projects / GitHub / mt8127 / android_kernel_alcatel_ttab.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Bluetooth: Check earlier for L2CAP ERTM frames to drop
[GitHub/mt8127/android_kernel_alcatel_ttab.git] / net / bluetooth / hci_event.c
CommitLineData
8e87d142 1/*
1da177e4 2 BlueZ - Bluetooth protocol stack for Linux
2d0a0346 3 Copyright (c) 2000-2001, 2010, Code Aurora Forum. All rights reserved.
1da177e4
LT		 4
5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
8e87d142
YH		 15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
1da177e4
LT		 18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
8e87d142
YH		 20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
1da177e4
LT		 22 SOFTWARE IS DISCLAIMED.
23*/
24
25/* Bluetooth HCI event handling. */
26
1da177e4
LT		 27#include <linux/module.h>
28
29#include <linux/types.h>
30#include <linux/errno.h>
31#include <linux/kernel.h>
1da177e4
LT		 32#include <linux/slab.h>
33#include <linux/poll.h>
34#include <linux/fcntl.h>
35#include <linux/init.h>
36#include <linux/skbuff.h>
37#include <linux/interrupt.h>
38#include <linux/notifier.h>
39#include <net/sock.h>
40
41#include <asm/system.h>
70f23020 42#include <linux/uaccess.h>
1da177e4
LT		 43#include <asm/unaligned.h>
44
45#include <net/bluetooth/bluetooth.h>
46#include <net/bluetooth/hci_core.h>
47
1da177e4
LT		 48/* Handle HCI Event packets */
49
a9de9248 50static void hci_cc_inquiry_cancel(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 51{
a9de9248 52 __u8 status = *((__u8 *) skb->data);
1da177e4 53
a9de9248 54 BT_DBG("%s status 0x%x", hdev->name, status);
1da177e4 55
a9de9248
MH		 56 if (status)
57 return;
1da177e4 58
314b2381
JH		 59 if (test_bit(HCI_MGMT, &hdev->flags) &&
60 test_and_clear_bit(HCI_INQUIRY, &hdev->flags))
61 mgmt_discovering(hdev->id, 0);
6bd57416 62
23bb5763 63 hci_req_complete(hdev, HCI_OP_INQUIRY_CANCEL, status);
a9de9248
MH		 64
65 hci_conn_check_pending(hdev);
66}
6bd57416 67
a9de9248
MH		 68static void hci_cc_exit_periodic_inq(struct hci_dev *hdev, struct sk_buff *skb)
69{
70 __u8 status = *((__u8 *) skb->data);
6bd57416 71
a9de9248 72 BT_DBG("%s status 0x%x", hdev->name, status);
6bd57416 73
a9de9248
MH		 74 if (status)
75 return;
1da177e4 76
314b2381
JH		 77 if (test_bit(HCI_MGMT, &hdev->flags) &&
78 test_and_clear_bit(HCI_INQUIRY, &hdev->flags))
79 mgmt_discovering(hdev->id, 0);
a9de9248
MH		 80
81 hci_conn_check_pending(hdev);
82}
83
84static void hci_cc_remote_name_req_cancel(struct hci_dev *hdev, struct sk_buff *skb)
85{
86 BT_DBG("%s", hdev->name);
87}
88
89static void hci_cc_role_discovery(struct hci_dev *hdev, struct sk_buff *skb)
90{
91 struct hci_rp_role_discovery *rp = (void *) skb->data;
92 struct hci_conn *conn;
93
94 BT_DBG("%s status 0x%x", hdev->name, rp->status);
95
96 if (rp->status)
97 return;
98
99 hci_dev_lock(hdev);
100
101 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
102 if (conn) {
103 if (rp->role)
104 conn->link_mode &= ~HCI_LM_MASTER;
105 else
106 conn->link_mode |= HCI_LM_MASTER;
1da177e4 107 }
a9de9248
MH		 108
109 hci_dev_unlock(hdev);
1da177e4
LT		 110}
111
e4e8e37c
MH		 112static void hci_cc_read_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
113{
114 struct hci_rp_read_link_policy *rp = (void *) skb->data;
115 struct hci_conn *conn;
116
117 BT_DBG("%s status 0x%x", hdev->name, rp->status);
118
119 if (rp->status)
120 return;
121
122 hci_dev_lock(hdev);
123
124 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
125 if (conn)
126 conn->link_policy = __le16_to_cpu(rp->policy);
127
128 hci_dev_unlock(hdev);
129}
130
a9de9248 131static void hci_cc_write_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 132{
a9de9248 133 struct hci_rp_write_link_policy *rp = (void *) skb->data;
1da177e4 134 struct hci_conn *conn;
04837f64 135 void *sent;
1da177e4 136
a9de9248 137 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1da177e4 138
a9de9248
MH		 139 if (rp->status)
140 return;
1da177e4 141
a9de9248
MH		 142 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LINK_POLICY);
143 if (!sent)
144 return;
1da177e4 145
a9de9248 146 hci_dev_lock(hdev);
1da177e4 147
a9de9248 148 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
e4e8e37c 149 if (conn)
83985319 150 conn->link_policy = get_unaligned_le16(sent + 2);
1da177e4 151
a9de9248
MH		 152 hci_dev_unlock(hdev);
153}
1da177e4 154
e4e8e37c
MH		 155static void hci_cc_read_def_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
156{
157 struct hci_rp_read_def_link_policy *rp = (void *) skb->data;
158
159 BT_DBG("%s status 0x%x", hdev->name, rp->status);
160
161 if (rp->status)
162 return;
163
164 hdev->link_policy = __le16_to_cpu(rp->policy);
165}
166
167static void hci_cc_write_def_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
168{
169 __u8 status = *((__u8 *) skb->data);
170 void *sent;
171
172 BT_DBG("%s status 0x%x", hdev->name, status);
173
174 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_DEF_LINK_POLICY);
175 if (!sent)
176 return;
177
178 if (!status)
179 hdev->link_policy = get_unaligned_le16(sent);
180
23bb5763 181 hci_req_complete(hdev, HCI_OP_WRITE_DEF_LINK_POLICY, status);
e4e8e37c
MH		 182}
183
a9de9248
MH		 184static void hci_cc_reset(struct hci_dev *hdev, struct sk_buff *skb)
185{
186 __u8 status = *((__u8 *) skb->data);
04837f64 187
a9de9248 188 BT_DBG("%s status 0x%x", hdev->name, status);
04837f64 189
10572132
GP		 190 clear_bit(HCI_RESET, &hdev->flags);
191
23bb5763 192 hci_req_complete(hdev, HCI_OP_RESET, status);
a9de9248 193}
04837f64 194
a9de9248
MH		 195static void hci_cc_write_local_name(struct hci_dev *hdev, struct sk_buff *skb)
196{
197 __u8 status = *((__u8 *) skb->data);
198 void *sent;
04837f64 199
a9de9248 200 BT_DBG("%s status 0x%x", hdev->name, status);
04837f64 201
a9de9248
MH		 202 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LOCAL_NAME);
203 if (!sent)
204 return;
04837f64 205
b312b161
JH		 206 if (test_bit(HCI_MGMT, &hdev->flags))
207 mgmt_set_local_name_complete(hdev->id, sent, status);
208
209 if (status)
210 return;
211
1f6c6378 212 memcpy(hdev->dev_name, sent, HCI_MAX_NAME_LENGTH);
a9de9248
MH		 213}
214
215static void hci_cc_read_local_name(struct hci_dev *hdev, struct sk_buff *skb)
216{
217 struct hci_rp_read_local_name *rp = (void *) skb->data;
218
219 BT_DBG("%s status 0x%x", hdev->name, rp->status);
220
221 if (rp->status)
222 return;
223
1f6c6378 224 memcpy(hdev->dev_name, rp->name, HCI_MAX_NAME_LENGTH);
a9de9248
MH		 225}
226
227static void hci_cc_write_auth_enable(struct hci_dev *hdev, struct sk_buff *skb)
228{
229 __u8 status = *((__u8 *) skb->data);
230 void *sent;
231
232 BT_DBG("%s status 0x%x", hdev->name, status);
233
234 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_AUTH_ENABLE);
235 if (!sent)
236 return;
237
238 if (!status) {
239 __u8 param = *((__u8 *) sent);
240
241 if (param == AUTH_ENABLED)
242 set_bit(HCI_AUTH, &hdev->flags);
243 else
244 clear_bit(HCI_AUTH, &hdev->flags);
1da177e4 245 }
a9de9248 246
23bb5763 247 hci_req_complete(hdev, HCI_OP_WRITE_AUTH_ENABLE, status);
1da177e4
LT		 248}
249
a9de9248 250static void hci_cc_write_encrypt_mode(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 251{
a9de9248 252 __u8 status = *((__u8 *) skb->data);
1da177e4
LT		 253 void *sent;
254
a9de9248 255 BT_DBG("%s status 0x%x", hdev->name, status);
1da177e4 256
a9de9248
MH		 257 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_ENCRYPT_MODE);
258 if (!sent)
259 return;
1da177e4 260
a9de9248
MH		 261 if (!status) {
262 __u8 param = *((__u8 *) sent);
263
264 if (param)
265 set_bit(HCI_ENCRYPT, &hdev->flags);
266 else
267 clear_bit(HCI_ENCRYPT, &hdev->flags);
268 }
1da177e4 269
23bb5763 270 hci_req_complete(hdev, HCI_OP_WRITE_ENCRYPT_MODE, status);
a9de9248 271}
1da177e4 272
a9de9248
MH		 273static void hci_cc_write_scan_enable(struct hci_dev *hdev, struct sk_buff *skb)
274{
275 __u8 status = *((__u8 *) skb->data);
276 void *sent;
1da177e4 277
a9de9248 278 BT_DBG("%s status 0x%x", hdev->name, status);
1da177e4 279
a9de9248
MH		 280 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SCAN_ENABLE);
281 if (!sent)
282 return;
1da177e4 283
a9de9248
MH		 284 if (!status) {
285 __u8 param = *((__u8 *) sent);
9fbcbb45 286 int old_pscan, old_iscan;
1da177e4 287
9fbcbb45
JH		 288 old_pscan = test_and_clear_bit(HCI_PSCAN, &hdev->flags);
289 old_iscan = test_and_clear_bit(HCI_ISCAN, &hdev->flags);
1da177e4 290
73f22f62 291 if (param & SCAN_INQUIRY) {
a9de9248 292 set_bit(HCI_ISCAN, &hdev->flags);
9fbcbb45
JH		 293 if (!old_iscan)
294 mgmt_discoverable(hdev->id, 1);
295 } else if (old_iscan)
73f22f62 296 mgmt_discoverable(hdev->id, 0);
1da177e4 297
9fbcbb45 298 if (param & SCAN_PAGE) {
a9de9248 299 set_bit(HCI_PSCAN, &hdev->flags);
9fbcbb45
JH		 300 if (!old_pscan)
301 mgmt_connectable(hdev->id, 1);
302 } else if (old_pscan)
303 mgmt_connectable(hdev->id, 0);
a9de9248 304 }
1da177e4 305
23bb5763 306 hci_req_complete(hdev, HCI_OP_WRITE_SCAN_ENABLE, status);
a9de9248 307}
1da177e4 308
a9de9248
MH		 309static void hci_cc_read_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
310{
311 struct hci_rp_read_class_of_dev *rp = (void *) skb->data;
1da177e4 312
a9de9248 313 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1da177e4 314
a9de9248
MH		 315 if (rp->status)
316 return;
1da177e4 317
a9de9248 318 memcpy(hdev->dev_class, rp->dev_class, 3);
1da177e4 319
a9de9248
MH		 320 BT_DBG("%s class 0x%.2x%.2x%.2x", hdev->name,
321 hdev->dev_class[2], hdev->dev_class[1], hdev->dev_class[0]);
322}
1da177e4 323
a9de9248
MH		 324static void hci_cc_write_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
325{
326 __u8 status = *((__u8 *) skb->data);
327 void *sent;
1da177e4 328
a9de9248 329 BT_DBG("%s status 0x%x", hdev->name, status);
1da177e4 330
f383f275
MH		 331 if (status)
332 return;
333
a9de9248
MH		 334 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_CLASS_OF_DEV);
335 if (!sent)
336 return;
1da177e4 337
f383f275 338 memcpy(hdev->dev_class, sent, 3);
a9de9248 339}
1da177e4 340
a9de9248
MH		 341static void hci_cc_read_voice_setting(struct hci_dev *hdev, struct sk_buff *skb)
342{
343 struct hci_rp_read_voice_setting *rp = (void *) skb->data;
344 __u16 setting;
345
346 BT_DBG("%s status 0x%x", hdev->name, rp->status);
347
348 if (rp->status)
349 return;
350
351 setting = __le16_to_cpu(rp->voice_setting);
352
f383f275 353 if (hdev->voice_setting == setting)
a9de9248
MH		 354 return;
355
356 hdev->voice_setting = setting;
357
358 BT_DBG("%s voice setting 0x%04x", hdev->name, setting);
359
360 if (hdev->notify) {
361 tasklet_disable(&hdev->tx_task);
362 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
363 tasklet_enable(&hdev->tx_task);
364 }
365}
366
367static void hci_cc_write_voice_setting(struct hci_dev *hdev, struct sk_buff *skb)
368{
369 __u8 status = *((__u8 *) skb->data);
f383f275 370 __u16 setting;
a9de9248
MH		 371 void *sent;
372
373 BT_DBG("%s status 0x%x", hdev->name, status);
1da177e4 374
f383f275
MH		 375 if (status)
376 return;
377
a9de9248
MH		 378 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_VOICE_SETTING);
379 if (!sent)
380 return;
1da177e4 381
f383f275 382 setting = get_unaligned_le16(sent);
1da177e4 383
f383f275
MH		 384 if (hdev->voice_setting == setting)
385 return;
386
387 hdev->voice_setting = setting;
1da177e4 388
f383f275 389 BT_DBG("%s voice setting 0x%04x", hdev->name, setting);
1da177e4 390
f383f275
MH		 391 if (hdev->notify) {
392 tasklet_disable(&hdev->tx_task);
393 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
394 tasklet_enable(&hdev->tx_task);
1da177e4
LT		 395 }
396}
397
a9de9248 398static void hci_cc_host_buffer_size(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 399{
a9de9248 400 __u8 status = *((__u8 *) skb->data);
1da177e4 401
a9de9248 402 BT_DBG("%s status 0x%x", hdev->name, status);
1da177e4 403
23bb5763 404 hci_req_complete(hdev, HCI_OP_HOST_BUFFER_SIZE, status);
a9de9248 405}
1143e5a6 406
333140b5
MH		 407static void hci_cc_read_ssp_mode(struct hci_dev *hdev, struct sk_buff *skb)
408{
409 struct hci_rp_read_ssp_mode *rp = (void *) skb->data;
410
411 BT_DBG("%s status 0x%x", hdev->name, rp->status);
412
413 if (rp->status)
414 return;
415
416 hdev->ssp_mode = rp->mode;
417}
418
419static void hci_cc_write_ssp_mode(struct hci_dev *hdev, struct sk_buff *skb)
420{
421 __u8 status = *((__u8 *) skb->data);
422 void *sent;
423
424 BT_DBG("%s status 0x%x", hdev->name, status);
425
426 if (status)
427 return;
428
429 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SSP_MODE);
430 if (!sent)
431 return;
432
433 hdev->ssp_mode = *((__u8 *) sent);
434}
435
d5859e22
JH		 436static u8 hci_get_inquiry_mode(struct hci_dev *hdev)
437{
438 if (hdev->features[6] & LMP_EXT_INQ)
439 return 2;
440
441 if (hdev->features[3] & LMP_RSSI_INQ)
442 return 1;
443
444 if (hdev->manufacturer == 11 && hdev->hci_rev == 0x00 &&
445 hdev->lmp_subver == 0x0757)
446 return 1;
447
448 if (hdev->manufacturer == 15) {
449 if (hdev->hci_rev == 0x03 && hdev->lmp_subver == 0x6963)
450 return 1;
451 if (hdev->hci_rev == 0x09 && hdev->lmp_subver == 0x6963)
452 return 1;
453 if (hdev->hci_rev == 0x00 && hdev->lmp_subver == 0x6965)
454 return 1;
455 }
456
457 if (hdev->manufacturer == 31 && hdev->hci_rev == 0x2005 &&
458 hdev->lmp_subver == 0x1805)
459 return 1;
460
461 return 0;
462}
463
464static void hci_setup_inquiry_mode(struct hci_dev *hdev)
465{
466 u8 mode;
467
468 mode = hci_get_inquiry_mode(hdev);
469
470 hci_send_cmd(hdev, HCI_OP_WRITE_INQUIRY_MODE, 1, &mode);
471}
472
473static void hci_setup_event_mask(struct hci_dev *hdev)
474{
475 /* The second byte is 0xff instead of 0x9f (two reserved bits
476 * disabled) since a Broadcom 1.2 dongle doesn't respond to the
477 * command otherwise */
478 u8 events[8] = { 0xff, 0xff, 0xfb, 0xff, 0x00, 0x00, 0x00, 0x00 };
479
6de6c18d
VT		 480 /* CSR 1.1 dongles does not accept any bitfield so don't try to set
481 * any event mask for pre 1.2 devices */
482 if (hdev->lmp_ver <= 1)
483 return;
484
485 events[4] |= 0x01; /* Flow Specification Complete */
486 events[4] |= 0x02; /* Inquiry Result with RSSI */
487 events[4] |= 0x04; /* Read Remote Extended Features Complete */
488 events[5] |= 0x08; /* Synchronous Connection Complete */
489 events[5] |= 0x10; /* Synchronous Connection Changed */
d5859e22
JH		 490
491 if (hdev->features[3] & LMP_RSSI_INQ)
492 events[4] |= 0x04; /* Inquiry Result with RSSI */
493
494 if (hdev->features[5] & LMP_SNIFF_SUBR)
495 events[5] |= 0x20; /* Sniff Subrating */
496
497 if (hdev->features[5] & LMP_PAUSE_ENC)
498 events[5] |= 0x80; /* Encryption Key Refresh Complete */
499
500 if (hdev->features[6] & LMP_EXT_INQ)
501 events[5] |= 0x40; /* Extended Inquiry Result */
502
503 if (hdev->features[6] & LMP_NO_FLUSH)
504 events[7] |= 0x01; /* Enhanced Flush Complete */
505
506 if (hdev->features[7] & LMP_LSTO)
507 events[6] |= 0x80; /* Link Supervision Timeout Changed */
508
509 if (hdev->features[6] & LMP_SIMPLE_PAIR) {
510 events[6] |= 0x01; /* IO Capability Request */
511 events[6] |= 0x02; /* IO Capability Response */
512 events[6] |= 0x04; /* User Confirmation Request */
513 events[6] |= 0x08; /* User Passkey Request */
514 events[6] |= 0x10; /* Remote OOB Data Request */
515 events[6] |= 0x20; /* Simple Pairing Complete */
516 events[7] |= 0x04; /* User Passkey Notification */
517 events[7] |= 0x08; /* Keypress Notification */
518 events[7] |= 0x10; /* Remote Host Supported
519 * Features Notification */
520 }
521
522 if (hdev->features[4] & LMP_LE)
523 events[7] |= 0x20; /* LE Meta-Event */
524
525 hci_send_cmd(hdev, HCI_OP_SET_EVENT_MASK, sizeof(events), events);
526}
527
528static void hci_setup(struct hci_dev *hdev)
529{
530 hci_setup_event_mask(hdev);
531
532 if (hdev->lmp_ver > 1)
533 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_COMMANDS, 0, NULL);
534
535 if (hdev->features[6] & LMP_SIMPLE_PAIR) {
536 u8 mode = 0x01;
537 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, sizeof(mode), &mode);
538 }
539
540 if (hdev->features[3] & LMP_RSSI_INQ)
541 hci_setup_inquiry_mode(hdev);
542
543 if (hdev->features[7] & LMP_INQ_TX_PWR)
544 hci_send_cmd(hdev, HCI_OP_READ_INQ_RSP_TX_POWER, 0, NULL);
545}
546
a9de9248
MH		 547static void hci_cc_read_local_version(struct hci_dev *hdev, struct sk_buff *skb)
548{
549 struct hci_rp_read_local_version *rp = (void *) skb->data;
1143e5a6 550
a9de9248 551 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1143e5a6 552
a9de9248
MH		 553 if (rp->status)
554 return;
1143e5a6 555
a9de9248 556 hdev->hci_ver = rp->hci_ver;
e4e8e37c 557 hdev->hci_rev = __le16_to_cpu(rp->hci_rev);
d5859e22 558 hdev->lmp_ver = rp->lmp_ver;
e4e8e37c 559 hdev->manufacturer = __le16_to_cpu(rp->manufacturer);
d5859e22 560 hdev->lmp_subver = __le16_to_cpu(rp->lmp_subver);
1143e5a6 561
a9de9248
MH		 562 BT_DBG("%s manufacturer %d hci ver %d:%d", hdev->name,
563 hdev->manufacturer,
564 hdev->hci_ver, hdev->hci_rev);
d5859e22
JH		 565
566 if (test_bit(HCI_INIT, &hdev->flags))
567 hci_setup(hdev);
568}
569
570static void hci_setup_link_policy(struct hci_dev *hdev)
571{
572 u16 link_policy = 0;
573
574 if (hdev->features[0] & LMP_RSWITCH)
575 link_policy |= HCI_LP_RSWITCH;
576 if (hdev->features[0] & LMP_HOLD)
577 link_policy |= HCI_LP_HOLD;
578 if (hdev->features[0] & LMP_SNIFF)
579 link_policy |= HCI_LP_SNIFF;
580 if (hdev->features[1] & LMP_PARK)
581 link_policy |= HCI_LP_PARK;
582
583 link_policy = cpu_to_le16(link_policy);
584 hci_send_cmd(hdev, HCI_OP_WRITE_DEF_LINK_POLICY,
585 sizeof(link_policy), &link_policy);
a9de9248 586}
1da177e4 587
a9de9248
MH		 588static void hci_cc_read_local_commands(struct hci_dev *hdev, struct sk_buff *skb)
589{
590 struct hci_rp_read_local_commands *rp = (void *) skb->data;
1da177e4 591
a9de9248 592 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1da177e4 593
a9de9248 594 if (rp->status)
d5859e22 595 goto done;
1da177e4 596
a9de9248 597 memcpy(hdev->commands, rp->commands, sizeof(hdev->commands));
d5859e22
JH		 598
599 if (test_bit(HCI_INIT, &hdev->flags) && (hdev->commands[5] & 0x10))
600 hci_setup_link_policy(hdev);
601
602done:
603 hci_req_complete(hdev, HCI_OP_READ_LOCAL_COMMANDS, rp->status);
a9de9248 604}
1da177e4 605
a9de9248
MH		 606static void hci_cc_read_local_features(struct hci_dev *hdev, struct sk_buff *skb)
607{
608 struct hci_rp_read_local_features *rp = (void *) skb->data;
5b7f9909 609
a9de9248 610 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1da177e4 611
a9de9248
MH		 612 if (rp->status)
613 return;
5b7f9909 614
a9de9248 615 memcpy(hdev->features, rp->features, 8);
5b7f9909 616
a9de9248
MH		 617 /* Adjust default settings according to features
618 * supported by device. */
1da177e4 619
a9de9248
MH		 620 if (hdev->features[0] & LMP_3SLOT)
621 hdev->pkt_type |= (HCI_DM3 | HCI_DH3);
1da177e4 622
a9de9248
MH		 623 if (hdev->features[0] & LMP_5SLOT)
624 hdev->pkt_type |= (HCI_DM5 | HCI_DH5);
1da177e4 625
a9de9248
MH		 626 if (hdev->features[1] & LMP_HV2) {
627 hdev->pkt_type |= (HCI_HV2);
628 hdev->esco_type |= (ESCO_HV2);
629 }
1da177e4 630
a9de9248
MH		 631 if (hdev->features[1] & LMP_HV3) {
632 hdev->pkt_type |= (HCI_HV3);
633 hdev->esco_type |= (ESCO_HV3);
634 }
1da177e4 635
a9de9248
MH		 636 if (hdev->features[3] & LMP_ESCO)
637 hdev->esco_type |= (ESCO_EV3);
da1f5198 638
a9de9248
MH		 639 if (hdev->features[4] & LMP_EV4)
640 hdev->esco_type |= (ESCO_EV4);
da1f5198 641
a9de9248
MH		 642 if (hdev->features[4] & LMP_EV5)
643 hdev->esco_type |= (ESCO_EV5);
1da177e4 644
efc7688b
MH		 645 if (hdev->features[5] & LMP_EDR_ESCO_2M)
646 hdev->esco_type |= (ESCO_2EV3);
647
648 if (hdev->features[5] & LMP_EDR_ESCO_3M)
649 hdev->esco_type |= (ESCO_3EV3);
650
651 if (hdev->features[5] & LMP_EDR_3S_ESCO)
652 hdev->esco_type |= (ESCO_2EV5 | ESCO_3EV5);
653
a9de9248
MH		 654 BT_DBG("%s features 0x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x", hdev->name,
655 hdev->features[0], hdev->features[1],
656 hdev->features[2], hdev->features[3],
657 hdev->features[4], hdev->features[5],
658 hdev->features[6], hdev->features[7]);
659}
1da177e4 660
a9de9248
MH		 661static void hci_cc_read_buffer_size(struct hci_dev *hdev, struct sk_buff *skb)
662{
663 struct hci_rp_read_buffer_size *rp = (void *) skb->data;
1da177e4 664
a9de9248 665 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1da177e4 666
a9de9248
MH		 667 if (rp->status)
668 return;
1da177e4 669
a9de9248
MH		 670 hdev->acl_mtu = __le16_to_cpu(rp->acl_mtu);
671 hdev->sco_mtu = rp->sco_mtu;
672 hdev->acl_pkts = __le16_to_cpu(rp->acl_max_pkt);
673 hdev->sco_pkts = __le16_to_cpu(rp->sco_max_pkt);
674
675 if (test_bit(HCI_QUIRK_FIXUP_BUFFER_SIZE, &hdev->quirks)) {
676 hdev->sco_mtu = 64;
677 hdev->sco_pkts = 8;
1da177e4 678 }
a9de9248
MH		 679
680 hdev->acl_cnt = hdev->acl_pkts;
681 hdev->sco_cnt = hdev->sco_pkts;
682
683 BT_DBG("%s acl mtu %d:%d sco mtu %d:%d", hdev->name,
684 hdev->acl_mtu, hdev->acl_pkts,
685 hdev->sco_mtu, hdev->sco_pkts);
686}
687
688static void hci_cc_read_bd_addr(struct hci_dev *hdev, struct sk_buff *skb)
689{
690 struct hci_rp_read_bd_addr *rp = (void *) skb->data;
691
692 BT_DBG("%s status 0x%x", hdev->name, rp->status);
693
694 if (!rp->status)
695 bacpy(&hdev->bdaddr, &rp->bdaddr);
696
23bb5763
JH		 697 hci_req_complete(hdev, HCI_OP_READ_BD_ADDR, rp->status);
698}
699
700static void hci_cc_write_ca_timeout(struct hci_dev *hdev, struct sk_buff *skb)
701{
702 __u8 status = *((__u8 *) skb->data);
703
704 BT_DBG("%s status 0x%x", hdev->name, status);
705
706 hci_req_complete(hdev, HCI_OP_WRITE_CA_TIMEOUT, status);
a9de9248
MH		 707}
708
b0916ea0
JH		 709static void hci_cc_delete_stored_link_key(struct hci_dev *hdev,
710 struct sk_buff *skb)
711{
712 __u8 status = *((__u8 *) skb->data);
713
714 BT_DBG("%s status 0x%x", hdev->name, status);
715
716 hci_req_complete(hdev, HCI_OP_DELETE_STORED_LINK_KEY, status);
717}
718
d5859e22
JH		 719static void hci_cc_set_event_mask(struct hci_dev *hdev, struct sk_buff *skb)
720{
721 __u8 status = *((__u8 *) skb->data);
722
723 BT_DBG("%s status 0x%x", hdev->name, status);
724
725 hci_req_complete(hdev, HCI_OP_SET_EVENT_MASK, status);
726}
727
728static void hci_cc_write_inquiry_mode(struct hci_dev *hdev,
729 struct sk_buff *skb)
730{
731 __u8 status = *((__u8 *) skb->data);
732
733 BT_DBG("%s status 0x%x", hdev->name, status);
734
735 hci_req_complete(hdev, HCI_OP_WRITE_INQUIRY_MODE, status);
736}
737
738static void hci_cc_read_inq_rsp_tx_power(struct hci_dev *hdev,
739 struct sk_buff *skb)
740{
741 __u8 status = *((__u8 *) skb->data);
742
743 BT_DBG("%s status 0x%x", hdev->name, status);
744
745 hci_req_complete(hdev, HCI_OP_READ_INQ_RSP_TX_POWER, status);
746}
747
748static void hci_cc_set_event_flt(struct hci_dev *hdev, struct sk_buff *skb)
749{
750 __u8 status = *((__u8 *) skb->data);
751
752 BT_DBG("%s status 0x%x", hdev->name, status);
753
754 hci_req_complete(hdev, HCI_OP_SET_EVENT_FLT, status);
755}
756
980e1a53
JH		 757static void hci_cc_pin_code_reply(struct hci_dev *hdev, struct sk_buff *skb)
758{
759 struct hci_rp_pin_code_reply *rp = (void *) skb->data;
760 struct hci_cp_pin_code_reply *cp;
761 struct hci_conn *conn;
762
763 BT_DBG("%s status 0x%x", hdev->name, rp->status);
764
765 if (test_bit(HCI_MGMT, &hdev->flags))
766 mgmt_pin_code_reply_complete(hdev->id, &rp->bdaddr, rp->status);
767
768 if (rp->status != 0)
769 return;
770
771 cp = hci_sent_cmd_data(hdev, HCI_OP_PIN_CODE_REPLY);
772 if (!cp)
773 return;
774
775 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
776 if (conn)
777 conn->pin_length = cp->pin_len;
778}
779
780static void hci_cc_pin_code_neg_reply(struct hci_dev *hdev, struct sk_buff *skb)
781{
782 struct hci_rp_pin_code_neg_reply *rp = (void *) skb->data;
783
784 BT_DBG("%s status 0x%x", hdev->name, rp->status);
785
786 if (test_bit(HCI_MGMT, &hdev->flags))
787 mgmt_pin_code_neg_reply_complete(hdev->id, &rp->bdaddr,
788 rp->status);
789}
6ed58ec5
VT		 790static void hci_cc_le_read_buffer_size(struct hci_dev *hdev,
791 struct sk_buff *skb)
792{
793 struct hci_rp_le_read_buffer_size *rp = (void *) skb->data;
794
795 BT_DBG("%s status 0x%x", hdev->name, rp->status);
796
797 if (rp->status)
798 return;
799
800 hdev->le_mtu = __le16_to_cpu(rp->le_mtu);
801 hdev->le_pkts = rp->le_max_pkt;
802
803 hdev->le_cnt = hdev->le_pkts;
804
805 BT_DBG("%s le mtu %d:%d", hdev->name, hdev->le_mtu, hdev->le_pkts);
806
807 hci_req_complete(hdev, HCI_OP_LE_READ_BUFFER_SIZE, rp->status);
808}
980e1a53 809
a5c29683
JH		 810static void hci_cc_user_confirm_reply(struct hci_dev *hdev, struct sk_buff *skb)
811{
812 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
813
814 BT_DBG("%s status 0x%x", hdev->name, rp->status);
815
816 if (test_bit(HCI_MGMT, &hdev->flags))
817 mgmt_user_confirm_reply_complete(hdev->id, &rp->bdaddr,
818 rp->status);
819}
820
821static void hci_cc_user_confirm_neg_reply(struct hci_dev *hdev,
822 struct sk_buff *skb)
823{
824 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
825
826 BT_DBG("%s status 0x%x", hdev->name, rp->status);
827
828 if (test_bit(HCI_MGMT, &hdev->flags))
829 mgmt_user_confirm_neg_reply_complete(hdev->id, &rp->bdaddr,
830 rp->status);
831}
832
c35938b2
SJ		 833static void hci_cc_read_local_oob_data_reply(struct hci_dev *hdev,
834 struct sk_buff *skb)
835{
836 struct hci_rp_read_local_oob_data *rp = (void *) skb->data;
837
838 BT_DBG("%s status 0x%x", hdev->name, rp->status);
839
840 mgmt_read_local_oob_data_reply_complete(hdev->id, rp->hash,
841 rp->randomizer, rp->status);
842}
843
eb9d91f5
AG		 844static void hci_cc_le_set_scan_enable(struct hci_dev *hdev,
845 struct sk_buff *skb)
846{
847 struct hci_cp_le_set_scan_enable *cp;
848 __u8 status = *((__u8 *) skb->data);
849
850 BT_DBG("%s status 0x%x", hdev->name, status);
851
852 if (status)
853 return;
854
855 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_SCAN_ENABLE);
856 if (!cp)
857 return;
858
859 hci_dev_lock(hdev);
860
35815085
AG		 861 if (cp->enable == 0x01) {
862 del_timer(&hdev->adv_timer);
eb9d91f5 863 hci_adv_entries_clear(hdev);
35815085
AG		 864 } else if (cp->enable == 0x00) {
865 mod_timer(&hdev->adv_timer, jiffies + ADV_CLEAR_TIMEOUT);
866 }
eb9d91f5
AG		 867
868 hci_dev_unlock(hdev);
869}
870
a7a595f6
VCG		 871static void hci_cc_le_ltk_reply(struct hci_dev *hdev, struct sk_buff *skb)
872{
873 struct hci_rp_le_ltk_reply *rp = (void *) skb->data;
874
875 BT_DBG("%s status 0x%x", hdev->name, rp->status);
876
877 if (rp->status)
878 return;
879
880 hci_req_complete(hdev, HCI_OP_LE_LTK_REPLY, rp->status);
881}
882
883static void hci_cc_le_ltk_neg_reply(struct hci_dev *hdev, struct sk_buff *skb)
884{
885 struct hci_rp_le_ltk_neg_reply *rp = (void *) skb->data;
886
887 BT_DBG("%s status 0x%x", hdev->name, rp->status);
888
889 if (rp->status)
890 return;
891
892 hci_req_complete(hdev, HCI_OP_LE_LTK_NEG_REPLY, rp->status);
893}
894
a9de9248
MH		 895static inline void hci_cs_inquiry(struct hci_dev *hdev, __u8 status)
896{
897 BT_DBG("%s status 0x%x", hdev->name, status);
898
899 if (status) {
23bb5763 900 hci_req_complete(hdev, HCI_OP_INQUIRY, status);
a9de9248 901 hci_conn_check_pending(hdev);
314b2381
JH		 902 return;
903 }
904
905 if (test_bit(HCI_MGMT, &hdev->flags) &&
906 !test_and_set_bit(HCI_INQUIRY,
907 &hdev->flags))
908 mgmt_discovering(hdev->id, 1);
1da177e4
LT		 909}
910
1da177e4
LT		 911static inline void hci_cs_create_conn(struct hci_dev *hdev, __u8 status)
912{
a9de9248 913 struct hci_cp_create_conn *cp;
1da177e4 914 struct hci_conn *conn;
1da177e4 915
a9de9248
MH		 916 BT_DBG("%s status 0x%x", hdev->name, status);
917
918 cp = hci_sent_cmd_data(hdev, HCI_OP_CREATE_CONN);
1da177e4
LT		 919 if (!cp)
920 return;
921
922 hci_dev_lock(hdev);
923
924 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
925
a9de9248 926 BT_DBG("%s bdaddr %s conn %p", hdev->name, batostr(&cp->bdaddr), conn);
1da177e4
LT		 927
928 if (status) {
929 if (conn && conn->state == BT_CONNECT) {
4c67bc74
MH		 930 if (status != 0x0c || conn->attempt > 2) {
931 conn->state = BT_CLOSED;
932 hci_proto_connect_cfm(conn, status);
933 hci_conn_del(conn);
934 } else
935 conn->state = BT_CONNECT2;
1da177e4
LT		 936 }
937 } else {
938 if (!conn) {
939 conn = hci_conn_add(hdev, ACL_LINK, &cp->bdaddr);
940 if (conn) {
941 conn->out = 1;
942 conn->link_mode |= HCI_LM_MASTER;
943 } else
893ef971 944 BT_ERR("No memory for new connection");
1da177e4
LT		 945 }
946 }
947
948 hci_dev_unlock(hdev);
949}
950
a9de9248 951static void hci_cs_add_sco(struct hci_dev *hdev, __u8 status)
1da177e4 952{
a9de9248
MH		 953 struct hci_cp_add_sco *cp;
954 struct hci_conn *acl, *sco;
955 __u16 handle;
1da177e4 956
b6a0dc82
MH		 957 BT_DBG("%s status 0x%x", hdev->name, status);
958
a9de9248
MH		 959 if (!status)
960 return;
1da177e4 961
a9de9248
MH		 962 cp = hci_sent_cmd_data(hdev, HCI_OP_ADD_SCO);
963 if (!cp)
964 return;
1da177e4 965
a9de9248 966 handle = __le16_to_cpu(cp->handle);
1da177e4 967
a9de9248 968 BT_DBG("%s handle %d", hdev->name, handle);
1da177e4 969
a9de9248 970 hci_dev_lock(hdev);
1da177e4 971
a9de9248 972 acl = hci_conn_hash_lookup_handle(hdev, handle);
5a08ecce
AE		 973 if (acl) {
974 sco = acl->link;
975 if (sco) {
976 sco->state = BT_CLOSED;
1da177e4 977
5a08ecce
AE		 978 hci_proto_connect_cfm(sco, status);
979 hci_conn_del(sco);
980 }
a9de9248 981 }
1da177e4 982
a9de9248
MH		 983 hci_dev_unlock(hdev);
984}
1da177e4 985
f8558555
MH		 986static void hci_cs_auth_requested(struct hci_dev *hdev, __u8 status)
987{
988 struct hci_cp_auth_requested *cp;
989 struct hci_conn *conn;
990
991 BT_DBG("%s status 0x%x", hdev->name, status);
992
993 if (!status)
994 return;
995
996 cp = hci_sent_cmd_data(hdev, HCI_OP_AUTH_REQUESTED);
997 if (!cp)
998 return;
999
1000 hci_dev_lock(hdev);
1001
1002 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1003 if (conn) {
1004 if (conn->state == BT_CONFIG) {
1005 hci_proto_connect_cfm(conn, status);
1006 hci_conn_put(conn);
1007 }
1008 }
1009
1010 hci_dev_unlock(hdev);
1011}
1012
1013static void hci_cs_set_conn_encrypt(struct hci_dev *hdev, __u8 status)
1014{
1015 struct hci_cp_set_conn_encrypt *cp;
1016 struct hci_conn *conn;
1017
1018 BT_DBG("%s status 0x%x", hdev->name, status);
1019
1020 if (!status)
1021 return;
1022
1023 cp = hci_sent_cmd_data(hdev, HCI_OP_SET_CONN_ENCRYPT);
1024 if (!cp)
1025 return;
1026
1027 hci_dev_lock(hdev);
1028
1029 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1030 if (conn) {
1031 if (conn->state == BT_CONFIG) {
1032 hci_proto_connect_cfm(conn, status);
1033 hci_conn_put(conn);
1034 }
1035 }
1036
1037 hci_dev_unlock(hdev);
1038}
1039
127178d2 1040static int hci_outgoing_auth_needed(struct hci_dev *hdev,
138d22ef 1041 struct hci_conn *conn)
392599b9 1042{
392599b9
JH		 1043 if (conn->state != BT_CONFIG || !conn->out)
1044 return 0;
1045
765c2a96 1046 if (conn->pending_sec_level == BT_SECURITY_SDP)
392599b9
JH		 1047 return 0;
1048
1049 /* Only request authentication for SSP connections or non-SSP
1050 * devices with sec_level HIGH */
1051 if (!(hdev->ssp_mode > 0 && conn->ssp_mode > 0) &&
765c2a96 1052 conn->pending_sec_level != BT_SECURITY_HIGH)
392599b9
JH		 1053 return 0;
1054
392599b9
JH		 1055 return 1;
1056}
1057
a9de9248
MH		 1058static void hci_cs_remote_name_req(struct hci_dev *hdev, __u8 status)
1059{
127178d2
JH		 1060 struct hci_cp_remote_name_req *cp;
1061 struct hci_conn *conn;
1062
a9de9248 1063 BT_DBG("%s status 0x%x", hdev->name, status);
127178d2
JH		 1064
1065 /* If successful wait for the name req complete event before
1066 * checking for the need to do authentication */
1067 if (!status)
1068 return;
1069
1070 cp = hci_sent_cmd_data(hdev, HCI_OP_REMOTE_NAME_REQ);
1071 if (!cp)
1072 return;
1073
1074 hci_dev_lock(hdev);
1075
1076 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
79c6c70c
JH		 1077 if (!conn)
1078 goto unlock;
1079
1080 if (!hci_outgoing_auth_needed(hdev, conn))
1081 goto unlock;
1082
1083 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->pend)) {
127178d2
JH		 1084 struct hci_cp_auth_requested cp;
1085 cp.handle = __cpu_to_le16(conn->handle);
1086 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp);
1087 }
1088
79c6c70c 1089unlock:
127178d2 1090 hci_dev_unlock(hdev);
a9de9248 1091}
1da177e4 1092
769be974
MH		 1093static void hci_cs_read_remote_features(struct hci_dev *hdev, __u8 status)
1094{
1095 struct hci_cp_read_remote_features *cp;
1096 struct hci_conn *conn;
1097
1098 BT_DBG("%s status 0x%x", hdev->name, status);
1099
1100 if (!status)
1101 return;
1102
1103 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_FEATURES);
1104 if (!cp)
1105 return;
1106
1107 hci_dev_lock(hdev);
1108
1109 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1110 if (conn) {
1111 if (conn->state == BT_CONFIG) {
769be974
MH		 1112 hci_proto_connect_cfm(conn, status);
1113 hci_conn_put(conn);
1114 }
1115 }
1116
1117 hci_dev_unlock(hdev);
1118}
1119
1120static void hci_cs_read_remote_ext_features(struct hci_dev *hdev, __u8 status)
1121{
1122 struct hci_cp_read_remote_ext_features *cp;
1123 struct hci_conn *conn;
1124
1125 BT_DBG("%s status 0x%x", hdev->name, status);
1126
1127 if (!status)
1128 return;
1129
1130 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES);
1131 if (!cp)
1132 return;
1133
1134 hci_dev_lock(hdev);
1135
1136 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1137 if (conn) {
1138 if (conn->state == BT_CONFIG) {
769be974
MH		 1139 hci_proto_connect_cfm(conn, status);
1140 hci_conn_put(conn);
1141 }
1142 }
1143
1144 hci_dev_unlock(hdev);
1145}
1146
a9de9248
MH		 1147static void hci_cs_setup_sync_conn(struct hci_dev *hdev, __u8 status)
1148{
b6a0dc82
MH		 1149 struct hci_cp_setup_sync_conn *cp;
1150 struct hci_conn *acl, *sco;
1151 __u16 handle;
1152
a9de9248 1153 BT_DBG("%s status 0x%x", hdev->name, status);
b6a0dc82
MH		 1154
1155 if (!status)
1156 return;
1157
1158 cp = hci_sent_cmd_data(hdev, HCI_OP_SETUP_SYNC_CONN);
1159 if (!cp)
1160 return;
1161
1162 handle = __le16_to_cpu(cp->handle);
1163
1164 BT_DBG("%s handle %d", hdev->name, handle);
1165
1166 hci_dev_lock(hdev);
1167
1168 acl = hci_conn_hash_lookup_handle(hdev, handle);
5a08ecce
AE		 1169 if (acl) {
1170 sco = acl->link;
1171 if (sco) {
1172 sco->state = BT_CLOSED;
b6a0dc82 1173
5a08ecce
AE		 1174 hci_proto_connect_cfm(sco, status);
1175 hci_conn_del(sco);
1176 }
b6a0dc82
MH		 1177 }
1178
1179 hci_dev_unlock(hdev);
1da177e4
LT		 1180}
1181
a9de9248 1182static void hci_cs_sniff_mode(struct hci_dev *hdev, __u8 status)
1da177e4 1183{
a9de9248
MH		 1184 struct hci_cp_sniff_mode *cp;
1185 struct hci_conn *conn;
1da177e4 1186
a9de9248 1187 BT_DBG("%s status 0x%x", hdev->name, status);
04837f64 1188
a9de9248
MH		 1189 if (!status)
1190 return;
04837f64 1191
a9de9248
MH		 1192 cp = hci_sent_cmd_data(hdev, HCI_OP_SNIFF_MODE);
1193 if (!cp)
1194 return;
04837f64 1195
a9de9248 1196 hci_dev_lock(hdev);
04837f64 1197
a9de9248 1198 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
e73439d8 1199 if (conn) {
a9de9248 1200 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->pend);
04837f64 1201
e73439d8
MH		 1202 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->pend))
1203 hci_sco_setup(conn, status);
1204 }
1205
a9de9248
MH		 1206 hci_dev_unlock(hdev);
1207}
04837f64 1208
a9de9248
MH		 1209static void hci_cs_exit_sniff_mode(struct hci_dev *hdev, __u8 status)
1210{
1211 struct hci_cp_exit_sniff_mode *cp;
1212 struct hci_conn *conn;
04837f64 1213
a9de9248 1214 BT_DBG("%s status 0x%x", hdev->name, status);
04837f64 1215
a9de9248
MH		 1216 if (!status)
1217 return;
04837f64 1218
a9de9248
MH		 1219 cp = hci_sent_cmd_data(hdev, HCI_OP_EXIT_SNIFF_MODE);
1220 if (!cp)
1221 return;
04837f64 1222
a9de9248 1223 hci_dev_lock(hdev);
1da177e4 1224
a9de9248 1225 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
e73439d8 1226 if (conn) {
a9de9248 1227 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->pend);
1da177e4 1228
e73439d8
MH		 1229 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->pend))
1230 hci_sco_setup(conn, status);
1231 }
1232
a9de9248 1233 hci_dev_unlock(hdev);
1da177e4
LT		 1234}
1235
fcd89c09
VT		 1236static void hci_cs_le_create_conn(struct hci_dev *hdev, __u8 status)
1237{
1238 struct hci_cp_le_create_conn *cp;
1239 struct hci_conn *conn;
1240
1241 BT_DBG("%s status 0x%x", hdev->name, status);
1242
1243 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_CREATE_CONN);
1244 if (!cp)
1245 return;
1246
1247 hci_dev_lock(hdev);
1248
1249 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->peer_addr);
1250
1251 BT_DBG("%s bdaddr %s conn %p", hdev->name, batostr(&cp->peer_addr),
1252 conn);
1253
1254 if (status) {
1255 if (conn && conn->state == BT_CONNECT) {
1256 conn->state = BT_CLOSED;
1257 hci_proto_connect_cfm(conn, status);
1258 hci_conn_del(conn);
1259 }
1260 } else {
1261 if (!conn) {
1262 conn = hci_conn_add(hdev, LE_LINK, &cp->peer_addr);
29b7988a
AG		 1263 if (conn) {
1264 conn->dst_type = cp->peer_addr_type;
fcd89c09 1265 conn->out = 1;
29b7988a 1266 } else {
fcd89c09 1267 BT_ERR("No memory for new connection");
29b7988a 1268 }
fcd89c09
VT		 1269 }
1270 }
1271
1272 hci_dev_unlock(hdev);
1273}
1274
a7a595f6
VCG		 1275static void hci_cs_le_start_enc(struct hci_dev *hdev, u8 status)
1276{
1277 BT_DBG("%s status 0x%x", hdev->name, status);
1278}
1279
1da177e4
LT		 1280static inline void hci_inquiry_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1281{
1282 __u8 status = *((__u8 *) skb->data);
1283
1284 BT_DBG("%s status %d", hdev->name, status);
1285
314b2381
JH		 1286 if (test_bit(HCI_MGMT, &hdev->flags) &&
1287 test_and_clear_bit(HCI_INQUIRY, &hdev->flags))
1288 mgmt_discovering(hdev->id, 0);
6bd57416 1289
23bb5763 1290 hci_req_complete(hdev, HCI_OP_INQUIRY, status);
6bd57416 1291
a9de9248 1292 hci_conn_check_pending(hdev);
1da177e4
LT		 1293}
1294
1da177e4
LT		 1295static inline void hci_inquiry_result_evt(struct hci_dev *hdev, struct sk_buff *skb)
1296{
45bb4bf0 1297 struct inquiry_data data;
a9de9248 1298 struct inquiry_info *info = (void *) (skb->data + 1);
1da177e4
LT		 1299 int num_rsp = *((__u8 *) skb->data);
1300
1301 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
1302
45bb4bf0
MH		 1303 if (!num_rsp)
1304 return;
1305
1da177e4 1306 hci_dev_lock(hdev);
45bb4bf0 1307
314b2381
JH		 1308 if (!test_and_set_bit(HCI_INQUIRY, &hdev->flags)) {
1309
1310 if (test_bit(HCI_MGMT, &hdev->flags))
1311 mgmt_discovering(hdev->id, 1);
1312 }
1313
e17acd40 1314 for (; num_rsp; num_rsp--, info++) {
1da177e4
LT		 1315 bacpy(&data.bdaddr, &info->bdaddr);
1316 data.pscan_rep_mode = info->pscan_rep_mode;
1317 data.pscan_period_mode = info->pscan_period_mode;
1318 data.pscan_mode = info->pscan_mode;
1319 memcpy(data.dev_class, info->dev_class, 3);
1320 data.clock_offset = info->clock_offset;
1321 data.rssi = 0x00;
41a96212 1322 data.ssp_mode = 0x00;
1da177e4 1323 hci_inquiry_cache_update(hdev, &data);
e17acd40
JH		 1324 mgmt_device_found(hdev->id, &info->bdaddr, info->dev_class, 0,
1325 NULL);
1da177e4 1326 }
45bb4bf0 1327
1da177e4
LT		 1328 hci_dev_unlock(hdev);
1329}
1330
1da177e4
LT		 1331static inline void hci_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1332{
a9de9248
MH		 1333 struct hci_ev_conn_complete *ev = (void *) skb->data;
1334 struct hci_conn *conn;
1da177e4
LT		 1335
1336 BT_DBG("%s", hdev->name);
1337
1338 hci_dev_lock(hdev);
1339
1340 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
9499237a
MH		 1341 if (!conn) {
1342 if (ev->link_type != SCO_LINK)
1343 goto unlock;
1344
1345 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
1346 if (!conn)
1347 goto unlock;
1348
1349 conn->type = SCO_LINK;
1350 }
1da177e4
LT		 1351
1352 if (!ev->status) {
1353 conn->handle = __le16_to_cpu(ev->handle);
769be974
MH		 1354
1355 if (conn->type == ACL_LINK) {
1356 conn->state = BT_CONFIG;
1357 hci_conn_hold(conn);
052b30b0 1358 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
f7520543 1359 mgmt_connected(hdev->id, &ev->bdaddr);
769be974
MH		 1360 } else
1361 conn->state = BT_CONNECTED;
1da177e4 1362
9eba32b8 1363 hci_conn_hold_device(conn);
7d0db0a3
MH		 1364 hci_conn_add_sysfs(conn);
1365
1da177e4
LT		 1366 if (test_bit(HCI_AUTH, &hdev->flags))
1367 conn->link_mode |= HCI_LM_AUTH;
1368
1369 if (test_bit(HCI_ENCRYPT, &hdev->flags))
1370 conn->link_mode |= HCI_LM_ENCRYPT;
1371
04837f64
MH		 1372 /* Get remote features */
1373 if (conn->type == ACL_LINK) {
1374 struct hci_cp_read_remote_features cp;
1375 cp.handle = ev->handle;
769be974
MH		 1376 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_FEATURES,
1377 sizeof(cp), &cp);
04837f64
MH		 1378 }
1379
1da177e4 1380 /* Set packet type for incoming connection */
a8746417 1381 if (!conn->out && hdev->hci_ver < 3) {
1da177e4
LT		 1382 struct hci_cp_change_conn_ptype cp;
1383 cp.handle = ev->handle;
a8746417
MH		 1384 cp.pkt_type = cpu_to_le16(conn->pkt_type);
1385 hci_send_cmd(hdev, HCI_OP_CHANGE_CONN_PTYPE,
1386 sizeof(cp), &cp);
1da177e4 1387 }
17d5c04c 1388 } else {
1da177e4 1389 conn->state = BT_CLOSED;
17d5c04c
JH		 1390 if (conn->type == ACL_LINK)
1391 mgmt_connect_failed(hdev->id, &ev->bdaddr, ev->status);
1392 }
1da177e4 1393
e73439d8
MH		 1394 if (conn->type == ACL_LINK)
1395 hci_sco_setup(conn, ev->status);
1da177e4 1396
769be974
MH		 1397 if (ev->status) {
1398 hci_proto_connect_cfm(conn, ev->status);
1da177e4 1399 hci_conn_del(conn);
c89b6e6b
MH		 1400 } else if (ev->link_type != ACL_LINK)
1401 hci_proto_connect_cfm(conn, ev->status);
1da177e4 1402
a9de9248 1403unlock:
1da177e4 1404 hci_dev_unlock(hdev);
1da177e4 1405
a9de9248 1406 hci_conn_check_pending(hdev);
1da177e4
LT		 1407}
1408
a9de9248 1409static inline void hci_conn_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 1410{
a9de9248
MH		 1411 struct hci_ev_conn_request *ev = (void *) skb->data;
1412 int mask = hdev->link_mode;
1da177e4 1413
a9de9248
MH		 1414 BT_DBG("%s bdaddr %s type 0x%x", hdev->name,
1415 batostr(&ev->bdaddr), ev->link_type);
1da177e4 1416
a9de9248 1417 mask |= hci_proto_connect_ind(hdev, &ev->bdaddr, ev->link_type);
1da177e4 1418
138d22ef
SJ		 1419 if ((mask & HCI_LM_ACCEPT) &&
1420 !hci_blacklist_lookup(hdev, &ev->bdaddr)) {
a9de9248 1421 /* Connection accepted */
c7bdd502 1422 struct inquiry_entry *ie;
1da177e4 1423 struct hci_conn *conn;
1da177e4 1424
a9de9248 1425 hci_dev_lock(hdev);
b6a0dc82 1426
cc11b9c1
AE		 1427 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
1428 if (ie)
c7bdd502
MH		 1429 memcpy(ie->data.dev_class, ev->dev_class, 3);
1430
a9de9248
MH		 1431 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
1432 if (!conn) {
cc11b9c1
AE		 1433 conn = hci_conn_add(hdev, ev->link_type, &ev->bdaddr);
1434 if (!conn) {
893ef971 1435 BT_ERR("No memory for new connection");
a9de9248
MH		 1436 hci_dev_unlock(hdev);
1437 return;
1da177e4
LT		 1438 }
1439 }
b6a0dc82 1440
a9de9248
MH		 1441 memcpy(conn->dev_class, ev->dev_class, 3);
1442 conn->state = BT_CONNECT;
b6a0dc82 1443
a9de9248 1444 hci_dev_unlock(hdev);
1da177e4 1445
b6a0dc82
MH		 1446 if (ev->link_type == ACL_LINK || !lmp_esco_capable(hdev)) {
1447 struct hci_cp_accept_conn_req cp;
1da177e4 1448
b6a0dc82
MH		 1449 bacpy(&cp.bdaddr, &ev->bdaddr);
1450
1451 if (lmp_rswitch_capable(hdev) && (mask & HCI_LM_MASTER))
1452 cp.role = 0x00; /* Become master */
1453 else
1454 cp.role = 0x01; /* Remain slave */
1455
1456 hci_send_cmd(hdev, HCI_OP_ACCEPT_CONN_REQ,
1457 sizeof(cp), &cp);
1458 } else {
1459 struct hci_cp_accept_sync_conn_req cp;
1460
1461 bacpy(&cp.bdaddr, &ev->bdaddr);
a8746417 1462 cp.pkt_type = cpu_to_le16(conn->pkt_type);
b6a0dc82
MH		 1463
1464 cp.tx_bandwidth = cpu_to_le32(0x00001f40);
1465 cp.rx_bandwidth = cpu_to_le32(0x00001f40);
1466 cp.max_latency = cpu_to_le16(0xffff);
1467 cp.content_format = cpu_to_le16(hdev->voice_setting);
1468 cp.retrans_effort = 0xff;
1da177e4 1469
b6a0dc82
MH		 1470 hci_send_cmd(hdev, HCI_OP_ACCEPT_SYNC_CONN_REQ,
1471 sizeof(cp), &cp);
1472 }
a9de9248
MH		 1473 } else {
1474 /* Connection rejected */
1475 struct hci_cp_reject_conn_req cp;
1da177e4 1476
a9de9248
MH		 1477 bacpy(&cp.bdaddr, &ev->bdaddr);
1478 cp.reason = 0x0f;
1479 hci_send_cmd(hdev, HCI_OP_REJECT_CONN_REQ, sizeof(cp), &cp);
1da177e4 1480 }
1da177e4
LT		 1481}
1482
a9de9248 1483static inline void hci_disconn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
04837f64 1484{
a9de9248 1485 struct hci_ev_disconn_complete *ev = (void *) skb->data;
04837f64
MH		 1486 struct hci_conn *conn;
1487
1488 BT_DBG("%s status %d", hdev->name, ev->status);
1489
8962ee74
JH		 1490 if (ev->status) {
1491 mgmt_disconnect_failed(hdev->id);
a9de9248 1492 return;
8962ee74 1493 }
a9de9248 1494
04837f64
MH		 1495 hci_dev_lock(hdev);
1496
1497 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
f7520543
JH		 1498 if (!conn)
1499 goto unlock;
7d0db0a3 1500
f7520543 1501 conn->state = BT_CLOSED;
04837f64 1502
83bc71b4 1503 if (conn->type == ACL_LINK || conn->type == LE_LINK)
f7520543
JH		 1504 mgmt_disconnected(hdev->id, &conn->dst);
1505
1506 hci_proto_disconn_cfm(conn, ev->reason);
1507 hci_conn_del(conn);
1508
1509unlock:
04837f64
MH		 1510 hci_dev_unlock(hdev);
1511}
1512
1da177e4
LT		 1513static inline void hci_auth_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1514{
a9de9248 1515 struct hci_ev_auth_complete *ev = (void *) skb->data;
04837f64 1516 struct hci_conn *conn;
1da177e4
LT		 1517
1518 BT_DBG("%s status %d", hdev->name, ev->status);
1519
1520 hci_dev_lock(hdev);
1521
04837f64 1522 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
d7556e20
WR		 1523 if (!conn)
1524 goto unlock;
1525
1526 if (!ev->status) {
1527 if (!(conn->ssp_mode > 0 && hdev->ssp_mode > 0) &&
1528 test_bit(HCI_CONN_REAUTH_PEND, &conn->pend)) {
1529 BT_INFO("re-auth of legacy device is not possible.");
2a611692 1530 } else {
d7556e20
WR		 1531 conn->link_mode |= HCI_LM_AUTH;
1532 conn->sec_level = conn->pending_sec_level;
2a611692 1533 }
d7556e20
WR		 1534 } else {
1535 mgmt_auth_failed(hdev->id, &conn->dst, ev->status);
1536 }
1da177e4 1537
d7556e20
WR		 1538 clear_bit(HCI_CONN_AUTH_PEND, &conn->pend);
1539 clear_bit(HCI_CONN_REAUTH_PEND, &conn->pend);
1da177e4 1540
d7556e20
WR		 1541 if (conn->state == BT_CONFIG) {
1542 if (!ev->status && hdev->ssp_mode > 0 && conn->ssp_mode > 0) {
1543 struct hci_cp_set_conn_encrypt cp;
1544 cp.handle = ev->handle;
1545 cp.encrypt = 0x01;
1546 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
1547 &cp);
052b30b0 1548 } else {
d7556e20
WR		 1549 conn->state = BT_CONNECTED;
1550 hci_proto_connect_cfm(conn, ev->status);
052b30b0
MH		 1551 hci_conn_put(conn);
1552 }
d7556e20
WR		 1553 } else {
1554 hci_auth_cfm(conn, ev->status);
052b30b0 1555
d7556e20
WR		 1556 hci_conn_hold(conn);
1557 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
1558 hci_conn_put(conn);
1559 }
1560
1561 if (test_bit(HCI_CONN_ENCRYPT_PEND, &conn->pend)) {
1562 if (!ev->status) {
1563 struct hci_cp_set_conn_encrypt cp;
1564 cp.handle = ev->handle;
1565 cp.encrypt = 0x01;
1566 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
1567 &cp);
1568 } else {
1569 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->pend);
1570 hci_encrypt_cfm(conn, ev->status, 0x00);
1da177e4
LT		 1571 }
1572 }
1573
d7556e20 1574unlock:
1da177e4
LT		 1575 hci_dev_unlock(hdev);
1576}
1577
a9de9248 1578static inline void hci_remote_name_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 1579{
127178d2
JH		 1580 struct hci_ev_remote_name *ev = (void *) skb->data;
1581 struct hci_conn *conn;
1582
a9de9248 1583 BT_DBG("%s", hdev->name);
1da177e4 1584
a9de9248 1585 hci_conn_check_pending(hdev);
127178d2
JH		 1586
1587 hci_dev_lock(hdev);
1588
a88a9652
JH		 1589 if (ev->status == 0 && test_bit(HCI_MGMT, &hdev->flags))
1590 mgmt_remote_name(hdev->id, &ev->bdaddr, ev->name);
1591
127178d2 1592 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
79c6c70c
JH		 1593 if (!conn)
1594 goto unlock;
1595
1596 if (!hci_outgoing_auth_needed(hdev, conn))
1597 goto unlock;
1598
1599 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->pend)) {
127178d2
JH		 1600 struct hci_cp_auth_requested cp;
1601 cp.handle = __cpu_to_le16(conn->handle);
1602 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp);
1603 }
1604
79c6c70c 1605unlock:
127178d2 1606 hci_dev_unlock(hdev);
a9de9248
MH		 1607}
1608
1609static inline void hci_encrypt_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
1610{
1611 struct hci_ev_encrypt_change *ev = (void *) skb->data;
1612 struct hci_conn *conn;
1613
1614 BT_DBG("%s status %d", hdev->name, ev->status);
1da177e4
LT		 1615
1616 hci_dev_lock(hdev);
1617
04837f64 1618 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1da177e4
LT		 1619 if (conn) {
1620 if (!ev->status) {
ae293196
MH		 1621 if (ev->encrypt) {
1622 /* Encryption implies authentication */
1623 conn->link_mode |= HCI_LM_AUTH;
1da177e4 1624 conn->link_mode |= HCI_LM_ENCRYPT;
da85e5e5 1625 conn->sec_level = conn->pending_sec_level;
ae293196 1626 } else
1da177e4
LT		 1627 conn->link_mode &= ~HCI_LM_ENCRYPT;
1628 }
1629
1630 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->pend);
1631
f8558555
MH		 1632 if (conn->state == BT_CONFIG) {
1633 if (!ev->status)
1634 conn->state = BT_CONNECTED;
1635
1636 hci_proto_connect_cfm(conn, ev->status);
1637 hci_conn_put(conn);
1638 } else
1639 hci_encrypt_cfm(conn, ev->status, ev->encrypt);
1da177e4
LT		 1640 }
1641
1642 hci_dev_unlock(hdev);
1643}
1644
a9de9248 1645static inline void hci_change_link_key_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 1646{
a9de9248 1647 struct hci_ev_change_link_key_complete *ev = (void *) skb->data;
04837f64 1648 struct hci_conn *conn;
1da177e4
LT		 1649
1650 BT_DBG("%s status %d", hdev->name, ev->status);
1651
1652 hci_dev_lock(hdev);
1653
04837f64 1654 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1da177e4
LT		 1655 if (conn) {
1656 if (!ev->status)
1657 conn->link_mode |= HCI_LM_SECURE;
1658
1659 clear_bit(HCI_CONN_AUTH_PEND, &conn->pend);
1660
1661 hci_key_change_cfm(conn, ev->status);
1662 }
1663
1664 hci_dev_unlock(hdev);
1665}
1666
a9de9248 1667static inline void hci_remote_features_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 1668{
a9de9248
MH		 1669 struct hci_ev_remote_features *ev = (void *) skb->data;
1670 struct hci_conn *conn;
1671
1672 BT_DBG("%s status %d", hdev->name, ev->status);
1673
a9de9248
MH		 1674 hci_dev_lock(hdev);
1675
1676 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
ccd556fe
JH		 1677 if (!conn)
1678 goto unlock;
769be974 1679
ccd556fe
JH		 1680 if (!ev->status)
1681 memcpy(conn->features, ev->features, 8);
1682
1683 if (conn->state != BT_CONFIG)
1684 goto unlock;
1685
1686 if (!ev->status && lmp_ssp_capable(hdev) && lmp_ssp_capable(conn)) {
1687 struct hci_cp_read_remote_ext_features cp;
1688 cp.handle = ev->handle;
1689 cp.page = 0x01;
1690 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES,
bdb7524a 1691 sizeof(cp), &cp);
392599b9
JH		 1692 goto unlock;
1693 }
1694
127178d2
JH		 1695 if (!ev->status) {
1696 struct hci_cp_remote_name_req cp;
1697 memset(&cp, 0, sizeof(cp));
1698 bacpy(&cp.bdaddr, &conn->dst);
1699 cp.pscan_rep_mode = 0x02;
1700 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
1701 }
392599b9 1702
127178d2 1703 if (!hci_outgoing_auth_needed(hdev, conn)) {
ccd556fe
JH		 1704 conn->state = BT_CONNECTED;
1705 hci_proto_connect_cfm(conn, ev->status);
1706 hci_conn_put(conn);
769be974 1707 }
a9de9248 1708
ccd556fe 1709unlock:
a9de9248 1710 hci_dev_unlock(hdev);
1da177e4
LT		 1711}
1712
a9de9248 1713static inline void hci_remote_version_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 1714{
a9de9248 1715 BT_DBG("%s", hdev->name);
1da177e4
LT		 1716}
1717
a9de9248 1718static inline void hci_qos_setup_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 1719{
a9de9248 1720 BT_DBG("%s", hdev->name);
1da177e4
LT		 1721}
1722
a9de9248
MH		 1723static inline void hci_cmd_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1724{
1725 struct hci_ev_cmd_complete *ev = (void *) skb->data;
1726 __u16 opcode;
1727
1728 skb_pull(skb, sizeof(*ev));
1729
1730 opcode = __le16_to_cpu(ev->opcode);
1731
1732 switch (opcode) {
1733 case HCI_OP_INQUIRY_CANCEL:
1734 hci_cc_inquiry_cancel(hdev, skb);
1735 break;
1736
1737 case HCI_OP_EXIT_PERIODIC_INQ:
1738 hci_cc_exit_periodic_inq(hdev, skb);
1739 break;
1740
1741 case HCI_OP_REMOTE_NAME_REQ_CANCEL:
1742 hci_cc_remote_name_req_cancel(hdev, skb);
1743 break;
1744
1745 case HCI_OP_ROLE_DISCOVERY:
1746 hci_cc_role_discovery(hdev, skb);
1747 break;
1748
e4e8e37c
MH		 1749 case HCI_OP_READ_LINK_POLICY:
1750 hci_cc_read_link_policy(hdev, skb);
1751 break;
1752
a9de9248
MH		 1753 case HCI_OP_WRITE_LINK_POLICY:
1754 hci_cc_write_link_policy(hdev, skb);
1755 break;
1756
e4e8e37c
MH		 1757 case HCI_OP_READ_DEF_LINK_POLICY:
1758 hci_cc_read_def_link_policy(hdev, skb);
1759 break;
1760
1761 case HCI_OP_WRITE_DEF_LINK_POLICY:
1762 hci_cc_write_def_link_policy(hdev, skb);
1763 break;
1764
a9de9248
MH		 1765 case HCI_OP_RESET:
1766 hci_cc_reset(hdev, skb);
1767 break;
1768
1769 case HCI_OP_WRITE_LOCAL_NAME:
1770 hci_cc_write_local_name(hdev, skb);
1771 break;
1772
1773 case HCI_OP_READ_LOCAL_NAME:
1774 hci_cc_read_local_name(hdev, skb);
1775 break;
1776
1777 case HCI_OP_WRITE_AUTH_ENABLE:
1778 hci_cc_write_auth_enable(hdev, skb);
1779 break;
1780
1781 case HCI_OP_WRITE_ENCRYPT_MODE:
1782 hci_cc_write_encrypt_mode(hdev, skb);
1783 break;
1784
1785 case HCI_OP_WRITE_SCAN_ENABLE:
1786 hci_cc_write_scan_enable(hdev, skb);
1787 break;
1788
1789 case HCI_OP_READ_CLASS_OF_DEV:
1790 hci_cc_read_class_of_dev(hdev, skb);
1791 break;
1792
1793 case HCI_OP_WRITE_CLASS_OF_DEV:
1794 hci_cc_write_class_of_dev(hdev, skb);
1795 break;
1796
1797 case HCI_OP_READ_VOICE_SETTING:
1798 hci_cc_read_voice_setting(hdev, skb);
1799 break;
1800
1801 case HCI_OP_WRITE_VOICE_SETTING:
1802 hci_cc_write_voice_setting(hdev, skb);
1803 break;
1804
1805 case HCI_OP_HOST_BUFFER_SIZE:
1806 hci_cc_host_buffer_size(hdev, skb);
1807 break;
1808
333140b5
MH		 1809 case HCI_OP_READ_SSP_MODE:
1810 hci_cc_read_ssp_mode(hdev, skb);
1811 break;
1812
1813 case HCI_OP_WRITE_SSP_MODE:
1814 hci_cc_write_ssp_mode(hdev, skb);
1815 break;
1816
a9de9248
MH		 1817 case HCI_OP_READ_LOCAL_VERSION:
1818 hci_cc_read_local_version(hdev, skb);
1819 break;
1820
1821 case HCI_OP_READ_LOCAL_COMMANDS:
1822 hci_cc_read_local_commands(hdev, skb);
1823 break;
1824
1825 case HCI_OP_READ_LOCAL_FEATURES:
1826 hci_cc_read_local_features(hdev, skb);
1827 break;
1828
1829 case HCI_OP_READ_BUFFER_SIZE:
1830 hci_cc_read_buffer_size(hdev, skb);
1831 break;
1832
1833 case HCI_OP_READ_BD_ADDR:
1834 hci_cc_read_bd_addr(hdev, skb);
1835 break;
1836
23bb5763
JH		 1837 case HCI_OP_WRITE_CA_TIMEOUT:
1838 hci_cc_write_ca_timeout(hdev, skb);
1839 break;
1840
b0916ea0
JH		 1841 case HCI_OP_DELETE_STORED_LINK_KEY:
1842 hci_cc_delete_stored_link_key(hdev, skb);
1843 break;
1844
d5859e22
JH		 1845 case HCI_OP_SET_EVENT_MASK:
1846 hci_cc_set_event_mask(hdev, skb);
1847 break;
1848
1849 case HCI_OP_WRITE_INQUIRY_MODE:
1850 hci_cc_write_inquiry_mode(hdev, skb);
1851 break;
1852
1853 case HCI_OP_READ_INQ_RSP_TX_POWER:
1854 hci_cc_read_inq_rsp_tx_power(hdev, skb);
1855 break;
1856
1857 case HCI_OP_SET_EVENT_FLT:
1858 hci_cc_set_event_flt(hdev, skb);
1859 break;
1860
980e1a53
JH		 1861 case HCI_OP_PIN_CODE_REPLY:
1862 hci_cc_pin_code_reply(hdev, skb);
1863 break;
1864
1865 case HCI_OP_PIN_CODE_NEG_REPLY:
1866 hci_cc_pin_code_neg_reply(hdev, skb);
1867 break;
1868
c35938b2
SJ		 1869 case HCI_OP_READ_LOCAL_OOB_DATA:
1870 hci_cc_read_local_oob_data_reply(hdev, skb);
1871 break;
1872
6ed58ec5
VT		 1873 case HCI_OP_LE_READ_BUFFER_SIZE:
1874 hci_cc_le_read_buffer_size(hdev, skb);
1875 break;
1876
a5c29683
JH		 1877 case HCI_OP_USER_CONFIRM_REPLY:
1878 hci_cc_user_confirm_reply(hdev, skb);
1879 break;
1880
1881 case HCI_OP_USER_CONFIRM_NEG_REPLY:
1882 hci_cc_user_confirm_neg_reply(hdev, skb);
1883 break;
1884
eb9d91f5
AG		 1885 case HCI_OP_LE_SET_SCAN_ENABLE:
1886 hci_cc_le_set_scan_enable(hdev, skb);
1887 break;
1888
a7a595f6
VCG		 1889 case HCI_OP_LE_LTK_REPLY:
1890 hci_cc_le_ltk_reply(hdev, skb);
1891 break;
1892
1893 case HCI_OP_LE_LTK_NEG_REPLY:
1894 hci_cc_le_ltk_neg_reply(hdev, skb);
1895 break;
1896
a9de9248
MH		 1897 default:
1898 BT_DBG("%s opcode 0x%x", hdev->name, opcode);
1899 break;
1900 }
1901
6bd32326
VT		 1902 if (ev->opcode != HCI_OP_NOP)
1903 del_timer(&hdev->cmd_timer);
1904
a9de9248
MH		 1905 if (ev->ncmd) {
1906 atomic_set(&hdev->cmd_cnt, 1);
1907 if (!skb_queue_empty(&hdev->cmd_q))
c78ae283 1908 tasklet_schedule(&hdev->cmd_task);
a9de9248
MH		 1909 }
1910}
1911
1912static inline void hci_cmd_status_evt(struct hci_dev *hdev, struct sk_buff *skb)
1913{
1914 struct hci_ev_cmd_status *ev = (void *) skb->data;
1915 __u16 opcode;
1916
1917 skb_pull(skb, sizeof(*ev));
1918
1919 opcode = __le16_to_cpu(ev->opcode);
1920
1921 switch (opcode) {
1922 case HCI_OP_INQUIRY:
1923 hci_cs_inquiry(hdev, ev->status);
1924 break;
1925
1926 case HCI_OP_CREATE_CONN:
1927 hci_cs_create_conn(hdev, ev->status);
1928 break;
1929
1930 case HCI_OP_ADD_SCO:
1931 hci_cs_add_sco(hdev, ev->status);
1932 break;
1933
f8558555
MH		 1934 case HCI_OP_AUTH_REQUESTED:
1935 hci_cs_auth_requested(hdev, ev->status);
1936 break;
1937
1938 case HCI_OP_SET_CONN_ENCRYPT:
1939 hci_cs_set_conn_encrypt(hdev, ev->status);
1940 break;
1941
a9de9248
MH		 1942 case HCI_OP_REMOTE_NAME_REQ:
1943 hci_cs_remote_name_req(hdev, ev->status);
1944 break;
1945
769be974
MH		 1946 case HCI_OP_READ_REMOTE_FEATURES:
1947 hci_cs_read_remote_features(hdev, ev->status);
1948 break;
1949
1950 case HCI_OP_READ_REMOTE_EXT_FEATURES:
1951 hci_cs_read_remote_ext_features(hdev, ev->status);
1952 break;
1953
a9de9248
MH		 1954 case HCI_OP_SETUP_SYNC_CONN:
1955 hci_cs_setup_sync_conn(hdev, ev->status);
1956 break;
1957
1958 case HCI_OP_SNIFF_MODE:
1959 hci_cs_sniff_mode(hdev, ev->status);
1960 break;
1961
1962 case HCI_OP_EXIT_SNIFF_MODE:
1963 hci_cs_exit_sniff_mode(hdev, ev->status);
1964 break;
1965
8962ee74
JH		 1966 case HCI_OP_DISCONNECT:
1967 if (ev->status != 0)
1968 mgmt_disconnect_failed(hdev->id);
1969 break;
1970
fcd89c09
VT		 1971 case HCI_OP_LE_CREATE_CONN:
1972 hci_cs_le_create_conn(hdev, ev->status);
1973 break;
1974
a7a595f6
VCG		 1975 case HCI_OP_LE_START_ENC:
1976 hci_cs_le_start_enc(hdev, ev->status);
1977 break;
1978
a9de9248
MH		 1979 default:
1980 BT_DBG("%s opcode 0x%x", hdev->name, opcode);
1981 break;
1982 }
1983
6bd32326
VT		 1984 if (ev->opcode != HCI_OP_NOP)
1985 del_timer(&hdev->cmd_timer);
1986
10572132 1987 if (ev->ncmd && !test_bit(HCI_RESET, &hdev->flags)) {
a9de9248
MH		 1988 atomic_set(&hdev->cmd_cnt, 1);
1989 if (!skb_queue_empty(&hdev->cmd_q))
c78ae283 1990 tasklet_schedule(&hdev->cmd_task);
a9de9248
MH		 1991 }
1992}
1993
1994static inline void hci_role_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
1995{
1996 struct hci_ev_role_change *ev = (void *) skb->data;
1997 struct hci_conn *conn;
1998
1999 BT_DBG("%s status %d", hdev->name, ev->status);
2000
2001 hci_dev_lock(hdev);
2002
2003 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2004 if (conn) {
2005 if (!ev->status) {
2006 if (ev->role)
2007 conn->link_mode &= ~HCI_LM_MASTER;
2008 else
2009 conn->link_mode |= HCI_LM_MASTER;
2010 }
2011
2012 clear_bit(HCI_CONN_RSWITCH_PEND, &conn->pend);
2013
2014 hci_role_switch_cfm(conn, ev->status, ev->role);
2015 }
2016
2017 hci_dev_unlock(hdev);
2018}
2019
2020static inline void hci_num_comp_pkts_evt(struct hci_dev *hdev, struct sk_buff *skb)
2021{
2022 struct hci_ev_num_comp_pkts *ev = (void *) skb->data;
2023 __le16 *ptr;
2024 int i;
2025
2026 skb_pull(skb, sizeof(*ev));
2027
2028 BT_DBG("%s num_hndl %d", hdev->name, ev->num_hndl);
2029
2030 if (skb->len < ev->num_hndl * 4) {
2031 BT_DBG("%s bad parameters", hdev->name);
2032 return;
2033 }
2034
2035 tasklet_disable(&hdev->tx_task);
2036
2037 for (i = 0, ptr = (__le16 *) skb->data; i < ev->num_hndl; i++) {
2038 struct hci_conn *conn;
2039 __u16 handle, count;
2040
83985319
HH		 2041 handle = get_unaligned_le16(ptr++);
2042 count = get_unaligned_le16(ptr++);
a9de9248
MH		 2043
2044 conn = hci_conn_hash_lookup_handle(hdev, handle);
2045 if (conn) {
2046 conn->sent -= count;
2047
2048 if (conn->type == ACL_LINK) {
70f23020
AE		 2049 hdev->acl_cnt += count;
2050 if (hdev->acl_cnt > hdev->acl_pkts)
a9de9248 2051 hdev->acl_cnt = hdev->acl_pkts;
6ed58ec5
VT		 2052 } else if (conn->type == LE_LINK) {
2053 if (hdev->le_pkts) {
2054 hdev->le_cnt += count;
2055 if (hdev->le_cnt > hdev->le_pkts)
2056 hdev->le_cnt = hdev->le_pkts;
2057 } else {
2058 hdev->acl_cnt += count;
2059 if (hdev->acl_cnt > hdev->acl_pkts)
2060 hdev->acl_cnt = hdev->acl_pkts;
2061 }
a9de9248 2062 } else {
70f23020
AE		 2063 hdev->sco_cnt += count;
2064 if (hdev->sco_cnt > hdev->sco_pkts)
a9de9248
MH		 2065 hdev->sco_cnt = hdev->sco_pkts;
2066 }
2067 }
2068 }
2069
c78ae283 2070 tasklet_schedule(&hdev->tx_task);
a9de9248
MH		 2071
2072 tasklet_enable(&hdev->tx_task);
2073}
2074
2075static inline void hci_mode_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
04837f64 2076{
a9de9248 2077 struct hci_ev_mode_change *ev = (void *) skb->data;
04837f64
MH		 2078 struct hci_conn *conn;
2079
2080 BT_DBG("%s status %d", hdev->name, ev->status);
2081
2082 hci_dev_lock(hdev);
2083
2084 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
a9de9248
MH		 2085 if (conn) {
2086 conn->mode = ev->mode;
2087 conn->interval = __le16_to_cpu(ev->interval);
2088
2089 if (!test_and_clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->pend)) {
2090 if (conn->mode == HCI_CM_ACTIVE)
2091 conn->power_save = 1;
2092 else
2093 conn->power_save = 0;
2094 }
e73439d8
MH		 2095
2096 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->pend))
2097 hci_sco_setup(conn, ev->status);
04837f64
MH		 2098 }
2099
2100 hci_dev_unlock(hdev);
2101}
2102
a9de9248
MH		 2103static inline void hci_pin_code_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
2104{
052b30b0
MH		 2105 struct hci_ev_pin_code_req *ev = (void *) skb->data;
2106 struct hci_conn *conn;
2107
a9de9248 2108 BT_DBG("%s", hdev->name);
052b30b0
MH		 2109
2110 hci_dev_lock(hdev);
2111
2112 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3d7a9d1c 2113 if (conn && conn->state == BT_CONNECTED) {
052b30b0
MH		 2114 hci_conn_hold(conn);
2115 conn->disc_timeout = HCI_PAIRING_TIMEOUT;
2116 hci_conn_put(conn);
2117 }
2118
03b555e1
JH		 2119 if (!test_bit(HCI_PAIRABLE, &hdev->flags))
2120 hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
2121 sizeof(ev->bdaddr), &ev->bdaddr);
582fbe9e 2122 else if (test_bit(HCI_MGMT, &hdev->flags)) {
a770bb5a
WR		 2123 u8 secure;
2124
2125 if (conn->pending_sec_level == BT_SECURITY_HIGH)
2126 secure = 1;
2127 else
2128 secure = 0;
2129
2130 mgmt_pin_code_request(hdev->id, &ev->bdaddr, secure);
2131 }
980e1a53 2132
052b30b0 2133 hci_dev_unlock(hdev);
a9de9248
MH		 2134}
2135
2136static inline void hci_link_key_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
2137{
55ed8ca1
JH		 2138 struct hci_ev_link_key_req *ev = (void *) skb->data;
2139 struct hci_cp_link_key_reply cp;
2140 struct hci_conn *conn;
2141 struct link_key *key;
2142
a9de9248 2143 BT_DBG("%s", hdev->name);
55ed8ca1
JH		 2144
2145 if (!test_bit(HCI_LINK_KEYS, &hdev->flags))
2146 return;
2147
2148 hci_dev_lock(hdev);
2149
2150 key = hci_find_link_key(hdev, &ev->bdaddr);
2151 if (!key) {
2152 BT_DBG("%s link key not found for %s", hdev->name,
2153 batostr(&ev->bdaddr));
2154 goto not_found;
2155 }
2156
2157 BT_DBG("%s found key type %u for %s", hdev->name, key->type,
2158 batostr(&ev->bdaddr));
2159
b6020ba0
WR		 2160 if (!test_bit(HCI_DEBUG_KEYS, &hdev->flags) &&
2161 key->type == HCI_LK_DEBUG_COMBINATION) {
55ed8ca1
JH		 2162 BT_DBG("%s ignoring debug key", hdev->name);
2163 goto not_found;
2164 }
2165
2166 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
60b83f57
WR		 2167 if (conn) {
2168 if (key->type == HCI_LK_UNAUTH_COMBINATION &&
2169 conn->auth_type != 0xff &&
2170 (conn->auth_type & 0x01)) {
2171 BT_DBG("%s ignoring unauthenticated key", hdev->name);
2172 goto not_found;
2173 }
55ed8ca1 2174
60b83f57
WR		 2175 if (key->type == HCI_LK_COMBINATION && key->pin_len < 16 &&
2176 conn->pending_sec_level == BT_SECURITY_HIGH) {
2177 BT_DBG("%s ignoring key unauthenticated for high \
2178 security", hdev->name);
2179 goto not_found;
2180 }
2181
2182 conn->key_type = key->type;
2183 conn->pin_length = key->pin_len;
55ed8ca1
JH		 2184 }
2185
2186 bacpy(&cp.bdaddr, &ev->bdaddr);
2187 memcpy(cp.link_key, key->val, 16);
2188
2189 hci_send_cmd(hdev, HCI_OP_LINK_KEY_REPLY, sizeof(cp), &cp);
2190
2191 hci_dev_unlock(hdev);
2192
2193 return;
2194
2195not_found:
2196 hci_send_cmd(hdev, HCI_OP_LINK_KEY_NEG_REPLY, 6, &ev->bdaddr);
2197 hci_dev_unlock(hdev);
a9de9248
MH		 2198}
2199
2200static inline void hci_link_key_notify_evt(struct hci_dev *hdev, struct sk_buff *skb)
2201{
052b30b0
MH		 2202 struct hci_ev_link_key_notify *ev = (void *) skb->data;
2203 struct hci_conn *conn;
55ed8ca1 2204 u8 pin_len = 0;
052b30b0 2205
a9de9248 2206 BT_DBG("%s", hdev->name);
052b30b0
MH		 2207
2208 hci_dev_lock(hdev);
2209
2210 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2211 if (conn) {
2212 hci_conn_hold(conn);
2213 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
980e1a53 2214 pin_len = conn->pin_length;
13d39315
WR		 2215
2216 if (ev->key_type != HCI_LK_CHANGED_COMBINATION)
2217 conn->key_type = ev->key_type;
2218
052b30b0
MH		 2219 hci_conn_put(conn);
2220 }
2221
55ed8ca1 2222 if (test_bit(HCI_LINK_KEYS, &hdev->flags))
d25e28ab 2223 hci_add_link_key(hdev, conn, 1, &ev->bdaddr, ev->link_key,
55ed8ca1
JH		 2224 ev->key_type, pin_len);
2225
052b30b0 2226 hci_dev_unlock(hdev);
a9de9248
MH		 2227}
2228
1da177e4
LT		 2229static inline void hci_clock_offset_evt(struct hci_dev *hdev, struct sk_buff *skb)
2230{
a9de9248 2231 struct hci_ev_clock_offset *ev = (void *) skb->data;
04837f64 2232 struct hci_conn *conn;
1da177e4
LT		 2233
2234 BT_DBG("%s status %d", hdev->name, ev->status);
2235
2236 hci_dev_lock(hdev);
2237
04837f64 2238 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1da177e4
LT		 2239 if (conn && !ev->status) {
2240 struct inquiry_entry *ie;
2241
cc11b9c1
AE		 2242 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
2243 if (ie) {
1da177e4
LT		 2244 ie->data.clock_offset = ev->clock_offset;
2245 ie->timestamp = jiffies;
2246 }
2247 }
2248
2249 hci_dev_unlock(hdev);
2250}
2251
a8746417
MH		 2252static inline void hci_pkt_type_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2253{
2254 struct hci_ev_pkt_type_change *ev = (void *) skb->data;
2255 struct hci_conn *conn;
2256
2257 BT_DBG("%s status %d", hdev->name, ev->status);
2258
2259 hci_dev_lock(hdev);
2260
2261 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2262 if (conn && !ev->status)
2263 conn->pkt_type = __le16_to_cpu(ev->pkt_type);
2264
2265 hci_dev_unlock(hdev);
2266}
2267
85a1e930
MH		 2268static inline void hci_pscan_rep_mode_evt(struct hci_dev *hdev, struct sk_buff *skb)
2269{
a9de9248 2270 struct hci_ev_pscan_rep_mode *ev = (void *) skb->data;
85a1e930
MH		 2271 struct inquiry_entry *ie;
2272
2273 BT_DBG("%s", hdev->name);
2274
2275 hci_dev_lock(hdev);
2276
cc11b9c1
AE		 2277 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
2278 if (ie) {
85a1e930
MH		 2279 ie->data.pscan_rep_mode = ev->pscan_rep_mode;
2280 ie->timestamp = jiffies;
2281 }
2282
2283 hci_dev_unlock(hdev);
2284}
2285
a9de9248
MH		 2286static inline void hci_inquiry_result_with_rssi_evt(struct hci_dev *hdev, struct sk_buff *skb)
2287{
2288 struct inquiry_data data;
2289 int num_rsp = *((__u8 *) skb->data);
2290
2291 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
2292
2293 if (!num_rsp)
2294 return;
2295
2296 hci_dev_lock(hdev);
2297
314b2381
JH		 2298 if (!test_and_set_bit(HCI_INQUIRY, &hdev->flags)) {
2299
2300 if (test_bit(HCI_MGMT, &hdev->flags))
2301 mgmt_discovering(hdev->id, 1);
2302 }
2303
a9de9248 2304 if ((skb->len - 1) / num_rsp != sizeof(struct inquiry_info_with_rssi)) {
138d22ef
SJ		 2305 struct inquiry_info_with_rssi_and_pscan_mode *info;
2306 info = (void *) (skb->data + 1);
a9de9248 2307
e17acd40 2308 for (; num_rsp; num_rsp--, info++) {
a9de9248
MH		 2309 bacpy(&data.bdaddr, &info->bdaddr);
2310 data.pscan_rep_mode = info->pscan_rep_mode;
2311 data.pscan_period_mode = info->pscan_period_mode;
2312 data.pscan_mode = info->pscan_mode;
2313 memcpy(data.dev_class, info->dev_class, 3);
2314 data.clock_offset = info->clock_offset;
2315 data.rssi = info->rssi;
41a96212 2316 data.ssp_mode = 0x00;
a9de9248 2317 hci_inquiry_cache_update(hdev, &data);
e17acd40
JH		 2318 mgmt_device_found(hdev->id, &info->bdaddr,
2319 info->dev_class, info->rssi,
2320 NULL);
a9de9248
MH		 2321 }
2322 } else {
2323 struct inquiry_info_with_rssi *info = (void *) (skb->data + 1);
2324
e17acd40 2325 for (; num_rsp; num_rsp--, info++) {
a9de9248
MH		 2326 bacpy(&data.bdaddr, &info->bdaddr);
2327 data.pscan_rep_mode = info->pscan_rep_mode;
2328 data.pscan_period_mode = info->pscan_period_mode;
2329 data.pscan_mode = 0x00;
2330 memcpy(data.dev_class, info->dev_class, 3);
2331 data.clock_offset = info->clock_offset;
2332 data.rssi = info->rssi;
41a96212 2333 data.ssp_mode = 0x00;
a9de9248 2334 hci_inquiry_cache_update(hdev, &data);
e17acd40
JH		 2335 mgmt_device_found(hdev->id, &info->bdaddr,
2336 info->dev_class, info->rssi,
2337 NULL);
a9de9248
MH		 2338 }
2339 }
2340
2341 hci_dev_unlock(hdev);
2342}
2343
2344static inline void hci_remote_ext_features_evt(struct hci_dev *hdev, struct sk_buff *skb)
2345{
41a96212
MH		 2346 struct hci_ev_remote_ext_features *ev = (void *) skb->data;
2347 struct hci_conn *conn;
2348
a9de9248 2349 BT_DBG("%s", hdev->name);
41a96212 2350
41a96212
MH		 2351 hci_dev_lock(hdev);
2352
2353 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
ccd556fe
JH		 2354 if (!conn)
2355 goto unlock;
41a96212 2356
ccd556fe
JH		 2357 if (!ev->status && ev->page == 0x01) {
2358 struct inquiry_entry *ie;
41a96212 2359
cc11b9c1
AE		 2360 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
2361 if (ie)
ccd556fe 2362 ie->data.ssp_mode = (ev->features[0] & 0x01);
769be974 2363
ccd556fe
JH		 2364 conn->ssp_mode = (ev->features[0] & 0x01);
2365 }
2366
2367 if (conn->state != BT_CONFIG)
2368 goto unlock;
2369
127178d2
JH		 2370 if (!ev->status) {
2371 struct hci_cp_remote_name_req cp;
2372 memset(&cp, 0, sizeof(cp));
2373 bacpy(&cp.bdaddr, &conn->dst);
2374 cp.pscan_rep_mode = 0x02;
2375 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
2376 }
392599b9 2377
127178d2 2378 if (!hci_outgoing_auth_needed(hdev, conn)) {
ccd556fe
JH		 2379 conn->state = BT_CONNECTED;
2380 hci_proto_connect_cfm(conn, ev->status);
2381 hci_conn_put(conn);
41a96212
MH		 2382 }
2383
ccd556fe 2384unlock:
41a96212 2385 hci_dev_unlock(hdev);
a9de9248
MH		 2386}
2387
2388static inline void hci_sync_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2389{
b6a0dc82
MH		 2390 struct hci_ev_sync_conn_complete *ev = (void *) skb->data;
2391 struct hci_conn *conn;
2392
2393 BT_DBG("%s status %d", hdev->name, ev->status);
2394
2395 hci_dev_lock(hdev);
2396
2397 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
9dc0a3af
MH		 2398 if (!conn) {
2399 if (ev->link_type == ESCO_LINK)
2400 goto unlock;
2401
2402 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
2403 if (!conn)
2404 goto unlock;
2405
2406 conn->type = SCO_LINK;
2407 }
b6a0dc82 2408
732547f9
MH		 2409 switch (ev->status) {
2410 case 0x00:
b6a0dc82
MH		 2411 conn->handle = __le16_to_cpu(ev->handle);
2412 conn->state = BT_CONNECTED;
7d0db0a3 2413
9eba32b8 2414 hci_conn_hold_device(conn);
7d0db0a3 2415 hci_conn_add_sysfs(conn);
732547f9
MH		 2416 break;
2417
705e5711 2418 case 0x11: /* Unsupported Feature or Parameter Value */
732547f9 2419 case 0x1c: /* SCO interval rejected */
1038a00b 2420 case 0x1a: /* Unsupported Remote Feature */
732547f9
MH		 2421 case 0x1f: /* Unspecified error */
2422 if (conn->out && conn->attempt < 2) {
2423 conn->pkt_type = (hdev->esco_type & SCO_ESCO_MASK) |
2424 (hdev->esco_type & EDR_ESCO_MASK);
2425 hci_setup_sync(conn, conn->link->handle);
2426 goto unlock;
2427 }
2428 /* fall through */
2429
2430 default:
b6a0dc82 2431 conn->state = BT_CLOSED;
732547f9
MH		 2432 break;
2433 }
b6a0dc82
MH		 2434
2435 hci_proto_connect_cfm(conn, ev->status);
2436 if (ev->status)
2437 hci_conn_del(conn);
2438
2439unlock:
2440 hci_dev_unlock(hdev);
a9de9248
MH		 2441}
2442
2443static inline void hci_sync_conn_changed_evt(struct hci_dev *hdev, struct sk_buff *skb)
2444{
2445 BT_DBG("%s", hdev->name);
2446}
2447
04837f64
MH		 2448static inline void hci_sniff_subrate_evt(struct hci_dev *hdev, struct sk_buff *skb)
2449{
a9de9248 2450 struct hci_ev_sniff_subrate *ev = (void *) skb->data;
04837f64
MH		 2451
2452 BT_DBG("%s status %d", hdev->name, ev->status);
04837f64
MH		 2453}
2454
a9de9248 2455static inline void hci_extended_inquiry_result_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 2456{
a9de9248
MH		 2457 struct inquiry_data data;
2458 struct extended_inquiry_info *info = (void *) (skb->data + 1);
2459 int num_rsp = *((__u8 *) skb->data);
1da177e4 2460
a9de9248 2461 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
1da177e4 2462
a9de9248
MH		 2463 if (!num_rsp)
2464 return;
1da177e4 2465
314b2381
JH		 2466 if (!test_and_set_bit(HCI_INQUIRY, &hdev->flags)) {
2467
2468 if (test_bit(HCI_MGMT, &hdev->flags))
2469 mgmt_discovering(hdev->id, 1);
2470 }
2471
a9de9248
MH		 2472 hci_dev_lock(hdev);
2473
e17acd40 2474 for (; num_rsp; num_rsp--, info++) {
a9de9248 2475 bacpy(&data.bdaddr, &info->bdaddr);
138d22ef
SJ		 2476 data.pscan_rep_mode = info->pscan_rep_mode;
2477 data.pscan_period_mode = info->pscan_period_mode;
2478 data.pscan_mode = 0x00;
a9de9248 2479 memcpy(data.dev_class, info->dev_class, 3);
138d22ef
SJ		 2480 data.clock_offset = info->clock_offset;
2481 data.rssi = info->rssi;
41a96212 2482 data.ssp_mode = 0x01;
a9de9248 2483 hci_inquiry_cache_update(hdev, &data);
e17acd40
JH		 2484 mgmt_device_found(hdev->id, &info->bdaddr, info->dev_class,
2485 info->rssi, info->data);
a9de9248
MH		 2486 }
2487
2488 hci_dev_unlock(hdev);
2489}
1da177e4 2490
17fa4b9d
JH		 2491static inline u8 hci_get_auth_req(struct hci_conn *conn)
2492{
2493 /* If remote requests dedicated bonding follow that lead */
2494 if (conn->remote_auth == 0x02 || conn->remote_auth == 0x03) {
2495 /* If both remote and local IO capabilities allow MITM
2496 * protection then require it, otherwise don't */
2497 if (conn->remote_cap == 0x03 || conn->io_capability == 0x03)
2498 return 0x02;
2499 else
2500 return 0x03;
2501 }
2502
2503 /* If remote requests no-bonding follow that lead */
2504 if (conn->remote_auth == 0x00 || conn->remote_auth == 0x01)
58797bf7 2505 return conn->remote_auth | (conn->auth_type & 0x01);
17fa4b9d
JH		 2506
2507 return conn->auth_type;
2508}
2509
0493684e
MH		 2510static inline void hci_io_capa_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
2511{
2512 struct hci_ev_io_capa_request *ev = (void *) skb->data;
2513 struct hci_conn *conn;
2514
2515 BT_DBG("%s", hdev->name);
2516
2517 hci_dev_lock(hdev);
2518
2519 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
03b555e1
JH		 2520 if (!conn)
2521 goto unlock;
2522
2523 hci_conn_hold(conn);
2524
2525 if (!test_bit(HCI_MGMT, &hdev->flags))
2526 goto unlock;
2527
2528 if (test_bit(HCI_PAIRABLE, &hdev->flags) ||
2529 (conn->remote_auth & ~0x01) == HCI_AT_NO_BONDING) {
17fa4b9d
JH		 2530 struct hci_cp_io_capability_reply cp;
2531
2532 bacpy(&cp.bdaddr, &ev->bdaddr);
2533 cp.capability = conn->io_capability;
7cbc9bd9
JH		 2534 conn->auth_type = hci_get_auth_req(conn);
2535 cp.authentication = conn->auth_type;
17fa4b9d 2536
ce85ee13
SJ		 2537 if ((conn->out == 0x01 || conn->remote_oob == 0x01) &&
2538 hci_find_remote_oob_data(hdev, &conn->dst))
2539 cp.oob_data = 0x01;
2540 else
2541 cp.oob_data = 0x00;
2542
17fa4b9d
JH		 2543 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_REPLY,
2544 sizeof(cp), &cp);
03b555e1
JH		 2545 } else {
2546 struct hci_cp_io_capability_neg_reply cp;
2547
2548 bacpy(&cp.bdaddr, &ev->bdaddr);
be77159c 2549 cp.reason = 0x18; /* Pairing not allowed */
0493684e 2550
03b555e1
JH		 2551 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_NEG_REPLY,
2552 sizeof(cp), &cp);
2553 }
2554
2555unlock:
2556 hci_dev_unlock(hdev);
2557}
2558
2559static inline void hci_io_capa_reply_evt(struct hci_dev *hdev, struct sk_buff *skb)
2560{
2561 struct hci_ev_io_capa_reply *ev = (void *) skb->data;
2562 struct hci_conn *conn;
2563
2564 BT_DBG("%s", hdev->name);
2565
2566 hci_dev_lock(hdev);
2567
2568 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2569 if (!conn)
2570 goto unlock;
2571
03b555e1
JH		 2572 conn->remote_cap = ev->capability;
2573 conn->remote_oob = ev->oob_data;
2574 conn->remote_auth = ev->authentication;
2575
2576unlock:
0493684e
MH		 2577 hci_dev_unlock(hdev);
2578}
2579
a5c29683
JH		 2580static inline void hci_user_confirm_request_evt(struct hci_dev *hdev,
2581 struct sk_buff *skb)
2582{
2583 struct hci_ev_user_confirm_req *ev = (void *) skb->data;
55bc1a37 2584 int loc_mitm, rem_mitm, confirm_hint = 0;
7a828908 2585 struct hci_conn *conn;
a5c29683
JH		 2586
2587 BT_DBG("%s", hdev->name);
2588
2589 hci_dev_lock(hdev);
2590
7a828908
JH		 2591 if (!test_bit(HCI_MGMT, &hdev->flags))
2592 goto unlock;
a5c29683 2593
7a828908
JH		 2594 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2595 if (!conn)
2596 goto unlock;
2597
2598 loc_mitm = (conn->auth_type & 0x01);
2599 rem_mitm = (conn->remote_auth & 0x01);
2600
2601 /* If we require MITM but the remote device can't provide that
2602 * (it has NoInputNoOutput) then reject the confirmation
2603 * request. The only exception is when we're dedicated bonding
2604 * initiators (connect_cfm_cb set) since then we always have the MITM
2605 * bit set. */
2606 if (!conn->connect_cfm_cb && loc_mitm && conn->remote_cap == 0x03) {
2607 BT_DBG("Rejecting request: remote device can't provide MITM");
2608 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_NEG_REPLY,
2609 sizeof(ev->bdaddr), &ev->bdaddr);
2610 goto unlock;
2611 }
2612
2613 /* If no side requires MITM protection; auto-accept */
2614 if ((!loc_mitm || conn->remote_cap == 0x03) &&
2615 (!rem_mitm || conn->io_capability == 0x03)) {
55bc1a37
JH		 2616
2617 /* If we're not the initiators request authorization to
2618 * proceed from user space (mgmt_user_confirm with
2619 * confirm_hint set to 1). */
2620 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->pend)) {
2621 BT_DBG("Confirming auto-accept as acceptor");
2622 confirm_hint = 1;
2623 goto confirm;
2624 }
2625
9f61656a
JH		 2626 BT_DBG("Auto-accept of user confirmation with %ums delay",
2627 hdev->auto_accept_delay);
2628
2629 if (hdev->auto_accept_delay > 0) {
2630 int delay = msecs_to_jiffies(hdev->auto_accept_delay);
2631 mod_timer(&conn->auto_accept_timer, jiffies + delay);
2632 goto unlock;
2633 }
2634
7a828908
JH		 2635 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_REPLY,
2636 sizeof(ev->bdaddr), &ev->bdaddr);
2637 goto unlock;
2638 }
2639
55bc1a37
JH		 2640confirm:
2641 mgmt_user_confirm_request(hdev->id, &ev->bdaddr, ev->passkey,
2642 confirm_hint);
7a828908
JH		 2643
2644unlock:
a5c29683
JH		 2645 hci_dev_unlock(hdev);
2646}
2647
0493684e
MH		 2648static inline void hci_simple_pair_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2649{
2650 struct hci_ev_simple_pair_complete *ev = (void *) skb->data;
2651 struct hci_conn *conn;
2652
2653 BT_DBG("%s", hdev->name);
2654
2655 hci_dev_lock(hdev);
2656
2657 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2a611692
JH		 2658 if (!conn)
2659 goto unlock;
2660
2661 /* To avoid duplicate auth_failed events to user space we check
2662 * the HCI_CONN_AUTH_PEND flag which will be set if we
2663 * initiated the authentication. A traditional auth_complete
2664 * event gets always produced as initiator and is also mapped to
2665 * the mgmt_auth_failed event */
2666 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->pend) && ev->status != 0)
2667 mgmt_auth_failed(hdev->id, &conn->dst, ev->status);
0493684e 2668
2a611692
JH		 2669 hci_conn_put(conn);
2670
2671unlock:
0493684e
MH		 2672 hci_dev_unlock(hdev);
2673}
2674
41a96212
MH		 2675static inline void hci_remote_host_features_evt(struct hci_dev *hdev, struct sk_buff *skb)
2676{
2677 struct hci_ev_remote_host_features *ev = (void *) skb->data;
2678 struct inquiry_entry *ie;
2679
2680 BT_DBG("%s", hdev->name);
2681
2682 hci_dev_lock(hdev);
2683
cc11b9c1
AE		 2684 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
2685 if (ie)
41a96212
MH		 2686 ie->data.ssp_mode = (ev->features[0] & 0x01);
2687
2688 hci_dev_unlock(hdev);
2689}
2690
2763eda6
SJ		 2691static inline void hci_remote_oob_data_request_evt(struct hci_dev *hdev,
2692 struct sk_buff *skb)
2693{
2694 struct hci_ev_remote_oob_data_request *ev = (void *) skb->data;
2695 struct oob_data *data;
2696
2697 BT_DBG("%s", hdev->name);
2698
2699 hci_dev_lock(hdev);
2700
e1ba1f15
SJ		 2701 if (!test_bit(HCI_MGMT, &hdev->flags))
2702 goto unlock;
2703
2763eda6
SJ		 2704 data = hci_find_remote_oob_data(hdev, &ev->bdaddr);
2705 if (data) {
2706 struct hci_cp_remote_oob_data_reply cp;
2707
2708 bacpy(&cp.bdaddr, &ev->bdaddr);
2709 memcpy(cp.hash, data->hash, sizeof(cp.hash));
2710 memcpy(cp.randomizer, data->randomizer, sizeof(cp.randomizer));
2711
2712 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_REPLY, sizeof(cp),
2713 &cp);
2714 } else {
2715 struct hci_cp_remote_oob_data_neg_reply cp;
2716
2717 bacpy(&cp.bdaddr, &ev->bdaddr);
2718 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_NEG_REPLY, sizeof(cp),
2719 &cp);
2720 }
2721
e1ba1f15 2722unlock:
2763eda6
SJ		 2723 hci_dev_unlock(hdev);
2724}
2725
fcd89c09
VT		 2726static inline void hci_le_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2727{
2728 struct hci_ev_le_conn_complete *ev = (void *) skb->data;
2729 struct hci_conn *conn;
2730
2731 BT_DBG("%s status %d", hdev->name, ev->status);
2732
2733 hci_dev_lock(hdev);
2734
2735 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &ev->bdaddr);
b62f328b
VT		 2736 if (!conn) {
2737 conn = hci_conn_add(hdev, LE_LINK, &ev->bdaddr);
2738 if (!conn) {
2739 BT_ERR("No memory for new connection");
2740 hci_dev_unlock(hdev);
2741 return;
2742 }
29b7988a
AG		 2743
2744 conn->dst_type = ev->bdaddr_type;
b62f328b 2745 }
fcd89c09
VT		 2746
2747 if (ev->status) {
83bc71b4 2748 mgmt_connect_failed(hdev->id, &ev->bdaddr, ev->status);
fcd89c09
VT		 2749 hci_proto_connect_cfm(conn, ev->status);
2750 conn->state = BT_CLOSED;
2751 hci_conn_del(conn);
2752 goto unlock;
2753 }
2754
83bc71b4
VCG		 2755 mgmt_connected(hdev->id, &ev->bdaddr);
2756
7b5c0d52 2757 conn->sec_level = BT_SECURITY_LOW;
fcd89c09
VT		 2758 conn->handle = __le16_to_cpu(ev->handle);
2759 conn->state = BT_CONNECTED;
2760
2761 hci_conn_hold_device(conn);
2762 hci_conn_add_sysfs(conn);
2763
2764 hci_proto_connect_cfm(conn, ev->status);
2765
2766unlock:
2767 hci_dev_unlock(hdev);
2768}
2769
9aa04c91
AG		 2770static inline void hci_le_adv_report_evt(struct hci_dev *hdev,
2771 struct sk_buff *skb)
2772{
2773 struct hci_ev_le_advertising_info *ev;
2774 u8 num_reports;
2775
2776 num_reports = skb->data[0];
2777 ev = (void *) &skb->data[1];
2778
2779 hci_dev_lock(hdev);
2780
2781 hci_add_adv_entry(hdev, ev);
2782
2783 while (--num_reports) {
2784 ev = (void *) (ev->data + ev->length + 1);
2785 hci_add_adv_entry(hdev, ev);
2786 }
2787
2788 hci_dev_unlock(hdev);
2789}
2790
a7a595f6
VCG		 2791static inline void hci_le_ltk_request_evt(struct hci_dev *hdev,
2792 struct sk_buff *skb)
2793{
2794 struct hci_ev_le_ltk_req *ev = (void *) skb->data;
2795 struct hci_cp_le_ltk_reply cp;
2796 struct hci_conn *conn;
2797
2798 BT_DBG("%s handle %d", hdev->name, cpu_to_le16(ev->handle));
2799
2800 hci_dev_lock(hdev);
2801
2802 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2803
2804 memset(&cp, 0, sizeof(cp));
2805 cp.handle = cpu_to_le16(conn->handle);
2806 memcpy(cp.ltk, conn->ltk, sizeof(conn->ltk));
2807
2808 hci_send_cmd(hdev, HCI_OP_LE_LTK_REPLY, sizeof(cp), &cp);
2809
2810 hci_dev_unlock(hdev);
2811}
2812
fcd89c09
VT		 2813static inline void hci_le_meta_evt(struct hci_dev *hdev, struct sk_buff *skb)
2814{
2815 struct hci_ev_le_meta *le_ev = (void *) skb->data;
2816
2817 skb_pull(skb, sizeof(*le_ev));
2818
2819 switch (le_ev->subevent) {
2820 case HCI_EV_LE_CONN_COMPLETE:
2821 hci_le_conn_complete_evt(hdev, skb);
2822 break;
2823
9aa04c91
AG		 2824 case HCI_EV_LE_ADVERTISING_REPORT:
2825 hci_le_adv_report_evt(hdev, skb);
2826 break;
2827
a7a595f6
VCG		 2828 case HCI_EV_LE_LTK_REQ:
2829 hci_le_ltk_request_evt(hdev, skb);
2830 break;
2831
fcd89c09
VT		 2832 default:
2833 break;
2834 }
2835}
2836
a9de9248
MH		 2837void hci_event_packet(struct hci_dev *hdev, struct sk_buff *skb)
2838{
2839 struct hci_event_hdr *hdr = (void *) skb->data;
2840 __u8 event = hdr->evt;
2841
2842 skb_pull(skb, HCI_EVENT_HDR_SIZE);
2843
2844 switch (event) {
1da177e4
LT		 2845 case HCI_EV_INQUIRY_COMPLETE:
2846 hci_inquiry_complete_evt(hdev, skb);
2847 break;
2848
2849 case HCI_EV_INQUIRY_RESULT:
2850 hci_inquiry_result_evt(hdev, skb);
2851 break;
2852
a9de9248
MH		 2853 case HCI_EV_CONN_COMPLETE:
2854 hci_conn_complete_evt(hdev, skb);
21d9e30e
MH		 2855 break;
2856
1da177e4
LT		 2857 case HCI_EV_CONN_REQUEST:
2858 hci_conn_request_evt(hdev, skb);
2859 break;
2860
1da177e4
LT		 2861 case HCI_EV_DISCONN_COMPLETE:
2862 hci_disconn_complete_evt(hdev, skb);
2863 break;
2864
1da177e4
LT		 2865 case HCI_EV_AUTH_COMPLETE:
2866 hci_auth_complete_evt(hdev, skb);
2867 break;
2868
a9de9248
MH		 2869 case HCI_EV_REMOTE_NAME:
2870 hci_remote_name_evt(hdev, skb);
2871 break;
2872
1da177e4
LT		 2873 case HCI_EV_ENCRYPT_CHANGE:
2874 hci_encrypt_change_evt(hdev, skb);
2875 break;
2876
a9de9248
MH		 2877 case HCI_EV_CHANGE_LINK_KEY_COMPLETE:
2878 hci_change_link_key_complete_evt(hdev, skb);
2879 break;
2880
2881 case HCI_EV_REMOTE_FEATURES:
2882 hci_remote_features_evt(hdev, skb);
2883 break;
2884
2885 case HCI_EV_REMOTE_VERSION:
2886 hci_remote_version_evt(hdev, skb);
2887 break;
2888
2889 case HCI_EV_QOS_SETUP_COMPLETE:
2890 hci_qos_setup_complete_evt(hdev, skb);
2891 break;
2892
2893 case HCI_EV_CMD_COMPLETE:
2894 hci_cmd_complete_evt(hdev, skb);
2895 break;
2896
2897 case HCI_EV_CMD_STATUS:
2898 hci_cmd_status_evt(hdev, skb);
2899 break;
2900
2901 case HCI_EV_ROLE_CHANGE:
2902 hci_role_change_evt(hdev, skb);
2903 break;
2904
2905 case HCI_EV_NUM_COMP_PKTS:
2906 hci_num_comp_pkts_evt(hdev, skb);
2907 break;
2908
2909 case HCI_EV_MODE_CHANGE:
2910 hci_mode_change_evt(hdev, skb);
1da177e4
LT		 2911 break;
2912
2913 case HCI_EV_PIN_CODE_REQ:
2914 hci_pin_code_request_evt(hdev, skb);
2915 break;
2916
2917 case HCI_EV_LINK_KEY_REQ:
2918 hci_link_key_request_evt(hdev, skb);
2919 break;
2920
2921 case HCI_EV_LINK_KEY_NOTIFY:
2922 hci_link_key_notify_evt(hdev, skb);
2923 break;
2924
2925 case HCI_EV_CLOCK_OFFSET:
2926 hci_clock_offset_evt(hdev, skb);
2927 break;
2928
a8746417
MH		 2929 case HCI_EV_PKT_TYPE_CHANGE:
2930 hci_pkt_type_change_evt(hdev, skb);
2931 break;
2932
85a1e930
MH		 2933 case HCI_EV_PSCAN_REP_MODE:
2934 hci_pscan_rep_mode_evt(hdev, skb);
2935 break;
2936
a9de9248
MH		 2937 case HCI_EV_INQUIRY_RESULT_WITH_RSSI:
2938 hci_inquiry_result_with_rssi_evt(hdev, skb);
04837f64
MH		 2939 break;
2940
a9de9248
MH		 2941 case HCI_EV_REMOTE_EXT_FEATURES:
2942 hci_remote_ext_features_evt(hdev, skb);
1da177e4
LT		 2943 break;
2944
a9de9248
MH		 2945 case HCI_EV_SYNC_CONN_COMPLETE:
2946 hci_sync_conn_complete_evt(hdev, skb);
2947 break;
1da177e4 2948
a9de9248
MH		 2949 case HCI_EV_SYNC_CONN_CHANGED:
2950 hci_sync_conn_changed_evt(hdev, skb);
2951 break;
1da177e4 2952
a9de9248
MH		 2953 case HCI_EV_SNIFF_SUBRATE:
2954 hci_sniff_subrate_evt(hdev, skb);
2955 break;
1da177e4 2956
a9de9248
MH		 2957 case HCI_EV_EXTENDED_INQUIRY_RESULT:
2958 hci_extended_inquiry_result_evt(hdev, skb);
2959 break;
1da177e4 2960
0493684e
MH		 2961 case HCI_EV_IO_CAPA_REQUEST:
2962 hci_io_capa_request_evt(hdev, skb);
2963 break;
2964
03b555e1
JH		 2965 case HCI_EV_IO_CAPA_REPLY:
2966 hci_io_capa_reply_evt(hdev, skb);
2967 break;
2968
a5c29683
JH		 2969 case HCI_EV_USER_CONFIRM_REQUEST:
2970 hci_user_confirm_request_evt(hdev, skb);
2971 break;
2972
0493684e
MH		 2973 case HCI_EV_SIMPLE_PAIR_COMPLETE:
2974 hci_simple_pair_complete_evt(hdev, skb);
2975 break;
2976
41a96212
MH		 2977 case HCI_EV_REMOTE_HOST_FEATURES:
2978 hci_remote_host_features_evt(hdev, skb);
2979 break;
2980
fcd89c09
VT		 2981 case HCI_EV_LE_META:
2982 hci_le_meta_evt(hdev, skb);
2983 break;
2984
2763eda6
SJ		 2985 case HCI_EV_REMOTE_OOB_DATA_REQUEST:
2986 hci_remote_oob_data_request_evt(hdev, skb);
2987 break;
2988
a9de9248
MH		 2989 default:
2990 BT_DBG("%s event 0x%x", hdev->name, event);
1da177e4
LT		 2991 break;
2992 }
2993
2994 kfree_skb(skb);
2995 hdev->stat.evt_rx++;
2996}
2997
2998/* Generate internal stack event */
2999void hci_si_event(struct hci_dev *hdev, int type, int dlen, void *data)
3000{
3001 struct hci_event_hdr *hdr;
3002 struct hci_ev_stack_internal *ev;
3003 struct sk_buff *skb;
3004
3005 skb = bt_skb_alloc(HCI_EVENT_HDR_SIZE + sizeof(*ev) + dlen, GFP_ATOMIC);
3006 if (!skb)
3007 return;
3008
3009 hdr = (void *) skb_put(skb, HCI_EVENT_HDR_SIZE);
3010 hdr->evt = HCI_EV_STACK_INTERNAL;
3011 hdr->plen = sizeof(*ev) + dlen;
3012
3013 ev = (void *) skb_put(skb, sizeof(*ev) + dlen);
3014 ev->type = type;
3015 memcpy(ev->data, data, dlen);
3016
576c7d85 3017 bt_cb(skb)->incoming = 1;
a61bbcf2 3018 __net_timestamp(skb);
576c7d85 3019
0d48d939 3020 bt_cb(skb)->pkt_type = HCI_EVENT_PKT;
1da177e4 3021 skb->dev = (void *) hdev;
eec8d2bc 3022 hci_send_to_sock(hdev, skb, NULL);
1da177e4
LT		 3023 kfree_skb(skb);
3024}
kernel source for telekom puls (alcatel/mediatek)