_INVALID;
3f0f524b
JH		 202
203 memset(hdev->adv_data, 0, sizeof(hdev->adv_data));
204 hdev->adv_data_len = 0;
a9de9248 205}
04837f64 206
a9de9248
MH		 207static void hci_cc_write_local_name(struct hci_dev *hdev, struct sk_buff *skb)
208{
209 __u8 status = *((__u8 *) skb->data);
210 void *sent;
04837f64 211
9f1db00c 212 BT_DBG("%s status 0x%2.2x", hdev->name, status);
04837f64 213
a9de9248
MH		 214 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LOCAL_NAME);
215 if (!sent)
216 return;
04837f64 217
56e5cb86
JH		 218 hci_dev_lock(hdev);
219
f51d5b24
JH		 220 if (test_bit(HCI_MGMT, &hdev->dev_flags))
221 mgmt_set_local_name_complete(hdev, sent, status);
28cc7bde
JH		 222 else if (!status)
223 memcpy(hdev->dev_name, sent, HCI_MAX_NAME_LENGTH);
f51d5b24 224
56e5cb86 225 hci_dev_unlock(hdev);
a9de9248
MH		 226}
227
228static void hci_cc_read_local_name(struct hci_dev *hdev, struct sk_buff *skb)
229{
230 struct hci_rp_read_local_name *rp = (void *) skb->data;
231
9f1db00c 232 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
a9de9248
MH		 233
234 if (rp->status)
235 return;
236
db99b5fc
JH		 237 if (test_bit(HCI_SETUP, &hdev->dev_flags))
238 memcpy(hdev->dev_name, rp->name, HCI_MAX_NAME_LENGTH);
a9de9248
MH		 239}
240
241static void hci_cc_write_auth_enable(struct hci_dev *hdev, struct sk_buff *skb)
242{
243 __u8 status = *((__u8 *) skb->data);
244 void *sent;
245
9f1db00c 246 BT_DBG("%s status 0x%2.2x", hdev->name, status);
a9de9248
MH		 247
248 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_AUTH_ENABLE);
249 if (!sent)
250 return;
251
252 if (!status) {
253 __u8 param = *((__u8 *) sent);
254
255 if (param == AUTH_ENABLED)
256 set_bit(HCI_AUTH, &hdev->flags);
257 else
258 clear_bit(HCI_AUTH, &hdev->flags);
1da177e4 259 }
a9de9248 260
33ef95ed
JH		 261 if (test_bit(HCI_MGMT, &hdev->dev_flags))
262 mgmt_auth_enable_complete(hdev, status);
1da177e4
LT		 263}
264
a9de9248 265static void hci_cc_write_encrypt_mode(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 266{
a9de9248 267 __u8 status = *((__u8 *) skb->data);
1da177e4
LT		 268 void *sent;
269
9f1db00c 270 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1da177e4 271
a9de9248
MH		 272 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_ENCRYPT_MODE);
273 if (!sent)
274 return;
1da177e4 275
a9de9248
MH		 276 if (!status) {
277 __u8 param = *((__u8 *) sent);
278
279 if (param)
280 set_bit(HCI_ENCRYPT, &hdev->flags);
281 else
282 clear_bit(HCI_ENCRYPT, &hdev->flags);
283 }
a9de9248 284}
1da177e4 285
a9de9248
MH		 286static void hci_cc_write_scan_enable(struct hci_dev *hdev, struct sk_buff *skb)
287{
36f7fc7e
JH		 288 __u8 param, status = *((__u8 *) skb->data);
289 int old_pscan, old_iscan;
a9de9248 290 void *sent;
1da177e4 291
9f1db00c 292 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1da177e4 293
a9de9248
MH		 294 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SCAN_ENABLE);
295 if (!sent)
296 return;
1da177e4 297
36f7fc7e
JH		 298 param = *((__u8 *) sent);
299
56e5cb86
JH		 300 hci_dev_lock(hdev);
301
fa1bd918 302 if (status) {
744cf19e 303 mgmt_write_scan_failed(hdev, param, status);
2d7cee58
JH		 304 hdev->discov_timeout = 0;
305 goto done;
306 }
307
36f7fc7e
JH		 308 old_pscan = test_and_clear_bit(HCI_PSCAN, &hdev->flags);
309 old_iscan = test_and_clear_bit(HCI_ISCAN, &hdev->flags);
310
311 if (param & SCAN_INQUIRY) {
312 set_bit(HCI_ISCAN, &hdev->flags);
313 if (!old_iscan)
744cf19e 314 mgmt_discoverable(hdev, 1);
16ab91ab
JH		 315 if (hdev->discov_timeout > 0) {
316 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
317 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
807deac2 318 to);
16ab91ab 319 }
36f7fc7e 320 } else if (old_iscan)
744cf19e 321 mgmt_discoverable(hdev, 0);
36f7fc7e
JH		 322
323 if (param & SCAN_PAGE) {
324 set_bit(HCI_PSCAN, &hdev->flags);
325 if (!old_pscan)
744cf19e 326 mgmt_connectable(hdev, 1);
36f7fc7e 327 } else if (old_pscan)
744cf19e 328 mgmt_connectable(hdev, 0);
1da177e4 329
36f7fc7e 330done:
56e5cb86 331 hci_dev_unlock(hdev);
a9de9248 332}
1da177e4 333
a9de9248
MH		 334static void hci_cc_read_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
335{
336 struct hci_rp_read_class_of_dev *rp = (void *) skb->data;
1da177e4 337
9f1db00c 338 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1da177e4 339
a9de9248
MH		 340 if (rp->status)
341 return;
1da177e4 342
a9de9248 343 memcpy(hdev->dev_class, rp->dev_class, 3);
1da177e4 344
a9de9248 345 BT_DBG("%s class 0x%.2x%.2x%.2x", hdev->name,
807deac2 346 hdev->dev_class[2], hdev->dev_class[1], hdev->dev_class[0]);
a9de9248 347}
1da177e4 348
a9de9248
MH		 349static void hci_cc_write_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
350{
351 __u8 status = *((__u8 *) skb->data);
352 void *sent;
1da177e4 353
9f1db00c 354 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1da177e4 355
a9de9248
MH		 356 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_CLASS_OF_DEV);
357 if (!sent)
358 return;
1da177e4 359
7f9a903c
MH		 360 hci_dev_lock(hdev);
361
362 if (status == 0)
363 memcpy(hdev->dev_class, sent, 3);
364
365 if (test_bit(HCI_MGMT, &hdev->dev_flags))
366 mgmt_set_class_of_dev_complete(hdev, sent, status);
367
368 hci_dev_unlock(hdev);
a9de9248 369}
1da177e4 370
a9de9248
MH		 371static void hci_cc_read_voice_setting(struct hci_dev *hdev, struct sk_buff *skb)
372{
373 struct hci_rp_read_voice_setting *rp = (void *) skb->data;
374 __u16 setting;
375
9f1db00c 376 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
a9de9248
MH		 377
378 if (rp->status)
379 return;
380
381 setting = __le16_to_cpu(rp->voice_setting);
382
f383f275 383 if (hdev->voice_setting == setting)
a9de9248
MH		 384 return;
385
386 hdev->voice_setting = setting;
387
9f1db00c 388 BT_DBG("%s voice setting 0x%4.4x", hdev->name, setting);
a9de9248 389
3c54711c 390 if (hdev->notify)
a9de9248 391 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
a9de9248
MH		 392}
393
8fc9ced3
GP		 394static void hci_cc_write_voice_setting(struct hci_dev *hdev,
395 struct sk_buff *skb)
a9de9248
MH		 396{
397 __u8 status = *((__u8 *) skb->data);
f383f275 398 __u16 setting;
a9de9248
MH		 399 void *sent;
400
9f1db00c 401 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1da177e4 402
f383f275
MH		 403 if (status)
404 return;
405
a9de9248
MH		 406 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_VOICE_SETTING);
407 if (!sent)
408 return;
1da177e4 409
f383f275 410 setting = get_unaligned_le16(sent);
1da177e4 411
f383f275
MH		 412 if (hdev->voice_setting == setting)
413 return;
414
415 hdev->voice_setting = setting;
1da177e4 416
9f1db00c 417 BT_DBG("%s voice setting 0x%4.4x", hdev->name, setting);
1da177e4 418
3c54711c 419 if (hdev->notify)
f383f275 420 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
1da177e4
LT		 421}
422
333140b5
MH		 423static void hci_cc_write_ssp_mode(struct hci_dev *hdev, struct sk_buff *skb)
424{
425 __u8 status = *((__u8 *) skb->data);
5ed8eb2f 426 struct hci_cp_write_ssp_mode *sent;
333140b5 427
9f1db00c 428 BT_DBG("%s status 0x%2.2x", hdev->name, status);
333140b5 429
333140b5
MH		 430 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SSP_MODE);
431 if (!sent)
432 return;
433
5ed8eb2f
JH		 434 if (!status) {
435 if (sent->mode)
cad718ed 436 hdev->features[1][0] |= LMP_HOST_SSP;
5ed8eb2f 437 else
cad718ed 438 hdev->features[1][0] &= ~LMP_HOST_SSP;
5ed8eb2f
JH		 439 }
440
ed2c4ee3 441 if (test_bit(HCI_MGMT, &hdev->dev_flags))
5ed8eb2f 442 mgmt_ssp_enable_complete(hdev, sent->mode, status);
c0ecddc2 443 else if (!status) {
5ed8eb2f 444 if (sent->mode)
c0ecddc2
JH		 445 set_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
446 else
447 clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
448 }
333140b5
MH		 449}
450
a9de9248
MH		 451static void hci_cc_read_local_version(struct hci_dev *hdev, struct sk_buff *skb)
452{
453 struct hci_rp_read_local_version *rp = (void *) skb->data;
1143e5a6 454
9f1db00c 455 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1143e5a6 456
a9de9248 457 if (rp->status)
42c6b129 458 return;
1143e5a6 459
a9de9248 460 hdev->hci_ver = rp->hci_ver;
e4e8e37c 461 hdev->hci_rev = __le16_to_cpu(rp->hci_rev);
d5859e22 462 hdev->lmp_ver = rp->lmp_ver;
e4e8e37c 463 hdev->manufacturer = __le16_to_cpu(rp->manufacturer);
d5859e22 464 hdev->lmp_subver = __le16_to_cpu(rp->lmp_subver);
1143e5a6 465
9f1db00c 466 BT_DBG("%s manufacturer 0x%4.4x hci ver %d:%d", hdev->name,
807deac2 467 hdev->manufacturer, hdev->hci_ver, hdev->hci_rev);
d5859e22
JH		 468}
469
8fc9ced3
GP		 470static void hci_cc_read_local_commands(struct hci_dev *hdev,
471 struct sk_buff *skb)
a9de9248
MH		 472{
473 struct hci_rp_read_local_commands *rp = (void *) skb->data;
1da177e4 474
9f1db00c 475 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1da177e4 476
2177bab5
JH		 477 if (!rp->status)
478 memcpy(hdev->commands, rp->commands, sizeof(hdev->commands));
a9de9248 479}
1da177e4 480
8fc9ced3
GP		 481static void hci_cc_read_local_features(struct hci_dev *hdev,
482 struct sk_buff *skb)
a9de9248
MH		 483{
484 struct hci_rp_read_local_features *rp = (void *) skb->data;
5b7f9909 485
9f1db00c 486 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1da177e4 487
a9de9248
MH		 488 if (rp->status)
489 return;
5b7f9909 490
a9de9248 491 memcpy(hdev->features, rp->features, 8);
5b7f9909 492
a9de9248
MH		 493 /* Adjust default settings according to features
494 * supported by device. */
1da177e4 495
cad718ed 496 if (hdev->features[0][0] & LMP_3SLOT)
a9de9248 497 hdev->pkt_type |= (HCI_DM3 | HCI_DH3);
1da177e4 498
cad718ed 499 if (hdev->features[0][0] & LMP_5SLOT)
a9de9248 500 hdev->pkt_type |= (HCI_DM5 | HCI_DH5);
1da177e4 501
cad718ed 502 if (hdev->features[0][1] & LMP_HV2) {
a9de9248
MH		 503 hdev->pkt_type |= (HCI_HV2);
504 hdev->esco_type |= (ESCO_HV2);
505 }
1da177e4 506
cad718ed 507 if (hdev->features[0][1] & LMP_HV3) {
a9de9248
MH		 508 hdev->pkt_type |= (HCI_HV3);
509 hdev->esco_type |= (ESCO_HV3);
510 }
1da177e4 511
45db810f 512 if (lmp_esco_capable(hdev))
a9de9248 513 hdev->esco_type |= (ESCO_EV3);
da1f5198 514
cad718ed 515 if (hdev->features[0][4] & LMP_EV4)
a9de9248 516 hdev->esco_type |= (ESCO_EV4);
da1f5198 517
cad718ed 518 if (hdev->features[0][4] & LMP_EV5)
a9de9248 519 hdev->esco_type |= (ESCO_EV5);
1da177e4 520
cad718ed 521 if (hdev->features[0][5] & LMP_EDR_ESCO_2M)
efc7688b
MH		 522 hdev->esco_type |= (ESCO_2EV3);
523
cad718ed 524 if (hdev->features[0][5] & LMP_EDR_ESCO_3M)
efc7688b
MH		 525 hdev->esco_type |= (ESCO_3EV3);
526
cad718ed 527 if (hdev->features[0][5] & LMP_EDR_3S_ESCO)
efc7688b
MH		 528 hdev->esco_type |= (ESCO_2EV5 | ESCO_3EV5);
529
a9de9248 530 BT_DBG("%s features 0x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x", hdev->name,
cad718ed
JH		 531 hdev->features[0][0], hdev->features[0][1],
532 hdev->features[0][2], hdev->features[0][3],
533 hdev->features[0][4], hdev->features[0][5],
534 hdev->features[0][6], hdev->features[0][7]);
a9de9248 535}
1da177e4 536
971e3a4b 537static void hci_cc_read_local_ext_features(struct hci_dev *hdev,
807deac2 538 struct sk_buff *skb)
971e3a4b
AG		 539{
540 struct hci_rp_read_local_ext_features *rp = (void *) skb->data;
541
9f1db00c 542 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
971e3a4b
AG		 543
544 if (rp->status)
42c6b129 545 return;
971e3a4b 546
d2c5d77f
JH		 547 hdev->max_page = rp->max_page;
548
cad718ed
JH		 549 if (rp->page < HCI_MAX_PAGES)
550 memcpy(hdev->features[rp->page], rp->features, 8);
971e3a4b
AG		 551}
552
1e89cffb 553static void hci_cc_read_flow_control_mode(struct hci_dev *hdev,
807deac2 554 struct sk_buff *skb)
1e89cffb
AE		 555{
556 struct hci_rp_read_flow_control_mode *rp = (void *) skb->data;
557
9f1db00c 558 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1e89cffb 559
42c6b129
JH		 560 if (!rp->status)
561 hdev->flow_ctl_mode = rp->mode;
1e89cffb
AE		 562}
563
a9de9248
MH		 564static void hci_cc_read_buffer_size(struct hci_dev *hdev, struct sk_buff *skb)
565{
566 struct hci_rp_read_buffer_size *rp = (void *) skb->data;
1da177e4 567
9f1db00c 568 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1da177e4 569
a9de9248
MH		 570 if (rp->status)
571 return;
1da177e4 572
a9de9248
MH		 573 hdev->acl_mtu = __le16_to_cpu(rp->acl_mtu);
574 hdev->sco_mtu = rp->sco_mtu;
575 hdev->acl_pkts = __le16_to_cpu(rp->acl_max_pkt);
576 hdev->sco_pkts = __le16_to_cpu(rp->sco_max_pkt);
577
578 if (test_bit(HCI_QUIRK_FIXUP_BUFFER_SIZE, &hdev->quirks)) {
579 hdev->sco_mtu = 64;
580 hdev->sco_pkts = 8;
1da177e4 581 }
a9de9248
MH		 582
583 hdev->acl_cnt = hdev->acl_pkts;
584 hdev->sco_cnt = hdev->sco_pkts;
585
807deac2
GP		 586 BT_DBG("%s acl mtu %d:%d sco mtu %d:%d", hdev->name, hdev->acl_mtu,
587 hdev->acl_pkts, hdev->sco_mtu, hdev->sco_pkts);
a9de9248
MH		 588}
589
590static void hci_cc_read_bd_addr(struct hci_dev *hdev, struct sk_buff *skb)
591{
592 struct hci_rp_read_bd_addr *rp = (void *) skb->data;
593
9f1db00c 594 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
a9de9248
MH		 595
596 if (!rp->status)
597 bacpy(&hdev->bdaddr, &rp->bdaddr);
23bb5763
JH		 598}
599
f332ec66
JH		 600static void hci_cc_read_page_scan_activity(struct hci_dev *hdev,
601 struct sk_buff *skb)
602{
603 struct hci_rp_read_page_scan_activity *rp = (void *) skb->data;
604
605 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
606
607 if (test_bit(HCI_INIT, &hdev->flags) && !rp->status) {
608 hdev->page_scan_interval = __le16_to_cpu(rp->interval);
609 hdev->page_scan_window = __le16_to_cpu(rp->window);
610 }
611}
612
4a3ee763
JH		 613static void hci_cc_write_page_scan_activity(struct hci_dev *hdev,
614 struct sk_buff *skb)
615{
616 u8 status = *((u8 *) skb->data);
617 struct hci_cp_write_page_scan_activity *sent;
618
619 BT_DBG("%s status 0x%2.2x", hdev->name, status);
620
621 if (status)
622 return;
623
624 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY);
625 if (!sent)
626 return;
627
628 hdev->page_scan_interval = __le16_to_cpu(sent->interval);
629 hdev->page_scan_window = __le16_to_cpu(sent->window);
630}
631
f332ec66
JH		 632static void hci_cc_read_page_scan_type(struct hci_dev *hdev,
633 struct sk_buff *skb)
634{
635 struct hci_rp_read_page_scan_type *rp = (void *) skb->data;
636
637 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
638
639 if (test_bit(HCI_INIT, &hdev->flags) && !rp->status)
640 hdev->page_scan_type = rp->type;
641}
642
4a3ee763
JH		 643static void hci_cc_write_page_scan_type(struct hci_dev *hdev,
644 struct sk_buff *skb)
645{
646 u8 status = *((u8 *) skb->data);
647 u8 *type;
648
649 BT_DBG("%s status 0x%2.2x", hdev->name, status);
650
651 if (status)
652 return;
653
654 type = hci_sent_cmd_data(hdev, HCI_OP_WRITE_PAGE_SCAN_TYPE);
655 if (type)
656 hdev->page_scan_type = *type;
657}
658
350ee4cf 659static void hci_cc_read_data_block_size(struct hci_dev *hdev,
807deac2 660 struct sk_buff *skb)
350ee4cf
AE		 661{
662 struct hci_rp_read_data_block_size *rp = (void *) skb->data;
663
9f1db00c 664 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
350ee4cf
AE		 665
666 if (rp->status)
667 return;
668
669 hdev->block_mtu = __le16_to_cpu(rp->max_acl_len);
670 hdev->block_len = __le16_to_cpu(rp->block_len);
671 hdev->num_blocks = __le16_to_cpu(rp->num_blocks);
672
673 hdev->block_cnt = hdev->num_blocks;
674
675 BT_DBG("%s blk mtu %d cnt %d len %d", hdev->name, hdev->block_mtu,
807deac2 676 hdev->block_cnt, hdev->block_len);
350ee4cf
AE		 677}
678
928abaa7 679static void hci_cc_read_local_amp_info(struct hci_dev *hdev,
807deac2 680 struct sk_buff *skb)
928abaa7
AE		 681{
682 struct hci_rp_read_local_amp_info *rp = (void *) skb->data;
683
9f1db00c 684 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
928abaa7
AE		 685
686 if (rp->status)
8e2a0d92 687 goto a2mp_rsp;
928abaa7
AE		 688
689 hdev->amp_status = rp->amp_status;
690 hdev->amp_total_bw = __le32_to_cpu(rp->total_bw);
691 hdev->amp_max_bw = __le32_to_cpu(rp->max_bw);
692 hdev->amp_min_latency = __le32_to_cpu(rp->min_latency);
693 hdev->amp_max_pdu = __le32_to_cpu(rp->max_pdu);
694 hdev->amp_type = rp->amp_type;
695 hdev->amp_pal_cap = __le16_to_cpu(rp->pal_cap);
696 hdev->amp_assoc_size = __le16_to_cpu(rp->max_assoc_size);
697 hdev->amp_be_flush_to = __le32_to_cpu(rp->be_flush_to);
698 hdev->amp_max_flush_to = __le32_to_cpu(rp->max_flush_to);
699
8e2a0d92
AE		 700a2mp_rsp:
701 a2mp_send_getinfo_rsp(hdev);
928abaa7
AE		 702}
703
903e4541
AE		 704static void hci_cc_read_local_amp_assoc(struct hci_dev *hdev,
705 struct sk_buff *skb)
706{
707 struct hci_rp_read_local_amp_assoc *rp = (void *) skb->data;
708 struct amp_assoc *assoc = &hdev->loc_assoc;
709 size_t rem_len, frag_len;
710
711 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
712
713 if (rp->status)
714 goto a2mp_rsp;
715
716 frag_len = skb->len - sizeof(*rp);
717 rem_len = __le16_to_cpu(rp->rem_len);
718
719 if (rem_len > frag_len) {
2e430be3 720 BT_DBG("frag_len %zu rem_len %zu", frag_len, rem_len);
903e4541
AE		 721
722 memcpy(assoc->data + assoc->offset, rp->frag, frag_len);
723 assoc->offset += frag_len;
724
725 /* Read other fragments */
726 amp_read_loc_assoc_frag(hdev, rp->phy_handle);
727
728 return;
729 }
730
731 memcpy(assoc->data + assoc->offset, rp->frag, rem_len);
732 assoc->len = assoc->offset + rem_len;
733 assoc->offset = 0;
734
735a2mp_rsp:
736 /* Send A2MP Rsp when all fragments are received */
737 a2mp_send_getampassoc_rsp(hdev, rp->status);
9495b2ee 738 a2mp_send_create_phy_link_req(hdev, rp->status);
903e4541
AE		 739}
740
d5859e22 741static void hci_cc_read_inq_rsp_tx_power(struct hci_dev *hdev,
807deac2 742 struct sk_buff *skb)
d5859e22 743{
91c4e9b1 744 struct hci_rp_read_inq_rsp_tx_power *rp = (void *) skb->data;
d5859e22 745
9f1db00c 746 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
91c4e9b1
MH		 747
748 if (!rp->status)
749 hdev->inq_tx_power = rp->tx_power;
d5859e22
JH		 750}
751
980e1a53
JH		 752static void hci_cc_pin_code_reply(struct hci_dev *hdev, struct sk_buff *skb)
753{
754 struct hci_rp_pin_code_reply *rp = (void *) skb->data;
755 struct hci_cp_pin_code_reply *cp;
756 struct hci_conn *conn;
757
9f1db00c 758 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
980e1a53 759
56e5cb86
JH		 760 hci_dev_lock(hdev);
761
a8b2d5c2 762 if (test_bit(HCI_MGMT, &hdev->dev_flags))
744cf19e 763 mgmt_pin_code_reply_complete(hdev, &rp->bdaddr, rp->status);
980e1a53 764
fa1bd918 765 if (rp->status)
56e5cb86 766 goto unlock;
980e1a53
JH		 767
768 cp = hci_sent_cmd_data(hdev, HCI_OP_PIN_CODE_REPLY);
769 if (!cp)
56e5cb86 770 goto unlock;
980e1a53
JH		 771
772 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
773 if (conn)
774 conn->pin_length = cp->pin_len;
56e5cb86
JH		 775
776unlock:
777 hci_dev_unlock(hdev);
980e1a53
JH		 778}
779
780static void hci_cc_pin_code_neg_reply(struct hci_dev *hdev, struct sk_buff *skb)
781{
782 struct hci_rp_pin_code_neg_reply *rp = (void *) skb->data;
783
9f1db00c 784 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
980e1a53 785
56e5cb86
JH		 786 hci_dev_lock(hdev);
787
a8b2d5c2 788 if (test_bit(HCI_MGMT, &hdev->dev_flags))
744cf19e 789 mgmt_pin_code_neg_reply_complete(hdev, &rp->bdaddr,
807deac2 790 rp->status);
56e5cb86
JH		 791
792 hci_dev_unlock(hdev);
980e1a53 793}
56e5cb86 794
6ed58ec5
VT		 795static void hci_cc_le_read_buffer_size(struct hci_dev *hdev,
796 struct sk_buff *skb)
797{
798 struct hci_rp_le_read_buffer_size *rp = (void *) skb->data;
799
9f1db00c 800 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
6ed58ec5
VT		 801
802 if (rp->status)
803 return;
804
805 hdev->le_mtu = __le16_to_cpu(rp->le_mtu);
806 hdev->le_pkts = rp->le_max_pkt;
807
808 hdev->le_cnt = hdev->le_pkts;
809
810 BT_DBG("%s le mtu %d:%d", hdev->name, hdev->le_mtu, hdev->le_pkts);
6ed58ec5 811}
980e1a53 812
60e77321
JH		 813static void hci_cc_le_read_local_features(struct hci_dev *hdev,
814 struct sk_buff *skb)
815{
816 struct hci_rp_le_read_local_features *rp = (void *) skb->data;
817
818 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
819
820 if (!rp->status)
821 memcpy(hdev->le_features, rp->features, 8);
60e77321
JH		 822}
823
8fa19098
JH		 824static void hci_cc_le_read_adv_tx_power(struct hci_dev *hdev,
825 struct sk_buff *skb)
826{
827 struct hci_rp_le_read_adv_tx_power *rp = (void *) skb->data;
828
829 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
830
04b4edcb 831 if (!rp->status)
8fa19098 832 hdev->adv_tx_power = rp->tx_power;
8fa19098
JH		 833}
834
a5c29683
JH		 835static void hci_cc_user_confirm_reply(struct hci_dev *hdev, struct sk_buff *skb)
836{
837 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
838
9f1db00c 839 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
a5c29683 840
56e5cb86
JH		 841 hci_dev_lock(hdev);
842
a8b2d5c2 843 if (test_bit(HCI_MGMT, &hdev->dev_flags))
04124681
GP		 844 mgmt_user_confirm_reply_complete(hdev, &rp->bdaddr, ACL_LINK, 0,
845 rp->status);
56e5cb86
JH		 846
847 hci_dev_unlock(hdev);
a5c29683
JH		 848}
849
850static void hci_cc_user_confirm_neg_reply(struct hci_dev *hdev,
807deac2 851 struct sk_buff *skb)
a5c29683
JH		 852{
853 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
854
9f1db00c 855 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
a5c29683 856
56e5cb86
JH		 857 hci_dev_lock(hdev);
858
a8b2d5c2 859 if (test_bit(HCI_MGMT, &hdev->dev_flags))
744cf19e 860 mgmt_user_confirm_neg_reply_complete(hdev, &rp->bdaddr,
04124681 861 ACL_LINK, 0, rp->status);
56e5cb86
JH		 862
863 hci_dev_unlock(hdev);
a5c29683
JH		 864}
865
1143d458
BG		 866static void hci_cc_user_passkey_reply(struct hci_dev *hdev, struct sk_buff *skb)
867{
868 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
869
9f1db00c 870 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1143d458
BG		 871
872 hci_dev_lock(hdev);
873
a8b2d5c2 874 if (test_bit(HCI_MGMT, &hdev->dev_flags))
272d90df 875 mgmt_user_passkey_reply_complete(hdev, &rp->bdaddr, ACL_LINK,
04124681 876 0, rp->status);
1143d458
BG		 877
878 hci_dev_unlock(hdev);
879}
880
881static void hci_cc_user_passkey_neg_reply(struct hci_dev *hdev,
807deac2 882 struct sk_buff *skb)
1143d458
BG		 883{
884 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
885
9f1db00c 886 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1143d458
BG		 887
888 hci_dev_lock(hdev);
889
a8b2d5c2 890 if (test_bit(HCI_MGMT, &hdev->dev_flags))
1143d458 891 mgmt_user_passkey_neg_reply_complete(hdev, &rp->bdaddr,
04124681 892 ACL_LINK, 0, rp->status);
1143d458
BG		 893
894 hci_dev_unlock(hdev);
895}
896
c35938b2 897static void hci_cc_read_local_oob_data_reply(struct hci_dev *hdev,
807deac2 898 struct sk_buff *skb)
c35938b2
SJ		 899{
900 struct hci_rp_read_local_oob_data *rp = (void *) skb->data;
901
9f1db00c 902 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
c35938b2 903
56e5cb86 904 hci_dev_lock(hdev);
744cf19e 905 mgmt_read_local_oob_data_reply_complete(hdev, rp->hash,
c35938b2 906 rp->randomizer, rp->status);
56e5cb86 907 hci_dev_unlock(hdev);
c35938b2
SJ		 908}
909
c1d5dc4a
JH		 910static void hci_cc_le_set_adv_enable(struct hci_dev *hdev, struct sk_buff *skb)
911{
912 __u8 *sent, status = *((__u8 *) skb->data);
913
914 BT_DBG("%s status 0x%2.2x", hdev->name, status);
915
916 sent = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_ADV_ENABLE);
917 if (!sent)
918 return;
919
920 hci_dev_lock(hdev);
921
922 if (!status) {
923 if (*sent)
924 set_bit(HCI_LE_PERIPHERAL, &hdev->dev_flags);
925 else
926 clear_bit(HCI_LE_PERIPHERAL, &hdev->dev_flags);
927 }
928
04b4edcb
JH		 929 if (!test_bit(HCI_INIT, &hdev->flags)) {
930 struct hci_request req;
c1d5dc4a 931
04b4edcb
JH		 932 hci_req_init(&req, hdev);
933 hci_update_ad(&req);
934 hci_req_run(&req, NULL);
935 }
936
937 hci_dev_unlock(hdev);
c1d5dc4a
JH		 938}
939
07f7fa5d
AG		 940static void hci_cc_le_set_scan_param(struct hci_dev *hdev, struct sk_buff *skb)
941{
942 __u8 status = *((__u8 *) skb->data);
943
9f1db00c 944 BT_DBG("%s status 0x%2.2x", hdev->name, status);
7ba8b4be 945
3fd24153
AG		 946 if (status) {
947 hci_dev_lock(hdev);
948 mgmt_start_discovery_failed(hdev, status);
949 hci_dev_unlock(hdev);
950 return;
951 }
07f7fa5d
AG		 952}
953
eb9d91f5 954static void hci_cc_le_set_scan_enable(struct hci_dev *hdev,
807deac2 955 struct sk_buff *skb)
eb9d91f5
AG		 956{
957 struct hci_cp_le_set_scan_enable *cp;
958 __u8 status = *((__u8 *) skb->data);
959
9f1db00c 960 BT_DBG("%s status 0x%2.2x", hdev->name, status);
eb9d91f5 961
eb9d91f5
AG		 962 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_SCAN_ENABLE);
963 if (!cp)
964 return;
965
68a8aea4 966 switch (cp->enable) {
76a388be 967 case LE_SCAN_ENABLE:
3fd24153
AG		 968 if (status) {
969 hci_dev_lock(hdev);
970 mgmt_start_discovery_failed(hdev, status);
971 hci_dev_unlock(hdev);
7ba8b4be 972 return;
3fd24153 973 }
7ba8b4be 974
d23264a8
AG		 975 set_bit(HCI_LE_SCAN, &hdev->dev_flags);
976
a8f13c8c 977 hci_dev_lock(hdev);
343f935b 978 hci_discovery_set_state(hdev, DISCOVERY_FINDING);
a8f13c8c 979 hci_dev_unlock(hdev);
68a8aea4
AE		 980 break;
981
76a388be 982 case LE_SCAN_DISABLE:
c9ecc48e
AG		 983 if (status) {
984 hci_dev_lock(hdev);
985 mgmt_stop_discovery_failed(hdev, status);
986 hci_dev_unlock(hdev);
7ba8b4be 987 return;
c9ecc48e 988 }
7ba8b4be 989
d23264a8
AG		 990 clear_bit(HCI_LE_SCAN, &hdev->dev_flags);
991
bc3dd33c
AG		 992 if (hdev->discovery.type == DISCOV_TYPE_INTERLEAVED &&
993 hdev->discovery.state == DISCOVERY_FINDING) {
5e0452c0
AG		 994 mgmt_interleaved_discovery(hdev);
995 } else {
996 hci_dev_lock(hdev);
997 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
998 hci_dev_unlock(hdev);
999 }
1000
68a8aea4
AE		 1001 break;
1002
1003 default:
1004 BT_ERR("Used reserved LE_Scan_Enable param %d", cp->enable);
1005 break;
35815085 1006 }
eb9d91f5
AG		 1007}
1008
cf1d081f
JH		 1009static void hci_cc_le_read_white_list_size(struct hci_dev *hdev,
1010 struct sk_buff *skb)
1011{
1012 struct hci_rp_le_read_white_list_size *rp = (void *) skb->data;
1013
1014 BT_DBG("%s status 0x%2.2x size %u", hdev->name, rp->status, rp->size);
1015
1016 if (!rp->status)
1017 hdev->le_white_list_size = rp->size;
cf1d081f
JH		 1018}
1019
9b008c04
JH		 1020static void hci_cc_le_read_supported_states(struct hci_dev *hdev,
1021 struct sk_buff *skb)
1022{
1023 struct hci_rp_le_read_supported_states *rp = (void *) skb->data;
1024
1025 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1026
1027 if (!rp->status)
1028 memcpy(hdev->le_states, rp->le_states, 8);
9b008c04
JH		 1029}
1030
6039aa73
GP		 1031static void hci_cc_write_le_host_supported(struct hci_dev *hdev,
1032 struct sk_buff *skb)
f9b49306 1033{
06199cf8 1034 struct hci_cp_write_le_host_supported *sent;
f9b49306
AG		 1035 __u8 status = *((__u8 *) skb->data);
1036
9f1db00c 1037 BT_DBG("%s status 0x%2.2x", hdev->name, status);
f9b49306 1038
06199cf8 1039 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED);
8f984dfa 1040 if (!sent)
f9b49306
AG		 1041 return;
1042
8f984dfa
JH		 1043 if (!status) {
1044 if (sent->le)
cad718ed 1045 hdev->features[1][0] |= LMP_HOST_LE;
8f984dfa 1046 else
cad718ed 1047 hdev->features[1][0] &= ~LMP_HOST_LE;
53b2caab
JH		 1048
1049 if (sent->simul)
cad718ed 1050 hdev->features[1][0] |= LMP_HOST_LE_BREDR;
53b2caab 1051 else
cad718ed 1052 hdev->features[1][0] &= ~LMP_HOST_LE_BREDR;
8f984dfa
JH		 1053 }
1054
1055 if (test_bit(HCI_MGMT, &hdev->dev_flags) &&
807deac2 1056 !test_bit(HCI_INIT, &hdev->flags))
8f984dfa 1057 mgmt_le_enable_complete(hdev, sent->le, status);
f9b49306
AG		 1058}
1059
93c284ee
AE		 1060static void hci_cc_write_remote_amp_assoc(struct hci_dev *hdev,
1061 struct sk_buff *skb)
1062{
1063 struct hci_rp_write_remote_amp_assoc *rp = (void *) skb->data;
1064
1065 BT_DBG("%s status 0x%2.2x phy_handle 0x%2.2x",
1066 hdev->name, rp->status, rp->phy_handle);
1067
1068 if (rp->status)
1069 return;
1070
1071 amp_write_rem_assoc_continue(hdev, rp->phy_handle);
1072}
1073
6039aa73 1074static void hci_cs_inquiry(struct hci_dev *hdev, __u8 status)
a9de9248 1075{
9f1db00c 1076 BT_DBG("%s status 0x%2.2x", hdev->name, status);
a9de9248
MH		 1077
1078 if (status) {
a9de9248 1079 hci_conn_check_pending(hdev);
56e5cb86 1080 hci_dev_lock(hdev);
a8b2d5c2 1081 if (test_bit(HCI_MGMT, &hdev->dev_flags))
7a135109 1082 mgmt_start_discovery_failed(hdev, status);
56e5cb86 1083 hci_dev_unlock(hdev);
314b2381
JH		 1084 return;
1085 }
1086
89352e7d
AG		 1087 set_bit(HCI_INQUIRY, &hdev->flags);
1088
56e5cb86 1089 hci_dev_lock(hdev);
343f935b 1090 hci_discovery_set_state(hdev, DISCOVERY_FINDING);
56e5cb86 1091 hci_dev_unlock(hdev);
1da177e4
LT		 1092}
1093
6039aa73 1094static void hci_cs_create_conn(struct hci_dev *hdev, __u8 status)
1da177e4 1095{
a9de9248 1096 struct hci_cp_create_conn *cp;
1da177e4 1097 struct hci_conn *conn;
1da177e4 1098
9f1db00c 1099 BT_DBG("%s status 0x%2.2x", hdev->name, status);
a9de9248
MH		 1100
1101 cp = hci_sent_cmd_data(hdev, HCI_OP_CREATE_CONN);
1da177e4
LT		 1102 if (!cp)
1103 return;
1104
1105 hci_dev_lock(hdev);
1106
1107 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1108
6ed93dc6 1109 BT_DBG("%s bdaddr %pMR hcon %p", hdev->name, &cp->bdaddr, conn);
1da177e4
LT		 1110
1111 if (status) {
1112 if (conn && conn->state == BT_CONNECT) {
4c67bc74
MH		 1113 if (status != 0x0c || conn->attempt > 2) {
1114 conn->state = BT_CLOSED;
1115 hci_proto_connect_cfm(conn, status);
1116 hci_conn_del(conn);
1117 } else
1118 conn->state = BT_CONNECT2;
1da177e4
LT		 1119 }
1120 } else {
1121 if (!conn) {
6fa3eb70 1122 conn = hci_conn_add(hdev, ACL_LINK, 0, &cp->bdaddr);
1da177e4 1123 if (conn) {
a0c808b3 1124 conn->out = true;
1da177e4
LT		 1125 conn->link_mode |= HCI_LM_MASTER;
1126 } else
893ef971 1127 BT_ERR("No memory for new connection");
1da177e4
LT		 1128 }
1129 }
1130
1131 hci_dev_unlock(hdev);
1132}
1133
a9de9248 1134static void hci_cs_add_sco(struct hci_dev *hdev, __u8 status)
1da177e4 1135{
a9de9248
MH		 1136 struct hci_cp_add_sco *cp;
1137 struct hci_conn *acl, *sco;
1138 __u16 handle;
1da177e4 1139
9f1db00c 1140 BT_DBG("%s status 0x%2.2x", hdev->name, status);
b6a0dc82 1141
a9de9248
MH		 1142 if (!status)
1143 return;
1da177e4 1144
a9de9248
MH		 1145 cp = hci_sent_cmd_data(hdev, HCI_OP_ADD_SCO);
1146 if (!cp)
1147 return;
1da177e4 1148
a9de9248 1149 handle = __le16_to_cpu(cp->handle);
1da177e4 1150
9f1db00c 1151 BT_DBG("%s handle 0x%4.4x", hdev->name, handle);
1da177e4 1152
a9de9248 1153 hci_dev_lock(hdev);
1da177e4 1154
a9de9248 1155 acl = hci_conn_hash_lookup_handle(hdev, handle);
5a08ecce
AE		 1156 if (acl) {
1157 sco = acl->link;
1158 if (sco) {
1159 sco->state = BT_CLOSED;
1da177e4 1160
5a08ecce
AE		 1161 hci_proto_connect_cfm(sco, status);
1162 hci_conn_del(sco);
1163 }
a9de9248 1164 }
1da177e4 1165
a9de9248
MH		 1166 hci_dev_unlock(hdev);
1167}
1da177e4 1168
f8558555
MH		 1169static void hci_cs_auth_requested(struct hci_dev *hdev, __u8 status)
1170{
1171 struct hci_cp_auth_requested *cp;
1172 struct hci_conn *conn;
1173
9f1db00c 1174 BT_DBG("%s status 0x%2.2x", hdev->name, status);
f8558555
MH		 1175
1176 if (!status)
1177 return;
1178
1179 cp = hci_sent_cmd_data(hdev, HCI_OP_AUTH_REQUESTED);
1180 if (!cp)
1181 return;
1182
1183 hci_dev_lock(hdev);
1184
1185 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1186 if (conn) {
1187 if (conn->state == BT_CONFIG) {
1188 hci_proto_connect_cfm(conn, status);
76a68ba0 1189 hci_conn_drop(conn);
f8558555
MH		 1190 }
1191 }
1192
1193 hci_dev_unlock(hdev);
1194}
1195
1196static void hci_cs_set_conn_encrypt(struct hci_dev *hdev, __u8 status)
1197{
1198 struct hci_cp_set_conn_encrypt *cp;
1199 struct hci_conn *conn;
1200
9f1db00c 1201 BT_DBG("%s status 0x%2.2x", hdev->name, status);
f8558555
MH		 1202
1203 if (!status)
1204 return;
1205
1206 cp = hci_sent_cmd_data(hdev, HCI_OP_SET_CONN_ENCRYPT);
1207 if (!cp)
1208 return;
1209
1210 hci_dev_lock(hdev);
1211
1212 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1213 if (conn) {
1214 if (conn->state == BT_CONFIG) {
1215 hci_proto_connect_cfm(conn, status);
76a68ba0 1216 hci_conn_drop(conn);
f8558555
MH		 1217 }
1218 }
1219
1220 hci_dev_unlock(hdev);
1221}
1222
127178d2 1223static int hci_outgoing_auth_needed(struct hci_dev *hdev,
807deac2 1224 struct hci_conn *conn)
392599b9 1225{
392599b9
JH		 1226 if (conn->state != BT_CONFIG || !conn->out)
1227 return 0;
1228
765c2a96 1229 if (conn->pending_sec_level == BT_SECURITY_SDP)
392599b9
JH		 1230 return 0;
1231
1232 /* Only request authentication for SSP connections or non-SSP
e9bf2bf0 1233 * devices with sec_level HIGH or if MITM protection is requested */
807deac2
GP		 1234 if (!hci_conn_ssp_enabled(conn) && !(conn->auth_type & 0x01) &&
1235 conn->pending_sec_level != BT_SECURITY_HIGH)
392599b9
JH		 1236 return 0;
1237
392599b9
JH		 1238 return 1;
1239}
1240
6039aa73 1241static int hci_resolve_name(struct hci_dev *hdev,
04124681 1242 struct inquiry_entry *e)
30dc78e1
JH		 1243{
1244 struct hci_cp_remote_name_req cp;
1245
1246 memset(&cp, 0, sizeof(cp));
1247
1248 bacpy(&cp.bdaddr, &e->data.bdaddr);
1249 cp.pscan_rep_mode = e->data.pscan_rep_mode;
1250 cp.pscan_mode = e->data.pscan_mode;
1251 cp.clock_offset = e->data.clock_offset;
1252
1253 return hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
1254}
1255
b644ba33 1256static bool hci_resolve_next_name(struct hci_dev *hdev)
30dc78e1
JH		 1257{
1258 struct discovery_state *discov = &hdev->discovery;
1259 struct inquiry_entry *e;
1260
b644ba33
JH		 1261 if (list_empty(&discov->resolve))
1262 return false;
1263
1264 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_NEEDED);
c810089c
RM		 1265 if (!e)
1266 return false;
1267
b644ba33
JH		 1268 if (hci_resolve_name(hdev, e) == 0) {
1269 e->name_state = NAME_PENDING;
1270 return true;
1271 }
1272
1273 return false;
1274}
1275
1276static void hci_check_pending_name(struct hci_dev *hdev, struct hci_conn *conn,
04124681 1277 bdaddr_t *bdaddr, u8 *name, u8 name_len)
b644ba33
JH		 1278{
1279 struct discovery_state *discov = &hdev->discovery;
1280 struct inquiry_entry *e;
1281
1282 if (conn && !test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
04124681
GP		 1283 mgmt_device_connected(hdev, bdaddr, ACL_LINK, 0x00, 0, name,
1284 name_len, conn->dev_class);
b644ba33
JH		 1285
1286 if (discov->state == DISCOVERY_STOPPED)
1287 return;
1288
30dc78e1
JH		 1289 if (discov->state == DISCOVERY_STOPPING)
1290 goto discov_complete;
1291
1292 if (discov->state != DISCOVERY_RESOLVING)
1293 return;
1294
1295 e = hci_inquiry_cache_lookup_resolve(hdev, bdaddr, NAME_PENDING);
7cc8380e
RM		 1296 /* If the device was not found in a list of found devices names of which
1297 * are pending. there is no need to continue resolving a next name as it
1298 * will be done upon receiving another Remote Name Request Complete
1299 * Event */
1300 if (!e)
1301 return;
1302
1303 list_del(&e->list);
1304 if (name) {
30dc78e1 1305 e->name_state = NAME_KNOWN;
7cc8380e
RM		 1306 mgmt_remote_name(hdev, bdaddr, ACL_LINK, 0x00,
1307 e->data.rssi, name, name_len);
c3e7c0d9
RM		 1308 } else {
1309 e->name_state = NAME_NOT_KNOWN;
30dc78e1
JH		 1310 }
1311
b644ba33 1312 if (hci_resolve_next_name(hdev))
30dc78e1 1313 return;
30dc78e1
JH		 1314
1315discov_complete:
1316 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1317}
1318
a9de9248
MH		 1319static void hci_cs_remote_name_req(struct hci_dev *hdev, __u8 status)
1320{
127178d2
JH		 1321 struct hci_cp_remote_name_req *cp;
1322 struct hci_conn *conn;
1323
9f1db00c 1324 BT_DBG("%s status 0x%2.2x", hdev->name, status);
127178d2
JH		 1325
1326 /* If successful wait for the name req complete event before
1327 * checking for the need to do authentication */
1328 if (!status)
1329 return;
1330
1331 cp = hci_sent_cmd_data(hdev, HCI_OP_REMOTE_NAME_REQ);
1332 if (!cp)
1333 return;
1334
1335 hci_dev_lock(hdev);
1336
b644ba33
JH		 1337 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1338
a8b2d5c2 1339 if (test_bit(HCI_MGMT, &hdev->dev_flags))
b644ba33 1340 hci_check_pending_name(hdev, conn, &cp->bdaddr, NULL, 0);
30dc78e1 1341
79c6c70c
JH		 1342 if (!conn)
1343 goto unlock;
1344
1345 if (!hci_outgoing_auth_needed(hdev, conn))
1346 goto unlock;
1347
51a8efd7 1348 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
127178d2
JH		 1349 struct hci_cp_auth_requested cp;
1350 cp.handle = __cpu_to_le16(conn->handle);
1351 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp);
1352 }
1353
79c6c70c 1354unlock:
127178d2 1355 hci_dev_unlock(hdev);
a9de9248 1356}
1da177e4 1357
769be974
MH		 1358static void hci_cs_read_remote_features(struct hci_dev *hdev, __u8 status)
1359{
1360 struct hci_cp_read_remote_features *cp;
1361 struct hci_conn *conn;
1362
9f1db00c 1363 BT_DBG("%s status 0x%2.2x", hdev->name, status);
769be974
MH		 1364
1365 if (!status)
1366 return;
1367
1368 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_FEATURES);
1369 if (!cp)
1370 return;
1371
1372 hci_dev_lock(hdev);
1373
1374 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1375 if (conn) {
1376 if (conn->state == BT_CONFIG) {
769be974 1377 hci_proto_connect_cfm(conn, status);
76a68ba0 1378 hci_conn_drop(conn);
769be974
MH		 1379 }
1380 }
1381
1382 hci_dev_unlock(hdev);
1383}
1384
1385static void hci_cs_read_remote_ext_features(struct hci_dev *hdev, __u8 status)
1386{
1387 struct hci_cp_read_remote_ext_features *cp;
1388 struct hci_conn *conn;
1389
9f1db00c 1390 BT_DBG("%s status 0x%2.2x", hdev->name, status);
769be974
MH		 1391
1392 if (!status)
1393 return;
1394
1395 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES);
1396 if (!cp)
1397 return;
1398
1399 hci_dev_lock(hdev);
1400
1401 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1402 if (conn) {
1403 if (conn->state == BT_CONFIG) {
769be974 1404 hci_proto_connect_cfm(conn, status);
76a68ba0 1405 hci_conn_drop(conn);
769be974
MH		 1406 }
1407 }
1408
1409 hci_dev_unlock(hdev);
1410}
1411
a9de9248
MH		 1412static void hci_cs_setup_sync_conn(struct hci_dev *hdev, __u8 status)
1413{
b6a0dc82
MH		 1414 struct hci_cp_setup_sync_conn *cp;
1415 struct hci_conn *acl, *sco;
1416 __u16 handle;
1417
9f1db00c 1418 BT_DBG("%s status 0x%2.2x", hdev->name, status);
b6a0dc82
MH		 1419
1420 if (!status)
1421 return;
1422
1423 cp = hci_sent_cmd_data(hdev, HCI_OP_SETUP_SYNC_CONN);
1424 if (!cp)
1425 return;
1426
1427 handle = __le16_to_cpu(cp->handle);
1428
9f1db00c 1429 BT_DBG("%s handle 0x%4.4x", hdev->name, handle);
b6a0dc82
MH		 1430
1431 hci_dev_lock(hdev);
1432
1433 acl = hci_conn_hash_lookup_handle(hdev, handle);
5a08ecce
AE		 1434 if (acl) {
1435 sco = acl->link;
1436 if (sco) {
1437 sco->state = BT_CLOSED;
b6a0dc82 1438
5a08ecce
AE		 1439 hci_proto_connect_cfm(sco, status);
1440 hci_conn_del(sco);
1441 }
b6a0dc82
MH		 1442 }
1443
1444 hci_dev_unlock(hdev);
1da177e4
LT		 1445}
1446
a9de9248 1447static void hci_cs_sniff_mode(struct hci_dev *hdev, __u8 status)
1da177e4 1448{
a9de9248
MH		 1449 struct hci_cp_sniff_mode *cp;
1450 struct hci_conn *conn;
1da177e4 1451
9f1db00c 1452 BT_DBG("%s status 0x%2.2x", hdev->name, status);
04837f64 1453
a9de9248
MH		 1454 if (!status)
1455 return;
04837f64 1456
a9de9248
MH		 1457 cp = hci_sent_cmd_data(hdev, HCI_OP_SNIFF_MODE);
1458 if (!cp)
1459 return;
04837f64 1460
a9de9248 1461 hci_dev_lock(hdev);
04837f64 1462
a9de9248 1463 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
e73439d8 1464 if (conn) {
51a8efd7 1465 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags);
04837f64 1466
51a8efd7 1467 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
e73439d8
MH		 1468 hci_sco_setup(conn, status);
1469 }
1470
a9de9248
MH		 1471 hci_dev_unlock(hdev);
1472}
04837f64 1473
a9de9248
MH		 1474static void hci_cs_exit_sniff_mode(struct hci_dev *hdev, __u8 status)
1475{
1476 struct hci_cp_exit_sniff_mode *cp;
1477 struct hci_conn *conn;
04837f64 1478
9f1db00c 1479 BT_DBG("%s status 0x%2.2x", hdev->name, status);
04837f64 1480
a9de9248
MH		 1481 if (!status)
1482 return;
04837f64 1483
a9de9248
MH		 1484 cp = hci_sent_cmd_data(hdev, HCI_OP_EXIT_SNIFF_MODE);
1485 if (!cp)
1486 return;
04837f64 1487
a9de9248 1488 hci_dev_lock(hdev);
1da177e4 1489
a9de9248 1490 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
e73439d8 1491 if (conn) {
51a8efd7 1492 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags);
1da177e4 1493
51a8efd7 1494 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
e73439d8
MH		 1495 hci_sco_setup(conn, status);
1496 }
1497
a9de9248 1498 hci_dev_unlock(hdev);
1da177e4
LT		 1499}
1500
88c3df13
JH		 1501static void hci_cs_disconnect(struct hci_dev *hdev, u8 status)
1502{
1503 struct hci_cp_disconnect *cp;
1504 struct hci_conn *conn;
1505
1506 if (!status)
1507 return;
1508
1509 cp = hci_sent_cmd_data(hdev, HCI_OP_DISCONNECT);
1510 if (!cp)
1511 return;
1512
1513 hci_dev_lock(hdev);
1514
1515 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1516 if (conn)
1517 mgmt_disconnect_failed(hdev, &conn->dst, conn->type,
04124681 1518 conn->dst_type, status);
88c3df13
JH		 1519
1520 hci_dev_unlock(hdev);
1521}
1522
fcd89c09
VT		 1523static void hci_cs_le_create_conn(struct hci_dev *hdev, __u8 status)
1524{
fcd89c09
VT		 1525 struct hci_conn *conn;
1526
9f1db00c 1527 BT_DBG("%s status 0x%2.2x", hdev->name, status);
fcd89c09 1528
f00a06ac
AG		 1529 if (status) {
1530 hci_dev_lock(hdev);
fcd89c09 1531
0c95ab78 1532 conn = hci_conn_hash_lookup_state(hdev, LE_LINK, BT_CONNECT);
f00a06ac
AG		 1533 if (!conn) {
1534 hci_dev_unlock(hdev);
1535 return;
1536 }
fcd89c09 1537
6ed93dc6 1538 BT_DBG("%s bdaddr %pMR conn %p", hdev->name, &conn->dst, conn);
fcd89c09 1539
f00a06ac 1540 conn->state = BT_CLOSED;
0c95ab78 1541 mgmt_connect_failed(hdev, &conn->dst, conn->type,
f00a06ac
AG		 1542 conn->dst_type, status);
1543 hci_proto_connect_cfm(conn, status);
1544 hci_conn_del(conn);
fcd89c09 1545
f00a06ac
AG		 1546 hci_dev_unlock(hdev);
1547 }
fcd89c09
VT		 1548}
1549
a02226d6
AE		 1550static void hci_cs_create_phylink(struct hci_dev *hdev, u8 status)
1551{
93c284ee
AE		 1552 struct hci_cp_create_phy_link *cp;
1553
a02226d6 1554 BT_DBG("%s status 0x%2.2x", hdev->name, status);
93c284ee 1555
93c284ee
AE		 1556 cp = hci_sent_cmd_data(hdev, HCI_OP_CREATE_PHY_LINK);
1557 if (!cp)
1558 return;
1559
e58917b9
AE		 1560 hci_dev_lock(hdev);
1561
1562 if (status) {
1563 struct hci_conn *hcon;
1564
1565 hcon = hci_conn_hash_lookup_handle(hdev, cp->phy_handle);
1566 if (hcon)
1567 hci_conn_del(hcon);
1568 } else {
1569 amp_write_remote_assoc(hdev, cp->phy_handle);
1570 }
1571
1572 hci_dev_unlock(hdev);
a02226d6
AE		 1573}
1574
0b26ab9d
AE		 1575static void hci_cs_accept_phylink(struct hci_dev *hdev, u8 status)
1576{
1577 struct hci_cp_accept_phy_link *cp;
1578
1579 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1580
1581 if (status)
1582 return;
1583
1584 cp = hci_sent_cmd_data(hdev, HCI_OP_ACCEPT_PHY_LINK);
1585 if (!cp)
1586 return;
1587
1588 amp_write_remote_assoc(hdev, cp->phy_handle);
1589}
1590
6039aa73 1591static void hci_inquiry_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4
LT		 1592{
1593 __u8 status = *((__u8 *) skb->data);
30dc78e1
JH		 1594 struct discovery_state *discov = &hdev->discovery;
1595 struct inquiry_entry *e;
1da177e4 1596
9f1db00c 1597 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1da177e4 1598
a9de9248 1599 hci_conn_check_pending(hdev);
89352e7d
AG		 1600
1601 if (!test_and_clear_bit(HCI_INQUIRY, &hdev->flags))
1602 return;
1603
3e13fa1e
AG		 1604 smp_mb__after_clear_bit(); /* wake_up_bit advises about this barrier */
1605 wake_up_bit(&hdev->flags, HCI_INQUIRY);
1606
a8b2d5c2 1607 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
30dc78e1
JH		 1608 return;
1609
56e5cb86 1610 hci_dev_lock(hdev);
30dc78e1 1611
343f935b 1612 if (discov->state != DISCOVERY_FINDING)
30dc78e1
JH		 1613 goto unlock;
1614
1615 if (list_empty(&discov->resolve)) {
1616 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1617 goto unlock;
1618 }
1619
1620 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_NEEDED);
1621 if (e && hci_resolve_name(hdev, e) == 0) {
1622 e->name_state = NAME_PENDING;
1623 hci_discovery_set_state(hdev, DISCOVERY_RESOLVING);
1624 } else {
1625 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1626 }
1627
1628unlock:
56e5cb86 1629 hci_dev_unlock(hdev);
1da177e4
LT		 1630}
1631
6039aa73 1632static void hci_inquiry_result_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 1633{
45bb4bf0 1634 struct inquiry_data data;
a9de9248 1635 struct inquiry_info *info = (void *) (skb->data + 1);
1da177e4
LT		 1636 int num_rsp = *((__u8 *) skb->data);
1637
1638 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
1639
45bb4bf0
MH		 1640 if (!num_rsp)
1641 return;
1642
1519cc17
AG		 1643 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags))
1644 return;
1645
1da177e4 1646 hci_dev_lock(hdev);
45bb4bf0 1647
e17acd40 1648 for (; num_rsp; num_rsp--, info++) {
388fc8fa 1649 bool name_known, ssp;
3175405b 1650
1da177e4
LT		 1651 bacpy(&data.bdaddr, &info->bdaddr);
1652 data.pscan_rep_mode = info->pscan_rep_mode;
1653 data.pscan_period_mode = info->pscan_period_mode;
1654 data.pscan_mode = info->pscan_mode;
1655 memcpy(data.dev_class, info->dev_class, 3);
1656 data.clock_offset = info->clock_offset;
1657 data.rssi = 0x00;
41a96212 1658 data.ssp_mode = 0x00;
3175405b 1659
388fc8fa 1660 name_known = hci_inquiry_cache_update(hdev, &data, false, &ssp);
48264f06 1661 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
04124681
GP		 1662 info->dev_class, 0, !name_known, ssp, NULL,
1663 0);
1da177e4 1664 }
45bb4bf0 1665
1da177e4
LT		 1666 hci_dev_unlock(hdev);
1667}
1668
6039aa73 1669static void hci_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 1670{
a9de9248
MH		 1671 struct hci_ev_conn_complete *ev = (void *) skb->data;
1672 struct hci_conn *conn;
1da177e4
LT		 1673
1674 BT_DBG("%s", hdev->name);
1675
1676 hci_dev_lock(hdev);
1677
1678 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
9499237a
MH		 1679 if (!conn) {
1680 if (ev->link_type != SCO_LINK)
1681 goto unlock;
1682
1683 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
1684 if (!conn)
1685 goto unlock;
1686
1687 conn->type = SCO_LINK;
1688 }
1da177e4
LT		 1689
1690 if (!ev->status) {
1691 conn->handle = __le16_to_cpu(ev->handle);
769be974
MH		 1692
1693 if (conn->type == ACL_LINK) {
1694 conn->state = BT_CONFIG;
1695 hci_conn_hold(conn);
a9ea3ed9
SJ		 1696
1697 if (!conn->out && !hci_conn_ssp_enabled(conn) &&
1698 !hci_find_link_key(hdev, &ev->bdaddr))
1699 conn->disc_timeout = HCI_PAIRING_TIMEOUT;
1700 else
1701 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
769be974
MH		 1702 } else
1703 conn->state = BT_CONNECTED;
1da177e4 1704
7d0db0a3
MH		 1705 hci_conn_add_sysfs(conn);
1706
1da177e4
LT		 1707 if (test_bit(HCI_AUTH, &hdev->flags))
1708 conn->link_mode |= HCI_LM_AUTH;
1709
1710 if (test_bit(HCI_ENCRYPT, &hdev->flags))
1711 conn->link_mode |= HCI_LM_ENCRYPT;
1712
04837f64
MH		 1713 /* Get remote features */
1714 if (conn->type == ACL_LINK) {
1715 struct hci_cp_read_remote_features cp;
1716 cp.handle = ev->handle;
769be974 1717 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_FEATURES,
04124681 1718 sizeof(cp), &cp);
04837f64
MH		 1719 }
1720
1da177e4 1721 /* Set packet type for incoming connection */
d095c1eb 1722 if (!conn->out && hdev->hci_ver < BLUETOOTH_VER_2_0) {
1da177e4
LT		 1723 struct hci_cp_change_conn_ptype cp;
1724 cp.handle = ev->handle;
a8746417 1725 cp.pkt_type = cpu_to_le16(conn->pkt_type);
04124681
GP		 1726 hci_send_cmd(hdev, HCI_OP_CHANGE_CONN_PTYPE, sizeof(cp),
1727 &cp);
1da177e4 1728 }
17d5c04c 1729 } else {
1da177e4 1730 conn->state = BT_CLOSED;
17d5c04c 1731 if (conn->type == ACL_LINK)
744cf19e 1732 mgmt_connect_failed(hdev, &ev->bdaddr, conn->type,
04124681 1733 conn->dst_type, ev->status);
17d5c04c 1734 }
1da177e4 1735
e73439d8
MH		 1736 if (conn->type == ACL_LINK)
1737 hci_sco_setup(conn, ev->status);
1da177e4 1738
769be974
MH		 1739 if (ev->status) {
1740 hci_proto_connect_cfm(conn, ev->status);
1da177e4 1741 hci_conn_del(conn);
c89b6e6b
MH		 1742 } else if (ev->link_type != ACL_LINK)
1743 hci_proto_connect_cfm(conn, ev->status);
1da177e4 1744
a9de9248 1745unlock:
1da177e4 1746 hci_dev_unlock(hdev);
1da177e4 1747
a9de9248 1748 hci_conn_check_pending(hdev);
1da177e4
LT		 1749}
1750
6fa3eb70
S		 1751static inline bool is_sco_active(struct hci_dev *hdev)
1752{
1753 if (hci_conn_hash_lookup_state(hdev, SCO_LINK, BT_CONNECTED) ||
1754 (hci_conn_hash_lookup_state(hdev, ESCO_LINK,
1755 BT_CONNECTED)))
1756 return true;
1757 return false;
1758}
1759
6039aa73 1760static void hci_conn_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 1761{
a9de9248
MH		 1762 struct hci_ev_conn_request *ev = (void *) skb->data;
1763 int mask = hdev->link_mode;
20714bfe 1764 __u8 flags = 0;
1da177e4 1765
6ed93dc6 1766 BT_DBG("%s bdaddr %pMR type 0x%x", hdev->name, &ev->bdaddr,
807deac2 1767 ev->link_type);
1da177e4 1768
20714bfe
FD		 1769 mask |= hci_proto_connect_ind(hdev, &ev->bdaddr, ev->link_type,
1770 &flags);
1da177e4 1771
138d22ef 1772 if ((mask & HCI_LM_ACCEPT) &&
807deac2 1773 !hci_blacklist_lookup(hdev, &ev->bdaddr)) {
a9de9248 1774 /* Connection accepted */
c7bdd502 1775 struct inquiry_entry *ie;
1da177e4 1776 struct hci_conn *conn;
1da177e4 1777
a9de9248 1778 hci_dev_lock(hdev);
b6a0dc82 1779
cc11b9c1
AE		 1780 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
1781 if (ie)
c7bdd502
MH		 1782 memcpy(ie->data.dev_class, ev->dev_class, 3);
1783
8fc9ced3
GP		 1784 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type,
1785 &ev->bdaddr);
a9de9248 1786 if (!conn) {
6fa3eb70
S		 1787 /* pkt_type not yet used for incoming connections */
1788 conn = hci_conn_add(hdev, ev->link_type, 0, &ev->bdaddr);
cc11b9c1 1789 if (!conn) {
893ef971 1790 BT_ERR("No memory for new connection");
a9de9248
MH		 1791 hci_dev_unlock(hdev);
1792 return;
1da177e4
LT		 1793 }
1794 }
b6a0dc82 1795
a9de9248 1796 memcpy(conn->dev_class, ev->dev_class, 3);
b6a0dc82 1797
a9de9248 1798 hci_dev_unlock(hdev);
1da177e4 1799
20714bfe
FD		 1800 if (ev->link_type == ACL_LINK ||
1801 (!(flags & HCI_PROTO_DEFER) && !lmp_esco_capable(hdev))) {
b6a0dc82 1802 struct hci_cp_accept_conn_req cp;
20714bfe 1803 conn->state = BT_CONNECT;
1da177e4 1804
b6a0dc82
MH		 1805 bacpy(&cp.bdaddr, &ev->bdaddr);
1806
6fa3eb70
S		 1807 if (lmp_rswitch_capable(hdev) && ((mask & HCI_LM_MASTER)
1808 || is_sco_active(hdev)))
b6a0dc82
MH		 1809 cp.role = 0x00; /* Become master */
1810 else
1811 cp.role = 0x01; /* Remain slave */
1812
04124681
GP		 1813 hci_send_cmd(hdev, HCI_OP_ACCEPT_CONN_REQ, sizeof(cp),
1814 &cp);
20714bfe 1815 } else if (!(flags & HCI_PROTO_DEFER)) {
b6a0dc82 1816 struct hci_cp_accept_sync_conn_req cp;
20714bfe 1817 conn->state = BT_CONNECT;
b6a0dc82
MH		 1818
1819 bacpy(&cp.bdaddr, &ev->bdaddr);
a8746417 1820 cp.pkt_type = cpu_to_le16(conn->pkt_type);
b6a0dc82 1821
82781e63
AE		 1822 cp.tx_bandwidth = __constant_cpu_to_le32(0x00001f40);
1823 cp.rx_bandwidth = __constant_cpu_to_le32(0x00001f40);
1824 cp.max_latency = __constant_cpu_to_le16(0xffff);
b6a0dc82
MH		 1825 cp.content_format = cpu_to_le16(hdev->voice_setting);
1826 cp.retrans_effort = 0xff;
1da177e4 1827
b6a0dc82 1828 hci_send_cmd(hdev, HCI_OP_ACCEPT_SYNC_CONN_REQ,
04124681 1829 sizeof(cp), &cp);
20714bfe
FD		 1830 } else {
1831 conn->state = BT_CONNECT2;
1832 hci_proto_connect_cfm(conn, 0);
b6a0dc82 1833 }
a9de9248
MH		 1834 } else {
1835 /* Connection rejected */
1836 struct hci_cp_reject_conn_req cp;
1da177e4 1837
a9de9248 1838 bacpy(&cp.bdaddr, &ev->bdaddr);
9f5a0d7b 1839 cp.reason = HCI_ERROR_REJ_BAD_ADDR;
a9de9248 1840 hci_send_cmd(hdev, HCI_OP_REJECT_CONN_REQ, sizeof(cp), &cp);
1da177e4 1841 }
1da177e4
LT		 1842}
1843
f0d6a0ea
MA		 1844static u8 hci_to_mgmt_reason(u8 err)
1845{
1846 switch (err) {
1847 case HCI_ERROR_CONNECTION_TIMEOUT:
1848 return MGMT_DEV_DISCONN_TIMEOUT;
1849 case HCI_ERROR_REMOTE_USER_TERM:
1850 case HCI_ERROR_REMOTE_LOW_RESOURCES:
1851 case HCI_ERROR_REMOTE_POWER_OFF:
1852 return MGMT_DEV_DISCONN_REMOTE;
1853 case HCI_ERROR_LOCAL_HOST_TERM:
1854 return MGMT_DEV_DISCONN_LOCAL_HOST;
1855 default:
1856 return MGMT_DEV_DISCONN_UNKNOWN;
1857 }
1858}
1859
6039aa73 1860static void hci_disconn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
04837f64 1861{
a9de9248 1862 struct hci_ev_disconn_complete *ev = (void *) skb->data;
04837f64
MH		 1863 struct hci_conn *conn;
1864
9f1db00c 1865 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
04837f64
MH		 1866
1867 hci_dev_lock(hdev);
1868
1869 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
f7520543
JH		 1870 if (!conn)
1871 goto unlock;
7d0db0a3 1872
37d9ef76
JH		 1873 if (ev->status == 0)
1874 conn->state = BT_CLOSED;
04837f64 1875
b644ba33 1876 if (test_and_clear_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags) &&
807deac2 1877 (conn->type == ACL_LINK || conn->type == LE_LINK)) {
f0d6a0ea 1878 if (ev->status) {
88c3df13 1879 mgmt_disconnect_failed(hdev, &conn->dst, conn->type,
807deac2 1880 conn->dst_type, ev->status);
f0d6a0ea
MA		 1881 } else {
1882 u8 reason = hci_to_mgmt_reason(ev->reason);
1883
afc747a6 1884 mgmt_device_disconnected(hdev, &conn->dst, conn->type,
f0d6a0ea
MA		 1885 conn->dst_type, reason);
1886 }
37d9ef76 1887 }
f7520543 1888
37d9ef76 1889 if (ev->status == 0) {
6ec5bcad
VA		 1890 if (conn->type == ACL_LINK && conn->flush_key)
1891 hci_remove_link_key(hdev, &conn->dst);
37d9ef76
JH		 1892 hci_proto_disconn_cfm(conn, ev->reason);
1893 hci_conn_del(conn);
1894 }
f7520543
JH		 1895
1896unlock:
04837f64
MH		 1897 hci_dev_unlock(hdev);
1898}
1899
6039aa73 1900static void hci_auth_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 1901{
a9de9248 1902 struct hci_ev_auth_complete *ev = (void *) skb->data;
04837f64 1903 struct hci_conn *conn;
1da177e4 1904
9f1db00c 1905 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
1da177e4
LT		 1906
1907 hci_dev_lock(hdev);
1908
04837f64 1909 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
d7556e20
WR		 1910 if (!conn)
1911 goto unlock;
1912
1913 if (!ev->status) {
aa64a8b5 1914 if (!hci_conn_ssp_enabled(conn) &&
807deac2 1915 test_bit(HCI_CONN_REAUTH_PEND, &conn->flags)) {
d7556e20 1916 BT_INFO("re-auth of legacy device is not possible.");
2a611692 1917 } else {
d7556e20
WR		 1918 conn->link_mode |= HCI_LM_AUTH;
1919 conn->sec_level = conn->pending_sec_level;
2a611692 1920 }
d7556e20 1921 } else {
bab73cb6 1922 mgmt_auth_failed(hdev, &conn->dst, conn->type, conn->dst_type,
04124681 1923 ev->status);
d7556e20 1924 }
1da177e4 1925
51a8efd7
JH		 1926 clear_bit(HCI_CONN_AUTH_PEND, &conn->flags);
1927 clear_bit(HCI_CONN_REAUTH_PEND, &conn->flags);
1da177e4 1928
d7556e20 1929 if (conn->state == BT_CONFIG) {
aa64a8b5 1930 if (!ev->status && hci_conn_ssp_enabled(conn)) {
d7556e20
WR		 1931 struct hci_cp_set_conn_encrypt cp;
1932 cp.handle = ev->handle;
1933 cp.encrypt = 0x01;
1934 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
807deac2 1935 &cp);
052b30b0 1936 } else {
d7556e20
WR		 1937 conn->state = BT_CONNECTED;
1938 hci_proto_connect_cfm(conn, ev->status);
76a68ba0 1939 hci_conn_drop(conn);
052b30b0 1940 }
d7556e20
WR		 1941 } else {
1942 hci_auth_cfm(conn, ev->status);
052b30b0 1943
d7556e20
WR		 1944 hci_conn_hold(conn);
1945 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
76a68ba0 1946 hci_conn_drop(conn);
d7556e20
WR		 1947 }
1948
51a8efd7 1949 if (test_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags)) {
d7556e20
WR		 1950 if (!ev->status) {
1951 struct hci_cp_set_conn_encrypt cp;
1952 cp.handle = ev->handle;
1953 cp.encrypt = 0x01;
1954 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
807deac2 1955 &cp);
d7556e20 1956 } else {
51a8efd7 1957 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
d7556e20 1958 hci_encrypt_cfm(conn, ev->status, 0x00);
1da177e4
LT		 1959 }
1960 }
1961
d7556e20 1962unlock:
1da177e4
LT		 1963 hci_dev_unlock(hdev);
1964}
1965
6039aa73 1966static void hci_remote_name_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 1967{
127178d2
JH		 1968 struct hci_ev_remote_name *ev = (void *) skb->data;
1969 struct hci_conn *conn;
1970
a9de9248 1971 BT_DBG("%s", hdev->name);
1da177e4 1972
a9de9248 1973 hci_conn_check_pending(hdev);
127178d2
JH		 1974
1975 hci_dev_lock(hdev);
1976
b644ba33 1977 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
30dc78e1 1978
b644ba33
JH		 1979 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
1980 goto check_auth;
a88a9652 1981
b644ba33
JH		 1982 if (ev->status == 0)
1983 hci_check_pending_name(hdev, conn, &ev->bdaddr, ev->name,
04124681 1984 strnlen(ev->name, HCI_MAX_NAME_LENGTH));
b644ba33
JH		 1985 else
1986 hci_check_pending_name(hdev, conn, &ev->bdaddr, NULL, 0);
1987
1988check_auth:
79c6c70c
JH		 1989 if (!conn)
1990 goto unlock;
1991
1992 if (!hci_outgoing_auth_needed(hdev, conn))
1993 goto unlock;
1994
51a8efd7 1995 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
127178d2
JH		 1996 struct hci_cp_auth_requested cp;
1997 cp.handle = __cpu_to_le16(conn->handle);
1998 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp);
1999 }
2000
79c6c70c 2001unlock:
127178d2 2002 hci_dev_unlock(hdev);
a9de9248
MH		 2003}
2004
6039aa73 2005static void hci_encrypt_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248
MH		 2006{
2007 struct hci_ev_encrypt_change *ev = (void *) skb->data;
2008 struct hci_conn *conn;
2009
9f1db00c 2010 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
1da177e4
LT		 2011
2012 hci_dev_lock(hdev);
2013
04837f64 2014 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1da177e4
LT		 2015 if (conn) {
2016 if (!ev->status) {
ae293196
MH		 2017 if (ev->encrypt) {
2018 /* Encryption implies authentication */
2019 conn->link_mode |= HCI_LM_AUTH;
1da177e4 2020 conn->link_mode |= HCI_LM_ENCRYPT;
da85e5e5 2021 conn->sec_level = conn->pending_sec_level;
ae293196 2022 } else
1da177e4
LT		 2023 conn->link_mode &= ~HCI_LM_ENCRYPT;
2024 }
2025
51a8efd7 2026 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
1da177e4 2027
a7d7723a 2028 if (ev->status && conn->state == BT_CONNECTED) {
bed71748 2029 hci_disconnect(conn, HCI_ERROR_AUTH_FAILURE);
76a68ba0 2030 hci_conn_drop(conn);
a7d7723a
GP		 2031 goto unlock;
2032 }
2033
f8558555
MH		 2034 if (conn->state == BT_CONFIG) {
2035 if (!ev->status)
2036 conn->state = BT_CONNECTED;
2037
2038 hci_proto_connect_cfm(conn, ev->status);
76a68ba0 2039 hci_conn_drop(conn);
f8558555
MH		 2040 } else
2041 hci_encrypt_cfm(conn, ev->status, ev->encrypt);
1da177e4
LT		 2042 }
2043
a7d7723a 2044unlock:
1da177e4
LT		 2045 hci_dev_unlock(hdev);
2046}
2047
6039aa73
GP		 2048static void hci_change_link_key_complete_evt(struct hci_dev *hdev,
2049 struct sk_buff *skb)
1da177e4 2050{
a9de9248 2051 struct hci_ev_change_link_key_complete *ev = (void *) skb->data;
04837f64 2052 struct hci_conn *conn;
1da177e4 2053
9f1db00c 2054 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
1da177e4
LT		 2055
2056 hci_dev_lock(hdev);
2057
04837f64 2058 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1da177e4
LT		 2059 if (conn) {
2060 if (!ev->status)
2061 conn->link_mode |= HCI_LM_SECURE;
2062
51a8efd7 2063 clear_bit(HCI_CONN_AUTH_PEND, &conn->flags);
1da177e4
LT		 2064
2065 hci_key_change_cfm(conn, ev->status);
2066 }
2067
2068 hci_dev_unlock(hdev);
2069}
2070
6039aa73
GP		 2071static void hci_remote_features_evt(struct hci_dev *hdev,
2072 struct sk_buff *skb)
1da177e4 2073{
a9de9248
MH		 2074 struct hci_ev_remote_features *ev = (void *) skb->data;
2075 struct hci_conn *conn;
2076
9f1db00c 2077 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
a9de9248 2078
a9de9248
MH		 2079 hci_dev_lock(hdev);
2080
2081 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
ccd556fe
JH		 2082 if (!conn)
2083 goto unlock;
769be974 2084
ccd556fe 2085 if (!ev->status)
cad718ed 2086 memcpy(conn->features[0], ev->features, 8);
ccd556fe
JH		 2087
2088 if (conn->state != BT_CONFIG)
2089 goto unlock;
2090
2091 if (!ev->status && lmp_ssp_capable(hdev) && lmp_ssp_capable(conn)) {
2092 struct hci_cp_read_remote_ext_features cp;
2093 cp.handle = ev->handle;
2094 cp.page = 0x01;
2095 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES,
807deac2 2096 sizeof(cp), &cp);
392599b9
JH		 2097 goto unlock;
2098 }
2099
671267bf 2100 if (!ev->status && !test_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags)) {
127178d2
JH		 2101 struct hci_cp_remote_name_req cp;
2102 memset(&cp, 0, sizeof(cp));
2103 bacpy(&cp.bdaddr, &conn->dst);
2104 cp.pscan_rep_mode = 0x02;
2105 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
b644ba33
JH		 2106 } else if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
2107 mgmt_device_connected(hdev, &conn->dst, conn->type,
04124681
GP		 2108 conn->dst_type, 0, NULL, 0,
2109 conn->dev_class);
392599b9 2110
127178d2 2111 if (!hci_outgoing_auth_needed(hdev, conn)) {
ccd556fe
JH		 2112 conn->state = BT_CONNECTED;
2113 hci_proto_connect_cfm(conn, ev->status);
76a68ba0 2114 hci_conn_drop(conn);
769be974 2115 }
a9de9248 2116
ccd556fe 2117unlock:
a9de9248 2118 hci_dev_unlock(hdev);
1da177e4
LT		 2119}
2120
6039aa73 2121static void hci_cmd_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248
MH		 2122{
2123 struct hci_ev_cmd_complete *ev = (void *) skb->data;
9238f36a 2124 u8 status = skb->data[sizeof(*ev)];
a9de9248
MH		 2125 __u16 opcode;
2126
2127 skb_pull(skb, sizeof(*ev));
2128
2129 opcode = __le16_to_cpu(ev->opcode);
2130
2131 switch (opcode) {
2132 case HCI_OP_INQUIRY_CANCEL:
2133 hci_cc_inquiry_cancel(hdev, skb);
2134 break;
2135
4d93483b
AG		 2136 case HCI_OP_PERIODIC_INQ:
2137 hci_cc_periodic_inq(hdev, skb);
2138 break;
2139
a9de9248
MH		 2140 case HCI_OP_EXIT_PERIODIC_INQ:
2141 hci_cc_exit_periodic_inq(hdev, skb);
2142 break;
2143
2144 case HCI_OP_REMOTE_NAME_REQ_CANCEL:
2145 hci_cc_remote_name_req_cancel(hdev, skb);
2146 break;
2147
2148 case HCI_OP_ROLE_DISCOVERY:
2149 hci_cc_role_discovery(hdev, skb);
2150 break;
2151
e4e8e37c
MH		 2152 case HCI_OP_READ_LINK_POLICY:
2153 hci_cc_read_link_policy(hdev, skb);
2154 break;
2155
a9de9248
MH		 2156 case HCI_OP_WRITE_LINK_POLICY:
2157 hci_cc_write_link_policy(hdev, skb);
2158 break;
2159
e4e8e37c
MH		 2160 case HCI_OP_READ_DEF_LINK_POLICY:
2161 hci_cc_read_def_link_policy(hdev, skb);
2162 break;
2163
2164 case HCI_OP_WRITE_DEF_LINK_POLICY:
2165 hci_cc_write_def_link_policy(hdev, skb);
2166 break;
2167
a9de9248
MH		 2168 case HCI_OP_RESET:
2169 hci_cc_reset(hdev, skb);
2170 break;
2171
2172 case HCI_OP_WRITE_LOCAL_NAME:
2173 hci_cc_write_local_name(hdev, skb);
2174 break;
2175
2176 case HCI_OP_READ_LOCAL_NAME:
2177 hci_cc_read_local_name(hdev, skb);
2178 break;
2179
2180 case HCI_OP_WRITE_AUTH_ENABLE:
2181 hci_cc_write_auth_enable(hdev, skb);
2182 break;
2183
2184 case HCI_OP_WRITE_ENCRYPT_MODE:
2185 hci_cc_write_encrypt_mode(hdev, skb);
2186 break;
2187
2188 case HCI_OP_WRITE_SCAN_ENABLE:
2189 hci_cc_write_scan_enable(hdev, skb);
2190 break;
2191
2192 case HCI_OP_READ_CLASS_OF_DEV:
2193 hci_cc_read_class_of_dev(hdev, skb);
2194 break;
2195
2196 case HCI_OP_WRITE_CLASS_OF_DEV:
2197 hci_cc_write_class_of_dev(hdev, skb);
2198 break;
2199
2200 case HCI_OP_READ_VOICE_SETTING:
2201 hci_cc_read_voice_setting(hdev, skb);
2202 break;
2203
2204 case HCI_OP_WRITE_VOICE_SETTING:
2205 hci_cc_write_voice_setting(hdev, skb);
2206 break;
2207
333140b5
MH		 2208 case HCI_OP_WRITE_SSP_MODE:
2209 hci_cc_write_ssp_mode(hdev, skb);
2210 break;
2211
a9de9248
MH		 2212 case HCI_OP_READ_LOCAL_VERSION:
2213 hci_cc_read_local_version(hdev, skb);
2214 break;
2215
2216 case HCI_OP_READ_LOCAL_COMMANDS:
2217 hci_cc_read_local_commands(hdev, skb);
2218 break;
2219
2220 case HCI_OP_READ_LOCAL_FEATURES:
2221 hci_cc_read_local_features(hdev, skb);
2222 break;
2223
971e3a4b
AG		 2224 case HCI_OP_READ_LOCAL_EXT_FEATURES:
2225 hci_cc_read_local_ext_features(hdev, skb);
2226 break;
2227
a9de9248
MH		 2228 case HCI_OP_READ_BUFFER_SIZE:
2229 hci_cc_read_buffer_size(hdev, skb);
2230 break;
2231
2232 case HCI_OP_READ_BD_ADDR:
2233 hci_cc_read_bd_addr(hdev, skb);
2234 break;
2235
f332ec66
JH		 2236 case HCI_OP_READ_PAGE_SCAN_ACTIVITY:
2237 hci_cc_read_page_scan_activity(hdev, skb);
2238 break;
2239
4a3ee763
JH		 2240 case HCI_OP_WRITE_PAGE_SCAN_ACTIVITY:
2241 hci_cc_write_page_scan_activity(hdev, skb);
2242 break;
2243
f332ec66
JH		 2244 case HCI_OP_READ_PAGE_SCAN_TYPE:
2245 hci_cc_read_page_scan_type(hdev, skb);
2246 break;
2247
4a3ee763
JH		 2248 case HCI_OP_WRITE_PAGE_SCAN_TYPE:
2249 hci_cc_write_page_scan_type(hdev, skb);
2250 break;
2251
350ee4cf
AE		 2252 case HCI_OP_READ_DATA_BLOCK_SIZE:
2253 hci_cc_read_data_block_size(hdev, skb);
2254 break;
2255
1e89cffb
AE		 2256 case HCI_OP_READ_FLOW_CONTROL_MODE:
2257 hci_cc_read_flow_control_mode(hdev, skb);
2258 break;
2259
928abaa7
AE		 2260 case HCI_OP_READ_LOCAL_AMP_INFO:
2261 hci_cc_read_local_amp_info(hdev, skb);
2262 break;
2263
903e4541
AE		 2264 case HCI_OP_READ_LOCAL_AMP_ASSOC:
2265 hci_cc_read_local_amp_assoc(hdev, skb);
2266 break;
2267
d5859e22
JH		 2268 case HCI_OP_READ_INQ_RSP_TX_POWER:
2269 hci_cc_read_inq_rsp_tx_power(hdev, skb);
2270 break;
2271
980e1a53
JH		 2272 case HCI_OP_PIN_CODE_REPLY:
2273 hci_cc_pin_code_reply(hdev, skb);
2274 break;
2275
2276 case HCI_OP_PIN_CODE_NEG_REPLY:
2277 hci_cc_pin_code_neg_reply(hdev, skb);
2278 break;
2279
c35938b2
SJ		 2280 case HCI_OP_READ_LOCAL_OOB_DATA:
2281 hci_cc_read_local_oob_data_reply(hdev, skb);
2282 break;
2283
6ed58ec5
VT		 2284 case HCI_OP_LE_READ_BUFFER_SIZE:
2285 hci_cc_le_read_buffer_size(hdev, skb);
2286 break;
2287
60e77321
JH		 2288 case HCI_OP_LE_READ_LOCAL_FEATURES:
2289 hci_cc_le_read_local_features(hdev, skb);
2290 break;
2291
8fa19098
JH		 2292 case HCI_OP_LE_READ_ADV_TX_POWER:
2293 hci_cc_le_read_adv_tx_power(hdev, skb);
2294 break;
2295
a5c29683
JH		 2296 case HCI_OP_USER_CONFIRM_REPLY:
2297 hci_cc_user_confirm_reply(hdev, skb);
2298 break;
2299
2300 case HCI_OP_USER_CONFIRM_NEG_REPLY:
2301 hci_cc_user_confirm_neg_reply(hdev, skb);
2302 break;
2303
1143d458
BG		 2304 case HCI_OP_USER_PASSKEY_REPLY:
2305 hci_cc_user_passkey_reply(hdev, skb);
2306 break;
2307
2308 case HCI_OP_USER_PASSKEY_NEG_REPLY:
2309 hci_cc_user_passkey_neg_reply(hdev, skb);
16cde993 2310 break;
07f7fa5d
AG		 2311
2312 case HCI_OP_LE_SET_SCAN_PARAM:
2313 hci_cc_le_set_scan_param(hdev, skb);
1143d458
BG		 2314 break;
2315
c1d5dc4a
JH		 2316 case HCI_OP_LE_SET_ADV_ENABLE:
2317 hci_cc_le_set_adv_enable(hdev, skb);
2318 break;
2319
eb9d91f5
AG		 2320 case HCI_OP_LE_SET_SCAN_ENABLE:
2321 hci_cc_le_set_scan_enable(hdev, skb);
2322 break;
2323
cf1d081f
JH		 2324 case HCI_OP_LE_READ_WHITE_LIST_SIZE:
2325 hci_cc_le_read_white_list_size(hdev, skb);
2326 break;
2327
9b008c04
JH		 2328 case HCI_OP_LE_READ_SUPPORTED_STATES:
2329 hci_cc_le_read_supported_states(hdev, skb);
2330 break;
2331
f9b49306
AG		 2332 case HCI_OP_WRITE_LE_HOST_SUPPORTED:
2333 hci_cc_write_le_host_supported(hdev, skb);
2334 break;
2335
93c284ee
AE		 2336 case HCI_OP_WRITE_REMOTE_AMP_ASSOC:
2337 hci_cc_write_remote_amp_assoc(hdev, skb);
2338 break;
2339
a9de9248 2340 default:
9f1db00c 2341 BT_DBG("%s opcode 0x%4.4x", hdev->name, opcode);
a9de9248
MH		 2342 break;
2343 }
2344
ad82cdd1 2345 if (opcode != HCI_OP_NOP)
6bd32326
VT		 2346 del_timer(&hdev->cmd_timer);
2347
ad82cdd1 2348 hci_req_cmd_complete(hdev, opcode, status);
9238f36a 2349
dbccd791 2350 if (ev->ncmd && !test_bit(HCI_RESET, &hdev->flags)) {
a9de9248
MH		 2351 atomic_set(&hdev->cmd_cnt, 1);
2352 if (!skb_queue_empty(&hdev->cmd_q))
c347b765 2353 queue_work(hdev->workqueue, &hdev->cmd_work);
a9de9248
MH		 2354 }
2355}
2356
6039aa73 2357static void hci_cmd_status_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248
MH		 2358{
2359 struct hci_ev_cmd_status *ev = (void *) skb->data;
2360 __u16 opcode;
2361
2362 skb_pull(skb, sizeof(*ev));
2363
2364 opcode = __le16_to_cpu(ev->opcode);
2365
2366 switch (opcode) {
2367 case HCI_OP_INQUIRY:
2368 hci_cs_inquiry(hdev, ev->status);
2369 break;
2370
2371 case HCI_OP_CREATE_CONN:
2372 hci_cs_create_conn(hdev, ev->status);
2373 break;
2374
2375 case HCI_OP_ADD_SCO:
2376 hci_cs_add_sco(hdev, ev->status);
2377 break;
2378
f8558555
MH		 2379 case HCI_OP_AUTH_REQUESTED:
2380 hci_cs_auth_requested(hdev, ev->status);
2381 break;
2382
2383 case HCI_OP_SET_CONN_ENCRYPT:
2384 hci_cs_set_conn_encrypt(hdev, ev->status);
2385 break;
2386
a9de9248
MH		 2387 case HCI_OP_REMOTE_NAME_REQ:
2388 hci_cs_remote_name_req(hdev, ev->status);
2389 break;
2390
769be974
MH		 2391 case HCI_OP_READ_REMOTE_FEATURES:
2392 hci_cs_read_remote_features(hdev, ev->status);
2393 break;
2394
2395 case HCI_OP_READ_REMOTE_EXT_FEATURES:
2396 hci_cs_read_remote_ext_features(hdev, ev->status);
2397 break;
2398
a9de9248
MH		 2399 case HCI_OP_SETUP_SYNC_CONN:
2400 hci_cs_setup_sync_conn(hdev, ev->status);
2401 break;
2402
2403 case HCI_OP_SNIFF_MODE:
2404 hci_cs_sniff_mode(hdev, ev->status);
2405 break;
2406
2407 case HCI_OP_EXIT_SNIFF_MODE:
2408 hci_cs_exit_sniff_mode(hdev, ev->status);
2409 break;
2410
8962ee74 2411 case HCI_OP_DISCONNECT:
88c3df13 2412 hci_cs_disconnect(hdev, ev->status);
8962ee74
JH		 2413 break;
2414
fcd89c09
VT		 2415 case HCI_OP_LE_CREATE_CONN:
2416 hci_cs_le_create_conn(hdev, ev->status);
2417 break;
2418
a02226d6
AE		 2419 case HCI_OP_CREATE_PHY_LINK:
2420 hci_cs_create_phylink(hdev, ev->status);
2421 break;
2422
0b26ab9d
AE		 2423 case HCI_OP_ACCEPT_PHY_LINK:
2424 hci_cs_accept_phylink(hdev, ev->status);
2425 break;
2426
a9de9248 2427 default:
9f1db00c 2428 BT_DBG("%s opcode 0x%4.4x", hdev->name, opcode);
a9de9248
MH		 2429 break;
2430 }
2431
ad82cdd1 2432 if (opcode != HCI_OP_NOP)
6bd32326
VT		 2433 del_timer(&hdev->cmd_timer);
2434
02350a72
JH		 2435 if (ev->status ||
2436 (hdev->sent_cmd && !bt_cb(hdev->sent_cmd)->req.event))
2437 hci_req_cmd_complete(hdev, opcode, ev->status);
9238f36a 2438
10572132 2439 if (ev->ncmd && !test_bit(HCI_RESET, &hdev->flags)) {
a9de9248
MH		 2440 atomic_set(&hdev->cmd_cnt, 1);
2441 if (!skb_queue_empty(&hdev->cmd_q))
c347b765 2442 queue_work(hdev->workqueue, &hdev->cmd_work);
a9de9248
MH		 2443 }
2444}
2445
6039aa73 2446static void hci_role_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248
MH		 2447{
2448 struct hci_ev_role_change *ev = (void *) skb->data;
2449 struct hci_conn *conn;
2450
9f1db00c 2451 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
a9de9248
MH		 2452
2453 hci_dev_lock(hdev);
2454
2455 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2456 if (conn) {
2457 if (!ev->status) {
2458 if (ev->role)
2459 conn->link_mode &= ~HCI_LM_MASTER;
2460 else
2461 conn->link_mode |= HCI_LM_MASTER;
2462 }
2463
51a8efd7 2464 clear_bit(HCI_CONN_RSWITCH_PEND, &conn->flags);
a9de9248
MH		 2465
2466 hci_role_switch_cfm(conn, ev->status, ev->role);
2467 }
2468
2469 hci_dev_unlock(hdev);
2470}
2471
6039aa73 2472static void hci_num_comp_pkts_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248
MH		 2473{
2474 struct hci_ev_num_comp_pkts *ev = (void *) skb->data;
a9de9248
MH		 2475 int i;
2476
32ac5b9b
AE		 2477 if (hdev->flow_ctl_mode != HCI_FLOW_CTL_MODE_PACKET_BASED) {
2478 BT_ERR("Wrong event for mode %d", hdev->flow_ctl_mode);
2479 return;
2480 }
2481
c5993de8 2482 if (skb->len < sizeof(*ev) || skb->len < sizeof(*ev) +
807deac2 2483 ev->num_hndl * sizeof(struct hci_comp_pkts_info)) {
a9de9248
MH		 2484 BT_DBG("%s bad parameters", hdev->name);
2485 return;
2486 }
2487
c5993de8
AE		 2488 BT_DBG("%s num_hndl %d", hdev->name, ev->num_hndl);
2489
613a1c0c
AE		 2490 for (i = 0; i < ev->num_hndl; i++) {
2491 struct hci_comp_pkts_info *info = &ev->handles[i];
a9de9248
MH		 2492 struct hci_conn *conn;
2493 __u16 handle, count;
2494
613a1c0c
AE		 2495 handle = __le16_to_cpu(info->handle);
2496 count = __le16_to_cpu(info->count);
a9de9248
MH		 2497
2498 conn = hci_conn_hash_lookup_handle(hdev, handle);
f4280918
AE		 2499 if (!conn)
2500 continue;
2501
2502 conn->sent -= count;
2503
2504 switch (conn->type) {
2505 case ACL_LINK:
2506 hdev->acl_cnt += count;
2507 if (hdev->acl_cnt > hdev->acl_pkts)
2508 hdev->acl_cnt = hdev->acl_pkts;
2509 break;
2510
2511 case LE_LINK:
2512 if (hdev->le_pkts) {
2513 hdev->le_cnt += count;
2514 if (hdev->le_cnt > hdev->le_pkts)
2515 hdev->le_cnt = hdev->le_pkts;
2516 } else {
70f23020
AE		 2517 hdev->acl_cnt += count;
2518 if (hdev->acl_cnt > hdev->acl_pkts)
a9de9248 2519 hdev->acl_cnt = hdev->acl_pkts;
a9de9248 2520 }
f4280918
AE		 2521 break;
2522
2523 case SCO_LINK:
2524 hdev->sco_cnt += count;
2525 if (hdev->sco_cnt > hdev->sco_pkts)
2526 hdev->sco_cnt = hdev->sco_pkts;
2527 break;
2528
2529 default:
2530 BT_ERR("Unknown type %d conn %p", conn->type, conn);
2531 break;
a9de9248
MH		 2532 }
2533 }
2534
3eff45ea 2535 queue_work(hdev->workqueue, &hdev->tx_work);
a9de9248
MH		 2536}
2537
76ef7cf7
AE		 2538static struct hci_conn *__hci_conn_lookup_handle(struct hci_dev *hdev,
2539 __u16 handle)
2540{
2541 struct hci_chan *chan;
2542
2543 switch (hdev->dev_type) {
2544 case HCI_BREDR:
2545 return hci_conn_hash_lookup_handle(hdev, handle);
2546 case HCI_AMP:
2547 chan = hci_chan_lookup_handle(hdev, handle);
2548 if (chan)
2549 return chan->conn;
2550 break;
2551 default:
2552 BT_ERR("%s unknown dev_type %d", hdev->name, hdev->dev_type);
2553 break;
2554 }
2555
2556 return NULL;
2557}
2558
6039aa73 2559static void hci_num_comp_blocks_evt(struct hci_dev *hdev, struct sk_buff *skb)
25e89e99
AE		 2560{
2561 struct hci_ev_num_comp_blocks *ev = (void *) skb->data;
2562 int i;
2563
2564 if (hdev->flow_ctl_mode != HCI_FLOW_CTL_MODE_BLOCK_BASED) {
2565 BT_ERR("Wrong event for mode %d", hdev->flow_ctl_mode);
2566 return;
2567 }
2568
2569 if (skb->len < sizeof(*ev) || skb->len < sizeof(*ev) +
807deac2 2570 ev->num_hndl * sizeof(struct hci_comp_blocks_info)) {
25e89e99
AE		 2571 BT_DBG("%s bad parameters", hdev->name);
2572 return;
2573 }
2574
2575 BT_DBG("%s num_blocks %d num_hndl %d", hdev->name, ev->num_blocks,
807deac2 2576 ev->num_hndl);
25e89e99
AE		 2577
2578 for (i = 0; i < ev->num_hndl; i++) {
2579 struct hci_comp_blocks_info *info = &ev->handles[i];
76ef7cf7 2580 struct hci_conn *conn = NULL;
25e89e99
AE		 2581 __u16 handle, block_count;
2582
2583 handle = __le16_to_cpu(info->handle);
2584 block_count = __le16_to_cpu(info->blocks);
2585
76ef7cf7 2586 conn = __hci_conn_lookup_handle(hdev, handle);
25e89e99
AE		 2587 if (!conn)
2588 continue;
2589
2590 conn->sent -= block_count;
2591
2592 switch (conn->type) {
2593 case ACL_LINK:
bd1eb66b 2594 case AMP_LINK:
25e89e99
AE		 2595 hdev->block_cnt += block_count;
2596 if (hdev->block_cnt > hdev->num_blocks)
2597 hdev->block_cnt = hdev->num_blocks;
2598 break;
2599
2600 default:
2601 BT_ERR("Unknown type %d conn %p", conn->type, conn);
2602 break;
2603 }
2604 }
2605
2606 queue_work(hdev->workqueue, &hdev->tx_work);
2607}
2608
6039aa73 2609static void hci_mode_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
04837f64 2610{
a9de9248 2611 struct hci_ev_mode_change *ev = (void *) skb->data;
04837f64
MH		 2612 struct hci_conn *conn;
2613
9f1db00c 2614 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
04837f64
MH		 2615
2616 hci_dev_lock(hdev);
2617
2618 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
a9de9248
MH		 2619 if (conn) {
2620 conn->mode = ev->mode;
2621 conn->interval = __le16_to_cpu(ev->interval);
2622
8fc9ced3
GP		 2623 if (!test_and_clear_bit(HCI_CONN_MODE_CHANGE_PEND,
2624 &conn->flags)) {
a9de9248 2625 if (conn->mode == HCI_CM_ACTIVE)
58a681ef 2626 set_bit(HCI_CONN_POWER_SAVE, &conn->flags);
a9de9248 2627 else
58a681ef 2628 clear_bit(HCI_CONN_POWER_SAVE, &conn->flags);
a9de9248 2629 }
e73439d8 2630
51a8efd7 2631 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
e73439d8 2632 hci_sco_setup(conn, ev->status);
04837f64
MH		 2633 }
2634
2635 hci_dev_unlock(hdev);
2636}
2637
6039aa73 2638static void hci_pin_code_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248 2639{
052b30b0
MH		 2640 struct hci_ev_pin_code_req *ev = (void *) skb->data;
2641 struct hci_conn *conn;
2642
a9de9248 2643 BT_DBG("%s", hdev->name);
052b30b0
MH		 2644
2645 hci_dev_lock(hdev);
2646
2647 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
b6f98044
WR		 2648 if (!conn)
2649 goto unlock;
2650
2651 if (conn->state == BT_CONNECTED) {
052b30b0
MH		 2652 hci_conn_hold(conn);
2653 conn->disc_timeout = HCI_PAIRING_TIMEOUT;
76a68ba0 2654 hci_conn_drop(conn);
052b30b0
MH		 2655 }
2656
a8b2d5c2 2657 if (!test_bit(HCI_PAIRABLE, &hdev->dev_flags))
03b555e1 2658 hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
807deac2 2659 sizeof(ev->bdaddr), &ev->bdaddr);
a8b2d5c2 2660 else if (test_bit(HCI_MGMT, &hdev->dev_flags)) {
a770bb5a
WR		 2661 u8 secure;
2662
2663 if (conn->pending_sec_level == BT_SECURITY_HIGH)
2664 secure = 1;
2665 else
2666 secure = 0;
2667
744cf19e 2668 mgmt_pin_code_request(hdev, &ev->bdaddr, secure);
a770bb5a 2669 }
980e1a53 2670
b6f98044 2671unlock:
052b30b0 2672 hci_dev_unlock(hdev);
a9de9248
MH		 2673}
2674
6039aa73 2675static void hci_link_key_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248 2676{
55ed8ca1
JH		 2677 struct hci_ev_link_key_req *ev = (void *) skb->data;
2678 struct hci_cp_link_key_reply cp;
2679 struct hci_conn *conn;
2680 struct link_key *key;
2681
a9de9248 2682 BT_DBG("%s", hdev->name);
55ed8ca1 2683
a8b2d5c2 2684 if (!test_bit(HCI_LINK_KEYS, &hdev->dev_flags))
55ed8ca1
JH		 2685 return;
2686
2687 hci_dev_lock(hdev);
2688
2689 key = hci_find_link_key(hdev, &ev->bdaddr);
2690 if (!key) {
6ed93dc6
AE		 2691 BT_DBG("%s link key not found for %pMR", hdev->name,
2692 &ev->bdaddr);
55ed8ca1
JH		 2693 goto not_found;
2694 }
2695
6ed93dc6
AE		 2696 BT_DBG("%s found key type %u for %pMR", hdev->name, key->type,
2697 &ev->bdaddr);
55ed8ca1 2698
a8b2d5c2 2699 if (!test_bit(HCI_DEBUG_KEYS, &hdev->dev_flags) &&
807deac2 2700 key->type == HCI_LK_DEBUG_COMBINATION) {
55ed8ca1
JH		 2701 BT_DBG("%s ignoring debug key", hdev->name);
2702 goto not_found;
2703 }
2704
2705 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
60b83f57
WR		 2706 if (conn) {
2707 if (key->type == HCI_LK_UNAUTH_COMBINATION &&
807deac2 2708 conn->auth_type != 0xff && (conn->auth_type & 0x01)) {
60b83f57
WR		 2709 BT_DBG("%s ignoring unauthenticated key", hdev->name);
2710 goto not_found;
2711 }
55ed8ca1 2712
60b83f57 2713 if (key->type == HCI_LK_COMBINATION && key->pin_len < 16 &&
807deac2 2714 conn->pending_sec_level == BT_SECURITY_HIGH) {
8fc9ced3
GP		 2715 BT_DBG("%s ignoring key unauthenticated for high security",
2716 hdev->name);
60b83f57
WR		 2717 goto not_found;
2718 }
2719
2720 conn->key_type = key->type;
2721 conn->pin_length = key->pin_len;
55ed8ca1
JH		 2722 }
2723
2724 bacpy(&cp.bdaddr, &ev->bdaddr);
9b3b4460 2725 memcpy(cp.link_key, key->val, HCI_LINK_KEY_SIZE);
55ed8ca1
JH		 2726
2727 hci_send_cmd(hdev, HCI_OP_LINK_KEY_REPLY, sizeof(cp), &cp);
2728
2729 hci_dev_unlock(hdev);
2730
2731 return;
2732
2733not_found:
2734 hci_send_cmd(hdev, HCI_OP_LINK_KEY_NEG_REPLY, 6, &ev->bdaddr);
2735 hci_dev_unlock(hdev);
a9de9248
MH		 2736}
2737
6039aa73 2738static void hci_link_key_notify_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248 2739{
052b30b0
MH		 2740 struct hci_ev_link_key_notify *ev = (void *) skb->data;
2741 struct hci_conn *conn;
55ed8ca1 2742 u8 pin_len = 0;
052b30b0 2743
a9de9248 2744 BT_DBG("%s", hdev->name);
052b30b0
MH		 2745
2746 hci_dev_lock(hdev);
2747
2748 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2749 if (conn) {
2750 hci_conn_hold(conn);
2751 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
980e1a53 2752 pin_len = conn->pin_length;
13d39315
WR		 2753
2754 if (ev->key_type != HCI_LK_CHANGED_COMBINATION)
2755 conn->key_type = ev->key_type;
2756
76a68ba0 2757 hci_conn_drop(conn);
052b30b0
MH		 2758 }
2759
a8b2d5c2 2760 if (test_bit(HCI_LINK_KEYS, &hdev->dev_flags))
d25e28ab 2761 hci_add_link_key(hdev, conn, 1, &ev->bdaddr, ev->link_key,
807deac2 2762 ev->key_type, pin_len);
55ed8ca1 2763
052b30b0 2764 hci_dev_unlock(hdev);
a9de9248
MH		 2765}
2766
6039aa73 2767static void hci_clock_offset_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 2768{
a9de9248 2769 struct hci_ev_clock_offset *ev = (void *) skb->data;
04837f64 2770 struct hci_conn *conn;
1da177e4 2771
9f1db00c 2772 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
1da177e4
LT		 2773
2774 hci_dev_lock(hdev);
2775
04837f64 2776 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1da177e4
LT		 2777 if (conn && !ev->status) {
2778 struct inquiry_entry *ie;
2779
cc11b9c1
AE		 2780 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
2781 if (ie) {
1da177e4
LT		 2782 ie->data.clock_offset = ev->clock_offset;
2783 ie->timestamp = jiffies;
2784 }
2785 }
2786
2787 hci_dev_unlock(hdev);
2788}
2789
6039aa73 2790static void hci_pkt_type_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
a8746417
MH		 2791{
2792 struct hci_ev_pkt_type_change *ev = (void *) skb->data;
2793 struct hci_conn *conn;
2794
9f1db00c 2795 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
a8746417
MH		 2796
2797 hci_dev_lock(hdev);
2798
2799 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2800 if (conn && !ev->status)
2801 conn->pkt_type = __le16_to_cpu(ev->pkt_type);
2802
2803 hci_dev_unlock(hdev);
2804}
2805
6039aa73 2806static void hci_pscan_rep_mode_evt(struct hci_dev *hdev, struct sk_buff *skb)
85a1e930 2807{
a9de9248 2808 struct hci_ev_pscan_rep_mode *ev = (void *) skb->data;
85a1e930
MH		 2809 struct inquiry_entry *ie;
2810
2811 BT_DBG("%s", hdev->name);
2812
2813 hci_dev_lock(hdev);
2814
cc11b9c1
AE		 2815 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
2816 if (ie) {
85a1e930
MH		 2817 ie->data.pscan_rep_mode = ev->pscan_rep_mode;
2818 ie->timestamp = jiffies;
2819 }
2820
2821 hci_dev_unlock(hdev);
2822}
2823
6039aa73
GP		 2824static void hci_inquiry_result_with_rssi_evt(struct hci_dev *hdev,
2825 struct sk_buff *skb)
a9de9248
MH		 2826{
2827 struct inquiry_data data;
2828 int num_rsp = *((__u8 *) skb->data);
388fc8fa 2829 bool name_known, ssp;
a9de9248
MH		 2830
2831 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
2832
2833 if (!num_rsp)
2834 return;
2835
1519cc17
AG		 2836 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags))
2837 return;
2838
a9de9248
MH		 2839 hci_dev_lock(hdev);
2840
2841 if ((skb->len - 1) / num_rsp != sizeof(struct inquiry_info_with_rssi)) {
138d22ef
SJ		 2842 struct inquiry_info_with_rssi_and_pscan_mode *info;
2843 info = (void *) (skb->data + 1);
a9de9248 2844
e17acd40 2845 for (; num_rsp; num_rsp--, info++) {
a9de9248
MH		 2846 bacpy(&data.bdaddr, &info->bdaddr);
2847 data.pscan_rep_mode = info->pscan_rep_mode;
2848 data.pscan_period_mode = info->pscan_period_mode;
2849 data.pscan_mode = info->pscan_mode;
2850 memcpy(data.dev_class, info->dev_class, 3);
2851 data.clock_offset = info->clock_offset;
2852 data.rssi = info->rssi;
41a96212 2853 data.ssp_mode = 0x00;
3175405b
JH		 2854
2855 name_known = hci_inquiry_cache_update(hdev, &data,
04124681 2856 false, &ssp);
48264f06 2857 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
04124681
GP		 2858 info->dev_class, info->rssi,
2859 !name_known, ssp, NULL, 0);
a9de9248
MH		 2860 }
2861 } else {
2862 struct inquiry_info_with_rssi *info = (void *) (skb->data + 1);
2863
e17acd40 2864 for (; num_rsp; num_rsp--, info++) {
a9de9248
MH		 2865 bacpy(&data.bdaddr, &info->bdaddr);
2866 data.pscan_rep_mode = info->pscan_rep_mode;
2867 data.pscan_period_mode = info->pscan_period_mode;
2868 data.pscan_mode = 0x00;
2869 memcpy(data.dev_class, info->dev_class, 3);
2870 data.clock_offset = info->clock_offset;
2871 data.rssi = info->rssi;
41a96212 2872 data.ssp_mode = 0x00;
3175405b 2873 name_known = hci_inquiry_cache_update(hdev, &data,
04124681 2874 false, &ssp);
48264f06 2875 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
04124681
GP		 2876 info->dev_class, info->rssi,
2877 !name_known, ssp, NULL, 0);
a9de9248
MH		 2878 }
2879 }
2880
2881 hci_dev_unlock(hdev);
2882}
2883
6039aa73
GP		 2884static void hci_remote_ext_features_evt(struct hci_dev *hdev,
2885 struct sk_buff *skb)
a9de9248 2886{
41a96212
MH		 2887 struct hci_ev_remote_ext_features *ev = (void *) skb->data;
2888 struct hci_conn *conn;
2889
a9de9248 2890 BT_DBG("%s", hdev->name);
41a96212 2891
41a96212
MH		 2892 hci_dev_lock(hdev);
2893
2894 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
ccd556fe
JH		 2895 if (!conn)
2896 goto unlock;
41a96212 2897
cad718ed
JH		 2898 if (ev->page < HCI_MAX_PAGES)
2899 memcpy(conn->features[ev->page], ev->features, 8);
2900
ccd556fe
JH		 2901 if (!ev->status && ev->page == 0x01) {
2902 struct inquiry_entry *ie;
41a96212 2903
cc11b9c1
AE		 2904 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
2905 if (ie)
02b7cc62 2906 ie->data.ssp_mode = (ev->features[0] & LMP_HOST_SSP);
769be974 2907
bbb0eada 2908 if (ev->features[0] & LMP_HOST_SSP) {
58a681ef 2909 set_bit(HCI_CONN_SSP_ENABLED, &conn->flags);
bbb0eada
JK		 2910 } else {
2911 /* It is mandatory by the Bluetooth specification that
2912 * Extended Inquiry Results are only used when Secure
2913 * Simple Pairing is enabled, but some devices violate
2914 * this.
2915 *
2916 * To make these devices work, the internal SSP
2917 * enabled flag needs to be cleared if the remote host
2918 * features do not indicate SSP support */
2919 clear_bit(HCI_CONN_SSP_ENABLED, &conn->flags);
2920 }
ccd556fe
JH		 2921 }
2922
2923 if (conn->state != BT_CONFIG)
2924 goto unlock;
2925
671267bf 2926 if (!ev->status && !test_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags)) {
127178d2
JH		 2927 struct hci_cp_remote_name_req cp;
2928 memset(&cp, 0, sizeof(cp));
2929 bacpy(&cp.bdaddr, &conn->dst);
2930 cp.pscan_rep_mode = 0x02;
2931 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
b644ba33
JH		 2932 } else if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
2933 mgmt_device_connected(hdev, &conn->dst, conn->type,
04124681
GP		 2934 conn->dst_type, 0, NULL, 0,
2935 conn->dev_class);
392599b9 2936
127178d2 2937 if (!hci_outgoing_auth_needed(hdev, conn)) {
ccd556fe
JH		 2938 conn->state = BT_CONNECTED;
2939 hci_proto_connect_cfm(conn, ev->status);
76a68ba0 2940 hci_conn_drop(conn);
41a96212
MH		 2941 }
2942
ccd556fe 2943unlock:
41a96212 2944 hci_dev_unlock(hdev);
a9de9248
MH		 2945}
2946
6039aa73
GP		 2947static void hci_sync_conn_complete_evt(struct hci_dev *hdev,
2948 struct sk_buff *skb)
a9de9248 2949{
b6a0dc82
MH		 2950 struct hci_ev_sync_conn_complete *ev = (void *) skb->data;
2951 struct hci_conn *conn;
2952
9f1db00c 2953 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
b6a0dc82
MH		 2954
2955 hci_dev_lock(hdev);
2956
2957 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
9dc0a3af
MH		 2958 if (!conn) {
2959 if (ev->link_type == ESCO_LINK)
2960 goto unlock;
2961
2962 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
2963 if (!conn)
2964 goto unlock;
2965
2966 conn->type = SCO_LINK;
2967 }
b6a0dc82 2968
732547f9
MH		 2969 switch (ev->status) {
2970 case 0x00:
b6a0dc82
MH		 2971 conn->handle = __le16_to_cpu(ev->handle);
2972 conn->state = BT_CONNECTED;
7d0db0a3
MH		 2973
2974 hci_conn_add_sysfs(conn);
732547f9
MH		 2975 break;
2976
6fa3eb70 2977 case 0x10: /* Connection Accept Timeout */
705e5711 2978 case 0x11: /* Unsupported Feature or Parameter Value */
732547f9 2979 case 0x1c: /* SCO interval rejected */
1038a00b 2980 case 0x1a: /* Unsupported Remote Feature */
732547f9
MH		 2981 case 0x1f: /* Unspecified error */
2982 if (conn->out && conn->attempt < 2) {
2983 conn->pkt_type = (hdev->esco_type & SCO_ESCO_MASK) |
2984 (hdev->esco_type & EDR_ESCO_MASK);
2985 hci_setup_sync(conn, conn->link->handle);
2986 goto unlock;
2987 }
2988 /* fall through */
2989
2990 default:
b6a0dc82 2991 conn->state = BT_CLOSED;
732547f9
MH		 2992 break;
2993 }
b6a0dc82
MH		 2994
2995 hci_proto_connect_cfm(conn, ev->status);
2996 if (ev->status)
2997 hci_conn_del(conn);
2998
2999unlock:
3000 hci_dev_unlock(hdev);
a9de9248
MH		 3001}
3002
6039aa73
GP		 3003static void hci_extended_inquiry_result_evt(struct hci_dev *hdev,
3004 struct sk_buff *skb)
1da177e4 3005{
a9de9248
MH		 3006 struct inquiry_data data;
3007 struct extended_inquiry_info *info = (void *) (skb->data + 1);
3008 int num_rsp = *((__u8 *) skb->data);
9d939d94 3009 size_t eir_len;
1da177e4 3010
a9de9248 3011 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
1da177e4 3012
a9de9248
MH		 3013 if (!num_rsp)
3014 return;
1da177e4 3015
1519cc17
AG		 3016 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags))
3017 return;
3018
a9de9248
MH		 3019 hci_dev_lock(hdev);
3020
e17acd40 3021 for (; num_rsp; num_rsp--, info++) {
388fc8fa 3022 bool name_known, ssp;
561aafbc 3023
a9de9248 3024 bacpy(&data.bdaddr, &info->bdaddr);
138d22ef
SJ		 3025 data.pscan_rep_mode = info->pscan_rep_mode;
3026 data.pscan_period_mode = info->pscan_period_mode;
3027 data.pscan_mode = 0x00;
a9de9248 3028 memcpy(data.dev_class, info->dev_class, 3);
138d22ef
SJ		 3029 data.clock_offset = info->clock_offset;
3030 data.rssi = info->rssi;
41a96212 3031 data.ssp_mode = 0x01;
561aafbc 3032
a8b2d5c2 3033 if (test_bit(HCI_MGMT, &hdev->dev_flags))
4ddb1930 3034 name_known = eir_has_data_type(info->data,
04124681
GP		 3035 sizeof(info->data),
3036 EIR_NAME_COMPLETE);
561aafbc
JH		 3037 else
3038 name_known = true;
3039
388fc8fa 3040 name_known = hci_inquiry_cache_update(hdev, &data, name_known,
04124681 3041 &ssp);
9d939d94 3042 eir_len = eir_get_length(info->data, sizeof(info->data));
48264f06 3043 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
04124681 3044 info->dev_class, info->rssi, !name_known,
9d939d94 3045 ssp, info->data, eir_len);
a9de9248
MH		 3046 }
3047
3048 hci_dev_unlock(hdev);
3049}
1da177e4 3050
1c2e0041
JH		 3051static void hci_key_refresh_complete_evt(struct hci_dev *hdev,
3052 struct sk_buff *skb)
3053{
3054 struct hci_ev_key_refresh_complete *ev = (void *) skb->data;
3055 struct hci_conn *conn;
3056
9f1db00c 3057 BT_DBG("%s status 0x%2.2x handle 0x%4.4x", hdev->name, ev->status,
1c2e0041
JH		 3058 __le16_to_cpu(ev->handle));
3059
3060 hci_dev_lock(hdev);
3061
3062 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
3063 if (!conn)
3064 goto unlock;
3065
2ef1b8b7
JH		 3066 /* For BR/EDR the necessary steps are taken through the
3067 * auth_complete event.
3068 */
3069 if (conn->type != LE_LINK)
3070 goto unlock;
3071
1c2e0041
JH		 3072 if (!ev->status)
3073 conn->sec_level = conn->pending_sec_level;
3074
3075 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
3076
3077 if (ev->status && conn->state == BT_CONNECTED) {
bed71748 3078 hci_disconnect(conn, HCI_ERROR_AUTH_FAILURE);
76a68ba0 3079 hci_conn_drop(conn);
1c2e0041
JH		 3080 goto unlock;
3081 }
3082
3083 if (conn->state == BT_CONFIG) {
3084 if (!ev->status)
3085 conn->state = BT_CONNECTED;
3086
3087 hci_proto_connect_cfm(conn, ev->status);
76a68ba0 3088 hci_conn_drop(conn);
1c2e0041
JH		 3089 } else {
3090 hci_auth_cfm(conn, ev->status);
3091
3092 hci_conn_hold(conn);
3093 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
76a68ba0 3094 hci_conn_drop(conn);
1c2e0041
JH		 3095 }
3096
3097unlock:
3098 hci_dev_unlock(hdev);
3099}
3100
6039aa73 3101static u8 hci_get_auth_req(struct hci_conn *conn)
17fa4b9d
JH		 3102{
3103 /* If remote requests dedicated bonding follow that lead */
3104 if (conn->remote_auth == 0x02 || conn->remote_auth == 0x03) {
3105 /* If both remote and local IO capabilities allow MITM
3106 * protection then require it, otherwise don't */
3107 if (conn->remote_cap == 0x03 || conn->io_capability == 0x03)
3108 return 0x02;
3109 else
3110 return 0x03;
3111 }
3112
3113 /* If remote requests no-bonding follow that lead */
3114 if (conn->remote_auth == 0x00 || conn->remote_auth == 0x01)
58797bf7 3115 return conn->remote_auth | (conn->auth_type & 0x01);
17fa4b9d
JH		 3116
3117 return conn->auth_type;
3118}
3119
6039aa73 3120static void hci_io_capa_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
0493684e
MH		 3121{
3122 struct hci_ev_io_capa_request *ev = (void *) skb->data;
3123 struct hci_conn *conn;
3124
3125 BT_DBG("%s", hdev->name);
3126
3127 hci_dev_lock(hdev);
3128
3129 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
03b555e1
JH		 3130 if (!conn)
3131 goto unlock;
3132
3133 hci_conn_hold(conn);
3134
a8b2d5c2 3135 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
03b555e1
JH		 3136 goto unlock;
3137
a8b2d5c2 3138 if (test_bit(HCI_PAIRABLE, &hdev->dev_flags) ||
807deac2 3139 (conn->remote_auth & ~0x01) == HCI_AT_NO_BONDING) {
17fa4b9d
JH		 3140 struct hci_cp_io_capability_reply cp;
3141
3142 bacpy(&cp.bdaddr, &ev->bdaddr);
7a7f1e7c
HG		 3143 /* Change the IO capability from KeyboardDisplay
3144 * to DisplayYesNo as it is not supported by BT spec. */
3145 cp.capability = (conn->io_capability == 0x04) ?
3146 0x01 : conn->io_capability;
7cbc9bd9
JH		 3147 conn->auth_type = hci_get_auth_req(conn);
3148 cp.authentication = conn->auth_type;
17fa4b9d 3149
8fc9ced3
GP		 3150 if (hci_find_remote_oob_data(hdev, &conn->dst) &&
3151 (conn->out || test_bit(HCI_CONN_REMOTE_OOB, &conn->flags)))
ce85ee13
SJ		 3152 cp.oob_data = 0x01;
3153 else
3154 cp.oob_data = 0x00;
3155
17fa4b9d 3156 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_REPLY,
807deac2 3157 sizeof(cp), &cp);
03b555e1
JH		 3158 } else {
3159 struct hci_cp_io_capability_neg_reply cp;
3160
3161 bacpy(&cp.bdaddr, &ev->bdaddr);
9f5a0d7b 3162 cp.reason = HCI_ERROR_PAIRING_NOT_ALLOWED;
0493684e 3163
03b555e1 3164 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_NEG_REPLY,
807deac2 3165 sizeof(cp), &cp);
03b555e1
JH		 3166 }
3167
3168unlock:
3169 hci_dev_unlock(hdev);
3170}
3171
6039aa73 3172static void hci_io_capa_reply_evt(struct hci_dev *hdev, struct sk_buff *skb)
03b555e1
JH		 3173{
3174 struct hci_ev_io_capa_reply *ev = (void *) skb->data;
3175 struct hci_conn *conn;
3176
3177 BT_DBG("%s", hdev->name);
3178
3179 hci_dev_lock(hdev);
3180
3181 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3182 if (!conn)
3183 goto unlock;
3184
03b555e1 3185 conn->remote_cap = ev->capability;
03b555e1 3186 conn->remote_auth = ev->authentication;
58a681ef
JH		 3187 if (ev->oob_data)
3188 set_bit(HCI_CONN_REMOTE_OOB, &conn->flags);
03b555e1
JH		 3189
3190unlock:
0493684e
MH		 3191 hci_dev_unlock(hdev);
3192}
3193
6039aa73
GP		 3194static void hci_user_confirm_request_evt(struct hci_dev *hdev,
3195 struct sk_buff *skb)
a5c29683
JH		 3196{
3197 struct hci_ev_user_confirm_req *ev = (void *) skb->data;
55bc1a37 3198 int loc_mitm, rem_mitm, confirm_hint = 0;
7a828908 3199 struct hci_conn *conn;
a5c29683
JH		 3200
3201 BT_DBG("%s", hdev->name);
3202
3203 hci_dev_lock(hdev);
3204
a8b2d5c2 3205 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
7a828908 3206 goto unlock;
a5c29683 3207
7a828908
JH		 3208 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3209 if (!conn)
3210 goto unlock;
3211
3212 loc_mitm = (conn->auth_type & 0x01);
3213 rem_mitm = (conn->remote_auth & 0x01);
3214
3215 /* If we require MITM but the remote device can't provide that
3216 * (it has NoInputNoOutput) then reject the confirmation
3217 * request. The only exception is when we're dedicated bonding
3218 * initiators (connect_cfm_cb set) since then we always have the MITM
3219 * bit set. */
3220 if (!conn->connect_cfm_cb && loc_mitm && conn->remote_cap == 0x03) {
3221 BT_DBG("Rejecting request: remote device can't provide MITM");
3222 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_NEG_REPLY,
807deac2 3223 sizeof(ev->bdaddr), &ev->bdaddr);
7a828908
JH		 3224 goto unlock;
3225 }
3226
3227 /* If no side requires MITM protection; auto-accept */
3228 if ((!loc_mitm || conn->remote_cap == 0x03) &&
807deac2 3229 (!rem_mitm || conn->io_capability == 0x03)) {
55bc1a37
JH		 3230
3231 /* If we're not the initiators request authorization to
3232 * proceed from user space (mgmt_user_confirm with
6ab84785
JH		 3233 * confirm_hint set to 1). The exception is if neither
3234 * side had MITM in which case we do auto-accept.
3235 */
3236 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->flags) &&
3237 (loc_mitm || rem_mitm)) {
55bc1a37
JH		 3238 BT_DBG("Confirming auto-accept as acceptor");
3239 confirm_hint = 1;
3240 goto confirm;
3241 }
3242
9f61656a 3243 BT_DBG("Auto-accept of user confirmation with %ums delay",
807deac2 3244 hdev->auto_accept_delay);
9f61656a
JH		 3245
3246 if (hdev->auto_accept_delay > 0) {
3247 int delay = msecs_to_jiffies(hdev->auto_accept_delay);
3248 mod_timer(&conn->auto_accept_timer, jiffies + delay);
3249 goto unlock;
3250 }
3251
7a828908 3252 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_REPLY,
807deac2 3253 sizeof(ev->bdaddr), &ev->bdaddr);
7a828908
JH		 3254 goto unlock;
3255 }
3256
55bc1a37 3257confirm:
272d90df 3258 mgmt_user_confirm_request(hdev, &ev->bdaddr, ACL_LINK, 0, ev->passkey,
04124681 3259 confirm_hint);
7a828908
JH		 3260
3261unlock:
a5c29683
JH		 3262 hci_dev_unlock(hdev);
3263}
3264
6039aa73
GP		 3265static void hci_user_passkey_request_evt(struct hci_dev *hdev,
3266 struct sk_buff *skb)
1143d458
BG		 3267{
3268 struct hci_ev_user_passkey_req *ev = (void *) skb->data;
3269
3270 BT_DBG("%s", hdev->name);
3271
a8b2d5c2 3272 if (test_bit(HCI_MGMT, &hdev->dev_flags))
272d90df 3273 mgmt_user_passkey_request(hdev, &ev->bdaddr, ACL_LINK, 0);
1143d458
BG		 3274}
3275
92a25256
JH		 3276static void hci_user_passkey_notify_evt(struct hci_dev *hdev,
3277 struct sk_buff *skb)
3278{
3279 struct hci_ev_user_passkey_notify *ev = (void *) skb->data;
3280 struct hci_conn *conn;
3281
3282 BT_DBG("%s", hdev->name);
3283
3284 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3285 if (!conn)
3286 return;
3287
3288 conn->passkey_notify = __le32_to_cpu(ev->passkey);
3289 conn->passkey_entered = 0;
3290
3291 if (test_bit(HCI_MGMT, &hdev->dev_flags))
3292 mgmt_user_passkey_notify(hdev, &conn->dst, conn->type,
3293 conn->dst_type, conn->passkey_notify,
3294 conn->passkey_entered);
3295}
3296
3297static void hci_keypress_notify_evt(struct hci_dev *hdev, struct sk_buff *skb)
3298{
3299 struct hci_ev_keypress_notify *ev = (void *) skb->data;
3300 struct hci_conn *conn;
3301
3302 BT_DBG("%s", hdev->name);
3303
3304 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3305 if (!conn)
3306 return;
3307
3308 switch (ev->type) {
3309 case HCI_KEYPRESS_STARTED:
3310 conn->passkey_entered = 0;
3311 return;
3312
3313 case HCI_KEYPRESS_ENTERED:
3314 conn->passkey_entered++;
3315 break;
3316
3317 case HCI_KEYPRESS_ERASED:
3318 conn->passkey_entered--;
3319 break;
3320
3321 case HCI_KEYPRESS_CLEARED:
3322 conn->passkey_entered = 0;
3323 break;
3324
3325 case HCI_KEYPRESS_COMPLETED:
3326 return;
3327 }
3328
3329 if (test_bit(HCI_MGMT, &hdev->dev_flags))
3330 mgmt_user_passkey_notify(hdev, &conn->dst, conn->type,
3331 conn->dst_type, conn->passkey_notify,
3332 conn->passkey_entered);
3333}
3334
6039aa73
GP		 3335static void hci_simple_pair_complete_evt(struct hci_dev *hdev,
3336 struct sk_buff *skb)
0493684e
MH		 3337{
3338 struct hci_ev_simple_pair_complete *ev = (void *) skb->data;
3339 struct hci_conn *conn;
3340
3341 BT_DBG("%s", hdev->name);
3342
3343 hci_dev_lock(hdev);
3344
3345 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2a611692
JH		 3346 if (!conn)
3347 goto unlock;
3348
3349 /* To avoid duplicate auth_failed events to user space we check
3350 * the HCI_CONN_AUTH_PEND flag which will be set if we
3351 * initiated the authentication. A traditional auth_complete
3352 * event gets always produced as initiator and is also mapped to
3353 * the mgmt_auth_failed event */
fa1bd918 3354 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->flags) && ev->status)
bab73cb6 3355 mgmt_auth_failed(hdev, &conn->dst, conn->type, conn->dst_type,
04124681 3356 ev->status);
0493684e 3357
76a68ba0 3358 hci_conn_drop(conn);
2a611692
JH		 3359
3360unlock:
0493684e
MH		 3361 hci_dev_unlock(hdev);
3362}
3363
6039aa73
GP		 3364static void hci_remote_host_features_evt(struct hci_dev *hdev,
3365 struct sk_buff *skb)
41a96212
MH		 3366{
3367 struct hci_ev_remote_host_features *ev = (void *) skb->data;
3368 struct inquiry_entry *ie;
cad718ed 3369 struct hci_conn *conn;
41a96212
MH		 3370
3371 BT_DBG("%s", hdev->name);
3372
3373 hci_dev_lock(hdev);
3374
cad718ed
JH		 3375 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3376 if (conn)
3377 memcpy(conn->features[1], ev->features, 8);
3378
cc11b9c1
AE		 3379 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
3380 if (ie)
02b7cc62 3381 ie->data.ssp_mode = (ev->features[0] & LMP_HOST_SSP);
41a96212
MH		 3382
3383 hci_dev_unlock(hdev);
3384}
3385
6039aa73
GP		 3386static void hci_remote_oob_data_request_evt(struct hci_dev *hdev,
3387 struct sk_buff *skb)
2763eda6
SJ		 3388{
3389 struct hci_ev_remote_oob_data_request *ev = (void *) skb->data;
3390 struct oob_data *data;
3391
3392 BT_DBG("%s", hdev->name);
3393
3394 hci_dev_lock(hdev);
3395
a8b2d5c2 3396 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
e1ba1f15
SJ		 3397 goto unlock;
3398
2763eda6
SJ		 3399 data = hci_find_remote_oob_data(hdev, &ev->bdaddr);
3400 if (data) {
3401 struct hci_cp_remote_oob_data_reply cp;
3402
3403 bacpy(&cp.bdaddr, &ev->bdaddr);
3404 memcpy(cp.hash, data->hash, sizeof(cp.hash));
3405 memcpy(cp.randomizer, data->randomizer, sizeof(cp.randomizer));
3406
3407 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_REPLY, sizeof(cp),
807deac2 3408 &cp);
2763eda6
SJ		 3409 } else {
3410 struct hci_cp_remote_oob_data_neg_reply cp;
3411
3412 bacpy(&cp.bdaddr, &ev->bdaddr);
3413 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_NEG_REPLY, sizeof(cp),
807deac2 3414 &cp);
2763eda6
SJ		 3415 }
3416
e1ba1f15 3417unlock:
2763eda6
SJ		 3418 hci_dev_unlock(hdev);
3419}
3420
d5e91192
AE		 3421static void hci_phy_link_complete_evt(struct hci_dev *hdev,
3422 struct sk_buff *skb)
3423{
3424 struct hci_ev_phy_link_complete *ev = (void *) skb->data;
3425 struct hci_conn *hcon, *bredr_hcon;
3426
3427 BT_DBG("%s handle 0x%2.2x status 0x%2.2x", hdev->name, ev->phy_handle,
3428 ev->status);
3429
3430 hci_dev_lock(hdev);
3431
3432 hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
3433 if (!hcon) {
3434 hci_dev_unlock(hdev);
3435 return;
3436 }
3437
3438 if (ev->status) {
3439 hci_conn_del(hcon);
3440 hci_dev_unlock(hdev);
3441 return;
3442 }
3443
3444 bredr_hcon = hcon->amp_mgr->l2cap_conn->hcon;
3445
3446 hcon->state = BT_CONNECTED;
3447 bacpy(&hcon->dst, &bredr_hcon->dst);
3448
3449 hci_conn_hold(hcon);
3450 hcon->disc_timeout = HCI_DISCONN_TIMEOUT;
76a68ba0 3451 hci_conn_drop(hcon);
d5e91192 3452
d5e91192
AE		 3453 hci_conn_add_sysfs(hcon);
3454
cf70ff22 3455 amp_physical_cfm(bredr_hcon, hcon);
d5e91192 3456
cf70ff22 3457 hci_dev_unlock(hdev);
d5e91192
AE		 3458}
3459
27695fb4
AE		 3460static void hci_loglink_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
3461{
3462 struct hci_ev_logical_link_complete *ev = (void *) skb->data;
3463 struct hci_conn *hcon;
3464 struct hci_chan *hchan;
3465 struct amp_mgr *mgr;
3466
3467 BT_DBG("%s log_handle 0x%4.4x phy_handle 0x%2.2x status 0x%2.2x",
3468 hdev->name, le16_to_cpu(ev->handle), ev->phy_handle,
3469 ev->status);
3470
3471 hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
3472 if (!hcon)
3473 return;
3474
3475 /* Create AMP hchan */
3476 hchan = hci_chan_create(hcon);
3477 if (!hchan)
3478 return;
3479
3480 hchan->handle = le16_to_cpu(ev->handle);
3481
3482 BT_DBG("hcon %p mgr %p hchan %p", hcon, hcon->amp_mgr, hchan);
3483
3484 mgr = hcon->amp_mgr;
3485 if (mgr && mgr->bredr_chan) {
3486 struct l2cap_chan *bredr_chan = mgr->bredr_chan;
3487
3488 l2cap_chan_lock(bredr_chan);
3489
3490 bredr_chan->conn->mtu = hdev->block_mtu;
3491 l2cap_logical_cfm(bredr_chan, hchan, 0);
3492 hci_conn_hold(hcon);
3493
3494 l2cap_chan_unlock(bredr_chan);
3495 }
3496}
3497
606e2a10
AE		 3498static void hci_disconn_loglink_complete_evt(struct hci_dev *hdev,
3499 struct sk_buff *skb)
3500{
3501 struct hci_ev_disconn_logical_link_complete *ev = (void *) skb->data;
3502 struct hci_chan *hchan;
3503
3504 BT_DBG("%s log handle 0x%4.4x status 0x%2.2x", hdev->name,
3505 le16_to_cpu(ev->handle), ev->status);
3506
3507 if (ev->status)
3508 return;
3509
3510 hci_dev_lock(hdev);
3511
3512 hchan = hci_chan_lookup_handle(hdev, le16_to_cpu(ev->handle));
3513 if (!hchan)
3514 goto unlock;
3515
3516 amp_destroy_logical_link(hchan, ev->reason);
3517
3518unlock:
3519 hci_dev_unlock(hdev);
3520}
3521
9eef6b3a
AE		 3522static void hci_disconn_phylink_complete_evt(struct hci_dev *hdev,
3523 struct sk_buff *skb)
3524{
3525 struct hci_ev_disconn_phy_link_complete *ev = (void *) skb->data;
3526 struct hci_conn *hcon;
3527
3528 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
3529
3530 if (ev->status)
3531 return;
3532
3533 hci_dev_lock(hdev);
3534
3535 hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
3536 if (hcon) {
3537 hcon->state = BT_CLOSED;
3538 hci_conn_del(hcon);
3539 }
3540
3541 hci_dev_unlock(hdev);
3542}
3543
6039aa73 3544static void hci_le_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
fcd89c09
VT		 3545{
3546 struct hci_ev_le_conn_complete *ev = (void *) skb->data;
3547 struct hci_conn *conn;
3548
9f1db00c 3549 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
fcd89c09
VT		 3550
3551 hci_dev_lock(hdev);
3552
b47a09b3 3553 conn = hci_conn_hash_lookup_state(hdev, LE_LINK, BT_CONNECT);
b62f328b 3554 if (!conn) {
6fa3eb70 3555 conn = hci_conn_add(hdev, LE_LINK, 0, &ev->bdaddr);
b62f328b
VT		 3556 if (!conn) {
3557 BT_ERR("No memory for new connection");
230fd16a 3558 goto unlock;
b62f328b 3559 }
29b7988a
AG		 3560
3561 conn->dst_type = ev->bdaddr_type;
b9b343d2
AG		 3562
3563 if (ev->role == LE_CONN_ROLE_MASTER) {
3564 conn->out = true;
3565 conn->link_mode |= HCI_LM_MASTER;
3566 }
b62f328b 3567 }
fcd89c09 3568
cd17decb
AG		 3569 if (ev->status) {
3570 mgmt_connect_failed(hdev, &conn->dst, conn->type,
3571 conn->dst_type, ev->status);
3572 hci_proto_connect_cfm(conn, ev->status);
3573 conn->state = BT_CLOSED;
3574 hci_conn_del(conn);
3575 goto unlock;
3576 }
3577
b644ba33
JH		 3578 if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
3579 mgmt_device_connected(hdev, &ev->bdaddr, conn->type,
04124681 3580 conn->dst_type, 0, NULL, 0, NULL);
83bc71b4 3581
7b5c0d52 3582 conn->sec_level = BT_SECURITY_LOW;
fcd89c09
VT		 3583 conn->handle = __le16_to_cpu(ev->handle);
3584 conn->state = BT_CONNECTED;
3585
fcd89c09
VT		 3586 hci_conn_add_sysfs(conn);
3587
3588 hci_proto_connect_cfm(conn, ev->status);
3589
3590unlock:
3591 hci_dev_unlock(hdev);
3592}
3593
6039aa73 3594static void hci_le_adv_report_evt(struct hci_dev *hdev, struct sk_buff *skb)
9aa04c91 3595{
e95beb41
AG		 3596 u8 num_reports = skb->data[0];
3597 void *ptr = &skb->data[1];
3c9e9195 3598 s8 rssi;
9aa04c91 3599
e95beb41
AG		 3600 while (num_reports--) {
3601 struct hci_ev_le_advertising_info *ev = ptr;
9aa04c91 3602
3c9e9195
AG		 3603 rssi = ev->data[ev->length];
3604 mgmt_device_found(hdev, &ev->bdaddr, LE_LINK, ev->bdaddr_type,
04124681 3605 NULL, rssi, 0, 1, ev->data, ev->length);
3c9e9195 3606
e95beb41 3607 ptr += sizeof(*ev) + ev->length + 1;
9aa04c91 3608 }
9aa04c91
AG		 3609}
3610
6039aa73 3611static void hci_le_ltk_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
a7a595f6
VCG		 3612{
3613 struct hci_ev_le_ltk_req *ev = (void *) skb->data;
3614 struct hci_cp_le_ltk_reply cp;
bea710fe 3615 struct hci_cp_le_ltk_neg_reply neg;
a7a595f6 3616 struct hci_conn *conn;
c9839a11 3617 struct smp_ltk *ltk;
a7a595f6 3618
9f1db00c 3619 BT_DBG("%s handle 0x%4.4x", hdev->name, __le16_to_cpu(ev->handle));
a7a595f6
VCG		 3620
3621 hci_dev_lock(hdev);
3622
3623 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
bea710fe
VCG		 3624 if (conn == NULL)
3625 goto not_found;
a7a595f6 3626
bea710fe
VCG		 3627 ltk = hci_find_ltk(hdev, ev->ediv, ev->random);
3628 if (ltk == NULL)
3629 goto not_found;
3630
3631 memcpy(cp.ltk, ltk->val, sizeof(ltk->val));
a7a595f6 3632 cp.handle = cpu_to_le16(conn->handle);
c9839a11
VCG		 3633
3634 if (ltk->authenticated)
a508ba2c
AG		 3635 conn->pending_sec_level = BT_SECURITY_HIGH;
3636 else
3637 conn->pending_sec_level = BT_SECURITY_MEDIUM;
a7a595f6 3638
ad04e6cb
AG		 3639 conn->enc_key_size = ltk->enc_size;
3640
a7a595f6
VCG		 3641 hci_send_cmd(hdev, HCI_OP_LE_LTK_REPLY, sizeof(cp), &cp);
3642
2dbecc73
CT		 3643 /* Ref. Bluetooth Core SPEC pages 1975 and 2004. STK is a
3644 * temporary key used to encrypt a connection following
3645 * pairing. It is used during the Encrypted Session Setup to
3646 * distribute the keys. Later, security can be re-established
3647 * using a distributed LTK.
3648 */
3649 if (ltk->type == HCI_SMP_STK_SLAVE) {
c9839a11
VCG		 3650 list_del(&ltk->list);
3651 kfree(ltk);
3652 }
3653
a7a595f6 3654 hci_dev_unlock(hdev);
bea710fe
VCG		 3655
3656 return;
3657
3658not_found:
3659 neg.handle = ev->handle;
3660 hci_send_cmd(hdev, HCI_OP_LE_LTK_NEG_REPLY, sizeof(neg), &neg);
3661 hci_dev_unlock(hdev);
a7a595f6
VCG		 3662}
3663
6039aa73 3664static void hci_le_meta_evt(struct hci_dev *hdev, struct sk_buff *skb)
fcd89c09
VT		 3665{
3666 struct hci_ev_le_meta *le_ev = (void *) skb->data;
3667
3668 skb_pull(skb, sizeof(*le_ev));
3669
3670 switch (le_ev->subevent) {
3671 case HCI_EV_LE_CONN_COMPLETE:
3672 hci_le_conn_complete_evt(hdev, skb);
3673 break;
3674
9aa04c91
AG		 3675 case HCI_EV_LE_ADVERTISING_REPORT:
3676 hci_le_adv_report_evt(hdev, skb);
3677 break;
3678
a7a595f6
VCG		 3679 case HCI_EV_LE_LTK_REQ:
3680 hci_le_ltk_request_evt(hdev, skb);
3681 break;
3682
fcd89c09
VT		 3683 default:
3684 break;
3685 }
3686}
3687
9495b2ee
AE		 3688static void hci_chan_selected_evt(struct hci_dev *hdev, struct sk_buff *skb)
3689{
3690 struct hci_ev_channel_selected *ev = (void *) skb->data;
3691 struct hci_conn *hcon;
3692
3693 BT_DBG("%s handle 0x%2.2x", hdev->name, ev->phy_handle);
3694
3695 skb_pull(skb, sizeof(*ev));
3696
3697 hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
3698 if (!hcon)
3699 return;
3700
3701 amp_read_loc_assoc_final_data(hdev, hcon);
3702}
3703
a9de9248
MH		 3704void hci_event_packet(struct hci_dev *hdev, struct sk_buff *skb)
3705{
3706 struct hci_event_hdr *hdr = (void *) skb->data;
3707 __u8 event = hdr->evt;
3708
b6ddb638
JH		 3709 hci_dev_lock(hdev);
3710
3711 /* Received events are (currently) only needed when a request is
3712 * ongoing so avoid unnecessary memory allocation.
3713 */
3714 if (hdev->req_status == HCI_REQ_PEND) {
3715 kfree_skb(hdev->recv_evt);
3716 hdev->recv_evt = skb_clone(skb, GFP_KERNEL);
3717 }
3718
3719 hci_dev_unlock(hdev);
3720
a9de9248
MH		 3721 skb_pull(skb, HCI_EVENT_HDR_SIZE);
3722
02350a72
JH		 3723 if (hdev->sent_cmd && bt_cb(hdev->sent_cmd)->req.event == event) {
3724 struct hci_command_hdr *hdr = (void *) hdev->sent_cmd->data;
3725 u16 opcode = __le16_to_cpu(hdr->opcode);
3726
3727 hci_req_cmd_complete(hdev, opcode, 0);
3728 }
3729
a9de9248 3730 switch (event) {
1da177e4
LT		 3731 case HCI_EV_INQUIRY_COMPLETE:
3732 hci_inquiry_complete_evt(hdev, skb);
3733 break;
3734
3735 case HCI_EV_INQUIRY_RESULT:
3736 hci_inquiry_result_evt(hdev, skb);
3737 break;
3738
a9de9248
MH		 3739 case HCI_EV_CONN_COMPLETE:
3740 hci_conn_complete_evt(hdev, skb);
21d9e30e
MH		 3741 break;
3742
1da177e4
LT		 3743 case HCI_EV_CONN_REQUEST:
3744 hci_conn_request_evt(hdev, skb);
3745 break;
3746
1da177e4
LT		 3747 case HCI_EV_DISCONN_COMPLETE:
3748 hci_disconn_complete_evt(hdev, skb);
3749 break;
3750
1da177e4
LT		 3751 case HCI_EV_AUTH_COMPLETE:
3752 hci_auth_complete_evt(hdev, skb);
3753 break;
3754
a9de9248
MH		 3755 case HCI_EV_REMOTE_NAME:
3756 hci_remote_name_evt(hdev, skb);
3757 break;
3758
1da177e4
LT		 3759 case HCI_EV_ENCRYPT_CHANGE:
3760 hci_encrypt_change_evt(hdev, skb);
3761 break;
3762
a9de9248
MH		 3763 case HCI_EV_CHANGE_LINK_KEY_COMPLETE:
3764 hci_change_link_key_complete_evt(hdev, skb);
3765 break;
3766
3767 case HCI_EV_REMOTE_FEATURES:
3768 hci_remote_features_evt(hdev, skb);
3769 break;
3770
a9de9248
MH		 3771 case HCI_EV_CMD_COMPLETE:
3772 hci_cmd_complete_evt(hdev, skb);
3773 break;
3774
3775 case HCI_EV_CMD_STATUS:
3776 hci_cmd_status_evt(hdev, skb);
3777 break;
3778
3779 case HCI_EV_ROLE_CHANGE:
3780 hci_role_change_evt(hdev, skb);
3781 break;
3782
3783 case HCI_EV_NUM_COMP_PKTS:
3784 hci_num_comp_pkts_evt(hdev, skb);
3785 break;
3786
3787 case HCI_EV_MODE_CHANGE:
3788 hci_mode_change_evt(hdev, skb);
1da177e4
LT		 3789 break;
3790
3791 case HCI_EV_PIN_CODE_REQ:
3792 hci_pin_code_request_evt(hdev, skb);
3793 break;
3794
3795 case HCI_EV_LINK_KEY_REQ:
3796 hci_link_key_request_evt(hdev, skb);
3797 break;
3798
3799 case HCI_EV_LINK_KEY_NOTIFY:
3800 hci_link_key_notify_evt(hdev, skb);
3801 break;
3802
3803 case HCI_EV_CLOCK_OFFSET:
3804 hci_clock_offset_evt(hdev, skb);
3805 break;
3806
a8746417
MH		 3807 case HCI_EV_PKT_TYPE_CHANGE:
3808 hci_pkt_type_change_evt(hdev, skb);
3809 break;
3810
85a1e930
MH		 3811 case HCI_EV_PSCAN_REP_MODE:
3812 hci_pscan_rep_mode_evt(hdev, skb);
3813 break;
3814
a9de9248
MH		 3815 case HCI_EV_INQUIRY_RESULT_WITH_RSSI:
3816 hci_inquiry_result_with_rssi_evt(hdev, skb);
04837f64
MH		 3817 break;
3818
a9de9248
MH		 3819 case HCI_EV_REMOTE_EXT_FEATURES:
3820 hci_remote_ext_features_evt(hdev, skb);
1da177e4
LT		 3821 break;
3822
a9de9248
MH		 3823 case HCI_EV_SYNC_CONN_COMPLETE:
3824 hci_sync_conn_complete_evt(hdev, skb);
3825 break;
1da177e4 3826
a9de9248
MH		 3827 case HCI_EV_EXTENDED_INQUIRY_RESULT:
3828 hci_extended_inquiry_result_evt(hdev, skb);
3829 break;
1da177e4 3830
1c2e0041
JH		 3831 case HCI_EV_KEY_REFRESH_COMPLETE:
3832 hci_key_refresh_complete_evt(hdev, skb);
3833 break;
3834
0493684e
MH		 3835 case HCI_EV_IO_CAPA_REQUEST:
3836 hci_io_capa_request_evt(hdev, skb);
3837 break;
3838
03b555e1
JH		 3839 case HCI_EV_IO_CAPA_REPLY:
3840 hci_io_capa_reply_evt(hdev, skb);
3841 break;
3842
a5c29683
JH		 3843 case HCI_EV_USER_CONFIRM_REQUEST:
3844 hci_user_confirm_request_evt(hdev, skb);
3845 break;
3846
1143d458
BG		 3847 case HCI_EV_USER_PASSKEY_REQUEST:
3848 hci_user_passkey_request_evt(hdev, skb);
3849 break;
3850
92a25256
JH		 3851 case HCI_EV_USER_PASSKEY_NOTIFY:
3852 hci_user_passkey_notify_evt(hdev, skb);
3853 break;
3854
3855 case HCI_EV_KEYPRESS_NOTIFY:
3856 hci_keypress_notify_evt(hdev, skb);
3857 break;
3858
0493684e
MH		 3859 case HCI_EV_SIMPLE_PAIR_COMPLETE:
3860 hci_simple_pair_complete_evt(hdev, skb);
3861 break;
3862
41a96212
MH		 3863 case HCI_EV_REMOTE_HOST_FEATURES:
3864 hci_remote_host_features_evt(hdev, skb);
3865 break;
3866
fcd89c09
VT		 3867 case HCI_EV_LE_META:
3868 hci_le_meta_evt(hdev, skb);
3869 break;
3870
9495b2ee
AE		 3871 case HCI_EV_CHANNEL_SELECTED:
3872 hci_chan_selected_evt(hdev, skb);
3873 break;
3874
2763eda6
SJ		 3875 case HCI_EV_REMOTE_OOB_DATA_REQUEST:
3876 hci_remote_oob_data_request_evt(hdev, skb);
3877 break;
3878
d5e91192
AE		 3879 case HCI_EV_PHY_LINK_COMPLETE:
3880 hci_phy_link_complete_evt(hdev, skb);
3881 break;
3882
27695fb4
AE		 3883 case HCI_EV_LOGICAL_LINK_COMPLETE:
3884 hci_loglink_complete_evt(hdev, skb);
3885 break;
3886
606e2a10
AE		 3887 case HCI_EV_DISCONN_LOGICAL_LINK_COMPLETE:
3888 hci_disconn_loglink_complete_evt(hdev, skb);
3889 break;
3890
9eef6b3a
AE		 3891 case HCI_EV_DISCONN_PHY_LINK_COMPLETE:
3892 hci_disconn_phylink_complete_evt(hdev, skb);
3893 break;
3894
25e89e99
AE		 3895 case HCI_EV_NUM_COMP_BLOCKS:
3896 hci_num_comp_blocks_evt(hdev, skb);
3897 break;
3898
a9de9248 3899 default:
9f1db00c 3900 BT_DBG("%s event 0x%2.2x", hdev->name, event);
1da177e4
LT		 3901 break;
3902 }
3903
3904 kfree_skb(skb);
3905 hdev->stat.evt_rx++;
3906}
kernel source for telekom puls (alcatel/mediatek)